ChangeLog.2006 (178826) | ChangeLog.2006 (233294) |
---|---|
12006-12-28 Love H�rnquist �strand <lha@it.su.se> | 12006-12-28 Love H��rnquist ��strand <lha@it.su.se> |
2 3 * kdc/process.c: Handle kx509 requests. 4 5 * kdc/connect.c: Listen to 9878 if kca is turned on. 6 7 * kdc/headers.h: Include <kx509_asn1.h>. 8 9 * kdc/config.c: code to parse [kdc]enable-kx509 --- 11 unchanged lines hidden (view full) --- 21 * kdc/digest.c: Remove <digest_asn.h>, its already included in 22 headers.h 23 24 * kdc/digest.c: Return session key for the NTLMv2 case too 25 26 * lib/krb5/digest.c (krb5_ntlm_rep_get_sessionkey): return value 27 is krb5_error_code 28 | 2 3 * kdc/process.c: Handle kx509 requests. 4 5 * kdc/connect.c: Listen to 9878 if kca is turned on. 6 7 * kdc/headers.h: Include <kx509_asn1.h>. 8 9 * kdc/config.c: code to parse [kdc]enable-kx509 --- 11 unchanged lines hidden (view full) --- 21 * kdc/digest.c: Remove <digest_asn.h>, its already included in 22 headers.h 23 24 * kdc/digest.c: Return session key for the NTLMv2 case too 25 26 * lib/krb5/digest.c (krb5_ntlm_rep_get_sessionkey): return value 27 is krb5_error_code 28 |
292006-12-27 Love H�rnquist �strand <lha@it.su.se> | 292006-12-27 Love H��rnquist ��strand <lha@it.su.se> |
30 31 * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): use md5 for 32 des-cbc-md4 and des-cbc-md5. This is for (older) windows that 33 will be unhappy anything else. From Inna Bort-Shatsky 34 | 30 31 * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): use md5 for 32 des-cbc-md4 and des-cbc-md5. This is for (older) windows that 33 will be unhappy anything else. From Inna Bort-Shatsky 34 |
352006-12-26 Love H�rnquist �strand <lha@it.su.se> | 352006-12-26 Love H��rnquist ��strand <lha@it.su.se> |
36 37 * kdc/digest.c: Prefix internal symbol with _kdc_. 38 39 * kdc/kdc.h: add digests_allowed 40 41 * kdc/digest.c: return NTLM2 targetinfo structure. 42 43 * lib/krb5/digest.c: Add krb5_ntlm_init_get_targetinfo. 44 45 * kdc/config.c: Parse digest acl's 46 47 * kdc/kdc_locl.h: forward decl; 48 49 * kdc/digest.c: Add digest acl's 50 | 36 37 * kdc/digest.c: Prefix internal symbol with _kdc_. 38 39 * kdc/kdc.h: add digests_allowed 40 41 * kdc/digest.c: return NTLM2 targetinfo structure. 42 43 * lib/krb5/digest.c: Add krb5_ntlm_init_get_targetinfo. 44 45 * kdc/config.c: Parse digest acl's 46 47 * kdc/kdc_locl.h: forward decl; 48 49 * kdc/digest.c: Add digest acl's 50 |
512006-12-22 Love H�rnquist �strand <lha@it.su.se> | 512006-12-22 Love H��rnquist ��strand <lha@it.su.se> |
52 53 * fix-export: build ntlm-private.h 54 | 52 53 * fix-export: build ntlm-private.h 54 |
552006-12-20 Love H�rnquist �strand <lha@it.su.se> | 552006-12-20 Love H��rnquist ��strand <lha@it.su.se> |
56 57 * include/make_crypto.c: Include <.../hmac.h>. 58 59 * kdc/digest.c: reorder to show slot here ntlmv2 code will be 60 placed. 61 62 * kdc/digest.c: Announce that we support key exchange and add bits 63 to detect when it wasn't used. 64 65 * kdc/digest.c: Add support for generating NTLM2 session security 66 answer. 67 | 56 57 * include/make_crypto.c: Include <.../hmac.h>. 58 59 * kdc/digest.c: reorder to show slot here ntlmv2 code will be 60 placed. 61 62 * kdc/digest.c: Announce that we support key exchange and add bits 63 to detect when it wasn't used. 64 65 * kdc/digest.c: Add support for generating NTLM2 session security 66 answer. 67 |
682006-12-19 Love H�rnquist �strand <lha@it.su.se> | 682006-12-19 Love H��rnquist ��strand <lha@it.su.se> |
69 70 * lib/krb5/digest.c: Add sessionkey accessor functions. 71 | 69 70 * lib/krb5/digest.c: Add sessionkey accessor functions. 71 |
722006-12-18 Love H�rnquist �strand <lha@it.su.se> | 722006-12-18 Love H��rnquist ��strand <lha@it.su.se> |
73 74 * kdc/digest.c: Unwrap the NTLM session key and return it to the 75 server. 76 | 73 74 * kdc/digest.c: Unwrap the NTLM session key and return it to the 75 server. 76 |
772006-12-17 Love H�rnquist �strand <lha@it.su.se> | 772006-12-17 Love H��rnquist ��strand <lha@it.su.se> |
78 79 * lib/krb5/store.c (krb5_ret_principal): Fix a bug in the malloc 80 failure part, noticed by Arnaud Lacombe in NetBSD coverity scan. 81 | 78 79 * lib/krb5/store.c (krb5_ret_principal): Fix a bug in the malloc 80 failure part, noticed by Arnaud Lacombe in NetBSD coverity scan. 81 |
822006-12-15 Love H�rnquist �strand <lha@it.su.se> | 822006-12-15 Love H��rnquist ��strand <lha@it.su.se> |
83 84 * lib/krb5/fcache.c (fcc_get_cache_next): avoid const warning. 85 86 * kdc/digest.c: Support NTLM verification, note that the KDC does 87 no NTLM packet parsing, its all done by the client side, the KDC 88 just calculate and verify the digest and return the result to the 89 service. 90 --- 15 unchanged lines hidden (view full) --- 106 107 * lib/krb5/fcache.c: Support "iteration" of file credential caches 108 by giving the user back the default file credential cache and only 109 that. 110 111 * lib/krb5/krb5_locl.h: Expand the default root for some of the cc 112 type names. 113 | 83 84 * lib/krb5/fcache.c (fcc_get_cache_next): avoid const warning. 85 86 * kdc/digest.c: Support NTLM verification, note that the KDC does 87 no NTLM packet parsing, its all done by the client side, the KDC 88 just calculate and verify the digest and return the result to the 89 service. 90 --- 15 unchanged lines hidden (view full) --- 106 107 * lib/krb5/fcache.c: Support "iteration" of file credential caches 108 by giving the user back the default file credential cache and only 109 that. 110 111 * lib/krb5/krb5_locl.h: Expand the default root for some of the cc 112 type names. 113 |
1142006-12-14 Love H�rnquist �strand <lha@it.su.se> | 1142006-12-14 Love H��rnquist ��strand <lha@it.su.se> |
115 116 * lib/krb5/init_creds_pw.c (free_paid): free the krb5_data 117 structure too. Bug report from Stefan Metzmacher. 118 | 115 116 * lib/krb5/init_creds_pw.c (free_paid): free the krb5_data 117 structure too. Bug report from Stefan Metzmacher. 118 |
1192006-12-12 Love H�rnquist �strand <lha@it.su.se> | 1192006-12-12 Love H��rnquist ��strand <lha@it.su.se> |
120 121 * kuser/kinit.c: Read the appdefault configration before we try to 122 use the flags. Bug reported by Ingemar Nilsson. 123 124 * kuser/kdigest.c: prefix digest commands with digest_ 125 126 * kuser/kdigest-commands.in: prefix digest commands with digest- 127 | 120 121 * kuser/kinit.c: Read the appdefault configration before we try to 122 use the flags. Bug reported by Ingemar Nilsson. 123 124 * kuser/kdigest.c: prefix digest commands with digest_ 125 126 * kuser/kdigest-commands.in: prefix digest commands with digest- 127 |
1282006-12-10 Love H�rnquist �strand <lha@it.su.se> | 1282006-12-10 Love H��rnquist ��strand <lha@it.su.se> |
129 130 * kdc/hprop.c: Return error codes on failure, improve error 131 reporting. 132 | 129 130 * kdc/hprop.c: Return error codes on failure, improve error 131 reporting. 132 |
1332006-12-08 Love H�rnquist �strand <lha@it.su.se> | 1332006-12-08 Love H��rnquist ��strand <lha@it.su.se> |
134 135 * lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error 136 137 * lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error 138 strings 139 | 134 135 * lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error 136 137 * lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error 138 strings 139 |
1402006-12-07 Love H�rnquist �strand <lha@it.su.se> | 1402006-12-07 Love H��rnquist ��strand <lha@it.su.se> |
141 142 * include/Makefile.am: CLEANFILES += vis.h 143 | 141 142 * include/Makefile.am: CLEANFILES += vis.h 143 |
1442006-12-06 Love H�rnquist �strand <lha@it.su.se> | 1442006-12-06 Love H��rnquist ��strand <lha@it.su.se> |
145 146 * kdc/kerberos5.c (_kdc_as_rep): add AD-INITAL-VERIFIED-CAS to the 147 encrypted ticket 148 149 * kdc/pkinit.c (_kdc_add_inital_verified_cas): new function, adds 150 an empty (for now) AD_INITIAL_VERIFIED_CAS to tell the clients 151 that we vouches for the CA. 152 --- 6 unchanged lines hidden (view full) --- 159 ExternalPrincipalIdentifiers 160 161 * kdc/pkinit.c: Parse and use PA-PK-AS-REQ.trustedCertifiers 162 163 * kdc/pkinit.c: Add comment that the anchors in the signed data 164 really should be the trust anchors of the client. 165 166 * kuser/generate-requests.c: Use strcspn to remove \n from | 145 146 * kdc/kerberos5.c (_kdc_as_rep): add AD-INITAL-VERIFIED-CAS to the 147 encrypted ticket 148 149 * kdc/pkinit.c (_kdc_add_inital_verified_cas): new function, adds 150 an empty (for now) AD_INITIAL_VERIFIED_CAS to tell the clients 151 that we vouches for the CA. 152 --- 6 unchanged lines hidden (view full) --- 159 ExternalPrincipalIdentifiers 160 161 * kdc/pkinit.c: Parse and use PA-PK-AS-REQ.trustedCertifiers 162 163 * kdc/pkinit.c: Add comment that the anchors in the signed data 164 really should be the trust anchors of the client. 165 166 * kuser/generate-requests.c: Use strcspn to remove \n from |
167 string returned by fgets. From Bj�rn Sandell | 167 string returned by fgets. From Bj��rn Sandell |
168 169 * kpasswd/kpasswd-generator.c: Use strcspn to remove \n from | 168 169 * kpasswd/kpasswd-generator.c: Use strcspn to remove \n from |
170 string returned by fgets. From Bj�rn Sandell | 170 string returned by fgets. From Bj��rn Sandell |
171 | 171 |
1722006-12-05 Love H�rnquist �strand <lha@it.su.se> | 1722006-12-05 Love H��rnquist ��strand <lha@it.su.se> |
173 174 * lib/hdb/hdb-ldap.c: Clear errno before calling the strtol | 173 174 * lib/hdb/hdb-ldap.c: Clear errno before calling the strtol |
175 functions. From Paul Stoeber to OpenBSD by Ray Lai and Bj�rn | 175 functions. From Paul Stoeber to OpenBSD by Ray Lai and Bj��rn |
176 Sandell. 177 178 * lib/krb5/config_file.c: Use strcspn to remove \n from fgets | 176 Sandell. 177 178 * lib/krb5/config_file.c: Use strcspn to remove \n from fgets |
179 result. Prompted by change by Ray Lai of OpenBSD via Bj�rn | 179 result. Prompted by change by Ray Lai of OpenBSD via Bj��rn |
180 Sandell. 181 182 * kdc/string2key.c: Use strcspn to remove \n from fgets | 180 Sandell. 181 182 * kdc/string2key.c: Use strcspn to remove \n from fgets |
183 result. Prompted by change by Ray Lai of OpenBSD via Bj�rn | 183 result. Prompted by change by Ray Lai of OpenBSD via Bj��rn |
184 Sandell. 185 | 184 Sandell. 185 |
1862006-11-30 Love H�rnquist �strand <lha@it.su.se> | 1862006-11-30 Love H��rnquist ��strand <lha@it.su.se> |
187 188 * lib/krb5/krbhst.c (plugin_get_hosts): be more paranoid and pass 189 in a NULLed plugin list 190 | 187 188 * lib/krb5/krbhst.c (plugin_get_hosts): be more paranoid and pass 189 in a NULLed plugin list 190 |
1912006-11-29 Love H�rnquist �strand <lha@it.su.se> | 1912006-11-29 Love H��rnquist ��strand <lha@it.su.se> |
192 193 * lib/krb5/verify_krb5_conf.c: add more pkinit options. 194 195 * lib/krb5/pkinit.c: Store what PK-INIT type we used to know reply 196 to expect, this avoids overwriting the real PK-INIT error from 197 just a failed requeat with a Windows PK-INIT error (that always 198 failes). 199 200 * kdc/Makefile.am: Add LIB_pkinit to pacify AIX 201 202 * lib/hdb/Makefile.am: Add LIB_com_err to pacify AIX 203 | 192 193 * lib/krb5/verify_krb5_conf.c: add more pkinit options. 194 195 * lib/krb5/pkinit.c: Store what PK-INIT type we used to know reply 196 to expect, this avoids overwriting the real PK-INIT error from 197 just a failed requeat with a Windows PK-INIT error (that always 198 failes). 199 200 * kdc/Makefile.am: Add LIB_pkinit to pacify AIX 201 202 * lib/hdb/Makefile.am: Add LIB_com_err to pacify AIX 203 |
2042006-11-28 Love H�rnquist �strand <lha@it.su.se> | 2042006-11-28 Love H��rnquist ��strand <lha@it.su.se> |
205 206 * lib/hdb/hdb-ldap.c: Make build again from the hdb_entry 207 wrapping. Patch from Andreas Hasenack. 208 209 * kdc/pkinit.c: Need better code in the DH parameter rejection 210 case, add comment to that effect. 211 | 205 206 * lib/hdb/hdb-ldap.c: Make build again from the hdb_entry 207 wrapping. Patch from Andreas Hasenack. 208 209 * kdc/pkinit.c: Need better code in the DH parameter rejection 210 case, add comment to that effect. 211 |
2122006-11-27 Love H�rnquist �strand <lha@it.su.se> | 2122006-11-27 Love H��rnquist ��strand <lha@it.su.se> |
213 214 * kdc/krb5tgs.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large 215 packets when using datagram based transports. 216 217 * kdc/process.c: Pass down datagram_reply to _kdc_tgs_rep. 218 219 * lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes. 220 | 213 214 * kdc/krb5tgs.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large 215 packets when using datagram based transports. 216 217 * kdc/process.c: Pass down datagram_reply to _kdc_tgs_rep. 218 219 * lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes. 220 |
2212006-11-26 Love H�rnquist �strand <lha@it.su.se> | 2212006-11-26 Love H��rnquist ��strand <lha@it.su.se> |
222 223 * lib/krb5/pkinit.c: Pass down hx509_peer_info. 224 225 * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and 226 pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. 227 228 * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and 229 pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. 230 | 222 223 * lib/krb5/pkinit.c: Pass down hx509_peer_info. 224 225 * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and 226 pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. 227 228 * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and 229 pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. 230 |
2312006-11-24 Love H�rnquist �strand <lha@it.su.se> | 2312006-11-24 Love H��rnquist ��strand <lha@it.su.se> |
232 233 * lib/krb5/send_to_kdc.c: Set the large_msg_size to 1400, lets not 234 fragment packets and avoid stupid linklayers that doesn't allow 235 fragmented packets (unix dgram sockets on Mac OS X) 236 | 232 233 * lib/krb5/send_to_kdc.c: Set the large_msg_size to 1400, lets not 234 fragment packets and avoid stupid linklayers that doesn't allow 235 fragmented packets (unix dgram sockets on Mac OS X) 236 |
2372006-11-23 Love H�rnquist �strand <lha@it.su.se> | 2372006-11-23 Love H��rnquist ��strand <lha@it.su.se> |
238 239 * lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users 240 certs in the pool to make sure a path is returned, without this 241 proxy certificates wont work. 242 | 238 239 * lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users 240 certs in the pool to make sure a path is returned, without this 241 proxy certificates wont work. 242 |
