Cross Reference: /freebsd-10.1-release/crypto/heimdal/ChangeLog.2005

Deleted Added

sdiff udiff text old ( 178826 ) new ( 233294 )

full compact

ChangeLog.2005 (178826)	ChangeLog.2005 (233294)
12005-12-15 Love H�rnquist �strand <lha@it.su.se>	12005-12-15 Love H��rnquist ��strand <lha@it.su.se>
2 3 * kdc/kerberos5.c (tgs_make_reply): less const on hdb_entry_ex to 4 make samba happy 5 6 * fix-export: Build kdc-private.h. 7	2 3 * kdc/kerberos5.c (tgs_make_reply): less const on hdb_entry_ex to 4 make samba happy 5 6 * fix-export: Build kdc-private.h. 7
82005-12-14 Love H�rnquist �strand <lha@it.su.se>	82005-12-14 Love H��rnquist ��strand <lha@it.su.se>
9 10 * kdc/kerberos5.c (tgs_rep2): also print the principal for which 11 the enctype was missing 12	9 10 * kdc/kerberos5.c (tgs_rep2): also print the principal for which 11 the enctype was missing 12
132005-12-13 Love H�rnquist �strand <lha@it.su.se>	132005-12-13 Love H��rnquist ��strand <lha@it.su.se>
14 15 * kdc/kaserver.c: Finish up transition from hdb_entry to 16 hdb_entry_ex. 17 18 * kdc/kerberos4.c: Finish up transition from hdb_entry to 19 hdb_entry_ex. 20 21 * kdc/524.c: Finish up transition from hdb_entry to hdb_entry_ex. --- 8 unchanged lines hidden (view full) --- 30 default credential cache. 31 32 * lib/hdb/ndbm.c: memset hdb_entry_ex before use 33 34 * lib/hdb/db3.c: memset hdb_entry_ex before use 35 36 * lib/hdb/db.c: memset hdb_entry_ex before use 37	14 15 * kdc/kaserver.c: Finish up transition from hdb_entry to 16 hdb_entry_ex. 17 18 * kdc/kerberos4.c: Finish up transition from hdb_entry to 19 hdb_entry_ex. 20 21 * kdc/524.c: Finish up transition from hdb_entry to hdb_entry_ex. --- 8 unchanged lines hidden (view full) --- 30 default credential cache. 31 32 * lib/hdb/ndbm.c: memset hdb_entry_ex before use 33 34 * lib/hdb/db3.c: memset hdb_entry_ex before use 35 36 * lib/hdb/db.c: memset hdb_entry_ex before use 37
382005-12-12 Love H�rnquist �strand <lha@it.su.se>	382005-12-12 Love H��rnquist ��strand <lha@it.su.se>
39 40 * lib/krb5/krb5.3: Add some more entrypoints. 41 42 * lib/krb5/changepw.c: If there is a target principal, use the 43 realm of the realm to change the password with, 44 45 * kuser/kinit.c: Default to use DH when fetching keys. 46 --- 14 unchanged lines hidden (view full) --- 61 * kdc/config.c (configure): wrap line 62 63 * doc/kerberos4.texi: KDC 4 support is always compiled in. 64 65 * TODO: Remove some stuff that have been done. 66 67 * Makefile.am: Split long line 68	39 40 * lib/krb5/krb5.3: Add some more entrypoints. 41 42 * lib/krb5/changepw.c: If there is a target principal, use the 43 realm of the realm to change the password with, 44 45 * kuser/kinit.c: Default to use DH when fetching keys. 46 --- 14 unchanged lines hidden (view full) --- 61 * kdc/config.c (configure): wrap line 62 63 * doc/kerberos4.texi: KDC 4 support is always compiled in. 64 65 * TODO: Remove some stuff that have been done. 66 67 * Makefile.am: Split long line 68
69 * doc/apps.texi: Spelling, From M�ns Nilsson.	69 * doc/apps.texi: Spelling, From M��ns Nilsson.
70	70
71 * doc/install.texi: spelling, From M�ns Nilsson	71 * doc/install.texi: spelling, From M��ns Nilsson
72	72
732005-12-11 Love H�rnquist �strand <lha@it.su.se>	732005-12-11 Love H��rnquist ��strand <lha@it.su.se>
74 75 * lib/krb5/krb5_principal.3: Constify principal argument to on 76 krb5_principal_get_ functions. 77 78 * lib/krb5/principal.c: Constify principal argument to on 79 krb5_principal_get_ functions. 80	74 75 * lib/krb5/krb5_principal.3: Constify principal argument to on 76 krb5_principal_get_ functions. 77 78 * lib/krb5/principal.c: Constify principal argument to on 79 krb5_principal_get_ functions. 80
812005-12-08 Love H�rnquist �strand <lha@it.su.se>	812005-12-08 Love H��rnquist ��strand <lha@it.su.se>
82 83 * lib/hdb: drop convert_db, 0.0 to 0.1 transition was a long long 84 time ago 85	82 83 * lib/hdb: drop convert_db, 0.0 to 0.1 transition was a long long 84 time ago 85
862005-12-05 Love H�rnquist �strand <lha@it.su.se>	862005-12-05 Love H��rnquist ��strand <lha@it.su.se>
87 88 * lib/krb5/test_keytab.c: more tests, From Andrew Bartlet 89 90 * lib/krb5/keytab_memory.c (mkt_remove_entry): realloc can return 91 NULL on success in the case 0 entries are allocated, From Andrew 92 Bartlet 93	87 88 * lib/krb5/test_keytab.c: more tests, From Andrew Bartlet 89 90 * lib/krb5/keytab_memory.c (mkt_remove_entry): realloc can return 91 NULL on success in the case 0 entries are allocated, From Andrew 92 Bartlet 93
942005-12-02 Love H�rnquist �strand <lha@it.su.se>	942005-12-02 Love H��rnquist ��strand <lha@it.su.se>
95 96 * lib/krb5/acl.c (acl_parse_format): tmp needs to be freed too on 97 failure to parse format specifier. 98 99 * lib/krb5/store-test.c: Free more of the allocated memory. 100 101 * lib/krb5/crypto.c (krb5_derive_key): Free more of the allocated 102 memory, this function is only used by the test program. 103 104 * lib/krb5/parse-name-test.c: Free more of the allocated memory. 105 106 * lib/krb5/derived-key-test.c: Free more of the allocated memory. 107	95 96 * lib/krb5/acl.c (acl_parse_format): tmp needs to be freed too on 97 failure to parse format specifier. 98 99 * lib/krb5/store-test.c: Free more of the allocated memory. 100 101 * lib/krb5/crypto.c (krb5_derive_key): Free more of the allocated 102 memory, this function is only used by the test program. 103 104 * lib/krb5/parse-name-test.c: Free more of the allocated memory. 105 106 * lib/krb5/derived-key-test.c: Free more of the allocated memory. 107
1082005-12-01 Love H�rnquist �strand <lha@it.su.se>	1082005-12-01 Love H��rnquist ��strand <lha@it.su.se>
109	109
110 * doc/setup.texi: spelling, From M�ns Nilsson	110 * doc/setup.texi: spelling, From M��ns Nilsson
111 112 * lib/krb5/krb5_keytab.3: Memory keytab are now named and 113 refcounted. 114 115 * lib/krb5/test_keytab.c: Test that memory keytab are refcounted. 116 117 * lib/krb5/keytab_memory.c: Index by name and start reference 118 counting on entries. 119	111 112 * lib/krb5/krb5_keytab.3: Memory keytab are now named and 113 refcounted. 114 115 * lib/krb5/test_keytab.c: Test that memory keytab are refcounted. 116 117 * lib/krb5/keytab_memory.c: Index by name and start reference 118 counting on entries. 119
1202005-11-30 Love H�rnquist �strand <lha@it.su.se>	1202005-11-30 Love H��rnquist ��strand <lha@it.su.se>
121 122 * lib/krb5/krb5.h (krb5_address_type): add 123 KRB5_ADDRESS_NETBIOS (20) 124 125 * lib/hdb/hdb.c (find_method): accept relative paths as old db 126 format too. 127 128 * lib/krb5/aes-test.c: Remove usage of krb5_enctype_to_keytype. 129 1302005-11-29 Dave Love <fx@gnu.org> 131 132 * kcm/connect.c (kcm_loop): Use HAVE_DOOR_CREATE, not HAVE_DOORS. 133	121 122 * lib/krb5/krb5.h (krb5_address_type): add 123 KRB5_ADDRESS_NETBIOS (20) 124 125 * lib/hdb/hdb.c (find_method): accept relative paths as old db 126 format too. 127 128 * lib/krb5/aes-test.c: Remove usage of krb5_enctype_to_keytype. 129 1302005-11-29 Dave Love <fx@gnu.org> 131 132 * kcm/connect.c (kcm_loop): Use HAVE_DOOR_CREATE, not HAVE_DOORS. 133
1342005-11-29 Love H�rnquist �strand <lha@it.su.se>	1342005-11-29 Love H��rnquist ��strand <lha@it.su.se>
135 136 * lib/krb5/verify_krb5_conf.c (libdefaults_entries): add 137 default_cc_name 138 139 * lib/hdb/hdb.c: Only match db databases on filename starting with 140 '/'. 141 142 * lib/krb5/rd_req.c (krb5_verify_ap_re2): check timestamp in --- 14 unchanged lines hidden (view full) --- 157 colon (:) in the name, its a file credential cache 158 159 * lib/hdb/db3.c (hdb_db_create): use calloc to callocate memory 160 161 * lib/hdb/ndbm.c (hdb_ndbm_create): use calloc to allocate memory 162 163 * lib/hdb/db.c (hdb_db_create): use calloc to allocate memory 164	135 136 * lib/krb5/verify_krb5_conf.c (libdefaults_entries): add 137 default_cc_name 138 139 * lib/hdb/hdb.c: Only match db databases on filename starting with 140 '/'. 141 142 * lib/krb5/rd_req.c (krb5_verify_ap_re2): check timestamp in --- 14 unchanged lines hidden (view full) --- 157 colon (:) in the name, its a file credential cache 158 159 * lib/hdb/db3.c (hdb_db_create): use calloc to callocate memory 160 161 * lib/hdb/ndbm.c (hdb_ndbm_create): use calloc to allocate memory 162 163 * lib/hdb/db.c (hdb_db_create): use calloc to allocate memory 164
1652005-11-28 Love H�rnquist �strand <lha@it.su.se>	1652005-11-28 Love H��rnquist ��strand <lha@it.su.se>
166 167 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use session 168 key for delegated credentials 169 170 * kdc/kerberos5.c (_kdc_as_rep): add comment when we send 171 ETYPE-INFO and ETYPE-INFO2, from Andrew Bartlett 172	166 167 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use session 168 key for delegated credentials 169 170 * kdc/kerberos5.c (_kdc_as_rep): add comment when we send 171 ETYPE-INFO and ETYPE-INFO2, from Andrew Bartlett 172
1732005-11-25 Love H�rnquist �strand <lha@it.su.se>	1732005-11-25 Love H��rnquist ��strand <lha@it.su.se>
174 175 * lib/krb5/keytab.c (krb5_kt_get_full_name): new function 176	174 175 * lib/krb5/keytab.c (krb5_kt_get_full_name): new function 176
1772005-11-24 Love H�rnquist �strand <lha@it.su.se>	1772005-11-24 Love H��rnquist ��strand <lha@it.su.se>
178 179 * lib/krb5/test_crypto.c: Split encryption and s2k iterations to 180 diffrent counters, 38seconds of aes256 s2k is way too long. 181 182 * lib/krb5/test_crypto.c: Add timing code for s2k function. 183	178 179 * lib/krb5/test_crypto.c: Split encryption and s2k iterations to 180 diffrent counters, 38seconds of aes256 s2k is way too long. 181 182 * lib/krb5/test_crypto.c: Add timing code for s2k function. 183
1842005-11-07 Love H�rnquist �strand <lha@it.su.se>	1842005-11-07 Love H��rnquist ��strand <lha@it.su.se>
185 186 * kdc/kerberos5.c: Print the time the principal expired, based on 187 patch from Andrew Bartlett. 188	185 186 * kdc/kerberos5.c: Print the time the principal expired, based on 187 patch from Andrew Bartlett. 188
1892005-11-01 Love H�rnquist �strand <lha@it.su.se>	1892005-11-01 Love H��rnquist ��strand <lha@it.su.se>
190 191 * lib/krb5/cache.c (krb5_cc_get_full_name): Add 192	190 191 * lib/krb5/cache.c (krb5_cc_get_full_name): Add 192
1932005-11-01 Love H�rnquist �strand <lha@it.su.se>	1932005-11-01 Love H��rnquist ��strand <lha@it.su.se>
194 195 * configure.in: Spelling, From Michael Banck <mbanck@debian.org> 196	194 195 * configure.in: Spelling, From Michael Banck <mbanck@debian.org> 196
1972005-10-30 Love H�rnquist �strand <lha@it.su.se>	1972005-10-30 Love H��rnquist ��strand <lha@it.su.se>
198 199 * kcm/headers.h: Maybe include <sys/param.h>. 200	198 199 * kcm/headers.h: Maybe include <sys/param.h>. 200
2012005-10-27 Love H�rnquist �strand <lha@it.su.se>	2012005-10-27 Love H��rnquist ��strand <lha@it.su.se>
202 203 * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): 204 understand KRB5_AUTHDATA_IF_RELEVANT and KRB5_AUTHDATA_AND_OR (but 205 have KRB5_AUTHDATA_KDC_ISSUED commented out for now) 206	202 203 * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): 204 understand KRB5_AUTHDATA_IF_RELEVANT and KRB5_AUTHDATA_AND_OR (but 205 have KRB5_AUTHDATA_KDC_ISSUED commented out for now) 206
2072005-10-26 Love H�rnquist �strand <lha@it.su.se>	2072005-10-26 Love H��rnquist ��strand <lha@it.su.se>
208 209 * kuser/klist.c: In the list caches view, rename the Status field 210 to Expires. 211 212 * lib/krb5/krb5_encrypt.3: Fix mdoc for 213 krb5_encrypt_EncryptedData, Johnny Lam <jlam@pkgsrc.org> 214	208 209 * kuser/klist.c: In the list caches view, rename the Status field 210 to Expires. 211 212 * lib/krb5/krb5_encrypt.3: Fix mdoc for 213 krb5_encrypt_EncryptedData, Johnny Lam <jlam@pkgsrc.org> 214
2152005-10-25 Love H�rnquist �strand <lha@it.su.se>	2152005-10-25 Love H��rnquist ��strand <lha@it.su.se>
216 217 * appl/test/gssapi_client.c: Check return value from asprintf 218 instead of string != NULL since it undefined behavior on	216 217 * appl/test/gssapi_client.c: Check return value from asprintf 218 instead of string != NULL since it undefined behavior on
219 Linux. From Bj�rn Sandell	219 Linux. From Bj��rn Sandell
220	220
2212005-10-21 Love H�rnquist �strand <lha@it.su.se>	2212005-10-21 Love H��rnquist ��strand <lha@it.su.se>
222 223 * lib/krb5/pkinit.c (_krb5_dh_group_ok): if not enough bits are 224 generated from the DH groups, fail. 225 226 * kdc/pkinit.c (get_dh_param): Pass down config so this function 227 can check pkinit_dh_min_bits 228 229 * kdc/config.c: Fill in pkinit_dh_min_bits from configuration 230 file. 231 232 * kdc/kdc.h: Add pkinit_dh_min_bits to krb5_kdc_configuration. 233	222 223 * lib/krb5/pkinit.c (_krb5_dh_group_ok): if not enough bits are 224 generated from the DH groups, fail. 225 226 * kdc/pkinit.c (get_dh_param): Pass down config so this function 227 can check pkinit_dh_min_bits 228 229 * kdc/config.c: Fill in pkinit_dh_min_bits from configuration 230 file. 231 232 * kdc/kdc.h: Add pkinit_dh_min_bits to krb5_kdc_configuration. 233
2342005-10-20 Love H�rnquist �strand <lha@it.su.se>	2342005-10-20 Love H��rnquist ��strand <lha@it.su.se>
235 236 * lib/krb5/pkinit.c: Add option to require binding between reply 237 and response for the win2k version of the protocol. 238	235 236 * lib/krb5/pkinit.c: Add option to require binding between reply 237 and response for the win2k version of the protocol. 238
2392005-10-19 Love H�rnquist �strand <lha@it.su.se>	2392005-10-19 Love H��rnquist ��strand <lha@it.su.se>
