1233294Sstas2004-12-30 Love H��rnquist ��strand <lha@it.su.se> 2178825Sdfr 3178825Sdfr * lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for 4178825Sdfr now (used in pkinit) 5178825Sdfr 6233294Sstas2004-12-29 Love H��rnquist ��strand <lha@it.su.se> 7178825Sdfr 8178825Sdfr * lib/hdb/Makefile.am: add CHECK_SYMBOLS 9178825Sdfr 10178825Sdfr * lib/hdb/keys.c: make all_etypes static 11178825Sdfr 12178825Sdfr * lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err 13178825Sdfr -version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops 14178825Sdfr 15178825Sdfr * kdc/kerberos5.c: use private version of principalname 16178825Sdfr 17178825Sdfr * kdc/kerberos4.c: use private version of principalname 18178825Sdfr 19178825Sdfr * kdc/hpropd.c: use private version of principalname 20178825Sdfr 21178825Sdfr * kdc/524.c: use private version of principalname 22178825Sdfr 23178825Sdfr * lib/krb5/rd_req.c: use private version of principalname 24178825Sdfr 25178825Sdfr * lib/krb5/rd_cred.c: use private version of principalname 26178825Sdfr 27178825Sdfr * lib/krb5/init_creds_pw.c: use private version of principalname 28178825Sdfr 29178825Sdfr * lib/krb5/get_in_tkt.c: use private version of principalname 30178825Sdfr 31178825Sdfr * lib/krb5/asn1_glue.c: make principalname functions private 32178825Sdfr 33178825Sdfr * lib/krb5/krb5.h: add key usage for server referrals 34178825Sdfr 35233294Sstas2004-12-29 Love H��rnquist ��strand <lha@it.su.se> 36178825Sdfr 37178825Sdfr * lib/krb5/principal.c: make default_v4_name_convert static 38178825Sdfr 39178825Sdfr * lib/krb5/crypto.c: make lots of crypto related variables static 40178825Sdfr 41178825Sdfr * lib/krb5/acache.c: make default_acc_name static 42178825Sdfr 43233294Sstas2004-12-28 Love H��rnquist ��strand <lha@it.su.se> 44178825Sdfr 45178825Sdfr * doc/setup.texi: add some text about samba, use example.com 46178825Sdfr 47178825Sdfr * lib/hdb/hdb-ldap.c: Add account expiration for samba from James 48178825Sdfr F. Hranicky <jfh@cise.ufl.edu>. 49178825Sdfr Add LDAP_addmod_integer and use it. 50178825Sdfr 51233294Sstas2004-12-27 Love H��rnquist ��strand <lha@it.su.se> 52178825Sdfr 53178825Sdfr * doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text 54178825Sdfr fixes, from Dave Love 55178825Sdfr 56233294Sstas2004-12-18 Love H��rnquist ��strand <lha@it.su.se> 57178825Sdfr 58178825Sdfr * lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just 59178825Sdfr needs pthread.h, threadlib is dead 60178825Sdfr 61233294Sstas2004-12-17 Love H��rnquist ��strand <lha@it.su.se> 62178825Sdfr 63178825Sdfr * kdc/config.c (configure): check for deprecated 64178825Sdfr enforce-transited-policy is set and fail if it is 65178825Sdfr 66178825Sdfr * lib/asn1/asn1_print.c: don't print garabage for octet strings 67178825Sdfr 68233294Sstas2004-12-13 Love H��rnquist ��strand <lha@it.su.se> 69178825Sdfr 70178825Sdfr * kdc/main.c (main): catch sigpipe, we don't bother select()ing 71178825Sdfr for errors 72178825Sdfr 73178825Sdfr * kdc/connect.c (handle_http_tcp): handle error from write(2) 74178825Sdfr 75178825Sdfr * doc/setup.texi: clarify credentials refreshing stuff 76178825Sdfr 77178825Sdfr * doc/setup.texi: add new node: Providing Kerberos credentials to 78178825Sdfr servers and programs 79178825Sdfr 80178825Sdfr * doc/whatis.texi: fix spurious cross-reference makeinfo warning 81178825Sdfr 82178825Sdfr * lib/hdb/hdb-ldap.c (pos): uppercase in character 83178825Sdfr 84233294Sstas2004-12-12 Love H��rnquist ��strand <lha@it.su.se> 85178825Sdfr 86178825Sdfr * lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode 87178825Sdfr nibbels in the other order 88178825Sdfr 89178825Sdfr * lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if 90178825Sdfr attribute exists before we try to delete it LDAP__bytes2hex 91178825Sdfr encodes in strange byte order, is this really right ? 92178825Sdfr 93233294Sstas2004-12-11 Love H��rnquist ��strand <lha@it.su.se> 94178825Sdfr 95178825Sdfr * lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all 96178825Sdfr entries, search for samba accounts too, From: "James F. Hranicky" 97178825Sdfr <jfh@cise.ufl.edu> 98178825Sdfr 99178825Sdfr * lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid 100178825Sdfr too 101178825Sdfr 102178825Sdfr * lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing 103178825Sdfr both krb5PrincipalName and uid, it must be broken, ignore it and 104178825Sdfr return it doesn't exists. 105178825Sdfr 106233294Sstas2004-12-10 Love H��rnquist ��strand <lha@it.su.se> 107178825Sdfr 108178825Sdfr * kdc/hpropd.8: spelling, from OpenBSD 109178825Sdfr 110178825Sdfr * kdc/kdc.8: use keeps for options, From OpenBSD k 111178825Sdfr 112233294Sstas2004-12-09 Love H��rnquist ��strand <lha@it.su.se> 113178825Sdfr 114178825Sdfr * doc/setup.texi: document --random-key and the need to do backup 115178825Sdfr of the master key 116178825Sdfr 117178825Sdfr * kdc/kstash.8: add --random-key 118178825Sdfr 119178825Sdfr * kdc/kstash.c: add --random-key 120178825Sdfr 121233294Sstas2004-12-08 Love H��rnquist ��strand <lha@it.su.se> 122178825Sdfr 123178825Sdfr * lib/krb5/verify_krb5_conf.8: spelling, from openbsd 124178825Sdfr 125178825Sdfr * lib/krb5/krb5_init_context.3: spelling, from openbsd 126178825Sdfr 127178825Sdfr * lib/krb5/krb5.conf.5: spelling, from openbsd 128178825Sdfr 129178825Sdfr * kuser/kdestroy.1: use keeps around options, spelling, from 130178825Sdfr openbsd 131178825Sdfr 132178825Sdfr * kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD 133178825Sdfr 134178825Sdfr * kdc/hpropd.8: use keeps around options, from OpenBSD 135178825Sdfr 136178825Sdfr * kdc/hprop.8: use keeps around options, from OpenBSD 137178825Sdfr 138233294Sstas2004-11-30 Love H��rnquist ��strand <lha@it.su.se> 139178825Sdfr 140178825Sdfr * lib/krb5/context.c (krb5_free_context): clear error string 141178825Sdfr before destroying mutex 142178825Sdfr (krb5_init_context): don't call krb5_free_context before there is a 143178825Sdfr mutex initialized 144178825Sdfr 145233294Sstas2004-11-18 Love H��rnquist ��strand <lha@it.su.se> 146178825Sdfr 147178825Sdfr * kuser/kinit.c (get_new_tickets): only complain about ticket 148178825Sdfr renewable lifetime when the user asked for a specific renewable 149178825Sdfr lifetime 150178825Sdfr 151233294Sstas2004-11-15 Love H��rnquist ��strand <lha@it.su.se> 152178825Sdfr 153178825Sdfr * kdc/kerberos5.c (find_keys): log what principal is missing 154178825Sdfr enctypes 155178825Sdfr 156233294Sstas2004-11-13 Love H��rnquist ��strand <lha@it.su.se> 157178825Sdfr 158178825Sdfr * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after 159178825Sdfr freeing data 160178825Sdfr 161178825Sdfr * lib/krb5/init_creds_pw.c (change_password): handle old_options 162178825Sdfr being NULL From Guenther Deschner on samba-technical. 163178825Sdfr 164233294Sstas2004-11-12 Love H��rnquist ��strand <lha@it.su.se> 165178825Sdfr 166178825Sdfr * lib/krb5/krb5_get_init_creds.3: add more text describing the 167178825Sdfr krb5_get_init_creds functions 168178825Sdfr 169233294Sstas2004-11-11 Love H��rnquist ��strand <lha@it.su.se> 170178825Sdfr 171178825Sdfr * lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work 172178825Sdfr again 173178825Sdfr 174233294Sstas2004-11-10 Love H��rnquist ��strand <lha@it.su.se> 175178825Sdfr 176178825Sdfr * lib/hdb/hdb.asn1: use constrained integers 177178825Sdfr 178233294Sstas2004-11-09 Love H��rnquist ��strand <lha@it.su.se> 179178825Sdfr 180178825Sdfr * lib/krb5/krb5_get_init_creds.3: add description for opt_init, 181178825Sdfr opt_alloc, opt_free 182178825Sdfr 183178825Sdfr * lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit 184178825Sdfr 185178825Sdfr * lib/krb5/init_creds.c: unexport 186178825Sdfr krb5_get_init_creds_opt_free_pkinit 187178825Sdfr 188178825Sdfr * lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into 189178825Sdfr get_init_creds_common 190178825Sdfr 191178825Sdfr * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in 192178825Sdfr options NULL, just make a clean copy 193178825Sdfr 194233294Sstas2004-11-01 Love H��rnquist ��strand <lha@it.su.se> 195178825Sdfr 196178825Sdfr * lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier 197178825Sdfr so we don't leak it on error 198178825Sdfr 199233294Sstas2004-10-31 Love H��rnquist ��strand <lha@it.su.se> 200178825Sdfr 201178825Sdfr * lib/krb5/krb5.conf.5: unbreak 2b entry 202178825Sdfr 203178825Sdfr * lib/krb5/acache.c (make_cred_from_ccred): the address isn't a 204178825Sdfr sockaddr but rather a kerberos address, deal with that. Based on 205178825Sdfr bug report from Jakob Schlyter <jakob@rfc.se>. 