2432006-11-21 Love H�rnquist �strand <lha@it.su.se> | 2432006-11-21 Love H��rnquist ��strand <lha@it.su.se> |
244 245 * kdc/config.c: Make all pkinit options prefixed with pkinit_ 246 247 * lib/krb5/log.c (krb5_get_warn_dest): return warn_dest from 248 krb5_context 249 250 * lib/krb5/krb5_warn.3: document krb5_[gs]et_warn_dest 251 252 * lib/krb5/krb5.h: Drop KRB5_KU_TGS_IMPERSONATE. 253 254 * kdc/krb5tgs.c: Use KRB5_KU_OTHER_CKSUM for the impersonate 255 checksum. 256 257 * lib/krb5/get_cred.c: Use KRB5_KU_OTHER_CKSUM for the impersonate 258 checksum. 259 | 244 245 * kdc/config.c: Make all pkinit options prefixed with pkinit_ 246 247 * lib/krb5/log.c (krb5_get_warn_dest): return warn_dest from 248 krb5_context 249 250 * lib/krb5/krb5_warn.3: document krb5_[gs]et_warn_dest 251 252 * lib/krb5/krb5.h: Drop KRB5_KU_TGS_IMPERSONATE. 253 254 * kdc/krb5tgs.c: Use KRB5_KU_OTHER_CKSUM for the impersonate 255 checksum. 256 257 * lib/krb5/get_cred.c: Use KRB5_KU_OTHER_CKSUM for the impersonate 258 checksum. 259 |
2602006-11-20 Love H�rnquist �strand <lha@it.su.se> | 2602006-11-20 Love H��rnquist ��strand <lha@it.su.se> |
261 262 * lib/krb5/verify_user.c: Make krb5_get_init_creds_opt_free take a 263 context argument. 264 265 * lib/krb5/krb5_get_init_creds.3: Make 266 krb5_get_init_creds_opt_free take a context argument. 267 268 * lib/krb5/init_creds_pw.c: Make krb5_get_init_creds_opt_free take --- 12 unchanged lines hidden (view full) --- 281 argument. 282 283 * lib/krb5/init_creds.c: Make krb5_get_init_creds_opt_free take a 284 context argument. 285 286 * appl/gssmask/gssmask.c: Make krb5_get_init_creds_opt_free take a 287 context argument. 288 | 261 262 * lib/krb5/verify_user.c: Make krb5_get_init_creds_opt_free take a 263 context argument. 264 265 * lib/krb5/krb5_get_init_creds.3: Make 266 krb5_get_init_creds_opt_free take a context argument. 267 268 * lib/krb5/init_creds_pw.c: Make krb5_get_init_creds_opt_free take --- 12 unchanged lines hidden (view full) --- 281 argument. 282 283 * lib/krb5/init_creds.c: Make krb5_get_init_creds_opt_free take a 284 context argument. 285 286 * appl/gssmask/gssmask.c: Make krb5_get_init_creds_opt_free take a 287 context argument. 288 |
2892006-11-19 Love H�rnquist �strand <lha@it.su.se> | 2892006-11-19 Love H��rnquist ��strand <lha@it.su.se> |
290 291 * doc/setup.texi: fix pkinit option (s/-/_/) 292 293 * kdc/config.c: revert the enable-pkinit change, and make it 294 consistant with all other other enable- options 295 | 290 291 * doc/setup.texi: fix pkinit option (s/-/_/) 292 293 * kdc/config.c: revert the enable-pkinit change, and make it 294 consistant with all other other enable- options 295 |
2962006-11-17 Love H�rnquist �strand <lha@it.su.se> | 2962006-11-17 Love H��rnquist ��strand <lha@it.su.se> |
297 298 * doc/setup.texi: Make all pkinit options prefixed with pkinit_ 299 300 * kdc/config.c: Make all pkinit options prefixed with pkinit_ 301 302 * kdc/pkinit.c: Make app pkinit options prefixed with pkinit_ 303 304 * lib/krb5/pkinit.c: Make app pkinit options prefixed with pkinit_ 305 306 * lib/krb5/mit_glue.c (krb5_c_keylengths): make compile again. 307 308 * lib/krb5/mit_glue.c (krb5_c_keylengths): rename. 309 310 * lib/krb5/mit_glue.c (krb5_c_keylength): mit changed the api, 311 deal. 312 | 297 298 * doc/setup.texi: Make all pkinit options prefixed with pkinit_ 299 300 * kdc/config.c: Make all pkinit options prefixed with pkinit_ 301 302 * kdc/pkinit.c: Make app pkinit options prefixed with pkinit_ 303 304 * lib/krb5/pkinit.c: Make app pkinit options prefixed with pkinit_ 305 306 * lib/krb5/mit_glue.c (krb5_c_keylengths): make compile again. 307 308 * lib/krb5/mit_glue.c (krb5_c_keylengths): rename. 309 310 * lib/krb5/mit_glue.c (krb5_c_keylength): mit changed the api, 311 deal. 312 |
3132006-11-13 Love H�rnquist �strand <lha@it.su.se> | 3132006-11-13 Love H��rnquist ��strand <lha@it.su.se> |
314 315 * lib/krb5/pac.c (fill_zeros): stop using MIN. 316 317 * kuser/kinit.c: Forward decl 318 319 * lib/krb5/test_plugin.c: Use NOTHERE.H5L.SE. 320 321 * lib/krb5/krbhst.c: Fill in hints for picky getaddrinfo()s. 322 323 * lib/krb5/test_plugin.c: Set sin_len if it exists. 324 325 * lib/krb5/krbhst.c: Use plugin for the other realm locate types 326 too. 327 | 314 315 * lib/krb5/pac.c (fill_zeros): stop using MIN. 316 317 * kuser/kinit.c: Forward decl 318 319 * lib/krb5/test_plugin.c: Use NOTHERE.H5L.SE. 320 321 * lib/krb5/krbhst.c: Fill in hints for picky getaddrinfo()s. 322 323 * lib/krb5/test_plugin.c: Set sin_len if it exists. 324 325 * lib/krb5/krbhst.c: Use plugin for the other realm locate types 326 too. 327 |
3282006-11-12 Love H�rnquist �strand <lha@it.su.se> | 3282006-11-12 Love H��rnquist ��strand <lha@it.su.se> |
329 330 * lib/krb5/krb5_locl.h: Add plugin api 331 332 * lib/krb5/Makefile.am: Add plugin api. 333 334 * lib/krb5/krbhst.c: Use the resolve plugin interface. 335 336 * lib/krb5/locate_plugin.h: Add plugin interface for resolving 337 that is API compatible with MITs version. 338 339 * lib/krb5/plugin.c: Add first version of the plugin interface. 340 341 * lib/krb5/test_pac.c: Test signing. 342 343 * lib/krb5/pac.c: Add code to sign PACs, only arcfour for now. 344 345 * lib/krb5/krb5.h: Add struct krb5_pac. 346 | 329 330 * lib/krb5/krb5_locl.h: Add plugin api 331 332 * lib/krb5/Makefile.am: Add plugin api. 333 334 * lib/krb5/krbhst.c: Use the resolve plugin interface. 335 336 * lib/krb5/locate_plugin.h: Add plugin interface for resolving 337 that is API compatible with MITs version. 338 339 * lib/krb5/plugin.c: Add first version of the plugin interface. 340 341 * lib/krb5/test_pac.c: Test signing. 342 343 * lib/krb5/pac.c: Add code to sign PACs, only arcfour for now. 344 345 * lib/krb5/krb5.h: Add struct krb5_pac. 346 |
3472006-11-09 Love H�rnquist �strand <lha@it.su.se> | 3472006-11-09 Love H��rnquist ��strand <lha@it.su.se> |
348 349 * lib/krb5/test_pac.c: PAC testing. 350 351 * lib/krb5/pac.c: Sprinkle error strings. 352 353 * lib/krb5/pac.c: Verify LOGON_NAME. 354 355 * kdc/pkinit.c (_kdc_pk_check_client): drop client_princ as an 356 argument 357 358 * kdc/kerberos5.c (_kdc_as_rep): drop client_princ from 359 _kdc_pk_check_client since its not valid in canonicalize case 360 361 * lib/krb5/krb5_c_make_checksum.3: Document krb5_c_keylength. 362 363 * lib/krb5/mit_glue.c: Add krb5_c_keylength. 364 | 348 349 * lib/krb5/test_pac.c: PAC testing. 350 351 * lib/krb5/pac.c: Sprinkle error strings. 352 353 * lib/krb5/pac.c: Verify LOGON_NAME. 354 355 * kdc/pkinit.c (_kdc_pk_check_client): drop client_princ as an 356 argument 357 358 * kdc/kerberos5.c (_kdc_as_rep): drop client_princ from 359 _kdc_pk_check_client since its not valid in canonicalize case 360 361 * lib/krb5/krb5_c_make_checksum.3: Document krb5_c_keylength. 362 363 * lib/krb5/mit_glue.c: Add krb5_c_keylength. 364 |
3652006-11-08 Love H�rnquist �strand <lha@it.su.se> | 3652006-11-08 Love H��rnquist ��strand <lha@it.su.se> |
366 367 * lib/krb5/pac.c: Almost enough code to do PAC parsing and 368 verification, missing in the unix2NTTIME and ucs2 corner. The 369 later will be adressed by finally adding libwind. 370 371 * lib/krb5/krb5_init_context.3: document krb5_[gs]et_max_time_skew 372 373 * kdc/hpropd.c: Remove support dumping to a kerberos 4 database. 374 | 366 367 * lib/krb5/pac.c: Almost enough code to do PAC parsing and 368 verification, missing in the unix2NTTIME and ucs2 corner. The 369 later will be adressed by finally adding libwind. 370 371 * lib/krb5/krb5_init_context.3: document krb5_[gs]et_max_time_skew 372 373 * kdc/hpropd.c: Remove support dumping to a kerberos 4 database. 374 |
3752006-11-07 Love H�rnquist �strand <lha@it.su.se> | 3752006-11-07 Love H��rnquist ��strand <lha@it.su.se> |
376 377 * lib/krb5/context.c: rename krb5_[gs]et_time_wrap to 378 krb5_[gs]et_max_time_skew 379 380 * kdc/pkinit.c: Catch error string from hx509_cms_verify_signed. 381 Check for id-pKKdcEkuOID and warn if its not there. 382 383 * lib/krb5/rd_req.c: Add more krb5_rd_req_out_get functions. 384 | 376 377 * lib/krb5/context.c: rename krb5_[gs]et_time_wrap to 378 krb5_[gs]et_max_time_skew 379 380 * kdc/pkinit.c: Catch error string from hx509_cms_verify_signed. 381 Check for id-pKKdcEkuOID and warn if its not there. 382 383 * lib/krb5/rd_req.c: Add more krb5_rd_req_out_get functions. 384 |
3852006-11-06 Love H�rnquist �strand <lha@it.su.se> | 3852006-11-06 Love H��rnquist ��strand <lha@it.su.se> |
386 387 * lib/krb5/krb5.h: krb5_rd_req{,_in,_out}_ctx. 388 389 * lib/krb5/rd_req.c (krb5_rd_req_ctx): Add context all singing-all 390 dancing version of the krb5_rd_req and implement krb5_rd_req and 391 krb5_rd_req_with_keyblock using it. 392 | 386 387 * lib/krb5/krb5.h: krb5_rd_req{,_in,_out}_ctx. 388 389 * lib/krb5/rd_req.c (krb5_rd_req_ctx): Add context all singing-all 390 dancing version of the krb5_rd_req and implement krb5_rd_req and 391 krb5_rd_req_with_keyblock using it. 392 |
3932006-11-04 Love H�rnquist �strand <lha@it.su.se> | 3932006-11-04 Love H��rnquist ��strand <lha@it.su.se> |
394 395 * kdc/kerberos5.c (_kdc_as_rep): More verbose time skew logging. 396 | 394 395 * kdc/kerberos5.c (_kdc_as_rep): More verbose time skew logging. 396 |
3972006-11-03 Love H�rnquist �strand <lha@it.su.se> | 3972006-11-03 Love H��rnquist ��strand <lha@it.su.se> |
398 399 * lib/krb5/expand_hostname.c: Rename various routines and 400 constants from canonize to canonicalize. From Andrew Bartlett 401 402 * lib/krb5/context.c: Add krb5_[gs]et_time_wrap 403 404 * lib/krb5/krb5_locl.h: Rename various routines and constants from 405 canonize to canonicalize. From Andrew Bartlett 406 407 * appl/gssmask/common.c (add_list): fix alloc statement. 408 From Alex Deiter 409 | 398 399 * lib/krb5/expand_hostname.c: Rename various routines and 400 constants from canonize to canonicalize. From Andrew Bartlett 401 402 * lib/krb5/context.c: Add krb5_[gs]et_time_wrap 403 404 * lib/krb5/krb5_locl.h: Rename various routines and constants from 405 canonize to canonicalize. From Andrew Bartlett 406 407 * appl/gssmask/common.c (add_list): fix alloc statement. 408 From Alex Deiter 409 |
4102006-10-25 Love H�rnquist �strand <lha@it.su.se> | 4102006-10-25 Love H��rnquist ��strand <lha@it.su.se> |
411 412 * include/Makefile.am: Move version.h and version.h.in to 413 DISTCLEANFILES. 414 | 411 412 * include/Makefile.am: Move version.h and version.h.in to 413 DISTCLEANFILES. 414 |
4152006-10-24 Love H�rnquist �strand <lha@it.su.se> | 4152006-10-24 Love H��rnquist ��strand <lha@it.su.se> |
416 417 * appl/gssmask/gssmask.c: Only log when there are resources left. 418 419 * appl/gssmask/gssmask.c: make compile 420 421 * appl/gssmask/gssmask.c (AcquireCreds): free 422 krb5_get_init_creds_opt 423 | 416 417 * appl/gssmask/gssmask.c: Only log when there are resources left. 418 419 * appl/gssmask/gssmask.c: make compile 420 421 * appl/gssmask/gssmask.c (AcquireCreds): free 422 krb5_get_init_creds_opt 423 |
4242006-10-23 Love H�rnquist �strand <lha@it.su.se> | 4242006-10-23 Love H��rnquist ��strand <lha@it.su.se> |
425 426 * configure.in: heimdal 0.8-RC1 427 | 425 426 * configure.in: heimdal 0.8-RC1 427 |
4282006-10-22 Love H�rnquist �strand <lha@it.su.se> | 4282006-10-22 Love H��rnquist ��strand <lha@it.su.se> |
429 430 * lib/krb5/digest.c: Try to not leak memory. 431 432 * kdc/digest.c: Try to not leak memory. 433 434 * Makefile.am: remove valgrind target, it doesn't belong here. 435 436 * kuser/kinit.c: Try to not leak memory. --- 17 unchanged lines hidden (view full) --- 454 * lib/krb5/test_crypto_wrapping.c: Try to not leak memory. 455 456 * lib/krb5/test_cc.c: Try to not leak memory. 457 458 * lib/krb5/addr_families.c (arange_free): Try to not leak memory. 459 460 * lib/krb5/crypto.c (AES_string_to_key): Try to not leak memory. 461 | 429 430 * lib/krb5/digest.c: Try to not leak memory. 431 432 * kdc/digest.c: Try to not leak memory. 433 434 * Makefile.am: remove valgrind target, it doesn't belong here. 435 436 * kuser/kinit.c: Try to not leak memory. --- 17 unchanged lines hidden (view full) --- 454 * lib/krb5/test_crypto_wrapping.c: Try to not leak memory. 455 456 * lib/krb5/test_cc.c: Try to not leak memory. 457 458 * lib/krb5/addr_families.c (arange_free): Try to not leak memory. 459 460 * lib/krb5/crypto.c (AES_string_to_key): Try to not leak memory. 461 |
4622006-10-21 Love H�rnquist �strand <lha@it.su.se> | 4622006-10-21 Love H��rnquist ��strand <lha@it.su.se> |
463 464 * tools/heimdal-build.sh: Add --test-environment 465 466 * tools/heimdal-build.sh: Add --ccache-dir 467 468 * lib/hdb/Makefile.am: remove dependency on et files covert_db 469 that now is removed 470 | 463 464 * tools/heimdal-build.sh: Add --test-environment 465 466 * tools/heimdal-build.sh: Add --ccache-dir 467 468 * lib/hdb/Makefile.am: remove dependency on et files covert_db 469 that now is removed 470 |
4712006-10-20 Love H�rnquist �strand <lha@it.su.se> | 4712006-10-20 Love H��rnquist ��strand <lha@it.su.se> |
472 473 * include/Makefile.am: add gssapi to subdirs 474 475 * lib/hdb/hdb-ldap.c: Make compile. 476 477 * configure.in: add include/gssapi/Makefile. 478 479 * include/Makefile.am: clean more files --- 22 unchanged lines hidden (view full) --- 502 * kcm/Makefile.am: more files 503 504 * kdc/Makefile.am: more files 505 506 * lib/hdb/Makefile.am: more files 507 508 * lib/krb5/Makefile.am: add more files 509 | 472 473 * include/Makefile.am: add gssapi to subdirs 474 475 * lib/hdb/hdb-ldap.c: Make compile. 476 477 * configure.in: add include/gssapi/Makefile. 478 479 * include/Makefile.am: clean more files --- 22 unchanged lines hidden (view full) --- 502 * kcm/Makefile.am: more files 503 504 * kdc/Makefile.am: more files 505 506 * lib/hdb/Makefile.am: more files 507 508 * lib/krb5/Makefile.am: add more files 509 |
5102006-10-19 Love H�rnquist �strand <lha@it.su.se> | 5102006-10-19 Love H��rnquist ��strand <lha@it.su.se> |
