1178825Sdfr2008-01-24 Love H�rnquist �strand <lha@it.su.se> 2142403Snectar 3178825Sdfr * Release 1.1 4142403Snectar 5178825Sdfr2008-01-21 Love H�rnquist �strand <lha@it.su.se> 6142403Snectar 7178825Sdfr * lib/krb5/get_for_creds.c: Use on variable less. 8142403Snectar 9178825Sdfr * lib/krb5/get_for_creds.c: Try to handle ticket full and 10178825Sdfr ticketless tickets better. Add doxygen comments while here. 11178825Sdfr 12178825Sdfr * lib/krb5/test_forward.c: Used for testing 13178825Sdfr krb5_get_forwarded_creds(). 14142403Snectar 15178825Sdfr * lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward 16142403Snectar 17178825Sdfr * lib/krb5/Makefile.am: drop CHECK_SYMBOLS 18142403Snectar 19178825Sdfr * lib/hdb/Makefile.am: drop CHECK_SYMBOLS 20142403Snectar 21178825Sdfr * kdc/Makefile.am: drop CHECK_SYMBOLS 22142403Snectar 23178825Sdfr2008-01-18 Love H�rnquist �strand <lha@it.su.se> 24142403Snectar 25178825Sdfr * lib/krb5/version-script.map: Add krb5_digest_probe. 26142403Snectar 27178825Sdfr2008-01-13 Love H�rnquist �strand <lha@it.su.se> 28142403Snectar 29178825Sdfr * lib/krb5/pkinit.c: Replace hx509_name_to_der_name with 30178825Sdfr hx509_name_binary. 31178825Sdfr 32178825Sdfr2008-01-12 Love H�rnquist �strand <lha@it.su.se> 33178825Sdfr 34178825Sdfr * lib/krb5/Makefile.am: add missing files 35178825Sdfr 36178825Sdfr2007-12-28 Love H�rnquist �strand <lha@it.su.se> 37178825Sdfr 38178825Sdfr * kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the 39178825Sdfr type2 message. 40178825Sdfr 41178825Sdfr2007-12-14 Love H�rnquist �strand <lha@it.su.se> 42178825Sdfr 43178825Sdfr * lib/hdb/dbinfo.c: Add hdb_default_db(). 44178825Sdfr 45178825Sdfr * Makefile.am: Add some extra cf/*. 46178825Sdfr 47178825Sdfr2007-12-12 Love H�rnquist �strand <lha@it.su.se> 48142403Snectar 49178825Sdfr * kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov. 50178825Sdfr 51178825Sdfr2007-12-09 Love H�rnquist �strand <lha@it.su.se> 52178825Sdfr 53178825Sdfr * kdc/log.c: Use hdb_db_dir(). 54178825Sdfr 55178825Sdfr * kpasswd/kpasswdd.c: Use hdb_db_dir(). 56178825Sdfr 57178825Sdfr2007-12-08 Love H�rnquist �strand <lha@it.su.se> 58142403Snectar 59178825Sdfr * kdc/config.c: Use hdb_db_dir(). 60178825Sdfr 61178825Sdfr * kdc/kdc_locl.h: add KDC_LOG_FILE 62178825Sdfr 63178825Sdfr * kdc/hpropd.c: Use hdb_default_db(). 64178825Sdfr 65178825Sdfr * kdc/kstash.c: Use hdb_db_dir(). 66178825Sdfr 67178825Sdfr * kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir(). 68178825Sdfr 69178825Sdfr * lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check. 70178825Sdfr 71178825Sdfr * lib/krb5/verify_krb5_conf.c: Check check_pac. 72178825Sdfr 73178825Sdfr * lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac 74178825Sdfr field in the krb5_rd_req_in_ctx 75178825Sdfr 76178825Sdfr * lib/krb5/expand_hostname.c: Adapt to changing 77178825Sdfr dns_canonicalize_hostname into flags field. 78178825Sdfr 79178825Sdfr * lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname 80178825Sdfr into flags field, add check-pac as an libdefaults option. 81178825Sdfr 82178825Sdfr * lib/krb5/pkinit.c: Adapt to changes in hx509 interface. 