1*ae771770SStanislav Sedov2006-12-28 Love Hörnquist Åstrand <lha@it.su.se> 2c19800e8SDoug Rabson 3c19800e8SDoug Rabson * kdc/process.c: Handle kx509 requests. 4c19800e8SDoug Rabson 5c19800e8SDoug Rabson * kdc/connect.c: Listen to 9878 if kca is turned on. 6c19800e8SDoug Rabson 7c19800e8SDoug Rabson * kdc/headers.h: Include <kx509_asn1.h>. 8c19800e8SDoug Rabson 9c19800e8SDoug Rabson * kdc/config.c: code to parse [kdc]enable-kx509 10c19800e8SDoug Rabson 11c19800e8SDoug Rabson * kdc/kdc.h: add enable_kx509 12c19800e8SDoug Rabson 13c19800e8SDoug Rabson * kdc/Makefile.am: add kx509.c 14c19800e8SDoug Rabson 15c19800e8SDoug Rabson * kdc/kx509.c: Kx509server (external certificate genration). 16c19800e8SDoug Rabson 17c19800e8SDoug Rabson * lib/krb5/ticket.c: add krb5_ticket_get_endtime 18c19800e8SDoug Rabson 19c19800e8SDoug Rabson * lib/krb5/krb5_ticket.3: Document krb5_ticket_get_endtime 20c19800e8SDoug Rabson 21c19800e8SDoug Rabson * kdc/digest.c: Remove <digest_asn.h>, its already included in 22c19800e8SDoug Rabson headers.h 23c19800e8SDoug Rabson 24c19800e8SDoug Rabson * kdc/digest.c: Return session key for the NTLMv2 case too 25c19800e8SDoug Rabson 26c19800e8SDoug Rabson * lib/krb5/digest.c (krb5_ntlm_rep_get_sessionkey): return value 27c19800e8SDoug Rabson is krb5_error_code 28c19800e8SDoug Rabson 29*ae771770SStanislav Sedov2006-12-27 Love Hörnquist Åstrand <lha@it.su.se> 30c19800e8SDoug Rabson 31c19800e8SDoug Rabson * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): use md5 for 32c19800e8SDoug Rabson des-cbc-md4 and des-cbc-md5. This is for (older) windows that 33c19800e8SDoug Rabson will be unhappy anything else. From Inna Bort-Shatsky 34c19800e8SDoug Rabson 35*ae771770SStanislav Sedov2006-12-26 Love Hörnquist Åstrand <lha@it.su.se> 36c19800e8SDoug Rabson 37c19800e8SDoug Rabson * kdc/digest.c: Prefix internal symbol with _kdc_. 38c19800e8SDoug Rabson 39c19800e8SDoug Rabson * kdc/kdc.h: add digests_allowed 40c19800e8SDoug Rabson 41c19800e8SDoug Rabson * kdc/digest.c: return NTLM2 targetinfo structure. 42c19800e8SDoug Rabson 43c19800e8SDoug Rabson * lib/krb5/digest.c: Add krb5_ntlm_init_get_targetinfo. 44c19800e8SDoug Rabson 45c19800e8SDoug Rabson * kdc/config.c: Parse digest acl's 46c19800e8SDoug Rabson 47c19800e8SDoug Rabson * kdc/kdc_locl.h: forward decl; 48c19800e8SDoug Rabson 49c19800e8SDoug Rabson * kdc/digest.c: Add digest acl's 50c19800e8SDoug Rabson 51*ae771770SStanislav Sedov2006-12-22 Love Hörnquist Åstrand <lha@it.su.se> 52c19800e8SDoug Rabson 53c19800e8SDoug Rabson * fix-export: build ntlm-private.h 54c19800e8SDoug Rabson 55*ae771770SStanislav Sedov2006-12-20 Love Hörnquist Åstrand <lha@it.su.se> 56c19800e8SDoug Rabson 57c19800e8SDoug Rabson * include/make_crypto.c: Include <.../hmac.h>. 58c19800e8SDoug Rabson 59c19800e8SDoug Rabson * kdc/digest.c: reorder to show slot here ntlmv2 code will be 60c19800e8SDoug Rabson placed. 61c19800e8SDoug Rabson 62c19800e8SDoug Rabson * kdc/digest.c: Announce that we support key exchange and add bits 63c19800e8SDoug Rabson to detect when it wasn't used. 64c19800e8SDoug Rabson 65c19800e8SDoug Rabson * kdc/digest.c: Add support for generating NTLM2 session security 66c19800e8SDoug Rabson answer. 67c19800e8SDoug Rabson 68*ae771770SStanislav Sedov2006-12-19 Love Hörnquist Åstrand <lha@it.su.se> 69c19800e8SDoug Rabson 70c19800e8SDoug Rabson * lib/krb5/digest.c: Add sessionkey accessor functions. 71c19800e8SDoug Rabson 72*ae771770SStanislav Sedov2006-12-18 Love Hörnquist Åstrand <lha@it.su.se> 73c19800e8SDoug Rabson 74c19800e8SDoug Rabson * kdc/digest.c: Unwrap the NTLM session key and return it to the 75c19800e8SDoug Rabson server. 76c19800e8SDoug Rabson 77*ae771770SStanislav Sedov2006-12-17 Love Hörnquist Åstrand <lha@it.su.se> 78c19800e8SDoug Rabson 79c19800e8SDoug Rabson * lib/krb5/store.c (krb5_ret_principal): Fix a bug in the malloc 80c19800e8SDoug Rabson failure part, noticed by Arnaud Lacombe in NetBSD coverity scan. 81c19800e8SDoug Rabson 82*ae771770SStanislav Sedov2006-12-15 Love Hörnquist Åstrand <lha@it.su.se> 83c19800e8SDoug Rabson 84c19800e8SDoug Rabson * lib/krb5/fcache.c (fcc_get_cache_next): avoid const warning. 85c19800e8SDoug Rabson 86c19800e8SDoug Rabson * kdc/digest.c: Support NTLM verification, note that the KDC does 87c19800e8SDoug Rabson no NTLM packet parsing, its all done by the client side, the KDC 88c19800e8SDoug Rabson just calculate and verify the digest and return the result to the 89c19800e8SDoug Rabson service. 90c19800e8SDoug Rabson 91c19800e8SDoug Rabson * kuser/kdigest.c: add ntlm-server-init 92c19800e8SDoug Rabson 93c19800e8SDoug Rabson * kuser/Makefile.am: kdigest depends on libheimntlm.la 94c19800e8SDoug Rabson 95c19800e8SDoug Rabson * kdc/headers.h: Include <heimntlm.h>. 96c19800e8SDoug Rabson 97c19800e8SDoug Rabson * kdc/Makefile.am: libkdc needs libheimntlm.la 98c19800e8SDoug Rabson 99c19800e8SDoug Rabson * autogen.sh: just run autoreconf -i -f 100c19800e8SDoug Rabson 101c19800e8SDoug Rabson * lib/Makefile.am: hook in ntlm 102c19800e8SDoug Rabson 103c19800e8SDoug Rabson * configure.in (AC_CONFIG_FILES): add lib/ntlm/Makefile 104c19800e8SDoug Rabson 105c19800e8SDoug Rabson * lib/krb5/digest.c: API to authenticate ntlm requests. 106c19800e8SDoug Rabson 107c19800e8SDoug Rabson * lib/krb5/fcache.c: Support "iteration" of file credential caches 108c19800e8SDoug Rabson by giving the user back the default file credential cache and only 109c19800e8SDoug Rabson that. 110c19800e8SDoug Rabson 111c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Expand the default root for some of the cc 112c19800e8SDoug Rabson type names. 113c19800e8SDoug Rabson 114*ae771770SStanislav Sedov2006-12-14 Love Hörnquist Åstrand <lha@it.su.se> 115c19800e8SDoug Rabson 116c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (free_paid): free the krb5_data 117c19800e8SDoug Rabson structure too. Bug report from Stefan Metzmacher. 118c19800e8SDoug Rabson 119*ae771770SStanislav Sedov2006-12-12 Love Hörnquist Åstrand <lha@it.su.se> 120c19800e8SDoug Rabson 121c19800e8SDoug Rabson * kuser/kinit.c: Read the appdefault configration before we try to 122c19800e8SDoug Rabson use the flags. Bug reported by Ingemar Nilsson. 123c19800e8SDoug Rabson 124c19800e8SDoug Rabson * kuser/kdigest.c: prefix digest commands with digest_ 125c19800e8SDoug Rabson 126c19800e8SDoug Rabson * kuser/kdigest-commands.in: prefix digest commands with digest- 127c19800e8SDoug Rabson 128*ae771770SStanislav Sedov2006-12-10 Love Hörnquist Åstrand <lha@it.su.se> 129c19800e8SDoug Rabson 130c19800e8SDoug Rabson * kdc/hprop.c: Return error codes on failure, improve error 131c19800e8SDoug Rabson reporting. 132c19800e8SDoug Rabson 133*ae771770SStanislav Sedov2006-12-08 Love Hörnquist Åstrand <lha@it.su.se> 134c19800e8SDoug Rabson 135c19800e8SDoug Rabson * lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error 136c19800e8SDoug Rabson 137c19800e8SDoug Rabson * lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error 138c19800e8SDoug Rabson strings 139c19800e8SDoug Rabson 140*ae771770SStanislav Sedov2006-12-07 Love Hörnquist Åstrand <lha@it.su.se> 141c19800e8SDoug Rabson 142c19800e8SDoug Rabson * include/Makefile.am: CLEANFILES += vis.h 143c19800e8SDoug Rabson 144*ae771770SStanislav Sedov2006-12-06 Love Hörnquist Åstrand <lha@it.su.se> 145c19800e8SDoug Rabson 146c19800e8SDoug Rabson * kdc/kerberos5.c (_kdc_as_rep): add AD-INITAL-VERIFIED-CAS to the 147c19800e8SDoug Rabson encrypted ticket 148c19800e8SDoug Rabson 149c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_add_inital_verified_cas): new function, adds 150c19800e8SDoug Rabson an empty (for now) AD_INITIAL_VERIFIED_CAS to tell the clients 151c19800e8SDoug Rabson that we vouches for the CA. 152c19800e8SDoug Rabson 153c19800e8SDoug Rabson * kdc/kerberos5.c (_kdc_tkt_add_if_relevant_ad): new function. 154c19800e8SDoug Rabson 155c19800e8SDoug Rabson * lib/Makefile.am: Make the directories test automake conditional 156c19800e8SDoug Rabson so automake can include directories in make dist step. 157c19800e8SDoug Rabson 158c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_pk_rd_padata): leak less memory for 159c19800e8SDoug Rabson ExternalPrincipalIdentifiers 160c19800e8SDoug Rabson 161c19800e8SDoug Rabson * kdc/pkinit.c: Parse and use PA-PK-AS-REQ.trustedCertifiers 162c19800e8SDoug Rabson 163c19800e8SDoug Rabson * kdc/pkinit.c: Add comment that the anchors in the signed data 164c19800e8SDoug Rabson really should be the trust anchors of the client. 165c19800e8SDoug Rabson 166c19800e8SDoug Rabson * kuser/generate-requests.c: Use strcspn to remove \n from 167*ae771770SStanislav Sedov string returned by fgets. From Björn Sandell 168c19800e8SDoug Rabson 169c19800e8SDoug Rabson * kpasswd/kpasswd-generator.c: Use strcspn to remove \n from 170*ae771770SStanislav Sedov string returned by fgets. From Björn Sandell 171c19800e8SDoug Rabson 172*ae771770SStanislav Sedov2006-12-05 Love Hörnquist Åstrand <lha@it.su.se> 173c19800e8SDoug Rabson 174c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: Clear errno before calling the strtol 175*ae771770SStanislav Sedov functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn 176c19800e8SDoug Rabson Sandell. 177c19800e8SDoug Rabson 178c19800e8SDoug Rabson * lib/krb5/config_file.c: Use strcspn to remove \n from fgets 179*ae771770SStanislav Sedov result. Prompted by change by Ray Lai of OpenBSD via Björn 180c19800e8SDoug Rabson Sandell. 181c19800e8SDoug Rabson 182c19800e8SDoug Rabson * kdc/string2key.c: Use strcspn to remove \n from fgets 183*ae771770SStanislav Sedov result. Prompted by change by Ray Lai of OpenBSD via Björn 184c19800e8SDoug Rabson Sandell. 185c19800e8SDoug Rabson 186*ae771770SStanislav Sedov2006-11-30 Love Hörnquist Åstrand <lha@it.su.se> 187c19800e8SDoug Rabson 188c19800e8SDoug Rabson * lib/krb5/krbhst.c (plugin_get_hosts): be more paranoid and pass 189c19800e8SDoug Rabson in a NULLed plugin list 190c19800e8SDoug Rabson 191*ae771770SStanislav Sedov2006-11-29 Love Hörnquist Åstrand <lha@it.su.se> 192c19800e8SDoug Rabson 193c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: add more pkinit options. 194c19800e8SDoug Rabson 195c19800e8SDoug Rabson * lib/krb5/pkinit.c: Store what PK-INIT type we used to know reply 196c19800e8SDoug Rabson to expect, this avoids overwriting the real PK-INIT error from 197c19800e8SDoug Rabson just a failed requeat with a Windows PK-INIT error (that always 198c19800e8SDoug Rabson failes). 199c19800e8SDoug Rabson 200c19800e8SDoug Rabson * kdc/Makefile.am: Add LIB_pkinit to pacify AIX 201c19800e8SDoug Rabson 202c19800e8SDoug Rabson * lib/hdb/Makefile.am: Add LIB_com_err to pacify AIX 203c19800e8SDoug Rabson 204*ae771770SStanislav Sedov2006-11-28 Love Hörnquist Åstrand <lha@it.su.se> 205c19800e8SDoug Rabson 206c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: Make build again from the hdb_entry 207c19800e8SDoug Rabson wrapping. Patch from Andreas Hasenack. 208c19800e8SDoug Rabson 209c19800e8SDoug Rabson * kdc/pkinit.c: Need better code in the DH parameter rejection 210c19800e8SDoug Rabson case, add comment to that effect. 211c19800e8SDoug Rabson 212*ae771770SStanislav Sedov2006-11-27 Love Hörnquist Åstrand <lha@it.su.se> 213c19800e8SDoug Rabson 214c19800e8SDoug Rabson * kdc/krb5tgs.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large 215c19800e8SDoug Rabson packets when using datagram based transports. 216c19800e8SDoug Rabson 217c19800e8SDoug Rabson * kdc/process.c: Pass down datagram_reply to _kdc_tgs_rep. 218c19800e8SDoug Rabson 219c19800e8SDoug Rabson * lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes. 220c19800e8SDoug Rabson 221*ae771770SStanislav Sedov2006-11-26 Love Hörnquist Åstrand <lha@it.su.se> 222c19800e8SDoug Rabson 223c19800e8SDoug Rabson * lib/krb5/pkinit.c: Pass down hx509_peer_info. 224c19800e8SDoug Rabson 225c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and 226c19800e8SDoug Rabson pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. 227c19800e8SDoug Rabson 228c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and 229c19800e8SDoug Rabson pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. 230c19800e8SDoug Rabson 231*ae771770SStanislav Sedov2006-11-24 Love Hörnquist Åstrand <lha@it.su.se> 232c19800e8SDoug Rabson 233c19800e8SDoug Rabson * lib/krb5/send_to_kdc.c: Set the large_msg_size to 1400, lets not 234c19800e8SDoug Rabson fragment packets and avoid stupid linklayers that doesn't allow 235c19800e8SDoug Rabson fragmented packets (unix dgram sockets on Mac OS X) 236c19800e8SDoug Rabson 237*ae771770SStanislav Sedov2006-11-23 Love Hörnquist Åstrand <lha@it.su.se> 238c19800e8SDoug Rabson 239c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users 240c19800e8SDoug Rabson certs in the pool to make sure a path is returned, without this 241c19800e8SDoug Rabson proxy certificates wont work. 242c19800e8SDoug Rabson 243*ae771770SStanislav Sedov2006-11-21 Love Hörnquist Åstrand <lha@it.su.se> 244c19800e8SDoug Rabson 245c19800e8SDoug Rabson * kdc/config.c: Make all pkinit options prefixed with pkinit_ 246c19800e8SDoug Rabson 247c19800e8SDoug Rabson * lib/krb5/log.c (krb5_get_warn_dest): return warn_dest from 248c19800e8SDoug Rabson krb5_context 249c19800e8SDoug Rabson 250c19800e8SDoug Rabson * lib/krb5/krb5_warn.3: document krb5_[gs]et_warn_dest 251c19800e8SDoug Rabson 252c19800e8SDoug Rabson * lib/krb5/krb5.h: Drop KRB5_KU_TGS_IMPERSONATE. 253c19800e8SDoug Rabson 254c19800e8SDoug Rabson * kdc/krb5tgs.c: Use KRB5_KU_OTHER_CKSUM for the impersonate 255c19800e8SDoug Rabson checksum. 256c19800e8SDoug Rabson 257c19800e8SDoug Rabson * lib/krb5/get_cred.c: Use KRB5_KU_OTHER_CKSUM for the impersonate 258c19800e8SDoug Rabson checksum. 