1233294Sstas2006-12-28 Love H��rnquist ��strand <lha@it.su.se> 2178825Sdfr 3178825Sdfr * kdc/process.c: Handle kx509 requests. 4178825Sdfr 5178825Sdfr * kdc/connect.c: Listen to 9878 if kca is turned on. 6178825Sdfr 7178825Sdfr * kdc/headers.h: Include <kx509_asn1.h>. 8178825Sdfr 9178825Sdfr * kdc/config.c: code to parse [kdc]enable-kx509 10178825Sdfr 11178825Sdfr * kdc/kdc.h: add enable_kx509 12178825Sdfr 13178825Sdfr * kdc/Makefile.am: add kx509.c 14178825Sdfr 15178825Sdfr * kdc/kx509.c: Kx509server (external certificate genration). 16178825Sdfr 17178825Sdfr * lib/krb5/ticket.c: add krb5_ticket_get_endtime 18178825Sdfr 19178825Sdfr * lib/krb5/krb5_ticket.3: Document krb5_ticket_get_endtime 20178825Sdfr 21178825Sdfr * kdc/digest.c: Remove <digest_asn.h>, its already included in 22178825Sdfr headers.h 23178825Sdfr 24178825Sdfr * kdc/digest.c: Return session key for the NTLMv2 case too 25178825Sdfr 26178825Sdfr * lib/krb5/digest.c (krb5_ntlm_rep_get_sessionkey): return value 27178825Sdfr is krb5_error_code 28178825Sdfr 29233294Sstas2006-12-27 Love H��rnquist ��strand <lha@it.su.se> 30178825Sdfr 31178825Sdfr * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): use md5 for 32178825Sdfr des-cbc-md4 and des-cbc-md5. This is for (older) windows that 33178825Sdfr will be unhappy anything else. From Inna Bort-Shatsky 34178825Sdfr 35233294Sstas2006-12-26 Love H��rnquist ��strand <lha@it.su.se> 36178825Sdfr 37178825Sdfr * kdc/digest.c: Prefix internal symbol with _kdc_. 38178825Sdfr 39178825Sdfr * kdc/kdc.h: add digests_allowed 40178825Sdfr 41178825Sdfr * kdc/digest.c: return NTLM2 targetinfo structure. 42178825Sdfr 43178825Sdfr * lib/krb5/digest.c: Add krb5_ntlm_init_get_targetinfo. 44178825Sdfr 45178825Sdfr * kdc/config.c: Parse digest acl's 46178825Sdfr 47178825Sdfr * kdc/kdc_locl.h: forward decl; 48178825Sdfr 49178825Sdfr * kdc/digest.c: Add digest acl's 50178825Sdfr 51233294Sstas2006-12-22 Love H��rnquist ��strand <lha@it.su.se> 52178825Sdfr 53178825Sdfr * fix-export: build ntlm-private.h 54178825Sdfr 55233294Sstas2006-12-20 Love H��rnquist ��strand <lha@it.su.se> 56178825Sdfr 57178825Sdfr * include/make_crypto.c: Include <.../hmac.h>. 58178825Sdfr 59178825Sdfr * kdc/digest.c: reorder to show slot here ntlmv2 code will be 60178825Sdfr placed. 61178825Sdfr 62178825Sdfr * kdc/digest.c: Announce that we support key exchange and add bits 63178825Sdfr to detect when it wasn't used. 64178825Sdfr 65178825Sdfr * kdc/digest.c: Add support for generating NTLM2 session security 66178825Sdfr answer. 67178825Sdfr 68233294Sstas2006-12-19 Love H��rnquist ��strand <lha@it.su.se> 69178825Sdfr 70178825Sdfr * lib/krb5/digest.c: Add sessionkey accessor functions. 71178825Sdfr 72233294Sstas2006-12-18 Love H��rnquist ��strand <lha@it.su.se> 73178825Sdfr 74178825Sdfr * kdc/digest.c: Unwrap the NTLM session key and return it to the 75178825Sdfr server. 76178825Sdfr 77233294Sstas2006-12-17 Love H��rnquist ��strand <lha@it.su.se> 78178825Sdfr 79178825Sdfr * lib/krb5/store.c (krb5_ret_principal): Fix a bug in the malloc 80178825Sdfr failure part, noticed by Arnaud Lacombe in NetBSD coverity scan. 81178825Sdfr 82233294Sstas2006-12-15 Love H��rnquist ��strand <lha@it.su.se> 83178825Sdfr 84178825Sdfr * lib/krb5/fcache.c (fcc_get_cache_next): avoid const warning. 85178825Sdfr 86178825Sdfr * kdc/digest.c: Support NTLM verification, note that the KDC does 87178825Sdfr no NTLM packet parsing, its all done by the client side, the KDC 88178825Sdfr just calculate and verify the digest and return the result to the 89178825Sdfr service. 90178825Sdfr 91178825Sdfr * kuser/kdigest.c: add ntlm-server-init 92178825Sdfr 93178825Sdfr * kuser/Makefile.am: kdigest depends on libheimntlm.la 94178825Sdfr 95178825Sdfr * kdc/headers.h: Include <heimntlm.h>. 96178825Sdfr 97178825Sdfr * kdc/Makefile.am: libkdc needs libheimntlm.la 98178825Sdfr 99178825Sdfr * autogen.sh: just run autoreconf -i -f 100178825Sdfr 101178825Sdfr * lib/Makefile.am: hook in ntlm 102178825Sdfr 103178825Sdfr * configure.in (AC_CONFIG_FILES): add lib/ntlm/Makefile 104178825Sdfr 105178825Sdfr * lib/krb5/digest.c: API to authenticate ntlm requests. 106178825Sdfr 107178825Sdfr * lib/krb5/fcache.c: Support "iteration" of file credential caches 108178825Sdfr by giving the user back the default file credential cache and only 109178825Sdfr that. 110178825Sdfr 111178825Sdfr * lib/krb5/krb5_locl.h: Expand the default root for some of the cc 112178825Sdfr type names. 113178825Sdfr 114233294Sstas2006-12-14 Love H��rnquist ��strand <lha@it.su.se> 115178825Sdfr 116178825Sdfr * lib/krb5/init_creds_pw.c (free_paid): free the krb5_data 117178825Sdfr structure too. Bug report from Stefan Metzmacher. 118178825Sdfr 119233294Sstas2006-12-12 Love H��rnquist ��strand <lha@it.su.se> 120178825Sdfr 121178825Sdfr * kuser/kinit.c: Read the appdefault configration before we try to 122178825Sdfr use the flags. Bug reported by Ingemar Nilsson. 123178825Sdfr 124178825Sdfr * kuser/kdigest.c: prefix digest commands with digest_ 125178825Sdfr 126178825Sdfr * kuser/kdigest-commands.in: prefix digest commands with digest- 127178825Sdfr 128233294Sstas2006-12-10 Love H��rnquist ��strand <lha@it.su.se> 129178825Sdfr 130178825Sdfr * kdc/hprop.c: Return error codes on failure, improve error 131178825Sdfr reporting. 132178825Sdfr 133233294Sstas2006-12-08 Love H��rnquist ��strand <lha@it.su.se> 134178825Sdfr 135178825Sdfr * lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error 136178825Sdfr 137178825Sdfr * lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error 138178825Sdfr strings 139178825Sdfr 140233294Sstas2006-12-07 Love H��rnquist ��strand <lha@it.su.se> 141178825Sdfr 142178825Sdfr * include/Makefile.am: CLEANFILES += vis.h 143178825Sdfr 144233294Sstas2006-12-06 Love H��rnquist ��strand <lha@it.su.se> 145178825Sdfr 146178825Sdfr * kdc/kerberos5.c (_kdc_as_rep): add AD-INITAL-VERIFIED-CAS to the 147178825Sdfr encrypted ticket 148178825Sdfr 149178825Sdfr * kdc/pkinit.c (_kdc_add_inital_verified_cas): new function, adds 150178825Sdfr an empty (for now) AD_INITIAL_VERIFIED_CAS to tell the clients 151178825Sdfr that we vouches for the CA. 152178825Sdfr 153178825Sdfr * kdc/kerberos5.c (_kdc_tkt_add_if_relevant_ad): new function. 154178825Sdfr 155178825Sdfr * lib/Makefile.am: Make the directories test automake conditional 156178825Sdfr so automake can include directories in make dist step. 157178825Sdfr 158178825Sdfr * kdc/pkinit.c (_kdc_pk_rd_padata): leak less memory for 159178825Sdfr ExternalPrincipalIdentifiers 160178825Sdfr 161178825Sdfr * kdc/pkinit.c: Parse and use PA-PK-AS-REQ.trustedCertifiers 162178825Sdfr 163178825Sdfr * kdc/pkinit.c: Add comment that the anchors in the signed data 164178825Sdfr really should be the trust anchors of the client. 165178825Sdfr 166178825Sdfr * kuser/generate-requests.c: Use strcspn to remove \n from 167233294Sstas string returned by fgets. From Bj��rn Sandell 168178825Sdfr 169178825Sdfr * kpasswd/kpasswd-generator.c: Use strcspn to remove \n from 170233294Sstas string returned by fgets. From Bj��rn Sandell 171178825Sdfr 172233294Sstas2006-12-05 Love H��rnquist ��strand <lha@it.su.se> 173178825Sdfr 174178825Sdfr * lib/hdb/hdb-ldap.c: Clear errno before calling the strtol 175233294Sstas functions. From Paul Stoeber to OpenBSD by Ray Lai and Bj��rn 176178825Sdfr Sandell. 177178825Sdfr 178178825Sdfr * lib/krb5/config_file.c: Use strcspn to remove \n from fgets 179233294Sstas result. Prompted by change by Ray Lai of OpenBSD via Bj��rn 180178825Sdfr Sandell. 181178825Sdfr 182178825Sdfr * kdc/string2key.c: Use strcspn to remove \n from fgets 183233294Sstas result. Prompted by change by Ray Lai of OpenBSD via Bj��rn 184178825Sdfr Sandell. 185178825Sdfr 186233294Sstas2006-11-30 Love H��rnquist ��strand <lha@it.su.se> 187178825Sdfr 188178825Sdfr * lib/krb5/krbhst.c (plugin_get_hosts): be more paranoid and pass 189178825Sdfr in a NULLed plugin list 190178825Sdfr 191233294Sstas2006-11-29 Love H��rnquist ��strand <lha@it.su.se> 192178825Sdfr 193178825Sdfr * lib/krb5/verify_krb5_conf.c: add more pkinit options. 194178825Sdfr 195178825Sdfr * lib/krb5/pkinit.c: Store what PK-INIT type we used to know reply 196178825Sdfr to expect, this avoids overwriting the real PK-INIT error from 197178825Sdfr just a failed requeat with a Windows PK-INIT error (that always 198178825Sdfr failes). 199178825Sdfr 200178825Sdfr * kdc/Makefile.am: Add LIB_pkinit to pacify AIX 201178825Sdfr 202178825Sdfr * lib/hdb/Makefile.am: Add LIB_com_err to pacify AIX 203178825Sdfr 204233294Sstas2006-11-28 Love H��rnquist ��strand <lha@it.su.se> 205178825Sdfr 206178825Sdfr * lib/hdb/hdb-ldap.c: Make build again from the hdb_entry 207178825Sdfr wrapping. Patch from Andreas Hasenack. 208178825Sdfr 209178825Sdfr * kdc/pkinit.c: Need better code in the DH parameter rejection 210178825Sdfr case, add comment to that effect. 211178825Sdfr 212233294Sstas2006-11-27 Love H��rnquist ��strand <lha@it.su.se> 213178825Sdfr 214178825Sdfr * kdc/krb5tgs.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large 215178825Sdfr packets when using datagram based transports. 216178825Sdfr 217178825Sdfr * kdc/process.c: Pass down datagram_reply to _kdc_tgs_rep. 218178825Sdfr 219178825Sdfr * lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes. 220178825Sdfr 221233294Sstas2006-11-26 Love H��rnquist ��strand <lha@it.su.se> 222178825Sdfr 223178825Sdfr * lib/krb5/pkinit.c: Pass down hx509_peer_info. 224178825Sdfr 225178825Sdfr * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and 226178825Sdfr pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. 227178825Sdfr 228178825Sdfr * kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and 229178825Sdfr pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. 230178825Sdfr 231233294Sstas2006-11-24 Love H��rnquist ��strand <lha@it.su.se> 232178825Sdfr 233178825Sdfr * lib/krb5/send_to_kdc.c: Set the large_msg_size to 1400, lets not 234178825Sdfr fragment packets and avoid stupid linklayers that doesn't allow 235178825Sdfr fragmented packets (unix dgram sockets on Mac OS X) 236178825Sdfr 237233294Sstas2006-11-23 Love H��rnquist ��strand <lha@it.su.se> 238178825Sdfr 239178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users 240178825Sdfr certs in the pool to make sure a path is returned, without this 241178825Sdfr proxy certificates wont work. 242178825Sdfr 243233294Sstas2006-11-21 Love H��rnquist ��strand <lha@it.su.se> 244178825Sdfr 245178825Sdfr * kdc/config.c: Make all pkinit options prefixed with pkinit_ 246178825Sdfr 247178825Sdfr * lib/krb5/log.c (krb5_get_warn_dest): return warn_dest from 248178825Sdfr krb5_context 249178825Sdfr 250178825Sdfr * lib/krb5/krb5_warn.3: document krb5_[gs]et_warn_dest 251178825Sdfr 252178825Sdfr * lib/krb5/krb5.h: Drop KRB5_KU_TGS_IMPERSONATE. 253178825Sdfr 254178825Sdfr * kdc/krb5tgs.c: Use KRB5_KU_OTHER_CKSUM for the impersonate 255178825Sdfr checksum. 256178825Sdfr 257178825Sdfr * lib/krb5/get_cred.c: Use KRB5_KU_OTHER_CKSUM for the impersonate 258178825Sdfr checksum. 