240 241 * doc/programming.texi: Text about Kerberos errors. 242 243 * lib/krb5/pkinit.c: Try both ReplyKey and ReplyKey-Win2k for the 244 Windows case to support the updated -09 protocol (using 245 asChecksum). Tell KDC we support this by sending 246 KRB5-PADATA-PK-AS-09-BINDING in the pa-data. 247 --- 5 unchanged lines hidden (view full) --- 253 254 * lib/krb5/cache.c (krb5_cc_cache_match): add function that 255 iterates over all credential caches for a user and returns a 256 match. 257 258 * lib/krb5/krb5_ccache.3: Add krb5_cc_start_seq_get and an 259 example. 260	240 241 * doc/programming.texi: Text about Kerberos errors. 242 243 * lib/krb5/pkinit.c: Try both ReplyKey and ReplyKey-Win2k for the 244 Windows case to support the updated -09 protocol (using 245 asChecksum). Tell KDC we support this by sending 246 KRB5-PADATA-PK-AS-09-BINDING in the pa-data. 247 --- 5 unchanged lines hidden (view full) --- 253 254 * lib/krb5/cache.c (krb5_cc_cache_match): add function that 255 iterates over all credential caches for a user and returns a 256 match. 257 258 * lib/krb5/krb5_ccache.3: Add krb5_cc_start_seq_get and an 259 example. 260
2612005-10-18 Love H�rnquist �strand <lha@it.su.se>	2612005-10-18 Love H��rnquist ��strand <lha@it.su.se>
262 263 * doc/programming.texi: Try to explain krb5_ccache, krb5_principal 264 and errors. 265	262 263 * doc/programming.texi: Try to explain krb5_ccache, krb5_principal 264 and errors. 265
2662005-10-13 Love H�rnquist �strand <lha@it.su.se>	2662005-10-13 Love H��rnquist ��strand <lha@it.su.se>
267 268 * lib/krb5/krb5_get_credentials.3: Add example how to use 269 krb5_get_credentials. 270	267 268 * lib/krb5/krb5_get_credentials.3: Add example how to use 269 krb5_get_credentials. 270
2712005-10-12 Love H�rnquist �strand <lha@it.su.se>	2712005-10-12 Love H��rnquist ��strand <lha@it.su.se>
272 273 * lib/krb5/init_creds.c: Rename private to opt_private. 274 275 * lib/krb5/init_creds_pw.c: Rename private to opt_private. 276 277 * lib/krb5/pkinit.c: rename element private to opt_private to make 278 c++ picky compilers less upset. 279 280 * lib/krb5/krb5.h (krb5_get_init_creds_opt): rename element 281 private to opt_private to make c++ picky compilers less upset. 282	272 273 * lib/krb5/init_creds.c: Rename private to opt_private. 274 275 * lib/krb5/init_creds_pw.c: Rename private to opt_private. 276 277 * lib/krb5/pkinit.c: rename element private to opt_private to make 278 c++ picky compilers less upset. 279 280 * lib/krb5/krb5.h (krb5_get_init_creds_opt): rename element 281 private to opt_private to make c++ picky compilers less upset. 282
2832005-10-08 Love H�rnquist �strand <lha@it.su.se>	2832005-10-08 Love H��rnquist ��strand <lha@it.su.se>
284 285 * lib/krb5/krbhst.c (_krb5_krbhost_info_move): new function 286 (_krb5_free_krbhst_info): expose to internal use 287 288 * lib/krb5/init_creds_pw.c: Prepare to pass down a 289 krb5_krbhst_info into the pre-auth mechs 290 291 * lib/krb5/pkinit.c: Inline short functions, share more code, 292 rename COMPAT_27 to COMPAT_IETF, pass down a krb5_krbhst_info for 293 verification of KDC info, and general cleaning up. 294	284 285 * lib/krb5/krbhst.c (_krb5_krbhost_info_move): new function 286 (_krb5_free_krbhst_info): expose to internal use 287 288 * lib/krb5/init_creds_pw.c: Prepare to pass down a 289 krb5_krbhst_info into the pre-auth mechs 290 291 * lib/krb5/pkinit.c: Inline short functions, share more code, 292 rename COMPAT_27 to COMPAT_IETF, pass down a krb5_krbhst_info for 293 verification of KDC info, and general cleaning up. 294
2952005-10-07 Love H�rnquist �strand <lha@it.su.se>	2952005-10-07 Love H��rnquist ��strand <lha@it.su.se>
296 297 * lib/krb5/Makefile.am: Install krb5.moduli in sysconfdir. 298 299 * lib/krb5/krb5_locl.h: rename moduli file to SYSCONFDIR 300 "/krb5.moduli" 301 302 * lib/krb5/krb5_locl.h: Add forward declaration for 303 krb5_dh_moduli. Add define for MODULI_FILE. --- 15 unchanged lines hidden (view full) --- 319 * lib/krb5/krb5_err.et: Match error code with pk-init-27. 320 321 * lib/krb5/pkinit.c: Update error codes. Add name to group. Change 322 return value of _krb5_dh_group_ok. 323 324 * lib/krb5/pkinit.c: Add support for reading a moduli-file for DH 325 parameters. 326	296 297 * lib/krb5/Makefile.am: Install krb5.moduli in sysconfdir. 298 299 * lib/krb5/krb5_locl.h: rename moduli file to SYSCONFDIR 300 "/krb5.moduli" 301 302 * lib/krb5/krb5_locl.h: Add forward declaration for 303 krb5_dh_moduli. Add define for MODULI_FILE. --- 15 unchanged lines hidden (view full) --- 319 * lib/krb5/krb5_err.et: Match error code with pk-init-27. 320 321 * lib/krb5/pkinit.c: Update error codes. Add name to group. Change 322 return value of _krb5_dh_group_ok. 323 324 * lib/krb5/pkinit.c: Add support for reading a moduli-file for DH 325 parameters. 326
3272005-10-06 Love H�rnquist �strand <lha@it.su.se>	3272005-10-06 Love H��rnquist ��strand <lha@it.su.se>
328 329 * kuser/klist.1: Document --list-caches 330 331 * kuser/klist.c: Change short flag of --list-caches to -l (-v is 332 already used). 333	328 329 * kuser/klist.1: Document --list-caches 330 331 * kuser/klist.c: Change short flag of --list-caches to -l (-v is 332 already used). 333
3342005-10-03 Love H�rnquist �strand <lha@it.su.se>	3342005-10-03 Love H��rnquist ��strand <lha@it.su.se>
335 336 * lib/krb5/kerberos.8: RFC 1510 was obsoleted by 4120. 337 338 * lib/krb5/acache.c (init_ccapi): return kerberos errors, callers 339 expect it 340 (acc_get_cache_first): don't leak memory or abort on malloc 341 failure 342	335 336 * lib/krb5/kerberos.8: RFC 1510 was obsoleted by 4120. 337 338 * lib/krb5/acache.c (init_ccapi): return kerberos errors, callers 339 expect it 340 (acc_get_cache_first): don't leak memory or abort on malloc 341 failure 342
3432005-10-02 Love H�rnquist �strand <lha@it.su.se>	3432005-10-02 Love H��rnquist ��strand <lha@it.su.se>
344 345 * lib/krb5/kerberos.8: Update text about Kerberos RFC's. 346	344 345 * lib/krb5/kerberos.8: Update text about Kerberos RFC's. 346
3472005-10-01 Love H�rnquist �strand <lha@it.su.se>	3472005-10-01 Love H��rnquist ��strand <lha@it.su.se>
348 349 * kuser/klist.c: Add option --list-caches that lists the avaible 350 caches and their status. 351 352 $ klist --list-caches 353 Principal Cache name Status 354 lha@E.KTH.SE 2 Valid 355 lha@SU.SE 1 Expired 356 lha/root@SU.SE 0 Expired 357 lha@N.L.NXS.SE Initial default ccache Expired 358	348 349 * kuser/klist.c: Add option --list-caches that lists the avaible 350 caches and their status. 351 352 $ klist --list-caches 353 Principal Cache name Status 354 lha@E.KTH.SE 2 Valid 355 lha@SU.SE 1 Expired 356 lha/root@SU.SE 0 Expired 357 lha@N.L.NXS.SE Initial default ccache Expired 358
3592005-09-30 Love H�rnquist �strand <lha@it.su.se>	3592005-09-30 Love H��rnquist ��strand <lha@it.su.se>
360 361 * lib/krb5/keytab_keyfile.c: Use all DES keys, not just 362 des-cbc-md5, verify that they all are the same. 363 364 * lib/krb5/mcache.c Implement the cache iteration functions. 365 366 * lib/krb5/acache.c: Implement the cache iteration functions. 367 368 * lib/krb5/test_cc.c: Test the new cache iteration functions. 369 370 * lib/krb5/cache.c: Add cache iteration funcations. Add internal 371 allocation function for the memory of a krb5_ccache, and use it. 372 373 * lib/krb5/krb5.h (krb5_cc_ops): add cache iteration functions 374	360 361 * lib/krb5/keytab_keyfile.c: Use all DES keys, not just 362 des-cbc-md5, verify that they all are the same. 363 364 * lib/krb5/mcache.c Implement the cache iteration functions. 365 366 * lib/krb5/acache.c: Implement the cache iteration functions. 367 368 * lib/krb5/test_cc.c: Test the new cache iteration functions. 369 370 * lib/krb5/cache.c: Add cache iteration funcations. Add internal 371 allocation function for the memory of a krb5_ccache, and use it. 372 373 * lib/krb5/krb5.h (krb5_cc_ops): add cache iteration functions 374
3752005-09-25 Love H�rnquist �strand <lha@it.su.se>	3752005-09-25 Love H��rnquist ��strand <lha@it.su.se>
376 377 * lib/krb5/krb5_mk_req.3: Remove leftovers, remove extra space. 378 379 * kdc/kerberos5.c: More verbose PK-INIT logging. 380 381 * kdc/pkinit.c: The public DH key is encoded as an INTEGER in 382 subjectPublicKey. Don't verify OID's for now. 383 384 * lib/krb5/pkinit.c: Support cached DH variable (still need to 385 store it though), don't check the oid of the DH signedData for 386 now. 387	376 377 * lib/krb5/krb5_mk_req.3: Remove leftovers, remove extra space. 378 379 * kdc/kerberos5.c: More verbose PK-INIT logging. 380 381 * kdc/pkinit.c: The public DH key is encoded as an INTEGER in 382 subjectPublicKey. Don't verify OID's for now. 383 384 * lib/krb5/pkinit.c: Support cached DH variable (still need to 385 store it though), don't check the oid of the DH signedData for 386 now. 387
3882005-09-22 Love H�rnquist �strand <lha@it.su.se>	3882005-09-22 Love H��rnquist ��strand <lha@it.su.se>
389 390 * lib/krb5/rd_cred.c (krb5_rd_cred): try both the session key and 391 the sender subkey. Both RFC1510 and RFC4120 say that you have to 392 use the session key, Heimdal uses subkey. 393	389 390 * lib/krb5/rd_cred.c (krb5_rd_cred): try both the session key and 391 the sender subkey. Both RFC1510 and RFC4120 say that you have to 392 use the session key, Heimdal uses subkey. 393
3942005-09-21 Love H�rnquist �strand <lha@it.su.se>	3942005-09-21 Love H��rnquist ��strand <lha@it.su.se>
395 396 * lib/krb5/pkinit.c: Don't check oid's too closely, they change in 397 Windows Vista. 398	395 396 * lib/krb5/pkinit.c: Don't check oid's too closely, they change in 397 Windows Vista. 398
3992005-09-20 Love H�rnquist �strand <lha@it.su.se>	3992005-09-20 Love H��rnquist ��strand <lha@it.su.se>
400 401 * lib/krb5/pkinit.c: Disable sending -19, fix parsing -27 of the 402 protocol. 403 404 * kdc/pkinit.c: Support PK-INIT-27 DH (and remove -19) 405 406 * lib/krb5/pkinit.c (pk_verify_chain_standard): set cert to NULL 407 to make sure its not freed. 408	400 401 * lib/krb5/pkinit.c: Disable sending -19, fix parsing -27 of the 402 protocol. 403 404 * kdc/pkinit.c: Support PK-INIT-27 DH (and remove -19) 405 406 * lib/krb5/pkinit.c (pk_verify_chain_standard): set cert to NULL 407 to make sure its not freed. 408
4092005-09-19 Love H�rnquist �strand <lha@it.su.se>	4092005-09-19 Love H��rnquist ��strand <lha@it.su.se>
410 411 * lib/krb5/crypto.c (krb5_DES_string_to_key): If the opaque length 412 it set to 1, and content is 0x01, use the afs3 string-to-key. 413 414 * kdc/kerberos5.c (make_etype_info2_entry): When its a afs3-salted 415 key, use send the opaque, length 1 (with content set to 0x01) in 416 ETYPE-INFO2-ENTRY. 417 418 * lib/krb5/kcm.c: Remove signedness warnings. 419	410 411 * lib/krb5/crypto.c (krb5_DES_string_to_key): If the opaque length 412 it set to 1, and content is 0x01, use the afs3 string-to-key. 413 414 * kdc/kerberos5.c (make_etype_info2_entry): When its a afs3-salted 415 key, use send the opaque, length 1 (with content set to 0x01) in 416 ETYPE-INFO2-ENTRY. 417 418 * lib/krb5/kcm.c: Remove signedness warnings. 419
4202005-09-15 Love H�rnquist �strand <lha@it.su.se>	4202005-09-15 Love H��rnquist ��strand <lha@it.su.se>
421 422 * configure.in: Use libtool's default values for building 423 shared/static libaries, ie remove AC_ENABLE_SHARED(no), solves 424 building problems users have on Mac OS X. 425	421 422 * configure.in: Use libtool's default values for building 423 shared/static libaries, ie remove AC_ENABLE_SHARED(no), solves 424 building problems users have on Mac OS X. 425
4262005-09-08 Love H�rnquist �strand <lha@it.su.se>	4262005-09-08 Love H��rnquist ��strand <lha@it.su.se>
427 428 * lib/krb5/changepw.c: Constify password. 429	427 428 * lib/krb5/changepw.c: Constify password. 429
4302005-09-05 Love H�rnquist �strand <lha@it.su.se>	4302005-09-05 Love H��rnquist ��strand <lha@it.su.se>
431 432 * lib/krb5/krb5_mk_req.3: Document krb5_rd_req. 433 434 * lib/krb5/Makefile.am: MAN_mans+= krb5_mk_req.3 435 436 * lib/krb5/krb5_mk_req.3: Document krb5_mk_req, krb5_mk_req_exact, 437 krb5_mk_req_extended, krb5_rd_req, krb5_rd_req_with_keyblock, 438 krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep, 439 krb5_build_ap_req, krb5_verify_ap_req. 440	431 432 * lib/krb5/krb5_mk_req.3: Document krb5_rd_req. 433 434 * lib/krb5/Makefile.am: MAN_mans+= krb5_mk_req.3 435 436 * lib/krb5/krb5_mk_req.3: Document krb5_mk_req, krb5_mk_req_exact, 437 krb5_mk_req_extended, krb5_rd_req, krb5_rd_req_with_keyblock, 438 krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep, 439 krb5_build_ap_req, krb5_verify_ap_req. 440
4412005-09-01 Love H�rnquist �strand <lha@it.su.se>	4412005-09-01 Love H��rnquist ��strand <lha@it.su.se>
442 443 * kdc/kerberos5.c (make_etype_info_entry): Dont send salttype at 444 all, use KRB5-PADATA-AFS3-SALT 445	442 443 * kdc/kerberos5.c (make_etype_info_entry): Dont send salttype at 444 all, use KRB5-PADATA-AFS3-SALT 445
4462005-08-31 Love H�rnquist �strand <lha@it.su.se>	4462005-08-31 Love H��rnquist ��strand <lha@it.su.se>
447 448 * kdc/kerberos5.c (log_timestamp): endtime, not endtype 449	447 448 * kdc/kerberos5.c (log_timestamp): endtime, not endtype 449
4502005-08-30 Love H�rnquist �strand <lha@it.su.se>	4502005-08-30 Love H��rnquist ��strand <lha@it.su.se>
451 452 * configure.in: Check for <sys/ucred.h>. 453 454 * kcm/connect.c (update_client_creds): in case there is no 455 UCRED_VERSION, skip LOCAL_PEERCRED 456 457 * kcm/headers.h: include <sys/ucred.h> 458	451 452 * configure.in: Check for <sys/ucred.h>. 453 454 * kcm/connect.c (update_client_creds): in case there is no 455 UCRED_VERSION, skip LOCAL_PEERCRED 456 457 * kcm/headers.h: include <sys/ucred.h> 458