206178825Sdfr 207233294Sstas2004-10-30 Love H��rnquist ��strand <lha@it.su.se> 208178825Sdfr 209178825Sdfr * kdc/connect.c: Make sure argument passed to ctype isn't signed 210178825Sdfr char 211178825Sdfr 212233294Sstas2004-10-14 Love H��rnquist ��strand <lha@it.su.se> 213178825Sdfr 214178825Sdfr * lib/krb5/pkinit.c: match new error names 215178825Sdfr 216178825Sdfr * lib/krb5/krb5_err.et: make error messages sane again 217178825Sdfr 218233294Sstas2004-10-13 Love H��rnquist ��strand <lha@it.su.se> 219178825Sdfr 220178825Sdfr * lib/krb5/keytab.c: use KRB5_KT_BADNAME 221178825Sdfr 222178825Sdfr * lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major 223178825Sdfr version bump) add KRB5_DELTAT_BADFORMAT 224178825Sdfr 225178825Sdfr * lib/krb5/krb5.conf.5: time defaults to "s" 226178825Sdfr 227178825Sdfr * lib/krb5/time.c (krb5_string_to_deltat): default to "s" again, 228178825Sdfr MIT's behavior was actually that it failed to parse the number 229178825Sdfr (and thus used the default). Even better, ticket_lifetime (that 230178825Sdfr was a consumer supposed a of the interface) was documented but 231178825Sdfr never implemented, when it was implemented, people configuraiton 232178825Sdfr files started to fail. Also, use KRB5_DELTAT_BADFORMAT as a 233178825Sdfr failure code. 234178825Sdfr 235178825Sdfr * lib/asn1/k5.asn1: sync enctypes with pkinit branch 236178825Sdfr 237178825Sdfr * lib/asn1/parse.y (readd) support negative numbers 238178825Sdfr 239178825Sdfr * lib/asn1/lex.l: support hex numbers 240178825Sdfr 241233294Sstas2004-10-12 Love H��rnquist ��strand <lha@it.su.se> 242178825Sdfr 243178825Sdfr * kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS 244178825Sdfr 245178825Sdfr * lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding 246178825Sdfr for rc2 don't to padding for blocksize 1 247178825Sdfr 248178825Sdfr * lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c: 249178825Sdfr Move keyset parsing and password based keyset generation into hdb. 250178825Sdfr Requested by Andrew Bartlett <abartlet@samba.org> for hdb-ldb 251178825Sdfr backend. 252178825Sdfr 253233294Sstas2004-10-07 Love H��rnquist ��strand <lha@it.su.se> 254178825Sdfr 255178825Sdfr * kuser/kinit.c: adapt to new signature of 256178825Sdfr krb5_get_init_creds_opt_set_pkinit 257178825Sdfr 258178825Sdfr * lib/krb5/pkinit.c: free openssl engine deal with 259178825Sdfr RecipientIdentifier -> CMSIdentifier and heim_any -> name change 260178825Sdfr improve error messages 261178825Sdfr 262178825Sdfr * kdc/pkinit.c: free openssl engine deal with RecipientIdentifier 263178825Sdfr -> CMSIdentifier and heim_any -> name change 264178825Sdfr 265178825Sdfr2004-10-04 Johan Danielsson <joda@pdc.kth.se> 266178825Sdfr 267178825Sdfr * kuser/klist.c: use rtbl_set_separator 268178825Sdfr 269233294Sstas2004-10-03 Love H��rnquist ��strand <lha@it.su.se> 270178825Sdfr 271178825Sdfr * lib/krb5/pkinit.c: filter out dup openssl engine keys, parse 272178825Sdfr user options first 273178825Sdfr 274178825Sdfr * lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add 275178825Sdfr openssl engine support for private key 276178825Sdfr 277178825Sdfr * lib/krb5/crypto.c: support padding as its done in CMS 278178825Sdfr 279178825Sdfr * kdc/pkinit.c: improve error logging 280178825Sdfr 281178825Sdfr * kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt 282178825Sdfr 283233294Sstas2004-09-30 Love H��rnquist ��strand <lha@it.su.se> 284178825Sdfr 285178825Sdfr * lib/krb5/krb5.conf.5: assume minutes for time 286178825Sdfr 287178825Sdfr * lib/krb5/config_file.c (krb5_config_vget_time_default): use 288178825Sdfr krb5_string_to_deltat 289178825Sdfr 290178825Sdfr * lib/krb5/appdefault.c (krb5_appdefault_time): use 291178825Sdfr krb5_string_to_deltat 292178825Sdfr 293178825Sdfr * lib/krb5/time.c (krb5_string_to_deltat): set default unit to 294178825Sdfr minute for compatibility with MIT Kerberos. 295178825Sdfr 296178825Sdfr 297233294Sstas2004-09-28 Love H��rnquist ��strand <lha@it.su.se> 298178825Sdfr 299178825Sdfr * lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large 300178825Sdfr message safe" transport if we get back 301178825Sdfr KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner 302178825Sdfr <gd@sernet.de> 303178825Sdfr 304178825Sdfr2004-09-23 Johan Danielsson <joda@pdc.kth.se> 305178825Sdfr 306178825Sdfr * admin/list.c: use rtbl 307178825Sdfr 308178825Sdfr * admin/ktutil-commands.in: slc source file 309178825Sdfr 310178825Sdfr * lib/krb5/constants.c: check 311178825Sdfr /Library/Preferences/edu.mit.Kerberos on OSX 312178825Sdfr 313178825Sdfr2004-09-21 Johan Danielsson <joda@pdc.kth.se> 314178825Sdfr 315178825Sdfr * lib/krb5/time.c (krb5_format_time): check return value from 316178825Sdfr localtime and strftime 317178825Sdfr 318178825Sdfr2004-09-14 Johan Danielsson <joda@pdc.kth.se> 319178825Sdfr 320178825Sdfr * kuser/kinit.c: make sure we don't always get renewable creds 321178825Sdfr 322233294Sstas2004-09-11 Love H��rnquist ��strand <lha@it.su.se> 323178825Sdfr 324178825Sdfr * lib/krb5/acache.c: use krb5_ccapi.h 325178825Sdfr 326178825Sdfr * lib/krb5/krb5_ccapi.h: break out krb5 api definitions to 327178825Sdfr separate (not installed) file 328178825Sdfr 329178825Sdfr * lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS 330178825Sdfr since AM_CPPFLAGS overridden by target specific _CPPFLAGS 331178825Sdfr 332233294Sstas2004-09-08 Love H��rnquist ��strand <lha@it.su.se> 333178825Sdfr 334178825Sdfr * lib/krb5/pkinit.c: make variable shorter, make error messages 335178825Sdfr from pkinit, make freeing easier 336178825Sdfr 337233294Sstas2004-09-06 Love H��rnquist ��strand <lha@it.su.se> 338178825Sdfr 339178825Sdfr * lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen 340178825Sdfr 341178825Sdfr * lib/krb5/crypto.c (seed_something): avoid poking at memory that 342178825Sdfr is uninitialized, make valgrind unhappy. Pointd out by 343178825Sdfr abartlet@samba.org. While where, plug the fd leak. 344178825Sdfr 345233294Sstas2004-09-05 Love H��rnquist ��strand <lha@it.su.se> 346178825Sdfr 347178825Sdfr * lib/asn1/der_get.c (decode_*): name all tag-length variables the 348178825Sdfr same 349178825Sdfr (decode_enumerated): check that the tag-length is not longer the length 350178825Sdfr 351178825Sdfr * lib/asn1/der_get.c (decode_boolean): fail if length of tag is 352178825Sdfr larger then len 353178825Sdfr 354233294Sstas2004-08-31 Love H��rnquist ��strand <lha@it.su.se> 355178825Sdfr 356178825Sdfr * lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be 357178825Sdfr set in case of failure too, free unconditionally on exit to avoid 358178825Sdfr memory leak 359178825Sdfr 360233294Sstas2004-08-23 Love H��rnquist ��strand <lha@it.su.se> 361178825Sdfr 362178825Sdfr * lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after 363178825Sdfr free 364178825Sdfr 365233294Sstas2004-08-20 Love H��rnquist ��strand <lha@it.su.se> 366178825Sdfr 367178825Sdfr * lib/krb5/context.c (krb5_get_err_text): if neither of com_right 368178825Sdfr nor strerror finds the error-code, return Unknown error. 