259178825Sdfr 260233294Sstas2006-11-20 Love H��rnquist ��strand <lha@it.su.se> 261178825Sdfr 262178825Sdfr * lib/krb5/verify_user.c: Make krb5_get_init_creds_opt_free take a 263178825Sdfr context argument. 264178825Sdfr 265178825Sdfr * lib/krb5/krb5_get_init_creds.3: Make 266178825Sdfr krb5_get_init_creds_opt_free take a context argument. 267178825Sdfr 268178825Sdfr * lib/krb5/init_creds_pw.c: Make krb5_get_init_creds_opt_free take 269178825Sdfr a context argument. 270178825Sdfr 271178825Sdfr * kuser/kinit.c: Make krb5_get_init_creds_opt_free take a context 272178825Sdfr argument. 273178825Sdfr 274178825Sdfr * kpasswd/kpasswd.c: Make krb5_get_init_creds_opt_free take a 275178825Sdfr context argument. 276178825Sdfr 277178825Sdfr * kpasswd/kpasswd-generator.c: Make krb5_get_init_creds_opt_free 278178825Sdfr take a context argument. 279178825Sdfr 280178825Sdfr * kdc/hprop.c: Make krb5_get_init_creds_opt_free take a context 281178825Sdfr argument. 282178825Sdfr 283178825Sdfr * lib/krb5/init_creds.c: Make krb5_get_init_creds_opt_free take a 284178825Sdfr context argument. 285178825Sdfr 286178825Sdfr * appl/gssmask/gssmask.c: Make krb5_get_init_creds_opt_free take a 287178825Sdfr context argument. 288178825Sdfr 289233294Sstas2006-11-19 Love H��rnquist ��strand <lha@it.su.se> 290178825Sdfr 291178825Sdfr * doc/setup.texi: fix pkinit option (s/-/_/) 292178825Sdfr 293178825Sdfr * kdc/config.c: revert the enable-pkinit change, and make it 294178825Sdfr consistant with all other other enable- options 295178825Sdfr 296233294Sstas2006-11-17 Love H��rnquist ��strand <lha@it.su.se> 297178825Sdfr 298178825Sdfr * doc/setup.texi: Make all pkinit options prefixed with pkinit_ 299178825Sdfr 300178825Sdfr * kdc/config.c: Make all pkinit options prefixed with pkinit_ 301178825Sdfr 302178825Sdfr * kdc/pkinit.c: Make app pkinit options prefixed with pkinit_ 303178825Sdfr 304178825Sdfr * lib/krb5/pkinit.c: Make app pkinit options prefixed with pkinit_ 305178825Sdfr 306178825Sdfr * lib/krb5/mit_glue.c (krb5_c_keylengths): make compile again. 307178825Sdfr 308178825Sdfr * lib/krb5/mit_glue.c (krb5_c_keylengths): rename. 309178825Sdfr 310178825Sdfr * lib/krb5/mit_glue.c (krb5_c_keylength): mit changed the api, 311178825Sdfr deal. 312178825Sdfr 313233294Sstas2006-11-13 Love H��rnquist ��strand <lha@it.su.se> 314178825Sdfr 315178825Sdfr * lib/krb5/pac.c (fill_zeros): stop using MIN. 316178825Sdfr 317178825Sdfr * kuser/kinit.c: Forward decl 318178825Sdfr 319178825Sdfr * lib/krb5/test_plugin.c: Use NOTHERE.H5L.SE. 320178825Sdfr 321178825Sdfr * lib/krb5/krbhst.c: Fill in hints for picky getaddrinfo()s. 322178825Sdfr 323178825Sdfr * lib/krb5/test_plugin.c: Set sin_len if it exists. 324178825Sdfr 325178825Sdfr * lib/krb5/krbhst.c: Use plugin for the other realm locate types 326178825Sdfr too. 327178825Sdfr 328233294Sstas2006-11-12 Love H��rnquist ��strand <lha@it.su.se> 329178825Sdfr 330178825Sdfr * lib/krb5/krb5_locl.h: Add plugin api 331178825Sdfr 332178825Sdfr * lib/krb5/Makefile.am: Add plugin api. 333178825Sdfr 334178825Sdfr * lib/krb5/krbhst.c: Use the resolve plugin interface. 335178825Sdfr 336178825Sdfr * lib/krb5/locate_plugin.h: Add plugin interface for resolving 337178825Sdfr that is API compatible with MITs version. 338178825Sdfr 339178825Sdfr * lib/krb5/plugin.c: Add first version of the plugin interface. 340178825Sdfr 341178825Sdfr * lib/krb5/test_pac.c: Test signing. 342178825Sdfr 343178825Sdfr * lib/krb5/pac.c: Add code to sign PACs, only arcfour for now. 344178825Sdfr 345178825Sdfr * lib/krb5/krb5.h: Add struct krb5_pac. 346178825Sdfr 347233294Sstas2006-11-09 Love H��rnquist ��strand <lha@it.su.se> 348178825Sdfr 349178825Sdfr * lib/krb5/test_pac.c: PAC testing. 350178825Sdfr 351178825Sdfr * lib/krb5/pac.c: Sprinkle error strings. 352178825Sdfr 353178825Sdfr * lib/krb5/pac.c: Verify LOGON_NAME. 354178825Sdfr 355178825Sdfr * kdc/pkinit.c (_kdc_pk_check_client): drop client_princ as an 356178825Sdfr argument 357178825Sdfr 358178825Sdfr * kdc/kerberos5.c (_kdc_as_rep): drop client_princ from 359178825Sdfr _kdc_pk_check_client since its not valid in canonicalize case 360178825Sdfr 361178825Sdfr * lib/krb5/krb5_c_make_checksum.3: Document krb5_c_keylength. 362178825Sdfr 363178825Sdfr * lib/krb5/mit_glue.c: Add krb5_c_keylength. 364178825Sdfr 365233294Sstas2006-11-08 Love H��rnquist ��strand <lha@it.su.se> 366178825Sdfr 367178825Sdfr * lib/krb5/pac.c: Almost enough code to do PAC parsing and 368178825Sdfr verification, missing in the unix2NTTIME and ucs2 corner. The 369178825Sdfr later will be adressed by finally adding libwind. 370178825Sdfr 371178825Sdfr * lib/krb5/krb5_init_context.3: document krb5_[gs]et_max_time_skew 372178825Sdfr 373178825Sdfr * kdc/hpropd.c: Remove support dumping to a kerberos 4 database. 374178825Sdfr 375233294Sstas2006-11-07 Love H��rnquist ��strand <lha@it.su.se> 376178825Sdfr 377178825Sdfr * lib/krb5/context.c: rename krb5_[gs]et_time_wrap to 378178825Sdfr krb5_[gs]et_max_time_skew 379178825Sdfr 380178825Sdfr * kdc/pkinit.c: Catch error string from hx509_cms_verify_signed. 381178825Sdfr Check for id-pKKdcEkuOID and warn if its not there. 382178825Sdfr 383178825Sdfr * lib/krb5/rd_req.c: Add more krb5_rd_req_out_get functions. 384178825Sdfr 385233294Sstas2006-11-06 Love H��rnquist ��strand <lha@it.su.se> 386178825Sdfr 387178825Sdfr * lib/krb5/krb5.h: krb5_rd_req{,_in,_out}_ctx. 388178825Sdfr 389178825Sdfr * lib/krb5/rd_req.c (krb5_rd_req_ctx): Add context all singing-all 390178825Sdfr dancing version of the krb5_rd_req and implement krb5_rd_req and 391178825Sdfr krb5_rd_req_with_keyblock using it. 392178825Sdfr 393233294Sstas2006-11-04 Love H��rnquist ��strand <lha@it.su.se> 394178825Sdfr 395178825Sdfr * kdc/kerberos5.c (_kdc_as_rep): More verbose time skew logging. 396178825Sdfr 397233294Sstas2006-11-03 Love H��rnquist ��strand <lha@it.su.se> 398178825Sdfr 399178825Sdfr * lib/krb5/expand_hostname.c: Rename various routines and 400178825Sdfr constants from canonize to canonicalize. From Andrew Bartlett 401178825Sdfr 402178825Sdfr * lib/krb5/context.c: Add krb5_[gs]et_time_wrap 403178825Sdfr 404178825Sdfr * lib/krb5/krb5_locl.h: Rename various routines and constants from 405178825Sdfr canonize to canonicalize. From Andrew Bartlett 406178825Sdfr 407178825Sdfr * appl/gssmask/common.c (add_list): fix alloc statement. 408178825Sdfr From Alex Deiter 409178825Sdfr 410233294Sstas2006-10-25 Love H��rnquist ��strand <lha@it.su.se> 411178825Sdfr 412178825Sdfr * include/Makefile.am: Move version.h and version.h.in to 413178825Sdfr DISTCLEANFILES. 414178825Sdfr 415233294Sstas2006-10-24 Love H��rnquist ��strand <lha@it.su.se> 416178825Sdfr 417178825Sdfr * appl/gssmask/gssmask.c: Only log when there are resources left. 418178825Sdfr 419178825Sdfr * appl/gssmask/gssmask.c: make compile 420178825Sdfr 421178825Sdfr * appl/gssmask/gssmask.c (AcquireCreds): free 422178825Sdfr krb5_get_init_creds_opt 423178825Sdfr 424233294Sstas2006-10-23 Love H��rnquist ��strand <lha@it.su.se> 425178825Sdfr 426178825Sdfr * configure.in: heimdal 0.8-RC1 427178825Sdfr 428233294Sstas2006-10-22 Love H��rnquist ��strand <lha@it.su.se> 429178825Sdfr 430178825Sdfr * lib/krb5/digest.c: Try to not leak memory. 431178825Sdfr 432178825Sdfr * kdc/digest.c: Try to not leak memory. 433178825Sdfr 434178825Sdfr * Makefile.am: remove valgrind target, it doesn't belong here. 435178825Sdfr 436178825Sdfr * kuser/kinit.c: Try to not leak memory. 437178825Sdfr 438178825Sdfr * kuser/kgetcred.c: Try to not leak memory. 439178825Sdfr 440178825Sdfr * kdc/krb5tgs.c (check_KRB5SignedPath): free KRB5SignedPath on 441178825Sdfr successful completion too, not just the error cases. 442178825Sdfr 443178825Sdfr * fix-export: Make make fix-export less verbose. 444178825Sdfr 445178825Sdfr * kuser/kgetcred.c: Try to not leak memory. 446178825Sdfr 447178825Sdfr * lib/hdb/keys.c (hdb_generate_key_set): free list of enctype when 448178825Sdfr done. 449178825Sdfr 450178825Sdfr * lib/krb5/crypto.c: Allocate the memory we later use. 451178825Sdfr 452178825Sdfr * lib/krb5/test_princ.c: Try to not leak memory. 453178825Sdfr 454178825Sdfr * lib/krb5/test_crypto_wrapping.c: Try to not leak memory. 455178825Sdfr 456178825Sdfr * lib/krb5/test_cc.c: Try to not leak memory. 457178825Sdfr 458178825Sdfr * lib/krb5/addr_families.c (arange_free): Try to not leak memory. 459178825Sdfr 460178825Sdfr * lib/krb5/crypto.c (AES_string_to_key): Try to not leak memory. 461178825Sdfr 462233294Sstas2006-10-21 Love H��rnquist ��strand <lha@it.su.se> 463178825Sdfr 464178825Sdfr * tools/heimdal-build.sh: Add --test-environment 465178825Sdfr 466178825Sdfr * tools/heimdal-build.sh: Add --ccache-dir 467178825Sdfr 468178825Sdfr * lib/hdb/Makefile.am: remove dependency on et files covert_db 469178825Sdfr that now is removed 470178825Sdfr 471233294Sstas2006-10-20 Love H��rnquist ��strand <lha@it.su.se> 472178825Sdfr 473178825Sdfr * include/Makefile.am: add gssapi to subdirs 474178825Sdfr 475178825Sdfr * lib/hdb/hdb-ldap.c: Make compile. 476178825Sdfr 477178825Sdfr * configure.in: add include/gssapi/Makefile. 478178825Sdfr 479178825Sdfr * include/Makefile.am: clean more files 480178825Sdfr 481178825Sdfr * include/make_crypto.c: Avoid creating a file called --version. 482178825Sdfr 483178825Sdfr * include/bits.c: Avoid creating a file called --version. 484178825Sdfr 485178825Sdfr * appl/test/Makefile.am: add nt_gss_common.h 486178825Sdfr 487178825Sdfr * doc/Makefile.am: Disable TEXI2DVI for now. 488178825Sdfr 489178825Sdfr * tools/Makefile.am: more files 490178825Sdfr 491178825Sdfr * lib/krb5/context.c (krb5_free_context): free send_to_kdc context 492178825Sdfr 493178825Sdfr * doc/heimdal.texi: Put Heimdal in the dircategory Security. 494178825Sdfr 495178825Sdfr * lib/krb5/send_to_kdc.c: Add sent_to_kdc hook, from Andrew 496178825Sdfr Bartlet. 497178825Sdfr 498178825Sdfr * lib/krb5/krb5_locl.h: Add send_to_kdc hook. 499178825Sdfr 500178825Sdfr * lib/krb5/krb5.h: Add krb5_send_to_kdc_func prototype. 501178825Sdfr 502178825Sdfr * kcm/Makefile.am: more files 503178825Sdfr 504178825Sdfr * kdc/Makefile.am: more files 505178825Sdfr 506178825Sdfr * lib/hdb/Makefile.am: more files 507178825Sdfr 508178825Sdfr * lib/krb5/Makefile.am: add more files 509178825Sdfr 510233294Sstas2006-10-19 Love H��rnquist ��strand <lha@it.su.se> 511178825Sdfr 512178825Sdfr * tools/Makefile.am: Add heimdal-build.sh to EXTRA_DIST. 513178825Sdfr 514178825Sdfr * configure.in: Don't check for timegm, libroken provides it for 515178825Sdfr us. 516178825Sdfr 517178825Sdfr * lib/krb5/acache.c: Does function typecasts instead of void * 518178825Sdfr type-casts. 519178825Sdfr 520178825Sdfr * lib/krb5/krb5.h: Remove bonus , that Love sneeked in. 521178825Sdfr 522178825Sdfr * configure.in: make --disable-pk-init help text also negative 523178825Sdfr 524233294Sstas2006-10-18 Love H��rnquist ��strand <lha@it.su.se> 525178825Sdfr 526178825Sdfr * kuser/kgetcred.c: Avoid memory leak. 527178825Sdfr 528178825Sdfr * tools/heimdal-build.sh: Add more verbose logging, add version of 529178825Sdfr script and heimdal to the mail. 530178825Sdfr 531178825Sdfr * lib/hdb/db3.c: Wrap function call pointer calls in (*func) to 532178825Sdfr avoid macros rewriting open and close. 