4592005-08-27 Love H�rnquist �strand <lha@it.su.se>	4592005-08-27 Love H��rnquist ��strand <lha@it.su.se>
460 461 * lib/krb5/rd_req.c (check_transited): Allow empty content of type 462 0 because that is was Microsoft generates in their TGT. 463 464 * kdc/kerberos5.c (fix_transited_encoding): Allow empty content of 465 type 0 because that is was Microsoft enerates in their TGT. 466	460 461 * lib/krb5/rd_req.c (check_transited): Allow empty content of type 462 0 because that is was Microsoft generates in their TGT. 463 464 * kdc/kerberos5.c (fix_transited_encoding): Allow empty content of 465 type 0 because that is was Microsoft enerates in their TGT. 466
4672005-08-26 Love H�rnquist �strand <lha@it.su.se>	4672005-08-26 Love H��rnquist ��strand <lha@it.su.se>
468 469 * doc/intro.texi: RFC 4120 replaces RFC 1510 470	468 469 * doc/intro.texi: RFC 4120 replaces RFC 1510 470
4712005-08-25 Love H�rnquist �strand <lha@it.su.se>	4712005-08-25 Love H��rnquist ��strand <lha@it.su.se>
472 473 * configure.in: Add --disable-afs-support. 474	472 473 * configure.in: Add --disable-afs-support. 474
4752005-08-23 Love H�rnquist �strand <lha@it.su.se>	4752005-08-23 Love H��rnquist ��strand <lha@it.su.se>
476 477 * lib/krb5/Makefile.am: Add test_hostname to check_PROGRAMS but 478 not TESTS, I have no same dns to use. 479 480 * lib/krb5/test_hostname.c: Testprogram for krb5_expand_hostname() 481 and krb5_expand_hostname_realms(). 482 483 * configure.in: Build KCM if we have doors or unix sockets. 484 485 * lib/krb5/principal.c (krb5_425_conv_principal_ex2): Remove 486 shadowing variable. 487 488 * lib/krb5/get_host_realm.c (dns_find_realm): Fix const warnings, 489 plug memory leak. From: Stefan Metzmacher <metze@samba.org> 490 491 * lib/krb5/krb5_config.3: Document what happens with NULL to 492 krb5_config_free_strings 493 (nothing). Mdoc nit. 494	476 477 * lib/krb5/Makefile.am: Add test_hostname to check_PROGRAMS but 478 not TESTS, I have no same dns to use. 479 480 * lib/krb5/test_hostname.c: Testprogram for krb5_expand_hostname() 481 and krb5_expand_hostname_realms(). 482 483 * configure.in: Build KCM if we have doors or unix sockets. 484 485 * lib/krb5/principal.c (krb5_425_conv_principal_ex2): Remove 486 shadowing variable. 487 488 * lib/krb5/get_host_realm.c (dns_find_realm): Fix const warnings, 489 plug memory leak. From: Stefan Metzmacher <metze@samba.org> 490 491 * lib/krb5/krb5_config.3: Document what happens with NULL to 492 krb5_config_free_strings 493 (nothing). Mdoc nit. 494
4952005-08-22 Love H�rnquist �strand <lha@it.su.se>	4952005-08-22 Love H��rnquist ��strand <lha@it.su.se>
496 497 * kuser/klist.c (check_for_tgt): Re-order code so it only free the 498 credential if one was returned. 499 500 * lib/krb5/test_crypto_wrapping.c: Fix printing of size_t. 501	496 497 * kuser/klist.c (check_for_tgt): Re-order code so it only free the 498 credential if one was returned. 499 500 * lib/krb5/test_crypto_wrapping.c: Fix printing of size_t. 501
5022005-08-19 Love H�rnquist �strand <lha@it.su.se>	5022005-08-19 Love H��rnquist ��strand <lha@it.su.se>
503 504 * lib/hdb/dbinfo.c: provide interface to find databases 505 506 * lib/hdb/mkey.c: hdb_seal_key_mkey): dont double encrypt keys 507	503 504 * lib/hdb/dbinfo.c: provide interface to find databases 505 506 * lib/hdb/mkey.c: hdb_seal_key_mkey): dont double encrypt keys 507
5082005-08-15 Love H�rnquist �strand <lha@it.su.se>	5082005-08-15 Love H��rnquist ��strand <lha@it.su.se>
509 510 * kdc/kdc_locl.h: Update prototype for _kdc_pk_mk_pa_reply. 511	509 510 * kdc/kdc_locl.h: Update prototype for _kdc_pk_mk_pa_reply. 511
5122005-08-13 Love H�rnquist �strand <lha@it.su.se>	5122005-08-13 Love H��rnquist ��strand <lha@it.su.se>
513 514 * lib/krb5/init_creds_pw.c: Save the request buffer so that 515 pre-auth mechanism that needs it can verify the reply. 516	513 514 * lib/krb5/init_creds_pw.c: Save the request buffer so that 515 pre-auth mechanism that needs it can verify the reply. 516
5172005-08-12 Love H�rnquist �strand <lha@it.su.se>	5172005-08-12 Love H��rnquist ��strand <lha@it.su.se>
518 519 * lib/krb5/test_mem.c: Rename logf to avoid shadowing. 520 521 * lib/krb5/krb5_keytab.3: Fix the version number for 522 fcc-mit-ticketflags. 523 524 * lib/krb5/fcache.c: Revert previous, I was confused. 525 --- 17 unchanged lines hidden (view full) --- 543 544 * kdc/pkinit.c: Fill in asChecksum, we now implements -27 in the KDC. 545 546 * kdc/process.c: Pass down the request buffer to _kdc_as_rep(). 547 548 * kdc/kerberos5.c (_kdc_as_rep): Pass down the request buffer to 549 _kdc_pk_mk_pa_reply. 550	518 519 * lib/krb5/test_mem.c: Rename logf to avoid shadowing. 520 521 * lib/krb5/krb5_keytab.3: Fix the version number for 522 fcc-mit-ticketflags. 523 524 * lib/krb5/fcache.c: Revert previous, I was confused. 525 --- 17 unchanged lines hidden (view full) --- 543 544 * kdc/pkinit.c: Fill in asChecksum, we now implements -27 in the KDC. 545 546 * kdc/process.c: Pass down the request buffer to _kdc_as_rep(). 547 548 * kdc/kerberos5.c (_kdc_as_rep): Pass down the request buffer to 549 _kdc_pk_mk_pa_reply. 550
5512005-08-11 Love H�rnquist �strand <lha@it.su.se>	5512005-08-11 Love H��rnquist ��strand <lha@it.su.se>
552 553 * lib/hdb/ext.c: HDB extensions access glue. 554 555 * kcm/acquire.c: Use krb5_set_password instead of 556 krb5_change_password. 557 558 * configure.in: Add tests/Makefile and tests/db/Makefile. 559 --- 5 unchanged lines hidden (view full) --- 565 566 * lib/hdb/hdb_err.et: Add error "Entry contains unknown mandatory 567 extension". 568 569 * lib/hdb/hdb.h: Update interface version (and indent). 570 571 * lib/hdb/hdb.asn1: Add support for HDB-extension. 572	552 553 * lib/hdb/ext.c: HDB extensions access glue. 554 555 * kcm/acquire.c: Use krb5_set_password instead of 556 krb5_change_password. 557 558 * configure.in: Add tests/Makefile and tests/db/Makefile. 559 --- 5 unchanged lines hidden (view full) --- 565 566 * lib/hdb/hdb_err.et: Add error "Entry contains unknown mandatory 567 extension". 568 569 * lib/hdb/hdb.h: Update interface version (and indent). 570 571 * lib/hdb/hdb.asn1: Add support for HDB-extension. 572
5732005-08-10 Love H�rnquist �strand <lha@it.su.se>	5732005-08-10 Love H��rnquist ��strand <lha@it.su.se>
574 575 * lib/krb5/test_pkinit_dh2key.c: add tests vectors from 576 "Liqiang(Larry) Zhu" <lzhu@windows.microsoft.com> 577 578 * lib/hdb/mkey.c: Expose the crypto operations on the master key. 579 580 * lib/krb5/test_pkinit_dh2key.c: even more bits, not done yet 581	574 575 * lib/krb5/test_pkinit_dh2key.c: add tests vectors from 576 "Liqiang(Larry) Zhu" <lzhu@windows.microsoft.com> 577 578 * lib/hdb/mkey.c: Expose the crypto operations on the master key. 579 580 * lib/krb5/test_pkinit_dh2key.c: even more bits, not done yet 581
5822005-08-09 Love H�rnquist �strand <lha@it.su.se>	5822005-08-09 Love H��rnquist ��strand <lha@it.su.se>
583 584 * kdc/kerberos5.c (_kdc_as_rep): preserve the error code in the 585 ENC-TS case. From: Andrew Bartlett <abartlet@samba.org> 586 587 * kdc/kerberos5.c (tgs_rep2): only needs to log "Failed to verify 588 authenticator" once, its already done by 589 tgs_check_authenticator(). 590 --- 7 unchanged lines hidden (view full) --- 598 599 * lib/krb5/krb5_verify_user.3: Document krb5_verify_opt_alloc and 600 krb5_verify_opt_free. 601 602 * lib/hdb/db3.c (DB_open): catch errors from the d->open calls 603 instead of letting them slip though to d->cursor. Bug repport from 604 Andrew Bartlett <abartlet@samba.org> 605	583 584 * kdc/kerberos5.c (_kdc_as_rep): preserve the error code in the 585 ENC-TS case. From: Andrew Bartlett <abartlet@samba.org> 586 587 * kdc/kerberos5.c (tgs_rep2): only needs to log "Failed to verify 588 authenticator" once, its already done by 589 tgs_check_authenticator(). 590 --- 7 unchanged lines hidden (view full) --- 598 599 * lib/krb5/krb5_verify_user.3: Document krb5_verify_opt_alloc and 600 krb5_verify_opt_free. 601 602 * lib/hdb/db3.c (DB_open): catch errors from the d->open calls 603 instead of letting them slip though to d->cursor. Bug repport from 604 Andrew Bartlett <abartlet@samba.org> 605
6062005-07-29 Love H�rnquist �strand <lha@it.su.se>	6062005-07-29 Love H��rnquist ��strand <lha@it.su.se>
607 608 * kdc/Makefile.am (kdc_LDADD): add LDADD 609	607 608 * kdc/Makefile.am (kdc_LDADD): add LDADD 609
6102005-07-28 Love H�rnquist �strand <lha@it.su.se>	6102005-07-28 Love H��rnquist ��strand <lha@it.su.se>
611 612 * kdc/kerberos5.c (_kdc_as_rep): log what enctypes was using in 613 ENC-TS preauth, both for failure and success. 614 615 * kdc/hprop.c: Use the _krb5_krb_life_to_time function from 616 libkrb5 instead of including our own here too. 617 618 * kdc/kerberos5.c: indent printf strings 619 620 * lib/hdb/mkey.c (hdb_unseal_key_mkey): try to unseal key with 621 keyusage 0 in case the key was encrypted with MIT Kerberos (old 622 patch from Johan) 623	611 612 * kdc/kerberos5.c (_kdc_as_rep): log what enctypes was using in 613 ENC-TS preauth, both for failure and success. 614 615 * kdc/hprop.c: Use the _krb5_krb_life_to_time function from 616 libkrb5 instead of including our own here too. 617 618 * kdc/kerberos5.c: indent printf strings 619 620 * lib/hdb/mkey.c (hdb_unseal_key_mkey): try to unseal key with 621 keyusage 0 in case the key was encrypted with MIT Kerberos (old 622 patch from Johan) 623
6242005-07-26 Love H�rnquist �strand <lha@it.su.se>	6242005-07-26 Love H��rnquist ��strand <lha@it.su.se>
625 626 * kdc/pkinit.c: update to pkinit-27 627	625 626 * kdc/pkinit.c: update to pkinit-27 627
6282005-07-23 Love H�rnquist �strand <lha@it.su.se>	6282005-07-23 Love H��rnquist ��strand <lha@it.su.se>
629 630 * lib/krb5/pkinit.c: Adapt to IMPLICIT changes in CMS module. 631	629 630 * lib/krb5/pkinit.c: Adapt to IMPLICIT changes in CMS module. 631
6322005-07-20 Love H�rnquist �strand <lha@it.su.se>	6322005-07-20 Love H��rnquist ��strand <lha@it.su.se>
633 634 * lib/krb5/test_pkinit_dh2key.c: framework for testing 635 _krb5_pk_octetstring2key 636 637 * kpasswd/kpasswdd.c (doit): krb5_addr2sockaddr takes a 638 krb5_socklen_t 639 640 * kdc/connect.c (de_http): sscanf takes a char , not unsigned 641* ditto, cast approriately 642 643 * lib/krb5/crypto.c (_krb5_pk_octetstring2key): make sha1 output 644 unsigned char to match openssl 645	633 634 * lib/krb5/test_pkinit_dh2key.c: framework for testing 635 _krb5_pk_octetstring2key 636 637 * kpasswd/kpasswdd.c (doit): krb5_addr2sockaddr takes a 638 krb5_socklen_t 639 640 * kdc/connect.c (de_http): sscanf takes a char , not unsigned 641* ditto, cast approriately 642 643 * lib/krb5/crypto.c (_krb5_pk_octetstring2key): make sha1 output 644 unsigned char to match openssl 645
6462005-07-14 Love H�rnquist �strand <lha@it.su.se>	6462005-07-14 Love H��rnquist ��strand <lha@it.su.se>
647 648 * lib/hdb/common.c: Check encoder lengths from ASN1_MALLOC_ENCODE. 649	647 648 * lib/hdb/common.c: Check encoder lengths from ASN1_MALLOC_ENCODE. 649
6502005-07-13 Love H�rnquist �strand <lha@it.su.se>	6502005-07-13 Love H��rnquist ��strand <lha@it.su.se>
651 652 * lib/krb5/rd_cred.c (krb5_rd_cred): don't leak memory 653 654 * lib/krb5/get_cred.c (krb5_get_credentials_with_flags): only call 655 krb5_cc_retrieve_cred once, and plug memory leak. 656	651 652 * lib/krb5/rd_cred.c (krb5_rd_cred): don't leak memory 653 654 * lib/krb5/get_cred.c (krb5_get_credentials_with_flags): only call 655 krb5_cc_retrieve_cred once, and plug memory leak. 656
6572005-07-13 Love H�rnquist �strand <lha@it.su.se>	6572005-07-13 Love H��rnquist ��strand <lha@it.su.se>
658 659 * lib/hdb/Makefile.am: the new asn.1 compiler includes the modules 660 name in the depend file 661 662 * lib/krb5/keytab_file.c (fkt_start_seq_get_int): check return 663 value from krb5_storage_from_fd 664 665 * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): client do not contribute 666 to the DH when the server doesn't support the cached DH request. 667 668 * lib/krb5/crypto.c (_krb5_pk_octetstring2key): fix arguments 669	658 659 * lib/hdb/Makefile.am: the new asn.1 compiler includes the modules 660 name in the depend file 661 662 * lib/krb5/keytab_file.c (fkt_start_seq_get_int): check return 663 value from krb5_storage_from_fd 664 665 * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): client do not contribute 666 to the DH when the server doesn't support the cached DH request. 667 668 * lib/krb5/crypto.c (_krb5_pk_octetstring2key): fix arguments 669
6702005-07-12 Love H�rnquist �strand <lha@it.su.se>	6702005-07-12 Love H��rnquist ��strand <lha@it.su.se>
671 672 * lib/krb5/pkinit.c: clean up pk-init DH support, not finished 673 yet; improve error reporting 674 675 * lib/krb5/crypto.c (_krb5_pk_octetstring2key): string2key 676 function used in pk-init-25 677 678 * configure.in: Use a configure switch to turn on PK-INIT, not by 679 detecting existence of the new ASN.1 library. 680 681 * lib/asn1: Much improved ASN.1 compiler from joda-choice-branch. 682 683 Highlighs for the compiler is support for CHOICE and in general better 684 support for tags. This compiler support most of what is needed for 685 PK-INIT, LDAP, X.509, PKCS-12 and many other protocols. 686	671 672 * lib/krb5/pkinit.c: clean up pk-init DH support, not finished 673 yet; improve error reporting 674 675 * lib/krb5/crypto.c (_krb5_pk_octetstring2key): string2key 676 function used in pk-init-25 677 678 * configure.in: Use a configure switch to turn on PK-INIT, not by 679 detecting existence of the new ASN.1 library. 680 681 * lib/asn1: Much improved ASN.1 compiler from joda-choice-branch. 682 683 Highlighs for the compiler is support for CHOICE and in general better 684 support for tags. This compiler support most of what is needed for 685 PK-INIT, LDAP, X.509, PKCS-12 and many other protocols. 686