259c19800e8SDoug Rabson 260*ae771770SStanislav Sedov2006-11-20 Love Hörnquist Åstrand <lha@it.su.se> 261c19800e8SDoug Rabson 262c19800e8SDoug Rabson * lib/krb5/verify_user.c: Make krb5_get_init_creds_opt_free take a 263c19800e8SDoug Rabson context argument. 264c19800e8SDoug Rabson 265c19800e8SDoug Rabson * lib/krb5/krb5_get_init_creds.3: Make 266c19800e8SDoug Rabson krb5_get_init_creds_opt_free take a context argument. 267c19800e8SDoug Rabson 268c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: Make krb5_get_init_creds_opt_free take 269c19800e8SDoug Rabson a context argument. 270c19800e8SDoug Rabson 271c19800e8SDoug Rabson * kuser/kinit.c: Make krb5_get_init_creds_opt_free take a context 272c19800e8SDoug Rabson argument. 273c19800e8SDoug Rabson 274c19800e8SDoug Rabson * kpasswd/kpasswd.c: Make krb5_get_init_creds_opt_free take a 275c19800e8SDoug Rabson context argument. 276c19800e8SDoug Rabson 277c19800e8SDoug Rabson * kpasswd/kpasswd-generator.c: Make krb5_get_init_creds_opt_free 278c19800e8SDoug Rabson take a context argument. 279c19800e8SDoug Rabson 280c19800e8SDoug Rabson * kdc/hprop.c: Make krb5_get_init_creds_opt_free take a context 281c19800e8SDoug Rabson argument. 282c19800e8SDoug Rabson 283c19800e8SDoug Rabson * lib/krb5/init_creds.c: Make krb5_get_init_creds_opt_free take a 284c19800e8SDoug Rabson context argument. 285c19800e8SDoug Rabson 286c19800e8SDoug Rabson * appl/gssmask/gssmask.c: Make krb5_get_init_creds_opt_free take a 287c19800e8SDoug Rabson context argument. 288c19800e8SDoug Rabson 289*ae771770SStanislav Sedov2006-11-19 Love Hörnquist Åstrand <lha@it.su.se> 290c19800e8SDoug Rabson 291c19800e8SDoug Rabson * doc/setup.texi: fix pkinit option (s/-/_/) 292c19800e8SDoug Rabson 293c19800e8SDoug Rabson * kdc/config.c: revert the enable-pkinit change, and make it 294c19800e8SDoug Rabson consistant with all other other enable- options 295c19800e8SDoug Rabson 296*ae771770SStanislav Sedov2006-11-17 Love Hörnquist Åstrand <lha@it.su.se> 297c19800e8SDoug Rabson 298c19800e8SDoug Rabson * doc/setup.texi: Make all pkinit options prefixed with pkinit_ 299c19800e8SDoug Rabson 300c19800e8SDoug Rabson * kdc/config.c: Make all pkinit options prefixed with pkinit_ 301c19800e8SDoug Rabson 302c19800e8SDoug Rabson * kdc/pkinit.c: Make app pkinit options prefixed with pkinit_ 303c19800e8SDoug Rabson 304c19800e8SDoug Rabson * lib/krb5/pkinit.c: Make app pkinit options prefixed with pkinit_ 305c19800e8SDoug Rabson 306c19800e8SDoug Rabson * lib/krb5/mit_glue.c (krb5_c_keylengths): make compile again. 307c19800e8SDoug Rabson 308c19800e8SDoug Rabson * lib/krb5/mit_glue.c (krb5_c_keylengths): rename. 309c19800e8SDoug Rabson 310c19800e8SDoug Rabson * lib/krb5/mit_glue.c (krb5_c_keylength): mit changed the api, 311c19800e8SDoug Rabson deal. 312c19800e8SDoug Rabson 313*ae771770SStanislav Sedov2006-11-13 Love Hörnquist Åstrand <lha@it.su.se> 314c19800e8SDoug Rabson 315c19800e8SDoug Rabson * lib/krb5/pac.c (fill_zeros): stop using MIN. 316c19800e8SDoug Rabson 317c19800e8SDoug Rabson * kuser/kinit.c: Forward decl 318c19800e8SDoug Rabson 319c19800e8SDoug Rabson * lib/krb5/test_plugin.c: Use NOTHERE.H5L.SE. 320c19800e8SDoug Rabson 321c19800e8SDoug Rabson * lib/krb5/krbhst.c: Fill in hints for picky getaddrinfo()s. 322c19800e8SDoug Rabson 323c19800e8SDoug Rabson * lib/krb5/test_plugin.c: Set sin_len if it exists. 324c19800e8SDoug Rabson 325c19800e8SDoug Rabson * lib/krb5/krbhst.c: Use plugin for the other realm locate types 326c19800e8SDoug Rabson too. 327c19800e8SDoug Rabson 328*ae771770SStanislav Sedov2006-11-12 Love Hörnquist Åstrand <lha@it.su.se> 329c19800e8SDoug Rabson 330c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Add plugin api 331c19800e8SDoug Rabson 332c19800e8SDoug Rabson * lib/krb5/Makefile.am: Add plugin api. 333c19800e8SDoug Rabson 334c19800e8SDoug Rabson * lib/krb5/krbhst.c: Use the resolve plugin interface. 335c19800e8SDoug Rabson 336c19800e8SDoug Rabson * lib/krb5/locate_plugin.h: Add plugin interface for resolving 337c19800e8SDoug Rabson that is API compatible with MITs version. 338c19800e8SDoug Rabson 339c19800e8SDoug Rabson * lib/krb5/plugin.c: Add first version of the plugin interface. 340c19800e8SDoug Rabson 341c19800e8SDoug Rabson * lib/krb5/test_pac.c: Test signing. 342c19800e8SDoug Rabson 343c19800e8SDoug Rabson * lib/krb5/pac.c: Add code to sign PACs, only arcfour for now. 344c19800e8SDoug Rabson 345c19800e8SDoug Rabson * lib/krb5/krb5.h: Add struct krb5_pac. 346c19800e8SDoug Rabson 347*ae771770SStanislav Sedov2006-11-09 Love Hörnquist Åstrand <lha@it.su.se> 348c19800e8SDoug Rabson 349c19800e8SDoug Rabson * lib/krb5/test_pac.c: PAC testing. 350c19800e8SDoug Rabson 351c19800e8SDoug Rabson * lib/krb5/pac.c: Sprinkle error strings. 352c19800e8SDoug Rabson 353c19800e8SDoug Rabson * lib/krb5/pac.c: Verify LOGON_NAME. 354c19800e8SDoug Rabson 355c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_pk_check_client): drop client_princ as an 356c19800e8SDoug Rabson argument 357c19800e8SDoug Rabson 358c19800e8SDoug Rabson * kdc/kerberos5.c (_kdc_as_rep): drop client_princ from 359c19800e8SDoug Rabson _kdc_pk_check_client since its not valid in canonicalize case 360c19800e8SDoug Rabson 361c19800e8SDoug Rabson * lib/krb5/krb5_c_make_checksum.3: Document krb5_c_keylength. 362c19800e8SDoug Rabson 363c19800e8SDoug Rabson * lib/krb5/mit_glue.c: Add krb5_c_keylength. 364c19800e8SDoug Rabson 365*ae771770SStanislav Sedov2006-11-08 Love Hörnquist Åstrand <lha@it.su.se> 366c19800e8SDoug Rabson 367c19800e8SDoug Rabson * lib/krb5/pac.c: Almost enough code to do PAC parsing and 368c19800e8SDoug Rabson verification, missing in the unix2NTTIME and ucs2 corner. The 369c19800e8SDoug Rabson later will be adressed by finally adding libwind. 370c19800e8SDoug Rabson 371c19800e8SDoug Rabson * lib/krb5/krb5_init_context.3: document krb5_[gs]et_max_time_skew 372c19800e8SDoug Rabson 373c19800e8SDoug Rabson * kdc/hpropd.c: Remove support dumping to a kerberos 4 database. 374c19800e8SDoug Rabson 375*ae771770SStanislav Sedov2006-11-07 Love Hörnquist Åstrand <lha@it.su.se> 376c19800e8SDoug Rabson 377c19800e8SDoug Rabson * lib/krb5/context.c: rename krb5_[gs]et_time_wrap to 378c19800e8SDoug Rabson krb5_[gs]et_max_time_skew 379c19800e8SDoug Rabson 380c19800e8SDoug Rabson * kdc/pkinit.c: Catch error string from hx509_cms_verify_signed. 381c19800e8SDoug Rabson Check for id-pKKdcEkuOID and warn if its not there. 382c19800e8SDoug Rabson 383c19800e8SDoug Rabson * lib/krb5/rd_req.c: Add more krb5_rd_req_out_get functions. 384c19800e8SDoug Rabson 385*ae771770SStanislav Sedov2006-11-06 Love Hörnquist Åstrand <lha@it.su.se> 386c19800e8SDoug Rabson 387c19800e8SDoug Rabson * lib/krb5/krb5.h: krb5_rd_req{,_in,_out}_ctx. 388c19800e8SDoug Rabson 389c19800e8SDoug Rabson * lib/krb5/rd_req.c (krb5_rd_req_ctx): Add context all singing-all 390c19800e8SDoug Rabson dancing version of the krb5_rd_req and implement krb5_rd_req and 391c19800e8SDoug Rabson krb5_rd_req_with_keyblock using it. 392c19800e8SDoug Rabson 393*ae771770SStanislav Sedov2006-11-04 Love Hörnquist Åstrand <lha@it.su.se> 394c19800e8SDoug Rabson 395c19800e8SDoug Rabson * kdc/kerberos5.c (_kdc_as_rep): More verbose time skew logging. 396c19800e8SDoug Rabson 397*ae771770SStanislav Sedov2006-11-03 Love Hörnquist Åstrand <lha@it.su.se> 398c19800e8SDoug Rabson 399c19800e8SDoug Rabson * lib/krb5/expand_hostname.c: Rename various routines and 400c19800e8SDoug Rabson constants from canonize to canonicalize. From Andrew Bartlett 401c19800e8SDoug Rabson 402c19800e8SDoug Rabson * lib/krb5/context.c: Add krb5_[gs]et_time_wrap 403c19800e8SDoug Rabson 404c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Rename various routines and constants from 405c19800e8SDoug Rabson canonize to canonicalize. From Andrew Bartlett 406c19800e8SDoug Rabson 407c19800e8SDoug Rabson * appl/gssmask/common.c (add_list): fix alloc statement. 408c19800e8SDoug Rabson From Alex Deiter 409c19800e8SDoug Rabson 410*ae771770SStanislav Sedov2006-10-25 Love Hörnquist Åstrand <lha@it.su.se> 411c19800e8SDoug Rabson 412c19800e8SDoug Rabson * include/Makefile.am: Move version.h and version.h.in to 413c19800e8SDoug Rabson DISTCLEANFILES. 414c19800e8SDoug Rabson 415*ae771770SStanislav Sedov2006-10-24 Love Hörnquist Åstrand <lha@it.su.se> 416c19800e8SDoug Rabson 417c19800e8SDoug Rabson * appl/gssmask/gssmask.c: Only log when there are resources left. 418c19800e8SDoug Rabson 419c19800e8SDoug Rabson * appl/gssmask/gssmask.c: make compile 420c19800e8SDoug Rabson 421c19800e8SDoug Rabson * appl/gssmask/gssmask.c (AcquireCreds): free 422c19800e8SDoug Rabson krb5_get_init_creds_opt 423c19800e8SDoug Rabson 424*ae771770SStanislav Sedov2006-10-23 Love Hörnquist Åstrand <lha@it.su.se> 425c19800e8SDoug Rabson 426c19800e8SDoug Rabson * configure.in: heimdal 0.8-RC1 427c19800e8SDoug Rabson 428*ae771770SStanislav Sedov2006-10-22 Love Hörnquist Åstrand <lha@it.su.se> 429c19800e8SDoug Rabson 430c19800e8SDoug Rabson * lib/krb5/digest.c: Try to not leak memory. 431c19800e8SDoug Rabson 432c19800e8SDoug Rabson * kdc/digest.c: Try to not leak memory. 433c19800e8SDoug Rabson 434c19800e8SDoug Rabson * Makefile.am: remove valgrind target, it doesn't belong here. 435c19800e8SDoug Rabson 436c19800e8SDoug Rabson * kuser/kinit.c: Try to not leak memory. 437c19800e8SDoug Rabson 438c19800e8SDoug Rabson * kuser/kgetcred.c: Try to not leak memory. 439c19800e8SDoug Rabson 440c19800e8SDoug Rabson * kdc/krb5tgs.c (check_KRB5SignedPath): free KRB5SignedPath on 441c19800e8SDoug Rabson successful completion too, not just the error cases. 442c19800e8SDoug Rabson 443c19800e8SDoug Rabson * fix-export: Make make fix-export less verbose. 444c19800e8SDoug Rabson 445c19800e8SDoug Rabson * kuser/kgetcred.c: Try to not leak memory. 446c19800e8SDoug Rabson 447c19800e8SDoug Rabson * lib/hdb/keys.c (hdb_generate_key_set): free list of enctype when 448c19800e8SDoug Rabson done. 449c19800e8SDoug Rabson 450c19800e8SDoug Rabson * lib/krb5/crypto.c: Allocate the memory we later use. 451c19800e8SDoug Rabson 452c19800e8SDoug Rabson * lib/krb5/test_princ.c: Try to not leak memory. 453c19800e8SDoug Rabson 454c19800e8SDoug Rabson * lib/krb5/test_crypto_wrapping.c: Try to not leak memory. 455c19800e8SDoug Rabson 456c19800e8SDoug Rabson * lib/krb5/test_cc.c: Try to not leak memory. 457c19800e8SDoug Rabson 458c19800e8SDoug Rabson * lib/krb5/addr_families.c (arange_free): Try to not leak memory. 459c19800e8SDoug Rabson 460c19800e8SDoug Rabson * lib/krb5/crypto.c (AES_string_to_key): Try to not leak memory. 461c19800e8SDoug Rabson 462*ae771770SStanislav Sedov2006-10-21 Love Hörnquist Åstrand <lha@it.su.se> 463c19800e8SDoug Rabson 464c19800e8SDoug Rabson * tools/heimdal-build.sh: Add --test-environment 465c19800e8SDoug Rabson 466c19800e8SDoug Rabson * tools/heimdal-build.sh: Add --ccache-dir 467c19800e8SDoug Rabson 468c19800e8SDoug Rabson * lib/hdb/Makefile.am: remove dependency on et files covert_db 469c19800e8SDoug Rabson that now is removed 470c19800e8SDoug Rabson 471*ae771770SStanislav Sedov2006-10-20 Love Hörnquist Åstrand <lha@it.su.se> 472c19800e8SDoug Rabson 473c19800e8SDoug Rabson * include/Makefile.am: add gssapi to subdirs 474c19800e8SDoug Rabson 475c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: Make compile. 476c19800e8SDoug Rabson 477c19800e8SDoug Rabson * configure.in: add include/gssapi/Makefile. 478c19800e8SDoug Rabson 479c19800e8SDoug Rabson * include/Makefile.am: clean more files 480c19800e8SDoug Rabson 481c19800e8SDoug Rabson * include/make_crypto.c: Avoid creating a file called --version. 482c19800e8SDoug Rabson 483c19800e8SDoug Rabson * include/bits.c: Avoid creating a file called --version. 484c19800e8SDoug Rabson 485c19800e8SDoug Rabson * appl/test/Makefile.am: add nt_gss_common.h 486c19800e8SDoug Rabson 487c19800e8SDoug Rabson * doc/Makefile.am: Disable TEXI2DVI for now. 488c19800e8SDoug Rabson 489c19800e8SDoug Rabson * tools/Makefile.am: more files 490c19800e8SDoug Rabson 491c19800e8SDoug Rabson * lib/krb5/context.c (krb5_free_context): free send_to_kdc context 492c19800e8SDoug Rabson 493c19800e8SDoug Rabson * doc/heimdal.texi: Put Heimdal in the dircategory Security. 494c19800e8SDoug Rabson 495c19800e8SDoug Rabson * lib/krb5/send_to_kdc.c: Add sent_to_kdc hook, from Andrew 496c19800e8SDoug Rabson Bartlet. 497c19800e8SDoug Rabson 498c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Add send_to_kdc hook. 499c19800e8SDoug Rabson 500c19800e8SDoug Rabson * lib/krb5/krb5.h: Add krb5_send_to_kdc_func prototype. 501c19800e8SDoug Rabson 502c19800e8SDoug Rabson * kcm/Makefile.am: more files 503c19800e8SDoug Rabson 504c19800e8SDoug Rabson * kdc/Makefile.am: more files 505c19800e8SDoug Rabson 506c19800e8SDoug Rabson * lib/hdb/Makefile.am: more files 507c19800e8SDoug Rabson 508c19800e8SDoug Rabson * lib/krb5/Makefile.am: add more files 509c19800e8SDoug Rabson 510*ae771770SStanislav Sedov2006-10-19 Love Hörnquist Åstrand <lha@it.su.se> 511c19800e8SDoug Rabson 512c19800e8SDoug Rabson * tools/Makefile.am: Add heimdal-build.sh to EXTRA_DIST. 513c19800e8SDoug Rabson 514c19800e8SDoug Rabson * configure.in: Don't check for timegm, libroken provides it for 515c19800e8SDoug Rabson us. 516c19800e8SDoug Rabson 517c19800e8SDoug Rabson * lib/krb5/acache.c: Does function typecasts instead of void * 518c19800e8SDoug Rabson type-casts. 519c19800e8SDoug Rabson 520c19800e8SDoug Rabson * lib/krb5/krb5.h: Remove bonus , that Love sneeked in. 521c19800e8SDoug Rabson 522c19800e8SDoug Rabson * configure.in: make --disable-pk-init help text also negative 523c19800e8SDoug Rabson 524*ae771770SStanislav Sedov2006-10-18 Love Hörnquist Åstrand <lha@it.su.se> 525c19800e8SDoug Rabson 526c19800e8SDoug Rabson * kuser/kgetcred.c: Avoid memory leak. 527c19800e8SDoug Rabson 528c19800e8SDoug Rabson * tools/heimdal-build.sh: Add more verbose logging, add version of 529c19800e8SDoug Rabson script and heimdal to the mail. 530c19800e8SDoug Rabson 531c19800e8SDoug Rabson * lib/hdb/db3.c: Wrap function call pointer calls in (*func) to 532c19800e8SDoug Rabson avoid macros rewriting open and close. 