369178825Sdfr 370178825Sdfr2004-08-19 Johan Danielsson <joda@pdc.kth.se> 371178825Sdfr 372178825Sdfr * lib/krb5/krb5_kuserok.3: update to reality 373178825Sdfr 374178825Sdfr * lib/krb5/kuserok.c: if a .k5login file exist, don't give 375178825Sdfr implicit rights to anyone; also check owner/mode of .k5login 376178825Sdfr 377233294Sstas2004-08-15 Love H��rnquist ��strand <lha@it.su.se> 378178825Sdfr 379178825Sdfr * lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3 380178825Sdfr 381178825Sdfr * lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname 382178825Sdfr 383178825Sdfr * lib/krb5/krb5.3: add krb5_getportbyname 384178825Sdfr 385178825Sdfr * lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid 386178825Sdfr 387178825Sdfr * lib/krb5/krb5_encrypt.3: document krb5_enctype_valid 388178825Sdfr 389233294Sstas2004-08-13 Love H��rnquist ��strand <lha@it.su.se> 390178825Sdfr 391178825Sdfr * kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes 392178825Sdfr from the client and filter them out. 393178825Sdfr 394178825Sdfr * lib/krb5/krb5_string_to_key.3: document krb5_free_salt 395178825Sdfr 396233294Sstas2004-08-12 Love H��rnquist ��strand <lha@it.su.se> 397178825Sdfr 398178825Sdfr * lib/krb5/krb5_ticket.3: data needs to be freed when using 399178825Sdfr krb5_ticket_get_authorization_data_type 400178825Sdfr 401233294Sstas2004-08-11 Love H��rnquist ��strand <lha@it.su.se> 402178825Sdfr 403178825Sdfr * lib/krb5/test_cc.c: test variables in default_cc_name 404178825Sdfr 405178825Sdfr * lib/krb5/krb5.conf.5: explain support for varibles in 406178825Sdfr [libdefaults]default_cc_name 407178825Sdfr 408178825Sdfr * lib/krb5/cache.c: drop ${time}, its not very useful 409178825Sdfr 410178825Sdfr * lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand 411178825Sdfr variables in the default cc name. Supported variables now are: 412178825Sdfr ${time},${uid} and ${null} 413178825Sdfr 414178825Sdfr * lib/krb5/krb5.conf.5: document default_cc_name 415178825Sdfr 416178825Sdfr * lib/krb5/cache.c (krb5_cc_set_default_name): 417178825Sdfr s/libdefault/libdefaults/ 418178825Sdfr 419233294Sstas2004-08-06 Love H��rnquist ��strand <lha@it.su.se> 420178825Sdfr 421178825Sdfr * lib/krb5/acache.c: replace magic 3 with ccapi_version_3 422178825Sdfr 423178825Sdfr * lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c 424178825Sdfr 425178825Sdfr * lib/krb5/krb5.h: add krb5_acc_ops 426178825Sdfr 427178825Sdfr * lib/krb5/acache.c: CCAPI v3 implementation, the read only 428178825Sdfr support was from Magnus Ahltorp and then extended by me to support 429178825Sdfr all other operations. Tested with MIT kerberos cc cache 430178825Sdfr implementation on MacOS 10.3.3 431178825Sdfr 432178825Sdfr * lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the 433178825Sdfr default cc name, this is not very useful for general purpose glue 434178825Sdfr since its not possible to glue in user information (like uid), but 435178825Sdfr for CCAPI it works just fine 436178825Sdfr 437233294Sstas2004-08-05 Love H��rnquist ��strand <lha@it.su.se> 438178825Sdfr 439178825Sdfr * kuser/kgetcred.1: document --cache/-c 440178825Sdfr 441178825Sdfr * kuser/kgetcred.c: allow to specify what credential cache to use 442178825Sdfr 443233294Sstas2004-08-03 Love H��rnquist ��strand <lha@it.su.se> 444178825Sdfr 445178825Sdfr * lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3 446178825Sdfr 447178825Sdfr * lib/krb5/krb5_eai_to_heim_errno.3: document 448178825Sdfr krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno 449178825Sdfr 450178825Sdfr * lib/krb5/krb5.3: add krb5_eai_to_heim_errno, 451178825Sdfr krb5_h_errno_to_heim_errno 452178825Sdfr 453233294Sstas2004-07-26 Love H��rnquist ��strand <lha@it.su.se> 454178825Sdfr 455178825Sdfr * lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms 456178825Sdfr result should be free with krb5_free_host_realm drop 457178825Sdfr krb5_get_host_realm text 458178825Sdfr 459178825Sdfr * lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result 460178825Sdfr should be free with krb5_free_host_realm 461178825Sdfr 462178825Sdfr * lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep 463178825Sdfr 464178825Sdfr * lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds 465178825Sdfr 466178825Sdfr * lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator 467178825Sdfr 468178825Sdfr * lib/krb5/Makefile.am: man_MANS += krb5_rd_error 469178825Sdfr 470178825Sdfr * lib/krb5/krb5_rd_error.3: krb5_rd_error and friends 471178825Sdfr 472178825Sdfr * lib/krb5/krb5_warn.3: clarify on what string 473178825Sdfr krb5_free_error_string should operate on 474178825Sdfr 475178825Sdfr * lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred 476178825Sdfr 477178825Sdfr * lib/krb5/Makefile.am: krb5_get_credentials, 478178825Sdfr krb5_get_forwarded_creds and friends 479178825Sdfr 480178825Sdfr * lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds 481178825Sdfr and friends 482178825Sdfr 483178825Sdfr * lib/krb5/krb5_get_credentials.3: krb5_get_credentials and 484178825Sdfr friends 485178825Sdfr 486233294Sstas2004-07-23 Love H��rnquist ��strand <lha@it.su.se> 487178825Sdfr 488178825Sdfr * kuser/klist.c (print_cred_verbose): keytypes are no longer, use 489178825Sdfr enctype 490178825Sdfr 491233294Sstas2004-07-22 Love H��rnquist ��strand <lha@it.su.se> 492178825Sdfr 493178825Sdfr * lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99 494178825Sdfr compilers, From metze at samba.org 495178825Sdfr 496233294Sstas2004-07-20 Love H��rnquist ��strand <lha@it.su.se> 497178825Sdfr 498178825Sdfr * lib/krb5/test_cc.c: more cc tests 499178825Sdfr 500178825Sdfr * lib/krb5/krb5_check_transited.3: document krb5_check_transited 501178825Sdfr 502233294Sstas2004-07-19 Love H��rnquist ��strand <lha@it.su.se> 503178825Sdfr 504178825Sdfr * kdc/pkinit.c (pk_principal_from_X509): reverse test, makes 505178825Sdfr principal in cert work From: Mayur Patel <patelm4@rpi.edu> 506178825Sdfr 507233294Sstas2004-07-18 Love H��rnquist ��strand <lha@it.su.se> 508178825Sdfr 509178825Sdfr * lib/krb5/Makefile.am: add krb5_verify_init_creds.3 510178825Sdfr 511178825Sdfr * lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds 512178825Sdfr 513233294Sstas2004-07-15 Love H��rnquist ��strand <lha@it.su.se> 514178825Sdfr 515178825Sdfr * lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org 516178825Sdfr description for krb5_passwd_result_to_string 517178825Sdfr 518233294Sstas2004-07-14 Love H��rnquist ��strand <lha@it.su.se> 519178825Sdfr 520178825Sdfr * lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar 521178825Sdfr fixes; split sentence in two for better understanding. From 522178825Sdfr wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here. 523178825Sdfr 524178825Sdfr * lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan 525178825Sdfr Stone <jonathan@dsg.stanford.edu> 526178825Sdfr 527178825Sdfr * lib/krb5/changepw.c (process_reply): cast ssize_t to long and 528178825Sdfr print that From NetBSD via Havard Eidnes. 529178825Sdfr 530233294Sstas2004-07-09 Love H��rnquist ��strand <lha@it.su.se> 531178825Sdfr 532178825Sdfr * configure.in: fix helpstring for hdb-openldap-module 533178825Sdfr 534178825Sdfr * lib/krb5/test_cc.c: don't use krb5_err on error code 0 535178825Sdfr 536233294Sstas2004-07-08 Love H��rnquist ��strand <lha@it.su.se> 537178825Sdfr 538178825Sdfr * lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better 539178825Sdfr 540233294Sstas2004-07-02 Love H��rnquist ��strand <lha@it.su.se> 541178825Sdfr 542178825Sdfr * lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const 543178825Sdfr 544233294Sstas2004-07-01 Love H��rnquist ��strand <lha@it.su.se> 545178825Sdfr 546178825Sdfr * lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with 547178825Sdfr right argument 548178825Sdfr 549178825Sdfr2004-06-27 Johan Danielsson <joda@pdc.kth.se> 550178825Sdfr 551178825Sdfr * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the 552178825Sdfr krbtgt is without addresses, default to not sending our own 553178825Sdfr addrport 554178825Sdfr 555178825Sdfr * lib/asn1/lex.l: add support for /* */ and partial line -- 556178825Sdfr comments 557178825Sdfr 558178825Sdfr * kuser/Makefile.am: don't install copy_cred_cache manpage 559178825Sdfr 