511 512 * tools/Makefile.am: Add heimdal-build.sh to EXTRA_DIST. 513 514 * configure.in: Don't check for timegm, libroken provides it for 515 us. 516 517 * lib/krb5/acache.c: Does function typecasts instead of void * 518 type-casts. 519 520 * lib/krb5/krb5.h: Remove bonus , that Love sneeked in. 521 522 * configure.in: make --disable-pk-init help text also negative 523 | 511 512 * tools/Makefile.am: Add heimdal-build.sh to EXTRA_DIST. 513 514 * configure.in: Don't check for timegm, libroken provides it for 515 us. 516 517 * lib/krb5/acache.c: Does function typecasts instead of void * 518 type-casts. 519 520 * lib/krb5/krb5.h: Remove bonus , that Love sneeked in. 521 522 * configure.in: make --disable-pk-init help text also negative 523 |
5242006-10-18 Love H�rnquist �strand <lha@it.su.se> | 5242006-10-18 Love H��rnquist ��strand <lha@it.su.se> |
525 526 * kuser/kgetcred.c: Avoid memory leak. 527 528 * tools/heimdal-build.sh: Add more verbose logging, add version of 529 script and heimdal to the mail. 530 531 * lib/hdb/db3.c: Wrap function call pointer calls in (*func) to 532 avoid macros rewriting open and close. 533 534 * lib/krb5/Makefile.am: Add test_princ. 535 536 * lib/krb5/principal.c: More error strings, handle realm-less 537 printing. 538 539 * lib/krb5/test_princ.c: Test principal parsing and unparsing. 540 | 525 526 * kuser/kgetcred.c: Avoid memory leak. 527 528 * tools/heimdal-build.sh: Add more verbose logging, add version of 529 script and heimdal to the mail. 530 531 * lib/hdb/db3.c: Wrap function call pointer calls in (*func) to 532 avoid macros rewriting open and close. 533 534 * lib/krb5/Makefile.am: Add test_princ. 535 536 * lib/krb5/principal.c: More error strings, handle realm-less 537 printing. 538 539 * lib/krb5/test_princ.c: Test principal parsing and unparsing. 540 |
5412006-10-17 Love H�rnquist �strand <lha@it.su.se> | 5412006-10-17 Love H��rnquist ��strand <lha@it.su.se> |
542 543 * lib/krb5/get_host_realm.c (krb5_get_host_realm): make sure we 544 don't recurse 545 546 * lib/krb5/get_host_realm.c (krb5_get_host_realm): no components 547 -> no dns. no mapping, try local realm and hope KDC knows better. 548 549 * lib/krb5/krb5.h: Add flags for krb5_unparse_name_flags --- 36 unchanged lines hidden (view full) --- 586 * lib/krb5/krb5.h (krb5_context): add dns_canonize_hostname. 587 588 * tools/heimdal-build.sh: Set status. 589 590 * appl/gssmask/gssmask.c: handle more bits 591 592 * kdc/kerberos5.c: Prefix asn1 primitives with der_. 593 | 542 543 * lib/krb5/get_host_realm.c (krb5_get_host_realm): make sure we 544 don't recurse 545 546 * lib/krb5/get_host_realm.c (krb5_get_host_realm): no components 547 -> no dns. no mapping, try local realm and hope KDC knows better. 548 549 * lib/krb5/krb5.h: Add flags for krb5_unparse_name_flags --- 36 unchanged lines hidden (view full) --- 586 * lib/krb5/krb5.h (krb5_context): add dns_canonize_hostname. 587 588 * tools/heimdal-build.sh: Set status. 589 590 * appl/gssmask/gssmask.c: handle more bits 591 592 * kdc/kerberos5.c: Prefix asn1 primitives with der_. 593 |
5942006-10-16 Love H�rnquist �strand <lha@it.su.se> | 5942006-10-16 Love H��rnquist ��strand <lha@it.su.se> |
595 596 * fix-export: Build lib/asn1/der-protos.h. 597 | 595 596 * fix-export: Build lib/asn1/der-protos.h. 597 |
5982006-10-14 Love H�rnquist �strand <lha@it.su.se> | 5982006-10-14 Love H��rnquist ��strand <lha@it.su.se> |
599 600 * appl/gssmask/Makefile.am: Add explit depenency on libroken. 601 602 * kdc/krb5tgs.c: Prefix der primitives with der_. 603 604 * kdc/pkinit.c: Prefix der primitives with der_. 605 606 * lib/hdb/ext.c: Prefix der primitives with der_. --- 6 unchanged lines hidden (view full) --- 613 * lib/krb5/ticket.c: Prefix der primitives with der_. 614 615 * lib/krb5/digest.c: Prefix der primitives with der_. 616 617 * lib/krb5/crypto.c: Prefix der primitives with der_. 618 619 * lib/krb5/data.c: Prefix der primitives with der_. 620 | 599 600 * appl/gssmask/Makefile.am: Add explit depenency on libroken. 601 602 * kdc/krb5tgs.c: Prefix der primitives with der_. 603 604 * kdc/pkinit.c: Prefix der primitives with der_. 605 606 * lib/hdb/ext.c: Prefix der primitives with der_. --- 6 unchanged lines hidden (view full) --- 613 * lib/krb5/ticket.c: Prefix der primitives with der_. 614 615 * lib/krb5/digest.c: Prefix der primitives with der_. 616 617 * lib/krb5/crypto.c: Prefix der primitives with der_. 618 619 * lib/krb5/data.c: Prefix der primitives with der_. 620 |
6212006-10-12 Love H�rnquist �strand <lha@it.su.se> | 6212006-10-12 Love H��rnquist ��strand <lha@it.su.se> |
622 623 * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break. From 624 Olga Kornievskaia. 625 626 * kdc/kdc.8: document max-kdc-datagram-reply-length 627 628 * include/bits.c: Include Xint64 types. 629 | 622 623 * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break. From 624 Olga Kornievskaia. 625 626 * kdc/kdc.8: document max-kdc-datagram-reply-length 627 628 * include/bits.c: Include Xint64 types. 629 |
6302006-10-10 Love H�rnquist �strand <lha@it.su.se> | 6302006-10-10 Love H��rnquist ��strand <lha@it.su.se> |
631 632 * tools/heimdal-build.sh: Add socketwrapper and cputime limit. 633 634 * kdc/connect.c (loop): Log that the kdc have started. 635 | 631 632 * tools/heimdal-build.sh: Add socketwrapper and cputime limit. 633 634 * kdc/connect.c (loop): Log that the kdc have started. 635 |
6362006-10-09 Love H�rnquist �strand <lha@it.su.se> | 6362006-10-09 Love H��rnquist ��strand <lha@it.su.se> |
637 638 * kdc/connect.c (do_request): tell krb5_kdc_process_request if its 639 a datagram reply or not 640 641 * kdc/kerberos5.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG error if its 642 a datagram reply and the datagram reply length limit is reached. 643 644 * kdc/process.c: Rename krb5_kdc_process_generic_request to --- 8 unchanged lines hidden (view full) --- 653 * lib/hdb/keytab.c: Add back :file to sample format. 654 655 * lib/hdb/keytab.c: Add more HDB_F flags to hdb_fetch. Pointed out 656 by Andrew Bartlet. 657 658 * kdc/krb5tgs.c (tgs_parse_request): set cusec, not csec from 659 auth->cusec. 660 | 637 638 * kdc/connect.c (do_request): tell krb5_kdc_process_request if its 639 a datagram reply or not 640 641 * kdc/kerberos5.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG error if its 642 a datagram reply and the datagram reply length limit is reached. 643 644 * kdc/process.c: Rename krb5_kdc_process_generic_request to --- 8 unchanged lines hidden (view full) --- 653 * lib/hdb/keytab.c: Add back :file to sample format. 654 655 * lib/hdb/keytab.c: Add more HDB_F flags to hdb_fetch. Pointed out 656 by Andrew Bartlet. 657 658 * kdc/krb5tgs.c (tgs_parse_request): set cusec, not csec from 659 auth->cusec. 660 |
6612006-10-08 Love H�rnquist �strand <lha@it.su.se> | 6612006-10-08 Love H��rnquist ��strand <lha@it.su.se> |
662 663 * fix-export: dist_-ify libkadm5clnt_la_SOURCES too 664 665 * doc/heimdal.texi: Update (c) years. 666 667 * appl/gssmask/protocol.h: Clarify protocol. 668 669 * kdc/hpropd.c: Adapt to signature change of 670 _krb5_principalname2krb5_principal. 671 672 * kdc/kerberos4.c: Adapt to signature change of 673 _krb5_principalname2krb5_principal. 674 675 * kdc/connect.c (handle_vanilla_tcp): shorten length when we 676 shorten the buffer, this matter im the PK-INIT encKey case where a 677 checksum is done over the whole packet. Reported by Olga 678 Kornievskaia 679 | 662 663 * fix-export: dist_-ify libkadm5clnt_la_SOURCES too 664 665 * doc/heimdal.texi: Update (c) years. 666 667 * appl/gssmask/protocol.h: Clarify protocol. 668 669 * kdc/hpropd.c: Adapt to signature change of 670 _krb5_principalname2krb5_principal. 671 672 * kdc/kerberos4.c: Adapt to signature change of 673 _krb5_principalname2krb5_principal. 674 675 * kdc/connect.c (handle_vanilla_tcp): shorten length when we 676 shorten the buffer, this matter im the PK-INIT encKey case where a 677 checksum is done over the whole packet. Reported by Olga 678 Kornievskaia 679 |
6802006-10-07 Love H�rnquist �strand <lha@it.su.se> | 6802006-10-07 Love H��rnquist ��strand <lha@it.su.se> |
681 682 * include/Makefile.am: crypto-headers.h is a nodist header 683 684 * lib/krb5/aes-test.c: Make argument to PKCS5_PBKDF2_HMAC_SHA1 685 unsigned char to make OpenSSL happy. 686 687 * appl/kf/Makefile.am: Add man_MANS to EXTRA_DIST 688 --- 4 unchanged lines hidden (view full) --- 693 SOURCES 694 695 * lib/krb5/Makefile.am: split build files into dist_ and noinst_ 696 SOURCES 697 698 * kdc/kerberos5.c: Adapt to signature change of 699 _krb5_principalname2krb5_principal. 700 | 681 682 * include/Makefile.am: crypto-headers.h is a nodist header 683 684 * lib/krb5/aes-test.c: Make argument to PKCS5_PBKDF2_HMAC_SHA1 685 unsigned char to make OpenSSL happy. 686 687 * appl/kf/Makefile.am: Add man_MANS to EXTRA_DIST 688 --- 4 unchanged lines hidden (view full) --- 693 SOURCES 694 695 * lib/krb5/Makefile.am: split build files into dist_ and noinst_ 696 SOURCES 697 698 * kdc/kerberos5.c: Adapt to signature change of 699 _krb5_principalname2krb5_principal. 700 |
7012006-10-06 Love H�rnquist �strand <lha@it.su.se> | 7012006-10-06 Love H��rnquist ��strand <lha@it.su.se> |
702 703 * lib/krb5/krbhst.c (common_init): don't try DNS when there is 704 realm w/o a dot. 705 706 * kdc/524.c: Adapt to signature change of 707 _krb5_principalname2krb5_principal. 708 709 * kdc/krb5tgs.c: Adapt to signature change of --- 21 unchanged lines hidden (view full) --- 731 * kdc/digest.c: Make digest argument o MD5_final unsigned char to 732 help OpenSSL. 733 734 * kuser/kdigest.c: Make digest argument o MD5_final unsigned char 735 to help OpenSSL. 736 737 * appl/gssmask/common.h: Maybe include <sys/wait.h>. 738 | 702 703 * lib/krb5/krbhst.c (common_init): don't try DNS when there is 704 realm w/o a dot. 705 706 * kdc/524.c: Adapt to signature change of 707 _krb5_principalname2krb5_principal. 708 709 * kdc/krb5tgs.c: Adapt to signature change of --- 21 unchanged lines hidden (view full) --- 731 * kdc/digest.c: Make digest argument o MD5_final unsigned char to 732 help OpenSSL. 733 734 * kuser/kdigest.c: Make digest argument o MD5_final unsigned char 735 to help OpenSSL. 736 737 * appl/gssmask/common.h: Maybe include <sys/wait.h>. 738 |
7392006-10-05 Love H�rnquist �strand <lha@it.su.se> | 7392006-10-05 Love H��rnquist ��strand <lha@it.su.se> |
740 741 * appl/gssmask/common.h: disable ENABLE_PTHREAD_SUPPORT and 742 explain why 743 744 * tools/heimdal-build.sh: Another mail header. 745 746 * tools/heimdal-build.sh: small fixes 747 748 * fix-export: More liberal parsing of AC_INIT 749 750 * tools/heimdal-build.sh: first cut 751 | 740 741 * appl/gssmask/common.h: disable ENABLE_PTHREAD_SUPPORT and 742 explain why 743 744 * tools/heimdal-build.sh: Another mail header. 745 746 * tools/heimdal-build.sh: small fixes 747 748 * fix-export: More liberal parsing of AC_INIT 749 750 * tools/heimdal-build.sh: first cut 751 |
7522006-10-04 Love H�rnquist �strand <lha@it.su.se> | 7522006-10-04 Love H��rnquist ��strand <lha@it.su.se> |
753 754 * configure.in: Call AB_INIT. 755 756 * kuser/kinit.c: Add flag --pk-use-enckey. 757 758 * kdc/pkinit.c: Sign the request in the encKey case. Bug reported 759 by Olga Kornievskaia of Umich. 760 761 * lib/krb5/Makefile.am: man_MANS += krb5_digest.3 762 763 * lib/krb5/krb5_digest.3: Add all protos 764 | 753 754 * configure.in: Call AB_INIT. 755 756 * kuser/kinit.c: Add flag --pk-use-enckey. 757 758 * kdc/pkinit.c: Sign the request in the encKey case. Bug reported 759 by Olga Kornievskaia of Umich. 760 761 * lib/krb5/Makefile.am: man_MANS += krb5_digest.3 762 763 * lib/krb5/krb5_digest.3: Add all protos 764 |
7652006-10-03 Love H�rnquist �strand <lha@it.su.se> | 7652006-10-03 Love H��rnquist ��strand <lha@it.su.se> |
766 767 * lib/krb5/krb5_digest.3: Basic krb5_digest manpage. 768 | 766 767 * lib/krb5/krb5_digest.3: Basic krb5_digest manpage. 768 |
7692006-10-02 Love H�rnquist �strand <lha@it.su.se> | 7692006-10-02 Love H��rnquist ��strand <lha@it.su.se> |
770 771 * fix-export: build gssapi mech private files 772 773 * lib/krb5/init_creds_pw.c: minimize layering and remove 774 krb5_kdc_flags 775 776 * lib/krb5/get_in_tkt.c: Always use the kdc_flags in the right bit 777 order. 778 779 * lib/krb5/init_creds_pw.c: Always use the kdc_flags in the right 780 bit order. 781 782 * kuser/kdigest.c: Don't require --kerberos-realm. 783 784 * lib/krb5/digest.c (digest_request): if NULL is passed in as 785 realm, use default realm. 786 787 * fix-export: build gssapi mech private files 788 | 770 771 * fix-export: build gssapi mech private files 772 773 * lib/krb5/init_creds_pw.c: minimize layering and remove 774 krb5_kdc_flags 775 776 * lib/krb5/get_in_tkt.c: Always use the kdc_flags in the right bit 777 order. 778 779 * lib/krb5/init_creds_pw.c: Always use the kdc_flags in the right 780 bit order. 781 782 * kuser/kdigest.c: Don't require --kerberos-realm. 783 784 * lib/krb5/digest.c (digest_request): if NULL is passed in as 785 realm, use default realm. 786 787 * fix-export: build gssapi mech private files 788 |
7892006-09-26 Love H�rnquist �strand <lha@it.su.se> | 7892006-09-26 Love H��rnquist ��strand <lha@it.su.se> |
790 791 * appl/gssmask/gssmaestro.c: Handle FIRST_CALL in the context 792 building, better error handling. 793 794 * appl/gssmask/gssmaestro.c: switch from wrap/unwrap to 795 encrypt/decrypt 796 797 * appl/gssmask/gssmask.c: Don't announce spn if there is none. 798 799 * appl/gssmask/gssmaestro.c: Check that the pre-wrapped data is 800 the same as afterward. 801 | 790 791 * appl/gssmask/gssmaestro.c: Handle FIRST_CALL in the context 792 building, better error handling. 793 794 * appl/gssmask/gssmaestro.c: switch from wrap/unwrap to 795 encrypt/decrypt 796 797 * appl/gssmask/gssmask.c: Don't announce spn if there is none. 798 799 * appl/gssmask/gssmaestro.c: Check that the pre-wrapped data is 800 the same as afterward. 801 |
8022006-09-25 Love H�rnquist �strand <lha@it.su.se> | 8022006-09-25 Love H��rnquist ��strand <lha@it.su.se> |
803 804 * appl/gssmask/gssmaestro.c: Remove stray GSS_C_DCE_STYLE. 805 806 * appl/gssmask/gssmaestro.c: Add logsocket support. 807 | 803 804 * appl/gssmask/gssmaestro.c: Remove stray GSS_C_DCE_STYLE. 805 806 * appl/gssmask/gssmaestro.c: Add logsocket support. 807 |
8082006-09-22 Love H�rnquist �strand <lha@it.su.se> | 8082006-09-22 Love H��rnquist ��strand <lha@it.su.se> |
809 810 * appl/gssmask/gssmaestro.c (build_context): print the step the 811 context exchange. 812 | 809 810 * appl/gssmask/gssmaestro.c (build_context): print the step the 811 context exchange. 812 |
8132006-09-21 Love H�rnquist �strand <lha@it.su.se> | 8132006-09-21 Love H��rnquist ��strand <lha@it.su.se> |