533c19800e8SDoug Rabson 534c19800e8SDoug Rabson * lib/krb5/Makefile.am: Add test_princ. 535c19800e8SDoug Rabson 536c19800e8SDoug Rabson * lib/krb5/principal.c: More error strings, handle realm-less 537c19800e8SDoug Rabson printing. 538c19800e8SDoug Rabson 539c19800e8SDoug Rabson * lib/krb5/test_princ.c: Test principal parsing and unparsing. 540c19800e8SDoug Rabson 541*ae771770SStanislav Sedov2006-10-17 Love Hörnquist Åstrand <lha@it.su.se> 542c19800e8SDoug Rabson 543c19800e8SDoug Rabson * lib/krb5/get_host_realm.c (krb5_get_host_realm): make sure we 544c19800e8SDoug Rabson don't recurse 545c19800e8SDoug Rabson 546c19800e8SDoug Rabson * lib/krb5/get_host_realm.c (krb5_get_host_realm): no components 547c19800e8SDoug Rabson -> no dns. no mapping, try local realm and hope KDC knows better. 548c19800e8SDoug Rabson 549c19800e8SDoug Rabson * lib/krb5/krb5.h: Add flags for krb5_unparse_name_flags 550c19800e8SDoug Rabson 551c19800e8SDoug Rabson * lib/krb5/krb5_principal.3: Document 552c19800e8SDoug Rabson krb5_unparse_name{_fixed,}_flags. 553c19800e8SDoug Rabson 554c19800e8SDoug Rabson * lib/krb5/principal.c: Add krb5_unparse_name_flags and 555c19800e8SDoug Rabson krb5_unparse_name_fixed_flags. 556c19800e8SDoug Rabson 557c19800e8SDoug Rabson * lib/krb5/krb5_principal.3: Document krb5_parse_name_flags. 558c19800e8SDoug Rabson 559c19800e8SDoug Rabson * lib/krb5/principal.c: Add krb5_parse_name_flags. 560c19800e8SDoug Rabson 561c19800e8SDoug Rabson * lib/krb5/principal.c: Add krb5_parse_name_flags. 562c19800e8SDoug Rabson 563c19800e8SDoug Rabson * lib/krb5/krb5.h: Add krb5_parse_name_flags flags. 564c19800e8SDoug Rabson 565c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Hide krb5_context_data from public 566c19800e8SDoug Rabson exposure. 567c19800e8SDoug Rabson 568c19800e8SDoug Rabson * lib/krb5/krb5.h: Hide krb5_context_data from public exposure. 569c19800e8SDoug Rabson 570c19800e8SDoug Rabson * kuser/klist.c: Use krb5_get_kdc_sec_offset. 571c19800e8SDoug Rabson 572c19800e8SDoug Rabson * lib/krb5/context.c: Document krb5_get_kdc_sec_offset() 573c19800e8SDoug Rabson 574c19800e8SDoug Rabson * lib/krb5/krb5_init_context.3: Add krb5_get_kdc_sec_offset() 575c19800e8SDoug Rabson 576c19800e8SDoug Rabson * lib/krb5/krb5_init_context.3: Add krb5_set_dns_canonize_hostname 577c19800e8SDoug Rabson and krb5_get_dns_canonize_hostname 578c19800e8SDoug Rabson 579c19800e8SDoug Rabson * lib/krb5/verify_krb5_conf.c: 580c19800e8SDoug Rabson add [libdefaults]dns_canonize_hostname 581c19800e8SDoug Rabson 582c19800e8SDoug Rabson * lib/krb5/expand_hostname.c: use dns_canonize_hostname to 583c19800e8SDoug Rabson determin if we should talk to dns to find the canonical name of 584c19800e8SDoug Rabson the host. 585c19800e8SDoug Rabson 586c19800e8SDoug Rabson * lib/krb5/krb5.h (krb5_context): add dns_canonize_hostname. 587c19800e8SDoug Rabson 588c19800e8SDoug Rabson * tools/heimdal-build.sh: Set status. 589c19800e8SDoug Rabson 590c19800e8SDoug Rabson * appl/gssmask/gssmask.c: handle more bits 591c19800e8SDoug Rabson 592c19800e8SDoug Rabson * kdc/kerberos5.c: Prefix asn1 primitives with der_. 593c19800e8SDoug Rabson 594*ae771770SStanislav Sedov2006-10-16 Love Hörnquist Åstrand <lha@it.su.se> 595c19800e8SDoug Rabson 596c19800e8SDoug Rabson * fix-export: Build lib/asn1/der-protos.h. 597c19800e8SDoug Rabson 598*ae771770SStanislav Sedov2006-10-14 Love Hörnquist Åstrand <lha@it.su.se> 599c19800e8SDoug Rabson 600c19800e8SDoug Rabson * appl/gssmask/Makefile.am: Add explit depenency on libroken. 601c19800e8SDoug Rabson 602c19800e8SDoug Rabson * kdc/krb5tgs.c: Prefix der primitives with der_. 603c19800e8SDoug Rabson 604c19800e8SDoug Rabson * kdc/pkinit.c: Prefix der primitives with der_. 605c19800e8SDoug Rabson 606c19800e8SDoug Rabson * lib/hdb/ext.c: Prefix der primitives with der_. 607c19800e8SDoug Rabson 608c19800e8SDoug Rabson * lib/hdb/ext.c: Prefix der primitives with der_. 609c19800e8SDoug Rabson 610c19800e8SDoug Rabson * lib/krb5/crypto.c: Remove workaround from when there wasn't 611c19800e8SDoug Rabson always aes. 612c19800e8SDoug Rabson 613c19800e8SDoug Rabson * lib/krb5/ticket.c: Prefix der primitives with der_. 614c19800e8SDoug Rabson 615c19800e8SDoug Rabson * lib/krb5/digest.c: Prefix der primitives with der_. 616c19800e8SDoug Rabson 617c19800e8SDoug Rabson * lib/krb5/crypto.c: Prefix der primitives with der_. 618c19800e8SDoug Rabson 619c19800e8SDoug Rabson * lib/krb5/data.c: Prefix der primitives with der_. 620c19800e8SDoug Rabson 621*ae771770SStanislav Sedov2006-10-12 Love Hörnquist Åstrand <lha@it.su.se> 622c19800e8SDoug Rabson 623c19800e8SDoug Rabson * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break. From 624c19800e8SDoug Rabson Olga Kornievskaia. 625c19800e8SDoug Rabson 626c19800e8SDoug Rabson * kdc/kdc.8: document max-kdc-datagram-reply-length 627c19800e8SDoug Rabson 628c19800e8SDoug Rabson * include/bits.c: Include Xint64 types. 629c19800e8SDoug Rabson 630*ae771770SStanislav Sedov2006-10-10 Love Hörnquist Åstrand <lha@it.su.se> 631c19800e8SDoug Rabson 632c19800e8SDoug Rabson * tools/heimdal-build.sh: Add socketwrapper and cputime limit. 633c19800e8SDoug Rabson 634c19800e8SDoug Rabson * kdc/connect.c (loop): Log that the kdc have started. 635c19800e8SDoug Rabson 636*ae771770SStanislav Sedov2006-10-09 Love Hörnquist Åstrand <lha@it.su.se> 637c19800e8SDoug Rabson 638c19800e8SDoug Rabson * kdc/connect.c (do_request): tell krb5_kdc_process_request if its 639c19800e8SDoug Rabson a datagram reply or not 640c19800e8SDoug Rabson 641c19800e8SDoug Rabson * kdc/kerberos5.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG error if its 642c19800e8SDoug Rabson a datagram reply and the datagram reply length limit is reached. 643c19800e8SDoug Rabson 644c19800e8SDoug Rabson * kdc/process.c: Rename krb5_kdc_process_generic_request to 645c19800e8SDoug Rabson krb5_kdc_process_request Add datagram_reply argument. 646c19800e8SDoug Rabson 647c19800e8SDoug Rabson * kdc/config.c: check for [kdc]max-kdc-datagram-reply-length 648c19800e8SDoug Rabson 649c19800e8SDoug Rabson * kdc/kdc.h (krb5_kdc_config): Add max_datagram_reply_length. 650c19800e8SDoug Rabson 651c19800e8SDoug Rabson * lib/hdb/keytab.c: Change || to |, From metze. 652c19800e8SDoug Rabson 653c19800e8SDoug Rabson * lib/hdb/keytab.c: Add back :file to sample format. 654c19800e8SDoug Rabson 655c19800e8SDoug Rabson * lib/hdb/keytab.c: Add more HDB_F flags to hdb_fetch. Pointed out 656c19800e8SDoug Rabson by Andrew Bartlet. 657c19800e8SDoug Rabson 658c19800e8SDoug Rabson * kdc/krb5tgs.c (tgs_parse_request): set cusec, not csec from 659c19800e8SDoug Rabson auth->cusec. 660c19800e8SDoug Rabson 661*ae771770SStanislav Sedov2006-10-08 Love Hörnquist Åstrand <lha@it.su.se> 662c19800e8SDoug Rabson 663c19800e8SDoug Rabson * fix-export: dist_-ify libkadm5clnt_la_SOURCES too 664c19800e8SDoug Rabson 665c19800e8SDoug Rabson * doc/heimdal.texi: Update (c) years. 666c19800e8SDoug Rabson 667c19800e8SDoug Rabson * appl/gssmask/protocol.h: Clarify protocol. 668c19800e8SDoug Rabson 669c19800e8SDoug Rabson * kdc/hpropd.c: Adapt to signature change of 670c19800e8SDoug Rabson _krb5_principalname2krb5_principal. 671c19800e8SDoug Rabson 672c19800e8SDoug Rabson * kdc/kerberos4.c: Adapt to signature change of 673c19800e8SDoug Rabson _krb5_principalname2krb5_principal. 674c19800e8SDoug Rabson 675c19800e8SDoug Rabson * kdc/connect.c (handle_vanilla_tcp): shorten length when we 676c19800e8SDoug Rabson shorten the buffer, this matter im the PK-INIT encKey case where a 677c19800e8SDoug Rabson checksum is done over the whole packet. Reported by Olga 678c19800e8SDoug Rabson Kornievskaia 679c19800e8SDoug Rabson 680*ae771770SStanislav Sedov2006-10-07 Love Hörnquist Åstrand <lha@it.su.se> 681c19800e8SDoug Rabson 682c19800e8SDoug Rabson * include/Makefile.am: crypto-headers.h is a nodist header 683c19800e8SDoug Rabson 684c19800e8SDoug Rabson * lib/krb5/aes-test.c: Make argument to PKCS5_PBKDF2_HMAC_SHA1 685c19800e8SDoug Rabson unsigned char to make OpenSSL happy. 686c19800e8SDoug Rabson 687c19800e8SDoug Rabson * appl/kf/Makefile.am: Add man_MANS to EXTRA_DIST 688c19800e8SDoug Rabson 689c19800e8SDoug Rabson * kuser/Makefile.am: split build files into dist_ and noinst_ 690c19800e8SDoug Rabson SOURCES 691c19800e8SDoug Rabson 692c19800e8SDoug Rabson * lib/hdb/Makefile.am: split build files into dist_ and noinst_ 693c19800e8SDoug Rabson SOURCES 694c19800e8SDoug Rabson 695c19800e8SDoug Rabson * lib/krb5/Makefile.am: split build files into dist_ and noinst_ 696c19800e8SDoug Rabson SOURCES 697c19800e8SDoug Rabson 698c19800e8SDoug Rabson * kdc/kerberos5.c: Adapt to signature change of 699c19800e8SDoug Rabson _krb5_principalname2krb5_principal. 700c19800e8SDoug Rabson 701*ae771770SStanislav Sedov2006-10-06 Love Hörnquist Åstrand <lha@it.su.se> 702c19800e8SDoug Rabson 703c19800e8SDoug Rabson * lib/krb5/krbhst.c (common_init): don't try DNS when there is 704c19800e8SDoug Rabson realm w/o a dot. 705c19800e8SDoug Rabson 706c19800e8SDoug Rabson * kdc/524.c: Adapt to signature change of 707c19800e8SDoug Rabson _krb5_principalname2krb5_principal. 708c19800e8SDoug Rabson 709c19800e8SDoug Rabson * kdc/krb5tgs.c: Adapt to signature change of 710c19800e8SDoug Rabson _krb5_principalname2krb5_principal. 711c19800e8SDoug Rabson 712c19800e8SDoug Rabson * lib/krb5/get_in_tkt.c: Adapt to signature change of 713c19800e8SDoug Rabson _krb5_principalname2krb5_principal. 714c19800e8SDoug Rabson 715c19800e8SDoug Rabson * lib/krb5/rd_cred.c: Adapt to signature change of 716c19800e8SDoug Rabson _krb5_principalname2krb5_principal. 717c19800e8SDoug Rabson 718c19800e8SDoug Rabson * lib/krb5/rd_req.c: Adapt to signature change of 719c19800e8SDoug Rabson _krb5_principalname2krb5_principal. 720c19800e8SDoug Rabson 721c19800e8SDoug Rabson * lib/krb5/asn1_glue.c (_krb5_principalname2krb5_principal): add 722c19800e8SDoug Rabson krb5_context to signature. 723c19800e8SDoug Rabson 724c19800e8SDoug Rabson * kdc/524.c (_krb5_principalname2krb5_principal): adapt to 725c19800e8SDoug Rabson signature change 726c19800e8SDoug Rabson 727c19800e8SDoug Rabson * lib/hdb/keytab.c (hdb_get_entry): close and destroy the database 728c19800e8SDoug Rabson later, the hdb_entry_ex might still contain links to the database 729c19800e8SDoug Rabson that it expects to use. 730c19800e8SDoug Rabson 731c19800e8SDoug Rabson * kdc/digest.c: Make digest argument o MD5_final unsigned char to 732c19800e8SDoug Rabson help OpenSSL. 733c19800e8SDoug Rabson 734c19800e8SDoug Rabson * kuser/kdigest.c: Make digest argument o MD5_final unsigned char 735c19800e8SDoug Rabson to help OpenSSL. 736c19800e8SDoug Rabson 737c19800e8SDoug Rabson * appl/gssmask/common.h: Maybe include <sys/wait.h>. 738c19800e8SDoug Rabson 739*ae771770SStanislav Sedov2006-10-05 Love Hörnquist Åstrand <lha@it.su.se> 740c19800e8SDoug Rabson 741c19800e8SDoug Rabson * appl/gssmask/common.h: disable ENABLE_PTHREAD_SUPPORT and 742c19800e8SDoug Rabson explain why 743c19800e8SDoug Rabson 744c19800e8SDoug Rabson * tools/heimdal-build.sh: Another mail header. 745c19800e8SDoug Rabson 746c19800e8SDoug Rabson * tools/heimdal-build.sh: small fixes 747c19800e8SDoug Rabson 748c19800e8SDoug Rabson * fix-export: More liberal parsing of AC_INIT 749c19800e8SDoug Rabson 750c19800e8SDoug Rabson * tools/heimdal-build.sh: first cut 751c19800e8SDoug Rabson 752*ae771770SStanislav Sedov2006-10-04 Love Hörnquist Åstrand <lha@it.su.se> 753c19800e8SDoug Rabson 754c19800e8SDoug Rabson * configure.in: Call AB_INIT. 755c19800e8SDoug Rabson 756c19800e8SDoug Rabson * kuser/kinit.c: Add flag --pk-use-enckey. 757c19800e8SDoug Rabson 758c19800e8SDoug Rabson * kdc/pkinit.c: Sign the request in the encKey case. Bug reported 759c19800e8SDoug Rabson by Olga Kornievskaia of Umich. 760c19800e8SDoug Rabson 761c19800e8SDoug Rabson * lib/krb5/Makefile.am: man_MANS += krb5_digest.3 762c19800e8SDoug Rabson 763c19800e8SDoug Rabson * lib/krb5/krb5_digest.3: Add all protos 764c19800e8SDoug Rabson 765*ae771770SStanislav Sedov2006-10-03 Love Hörnquist Åstrand <lha@it.su.se> 766c19800e8SDoug Rabson 767c19800e8SDoug Rabson * lib/krb5/krb5_digest.3: Basic krb5_digest manpage. 768c19800e8SDoug Rabson 769*ae771770SStanislav Sedov2006-10-02 Love Hörnquist Åstrand <lha@it.su.se> 770c19800e8SDoug Rabson 771c19800e8SDoug Rabson * fix-export: build gssapi mech private files 772c19800e8SDoug Rabson 773c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: minimize layering and remove 774c19800e8SDoug Rabson krb5_kdc_flags 775c19800e8SDoug Rabson 776c19800e8SDoug Rabson * lib/krb5/get_in_tkt.c: Always use the kdc_flags in the right bit 777c19800e8SDoug Rabson order. 778c19800e8SDoug Rabson 779c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: Always use the kdc_flags in the right 780c19800e8SDoug Rabson bit order. 781c19800e8SDoug Rabson 782c19800e8SDoug Rabson * kuser/kdigest.c: Don't require --kerberos-realm. 783c19800e8SDoug Rabson 784c19800e8SDoug Rabson * lib/krb5/digest.c (digest_request): if NULL is passed in as 785c19800e8SDoug Rabson realm, use default realm. 786c19800e8SDoug Rabson 787c19800e8SDoug Rabson * fix-export: build gssapi mech private files 788c19800e8SDoug Rabson 789*ae771770SStanislav Sedov2006-09-26 Love Hörnquist Åstrand <lha@it.su.se> 790c19800e8SDoug Rabson 791c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: Handle FIRST_CALL in the context 792c19800e8SDoug Rabson building, better error handling. 