Deleted Added
sdiff udiff text old ( 178826 ) new ( 233294 )
full compact
ChangeLog.2003 (178826) ChangeLog.2003 (233294)
12003-12-19 Love H�rnquist �strand <lha@it.su.se>
12003-12-19 Love H��rnquist ��strand <lha@it.su.se>
2
3 * lib/krb5/error_string.c: protect error_string with mutex
4
5 * lib/krb5/context.c: allocate and destroy mutex in krb5_context
6
7 * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string
8
2
3 * lib/krb5/error_string.c: protect error_string with mutex
4
5 * lib/krb5/context.c: allocate and destroy mutex in krb5_context
6
7 * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string
8
92003-12-18 Love H�rnquist �strand <lha@it.su.se>
92003-12-18 Love H��rnquist ��strand <lha@it.su.se>
10
11 * kuser/kinit.c: make -9 work again
12
10
11 * kuser/kinit.c: make -9 work again
12
132003-12-17 Love H�rnquist �strand <lha@it.su.se>
132003-12-17 Love H��rnquist ��strand <lha@it.su.se>
14
15 * lib/krb5/init_creds_pw.c: try handle ts preauth better, still
16 not good, but at least it work with older heimdal releases that
17 doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was
18 sent
19
14
15 * lib/krb5/init_creds_pw.c: try handle ts preauth better, still
16 not good, but at least it work with older heimdal releases that
17 doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was
18 sent
19
202003-12-16 Love H�rnquist �strand <lha@it.su.se>
202003-12-16 Love H��rnquist ��strand <lha@it.su.se>
21
22 * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer
23 used
24
21
22 * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer
23 used
24
252003-12-11 Love H�rnquist �strand <lha@it.su.se>
252003-12-11 Love H��rnquist ��strand <lha@it.su.se>
26
27 * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as
28 parameters, required by CMS
29
26
27 * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as
28 parameters, required by CMS
29
302003-12-07 Love H�rnquist �strand <lha@it.su.se>
302003-12-07 Love H��rnquist ��strand <lha@it.su.se>
31
32 * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab):
33 avoid memory leak that snuck in when krb5_keytab_key_proc was
34 exported, pointed out by Panases Inc
35
36 * lib/krb5/keytab_file.c: do locking, found to be a problem for
37 Panasas Inc
38

--- 5 unchanged lines hidden (view full) ---

44 krb-cred
45
46 * lib/krb5/krb5_auth_context.3: some text about
47 krb5_auth_con_{add,remove}flags
48
49 * lib/krb5/auth_context.c: add krb5_auth_con_addflags and
50 krb5_auth_con_removeflags
51
31
32 * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab):
33 avoid memory leak that snuck in when krb5_keytab_key_proc was
34 exported, pointed out by Panases Inc
35
36 * lib/krb5/keytab_file.c: do locking, found to be a problem for
37 Panasas Inc
38

--- 5 unchanged lines hidden (view full) ---

44 krb-cred
45
46 * lib/krb5/krb5_auth_context.3: some text about
47 krb5_auth_con_{add,remove}flags
48
49 * lib/krb5/auth_context.c: add krb5_auth_con_addflags and
50 krb5_auth_con_removeflags
51
522003-12-03 Love H�rnquist �strand <lha@it.su.se>
522003-12-03 Love H��rnquist ��strand <lha@it.su.se>
53
54 * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to
55 avoid memory leak
56
53
54 * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to
55 avoid memory leak
56
572003-12-02 Love H�rnquist �strand <lha@it.su.se>
572003-12-02 Love H��rnquist ��strand <lha@it.su.se>
58
59 * lib/krb5/crypto.c: require cipher-text to be padded to padsize
60
61 * lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is
62 deprecated in RFC3493
63
64 * lib/krb5/verify_krb5_conf.c (check_host): don't check for
65 EAI_NODATA, because its depricated in RFC3493 Pointed out by
66 Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss
67
58
59 * lib/krb5/crypto.c: require cipher-text to be padded to padsize
60
61 * lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is
62 deprecated in RFC3493
63
64 * lib/krb5/verify_krb5_conf.c (check_host): don't check for
65 EAI_NODATA, because its depricated in RFC3493 Pointed out by
66 Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss
67
682003-12-01 Love H�rnquist �strand <lha@it.su.se>
682003-12-01 Love H��rnquist ��strand <lha@it.su.se>
69
70 * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS
71
72 * lib/krb5/test_crypto.c: add --version,--help
73
74 * kuser/kinit.c (main): return the return value from simple_execvp
75
69
70 * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS
71
72 * lib/krb5/test_crypto.c: add --version,--help
73
74 * kuser/kinit.c (main): return the return value from simple_execvp
75
762003-11-26 Love H�rnquist �strand <lha@it.su.se>
762003-11-26 Love H��rnquist ��strand <lha@it.su.se>
77
78 * kuser/kinit.c: don't use PKINIT DH per default since its too
79 slow
80
81 * lib/krb5/pkinit.c: tweek to make pkinit work with the fact the
82 asn1_compile can't generate code for context tagless optionals
83
84 * kdc/pkinit.c: add support for KDC side of DH PKINIT
85
86 * lib/krb5/pkinit.c: clean up error handling, make enc-type work
87 again
88
77
78 * kuser/kinit.c: don't use PKINIT DH per default since its too
79 slow
80
81 * lib/krb5/pkinit.c: tweek to make pkinit work with the fact the
82 asn1_compile can't generate code for context tagless optionals
83
84 * kdc/pkinit.c: add support for KDC side of DH PKINIT
85
86 * lib/krb5/pkinit.c: clean up error handling, make enc-type work
87 again
88
892003-11-25 Love H�rnquist �strand <lha@it.su.se>
892003-11-25 Love H��rnquist ��strand <lha@it.su.se>
90
91 * kuser/kinit.c: add flag to make it work with pkinit dh
92
93 * lib/krb5/pkinit.c: make PKINIT DH support work
94
90
91 * kuser/kinit.c: add flag to make it work with pkinit dh
92
93 * lib/krb5/pkinit.c: make PKINIT DH support work
94
952003-11-24 Love H�rnquist �strand <lha@it.su.se>
952003-11-24 Love H��rnquist ��strand <lha@it.su.se>
96
97 * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen
98
99 * kdc/pkinit.c: clean up
100
101 * lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field
102
103 * lib/krb5/pkinit.c: remove most compile depencies clean up

--- 10 unchanged lines hidden (view full) ---

114 * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I
115 removed the dependency on valicert asn1 parser, remove smartcard
116 and globus support (for now). Work to be done on this: DH support,
117 Globus support, Smartcard support, windows support (MS implements
118 -09 of the draft), make it conform to the new draft
119
120 * lib/krb5/pkinit.c: fix bugs, improve error reporting
121
96
97 * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen
98
99 * kdc/pkinit.c: clean up
100
101 * lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field
102
103 * lib/krb5/pkinit.c: remove most compile depencies clean up

--- 10 unchanged lines hidden (view full) ---

114 * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I
115 removed the dependency on valicert asn1 parser, remove smartcard
116 and globus support (for now). Work to be done on this: DH support,
117 Globus support, Smartcard support, windows support (MS implements
118 -09 of the draft), make it conform to the new draft
119
120 * lib/krb5/pkinit.c: fix bugs, improve error reporting
121
1222003-11-23 Love H�rnquist �strand <lha@it.su.se>
1222003-11-23 Love H��rnquist ��strand <lha@it.su.se>
123
124 * kuser/kinit.c: add some "struct foo;" glue for pkinit
125 structures that isn't used
126
127 * lib/krb5/pkinit.c: clean up, make remove depenency on openssl's
128 api
129
130 * lib/krb5/krb5_locl.h: add some glue for pkinit add reference
131 counter to _krb5_get_init_creds_opt_private
132
133 * lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt
134 private component to avoid copy all the data in it
135
136 * lib/krb5/crypto.c (AES_string_to_key): fix memory leak
137
138 * lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak
139
140 * lib/krb5/heim_threads.h: include pthread.h in the pthread case
141
123
124 * kuser/kinit.c: add some "struct foo;" glue for pkinit
125 structures that isn't used
126
127 * lib/krb5/pkinit.c: clean up, make remove depenency on openssl's
128 api
129
130 * lib/krb5/krb5_locl.h: add some glue for pkinit add reference
131 counter to _krb5_get_init_creds_opt_private
132
133 * lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt
134 private component to avoid copy all the data in it
135
136 * lib/krb5/crypto.c (AES_string_to_key): fix memory leak
137
138 * lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak
139
140 * lib/krb5/heim_threads.h: include pthread.h in the pthread case
141
1422003-11-18 Love H�rnquist �strand <lha@it.su.se>
1422003-11-18 Love H��rnquist ��strand <lha@it.su.se>
143
144 * kpasswd/kpasswdd.c (main): parse kdc.conf
145 From: Jeffrey Hutzelman <jhutz@cmu.edu>
146
143
144 * kpasswd/kpasswdd.c (main): parse kdc.conf
145 From: Jeffrey Hutzelman <jhutz@cmu.edu>
146
1472003-11-15 Love H�rnquist �strand <lha@it.su.se>
1472003-11-15 Love H��rnquist ��strand <lha@it.su.se>
148
149 * lib/krb5/Makefile.am (TESTS): add test_crypto
150
151 * lib/krb5/test_crypto.c: time crypto operations
152
148
149 * lib/krb5/Makefile.am (TESTS): add test_crypto
150
151 * lib/krb5/test_crypto.c: time crypto operations
152
1532003-11-14 Love H�rnquist �strand <lha@it.su.se>
1532003-11-14 Love H��rnquist ��strand <lha@it.su.se>
154
155 * doc/init-creds: spelling, Bruno Rohee <bruno@rohee.com>
156
154
155 * doc/init-creds: spelling, Bruno Rohee <bruno@rohee.com>
156
1572003-11-09 Love H�rnquist �strand <lha@it.su.se>
1572003-11-09 Love H��rnquist ��strand <lha@it.su.se>
158
159 * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free
160 the ticket now, rewrite error handling to handle that
161
162 * kpasswd/kpasswdd.c (process): don't free ticket,
163 krb5_free_ticket does that now
164
165 * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket
166 does that now
167
168 * lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to
169 match mit behavior, pointed out by Derrick Brashear
170
171 * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket
172
158
159 * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free
160 the ticket now, rewrite error handling to handle that
161
162 * kpasswd/kpasswdd.c (process): don't free ticket,
163 krb5_free_ticket does that now
164
165 * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket
166 does that now
167
168 * lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to
169 match mit behavior, pointed out by Derrick Brashear
170
171 * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket
172
1732003-11-08 Love H�rnquist �strand <lha@it.su.se>
1732003-11-08 Love H��rnquist ��strand <lha@it.su.se>
174
175 * lib/krb5/padata.c: add krb5_padata_add
176
177 * lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible
178
179 * lib/krb5/Makefile.am: add pkinit.c
180
181 * kuser/kinit.c: add pkinit support

--- 8 unchanged lines hidden (view full) ---

190
191 * lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr
192 Holub, I removed the dependency on valicert asn1 parser, remove
193 smartcard and globus support (for now). Work to be done on this:
194 DH support, Globus support, Smartcard support, windows support (MS
195 implements -09 of the draft), verify that it conforms the new
196 draft
197
174
175 * lib/krb5/padata.c: add krb5_padata_add
176
177 * lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible
178
179 * lib/krb5/Makefile.am: add pkinit.c
180
181 * kuser/kinit.c: add pkinit support

--- 8 unchanged lines hidden (view full) ---

190
191 * lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr
192 Holub, I removed the dependency on valicert asn1 parser, remove
193 smartcard and globus support (for now). Work to be done on this:
194 DH support, Globus support, Smartcard support, windows support (MS
195 implements -09 of the draft), verify that it conforms the new
196 draft
197
1982003-11-07 Love H�rnquist �strand <lha@it.su.se>
1982003-11-07 Love H��rnquist ��strand <lha@it.su.se>
199
200 * lib/asn1/der_copy.c (copy_oid): copy all components
201
2022003-10-27 Johan Danielsson <joda@pdc.kth.se>
203
204 * lib/krb5/krb5.conf.5: document capaths section
205
2062003-10-22 Johan Danielsson <joda@pdc.kth.se>

--- 6 unchanged lines hidden (view full) ---

213 implemented)
214
215 * kdc/kdc_locl.h: change enforce_transited_policy to a tri-state
216 variable
217
218 * kdc/config.c: change enforce_transited_policy to a tri-state
219 variable
220
199
200 * lib/asn1/der_copy.c (copy_oid): copy all components
201
2022003-10-27 Johan Danielsson <joda@pdc.kth.se>
203
204 * lib/krb5/krb5.conf.5: document capaths section
205
2062003-10-22 Johan Danielsson <joda@pdc.kth.se>