560178825Sdfr2004-06-24 Johan Danielsson <joda@pdc.kth.se> 561178825Sdfr 562178825Sdfr * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if 563178825Sdfr copying a static opt, make sure to allocate the "private" field 564178825Sdfr 565178825Sdfr2004-06-24 Love <lha@stacken.kth.se> 566178825Sdfr 567178825Sdfr * kdc/config.c: add enable_pkinit_princ_in_cert 568178825Sdfr 569178825Sdfr * kdc/kdc_locl.h: enable_pkinit_princ_in_cert 570178825Sdfr 571178825Sdfr * kdc/pkinit.c: Check certificate for Kerberos Principal in 572178825Sdfr OtherName of subjectAltName Based on patch from Mayur Patel 573178825Sdfr <patelm4@rpi.edu> 574178825Sdfr 575233294Sstas2004-06-21 Love H��rnquist ��strand <lha@it.su.se> 576178825Sdfr 577178825Sdfr * lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use 578178825Sdfr session key for authorization-data 579178825Sdfr 580233294Sstas2004-06-15 Love H��rnquist ��strand <lha@it.su.se> 581178825Sdfr 582178825Sdfr * kdc/connect.c (handle_tcp): note who is what that closed the 583178825Sdfr connection on us 584178825Sdfr 585233294Sstas2004-06-09 Love H��rnquist ��strand <lha@it.su.se> 586178825Sdfr 587178825Sdfr * admin/get.c (kt_get): catch errors from krb5_parse_name 588178825Sdfr 589233294Sstas2004-06-05 Love H��rnquist ��strand <lha@it.su.se> 590178825Sdfr 591178825Sdfr * lib/hdb/hdb-ldap.c: if its the entry just contains the 592178825Sdfr structural object (no samba nor heimdal object), add an aux 593178825Sdfr heimdal object on to it. 594178825Sdfr 595233294Sstas2004-06-02 Love H��rnquist ��strand <lha@it.su.se> 596178825Sdfr 597178825Sdfr * kpasswd/kpasswd.c: use krb5_set_password_using_ccache 598178825Sdfr 599178825Sdfr * lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache 600178825Sdfr 601178825Sdfr * lib/krb5/changepw.c: implement krb5_set_password_using_ccache 602178825Sdfr 603178825Sdfr * lib/hdb/hdb-ldap.c: Allow the objectClass to be 604178825Sdfr "sambaSamAccount" or structural_object when searching for uid 605178825Sdfr entries. 606178825Sdfr 607178825Sdfr * lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base 608178825Sdfr 609178825Sdfr * lib/hdb/hdb-ldap.c: add creation base that defaults to the 610178825Sdfr search base 611178825Sdfr 612178825Sdfr * lib/hdb/hdb-ldap.c: indent like the rest of the code 613178825Sdfr 614233294Sstas2004-06-01 Love H��rnquist ��strand <lha@it.su.se> 615178825Sdfr 616178825Sdfr * lib/hdb/hdb-ldap.c: check return values from ldap operations and 617178825Sdfr close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you 618178825Sdfr should retry by yourself. 619178825Sdfr 620178825Sdfr * lib/hdb/hdb-ldap.c: require search base to be configured, create 621178825Sdfr local context structure 622178825Sdfr 623233294Sstas2004-05-31 Love H��rnquist ��strand <lha@it.su.se> 624178825Sdfr 625178825Sdfr * doc/setup.texi: more ldap text, partly from Tarjei Huse 626178825Sdfr <tarjei@nu.no> 627178825Sdfr 628233294Sstas2004-05-28 Love H��rnquist ��strand <lha@it.su.se> 629178825Sdfr 630178825Sdfr * lib/hdb/hdb-ldap.c: clean, indent 631178825Sdfr 632178825Sdfr * lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure 633178825Sdfr krb5KeyVersionNumber is added on new entires 634178825Sdfr 635233294Sstas2004-05-27 Love H��rnquist ��strand <lha@it.su.se> 636178825Sdfr 637178825Sdfr * doc/setup.texi: minor fixes, partly from Tarjei Huse 638178825Sdfr <tarjei@nu.no> 639178825Sdfr 640178825Sdfr * lib/krb5/krb5.conf.5: some text about dbname and realm 641178825Sdfr 642178825Sdfr * lib/krb5/krb5.conf.5: default value for 643178825Sdfr hdb-ldap-structural-object is account 644178825Sdfr 645233294Sstas2004-05-26 Love H��rnquist ��strand <lha@it.su.se> 646178825Sdfr 647178825Sdfr * tools/Makefile.am: use ! instead of , as sed delimiter 648178825Sdfr 649233294Sstas2004-05-25 Love H��rnquist ��strand <lha@it.su.se> 650178825Sdfr 651178825Sdfr * lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions 652178825Sdfr 653233294Sstas2004-05-23 Love H��rnquist ��strand <lha@it.su.se> 654178825Sdfr 655178825Sdfr * lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean 656178825Sdfr 657178825Sdfr * lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure 658178825Sdfr option 659178825Sdfr 660178825Sdfr * lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From: 661178825Sdfr Andrew Bartlett <abartlet@samba.org> 662178825Sdfr 663178825Sdfr * lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length 664178825Sdfr check From: Andrew Bartlett <abartlet@samba.org> 665178825Sdfr 666178825Sdfr * lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword 667178825Sdfr case, make sure ent->etypes are allocated, From: Andrew Bartlett 668178825Sdfr <abartlet@samba.org> 669178825Sdfr 670233294Sstas2004-05-14 Love H��rnquist ��strand <lha@it.su.se> 671178825Sdfr 672178825Sdfr * kuser/kinit.c: move "setpag if (argc < 1)" to common path 673178825Sdfr 674233294Sstas2004-05-12 Love H��rnquist ��strand <lha@it.su.se> 675178825Sdfr 676178825Sdfr * lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers 677178825Sdfr 678178825Sdfr * fix-export: use right argument for -E 679178825Sdfr 680178825Sdfr2004-05-06 Johan Danielsson <joda@pdc.kth.se> 681178825Sdfr 682178825Sdfr * kuser/kinit.c: print some diagnostics if the exec fails 683178825Sdfr 684233294Sstas2004-04-29 Love H��rnquist ��strand <lha@it.su.se> 685178825Sdfr 686178825Sdfr * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key 687178825Sdfr From: Luke Howard <lukeh@padl.com> 688178825Sdfr 689178825Sdfr * lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket, 690178825Sdfr not just a pointer size of it From: Luke Howard <lukeh@padl.com> 691178825Sdfr 692233294Sstas2004-04-28 Love H��rnquist ��strand <lha@it.su.se> 693178825Sdfr 694178825Sdfr * fix-export: add -E flag where needed to make-proto 695178825Sdfr 696233294Sstas2004-04-26 Love H��rnquist ��strand <lha@it.su.se> 697178825Sdfr 698178825Sdfr * lib/krb5/crypto.c: add set_param for RC2 699178825Sdfr 700178825Sdfr * lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids 701178825Sdfr that are no longer needed 702178825Sdfr 703178825Sdfr * kdc/pkinit.c: use krb5_enctype_to_oid 704178825Sdfr 705178825Sdfr * lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists 706178825Sdfr before we compare with it 707178825Sdfr 708178825Sdfr * lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length 709178825Sdfr before returning it add aes-oids 710178825Sdfr 711178825Sdfr * lib/krb5/crypto.c: add krb5_enctype_to_oid and 712178825Sdfr krb5_oid_to_enctype 713178825Sdfr 714178825Sdfr * kdc/pkinit.c: use krb5_crypto_set_params 715178825Sdfr 716178825Sdfr * lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none 717178825Sdfr 718178825Sdfr * lib/krb5/krb5.h: add KEYTYPE_AES192 719178825Sdfr 720178825Sdfr * lib/krb5/pkinit.c: use krb5_crypto_get_params to implement 721178825Sdfr kcrypto RC2 support 722178825Sdfr 723178825Sdfr * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype 724178825Sdfr rc2-cbc XXX RC2CBCParameter is wrong because the compiler is 725178825Sdfr broken 726178825Sdfr 727178825Sdfr * lib/krb5/krb5.h: add KEYTYPE_RC2 728178825Sdfr 729178825Sdfr * lib/krb5/crypto.c: add partial CMS parameter handling, this is 730178825Sdfr needed for RC2 731178825Sdfr 732178825Sdfr * lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp 733178825Sdfr 734178825Sdfr * lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c 735178825Sdfr 736178825Sdfr * lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp 737178825Sdfr 738178825Sdfr * lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE 739178825Sdfr 740178825Sdfr * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype 741178825Sdfr rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken 742178825Sdfr 743178825Sdfr2004-04-26 Johan Danielsson <joda@pdc.kth.se> 744178825Sdfr 745178825Sdfr * lib/krb5/config_file.c: allow parsing directly from strings with 746178825Sdfr krb5_config_parse_string_multi 747178825Sdfr 748178825Sdfr * lib/krb5/verify_krb5_conf.c: try to resolve hostnames 749178825Sdfr 750178825Sdfr2004-04-25 Johan Danielsson <joda@pdc.kth.se> 751178825Sdfr 752178825Sdfr * lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file 753178825Sdfr descriptor so we don't have to keep track of it in two places 754178825Sdfr 755178825Sdfr * kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in 756178825Sdfr libkrb5 757178825Sdfr 758178825Sdfr * lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its 759178825Sdfr own manpage 760178825Sdfr 761178825Sdfr * replace krb5_free_creds_contents by krb5_free_cred_contents 762178825Sdfr 763178825Sdfr * lib/krb5/cache.c: add krb5_cc_next_cred_match() and 764178825Sdfr krb5_cc_copy_cred_match() 765178825Sdfr 766178825Sdfr * lib/krb5/creds.c (krb5_compare_creds): add more matching options 767178825Sdfr 768178825Sdfr * lib/krb5/krb5.h: add more creds match flags 769178825Sdfr 770178825Sdfr * kuser/copy_cred_cache: add --valid-for option 771178825Sdfr 772178825Sdfr * lib/krb5/store.c (krb5_store_creds): set is_skey flag if length 773178825Sdfr of second ticket is > 0 774178825Sdfr 775233294Sstas2004-04-25 Love H��rnquist ��strand <lha@it.su.se> 776178825Sdfr 777178825Sdfr * lib/krb5/pkinit.c: use the right oid for pkauthdata 778178825Sdfr 779178825Sdfr * lib/krb5/pkinit.c: always send both win2k compat version and the 780178825Sdfr ietf draft one, this is possible since microsoft use 781178825Sdfr wrong/diffrent PA number. Make the configuration flag boolean 782178825Sdfr configuring if NOT to send the win2k compat glue. 783178825Sdfr 784178825Sdfr * lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec 785178825Sdfr 786178825Sdfr * kuser/copy_cred_cache.1: pacify mdoclint 787178825Sdfr 788178825Sdfr * kdc/pkinit.c: use IV for envelopeddata encryption, patch 789178825Sdfr originally from Luke Howard <lukeh@padl.com>, tweeked by me. 790178825Sdfr 791178825Sdfr * lib/krb5/krb5_storage.3: document 792178825Sdfr KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER 793178825Sdfr 794178825Sdfr * lib/krb5/krb5_data.3: document that krb5_data_free cleans the 795178825Sdfr structure too 796178825Sdfr 797178825Sdfr * lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch 798178825Sdfr originally from Luke Howard <lukeh@padl.com>, tweeked by me. 799178825Sdfr 800178825Sdfr2004-04-24 Johan Danielsson <joda@pdc.kth.se> 801178825Sdfr 802178825Sdfr * kuser/copy_cred_cache.{c,1}: add cred cache copy tool 803178825Sdfr 804178825Sdfr * configure.in: use rk_SYS_LARGEFILE 805178825Sdfr 806178825Sdfr * lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder 807178825Sdfr issue with a storage flag instead of a separate function. 808178825Sdfr 809233294Sstas2004-04-24 Love H��rnquist ��strand <lha@it.su.se> 810178825Sdfr 811178825Sdfr * lib/krb5/pkinit.c: move out the oid check from get_reply_key 812178825Sdfr 813178825Sdfr * lib/krb5/pkinit.c: uniquify error messages 814178825Sdfr 815178825Sdfr * lib/krb5/init_creds_pw.c: make the pkinit nonce same os the 816178825Sdfr plain nonce for now 817178825Sdfr 818178825Sdfr * lib/krb5/pkinit.c: more w2k compat from Luke Howard 819178825Sdfr <lukeh@padl.com> add RC2 support, clean up error messages 820178825Sdfr 821178825Sdfr * lib/krb5/pkinit.c: remove more dependency on 822178825Sdfr krb5_config->pkinit_flags 823178825Sdfr 824178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft 825178825Sdfr style answer to IETF, From Luke Howard <lukeh@padl.com> 826178825Sdfr (_krb5_pk_create_sign): ms handles NULL in param, so always send it 827178825Sdfr (_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool } 828178825Sdfr 829178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the 830178825Sdfr digestAlgorithm to sha1 (both for SignerInfo and SignedData, add 831178825Sdfr new function _set_digest_alg to set it 832178825Sdfr 833233294Sstas2004-04-23 Love H��rnquist ��strand <lha@it.su.se> 834178825Sdfr 835178825Sdfr * include/make_crypto.c: include rc2.h, and when I'm here, make 836178825Sdfr aes mandatory 837178825Sdfr 838178825Sdfr * lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT 839178825Sdfr kerberos 840178825Sdfr 841178825Sdfr * lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on 842178825Sdfr failure 843178825Sdfr 844178825Sdfr * lib/krb5/crypto.c (DES3_random_to_key): make it produce the 845178825Sdfr right result 846178825Sdfr (DES3_postproc): use DES3_random_to_key 847178825Sdfr (krb5_random_to_key): check the required number of bits (not the size 848178825Sdfr of the key) 849178825Sdfr 850178825Sdfr * lib/krb5/aes-test.c: test random to key function 851178825Sdfr 852178825Sdfr * lib/krb5/string-to-key-test.c: comment out the "@"/"" test for 853178825Sdfr now 854178825Sdfr 855233294Sstas2004-04-22 Love H��rnquist ��strand <lha@it.su.se> 856178825Sdfr 857178825Sdfr * lib/krb5/krb5_string_to_key.3: document that 858178825Sdfr krb5_string_to_key_derived is broken for non 3des enctypes and 859178825Sdfr thus deprecated 860178825Sdfr 861178825Sdfr * kdc/pkinit.c (generate_dh_keyblock): use the new function 862178825Sdfr krb5_random_to_key 863178825Sdfr 864178825Sdfr * lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they 865178825Sdfr need special processing 866178825Sdfr 867178825Sdfr * lib/krb5/crypto.c (krb5_random_to_key): new function 868178825Sdfr 869178825Sdfr * lib/krb5/krb5_keyblock.3: document krb5_random_to_key 870178825Sdfr 871233294Sstas2004-04-21 Love H��rnquist ��strand <lha@it.su.se> 872178825Sdfr 873178825Sdfr * kdc/pkinit.c: use the first proposed enable enctype 874178825Sdfr 875178825Sdfr * lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the 876178825Sdfr return from krb5_enctype_valid 877178825Sdfr 878178825Sdfr * kdc/pkinit.c: at least try to handle diffrent enveloped enctypes 879178825Sdfr 880233294Sstas2004-04-21 Love H��rnquist ��strand <lha@it.su.se> 881178825Sdfr 882178825Sdfr * lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid 883178825Sdfr components being smaller then 127 and allocate one extra element 884178825Sdfr since first byte is split to to elements. 885178825Sdfr 886233294Sstas2004-04-20 Love H��rnquist ��strand <lha@it.su.se> 887178825Sdfr 888178825Sdfr * lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE: 889178825Sdfr private use, lukeh@padl.com 890178825Sdfr 891233294Sstas2004-04-19 Love H��rnquist ��strand <lha@it.su.se> 892178825Sdfr 893178825Sdfr * lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode 894178825Sdfr DH public key 895178825Sdfr 896233294Sstas2004-04-18 Love H��rnquist ��strand <lha@it.su.se> 897178825Sdfr 898178825Sdfr * lib/krb5/krb5_init_context.3: add krb5_context to so its added 899178825Sdfr as manpage-link too 900178825Sdfr 901233294Sstas2004-04-17 Love H��rnquist ��strand <lha@it.su.se> 902178825Sdfr 903178825Sdfr * lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation, 904178825Sdfr XXX add locking 905178825Sdfr 906178825Sdfr * kuser/kdestroy.c: add --credential argument that just remove one 907178825Sdfr credential entry out of the cache specified 908178825Sdfr 909178825Sdfr * kdc/pkinit.c: replace the krb5.conf configuration option that 910178825Sdfr describes the mapping between principals and subject names with a 911178825Sdfr file, default /var/heimdal/pki-mapping. XXX this should be pushed 912178825Sdfr into HDB. XXX should add issuer too 913178825Sdfr 914178825Sdfr * kdc/config.c: merge certificate/private_key to a user_id 915178825Sdfr 916233294Sstas2004-04-16 Love H��rnquist ��strand <lha@it.su.se> 917178825Sdfr 918178825Sdfr * kdc/kdc_locl.h: update prototype for pk_initialize 919178825Sdfr 920178825Sdfr * kuser/kinit.c: merge certificate/private_key to a user_id 921178825Sdfr 922178825Sdfr * kdc/pkinit.c: adapt to heim_integer changes 923178825Sdfr 924178825Sdfr * lib/krb5/pkinit.c: merge certificate/private_key to a user_id 925178825Sdfr 926178825Sdfr * kdc/pkinit.c: adapt to heim_integer changes, 927178825Sdfr merge certificate/private_key to a user_id 