814 815 * appl/gssmask/gssmaestro.c: Add GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG 816 to all context flags 817 818 * appl/gssmask/gssmaestro.c: Add wrap and mic tests for all 819 elements 820 821 * appl/gssmask/gssmask.c: Add mic tests 822 823 * appl/gssmask/gssmaestro.c: dont exit early then when context 824 is half built. 825 826 * lib/krb5/rd_req.c: disable ETypeList parsing usage for now, cfx 827 seems broken and its not good to upgrade to a broken enctype. 828 | 814 815 * appl/gssmask/gssmaestro.c: Add GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG 816 to all context flags 817 818 * appl/gssmask/gssmaestro.c: Add wrap and mic tests for all 819 elements 820 821 * appl/gssmask/gssmask.c: Add mic tests 822 823 * appl/gssmask/gssmaestro.c: dont exit early then when context 824 is half built. 825 826 * lib/krb5/rd_req.c: disable ETypeList parsing usage for now, cfx 827 seems broken and its not good to upgrade to a broken enctype. 828 |
8292006-09-20 Love H�rnquist �strand <lha@it.su.se> | 8292006-09-20 Love H��rnquist ��strand <lha@it.su.se> |
830 831 * appl/gssmask/gssmask.c: Add wrap/unwrap ops 832 833 * appl/gssmask/protocol.h: Add eGetVersionAndCapabilities flags 834 835 * appl/gssmask/common.c: Add permutate_all (and support 836 functions). 837 838 * appl/gssmask/common.h: Add permutate_all 839 840 * appl/gssmask/gssmask.c: use new flags, return moniker 841 842 * appl/gssmask/gssmaestro.c: test self context building and all 843 permutation of clients 844 | 830 831 * appl/gssmask/gssmask.c: Add wrap/unwrap ops 832 833 * appl/gssmask/protocol.h: Add eGetVersionAndCapabilities flags 834 835 * appl/gssmask/common.c: Add permutate_all (and support 836 functions). 837 838 * appl/gssmask/common.h: Add permutate_all 839 840 * appl/gssmask/gssmask.c: use new flags, return moniker 841 842 * appl/gssmask/gssmaestro.c: test self context building and all 843 permutation of clients 844 |
8452006-09-19 Love H�rnquist �strand <lha@it.su.se> | 8452006-09-19 Love H��rnquist ��strand <lha@it.su.se> |
846 847 * appl/gssmask/gssmask.c: add --logfile option, use htons() on 848 port number 849 850 * appl/gssmask/gssmaestro.c: Log port in connection message. 851 852 * configure.in: Make pk-init turned on by default. 853 | 846 847 * appl/gssmask/gssmask.c: add --logfile option, use htons() on 848 port number 849 850 * appl/gssmask/gssmaestro.c: Log port in connection message. 851 852 * configure.in: Make pk-init turned on by default. 853 |
8542006-09-18 Love H�rnquist �strand <lha@it.su.se> | 8542006-09-18 Love H��rnquist ��strand <lha@it.su.se> |
855 856 * fix-export: Build lib/hx509/{hx509-protos.h,hx509-private.h}. 857 858 * kuser/Makefile.am: Add tool for printing tickets. 859 860 * kuser/kimpersonate.1: Add tool for printing tickets. 861 862 * kuser/kimpersonate.c: Add tool for printing tickets. 863 864 * kdc/krb5tgs.c: Check the adtkt in the constrained delegation 865 case too. 866 | 855 856 * fix-export: Build lib/hx509/{hx509-protos.h,hx509-private.h}. 857 858 * kuser/Makefile.am: Add tool for printing tickets. 859 860 * kuser/kimpersonate.1: Add tool for printing tickets. 861 862 * kuser/kimpersonate.c: Add tool for printing tickets. 863 864 * kdc/krb5tgs.c: Check the adtkt in the constrained delegation 865 case too. 866 |
8672006-09-16 Love H�rnquist �strand <lha@it.su.se> | 8672006-09-16 Love H��rnquist ��strand <lha@it.su.se> |
868 869 * kdc/main.c (sigterm): don't _exit, let loop() catch the signal 870 instead. 871 | 868 869 * kdc/main.c (sigterm): don't _exit, let loop() catch the signal 870 instead. 871 |
872 * lib/krb5/krb5_timeofday.3: Fixes from Bj�rn Sandell. | 872 * lib/krb5/krb5_timeofday.3: Fixes from Bj��rn Sandell. |
873 | 873 |
874 * lib/krb5/krb5_get_init_creds.3: Fixes from Bj�rn Sandell. | 874 * lib/krb5/krb5_get_init_creds.3: Fixes from Bj��rn Sandell. |
875 | 875 |
8762006-09-15 Love H�rnquist �strand <lha@it.su.se> | 8762006-09-15 Love H��rnquist ��strand <lha@it.su.se> |
877 878 * tools/krb5-config.in: Add "kafs" option. 879 | 877 878 * tools/krb5-config.in: Add "kafs" option. 879 |
8802006-09-12 Love H�rnquist �strand <lha@it.su.se> | 8802006-09-12 Love H��rnquist ��strand <lha@it.su.se> |
881 882 * lib/hdb/db.c: By using full function calling conversion (*func) 883 we avoid problem when close(fd) is overridden using a macro. 884 885 * lib/krb5/cache.c: By using full function calling 886 conversion (*func) we avoid problem when close(fd) is overridden 887 using a macro. 888 | 881 882 * lib/hdb/db.c: By using full function calling conversion (*func) 883 we avoid problem when close(fd) is overridden using a macro. 884 885 * lib/krb5/cache.c: By using full function calling 886 conversion (*func) we avoid problem when close(fd) is overridden 887 using a macro. 888 |
8892006-09-11 Love H�rnquist �strand <lha@it.su.se> | 8892006-09-11 Love H��rnquist ��strand <lha@it.su.se> |
890 891 * kdc/kerberos5.c: Signing outgoing tickets. 892 893 * kdc/krb5tgs.c: Add signing and checking of tickets to s4u2self 894 works securely. 895 896 * lib/krb5/pkinit.c: Adapt to new signature of 897 hx509_cms_unenvelope. 898 | 890 891 * kdc/kerberos5.c: Signing outgoing tickets. 892 893 * kdc/krb5tgs.c: Add signing and checking of tickets to s4u2self 894 works securely. 895 896 * lib/krb5/pkinit.c: Adapt to new signature of 897 hx509_cms_unenvelope. 898 |
8992006-09-09 Love H�rnquist �strand <lha@it.su.se> | 8992006-09-09 Love H��rnquist ��strand <lha@it.su.se> |
900 901 * lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a 902 sensable way 903 | 900 901 * lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a 902 sensable way 903 |
9042006-09-08 Love H�rnquist �strand <lha@it.su.se> | 9042006-09-08 Love H��rnquist ��strand <lha@it.su.se> |
905 906 * lib/krb5/krb5_init_context.3: Prevent a font generation warning, 907 from Jason McIntyre. 908 | 905 906 * lib/krb5/krb5_init_context.3: Prevent a font generation warning, 907 from Jason McIntyre. 908 |
9092006-09-06 Love H�rnquist �strand <lha@it.su.se> | 9092006-09-06 Love H��rnquist ��strand <lha@it.su.se> |
910 911 * lib/krb5/context.c (krb5_init_ets): Add the hx errortable 912 913 * lib/krb5/krb5_locl.h: Include hx509_err.h. 914 915 * lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string 916 from the hx509 lib 917 | 910 911 * lib/krb5/context.c (krb5_init_ets): Add the hx errortable 912 913 * lib/krb5/krb5_locl.h: Include hx509_err.h. 914 915 * lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string 916 from the hx509 lib 917 |
9182006-09-04 Love H�rnquist �strand <lha@it.su.se> | 9182006-09-04 Love H��rnquist ��strand <lha@it.su.se> |
919 920 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): 921 fix argument to krb5_get_init_creds_opt_set_addressless. 922 923 * lib/krb5/init_creds_pw.c (init_cred_loop): try to catch the 924 error when we actually have an error to catch. 925 926 * lib/krb5/init_creds_pw.c: Remove debug printfs. --- 13 unchanged lines hidden (view full) --- 940 option to use the same tri-state option as the new addressless 941 option. 942 943 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_addressless): 944 used to control the address-lessness of the initial tickets 945 instead of passing in the empty set of address into 946 krb5_get_init_creds_opt_set_addresses. 947 | 919 920 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): 921 fix argument to krb5_get_init_creds_opt_set_addressless. 922 923 * lib/krb5/init_creds_pw.c (init_cred_loop): try to catch the 924 error when we actually have an error to catch. 925 926 * lib/krb5/init_creds_pw.c: Remove debug printfs. --- 13 unchanged lines hidden (view full) --- 940 option to use the same tri-state option as the new addressless 941 option. 942 943 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_addressless): 944 used to control the address-lessness of the initial tickets 945 instead of passing in the empty set of address into 946 krb5_get_init_creds_opt_set_addresses. 947 |
9482006-09-01 Love H�rnquist �strand <lha@it.su.se> | 9482006-09-01 Love H��rnquist ��strand <lha@it.su.se> |
949 950 * kuser/kinit.c (renew_validate): inherit the proxiable and 951 forwardable from the orignal ticket, pointed out by Bernard 952 Antoine of CERN. 953 954 * doc/setup.texi: More text about the acl_file entry and | 949 950 * kuser/kinit.c (renew_validate): inherit the proxiable and 951 forwardable from the orignal ticket, pointed out by Bernard 952 Antoine of CERN. 953 954 * doc/setup.texi: More text about the acl_file entry and |
955 hdb-ldap-structural-object. From R�diger Ranft. | 955 hdb-ldap-structural-object. From R��diger Ranft. |
956 957 * lib/krb5/krbhst.c (fallback_get_hosts): limit the fallback 958 lookups to 5. Patch from Wesley Craig, umich.edu 959 960 * configure.in: Add special tests for <sys/ucred.h>, include test 961 for sys/param.h and sys/types.h 962 963 * appl/test/tcp_server.c (proto): use keytab for krb5_recvauth 964 Patch from Ingemar Nilsson <init@pdc.kth.se> 965 | 956 957 * lib/krb5/krbhst.c (fallback_get_hosts): limit the fallback 958 lookups to 5. Patch from Wesley Craig, umich.edu 959 960 * configure.in: Add special tests for <sys/ucred.h>, include test 961 for sys/param.h and sys/types.h 962 963 * appl/test/tcp_server.c (proto): use keytab for krb5_recvauth 964 Patch from Ingemar Nilsson <init@pdc.kth.se> 965 |
9662006-08-28 Love H�rnquist �strand <lha@it.su.se> | 9662006-08-28 Love H��rnquist ��strand <lha@it.su.se> |
967 968 * kuser/kdigest.c (help): use sl_slc_help(). 969 970 * kdc/digest.c: Catch more error, add SASL DIGEST MD5. 971 972 * lib/krb5/digest.c: Catch more error. 973 | 967 968 * kuser/kdigest.c (help): use sl_slc_help(). 969 970 * kdc/digest.c: Catch more error, add SASL DIGEST MD5. 971 972 * lib/krb5/digest.c: Catch more error. 973 |
9742006-08-25 Love H�rnquist �strand <lha@it.su.se> | 9742006-08-25 Love H��rnquist ��strand <lha@it.su.se> |
975 976 * doc/setup.texi: language. 977 978 * doc/heimdal.texi: Add last updated text. 979 980 * doc/heimdal.css: make box around heimdal title 981 982 * doc/heimdal.css: Inital Heimdal css for the info manual 983 984 * lib/krb5/digest.c: In the case where we get a DigestError back, 985 save the error string and code. 986 | 975 976 * doc/setup.texi: language. 977 978 * doc/heimdal.texi: Add last updated text. 979 980 * doc/heimdal.css: make box around heimdal title 981 982 * doc/heimdal.css: Inital Heimdal css for the info manual 983 984 * lib/krb5/digest.c: In the case where we get a DigestError back, 985 save the error string and code. 986 |
9872006-08-24 Love H�rnquist �strand <lha@it.su.se> | 9872006-08-24 Love H��rnquist ��strand <lha@it.su.se> |
988 989 * kdc/kerberos5.c: Remove _kdc_find_etype(), its no longer used. 990 991 * kdc/digest.c: Remove local error label and have just one exit 992 label, set error strings properly. 993 994 * kdc/digest.c: Simply the disabled-service case. Check the 995 allow-digest flag in the HDB entry for the client. --- 26 unchanged lines hidden (view full) --- 1022 return the most preferred key. 1023 1024 * kdc/krb5tgs.c: Adapt to the new sigature of _kdc_find_keys(). 1025 1026 * kdc/kerberos5.c: Handle session key etype separately from the 1027 tgt etype, now the krbtgt can be a aes-only key without the need 1028 to support not-as-good etypes for the krbtgt. 1029 | 988 989 * kdc/kerberos5.c: Remove _kdc_find_etype(), its no longer used. 990 991 * kdc/digest.c: Remove local error label and have just one exit 992 label, set error strings properly. 993 994 * kdc/digest.c: Simply the disabled-service case. Check the 995 allow-digest flag in the HDB entry for the client. --- 26 unchanged lines hidden (view full) --- 1022 return the most preferred key. 1023 1024 * kdc/krb5tgs.c: Adapt to the new sigature of _kdc_find_keys(). 1025 1026 * kdc/kerberos5.c: Handle session key etype separately from the 1027 tgt etype, now the krbtgt can be a aes-only key without the need 1028 to support not-as-good etypes for the krbtgt. 1029 |
10302006-08-23 Love H�rnquist �strand <lha@it.su.se> | 10302006-08-23 Love H��rnquist ��strand <lha@it.su.se> |
1031 1032 * kdc/misc.c: Change _kdc_db_fetch() to return the database 1033 pointer to if needed by the consumer. 1034 1035 * kdc/krb5tgs.c: Change _kdc_db_fetch() to return the database 1036 pointer to if needed by the consumer. 1037 1038 * kdc/kerberos5.c: Change _kdc_db_fetch() to return the database --- 15 unchanged lines hidden (view full) --- 1054 1055 * lib/krb5/krb5.h: Add digest glue. 1056 1057 * lib/krb5/digest.c (krb5_digest_set_authentication_user): use 1058 krb5_principal 1059 1060 * lib/krb5/digest.c: Add digest support to the client side. 1061 | 1031 1032 * kdc/misc.c: Change _kdc_db_fetch() to return the database 1033 pointer to if needed by the consumer. 1034 1035 * kdc/krb5tgs.c: Change _kdc_db_fetch() to return the database 1036 pointer to if needed by the consumer. 1037 1038 * kdc/kerberos5.c: Change _kdc_db_fetch() to return the database --- 15 unchanged lines hidden (view full) --- 1054 1055 * lib/krb5/krb5.h: Add digest glue. 1056 1057 * lib/krb5/digest.c (krb5_digest_set_authentication_user): use 1058 krb5_principal 1059 1060 * lib/krb5/digest.c: Add digest support to the client side. 1061 |
10622006-08-21 Love H�rnquist �strand <lha@it.kth.se> | 10622006-08-21 Love H��rnquist ��strand <lha@it.kth.se> |
1063 1064 * lib/krb5/rd_rep.c (krb5_rd_rep): free krb5_ap_rep_enc_part on 1065 error and set return pointer to NULL 1066 (krb5_free_ap_rep_enc_part): permit freeing of NULL 1067 | 1063 1064 * lib/krb5/rd_rep.c (krb5_rd_rep): free krb5_ap_rep_enc_part on 1065 error and set return pointer to NULL 1066 (krb5_free_ap_rep_enc_part): permit freeing of NULL 1067 |
10682006-08-18 Love H�rnquist �strand <lha@it.kth.se> | 10682006-08-18 Love H��rnquist ��strand <lha@it.kth.se> |