793c19800e8SDoug Rabson 794c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: switch from wrap/unwrap to 795c19800e8SDoug Rabson encrypt/decrypt 796c19800e8SDoug Rabson 797c19800e8SDoug Rabson * appl/gssmask/gssmask.c: Don't announce spn if there is none. 798c19800e8SDoug Rabson 799c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: Check that the pre-wrapped data is 800c19800e8SDoug Rabson the same as afterward. 801c19800e8SDoug Rabson 802*ae771770SStanislav Sedov2006-09-25 Love Hörnquist Åstrand <lha@it.su.se> 803c19800e8SDoug Rabson 804c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: Remove stray GSS_C_DCE_STYLE. 805c19800e8SDoug Rabson 806c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: Add logsocket support. 807c19800e8SDoug Rabson 808*ae771770SStanislav Sedov2006-09-22 Love Hörnquist Åstrand <lha@it.su.se> 809c19800e8SDoug Rabson 810c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c (build_context): print the step the 811c19800e8SDoug Rabson context exchange. 812c19800e8SDoug Rabson 813*ae771770SStanislav Sedov2006-09-21 Love Hörnquist Åstrand <lha@it.su.se> 814c19800e8SDoug Rabson 815c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: Add GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG 816c19800e8SDoug Rabson to all context flags 817c19800e8SDoug Rabson 818c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: Add wrap and mic tests for all 819c19800e8SDoug Rabson elements 820c19800e8SDoug Rabson 821c19800e8SDoug Rabson * appl/gssmask/gssmask.c: Add mic tests 822c19800e8SDoug Rabson 823c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: dont exit early then when context 824c19800e8SDoug Rabson is half built. 825c19800e8SDoug Rabson 826c19800e8SDoug Rabson * lib/krb5/rd_req.c: disable ETypeList parsing usage for now, cfx 827c19800e8SDoug Rabson seems broken and its not good to upgrade to a broken enctype. 828c19800e8SDoug Rabson 829*ae771770SStanislav Sedov2006-09-20 Love Hörnquist Åstrand <lha@it.su.se> 830c19800e8SDoug Rabson 831c19800e8SDoug Rabson * appl/gssmask/gssmask.c: Add wrap/unwrap ops 832c19800e8SDoug Rabson 833c19800e8SDoug Rabson * appl/gssmask/protocol.h: Add eGetVersionAndCapabilities flags 834c19800e8SDoug Rabson 835c19800e8SDoug Rabson * appl/gssmask/common.c: Add permutate_all (and support 836c19800e8SDoug Rabson functions). 837c19800e8SDoug Rabson 838c19800e8SDoug Rabson * appl/gssmask/common.h: Add permutate_all 839c19800e8SDoug Rabson 840c19800e8SDoug Rabson * appl/gssmask/gssmask.c: use new flags, return moniker 841c19800e8SDoug Rabson 842c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: test self context building and all 843c19800e8SDoug Rabson permutation of clients 844c19800e8SDoug Rabson 845*ae771770SStanislav Sedov2006-09-19 Love Hörnquist Åstrand <lha@it.su.se> 846c19800e8SDoug Rabson 847c19800e8SDoug Rabson * appl/gssmask/gssmask.c: add --logfile option, use htons() on 848c19800e8SDoug Rabson port number 849c19800e8SDoug Rabson 850c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: Log port in connection message. 851c19800e8SDoug Rabson 852c19800e8SDoug Rabson * configure.in: Make pk-init turned on by default. 853c19800e8SDoug Rabson 854*ae771770SStanislav Sedov2006-09-18 Love Hörnquist Åstrand <lha@it.su.se> 855c19800e8SDoug Rabson 856c19800e8SDoug Rabson * fix-export: Build lib/hx509/{hx509-protos.h,hx509-private.h}. 857c19800e8SDoug Rabson 858c19800e8SDoug Rabson * kuser/Makefile.am: Add tool for printing tickets. 859c19800e8SDoug Rabson 860c19800e8SDoug Rabson * kuser/kimpersonate.1: Add tool for printing tickets. 861c19800e8SDoug Rabson 862c19800e8SDoug Rabson * kuser/kimpersonate.c: Add tool for printing tickets. 863c19800e8SDoug Rabson 864c19800e8SDoug Rabson * kdc/krb5tgs.c: Check the adtkt in the constrained delegation 865c19800e8SDoug Rabson case too. 866c19800e8SDoug Rabson 867*ae771770SStanislav Sedov2006-09-16 Love Hörnquist Åstrand <lha@it.su.se> 868c19800e8SDoug Rabson 869c19800e8SDoug Rabson * kdc/main.c (sigterm): don't _exit, let loop() catch the signal 870c19800e8SDoug Rabson instead. 871c19800e8SDoug Rabson 872*ae771770SStanislav Sedov * lib/krb5/krb5_timeofday.3: Fixes from Björn Sandell. 873c19800e8SDoug Rabson 874*ae771770SStanislav Sedov * lib/krb5/krb5_get_init_creds.3: Fixes from Björn Sandell. 875c19800e8SDoug Rabson 876*ae771770SStanislav Sedov2006-09-15 Love Hörnquist Åstrand <lha@it.su.se> 877c19800e8SDoug Rabson 878c19800e8SDoug Rabson * tools/krb5-config.in: Add "kafs" option. 879c19800e8SDoug Rabson 880*ae771770SStanislav Sedov2006-09-12 Love Hörnquist Åstrand <lha@it.su.se> 881c19800e8SDoug Rabson 882c19800e8SDoug Rabson * lib/hdb/db.c: By using full function calling conversion (*func) 883c19800e8SDoug Rabson we avoid problem when close(fd) is overridden using a macro. 884c19800e8SDoug Rabson 885c19800e8SDoug Rabson * lib/krb5/cache.c: By using full function calling 886c19800e8SDoug Rabson conversion (*func) we avoid problem when close(fd) is overridden 887c19800e8SDoug Rabson using a macro. 888c19800e8SDoug Rabson 889*ae771770SStanislav Sedov2006-09-11 Love Hörnquist Åstrand <lha@it.su.se> 890c19800e8SDoug Rabson 891c19800e8SDoug Rabson * kdc/kerberos5.c: Signing outgoing tickets. 892c19800e8SDoug Rabson 893c19800e8SDoug Rabson * kdc/krb5tgs.c: Add signing and checking of tickets to s4u2self 894c19800e8SDoug Rabson works securely. 895c19800e8SDoug Rabson 896c19800e8SDoug Rabson * lib/krb5/pkinit.c: Adapt to new signature of 897c19800e8SDoug Rabson hx509_cms_unenvelope. 898c19800e8SDoug Rabson 899*ae771770SStanislav Sedov2006-09-09 Love Hörnquist Åstrand <lha@it.su.se> 900c19800e8SDoug Rabson 901c19800e8SDoug Rabson * lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a 902c19800e8SDoug Rabson sensable way 903c19800e8SDoug Rabson 904*ae771770SStanislav Sedov2006-09-08 Love Hörnquist Åstrand <lha@it.su.se> 905c19800e8SDoug Rabson 906c19800e8SDoug Rabson * lib/krb5/krb5_init_context.3: Prevent a font generation warning, 907c19800e8SDoug Rabson from Jason McIntyre. 908c19800e8SDoug Rabson 909*ae771770SStanislav Sedov2006-09-06 Love Hörnquist Åstrand <lha@it.su.se> 910c19800e8SDoug Rabson 911c19800e8SDoug Rabson * lib/krb5/context.c (krb5_init_ets): Add the hx errortable 912c19800e8SDoug Rabson 913c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Include hx509_err.h. 914c19800e8SDoug Rabson 915c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string 916c19800e8SDoug Rabson from the hx509 lib 917c19800e8SDoug Rabson 918*ae771770SStanislav Sedov2006-09-04 Love Hörnquist Åstrand <lha@it.su.se> 919c19800e8SDoug Rabson 920c19800e8SDoug Rabson * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): 921c19800e8SDoug Rabson fix argument to krb5_get_init_creds_opt_set_addressless. 922c19800e8SDoug Rabson 923c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (init_cred_loop): try to catch the 924c19800e8SDoug Rabson error when we actually have an error to catch. 925c19800e8SDoug Rabson 926c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: Remove debug printfs. 927c19800e8SDoug Rabson 928c19800e8SDoug Rabson * kuser/kinit.c: Remove debug printf 929c19800e8SDoug Rabson 930c19800e8SDoug Rabson * lib/krb5/krb5_get_init_creds.3: Document 931c19800e8SDoug Rabson krb5_get_init_creds_opt_set_addressless. 932c19800e8SDoug Rabson 933c19800e8SDoug Rabson * kuser/kinit.c: Use new function 934c19800e8SDoug Rabson krb5_get_init_creds_opt_set_addressless. 935c19800e8SDoug Rabson 936c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: use new addressless, convert pa-pac option 937c19800e8SDoug Rabson to use the same tri-state option as the new addressless option. 938c19800e8SDoug Rabson 939c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: use new addressless, convert pa-pac 940c19800e8SDoug Rabson option to use the same tri-state option as the new addressless 941c19800e8SDoug Rabson option. 942c19800e8SDoug Rabson 943c19800e8SDoug Rabson * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_addressless): 944c19800e8SDoug Rabson used to control the address-lessness of the initial tickets 945c19800e8SDoug Rabson instead of passing in the empty set of address into 946c19800e8SDoug Rabson krb5_get_init_creds_opt_set_addresses. 947c19800e8SDoug Rabson 948*ae771770SStanislav Sedov2006-09-01 Love Hörnquist Åstrand <lha@it.su.se> 949c19800e8SDoug Rabson 950c19800e8SDoug Rabson * kuser/kinit.c (renew_validate): inherit the proxiable and 951c19800e8SDoug Rabson forwardable from the orignal ticket, pointed out by Bernard 952c19800e8SDoug Rabson Antoine of CERN. 953c19800e8SDoug Rabson 954c19800e8SDoug Rabson * doc/setup.texi: More text about the acl_file entry and 955*ae771770SStanislav Sedov hdb-ldap-structural-object. From Rüdiger Ranft. 956c19800e8SDoug Rabson 957c19800e8SDoug Rabson * lib/krb5/krbhst.c (fallback_get_hosts): limit the fallback 958c19800e8SDoug Rabson lookups to 5. Patch from Wesley Craig, umich.edu 959c19800e8SDoug Rabson 960c19800e8SDoug Rabson * configure.in: Add special tests for <sys/ucred.h>, include test 961c19800e8SDoug Rabson for sys/param.h and sys/types.h 962c19800e8SDoug Rabson 963c19800e8SDoug Rabson * appl/test/tcp_server.c (proto): use keytab for krb5_recvauth 964c19800e8SDoug Rabson Patch from Ingemar Nilsson <init@pdc.kth.se> 965c19800e8SDoug Rabson 966*ae771770SStanislav Sedov2006-08-28 Love Hörnquist Åstrand <lha@it.su.se> 967c19800e8SDoug Rabson 968c19800e8SDoug Rabson * kuser/kdigest.c (help): use sl_slc_help(). 969c19800e8SDoug Rabson 970c19800e8SDoug Rabson * kdc/digest.c: Catch more error, add SASL DIGEST MD5. 971c19800e8SDoug Rabson 972c19800e8SDoug Rabson * lib/krb5/digest.c: Catch more error. 973c19800e8SDoug Rabson 974*ae771770SStanislav Sedov2006-08-25 Love Hörnquist Åstrand <lha@it.su.se> 975c19800e8SDoug Rabson 976c19800e8SDoug Rabson * doc/setup.texi: language. 977c19800e8SDoug Rabson 978c19800e8SDoug Rabson * doc/heimdal.texi: Add last updated text. 979c19800e8SDoug Rabson 980c19800e8SDoug Rabson * doc/heimdal.css: make box around heimdal title 981c19800e8SDoug Rabson 982c19800e8SDoug Rabson * doc/heimdal.css: Inital Heimdal css for the info manual 983c19800e8SDoug Rabson 984c19800e8SDoug Rabson * lib/krb5/digest.c: In the case where we get a DigestError back, 985c19800e8SDoug Rabson save the error string and code. 986c19800e8SDoug Rabson 987*ae771770SStanislav Sedov2006-08-24 Love Hörnquist Åstrand <lha@it.su.se> 988c19800e8SDoug Rabson 989c19800e8SDoug Rabson * kdc/kerberos5.c: Remove _kdc_find_etype(), its no longer used. 990c19800e8SDoug Rabson 991c19800e8SDoug Rabson * kdc/digest.c: Remove local error label and have just one exit 992c19800e8SDoug Rabson label, set error strings properly. 993c19800e8SDoug Rabson 994c19800e8SDoug Rabson * kdc/digest.c: Simply the disabled-service case. Check the 995c19800e8SDoug Rabson allow-digest flag in the HDB entry for the client. 996c19800e8SDoug Rabson 997c19800e8SDoug Rabson * kdc/process.c (krb5_kdc_process_generic_request): check if we 998c19800e8SDoug Rabson got a digest request and process it. 999c19800e8SDoug Rabson 1000c19800e8SDoug Rabson * kdc/main.c: Register hdb keytab operations. 1001c19800e8SDoug Rabson 1002c19800e8SDoug Rabson * kdc/kdc.8: document [kdc]enable-digest=boolean 1003c19800e8SDoug Rabson 1004c19800e8SDoug Rabson * kdc/Makefile.am: add digest to libkdc 1005c19800e8SDoug Rabson 1006c19800e8SDoug Rabson * kdc/digest.c: Make a return a goto to avoid freeing un-inited 1007c19800e8SDoug Rabson memory in cleanup code. 1008c19800e8SDoug Rabson 1009c19800e8SDoug Rabson * kdc/default_config.c (krb5_kdc_default_config): default to all 1010c19800e8SDoug Rabson bits set to zero. 1011c19800e8SDoug Rabson 1012c19800e8SDoug Rabson * kdc/kdc.h (krb5_kdc_configuration): Add enable_digest 1013c19800e8SDoug Rabson 1014c19800e8SDoug Rabson * kdc/headers.h: Include <digest_asn1.h>. 1015c19800e8SDoug Rabson 1016c19800e8SDoug Rabson * lib/krb5/context.c (krb5_kerberos_enctypes): new function, 1017c19800e8SDoug Rabson returns the list of Kerberos encryption types sorted in order of 1018c19800e8SDoug Rabson most preferred to least preferred encryption type. 1019c19800e8SDoug Rabson 1020c19800e8SDoug Rabson * kdc/misc.c (_kdc_get_preferred_key): new function, Use the order 1021c19800e8SDoug Rabson list of preferred encryption types and sort the available keys and 1022c19800e8SDoug Rabson return the most preferred key. 1023c19800e8SDoug Rabson 1024c19800e8SDoug Rabson * kdc/krb5tgs.c: Adapt to the new sigature of _kdc_find_keys(). 1025c19800e8SDoug Rabson 1026c19800e8SDoug Rabson * kdc/kerberos5.c: Handle session key etype separately from the 1027c19800e8SDoug Rabson tgt etype, now the krbtgt can be a aes-only key without the need 1028c19800e8SDoug Rabson to support not-as-good etypes for the krbtgt. 1029c19800e8SDoug Rabson 1030*ae771770SStanislav Sedov2006-08-23 Love Hörnquist Åstrand <lha@it.su.se> 1031c19800e8SDoug Rabson 1032c19800e8SDoug Rabson * kdc/misc.c: Change _kdc_db_fetch() to return the database 1033c19800e8SDoug Rabson pointer to if needed by the consumer. 1034c19800e8SDoug Rabson 1035c19800e8SDoug Rabson * kdc/krb5tgs.c: Change _kdc_db_fetch() to return the database 1036c19800e8SDoug Rabson pointer to if needed by the consumer. 1037c19800e8SDoug Rabson 1038c19800e8SDoug Rabson * kdc/kerberos5.c: Change _kdc_db_fetch() to return the database 1039c19800e8SDoug Rabson pointer to if needed by the consumer. 1040c19800e8SDoug Rabson 1041c19800e8SDoug Rabson * kdc/kerberos4.c: Change _kdc_db_fetch() to return the database 1042c19800e8SDoug Rabson pointer to if needed by the consumer. 1043c19800e8SDoug Rabson 1044c19800e8SDoug Rabson * kdc/kaserver.c: Change _kdc_db_fetch() to return the database 1045c19800e8SDoug Rabson pointer to if needed by the consumer. 