928178825Sdfr 929233294Sstas2004-04-15 Love H��rnquist ��strand <lha@it.su.se> 930178825Sdfr 931178825Sdfr * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE 932178825Sdfr 933233294Sstas2004-04-13 Love H��rnquist ��strand <lha@it.su.se> 934178825Sdfr 935178825Sdfr * lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building 936178825Sdfr libkrb5.la, add KRB5_LIB_FUNCTION proto 937178825Sdfr 938178825Sdfr * lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION 939178825Sdfr 940178825Sdfr * configure.in: export KRB5_LIB_FUNCTION when building with 941178825Sdfr BUILD_KRB5_LIB 942178825Sdfr 943178825Sdfr * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add 944178825Sdfr error strings 945178825Sdfr 946178825Sdfr * lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing 947178825Sdfr is printed on stderr, fflush it 948178825Sdfr 949178825Sdfr * lib/krb5/krb5_keyblock.3: free functions also zeros out the key 950178825Sdfr 951178825Sdfr * lib/krb5/krb5_get_init_creds.3: some text about 952178825Sdfr krb5_prompter_posix 953178825Sdfr 954178825Sdfr * lib/krb5/krb5.conf.5: document hdb-ldap-structural-object 955178825Sdfr 956178825Sdfr * lib/krb5/cache.c: add krb5_cc_get_prefix_ops 957178825Sdfr 958178825Sdfr * lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops 959178825Sdfr 960233294Sstas2004-04-05 Love H��rnquist ��strand <lha@it.su.se> 961178825Sdfr 962178825Sdfr * appl/test/http_client.c: support GSS_C_DELEG_FLAG and 963178825Sdfr GSS_C_MUTUAL_FLAG 964178825Sdfr 965178825Sdfr * appl/test/http_client.c: verbose logging 966178825Sdfr 967233294Sstas2004-04-02 Love H��rnquist ��strand <lha@it.su.se> 968178825Sdfr 969178825Sdfr * kdc/connect.c: case size_t to unsigned long for LP64 platforms 970178825Sdfr 971233294Sstas2004-04-01 Love H��rnquist ��strand <lha@it.su.se> 972178825Sdfr 973178825Sdfr * lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of 974178825Sdfr default structural object 975178825Sdfr 976178825Sdfr * tools/Makefile.am: handle sed expression breaking 977178825Sdfr 978233294Sstas2004-03-31 Love H��rnquist ��strand <lha@it.su.se> 979178825Sdfr 980178825Sdfr * lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr 981178825Sdfr 982178825Sdfr * lib/krb5/changepw.c: add tcp support to the set protocol, should 983178825Sdfr be cleaned up to enable sharing code with krb5_sendto 984178825Sdfr 985178825Sdfr * kpasswd/kpasswd.c (change_password): remove extra free 986178825Sdfr 987178825Sdfr * lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on 988178825Sdfr osf/1 989178825Sdfr 990233294Sstas2004-03-30 Love H��rnquist ��strand <lha@it.su.se> 991178825Sdfr 992178825Sdfr * lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't 993178825Sdfr increase md->len, krb5_padata_add already does that 994178825Sdfr 995178825Sdfr * lib/krb5/init_creds.c: its PAC not PAQ 996178825Sdfr 997178825Sdfr * kuser/kinit.c: its PAC not PAQ 998178825Sdfr 999178825Sdfr * kdc/kerberos4.c: stop the client from renewing tickets into the 1000178825Sdfr future From: Jeffrey Hutzelman <jhutz@cmu.edu> 1001178825Sdfr 1002233294Sstas2004-03-29 Love H��rnquist ��strand <lha@it.su.se> 1003178825Sdfr 1004178825Sdfr * configure.in: try to handle sys/strtty.h needing sys/stream.h 1005178825Sdfr 1006233294Sstas2004-03-23 Love H��rnquist ��strand <lha@it.su.se> 1007178825Sdfr 1008178825Sdfr * lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no 1009178825Sdfr longer used 1010178825Sdfr 1011178825Sdfr * kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/ 1012178825Sdfr 1013178825Sdfr * lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to 1014178825Sdfr external users by prefixing it with _ 1015178825Sdfr 1016178825Sdfr * lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/ 1017178825Sdfr 1018178825Sdfr * lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external 1019178825Sdfr users by prefixing it with _ 1020178825Sdfr 1021233294Sstas2004-03-22 Love H��rnquist ��strand <lha@it.su.se> 1022178825Sdfr 1023178825Sdfr * lib/krb5/pkinit.c: add missing } 1024178825Sdfr 1025233294Sstas2004-03-21 Love H��rnquist ��strand <lha@it.su.se> 1026178825Sdfr 1027178825Sdfr * kdc/pkinit.c: adapt to change of signature of 1028178825Sdfr _krb5_pk_load_openssl_id 1029178825Sdfr 1030178825Sdfr * lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add 1031178825Sdfr prompter argument and use it 1032178825Sdfr 1033178825Sdfr * kuser/kinit.c: adapt to signature change of 1034178825Sdfr krb5_get_init_creds_opt_set_pkinit 1035178825Sdfr 1036178825Sdfr * lib/krb5/krb5.3: add more stuff, 105 functions to go 1037178825Sdfr 1038178825Sdfr * lib/krb5/krb5_rcache.3: add krb5_get_server_rcache 1039178825Sdfr 1040178825Sdfr * lib/krb5/krb5_rcache.3: framework for replay cache manpage 1041178825Sdfr 1042178825Sdfr * lib/krb5/krb5_string_to_key.3: document string to key functions 1043178825Sdfr 1044178825Sdfr * lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3 1045178825Sdfr krb5_find_padata.3 krb5_generate_random_block.3 1046178825Sdfr 1047178825Sdfr * lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length 1048178825Sdfr 1049178825Sdfr * lib/krb5/krb5.3: add some more, 137 to go 1050178825Sdfr 1051178825Sdfr * lib/krb5/krb5_principal.3: document krb5_get_default_principal 1052178825Sdfr 1053178825Sdfr * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey 1054178825Sdfr 1055178825Sdfr * lib/krb5/krb5_generate_random_block.3: document 1056178825Sdfr krb5_generate_random_block 1057178825Sdfr 1058178825Sdfr * lib/krb5/krb5_find_padata.3: document padata functions 1059178825Sdfr 1060178825Sdfr * lib/krb5/krb5.3: add some more, 142 to go 1061178825Sdfr 1062178825Sdfr * lib/krb5/krb5_creds.3: drop .Pp before .Sh 1063178825Sdfr 1064178825Sdfr * lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm 1065178825Sdfr 1066178825Sdfr * lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname 1067178825Sdfr and krb5_expand_hostname_realms 1068178825Sdfr 1069178825Sdfr * lib/krb5/krb5.3: add more functions, 147 to go 1070178825Sdfr 1071178825Sdfr * lib/krb5/krb5_creds.3: document krb5_creds 1072178825Sdfr 1073178825Sdfr * lib/krb5/krb5_get_init_creds.3: add more functions, some more 1074178825Sdfr text 1075178825Sdfr 1076178825Sdfr * lib/krb5/krb5_ticket.3: document 1077178825Sdfr krb5_ticket_get_authorization_data_type 1078178825Sdfr 1079233294Sstas2004-03-20 Love H��rnquist ��strand <lha@it.su.se> 1080178825Sdfr 1081178825Sdfr * lib/krb5/aes-test.c: remove #if 0'ed code 1082178825Sdfr 1083178825Sdfr * lib/krb5/krb5.3: add keyblock functions, 177 functions to go 1084178825Sdfr 1085178825Sdfr * lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache 1086178825Sdfr 1087178825Sdfr * lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket 1088178825Sdfr 1089178825Sdfr * lib/krb5/krb5_config.3: document krb5_config_free_strings and 1090178825Sdfr krb5_config_file_free 1091178825Sdfr 1092178825Sdfr * lib/krb5/krb5_create_checksum.3: add krb5_hmac 1093178825Sdfr 1094178825Sdfr * lib/krb5/krb5.3: add keyblock functions, 190 functions to go 1095178825Sdfr 1096178825Sdfr * lib/krb5/krb5_keyblock.3: update .Dd 1097178825Sdfr 1098178825Sdfr * lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and 1099178825Sdfr krb5_generate_random_keyblock 1100178825Sdfr 1101178825Sdfr * lib/krb5/krb5_init_context.3: add krb5_init_ets 1102178825Sdfr 1103178825Sdfr * lib/krb5/krb5_config.3: add more krb5_config_ functions and 1104178825Sdfr prototypes 1105178825Sdfr 1106178825Sdfr * lib/krb5/krb5_init_context.3: document context modifcation 1107178825Sdfr functions: address list, config file, use admin kdc, fcc version 1108178825Sdfr 1109178825Sdfr * lib/krb5/krb5_storage.3: document krb5_storage and related 1110178825Sdfr functions 1111178825Sdfr 1112178825Sdfr * lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc 1113178825Sdfr manpages and test_acl test program 1114178825Sdfr 1115178825Sdfr * lib/krb5/krb5.3: add error string functions and sort 1116178825Sdfr 1117178825Sdfr * lib/krb5/krb5_warn.3: document krb5_abort and error string 1118178825Sdfr functions 1119178825Sdfr 1120178825Sdfr * lib/krb5/krb5.3: add missing functions, only 285 left to 1121178825Sdfr document 1122178825Sdfr 1123178825Sdfr * lib/krb5/krb5_crypto_init.3: remove various enctype related 1124178825Sdfr function 1125178825Sdfr 1126178825Sdfr * lib/krb5/krb5_encrypt.3: add various enctype related function 1127178825Sdfr here 1128178825Sdfr 1129178825Sdfr * lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid 1130178825Sdfr krb5_cksumtype_valid 1131178825Sdfr 1132178825Sdfr * lib/krb5/crypto.c: real return values for 1133178825Sdfr krb5_{enctype,cksumtype}_valid 1134178825Sdfr 1135178825Sdfr * lib/krb5/krb5_create_checksum.3: add some functions and 1136178825Sdfr descriptions 1137178825Sdfr 1138178825Sdfr * lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions 1139178825Sdfr 1140178825Sdfr * lib/krb5/krb5_auth_context.3: document 1141178825Sdfr krb5_auth_con_generatelocalsubkey 1142178825Sdfr 1143178825Sdfr * lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags 1144178825Sdfr 1145178825Sdfr * lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name 1146178825Sdfr 1147178825Sdfr * lib/krb5/krb5_init_context.3: document krb5_add_et_list 1148178825Sdfr 1149178825Sdfr * lib/krb5/krb524_convert_creds_kdc.3: document 1150178825Sdfr krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache 1151178825Sdfr 1152178825Sdfr * lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_* 1153178825Sdfr 1154178825Sdfr * lib/krb5/test_acl.c: test for generic acl code 1155178825Sdfr 1156178825Sdfr * lib/krb5/acl.c: plug memory leak on file matching, 1157178825Sdfr make it not fall over when no non matching acl, 1158178825Sdfr make fnmatch matching useful by switching arguments 1159178825Sdfr 1160233294Sstas2004-03-19 Love H��rnquist ��strand <lha@it.su.se> 1161178825Sdfr 1162178825Sdfr * kdc/config.c: add --builtin-hdb command 1163178825Sdfr 1164178825Sdfr * lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin 1165178825Sdfr backends 1166178825Sdfr 1167178825Sdfr * doc/setup.texi: include Luke Howard of PADL.COM ldap hdb 1168178825Sdfr documentation 1169178825Sdfr 1170178825Sdfr * doc/win2k.texi: fix bugs in examples, add more restrictions, use 1171178825Sdfr example.com as an example. From: Pavel Ferdan 1172178825Sdfr <xferdan@informatics.muni.cz> 1173178825Sdfr 1174178825Sdfr2004-03-18 Johan Danielsson <joda@pdc.kth.se> 1175178825Sdfr 1176178825Sdfr * lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin] 1177178825Sdfr password_lifetime; from Henry B. Hotz 1178178825Sdfr 1179233294Sstas2004-03-14 Love H��rnquist ��strand <lha@it.su.se> 1180178825Sdfr 1181178825Sdfr * lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY 1182178825Sdfr is set send subkey 1183178825Sdfr (generate if needed) 1184178825Sdfr 1185178825Sdfr * lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY 1186178825Sdfr 1187233294Sstas2004-03-14 Love H��rnquist ��strand <lha@it.su.se> 1188178825Sdfr 1189178825Sdfr * lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks, 1190178825Sdfr and free memory in error path, assume realloc(NULL, ...) works, 1191178825Sdfr factor out common code, indent 1192178825Sdfr 1193233294Sstas2004-03-12 Love H��rnquist ��strand <lha@it.su.se> 1194178825Sdfr 1195178825Sdfr * lib/krb5/verify_krb5_conf.c: understand [password_quality] 1196178825Sdfr spelling 1197178825Sdfr 1198178825Sdfr * kuser/kgetcred.1: document --canonicalize 1199178825Sdfr 1200178825Sdfr * kuser/kgetcred.c: add --canonicalize 1201178825Sdfr 1202233294Sstas2004-03-10 Love H��rnquist ��strand <lha@it.su.se> 1203178825Sdfr 1204178825Sdfr * lib/krb5/fcache.c (fcc_store_cred): NULL terminate 1205178825Sdfr krb5_config_get_bool_default' arglist 1206178825Sdfr 1207233294Sstas2004-03-09 Love H��rnquist ��strand <lha@it.su.se> 1208178825Sdfr 1209178825Sdfr * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply 1210178825Sdfr 1211178825Sdfr * kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry 1212178825Sdfr 1213178825Sdfr * kdc/pkinit.c: pass client hdb_entry to pk_check_client 1214178825Sdfr 1215178825Sdfr * kdc/kdc_locl.h: pass client hdb_entry to pk_check_client 1216178825Sdfr 1217178825Sdfr * kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its 1218178825Sdfr more like that language in RFC3280 1219178825Sdfr 1220178825Sdfr * lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since 1221178825Sdfr its more like that language in RFC3280 1222178825Sdfr 1223178825Sdfr * lib/krb5/krb5.conf.5: document 1224178825Sdfr [libdefaults]fcc-mit-ticketflags=boolean 1225178825Sdfr 1226178825Sdfr * lib/krb5/fcache.c (fcc_store_cred): use 1227178825Sdfr [libdefaults]fcc-mit-ticketflags=boolean to decide what format to 1228178825Sdfr write the fcc in. Default to mit version (aka heimdal 0.7) 1229178825Sdfr 1230178825Sdfr * lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and 1231178825Sdfr _krb5_store_creds_heimdal_pre_0_7 that store the creds in just 1232178825Sdfr that format make krb5_store_creds default to mit format 1233178825Sdfr 1234178825Sdfr * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is 1235178825Sdfr the higher bits of the bitfield 1236178825Sdfr 1237233294Sstas2004-03-08 Love H��rnquist ��strand <lha@it.su.se> 1238178825Sdfr 1239178825Sdfr * lib/krb5/store.c (krb5_store_creds): add disabled code that 1240178825Sdfr store the ticket flags in reverse order 1241178825Sdfr (bitswap32): new function 1242178825Sdfr 1243178825Sdfr * lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags 1244178825Sdfr are set, its a mit cache, reverse the bits, bug pointed out by 1245178825Sdfr Sergio Gelato <Sergio.Gelato@astro.su.se> 1246178825Sdfr 1247233294Sstas2004-03-07 Love H��rnquist ��strand <lha@it.su.se> 1248178825Sdfr 1249178825Sdfr * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP * 1250178825Sdfr 1251178825Sdfr * kuser/kinit.c: when running kinit with a subprocess, fetch new 1252178825Sdfr tickets after half the tickets lifetime 1253178825Sdfr 1254178825Sdfr * lib/hdb/hdb.c: spelling 1255178825Sdfr 1256178825Sdfr * lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba 1257178825Sdfr password database. From: Andrew Bartlett <abartlet@samba.org> 1258178825Sdfr 1259178825Sdfr * kdc/config.c: add --disable-DES 1260178825Sdfr 1261178825Sdfr * kdc/kdc.8: document --detach and --disable-DES 1262178825Sdfr 1263178825Sdfr * kdc/kerberos5.c: check if enctype is disabled before using it 1264178825Sdfr 1265178825Sdfr * lib/krb5/crypto.c: add support for disabling checksum/encryption 1266178825Sdfr types 1267178825Sdfr 1268178825Sdfr * tools/kdc-log-analyze.pl: add more cases 1269178825Sdfr 1270178825Sdfr * kdc/connect.c: on strange tcp error; log local port number and 1271178825Sdfr socket type 1272178825Sdfr 1273178825Sdfr * lib/asn1/der.h: fix prototype of encode_utf8string 1274178825Sdfr 1275178825Sdfr * lib/asn1/gen.c: catch CHOICE and generate dummy placeholder 1276178825Sdfr 1277178825Sdfr * lib/asn1/lex.l: added dummy parsing of CHOICE 1278178825Sdfr 1279178825Sdfr * lib/asn1/parse.y: added dummy parsing of CHOICE 1280178825Sdfr 1281178825Sdfr * lib/asn1/k5.asn1: drop SMTP_NAME 1282178825Sdfr 1283233294Sstas2004-03-06 Love H��rnquist ��strand <lha@it.su.se> 1284178825Sdfr 1285178825Sdfr * lib/hdb/Makefile.am: support building ldap backend as module 1286178825Sdfr sort asn1 hdb files 1287178825Sdfr 1288178825Sdfr * lib/hdb/hdb.c: when building ldap as a shared module, don't 1289178825Sdfr include it in the list 1290178825Sdfr 1291178825Sdfr * configure.in: add --enable-hdb-openldap-module 1292178825Sdfr 1293178825Sdfr * lib/hdb/hdb-ldap.c: make ldap possible to build as a shared 1294178825Sdfr module 1295178825Sdfr 1296178825Sdfr * lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew 1297178825Sdfr Bartlett <abartlet@samba.org> 1298178825Sdfr 1299178825Sdfr * lib/krb5/crypto.c (decrypt_internal_special): do not not modify 1300178825Sdfr the