--- 6 unchanged lines hidden (view full) ---

213 implemented)
214
215 * kdc/kdc_locl.h: change enforce_transited_policy to a tri-state
216 variable
217
218 * kdc/config.c: change enforce_transited_policy to a tri-state
219 variable
220
2212003-10-22 Love H�rnquist �strand <lha@it.su.se>
2212003-10-22 Love H��rnquist ��strand <lha@it.su.se>
222
223 * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out
224 encoding to make sure it have a defined value on failure
225
226 * lib/krb5/transited.c (krb5_domain_x500_encode):
227 if num_realms ==0, set encoding and return (avoids malloc(0)),
228 check return value for malloc
229
2302003-10-21 Johan Danielsson <joda@pdc.kth.se>
231
232 * kdc/kerberos5.c (fix_transited_encoding): always print
233 cross-realm information
234
222
223 * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out
224 encoding to make sure it have a defined value on failure
225
226 * lib/krb5/transited.c (krb5_domain_x500_encode):
227 if num_realms ==0, set encoding and return (avoids malloc(0)),
228 check return value for malloc
229
2302003-10-21 Johan Danielsson <joda@pdc.kth.se>
231
232 * kdc/kerberos5.c (fix_transited_encoding): always print
233 cross-realm information
234
2352003-10-21 Love H�rnquist �strand <lha@it.su.se>
2352003-10-21 Love H��rnquist ��strand <lha@it.su.se>
236
237 * doc/setup.texi: spelling, From: Tracy Di Marco White
238
239 * kdc/kerberos5.c (fix_transited_encoding): set transited type
240
2412003-10-21 Johan Danielsson <joda@pdc.kth.se>
242
243 * kdc/kdc.8: document enforce-transited-policy
244
245 * kdc/kerberos5.c: always check transited policy if flag set
246 either globally or on principal
247
248 * kdc/config.c: add flag to always check transited policy
249
250 * lib/hdb/hdb.asn1: add flag to enforce transited policy
251
236
237 * doc/setup.texi: spelling, From: Tracy Di Marco White
238
239 * kdc/kerberos5.c (fix_transited_encoding): set transited type
240
2412003-10-21 Johan Danielsson <joda@pdc.kth.se>
242
243 * kdc/kdc.8: document enforce-transited-policy
244
245 * kdc/kerberos5.c: always check transited policy if flag set
246 either globally or on principal
247
248 * kdc/config.c: add flag to always check transited policy
249
250 * lib/hdb/hdb.asn1: add flag to enforce transited policy
251
2522003-10-21 Love H�rnquist �strand <lha@it.su.se>
2522003-10-21 Love H��rnquist ��strand <lha@it.su.se>
253
254 * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms
255 to zero not num_realms
256
257 * kuser/kgetcred.1: add --no-transit-check
258
259 * kuser/kgetcred.c: add --no-transit-check
260

--- 15 unchanged lines hidden (view full) ---

276
2772003-10-16 Johan Danielsson <joda@pdc.kth.se>
278
279 * lib/krb5/fcache.c: Sleep forever waiting for lock. Previous
280 method doesn't work well with a large number of clients accessing
281 the cache at the same time, and there is no simple way to add a
282 timeout to the lock.
283
253
254 * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms
255 to zero not num_realms
256
257 * kuser/kgetcred.1: add --no-transit-check
258
259 * kuser/kgetcred.c: add --no-transit-check
260

--- 15 unchanged lines hidden (view full) ---

276
2772003-10-16 Johan Danielsson <joda@pdc.kth.se>
278
279 * lib/krb5/fcache.c: Sleep forever waiting for lock. Previous
280 method doesn't work well with a large number of clients accessing
281 the cache at the same time, and there is no simple way to add a
282 timeout to the lock.
283
2842003-10-13 Love H�rnquist �strand <lha@it.su.se>
2842003-10-13 Love H��rnquist ��strand <lha@it.su.se>
285
286 * lib/krb5/verify_krb5_conf.c: print the error value
287 krb5_init_context failed with
288
289 * lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if
290 there is binding before a section declaration. Bug found by
291 Arkadiusz Miskiewicz <arekm@pld-linux.org>
292

--- 4 unchanged lines hidden (view full) ---

297
298 * lib/krb5/fcache.c: implement locking
299
3002003-10-12 Johan Danielsson <joda@pdc.kth.se>
301
302 * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred
303 returns error other than KRB5_CC_END
304
285
286 * lib/krb5/verify_krb5_conf.c: print the error value
287 krb5_init_context failed with
288
289 * lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if
290 there is binding before a section declaration. Bug found by
291 Arkadiusz Miskiewicz <arekm@pld-linux.org>
292

--- 4 unchanged lines hidden (view full) ---

297
298 * lib/krb5/fcache.c: implement locking
299
3002003-10-12 Johan Danielsson <joda@pdc.kth.se>
301
302 * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred
303 returns error other than KRB5_CC_END
304
3052003-10-07 Love H�rnquist �strand <lha@it.su.se>
3052003-10-07 Love H��rnquist ��strand <lha@it.su.se>
306
307 * lib/krb5/init_creds_pw.c: add some help function that is common
308 between ENC_TS and SAM2, free the etype{,2}-infos on failure, move
309 the pa counter into krb5_get_init_creds_ctx
310
306
307 * lib/krb5/init_creds_pw.c: add some help function that is common
308 between ENC_TS and SAM2, free the etype{,2}-infos on failure, move
309 the pa counter into krb5_get_init_creds_ctx
310
3112003-10-06 Love H�rnquist �strand <lha@it.su.se>
3112003-10-06 Love H��rnquist ��strand <lha@it.su.se>
312
313 * kdc/kaserver.c (do_getticket): if times data is shorter then 8
314 byte, request is malformed.
315
316 * kdc/kaserver.c (do_authenticate): if request length is less then
317 8 byte, its a bad request and fail. Pointed out by Marco Foglia
318 <marco@foglia.org>
319
320 * lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that
321 warns for mit syntax is used and just ignore the mit syntax when
322 its used
323
324 * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi]
325
312
313 * kdc/kaserver.c (do_getticket): if times data is shorter then 8
314 byte, request is malformed.
315
316 * kdc/kaserver.c (do_authenticate): if request length is less then
317 8 byte, its a bad request and fail. Pointed out by Marco Foglia
318 <marco@foglia.org>
319
320 * lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that
321 warns for mit syntax is used and just ignore the mit syntax when
322 its used
323
324 * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi]
325
3262003-10-04 Love H�rnquist �strand <lha@it.su.se>
3262003-10-04 Love H��rnquist ��strand <lha@it.su.se>
327
328 * lib/asn1/lex.l: add BOOLEAN
329
330 * lib/asn1/parse.y: add BOOLEAN
331
327
328 * lib/asn1/lex.l: add BOOLEAN
329
330 * lib/asn1/parse.y: add BOOLEAN
331
3322003-10-03 Love H�rnquist �strand <lha@it.su.se>
3322003-10-03 Love H��rnquist ��strand <lha@it.su.se>
333
334 * kuser/kinit.c: When running kinit in "fork mode" do pagsh
335 independent of krb4, also always do krb4 setup of cc. Always try
336 to destroy the v4 cc.
337 - add boolean --{,no-}request-pac that will request pac or not
338
339 * kuser/klist.c (check_for_tgt): set client as part of the
340 pattern/match cred

--- 28 unchanged lines hidden (view full) ---

369 alway used
370
371 * lib/asn1/Makefile.am: add SAM types and PAC_REQUEST
372
373 * lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST
374
375 * lib/asn1: add boolean support
376
333
334 * kuser/kinit.c: When running kinit in "fork mode" do pagsh
335 independent of krb4, also always do krb4 setup of cc. Always try
336 to destroy the v4 cc.
337 - add boolean --{,no-}request-pac that will request pac or not
338
339 * kuser/klist.c (check_for_tgt): set client as part of the
340 pattern/match cred

--- 28 unchanged lines hidden (view full) ---

369 alway used
370
371 * lib/asn1/Makefile.am: add SAM types and PAC_REQUEST
372
373 * lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST
374
375 * lib/asn1: add boolean support
376
3772003-10-02 Love H�rnquist �strand <lha@it.su.se>
3772003-10-02 Love H��rnquist ��strand <lha@it.su.se>
378
379 * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on
380 failure
381
378
379 * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on
380 failure
381
3822003-09-30 Love H�rnquist �strand <lha@it.su.se>
3822003-09-30 Love H��rnquist ��strand <lha@it.su.se>
383
384 * appl/test/http_client.c (do_connect): use ai_protocol 0
385
386 * lib/krb5/init_creds_pw.c (init_cred_loop): handle
387 KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting
388 LARGE_MSG from send to kdc, and if this is the second time bail
389 out; try to free memory
390

--- 6 unchanged lines hidden (view full) ---

397 (krbhst_get_default_proto): new function, returns udp, or in case
398 large_msg was requested for the krb5_krbhst_data, use tcp.
399 (*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid
400 using udp, use krbhst_get_default_proto
401
402 * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and
403 krb5_send_to_kdc_flags)
404
383
384 * appl/test/http_client.c (do_connect): use ai_protocol 0
385
386 * lib/krb5/init_creds_pw.c (init_cred_loop): handle
387 KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting
388 LARGE_MSG from send to kdc, and if this is the second time bail
389 out; try to free memory
390

--- 6 unchanged lines hidden (view full) ---

397 (krbhst_get_default_proto): new function, returns udp, or in case
398 large_msg was requested for the krb5_krbhst_data, use tcp.
399 (*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid
400 using udp, use krbhst_get_default_proto
401
402 * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and
403 krb5_send_to_kdc_flags)
404
4052003-09-23 Love H�rnquist �strand <lha@it.su.se>
4052003-09-23 Love H��rnquist ��strand <lha@it.su.se>
406
407 * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth
408 context, use that
409
410 * appl/test/uu_client.c: print authorization data if there are any
411
412 * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String
413
406
407 * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth
408 context, use that
409
410 * appl/test/uu_client.c: print authorization data if there are any
411
412 * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String
413
4142003-09-21 Love H�rnquist �strand <lha@it.su.se>
4142003-09-21 Love H��rnquist ��strand <lha@it.su.se>
415
416 * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy
417 * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy
418
419 * lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen
420
421 * kuser/kinit.c: don't get v4 tickets by default
422
415
416 * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy
417 * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy
418
419 * lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen
420
421 * kuser/kinit.c: don't get v4 tickets by default
422
4232003-09-20 Love H�rnquist �strand <lha@it.su.se>
4232003-09-20 Love H��rnquist ��strand <lha@it.su.se>
424
425 * kpasswd/kpasswdd.c (process): remove a abort()
426
427 * doc/win2k.texi: add some text about netdom.exe and trusts
428
429 * TODO-1.0: gssapi rc4 done
430
431 * kpasswd/kpasswdd.c: add support for Set password protocol as
432 defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change
433 Password and Set Password Protocols
434
424
425 * kpasswd/kpasswdd.c (process): remove a abort()
426
427 * doc/win2k.texi: add some text about netdom.exe and trusts
428
429 * TODO-1.0: gssapi rc4 done
430
431 * kpasswd/kpasswdd.c: add support for Set password protocol as
432 defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change
433 Password and Set Password Protocols
434
4352003-09-19 Love H�rnquist �strand <lha@it.su.se>
4352003-09-19 Love H��rnquist ��strand <lha@it.su.se>
436
437 * lib/hdb/db3.c: improve readability of ->open ifdef, check if
438 version >= 4.1
439
440 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add
441
442 * lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key
443 in the auth_context, they way processes that doesn't use the
444 keytab can still pass in the key of the service (matches behavior
445 of MIT Kerberos).
446
436
437 * lib/hdb/db3.c: improve readability of ->open ifdef, check if
438 version >= 4.1
439
440 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add
441
442 * lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key
443 in the auth_context, they way processes that doesn't use the
444 keytab can still pass in the key of the service (matches behavior
445 of MIT Kerberos).
446
4472003-09-18 Love H�rnquist �strand <lha@it.su.se>
4472003-09-18 Love H��rnquist ��strand <lha@it.su.se>
448
449 * lib/krb5/init_creds_pw.c: collect all init_creds context into a
450 structure so it can easier be passed around, also, while here,
451 change nonce for every request
452
453 * lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before
454 the loop, add_padata() will handle that itself
455
456 * lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len
457 until in contains interesting data, use right iteration counter
458 when clearing the addresses
459
460 * lib/krb5/log.c (log_realloc): increase len after realloc returns
461 sucessfully
462
448
449 * lib/krb5/init_creds_pw.c: collect all init_creds context into a
450 structure so it can easier be passed around, also, while here,
451 change nonce for every request
452
453 * lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before
454 the loop, add_padata() will handle that itself
455
456 * lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len
457 until in contains interesting data, use right iteration counter
458 when clearing the addresses
459
460 * lib/krb5/log.c (log_realloc): increase len after realloc returns
461 sucessfully
462
4632003-09-12 Love H�rnquist �strand <lha@it.su.se>
4632003-09-12 Love H��rnquist ��strand <lha@it.su.se>
464
465 * lib/krb5/config_file.c: fix prototypes
466 From: Fredrik Ljungberg <flag@pobox.se>
467
464
465 * lib/krb5/config_file.c: fix prototypes
466 From: Fredrik Ljungberg <flag@pobox.se>
467
4682003-09-10 Love H�rnquist �strand <lha@it.su.se>
4682003-09-10 Love H��rnquist ��strand <lha@it.su.se>
469
470 * appl/test/http_client.c: close socket when we are done, don't
471 allow the server to restart gssapi negotiation
472
473 * lib/hdb/hdb_locl.h: include <limits.h> for ULONG_MAX noted by
474 Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss
475
476 * appl/test/gssapi_client.c (proto): use select_mech

