18d4ba808SJacques Vidrine 2*ae771770SStanislav SedovWe stop writing change logs, see the source code version control systems history log instead 38d4ba808SJacques Vidrine 4*ae771770SStanislav Sedov2008-07-28 Love Hornquist Astrand <lha@h5l.org> 5*ae771770SStanislav Sedov 6*ae771770SStanislav Sedov * lib/krb5/v4_glue.c: The "kaserver" part of Heimdal occasionally 7*ae771770SStanislav Sedov issues invalid AFS tokens 8*ae771770SStanislav Sedov (here "occasionally" means for certain users in certain realms). 9*ae771770SStanislav Sedov 10*ae771770SStanislav Sedov In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket 11*ae771770SStanislav Sedov is padded to a multiple of 8 bytes. If it is already a multiple of 12*ae771770SStanislav Sedov 8 bytes, 8 additional 0-bytes are added. 13*ae771770SStanislav Sedov 14*ae771770SStanislav Sedov This catches the AFS krb4 ticket decoder by surprise: unless the 15*ae771770SStanislav Sedov ticket is exactly 56 bytes, it only supports the minimum necessary 16*ae771770SStanislav Sedov padding. It detects the superfluous padding by comparing the 17*ae771770SStanislav Sedov ticket length decoded to the advertised ticket length. 18*ae771770SStanislav Sedov 19*ae771770SStanislav Sedov Hence a 7-letter userid in "cern.ch" which resulted in a ticket of 20*ae771770SStanislav Sedov 40 bytes, got "padded" to 48 bytes which the rxkad decoder 21*ae771770SStanislav Sedov rejected. 22*ae771770SStanislav Sedov 23*ae771770SStanislav Sedov From Rainer Toebbicke. 24*ae771770SStanislav Sedov 25*ae771770SStanislav Sedov2008-07-25 Love Hörnquist Åstrand <lha@h5l.org> 26*ae771770SStanislav Sedov 27*ae771770SStanislav Sedov * kuser/kinit.c: add --ok-as-delegate and --windows flags 28*ae771770SStanislav Sedov 29*ae771770SStanislav Sedov * kpasswd/kpasswd-generator.c: Switch to krb5_set_password. 30*ae771770SStanislav Sedov 31*ae771770SStanislav Sedov * kuser/kinit.c: Use krb5_cc_set_config. 32*ae771770SStanislav Sedov 33*ae771770SStanislav Sedov * lib/krb5/cache.c: Add krb5_cc_[gs]et_config. 34*ae771770SStanislav Sedov 35*ae771770SStanislav Sedov2008-07-22 Love Hörnquist Åstrand <lha@h5l.org> 36*ae771770SStanislav Sedov 37*ae771770SStanislav Sedov * lib/krb5/crypto.c: Allow numbers to be enctypes to as long as 38*ae771770SStanislav Sedov they are valid. 39*ae771770SStanislav Sedov 40*ae771770SStanislav Sedov2008-07-17 Love Hörnquist Åstrand <lha@h5l.org> 41*ae771770SStanislav Sedov 42*ae771770SStanislav Sedov * lib/hdb/version-script.map: some random bits needed for libkadm 43*ae771770SStanislav Sedov 44*ae771770SStanislav Sedov2008-07-15 Love Hörnquist Åstrand <lha@h5l.org> 45*ae771770SStanislav Sedov 46*ae771770SStanislav Sedov * lib/krb5/send_to_kdc_plugin.h: add name for send_to_kdc plugin. 47*ae771770SStanislav Sedov 48*ae771770SStanislav Sedov * lib/krb5/krbhst.c: handle KRB5_PLUGIN_NO_HANDLE for lookup 49*ae771770SStanislav Sedov plugin. 50*ae771770SStanislav Sedov 51*ae771770SStanislav Sedov * lib/krb5/send_to_kdc.c: Add support for the send_to_kdc plugin 52*ae771770SStanislav Sedov interface. 