533178825Sdfr 534178825Sdfr * lib/krb5/Makefile.am: Add test_princ. 535178825Sdfr 536178825Sdfr * lib/krb5/principal.c: More error strings, handle realm-less 537178825Sdfr printing. 538178825Sdfr 539178825Sdfr * lib/krb5/test_princ.c: Test principal parsing and unparsing. 540178825Sdfr 541233294Sstas2006-10-17 Love H��rnquist ��strand <lha@it.su.se> 542178825Sdfr 543178825Sdfr * lib/krb5/get_host_realm.c (krb5_get_host_realm): make sure we 544178825Sdfr don't recurse 545178825Sdfr 546178825Sdfr * lib/krb5/get_host_realm.c (krb5_get_host_realm): no components 547178825Sdfr -> no dns. no mapping, try local realm and hope KDC knows better. 548178825Sdfr 549178825Sdfr * lib/krb5/krb5.h: Add flags for krb5_unparse_name_flags 550178825Sdfr 551178825Sdfr * lib/krb5/krb5_principal.3: Document 552178825Sdfr krb5_unparse_name{_fixed,}_flags. 553178825Sdfr 554178825Sdfr * lib/krb5/principal.c: Add krb5_unparse_name_flags and 555178825Sdfr krb5_unparse_name_fixed_flags. 556178825Sdfr 557178825Sdfr * lib/krb5/krb5_principal.3: Document krb5_parse_name_flags. 558178825Sdfr 559178825Sdfr * lib/krb5/principal.c: Add krb5_parse_name_flags. 560178825Sdfr 561178825Sdfr * lib/krb5/principal.c: Add krb5_parse_name_flags. 562178825Sdfr 563178825Sdfr * lib/krb5/krb5.h: Add krb5_parse_name_flags flags. 564178825Sdfr 565178825Sdfr * lib/krb5/krb5_locl.h: Hide krb5_context_data from public 566178825Sdfr exposure. 567178825Sdfr 568178825Sdfr * lib/krb5/krb5.h: Hide krb5_context_data from public exposure. 569178825Sdfr 570178825Sdfr * kuser/klist.c: Use krb5_get_kdc_sec_offset. 571178825Sdfr 572178825Sdfr * lib/krb5/context.c: Document krb5_get_kdc_sec_offset() 573178825Sdfr 574178825Sdfr * lib/krb5/krb5_init_context.3: Add krb5_get_kdc_sec_offset() 575178825Sdfr 576178825Sdfr * lib/krb5/krb5_init_context.3: Add krb5_set_dns_canonize_hostname 577178825Sdfr and krb5_get_dns_canonize_hostname 578178825Sdfr 579178825Sdfr * lib/krb5/verify_krb5_conf.c: 580178825Sdfr add [libdefaults]dns_canonize_hostname 581178825Sdfr 582178825Sdfr * lib/krb5/expand_hostname.c: use dns_canonize_hostname to 583178825Sdfr determin if we should talk to dns to find the canonical name of 584178825Sdfr the host. 585178825Sdfr 586178825Sdfr * lib/krb5/krb5.h (krb5_context): add dns_canonize_hostname. 587178825Sdfr 588178825Sdfr * tools/heimdal-build.sh: Set status. 589178825Sdfr 590178825Sdfr * appl/gssmask/gssmask.c: handle more bits 591178825Sdfr 592178825Sdfr * kdc/kerberos5.c: Prefix asn1 primitives with der_. 593178825Sdfr 594233294Sstas2006-10-16 Love H��rnquist ��strand <lha@it.su.se> 595178825Sdfr 596178825Sdfr * fix-export: Build lib/asn1/der-protos.h. 597178825Sdfr 598233294Sstas2006-10-14 Love H��rnquist ��strand <lha@it.su.se> 599178825Sdfr 600178825Sdfr * appl/gssmask/Makefile.am: Add explit depenency on libroken. 601178825Sdfr 602178825Sdfr * kdc/krb5tgs.c: Prefix der primitives with der_. 603178825Sdfr 604178825Sdfr * kdc/pkinit.c: Prefix der primitives with der_. 605178825Sdfr 606178825Sdfr * lib/hdb/ext.c: Prefix der primitives with der_. 607178825Sdfr 608178825Sdfr * lib/hdb/ext.c: Prefix der primitives with der_. 609178825Sdfr 610178825Sdfr * lib/krb5/crypto.c: Remove workaround from when there wasn't 611178825Sdfr always aes. 612178825Sdfr 613178825Sdfr * lib/krb5/ticket.c: Prefix der primitives with der_. 614178825Sdfr 615178825Sdfr * lib/krb5/digest.c: Prefix der primitives with der_. 616178825Sdfr 617178825Sdfr * lib/krb5/crypto.c: Prefix der primitives with der_. 618178825Sdfr 619178825Sdfr * lib/krb5/data.c: Prefix der primitives with der_. 620178825Sdfr 621233294Sstas2006-10-12 Love H��rnquist ��strand <lha@it.su.se> 622178825Sdfr 623178825Sdfr * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break. From 624178825Sdfr Olga Kornievskaia. 625178825Sdfr 626178825Sdfr * kdc/kdc.8: document max-kdc-datagram-reply-length 627178825Sdfr 628178825Sdfr * include/bits.c: Include Xint64 types. 629178825Sdfr 630233294Sstas2006-10-10 Love H��rnquist ��strand <lha@it.su.se> 631178825Sdfr 632178825Sdfr * tools/heimdal-build.sh: Add socketwrapper and cputime limit. 633178825Sdfr 634178825Sdfr * kdc/connect.c (loop): Log that the kdc have started. 635178825Sdfr 636233294Sstas2006-10-09 Love H��rnquist ��strand <lha@it.su.se> 637178825Sdfr 638178825Sdfr * kdc/connect.c (do_request): tell krb5_kdc_process_request if its 639178825Sdfr a datagram reply or not 640178825Sdfr 641178825Sdfr * kdc/kerberos5.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG error if its 642178825Sdfr a datagram reply and the datagram reply length limit is reached. 643178825Sdfr 644178825Sdfr * kdc/process.c: Rename krb5_kdc_process_generic_request to 645178825Sdfr krb5_kdc_process_request Add datagram_reply argument. 646178825Sdfr 647178825Sdfr * kdc/config.c: check for [kdc]max-kdc-datagram-reply-length 648178825Sdfr 649178825Sdfr * kdc/kdc.h (krb5_kdc_config): Add max_datagram_reply_length. 650178825Sdfr 651178825Sdfr * lib/hdb/keytab.c: Change || to |, From metze. 652178825Sdfr 653178825Sdfr * lib/hdb/keytab.c: Add back :file to sample format. 654178825Sdfr 655178825Sdfr * lib/hdb/keytab.c: Add more HDB_F flags to hdb_fetch. Pointed out 656178825Sdfr by Andrew Bartlet. 657178825Sdfr 658178825Sdfr * kdc/krb5tgs.c (tgs_parse_request): set cusec, not csec from 659178825Sdfr auth->cusec. 660178825Sdfr 661233294Sstas2006-10-08 Love H��rnquist ��strand <lha@it.su.se> 662178825Sdfr 663178825Sdfr * fix-export: dist_-ify libkadm5clnt_la_SOURCES too 664178825Sdfr 665178825Sdfr * doc/heimdal.texi: Update (c) years. 666178825Sdfr 667178825Sdfr * appl/gssmask/protocol.h: Clarify protocol. 668178825Sdfr 669178825Sdfr * kdc/hpropd.c: Adapt to signature change of 670178825Sdfr _krb5_principalname2krb5_principal. 671178825Sdfr 672178825Sdfr * kdc/kerberos4.c: Adapt to signature change of 673178825Sdfr _krb5_principalname2krb5_principal. 674178825Sdfr 675178825Sdfr * kdc/connect.c (handle_vanilla_tcp): shorten length when we 676178825Sdfr shorten the buffer, this matter im the PK-INIT encKey case where a 677178825Sdfr checksum is done over the whole packet. Reported by Olga 678178825Sdfr Kornievskaia 679178825Sdfr 680233294Sstas2006-10-07 Love H��rnquist ��strand <lha@it.su.se> 681178825Sdfr 682178825Sdfr * include/Makefile.am: crypto-headers.h is a nodist header 683178825Sdfr 684178825Sdfr * lib/krb5/aes-test.c: Make argument to PKCS5_PBKDF2_HMAC_SHA1 685178825Sdfr unsigned char to make OpenSSL happy. 686178825Sdfr 687178825Sdfr * appl/kf/Makefile.am: Add man_MANS to EXTRA_DIST 688178825Sdfr 689178825Sdfr * kuser/Makefile.am: split build files into dist_ and noinst_ 690178825Sdfr SOURCES 691178825Sdfr 692178825Sdfr * lib/hdb/Makefile.am: split build files into dist_ and noinst_ 693178825Sdfr SOURCES 694178825Sdfr 695178825Sdfr * lib/krb5/Makefile.am: split build files into dist_ and noinst_ 696178825Sdfr SOURCES 697178825Sdfr 698178825Sdfr * kdc/kerberos5.c: Adapt to signature change of 699178825Sdfr _krb5_principalname2krb5_principal. 700178825Sdfr 701233294Sstas2006-10-06 Love H��rnquist ��strand <lha@it.su.se> 702178825Sdfr 703178825Sdfr * lib/krb5/krbhst.c (common_init): don't try DNS when there is 704178825Sdfr realm w/o a dot. 705178825Sdfr 706178825Sdfr * kdc/524.c: Adapt to signature change of 707178825Sdfr _krb5_principalname2krb5_principal. 708178825Sdfr 709178825Sdfr * kdc/krb5tgs.c: Adapt to signature change of 710178825Sdfr _krb5_principalname2krb5_principal. 711178825Sdfr 712178825Sdfr * lib/krb5/get_in_tkt.c: Adapt to signature change of 713178825Sdfr _krb5_principalname2krb5_principal. 714178825Sdfr 715178825Sdfr * lib/krb5/rd_cred.c: Adapt to signature change of 716178825Sdfr _krb5_principalname2krb5_principal. 717178825Sdfr 718178825Sdfr * lib/krb5/rd_req.c: Adapt to signature change of 719178825Sdfr _krb5_principalname2krb5_principal. 720178825Sdfr 721178825Sdfr * lib/krb5/asn1_glue.c (_krb5_principalname2krb5_principal): add 722178825Sdfr krb5_context to signature. 723178825Sdfr 724178825Sdfr * kdc/524.c (_krb5_principalname2krb5_principal): adapt to 725178825Sdfr signature change 726178825Sdfr 727178825Sdfr * lib/hdb/keytab.c (hdb_get_entry): close and destroy the database 728178825Sdfr later, the hdb_entry_ex might still contain links to the database 729178825Sdfr that it expects to use. 730178825Sdfr 731178825Sdfr * kdc/digest.c: Make digest argument o MD5_final unsigned char to 732178825Sdfr help OpenSSL. 733178825Sdfr 734178825Sdfr * kuser/kdigest.c: Make digest argument o MD5_final unsigned char 735178825Sdfr to help OpenSSL. 736178825Sdfr 737178825Sdfr * appl/gssmask/common.h: Maybe include <sys/wait.h>. 738178825Sdfr 739233294Sstas2006-10-05 Love H��rnquist ��strand <lha@it.su.se> 740178825Sdfr 741178825Sdfr * appl/gssmask/common.h: disable ENABLE_PTHREAD_SUPPORT and 742178825Sdfr explain why 743178825Sdfr 744178825Sdfr * tools/heimdal-build.sh: Another mail header. 745178825Sdfr 746178825Sdfr * tools/heimdal-build.sh: small fixes 747178825Sdfr 748178825Sdfr * fix-export: More liberal parsing of AC_INIT 749178825Sdfr 750178825Sdfr * tools/heimdal-build.sh: first cut 751178825Sdfr 752233294Sstas2006-10-04 Love H��rnquist ��strand <lha@it.su.se> 753178825Sdfr 754178825Sdfr * configure.in: Call AB_INIT. 755178825Sdfr 756178825Sdfr * kuser/kinit.c: Add flag --pk-use-enckey. 757178825Sdfr 758178825Sdfr * kdc/pkinit.c: Sign the request in the encKey case. Bug reported 759178825Sdfr by Olga Kornievskaia of Umich. 760178825Sdfr 761178825Sdfr * lib/krb5/Makefile.am: man_MANS += krb5_digest.3 762178825Sdfr 763178825Sdfr * lib/krb5/krb5_digest.3: Add all protos 764178825Sdfr 765233294Sstas2006-10-03 Love H��rnquist ��strand <lha@it.su.se> 766178825Sdfr 767178825Sdfr * lib/krb5/krb5_digest.3: Basic krb5_digest manpage. 768178825Sdfr 769233294Sstas2006-10-02 Love H��rnquist ��strand <lha@it.su.se> 770178825Sdfr 771178825Sdfr * fix-export: build gssapi mech private files 772178825Sdfr 773178825Sdfr * lib/krb5/init_creds_pw.c: minimize layering and remove 774178825Sdfr krb5_kdc_flags 775178825Sdfr 776178825Sdfr * lib/krb5/get_in_tkt.c: Always use the kdc_flags in the right bit 777178825Sdfr order. 778178825Sdfr 779178825Sdfr * lib/krb5/init_creds_pw.c: Always use the kdc_flags in the right 780178825Sdfr bit order. 781178825Sdfr 782178825Sdfr * kuser/kdigest.c: Don't require --kerberos-realm. 783178825Sdfr 784178825Sdfr * lib/krb5/digest.c (digest_request): if NULL is passed in as 785178825Sdfr realm, use default realm. 786178825Sdfr 787178825Sdfr * fix-export: build gssapi mech private files 788178825Sdfr 789233294Sstas2006-09-26 Love H��rnquist ��strand <lha@it.su.se> 790178825Sdfr 791178825Sdfr * appl/gssmask/gssmaestro.c: Handle FIRST_CALL in the context 792178825Sdfr building, better error handling. 793178825Sdfr 794178825Sdfr * appl/gssmask/gssmaestro.c: switch from wrap/unwrap to 795178825Sdfr encrypt/decrypt 796178825Sdfr 797178825Sdfr * appl/gssmask/gssmask.c: Don't announce spn if there is none. 798178825Sdfr 799178825Sdfr * appl/gssmask/gssmaestro.c: Check that the pre-wrapped data is 800178825Sdfr the same as afterward. 