--- 4 unchanged lines hidden (view full) ---

481
482 * appl/test/gss_common.c (select_mech): return the gss_OID from a
483 mech name
484
485 * appl/test/http_client.c: print both source and target
486
487 * appl/test/Makefile.am: build http_client
488
469
470 * appl/test/http_client.c: close socket when we are done, don't
471 allow the server to restart gssapi negotiation
472
473 * lib/hdb/hdb_locl.h: include <limits.h> for ULONG_MAX noted by
474 Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss
475
476 * appl/test/gssapi_client.c (proto): use select_mech

--- 4 unchanged lines hidden (view full) ---

481
482 * appl/test/gss_common.c (select_mech): return the gss_OID from a
483 mech name
484
485 * appl/test/http_client.c: print both source and target
486
487 * appl/test/Makefile.am: build http_client
488
4892003-09-09 Love H�rnquist �strand <lha@it.su.se>
4892003-09-09 Love H��rnquist ��strand <lha@it.su.se>
490
491 * lib/asn1/asn1_print.c: add support for printing Enumerated
492
493 * appl/test/gssapi_client.c: allow user to select mech; krb5,
494 spnego, and no-oid
495
496 * appl/test/test_locl.h: add mech
497
498 * appl/test/common.c: add --mech,-m argument
499
500 * appl/test/gssapi_server.c: print the mech that was used
501
502 * kdc/kerberos5.c (only_older_enctype_p): check request if the
503 client only supports old enctypes, before it used the database
504
490
491 * lib/asn1/asn1_print.c: add support for printing Enumerated
492
493 * appl/test/gssapi_client.c: allow user to select mech; krb5,
494 spnego, and no-oid
495
496 * appl/test/test_locl.h: add mech
497
498 * appl/test/common.c: add --mech,-m argument
499
500 * appl/test/gssapi_server.c: print the mech that was used
501
502 * kdc/kerberos5.c (only_older_enctype_p): check request if the
503 client only supports old enctypes, before it used the database
504
5052003-09-08 Love H�rnquist �strand <lha@it.su.se>
5052003-09-08 Love H��rnquist ��strand <lha@it.su.se>
506
507 * **/*.c: add context argument to krb5_get_init_creds_opt_alloc
508
509 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add
510 context argument
511
512 * lib/krb5/krb5_get_init_creds.3: spelling
513
506
507 * **/*.c: add context argument to krb5_get_init_creds_opt_alloc
508
509 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add
510 context argument
511
512 * lib/krb5/krb5_get_init_creds.3: spelling
513
5142003-09-04 Love H�rnquist �strand <lha@it.su.se>
5142003-09-04 Love H��rnquist ��strand <lha@it.su.se>
515
516 * lib/krb5/context.c (add_file): make len argument an pointer to
517 an integer
518
519 * lib/asn1/k5.asn1: add SAM types
520
521 * lib/krb5/init_creds_pw.c: break out the encrypt timestamp
522 preauth to its function break out the pa_data_to_key_plain to its
523 own function make more variables const
524
5252003-09-04 Johan Danielsson <joda@pdc.kth.se>
526
527 * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt}
528
515
516 * lib/krb5/context.c (add_file): make len argument an pointer to
517 an integer
518
519 * lib/asn1/k5.asn1: add SAM types
520
521 * lib/krb5/init_creds_pw.c: break out the encrypt timestamp
522 preauth to its function break out the pa_data_to_key_plain to its
523 own function make more variables const
524
5252003-09-04 Johan Danielsson <joda@pdc.kth.se>
526
527 * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt}
528
5292003-09-03 Love H�rnquist �strand <lha@it.su.se>
5292003-09-03 Love H��rnquist ��strand <lha@it.su.se>
530
531 * lib/krb5/krb5.h: Add key usage for encryption of the
532 SAM-NONCE-OR-SAD field.
533
534 * include/make_crypto.c: include <openssl/ui.h> in the openssl
535 case
536
537 * kdc/hprop.h: use new DES_ api

--- 54 unchanged lines hidden (view full) ---

592 a opt structure
593 (krb5_get_init_creds_opt_free): free a opt structure
594 (krb5_get_init_creds_opt_set_pa_password): set preauth info for
595 enc-timestamp
596
597 * lib/krb5/krb5_locl.h: add struct
598 _krb5_get_init_creds_opt_private
599
530
531 * lib/krb5/krb5.h: Add key usage for encryption of the
532 SAM-NONCE-OR-SAD field.
533
534 * include/make_crypto.c: include <openssl/ui.h> in the openssl
535 case
536
537 * kdc/hprop.h: use new DES_ api

--- 54 unchanged lines hidden (view full) ---

592 a opt structure
593 (krb5_get_init_creds_opt_free): free a opt structure
594 (krb5_get_init_creds_opt_set_pa_password): set preauth info for
595 enc-timestamp
596
597 * lib/krb5/krb5_locl.h: add struct
598 _krb5_get_init_creds_opt_private
599
6002003-09-02 Love H�rnquist �strand <lha@it.su.se>
6002003-09-02 Love H��rnquist ��strand <lha@it.su.se>
601
602 * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef,
603 add a pointer to a private part of krb5_get_init_creds_opt
604
605 * kdc/string2key.c (main): avoid const warning by using a extra
606 variable
607
601
602 * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef,
603 add a pointer to a private part of krb5_get_init_creds_opt
604
605 * kdc/string2key.c (main): avoid const warning by using a extra
606 variable
607
6082003-08-31 Love H�rnquist �strand <lha@it.su.se>
6082003-08-31 Love H��rnquist ��strand <lha@it.su.se>
609
610 * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type):
611 reindent
612
613 * lib/krb5/ticket.c (krb5_copy_ticket): free all data when
614 failing, copy data to right memory, the later pointed out by Luke
615 Howard.
616
609
610 * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type):
611 reindent
612
613 * lib/krb5/ticket.c (krb5_copy_ticket): free all data when
614 failing, copy data to right memory, the later pointed out by Luke
615 Howard.
616
6172003-08-30 Love H�rnquist �strand <lha@it.su.se>
6172003-08-30 Love H��rnquist ��strand <lha@it.su.se>
618
619 * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers
620
618
619 * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers
620
6212003-08-29 Love H�rnquist �strand <lha@it.su.se>
6212003-08-29 Love H��rnquist ��strand <lha@it.su.se>
622
623 * lib/hdb/db3.c: try to include more db headers
624
625 * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss
626 From: Luke Howard <lukeh@PADL.COM>
627
622
623 * lib/hdb/db3.c: try to include more db headers
624
625 * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss
626 From: Luke Howard <lukeh@PADL.COM>
627
6282003-08-28 Love H�rnquist �strand <lha@it.su.se>
6282003-08-28 Love H��rnquist ��strand <lha@it.su.se>
629
630 * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56
631
632 * appl/test/gssapi_client.c: send both INT and CONF wrapped token
633
634 * appl/test/gssapi_server.c: recv both INT and CONF wrapped token
635
636 * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE
637
629
630 * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56
631
632 * appl/test/gssapi_client.c: send both INT and CONF wrapped token
633
634 * appl/test/gssapi_server.c: recv both INT and CONF wrapped token
635
636 * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE
637
6382003-08-27 Love H�rnquist �strand <lha@it.su.se>
6382003-08-27 Love H��rnquist ��strand <lha@it.su.se>
639
640 * appl/test/uu_client.c (proto): fill in client in the match cred
641
639
640 * appl/test/uu_client.c (proto): fill in client in the match cred
641
6422003-08-26 Love H�rnquist �strand <lha@it.su.se>
6422003-08-26 Love H��rnquist ��strand <lha@it.su.se>
643
644 * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers
645
646 * lib/krb5/crypto.c (usage2arcfour): simplify, only include
647 special cases From: Luke Howard <lukeh@PADL.COM>
648
643
644 * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers
645
646 * lib/krb5/crypto.c (usage2arcfour): simplify, only include
647 special cases From: Luke Howard <lukeh@PADL.COM>
648
6492003-08-25 Love H�rnquist �strand <lha@it.su.se>
6492003-08-25 Love H��rnquist ��strand <lha@it.su.se>
650
651 * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard
652 <lukeh@PADL.COM>
653
654 * lib/krb5/crypto.c (arcfour_checksum_p): return true when is
655 arcfour, not when its not pointed out by Luke Howard
656
657 * doc/ack.texi: update Luke Howard email address
658
650
651 * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard
652 <lukeh@PADL.COM>
653
654 * lib/krb5/crypto.c (arcfour_checksum_p): return true when is
655 arcfour, not when its not pointed out by Luke Howard
656
657 * doc/ack.texi: update Luke Howard email address
658
6592003-08-24 Love H�rnquist �strand <lha@it.su.se>
6592003-08-24 Love H��rnquist ��strand <lha@it.su.se>
660
661 * lib/krb5/krb5_encrypt.3: document:
662 krb5_crypto_getconfoundersize, krb5_crypto_getblocksize
663 krb5_crypto_getenctype, krb5_crypto_getpadsize
664
665 * lib/krb5/crypto.c (krb5_crypto_getpadsize,
666 krb5_crypto_getconfoundersize): added From: Luke Howard
667 <lukeh@PADL.COM>
668
660
661 * lib/krb5/krb5_encrypt.3: document:
662 krb5_crypto_getconfoundersize, krb5_crypto_getblocksize
663 krb5_crypto_getenctype, krb5_crypto_getpadsize
664
665 * lib/krb5/crypto.c (krb5_crypto_getpadsize,
666 krb5_crypto_getconfoundersize): added From: Luke Howard
667 <lukeh@PADL.COM>
668
6692003-08-23 Love H�rnquist �strand <lha@it.su.se>
6692003-08-23 Love H��rnquist ��strand <lha@it.su.se>
670
671 * kdc/connect.c (handle_tcp): handle recvfrom returning 0
672 (connection closed)
673
674 * kdc/connect.c (grow_descr): increment the size after we succeed
675 to allocate the space
676
677 * lib/krb5/krb5_create_checksum.3: text about when

--- 6 unchanged lines hidden (view full) ---

684 krb5_crypto_get_checksum_type
685
686 * lib/krb5/crypto.c: add krb5_crypto_get_checksum_type
687 From: Luke Howard <lukeh@PADL.COM>
688
689 * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code
690 From: Luke Howard <lukeh@PADL.COM>
691
670
671 * kdc/connect.c (handle_tcp): handle recvfrom returning 0
672 (connection closed)
673
674 * kdc/connect.c (grow_descr): increment the size after we succeed
675 to allocate the space
676
677 * lib/krb5/krb5_create_checksum.3: text about when