53*ae771770SStanislav Sedov 54*ae771770SStanislav Sedov * lib/krb5/Makefile.am: add send_to_kdc_plugin.h 55*ae771770SStanislav Sedov 56*ae771770SStanislav Sedov * lib/krb5/krb5_err.et: add plugin error codes 57*ae771770SStanislav Sedov 58*ae771770SStanislav Sedov2008-07-14 Love Hornquist Astrand <lha@kth.se> 59*ae771770SStanislav Sedov 60*ae771770SStanislav Sedov * lib/hdb/Makefile.am: EXTRA_DIST += version-script.map 61*ae771770SStanislav Sedov 62*ae771770SStanislav Sedov2008-07-14 Love Hornquist Astrand <lha@kth.se> 63*ae771770SStanislav Sedov 64*ae771770SStanislav Sedov * lib/krb5/krb5_{address,ccache}.3: spelling, from openbsd via janne 65*ae771770SStanislav Sedov johansson 66*ae771770SStanislav Sedov 67*ae771770SStanislav Sedov2008-07-13 Love Hörnquist Åstrand <lha@kth.se> 68*ae771770SStanislav Sedov 69*ae771770SStanislav Sedov * lib/krb5/version-script.map: add krb5_free_error_message 70*ae771770SStanislav Sedov 71*ae771770SStanislav Sedov2008-06-21 Love Hörnquist Åstrand <lha@kth.se> 72*ae771770SStanislav Sedov 73*ae771770SStanislav Sedov * lib/krb5/init_creds_pw.c: switch to krb5_set_password(). 74*ae771770SStanislav Sedov 75*ae771770SStanislav Sedov2008-06-18 Love Hörnquist Åstrand <lha@kth.se> 76*ae771770SStanislav Sedov 77*ae771770SStanislav Sedov * lib/krb5/time.c (krb5_set_real_time): handle negative usec 78*ae771770SStanislav Sedov 79*ae771770SStanislav Sedov2008-05-31 Love Hörnquist Åstrand <lha@kth.se> 80*ae771770SStanislav Sedov 81*ae771770SStanislav Sedov * lib/krb5/krb5_locl.h: Add <wind.h> 82*ae771770SStanislav Sedov 83*ae771770SStanislav Sedov * lib/krb5/crypto.c: Use wind_utf8ucs2_length to convert the password to utf16. 84*ae771770SStanislav Sedov 85*ae771770SStanislav Sedov2008-05-30 Love Hörnquist Åstrand <lha@kth.se> 86*ae771770SStanislav Sedov 87*ae771770SStanislav Sedov * lib/krb5/kcm.c: Add back krb5_kcmcache argument to try_door(). 88*ae771770SStanislav Sedov 89*ae771770SStanislav Sedov2008-05-27 Love Hörnquist Åstrand <lha@kth.se> 90*ae771770SStanislav Sedov 91*ae771770SStanislav Sedov * lib/krb5/error_string.c (krb5_free_error_message): constify 92*ae771770SStanislav Sedov 93*ae771770SStanislav Sedov * lib/krb5/error_string.c: Add krb5_get_error_message(). 94*ae771770SStanislav Sedov 95*ae771770SStanislav Sedov * lib/krb5/doxygen.c: krb5_cc_new_unique() is name of the creation 96*ae771770SStanislav Sedov function. 97*ae771770SStanislav Sedov 98*ae771770SStanislav Sedov2008-04-30 Love Hörnquist Åstrand <lha@it.su.se> 99*ae771770SStanislav Sedov 100*ae771770SStanislav Sedov * lib/hdb/hdb-ldap.c: Use the _ext api for OpenLDAP, from Honza 101*ae771770SStanislav Sedov Machacek (gentoo). 102*ae771770SStanislav Sedov 103*ae771770SStanislav Sedov2008-04-28 Love Hörnquist Åstrand <lha@it.su.se> 104*ae771770SStanislav Sedov 105*ae771770SStanislav Sedov * lib/krb5/crypto.c: Use DES_set_key_unchecked(). 106*ae771770SStanislav Sedov 107*ae771770SStanislav Sedov * lib/krb5/krb5.conf.5: Document default_cc_type. 108*ae771770SStanislav Sedov 109*ae771770SStanislav Sedov * lib/krb5/cache.c: Pick up [libdefaults]default_cc_type 110*ae771770SStanislav Sedov 111*ae771770SStanislav Sedov2008-04-27 Love Hörnquist Åstrand <lha@it.su.se> 112*ae771770SStanislav Sedov 113*ae771770SStanislav Sedov * kdc/kaserver.c: Use DES_set_key_unchecked(). 114*ae771770SStanislav Sedov 115*ae771770SStanislav Sedov2008-04-21 Love Hörnquist Åstrand <lha@it.su.se> 116*ae771770SStanislav Sedov 117*ae771770SStanislav Sedov * doc/hx509.texi: About the pkcs11 module. 118*ae771770SStanislav Sedov 119*ae771770SStanislav Sedov * doc/hx509.texi: Pick up version from vars.texi 120*ae771770SStanislav Sedov 121*ae771770SStanislav Sedov * doc/hx509.texi: No MIT code in hx509. 