83178825Sdfr 84178825Sdfr * doc: add doxygen documentation to hcrypto 85178825Sdfr 86178825Sdfr * doc/doxytmpl.dxy: generate links 87142403Snectar 88178825Sdfr2007-12-07 Love H�rnquist �strand <lha@it.su.se> 89178825Sdfr 90178825Sdfr * lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h 91178825Sdfr 92178825Sdfr * lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the 93178825Sdfr hdb database resides. 94178825Sdfr 95178825Sdfr * configure.in: Add --with-hdbdir to specify where the database is 96178825Sdfr stored. 97178825Sdfr 98178825Sdfr * lib/krb5/crypto.c: revert previous patch, the problem is located 99178825Sdfr in the RAND_file_name() function that will cause recursive nss 100178825Sdfr lookups, can't fix that here. 101178825Sdfr 102178825Sdfr2007-12-06 Love H�rnquist �strand <lha@it.su.se> 103178825Sdfr 104178825Sdfr * lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the 105178825Sdfr dead-lock in by not holding the lock while running 106178825Sdfr RAND_file_name. Prompted by Hai Zaar. 107178825Sdfr 108178825Sdfr * lib/krb5/n-fold.c: spelling 109142403Snectar 110178825Sdfr2007-12-04 Love H�rnquist �strand <lha@it.su.se> 111178825Sdfr 112178825Sdfr * kuser/kdigest.c (digest-probe): implement command. 113178825Sdfr 114178825Sdfr * kuser/kdigest-commands.in (digest-probe): new command 115142403Snectar 116178825Sdfr * kdc/digest.c: Implement supportedMechs request. 117142403Snectar 118178825Sdfr * lib/krb5/error_string.c: Make krb5_get_error_string return an 119178825Sdfr allocated string to make the function indempotent. From 120178825Sdfr Zeqing (Fred) Xia. 121142403Snectar 122178825Sdfr2007-12-03 Love H�rnquist �strand <lha@it.su.se> 123142403Snectar 124178825Sdfr * lib/krb5/krb5_locl.h (krb5_context_data): Flag if 125178825Sdfr default_cc_name was set by the user. 126178825Sdfr 127178825Sdfr * lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate. 128178825Sdfr 129178825Sdfr * kcm/acquire.c: use krb5_free_cred_contents 130178825Sdfr 131178825Sdfr * kuser/kimpersonate.c: use krb5_free_cred_contents 132142403Snectar 133178825Sdfr * kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the 134178825Sdfr cred cache. 135127808Snectar 136178825Sdfr * lib/krb5/cache.c: Put back code that was needed, move gen_new 137178825Sdfr into new_unique. 138127808Snectar 139178825Sdfr * lib/krb5/mcache.c (mcc_default_name): Remove const 140127808Snectar 141178825Sdfr * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine 142178825Sdfr KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE 143178825Sdfr 144178825Sdfr * lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the 145178825Sdfr default name. 146178825Sdfr 147178825Sdfr * lib/krb5/kcm.c: Implement krb5_cc_ops->default_name. 148178825Sdfr 149178825Sdfr * lib/krb5/mcache.c: Implement krb5_cc_ops->default_name. 150178825Sdfr 151178825Sdfr * lib/krb5/fcache.c: Implement krb5_cc_ops->default_name. 152178825Sdfr 153178825Sdfr * lib/krb5/krb5.h: Add krb5_cc_ops->default_name. 154178825Sdfr 155178825Sdfr * lib/krb5/acache.c: Free context when done, implement 156178825Sdfr krb5_cc_ops->default_name. 157178825Sdfr 158178825Sdfr * lib/krb5/kcm.c: implement dummy kcm_move 159178825Sdfr 160178825Sdfr * lib/krb5/mcache.c: Implement the move operation. 161178825Sdfr 162178825Sdfr * lib/krb5/version-script.map: export krb5_cc_move 163178825Sdfr 164178825Sdfr * lib/krb5/cache.c: New function krb5_cc_move(). 165178825Sdfr 166178825Sdfr * lib/krb5/fcache.c: Implement the move operation. 