--- 6 unchanged lines hidden (view full) ---

684 krb5_crypto_get_checksum_type
685
686 * lib/krb5/crypto.c: add krb5_crypto_get_checksum_type
687 From: Luke Howard <lukeh@PADL.COM>
688
689 * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code
690 From: Luke Howard <lukeh@PADL.COM>
691
6922003-08-21 Love H�rnquist �strand <lha@it.su.se>
6922003-08-21 Love H��rnquist ��strand <lha@it.su.se>
693
694 * include/make_crypto.c: include aes.h inc in the local libdes
695 case too
696
6972003-08-20 Johan Danielsson <joda@pdc.kth.se>
698
699 * lib/asn1/der_free.c: set free'd poiners to NULL
700
701 * lib/asn1/gen_free.c: set free'd poiners to NULL
702
693
694 * include/make_crypto.c: include aes.h inc in the local libdes
695 case too
696
6972003-08-20 Johan Danielsson <joda@pdc.kth.se>
698
699 * lib/asn1/der_free.c: set free'd poiners to NULL
700
701 * lib/asn1/gen_free.c: set free'd poiners to NULL
702
7032003-08-20 Love H�rnquist �strand <lha@it.su.se>
7032003-08-20 Love H��rnquist ��strand <lha@it.su.se>
704
705 * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support
706 on netbsd
707
708 * lib/krb5/crypto.c: Do the arcfour checksum mapping for
709 krb5_create_checksum and krb5_verify_checksum, From: Luke Howard
710 <lukeh@PADL.COM>
711
704
705 * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support
706 on netbsd
707
708 * lib/krb5/crypto.c: Do the arcfour checksum mapping for
709 krb5_create_checksum and krb5_verify_checksum, From: Luke Howard
710 <lukeh@PADL.COM>
711
7122003-08-18 Love H�rnquist �strand <lha@it.su.se>
7122003-08-18 Love H��rnquist ��strand <lha@it.su.se>
713
714 * lib/krb5/test_config.c: check krb5_prepend_config_files_default
715 and krb5_prepend_config_files
716
717 * lib/krb5/context.c: add krb5_prepend_config_files and
718 krb5_prepend_config_files_default
719
713
714 * lib/krb5/test_config.c: check krb5_prepend_config_files_default
715 and krb5_prepend_config_files
716
717 * lib/krb5/context.c: add krb5_prepend_config_files and
718 krb5_prepend_config_files_default
719
7202003-08-17 Love H�rnquist �strand <lha@it.su.se>
7202003-08-17 Love H��rnquist ��strand <lha@it.su.se>
721
722 * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t
723 as argument
724
725 * lib/krb5/parse-name-test.c: please lint (and me)
726
727 * kdc/config.c (configure): remove only set variable 'e'
728

--- 9 unchanged lines hidden (view full) ---

738
739 * lib/krb5/krb5_get_init_creds.3: begining of documentation of
740 krb5_get_init_creds
741
742 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with
743 with the mit implemtation, don't free `creds' argument when done,
744 its up the the caller to do that, also allow a NULL ccache.
745
721
722 * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t
723 as argument
724
725 * lib/krb5/parse-name-test.c: please lint (and me)
726
727 * kdc/config.c (configure): remove only set variable 'e'
728

--- 9 unchanged lines hidden (view full) ---

738
739 * lib/krb5/krb5_get_init_creds.3: begining of documentation of
740 krb5_get_init_creds
741
742 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with
743 with the mit implemtation, don't free `creds' argument when done,
744 its up the the caller to do that, also allow a NULL ccache.
745
7462003-08-16 Love H�rnquist �strand <lha@it.su.se>
7462003-08-16 Love H��rnquist ��strand <lha@it.su.se>
747
748 * lib/krb5/krb5.conf.5: document tgs_require_subkey
749
750 * lib/asn1/Makefile.am: remove trance of generate tests files, its
751 not really for consumption yet
752
753 * lib/hdb/Makefile.am: split generated source from non generated
754 source we make-proto.pl can generate prototypes for non

--- 6 unchanged lines hidden (view full) ---

761 defaults to off. The RFC1510 weakly defines the correct behavior,
762 so old DCE secd apparently required the subkey to be there, and MS
763 will use it when its there. But the request isn't encrypted in the
764 subkey, so you get to choose if you want to talk to a MS mdc or a
765 old DCE secd.
766
767 * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero
768
747
748 * lib/krb5/krb5.conf.5: document tgs_require_subkey
749
750 * lib/asn1/Makefile.am: remove trance of generate tests files, its
751 not really for consumption yet
752
753 * lib/hdb/Makefile.am: split generated source from non generated
754 source we make-proto.pl can generate prototypes for non

--- 6 unchanged lines hidden (view full) ---

761 defaults to off. The RFC1510 weakly defines the correct behavior,
762 so old DCE secd apparently required the subkey to be there, and MS
763 will use it when its there. But the request isn't encrypted in the
764 subkey, so you get to choose if you want to talk to a MS mdc or a
765 old DCE secd.
766
767 * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero
768
7692003-08-15 Love H�rnquist �strand <lha@it.su.se>
7692003-08-15 Love H��rnquist ��strand <lha@it.su.se>
770
771 * lib/krb5/principal.c (unparse_name): len can't be zero, so,
772 don't check for that
773
770
771 * lib/krb5/principal.c (unparse_name): len can't be zero, so,
772 don't check for that
773
7742003-08-13 Love H�rnquist �strand <lha@it.su.se>
7742003-08-13 Love H��rnquist ��strand <lha@it.su.se>
775
776 * lib/krb5/principal.c (unparse_name): make sure there are space
777 for a NUL, set *name to NULL when there is a failure (so caller
778 can't get hold of a freed pointer)
779
775
776 * lib/krb5/principal.c (unparse_name): make sure there are space
777 for a NUL, set *name to NULL when there is a failure (so caller
778 can't get hold of a freed pointer)
779
7802003-07-26 Love H�rnquist �strand <lha@it.su.se>
7802003-07-26 Love H��rnquist ��strand <lha@it.su.se>
781
782 * lib/krb5/kerberos.8: remove duplicate manual, from
783 cjep@netbsd.org
784
781
782 * lib/krb5/kerberos.8: remove duplicate manual, from
783 cjep@netbsd.org
784
7852003-07-25 Love H�rnquist �strand <lha@it.su.se>
7852003-07-25 Love H��rnquist ��strand <lha@it.su.se>
786
787 * lib/krb5/cache.c: indent
788
789 * lib/krb5/cache.c (krb5_cc_set_default_name): only read
790 KRB5CCNAME when not suid
791
786
787 * lib/krb5/cache.c: indent
788
789 * lib/krb5/cache.c (krb5_cc_set_default_name): only read
790 KRB5CCNAME when not suid
791
7922003-07-24 Love H�rnquist �strand <lha@it.su.se>
7922003-07-24 Love H��rnquist ��strand <lha@it.su.se>
793
794 * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes,
795 use a char array instead of des_cblock
796
793
794 * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes,
795 use a char array instead of des_cblock
796
7972003-07-23 Love H�rnquist �strand <lha@it.su.se>
7972003-07-23 Love H��rnquist ��strand <lha@it.su.se>
798
799 * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2
800
801 * lib/krb5/crypto.c (hmac): make it return an error when out of
802 memory, update callsites to either return error or use krb5_abortx
803 (krb5_hmac): expose hmac
804
798
799 * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2
800
801 * lib/krb5/crypto.c (hmac): make it return an error when out of
802 memory, update callsites to either return error or use krb5_abortx
803 (krb5_hmac): expose hmac
804
8052003-07-22 Love H�rnquist �strand <lha@it.su.se>
8052003-07-22 Love H��rnquist ��strand <lha@it.su.se>
806
807 * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype
808 of keyblock
809
810 * lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3
811
812 * lib/krb5/krb5_keyblock.3: some information about krb5_keyblock
813 and related functions

--- 26 unchanged lines hidden (view full) ---

840
841 * lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type
842 is a valid one
843
844 * lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented
845 error string when there is a context
846 (krb5_checksum_is_collision_proof): ditto
847
806
807 * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype
808 of keyblock
809
810 * lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3
811
812 * lib/krb5/krb5_keyblock.3: some information about krb5_keyblock
813 and related functions