122*ae771770SStanislav Sedov 123*ae771770SStanislav Sedov * hx509 now includes a pkcs11 implementation. 124*ae771770SStanislav Sedov 125*ae771770SStanislav Sedov2008-04-20 Love Hörnquist Åstrand <lha@it.su.se> 126*ae771770SStanislav Sedov 127*ae771770SStanislav Sedov * lib/hdb/Makefile.am: Move OpenLDAP includes to AM_CPPFLAGS to 128*ae771770SStanislav Sedov avoid dropping other defines for the library. 129*ae771770SStanislav Sedov 130*ae771770SStanislav Sedov2008-04-17 Love Hörnquist Åstrand <lha@it.su.se> 131*ae771770SStanislav Sedov 132*ae771770SStanislav Sedov * lib/krb5: add __declspec() for windows. 133*ae771770SStanislav Sedov 134*ae771770SStanislav Sedov * configure.in: Update rk_WIN32_EXPORT, add gssapi to 135*ae771770SStanislav Sedov rk_WIN32_EXPORT. 136*ae771770SStanislav Sedov 137*ae771770SStanislav Sedov * configure.in: Lets try dependency tracking for automake 1.10 and 138*ae771770SStanislav Sedov later. 139*ae771770SStanislav Sedov 140*ae771770SStanislav Sedov * configure.in: Use at least libtool-2.2. 141*ae771770SStanislav Sedov 142*ae771770SStanislav Sedov * configure.in: Use LT_INIT the right way. 143*ae771770SStanislav Sedov 144*ae771770SStanislav Sedov * lib/krb5/Makefile.am: Update make-proto usage. 145*ae771770SStanislav Sedov 146*ae771770SStanislav Sedov * configure.in: Run autoupdate, use LT_INIT(). 147*ae771770SStanislav Sedov 148*ae771770SStanislav Sedov2008-04-15 Love Hörnquist Åstrand <lha@it.su.se> 149*ae771770SStanislav Sedov 150*ae771770SStanislav Sedov * lib/krb5/test_forward.c: Don't print krb5_error_code since we 151*ae771770SStanislav Sedov are using krb5_err(). 152*ae771770SStanislav Sedov 153*ae771770SStanislav Sedov * lib/krb5/ticket.c: Cast krb5_error_code to int to avoid warning. 154*ae771770SStanislav Sedov 155*ae771770SStanislav Sedov * lib/krb5/scache.c: Cast krb5_error_code to int to avoid warning. 156*ae771770SStanislav Sedov 157*ae771770SStanislav Sedov * lib/krb5/principal.c: Cast enum to int to avoid warning. 158*ae771770SStanislav Sedov 159*ae771770SStanislav Sedov * lib/krb5/pkinit.c: Cast krb5_error_code to int to avoid warning. 160*ae771770SStanislav Sedov 161*ae771770SStanislav Sedov * lib/krb5/pac.c: Cast size_t to unsigned long to avoid warning. 162*ae771770SStanislav Sedov 163*ae771770SStanislav Sedov * lib/krb5/error_string.c: Cast krb5_error_code to int to avoid 164*ae771770SStanislav Sedov warning. 165*ae771770SStanislav Sedov 166*ae771770SStanislav Sedov * lib/krb5/keytab_keyfile.c: Make num_entries an uint32 to avoid 167*ae771770SStanislav Sedov negative numbers and type warnings. 168*ae771770SStanislav Sedov 169*ae771770SStanislav Sedov * lib/krb5: cc_get_version returns an int, update. 170*ae771770SStanislav Sedov 171*ae771770SStanislav Sedov2008-04-10 Love Hörnquist Åstrand <lha@it.su.se> 172*ae771770SStanislav Sedov 173*ae771770SStanislav Sedov * configure.in: Check for <asl.h>. 