original data test case from Ronnie Sahlberg 1301178825Sdfr <ronnie_sahlberg@ozemail.com.au> 1302178825Sdfr 1303233294Sstas2004-03-03 Love H��rnquist ��strand <lha@it.su.se> 1304178825Sdfr 1305178825Sdfr * lib/krb5/test_cc.c: more cc tests, mostly related to mcc 1306178825Sdfr behavior 1307178825Sdfr 1308178825Sdfr * lib/krb5/mcache.c (mcc_get_principal): also check for 1309178825Sdfr primary_principal == NULL now that that isn't used as dead flag 1310178825Sdfr 1311178825Sdfr * lib/krb5/mcache.c: don't overload the primary_principal == NULL 1312178825Sdfr as dead since that doesn't always work. Based on patch from 1313178825Sdfr Jeffrey Hutzelman <jhutz@cmu.edu>, tweeked by me 1314178825Sdfr 1315233294Sstas2004-02-22 Love H��rnquist ��strand <lha@it.su.se> 1316178825Sdfr 1317178825Sdfr * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp 1318178825Sdfr 1319178825Sdfr * lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp 1320178825Sdfr 1321178825Sdfr * lib/hdb/db3.c: fix all db >= 4.1 cases 1322178825Sdfr 1323178825Sdfr * doc/setup.texi: add text about hostname to realm mapping using 1324178825Sdfr DNS 1325178825Sdfr 1326233294Sstas2004-02-20 Love H��rnquist ��strand <lha@it.su.se> 1327178825Sdfr 1328178825Sdfr * kdc/pkinit.c: update error codes 1329178825Sdfr 1330178825Sdfr * lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_ 1331178825Sdfr 1332178825Sdfr * lib/krb5/pkinit.c: update error codes 1333178825Sdfr 1334233294Sstas2004-02-19 Love H��rnquist ��strand <lha@it.su.se> 1335178825Sdfr 1336178825Sdfr * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort() 1337178825Sdfr 1338178825Sdfr * lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling 1339178825Sdfr 1340178825Sdfr * lib/krb5/store.c: handle memory allocate errors 1341178825Sdfr 1342178825Sdfr * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok, 1343178825Sdfr and don't put an error in the error strings then 1344178825Sdfr 1345233294Sstas2004-02-13 Love H��rnquist ��strand <lha@it.su.se> 1346178825Sdfr 1347178825Sdfr * kdc/pkinit.c: s/heim_big_integer/heim_integer/ 1348178825Sdfr 1349178825Sdfr * lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/ 1350178825Sdfr 1351178825Sdfr * kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors 1352178825Sdfr 1353178825Sdfr * lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT 1354178825Sdfr errors 1355178825Sdfr 1356178825Sdfr * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors 1357178825Sdfr 1358233294Sstas2004-02-12 Love H��rnquist ��strand <lha@it.su.se> 1359178825Sdfr 1360178825Sdfr * configure.in: rename AC_WFLAGS to rk_WFLAGS 1361178825Sdfr 1362178825Sdfr * acinclude.m4: use m4_define, over-quote string 1363178825Sdfr 1364233294Sstas2004-02-11 Love H��rnquist ��strand <lha@it.su.se> 1365178825Sdfr 1366178825Sdfr * lib/krb5/init_creds_pw.c (change_password): handle that 1367178825Sdfr printf("%.*s", 0, (void*)NULL); doesn't work on solaris 1368178825Sdfr 1369233294Sstas2004-02-10 Love H��rnquist ��strand <lha@it.su.se> 1370178825Sdfr 1371178825Sdfr * kpasswd/kpasswd.c (change_password): handle that printf("%.*s", 1372178825Sdfr 0, (void*)NULL); doesn't work on solaris 1373178825Sdfr 1374178825Sdfr * lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses 1375178825Sdfr some locate.updatedb, use FILES section to describe where the file 1376178825Sdfr is instead. 1377178825Sdfr 1378233294Sstas2004-02-07 Love H��rnquist ��strand <lha@it.su.se> 1379178825Sdfr 1380178825Sdfr * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned 1381178825Sdfr for certain negative integers, it got the length wrong" , from 1382178825Sdfr Panasas, Inc. 1383178825Sdfr 1384178825Sdfr * lib/asn1/der_length.c: Fix len_unsigned for certain negative 1385178825Sdfr integers, it got the length wrong, fix from Panasas, Inc. 1386178825Sdfr 1387178825Sdfr rename len_int and len_unsigned to _heim_\& 1388178825Sdfr 1389178825Sdfr * lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int 1390178825Sdfr 1391178825Sdfr2004-02-06 Dave Love <d.love@dl.ac.uk> 1392178825Sdfr 1393178825Sdfr * configure.in: Check for sys/socket.h, net/if.h. Modify term.h, 1394178825Sdfr security/pam_appl.h tests. 1395178825Sdfr 1396233294Sstas2004-02-03 Love H��rnquist ��strand <lha@it.su.se> 1397178825Sdfr 1398178825Sdfr * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add 1399178825Sdfr up the size of all the elements, don't use just the size of the 1400178825Sdfr last element. 1401178825Sdfr 1402178825Sdfr * lib/krb5/aes-test.c: add "next iv" test for aes128, check 1403178825Sdfr decryption case too 1404178825Sdfr 1405178825Sdfr * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of 1406178825Sdfr the next to last block, fix decryption case too 1407178825Sdfr 1408178825Sdfr * lib/krb5/aes-test.c: add "next iv" test for aes128 1409178825Sdfr 1410178825Sdfr * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of 1411178825Sdfr the next to last block 1412178825Sdfr 1413178825Sdfr * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode 1414178825Sdfr error 1415178825Sdfr 1416178825Sdfr * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode 1417178825Sdfr error 1418178825Sdfr 1419178825Sdfr * lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1 1420178825Sdfr encode error 1421178825Sdfr 1422178825Sdfr * lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode 1423178825Sdfr error 1424178825Sdfr 1425178825Sdfr * lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1 1426178825Sdfr encode error 1427178825Sdfr 1428178825Sdfr * lib/krb5/build_auth.c (krb5_build_authenticator): abort on 1429178825Sdfr internal asn1 encode error 1430178825Sdfr 1431178825Sdfr * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal 1432178825Sdfr asn1 encode error 1433178825Sdfr 1434233294Sstas2004-01-30 Love H��rnquist ��strand <lha@it.su.se> 1435178825Sdfr 1436178825Sdfr * doc/setup.texi: some text about order of [capaths] realms 1437178825Sdfr 1438233294Sstas2004-01-25 Love H��rnquist ��strand <lha@it.su.se> 1439178825Sdfr 1440178825Sdfr * lib/krb5/context.c: register WRFILE ops 1441178825Sdfr 1442178825Sdfr * lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE) 1443178825Sdfr 1444178825Sdfr * lib/krb5/krb5.h: add krb5_wrfkt_ops 1445178825Sdfr 1446178825Sdfr * kpasswd/kpasswdd.c (change): use the right password when 1447178825Sdfr changing the password 1448178825Sdfr 1449233294Sstas2004-01-21 Love H��rnquist ��strand <lha@it.su.se> 1450178825Sdfr 1451178825Sdfr * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it 1452178825Sdfr means that the filesystem doesn't support locking 1453178825Sdfr 1454178825Sdfr * lib/krb5/keytab.c: remove #if 0 out file locking code 1455178825Sdfr 1456233294Sstas2004-01-19 Love H��rnquist ��strand <lha@it.su.se> 1457178825Sdfr 1458178825Sdfr * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the 1459178825Sdfr size of all the elements, don't use just the size of the last 1460178825Sdfr element. 1461178825Sdfr 1462233294Sstas2004-01-13 Love H��rnquist ��strand <lha@it.su.se> 1463178825Sdfr 1464178825Sdfr * kuser/kinit.c (renew_validate): if renewable_flag and not time 1465178825Sdfr specifed, use "1 month" 1466178825Sdfr 1467233294Sstas2004-01-08 Love H��rnquist ��strand <lha@it.su.se> 1468178825Sdfr 1469178825Sdfr * lib/krb5/krb5_keyblock.3: add prototypes, describe 1470178825Sdfr krb5_keyblock_zero 1471178825Sdfr 1472233294Sstas2004-01-05 Love H��rnquist ��strand <lha@it.su.se> 1473178825Sdfr 1474178825Sdfr * lib/krb5/get_for_creds.c (add_addrs): don't add same address 1475178825Sdfr multiple times 1476178825Sdfr 1477178825Sdfr * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to 1478178825Sdfr handle errors better for previous commit 1479178825Sdfr 1480178825Sdfr * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets 1481178825Sdfr are address-less, forward address-less tickets. 1482178825Sdfr 1483178825Sdfr * lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and 1484178825Sdfr export it 1485178825Sdfr 1486