--- 26 unchanged lines hidden (view full) ---

840
841 * lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type
842 is a valid one
843
844 * lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented
845 error string when there is a context
846 (krb5_checksum_is_collision_proof): ditto
847
8482003-07-21 Love H�rnquist �strand <lha@it.su.se>
8482003-07-21 Love H��rnquist ��strand <lha@it.su.se>
849
850 * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data
851 argument optional
852 (krb5_c_{encrypt,decrypt}): return "better" error codes for
853 invalid ivec length
854
855 * lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum
856 usage
857
858 * lib/krb5/crypto.c (krb5_crypto_getenctype): new function
859
860 * include/make_crypto.c: avoid redefining
861 OPENSSL_DES_LIBDES_COMPATIBILITY
862
863 * lib/krb5/krb5.h: add krb5_enc_data
864
849
850 * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data
851 argument optional
852 (krb5_c_{encrypt,decrypt}): return "better" error codes for
853 invalid ivec length
854
855 * lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum
856 usage
857
858 * lib/krb5/crypto.c (krb5_crypto_getenctype): new function
859
860 * include/make_crypto.c: avoid redefining
861 OPENSSL_DES_LIBDES_COMPATIBILITY
862
863 * lib/krb5/krb5.h: add krb5_enc_data
864
8652003-07-19 Love H�rnquist �strand <lha@it.su.se>
8652003-07-19 Love H��rnquist ��strand <lha@it.su.se>
866
867 * lib/krb5/krb5.3: add krb5_c_ functions
868
869 * lib/krb5/mit_glue.c: support passing in NULL as the
870 cipher_state/ivec
871
872 * lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and
873 krb5_c_decrypt
874
875 * lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue
876
877 * lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when
878 calculating the length of the encrypted data, use the keyed
879 checksum length if the enctype supports a keyed checksum. This
880 only matter for aes, for all other enctypes the key and unkeyed
881 checksum have the same length.
882
866
867 * lib/krb5/krb5.3: add krb5_c_ functions
868
869 * lib/krb5/mit_glue.c: support passing in NULL as the
870 cipher_state/ivec
871
872 * lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and
873 krb5_c_decrypt
874
875 * lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue
876
877 * lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when
878 calculating the length of the encrypted data, use the keyed
879 checksum length if the enctype supports a keyed checksum. This
880 only matter for aes, for all other enctypes the key and unkeyed
881 checksum have the same length.
882
8832003-07-18 Love H�rnquist �strand <lha@it.su.se>
8832003-07-18 Love H��rnquist ��strand <lha@it.su.se>
884
885 * lib/krb5/mit_glue.c: first version of krb5_c encryption glue
886
887 * doc/install.texi: update pointer to luke ldap documentation
888
889 * lib/hdb/hdb.c (hdb_create): check for dynamic backend after
890 static to avoid warning from dynamic backend when using a known
891 static backend
892
884
885 * lib/krb5/mit_glue.c: first version of krb5_c encryption glue
886
887 * doc/install.texi: update pointer to luke ldap documentation
888
889 * lib/hdb/hdb.c (hdb_create): check for dynamic backend after
890 static to avoid warning from dynamic backend when using a known
891 static backend
892
8932003-07-16 Love H�rnquist �strand <lha@it.su.se>
8932003-07-16 Love H��rnquist ��strand <lha@it.su.se>
894
895 * lib/krb5/cache.c: don't return value in void function
896
894
895 * lib/krb5/cache.c: don't return value in void function
896
8972003-07-15 Love H�rnquist �strand <lha@it.su.se>
8972003-07-15 Love H��rnquist ��strand <lha@it.su.se>
898
899 * lib/krb5/creds.c (krb5_compare_creds): if client is specified in
900 the mcreds, check that too
901
902 * lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}:
903 prefix libasn1 types with heim_
904
905 * lib/asn1: prefix typedefs and structs with heim_
906
898
899 * lib/krb5/creds.c (krb5_compare_creds): if client is specified in
900 the mcreds, check that too
901
902 * lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}:
903 prefix libasn1 types with heim_
904
905 * lib/asn1: prefix typedefs and structs with heim_
906
9072003-07-13 Love H�rnquist �strand <lha@it.su.se>
9072003-07-13 Love H��rnquist ��strand <lha@it.su.se>
908
909 * lib/hdb/hdb.c: avoid unnecessary setting of variable
910
908
909 * lib/hdb/hdb.c: avoid unnecessary setting of variable
910
9112003-07-07 Love H�rnquist �strand <lha@it.su.se>
9112003-07-07 Love H��rnquist ��strand <lha@it.su.se>
912
913 * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred
914
915 * appl/test/uu_client.c (proto): use krb5_cc_clear_mcred
916
917 * lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free
918 in the req_body addresses since they where pass in by caller
919 (find_cred): use krb5_cc_clear_mcred
920
921 * lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred
922
923 * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a
924 krb5_creds to use with krb5_cc_retrieve_cred
925
912
913 * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred
914
915 * appl/test/uu_client.c (proto): use krb5_cc_clear_mcred
916
917 * lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free
918 in the req_body addresses since they where pass in by caller
919 (find_cred): use krb5_cc_clear_mcred
920
921 * lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred
922
923 * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a
924 krb5_creds to use with krb5_cc_retrieve_cred
925
9262003-06-30 Love H�rnquist �strand <lha@it.su.se>
9262003-06-30 Love H��rnquist ��strand <lha@it.su.se>
927
928 * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix,
929 don't load anything
930
927
928 * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix,
929 don't load anything
930
9312003-06-29 Love H�rnquist �strand <lha@it.su.se>
9312003-06-29 Love H��rnquist ��strand <lha@it.su.se>
932
933 * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke
934 Howard <lukeh@PADL.COM>
935
936 * lib/hdb/hdb.h: add struct hdb_so_method and
937 HDB_INTERFACE_VERSION
938
932
933 * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke
934 Howard <lukeh@PADL.COM>
935
936 * lib/hdb/hdb.h: add struct hdb_so_method and
937 HDB_INTERFACE_VERSION
938
9392003-06-28 Love H�rnquist �strand <lha@it.su.se>
9392003-06-28 Love H��rnquist ��strand <lha@it.su.se>
940
941 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using
942 arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since
943 Microsoft calculates the keyed checksum with the subkey of the
944 authenticator.
945
946 * kuser/kinit.c: write out v4 credential caches with
947 _krb5_krb_tf_setup
948
949 * lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup
950
951 * lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4
952 credential to a new krb4 ticket file
953
9542003-06-27 Johan Danielsson <joda@pdc.kth.se>
955
956 * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since
957 it contains more than 9 words; from wiz
958
940
941 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using
942 arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since
943 Microsoft calculates the keyed checksum with the subkey of the
944 authenticator.
945
946 * kuser/kinit.c: write out v4 credential caches with
947 _krb5_krb_tf_setup
948
949 * lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup
950
951 * lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4
952 credential to a new krb4 ticket file
953
9542003-06-27 Johan Danielsson <joda@pdc.kth.se>
955
956 * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since
957 it contains more than 9 words; from wiz
958
9592003-06-25 Love H�rnquist �strand <lha@it.su.se>
9592003-06-25 Love H��rnquist ��strand <lha@it.su.se>
960
961 * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from
962 stefan sokoll <stefansokoll@yahoo.de>
963
960
961 * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from
962 stefan sokoll <stefansokoll@yahoo.de>
963
9642003-06-24 Love H�rnquist �strand <lha@it.su.se>
9642003-06-24 Love H��rnquist ��strand <lha@it.su.se>
965
966 * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text
967
968 * lib/krb5/time.c: improve comment for krb5_set_real_time
969
9702003-06-23 Johan Danielsson <joda@pdc.kth.se>
971
972 * kuser/kinit.1: document -A
973
974 * kuser/kinit.c: add -A as an alias for --no-addresses
975
965
966 * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text
967
968 * lib/krb5/time.c: improve comment for krb5_set_real_time
969
9702003-06-23 Johan Danielsson <joda@pdc.kth.se>
971
972 * kuser/kinit.1: document -A
973
974 * kuser/kinit.c: add -A as an alias for --no-addresses
975
9762003-06-22 Love H�rnquist �strand <lha@it.su.se>
9762003-06-22 Love H��rnquist ��strand <lha@it.su.se>
977
978 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a
979 krb5_timestamp to krb5_us_timeofday
980
981 * lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to
982 krb5_us_timeofday
983
984 * lib/krb5/time.c (krb5_set_real_time): fix comment and make it
985 work
986
987 * lib/krb5/time.c, lib/krb5/krb5_timeofday.3,
988 lib/krb5/Makefile.am lib/krb5/test_time.c:
989
990 implement krb5_set_real_time, used by SAMBA, requested by Luke
991 Howard <lukeh@PADL.COM>
992
993 * lib/asn1/k5.asn1: make the aes and sha1 checksum types match
994 draft-ietf-krb-wg-crypto-05
995
977
978 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a
979 krb5_timestamp to krb5_us_timeofday
980
981 * lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to
982 krb5_us_timeofday
983
984 * lib/krb5/time.c (krb5_set_real_time): fix comment and make it
985 work
986
987 * lib/krb5/time.c, lib/krb5/krb5_timeofday.3,
988 lib/krb5/Makefile.am lib/krb5/test_time.c:
989
990 implement krb5_set_real_time, used by SAMBA, requested by Luke
991 Howard <lukeh@PADL.COM>
992
993 * lib/asn1/k5.asn1: make the aes and sha1 checksum types match
994 draft-ietf-krb-wg-crypto-05
995
9962003-06-21 Love H�rnquist �strand <lha@it.su.se>
9962003-06-21 Love H��rnquist ��strand <lha@it.su.se>
997
998 * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data
999
1000 * lib/krb5/crypto.c: clean up AES code to use a structure instead
1001 of a key array
1002 (_krb5_AES_string_to_default_iterator): set to 4096 as described in
1003 aes draft -04
1004 (derive_key): always remove the key->schedule since its
1005 will contain the wrong (parent key) info
1006
997
998 * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data
999
1000 * lib/krb5/crypto.c: clean up AES code to use a structure instead
1001 of a key array
1002 (_krb5_AES_string_to_default_iterator): set to 4096 as described in
1003 aes draft -04
1004 (derive_key): always remove the key->schedule since its
1005 will contain the wrong (parent key) info
1006
10072003-06-18 Love H�rnquist �strand <lha@it.su.se>
10072003-06-18 Love H��rnquist ��strand <lha@it.su.se>
1008
1009 * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn
1010 * doc/setup.texi: add more kdc's to the example
1011
1008
1009 * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn
1010 * doc/setup.texi: add more kdc's to the example
1011
10122003-06-17 Love H�rnquist �strand <lha@it.su.se>
10122003-06-17 Love H��rnquist ��strand <lha@it.su.se>
1013
1014 * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto
1015 Patino <jalbertop@aranea.com.mx>, Luke Howard <lukeh@PADL.COM>
1016 Pointed out by Andrew Bartlett of Samba
1017
1018 * lib/krb5/heim_threads.h: remove freebsd comment, don't use debug
1019 pthread stubs by default
1020
1021 * lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3
1022
1023 * lib/krb5/krb5_free_addresses.3: removed file, functions are
1024 documented in krb5_address.3
1025
1026 * lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2
1027
1028 * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add
1029 krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256
1030
1013
1014 * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto
1015 Patino <jalbertop@aranea.com.mx>, Luke Howard <lukeh@PADL.COM>
1016 Pointed out by Andrew Bartlett of Samba
1017
1018 * lib/krb5/heim_threads.h: remove freebsd comment, don't use debug
1019 pthread stubs by default
1020
1021 * lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3
1022
1023 * lib/krb5/krb5_free_addresses.3: removed file, functions are
1024 documented in krb5_address.3
1025
1026 * lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2
1027
1028 * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add
1029 krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256
1030
10312003-06-06 Love H�rnquist �strand <lha@it.su.se>
10312003-06-06 Love H��rnquist ��strand <lha@it.su.se>
1032
1033 * doc/setup.texi: Point out that slave needs /var/heimdal
1034 directory and masterkey From: Mans Nilsson <mansaxel@sunet.se>,
1035 Fix spelling while here
1036
1032
1033 * doc/setup.texi: Point out that slave needs /var/heimdal
1034 directory and masterkey From: Mans Nilsson <mansaxel@sunet.se>,
1035 Fix spelling while here
1036
10372003-06-02 Love H�rnquist �strand <lha@it.su.se>
10372003-06-02 Love H��rnquist ��strand <lha@it.su.se>
1038
1039 * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3:
1040 add manpage for: krb5_get_in_cred, krb5_get_in_tkt,
1041 krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password,
1042 krb5_get_in_tkt_with_skey
1043
10442003-05-28 Assar Westerlund <assar@kth.se>
1045
1046 * lib/krb5/heim_threads.h: Fix unlock/destroy macros for the
1047 non-threaded cases to work. Fix typo.
1048
10492003-05-27 Johan Danielsson <joda@pdc.kth.se>
1050
1051 * lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of
1052 "unsigned" integers. If MSB is set, we need to pad with a zero
1053 byte.
1054
1038
1039 * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3:
1040 add manpage for: krb5_get_in_cred, krb5_get_in_tkt,
1041 krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password,
1042 krb5_get_in_tkt_with_skey
1043
10442003-05-28 Assar Westerlund <assar@kth.se>
1045
1046 * lib/krb5/heim_threads.h: Fix unlock/destroy macros for the
1047 non-threaded cases to work. Fix typo.
1048
10492003-05-27 Johan Danielsson <joda@pdc.kth.se>
1050
1051 * lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of
1052 "unsigned" integers. If MSB is set, we need to pad with a zero
1053 byte.
1054
10552003-05-27 Love H�rnquist �strand <lha@it.su.se>
10552003-05-27 Love H��rnquist ��strand <lha@it.su.se>
1056
1057 * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes
1058
1059 * lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap
1060 connection
1061 (LDAP_store): remove superfluous argument to asprintf
1062
1063 From Alberto Patino <jalbertop@aranea.com.mx>
1064
1056
1057 * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes
1058
1059 * lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap
1060 connection
1061 (LDAP_store): remove superfluous argument to asprintf
1062
1063 From Alberto Patino <jalbertop@aranea.com.mx>
1064
10652003-05-26 Love H�rnquist �strand <lha@it.su.se>
10652003-05-26 Love H��rnquist ��strand <lha@it.su.se>
1066
1067 * lib/krb5/*.[0-9]: pacify mdoclink
1068
1069 * lib/krb5/krb5_ccache.3: document diffrences between mit and
1070 heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$//
1071
1066
1067 * lib/krb5/*.[0-9]: pacify mdoclink
1068
1069 * lib/krb5/krb5_ccache.3: document diffrences between mit and
1070 heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$//
1071
10722003-05-21 Love H�rnquist �strand <lha@it.su.se>
10722003-05-21 Love H��rnquist ��strand <lha@it.su.se>
1073
1074 * appl/test/gssapi_server.c (proto): start to use
1075 gss_krb5_copy_ccache
1076
1077 * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t
1078 groveling for now
1079
1073
1074 * appl/test/gssapi_server.c (proto): start to use
1075 gss_krb5_copy_ccache
1076
1077 * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t
1078 groveling for now
1079
10802003-05-20 Love H�rnquist �strand <lha@it.su.se>
10802003-05-20 Love H��rnquist ��strand <lha@it.su.se>
1081
1082 * lib/asn1:
1083 - add parser/generate glue for UTF8String and NULL
1084 (DER primitive encode/decode functions missing)
1085 - handle parsing of DEFAULT and, ...
1086
1081
1082 * lib/asn1:
1083 - add parser/generate glue for UTF8String and NULL
1084 (DER primitive encode/decode functions missing)
1085 - handle parsing of DEFAULT and, ...
1086
10872003-05-16 Love H�rnquist �strand <lha@it.su.se>
10872003-05-16 Love H��rnquist ��strand <lha@it.su.se>
1088
1089 * lib/krb5/heim_threads.h: add missing argument to mutex_init
1090
1091 * lib/krb5/crypto.c: protect the random initiator with a mutex
1092
1093 * lib/krb5/mcache.c: protect the mcc_head with a mutex
1094
1095 * lib/krb5/krb5_locl.h: include heim_threads.h
1096
1097 * lib/krb5/heim_threads.h: wrapper macros for thread
1098 synchronization primitives
1099
1088
1089 * lib/krb5/heim_threads.h: add missing argument to mutex_init
1090
1091 * lib/krb5/crypto.c: protect the random initiator with a mutex
1092
1093 * lib/krb5/mcache.c: protect the mcc_head with a mutex
1094
1095 * lib/krb5/krb5_locl.h: include heim_threads.h
1096
1097 * lib/krb5/heim_threads.h: wrapper macros for thread
1098 synchronization primitives
1099
11002003-05-15 Love H�rnquist �strand <lha@it.su.se>
11002003-05-15 Love H��rnquist ��strand <lha@it.su.se>
1101
1102 * lib/krb5/krb5_principal.3
1103 lib/krb5/Makefile.am:
1104 Add all Kerberos principal function to one manpage, add a few more
1105 principal function to it, remove old now dup manpages
1106
1107 * lib/krb5/krb5_build_principal.3: remove file
1108 * lib/krb5/krb5_free_principal.3: remove file
1109 * lib/krb5/krb5_sname_to_principal.3: remove file
1110 * lib/krb5/krb5_principal_get_realm.3: remove file
1111
1101
1102 * lib/krb5/krb5_principal.3
1103 lib/krb5/Makefile.am:
1104 Add all Kerberos principal function to one manpage, add a few more
1105 principal function to it, remove old now dup manpages
1106
1107 * lib/krb5/krb5_build_principal.3: remove file
1108 * lib/krb5/krb5_free_principal.3: remove file
1109 * lib/krb5/krb5_sname_to_principal.3: remove file
1110 * lib/krb5/krb5_principal_get_realm.3: remove file
1111
11122003-05-14 Love H�rnquist �strand <lha@it.su.se>
11122003-05-14 Love H��rnquist ��strand <lha@it.su.se>
1113
1114 * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd
1115
1116 * lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from
1117 netbsd
1118
1119 * lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort
1120 sections, from netbsd