174*ae771770SStanislav Sedov 175*ae771770SStanislav Sedov2008-04-09 Love Hörnquist Åstrand <lha@it.su.se> 176*ae771770SStanislav Sedov 177*ae771770SStanislav Sedov * lib/krb5/version-script.map: sort and export _krb5_pk_kdf 178*ae771770SStanislav Sedov 179*ae771770SStanislav Sedov * lib/krb5/crypto.c: Check kdf params. calculate the second half 180*ae771770SStanislav Sedov of the key. 181*ae771770SStanislav Sedov 182*ae771770SStanislav Sedov * lib/krb5/Makefile.am: Add test_pknistkdf 183*ae771770SStanislav Sedov 184*ae771770SStanislav Sedov * lib/krb5/test_pknistkdf.c: Test the new pkinit nist kdf. 185*ae771770SStanislav Sedov 186*ae771770SStanislav Sedov * lib/krb5/crypto.c: Complete _krb5_pk_kdf. 187*ae771770SStanislav Sedov 188*ae771770SStanislav Sedov * lib/krb5/crypto.c: First version of KDF in 189*ae771770SStanislav Sedov draft-ietf-krb-wg-pkinit-alg-agility-03.txt. 190*ae771770SStanislav Sedov 191*ae771770SStanislav Sedov2008-04-08 Love Hörnquist Åstrand <lha@it.su.se> 192*ae771770SStanislav Sedov 193*ae771770SStanislav Sedov * doc/setup.texi: Add text about smbk5pwd overlay from Buchan 194*ae771770SStanislav Sedov Milne. 195*ae771770SStanislav Sedov 196*ae771770SStanislav Sedov * lib/krb5/krb5_locl.h: Name the pkinit type enum. 197*ae771770SStanislav Sedov 198*ae771770SStanislav Sedov * kdc/pkinit.c: Rename constants to match global header. 199*ae771770SStanislav Sedov 200*ae771770SStanislav Sedov * lib/krb5/pkinit.c: Drop krb5_pk_identity and rename constants to 201*ae771770SStanislav Sedov match global header. 202*ae771770SStanislav Sedov 203*ae771770SStanislav Sedov * kdc/pkinit.c: Pick up krb5_pk_identity from krb5_locl.h. 204*ae771770SStanislav Sedov 205*ae771770SStanislav Sedov * lib/krb5/scache.c (scc_alloc): %x is unsigned int. 206*ae771770SStanislav Sedov 207*ae771770SStanislav Sedov2008-04-07 Love Hörnquist Åstrand <lha@it.su.se> 208*ae771770SStanislav Sedov 209*ae771770SStanislav Sedov * lib/krb5/version-script.map: Sort and add krb5_cc_switch. 210*ae771770SStanislav Sedov 211*ae771770SStanislav Sedov * lib/krb5/acache.c: Use unsigned where appropriate. 212*ae771770SStanislav Sedov 213*ae771770SStanislav Sedov * kcm/glue.c: Adapt to chenge to krb5_cc_ops. 214*ae771770SStanislav Sedov 215*ae771770SStanislav Sedov * kcm/acl.c: Add missing op. 216*ae771770SStanislav Sedov 217*ae771770SStanislav Sedov * kdc/connect.c: Use unsigned where appropriate. 218*ae771770SStanislav Sedov 219*ae771770SStanislav Sedov * lib/krb5/n-fold.c: Use size_t where appropriate. 220*ae771770SStanislav Sedov 221*ae771770SStanislav Sedov * lib/krb5/get_addrs.c: Use unsigned where appropriate. 222*ae771770SStanislav Sedov 223*ae771770SStanislav Sedov * lib/krb5/crypto.c: Use unsigned where appropriate. 224*ae771770SStanislav Sedov 225*ae771770SStanislav Sedov * lib/krb5/crc.c: Use unsigned where appropriate. 226*ae771770SStanislav Sedov 227*ae771770SStanislav Sedov * lib/krb5/changepw.c: simplify 228*ae771770SStanislav Sedov 229*ae771770SStanislav Sedov * lib/krb5/copy_host_realm.c: simplify 230*ae771770SStanislav Sedov 231*ae771770SStanislav Sedov * kuser/kswitch.c: Implement --principal. 232*ae771770SStanislav Sedov 233*ae771770SStanislav Sedov2008-04-05 Love Hörnquist Åstrand <lha@it.su.se> 234*ae771770SStanislav Sedov 235*ae771770SStanislav Sedov * lib/krb5/cache.c: allow returning the default cc-type. 236*ae771770SStanislav Sedov 237*ae771770SStanislav Sedov * kuser/kswitch.c: Enable switching between existing caches. 238*ae771770SStanislav Sedov 239*ae771770SStanislav Sedov * lib/krb5/cache.c: Add krb5_cc_switch, to set the default 240*ae771770SStanislav Sedov credential cache. 241*ae771770SStanislav Sedov 242*ae771770SStanislav Sedov * lib/krb5/acache.c: Implement set_default. 