1046c19800e8SDoug Rabson 1047c19800e8SDoug Rabson * kdc/524.c: Change _kdc_db_fetch() to return the database pointer 1048c19800e8SDoug Rabson to if needed by the consumer. 1049c19800e8SDoug Rabson 1050c19800e8SDoug Rabson * kuser/kdigest-commands.in: Add --kerberos-realm, add client 1051c19800e8SDoug Rabson request command. 1052c19800e8SDoug Rabson 1053c19800e8SDoug Rabson * lib/krb5/Makefile.am: digest.c 1054c19800e8SDoug Rabson 1055c19800e8SDoug Rabson * lib/krb5/krb5.h: Add digest glue. 1056c19800e8SDoug Rabson 1057c19800e8SDoug Rabson * lib/krb5/digest.c (krb5_digest_set_authentication_user): use 1058c19800e8SDoug Rabson krb5_principal 1059c19800e8SDoug Rabson 1060c19800e8SDoug Rabson * lib/krb5/digest.c: Add digest support to the client side. 1061c19800e8SDoug Rabson 1062*ae771770SStanislav Sedov2006-08-21 Love Hörnquist Åstrand <lha@it.kth.se> 1063c19800e8SDoug Rabson 1064c19800e8SDoug Rabson * lib/krb5/rd_rep.c (krb5_rd_rep): free krb5_ap_rep_enc_part on 1065c19800e8SDoug Rabson error and set return pointer to NULL 1066c19800e8SDoug Rabson (krb5_free_ap_rep_enc_part): permit freeing of NULL 1067c19800e8SDoug Rabson 1068*ae771770SStanislav Sedov2006-08-18 Love Hörnquist Åstrand <lha@it.kth.se> 1069c19800e8SDoug Rabson 1070c19800e8SDoug Rabson * kdc/{Makefile.am,kdigest.c,kdigest-commands.in}: 1071c19800e8SDoug Rabson Frontend for remote digest service in KDC 1072c19800e8SDoug Rabson 1073c19800e8SDoug Rabson * lib/krb5/krb5_storage.3: Document krb5_{ret,store}_stringnl 1074c19800e8SDoug Rabson functions. 1075c19800e8SDoug Rabson 1076c19800e8SDoug Rabson * lib/krb5/store.c: Add krb5_{ret,store}_stringnl functions, 1077c19800e8SDoug Rabson stores/retrieves a \n terminated string. 1078c19800e8SDoug Rabson 1079c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Default to address-less tickets. 1080c19800e8SDoug Rabson 1081c19800e8SDoug Rabson * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): clear 1082c19800e8SDoug Rabson error string on error. 1083c19800e8SDoug Rabson 1084*ae771770SStanislav Sedov2006-07-20 Love Hörnquist Åstrand <lha@it.su.se> 1085c19800e8SDoug Rabson 1086c19800e8SDoug Rabson * lib/krb5/crypto.c: remove aes-192 (CMS) 1087c19800e8SDoug Rabson 1088c19800e8SDoug Rabson * lib/krb5/crypto.c: Remove more CMS bits. 1089c19800e8SDoug Rabson 1090c19800e8SDoug Rabson * lib/krb5/crypto.c: Remove CMS symmetric encryption support. 1091c19800e8SDoug Rabson 1092*ae771770SStanislav Sedov2006-07-13 Love Hörnquist Åstrand <lha@it.su.se> 1093c19800e8SDoug Rabson 1094c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_pk_check_client): make it not crash when 1095c19800e8SDoug Rabson there are no acl 1096c19800e8SDoug Rabson 1097c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_pk_check_client): use the acl in the kerberos 1098c19800e8SDoug Rabson database 1099c19800e8SDoug Rabson 1100c19800e8SDoug Rabson * lib/hdb/hdb.asn1: Rename HDB-Ext-PKINIT-certificate to 1101c19800e8SDoug Rabson HDB-Ext-PKINIT-hash. Add trust anchor to HDB-Ext-PKINIT-acl. 1102c19800e8SDoug Rabson 1103c19800e8SDoug Rabson * lib/hdb/Makefile.am: rename asn1_HDB_Ext_PKINIT_certificate to 1104c19800e8SDoug Rabson asn1_HDB_Ext_PKINIT_hash 1105c19800e8SDoug Rabson 1106c19800e8SDoug Rabson * lib/hdb/ext.c: Add hdb_entry_get_pkinit_hash(). 1107c19800e8SDoug Rabson 1108*ae771770SStanislav Sedov2006-07-10 Love Hörnquist Åstrand <lha@it.su.se> 1109c19800e8SDoug Rabson 1110c19800e8SDoug Rabson * kuser/kinit.c: If --password-file gets STDIN, read the password 1111c19800e8SDoug Rabson from the standard input. 1112c19800e8SDoug Rabson 1113c19800e8SDoug Rabson * kuser/kinit.1: Document --password-file=STDIN. 1114c19800e8SDoug Rabson 1115c19800e8SDoug Rabson * lib/krb5/krb5_string_to_key.3: Remove duplicate to. 1116c19800e8SDoug Rabson 1117*ae771770SStanislav Sedov2006-07-06 Love Hörnquist Åstrand <lha@it.su.se> 1118c19800e8SDoug Rabson 1119c19800e8SDoug Rabson * kdc/krb5tgs.c: (tgs_build_reply): when checking for removed 1120c19800e8SDoug Rabson principals, check the second component of the krbtgt, otherwise 1121c19800e8SDoug Rabson cross realm wont work. Prompted by report from Mattias Amnefelt. 1122c19800e8SDoug Rabson 1123*ae771770SStanislav Sedov2006-07-05 Love Hörnquist Åstrand <lha@it.su.se> 1124c19800e8SDoug Rabson 1125c19800e8SDoug Rabson * kdc/connect.c (handle_vanilla_tcp): use unsigned integer for for 1126c19800e8SDoug Rabson length 1127c19800e8SDoug Rabson (handle_tcp): if the high bit it set in the unknown case, send 1128c19800e8SDoug Rabson back a KRB_ERR_FIELD_TOOLONG 1129c19800e8SDoug Rabson 1130*ae771770SStanislav Sedov2006-07-03 Love Hörnquist Åstrand <lha@it.su.se> 1131c19800e8SDoug Rabson 1132c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: Add get_version_capa, cache 1133c19800e8SDoug Rabson target_name. 1134c19800e8SDoug Rabson 1135c19800e8SDoug Rabson * appl/gssmask/gssmask.c: use utname() to find the local hostname 1136c19800e8SDoug Rabson and version of operatingsystem 1137c19800e8SDoug Rabson 1138c19800e8SDoug Rabson * appl/gssmask/common.h: include <sys/utsname.h> 1139c19800e8SDoug Rabson 1140c19800e8SDoug Rabson * appl/gssmask/gssmask.c: break out creation of a client and make 1141c19800e8SDoug Rabson handleServer pthread_create compatible 1142c19800e8SDoug Rabson 1143c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: break out out the build context 1144c19800e8SDoug Rabson function 1145c19800e8SDoug Rabson 1146*ae771770SStanislav Sedov2006-07-01 Love Hörnquist Åstrand <lha@it.su.se> 1147c19800e8SDoug Rabson 1148c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: externalize slave handling, add 1149c19800e8SDoug Rabson GetTargetName glue 1150c19800e8SDoug Rabson 1151c19800e8SDoug Rabson * appl/gssmask/gssmaestro.c: externalize principal/password handling 1152c19800e8SDoug Rabson 1153c19800e8SDoug Rabson * lib/krb5/principal.c (krb5_parse_name): set *principal to NULL 1154c19800e8SDoug Rabson the first thing we do, so that on failure its set to a known value 1155c19800e8SDoug Rabson 1156c19800e8SDoug Rabson * appl/gssmask/gssmask.c: AcquireCreds: set principal to NULL to 1157c19800e8SDoug Rabson avoid memory corruption GetTargetName: always send a string, even 1158c19800e8SDoug Rabson though we don't have a targetname 1159c19800e8SDoug Rabson 1160c19800e8SDoug Rabson * appl/gssmask: break out common function; add gssmaestro (that 1161c19800e8SDoug Rabson only tests one context for now) 1162c19800e8SDoug Rabson 1163*ae771770SStanislav Sedov2006-06-30 Love Hörnquist Åstrand <lha@it.su.se> 1164c19800e8SDoug Rabson 1165c19800e8SDoug Rabson * lib/krb5/store_fd.c (krb5_storage_from_fd): don't leak fd on 1166c19800e8SDoug Rabson malloc failure 1167c19800e8SDoug Rabson 1168c19800e8SDoug Rabson * appl/gssmask/gssmask.c: split out fetching of credentials for 1169c19800e8SDoug Rabson easier reuse for pk-init testing 1170c19800e8SDoug Rabson 1171c19800e8SDoug Rabson * appl/gssmask: maggot replacement, handles context testing 1172c19800e8SDoug Rabson 1173c19800e8SDoug Rabson * lib/krb5/cache.c (krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME 1174c19800e8SDoug Rabson as the default prefix 1175c19800e8SDoug Rabson 1176*ae771770SStanislav Sedov2006-06-28 Love Hörnquist Åstrand <lha@it.su.se> 1177c19800e8SDoug Rabson 1178c19800e8SDoug Rabson * doc/heimdal.texi: Add Doug Rabson's license 1179c19800e8SDoug Rabson 1180*ae771770SStanislav Sedov2006-06-22 Love Hörnquist Åstrand <lha@it.su.se> 1181c19800e8SDoug Rabson 1182c19800e8SDoug Rabson * lib/krb5/init_creds.c: Add storing and getting KRB-ERROR in the 1183c19800e8SDoug Rabson krb5_get_init_creds_opt structure. 1184c19800e8SDoug Rabson 1185c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: Save KRB-ERROR on error. 1186c19800e8SDoug Rabson 1187c19800e8SDoug Rabson * lib/krb5/krb5_locl.h (_krb5_get_init_creds_opt_private): add 1188c19800e8SDoug Rabson KRB-ERROR 1189c19800e8SDoug Rabson 1190*ae771770SStanislav Sedov2006-06-21 Love Hörnquist Åstrand <lha@it.su.se> 1191c19800e8SDoug Rabson 1192c19800e8SDoug Rabson * doc/setup.texi: section about verify_krb5_conf and kadmin check 1193c19800e8SDoug Rabson 1194*ae771770SStanislav Sedov2006-06-15 Love Hörnquist Åstrand <lha@it.su.se> 1195c19800e8SDoug Rabson 1196c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (get_init_creds_common): drop cred 1197c19800e8SDoug Rabson argument, its unused 1198c19800e8SDoug Rabson 1199c19800e8SDoug Rabson * lib/krb5/Makefile.am: install krb5_get_creds.3 1200c19800e8SDoug Rabson 1201c19800e8SDoug Rabson * lib/krb5/krb5_get_creds.3: new file 1202c19800e8SDoug Rabson 1203*ae771770SStanislav Sedov2006-06-14 Love Hörnquist Åstrand <lha@it.su.se> 1204c19800e8SDoug Rabson 1205c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: don't use the sambaNTPassword if there is 1206c19800e8SDoug Rabson ARCFOUR key already. Idea from Andreas Hasenack. While here, set 1207c19800e8SDoug Rabson pw change time using sambaPwdLastSet 1208c19800e8SDoug Rabson 1209c19800e8SDoug Rabson * kdc/kerberos4.c: Use enable_v4_per_principal and check the new 1210c19800e8SDoug Rabson hdb flag. 1211c19800e8SDoug Rabson 1212c19800e8SDoug Rabson * kdc/kdc.h: Add enable_v4_per_principal 1213c19800e8SDoug Rabson 1214*ae771770SStanislav Sedov2006-06-12 Love Hörnquist Åstrand <lha@it.su.se> 1215c19800e8SDoug Rabson 1216c19800e8SDoug Rabson * kdc/kerberos5.c (_kdc_as_rep): if kdc_time + 1217c19800e8SDoug Rabson config->kdc_warn_pwexpire is past pw_end, add expiration 1218c19800e8SDoug Rabson message. From Bernard Antoine. 1219c19800e8SDoug Rabson 1220c19800e8SDoug Rabson * kdc/default_config.c (krb5_kdc_default_config): set 1221c19800e8SDoug Rabson kdc_warn_pwexpire to 0 1222c19800e8SDoug Rabson 1223c19800e8SDoug Rabson * kdc/kerberos5.c: indent. 1224c19800e8SDoug Rabson 1225*ae771770SStanislav Sedov2006-06-07 Love Hörnquist Åstrand <lha@it.su.se> 1226c19800e8SDoug Rabson 1227c19800e8SDoug Rabson * kdc/kerberos5.c: constify 1228c19800e8SDoug Rabson 1229*ae771770SStanislav Sedov2006-06-06 Love Hörnquist Åstrand <lha@it.su.se> 1230c19800e8SDoug Rabson 1231c19800e8SDoug Rabson * lib/krb5/get_cred.c: Allow setting additional tickets in the 1232c19800e8SDoug Rabson tgs-req 1233c19800e8SDoug Rabson 1234c19800e8SDoug Rabson * kuser/kgetcred.c: add --delegation-credential-cache 1235c19800e8SDoug Rabson 1236c19800e8SDoug Rabson * kdc/krb5tgs.c (tgs_build_reply): add constrained delegation. 1237c19800e8SDoug Rabson 1238c19800e8SDoug Rabson * kdc/krb5tgs.c: Add impersonation. 1239c19800e8SDoug Rabson 1240c19800e8SDoug Rabson * kuser/kgetcred.c: use new krb5_get_creds interface, add 1241c19800e8SDoug Rabson impersonation. 1242c19800e8SDoug Rabson 1243c19800e8SDoug Rabson * lib/krb5/get_cred.c (krb5_get_creds): add 1244c19800e8SDoug Rabson KRB5_GC_NO_TRANSIT_CHECK 1245c19800e8SDoug Rabson 1246c19800e8SDoug Rabson * lib/krb5/misc.c: Add impersonate support functions. 1247c19800e8SDoug Rabson 1248c19800e8SDoug Rabson * lib/krb5/get_cred.c: Add impersonate and new krb5_get_creds interface. 1249c19800e8SDoug Rabson 1250c19800e8SDoug Rabson * lib/hdb/hdb.asn1 (HDBFlags): add trusted-for-delegation 1251c19800e8SDoug Rabson 1252c19800e8SDoug Rabson * lib/krb5/krb5.h: Add krb5_get_creds_opt_data and some more 1253c19800e8SDoug Rabson KRB5_GC flags. 1254c19800e8SDoug Rabson 1255*ae771770SStanislav Sedov2006-06-01 Love Hörnquist Åstrand <lha@it.su.se> 1256c19800e8SDoug Rabson 1257c19800e8SDoug Rabson * lib/hdb/ext.c (hdb_entry_get_ConstrainedDelegACL): new function. 1258c19800e8SDoug Rabson 1259c19800e8SDoug Rabson * lib/krb5/pkinit.c: Avoid more shadowing. 1260c19800e8SDoug Rabson 1261c19800e8SDoug Rabson * kdc/connect.c (do_request): clean reply with krb5_data_zero 1262c19800e8SDoug Rabson 1263c19800e8SDoug Rabson * kdc/krb5tgs.c: Split up the reverse cross krbtgt check and local 1264c19800e8SDoug Rabson clien must exists test. 1265c19800e8SDoug Rabson 1266c19800e8SDoug Rabson * kdc/krb5tgs.c: Plug old memory leaks, unify all goto's. 1267c19800e8SDoug Rabson 1268c19800e8SDoug Rabson * kdc/krb5tgs.c: Split tgs_rep2 into tgs_parse_request and 1269c19800e8SDoug Rabson tgs_build_reply. 1270c19800e8SDoug Rabson 1271c19800e8SDoug Rabson * kdc/kerberos5.c: split out krb5 tgs req to make it easier to 1272c19800e8SDoug Rabson reorganize the code. 1273c19800e8SDoug Rabson 1274*ae771770SStanislav Sedov2006-05-29 Love Hörnquist Åstrand <lha@it.su.se> 1275c19800e8SDoug Rabson 1276*ae771770SStanislav Sedov * lib/krb5/krb5_get_init_creds.3: spelling Björn Sandell 1277c19800e8SDoug Rabson 1278*ae771770SStanislav Sedov * lib/krb5/krb5_get_in_cred.3: spelling Björn Sandell 1279c19800e8SDoug Rabson 1280*ae771770SStanislav Sedov2006-05-13 Love Hörnquist Åstrand <lha@it.su.se> 1281c19800e8SDoug Rabson 1282c19800e8SDoug Rabson * kpasswd/kpasswdd.c (change): select the realm based on the 1283c19800e8SDoug Rabson target principal From Gabor Gombas 1284c19800e8SDoug Rabson 1285c19800e8SDoug Rabson * lib/krb5/krb5_get_init_creds.3: Add KRB5_PROMPT_TYPE_INFO 1286c19800e8SDoug Rabson 1287c19800e8SDoug Rabson * lib/krb5/krb5.h: Add KRB5_PROMPT_TYPE_INFO 1288c19800e8SDoug Rabson 1289*ae771770SStanislav Sedov2006-05-12 Love Hörnquist Åstrand <lha@it.su.se> 1290c19800e8SDoug Rabson 1291c19800e8SDoug Rabson * lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed. 1292c19800e8SDoug Rabson Fix a warning. 1293c19800e8SDoug Rabson 1294c19800e8SDoug Rabson * doc/setup.texi: Point to more examples, hint that you have to 1295c19800e8SDoug Rabson use openssl 0.9.8a or later. 1296c19800e8SDoug Rabson 1297c19800e8SDoug Rabson * doc/setup.texi: DIR now handles both PEM and DER. 1298c19800e8SDoug Rabson 1299c19800e8SDoug Rabson * kuser/kinit.c: Pass down prompter and password to 1300c19800e8SDoug Rabson krb5_get_init_creds_opt_set_pkinit. 