801178825Sdfr 802233294Sstas2006-09-25 Love H��rnquist ��strand <lha@it.su.se> 803178825Sdfr 804178825Sdfr * appl/gssmask/gssmaestro.c: Remove stray GSS_C_DCE_STYLE. 805178825Sdfr 806178825Sdfr * appl/gssmask/gssmaestro.c: Add logsocket support. 807178825Sdfr 808233294Sstas2006-09-22 Love H��rnquist ��strand <lha@it.su.se> 809178825Sdfr 810178825Sdfr * appl/gssmask/gssmaestro.c (build_context): print the step the 811178825Sdfr context exchange. 812178825Sdfr 813233294Sstas2006-09-21 Love H��rnquist ��strand <lha@it.su.se> 814178825Sdfr 815178825Sdfr * appl/gssmask/gssmaestro.c: Add GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG 816178825Sdfr to all context flags 817178825Sdfr 818178825Sdfr * appl/gssmask/gssmaestro.c: Add wrap and mic tests for all 819178825Sdfr elements 820178825Sdfr 821178825Sdfr * appl/gssmask/gssmask.c: Add mic tests 822178825Sdfr 823178825Sdfr * appl/gssmask/gssmaestro.c: dont exit early then when context 824178825Sdfr is half built. 825178825Sdfr 826178825Sdfr * lib/krb5/rd_req.c: disable ETypeList parsing usage for now, cfx 827178825Sdfr seems broken and its not good to upgrade to a broken enctype. 828178825Sdfr 829233294Sstas2006-09-20 Love H��rnquist ��strand <lha@it.su.se> 830178825Sdfr 831178825Sdfr * appl/gssmask/gssmask.c: Add wrap/unwrap ops 832178825Sdfr 833178825Sdfr * appl/gssmask/protocol.h: Add eGetVersionAndCapabilities flags 834178825Sdfr 835178825Sdfr * appl/gssmask/common.c: Add permutate_all (and support 836178825Sdfr functions). 837178825Sdfr 838178825Sdfr * appl/gssmask/common.h: Add permutate_all 839178825Sdfr 840178825Sdfr * appl/gssmask/gssmask.c: use new flags, return moniker 841178825Sdfr 842178825Sdfr * appl/gssmask/gssmaestro.c: test self context building and all 843178825Sdfr permutation of clients 844178825Sdfr 845233294Sstas2006-09-19 Love H��rnquist ��strand <lha@it.su.se> 846178825Sdfr 847178825Sdfr * appl/gssmask/gssmask.c: add --logfile option, use htons() on 848178825Sdfr port number 849178825Sdfr 850178825Sdfr * appl/gssmask/gssmaestro.c: Log port in connection message. 851178825Sdfr 852178825Sdfr * configure.in: Make pk-init turned on by default. 853178825Sdfr 854233294Sstas2006-09-18 Love H��rnquist ��strand <lha@it.su.se> 855178825Sdfr 856178825Sdfr * fix-export: Build lib/hx509/{hx509-protos.h,hx509-private.h}. 857178825Sdfr 858178825Sdfr * kuser/Makefile.am: Add tool for printing tickets. 859178825Sdfr 860178825Sdfr * kuser/kimpersonate.1: Add tool for printing tickets. 861178825Sdfr 862178825Sdfr * kuser/kimpersonate.c: Add tool for printing tickets. 863178825Sdfr 864178825Sdfr * kdc/krb5tgs.c: Check the adtkt in the constrained delegation 865178825Sdfr case too. 866178825Sdfr 867233294Sstas2006-09-16 Love H��rnquist ��strand <lha@it.su.se> 868178825Sdfr 869178825Sdfr * kdc/main.c (sigterm): don't _exit, let loop() catch the signal 870178825Sdfr instead. 871178825Sdfr 872233294Sstas * lib/krb5/krb5_timeofday.3: Fixes from Bj��rn Sandell. 873178825Sdfr 874233294Sstas * lib/krb5/krb5_get_init_creds.3: Fixes from Bj��rn Sandell. 875178825Sdfr 876233294Sstas2006-09-15 Love H��rnquist ��strand <lha@it.su.se> 877178825Sdfr 878178825Sdfr * tools/krb5-config.in: Add "kafs" option. 879178825Sdfr 880233294Sstas2006-09-12 Love H��rnquist ��strand <lha@it.su.se> 881178825Sdfr 882178825Sdfr * lib/hdb/db.c: By using full function calling conversion (*func) 883178825Sdfr we avoid problem when close(fd) is overridden using a macro. 884178825Sdfr 885178825Sdfr * lib/krb5/cache.c: By using full function calling 886178825Sdfr conversion (*func) we avoid problem when close(fd) is overridden 887178825Sdfr using a macro. 888178825Sdfr 889233294Sstas2006-09-11 Love H��rnquist ��strand <lha@it.su.se> 890178825Sdfr 891178825Sdfr * kdc/kerberos5.c: Signing outgoing tickets. 892178825Sdfr 893178825Sdfr * kdc/krb5tgs.c: Add signing and checking of tickets to s4u2self 894178825Sdfr works securely. 895178825Sdfr 896178825Sdfr * lib/krb5/pkinit.c: Adapt to new signature of 897178825Sdfr hx509_cms_unenvelope. 898178825Sdfr 899233294Sstas2006-09-09 Love H��rnquist ��strand <lha@it.su.se> 900178825Sdfr 901178825Sdfr * lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a 902178825Sdfr sensable way 903178825Sdfr 904233294Sstas2006-09-08 Love H��rnquist ��strand <lha@it.su.se> 905178825Sdfr 906178825Sdfr * lib/krb5/krb5_init_context.3: Prevent a font generation warning, 907178825Sdfr from Jason McIntyre. 908178825Sdfr 909233294Sstas2006-09-06 Love H��rnquist ��strand <lha@it.su.se> 910178825Sdfr 911178825Sdfr * lib/krb5/context.c (krb5_init_ets): Add the hx errortable 912178825Sdfr 913178825Sdfr * lib/krb5/krb5_locl.h: Include hx509_err.h. 914178825Sdfr 915178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string 916178825Sdfr from the hx509 lib 917178825Sdfr 918233294Sstas2006-09-04 Love H��rnquist ��strand <lha@it.su.se> 919178825Sdfr 920178825Sdfr * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): 921178825Sdfr fix argument to krb5_get_init_creds_opt_set_addressless. 922178825Sdfr 923178825Sdfr * lib/krb5/init_creds_pw.c (init_cred_loop): try to catch the 924178825Sdfr error when we actually have an error to catch. 925178825Sdfr 926178825Sdfr * lib/krb5/init_creds_pw.c: Remove debug printfs. 927178825Sdfr 928178825Sdfr * kuser/kinit.c: Remove debug printf 929178825Sdfr 930178825Sdfr * lib/krb5/krb5_get_init_creds.3: Document 931178825Sdfr krb5_get_init_creds_opt_set_addressless. 932178825Sdfr 933178825Sdfr * kuser/kinit.c: Use new function 934178825Sdfr krb5_get_init_creds_opt_set_addressless. 935178825Sdfr 936178825Sdfr * lib/krb5/krb5_locl.h: use new addressless, convert pa-pac option 937178825Sdfr to use the same tri-state option as the new addressless option. 938178825Sdfr 939178825Sdfr * lib/krb5/init_creds_pw.c: use new addressless, convert pa-pac 940178825Sdfr option to use the same tri-state option as the new addressless 941178825Sdfr option. 942178825Sdfr 943178825Sdfr * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_addressless): 944178825Sdfr used to control the address-lessness of the initial tickets 945178825Sdfr instead of passing in the empty set of address into 946178825Sdfr krb5_get_init_creds_opt_set_addresses. 947178825Sdfr 948233294Sstas2006-09-01 Love H��rnquist ��strand <lha@it.su.se> 949178825Sdfr 950178825Sdfr * kuser/kinit.c (renew_validate): inherit the proxiable and 951178825Sdfr forwardable from the orignal ticket, pointed out by Bernard 952178825Sdfr Antoine of CERN. 953178825Sdfr 954178825Sdfr * doc/setup.texi: More text about the acl_file entry and 955233294Sstas hdb-ldap-structural-object. From R��diger Ranft. 956178825Sdfr 957178825Sdfr * lib/krb5/krbhst.c (fallback_get_hosts): limit the fallback 958178825Sdfr lookups to 5. Patch from Wesley Craig, umich.edu 959178825Sdfr 960178825Sdfr * configure.in: Add special tests for <sys/ucred.h>, include test 961178825Sdfr for sys/param.h and sys/types.h 962178825Sdfr 963178825Sdfr * appl/test/tcp_server.c (proto): use keytab for krb5_recvauth 964178825Sdfr Patch from Ingemar Nilsson <init@pdc.kth.se> 965178825Sdfr 966233294Sstas2006-08-28 Love H��rnquist ��strand <lha@it.su.se> 967178825Sdfr 968178825Sdfr * kuser/kdigest.c (help): use sl_slc_help(). 969178825Sdfr 970178825Sdfr * kdc/digest.c: Catch more error, add SASL DIGEST MD5. 971178825Sdfr 972178825Sdfr * lib/krb5/digest.c: Catch more error. 973178825Sdfr 974233294Sstas2006-08-25 Love H��rnquist ��strand <lha@it.su.se> 975178825Sdfr 976178825Sdfr * doc/setup.texi: language. 977178825Sdfr 978178825Sdfr * doc/heimdal.texi: Add last updated text. 979178825Sdfr 980178825Sdfr * doc/heimdal.css: make box around heimdal title 981178825Sdfr 982178825Sdfr * doc/heimdal.css: Inital Heimdal css for the info manual 983178825Sdfr 984178825Sdfr * lib/krb5/digest.c: In the case where we get a DigestError back, 985178825Sdfr save the error string and code. 986178825Sdfr 987233294Sstas2006-08-24 Love H��rnquist ��strand <lha@it.su.se> 988178825Sdfr 989178825Sdfr * kdc/kerberos5.c: Remove _kdc_find_etype(), its no longer used. 990178825Sdfr 991178825Sdfr * kdc/digest.c: Remove local error label and have just one exit 992178825Sdfr label, set error strings properly. 993178825Sdfr 994178825Sdfr * kdc/digest.c: Simply the disabled-service case. Check the 995178825Sdfr allow-digest flag in the HDB entry for the client. 996178825Sdfr 997178825Sdfr * kdc/process.c (krb5_kdc_process_generic_request): check if we 998178825Sdfr got a digest request and process it. 999178825Sdfr 1000178825Sdfr * kdc/main.c: Register hdb keytab operations. 1001178825Sdfr 1002178825Sdfr * kdc/kdc.8: document [kdc]enable-digest=boolean 1003178825Sdfr 1004178825Sdfr * kdc/Makefile.am: add digest to libkdc 1005178825Sdfr 1006178825Sdfr * kdc/digest.c: Make a return a goto to avoid freeing un-inited 1007178825Sdfr memory in cleanup code. 1008178825Sdfr 1009178825Sdfr * kdc/default_config.c (krb5_kdc_default_config): default to all 1010178825Sdfr bits set to zero. 1011178825Sdfr 1012178825Sdfr * kdc/kdc.h (krb5_kdc_configuration): Add enable_digest 1013178825Sdfr 1014178825Sdfr * kdc/headers.h: Include <digest_asn1.h>. 1015178825Sdfr 1016178825Sdfr * lib/krb5/context.c (krb5_kerberos_enctypes): new function, 1017178825Sdfr returns the list of Kerberos encryption types sorted in order of 1018178825Sdfr most preferred to least preferred encryption type. 1019178825Sdfr 1020178825Sdfr * kdc/misc.c (_kdc_get_preferred_key): new function, Use the order 1021178825Sdfr list of preferred encryption types and sort the available keys and 1022178825Sdfr return the most preferred key. 1023178825Sdfr 1024178825Sdfr * kdc/krb5tgs.c: Adapt to the new sigature of _kdc_find_keys(). 1025178825Sdfr 1026178825Sdfr * kdc/kerberos5.c: Handle session key etype separately from the 1027178825Sdfr tgt etype, now the krbtgt can be a aes-only key without the need 1028178825Sdfr to support not-as-good etypes for the krbtgt. 1029178825Sdfr 1030233294Sstas2006-08-23 Love H��rnquist ��strand <lha@it.su.se> 1031178825Sdfr 1032178825Sdfr * kdc/misc.c: Change _kdc_db_fetch() to return the database 1033178825Sdfr pointer to if needed by the consumer. 1034178825Sdfr 1035178825Sdfr * kdc/krb5tgs.c: Change _kdc_db_fetch() to return the database 1036178825Sdfr pointer to if needed by the consumer. 1037178825Sdfr 1038178825Sdfr * kdc/kerberos5.c: Change _kdc_db_fetch() to return the database 1039178825Sdfr pointer to if needed by the consumer. 1040178825Sdfr 1041178825Sdfr * kdc/kerberos4.c: Change _kdc_db_fetch() to return the database 1042178825Sdfr pointer to if needed by the consumer. 1043178825Sdfr 1044178825Sdfr * kdc/kaserver.c: Change _kdc_db_fetch() to return the database 1045178825Sdfr pointer to if needed by the consumer. 1046178825Sdfr 1047178825Sdfr * kdc/524.c: Change _kdc_db_fetch() to return the database pointer 1048178825Sdfr to if needed by the consumer. 1049178825Sdfr 1050178825Sdfr * kuser/kdigest-commands.in: Add --kerberos-realm, add client 1051178825Sdfr request command. 