243*ae771770SStanislav Sedov 244*ae771770SStanislav Sedov * lib/krb5/krb5.h: Extend krb5_cc_ops and add set_default to set 245*ae771770SStanislav Sedov the default cc name for a credential type. 246*ae771770SStanislav Sedov 247*ae771770SStanislav Sedov2008-04-04 Love Hörnquist Åstrand <lha@it.su.se> 248*ae771770SStanislav Sedov 249*ae771770SStanislav Sedov * lib/krb5/test_cc.c: test remove 250*ae771770SStanislav Sedov 251*ae771770SStanislav Sedov * lib/krb5/fcache.c: Make the remove cred slight more atomic, now 252*ae771770SStanislav Sedov it might lose creds, but there will be no empty cache at any time. 253*ae771770SStanislav Sedov 254*ae771770SStanislav Sedov * lib/krb5/scache.c: Do credential iteration by temporary table. 255*ae771770SStanislav Sedov 256*ae771770SStanislav Sedov2008-04-02 Love Hörnquist Åstrand <lha@it.su.se> 257*ae771770SStanislav Sedov 258*ae771770SStanislav Sedov * lib/krb5/acache.c: Translate ccErrInvalidCCache. 259*ae771770SStanislav Sedov 260*ae771770SStanislav Sedov * lib/krb5/scache.c: implemetation of a sqlite3 backed credential 261*ae771770SStanislav Sedov cache. 262*ae771770SStanislav Sedov 263*ae771770SStanislav Sedov * lib/krb5/test_cc.c: test acc and scc 264*ae771770SStanislav Sedov 265*ae771770SStanislav Sedov * lib/krb5/acache.c: Only release context if its in use. 266*ae771770SStanislav Sedov 267*ae771770SStanislav Sedov2008-04-01 Love Hörnquist Åstrand <lha@it.su.se> 268*ae771770SStanislav Sedov 269*ae771770SStanislav Sedov * doc/setup.texi: No patching of OpenLDAP is needed, from Buchan 270*ae771770SStanislav Sedov Milne. 271*ae771770SStanislav Sedov 272*ae771770SStanislav Sedov2008-03-30 Love Hörnquist Åstrand <lha@it.su.se> 273*ae771770SStanislav Sedov 274*ae771770SStanislav Sedov * lib/krb5/Makefile.am: Add scache. 275*ae771770SStanislav Sedov 276*ae771770SStanislav Sedov * lib/krb5/scache.c: initial implementation 277*ae771770SStanislav Sedov 278*ae771770SStanislav Sedov * lib/Makefile.am: sqlite 279*ae771770SStanislav Sedov 280*ae771770SStanislav Sedov * configure.in: lib/sqlite/Makefile 281*ae771770SStanislav Sedov 282*ae771770SStanislav Sedov2008-03-26 Love Hörnquist Åstrand <lha@it.su.se> 283*ae771770SStanislav Sedov 284*ae771770SStanislav Sedov * lib/krb5/fcache.c: Make the storing credential an atomic 285*ae771770SStanislav Sedov write(2) to avoid signal races, bug traced by Harald Barth and Lars 286*ae771770SStanislav Sedov Malinowsky. 287*ae771770SStanislav Sedov 288*ae771770SStanislav Sedov2008-03-25 Love Hörnquist Åstrand <lha@it.su.se> 289*ae771770SStanislav Sedov 290*ae771770SStanislav Sedov * lib/krb5/fcache.c: Make erase_file() do locking too. 291*ae771770SStanislav Sedov 292*ae771770SStanislav Sedov * kcm/protocol.c: Make work when moving to a non-existant 293*ae771770SStanislav Sedov cred-cache. 294*ae771770SStanislav Sedov 295*ae771770SStanislav Sedov * lib/krb5/test_cc.c: more verbose info. 296*ae771770SStanislav Sedov 297*ae771770SStanislav Sedov * lib/krb5/test_cc.c: test krb5_cc_move(). 298*ae771770SStanislav Sedov 299*ae771770SStanislav Sedov2008-03-23 Love Hörnquist Åstrand <lha@it.su.se> 300*ae771770SStanislav Sedov 301*ae771770SStanislav Sedov * lib/krb5/get_cred.c: Try both kdc server referral and the old 302*ae771770SStanislav Sedov client chasing mode. 303*ae771770SStanislav Sedov 304*ae771770SStanislav Sedov * lib/krb5/get_cred.c: Don't do canonicalize by default, make 305*ae771770SStanislav Sedov add_cred() sane, make loop detection in credential fetching 306*ae771770SStanislav Sedov better. 