1069 1070 * kdc/{Makefile.am,kdigest.c,kdigest-commands.in}: 1071 Frontend for remote digest service in KDC 1072 1073 * lib/krb5/krb5_storage.3: Document krb5_{ret,store}_stringnl 1074 functions. 1075 1076 * lib/krb5/store.c: Add krb5_{ret,store}_stringnl functions, 1077 stores/retrieves a \n terminated string. 1078 1079 * lib/krb5/krb5_locl.h: Default to address-less tickets. 1080 1081 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): clear 1082 error string on error. 1083 | 1069 1070 * kdc/{Makefile.am,kdigest.c,kdigest-commands.in}: 1071 Frontend for remote digest service in KDC 1072 1073 * lib/krb5/krb5_storage.3: Document krb5_{ret,store}_stringnl 1074 functions. 1075 1076 * lib/krb5/store.c: Add krb5_{ret,store}_stringnl functions, 1077 stores/retrieves a \n terminated string. 1078 1079 * lib/krb5/krb5_locl.h: Default to address-less tickets. 1080 1081 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): clear 1082 error string on error. 1083 |
10842006-07-20 Love H�rnquist �strand <lha@it.su.se> | 10842006-07-20 Love H��rnquist ��strand <lha@it.su.se> |
1085 1086 * lib/krb5/crypto.c: remove aes-192 (CMS) 1087 1088 * lib/krb5/crypto.c: Remove more CMS bits. 1089 1090 * lib/krb5/crypto.c: Remove CMS symmetric encryption support. 1091 | 1085 1086 * lib/krb5/crypto.c: remove aes-192 (CMS) 1087 1088 * lib/krb5/crypto.c: Remove more CMS bits. 1089 1090 * lib/krb5/crypto.c: Remove CMS symmetric encryption support. 1091 |
10922006-07-13 Love H�rnquist �strand <lha@it.su.se> | 10922006-07-13 Love H��rnquist ��strand <lha@it.su.se> |
1093 1094 * kdc/pkinit.c (_kdc_pk_check_client): make it not crash when 1095 there are no acl 1096 1097 * kdc/pkinit.c (_kdc_pk_check_client): use the acl in the kerberos 1098 database 1099 1100 * lib/hdb/hdb.asn1: Rename HDB-Ext-PKINIT-certificate to 1101 HDB-Ext-PKINIT-hash. Add trust anchor to HDB-Ext-PKINIT-acl. 1102 1103 * lib/hdb/Makefile.am: rename asn1_HDB_Ext_PKINIT_certificate to 1104 asn1_HDB_Ext_PKINIT_hash 1105 1106 * lib/hdb/ext.c: Add hdb_entry_get_pkinit_hash(). 1107 | 1093 1094 * kdc/pkinit.c (_kdc_pk_check_client): make it not crash when 1095 there are no acl 1096 1097 * kdc/pkinit.c (_kdc_pk_check_client): use the acl in the kerberos 1098 database 1099 1100 * lib/hdb/hdb.asn1: Rename HDB-Ext-PKINIT-certificate to 1101 HDB-Ext-PKINIT-hash. Add trust anchor to HDB-Ext-PKINIT-acl. 1102 1103 * lib/hdb/Makefile.am: rename asn1_HDB_Ext_PKINIT_certificate to 1104 asn1_HDB_Ext_PKINIT_hash 1105 1106 * lib/hdb/ext.c: Add hdb_entry_get_pkinit_hash(). 1107 |
11082006-07-10 Love H�rnquist �strand <lha@it.su.se> | 11082006-07-10 Love H��rnquist ��strand <lha@it.su.se> |
1109 1110 * kuser/kinit.c: If --password-file gets STDIN, read the password 1111 from the standard input. 1112 1113 * kuser/kinit.1: Document --password-file=STDIN. 1114 1115 * lib/krb5/krb5_string_to_key.3: Remove duplicate to. 1116 | 1109 1110 * kuser/kinit.c: If --password-file gets STDIN, read the password 1111 from the standard input. 1112 1113 * kuser/kinit.1: Document --password-file=STDIN. 1114 1115 * lib/krb5/krb5_string_to_key.3: Remove duplicate to. 1116 |
11172006-07-06 Love H�rnquist �strand <lha@it.su.se> | 11172006-07-06 Love H��rnquist ��strand <lha@it.su.se> |
1118 1119 * kdc/krb5tgs.c: (tgs_build_reply): when checking for removed 1120 principals, check the second component of the krbtgt, otherwise 1121 cross realm wont work. Prompted by report from Mattias Amnefelt. 1122 | 1118 1119 * kdc/krb5tgs.c: (tgs_build_reply): when checking for removed 1120 principals, check the second component of the krbtgt, otherwise 1121 cross realm wont work. Prompted by report from Mattias Amnefelt. 1122 |
11232006-07-05 Love H�rnquist �strand <lha@it.su.se> | 11232006-07-05 Love H��rnquist ��strand <lha@it.su.se> |
1124 1125 * kdc/connect.c (handle_vanilla_tcp): use unsigned integer for for 1126 length 1127 (handle_tcp): if the high bit it set in the unknown case, send 1128 back a KRB_ERR_FIELD_TOOLONG 1129 | 1124 1125 * kdc/connect.c (handle_vanilla_tcp): use unsigned integer for for 1126 length 1127 (handle_tcp): if the high bit it set in the unknown case, send 1128 back a KRB_ERR_FIELD_TOOLONG 1129 |
11302006-07-03 Love H�rnquist �strand <lha@it.su.se> | 11302006-07-03 Love H��rnquist ��strand <lha@it.su.se> |
1131 1132 * appl/gssmask/gssmaestro.c: Add get_version_capa, cache 1133 target_name. 1134 1135 * appl/gssmask/gssmask.c: use utname() to find the local hostname 1136 and version of operatingsystem 1137 1138 * appl/gssmask/common.h: include <sys/utsname.h> 1139 1140 * appl/gssmask/gssmask.c: break out creation of a client and make 1141 handleServer pthread_create compatible 1142 1143 * appl/gssmask/gssmaestro.c: break out out the build context 1144 function 1145 | 1131 1132 * appl/gssmask/gssmaestro.c: Add get_version_capa, cache 1133 target_name. 1134 1135 * appl/gssmask/gssmask.c: use utname() to find the local hostname 1136 and version of operatingsystem 1137 1138 * appl/gssmask/common.h: include <sys/utsname.h> 1139 1140 * appl/gssmask/gssmask.c: break out creation of a client and make 1141 handleServer pthread_create compatible 1142 1143 * appl/gssmask/gssmaestro.c: break out out the build context 1144 function 1145 |
11462006-07-01 Love H�rnquist �strand <lha@it.su.se> | 11462006-07-01 Love H��rnquist ��strand <lha@it.su.se> |
1147 1148 * appl/gssmask/gssmaestro.c: externalize slave handling, add 1149 GetTargetName glue 1150 1151 * appl/gssmask/gssmaestro.c: externalize principal/password handling 1152 1153 * lib/krb5/principal.c (krb5_parse_name): set *principal to NULL 1154 the first thing we do, so that on failure its set to a known value 1155 1156 * appl/gssmask/gssmask.c: AcquireCreds: set principal to NULL to 1157 avoid memory corruption GetTargetName: always send a string, even 1158 though we don't have a targetname 1159 1160 * appl/gssmask: break out common function; add gssmaestro (that 1161 only tests one context for now) 1162 | 1147 1148 * appl/gssmask/gssmaestro.c: externalize slave handling, add 1149 GetTargetName glue 1150 1151 * appl/gssmask/gssmaestro.c: externalize principal/password handling 1152 1153 * lib/krb5/principal.c (krb5_parse_name): set *principal to NULL 1154 the first thing we do, so that on failure its set to a known value 1155 1156 * appl/gssmask/gssmask.c: AcquireCreds: set principal to NULL to 1157 avoid memory corruption GetTargetName: always send a string, even 1158 though we don't have a targetname 1159 1160 * appl/gssmask: break out common function; add gssmaestro (that 1161 only tests one context for now) 1162 |
11632006-06-30 Love H�rnquist �strand <lha@it.su.se> | 11632006-06-30 Love H��rnquist ��strand <lha@it.su.se> |
1164 1165 * lib/krb5/store_fd.c (krb5_storage_from_fd): don't leak fd on 1166 malloc failure 1167 1168 * appl/gssmask/gssmask.c: split out fetching of credentials for 1169 easier reuse for pk-init testing 1170 1171 * appl/gssmask: maggot replacement, handles context testing 1172 1173 * lib/krb5/cache.c (krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME 1174 as the default prefix 1175 | 1164 1165 * lib/krb5/store_fd.c (krb5_storage_from_fd): don't leak fd on 1166 malloc failure 1167 1168 * appl/gssmask/gssmask.c: split out fetching of credentials for 1169 easier reuse for pk-init testing 1170 1171 * appl/gssmask: maggot replacement, handles context testing 1172 1173 * lib/krb5/cache.c (krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME 1174 as the default prefix 1175 |
11762006-06-28 Love H�rnquist �strand <lha@it.su.se> | 11762006-06-28 Love H��rnquist ��strand <lha@it.su.se> |
1177 1178 * doc/heimdal.texi: Add Doug Rabson's license 1179 | 1177 1178 * doc/heimdal.texi: Add Doug Rabson's license 1179 |
11802006-06-22 Love H�rnquist �strand <lha@it.su.se> | 11802006-06-22 Love H��rnquist ��strand <lha@it.su.se> |
1181 1182 * lib/krb5/init_creds.c: Add storing and getting KRB-ERROR in the 1183 krb5_get_init_creds_opt structure. 1184 1185 * lib/krb5/init_creds_pw.c: Save KRB-ERROR on error. 1186 1187 * lib/krb5/krb5_locl.h (_krb5_get_init_creds_opt_private): add 1188 KRB-ERROR 1189 | 1181 1182 * lib/krb5/init_creds.c: Add storing and getting KRB-ERROR in the 1183 krb5_get_init_creds_opt structure. 1184 1185 * lib/krb5/init_creds_pw.c: Save KRB-ERROR on error. 1186 1187 * lib/krb5/krb5_locl.h (_krb5_get_init_creds_opt_private): add 1188 KRB-ERROR 1189 |
11902006-06-21 Love H�rnquist �strand <lha@it.su.se> | 11902006-06-21 Love H��rnquist ��strand <lha@it.su.se> |
1191 1192 * doc/setup.texi: section about verify_krb5_conf and kadmin check 1193 | 1191 1192 * doc/setup.texi: section about verify_krb5_conf and kadmin check 1193 |
11942006-06-15 Love H�rnquist �strand <lha@it.su.se> | 11942006-06-15 Love H��rnquist ��strand <lha@it.su.se> |
1195 1196 * lib/krb5/init_creds_pw.c (get_init_creds_common): drop cred 1197 argument, its unused 1198 1199 * lib/krb5/Makefile.am: install krb5_get_creds.3 1200 1201 * lib/krb5/krb5_get_creds.3: new file 1202 | 1195 1196 * lib/krb5/init_creds_pw.c (get_init_creds_common): drop cred 1197 argument, its unused 1198 1199 * lib/krb5/Makefile.am: install krb5_get_creds.3 1200 1201 * lib/krb5/krb5_get_creds.3: new file 1202 |
12032006-06-14 Love H�rnquist �strand <lha@it.su.se> | 12032006-06-14 Love H��rnquist ��strand <lha@it.su.se> |
1204 1205 * lib/hdb/hdb-ldap.c: don't use the sambaNTPassword if there is 1206 ARCFOUR key already. Idea from Andreas Hasenack. While here, set 1207 pw change time using sambaPwdLastSet 1208 1209 * kdc/kerberos4.c: Use enable_v4_per_principal and check the new 1210 hdb flag. 1211 1212 * kdc/kdc.h: Add enable_v4_per_principal 1213 | 1204 1205 * lib/hdb/hdb-ldap.c: don't use the sambaNTPassword if there is 1206 ARCFOUR key already. Idea from Andreas Hasenack. While here, set 1207 pw change time using sambaPwdLastSet 1208 1209 * kdc/kerberos4.c: Use enable_v4_per_principal and check the new 1210 hdb flag. 1211 1212 * kdc/kdc.h: Add enable_v4_per_principal 1213 |
12142006-06-12 Love H�rnquist �strand <lha@it.su.se> | 12142006-06-12 Love H��rnquist ��strand <lha@it.su.se> |
1215 1216 * kdc/kerberos5.c (_kdc_as_rep): if kdc_time + 1217 config->kdc_warn_pwexpire is past pw_end, add expiration 1218 message. From Bernard Antoine. 1219 1220 * kdc/default_config.c (krb5_kdc_default_config): set 1221 kdc_warn_pwexpire to 0 1222 1223 * kdc/kerberos5.c: indent. 1224 | 1215 1216 * kdc/kerberos5.c (_kdc_as_rep): if kdc_time + 1217 config->kdc_warn_pwexpire is past pw_end, add expiration 1218 message. From Bernard Antoine. 1219 1220 * kdc/default_config.c (krb5_kdc_default_config): set 1221 kdc_warn_pwexpire to 0 1222 1223 * kdc/kerberos5.c: indent. 1224 |
12252006-06-07 Love H�rnquist �strand <lha@it.su.se> | 12252006-06-07 Love H��rnquist ��strand <lha@it.su.se> |
1226 1227 * kdc/kerberos5.c: constify 1228 | 1226 1227 * kdc/kerberos5.c: constify 1228 |
12292006-06-06 Love H�rnquist �strand <lha@it.su.se> | 12292006-06-06 Love H��rnquist ��strand <lha@it.su.se> |
1230 1231 * lib/krb5/get_cred.c: Allow setting additional tickets in the 1232 tgs-req 1233 1234 * kuser/kgetcred.c: add --delegation-credential-cache 1235 1236 * kdc/krb5tgs.c (tgs_build_reply): add constrained delegation. 1237 --- 9 unchanged lines hidden (view full) --- 1247 1248 * lib/krb5/get_cred.c: Add impersonate and new krb5_get_creds interface. 1249 1250 * lib/hdb/hdb.asn1 (HDBFlags): add trusted-for-delegation 1251 1252 * lib/krb5/krb5.h: Add krb5_get_creds_opt_data and some more 1253 KRB5_GC flags. 1254 | 1230 1231 * lib/krb5/get_cred.c: Allow setting additional tickets in the 1232 tgs-req 1233 1234 * kuser/kgetcred.c: add --delegation-credential-cache 1235 1236 * kdc/krb5tgs.c (tgs_build_reply): add constrained delegation. 1237 --- 9 unchanged lines hidden (view full) --- 1247 1248 * lib/krb5/get_cred.c: Add impersonate and new krb5_get_creds interface. 1249 1250 * lib/hdb/hdb.asn1 (HDBFlags): add trusted-for-delegation 1251 1252 * lib/krb5/krb5.h: Add krb5_get_creds_opt_data and some more 1253 KRB5_GC flags. 1254 |
12552006-06-01 Love H�rnquist �strand <lha@it.su.se> | 12552006-06-01 Love H��rnquist ��strand <lha@it.su.se> |
1256 1257 * lib/hdb/ext.c (hdb_entry_get_ConstrainedDelegACL): new function. 1258 1259 * lib/krb5/pkinit.c: Avoid more shadowing. 1260 1261 * kdc/connect.c (do_request): clean reply with krb5_data_zero 1262 1263 * kdc/krb5tgs.c: Split up the reverse cross krbtgt check and local 1264 clien must exists test. 1265 1266 * kdc/krb5tgs.c: Plug old memory leaks, unify all goto's. 1267 1268 * kdc/krb5tgs.c: Split tgs_rep2 into tgs_parse_request and 1269 tgs_build_reply. 1270 1271 * kdc/kerberos5.c: split out krb5 tgs req to make it easier to 1272 reorganize the code. 1273 | 1256 1257 * lib/hdb/ext.c (hdb_entry_get_ConstrainedDelegACL): new function. 1258 1259 * lib/krb5/pkinit.c: Avoid more shadowing. 1260 1261 * kdc/connect.c (do_request): clean reply with krb5_data_zero 1262 1263 * kdc/krb5tgs.c: Split up the reverse cross krbtgt check and local 1264 clien must exists test. 1265 1266 * kdc/krb5tgs.c: Plug old memory leaks, unify all goto's. 1267 1268 * kdc/krb5tgs.c: Split tgs_rep2 into tgs_parse_request and 1269 tgs_build_reply. 1270 1271 * kdc/kerberos5.c: split out krb5 tgs req to make it easier to 1272 reorganize the code. 1273 |
12742006-05-29 Love H�rnquist �strand <lha@it.su.se> | 12742006-05-29 Love H��rnquist ��strand <lha@it.su.se> |
1275 | 1275 |
1276 * lib/krb5/krb5_get_init_creds.3: spelling Bj�rn Sandell | 1276 * lib/krb5/krb5_get_init_creds.3: spelling Bj��rn Sandell |
1277 | 1277 |
1278 * lib/krb5/krb5_get_in_cred.3: spelling Bj�rn Sandell | 1278 * lib/krb5/krb5_get_in_cred.3: spelling Bj��rn Sandell |
1279 | 1279 |
12802006-05-13 Love H�rnquist �strand <lha@it.su.se> | 12802006-05-13 Love H��rnquist ��strand <lha@it.su.se> |
1281 1282 * kpasswd/kpasswdd.c (change): select the realm based on the 1283 target principal From Gabor Gombas 1284 1285 * lib/krb5/krb5_get_init_creds.3: Add KRB5_PROMPT_TYPE_INFO 1286 1287 * lib/krb5/krb5.h: Add KRB5_PROMPT_TYPE_INFO 1288 | 1281 1282 * kpasswd/kpasswdd.c (change): select the realm based on the 1283 target principal From Gabor Gombas 1284 1285 * lib/krb5/krb5_get_init_creds.3: Add KRB5_PROMPT_TYPE_INFO 1286 1287 * lib/krb5/krb5.h: Add KRB5_PROMPT_TYPE_INFO 1288 |
12892006-05-12 Love H�rnquist �strand <lha@it.su.se> | 12892006-05-12 Love H��rnquist ��strand <lha@it.su.se> |