1052178825Sdfr 1053178825Sdfr * lib/krb5/Makefile.am: digest.c 1054178825Sdfr 1055178825Sdfr * lib/krb5/krb5.h: Add digest glue. 1056178825Sdfr 1057178825Sdfr * lib/krb5/digest.c (krb5_digest_set_authentication_user): use 1058178825Sdfr krb5_principal 1059178825Sdfr 1060178825Sdfr * lib/krb5/digest.c: Add digest support to the client side. 1061178825Sdfr 1062233294Sstas2006-08-21 Love H��rnquist ��strand <lha@it.kth.se> 1063178825Sdfr 1064178825Sdfr * lib/krb5/rd_rep.c (krb5_rd_rep): free krb5_ap_rep_enc_part on 1065178825Sdfr error and set return pointer to NULL 1066178825Sdfr (krb5_free_ap_rep_enc_part): permit freeing of NULL 1067178825Sdfr 1068233294Sstas2006-08-18 Love H��rnquist ��strand <lha@it.kth.se> 1069178825Sdfr 1070178825Sdfr * kdc/{Makefile.am,kdigest.c,kdigest-commands.in}: 1071178825Sdfr Frontend for remote digest service in KDC 1072178825Sdfr 1073178825Sdfr * lib/krb5/krb5_storage.3: Document krb5_{ret,store}_stringnl 1074178825Sdfr functions. 1075178825Sdfr 1076178825Sdfr * lib/krb5/store.c: Add krb5_{ret,store}_stringnl functions, 1077178825Sdfr stores/retrieves a \n terminated string. 1078178825Sdfr 1079178825Sdfr * lib/krb5/krb5_locl.h: Default to address-less tickets. 1080178825Sdfr 1081178825Sdfr * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): clear 1082178825Sdfr error string on error. 1083178825Sdfr 1084233294Sstas2006-07-20 Love H��rnquist ��strand <lha@it.su.se> 1085178825Sdfr 1086178825Sdfr * lib/krb5/crypto.c: remove aes-192 (CMS) 1087178825Sdfr 1088178825Sdfr * lib/krb5/crypto.c: Remove more CMS bits. 1089178825Sdfr 1090178825Sdfr * lib/krb5/crypto.c: Remove CMS symmetric encryption support. 1091178825Sdfr 1092233294Sstas2006-07-13 Love H��rnquist ��strand <lha@it.su.se> 1093178825Sdfr 1094178825Sdfr * kdc/pkinit.c (_kdc_pk_check_client): make it not crash when 1095178825Sdfr there are no acl 1096178825Sdfr 1097178825Sdfr * kdc/pkinit.c (_kdc_pk_check_client): use the acl in the kerberos 1098178825Sdfr database 1099178825Sdfr 1100178825Sdfr * lib/hdb/hdb.asn1: Rename HDB-Ext-PKINIT-certificate to 1101178825Sdfr HDB-Ext-PKINIT-hash. Add trust anchor to HDB-Ext-PKINIT-acl. 1102178825Sdfr 1103178825Sdfr * lib/hdb/Makefile.am: rename asn1_HDB_Ext_PKINIT_certificate to 1104178825Sdfr asn1_HDB_Ext_PKINIT_hash 1105178825Sdfr 1106178825Sdfr * lib/hdb/ext.c: Add hdb_entry_get_pkinit_hash(). 1107178825Sdfr 1108233294Sstas2006-07-10 Love H��rnquist ��strand <lha@it.su.se> 1109178825Sdfr 1110178825Sdfr * kuser/kinit.c: If --password-file gets STDIN, read the password 1111178825Sdfr from the standard input. 1112178825Sdfr 1113178825Sdfr * kuser/kinit.1: Document --password-file=STDIN. 1114178825Sdfr 1115178825Sdfr * lib/krb5/krb5_string_to_key.3: Remove duplicate to. 1116178825Sdfr 1117233294Sstas2006-07-06 Love H��rnquist ��strand <lha@it.su.se> 1118178825Sdfr 1119178825Sdfr * kdc/krb5tgs.c: (tgs_build_reply): when checking for removed 1120178825Sdfr principals, check the second component of the krbtgt, otherwise 1121178825Sdfr cross realm wont work. Prompted by report from Mattias Amnefelt. 1122178825Sdfr 1123233294Sstas2006-07-05 Love H��rnquist ��strand <lha@it.su.se> 1124178825Sdfr 1125178825Sdfr * kdc/connect.c (handle_vanilla_tcp): use unsigned integer for for 1126178825Sdfr length 1127178825Sdfr (handle_tcp): if the high bit it set in the unknown case, send 1128178825Sdfr back a KRB_ERR_FIELD_TOOLONG 1129178825Sdfr 1130233294Sstas2006-07-03 Love H��rnquist ��strand <lha@it.su.se> 1131178825Sdfr 1132178825Sdfr * appl/gssmask/gssmaestro.c: Add get_version_capa, cache 1133178825Sdfr target_name. 1134178825Sdfr 1135178825Sdfr * appl/gssmask/gssmask.c: use utname() to find the local hostname 1136178825Sdfr and version of operatingsystem 1137178825Sdfr 1138178825Sdfr * appl/gssmask/common.h: include <sys/utsname.h> 1139178825Sdfr 1140178825Sdfr * appl/gssmask/gssmask.c: break out creation of a client and make 1141178825Sdfr handleServer pthread_create compatible 1142178825Sdfr 1143178825Sdfr * appl/gssmask/gssmaestro.c: break out out the build context 1144178825Sdfr function 1145178825Sdfr 1146233294Sstas2006-07-01 Love H��rnquist ��strand <lha@it.su.se> 1147178825Sdfr 1148178825Sdfr * appl/gssmask/gssmaestro.c: externalize slave handling, add 1149178825Sdfr GetTargetName glue 1150178825Sdfr 1151178825Sdfr * appl/gssmask/gssmaestro.c: externalize principal/password handling 1152178825Sdfr 1153178825Sdfr * lib/krb5/principal.c (krb5_parse_name): set *principal to NULL 1154178825Sdfr the first thing we do, so that on failure its set to a known value 1155178825Sdfr 1156178825Sdfr * appl/gssmask/gssmask.c: AcquireCreds: set principal to NULL to 1157178825Sdfr avoid memory corruption GetTargetName: always send a string, even 1158178825Sdfr though we don't have a targetname 1159178825Sdfr 1160178825Sdfr * appl/gssmask: break out common function; add gssmaestro (that 1161178825Sdfr only tests one context for now) 1162178825Sdfr 1163233294Sstas2006-06-30 Love H��rnquist ��strand <lha@it.su.se> 1164178825Sdfr 1165178825Sdfr * lib/krb5/store_fd.c (krb5_storage_from_fd): don't leak fd on 1166178825Sdfr malloc failure 1167178825Sdfr 1168178825Sdfr * appl/gssmask/gssmask.c: split out fetching of credentials for 1169178825Sdfr easier reuse for pk-init testing 1170178825Sdfr 1171178825Sdfr * appl/gssmask: maggot replacement, handles context testing 1172178825Sdfr 1173178825Sdfr * lib/krb5/cache.c (krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME 1174178825Sdfr as the default prefix 1175178825Sdfr 1176233294Sstas2006-06-28 Love H��rnquist ��strand <lha@it.su.se> 1177178825Sdfr 1178178825Sdfr * doc/heimdal.texi: Add Doug Rabson's license 1179178825Sdfr 1180233294Sstas2006-06-22 Love H��rnquist ��strand <lha@it.su.se> 1181178825Sdfr 1182178825Sdfr * lib/krb5/init_creds.c: Add storing and getting KRB-ERROR in the 1183178825Sdfr krb5_get_init_creds_opt structure. 1184178825Sdfr 1185178825Sdfr * lib/krb5/init_creds_pw.c: Save KRB-ERROR on error. 1186178825Sdfr 1187178825Sdfr * lib/krb5/krb5_locl.h (_krb5_get_init_creds_opt_private): add 1188178825Sdfr KRB-ERROR 1189178825Sdfr 1190233294Sstas2006-06-21 Love H��rnquist ��strand <lha@it.su.se> 1191178825Sdfr 1192178825Sdfr * doc/setup.texi: section about verify_krb5_conf and kadmin check 1193178825Sdfr 1194233294Sstas2006-06-15 Love H��rnquist ��strand <lha@it.su.se> 1195178825Sdfr 1196178825Sdfr * lib/krb5/init_creds_pw.c (get_init_creds_common): drop cred 1197178825Sdfr argument, its unused 1198178825Sdfr 1199178825Sdfr * lib/krb5/Makefile.am: install krb5_get_creds.3 1200178825Sdfr 1201178825Sdfr * lib/krb5/krb5_get_creds.3: new file 1202178825Sdfr 1203233294Sstas2006-06-14 Love H��rnquist ��strand <lha@it.su.se> 1204178825Sdfr 1205178825Sdfr * lib/hdb/hdb-ldap.c: don't use the sambaNTPassword if there is 1206178825Sdfr ARCFOUR key already. Idea from Andreas Hasenack. While here, set 1207178825Sdfr pw change time using sambaPwdLastSet 1208178825Sdfr 1209178825Sdfr * kdc/kerberos4.c: Use enable_v4_per_principal and check the new 1210178825Sdfr hdb flag. 1211178825Sdfr 1212178825Sdfr * kdc/kdc.h: Add enable_v4_per_principal 1213178825Sdfr 1214233294Sstas2006-06-12 Love H��rnquist ��strand <lha@it.su.se> 1215178825Sdfr 1216178825Sdfr * kdc/kerberos5.c (_kdc_as_rep): if kdc_time + 1217178825Sdfr config->kdc_warn_pwexpire is past pw_end, add expiration 1218178825Sdfr message. From Bernard Antoine. 1219178825Sdfr 1220178825Sdfr * kdc/default_config.c (krb5_kdc_default_config): set 1221178825Sdfr kdc_warn_pwexpire to 0 1222178825Sdfr 1223178825Sdfr * kdc/kerberos5.c: indent. 1224178825Sdfr 1225233294Sstas2006-06-07 Love H��rnquist ��strand <lha@it.su.se> 1226178825Sdfr 1227178825Sdfr * kdc/kerberos5.c: constify 1228178825Sdfr 1229233294Sstas2006-06-06 Love H��rnquist ��strand <lha@it.su.se> 1230178825Sdfr 1231178825Sdfr * lib/krb5/get_cred.c: Allow setting additional tickets in the 1232178825Sdfr tgs-req 1233178825Sdfr 1234178825Sdfr * kuser/kgetcred.c: add --delegation-credential-cache 1235178825Sdfr 1236178825Sdfr * kdc/krb5tgs.c (tgs_build_reply): add constrained delegation. 1237178825Sdfr 1238178825Sdfr * kdc/krb5tgs.c: Add impersonation. 1239178825Sdfr 1240178825Sdfr * kuser/kgetcred.c: use new krb5_get_creds interface, add 1241178825Sdfr impersonation. 1242178825Sdfr 1243178825Sdfr * lib/krb5/get_cred.c (krb5_get_creds): add 1244178825Sdfr KRB5_GC_NO_TRANSIT_CHECK 1245178825Sdfr 1246178825Sdfr * lib/krb5/misc.c: Add impersonate support functions. 1247178825Sdfr 1248178825Sdfr * lib/krb5/get_cred.c: Add impersonate and new krb5_get_creds interface. 1249178825Sdfr 1250178825Sdfr * lib/hdb/hdb.asn1 (HDBFlags): add trusted-for-delegation 1251178825Sdfr 1252178825Sdfr * lib/krb5/krb5.h: Add krb5_get_creds_opt_data and some more 1253178825Sdfr KRB5_GC flags. 1254178825Sdfr 1255233294Sstas2006-06-01 Love H��rnquist ��strand <lha@it.su.se> 1256178825Sdfr 1257178825Sdfr * lib/hdb/ext.c (hdb_entry_get_ConstrainedDelegACL): new function. 1258178825Sdfr 1259178825Sdfr * lib/krb5/pkinit.c: Avoid more shadowing. 1260178825Sdfr 1261178825Sdfr * kdc/connect.c (do_request): clean reply with krb5_data_zero 1262178825Sdfr 1263178825Sdfr * kdc/krb5tgs.c: Split up the reverse cross krbtgt check and local 1264178825Sdfr clien must exists test. 1265178825Sdfr 1266178825Sdfr * kdc/krb5tgs.c: Plug old memory leaks, unify all goto's. 1267178825Sdfr 1268178825Sdfr * kdc/krb5tgs.c: Split tgs_rep2 into tgs_parse_request and 1269178825Sdfr tgs_build_reply. 1270178825Sdfr 1271178825Sdfr * kdc/kerberos5.c: split out krb5 tgs req to make it easier to 1272178825Sdfr reorganize the code. 1273178825Sdfr 1274233294Sstas2006-05-29 Love H��rnquist ��strand <lha@it.su.se> 1275178825Sdfr 1276233294Sstas * lib/krb5/krb5_get_init_creds.3: spelling Bj��rn Sandell 1277178825Sdfr 1278233294Sstas * lib/krb5/krb5_get_in_cred.3: spelling Bj��rn Sandell 1279178825Sdfr 1280233294Sstas2006-05-13 Love H��rnquist ��strand <lha@it.su.se> 1281178825Sdfr 1282178825Sdfr * kpasswd/kpasswdd.c (change): select the realm based on the 1283178825Sdfr target principal From Gabor Gombas 1284178825Sdfr 1285178825Sdfr * lib/krb5/krb5_get_init_creds.3: Add KRB5_PROMPT_TYPE_INFO 1286178825Sdfr 1287178825Sdfr * lib/krb5/krb5.h: Add KRB5_PROMPT_TYPE_INFO 1288178825Sdfr 1289233294Sstas2006-05-12 Love H��rnquist ��strand <lha@it.su.se> 1290178825Sdfr 1291178825Sdfr * lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed. 1292178825Sdfr Fix a warning. 1293178825Sdfr 1294178825Sdfr * doc/setup.texi: Point to more examples, hint that you have to 1295178825Sdfr use openssl 0.9.8a or later. 1296178825Sdfr 1297178825Sdfr * doc/setup.texi: DIR now handles both PEM and DER. 1298178825Sdfr 1299178825Sdfr * kuser/kinit.c: Pass down prompter and password to 1300178825Sdfr krb5_get_init_creds_opt_set_pkinit. 1301178825Sdfr 1302178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_load_id): only use password if its 1303178825Sdfr longer then 0 1304178825Sdfr 1305178825Sdfr * doc/ack.texi: Add Jason McIntyre. 