6872005-07-10 Love H�rnquist �strand <lha@it.su.se>	6872005-07-10 Love H��rnquist ��strand <lha@it.su.se>
688 689 * lib/asn1: make scope variables unique to avoid shadow warnings 690	688 689 * lib/asn1: make scope variables unique to avoid shadow warnings 690
6912005-07-09 Love H�rnquist �strand <lha@it.su.se>	6912005-07-09 Love H��rnquist ��strand <lha@it.su.se>
692 693 * lib/krb5/krb5.h: comment out paramenter name in typedef 694 functions to avoid shadow warnings 695 696 * lib/krb5/crypto.c: make input data to krb5_encrypt{,_ivec} const 697 698 * kuser/klist.c: If there are no addresses, print addressless 699 instead of nothing. --- 6 unchanged lines hidden (view full) --- 706 707 * lib/krb5/test_crypto_wrapping.c: ETYPE_ARCFOUR_HMAC_MD5_56 isn't 708 not supported 709 710 * lib/krb5/test_crypto_wrapping.c: test encryption wrapping 711 712 * lib/krb5/test_crypto.c (time_encryption): free cleartext buffer 713	692 693 * lib/krb5/krb5.h: comment out paramenter name in typedef 694 functions to avoid shadow warnings 695 696 * lib/krb5/crypto.c: make input data to krb5_encrypt{,_ivec} const 697 698 * kuser/klist.c: If there are no addresses, print addressless 699 instead of nothing. --- 6 unchanged lines hidden (view full) --- 706 707 * lib/krb5/test_crypto_wrapping.c: ETYPE_ARCFOUR_HMAC_MD5_56 isn't 708 not supported 709 710 * lib/krb5/test_crypto_wrapping.c: test encryption wrapping 711 712 * lib/krb5/test_crypto.c (time_encryption): free cleartext buffer 713
7142005-07-08 Love H�rnquist �strand <lha@it.su.se>	7142005-07-08 Love H��rnquist ��strand <lha@it.su.se>
715 716 * configure.in: run AM_INIT_AUTOMAKE before AM_PROG_CC_C_O 717 otherwise am_aux_dir will be expanded using ac_aux_dir before the 718 later is set. 719 720 * configure.in: check for strings.h explicitly instead of 721 depending on AC_HEADER_STDC to check it for us 722 7232005-07-07 Assar Westerlund <assar@kth.se> 724 725 * configure.in: add AM_PROG_CC_C_O for automake 1.9 726	715 716 * configure.in: run AM_INIT_AUTOMAKE before AM_PROG_CC_C_O 717 otherwise am_aux_dir will be expanded using ac_aux_dir before the 718 later is set. 719 720 * configure.in: check for strings.h explicitly instead of 721 depending on AC_HEADER_STDC to check it for us 722 7232005-07-07 Assar Westerlund <assar@kth.se> 724 725 * configure.in: add AM_PROG_CC_C_O for automake 1.9 726
7272005-07-06 Love H�rnquist �strand <lha@it.su.se>	7272005-07-06 Love H��rnquist ��strand <lha@it.su.se>
728 729 * lib/krb5/keytab.c (krb5_kt_get_entry): clear error string when 730 returning a new error 731 732 * lib/krb5/keytab.c: krb5_kt_close frees all resources, even on 733 error. 734 735 * lib/krb5/verify_init.c (krb5_verify_init_creds): `entry' unused, 736 remove From: "Henry B. Hotz" <hotz@jpl.nasa.gov> 737	728 729 * lib/krb5/keytab.c (krb5_kt_get_entry): clear error string when 730 returning a new error 731 732 * lib/krb5/keytab.c: krb5_kt_close frees all resources, even on 733 error. 734 735 * lib/krb5/verify_init.c (krb5_verify_init_creds): `entry' unused, 736 remove From: "Henry B. Hotz" <hotz@jpl.nasa.gov> 737
7382005-07-05 Love H�rnquist �strand <lha@it.su.se>	7382005-07-05 Love H��rnquist ��strand <lha@it.su.se>
739 740 * doc/win2k.texi: arcfour-hmac-md5 support for windows cross was 741 added in w2k3-sp1 From David Love 742 743 * doc/setup.texi: document kadmin command password-quality instead 744 of the not installed test_pw_quality 745 746 * lib/krb5/krb5_get_init_creds.3: Spelling, from David Love 747 748 * fix-export: build kdc-protos.h 749	739 740 * doc/win2k.texi: arcfour-hmac-md5 support for windows cross was 741 added in w2k3-sp1 From David Love 742 743 * doc/setup.texi: document kadmin command password-quality instead 744 of the not installed test_pw_quality 745 746 * lib/krb5/krb5_get_init_creds.3: Spelling, from David Love 747 748 * fix-export: build kdc-protos.h 749
7502005-07-01 Love H�rnquist �strand <lha@it.su.se>	7502005-07-01 Love H��rnquist ��strand <lha@it.su.se>
751 752 * kdc: prefix pkinit symbols with _kdc 753 754 * kuser/kinit.c: avoid shadowing variables 755 756 * kuser: s/optind/optidx/ 757 758 * kdc: adapt pkinit code to libkdc split 759	751 752 * kdc: prefix pkinit symbols with _kdc 753 754 * kuser/kinit.c: avoid shadowing variables 755 756 * kuser: s/optind/optidx/ 757 758 * kdc: adapt pkinit code to libkdc split 759
7602005-06-30 Love H�rnquist �strand <lha@it.su.se>	7602005-06-30 Love H��rnquist ��strand <lha@it.su.se>
761 762 * tools/Makefile.am: add depency on LIB_dlopen and LIB_door_create 763 764 * tools/krb5-config.in: add depency on LIB_dlopen and LIB_door_create 765 766 * kdc/kdc_locl.h: indent, remove dup prototypes 767 768 * kdc/libkdc: don't pollute namespace, generate public headerfile --- 7 unchanged lines hidden (view full) --- 776 * kdc: Merge in the libkdc/kdc configuration split from Andrew 777 Bartlet <abartlet@samba.org> 778 779 * lib/krb5/crypto.c: optionally compile in support for afs string2key 780 781 * configure.in: add --disable-afs-string-to-key to allow removal 782 of support for afs string2key (and dependency on crypt) 783	761 762 * tools/Makefile.am: add depency on LIB_dlopen and LIB_door_create 763 764 * tools/krb5-config.in: add depency on LIB_dlopen and LIB_door_create 765 766 * kdc/kdc_locl.h: indent, remove dup prototypes 767 768 * kdc/libkdc: don't pollute namespace, generate public headerfile --- 7 unchanged lines hidden (view full) --- 776 * kdc: Merge in the libkdc/kdc configuration split from Andrew 777 Bartlet <abartlet@samba.org> 778 779 * lib/krb5/crypto.c: optionally compile in support for afs string2key 780 781 * configure.in: add --disable-afs-string-to-key to allow removal 782 of support for afs string2key (and dependency on crypt) 783
7842005-06-29 Love H�rnquist �strand <lha@it.su.se>	7842005-06-29 Love H��rnquist ��strand <lha@it.su.se>
785 786 * kdc/kerberos5.c: Add logging of all timestamps in AS-REQ and 787 TGS-REQ, for auditing 788 789 * kdc/kerberos5.c (as_req): print the supported encryption types 790 so its possible to know what clients to update. 791 (find_rpath): return const char * and update callers. 792 7932005-06-28 Luke Howard <lukeh@padl.com> 794 795 * kcm/connect.c: fix arguments to kcm_log() when reporting 796 sendmsg() error 797 798 * kcm/connect.c: don't send socket address in msghdr, it 799 returns an already connected error on Linux 800	785 786 * kdc/kerberos5.c: Add logging of all timestamps in AS-REQ and 787 TGS-REQ, for auditing 788 789 * kdc/kerberos5.c (as_req): print the supported encryption types 790 so its possible to know what clients to update. 791 (find_rpath): return const char * and update callers. 792 7932005-06-28 Luke Howard <lukeh@padl.com> 794 795 * kcm/connect.c: fix arguments to kcm_log() when reporting 796 sendmsg() error 797 798 * kcm/connect.c: don't send socket address in msghdr, it 799 returns an already connected error on Linux 800
8012005-06-24 Love H�rnquist �strand <lha@it.su.se>	8012005-06-24 Love H��rnquist ��strand <lha@it.su.se>
802 803 * kdc/524.c: Always include <krb5-v4compat.h>. 804	802 803 * kdc/524.c: Always include <krb5-v4compat.h>. 804
8052005-06-23 Love H�rnquist �strand <lha@it.su.se>	8052005-06-23 Love H��rnquist ��strand <lha@it.su.se>
806 807 * doc/intro.texi: no more libdes, gssapi lib is complete 808 809 * lib/krb5/krb5.conf.5: Documentation for password quality 810 control. From: "James F. Hranicky" <jfh@cise.ufl.edu> 811 812 * lib/krb5/verify_krb5_conf.c (password_quality_entries): add 813 min_length and min_classes 814 815 * kdc/kaserver.c: log the kaserver requests, avoid shadowing 816 variables 817 818 * lib/hdb/db3.c (DB_open): in case of error, close database 819 820 * lib/hdb/ndbm.c (NDBM_open): in case of error, close database 821 822 * lib/hdb/db.c (DB_open): in case of error, close database 823	806 807 * doc/intro.texi: no more libdes, gssapi lib is complete 808 809 * lib/krb5/krb5.conf.5: Documentation for password quality 810 control. From: "James F. Hranicky" <jfh@cise.ufl.edu> 811 812 * lib/krb5/verify_krb5_conf.c (password_quality_entries): add 813 min_length and min_classes 814 815 * kdc/kaserver.c: log the kaserver requests, avoid shadowing 816 variables 817 818 * lib/hdb/db3.c (DB_open): in case of error, close database 819 820 * lib/hdb/ndbm.c (NDBM_open): in case of error, close database 821 822 * lib/hdb/db.c (DB_open): in case of error, close database 823
8242005-06-20 Love H�rnquist �strand <lha@it.su.se>	8242005-06-20 Love H��rnquist ��strand <lha@it.su.se>
825 826 * kcm/kcm.8: fix example 827	825 826 * kcm/kcm.8: fix example 827
8282005-06-17 Love H�rnquist �strand <lha@it.su.se>	8282005-06-17 Love H��rnquist ��strand <lha@it.su.se>
829 830 * lib/krb5/rd_rep.c: indent 831 832 * lib/krb5/rd_rep.c (krb5_rd_rep): check if 833 KRB5_AUTH_CONTEXT_DO_TIME set and use that as a que that timestamp 834 should be checked, DCE-STYLE gssapi needs to be able to tweek this 835 836 * kdc/string2key.c: rename optind to optidx --- 42 unchanged lines hidden (view full) --- 879 * lib/krb5/kcm.c: unconst argumen to connect, unconst argument to 880 krb5_store (XXX this should be fixed, krb5_store doesn't need to 881 modify its argument) 882 883 * lib/krb5/init_creds_pw.c (default_s2k_func): unconst password 884 885 * lib/krb5/crypto.c: rename `encrypt' to avoid shadow warning 886	829 830 * lib/krb5/rd_rep.c: indent 831 832 * lib/krb5/rd_rep.c (krb5_rd_rep): check if 833 KRB5_AUTH_CONTEXT_DO_TIME set and use that as a que that timestamp 834 should be checked, DCE-STYLE gssapi needs to be able to tweek this 835 836 * kdc/string2key.c: rename optind to optidx --- 42 unchanged lines hidden (view full) --- 879 * lib/krb5/kcm.c: unconst argumen to connect, unconst argument to 880 krb5_store (XXX this should be fixed, krb5_store doesn't need to 881 modify its argument) 882 883 * lib/krb5/init_creds_pw.c (default_s2k_func): unconst password 884 885 * lib/krb5/crypto.c: rename `encrypt' to avoid shadow warning 886
8872005-06-16 Love H�rnquist �strand <lha@it.su.se>	8872005-06-16 Love H��rnquist ��strand <lha@it.su.se>
888 889 * lib/krb5/principal.c: rename index to idx 890 891 * lib/krb5/mk_error.c: use rk_UNCONST 892 893 * lib/krb5/fcache.c: rename to avoid shadowing 894 895 * lib/krb5/config_file.c: rename to avoid shadowing --- 43 unchanged lines hidden (view full) --- 939 of the local `realm' to srealm to avoid shadowing 940 941 * kdc/kerberos5.c (tgs_rep2): rename one of the tkey to uukey to 942 avoid shadow warning 943 944 * kdc/kerberos5.c (tgs_rep2): rename loop to nloop to avoid shadow 945 warning 946	888 889 * lib/krb5/principal.c: rename index to idx 890 891 * lib/krb5/mk_error.c: use rk_UNCONST 892 893 * lib/krb5/fcache.c: rename to avoid shadowing 894 895 * lib/krb5/config_file.c: rename to avoid shadowing --- 43 unchanged lines hidden (view full) --- 939 of the local `realm' to srealm to avoid shadowing 940 941 * kdc/kerberos5.c (tgs_rep2): rename one of the tkey to uukey to 942 avoid shadow warning 943 944 * kdc/kerberos5.c (tgs_rep2): rename loop to nloop to avoid shadow 945 warning 946
9472005-06-15 Love H�rnquist �strand <lha@it.su.se>	9472005-06-15 Love H��rnquist ��strand <lha@it.su.se>
948 949 * Release 0.7, see branch 950	948 949 * Release 0.7, see branch 950
9512005-06-14 Love H�rnquist �strand <lha@it.su.se>	9512005-06-14 Love H��rnquist ��strand <lha@it.su.se>
952 953 * lib/krb5/Makefile.am: TESTS += test_mem libkrb5_la_SOURCES += 954 kcm.h 955 956 * kuser/kinit.c (main): catch KRB5_CONFIG_BADFORMAT from 957 krb5_init_context 958 959 * kdc/main.c (main): catch KRB5_CONFIG_BADFORMAT from 960 krb5_init_context 961 962 * lib/krb5/verify_krb5_conf.c (main): catch KRB5_CONFIG_BADFORMAT 963 from krb5_init_context From: Mathias Feiler 964 <feiler@uni-hohenheim.de> 965 966 * lib/krb5/verify_krb5_conf.c: Add more missig entires, from 967 Mathias Feiler <feiler@uni-hohenheim.de> 968	952 953 * lib/krb5/Makefile.am: TESTS += test_mem libkrb5_la_SOURCES += 954 kcm.h 955 956 * kuser/kinit.c (main): catch KRB5_CONFIG_BADFORMAT from 957 krb5_init_context 958 959 * kdc/main.c (main): catch KRB5_CONFIG_BADFORMAT from 960 krb5_init_context 961 962 * lib/krb5/verify_krb5_conf.c (main): catch KRB5_CONFIG_BADFORMAT 963 from krb5_init_context From: Mathias Feiler 964 <feiler@uni-hohenheim.de> 965 966 * lib/krb5/verify_krb5_conf.c: Add more missig entires, from 967 Mathias Feiler <feiler@uni-hohenheim.de> 968
9692005-06-11 Love H�rnquist �strand <lha@it.su.se>	9692005-06-11 Love H��rnquist ��strand <lha@it.su.se>
970 971 * kdc/pkinit.c (pk_principal_from_X509): remember to free 972 KRB5PrincipalName 973 974 * lib/krb5/log.c (krb5_closelog): free all content in 975 krb5_log_facility 976	970 971 * kdc/pkinit.c (pk_principal_from_X509): remember to free 972 KRB5PrincipalName 973 974 * lib/krb5/log.c (krb5_closelog): free all content in 975 krb5_log_facility 976
9772005-06-08 Love H�rnquist �strand <lha@it.su.se>	9772005-06-08 Love H��rnquist ��strand <lha@it.su.se>