1290 1291 * lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed. 1292 Fix a warning. 1293 1294 * doc/setup.texi: Point to more examples, hint that you have to 1295 use openssl 0.9.8a or later. 1296 1297 * doc/setup.texi: DIR now handles both PEM and DER. --- 4 unchanged lines hidden (view full) --- 1302 * lib/krb5/pkinit.c (_krb5_pk_load_id): only use password if its 1303 longer then 0 1304 1305 * doc/ack.texi: Add Jason McIntyre. 1306 1307 * lib/krb5/krb5_acl_match_file.3: Various tweaks, from Jason 1308 McIntyre. 1309 | 1290 1291 * lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed. 1292 Fix a warning. 1293 1294 * doc/setup.texi: Point to more examples, hint that you have to 1295 use openssl 0.9.8a or later. 1296 1297 * doc/setup.texi: DIR now handles both PEM and DER. --- 4 unchanged lines hidden (view full) --- 1302 * lib/krb5/pkinit.c (_krb5_pk_load_id): only use password if its 1303 longer then 0 1304 1305 * doc/ack.texi: Add Jason McIntyre. 1306 1307 * lib/krb5/krb5_acl_match_file.3: Various tweaks, from Jason 1308 McIntyre. 1309 |
13102006-05-11 Love H�rnquist �strand <lha@it.su.se> | 13102006-05-11 Love H��rnquist ��strand <lha@it.su.se> |
1311 1312 * kuser/kinit.c: Move parsing of the PK-INIT configuration file to 1313 the library so application doesn't need to deal with it. 1314 1315 * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit): move 1316 parsing of the configuration file to the library so application 1317 doesn't need to deal with it. 1318 1319 * lib/krb5/pkinit.c (_krb5_pk_load_id): pass the hx509_lock to 1320 when trying to read the user certificate. 1321 1322 * lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1 1323 on failure. Pointed out by Douglas E. Engert. 1324 | 1311 1312 * kuser/kinit.c: Move parsing of the PK-INIT configuration file to 1313 the library so application doesn't need to deal with it. 1314 1315 * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit): move 1316 parsing of the configuration file to the library so application 1317 doesn't need to deal with it. 1318 1319 * lib/krb5/pkinit.c (_krb5_pk_load_id): pass the hx509_lock to 1320 when trying to read the user certificate. 1321 1322 * lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1 1323 on failure. Pointed out by Douglas E. Engert. 1324 |
13252006-05-08 Love H�rnquist �strand <lha@it.su.se> | 13252006-05-08 Love H��rnquist ��strand <lha@it.su.se> |
1326 1327 * lib/krb5/crypto.c: Catches both keyed checkout w/o crypto 1328 context cases and doesn't reset the string, and corrects the 1329 grammar. 1330 1331 * lib/krb5/crypto.c: Drop aes-cbc, rc2 and CMS padding support, 1332 its all containted in libhcrypto and libhx509 now. 1333 | 1326 1327 * lib/krb5/crypto.c: Catches both keyed checkout w/o crypto 1328 context cases and doesn't reset the string, and corrects the 1329 grammar. 1330 1331 * lib/krb5/crypto.c: Drop aes-cbc, rc2 and CMS padding support, 1332 its all containted in libhcrypto and libhx509 now. 1333 |
13342006-05-07 Love H�rnquist �strand <lha@it.su.se> | 13342006-05-07 Love H��rnquist ��strand <lha@it.su.se> |
1335 1336 * lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use 1337 hx509_get_one_cert. 1338 1339 * lib/krb5/crypto.c (create_checksum): provide a error message 1340 that a key checksum needs a key. From Andew Bartlett. 1341 | 1335 1336 * lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use 1337 hx509_get_one_cert. 1338 1339 * lib/krb5/crypto.c (create_checksum): provide a error message 1340 that a key checksum needs a key. From Andew Bartlett. 1341 |
13422006-05-06 Love H�rnquist �strand <lha@it.su.se> | 13422006-05-06 Love H��rnquist ��strand <lha@it.su.se> |
1343 1344 * lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check 1345 for hx509 null DH. 1346 1347 * kdc/pkinit.c: Don't call DH_check_pubkey, it doesn't exists in 1348 older OpenSSL. 1349 1350 * doc/heimdal.texi: Add blob about imath. 1351 1352 * doc/ack.texi: Add blob about imath. 1353 1354 * include/make_crypto.c: Move up evp.h to please OpenSSL, from 1355 Douglas E. Engert. 1356 1357 * kcm/acl.c: Multicache kcm interation isn't done yet, let wait 1358 with this enum. 1359 | 1343 1344 * lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check 1345 for hx509 null DH. 1346 1347 * kdc/pkinit.c: Don't call DH_check_pubkey, it doesn't exists in 1348 older OpenSSL. 1349 1350 * doc/heimdal.texi: Add blob about imath. 1351 1352 * doc/ack.texi: Add blob about imath. 1353 1354 * include/make_crypto.c: Move up evp.h to please OpenSSL, from 1355 Douglas E. Engert. 1356 1357 * kcm/acl.c: Multicache kcm interation isn't done yet, let wait 1358 with this enum. 1359 |
13602006-05-05 Love H�rnquist �strand <lha@it.su.se> | 13602006-05-05 Love H��rnquist ��strand <lha@it.su.se> |
1361 | 1361 |
1362 * lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Bj�rn | 1362 * lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Bj��rn |
1363 Sandell 1364 | 1363 Sandell 1364 |
1365 * lib/krb5/krb5_rcache.3: Spelling/mdoc from Bj�rn Sandell | 1365 * lib/krb5/krb5_rcache.3: Spelling/mdoc from Bj��rn Sandell |
1366 | 1366 |
1367 * lib/krb5/krb5_keytab.3: Spelling/mdoc from Bj�rn Sandell | 1367 * lib/krb5/krb5_keytab.3: Spelling/mdoc from Bj��rn Sandell |
1368 | 1368 |
1369 * lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Bj�rn Sandell | 1369 * lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Bj��rn Sandell |
1370 | 1370 |
1371 * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Bj�rn | 1371 * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Bj��rn |
1372 Sandell 1373 | 1372 Sandell 1373 |
1374 * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Bj�rn | 1374 * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Bj��rn |
1375 Sandell 1376 1377 * lib/krb5/keytab_file.c (fkt_next_entry_int): read the 32 bit 1378 kvno if the reset of the data is longer then 4 bytes in hope to be 1379 forward compatible. Pointed out by Michael B Allen. 1380 1381 * doc/programming.texi: Add fileformats. 1382 --- 11 unchanged lines hidden (view full) --- 1394 1395 * lib/krb5/Makefile.am: Add test_store to TESTS 1396 1397 * lib/krb5/pkinit.c: Catch using hx509 null DH and print a more 1398 useful error message. 1399 1400 * lib/krb5/store.c: Rewrite the krb5_ret_u as proposed by Johan. 1401 | 1375 Sandell 1376 1377 * lib/krb5/keytab_file.c (fkt_next_entry_int): read the 32 bit 1378 kvno if the reset of the data is longer then 4 bytes in hope to be 1379 forward compatible. Pointed out by Michael B Allen. 1380 1381 * doc/programming.texi: Add fileformats. 1382 --- 11 unchanged lines hidden (view full) --- 1394 1395 * lib/krb5/Makefile.am: Add test_store to TESTS 1396 1397 * lib/krb5/pkinit.c: Catch using hx509 null DH and print a more 1398 useful error message. 1399 1400 * lib/krb5/store.c: Rewrite the krb5_ret_u as proposed by Johan. 1401 |
14022006-05-04 Love H�rnquist �strand <lha@it.su.se> | 14022006-05-04 Love H��rnquist ��strand <lha@it.su.se> |
1403 1404 * kdc/kerberos4.c: Use the new unsigned integer storage types. 1405 1406 * kdc/kaserver.c: Use the new unsigned integer storage 1407 types. Sprinkle some error handling. 1408 1409 * lib/krb5/krb5_storage.3: Document ret and store function for the 1410 unsigned fixed size integer types. 1411 1412 * lib/krb5/v4_glue.c: Use the new unsigned integer storage 1413 types. Fail that the address doesn't match, not the reverse. 1414 1415 * lib/krb5/store.c: Add ret and store function for the unsigned 1416 fixed size integer types. 1417 1418 * lib/krb5/test_store.c: Test the integer storage types. 1419 | 1403 1404 * kdc/kerberos4.c: Use the new unsigned integer storage types. 1405 1406 * kdc/kaserver.c: Use the new unsigned integer storage 1407 types. Sprinkle some error handling. 1408 1409 * lib/krb5/krb5_storage.3: Document ret and store function for the 1410 unsigned fixed size integer types. 1411 1412 * lib/krb5/v4_glue.c: Use the new unsigned integer storage 1413 types. Fail that the address doesn't match, not the reverse. 1414 1415 * lib/krb5/store.c: Add ret and store function for the unsigned 1416 fixed size integer types. 1417 1418 * lib/krb5/test_store.c: Test the integer storage types. 1419 |
14202006-05-03 Love H�rnquist �strand <lha@it.su.se> | 14202006-05-03 Love H��rnquist ��strand <lha@it.su.se> |
1421 1422 * lib/krb5/store.c (krb5_store_principal): make it take a 1423 krb5_const_principal, indent 1424 1425 * lib/krb5/krb5_storage.3: krb5_store_principal takes a 1426 krb5_const_principal 1427 1428 * lib/krb5/pkinit.c: Deal with that hx509_prompt.reply is no 1429 longer a pointer. 1430 1431 * kdc/kdc.h (krb5_kdc_configuration): add pkinit_kdc_ocsp_file 1432 1433 * kdc/config.c: read [kdc]pki-kdc-ocsp 1434 | 1421 1422 * lib/krb5/store.c (krb5_store_principal): make it take a 1423 krb5_const_principal, indent 1424 1425 * lib/krb5/krb5_storage.3: krb5_store_principal takes a 1426 krb5_const_principal 1427 1428 * lib/krb5/pkinit.c: Deal with that hx509_prompt.reply is no 1429 longer a pointer. 1430 1431 * kdc/kdc.h (krb5_kdc_configuration): add pkinit_kdc_ocsp_file 1432 1433 * kdc/config.c: read [kdc]pki-kdc-ocsp 1434 |
14352006-05-02 Love H�rnquist �strand <lha@it.su.se> | 14352006-05-02 Love H��rnquist ��strand <lha@it.su.se> |
1436 1437 * kdc/pkinit.c (_kdc_pk_mk_pa_reply): send back ocsp response if 1438 it seems to be valid, simplfy the pkinit-windows DH case (it 1439 doesn't exists). 1440 | 1436 1437 * kdc/pkinit.c (_kdc_pk_mk_pa_reply): send back ocsp response if 1438 it seems to be valid, simplfy the pkinit-windows DH case (it 1439 doesn't exists). 1440 |
14412006-05-01 Love H�rnquist �strand <lha@it.su.se> | 14412006-05-01 Love H��rnquist ��strand <lha@it.su.se> |
1442 | 1442 |
1443 * lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Bj�rn Sandell. | 1443 * lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Bj��rn Sandell. |
1444 | 1444 |
1445 * lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Bj�rn | 1445 * lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Bj��rn |
1446 Sandell. 1447 1448 * lib/krb5/krb5_verify_init_creds.3: Spelling/mdoc changes, from | 1446 Sandell. 1447 1448 * lib/krb5/krb5_verify_init_creds.3: Spelling/mdoc changes, from |
1449 Bj�rn Sandell. | 1449 Bj��rn Sandell. |
1450 | 1450 |
1451 * lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Bj�rn | 1451 * lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Bj��rn |
1452 Sandell. 1453 | 1452 Sandell. 1453 |
1454 * lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Bj�rn | 1454 * lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Bj��rn |
1455 Sandell. 1456 | 1455 Sandell. 1456 |
1457 * lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Bj�rn | 1457 * lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Bj��rn |
1458 Sandell. 1459 | 1458 Sandell. 1459 |
1460 * lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Bj�rn | 1460 * lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Bj��rn |
1461 Sandell. 1462 | 1461 Sandell. 1462 |
1463 * lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Bj�rn | 1463 * lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Bj��rn |
1464 Sandell. 1465 | 1464 Sandell. 1465 |
1466 * lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Bj�rn | 1466 * lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Bj��rn |
1467 Sandell. 1468 | 1467 Sandell. 1468 |
1469 * lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Bj�rn | 1469 * lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Bj��rn |
1470 Sandell. 1471 | 1470 Sandell. 1471 |
1472 * lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Bj�rn | 1472 * lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Bj��rn |
1473 Sandell. 1474 1475 * lib/krb5/krb5_is_thread_safe.3: Spelling/mdoc changes, from | 1473 Sandell. 1474 1475 * lib/krb5/krb5_is_thread_safe.3: Spelling/mdoc changes, from |
1476 Bj�rn Sandell. | 1476 Bj��rn Sandell. |
1477 1478 * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, | 1477 1478 * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, |
1479 from Bj�rn Sandell. | 1479 from Bj��rn Sandell. |
1480 1481 * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, | 1480 1481 * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, |
1482 from Bj�rn Sandell. | 1482 from Bj��rn Sandell. |
1483 1484 * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc changes, from | 1483 1484 * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc changes, from |
1485 Bj�rn Sandell. | 1485 Bj��rn Sandell. |
1486 1487 * lib/krb5/krb5_check_transited.3: Spelling/mdoc changes, from | 1486 1487 * lib/krb5/krb5_check_transited.3: Spelling/mdoc changes, from |
1488 Bj�rn Sandell. | 1488 Bj��rn Sandell. |
1489 1490 * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc changes, from | 1489 1490 * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc changes, from |
1491 Bj�rn Sandell. | 1491 Bj��rn Sandell. |
1492 1493 * lib/krb5/krb5_address.3: Spelling/mdoc changes, from | 1492 1493 * lib/krb5/krb5_address.3: Spelling/mdoc changes, from |
1494 Bj�rn Sandell. | 1494 Bj��rn Sandell. |
1495 1496 * lib/krb5/krb5_acl_match_file.3: Spelling/mdoc changes, from | 1495 1496 * lib/krb5/krb5_acl_match_file.3: Spelling/mdoc changes, from |
1497 Bj�rn Sandell. | 1497 Bj��rn Sandell. |
1498 | 1498 |
1499 * lib/krb5/krb5.3: Spelling, from Bj�rn Sandell. | 1499 * lib/krb5/krb5.3: Spelling, from Bj��rn Sandell. |
1500 | 1500 |
1501 * doc/ack.texi: add Bj�rn | 1501 * doc/ack.texi: add Bj��rn |
1502 | 1502 |
15032006-04-30 Love H�rnquist �strand <lha@it.su.se> | 15032006-04-30 Love H��rnquist ��strand <lha@it.su.se> |
1504 1505 * lib/krb5/pkinit.c (cert2epi): don't include subject if its null 1506 | 1504 1505 * lib/krb5/pkinit.c (cert2epi): don't include subject if its null 1506 |
15072006-04-29 Love H�rnquist �strand <lha@it.su.se> | 15072006-04-29 Love H��rnquist ��strand <lha@it.su.se> |
1508 1509 * lib/krb5/pkinit.c: Send over what trust anchors the client have 1510 configured. 1511 1512 * lib/krb5/pkinit.c (pk_verify_host): set better error string, 1513 only check kdc name/address when we got a hostname/address passed 1514 in the the function. 1515 1516 * kdc/pkinit.c (_kdc_pk_check_client): reorganize and make log 1517 when a SAN matches. 1518 | 1508 1509 * lib/krb5/pkinit.c: Send over what trust anchors the client have 1510 configured. 1511 1512 * lib/krb5/pkinit.c (pk_verify_host): set better error string, 1513 only check kdc name/address when we got a hostname/address passed 1514 in the the function. 1515 1516 * kdc/pkinit.c (_kdc_pk_check_client): reorganize and make log 1517 when a SAN matches. 1518 |
15192006-04-28 Love H�rnquist �strand <lha@it.su.se> | 15192006-04-28 Love H��rnquist ��strand <lha@it.su.se> |