307*ae771770SStanislav Sedov 308*ae771770SStanislav Sedov * lib/krb5/krb5_locl.h: Add flag EXTRACT_TICKET_AS_REQ. 309*ae771770SStanislav Sedov 310*ae771770SStanislav Sedov * lib/krb5/init_creds_pw.c: Tell _krb5_extract_ticket that this is 311*ae771770SStanislav Sedov an AS-REQ. 312*ae771770SStanislav Sedov 313*ae771770SStanislav Sedov * lib/krb5/get_in_tkt.c: Make server referral work. 314*ae771770SStanislav Sedov 315*ae771770SStanislav Sedov2008-03-22 Love Hörnquist Åstrand <lha@it.su.se> 316*ae771770SStanislav Sedov 317*ae771770SStanislav Sedov * lib/krb5/get_in_tkt.c: check no server referral, don't use 318*ae771770SStanislav Sedov stringent length tests since encryption layer does padding for 319*ae771770SStanislav Sedov us... 320*ae771770SStanislav Sedov 321*ae771770SStanislav Sedov * kdc/kerberos5.c: Match name in ClientCanonicalizedNames with -10 322*ae771770SStanislav Sedov 323*ae771770SStanislav Sedov * lib/krb5/principal.c (_krb5_principal_compare_PrincipalName): 324*ae771770SStanislav Sedov new function to compare a principal to a PrincipalName. 325*ae771770SStanislav Sedov 326*ae771770SStanislav Sedov * lib/krb5/init_creds_pw.c: Move client referral checking to 327*ae771770SStanislav Sedov _krb5_extract_ticket(). 328*ae771770SStanislav Sedov 329*ae771770SStanislav Sedov * lib/krb5/get_in_tkt.c: More bits for server referral. 330*ae771770SStanislav Sedov 331*ae771770SStanislav Sedov * lib/krb5/get_in_tkt.c: Make working with client referrals. 332*ae771770SStanislav Sedov 333*ae771770SStanislav Sedov * lib/krb5/get_cred.c: Try moving referrals checking into 334*ae771770SStanislav Sedov _krb5_extract_ticket(). 335*ae771770SStanislav Sedov 336*ae771770SStanislav Sedov * lib/krb5/get_in_tkt.c: Try moving referrals checking into 337*ae771770SStanislav Sedov _krb5_extract_ticket(). 338*ae771770SStanislav Sedov 339*ae771770SStanislav Sedov2008-03-21 Love Hörnquist Åstrand <lha@it.su.se> 340*ae771770SStanislav Sedov 341*ae771770SStanislav Sedov * kdc/krb5tgs.c: Send SERVER-REFERRAL data in rep.padata instead 342*ae771770SStanislav Sedov of auth_data in ticket. 343*ae771770SStanislav Sedov 344*ae771770SStanislav Sedov2008-03-20 Love Hörnquist Åstrand <lha@it.su.se> 345*ae771770SStanislav Sedov 346*ae771770SStanislav Sedov * lib/krb5/init_creds_pw.c: remove lost bits from using 347*ae771770SStanislav Sedov krb5_principal_set_realm 348*ae771770SStanislav Sedov 349*ae771770SStanislav Sedov * kdc/krb5tgs.c: Better referrals support, use canonicalize flag. 350*ae771770SStanislav Sedov 351*ae771770SStanislav Sedov * kdc/hprop.c: use krb5_principal_set_realm 352*ae771770SStanislav Sedov 353*ae771770SStanislav Sedov * lib/krb5/init_creds_pw.c: use krb5_principal_set_realm 354*ae771770SStanislav Sedov 355*ae771770SStanislav Sedov * lib/krb5/verify_user.c: use krb5_principal_set_realm 356*ae771770SStanislav Sedov 357*ae771770SStanislav Sedov * lib/krb5/version-script.map: add krb5_principal_set_realm 358*ae771770SStanislav Sedov 359*ae771770SStanislav Sedov * lib/krb5/principal.c: add krb5_principal_set_realm 360*ae771770SStanislav Sedov 361*ae771770SStanislav Sedov * lib/krb5/get_cred.c: Insecure tgs referrals. 