--- 22 unchanged lines hidden (view full) ---

1143 * kdc/hprop.8: fix mdoc problem, from netbsd
1144
1145 * lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner
1146 <wiz@netbsd.org>
1147
1148 * kuser/kinit.1: setup -> set up, new sentence, new line from
1149 Thomas Klausner <wiz@netbsd.org>
1150
1113
1114 * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd
1115
1116 * lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from
1117 netbsd
1118
1119 * lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort
1120 sections, from netbsd

--- 22 unchanged lines hidden (view full) ---

1143 * kdc/hprop.8: fix mdoc problem, from netbsd
1144
1145 * lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner
1146 <wiz@netbsd.org>
1147
1148 * kuser/kinit.1: setup -> set up, new sentence, new line from
1149 Thomas Klausner <wiz@netbsd.org>
1150
11512003-05-13 Love H�rnquist �strand <lha@it.su.se>
11512003-05-13 Love H��rnquist ��strand <lha@it.su.se>
1152
1153 * kpasswd/kpasswd.1: handle setting passwords for multiple
1154 principals at the same time
1155
1156 * kpasswd/kpasswd.c: handle setting passwords for multiple
1157 principals at the same time
1158
1159 * lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and
1160 rfc3244 share the response packet sure more constants now that
1161 they exists
1162
1152
1153 * kpasswd/kpasswd.1: handle setting passwords for multiple
1154 principals at the same time
1155
1156 * kpasswd/kpasswd.c: handle setting passwords for multiple
1157 principals at the same time
1158
1159 * lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and
1160 rfc3244 share the response packet sure more constants now that
1161 they exists
1162
11632003-05-12 Love H�rnquist �strand <lha@it.su.se>
11632003-05-12 Love H��rnquist ��strand <lha@it.su.se>
1164
1165 * lib/krb5/krb5.h: some define for rfc3244
1166
1167 * lib/krb5/krb5.3: add krb5_change_password and krb5_set_password
1168
1169 * kpasswd/kpasswd.1: document --admin-principal
1170
1171 * kpasswd/kpasswd.c: use krb5_set_password

--- 5 unchanged lines hidden (view full) ---

1177 shadow@dementia.org
1178
1179 * lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for
1180 RFC3244
1181
1182 * lib/asn1/k5.asn1: add ChangePasswdDataMS, for
1183 RFC3244
1184
1164
1165 * lib/krb5/krb5.h: some define for rfc3244
1166
1167 * lib/krb5/krb5.3: add krb5_change_password and krb5_set_password
1168
1169 * kpasswd/kpasswd.1: document --admin-principal
1170
1171 * kpasswd/kpasswd.c: use krb5_set_password

--- 5 unchanged lines hidden (view full) ---

1177 shadow@dementia.org
1178
1179 * lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for
1180 RFC3244
1181
1182 * lib/asn1/k5.asn1: add ChangePasswdDataMS, for
1183 RFC3244
1184
11852003-05-08 Love H�rnquist �strand <lha@it.su.se>
11852003-05-08 Love H��rnquist ��strand <lha@it.su.se>
1186
1187 * kuser/kdestroy.c: destroy tokens even if there isn't v4 support
1188
1189 * kuser/kinit.c: get token even if there isn't v4 support
1190
1191 * kuser/klist.c: print tokens even if there isn't v4 support
1192
11932003-05-06 Johan Danielsson <joda@pdc.kth.se>
1194
1195 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
1196 tests
1197
1198 * lib/asn1/check-gen.c: there is no \e escape sequence; replace
1199 everything with hex-codes, and cast to unsigned char* to make some
1200 compilers happy
1201
1186
1187 * kuser/kdestroy.c: destroy tokens even if there isn't v4 support
1188
1189 * kuser/kinit.c: get token even if there isn't v4 support
1190
1191 * kuser/klist.c: print tokens even if there isn't v4 support
1192
11932003-05-06 Johan Danielsson <joda@pdc.kth.se>
1194
1195 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
1196 tests
1197
1198 * lib/asn1/check-gen.c: there is no \e escape sequence; replace
1199 everything with hex-codes, and cast to unsigned char* to make some
1200 compilers happy
1201
12022003-05-06 Love H�rnquist �strand <lha@it.su.se>
12022003-05-06 Love H��rnquist ��strand <lha@it.su.se>
1203
1204 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
1205 argument to krb5_us_timeofday have correct type
1206
12072003-05-05 Assar Westerlund <assar@kth.se>
1208
1209 * include/make_crypto.c (main): include aes.h if ENABLE_AES
1210
1203
1204 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
1205 argument to krb5_us_timeofday have correct type
1206
12072003-05-05 Assar Westerlund <assar@kth.se>
1208
1209 * include/make_crypto.c (main): include aes.h if ENABLE_AES
1210
12112003-05-05 Love H�rnquist �strand <lha@it.su.se>
12112003-05-05 Love H��rnquist ��strand <lha@it.su.se>
1212
1213 * make-release: when fixing a valid cvs tag from release name
1214 replace all number. to number- for all non-overlapping matches
1215
1212
1213 * make-release: when fixing a valid cvs tag from release name
1214 replace all number. to number- for all non-overlapping matches
1215
12162003-05-04 Love H�rnquist �strand <lha@it.su.se>
12162003-05-04 Love H��rnquist ��strand <lha@it.su.se>
1217
1218 * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and
1219 asn1_ETYPE_INFO2_ENTRY.x
1220 (libasn1_la_LDFLAGS): set version to 6:1:1
1221
1222 * doc/Makefile.am: add apps.texi
1223
1224 * doc/setup.texi: add move forward link to applications
1225
1226 * doc/heimdal.texi: add applications
1227
1228 * doc/misc.texi: move afs stuff to applications add link to
1229 applications
1230
1231 * doc/apps.texi: text about applications using kerberos
1232 move afs text here
1233
1217
1218 * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and
1219 asn1_ETYPE_INFO2_ENTRY.x
1220 (libasn1_la_LDFLAGS): set version to 6:1:1
1221
1222 * doc/Makefile.am: add apps.texi
1223
1224 * doc/setup.texi: add move forward link to applications
1225
1226 * doc/heimdal.texi: add applications
1227
1228 * doc/misc.texi: move afs stuff to applications add link to
1229 applications
1230
1231 * doc/apps.texi: text about applications using kerberos
1232 move afs text here
1233
12342003-05-03 Love H�rnquist �strand <lha@it.su.se>
12342003-05-03 Love H��rnquist ��strand <lha@it.su.se>
1235
1236 * doc/setup.texi: add cross realm text
1237
1235
1236 * doc/setup.texi: add cross realm text
1237
12382003-04-29 Love H�rnquist �strand <lha@it.su.se>
12382003-04-29 Love H��rnquist ��strand <lha@it.su.se>
1239
1240 * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and
1241 krb5_string_to_enctype
1242
1239
1240 * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and
1241 krb5_string_to_enctype
1242
12432003-04-28 Love H�rnquist �strand <lha@it.su.se>
12432003-04-28 Love H��rnquist ��strand <lha@it.su.se>
1244
1245 * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd
1246
1244
1245 * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd
1246
12472003-04-26 Love H�rnquist �strand <lha@it.su.se>
12472003-04-26 Love H��rnquist ��strand <lha@it.su.se>
1248
1249 * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2
1250 * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2
1251
12522003-04-25 Johan Danielsson <joda@pdc.kth.se>
1253
1254 * lib/krb5/build_auth.c (krb5_build_authenticator): if the local
1255 sequence number is non-zero, don't generate a new one

--- 6 unchanged lines hidden (view full) ---

1262
1263 * lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c
1264 lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and
1265 RET_TIME
1266
1267 * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching
1268 asn1)
1269
1248
1249 * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2
1250 * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2
1251
12522003-04-25 Johan Danielsson <joda@pdc.kth.se>
1253
1254 * lib/krb5/build_auth.c (krb5_build_authenticator): if the local
1255 sequence number is non-zero, don't generate a new one

--- 6 unchanged lines hidden (view full) ---

1262
1263 * lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c
1264 lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and
1265 RET_TIME
1266
1267 * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching
1268 asn1)
1269
12702003-04-24 Love H�rnquist �strand <lha@it.su.se>
12702003-04-24 Love H��rnquist ��strand <lha@it.su.se>
1271
1272 * doc/programming.texi: s/managment/management/, from jmc
1273 <jmc@prioris.mini.pw.edu.pl>
1274
1271
1272 * doc/programming.texi: s/managment/management/, from jmc
1273 <jmc@prioris.mini.pw.edu.pl>
1274
12752003-04-23 Love H�rnquist �strand <lha@it.su.se>
12752003-04-23 Love H��rnquist ��strand <lha@it.su.se>
1276
1277 * lib/krb5/context.c (default_etypes): also advertise that we
1278 handle aes encryption types
1279
1280 * lib/krb5/Makefile.am: add krb5_c_ checksum related functions
1281
1282 * lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum
1283 related functions
1284
1285 * lib/krb5/mit_glue.c: add compat mit krb5_c checksum related
1286 functions
1287
1288 * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY
1289
1276
1277 * lib/krb5/context.c (default_etypes): also advertise that we
1278 handle aes encryption types
1279
1280 * lib/krb5/Makefile.am: add krb5_c_ checksum related functions
1281
1282 * lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum
1283 related functions
1284
1285 * lib/krb5/mit_glue.c: add compat mit krb5_c checksum related
1286 functions
1287
1288 * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY
1289
12902003-04-22 Love H�rnquist �strand <lha@it.su.se>
12902003-04-22 Love H��rnquist ��strand <lha@it.su.se>
1291
1292 * lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd
1293
1291
1292 * lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd
1293
12942003-04-17 Love H�rnquist �strand <lha@it.su.se>
12942003-04-17 Love H��rnquist ��strand <lha@it.su.se>
1295
1296 * lib/asn1/der_copy.c (copy_general_string): use strdup
1297 * lib/asn1/der_put.c: remove sprintf
1298 * lib/asn1/gen.c: remove strcpy/sprintf
1299
1300 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
1301 that other (me) have such hosts in the local domain and the tests
1302 fails, to take hokkigai.pdc.kth.se instead
1303
1304 * lib/krb5/test_alname.c: add --version and --help
1305
1295
1296 * lib/asn1/der_copy.c (copy_general_string): use strdup
1297 * lib/asn1/der_put.c: remove sprintf
1298 * lib/asn1/gen.c: remove strcpy/sprintf
1299
1300 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
1301 that other (me) have such hosts in the local domain and the tests
1302 fails, to take hokkigai.pdc.kth.se instead
1303
1304 * lib/krb5/test_alname.c: add --version and --help
1305
13062003-04-16 Love H�rnquist �strand <lha@it.su.se>
13062003-04-16 Love H��rnquist ��strand <lha@it.su.se>
1307
1308 * lib/krb5/krb5_warn.3: add krb5_get_err_text
1309
1310 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
1311 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
1312 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
1313 strlcpy, from openbsd
1314 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
1315 * appl/kf/kfd.c: use strlcpy, from openbsd
1316
13172003-04-16 Johan Danielsson <joda@pdc.kth.se>
1318
1319 * configure.in: fix for large file support in AIX, _LARGE_FILES
1320 needs to be defined on the command line, since lex likes to
1321 include stdio.h before we get to config.h
1322
1307
1308 * lib/krb5/krb5_warn.3: add krb5_get_err_text
1309
1310 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
1311 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
1312 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
1313 strlcpy, from openbsd
1314 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
1315 * appl/kf/kfd.c: use strlcpy, from openbsd
1316
13172003-04-16 Johan Danielsson <joda@pdc.kth.se>
1318
1319 * configure.in: fix for large file support in AIX, _LARGE_FILES
1320 needs to be defined on the command line, since lex likes to
1321 include stdio.h before we get to config.h
1322
13232003-04-16 Love H�rnquist �strand <lha@it.su.se>
13232003-04-16 Love H��rnquist ��strand <lha@it.su.se>
1324
1325 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
1326 from Thomas Klausner <wiz@netbsd.org>
1327
1328 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
1329 <wiz@netbsd.org>
1330
1324
1325 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
1326 from Thomas Klausner <wiz@netbsd.org>
1327
1328 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
1329 <wiz@netbsd.org>
1330
13312003-04-15 Love H�rnquist �strand <lha@it.su.se>
13312003-04-15 Love H��rnquist ��strand <lha@it.su.se>
1332
1333 * kdc/kerberos5.c: fix some more memory leaks
1334
1332
1333 * kdc/kerberos5.c: fix some more memory leaks
1334
13352003-04-11 Love H�rnquist �strand <lha@it.su.se>
13352003-04-11 Love H��rnquist ��strand <lha@it.su.se>
1336
1337 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
1338
1336
1337 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
1338
13392003-04-08 Love H�rnquist �strand <lha@it.su.se>
13392003-04-08 Love H��rnquist ��strand <lha@it.su.se>
1340
1341 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
1342
1340
1341 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
1342
13432003-04-06 Love H�rnquist �strand <lha@it.su.se>
13432003-04-06 Love H��rnquist ��strand <lha@it.su.se>
1344
1345 * lib/krb5/krb5.3: s/kerberos/Kerberos/
1346 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
1347 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
1348 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
1349 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
1350 * kuser/kinit.1: s/kerberos/Kerberos/
1351 * kdc/kdc.8: s/kerberos/Kerberos/
1352
1344
1345 * lib/krb5/krb5.3: s/kerberos/Kerberos/
1346 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
1347 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
1348 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
1349 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
1350 * kuser/kinit.1: s/kerberos/Kerberos/
1351 * kdc/kdc.8: s/kerberos/Kerberos/
1352
13532003-04-01 Love H�rnquist �strand <lha@it.su.se>
13532003-04-01 Love H��rnquist ��strand <lha@it.su.se>
1354
1355 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
1356
1357 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
1358 converting too root, make sure user is ok according to
1359 krb5_kuserok before allowing it.
1360
1361 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname

--- 5 unchanged lines hidden (view full) ---

1367 1999. Problems occur with crypt() that behaves like AT&T crypt
1368 (openssl does this). Pointed out by Marcus Watts.
1369
1370 * admin/change.c (kt_change): collect all principals we are going
1371 to change, and pick the highest kvno and use that to guess what
1372 kvno the resulting kvno is going to be. Now two ktutil change in a
1373 row works. XXX fix the protocol to pass the kvno back.
1374
1354
1355 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
1356
1357 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
1358 converting too root, make sure user is ok according to
1359 krb5_kuserok before allowing it.
1360
1361 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname

--- 5 unchanged lines hidden (view full) ---

1367 1999. Problems occur with crypt() that behaves like AT&T crypt
1368 (openssl does this). Pointed out by Marcus Watts.
1369
1370 * admin/change.c (kt_change): collect all principals we are going
1371 to change, and pick the highest kvno and use that to guess what
1372 kvno the resulting kvno is going to be. Now two ktutil change in a
1373 row works. XXX fix the protocol to pass the kvno back.
1374
13752003-03-31 Love H�rnquist �strand <lha@it.su.se>
13752003-03-31 Love H��rnquist ��strand <lha@it.su.se>
1376
1377 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
1378
1376
1377 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
1378
13792003-03-30 Love H�rnquist �strand <lha@it.su.se>
13792003-03-30 Love H��rnquist ��strand <lha@it.su.se>
1380
1381 * doc/setup.texi: add description on how to turn on v4, 524 and
1382 kaserver support
1383
1380
1381 * doc/setup.texi: add description on how to turn on v4, 524 and
1382 kaserver support
1383
13842003-03-29 Love H�rnquist �strand <lha@it.su.se>
13842003-03-29 Love H��rnquist ��strand <lha@it.su.se>
1385
1386 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
1387 and afs-use-524
1388
1385
1386 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
1387 and afs-use-524
1388
13892003-03-28 Love H�rnquist �strand <lha@it.su.se>
13892003-03-28 Love H��rnquist ��strand <lha@it.su.se>
1390
1391 * kdc/kerberos5.c (as_rep): when the second enctype_to_string
1392 failes, remember to free memory from the first enctype_to_string
1393
1394 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
1395 from Harald Joerg <harald.joerg@fujitsu-siemens.com>
1396 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
1397
1398 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
1399 length when key is longer then expected length, its probably
1400 longer since the encrypted data was padded, reported by Aidan
1401 Cully <aidan@kublai.com>
1402
1403 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
1404 encyption type, inspired by Aidan Cully <aidan@kublai.com>
1405
1390
1391 * kdc/kerberos5.c (as_rep): when the second enctype_to_string
1392 failes, remember to free memory from the first enctype_to_string
1393
1394 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
1395 from Harald Joerg <harald.joerg@fujitsu-siemens.com>
1396 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
1397
1398 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
1399 length when key is longer then expected length, its probably
1400 longer since the encrypted data was padded, reported by Aidan
1401 Cully <aidan@kublai.com>
1402
1403 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
1404 encyption type, inspired by Aidan Cully <aidan@kublai.com>
1405
14062003-03-27 Love H�rnquist �strand <lha@it.su.se>
14062003-03-27 Love H��rnquist ��strand <lha@it.su.se>
1407
1408 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
1409 (wildcard kvno) after principal when the keytab entry isn't found,
1410 reported by Chris Chiappa <chris@chiappa.net>
1411
1407
1408 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
1409 (wildcard kvno) after principal when the keytab entry isn't found,
1410 reported by Chris Chiappa <chris@chiappa.net>
1411
14122003-03-26 Love H�rnquist �strand <lha@it.su.se>
14122003-03-26 Love H��rnquist ��strand <lha@it.su.se>
1413
1414 * doc/misc.texi: update 2b example to match reality (from
1415 mattiasa@e.kth.se)
1416
1417 * doc/misc.texi: spelling and add `Configuring AFS clients'
1418 subsection
1419
1413
1414 * doc/misc.texi: update 2b example to match reality (from
1415 mattiasa@e.kth.se)
1416
1417 * doc/misc.texi: spelling and add `Configuring AFS clients'
1418 subsection
1419
14202003-03-25 Love H�rnquist �strand <lha@it.su.se>
14202003-03-25 Love H��rnquist ��strand <lha@it.su.se>
1421
1422 * lib/krb5/krb5.3: add krb5_free_data_contents.3
1423
1424 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
1425 API
1426
1427 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
1428 with MIT API

--- 4 unchanged lines hidden (view full) ---

14332003-03-25 Johan Danielsson <joda@pdc.kth.se>
1434
1435 * lib/krb5/addr_families.c (krb5_print_address): make sure
1436 print_addr is defined for the given address type; make addrports
1437 printable
1438
1439 * kdc/string2key.c: print the used enctype for kerberos 5 keys
1440
1421
1422 * lib/krb5/krb5.3: add krb5_free_data_contents.3
1423
1424 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
1425 API
1426
1427 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
1428 with MIT API

--- 4 unchanged lines hidden (view full) ---

14332003-03-25 Johan Danielsson <joda@pdc.kth.se>
1434
1435 * lib/krb5/addr_families.c (krb5_print_address): make sure
1436 print_addr is defined for the given address type; make addrports
1437 printable
1438
1439 * kdc/string2key.c: print the used enctype for kerberos 5 keys
1440
14412003-03-25 Love H�rnquist �strand <lha@it.su.se>
14412003-03-25 Love H��rnquist ��strand <lha@it.su.se>
1442
1443 * lib/krb5/aes-test.c: add another arcfour test
1444
1442
1443 * lib/krb5/aes-test.c: add another arcfour test
1444
14452003-03-22 Love H�rnquist �strand <lha@it.su.se>
14452003-03-22 Love H��rnquist ��strand <lha@it.su.se>
1446
1447 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
1448
1446
1447 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
1448
14492003-03-20 Love H�rnquist �strand <lha@it.su.se>
14492003-03-20 Love H��rnquist ��strand <lha@it.su.se>
1450
1451 * lib/krb5/krb5_ccache.3: update .Dd
1452
1453 * lib/krb5/krb5.3: sort in krb5_data functions
1454
1455 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
1456
1457 * lib/krb5/krb5_data.3: document krb5_data
1458
1459 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
1460 prompter is NULL, don't try to ask for a password to
1461 change. reported by Iain Moffat @ ufl.edu via Howard Chu
1462 <hyc@highlandsun.com>
1463
1450
1451 * lib/krb5/krb5_ccache.3: update .Dd
1452
1453 * lib/krb5/krb5.3: sort in krb5_data functions
1454
1455 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
1456
1457 * lib/krb5/krb5_data.3: document krb5_data
1458
1459 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
1460 prompter is NULL, don't try to ask for a password to
1461 change. reported by Iain Moffat @ ufl.edu via Howard Chu
1462 <hyc@highlandsun.com>
1463
14642003-03-19 Love H�rnquist �strand <lha@it.su.se>
14642003-03-19 Love H��rnquist ��strand <lha@it.su.se>
1465
1466 * lib/krb5/krb5_keytab.3: spelling, from
1467 <jmc@prioris.mini.pw.edu.pl>
1468
1469 * lib/krb5/krb5.conf.5: . means new line
1470
1471 * lib/krb5/krb5.conf.5: spelling, from
1472 <jmc@prioris.mini.pw.edu.pl>
1473
1474 * lib/krb5/krb5_auth_context.3: spelling, from
1475 <jmc@prioris.mini.pw.edu.pl>
1476
1465
1466 * lib/krb5/krb5_keytab.3: spelling, from
1467 <jmc@prioris.mini.pw.edu.pl>
1468
1469 * lib/krb5/krb5.conf.5: . means new line
1470
1471 * lib/krb5/krb5.conf.5: spelling, from
1472 <jmc@prioris.mini.pw.edu.pl>
1473
1474 * lib/krb5/krb5_auth_context.3: spelling, from
1475 <jmc@prioris.mini.pw.edu.pl>
1476
14772003-03-18 Love H�rnquist �strand <lha@it.su.se>
14772003-03-18 Love H��rnquist ��strand <lha@it.su.se>
1478
1479 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
1480
1481 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
1482
1483 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
1484
1485 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out

--- 7 unchanged lines hidden (view full) ---

1493 * kdc/kdc.8: document --kerberos4-cross-realm
1494 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
1495 * kdc/kdc_locl.h (enable_v4_cross_realm): add
1496 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
1497 flag before giving out v4 tickets for foreign v5 principals
1498 * kdc/config.c: add --enable-kerberos4-cross-realm option (default
1499 to off)
1500
1478
1479 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
1480
1481 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
1482
1483 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
1484
1485 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out

--- 7 unchanged lines hidden (view full) ---

1493 * kdc/kdc.8: document --kerberos4-cross-realm
1494 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
1495 * kdc/kdc_locl.h (enable_v4_cross_realm): add
1496 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
1497 flag before giving out v4 tickets for foreign v5 principals
1498 * kdc/config.c: add --enable-kerberos4-cross-realm option (default
1499 to off)
1500
15012003-03-17 Love H�rnquist �strand <lha@it.su.se>
15012003-03-17 Love H��rnquist ��strand <lha@it.su.se>
1502
1503 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
1504
1505 * lib/krb5/krb5_aname_to_localname.3: manpage for
1506 krb5_aname_to_localname
1507
1508 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
1509
1502
1503 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
1504
1505 * lib/krb5/krb5_aname_to_localname.3: manpage for
1506 krb5_aname_to_localname
1507
1508 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
1509
15102003-03-16 Love H�rnquist �strand <lha@it.su.se>
15102003-03-16 Love H��rnquist ��strand <lha@it.su.se>
1511
1512 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
1513
1514 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
1515
1516 * lib/krb5/krb5_set_default_realm.3: Manpage for
1517 krb5_free_host_realm, krb5_get_default_realm,
1518 krb5_get_default_realms, krb5_get_host_realm, and

--- 9 unchanged lines hidden (view full) ---

1528 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
1529
1530 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
1531 types, add krb5_fcc_ops and krb5_mcc_ops
1532
1533 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
1534 a id
1535
1511
1512 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
1513
1514 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
1515
1516 * lib/krb5/krb5_set_default_realm.3: Manpage for
1517 krb5_free_host_realm, krb5_get_default_realm,
1518 krb5_get_default_realms, krb5_get_host_realm, and