1306178825Sdfr 1307178825Sdfr * lib/krb5/krb5_acl_match_file.3: Various tweaks, from Jason 1308178825Sdfr McIntyre. 1309178825Sdfr 1310233294Sstas2006-05-11 Love H��rnquist ��strand <lha@it.su.se> 1311178825Sdfr 1312178825Sdfr * kuser/kinit.c: Move parsing of the PK-INIT configuration file to 1313178825Sdfr the library so application doesn't need to deal with it. 1314178825Sdfr 1315178825Sdfr * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit): move 1316178825Sdfr parsing of the configuration file to the library so application 1317178825Sdfr doesn't need to deal with it. 1318178825Sdfr 1319178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_load_id): pass the hx509_lock to 1320178825Sdfr when trying to read the user certificate. 1321178825Sdfr 1322178825Sdfr * lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1 1323178825Sdfr on failure. Pointed out by Douglas E. Engert. 1324178825Sdfr 1325233294Sstas2006-05-08 Love H��rnquist ��strand <lha@it.su.se> 1326178825Sdfr 1327178825Sdfr * lib/krb5/crypto.c: Catches both keyed checkout w/o crypto 1328178825Sdfr context cases and doesn't reset the string, and corrects the 1329178825Sdfr grammar. 1330178825Sdfr 1331178825Sdfr * lib/krb5/crypto.c: Drop aes-cbc, rc2 and CMS padding support, 1332178825Sdfr its all containted in libhcrypto and libhx509 now. 1333178825Sdfr 1334233294Sstas2006-05-07 Love H��rnquist ��strand <lha@it.su.se> 1335178825Sdfr 1336178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use 1337178825Sdfr hx509_get_one_cert. 1338178825Sdfr 1339178825Sdfr * lib/krb5/crypto.c (create_checksum): provide a error message 1340178825Sdfr that a key checksum needs a key. From Andew Bartlett. 1341178825Sdfr 1342233294Sstas2006-05-06 Love H��rnquist ��strand <lha@it.su.se> 1343178825Sdfr 1344178825Sdfr * lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check 1345178825Sdfr for hx509 null DH. 1346178825Sdfr 1347178825Sdfr * kdc/pkinit.c: Don't call DH_check_pubkey, it doesn't exists in 1348178825Sdfr older OpenSSL. 1349178825Sdfr 1350178825Sdfr * doc/heimdal.texi: Add blob about imath. 1351178825Sdfr 1352178825Sdfr * doc/ack.texi: Add blob about imath. 1353178825Sdfr 1354178825Sdfr * include/make_crypto.c: Move up evp.h to please OpenSSL, from 1355178825Sdfr Douglas E. Engert. 1356178825Sdfr 1357178825Sdfr * kcm/acl.c: Multicache kcm interation isn't done yet, let wait 1358178825Sdfr with this enum. 1359178825Sdfr 1360233294Sstas2006-05-05 Love H��rnquist ��strand <lha@it.su.se> 1361178825Sdfr 1362233294Sstas * lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Bj��rn 1363178825Sdfr Sandell 1364178825Sdfr 1365233294Sstas * lib/krb5/krb5_rcache.3: Spelling/mdoc from Bj��rn Sandell 1366178825Sdfr 1367233294Sstas * lib/krb5/krb5_keytab.3: Spelling/mdoc from Bj��rn Sandell 1368178825Sdfr 1369233294Sstas * lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Bj��rn Sandell 1370178825Sdfr 1371233294Sstas * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Bj��rn 1372178825Sdfr Sandell 1373178825Sdfr 1374233294Sstas * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Bj��rn 1375178825Sdfr Sandell 1376178825Sdfr 1377178825Sdfr * lib/krb5/keytab_file.c (fkt_next_entry_int): read the 32 bit 1378178825Sdfr kvno if the reset of the data is longer then 4 bytes in hope to be 1379178825Sdfr forward compatible. Pointed out by Michael B Allen. 1380178825Sdfr 1381178825Sdfr * doc/programming.texi: Add fileformats. 1382178825Sdfr 1383178825Sdfr * appl/test: Rename u_intXX_t to uintXX_t 1384178825Sdfr 1385178825Sdfr * kuser: Rename u_intXX_t to uintXX_t 1386178825Sdfr 1387178825Sdfr * kdc: Rename u_intXX_t to uintXX_t 1388178825Sdfr 1389178825Sdfr * lib/hdb: Rename u_intXX_t to uintXX_t 1390178825Sdfr 1391178825Sdfr * lib/45]: Rename u_intXX_t to uintXX_t 1392178825Sdfr 1393178825Sdfr * lib/krb5: Rename u_intXX_t to uintXX_t 1394178825Sdfr 1395178825Sdfr * lib/krb5/Makefile.am: Add test_store to TESTS 1396178825Sdfr 1397178825Sdfr * lib/krb5/pkinit.c: Catch using hx509 null DH and print a more 1398178825Sdfr useful error message. 1399178825Sdfr 1400178825Sdfr * lib/krb5/store.c: Rewrite the krb5_ret_u as proposed by Johan. 1401178825Sdfr 1402233294Sstas2006-05-04 Love H��rnquist ��strand <lha@it.su.se> 1403178825Sdfr 1404178825Sdfr * kdc/kerberos4.c: Use the new unsigned integer storage types. 1405178825Sdfr 1406178825Sdfr * kdc/kaserver.c: Use the new unsigned integer storage 1407178825Sdfr types. Sprinkle some error handling. 1408178825Sdfr 1409178825Sdfr * lib/krb5/krb5_storage.3: Document ret and store function for the 1410178825Sdfr unsigned fixed size integer types. 1411178825Sdfr 1412178825Sdfr * lib/krb5/v4_glue.c: Use the new unsigned integer storage 1413178825Sdfr types. Fail that the address doesn't match, not the reverse. 1414178825Sdfr 1415178825Sdfr * lib/krb5/store.c: Add ret and store function for the unsigned 1416178825Sdfr fixed size integer types. 1417178825Sdfr 1418178825Sdfr * lib/krb5/test_store.c: Test the integer storage types. 1419178825Sdfr 1420233294Sstas2006-05-03 Love H��rnquist ��strand <lha@it.su.se> 1421178825Sdfr 1422178825Sdfr * lib/krb5/store.c (krb5_store_principal): make it take a 1423178825Sdfr krb5_const_principal, indent 1424178825Sdfr 1425178825Sdfr * lib/krb5/krb5_storage.3: krb5_store_principal takes a 1426178825Sdfr krb5_const_principal 1427178825Sdfr 1428178825Sdfr * lib/krb5/pkinit.c: Deal with that hx509_prompt.reply is no 1429178825Sdfr longer a pointer. 1430178825Sdfr 1431178825Sdfr * kdc/kdc.h (krb5_kdc_configuration): add pkinit_kdc_ocsp_file 1432178825Sdfr 1433178825Sdfr * kdc/config.c: read [kdc]pki-kdc-ocsp 1434178825Sdfr 1435233294Sstas2006-05-02 Love H��rnquist ��strand <lha@it.su.se> 1436178825Sdfr 1437178825Sdfr * kdc/pkinit.c (_kdc_pk_mk_pa_reply): send back ocsp response if 1438178825Sdfr it seems to be valid, simplfy the pkinit-windows DH case (it 1439178825Sdfr doesn't exists). 1440178825Sdfr 1441233294Sstas2006-05-01 Love H��rnquist ��strand <lha@it.su.se> 1442178825Sdfr 1443233294Sstas * lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Bj��rn Sandell. 1444178825Sdfr 1445233294Sstas * lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Bj��rn 1446178825Sdfr Sandell. 1447178825Sdfr 1448178825Sdfr * lib/krb5/krb5_verify_init_creds.3: Spelling/mdoc changes, from 1449233294Sstas Bj��rn Sandell. 1450178825Sdfr 1451233294Sstas * lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Bj��rn 1452178825Sdfr Sandell. 1453178825Sdfr 1454233294Sstas * lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Bj��rn 1455178825Sdfr Sandell. 1456178825Sdfr 1457233294Sstas * lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Bj��rn 1458178825Sdfr Sandell. 1459178825Sdfr 1460233294Sstas * lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Bj��rn 1461178825Sdfr Sandell. 1462178825Sdfr 1463233294Sstas * lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Bj��rn 1464178825Sdfr Sandell. 1465178825Sdfr 1466233294Sstas * lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Bj��rn 1467178825Sdfr Sandell. 1468178825Sdfr 1469233294Sstas * lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Bj��rn 1470178825Sdfr Sandell. 1471178825Sdfr 1472233294Sstas * lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Bj��rn 1473178825Sdfr Sandell. 1474178825Sdfr 1475178825Sdfr * lib/krb5/krb5_is_thread_safe.3: Spelling/mdoc changes, from 1476233294Sstas Bj��rn Sandell. 1477178825Sdfr 1478178825Sdfr * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, 1479233294Sstas from Bj��rn Sandell. 1480178825Sdfr 1481178825Sdfr * lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, 1482233294Sstas from Bj��rn Sandell. 1483178825Sdfr 1484178825Sdfr * lib/krb5/krb5_expand_hostname.3: Spelling/mdoc changes, from 1485233294Sstas Bj��rn Sandell. 1486178825Sdfr 1487178825Sdfr * lib/krb5/krb5_check_transited.3: Spelling/mdoc changes, from 1488233294Sstas Bj��rn Sandell. 1489178825Sdfr 1490178825Sdfr * lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc changes, from 1491233294Sstas Bj��rn Sandell. 1492178825Sdfr 1493178825Sdfr * lib/krb5/krb5_address.3: Spelling/mdoc changes, from 1494233294Sstas Bj��rn Sandell. 1495178825Sdfr 1496178825Sdfr * lib/krb5/krb5_acl_match_file.3: Spelling/mdoc changes, from 1497233294Sstas Bj��rn Sandell. 1498178825Sdfr 1499233294Sstas * lib/krb5/krb5.3: Spelling, from Bj��rn Sandell. 1500178825Sdfr 1501233294Sstas * doc/ack.texi: add Bj��rn 1502178825Sdfr 1503233294Sstas2006-04-30 Love H��rnquist ��strand <lha@it.su.se> 1504178825Sdfr 1505178825Sdfr * lib/krb5/pkinit.c (cert2epi): don't include subject if its null 1506178825Sdfr 1507233294Sstas2006-04-29 Love H��rnquist ��strand <lha@it.su.se> 1508178825Sdfr 1509178825Sdfr * lib/krb5/pkinit.c: Send over what trust anchors the client have 1510178825Sdfr configured. 1511178825Sdfr 1512178825Sdfr * lib/krb5/pkinit.c (pk_verify_host): set better error string, 1513178825Sdfr only check kdc name/address when we got a hostname/address passed 1514178825Sdfr in the the function. 1515178825Sdfr 1516178825Sdfr * kdc/pkinit.c (_kdc_pk_check_client): reorganize and make log 1517178825Sdfr when a SAN matches. 1518178825Sdfr 1519233294Sstas2006-04-28 Love H��rnquist ��strand <lha@it.su.se> 1520178825Sdfr 1521178825Sdfr * doc/setup.texi: More options and some text about windows 1522178825Sdfr clients, certificate and KDCs. 1523178825Sdfr 1524178825Sdfr * doc/setup.texi: notice about pki-mappings file space sensitive 1525178825Sdfr 1526178825Sdfr * doc/setup.texi: Example pki-mapping file. 1527178825Sdfr 1528178825Sdfr * lib/krb5/pkinit.c (pk_verify_host): verify hostname/address 1529178825Sdfr 1530178825Sdfr * lib/hdb/hdb.h: Bump hdb interface version to 4. 1531178825Sdfr 1532233294Sstas2006-04-27 Love H��rnquist ��strand <lha@it.su.se> 1533178825Sdfr 1534178825Sdfr * kuser/kdestroy.1: Document --credential=principal. 1535178825Sdfr 1536178825Sdfr * kdc/kerberos5.c (tgs_rep2): check that the client exists in the 1537178825Sdfr kerberos database if its local request. 1538178825Sdfr 1539178825Sdfr * kdc/{misc.c,524.c,kaserver.c,kerberos5.c}: pass down HDB_F_GET_ 1540178825Sdfr flags as appropriate 1541178825Sdfr 1542178825Sdfr * kdc/kerberos4.c (_kdc_db_fetch4): pass down flags though 1543178825Sdfr krb5_425_conv_principal_ext2 1544178825Sdfr 1545178825Sdfr * kdc/misc.c (_kdc_db_fetch): Break out the that we request from 1546178825Sdfr principal from the entry and pass it in as a seprate argument. 1547178825Sdfr 1548178825Sdfr * lib/hdb/keytab.c (hdb_get_entry): Break out the that we request 1549178825Sdfr from principal from the entry and pass it in as a seprate 1550178825Sdfr argument. 1551178825Sdfr 1552178825Sdfr * lib/hdb/common.c: Break out the that we request from principal 1553178825Sdfr from the entry and pass it in as a seprate argument. 1554178825Sdfr 1555178825Sdfr * lib/hdb/hdb.h: Break out the that we request from principal from 1556178825Sdfr the entry and pass it in as a seprate argument. Add more flags to 1557178825Sdfr ->hdb_get(). Re-indent. 