1301c19800e8SDoug Rabson 1302c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_load_id): only use password if its 1303c19800e8SDoug Rabson longer then 0 1304c19800e8SDoug Rabson 1305c19800e8SDoug Rabson * doc/ack.texi: Add Jason McIntyre. 1306c19800e8SDoug Rabson 1307c19800e8SDoug Rabson * lib/krb5/krb5_acl_match_file.3: Various tweaks, from Jason 1308c19800e8SDoug Rabson McIntyre. 1309c19800e8SDoug Rabson 1310*ae771770SStanislav Sedov2006-05-11 Love Hörnquist Åstrand <lha@it.su.se> 1311c19800e8SDoug Rabson 1312c19800e8SDoug Rabson * kuser/kinit.c: Move parsing of the PK-INIT configuration file to 1313c19800e8SDoug Rabson the library so application doesn't need to deal with it. 1314c19800e8SDoug Rabson 1315c19800e8SDoug Rabson * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit): move 1316c19800e8SDoug Rabson parsing of the configuration file to the library so application 1317c19800e8SDoug Rabson doesn't need to deal with it. 1318c19800e8SDoug Rabson 1319c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_load_id): pass the hx509_lock to 1320c19800e8SDoug Rabson when trying to read the user certificate. 1321c19800e8SDoug Rabson 1322c19800e8SDoug Rabson * lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1 1323c19800e8SDoug Rabson on failure. Pointed out by Douglas E. Engert. 1324c19800e8SDoug Rabson 1325*ae771770SStanislav Sedov2006-05-08 Love Hörnquist Åstrand <lha@it.su.se> 1326c19800e8SDoug Rabson 1327c19800e8SDoug Rabson * lib/krb5/crypto.c: Catches both keyed checkout w/o crypto 1328c19800e8SDoug Rabson context cases and doesn't reset the string, and corrects the 1329c19800e8SDoug Rabson grammar. 1330c19800e8SDoug Rabson 1331c19800e8SDoug Rabson * lib/krb5/crypto.c: Drop aes-cbc, rc2 and CMS padding support, 1332c19800e8SDoug Rabson its all containted in libhcrypto and libhx509 now. 1333c19800e8SDoug Rabson 1334*ae771770SStanislav Sedov2006-05-07 Love Hörnquist Åstrand <lha@it.su.se> 1335c19800e8SDoug Rabson 1336c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use 1337c19800e8SDoug Rabson hx509_get_one_cert. 1338c19800e8SDoug Rabson 1339c19800e8SDoug Rabson * lib/krb5/crypto.c (create_checksum): provide a error message 1340c19800e8SDoug Rabson that a key checksum needs a key. From Andew Bartlett. 1341c19800e8SDoug Rabson 1342*ae771770SStanislav Sedov2006-05-06 Love Hörnquist Åstrand <lha@it.su.se> 1343c19800e8SDoug Rabson 1344c19800e8SDoug Rabson * lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check 1345c19800e8SDoug Rabson for hx509 null DH. 1346c19800e8SDoug Rabson 1347c19800e8SDoug Rabson * kdc/pkinit.c: Don't call DH_check_pubkey, it doesn't exists in 1348c19800e8SDoug Rabson older OpenSSL. 1349c19800e8SDoug Rabson 1350c19800e8SDoug Rabson * doc/heimdal.texi: Add blob about imath. 1351c19800e8SDoug Rabson 1352c19800e8SDoug Rabson * doc/ack.texi: Add blob about imath. 1353c19800e8SDoug Rabson 1354c19800e8SDoug Rabson * include/make_crypto.c: Move up evp.h to please OpenSSL, from 1355c19800e8SDoug Rabson Douglas E. Engert. 1356c19800e8SDoug Rabson 1357c19800e8SDoug Rabson * kcm/acl.c: Multicache kcm interation isn't done yet, let wait 1358c19800e8SDoug Rabson with this enum. 1359c19800e8SDoug Rabson 1360*ae771770SStanislav Sedov2006-05-05 Love Hörnquist Åstrand <lha@it.su.se> 1361c19800e8SDoug Rabson 1362*ae771770SStanislav Sedov * lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Björn 1363c19800e8SDoug Rabson Sandell 1364c19800e8SDoug Rabson 1365*ae771770SStanislav Sedov * lib/krb5/krb5_rcache.3: Spelling/mdoc from Björn Sandell 1366c19800e8SDoug Rabson 1367*ae771770SStanislav Sedov * lib/krb5/krb5_keytab.3: Spelling/mdoc from Björn Sandell 1368c19800e8SDoug Rabson 1369*ae771770SStanislav Sedov * lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Björn Sandell 1370c19800e8SDoug Rabson 1371*ae771770SStanislav Sedov * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Björn 1372c19800e8SDoug Rabson Sandell 1373c19800e8SDoug Rabson 1374*ae771770SStanislav Sedov * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Björn 1375c19800e8SDoug Rabson Sandell 1376c19800e8SDoug Rabson 1377c19800e8SDoug Rabson * lib/krb5/keytab_file.c (fkt_next_entry_int): read the 32 bit 1378c19800e8SDoug Rabson kvno if the reset of the data is longer then 4 bytes in hope to be 1379c19800e8SDoug Rabson forward compatible. Pointed out by Michael B Allen. 1380c19800e8SDoug Rabson 1381c19800e8SDoug Rabson * doc/programming.texi: Add fileformats. 1382c19800e8SDoug Rabson 1383c19800e8SDoug Rabson * appl/test: Rename u_intXX_t to uintXX_t 1384c19800e8SDoug Rabson 1385c19800e8SDoug Rabson * kuser: Rename u_intXX_t to uintXX_t 1386c19800e8SDoug Rabson 1387c19800e8SDoug Rabson * kdc: Rename u_intXX_t to uintXX_t 1388c19800e8SDoug Rabson 1389c19800e8SDoug Rabson * lib/hdb: Rename u_intXX_t to uintXX_t 1390c19800e8SDoug Rabson 1391c19800e8SDoug Rabson * lib/45]: Rename u_intXX_t to uintXX_t 1392c19800e8SDoug Rabson 1393c19800e8SDoug Rabson * lib/krb5: Rename u_intXX_t to uintXX_t 1394c19800e8SDoug Rabson 1395c19800e8SDoug Rabson * lib/krb5/Makefile.am: Add test_store to TESTS 1396c19800e8SDoug Rabson 1397c19800e8SDoug Rabson * lib/krb5/pkinit.c: Catch using hx509 null DH and print a more 1398c19800e8SDoug Rabson useful error message. 1399c19800e8SDoug Rabson 1400c19800e8SDoug Rabson * lib/krb5/store.c: Rewrite the krb5_ret_u as proposed by Johan. 1401c19800e8SDoug Rabson 1402*ae771770SStanislav Sedov2006-05-04 Love Hörnquist Åstrand <lha@it.su.se> 1403c19800e8SDoug Rabson 1404c19800e8SDoug Rabson * kdc/kerberos4.c: Use the new unsigned integer storage types. 1405c19800e8SDoug Rabson 1406c19800e8SDoug Rabson * kdc/kaserver.c: Use the new unsigned integer storage 1407c19800e8SDoug Rabson types. Sprinkle some error handling. 1408c19800e8SDoug Rabson 1409c19800e8SDoug Rabson * lib/krb5/krb5_storage.3: Document ret and store function for the 1410c19800e8SDoug Rabson unsigned fixed size integer types. 1411c19800e8SDoug Rabson 1412c19800e8SDoug Rabson * lib/krb5/v4_glue.c: Use the new unsigned integer storage 1413c19800e8SDoug Rabson types. Fail that the address doesn't match, not the reverse. 1414c19800e8SDoug Rabson 1415c19800e8SDoug Rabson * lib/krb5/store.c: Add ret and store function for the unsigned 1416c19800e8SDoug Rabson fixed size integer types. 1417c19800e8SDoug Rabson 1418c19800e8SDoug Rabson * lib/krb5/test_store.c: Test the integer storage types. 1419c19800e8SDoug Rabson 1420*ae771770SStanislav Sedov2006-05-03 Love Hörnquist Åstrand <lha@it.su.se> 1421c19800e8SDoug Rabson 1422c19800e8SDoug Rabson * lib/krb5/store.c (krb5_store_principal): make it take a 1423c19800e8SDoug Rabson krb5_const_principal, indent 1424c19800e8SDoug Rabson 1425c19800e8SDoug Rabson * lib/krb5/krb5_storage.3: krb5_store_principal takes a 1426c19800e8SDoug Rabson krb5_const_principal 1427c19800e8SDoug Rabson 1428c19800e8SDoug Rabson * lib/krb5/pkinit.c: Deal with that hx509_prompt.reply is no 1429c19800e8SDoug Rabson longer a pointer. 1430c19800e8SDoug Rabson 1431c19800e8SDoug Rabson * kdc/kdc.h (krb5_kdc_configuration): add pkinit_kdc_ocsp_file 1432c19800e8SDoug Rabson 1433c19800e8SDoug Rabson * kdc/config.c: read [kdc]pki-kdc-ocsp 1434c19800e8SDoug Rabson 1435*ae771770SStanislav Sedov2006-05-02 Love Hörnquist Åstrand <lha@it.su.se> 1436c19800e8SDoug Rabson 1437c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_pk_mk_pa_reply): send back ocsp response if 1438c19800e8SDoug Rabson it seems to be valid, simplfy the pkinit-windows DH case (it 1439c19800e8SDoug Rabson doesn't exists). 1440c19800e8SDoug Rabson 1441*ae771770SStanislav Sedov2006-05-01 Love Hörnquist Åstrand <lha@it.su.se> 1442c19800e8SDoug Rabson 1443*ae771770SStanislav Sedov * lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Björn Sandell. 1444c19800e8SDoug Rabson 1445*ae771770SStanislav Sedov * lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Björn 1446c19800e8SDoug Rabson Sandell. 1447c19800e8SDoug Rabson 1448c19800e8SDoug Rabson * lib/krb5/krb5_verify_init_creds.3: Spelling/mdoc changes, from 1449*ae771770SStanislav Sedov Björn Sandell. 1450c19800e8SDoug Rabson 1451*ae771770SStanislav Sedov * lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Björn 1452c19800e8SDoug Rabson Sandell. 1453c19800e8SDoug Rabson 1454*ae771770SStanislav Sedov * lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Björn 1455c19800e8SDoug Rabson Sandell. 1456c19800e8SDoug Rabson 1457*ae771770SStanislav Sedov * lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Björn 1458c19800e8SDoug Rabson Sandell. 1459c19800e8SDoug Rabson 1460*ae771770SStanislav Sedov * lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Björn 1461c19800e8SDoug Rabson Sandell. 1462c19800e8SDoug Rabson 1463*ae771770SStanislav Sedov * lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Björn 1464c19800e8SDoug Rabson Sandell. 1465c19800e8SDoug Rabson 1466*ae771770SStanislav Sedov * lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Björn 1467c19800e8SDoug Rabson Sandell. 1468c19800e8SDoug Rabson 1469*ae771770SStanislav Sedov * lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Björn 1470c19800e8SDoug Rabson Sandell. 1471c19800e8SDoug Rabson 1472*ae771770SStanislav Sedov * lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Björn 1473c19800e8SDoug Rabson Sandell. 1474c19800e8SDoug Rabson 1475c19800e8SDoug Rabson * lib/krb5/krb5_is_thread_safe.3: Spelling/mdoc changes, from 1476*ae771770SStanislav Sedov Björn Sandell. 1477c19800e8SDoug Rabson 1478c19800e8SDoug Rabson * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, 1479*ae771770SStanislav Sedov from Björn Sandell. 1480c19800e8SDoug Rabson 1481c19800e8SDoug Rabson * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, 1482*ae771770SStanislav Sedov from Björn Sandell. 1483c19800e8SDoug Rabson 1484c19800e8SDoug Rabson * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc changes, from 1485*ae771770SStanislav Sedov Björn Sandell. 1486c19800e8SDoug Rabson 1487c19800e8SDoug Rabson * lib/krb5/krb5_check_transited.3: Spelling/mdoc changes, from 1488*ae771770SStanislav Sedov Björn Sandell. 1489c19800e8SDoug Rabson 1490c19800e8SDoug Rabson * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc changes, from 1491*ae771770SStanislav Sedov Björn Sandell. 1492c19800e8SDoug Rabson 1493c19800e8SDoug Rabson * lib/krb5/krb5_address.3: Spelling/mdoc changes, from 1494*ae771770SStanislav Sedov Björn Sandell. 1495c19800e8SDoug Rabson 1496c19800e8SDoug Rabson * lib/krb5/krb5_acl_match_file.3: Spelling/mdoc changes, from 1497*ae771770SStanislav Sedov Björn Sandell. 1498c19800e8SDoug Rabson 1499*ae771770SStanislav Sedov * lib/krb5/krb5.3: Spelling, from Björn Sandell. 1500c19800e8SDoug Rabson 1501*ae771770SStanislav Sedov * doc/ack.texi: add Björn 1502c19800e8SDoug Rabson 1503*ae771770SStanislav Sedov2006-04-30 Love Hörnquist Åstrand <lha@it.su.se> 1504c19800e8SDoug Rabson 1505c19800e8SDoug Rabson * lib/krb5/pkinit.c (cert2epi): don't include subject if its null 1506c19800e8SDoug Rabson 1507*ae771770SStanislav Sedov2006-04-29 Love Hörnquist Åstrand <lha@it.su.se> 1508c19800e8SDoug Rabson 1509c19800e8SDoug Rabson * lib/krb5/pkinit.c: Send over what trust anchors the client have 1510c19800e8SDoug Rabson configured. 1511c19800e8SDoug Rabson 1512c19800e8SDoug Rabson * lib/krb5/pkinit.c (pk_verify_host): set better error string, 1513c19800e8SDoug Rabson only check kdc name/address when we got a hostname/address passed 1514c19800e8SDoug Rabson in the the function. 1515c19800e8SDoug Rabson 1516c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_pk_check_client): reorganize and make log 1517c19800e8SDoug Rabson when a SAN matches. 1518c19800e8SDoug Rabson 1519*ae771770SStanislav Sedov2006-04-28 Love Hörnquist Åstrand <lha@it.su.se> 1520c19800e8SDoug Rabson 1521c19800e8SDoug Rabson * doc/setup.texi: More options and some text about windows 1522c19800e8SDoug Rabson clients, certificate and KDCs. 1523c19800e8SDoug Rabson 1524c19800e8SDoug Rabson * doc/setup.texi: notice about pki-mappings file space sensitive 1525c19800e8SDoug Rabson 1526c19800e8SDoug Rabson * doc/setup.texi: Example pki-mapping file. 1527c19800e8SDoug Rabson 1528c19800e8SDoug Rabson * lib/krb5/pkinit.c (pk_verify_host): verify hostname/address 1529c19800e8SDoug Rabson 1530c19800e8SDoug Rabson * lib/hdb/hdb.h: Bump hdb interface version to 4. 1531c19800e8SDoug Rabson 1532*ae771770SStanislav Sedov2006-04-27 Love Hörnquist Åstrand <lha@it.su.se> 1533c19800e8SDoug Rabson 1534c19800e8SDoug Rabson * kuser/kdestroy.1: Document --credential=principal. 1535c19800e8SDoug Rabson 1536c19800e8SDoug Rabson * kdc/kerberos5.c (tgs_rep2): check that the client exists in the 1537c19800e8SDoug Rabson kerberos database if its local request. 1538c19800e8SDoug Rabson 1539c19800e8SDoug Rabson * kdc/{misc.c,524.c,kaserver.c,kerberos5.c}: pass down HDB_F_GET_ 1540c19800e8SDoug Rabson flags as appropriate 1541c19800e8SDoug Rabson 1542c19800e8SDoug Rabson * kdc/kerberos4.c (_kdc_db_fetch4): pass down flags though 1543c19800e8SDoug Rabson krb5_425_conv_principal_ext2 1544c19800e8SDoug Rabson 1545c19800e8SDoug Rabson * kdc/misc.c (_kdc_db_fetch): Break out the that we request from 1546c19800e8SDoug Rabson principal from the entry and pass it in as a seprate argument. 1547c19800e8SDoug Rabson 1548c19800e8SDoug Rabson * lib/hdb/keytab.c (hdb_get_entry): Break out the that we request 1549c19800e8SDoug Rabson from principal from the entry and pass it in as a seprate 1550c19800e8SDoug Rabson argument. 1551c19800e8SDoug Rabson 1552c19800e8SDoug Rabson * lib/hdb/common.c: Break out the that we request from principal 1553c19800e8SDoug Rabson from the entry and pass it in as a seprate argument. 