978 979 * kdc/524.c: init kvno to please gcc 980 981 * kdc/kaserver.c (do_authenticate): check return value from 982 unparse_auth_args 983 9842005-06-07 Dave Love <fx@gnu.org> 985 986 * doc/setup.texi: Spelling. 987 988 * doc/programming.texi: Spelling. 989 9902005-06-02 Dave Love <fx@gnu.org> 991 992 * kcm/connect.c (kcm_door_server): Make static. 993 994 * kcm/kcm_locl.h (disallow_getting_krbtgt): Declare. 995	978 979 * kdc/524.c: init kvno to please gcc 980 981 * kdc/kaserver.c (do_authenticate): check return value from 982 unparse_auth_args 983 9842005-06-07 Dave Love <fx@gnu.org> 985 986 * doc/setup.texi: Spelling. 987 988 * doc/programming.texi: Spelling. 989 9902005-06-02 Dave Love <fx@gnu.org> 991 992 * kcm/connect.c (kcm_door_server): Make static. 993 994 * kcm/kcm_locl.h (disallow_getting_krbtgt): Declare. 995
9962005-06-02 Love H�rnquist �strand <lha@it.su.se>	9962005-06-02 Love H��rnquist ��strand <lha@it.su.se>
997 998 * kdc/mit_dump.c (mit_prop_dump): cast argument to 999 krb5_parse_principal to avoid warning 1000 1001 * kdc/mit_dump.c: rename KRB5_TL_MOD_PRINC to 1002 mit_KRB5_TL_MOD_PRINC to hint its a constant originating from mit 1003 codebase 1004	997 998 * kdc/mit_dump.c (mit_prop_dump): cast argument to 999 krb5_parse_principal to avoid warning 1000 1001 * kdc/mit_dump.c: rename KRB5_TL_MOD_PRINC to 1002 mit_KRB5_TL_MOD_PRINC to hint its a constant originating from mit 1003 codebase 1004
10052005-06-01 Love H�rnquist �strand <lha@it.su.se>	10052005-06-01 Love H��rnquist ��strand <lha@it.su.se>
1006 1007 * lib/krb5/store.c: If we are allocating 0 entires, avoid failing 1008 if ALLOC returns NULL 1009 1010 * lib/krb5/verify_krb5_conf.c: Check for [kdc]v4-realm 1011 1012 * lib/krb5/cache.c: When returning a new error code, set error 1013 string. 1014	1006 1007 * lib/krb5/store.c: If we are allocating 0 entires, avoid failing 1008 if ALLOC returns NULL 1009 1010 * lib/krb5/verify_krb5_conf.c: Check for [kdc]v4-realm 1011 1012 * lib/krb5/cache.c: When returning a new error code, set error 1013 string. 1014
10152005-05-31 Love H�rnquist �strand <lha@it.su.se>	10152005-05-31 Love H��rnquist ��strand <lha@it.su.se>
1016 1017 * lib/krb5/keytab_file.c: Adapt to changed signature of 1018 _krb5_xunlock, clear more error string where needed. 1019 1020 * lib/krb5/fcache.c (_krb5_xunlock): catch the error and turn it 1021 into something sensable 1022	1016 1017 * lib/krb5/keytab_file.c: Adapt to changed signature of 1018 _krb5_xunlock, clear more error string where needed. 1019 1020 * lib/krb5/fcache.c (_krb5_xunlock): catch the error and turn it 1021 into something sensable 1022
10232005-05-30 Love H�rnquist �strand <lha@it.su.se>	10232005-05-30 Love H��rnquist ��strand <lha@it.su.se>
1024 1025 * kdc/kerberos5.c (tgs_make_reply): copy ok-as-delegate flag from 1026 server entry to encrypted ticket flags 1027 10282005-05-30 Johan Danielsson <joda@pdc.kth.se> 1029 1030 * kdc/connect.c: rename sendlength to prependlength (which 1031 hopefully better represents its purpose), and change type to 1032 krb5_boolean 1033 1034 * kdc/connect.c: log signal causing exit 1035 1036 * kdc/main.c (sigterm): set exit_flag to signal causing exit; 1037 (main): trap SIGXCPU 1038	1024 1025 * kdc/kerberos5.c (tgs_make_reply): copy ok-as-delegate flag from 1026 server entry to encrypted ticket flags 1027 10282005-05-30 Johan Danielsson <joda@pdc.kth.se> 1029 1030 * kdc/connect.c: rename sendlength to prependlength (which 1031 hopefully better represents its purpose), and change type to 1032 krb5_boolean 1033 1034 * kdc/connect.c: log signal causing exit 1035 1036 * kdc/main.c (sigterm): set exit_flag to signal causing exit; 1037 (main): trap SIGXCPU 1038
10392005-05-30 Love H�rnquist �strand <lha@it.su.se>	10392005-05-30 Love H��rnquist ��strand <lha@it.su.se>
1040 1041 * kcm/kcm.8: document --disallow-getting-krbtgt and --door-path 1042 1043 * kcm/protocol.c (kcm_op_retrieve): check server for krbtgt, not 1044 client 1045 1046 * kcm/main.c: ignore SIGPIPE 1047 1048 * kcm/protocol.c: Add option to disallow getting krbtgt out from 1049 from KCM. KCM will do the fetching part itself. 1050 1051 * kcm/config.c: Add option to disallow getting krbtgt out from 1052 from KCM. KCM will do the fetching part itself. 1053 10542005-05-30 Luke Howard <lukeh@padl.com> 1055 1056 * kcm/events.c: if credentials have expired when attempting 1057 to renew, attempt to reacquire them using initial creds 1058	1040 1041 * kcm/kcm.8: document --disallow-getting-krbtgt and --door-path 1042 1043 * kcm/protocol.c (kcm_op_retrieve): check server for krbtgt, not 1044 client 1045 1046 * kcm/main.c: ignore SIGPIPE 1047 1048 * kcm/protocol.c: Add option to disallow getting krbtgt out from 1049 from KCM. KCM will do the fetching part itself. 1050 1051 * kcm/config.c: Add option to disallow getting krbtgt out from 1052 from KCM. KCM will do the fetching part itself. 1053 10542005-05-30 Luke Howard <lukeh@padl.com> 1055 1056 * kcm/events.c: if credentials have expired when attempting 1057 to renew, attempt to reacquire them using initial creds 1058
10592005-05-29 Love H�rnquist �strand <lha@it.su.se>	10592005-05-29 Love H��rnquist ��strand <lha@it.su.se>
1060	1060
1061 * lib/krb5/krb5_principal.3: Spelling, from Bj�rn Sandell	1061 * lib/krb5/krb5_principal.3: Spelling, from Bj��rn Sandell
1062	1062
1063 * doc/setup.texi: spelling, from Bj�rn Sandell	1063 * doc/setup.texi: spelling, from Bj��rn Sandell
1064 1065 * lib/krb5/name-45-test.c: XXX don't run the test unless the 1066 machine is in kth.se or su.se because it depends on local resolver 1067 configuration. 1068 1069 * lib/hdb/hdb.c: provde RTLD_NOW and RTLD_GLOBAL if they don't 1070 exists 1071 --- 47 unchanged lines hidden (view full) --- 1119 ditto 1120 1121 * lib/krb5/cache.c (_krb5_expand_default_cc_name): change format 1122 for expantion variables to %{variable} to not confuse them with 1123 shell ditto 1124 1125 * kcm/connect.c: add LOCAL_PEERCRED and experimental doors support 1126	1064 1065 * lib/krb5/name-45-test.c: XXX don't run the test unless the 1066 machine is in kth.se or su.se because it depends on local resolver 1067 configuration. 1068 1069 * lib/hdb/hdb.c: provde RTLD_NOW and RTLD_GLOBAL if they don't 1070 exists 1071 --- 47 unchanged lines hidden (view full) --- 1119 ditto 1120 1121 * lib/krb5/cache.c (_krb5_expand_default_cc_name): change format 1122 for expantion variables to %{variable} to not confuse them with 1123 shell ditto 1124 1125 * kcm/connect.c: add LOCAL_PEERCRED and experimental doors support 1126
11272005-05-27 Love H�rnquist �strand <lha@it.su.se>	11272005-05-27 Love H��rnquist ��strand <lha@it.su.se>
1128 1129 * appl/kf/kfd.c: case uid_t to unsigned long in printf format 1130	1128 1129 * appl/kf/kfd.c: case uid_t to unsigned long in printf format 1130
11312005-05-25 Love H�rnquist �strand <lha@it.su.se>	11312005-05-25 Love H��rnquist ��strand <lha@it.su.se>
1132 1133 * lib/krb5/krb5_auth_context.3: remove trailing space 1134	1132 1133 * lib/krb5/krb5_auth_context.3: remove trailing space 1134
11352005-05-24 Love H�rnquist �strand <lha@it.su.se>	11352005-05-24 Love H��rnquist ��strand <lha@it.su.se>
1136 1137 * kcm/connect.c (do_request): use sendmsg to send the reply 1138 1139 * fix-export: add make_proto for kcm/kcm_protos.h 1140 1141 * kcm/kcm_locl.h: remove prototypes and add <kcm_protos.h> 1142 1143 * kcm/Makefile.am (kcm_SOURCES): add headerfiles --- 10 unchanged lines hidden (view full) --- 1154 1155 * lib/krb5/kcm.c (kcm_alloc): allow kcm socket to be configured by 1156 [libdefaults]kcm_socket=/path 1157 11582005-05-24 David Love <fx@gnu.org> 1159 1160 * kcm/kcm.8: KRB5CCNAME needs an literal uid, not ${uid}, spelling 1161	1136 1137 * kcm/connect.c (do_request): use sendmsg to send the reply 1138 1139 * fix-export: add make_proto for kcm/kcm_protos.h 1140 1141 * kcm/kcm_locl.h: remove prototypes and add <kcm_protos.h> 1142 1143 * kcm/Makefile.am (kcm_SOURCES): add headerfiles --- 10 unchanged lines hidden (view full) --- 1154 1155 * lib/krb5/kcm.c (kcm_alloc): allow kcm socket to be configured by 1156 [libdefaults]kcm_socket=/path 1157 11582005-05-24 David Love <fx@gnu.org> 1159 1160 * kcm/kcm.8: KRB5CCNAME needs an literal uid, not ${uid}, spelling 1161
11622005-05-23 Love H�rnquist �strand <lha@it.su.se>	11622005-05-23 Love H��rnquist ��strand <lha@it.su.se>
1163 1164 * kcm/protocol.c: Merge the description and function jumptables 1165 into one structure. Use the length of the array when checking if 1166 opcode is value, not a constant. 1167 1168 * kcm/kcm_locl.h: struct kcm_op: jumptable structure 1169 1170 * kcm/main.c: move declaration of detach_from_console away from --- 4 unchanged lines hidden (view full) --- 1175 * kdc/config.c: Don't test HAVE_DAEMON since roken supplies it. 1176 11772005-05-23 Dave Love <fx@gnu.org> 1178 1179 * kcm/config.c: Don't test HAVE_DAEMON since roken supplies it. 1180 1181 * kdc/main.c: Don't test HAVE_DAEMON since roken supplies it. 1182	1163 1164 * kcm/protocol.c: Merge the description and function jumptables 1165 into one structure. Use the length of the array when checking if 1166 opcode is value, not a constant. 1167 1168 * kcm/kcm_locl.h: struct kcm_op: jumptable structure 1169 1170 * kcm/main.c: move declaration of detach_from_console away from --- 4 unchanged lines hidden (view full) --- 1175 * kdc/config.c: Don't test HAVE_DAEMON since roken supplies it. 1176 11772005-05-23 Dave Love <fx@gnu.org> 1178 1179 * kcm/config.c: Don't test HAVE_DAEMON since roken supplies it. 1180 1181 * kdc/main.c: Don't test HAVE_DAEMON since roken supplies it. 1182
11832005-05-23 Love H�rnquist �strand <lha@it.su.se>	11832005-05-23 Love H��rnquist ��strand <lha@it.su.se>
1184 1185 * lib/krb5/krb5_keytab.3: document WRFILE and JAVA14 1186	1184 1185 * lib/krb5/krb5_keytab.3: document WRFILE and JAVA14 1186
11872005-05-20 Love H�rnquist �strand <lha@it.su.se>	11872005-05-20 Love H��rnquist ��strand <lha@it.su.se>
1188 1189 * lib/krb5/krbhst.c (srv_get_hosts): if srv_get_hosts failes, 1190 return and ignore the error 1191 1192 * lib/krb5/krbhst.c (srv_find_realm): make sure `res' and `count' 1193 have good values 1194 1195 * lib/krb5/test_keytab.c: tests all keytab format 1196	1188 1189 * lib/krb5/krbhst.c (srv_get_hosts): if srv_get_hosts failes, 1190 return and ignore the error 1191 1192 * lib/krb5/krbhst.c (srv_find_realm): make sure `res' and `count' 1193 have good values 1194 1195 * lib/krb5/test_keytab.c: tests all keytab format 1196
11972005-05-19 Love H�rnquist �strand <lha@it.su.se>	11972005-05-19 Love H��rnquist ��strand <lha@it.su.se>
1198 1199 * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): non non asn1 decoding 1200 errors, fail. Make sure we free memory on error. 1201 (pk_verify_chain_standard): make sure we provide good errors. 1202 1203 * lib/krb5/verify_krb5_conf.c: add missing options, prompted by 1204 James F. Hranicky mail to heimdal-discuss 1205 --- 18 unchanged lines hidden (view full) --- 1224 1225 * lib/krb5/keytab_krb4.c (fkt_remove_entry): need to call 1226 krb5_kt_free_entry after each krb5_kt_next_entry. 1227 1228 * lib/krb5/keytab_file.c (fkt_remove_entry): need to call 1229 krb5_kt_free_entry after each fkt_next_entry_int. From: Wynn 1230 Wilkes <wwilkes@vintela.com> 1231	1198 1199 * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): non non asn1 decoding 1200 errors, fail. Make sure we free memory on error. 1201 (pk_verify_chain_standard): make sure we provide good errors. 1202 1203 * lib/krb5/verify_krb5_conf.c: add missing options, prompted by 1204 James F. Hranicky mail to heimdal-discuss 1205 --- 18 unchanged lines hidden (view full) --- 1224 1225 * lib/krb5/keytab_krb4.c (fkt_remove_entry): need to call 1226 krb5_kt_free_entry after each krb5_kt_next_entry. 1227 1228 * lib/krb5/keytab_file.c (fkt_remove_entry): need to call 1229 krb5_kt_free_entry after each fkt_next_entry_int. From: Wynn 1230 Wilkes <wwilkes@vintela.com> 1231
12322005-05-18 Love H�rnquist �strand <lha@it.su.se>	12322005-05-18 Love H��rnquist ��strand <lha@it.su.se>
1233 1234 * lib/krb5/Makefile.am: TESTS += test_keytab 1235 1236 * lib/krb5/keytab_krb4.c (krb4_kt_remove_entry): plug memory leaks, 1237 avoid crashing on empty keytab 1238 1239 * lib/krb5/krb5_keytab.3: document behavior of 1240 krb5_kt_remove_entry --- 11 unchanged lines hidden (view full) --- 1252 mit_glue,rd_error}.c:zero out content of all krb5_free_x_content 1253 like functions to make sure data doesnt get reused, idea from 1254 Wynn Wilkes <wwilkes@vintela.com> 1255 1256 * lib/krb5/krb5_get_credentials.3: document KRB5_GC_EXPIRED_OK 1257 1258 * lib/krb5/krb5.3: add krb5_cc_new_unique 1259	1233 1234 * lib/krb5/Makefile.am: TESTS += test_keytab 1235 1236 * lib/krb5/keytab_krb4.c (krb4_kt_remove_entry): plug memory leaks, 1237 avoid crashing on empty keytab 1238 1239 * lib/krb5/krb5_keytab.3: document behavior of 1240 krb5_kt_remove_entry --- 11 unchanged lines hidden (view full) --- 1252 mit_glue,rd_error}.c:zero out content of all krb5_free_x_content 1253 like functions to make sure data doesnt get reused, idea from 1254 Wynn Wilkes <wwilkes@vintela.com> 1255 1256 * lib/krb5/krb5_get_credentials.3: document KRB5_GC_EXPIRED_OK 1257 1258 * lib/krb5/krb5.3: add krb5_cc_new_unique 1259
12602005-05-17 Love H�rnquist �strand <lha@it.su.se>	12602005-05-17 Love H��rnquist ��strand <lha@it.su.se>