362*ae771770SStanislav Sedov 363*ae771770SStanislav Sedov * lib/krb5/get_cred.c: Dont try key usage KRB5_KU_AP_REQ_AUTH for 364*ae771770SStanislav Sedov TGS-REQ. This drop compatibility with pre 0.3d KDCs. 365*ae771770SStanislav Sedov 366*ae771770SStanislav Sedov * lib/krb5/get_cred.c: catch KRB5_GC_CANONICALIZE. 367*ae771770SStanislav Sedov 368*ae771770SStanislav Sedov * lib/krb5/krb5.h: set KRB5_GC_CANONICALIZE. 369*ae771770SStanislav Sedov 370*ae771770SStanislav Sedov * kuser/kgetcred.c: set KRB5_GC_CANONICALIZE. 371*ae771770SStanislav Sedov 372*ae771770SStanislav Sedov * kuser/kgetcred.c: Add stub --canonicalize implementation. 373*ae771770SStanislav Sedov 374*ae771770SStanislav Sedov2008-03-19 Love Hörnquist Åstrand <lha@it.su.se> 375*ae771770SStanislav Sedov 376*ae771770SStanislav Sedov * doc/setup.texi: Fix sasl-regexp, from Howard Chu. 377*ae771770SStanislav Sedov 378*ae771770SStanislav Sedov2008-03-14 Love Hörnquist Åstrand <lha@it.su.se> 379*ae771770SStanislav Sedov 380*ae771770SStanislav Sedov * kdc/kx509.c: Adapt to hx509_env changes. 381*ae771770SStanislav Sedov 382*ae771770SStanislav Sedov2008-03-10 Love Hörnquist Åstrand <lha@it.su.se> 383*ae771770SStanislav Sedov 384*ae771770SStanislav Sedov * lib/krb5/pkinit.c: Try searchin the key by to use by first 385*ae771770SStanislav Sedov looking for for PK-INIT EKU, then the Microsoft smart card EKU and 386*ae771770SStanislav Sedov last, no special EKU at all. 387*ae771770SStanislav Sedov 388*ae771770SStanislav Sedov2008-03-09 Love Hörnquist Åstrand <lha@it.su.se> 389*ae771770SStanislav Sedov 390*ae771770SStanislav Sedov * lib/krb5/acache.c: Create a new credential cache is ->get_name 391*ae771770SStanislav Sedov is called, make acc_initialize() reset the existing credential 392*ae771770SStanislav Sedov cache if needed. 393*ae771770SStanislav Sedov 394*ae771770SStanislav Sedov * lib/krb5/acache.c (acc_get_name): just return the cache_name 395*ae771770SStanislav Sedov directly instead of trying to resolve it. 396*ae771770SStanislav Sedov 397*ae771770SStanislav Sedov2008-02-23 Love Hörnquist Åstrand <lha@it.su.se> 398*ae771770SStanislav Sedov 399*ae771770SStanislav Sedov * include/Makefile.am (CLEANFILES): add wind.h and wind_err.h and 400*ae771770SStanislav Sedov sort. 401*ae771770SStanislav Sedov 402*ae771770SStanislav Sedov2008-02-11 Love Hörnquist Åstrand <lha@it.su.se> 403*ae771770SStanislav Sedov 404*ae771770SStanislav Sedov * lib/hdb/hdb-ldap.c: Use malloc() instead of static buffer. 405*ae771770SStanislav Sedov 406*ae771770SStanislav Sedov * lib/hdb/hdb-ldap.c: Use ldap_get_values_len, from LaMont Jones 407*ae771770SStanislav Sedov via Brian May and Debian. 408*ae771770SStanislav Sedov 409*ae771770SStanislav Sedov * doc/Makefile.am: add libwind 410*ae771770SStanislav Sedov 411*ae771770SStanislav Sedov2008-02-05 Love Hörnquist Åstrand <lha@it.su.se> 412*ae771770SStanislav Sedov 413*ae771770SStanislav Sedov * lib/krb5/test_renew.c: Remove extra ;, From Dennis Davis. 414*ae771770SStanislav Sedov 415*ae771770SStanislav Sedov * lib/krb5/store_emem.c: Make compile on-pre c99 compilers. From 416*ae771770SStanislav Sedov Dennis Davis. 417*ae771770SStanislav Sedov 418*ae771770SStanislav Sedov2008-02-03 Love Hörnquist Åstrand <lha@it.su.se> 419*ae771770SStanislav Sedov 420*ae771770SStanislav Sedov * tools/heimdal-gssapi.pc.in: Add wind. 421*ae771770SStanislav Sedov 422*ae771770SStanislav Sedov * tools/krb5-config.in: Add wind. 423*ae771770SStanislav Sedov 424*ae771770SStanislav Sedov * lib/krb5/pac.c: Use libwind. 