1520 1521 * doc/setup.texi: More options and some text about windows 1522 clients, certificate and KDCs. 1523 1524 * doc/setup.texi: notice about pki-mappings file space sensitive 1525 1526 * doc/setup.texi: Example pki-mapping file. 1527 1528 * lib/krb5/pkinit.c (pk_verify_host): verify hostname/address 1529 1530 * lib/hdb/hdb.h: Bump hdb interface version to 4. 1531 | 1520 1521 * doc/setup.texi: More options and some text about windows 1522 clients, certificate and KDCs. 1523 1524 * doc/setup.texi: notice about pki-mappings file space sensitive 1525 1526 * doc/setup.texi: Example pki-mapping file. 1527 1528 * lib/krb5/pkinit.c (pk_verify_host): verify hostname/address 1529 1530 * lib/hdb/hdb.h: Bump hdb interface version to 4. 1531 |
15322006-04-27 Love H�rnquist �strand <lha@it.su.se> | 15322006-04-27 Love H��rnquist ��strand <lha@it.su.se> |
1533 1534 * kuser/kdestroy.1: Document --credential=principal. 1535 1536 * kdc/kerberos5.c (tgs_rep2): check that the client exists in the 1537 kerberos database if its local request. 1538 1539 * kdc/{misc.c,524.c,kaserver.c,kerberos5.c}: pass down HDB_F_GET_ 1540 flags as appropriate --- 10 unchanged lines hidden (view full) --- 1551 1552 * lib/hdb/common.c: Break out the that we request from principal 1553 from the entry and pass it in as a seprate argument. 1554 1555 * lib/hdb/hdb.h: Break out the that we request from principal from 1556 the entry and pass it in as a seprate argument. Add more flags to 1557 ->hdb_get(). Re-indent. 1558 | 1533 1534 * kuser/kdestroy.1: Document --credential=principal. 1535 1536 * kdc/kerberos5.c (tgs_rep2): check that the client exists in the 1537 kerberos database if its local request. 1538 1539 * kdc/{misc.c,524.c,kaserver.c,kerberos5.c}: pass down HDB_F_GET_ 1540 flags as appropriate --- 10 unchanged lines hidden (view full) --- 1551 1552 * lib/hdb/common.c: Break out the that we request from principal 1553 from the entry and pass it in as a seprate argument. 1554 1555 * lib/hdb/hdb.h: Break out the that we request from principal from 1556 the entry and pass it in as a seprate argument. Add more flags to 1557 ->hdb_get(). Re-indent. 1558 |
15592006-04-26 Love H�rnquist �strand <lha@it.su.se> | 15592006-04-26 Love H��rnquist ��strand <lha@it.su.se> |
1560 1561 * doc/setup.texi: document pki-allow-proxy-certificate 1562 1563 * kdc/pkinit.c: Add option [kdc]pki-allow-proxy-certificate=bool 1564 to allow using proxy certificate. 1565 1566 * lib/krb5/pkinit.c (_krb5_pk_allow_proxy_certificates): expose 1567 hx509_verify_set_proxy_certificate 1568 1569 * kdc/pkinit.c (_kdc_pk_check_client): Use 1570 hx509_cert_get_base_subject to get subject name of the 1571 certificate, needed for proxy certificates. 1572 1573 * kdc/kerberos5.c: Now that find_keys speaks for it self, remove 1574 extra logging. 1575 1576 * kdc/kerberos5.c (find_keys): add client_name and server_name 1577 argument and use them, and adapt callers. 1578 | 1560 1561 * doc/setup.texi: document pki-allow-proxy-certificate 1562 1563 * kdc/pkinit.c: Add option [kdc]pki-allow-proxy-certificate=bool 1564 to allow using proxy certificate. 1565 1566 * lib/krb5/pkinit.c (_krb5_pk_allow_proxy_certificates): expose 1567 hx509_verify_set_proxy_certificate 1568 1569 * kdc/pkinit.c (_kdc_pk_check_client): Use 1570 hx509_cert_get_base_subject to get subject name of the 1571 certificate, needed for proxy certificates. 1572 1573 * kdc/kerberos5.c: Now that find_keys speaks for it self, remove 1574 extra logging. 1575 1576 * kdc/kerberos5.c (find_keys): add client_name and server_name 1577 argument and use them, and adapt callers. 1578 |
15792006-04-25 Love H�rnquist �strand <lha@it.su.se> | 15792006-04-25 Love H��rnquist ��strand <lha@it.su.se> |
1580 1581 * kuser/kinit.1: document option password-file 1582 1583 * kuser/kinit.c: Add option password-file, read password from the 1584 first line of a file. 1585 1586 * configure.in: make tests/kdc/Makefile 1587 1588 * kdc/kerberos5.c: Catch the case where the client sends no 1589 encryption types or no pa-types. 1590 1591 * lib/hdb/ext.c (hdb_replace_extension): set error message on 1592 failure, not success. 1593 1594 * lib/hdb/keys.c (parse_key_set): handle error case better 1595 (hdb_generate_key_set): return better error 1596 | 1580 1581 * kuser/kinit.1: document option password-file 1582 1583 * kuser/kinit.c: Add option password-file, read password from the 1584 first line of a file. 1585 1586 * configure.in: make tests/kdc/Makefile 1587 1588 * kdc/kerberos5.c: Catch the case where the client sends no 1589 encryption types or no pa-types. 1590 1591 * lib/hdb/ext.c (hdb_replace_extension): set error message on 1592 failure, not success. 1593 1594 * lib/hdb/keys.c (parse_key_set): handle error case better 1595 (hdb_generate_key_set): return better error 1596 |
15972006-04-24 Love H�rnquist �strand <lha@it.su.se> | 15972006-04-24 Love H��rnquist ��strand <lha@it.su.se> |
1598 1599 * lib/hdb/hdb.c (hdb_create): print out what we don't support 1600 1601 * lib/krb5/principal.c: Remove a double free introduced in 1.93 1602 1603 * lib/krb5/log.c (log_file): reset pointer to freed memory 1604 1605 * lib/krb5/keytab_keyfile.c (get_cell_and_realm): reset d->cell to --- 8 unchanged lines hidden (view full) --- 1614 Listing. 1615 1616 * lib/krb5/pkinit.c: Pass down realm to pk_verify_host so the 1617 function can verify the certificate is from the right realm. 1618 1619 * lib/krb5/init_creds_pw.c: Pass down realm to 1620 _krb5_pk_rd_pa_reply 1621 | 1598 1599 * lib/hdb/hdb.c (hdb_create): print out what we don't support 1600 1601 * lib/krb5/principal.c: Remove a double free introduced in 1.93 1602 1603 * lib/krb5/log.c (log_file): reset pointer to freed memory 1604 1605 * lib/krb5/keytab_keyfile.c (get_cell_and_realm): reset d->cell to --- 8 unchanged lines hidden (view full) --- 1614 Listing. 1615 1616 * lib/krb5/pkinit.c: Pass down realm to pk_verify_host so the 1617 function can verify the certificate is from the right realm. 1618 1619 * lib/krb5/init_creds_pw.c: Pass down realm to 1620 _krb5_pk_rd_pa_reply 1621 |
16222006-04-23 Love H�rnquist �strand <lha@it.su.se> | 16222006-04-23 Love H��rnquist ��strand <lha@it.su.se> |
1623 1624 * lib/krb5/pkinit.c (pk_verify_host): Add begining of finding 1625 subjectAltName_otherName pk-init-san and verifing it. 1626 1627 * lib/krb5/sendauth.c: reindent 1628 1629 * doc/Makefile.am: use --no-split to make one large file, mostly 1630 for html 1631 1632 * doc/setup.texi: "document" pkinit_require_eku and 1633 pkinit_require_krbtgt_otherName 1634 1635 * lib/krb5/pkinit.c: Add pkinit_require_eku and 1636 pkinit_require_krbtgt_otherName 1637 1638 * doc/setup.texi: Add text about pk-init 1639 1640 * tools/kdc-log-analyze.pl: count v5 cross realms too 1641 | 1623 1624 * lib/krb5/pkinit.c (pk_verify_host): Add begining of finding 1625 subjectAltName_otherName pk-init-san and verifing it. 1626 1627 * lib/krb5/sendauth.c: reindent 1628 1629 * doc/Makefile.am: use --no-split to make one large file, mostly 1630 for html 1631 1632 * doc/setup.texi: "document" pkinit_require_eku and 1633 pkinit_require_krbtgt_otherName 1634 1635 * lib/krb5/pkinit.c: Add pkinit_require_eku and 1636 pkinit_require_krbtgt_otherName 1637 1638 * doc/setup.texi: Add text about pk-init 1639 1640 * tools/kdc-log-analyze.pl: count v5 cross realms too 1641 |
16422006-04-22 Love H�rnquist �strand <lha@it.su.se> | 16422006-04-22 Love H��rnquist ��strand <lha@it.su.se> |
1643 1644 * kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1. 1645 1646 * lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1. 1647 | 1643 1644 * kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1. 1645 1646 * lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1. 1647 |
16482006-04-20 Love H�rnquist �strand <lha@it.su.se> | 16482006-04-20 Love H��rnquist ��strand <lha@it.su.se> |
1649 1650 * kdc/pkinit.c (_kdc_pk_rd_padata): use 1651 hx509_cms_unwrap_ContentInfo. 1652 1653 * kdc/config.c: unbreak 1654 1655 * lib/krb5/pkinit.c: Handle diffrences between libhcrypto and 1656 libcrypto. 1657 1658 * kdc/config.c: Rename pki-chain to pki-pool to match rest of 1659 code. 1660 | 1649 1650 * kdc/pkinit.c (_kdc_pk_rd_padata): use 1651 hx509_cms_unwrap_ContentInfo. 1652 1653 * kdc/config.c: unbreak 1654 1655 * lib/krb5/pkinit.c: Handle diffrences between libhcrypto and 1656 libcrypto. 1657 1658 * kdc/config.c: Rename pki-chain to pki-pool to match rest of 1659 code. 1660 |
16612006-04-12 Love H�rnquist �strand <lha@it.su.se> | 16612006-04-12 Love H��rnquist ��strand <lha@it.su.se> |
1662 1663 * lib/krb5/rd_priv.c: Fix argument to krb5_data_zero. 1664 1665 * kdc/config.c: Added certificate revoke information from 1666 configuration file. 1667 1668 * kdc/pkinit.c: Added certificate revoke information. 1669 1670 * kuser/kinit.c: Added certificate revoke information from 1671 configuration file. 1672 1673 * lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke 1674 information, ie CRL's 1675 | 1662 1663 * lib/krb5/rd_priv.c: Fix argument to krb5_data_zero. 1664 1665 * kdc/config.c: Added certificate revoke information from 1666 configuration file. 1667 1668 * kdc/pkinit.c: Added certificate revoke information. 1669 1670 * kuser/kinit.c: Added certificate revoke information from 1671 configuration file. 1672 1673 * lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke 1674 information, ie CRL's 1675 |
16762006-04-10 Love H�rnquist �strand <lha@it.su.se> | 16762006-04-10 Love H��rnquist ��strand <lha@it.su.se> |
1677 1678 * lib/krb5/replay.c (krb5_rc_resolve_full): make compile again. 1679 1680 * lib/krb5/keytab_krb4.c (krb4_kt_start_seq_get_int): make compile 1681 again. 1682 1683 * lib/krb5/transited.c (make_path): make sure we return allocated 1684 memory Coverity, NetBSD CID#1892 --- 28 unchanged lines hidden (view full) --- 1713 1714 * lib/krb5/crypto.c (krb5_string_to_key_derived): deref after NULL 1715 check. Coverity NetBSD CID#2367 1716 1717 * lib/krb5/build_auth.c (krb5_build_authenticator): use 1718 calloc. removed check that was never really used. Coverity NetBSD 1719 CID#2370 1720 | 1677 1678 * lib/krb5/replay.c (krb5_rc_resolve_full): make compile again. 1679 1680 * lib/krb5/keytab_krb4.c (krb4_kt_start_seq_get_int): make compile 1681 again. 1682 1683 * lib/krb5/transited.c (make_path): make sure we return allocated 1684 memory Coverity, NetBSD CID#1892 --- 28 unchanged lines hidden (view full) --- 1713 1714 * lib/krb5/crypto.c (krb5_string_to_key_derived): deref after NULL 1715 check. Coverity NetBSD CID#2367 1716 1717 * lib/krb5/build_auth.c (krb5_build_authenticator): use 1718 calloc. removed check that was never really used. Coverity NetBSD 1719 CID#2370 1720 |
17212006-04-09 Love H�rnquist �strand <lha@it.su.se> | 17212006-04-09 Love H��rnquist ��strand <lha@it.su.se> |
1722 | 1722 |
1723 * lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket� | 1723 * lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket�� |
1724 points to NULL in case of error, add error handling, use calloc. 1725 1726 * kpasswd/kpasswdd.c (doit): when done, close all fd in the 1727 sockets array and free it. Coverity NetBSD CID#1916 1728 | 1724 points to NULL in case of error, add error handling, use calloc. 1725 1726 * kpasswd/kpasswdd.c (doit): when done, close all fd in the 1727 sockets array and free it. Coverity NetBSD CID#1916 1728 |
17292006-04-08 Love H�rnquist �strand <lha@it.su.se> | 17292006-04-08 Love H��rnquist ��strand <lha@it.su.se> |
1730 1731 * lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity, 1732 NetBSD CID#1695 1733 1734 * kdc/524.c (_kdc_do_524): Handle memory allocation failure 1735 Coverity, NetBSD CID#2752 1736 | 1730 1731 * lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity, 1732 NetBSD CID#1695 1733 1734 * kdc/524.c (_kdc_do_524): Handle memory allocation failure 1735 Coverity, NetBSD CID#2752 1736 |
17372006-04-07 Love H�rnquist �strand <lha@it.su.se> | 17372006-04-07 Love H��rnquist ��strand <lha@it.su.se> |
1738 1739 * lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory 1740 leak Coverity NetBSD CID#1890 1741 1742 * kdc/hprop.c (main): make sure type doesn't need to be set 1743 1744 * kdc/mit_dump.c (mit_prop_dump): close fd when done processing 1745 Coverity NetBSD CID#1955 1746 1747 * kdc/string2key.c (tokey): catch warnings, free memory after use. 1748 Based on Coverity NetBSD CID#1894 1749 1750 * kdc/hprop.c (main): remove dead code. Coverity NetBSD CID#633 1751 | 1738 1739 * lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory 1740 leak Coverity NetBSD CID#1890 1741 1742 * kdc/hprop.c (main): make sure type doesn't need to be set 1743 1744 * kdc/mit_dump.c (mit_prop_dump): close fd when done processing 1745 Coverity NetBSD CID#1955 1746 1747 * kdc/string2key.c (tokey): catch warnings, free memory after use. 1748 Based on Coverity NetBSD CID#1894 1749 1750 * kdc/hprop.c (main): remove dead code. Coverity NetBSD CID#633 1751 |
17522006-04-04 Love H�rnquist �strand <lha@it.su.se> | 17522006-04-04 Love H��rnquist ��strand <lha@it.su.se> |
1753 1754 * kpasswd/kpasswd-generator.c (read_words): catch empty file case, 1755 will cause PBE (division by zero) later. From Tobias Stoeckmann. 1756 | 1753 1754 * kpasswd/kpasswd-generator.c (read_words): catch empty file case, 1755 will cause PBE (division by zero) later. From Tobias Stoeckmann. 1756 |
17572006-04-02 Love H�rnquist �strand <lha@it.su.se> | 17572006-04-02 Love H��rnquist ��strand <lha@it.su.se> |
1758 1759 * lib/hdb/keytab.c: Remove a delta from last revision that should 1760 have gone in later. 1761 1762 * lib/krb5/krbhst.c: fix spelling 1763 1764 * lib/krb5/send_to_kdc.c (send_and_recv_http): don't expose freed 1765 pointer, found by IBM checker. --- 61 unchanged lines hidden (view full) --- 1827 * lib/hdb/keys.c (hdb_generate_key_set): set ret_key_set before 1828 going into the error clause and freeing key_set. Found by IBM 1829 checker. Make sure ret == 0 after of parse error, we catch the 1830 "no entries parsed" case later. 1831 1832 * lib/krb5/log.c (krb5_addlog_dest): make string length match 1833 strings in strcasecmp. Found by IBM checker. 1834 | 1758 1759 * lib/hdb/keytab.c: Remove a delta from last revision that should 1760 have gone in later. 1761 1762 * lib/krb5/krbhst.c: fix spelling 1763 1764 * lib/krb5/send_to_kdc.c (send_and_recv_http): don't expose freed 1765 pointer, found by IBM checker. --- 61 unchanged lines hidden (view full) --- 1827 * lib/hdb/keys.c (hdb_generate_key_set): set ret_key_set before 1828 going into the error clause and freeing key_set. Found by IBM 1829 checker. Make sure ret == 0 after of parse error, we catch the 1830 "no entries parsed" case later. 1831 1832 * lib/krb5/log.c (krb5_addlog_dest): make string length match 1833 strings in strcasecmp. Found by IBM checker. 1834 |