1558178825Sdfr 1559233294Sstas2006-04-26 Love H��rnquist ��strand <lha@it.su.se> 1560178825Sdfr 1561178825Sdfr * doc/setup.texi: document pki-allow-proxy-certificate 1562178825Sdfr 1563178825Sdfr * kdc/pkinit.c: Add option [kdc]pki-allow-proxy-certificate=bool 1564178825Sdfr to allow using proxy certificate. 1565178825Sdfr 1566178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_allow_proxy_certificates): expose 1567178825Sdfr hx509_verify_set_proxy_certificate 1568178825Sdfr 1569178825Sdfr * kdc/pkinit.c (_kdc_pk_check_client): Use 1570178825Sdfr hx509_cert_get_base_subject to get subject name of the 1571178825Sdfr certificate, needed for proxy certificates. 1572178825Sdfr 1573178825Sdfr * kdc/kerberos5.c: Now that find_keys speaks for it self, remove 1574178825Sdfr extra logging. 1575178825Sdfr 1576178825Sdfr * kdc/kerberos5.c (find_keys): add client_name and server_name 1577178825Sdfr argument and use them, and adapt callers. 1578178825Sdfr 1579233294Sstas2006-04-25 Love H��rnquist ��strand <lha@it.su.se> 1580178825Sdfr 1581178825Sdfr * kuser/kinit.1: document option password-file 1582178825Sdfr 1583178825Sdfr * kuser/kinit.c: Add option password-file, read password from the 1584178825Sdfr first line of a file. 1585178825Sdfr 1586178825Sdfr * configure.in: make tests/kdc/Makefile 1587178825Sdfr 1588178825Sdfr * kdc/kerberos5.c: Catch the case where the client sends no 1589178825Sdfr encryption types or no pa-types. 1590178825Sdfr 1591178825Sdfr * lib/hdb/ext.c (hdb_replace_extension): set error message on 1592178825Sdfr failure, not success. 1593178825Sdfr 1594178825Sdfr * lib/hdb/keys.c (parse_key_set): handle error case better 1595178825Sdfr (hdb_generate_key_set): return better error 1596178825Sdfr 1597233294Sstas2006-04-24 Love H��rnquist ��strand <lha@it.su.se> 1598178825Sdfr 1599178825Sdfr * lib/hdb/hdb.c (hdb_create): print out what we don't support 1600178825Sdfr 1601178825Sdfr * lib/krb5/principal.c: Remove a double free introduced in 1.93 1602178825Sdfr 1603178825Sdfr * lib/krb5/log.c (log_file): reset pointer to freed memory 1604178825Sdfr 1605178825Sdfr * lib/krb5/keytab_keyfile.c (get_cell_and_realm): reset d->cell to 1606178825Sdfr make sure its not refereced 1607178825Sdfr 1608178825Sdfr * tools/krb5-config.in: libhcrypto might depend on libasn1, switch 1609178825Sdfr order 1610178825Sdfr 1611178825Sdfr * lib/krb5/recvauth.c: indent 1612178825Sdfr 1613178825Sdfr * doc/heimdal.texi: Add Setting up PK-INIT to Detailed Node 1614178825Sdfr Listing. 1615178825Sdfr 1616178825Sdfr * lib/krb5/pkinit.c: Pass down realm to pk_verify_host so the 1617178825Sdfr function can verify the certificate is from the right realm. 1618178825Sdfr 1619178825Sdfr * lib/krb5/init_creds_pw.c: Pass down realm to 1620178825Sdfr _krb5_pk_rd_pa_reply 1621178825Sdfr 1622233294Sstas2006-04-23 Love H��rnquist ��strand <lha@it.su.se> 1623178825Sdfr 1624178825Sdfr * lib/krb5/pkinit.c (pk_verify_host): Add begining of finding 1625178825Sdfr subjectAltName_otherName pk-init-san and verifing it. 1626178825Sdfr 1627178825Sdfr * lib/krb5/sendauth.c: reindent 1628178825Sdfr 1629178825Sdfr * doc/Makefile.am: use --no-split to make one large file, mostly 1630178825Sdfr for html 1631178825Sdfr 1632178825Sdfr * doc/setup.texi: "document" pkinit_require_eku and 1633178825Sdfr pkinit_require_krbtgt_otherName 1634178825Sdfr 1635178825Sdfr * lib/krb5/pkinit.c: Add pkinit_require_eku and 1636178825Sdfr pkinit_require_krbtgt_otherName 1637178825Sdfr 1638178825Sdfr * doc/setup.texi: Add text about pk-init 1639178825Sdfr 1640178825Sdfr * tools/kdc-log-analyze.pl: count v5 cross realms too 1641178825Sdfr 1642233294Sstas2006-04-22 Love H��rnquist ��strand <lha@it.su.se> 1643178825Sdfr 1644178825Sdfr * kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1. 1645178825Sdfr 1646178825Sdfr * lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1. 1647178825Sdfr 1648233294Sstas2006-04-20 Love H��rnquist ��strand <lha@it.su.se> 1649178825Sdfr 1650178825Sdfr * kdc/pkinit.c (_kdc_pk_rd_padata): use 1651178825Sdfr hx509_cms_unwrap_ContentInfo. 1652178825Sdfr 1653178825Sdfr * kdc/config.c: unbreak 1654178825Sdfr 1655178825Sdfr * lib/krb5/pkinit.c: Handle diffrences between libhcrypto and 1656178825Sdfr libcrypto. 1657178825Sdfr 1658178825Sdfr * kdc/config.c: Rename pki-chain to pki-pool to match rest of 1659178825Sdfr code. 1660178825Sdfr 1661233294Sstas2006-04-12 Love H��rnquist ��strand <lha@it.su.se> 1662178825Sdfr 1663178825Sdfr * lib/krb5/rd_priv.c: Fix argument to krb5_data_zero. 1664178825Sdfr 1665178825Sdfr * kdc/config.c: Added certificate revoke information from 1666178825Sdfr configuration file. 1667178825Sdfr 1668178825Sdfr * kdc/pkinit.c: Added certificate revoke information. 1669178825Sdfr 1670178825Sdfr * kuser/kinit.c: Added certificate revoke information from 1671178825Sdfr configuration file. 1672178825Sdfr 1673178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke 1674178825Sdfr information, ie CRL's 1675178825Sdfr 1676233294Sstas2006-04-10 Love H��rnquist ��strand <lha@it.su.se> 1677178825Sdfr 1678178825Sdfr * lib/krb5/replay.c (krb5_rc_resolve_full): make compile again. 1679178825Sdfr 1680178825Sdfr * lib/krb5/keytab_krb4.c (krb4_kt_start_seq_get_int): make compile 1681178825Sdfr again. 1682178825Sdfr 1683178825Sdfr * lib/krb5/transited.c (make_path): make sure we return allocated 1684178825Sdfr memory Coverity, NetBSD CID#1892 1685178825Sdfr 1686178825Sdfr * lib/krb5/transited.c (make_path): make sure we return allocated 1687178825Sdfr memory Coverity, NetBSD CID#1892 1688178825Sdfr 1689178825Sdfr * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): on 1690178825Sdfr protocol failure, avoid leaking memory Coverity, NetBSD CID#1900 1691178825Sdfr 1692178825Sdfr * lib/krb5/principal.c (krb5_parse_name): remember to free realm 1693178825Sdfr in case of error Coverity, NetBSD CID#1883 1694178825Sdfr 1695178825Sdfr * lib/krb5/principal.c (krb5_425_conv_principal_ext2): remove 1696178825Sdfr memory leak in case of weird formated dns replys. 1697178825Sdfr Coverity, NetBSD CID#1885 1698178825Sdfr 1699178825Sdfr * lib/krb5/replay.c (krb5_rc_resolve_full): don't return pointer 1700178825Sdfr to a allocated krb5_rcache in case of error. 1701178825Sdfr 1702178825Sdfr * lib/krb5/log.c (krb5_addlog_dest): free fn in case of error 1703178825Sdfr Coverity, NetBSD CID#1882 1704178825Sdfr 1705178825Sdfr * lib/krb5/keytab_krb4.c: Fix deref before NULL check, fix error 1706178825Sdfr handling. Coverity, NetBSD CID#2369 1707178825Sdfr 1708178825Sdfr * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): 1709178825Sdfr in_creds->client should always be set, assume so. 1710178825Sdfr 1711178825Sdfr * lib/krb5/keytab_any.c (any_next_entry): restructure to make it 1712178825Sdfr easier to read Fixes Coverity, NetBSD CID#625 1713178825Sdfr 1714178825Sdfr * lib/krb5/crypto.c (krb5_string_to_key_derived): deref after NULL 1715178825Sdfr check. Coverity NetBSD CID#2367 1716178825Sdfr 1717178825Sdfr * lib/krb5/build_auth.c (krb5_build_authenticator): use 1718178825Sdfr calloc. removed check that was never really used. Coverity NetBSD 1719178825Sdfr CID#2370 1720178825Sdfr 1721233294Sstas2006-04-09 Love H��rnquist ��strand <lha@it.su.se> 1722178825Sdfr 1723233294Sstas * lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket�� 1724178825Sdfr points to NULL in case of error, add error handling, use calloc. 1725178825Sdfr 1726178825Sdfr * kpasswd/kpasswdd.c (doit): when done, close all fd in the 1727178825Sdfr sockets array and free it. Coverity NetBSD CID#1916 1728178825Sdfr 1729233294Sstas2006-04-08 Love H��rnquist ��strand <lha@it.su.se> 1730178825Sdfr 1731178825Sdfr * lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity, 1732178825Sdfr NetBSD CID#1695 1733178825Sdfr 1734178825Sdfr * kdc/524.c (_kdc_do_524): Handle memory allocation failure 1735178825Sdfr Coverity, NetBSD CID#2752 1736178825Sdfr 1737233294Sstas2006-04-07 Love H��rnquist ��strand <lha@it.su.se> 1738178825Sdfr 1739178825Sdfr * lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory 1740178825Sdfr leak Coverity NetBSD CID#1890 1741178825Sdfr 1742178825Sdfr * kdc/hprop.c (main): make sure type doesn't need to be set 1743178825Sdfr 1744178825Sdfr * kdc/mit_dump.c (mit_prop_dump): close fd when done processing 1745178825Sdfr Coverity NetBSD CID#1955 1746178825Sdfr 1747178825Sdfr * kdc/string2key.c (tokey): catch warnings, free memory after use. 1748178825Sdfr Based on Coverity NetBSD CID#1894 1749178825Sdfr 1750178825Sdfr * kdc/hprop.c (main): remove dead code. Coverity NetBSD CID#633 1751178825Sdfr 1752233294Sstas2006-04-04 Love H��rnquist ��strand <lha@it.su.se> 1753178825Sdfr 1754178825Sdfr * kpasswd/kpasswd-generator.c (read_words): catch empty file case, 1755178825Sdfr will cause PBE (division by zero) later. From Tobias Stoeckmann. 1756178825Sdfr 1757233294Sstas2006-04-02 Love H��rnquist ��strand <lha@it.su.se> 1758178825Sdfr 1759178825Sdfr * lib/hdb/keytab.c: Remove a delta from last revision that should 1760178825Sdfr have gone in later. 1761178825Sdfr 1762178825Sdfr * lib/krb5/krbhst.c: fix spelling 1763178825Sdfr 1764178825Sdfr * lib/krb5/send_to_kdc.c (send_and_recv_http): don't expose freed 1765178825Sdfr pointer, found by IBM checker. 1766178825Sdfr 1767178825Sdfr * lib/krb5/rd_cred.c (krb5_rd_cred): don't expose freed pointer, 1768178825Sdfr found by IBM checker. 1769178825Sdfr 1770178825Sdfr * lib/krb5/addr_families.c (krb5_make_addrport): clear return 1771178825Sdfr value on error, found by IBM checker. 1772178825Sdfr 1773178825Sdfr * kdc/kerberos5.c (check_addresses): treat netbios as no addresses 1774178825Sdfr 1775178825Sdfr * kdc/{kerberos4,kaserver}.c: _kdc_check_flags takes hdb_entry_ex 1776178825Sdfr 1777178825Sdfr * kdc/kerberos5.c (_kdc_check_flags): make it take hdb_entry_ex to 1778178825Sdfr avoid ?:'s at callers 1779178825Sdfr 1780178825Sdfr * lib/krb5/v4_glue.c: Avoid using free memory, found by IBM 1781178825Sdfr checker. 1782178825Sdfr 1783178825Sdfr * lib/krb5/transited.c (expand_realm): avoid passing NULL to 1784178825Sdfr strlen, found by IBM checker. 1785178825Sdfr 1786178825Sdfr * lib/krb5/rd_cred.c (krb5_rd_cred): avoid a memory leak on malloc 1787178825Sdfr failure, found by IBM checker. 1788178825Sdfr 1789178825Sdfr * lib/krb5/krbhst.c (_krb5_krbhost_info_move): replace a strcpy 1790178825Sdfr with a memcpy 1791178825Sdfr 1792178825Sdfr * lib/krb5/keytab_keyfile.c (get_cell_and_realm): plug a memory 1793178825Sdfr leak, found by IBM checker. 1794178825Sdfr 1795178825Sdfr * lib/krb5/keytab_file.c (fkt_next_entry_int): remove a 1796178825Sdfr dereferencing NULL pointer, found by IBM checker. 1797178825Sdfr 1798178825Sdfr * lib/krb5/init_creds_pw.c (init_creds_init_as_req): in AS-REQ the 1799178825Sdfr cname must always be given, don't avoid that fact and remove a 1800178825Sdfr cname == NULL case. Plugs a memory leak found by IBM checker. 1801178825Sdfr 1802178825Sdfr * lib/krb5/init_creds_pw.c (default_s2k_func): avoid exposing 1803178825Sdfr free-ed memory on error. Found by IBM checker. 1804178825Sdfr 1805178825Sdfr * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): use 1806178825Sdfr calloc to avoid uninitialized memory problem. 