1261 1262 * lib/krb5/fcache.c (fcc_get_first): check return value from 1263 malloc, memset the structure, make sure cursor doesn't point to 1264 freed memory on failure. From: Wynn Wilkes <wwilkes@vintela.com> 1265 1266 * lib/krb5/krb5_auth_context.3: document 1267 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED 1268 --- 11 unchanged lines hidden (view full) --- 1280 * lib/krb5/context.c (krb5_init_context): register krb5_javakt_ops 1281 1282 * lib/krb5/krb5.h: KRB5_GC_EXPIRED_OK: expired credentials is ok 1283 to return from krb5_get_credentials. 1284 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED: make forward credentials 1285 be unencrypted, for compatibility with mit kerberos and java 1286 kerberos. krb5_javakt_ops: export 1287	1261 1262 * lib/krb5/fcache.c (fcc_get_first): check return value from 1263 malloc, memset the structure, make sure cursor doesn't point to 1264 freed memory on failure. From: Wynn Wilkes <wwilkes@vintela.com> 1265 1266 * lib/krb5/krb5_auth_context.3: document 1267 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED 1268 --- 11 unchanged lines hidden (view full) --- 1280 * lib/krb5/context.c (krb5_init_context): register krb5_javakt_ops 1281 1282 * lib/krb5/krb5.h: KRB5_GC_EXPIRED_OK: expired credentials is ok 1283 to return from krb5_get_credentials. 1284 KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED: make forward credentials 1285 be unencrypted, for compatibility with mit kerberos and java 1286 kerberos. krb5_javakt_ops: export 1287
12882005-05-16 Love H�rnquist �strand <lha@it.su.se>	12882005-05-16 Love H��rnquist ��strand <lha@it.su.se>
1289 1290 * lib/krb5/keytab_file.c: Add new keytab file format JAVA14 that 1291 doesn't the use extended kvnos, as hinted, this is needed for 1292 Java's Kerberos implementation. 1293	1289 1290 * lib/krb5/keytab_file.c: Add new keytab file format JAVA14 that 1291 doesn't the use extended kvnos, as hinted, this is needed for 1292 Java's Kerberos implementation. 1293
12942005-05-10 Love H�rnquist �strand <lha@it.su.se>	12942005-05-10 Love H��rnquist ��strand <lha@it.su.se>
1295 1296 * lib/krb5/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 1297 enckey, still no DH 1298 1299 * kdc/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 enckey, 1300 still no DH 1301 1302 * kdc/kerberos5.c (as_rep): search for pkinit-9, pkinit-19, and 1303 pkinit-25 pa-data, return empty pkinit pa-data in the 1304 PREAUTH_REQUIRED krb-error 1305 1306 * doc/ack.texi: add pkinit people 1307 1308 * lib/krb5/krb5_storage.3: document krb5_storage_is_flags 1309 1310 * lib/krb5/{krb5_compare_creds.3,krb5_get_init_creds.3, 1311 krb5_krbhst_init.3,krb5_storage.3}:	1295 1296 * lib/krb5/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 1297 enckey, still no DH 1298 1299 * kdc/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 enckey, 1300 still no DH 1301 1302 * kdc/kerberos5.c (as_rep): search for pkinit-9, pkinit-19, and 1303 pkinit-25 pa-data, return empty pkinit pa-data in the 1304 PREAUTH_REQUIRED krb-error 1305 1306 * doc/ack.texi: add pkinit people 1307 1308 * lib/krb5/krb5_storage.3: document krb5_storage_is_flags 1309 1310 * lib/krb5/{krb5_compare_creds.3,krb5_get_init_creds.3, 1311 krb5_krbhst_init.3,krb5_storage.3}:
1312 make more pretty, from Bj�rn Sandell	1312 make more pretty, from Bj��rn Sandell
1313 13142005-05-09 Dave Love <fx@gnu.org> 1315 1316 * doc/setup.texi: Fix and clarify password quality check examples. 1317	1313 13142005-05-09 Dave Love <fx@gnu.org> 1315 1316 * doc/setup.texi: Fix and clarify password quality check examples. 1317
13182005-05-09 Love H�rnquist �strand <lha@it.su.se>	13182005-05-09 Love H��rnquist ��strand <lha@it.su.se>
1319 1320 * lib/krb5/kuserok.c (krb5_kuserok): use POSIX_GETPWNAM_R instead 1321 of HAVE_GETPWNAM_R From: Dave Love <d.love@dl.ac.uk> 1322	1319 1320 * lib/krb5/kuserok.c (krb5_kuserok): use POSIX_GETPWNAM_R instead 1321 of HAVE_GETPWNAM_R From: Dave Love <d.love@dl.ac.uk> 1322
13232005-05-07 Love H�rnquist �strand <lha@it.su.se>	13232005-05-07 Love H��rnquist ��strand <lha@it.su.se>
1324 1325 * lib/krb5/addr_families.c (krb5_print_address): catch when the	1324 1325 * lib/krb5/addr_families.c (krb5_print_address): catch when the
1326 unknown adress don't fit. From Bj�rn Sandell	1326 unknown adress don't fit. From Bj��rn Sandell <biorn@dce.chalmers.se>
1327 13282005-05-05 Dave Love <d.love@dl.ac.uk> 1329 1330 * configure.in: fix type right test, include <termios.h> for 1331 sys/strtty.h, not sys/ptyvar.h 1332	1327 13282005-05-05 Dave Love <d.love@dl.ac.uk> 1329 1330 * configure.in: fix type right test, include <termios.h> for 1331 sys/strtty.h, not sys/ptyvar.h 1332
13332005-05-05 Love H�rnquist �strand <lha@it.su.se>	13332005-05-05 Love H��rnquist ��strand <lha@it.su.se>
1334 1335 * lib/krb5/krb5.conf.5: spelling 1336	1334 1335 * lib/krb5/krb5.conf.5: spelling 1336
13372005-05-04 Love H�rnquist �strand <lha@it.su.se>	13372005-05-04 Love H��rnquist ��strand <lha@it.su.se>
1338 1339 * lib/krb5/krb5.conf.5: expand on what "trailing component" means 1340 13412005-05-04 Johan Danielsson <joda@pdc.kth.se> 1342 1343 * lib/krb5/rd_cred.c: put address comparison in separate function 1344 1345 * lib/krb5/krb5_kuserok.3: check the user's ~/.k5login.d directory 1346 for access files, all of which is handled like the regular 1347 ~/.k5login 1348 1349 * lib/krb5/kuserok.c: check the user's ~/.k5login.d directory for 1350 access files, all of which is handled like the regular ~/.k5login 1351	1338 1339 * lib/krb5/krb5.conf.5: expand on what "trailing component" means 1340 13412005-05-04 Johan Danielsson <joda@pdc.kth.se> 1342 1343 * lib/krb5/rd_cred.c: put address comparison in separate function 1344 1345 * lib/krb5/krb5_kuserok.3: check the user's ~/.k5login.d directory 1346 for access files, all of which is handled like the regular 1347 ~/.k5login 1348 1349 * lib/krb5/kuserok.c: check the user's ~/.k5login.d directory for 1350 access files, all of which is handled like the regular ~/.k5login 1351
13522005-05-03 Love H�rnquist �strand <lha@it.su.se>	13522005-05-03 Love H��rnquist ��strand <lha@it.su.se>
1353 1354 * doc/ack.texi: Clearify what version of libdes we are using and 1355 who's code in it we are using. 1356 1357 * kcm/kcm.8: more text about usage 1358 1359 * kcm/Makefile.am: man_MANS += kcm.8 1360 1361 * kcm/kcm.8: initial manpage 1362 1363 * configure.in: if we have a $srcdir/lib/asn1/pkcs12.asn1, define 1364 PKINIT 1365 13662005-05-02 Dave Love <fx@gnu.org> 1367 1368 * configure.in: sys/tty.h (for sys/ptyvar.h) might need termios.h. 1369	1353 1354 * doc/ack.texi: Clearify what version of libdes we are using and 1355 who's code in it we are using. 1356 1357 * kcm/kcm.8: more text about usage 1358 1359 * kcm/Makefile.am: man_MANS += kcm.8 1360 1361 * kcm/kcm.8: initial manpage 1362 1363 * configure.in: if we have a $srcdir/lib/asn1/pkcs12.asn1, define 1364 PKINIT 1365 13662005-05-02 Dave Love <fx@gnu.org> 1367 1368 * configure.in: sys/tty.h (for sys/ptyvar.h) might need termios.h. 1369
13702005-05-02 Love H�rnquist �strand <lha@it.su.se>	13702005-05-02 Love H��rnquist ��strand <lha@it.su.se>
1371 1372 * tools/krb5-config.in: add com_err to required libs 1373 1374 * lib/krb5/pkinit.c (krb5_ui_method_read_string): use the fill in 1375 length 1376 1377 * lib/krb5/init_creds_pw.c: Now that we fixed the signed-ness of 1378 nonce for windows, remove the code that removed the signed 1379 bit. Instead add comment that they still need to be the same 1380 (Kerberos protocol nonce and pk-init nonce) for Windows. 1381 13822005-05-02 David Love <fx@gnu.org> 1383 1384 * lib/krb5/crypto.c: Don't declare des_salt &c as static with 1385 incomplete type (invalid in c89, at least). 1386	1371 1372 * tools/krb5-config.in: add com_err to required libs 1373 1374 * lib/krb5/pkinit.c (krb5_ui_method_read_string): use the fill in 1375 length 1376 1377 * lib/krb5/init_creds_pw.c: Now that we fixed the signed-ness of 1378 nonce for windows, remove the code that removed the signed 1379 bit. Instead add comment that they still need to be the same 1380 (Kerberos protocol nonce and pk-init nonce) for Windows. 1381 13822005-05-02 David Love <fx@gnu.org> 1383 1384 * lib/krb5/crypto.c: Don't declare des_salt &c as static with 1385 incomplete type (invalid in c89, at least). 1386
13872005-05-02 Love H�rnquist �strand <lha@it.su.se>	13872005-05-02 Love H��rnquist ��strand <lha@it.su.se>
1388 1389 * lib/krb5/krb5_locl.h: include <crypt.h> 1390 13912005-05-02 David Love <fx@gnu.org> 1392 1393 * kcm/connect.c (init_socket): rename variable sun to un to avoid 1394 namespace collision. 1395 (handle_stream): Cast arg of krb5_warnx. 1396	1388 1389 * lib/krb5/krb5_locl.h: include <crypt.h> 1390 13912005-05-02 David Love <fx@gnu.org> 1392 1393 * kcm/connect.c (init_socket): rename variable sun to un to avoid 1394 namespace collision. 1395 (handle_stream): Cast arg of krb5_warnx. 1396
13972005-04-30 Love H�rnquist �strand <lha@it.su.se>	13972005-04-30 Love H��rnquist ��strand <lha@it.su.se>
1398 1399 * lib/krb5/init_creds_pw.c: if we are using PKINIT, strip of the 1400 highest bit to make windows PK-INIT happy. Also make the nonces 1401 the same, again for windows, they are using pk-init-9. 1402 1403 XXX check if it isn't the that nonce is an unsigned variable so 1404 its just a asn1 mismatch. 1405 --- 7 unchanged lines hidden (view full) --- 1413 when loading the private key. From: Douglas E. Engert 1414 1415 * lib/krb5: add <err.h> in test programs 1416 1417 * configure.in: sys/ptyvar.h might need <sys/tty.h> 1418 1419 * lib/krb5/Makefile.am: use LIB_com_err for libkrb5.la 1420	1398 1399 * lib/krb5/init_creds_pw.c: if we are using PKINIT, strip of the 1400 highest bit to make windows PK-INIT happy. Also make the nonces 1401 the same, again for windows, they are using pk-init-9. 1402 1403 XXX check if it isn't the that nonce is an unsigned variable so 1404 its just a asn1 mismatch. 1405 --- 7 unchanged lines hidden (view full) --- 1413 when loading the private key. From: Douglas E. Engert 1414 1415 * lib/krb5: add <err.h> in test programs 1416 1417 * configure.in: sys/ptyvar.h might need <sys/tty.h> 1418 1419 * lib/krb5/Makefile.am: use LIB_com_err for libkrb5.la 1420
14212005-04-29 Love H�rnquist �strand <lha@it.su.se>	14212005-04-29 Love H��rnquist ��strand <lha@it.su.se>
1422 1423 * lib/asn1/Makefile.am: use $(LIB_com_err) 1424	1422 1423 * lib/asn1/Makefile.am: use $(LIB_com_err) 1424
14252005-04-28 Love H�rnquist �strand <lha@it.su.se>	14252005-04-28 Love H��rnquist ��strand <lha@it.su.se>
1426 1427 * lib/krb5/context.c (krb5_set_config_files): ignore permission 1428 denied on configuration files, user might not be allowed to read 1429 /var/heimdal/kdc.conf 1430 14312005-04-26 Dave Love <fx@gnu.org> 1432 1433 * lib/krb5/krb5_locl.h: define _POSIX_PTHREAD_SEMANTICS so we get 1434 posix getpwnam_r 1435	1426 1427 * lib/krb5/context.c (krb5_set_config_files): ignore permission 1428 denied on configuration files, user might not be allowed to read 1429 /var/heimdal/kdc.conf 1430 14312005-04-26 Dave Love <fx@gnu.org> 1432 1433 * lib/krb5/krb5_locl.h: define _POSIX_PTHREAD_SEMANTICS so we get 1434 posix getpwnam_r 1435
14362005-04-25 Love H�rnquist �strand <lha@it.su.se>	14362005-04-25 Love H��rnquist ��strand <lha@it.su.se>
1437 1438 * lib/asn1/gen_glue.c: switch the units variable to a 1439 function. gcc-4.1 needs the size of the structure if its defined 1440 as extern struct units foo_units[] an we don't want to include 1441 <parse_units.h> in the generate headerfile 1442	1437 1438 * lib/asn1/gen_glue.c: switch the units variable to a 1439 function. gcc-4.1 needs the size of the structure if its defined 1440 as extern struct units foo_units[] an we don't want to include 1441 <parse_units.h> in the generate headerfile 1442
14432005-04-25 Love H�rnquist �strand <lha@it.su.se>	14432005-04-25 Love H��rnquist ��strand <lha@it.su.se>
1444 1445 * lib/hdb/hdb.schema: add EQUALITY rule for krb5ValidStart, 1446 krb5ValidEnd, krb5PasswordEnd From Howard Chu 1447	1444 1445 * lib/hdb/hdb.schema: add EQUALITY rule for krb5ValidStart, 1446 krb5ValidEnd, krb5PasswordEnd From Howard Chu 1447
14482005-04-24 Love H�rnquist �strand <lha@it.su.se>	14482005-04-24 Love H��rnquist ��strand <lha@it.su.se>
1449 1450 * doc/whatis.texi: comment out docbook stuff for now 1451 1452 * kuser/klist.c: use strlcpy 1453 1454 * doc/ack.texi: we no longer use eay libdes, make acknowledgment 1455 still be there, but claim that we no longer use it. Mark editline 1456 to be a modified version as required by the license. --- 26 unchanged lines hidden (view full) --- 1483 1484 * lib/krb5/v4_glue.c: simplify error handling 1485 1486 * doc/whatis.texi: add docbook version macro of @sub 1487 1488 * doc/heimdal.texi: change the wrapping around the Top node to 1489 ifnottex, make html generation work 1490	1449 1450 * doc/whatis.texi: comment out docbook stuff for now 1451 1452 * kuser/klist.c: use strlcpy 1453 1454 * doc/ack.texi: we no longer use eay libdes, make acknowledgment 1455 still be there, but claim that we no longer use it. Mark editline 1456 to be a modified version as required by the license. --- 26 unchanged lines hidden (view full) --- 1483 1484 * lib/krb5/v4_glue.c: simplify error handling 1485 1486 * doc/whatis.texi: add docbook version macro of @sub 1487 1488 * doc/heimdal.texi: change the wrapping around the Top node to 1489 ifnottex, make html generation work 1490
1491 * lib/krb5/krb5_krbhst_init.3: spelling, from Bj�rn Sandell	1491 * lib/krb5/krb5_krbhst_init.3: spelling, from Bj��rn Sandell
1492 <biorn@dce.chalmers.se> 1493	1492 <biorn@dce.chalmers.se> 1493
1494 * lib/krb5/krb5_get_krbhst.3: spelling, from Bj�rn Sandell	1494 * lib/krb5/krb5_get_krbhst.3: spelling, from Bj��rn Sandell
1495 <biorn@dce.chalmers.se> 1496	1495 <biorn@dce.chalmers.se> 1496