1554c19800e8SDoug Rabson 1555c19800e8SDoug Rabson * lib/hdb/hdb.h: Break out the that we request from principal from 1556c19800e8SDoug Rabson the entry and pass it in as a seprate argument. Add more flags to 1557c19800e8SDoug Rabson ->hdb_get(). Re-indent. 1558c19800e8SDoug Rabson 1559*ae771770SStanislav Sedov2006-04-26 Love Hörnquist Åstrand <lha@it.su.se> 1560c19800e8SDoug Rabson 1561c19800e8SDoug Rabson * doc/setup.texi: document pki-allow-proxy-certificate 1562c19800e8SDoug Rabson 1563c19800e8SDoug Rabson * kdc/pkinit.c: Add option [kdc]pki-allow-proxy-certificate=bool 1564c19800e8SDoug Rabson to allow using proxy certificate. 1565c19800e8SDoug Rabson 1566c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_allow_proxy_certificates): expose 1567c19800e8SDoug Rabson hx509_verify_set_proxy_certificate 1568c19800e8SDoug Rabson 1569c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_pk_check_client): Use 1570c19800e8SDoug Rabson hx509_cert_get_base_subject to get subject name of the 1571c19800e8SDoug Rabson certificate, needed for proxy certificates. 1572c19800e8SDoug Rabson 1573c19800e8SDoug Rabson * kdc/kerberos5.c: Now that find_keys speaks for it self, remove 1574c19800e8SDoug Rabson extra logging. 1575c19800e8SDoug Rabson 1576c19800e8SDoug Rabson * kdc/kerberos5.c (find_keys): add client_name and server_name 1577c19800e8SDoug Rabson argument and use them, and adapt callers. 1578c19800e8SDoug Rabson 1579*ae771770SStanislav Sedov2006-04-25 Love Hörnquist Åstrand <lha@it.su.se> 1580c19800e8SDoug Rabson 1581c19800e8SDoug Rabson * kuser/kinit.1: document option password-file 1582c19800e8SDoug Rabson 1583c19800e8SDoug Rabson * kuser/kinit.c: Add option password-file, read password from the 1584c19800e8SDoug Rabson first line of a file. 1585c19800e8SDoug Rabson 1586c19800e8SDoug Rabson * configure.in: make tests/kdc/Makefile 1587c19800e8SDoug Rabson 1588c19800e8SDoug Rabson * kdc/kerberos5.c: Catch the case where the client sends no 1589c19800e8SDoug Rabson encryption types or no pa-types. 1590c19800e8SDoug Rabson 1591c19800e8SDoug Rabson * lib/hdb/ext.c (hdb_replace_extension): set error message on 1592c19800e8SDoug Rabson failure, not success. 1593c19800e8SDoug Rabson 1594c19800e8SDoug Rabson * lib/hdb/keys.c (parse_key_set): handle error case better 1595c19800e8SDoug Rabson (hdb_generate_key_set): return better error 1596c19800e8SDoug Rabson 1597*ae771770SStanislav Sedov2006-04-24 Love Hörnquist Åstrand <lha@it.su.se> 1598c19800e8SDoug Rabson 1599c19800e8SDoug Rabson * lib/hdb/hdb.c (hdb_create): print out what we don't support 1600c19800e8SDoug Rabson 1601c19800e8SDoug Rabson * lib/krb5/principal.c: Remove a double free introduced in 1.93 1602c19800e8SDoug Rabson 1603c19800e8SDoug Rabson * lib/krb5/log.c (log_file): reset pointer to freed memory 1604c19800e8SDoug Rabson 1605c19800e8SDoug Rabson * lib/krb5/keytab_keyfile.c (get_cell_and_realm): reset d->cell to 1606c19800e8SDoug Rabson make sure its not refereced 1607c19800e8SDoug Rabson 1608c19800e8SDoug Rabson * tools/krb5-config.in: libhcrypto might depend on libasn1, switch 1609c19800e8SDoug Rabson order 1610c19800e8SDoug Rabson 1611c19800e8SDoug Rabson * lib/krb5/recvauth.c: indent 1612c19800e8SDoug Rabson 1613c19800e8SDoug Rabson * doc/heimdal.texi: Add Setting up PK-INIT to Detailed Node 1614c19800e8SDoug Rabson Listing. 1615c19800e8SDoug Rabson 1616c19800e8SDoug Rabson * lib/krb5/pkinit.c: Pass down realm to pk_verify_host so the 1617c19800e8SDoug Rabson function can verify the certificate is from the right realm. 1618c19800e8SDoug Rabson 1619c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c: Pass down realm to 1620c19800e8SDoug Rabson _krb5_pk_rd_pa_reply 1621c19800e8SDoug Rabson 1622*ae771770SStanislav Sedov2006-04-23 Love Hörnquist Åstrand <lha@it.su.se> 1623c19800e8SDoug Rabson 1624c19800e8SDoug Rabson * lib/krb5/pkinit.c (pk_verify_host): Add begining of finding 1625c19800e8SDoug Rabson subjectAltName_otherName pk-init-san and verifing it. 1626c19800e8SDoug Rabson 1627c19800e8SDoug Rabson * lib/krb5/sendauth.c: reindent 1628c19800e8SDoug Rabson 1629c19800e8SDoug Rabson * doc/Makefile.am: use --no-split to make one large file, mostly 1630c19800e8SDoug Rabson for html 1631c19800e8SDoug Rabson 1632c19800e8SDoug Rabson * doc/setup.texi: "document" pkinit_require_eku and 1633c19800e8SDoug Rabson pkinit_require_krbtgt_otherName 1634c19800e8SDoug Rabson 1635c19800e8SDoug Rabson * lib/krb5/pkinit.c: Add pkinit_require_eku and 1636c19800e8SDoug Rabson pkinit_require_krbtgt_otherName 1637c19800e8SDoug Rabson 1638c19800e8SDoug Rabson * doc/setup.texi: Add text about pk-init 1639c19800e8SDoug Rabson 1640c19800e8SDoug Rabson * tools/kdc-log-analyze.pl: count v5 cross realms too 1641c19800e8SDoug Rabson 1642*ae771770SStanislav Sedov2006-04-22 Love Hörnquist Åstrand <lha@it.su.se> 1643c19800e8SDoug Rabson 1644c19800e8SDoug Rabson * kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1. 1645c19800e8SDoug Rabson 1646c19800e8SDoug Rabson * lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1. 1647c19800e8SDoug Rabson 1648*ae771770SStanislav Sedov2006-04-20 Love Hörnquist Åstrand <lha@it.su.se> 1649c19800e8SDoug Rabson 1650c19800e8SDoug Rabson * kdc/pkinit.c (_kdc_pk_rd_padata): use 1651c19800e8SDoug Rabson hx509_cms_unwrap_ContentInfo. 1652c19800e8SDoug Rabson 1653c19800e8SDoug Rabson * kdc/config.c: unbreak 1654c19800e8SDoug Rabson 1655c19800e8SDoug Rabson * lib/krb5/pkinit.c: Handle diffrences between libhcrypto and 1656c19800e8SDoug Rabson libcrypto. 1657c19800e8SDoug Rabson 1658c19800e8SDoug Rabson * kdc/config.c: Rename pki-chain to pki-pool to match rest of 1659c19800e8SDoug Rabson code. 1660c19800e8SDoug Rabson 1661*ae771770SStanislav Sedov2006-04-12 Love Hörnquist Åstrand <lha@it.su.se> 1662c19800e8SDoug Rabson 1663c19800e8SDoug Rabson * lib/krb5/rd_priv.c: Fix argument to krb5_data_zero. 1664c19800e8SDoug Rabson 1665c19800e8SDoug Rabson * kdc/config.c: Added certificate revoke information from 1666c19800e8SDoug Rabson configuration file. 1667c19800e8SDoug Rabson 1668c19800e8SDoug Rabson * kdc/pkinit.c: Added certificate revoke information. 1669c19800e8SDoug Rabson 1670c19800e8SDoug Rabson * kuser/kinit.c: Added certificate revoke information from 1671c19800e8SDoug Rabson configuration file. 1672c19800e8SDoug Rabson 1673c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke 1674c19800e8SDoug Rabson information, ie CRL's 1675c19800e8SDoug Rabson 1676*ae771770SStanislav Sedov2006-04-10 Love Hörnquist Åstrand <lha@it.su.se> 1677c19800e8SDoug Rabson 1678c19800e8SDoug Rabson * lib/krb5/replay.c (krb5_rc_resolve_full): make compile again. 1679c19800e8SDoug Rabson 1680c19800e8SDoug Rabson * lib/krb5/keytab_krb4.c (krb4_kt_start_seq_get_int): make compile 1681c19800e8SDoug Rabson again. 1682c19800e8SDoug Rabson 1683c19800e8SDoug Rabson * lib/krb5/transited.c (make_path): make sure we return allocated 1684c19800e8SDoug Rabson memory Coverity, NetBSD CID#1892 1685c19800e8SDoug Rabson 1686c19800e8SDoug Rabson * lib/krb5/transited.c (make_path): make sure we return allocated 1687c19800e8SDoug Rabson memory Coverity, NetBSD CID#1892 1688c19800e8SDoug Rabson 1689c19800e8SDoug Rabson * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): on 1690c19800e8SDoug Rabson protocol failure, avoid leaking memory Coverity, NetBSD CID#1900 1691c19800e8SDoug Rabson 1692c19800e8SDoug Rabson * lib/krb5/principal.c (krb5_parse_name): remember to free realm 1693c19800e8SDoug Rabson in case of error Coverity, NetBSD CID#1883 1694c19800e8SDoug Rabson 1695c19800e8SDoug Rabson * lib/krb5/principal.c (krb5_425_conv_principal_ext2): remove 1696c19800e8SDoug Rabson memory leak in case of weird formated dns replys. 1697c19800e8SDoug Rabson Coverity, NetBSD CID#1885 1698c19800e8SDoug Rabson 1699c19800e8SDoug Rabson * lib/krb5/replay.c (krb5_rc_resolve_full): don't return pointer 1700c19800e8SDoug Rabson to a allocated krb5_rcache in case of error. 1701c19800e8SDoug Rabson 1702c19800e8SDoug Rabson * lib/krb5/log.c (krb5_addlog_dest): free fn in case of error 1703c19800e8SDoug Rabson Coverity, NetBSD CID#1882 1704c19800e8SDoug Rabson 1705c19800e8SDoug Rabson * lib/krb5/keytab_krb4.c: Fix deref before NULL check, fix error 1706c19800e8SDoug Rabson handling. Coverity, NetBSD CID#2369 1707c19800e8SDoug Rabson 1708c19800e8SDoug Rabson * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): 1709c19800e8SDoug Rabson in_creds->client should always be set, assume so. 1710c19800e8SDoug Rabson 1711c19800e8SDoug Rabson * lib/krb5/keytab_any.c (any_next_entry): restructure to make it 1712c19800e8SDoug Rabson easier to read Fixes Coverity, NetBSD CID#625 1713c19800e8SDoug Rabson 1714c19800e8SDoug Rabson * lib/krb5/crypto.c (krb5_string_to_key_derived): deref after NULL 1715c19800e8SDoug Rabson check. Coverity NetBSD CID#2367 1716c19800e8SDoug Rabson 1717c19800e8SDoug Rabson * lib/krb5/build_auth.c (krb5_build_authenticator): use 1718c19800e8SDoug Rabson calloc. removed check that was never really used. Coverity NetBSD 1719c19800e8SDoug Rabson CID#2370 1720c19800e8SDoug Rabson 1721*ae771770SStanislav Sedov2006-04-09 Love Hörnquist Åstrand <lha@it.su.se> 1722c19800e8SDoug Rabson 1723*ae771770SStanislav Sedov * lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket´ 1724c19800e8SDoug Rabson points to NULL in case of error, add error handling, use calloc. 1725c19800e8SDoug Rabson 1726c19800e8SDoug Rabson * kpasswd/kpasswdd.c (doit): when done, close all fd in the 1727c19800e8SDoug Rabson sockets array and free it. Coverity NetBSD CID#1916 1728c19800e8SDoug Rabson 1729*ae771770SStanislav Sedov2006-04-08 Love Hörnquist Åstrand <lha@it.su.se> 1730c19800e8SDoug Rabson 1731c19800e8SDoug Rabson * lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity, 1732c19800e8SDoug Rabson NetBSD CID#1695 1733c19800e8SDoug Rabson 1734c19800e8SDoug Rabson * kdc/524.c (_kdc_do_524): Handle memory allocation failure 1735c19800e8SDoug Rabson Coverity, NetBSD CID#2752 1736c19800e8SDoug Rabson 1737*ae771770SStanislav Sedov2006-04-07 Love Hörnquist Åstrand <lha@it.su.se> 1738c19800e8SDoug Rabson 1739c19800e8SDoug Rabson * lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory 1740c19800e8SDoug Rabson leak Coverity NetBSD CID#1890 1741c19800e8SDoug Rabson 1742c19800e8SDoug Rabson * kdc/hprop.c (main): make sure type doesn't need to be set 1743c19800e8SDoug Rabson 1744c19800e8SDoug Rabson * kdc/mit_dump.c (mit_prop_dump): close fd when done processing 1745c19800e8SDoug Rabson Coverity NetBSD CID#1955 1746c19800e8SDoug Rabson 1747c19800e8SDoug Rabson * kdc/string2key.c (tokey): catch warnings, free memory after use. 1748c19800e8SDoug Rabson Based on Coverity NetBSD CID#1894 1749c19800e8SDoug Rabson 1750c19800e8SDoug Rabson * kdc/hprop.c (main): remove dead code. Coverity NetBSD CID#633 1751c19800e8SDoug Rabson 1752*ae771770SStanislav Sedov2006-04-04 Love Hörnquist Åstrand <lha@it.su.se> 1753c19800e8SDoug Rabson 1754c19800e8SDoug Rabson * kpasswd/kpasswd-generator.c (read_words): catch empty file case, 1755c19800e8SDoug Rabson will cause PBE (division by zero) later. From Tobias Stoeckmann. 1756c19800e8SDoug Rabson 1757*ae771770SStanislav Sedov2006-04-02 Love Hörnquist Åstrand <lha@it.su.se> 1758c19800e8SDoug Rabson 1759c19800e8SDoug Rabson * lib/hdb/keytab.c: Remove a delta from last revision that should 1760c19800e8SDoug Rabson have gone in later. 1761c19800e8SDoug Rabson 1762c19800e8SDoug Rabson * lib/krb5/krbhst.c: fix spelling 1763c19800e8SDoug Rabson 1764c19800e8SDoug Rabson * lib/krb5/send_to_kdc.c (send_and_recv_http): don't expose freed 1765c19800e8SDoug Rabson pointer, found by IBM checker. 1766c19800e8SDoug Rabson 1767c19800e8SDoug Rabson * lib/krb5/rd_cred.c (krb5_rd_cred): don't expose freed pointer, 1768c19800e8SDoug Rabson found by IBM checker. 1769c19800e8SDoug Rabson 1770c19800e8SDoug Rabson * lib/krb5/addr_families.c (krb5_make_addrport): clear return 1771c19800e8SDoug Rabson value on error, found by IBM checker. 1772c19800e8SDoug Rabson 1773c19800e8SDoug Rabson * kdc/kerberos5.c (check_addresses): treat netbios as no addresses 1774c19800e8SDoug Rabson 1775c19800e8SDoug Rabson * kdc/{kerberos4,kaserver}.c: _kdc_check_flags takes hdb_entry_ex 1776c19800e8SDoug Rabson 1777c19800e8SDoug Rabson * kdc/kerberos5.c (_kdc_check_flags): make it take hdb_entry_ex to 1778c19800e8SDoug Rabson avoid ?:'s at callers 1779c19800e8SDoug Rabson 1780c19800e8SDoug Rabson * lib/krb5/v4_glue.c: Avoid using free memory, found by IBM 1781c19800e8SDoug Rabson checker. 1782c19800e8SDoug Rabson 1783c19800e8SDoug Rabson * lib/krb5/transited.c (expand_realm): avoid passing NULL to 1784c19800e8SDoug Rabson strlen, found by IBM checker. 1785c19800e8SDoug Rabson 1786c19800e8SDoug Rabson * lib/krb5/rd_cred.c (krb5_rd_cred): avoid a memory leak on malloc 1787c19800e8SDoug Rabson failure, found by IBM checker. 1788c19800e8SDoug Rabson 1789c19800e8SDoug Rabson * lib/krb5/krbhst.c (_krb5_krbhost_info_move): replace a strcpy 1790c19800e8SDoug Rabson with a memcpy 1791c19800e8SDoug Rabson 1792c19800e8SDoug Rabson * lib/krb5/keytab_keyfile.c (get_cell_and_realm): plug a memory 1793c19800e8SDoug Rabson leak, found by IBM checker. 1794c19800e8SDoug Rabson 1795c19800e8SDoug Rabson * lib/krb5/keytab_file.c (fkt_next_entry_int): remove a 1796c19800e8SDoug Rabson dereferencing NULL pointer, found by IBM checker. 1797c19800e8SDoug Rabson 1798c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (init_creds_init_as_req): in AS-REQ the 1799c19800e8SDoug Rabson cname must always be given, don't avoid that fact and remove a 1800c19800e8SDoug Rabson cname == NULL case. Plugs a memory leak found by IBM checker. 