18352006-03-30 Love H�rnquist �strand <lha@it.su.se> | 18352006-03-30 Love H��rnquist ��strand <lha@it.su.se> |
1836 1837 * lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set 1838 variable_name as "hdb_entry_ex" 1839 (hdb_ldap_common): change "arg" in condition (if) to "search_base" 1840 (hdb_ldapi_create): change "serach_base" to "search_base" From 1841 Alex V. Labuta. 1842 1843 * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit); fix 1844 prototype 1845 1846 * kuser/kinit.c: Add pool of certificates to help certificate path 1847 building for clients sending incomplete path in the signedData. 1848 | 1836 1837 * lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set 1838 variable_name as "hdb_entry_ex" 1839 (hdb_ldap_common): change "arg" in condition (if) to "search_base" 1840 (hdb_ldapi_create): change "serach_base" to "search_base" From 1841 Alex V. Labuta. 1842 1843 * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit); fix 1844 prototype 1845 1846 * kuser/kinit.c: Add pool of certificates to help certificate path 1847 building for clients sending incomplete path in the signedData. 1848 |
18492006-03-28 Love H�rnquist �strand <lha@it.su.se> | 18492006-03-28 Love H��rnquist ��strand <lha@it.su.se> |
1850 1851 * kdc/pkinit.c: Add pool of certificates to help certificate path 1852 building for clients sending incomplete path in the signedData. 1853 1854 * lib/krb5/pkinit.c: Add pool of certificates to help certificate 1855 path building for clients sending incomplete path in the 1856 signedData. 1857 | 1850 1851 * kdc/pkinit.c: Add pool of certificates to help certificate path 1852 building for clients sending incomplete path in the signedData. 1853 1854 * lib/krb5/pkinit.c: Add pool of certificates to help certificate 1855 path building for clients sending incomplete path in the 1856 signedData. 1857 |
18582006-03-27 Love H�rnquist �strand <lha@it.su.se> | 18582006-03-27 Love H��rnquist ��strand <lha@it.su.se> |
1859 1860 * kdc/config.c: Allow passing in related certificates used to 1861 build the chain. 1862 1863 * kdc/pkinit.c: Allow passing in related certificates used to 1864 build the chain. 1865 1866 * kdc/kerberos5.c (log_patype): Add case for 1867 KRB5_PADATA_PA_PK_OCSP_RESPONSE. 1868 1869 * tools/Makefile.am: Spelling 1870 1871 * tools/krb5-config.in: Add hx509 when using PK-INIT. 1872 1873 * tools/Makefile.am: Add hx509 when using PK-INIT. 1874 | 1859 1860 * kdc/config.c: Allow passing in related certificates used to 1861 build the chain. 1862 1863 * kdc/pkinit.c: Allow passing in related certificates used to 1864 build the chain. 1865 1866 * kdc/kerberos5.c (log_patype): Add case for 1867 KRB5_PADATA_PA_PK_OCSP_RESPONSE. 1868 1869 * tools/Makefile.am: Spelling 1870 1871 * tools/krb5-config.in: Add hx509 when using PK-INIT. 1872 1873 * tools/Makefile.am: Add hx509 when using PK-INIT. 1874 |
18752006-03-26 Love H�rnquist �strand <lha@it.su.se> | 18752006-03-26 Love H��rnquist ��strand <lha@it.su.se> |
1876 1877 * lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS 1878 X Kerberos.app problems. 1879 1880 * lib/krb5/krb5_ccapi.h: Add ticket flags definitions 1881 1882 * lib/krb5/pkinit.c: Use less openssl, spell chelling. 1883 --- 7 unchanged lines hidden (view full) --- 1891 * lib/krb5/Makefile.am: Add libhx509.la when PKINIT is used. 1892 1893 * configure.in: define automake PKINIT variable 1894 1895 * kdc/pkinit.c: Switch to hx509. 1896 1897 * lib/krb5/pkinit.c: Switch to hx509. 1898 | 1876 1877 * lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS 1878 X Kerberos.app problems. 1879 1880 * lib/krb5/krb5_ccapi.h: Add ticket flags definitions 1881 1882 * lib/krb5/pkinit.c: Use less openssl, spell chelling. 1883 --- 7 unchanged lines hidden (view full) --- 1891 * lib/krb5/Makefile.am: Add libhx509.la when PKINIT is used. 1892 1893 * configure.in: define automake PKINIT variable 1894 1895 * kdc/pkinit.c: Switch to hx509. 1896 1897 * lib/krb5/pkinit.c: Switch to hx509. 1898 |
18992006-03-24 Love H�rnquist �strand <lha@it.su.se> | 18992006-03-24 Love H��rnquist ��strand <lha@it.su.se> |
1900 1901 * kdc/kerberos5.c (log_patypes): log the patypes requested by the 1902 client 1903 | 1900 1901 * kdc/kerberos5.c (log_patypes): log the patypes requested by the 1902 client 1903 |
19042006-03-23 Love H�rnquist �strand <lha@it.su.se> | 19042006-03-23 Love H��rnquist ��strand <lha@it.su.se> |
1905 1906 * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the 1907 req_buffer in the w2k case too. From Douglas E. Engert. 1908 | 1905 1906 * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the 1907 req_buffer in the w2k case too. From Douglas E. Engert. 1908 |
19092006-03-19 Love H�rnquist �strand <lha@it.su.se> | 19092006-03-19 Love H��rnquist ��strand <lha@it.su.se> |
1910 1911 * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto 1912 error handling. Fixes Coverity NetBSD CID 2591 by catching a 1913 failing krb5_copy_keyblock() 1914 | 1910 1911 * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto 1912 error handling. Fixes Coverity NetBSD CID 2591 by catching a 1913 failing krb5_copy_keyblock() 1914 |
19152006-03-17 Love H�rnquist �strand <lha@it.su.se> | 19152006-03-17 Love H��rnquist ��strand <lha@it.su.se> |
1916 1917 * lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in 1918 address when free-ing. Fixes Coverity NetBSD bug #2605 1919 (krb5_parse_address): reset val,len before possibly return errors 1920 Fixes Coverity NetBSD bug #2605 1921 | 1916 1917 * lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in 1918 address when free-ing. Fixes Coverity NetBSD bug #2605 1919 (krb5_parse_address): reset val,len before possibly return errors 1920 Fixes Coverity NetBSD bug #2605 1921 |
19222006-03-07 Love H�rnquist �strand <lha@it.su.se> | 19222006-03-07 Love H��rnquist ��strand <lha@it.su.se> |
1923 1924 * lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but 1925 make sure nbytes > 0 1926 1927 * lib/krb5/get_for_creds.c (add_addrs): handle the case where 1928 addr->len == 0 and n == 0, then realloc might return NULL. 1929 1930 * lib/krb5/crypto.c (decrypt_*): handle the case where the 1931 plaintext is 0 bytes long, realloc might then return NULL. 1932 | 1923 1924 * lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but 1925 make sure nbytes > 0 1926 1927 * lib/krb5/get_for_creds.c (add_addrs): handle the case where 1928 addr->len == 0 and n == 0, then realloc might return NULL. 1929 1930 * lib/krb5/crypto.c (decrypt_*): handle the case where the 1931 plaintext is 0 bytes long, realloc might then return NULL. 1932 |
19332006-02-28 Love H�rnquist �strand <lha@it.su.se> | 19332006-02-28 Love H��rnquist ��strand <lha@it.su.se> |
1934 1935 * lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived. 1936 1937 * lib/krb5/krb5.3: Remove krb5_string_to_key_derived. 1938 1939 * lib/krb5/crypto.c (AES_string_to_key): drop _krb5_PKCS5_PBKDF2 1940 and use PKCS5_PBKDF2_HMAC_SHA1 instead. 1941 1942 * lib/krb5/aes-test.c: reformat, avoid free-ing un-init'd memory 1943 1944 * lib/krb5/aes-test.c: Only use PKCS5_PBKDF2_HMAC_SHA1. 1945 19462006-02-27 Johan Danielsson <joda@pdc.kth.se> 1947 1948 * doc/setup.texi: remove cartouches - we don't use them anywhere 1949 else, they should be around the example, not inside it, and 1950 probably shouldn't be used in html at all 1951 | 1934 1935 * lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived. 1936 1937 * lib/krb5/krb5.3: Remove krb5_string_to_key_derived. 1938 1939 * lib/krb5/crypto.c (AES_string_to_key): drop _krb5_PKCS5_PBKDF2 1940 and use PKCS5_PBKDF2_HMAC_SHA1 instead. 1941 1942 * lib/krb5/aes-test.c: reformat, avoid free-ing un-init'd memory 1943 1944 * lib/krb5/aes-test.c: Only use PKCS5_PBKDF2_HMAC_SHA1. 1945 19462006-02-27 Johan Danielsson <joda@pdc.kth.se> 1947 1948 * doc/setup.texi: remove cartouches - we don't use them anywhere 1949 else, they should be around the example, not inside it, and 1950 probably shouldn't be used in html at all 1951 |
19522006-02-18 Love H�rnquist �strand <lha@it.su.se> | 19522006-02-18 Love H��rnquist ��strand <lha@it.su.se> |
1953 1954 * lib/krb5/krb5_warn.3: Document that applications want to use 1955 krb5_get_error_message, add example. 1956 | 1953 1954 * lib/krb5/krb5_warn.3: Document that applications want to use 1955 krb5_get_error_message, add example. 1956 |
19572006-02-16 Love H�rnquist �strand <lha@it.su.se> | 19572006-02-16 Love H��rnquist ��strand <lha@it.su.se> |
1958 1959 * lib/krb5/crypto.c (krb5_generate_random_block): check return 1960 value from RAND_bytes 1961 1962 * lib/krb5/error_string.c: Change indentation, update (c) 1963 | 1958 1959 * lib/krb5/crypto.c (krb5_generate_random_block): check return 1960 value from RAND_bytes 1961 1962 * lib/krb5/error_string.c: Change indentation, update (c) 1963 |
19642006-02-14 Love H�rnquist �strand <lha@it.su.se> | 19642006-02-14 Love H��rnquist ��strand <lha@it.su.se> |
1965 1966 * lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when 1967 compiling w/o pkinit. 1968 | 1965 1966 * lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when 1967 compiling w/o pkinit. 1968 |
19692006-02-13 Love H�rnquist �strand <lha@it.su.se> | 19692006-02-13 Love H��rnquist ��strand <lha@it.su.se> |
1970 1971 * lib/krb5/pkinit.c: update to new paChecksum definition, update 1972 the dhgroup handling 1973 1974 * kdc/pkinit.c: update to new paChecksum definition, use 1975 hdb_entry_ex 1976 | 1970 1971 * lib/krb5/pkinit.c: update to new paChecksum definition, update 1972 the dhgroup handling 1973 1974 * kdc/pkinit.c: update to new paChecksum definition, use 1975 hdb_entry_ex 1976 |
19772006-02-09 Love H�rnquist �strand <lha@it.su.se> | 19772006-02-09 Love H��rnquist ��strand <lha@it.su.se> |
1978 1979 * lib/krb5/krb5_locl.h: Move Configurable options to last in the 1980 file. 1981 1982 * lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef 1983 | 1978 1979 * lib/krb5/krb5_locl.h: Move Configurable options to last in the 1980 file. 1981 1982 * lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef 1983 |
19842006-02-03 Love H�rnquist �strand <lha@it.su.se> | 19842006-02-03 Love H��rnquist ��strand <lha@it.su.se> |
1985 1986 * kpasswd/kpasswdd.c: Send back a better error-message to the 1987 client in case the password change was rejected. 1988 1989 * lib/krb5/krb5_warn.3: Document krb5_get_error_message. 1990 1991 * lib/krb5/error_string.c (krb5_get_error_message): new function, 1992 and combination of krb5_get_error_string and krb5_get_err_text --- 13 unchanged lines hidden (view full) --- 2006 2007 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): 2008 Use [appdefault]no-addresses before checking if the krbtgt is 2009 address-less, use KRB5_ADDRESSLESS_DEFAULT. 2010 2011 * lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that 2012 controlls all address-less behavior. Defaults to false. 2013 | 1985 1986 * kpasswd/kpasswdd.c: Send back a better error-message to the 1987 client in case the password change was rejected. 1988 1989 * lib/krb5/krb5_warn.3: Document krb5_get_error_message. 1990 1991 * lib/krb5/error_string.c (krb5_get_error_message): new function, 1992 and combination of krb5_get_error_string and krb5_get_err_text --- 13 unchanged lines hidden (view full) --- 2006 2007 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): 2008 Use [appdefault]no-addresses before checking if the krbtgt is 2009 address-less, use KRB5_ADDRESSLESS_DEFAULT. 2010 2011 * lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that 2012 controlls all address-less behavior. Defaults to false. 2013 |
20142006-02-01 Love H�rnquist �strand <lha@it.su.se> | 20142006-02-01 Love H��rnquist ��strand <lha@it.su.se> |
2015 2016 * lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION 2017 2018 * lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE 2019 failes to produce the matching lenghts. 2020 | 2015 2016 * lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION 2017 2018 * lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE 2019 failes to produce the matching lenghts. 2020 |
20212006-01-27 Love H�rnquist �strand <lha@it.su.se> | 20212006-01-27 Love H��rnquist ��strand <lha@it.su.se> |
2022 2023 * kcm/protocol.c (kcm_op_retrieve): remove unused variable 2024 | 2022 2023 * kcm/protocol.c (kcm_op_retrieve): remove unused variable 2024 |
20252006-01-15 Love H�rnquist �strand <lha@it.su.se> | 20252006-01-15 Love H��rnquist ��strand <lha@it.su.se> |
2026 2027 * tools/krb5-config.in: Move depenency on @LIB_dbopen@ to 2028 kadm-server, kerberos library doesn't depend on db-library. 2029 | 2026 2027 * tools/krb5-config.in: Move depenency on @LIB_dbopen@ to 2028 kadm-server, kerberos library doesn't depend on db-library. 2029 |
20302006-01-13 Love H�rnquist �strand <lha@it.su.se> | 20302006-01-13 Love H��rnquist ��strand <lha@it.su.se> |
2031 2032 * include/Makefile.am: Don't clean crypto headers, they now live 2033 in hcrypto/. Add hcrypto to SUBDIRS. 2034 2035 * include/hcrypto/Makefile.am: clean installed headers 2036 2037 * include/make_crypto.c: include crypto headers from hcrypto/ 2038 2039 * include/make_crypto.c: Include more crypto headerfiles. Remove 2040 support for old hash names. 2041 | 2031 2032 * include/Makefile.am: Don't clean crypto headers, they now live 2033 in hcrypto/. Add hcrypto to SUBDIRS. 2034 2035 * include/hcrypto/Makefile.am: clean installed headers 2036 2037 * include/make_crypto.c: include crypto headers from hcrypto/ 2038 2039 * include/make_crypto.c: Include more crypto headerfiles. Remove 2040 support for old hash names. 2041 |
20422006-01-02 Love H�rnquist �strand <lha@it.su.se> | 20422006-01-02 Love H��rnquist ��strand <lha@it.su.se> |
2043 2044 * kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry, 2045 from Andrew Bartlet. 2046 2047 * Happy New Year. | 2043 2044 * kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry, 2045 from Andrew Bartlet. 2046 2047 * Happy New Year. |