1497 * lib/krb5/krb5_data.3: spelling, from Bj�rn Sandell	1497 * lib/krb5/krb5_data.3: spelling, from Bj��rn Sandell
1498 <biorn@dce.chalmers.se> 1499	1498 <biorn@dce.chalmers.se> 1499
1500 * lib/krb5/krb5_aname_to_localname.3: spelling, from Bj�rn Sandell	1500 * lib/krb5/krb5_aname_to_localname.3: spelling, from Bj��rn Sandell
1501 <biorn@dce.chalmers.se> 1502	1501 <biorn@dce.chalmers.se> 1502
1503 * lib/krb5/krb5_address.3: spelling, from Bj�rn Sandell	1503 * lib/krb5/krb5_address.3: spelling, from Bj��rn Sandell
1504 <biorn@dce.chalmers.se> 1505	1504 <biorn@dce.chalmers.se> 1505
15062005-04-23 Love H�rnquist �strand <lha@it.su.se>	15062005-04-23 Love H��rnquist ��strand <lha@it.su.se>
1507 1508 * kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so 1509 kerberos 4 is always compiled in (still default disabled) 1510 1511 * kdc/kerberos4.c: Use the new Kerberos 4 functions in libkrb5 and 1512 so kerberos 4 is always compiled in (still default disabled) 1513 1514 * lib/krb5/krb5_locl.h: forward declaration of _krb5_krb_auth_data 1515 1516 * lib/krb5/convert_creds.c: Move the kerberos v4 replacement 1517 functions to v4_glue.c 1518 1519 * lib/krb5/v4_glue.c: Implement enough of kerberos 4 protocol to 1520 be a KDC, move the v4 bits over here 1521 1522 * lib/krb5/krb5-v4compat.h: add more v4 defines 1523	1507 1508 * kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so 1509 kerberos 4 is always compiled in (still default disabled) 1510 1511 * kdc/kerberos4.c: Use the new Kerberos 4 functions in libkrb5 and 1512 so kerberos 4 is always compiled in (still default disabled) 1513 1514 * lib/krb5/krb5_locl.h: forward declaration of _krb5_krb_auth_data 1515 1516 * lib/krb5/convert_creds.c: Move the kerberos v4 replacement 1517 functions to v4_glue.c 1518 1519 * lib/krb5/v4_glue.c: Implement enough of kerberos 4 protocol to 1520 be a KDC, move the v4 bits over here 1521 1522 * lib/krb5/krb5-v4compat.h: add more v4 defines 1523
15242005-04-22 Love H�rnquist �strand <lha@it.su.se>	15242005-04-22 Love H��rnquist ��strand <lha@it.su.se>
1525 1526 * kpasswd/kpasswdd.c: Support multi-realms databases, requires 1527 that all the realms are configured on the KDC in krb5.conf with 1528 [libdefaults]default_realm stanzas. 1529	1525 1526 * kpasswd/kpasswdd.c: Support multi-realms databases, requires 1527 that all the realms are configured on the KDC in krb5.conf with 1528 [libdefaults]default_realm stanzas. 1529
15302005-04-21 Love H�rnquist �strand <lha@it.su.se>	15302005-04-21 Love H��rnquist ��strand <lha@it.su.se>
1531 1532 * kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden 1533 1534 * lib/krb5/addr_families.c: catch two more snprintf problems 1535	1531 1532 * kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden 1533 1534 * lib/krb5/addr_families.c: catch two more snprintf problems 1535
15362005-04-20 Love H�rnquist �strand <lha@it.su.se>	15362005-04-20 Love H��rnquist ��strand <lha@it.su.se>
1537 1538 * lib/hdb/Makefile.am: this lib include com_err, add -com_err to 1539 CHECK_SYMBOLS 1540 1541 * appl/test/http_client.c: cast ssize_t to unsigned long, fix 1542 printf format 1543	1537 1538 * lib/hdb/Makefile.am: this lib include com_err, add -com_err to 1539 CHECK_SYMBOLS 1540 1541 * appl/test/http_client.c: cast ssize_t to unsigned long, fix 1542 printf format 1543
15442005-04-19 Love H�rnquist �strand <lha@it.su.se>	15442005-04-19 Love H��rnquist ��strand <lha@it.su.se>
1545 1546 * lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames 1547 1548 * lib/krb5/get_host_realm.c: check return value of snprintf 1549 1550 * lib/krb5/test_addr.c: check address truncation 1551 1552 * lib/krb5/addr_families.c: check return values from snprintf and --- 5 unchanged lines hidden (view full) --- 1558 * lib/krb5/test_kuserok.c: add --version and --help 1559 1560 * lib/krb5/kuserok.c: use getpwnamn_r if it exists 1561 1562 * lib/krb5/Makefile.am: noinst_PROGRAMS += test_kuserok 1563 1564 * lib/krb5/test_kuserok.c: test program for krb5_kuserok 1565	1545 1546 * lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames 1547 1548 * lib/krb5/get_host_realm.c: check return value of snprintf 1549 1550 * lib/krb5/test_addr.c: check address truncation 1551 1552 * lib/krb5/addr_families.c: check return values from snprintf and --- 5 unchanged lines hidden (view full) --- 1558 * lib/krb5/test_kuserok.c: add --version and --help 1559 1560 * lib/krb5/kuserok.c: use getpwnamn_r if it exists 1561 1562 * lib/krb5/Makefile.am: noinst_PROGRAMS += test_kuserok 1563 1564 * lib/krb5/test_kuserok.c: test program for krb5_kuserok 1565
15662005-04-18 Love H�rnquist �strand <lha@it.su.se>	15662005-04-18 Love H��rnquist ��strand <lha@it.su.se>
1567 1568 * lib/krb5/acache.c (acc_resolve): if open_default_ccache failed 1569 with ccErrCCacheNotFound try again with create_default_ccache, 1570 this fixes the problem where the security server apperenly haven't 1571 started yet on Mac OS X 1572 1573 * lib/krb5/get_default_principal.c 1574 (_krb5_get_default_principal_local): add, for use of functions 1575 that in ccache layer to avoid recursive calls. 1576 1577 * lib/hdb/hdb-ldap.c: drop <ctype.h>, no longer use any of the is* 1578 macros in this file 1579 1580 * include/make_crypto.c: cast to unsigned char to make sure its 1581 not negative when passing it to is* functions 1582	1567 1568 * lib/krb5/acache.c (acc_resolve): if open_default_ccache failed 1569 with ccErrCCacheNotFound try again with create_default_ccache, 1570 this fixes the problem where the security server apperenly haven't 1571 started yet on Mac OS X 1572 1573 * lib/krb5/get_default_principal.c 1574 (_krb5_get_default_principal_local): add, for use of functions 1575 that in ccache layer to avoid recursive calls. 1576 1577 * lib/hdb/hdb-ldap.c: drop <ctype.h>, no longer use any of the is* 1578 macros in this file 1579 1580 * include/make_crypto.c: cast to unsigned char to make sure its 1581 not negative when passing it to is* functions 1582
15832005-04-15 Love H�rnquist �strand <lha@it.su.se>	15832005-04-15 Love H��rnquist ��strand <lha@it.su.se>
1584 1585 * doc/programming.texi: remove manpage macro, add some more 1586 references to manpages 1587 1588 * doc/heimdal.texi: define manpage macro 1589 1590 * doc/setup.texi: document new password policy code 1591 1592 * kpasswd/kpasswdd.c: add verifier libraries with 1593 kadm5_add_passwd_quality_verifier 1594 1595 * lib/krb5/krb5_keyblock.3: document krb5_keyblock_init 1596	1584 1585 * doc/programming.texi: remove manpage macro, add some more 1586 references to manpages 1587 1588 * doc/heimdal.texi: define manpage macro 1589 1590 * doc/setup.texi: document new password policy code 1591 1592 * kpasswd/kpasswdd.c: add verifier libraries with 1593 kadm5_add_passwd_quality_verifier 1594 1595 * lib/krb5/krb5_keyblock.3: document krb5_keyblock_init 1596
15972005-04-14 Love H�rnquist �strand <lha@it.su.se>	15972005-04-14 Love H��rnquist ��strand <lha@it.su.se>
1598 1599 * kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the 1600 same, and clients 1601 (klog) can deal with that the kaserver returns the same thing for 1602 both 1603 1604 * lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill 1605 in a keyblock from key data. 1606	1598 1599 * kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the 1600 same, and clients 1601 (klog) can deal with that the kaserver returns the same thing for 1602 both 1603 1604 * lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill 1605 in a keyblock from key data. 1606
16072005-04-12 Love H�rnquist �strand <lha@it.su.se>	16072005-04-12 Love H��rnquist ��strand <lha@it.su.se>
1608 1609 * configure.in: rk_WIN32_EXPORT for roken 1610	1608 1609 * configure.in: rk_WIN32_EXPORT for roken 1610
16112005-04-10 Love H�rnquist �strand <lha@it.su.se>	16112005-04-10 Love H��rnquist ��strand <lha@it.su.se>
1612 1613 * appl/test/gssapi_server.c: print out client principla of 1614 delegated credential 1615	1612 1613 * appl/test/gssapi_server.c: print out client principla of 1614 delegated credential 1615
16162005-04-07 Love H�rnquist �strand <lha@it.su.se>	16162005-04-07 Love H��rnquist ��strand <lha@it.su.se>
1617 1618 * lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check 1619 for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert 1620	1617 1618 * lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check 1619 for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert 1620
16212005-04-07 Love H�rnquist �strand <lha@it.su.se>	16212005-04-07 Love H��rnquist ��strand <lha@it.su.se>
1622 1623 * .cvsignore: ignore more generate files 1624	1622 1623 * .cvsignore: ignore more generate files 1624
16252005-04-04 Love H�rnquist �strand <lha@it.su.se>	16252005-04-04 Love H��rnquist ��strand <lha@it.su.se>
1626 1627 * lib/asn1/check-der.c: use size_t, print size_t by casting to 1628 unsigned long 1629 1630 * lib/krb5/test_crypto.c: print size_t by casting to unsigned long 1631 1632 * lib/krb5/acache.c: Argument to create_new_ccache is a principal, 1633 not a credential cache name. Clean up lossage related to this --- 6 unchanged lines hidden (view full) --- 1640 use find_atype when we are dealing with a kerberos address type 1641 1642 * lib/krb5/aes-test.c: size_t vs int + fix printf 1643 1644 * lib/krb5/pkinit.c: Since the decode can't make out the diffrence 1645 between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to 1646 verify both cases 1647	1626 1627 * lib/asn1/check-der.c: use size_t, print size_t by casting to 1628 unsigned long 1629 1630 * lib/krb5/test_crypto.c: print size_t by casting to unsigned long 1631 1632 * lib/krb5/acache.c: Argument to create_new_ccache is a principal, 1633 not a credential cache name. Clean up lossage related to this --- 6 unchanged lines hidden (view full) --- 1640 use find_atype when we are dealing with a kerberos address type 1641 1642 * lib/krb5/aes-test.c: size_t vs int + fix printf 1643 1644 * lib/krb5/pkinit.c: Since the decode can't make out the diffrence 1645 between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to 1646 verify both cases 1647
16482005-04-03 Love H�rnquist �strand <lha@it.su.se>	16482005-04-03 Love H��rnquist ��strand <lha@it.su.se>
1649 1650 * appl/test/uu_client.c: print size_t by casting to unsigned long 1651 16522005-04-01 Johan Danielsson <joda@pdc.kth.se> 1653 1654 * kdc/kerberos4.c (do_version4): check client and server max_life 1655 1656 * kdc/kaserver.c (do_getticket): check client max_life --- 8 unchanged lines hidden (view full) --- 1665 1666 * lib/krb5/test_addr.c: test parse IPv6 RANGE addresses 1667 1668 * lib/krb5/addr_families.c: implement mask boundary for IPv6 1669 1670 * lib/asn1/gen.c: avoid const string warnings steming from 1671 writeable-string 1672	1649 1650 * appl/test/uu_client.c: print size_t by casting to unsigned long 1651 16522005-04-01 Johan Danielsson <joda@pdc.kth.se> 1653 1654 * kdc/kerberos4.c (do_version4): check client and server max_life 1655 1656 * kdc/kaserver.c (do_getticket): check client max_life --- 8 unchanged lines hidden (view full) --- 1665 1666 * lib/krb5/test_addr.c: test parse IPv6 RANGE addresses 1667 1668 * lib/krb5/addr_families.c: implement mask boundary for IPv6 1669 1670 * lib/asn1/gen.c: avoid const string warnings steming from 1671 writeable-string 1672
16732005-03-28 Love H�rnquist �strand <lha@it.su.se>	16732005-03-28 Love H��rnquist ��strand <lha@it.su.se>
1674 1675 * lib/krb5/Makefile.am: TESTS += test_addr 1676 1677 * lib/krb5/test_addr.c: simple test for addresses 1678 1679 * lib/krb5/addr_families.c: make RANGE parse prefixlen style 1680 addresses too, fix printing of RANGE addresses, add 1681 krb5_address_prefixlen_boundary 1682 1683 * lib/krb5/krb5_keytab.3: stop memory leak in example, expand on 1684 wildcards 1685	1674 1675 * lib/krb5/Makefile.am: TESTS += test_addr 1676 1677 * lib/krb5/test_addr.c: simple test for addresses 1678 1679 * lib/krb5/addr_families.c: make RANGE parse prefixlen style 1680 addresses too, fix printing of RANGE addresses, add 1681 krb5_address_prefixlen_boundary 1682 1683 * lib/krb5/krb5_keytab.3: stop memory leak in example, expand on 1684 wildcards 1685
16862005-03-26 Love H�rnquist �strand <lha@it.su.se>	16862005-03-26 Love H��rnquist ��strand <lha@it.su.se>
1687 1688 * lib/krb5/krb5_principal.3: spelling, from Tomas Olsson 1689 1690 * lib/krb5/krb5_warn.3: spelling, from Tomas Olsson 1691	1687 1688 * lib/krb5/krb5_principal.3: spelling, from Tomas Olsson 1689 1690 * lib/krb5/krb5_warn.3: spelling, from Tomas Olsson 1691
16922005-03-19 Love H�rnquist �strand <lha@it.su.se>	16922005-03-19 Love H��rnquist ��strand <lha@it.su.se>
1693 1694 * lib/krb5/acache.c: add mutex for global variables, clean up 1695 returned error codes, implement storing addresses into the ccapi 1696 1697 * appl/test/gssapi_server.c: free memory, make error strings match 1698 1699 * appl/test/gssapi_server.c: use print_gss_name, print server name 1700 too 1701 1702 * appl/test/gss_common.h (print_gss_name): common code for 1703 printing gss name 1704 1705 * appl/test/gss_common.c (print_gss_name): common code for 1706 printing gss name 1707 1708 * appl/test/http_client.c: Make constent with rest of the gssapi 1709 test programs 1710	1693 1694 * lib/krb5/acache.c: add mutex for global variables, clean up 1695 returned error codes, implement storing addresses into the ccapi 1696 1697 * appl/test/gssapi_server.c: free memory, make error strings match 1698 1699 * appl/test/gssapi_server.c: use print_gss_name, print server name 1700 too 1701 1702 * appl/test/gss_common.h (print_gss_name): common code for 1703 printing gss name 1704 1705 * appl/test/gss_common.c (print_gss_name): common code for 1706 printing gss name 1707 1708 * appl/test/http_client.c: Make constent with rest of the gssapi 1709 test programs 1710