1807178825Sdfr 1808178825Sdfr * lib/krb5/data.c (krb5_copy_data): avoid exposing free-ed memory 1809178825Sdfr on error. Found by IBM checker. 1810178825Sdfr 1811178825Sdfr * lib/krb5/fcache.c (fcc_gen_new): fix a use after free, found by 1812178825Sdfr IBM checker. 1813178825Sdfr 1814178825Sdfr * lib/krb5/config_file.c (krb5_config_vget_strings): IBM checker 1815178825Sdfr thought it found a memory leak, it didn't, but there was another 1816178825Sdfr error in the code, lets fix that instead. 1817178825Sdfr 1818178825Sdfr * lib/krb5/cache.c (_krb5_expand_default_cc_name): plug memory 1819178825Sdfr leak. Found by IBM checker. 1820178825Sdfr 1821178825Sdfr * lib/krb5/cache.c (_krb5_expand_default_cc_name): avoid return 1822178825Sdfr pointer to freed memory in the error case. Found by IBM checker. 1823178825Sdfr 1824178825Sdfr * lib/hdb/keytab.c (hdb_resolve): off by one, found by IBM 1825178825Sdfr checker. 1826178825Sdfr 1827178825Sdfr * lib/hdb/keys.c (hdb_generate_key_set): set ret_key_set before 1828178825Sdfr going into the error clause and freeing key_set. Found by IBM 1829178825Sdfr checker. Make sure ret == 0 after of parse error, we catch the 1830178825Sdfr "no entries parsed" case later. 1831178825Sdfr 1832178825Sdfr * lib/krb5/log.c (krb5_addlog_dest): make string length match 1833178825Sdfr strings in strcasecmp. Found by IBM checker. 1834178825Sdfr 1835233294Sstas2006-03-30 Love H��rnquist ��strand <lha@it.su.se> 1836178825Sdfr 1837178825Sdfr * lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set 1838178825Sdfr variable_name as "hdb_entry_ex" 1839178825Sdfr (hdb_ldap_common): change "arg" in condition (if) to "search_base" 1840178825Sdfr (hdb_ldapi_create): change "serach_base" to "search_base" From 1841178825Sdfr Alex V. Labuta. 1842178825Sdfr 1843178825Sdfr * lib/krb5/pkinit.c (krb5_get_init_creds_opt_set_pkinit); fix 1844178825Sdfr prototype 1845178825Sdfr 1846178825Sdfr * kuser/kinit.c: Add pool of certificates to help certificate path 1847178825Sdfr building for clients sending incomplete path in the signedData. 1848178825Sdfr 1849233294Sstas2006-03-28 Love H��rnquist ��strand <lha@it.su.se> 1850178825Sdfr 1851178825Sdfr * kdc/pkinit.c: Add pool of certificates to help certificate path 1852178825Sdfr building for clients sending incomplete path in the signedData. 1853178825Sdfr 1854178825Sdfr * lib/krb5/pkinit.c: Add pool of certificates to help certificate 1855178825Sdfr path building for clients sending incomplete path in the 1856178825Sdfr signedData. 1857178825Sdfr 1858233294Sstas2006-03-27 Love H��rnquist ��strand <lha@it.su.se> 1859178825Sdfr 1860178825Sdfr * kdc/config.c: Allow passing in related certificates used to 1861178825Sdfr build the chain. 1862178825Sdfr 1863178825Sdfr * kdc/pkinit.c: Allow passing in related certificates used to 1864178825Sdfr build the chain. 1865178825Sdfr 1866178825Sdfr * kdc/kerberos5.c (log_patype): Add case for 1867178825Sdfr KRB5_PADATA_PA_PK_OCSP_RESPONSE. 1868178825Sdfr 1869178825Sdfr * tools/Makefile.am: Spelling 1870178825Sdfr 1871178825Sdfr * tools/krb5-config.in: Add hx509 when using PK-INIT. 1872178825Sdfr 1873178825Sdfr * tools/Makefile.am: Add hx509 when using PK-INIT. 1874178825Sdfr 1875233294Sstas2006-03-26 Love H��rnquist ��strand <lha@it.su.se> 1876178825Sdfr 1877178825Sdfr * lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS 1878178825Sdfr X Kerberos.app problems. 1879178825Sdfr 1880178825Sdfr * lib/krb5/krb5_ccapi.h: Add ticket flags definitions 1881178825Sdfr 1882178825Sdfr * lib/krb5/pkinit.c: Use less openssl, spell chelling. 1883178825Sdfr 1884178825Sdfr * kdc/pkinit.c (pk_mk_pa_reply_dh): encode the DH public key with 1885178825Sdfr asn1 wrapping 1886178825Sdfr 1887178825Sdfr * configure.in (AC_CONFIG_FILES): add lib/hx509/Makefile 1888178825Sdfr 1889178825Sdfr * lib/Makefile.am: Add hx509. 1890178825Sdfr 1891178825Sdfr * lib/krb5/Makefile.am: Add libhx509.la when PKINIT is used. 1892178825Sdfr 1893178825Sdfr * configure.in: define automake PKINIT variable 1894178825Sdfr 1895178825Sdfr * kdc/pkinit.c: Switch to hx509. 1896178825Sdfr 1897178825Sdfr * lib/krb5/pkinit.c: Switch to hx509. 1898178825Sdfr 1899233294Sstas2006-03-24 Love H��rnquist ��strand <lha@it.su.se> 1900178825Sdfr 1901178825Sdfr * kdc/kerberos5.c (log_patypes): log the patypes requested by the 1902178825Sdfr client 1903178825Sdfr 1904233294Sstas2006-03-23 Love H��rnquist ��strand <lha@it.su.se> 1905178825Sdfr 1906178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the 1907178825Sdfr req_buffer in the w2k case too. From Douglas E. Engert. 1908178825Sdfr 1909233294Sstas2006-03-19 Love H��rnquist ��strand <lha@it.su.se> 1910178825Sdfr 1911178825Sdfr * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto 1912178825Sdfr error handling. Fixes Coverity NetBSD CID 2591 by catching a 1913178825Sdfr failing krb5_copy_keyblock() 1914178825Sdfr 1915233294Sstas2006-03-17 Love H��rnquist ��strand <lha@it.su.se> 1916178825Sdfr 1917178825Sdfr * lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in 1918178825Sdfr address when free-ing. Fixes Coverity NetBSD bug #2605 1919178825Sdfr (krb5_parse_address): reset val,len before possibly return errors 1920178825Sdfr Fixes Coverity NetBSD bug #2605 1921178825Sdfr 1922233294Sstas2006-03-07 Love H��rnquist ��strand <lha@it.su.se> 1923178825Sdfr 1924178825Sdfr * lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but 1925178825Sdfr make sure nbytes > 0 1926178825Sdfr 1927178825Sdfr * lib/krb5/get_for_creds.c (add_addrs): handle the case where 1928178825Sdfr addr->len == 0 and n == 0, then realloc might return NULL. 1929178825Sdfr 1930178825Sdfr * lib/krb5/crypto.c (decrypt_*): handle the case where the 1931178825Sdfr plaintext is 0 bytes long, realloc might then return NULL. 1932178825Sdfr 1933233294Sstas2006-02-28 Love H��rnquist ��strand <lha@it.su.se> 1934178825Sdfr 1935178825Sdfr * lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived. 1936178825Sdfr 1937178825Sdfr * lib/krb5/krb5.3: Remove krb5_string_to_key_derived. 1938178825Sdfr 1939178825Sdfr * lib/krb5/crypto.c (AES_string_to_key): drop _krb5_PKCS5_PBKDF2 1940178825Sdfr and use PKCS5_PBKDF2_HMAC_SHA1 instead. 1941178825Sdfr 1942178825Sdfr * lib/krb5/aes-test.c: reformat, avoid free-ing un-init'd memory 1943178825Sdfr 1944178825Sdfr * lib/krb5/aes-test.c: Only use PKCS5_PBKDF2_HMAC_SHA1. 1945178825Sdfr 1946178825Sdfr2006-02-27 Johan Danielsson <joda@pdc.kth.se> 1947178825Sdfr 1948178825Sdfr * doc/setup.texi: remove cartouches - we don't use them anywhere 1949178825Sdfr else, they should be around the example, not inside it, and 1950178825Sdfr probably shouldn't be used in html at all 1951178825Sdfr 1952233294Sstas2006-02-18 Love H��rnquist ��strand <lha@it.su.se> 1953178825Sdfr 1954178825Sdfr * lib/krb5/krb5_warn.3: Document that applications want to use 1955178825Sdfr krb5_get_error_message, add example. 1956178825Sdfr 1957233294Sstas2006-02-16 Love H��rnquist ��strand <lha@it.su.se> 1958178825Sdfr 1959178825Sdfr * lib/krb5/crypto.c (krb5_generate_random_block): check return 1960178825Sdfr value from RAND_bytes 1961178825Sdfr 1962178825Sdfr * lib/krb5/error_string.c: Change indentation, update (c) 1963178825Sdfr 1964233294Sstas2006-02-14 Love H��rnquist ��strand <lha@it.su.se> 1965178825Sdfr 1966178825Sdfr * lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when 1967178825Sdfr compiling w/o pkinit. 1968178825Sdfr 1969233294Sstas2006-02-13 Love H��rnquist ��strand <lha@it.su.se> 1970178825Sdfr 1971178825Sdfr * lib/krb5/pkinit.c: update to new paChecksum definition, update 1972178825Sdfr the dhgroup handling 1973178825Sdfr 1974178825Sdfr * kdc/pkinit.c: update to new paChecksum definition, use 1975178825Sdfr hdb_entry_ex 1976178825Sdfr 1977233294Sstas2006-02-09 Love H��rnquist ��strand <lha@it.su.se> 1978178825Sdfr 1979178825Sdfr * lib/krb5/krb5_locl.h: Move Configurable options to last in the 1980178825Sdfr file. 1981178825Sdfr 1982178825Sdfr * lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef 1983178825Sdfr 1984233294Sstas2006-02-03 Love H��rnquist ��strand <lha@it.su.se> 1985178825Sdfr 1986178825Sdfr * kpasswd/kpasswdd.c: Send back a better error-message to the 1987178825Sdfr client in case the password change was rejected. 1988178825Sdfr 1989178825Sdfr * lib/krb5/krb5_warn.3: Document krb5_get_error_message. 1990178825Sdfr 1991178825Sdfr * lib/krb5/error_string.c (krb5_get_error_message): new function, 1992178825Sdfr and combination of krb5_get_error_string and krb5_get_err_text 1993178825Sdfr 1994178825Sdfr * lib/krb5/krb5.3: sort, and krb5_get_error_message 1995178825Sdfr 1996178825Sdfr * lib/hdb/hdb-ldap.c: Log the filter string to the error message 1997178825Sdfr when doing searches. 1998178825Sdfr 1999178825Sdfr * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): 2000178825Sdfr Use KRB5_ADDRESSLESS_DEFAULT when 2001178825Sdfr checking [appdefault]no-addresses. 2002178825Sdfr 2003178825Sdfr * lib/krb5/get_cred.c (get_cred_from_kdc_flags): Use 2004178825Sdfr KRB5_ADDRESSLESS_DEFAULT when checking 2005178825Sdfr [appdefault]no-addresses. 2006178825Sdfr 2007178825Sdfr * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): 2008178825Sdfr Use [appdefault]no-addresses before checking if the krbtgt is 2009178825Sdfr address-less, use KRB5_ADDRESSLESS_DEFAULT. 2010178825Sdfr 2011178825Sdfr * lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that 2012178825Sdfr controlls all address-less behavior. Defaults to false. 2013178825Sdfr 2014233294Sstas2006-02-01 Love H��rnquist ��strand <lha@it.su.se> 2015178825Sdfr 2016178825Sdfr * lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION 2017178825Sdfr 2018178825Sdfr * lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE 2019178825Sdfr failes to produce the matching lenghts. 2020178825Sdfr 2021233294Sstas2006-01-27 Love H��rnquist ��strand <lha@it.su.se> 2022178825Sdfr 2023178825Sdfr * kcm/protocol.c (kcm_op_retrieve): remove unused variable 2024178825Sdfr 2025233294Sstas2006-01-15 Love H��rnquist ��strand <lha@it.su.se> 2026178825Sdfr 2027178825Sdfr * tools/krb5-config.in: Move depenency on @LIB_dbopen@ to 2028178825Sdfr kadm-server, kerberos library doesn't depend on db-library. 2029178825Sdfr 2030233294Sstas2006-01-13 Love H��rnquist ��strand <lha@it.su.se> 2031178825Sdfr 2032178825Sdfr * include/Makefile.am: Don't clean crypto headers, they now live 2033178825Sdfr in hcrypto/. Add hcrypto to SUBDIRS. 2034178825Sdfr 2035178825Sdfr * include/hcrypto/Makefile.am: clean installed headers 2036178825Sdfr 2037178825Sdfr * include/make_crypto.c: include crypto headers from hcrypto/ 2038178825Sdfr 2039178825Sdfr * include/make_crypto.c: Include more crypto headerfiles. Remove 2040178825Sdfr support for old hash names. 2041178825Sdfr 2042233294Sstas2006-01-02 Love H��rnquist ��strand <lha@it.su.se> 2043178825Sdfr 2044178825Sdfr * kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry, 2045178825Sdfr from Andrew Bartlet. 2046178825Sdfr 2047178825Sdfr * Happy New Year. 2048