425*ae771770SStanislav Sedov 426*ae771770SStanislav Sedov2008-02-01 Love Hörnquist Åstrand <lha@it.su.se> 427*ae771770SStanislav Sedov 428*ae771770SStanislav Sedov * lib/Makefile.am: SUBDIRS: add wind 429*ae771770SStanislav Sedov 430*ae771770SStanislav Sedov2008-01-29 Love Hörnquist Åstrand <lha@it.su.se> 431*ae771770SStanislav Sedov 432*ae771770SStanislav Sedov * doc/programming.texi: See the Kerberos 5 API introduction and 433*ae771770SStanislav Sedov documentation on the Heimdal webpage. 434*ae771770SStanislav Sedov 435*ae771770SStanislav Sedov2008-01-27 Love Hörnquist Åstrand <lha@it.su.se> 436*ae771770SStanislav Sedov 437*ae771770SStanislav Sedov * lib/krb5: better error strings for the keytab fetching functions 438*ae771770SStanislav Sedov 439*ae771770SStanislav Sedov * lib/krb5/verify_krb5_conf.c: Catch deprecated entries. 440*ae771770SStanislav Sedov 441*ae771770SStanislav Sedov * lib/krb5/get_cred.c: Remove support 442*ae771770SStanislav Sedov for [libdefaults]capath (not [libdefaults] capaths though). 443*ae771770SStanislav Sedov 444*ae771770SStanislav Sedov2008-01-25 Love Hörnquist Åstrand <lha@it.su.se> 445*ae771770SStanislav Sedov 446*ae771770SStanislav Sedov * tools/heimdal-gssapi.pc.in: Fix caps of prefix, from Joakim 447*ae771770SStanislav Sedov Fallsjo. 448*ae771770SStanislav Sedov 449*ae771770SStanislav Sedov2008-01-24 Love Hörnquist Åstrand <lha@it.su.se> 450*ae771770SStanislav Sedov 451*ae771770SStanislav Sedov * lib/krb5/fcache.c (fcc_move): more explict why the fcc_move 452*ae771770SStanislav Sedov failes, handle cross device moves. 453*ae771770SStanislav Sedov 454*ae771770SStanislav Sedov2008-01-21 Love Hörnquist Åstrand <lha@it.su.se> 4558d4ba808SJacques Vidrine 456c19800e8SDoug Rabson * lib/krb5/get_for_creds.c: Use on variable less. 4578d4ba808SJacques Vidrine 458c19800e8SDoug Rabson * lib/krb5/get_for_creds.c: Try to handle ticket full and 459c19800e8SDoug Rabson ticketless tickets better. Add doxygen comments while here. 4608d4ba808SJacques Vidrine 461c19800e8SDoug Rabson * lib/krb5/test_forward.c: Used for testing 462c19800e8SDoug Rabson krb5_get_forwarded_creds(). 4638d4ba808SJacques Vidrine 464c19800e8SDoug Rabson * lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward 4658d4ba808SJacques Vidrine 466c19800e8SDoug Rabson * lib/krb5/Makefile.am: drop CHECK_SYMBOLS 4678d4ba808SJacques Vidrine 468c19800e8SDoug Rabson * lib/hdb/Makefile.am: drop CHECK_SYMBOLS 4698d4ba808SJacques Vidrine 470c19800e8SDoug Rabson * kdc/Makefile.am: drop CHECK_SYMBOLS 4718d4ba808SJacques Vidrine 472*ae771770SStanislav Sedov2008-01-18 Love Hörnquist Åstrand <lha@it.su.se> 4738d4ba808SJacques Vidrine 474c19800e8SDoug Rabson * lib/krb5/version-script.map: Add krb5_digest_probe. 4758d4ba808SJacques Vidrine 476*ae771770SStanislav Sedov2008-01-13 Love Hörnquist Åstrand <lha@it.su.se> 4778d4ba808SJacques Vidrine 478c19800e8SDoug Rabson * lib/krb5/pkinit.c: Replace hx509_name_to_der_name with 479c19800e8SDoug Rabson hx509_name_binary. 4808d4ba808SJacques Vidrine 481*ae771770SStanislav Sedov2008-01-12 Love Hörnquist Åstrand <lha@it.su.se> 4828d4ba808SJacques Vidrine 483c19800e8SDoug Rabson * lib/krb5/Makefile.am: add missing files 4848d4ba808SJacques Vidrine 485*ae771770SStanislav Sedov * Happy new year. 486