17112005-03-17 Love H�rnquist �strand <lha@it.su.se>	17112005-03-17 Love H��rnquist ��strand <lha@it.su.se>
1712 1713 * lib/hdb/keys.c: AES is enabled by default, remove ifdefs 1714 1715 * lib/krb5/crypto.c: AES is enabled by default, remove ifdefs 1716 1717 * lib/krb5/aes-test.c: use hex encoder from roken AES is enabled 1718 by default, remove ifdefs 1719 1720 * kdc/kerberos5.c: AES is enabled by default, remove ifdefs 1721	1712 1713 * lib/hdb/keys.c: AES is enabled by default, remove ifdefs 1714 1715 * lib/krb5/crypto.c: AES is enabled by default, remove ifdefs 1716 1717 * lib/krb5/aes-test.c: use hex encoder from roken AES is enabled 1718 by default, remove ifdefs 1719 1720 * kdc/kerberos5.c: AES is enabled by default, remove ifdefs 1721
17222005-03-16 Love H�rnquist �strand <lha@it.su.se>	17222005-03-16 Love H��rnquist ��strand <lha@it.su.se>
1723 1724 * doc/setup.texi: Add some text about modifying the database 1725	1723 1724 * doc/setup.texi: Add some text about modifying the database 1725
17262005-03-15 Love H�rnquist �strand <lha@it.su.se>	17262005-03-15 Love H��rnquist ��strand <lha@it.su.se>
1727 1728 * kuser/kinit.c: widen lifetime/renewal warning text field, also 1729 make use of unparse_time_approx, no need to be specific to the 1730 second when ticket needs to be renewed or their lifetime. 1731 1732 * doc/heimdal.texi: copyright maintenance, drop eay, use updated 1733 UCB license 1734 1735 * lib/krb5/crypto.c: more static and unsigned issues 1736 1737 * lib/krb5/crypto.c: fix signedness issues, prompted by report of 1738 Magnus Ahltorp 1739	1727 1728 * kuser/kinit.c: widen lifetime/renewal warning text field, also 1729 make use of unparse_time_approx, no need to be specific to the 1730 second when ticket needs to be renewed or their lifetime. 1731 1732 * doc/heimdal.texi: copyright maintenance, drop eay, use updated 1733 UCB license 1734 1735 * lib/krb5/crypto.c: more static and unsigned issues 1736 1737 * lib/krb5/crypto.c: fix signedness issues, prompted by report of 1738 Magnus Ahltorp 1739
17402005-03-13 Love H�rnquist �strand <lha@it.su.se>	17402005-03-13 Love H��rnquist ��strand <lha@it.su.se>
1741 1742 * lib/krb5/krb5_keytab.3: more text about how to free returned 1743 resources 1744	1741 1742 * lib/krb5/krb5_keytab.3: more text about how to free returned 1743 resources 1744
17452005-03-10 Love H�rnquist �strand <lha@it.su.se>	17452005-03-10 Love H��rnquist ��strand <lha@it.su.se>
1746 1747 * lib/krb5/pkinit.c: handle the -25 generation path 1748 1749 * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19 1750 1751 * lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes 1752	1746 1747 * lib/krb5/pkinit.c: handle the -25 generation path 1748 1749 * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19 1750 1751 * lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes 1752
17532005-03-09 Love H�rnquist �strand <lha@it.su.se>	17532005-03-09 Love H��rnquist ��strand <lha@it.su.se>
1754 1755 * kdc/pkinit.c: use generated oid's 1756 1757 * lib/krb5/pkinit.c: use generated oid's 1758	1754 1755 * kdc/pkinit.c: use generated oid's 1756 1757 * lib/krb5/pkinit.c: use generated oid's 1758
17592005-03-08 Love H�rnquist �strand <lha@it.su.se>	17592005-03-08 Love H��rnquist ��strand <lha@it.su.se>
1760 1761 * kdc/pkinit.c: update to the asn1 structures used in -25's 1762 1763 * lib/krb5/pkinit.c: update to the asn1 structures used in -25's 1764	1760 1761 * kdc/pkinit.c: update to the asn1 structures used in -25's 1762 1763 * lib/krb5/pkinit.c: update to the asn1 structures used in -25's 1764
17652005-03-04 Love H�rnquist �strand <lha@it.su.se>	17652005-03-04 Love H��rnquist ��strand <lha@it.su.se>
1766 1767 * lib/hdb/hdb-ldap.c: use the newly written hex function from 1768 roken and remove the old implementation 1769	1766 1767 * lib/hdb/hdb-ldap.c: use the newly written hex function from 1768 roken and remove the old implementation 1769
17702005-03-01 Love H�rnquist �strand <lha@it.su.se>	17702005-03-01 Love H��rnquist ��strand <lha@it.su.se>
1771 1772 * appl/test/http_client.c: allow specifing port to connect to 1773	1771 1772 * appl/test/http_client.c: allow specifing port to connect to 1773
17742005-02-24 Love H�rnquist �strand <lha@it.su.se>	17742005-02-24 Love H��rnquist ��strand <lha@it.su.se>
1775 1776 * lib/krb5/Makefile.am: bump version to 21:0:4 1777 1778 * lib/hdb/Makefile.am: bump version to 8:0:1 1779 1780 * lib/asn1/Makefile.am: bump version to 7:0:1 1781	1775 1776 * lib/krb5/Makefile.am: bump version to 21:0:4 1777 1778 * lib/hdb/Makefile.am: bump version to 8:0:1 1779 1780 * lib/asn1/Makefile.am: bump version to 7:0:1 1781
17822005-02-23 Love H�rnquist �strand <lha@it.su.se>	17822005-02-23 Love H��rnquist ��strand <lha@it.su.se>
1783 1784 * lib/krb5/crypto.c (DES_string_to_key_int): must check for weak 1785 keys after doing the DES_cbc_cksum 1786 17872005-02-19 Luke Howard <lukeh@padl.com> 1788 1789 * lib/krb5/krbhst.c: set KD_CONFIG after calling 1790 config_get_hosts() in kpasswd_get_next() 1791 From: Wynn Wilkes <wynnw@vintela.com> 1792	1783 1784 * lib/krb5/crypto.c (DES_string_to_key_int): must check for weak 1785 keys after doing the DES_cbc_cksum 1786 17872005-02-19 Luke Howard <lukeh@padl.com> 1788 1789 * lib/krb5/krbhst.c: set KD_CONFIG after calling 1790 config_get_hosts() in kpasswd_get_next() 1791 From: Wynn Wilkes <wynnw@vintela.com> 1792
17932005-02-15 Love H�rnquist �strand <lha@it.su.se>	17932005-02-15 Love H��rnquist ��strand <lha@it.su.se>
1794 1795 * lib/hdb/db3.c (DB_open): correct the check for O_RDONLY 1796 From: Chaskiel M Grundman <cg2v@andrew.cmu.edu> 1797	1794 1795 * lib/hdb/db3.c (DB_open): correct the check for O_RDONLY 1796 From: Chaskiel M Grundman <cg2v@andrew.cmu.edu> 1797
17982005-02-09 Love H�rnquist �strand <lha@it.su.se>	17982005-02-09 Love H��rnquist ��strand <lha@it.su.se>
1799 1800 * lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to 1801 make %d work 1802	1799 1800 * lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to 1801 make %d work 1802
18032005-02-08 Love H�rnquist �strand <lha@it.su.se>	18032005-02-08 Love H��rnquist ��strand <lha@it.su.se>
1804 1805 * lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the 1806 caller requested to provide the user with a glue what the caller 1807 was asking for. 1808 18092005-02-05 Luke Howard <lukeh@padl.com> 1810 1811 * lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop 1812 1813 * kcm/acquire.c: don't leak salt if keyproc called multiple 1814 times 1815 1816 * kcm/config.c: allow KCM system ccache to be configured from 1817 krb5.conf, in the system_ccache stanza of [kcm] 1818	1804 1805 * lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the 1806 caller requested to provide the user with a glue what the caller 1807 was asking for. 1808 18092005-02-05 Luke Howard <lukeh@padl.com> 1810 1811 * lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop 1812 1813 * kcm/acquire.c: don't leak salt if keyproc called multiple 1814 times 1815 1816 * kcm/config.c: allow KCM system ccache to be configured from 1817 krb5.conf, in the system_ccache stanza of [kcm] 1818
18192005-02-03 Love H�rnquist �strand <lha@it.su.se>	18192005-02-03 Love H��rnquist ��strand <lha@it.su.se>
1820 1821 * kcm/protocol.c: use -1 as the invalid pid number 1822 1823 * kcm/connect.c: support SCM_CREDS (for NetBSD) 1824 1825 * kcm/Makefile.am: LDADD += LIB_pidfile 1826 1827 * kcm/connect.c: make it possible to build on systems without --- 16 unchanged lines hidden (view full) --- 18442005-02-02 Luke Howard <lukeh@padl.com> 1845 1846 * configure.in: generate kcm/Makefile 1847 1848 * Makefile.am: recurse into kcm/ if KCM defined 1849 1850 * kcm: add KCM daemon 1851	1820 1821 * kcm/protocol.c: use -1 as the invalid pid number 1822 1823 * kcm/connect.c: support SCM_CREDS (for NetBSD) 1824 1825 * kcm/Makefile.am: LDADD += LIB_pidfile 1826 1827 * kcm/connect.c: make it possible to build on systems without --- 16 unchanged lines hidden (view full) --- 18442005-02-02 Luke Howard <lukeh@padl.com> 1845 1846 * configure.in: generate kcm/Makefile 1847 1848 * Makefile.am: recurse into kcm/ if KCM defined 1849 1850 * kcm: add KCM daemon 1851
18522005-02-02 Love H�rnquist �strand <lha@it.su.se>	18522005-02-02 Love H��rnquist ��strand <lha@it.su.se>
1853 1854 * lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again 1855 1856 * lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add 1857 some more error strings 1858 18592005-02-02 Luke Howard <lukeh@padl.com> 1860 --- 23 unchanged lines hidden (view full) --- 18842005-01-24 Luke Howard <lukeh@padl.com> 1885 1886 * lib/krb5/init_creds_pw.c: allow NULL in_options to be passed 1887 krb5_get_init_creds_password() 1888 1889 * kdc/kerberos5.c: don't crash when logging no server etype 1890 support if client == NULL 1891	1853 1854 * lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again 1855 1856 * lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add 1857 some more error strings 1858 18592005-02-02 Luke Howard <lukeh@padl.com> 1860 --- 23 unchanged lines hidden (view full) --- 18842005-01-24 Luke Howard <lukeh@padl.com> 1885 1886 * lib/krb5/init_creds_pw.c: allow NULL in_options to be passed 1887 krb5_get_init_creds_password() 1888 1889 * kdc/kerberos5.c: don't crash when logging no server etype 1890 support if client == NULL 1891
18922005-01-17 Love H�rnquist �strand <lha@it.su.se>	18922005-01-17 Love H��rnquist ��strand <lha@it.su.se>
1893 1894 * kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love 1895 <d.love@dl.ac.uk> 1896	1893 1894 * kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love 1895 <d.love@dl.ac.uk> 1896
18972005-01-12 Love H�rnquist �strand <lha@it.su.se>	18972005-01-12 Love H��rnquist ��strand <lha@it.su.se>
1898 1899 * doc/apps.texi: Texinfo fixes. Text about irix 6.5 using 1900 PAM. From: Dave Love <d.love@dl.ac.uk> 1901	1898 1899 * doc/apps.texi: Texinfo fixes. Text about irix 6.5 using 1900 PAM. From: Dave Love <d.love@dl.ac.uk> 1901
19022005-01-08 Love H�rnquist �strand <lha@it.su.se>	19022005-01-08 Love H��rnquist ��strand <lha@it.su.se>
1903 1904 * lib/krb5/verify_krb5_conf.c: cast argument to isdigit to 1905 unsigned char 1906 1907 * lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned 1908 char 1909 1910 * lib/asn1/hash.c (hashcaseadd): cast argument to toupper to --- 19 unchanged lines hidden (view full) --- 1930 * lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as 1931 krb5_enctype_valid, so use the later since its older and the api 1932 doesn't really need another entry point 1933 1934 * kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as 1935 krb5_enctype_valid, so use the later since its older and the api 1936 doesn't really need another entry point 1937	1903 1904 * lib/krb5/verify_krb5_conf.c: cast argument to isdigit to 1905 unsigned char 1906 1907 * lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned 1908 char 1909 1910 * lib/asn1/hash.c (hashcaseadd): cast argument to toupper to --- 19 unchanged lines hidden (view full) --- 1930 * lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as 1931 krb5_enctype_valid, so use the later since its older and the api 1932 doesn't really need another entry point 1933 1934 * kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as 1935 krb5_enctype_valid, so use the later since its older and the api 1936 doesn't really need another entry point 1937
19382005-01-05 Love H�rnquist �strand <lha@it.su.se>	19382005-01-05 Love H��rnquist ��strand <lha@it.su.se>
1939 1940 * kpasswd/kpasswdd.8: document --addresses, controls what 1941 addresses kpasswd should listen too 1942 1943 * kpasswd/kpasswdd.c: add --addresses, controls what addresses 1944 kpasswd should listen too 1945 1946 * lib/krb5/addr_families.c (krb5_parse_address): filter out dup --- 41 unchanged lines hidden (view full) --- 1988 * lib/krb5/rd_req.c: support for enctype negotiation 1989 (client sends EtypeList in Authenticator authz data) 1990 19912005-01-04 Luke Howard <lukeh@padl.com> 1992 1993 * lib/asn1/k5.asn1: add authorization data types for enctype 1994 negotiation implementation 1995	1939 1940 * kpasswd/kpasswdd.8: document --addresses, controls what 1941 addresses kpasswd should listen too 1942 1943 * kpasswd/kpasswdd.c: add --addresses, controls what addresses 1944 kpasswd should listen too 1945 1946 * lib/krb5/addr_families.c (krb5_parse_address): filter out dup --- 41 unchanged lines hidden (view full) --- 1988 * lib/krb5/rd_req.c: support for enctype negotiation 1989 (client sends EtypeList in Authenticator authz data) 1990 19912005-01-04 Luke Howard <lukeh@padl.com> 1992 1993 * lib/asn1/k5.asn1: add authorization data types for enctype 1994 negotiation implementation 1995
19962005-01-04 Love H�rnquist �strand <lha@it.su.se>	19962005-01-04 Love H��rnquist ��strand <lha@it.su.se>
1997 1998 * lib/krb5/changepw.c (change_password_loop): on failing to find a 1999 kdc, set result_code to KRB5_KPASSWD_HARDERROR 2000	1997 1998 * lib/krb5/changepw.c (change_password_loop): on failing to find a 1999 kdc, set result_code to KRB5_KPASSWD_HARDERROR 2000
20012005-01-01 Love H�rnquist �strand <lha@it.su.se>	20012005-01-01 Love H��rnquist ��strand <lha@it.su.se>
2002 2003 * doc/heimdal.texi: Happy New Year 2004	2002 2003 * doc/heimdal.texi: Happy New Year 2004