1801c19800e8SDoug Rabson 1802c19800e8SDoug Rabson * lib/krb5/init_creds_pw.c (default_s2k_func): avoid exposing 1803c19800e8SDoug Rabson free-ed memory on error. Found by IBM checker. 1804c19800e8SDoug Rabson 1805c19800e8SDoug Rabson * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): use 1806c19800e8SDoug Rabson calloc to avoid uninitialized memory problem. 1807c19800e8SDoug Rabson 1808c19800e8SDoug Rabson * lib/krb5/data.c (krb5_copy_data): avoid exposing free-ed memory 1809c19800e8SDoug Rabson on error. Found by IBM checker. 1810c19800e8SDoug Rabson 1811c19800e8SDoug Rabson * lib/krb5/fcache.c (fcc_gen_new): fix a use after free, found by 1812c19800e8SDoug Rabson IBM checker. 1813c19800e8SDoug Rabson 1814c19800e8SDoug Rabson * lib/krb5/config_file.c (krb5_config_vget_strings): IBM checker 1815c19800e8SDoug Rabson thought it found a memory leak, it didn't, but there was another 1816c19800e8SDoug Rabson error in the code, lets fix that instead. 1817c19800e8SDoug Rabson 1818c19800e8SDoug Rabson * lib/krb5/cache.c (_krb5_expand_default_cc_name): plug memory 1819c19800e8SDoug Rabson leak. Found by IBM checker. 1820c19800e8SDoug Rabson 1821c19800e8SDoug Rabson * lib/krb5/cache.c (_krb5_expand_default_cc_name): avoid return 1822c19800e8SDoug Rabson pointer to freed memory in the error case. Found by IBM checker. 1823c19800e8SDoug Rabson 1824c19800e8SDoug Rabson * lib/hdb/keytab.c (hdb_resolve): off by one, found by IBM 1825c19800e8SDoug Rabson checker. 1826c19800e8SDoug Rabson 1827c19800e8SDoug Rabson * lib/hdb/keys.c (hdb_generate_key_set): set ret_key_set before 1828c19800e8SDoug Rabson going into the error clause and freeing key_set. Found by IBM 1829c19800e8SDoug Rabson checker. Make sure ret == 0 after of parse error, we catch the 1830c19800e8SDoug Rabson "no entries parsed" case later. 1831c19800e8SDoug Rabson 1832c19800e8SDoug Rabson * lib/krb5/log.c (krb5_addlog_dest): make string length match 1833c19800e8SDoug Rabson strings in strcasecmp. Found by IBM checker. 1834c19800e8SDoug Rabson 1835*ae771770SStanislav Sedov2006-03-30 Love Hörnquist Åstrand <lha@it.su.se> 1836c19800e8SDoug Rabson 1837c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set 1838c19800e8SDoug Rabson variable_name as "hdb_entry_ex" 1839c19800e8SDoug Rabson (hdb_ldap_common): change "arg" in condition (if) to "search_base" 1840c19800e8SDoug Rabson (hdb_ldapi_create): change "serach_base" to "search_base" From 1841c19800e8SDoug Rabson Alex V. Labuta. 1842c19800e8SDoug Rabson 1843c19800e8SDoug Rabson * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit); fix 1844c19800e8SDoug Rabson prototype 1845c19800e8SDoug Rabson 1846c19800e8SDoug Rabson * kuser/kinit.c: Add pool of certificates to help certificate path 1847c19800e8SDoug Rabson building for clients sending incomplete path in the signedData. 1848c19800e8SDoug Rabson 1849*ae771770SStanislav Sedov2006-03-28 Love Hörnquist Åstrand <lha@it.su.se> 1850c19800e8SDoug Rabson 1851c19800e8SDoug Rabson * kdc/pkinit.c: Add pool of certificates to help certificate path 1852c19800e8SDoug Rabson building for clients sending incomplete path in the signedData. 1853c19800e8SDoug Rabson 1854c19800e8SDoug Rabson * lib/krb5/pkinit.c: Add pool of certificates to help certificate 1855c19800e8SDoug Rabson path building for clients sending incomplete path in the 1856c19800e8SDoug Rabson signedData. 1857c19800e8SDoug Rabson 1858*ae771770SStanislav Sedov2006-03-27 Love Hörnquist Åstrand <lha@it.su.se> 1859c19800e8SDoug Rabson 1860c19800e8SDoug Rabson * kdc/config.c: Allow passing in related certificates used to 1861c19800e8SDoug Rabson build the chain. 1862c19800e8SDoug Rabson 1863c19800e8SDoug Rabson * kdc/pkinit.c: Allow passing in related certificates used to 1864c19800e8SDoug Rabson build the chain. 1865c19800e8SDoug Rabson 1866c19800e8SDoug Rabson * kdc/kerberos5.c (log_patype): Add case for 1867c19800e8SDoug Rabson KRB5_PADATA_PA_PK_OCSP_RESPONSE. 1868c19800e8SDoug Rabson 1869c19800e8SDoug Rabson * tools/Makefile.am: Spelling 1870c19800e8SDoug Rabson 1871c19800e8SDoug Rabson * tools/krb5-config.in: Add hx509 when using PK-INIT. 1872c19800e8SDoug Rabson 1873c19800e8SDoug Rabson * tools/Makefile.am: Add hx509 when using PK-INIT. 1874c19800e8SDoug Rabson 1875*ae771770SStanislav Sedov2006-03-26 Love Hörnquist Åstrand <lha@it.su.se> 1876c19800e8SDoug Rabson 1877c19800e8SDoug Rabson * lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS 1878c19800e8SDoug Rabson X Kerberos.app problems. 1879c19800e8SDoug Rabson 1880c19800e8SDoug Rabson * lib/krb5/krb5_ccapi.h: Add ticket flags definitions 1881c19800e8SDoug Rabson 1882c19800e8SDoug Rabson * lib/krb5/pkinit.c: Use less openssl, spell chelling. 1883c19800e8SDoug Rabson 1884c19800e8SDoug Rabson * kdc/pkinit.c (pk_mk_pa_reply_dh): encode the DH public key with 1885c19800e8SDoug Rabson asn1 wrapping 1886c19800e8SDoug Rabson 1887c19800e8SDoug Rabson * configure.in (AC_CONFIG_FILES): add lib/hx509/Makefile 1888c19800e8SDoug Rabson 1889c19800e8SDoug Rabson * lib/Makefile.am: Add hx509. 1890c19800e8SDoug Rabson 1891c19800e8SDoug Rabson * lib/krb5/Makefile.am: Add libhx509.la when PKINIT is used. 1892c19800e8SDoug Rabson 1893c19800e8SDoug Rabson * configure.in: define automake PKINIT variable 1894c19800e8SDoug Rabson 1895c19800e8SDoug Rabson * kdc/pkinit.c: Switch to hx509. 1896c19800e8SDoug Rabson 1897c19800e8SDoug Rabson * lib/krb5/pkinit.c: Switch to hx509. 1898c19800e8SDoug Rabson 1899*ae771770SStanislav Sedov2006-03-24 Love Hörnquist Åstrand <lha@it.su.se> 1900c19800e8SDoug Rabson 1901c19800e8SDoug Rabson * kdc/kerberos5.c (log_patypes): log the patypes requested by the 1902c19800e8SDoug Rabson client 1903c19800e8SDoug Rabson 1904*ae771770SStanislav Sedov2006-03-23 Love Hörnquist Åstrand <lha@it.su.se> 1905c19800e8SDoug Rabson 1906c19800e8SDoug Rabson * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the 1907c19800e8SDoug Rabson req_buffer in the w2k case too. From Douglas E. Engert. 1908c19800e8SDoug Rabson 1909*ae771770SStanislav Sedov2006-03-19 Love Hörnquist Åstrand <lha@it.su.se> 1910c19800e8SDoug Rabson 1911c19800e8SDoug Rabson * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto 1912c19800e8SDoug Rabson error handling. Fixes Coverity NetBSD CID 2591 by catching a 1913c19800e8SDoug Rabson failing krb5_copy_keyblock() 1914c19800e8SDoug Rabson 1915*ae771770SStanislav Sedov2006-03-17 Love Hörnquist Åstrand <lha@it.su.se> 1916c19800e8SDoug Rabson 1917c19800e8SDoug Rabson * lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in 1918c19800e8SDoug Rabson address when free-ing. Fixes Coverity NetBSD bug #2605 1919c19800e8SDoug Rabson (krb5_parse_address): reset val,len before possibly return errors 1920c19800e8SDoug Rabson Fixes Coverity NetBSD bug #2605 1921c19800e8SDoug Rabson 1922*ae771770SStanislav Sedov2006-03-07 Love Hörnquist Åstrand <lha@it.su.se> 1923c19800e8SDoug Rabson 1924c19800e8SDoug Rabson * lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but 1925c19800e8SDoug Rabson make sure nbytes > 0 1926c19800e8SDoug Rabson 1927c19800e8SDoug Rabson * lib/krb5/get_for_creds.c (add_addrs): handle the case where 1928c19800e8SDoug Rabson addr->len == 0 and n == 0, then realloc might return NULL. 1929c19800e8SDoug Rabson 1930c19800e8SDoug Rabson * lib/krb5/crypto.c (decrypt_*): handle the case where the 1931c19800e8SDoug Rabson plaintext is 0 bytes long, realloc might then return NULL. 1932c19800e8SDoug Rabson 1933*ae771770SStanislav Sedov2006-02-28 Love Hörnquist Åstrand <lha@it.su.se> 1934c19800e8SDoug Rabson 1935c19800e8SDoug Rabson * lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived. 1936c19800e8SDoug Rabson 1937c19800e8SDoug Rabson * lib/krb5/krb5.3: Remove krb5_string_to_key_derived. 1938c19800e8SDoug Rabson 1939c19800e8SDoug Rabson * lib/krb5/crypto.c (AES_string_to_key): drop _krb5_PKCS5_PBKDF2 1940c19800e8SDoug Rabson and use PKCS5_PBKDF2_HMAC_SHA1 instead. 1941c19800e8SDoug Rabson 1942c19800e8SDoug Rabson * lib/krb5/aes-test.c: reformat, avoid free-ing un-init'd memory 1943c19800e8SDoug Rabson 1944c19800e8SDoug Rabson * lib/krb5/aes-test.c: Only use PKCS5_PBKDF2_HMAC_SHA1. 1945c19800e8SDoug Rabson 1946c19800e8SDoug Rabson2006-02-27 Johan Danielsson <joda@pdc.kth.se> 1947c19800e8SDoug Rabson 1948c19800e8SDoug Rabson * doc/setup.texi: remove cartouches - we don't use them anywhere 1949c19800e8SDoug Rabson else, they should be around the example, not inside it, and 1950c19800e8SDoug Rabson probably shouldn't be used in html at all 1951c19800e8SDoug Rabson 1952*ae771770SStanislav Sedov2006-02-18 Love Hörnquist Åstrand <lha@it.su.se> 1953c19800e8SDoug Rabson 1954c19800e8SDoug Rabson * lib/krb5/krb5_warn.3: Document that applications want to use 1955c19800e8SDoug Rabson krb5_get_error_message, add example. 1956c19800e8SDoug Rabson 1957*ae771770SStanislav Sedov2006-02-16 Love Hörnquist Åstrand <lha@it.su.se> 1958c19800e8SDoug Rabson 1959c19800e8SDoug Rabson * lib/krb5/crypto.c (krb5_generate_random_block): check return 1960c19800e8SDoug Rabson value from RAND_bytes 1961c19800e8SDoug Rabson 1962c19800e8SDoug Rabson * lib/krb5/error_string.c: Change indentation, update (c) 1963c19800e8SDoug Rabson 1964*ae771770SStanislav Sedov2006-02-14 Love Hörnquist Åstrand <lha@it.su.se> 1965c19800e8SDoug Rabson 1966c19800e8SDoug Rabson * lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when 1967c19800e8SDoug Rabson compiling w/o pkinit. 1968c19800e8SDoug Rabson 1969*ae771770SStanislav Sedov2006-02-13 Love Hörnquist Åstrand <lha@it.su.se> 1970c19800e8SDoug Rabson 1971c19800e8SDoug Rabson * lib/krb5/pkinit.c: update to new paChecksum definition, update 1972c19800e8SDoug Rabson the dhgroup handling 1973c19800e8SDoug Rabson 1974c19800e8SDoug Rabson * kdc/pkinit.c: update to new paChecksum definition, use 1975c19800e8SDoug Rabson hdb_entry_ex 1976c19800e8SDoug Rabson 1977*ae771770SStanislav Sedov2006-02-09 Love Hörnquist Åstrand <lha@it.su.se> 1978c19800e8SDoug Rabson 1979c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Move Configurable options to last in the 1980c19800e8SDoug Rabson file. 1981c19800e8SDoug Rabson 1982c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef 1983c19800e8SDoug Rabson 1984*ae771770SStanislav Sedov2006-02-03 Love Hörnquist Åstrand <lha@it.su.se> 1985c19800e8SDoug Rabson 1986c19800e8SDoug Rabson * kpasswd/kpasswdd.c: Send back a better error-message to the 1987c19800e8SDoug Rabson client in case the password change was rejected. 1988c19800e8SDoug Rabson 1989c19800e8SDoug Rabson * lib/krb5/krb5_warn.3: Document krb5_get_error_message. 1990c19800e8SDoug Rabson 1991c19800e8SDoug Rabson * lib/krb5/error_string.c (krb5_get_error_message): new function, 1992c19800e8SDoug Rabson and combination of krb5_get_error_string and krb5_get_err_text 1993c19800e8SDoug Rabson 1994c19800e8SDoug Rabson * lib/krb5/krb5.3: sort, and krb5_get_error_message 1995c19800e8SDoug Rabson 1996c19800e8SDoug Rabson * lib/hdb/hdb-ldap.c: Log the filter string to the error message 1997c19800e8SDoug Rabson when doing searches. 1998c19800e8SDoug Rabson 1999c19800e8SDoug Rabson * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): 2000c19800e8SDoug Rabson Use KRB5_ADDRESSLESS_DEFAULT when 2001c19800e8SDoug Rabson checking [appdefault]no-addresses. 2002c19800e8SDoug Rabson 2003c19800e8SDoug Rabson * lib/krb5/get_cred.c (get_cred_from_kdc_flags): Use 2004c19800e8SDoug Rabson KRB5_ADDRESSLESS_DEFAULT when checking 2005c19800e8SDoug Rabson [appdefault]no-addresses. 2006c19800e8SDoug Rabson 2007c19800e8SDoug Rabson * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): 2008c19800e8SDoug Rabson Use [appdefault]no-addresses before checking if the krbtgt is 2009c19800e8SDoug Rabson address-less, use KRB5_ADDRESSLESS_DEFAULT. 2010c19800e8SDoug Rabson 2011c19800e8SDoug Rabson * lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that 2012c19800e8SDoug Rabson controlls all address-less behavior. Defaults to false. 2013c19800e8SDoug Rabson 2014*ae771770SStanislav Sedov2006-02-01 Love Hörnquist Åstrand <lha@it.su.se> 2015c19800e8SDoug Rabson 2016c19800e8SDoug Rabson * lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION 2017c19800e8SDoug Rabson 2018c19800e8SDoug Rabson * lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE 2019c19800e8SDoug Rabson failes to produce the matching lenghts. 2020c19800e8SDoug Rabson 2021*ae771770SStanislav Sedov2006-01-27 Love Hörnquist Åstrand <lha@it.su.se> 2022c19800e8SDoug Rabson 2023c19800e8SDoug Rabson * kcm/protocol.c (kcm_op_retrieve): remove unused variable 2024c19800e8SDoug Rabson 2025*ae771770SStanislav Sedov2006-01-15 Love Hörnquist Åstrand <lha@it.su.se> 2026c19800e8SDoug Rabson 2027c19800e8SDoug Rabson * tools/krb5-config.in: Move depenency on @LIB_dbopen@ to 2028c19800e8SDoug Rabson kadm-server, kerberos library doesn't depend on db-library. 2029c19800e8SDoug Rabson 2030*ae771770SStanislav Sedov2006-01-13 Love Hörnquist Åstrand <lha@it.su.se> 2031c19800e8SDoug Rabson 2032c19800e8SDoug Rabson * include/Makefile.am: Don't clean crypto headers, they now live 2033c19800e8SDoug Rabson in hcrypto/. Add hcrypto to SUBDIRS. 2034c19800e8SDoug Rabson 2035c19800e8SDoug Rabson * include/hcrypto/Makefile.am: clean installed headers 2036c19800e8SDoug Rabson 2037c19800e8SDoug Rabson * include/make_crypto.c: include crypto headers from hcrypto/ 2038c19800e8SDoug Rabson 2039c19800e8SDoug Rabson * include/make_crypto.c: Include more crypto headerfiles. Remove 2040c19800e8SDoug Rabson support for old hash names. 2041c19800e8SDoug Rabson 2042*ae771770SStanislav Sedov2006-01-02 Love Hörnquist Åstrand <lha@it.su.se> 2043c19800e8SDoug Rabson 2044c19800e8SDoug Rabson * kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry, 2045c19800e8SDoug Rabson from Andrew Bartlet. 2046c19800e8SDoug Rabson 2047c19800e8SDoug Rabson * Happy New Year. 2048