--- 9 unchanged lines hidden (view full) ---

1528 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
1529
1530 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
1531 types, add krb5_fcc_ops and krb5_mcc_ops
1532
1533 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
1534 a id
1535
15362003-03-15 Love H�rnquist �strand <lha@it.su.se>
15362003-03-15 Love H��rnquist ��strand <lha@it.su.se>
1537
1538 * doc/intro.texi: add reference to source code, binaries and the
1539 manual
1540
1541 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
1542
1537
1538 * doc/intro.texi: add reference to source code, binaries and the
1539 manual
1540
1541 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
1542
15432003-03-14 Love H�rnquist �strand <lha@it.su.se>
15432003-03-14 Love H��rnquist ��strand <lha@it.su.se>
1544
1545 * kdc/kdc.8: better/difrent english
1546
1547 * kdc/kdc.8: . -> .\n, copyright/license
1548
1549 * kdc/kdc.8: changed configuration file -> restart kdc
1550
1551 * kdc/kerberos4.c: add krb4 into the most error messages written
1552 to the logfile
1553
1554 * lib/krb5/krb5_ccache.3: add missing name of argument
1555 (krb5_context) to most functions
1556
1544
1545 * kdc/kdc.8: better/difrent english
1546
1547 * kdc/kdc.8: . -> .\n, copyright/license
1548
1549 * kdc/kdc.8: changed configuration file -> restart kdc
1550
1551 * kdc/kerberos4.c: add krb4 into the most error messages written
1552 to the logfile
1553
1554 * lib/krb5/krb5_ccache.3: add missing name of argument
1555 (krb5_context) to most functions
1556
15572003-03-13 Love H�rnquist �strand <lha@it.su.se>
15572003-03-13 Love H��rnquist ��strand <lha@it.su.se>
1558
1559 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
1560 function and return FALSE when there isn't a local account for
1561 `luser'.
1562
1563 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
1564 describing the function
1565
1558
1559 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
1560 function and return FALSE when there isn't a local account for
1561 `luser'.
1562
1563 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
1564 describing the function
1565
15662003-03-12 Love H�rnquist �strand <lha@it.su.se>
15662003-03-12 Love H��rnquist ��strand <lha@it.su.se>
1567
1568 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
1569 returned memory, don't return ENOMEM
1570
1567
1568 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
1569 returned memory, don't return ENOMEM
1570
15712003-03-11 Love H�rnquist �strand <lha@it.su.se>
15712003-03-11 Love H��rnquist ��strand <lha@it.su.se>
1572
1573 * lib/krb5/krb5.3: add krb5_address stuff and sort
1574
1575 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
1576
1577 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
1578
1579 * lib/krb5/krb5_address.3: document types krb5_address and
1580 krb5_addresses and their helper functions
1581
1572
1573 * lib/krb5/krb5.3: add krb5_address stuff and sort
1574
1575 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
1576
1577 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
1578
1579 * lib/krb5/krb5_address.3: document types krb5_address and
1580 krb5_addresses and their helper functions
1581
15822003-03-10 Love H�rnquist �strand <lha@it.su.se>
15822003-03-10 Love H��rnquist ��strand <lha@it.su.se>
1583
1584 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
1585
1586 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
1587
1588 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
1589
1590 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se

--- 26 unchanged lines hidden (view full) ---

1617 default_cc_name to NULL
1618 (krb5_free_context): free default_cc_name if set
1619
1620 * lib/krb5/cache.c (krb5_cc_set_default_name): new function
1621 (krb5_cc_default_name): use krb5_cc_set_default_name
1622
1623 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
1624
1583
1584 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
1585
1586 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
1587
1588 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
1589
1590 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se

--- 26 unchanged lines hidden (view full) ---

1617 default_cc_name to NULL
1618 (krb5_free_context): free default_cc_name if set
1619
1620 * lib/krb5/cache.c (krb5_cc_set_default_name): new function
1621 (krb5_cc_default_name): use krb5_cc_set_default_name
1622
1623 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
1624
16252003-02-25 Love H�rnquist �strand <lha@it.su.se>
16252003-02-25 Love H��rnquist ��strand <lha@it.su.se>
1626
1627 * appl/kf/kf.1: s/securly/securely/ from NetBSD
1628
1626
1627 * appl/kf/kf.1: s/securly/securely/ from NetBSD
1628
16292003-02-18 Love H�rnquist �strand <lha@it.su.se>
16292003-02-18 Love H��rnquist ��strand <lha@it.su.se>
1630
1631 * kdc/connect.c: s/intialize/initialize, from
1632 <jmc@prioris.mini.pw.edu.pl>
1633
1630
1631 * kdc/connect.c: s/intialize/initialize, from
1632 <jmc@prioris.mini.pw.edu.pl>
1633
16342003-02-17 Love H�rnquist �strand <lha@it.su.se>
16342003-02-17 Love H��rnquist ��strand <lha@it.su.se>
1635
1636 * configure.in: add AM_MAINTAINER_MODE
1637
1635
1636 * configure.in: add AM_MAINTAINER_MODE
1637
16382003-02-16 Love H�rnquist �strand <lha@it.su.se>
16382003-02-16 Love H��rnquist ��strand <lha@it.su.se>
1639
1640 * **/*.[0-9]: add copyright/licenses on all manpages
1641
16422003-14-16 Jacques Vidrine <nectar@kth.se>
1643
1644 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
1645 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
1646 type specified by the KDC.
1647
1639
1640 * **/*.[0-9]: add copyright/licenses on all manpages
1641
16422003-14-16 Jacques Vidrine <nectar@kth.se>
1643
1644 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
1645 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
1646 type specified by the KDC.
1647
16482003-02-15 Love H�rnquist �strand <lha@it.su.se>
16482003-02-15 Love H��rnquist ��strand <lha@it.su.se>
1649
1650 * fix-export: some autoconf put their version number in
1651 autom4te.cache, so remove autom4te*.cache
1652
1653 * fix-export: make sure $1 is a directory
1654
1649
1650 * fix-export: some autoconf put their version number in
1651 autom4te.cache, so remove autom4te*.cache
1652
1653 * fix-export: make sure $1 is a directory
1654
16552003-02-04 Love H�rnquist �strand <lha@it.su.se>
16552003-02-04 Love H��rnquist ��strand <lha@it.su.se>
1656
1657 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
1658
1659 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
1660
1656
1657 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
1658
1659 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
1660
16612003-01-31 Love H�rnquist �strand <lha@it.su.se>
16612003-01-31 Love H��rnquist ��strand <lha@it.su.se>
1662
1663 * kdc/hpropd.8: s/databases/a database/ s/Not/not/
1664
1665 * kdc/hprop.8: add missing .
1666
1662
1663 * kdc/hpropd.8: s/databases/a database/ s/Not/not/
1664
1665 * kdc/hprop.8: add missing .
1666
16672003-01-30 Love H�rnquist �strand <lha@it.su.se>
16672003-01-30 Love H��rnquist ��strand <lha@it.su.se>
1668
1669 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
1670 address, write out encryption type in sentences, s/Host/host
1671
1668
1669 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
1670 address, write out encryption type in sentences, s/Host/host
1671
16722003-01-26 Love H�rnquist �strand <lha@it.su.se>
16722003-01-26 Love H��rnquist ��strand <lha@it.su.se>
1673
1674 * lib/asn1/check-gen.c: add checks for Authenticator too
1675
1673
1674 * lib/asn1/check-gen.c: add checks for Authenticator too
1675
16762003-01-25 Love H�rnquist �strand <lha@it.su.se>
16762003-01-25 Love H��rnquist ��strand <lha@it.su.se>
1677
1678 * doc/setup.texi: in the hprop example, use hprop and the first
1679 component, not host
1680
1681 * lib/krb5/get_addrs.c (find_all_addresses): address-less
1682 point-to-point might not have an address, just ignore
1683 those. Reported by Harald Barth.
1684
1677
1678 * doc/setup.texi: in the hprop example, use hprop and the first
1679 component, not host
1680
1681 * lib/krb5/get_addrs.c (find_all_addresses): address-less
1682 point-to-point might not have an address, just ignore
1683 those. Reported by Harald Barth.
1684
16852003-01-23 Love H�rnquist �strand <lha@it.su.se>
16852003-01-23 Love H��rnquist ��strand <lha@it.su.se>
1686
1687 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
1688 found, don't print out all known keys
1689
1690 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
1691 and facility start resp
1692 (check_log): find_value() returns -1 when key isn't found
1693

--- 14 unchanged lines hidden (view full) ---

1708 check-der.c to here
1709
1710 * lib/asn1/check-common.c: move generic asn1/der functions from
1711 check-der.c to here
1712
1713 * lib/asn1/check-der.c: move out the generic asn1/der functions to
1714 a common file
1715
1686
1687 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
1688 found, don't print out all known keys
1689
1690 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
1691 and facility start resp
1692 (check_log): find_value() returns -1 when key isn't found
1693

--- 14 unchanged lines hidden (view full) ---

1708 check-der.c to here
1709
1710 * lib/asn1/check-common.c: move generic asn1/der functions from
1711 check-der.c to here
1712
1713 * lib/asn1/check-der.c: move out the generic asn1/der functions to
1714 a common file
1715
17162003-01-22 Love H�rnquist �strand <lha@it.su.se>
17162003-01-22 Love H��rnquist ��strand <lha@it.su.se>
1717
1718 * doc/misc.texi: more text about afs, how to get get your KeyFile,
1719 and how to start use 2b tokens
1720
1721 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
1722 <jmc@cvs.openbsd.org>
1723
17242003-01-21 Jacques Vidrine <nectar@kth.se>
1725
1726 * kuser/kuser_locl.h: include crypto-headers.h for
1727 des_read_pw_string prototype
1728
1717
1718 * doc/misc.texi: more text about afs, how to get get your KeyFile,
1719 and how to start use 2b tokens
1720
1721 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
1722 <jmc@cvs.openbsd.org>
1723
17242003-01-21 Jacques Vidrine <nectar@kth.se>
1725
1726 * kuser/kuser_locl.h: include crypto-headers.h for
1727 des_read_pw_string prototype
1728
17292003-01-16 Love H�rnquist �strand <lha@it.su.se>
17292003-01-16 Love H��rnquist ��strand <lha@it.su.se>
1730
1731 * admin/ktutil.8: document -v, --verbose
1732
1733 * admin/get.c (kt_get): make getarg usage consistent with other
1734 other parts of ktutil
1735
1736 * admin/copy.c (kt_copy): remove adding verbose_flag to args
1737 struct, since it will overrun the args array (from Sumit Bose)
1738
1730
1731 * admin/ktutil.8: document -v, --verbose
1732
1733 * admin/get.c (kt_get): make getarg usage consistent with other
1734 other parts of ktutil
1735
1736 * admin/copy.c (kt_copy): remove adding verbose_flag to args
1737 struct, since it will overrun the args array (from Sumit Bose)
1738
17392003-01-15 Love H�rnquist �strand <lha@it.su.se>
17392003-01-15 Love H��rnquist ��strand <lha@it.su.se>
1740
1741 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
1742 ... }
1743
1744 * lib/krb5/aes-test.c: test vectors in aes-draft
1745
1746 * lib/krb5/Makefile.am: add aes-test.c
1747

--- 17 unchanged lines hidden (view full) ---

1765 `Encryption and Checksum Specifications for Kerberos 5' draft
1766
1767 * lib/asn1/k5.asn1: add checksum and enctype for AES from
1768 draft-raeburn-krb-rijndael-krb-02.txt
1769
1770 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
1771 KEYTYPE_AES256
1772
1740
1741 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
1742 ... }
1743
1744 * lib/krb5/aes-test.c: test vectors in aes-draft
1745
1746 * lib/krb5/Makefile.am: add aes-test.c
1747

--- 17 unchanged lines hidden (view full) ---

1765 `Encryption and Checksum Specifications for Kerberos 5' draft
1766
1767 * lib/asn1/k5.asn1: add checksum and enctype for AES from
1768 draft-raeburn-krb-rijndael-krb-02.txt
1769
1770 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
1771 KEYTYPE_AES256
1772
17732003-01-14 Love H�rnquist �strand <lha@it.su.se>
17732003-01-14 Love H��rnquist ��strand <lha@it.su.se>
1774
1775 * lib/hdb/common.c (_hdb_fetch): handle error code from
1776 hdb_value2entry
1777
1778 * kdc/Makefile.am: always include kerberos4.c and 524.c in
1779 kdc_SOURCES to support 524
1780
1781 * kdc/524.c: always compile in support for 524

--- 14 unchanged lines hidden --- 		1774
1775 * lib/hdb/common.c (_hdb_fetch): handle error code from
1776 hdb_value2entry
1777
1778 * kdc/Makefile.am: always include kerberos4.c and 524.c in
1779 kdc_SOURCES to support 524
1780
1781 * kdc/524.c: always compile in support for 524

--- 14 unchanged lines hidden ---