167178825Sdfr 168178825Sdfr * lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major 169178825Sdfr version bump. 170178825Sdfr 171178825Sdfr * lib/krb5/acache.c: Implement the move operation. Avoid using 172178825Sdfr cc_set_principal() since it broken on Mac OS X 10.5.0. 173127808Snectar 174178825Sdfr2007-12-02 Love H�rnquist �strand <lha@it.su.se> 175127808Snectar 176178825Sdfr * lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow. 177127808Snectar 178178825Sdfr2007-11-14 Love H�rnquist �strand <lha@it.su.se> 179127808Snectar 180178825Sdfr * kdc/krb5tgs.c: Should pass different key usage constants 181178825Sdfr depending on whether or not optional sub-session key was passed by 182178825Sdfr the client for the check of authorization data. The constant is 183178825Sdfr used to derive "specific key" and its values are specified in 184178825Sdfr 7.5.1 of RFC4120. 185127808Snectar 186178825Sdfr Patch from Andy Polyakov. 187178825Sdfr 188178825Sdfr * kdc/krb5tgs.c: Don't send auth data in referrals, microsoft 189178825Sdfr clients have started to not like that. Thanks to Andy Polyakov for 190178825Sdfr excellent research. 191178825Sdfr 192178825Sdfr2007-11-11 Love H�rnquist �strand <lha@it.su.se> 193178825Sdfr 194178825Sdfr * lib/krb5/creds.c: use krb5_data_cmp 195178825Sdfr 196178825Sdfr * lib/krb5/acache.c: use krb5_free_cred_contents 197178825Sdfr 198178825Sdfr * lib/krb5/test_renew.c: use krb5_free_cred_contents 199127808Snectar 200178825Sdfr2007-11-10 Love H�rnquist �strand <lha@it.su.se> 201178825Sdfr 202178825Sdfr * lib/krb5/acl.c: doxygen documentation 203178825Sdfr 204178825Sdfr * lib/krb5/addr_families.c: doxygen documentation 205178825Sdfr 206178825Sdfr * doc: add doxygen 207178825Sdfr 208178825Sdfr * lib/krb5/plugin.c: doxygen documentation 209178825Sdfr 210178825Sdfr * lib/krb5/kcm.c: doxygen documentation 211178825Sdfr 212178825Sdfr * lib/krb5/fcache.c: doxygen documentation 213178825Sdfr 214178825Sdfr * lib/krb5/cache.c: doxygen documentations 215127808Snectar 216178825Sdfr * lib/krb5/doxygen.c: doxygen introduction 217178825Sdfr 218178825Sdfr * lib/krb5/error_string.c: Doxygen documentation. 219178825Sdfr 220178825Sdfr2007-11-03 Love H�rnquist �strand <lha@it.su.se> 221178825Sdfr 222178825Sdfr * lib/krb5/test_plugin.c: expose krb5_plugin_register 223178825Sdfr 224178825Sdfr * lib/krb5/plugin.c: expose krb5_plugin_register 225178825Sdfr 226178825Sdfr * lib/krb5/version-script.map: sort, expose krb5_plugin_register 227178825Sdfr 228178825Sdfr2007-10-24 Love H�rnquist �strand <lha@it.su.se> 229178825Sdfr 230178825Sdfr * kdc/kerberos5.c: Adding same enctype is enough one time. From 231178825Sdfr Andy Polyakov and Bjorn Sandell. 232127808Snectar 233178825Sdfr2007-10-18 Love <lha@stacken.kth.se> 234127808Snectar 235178825Sdfr * lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value 236178825Sdfr from krb5_cc_start_seq_get. From Zeqing (Fred) Xia 237127808Snectar 238178825Sdfr * lib/krb5/fcache.c (init_fcc): provide better error codes 239127808Snectar 240178825Sdfr * kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid 241178825Sdfr sending warning about pruned etypes. 242178825Sdfr 243178825Sdfr * kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour 244178825Sdfr based) "old", this to support windows 2000 clients (unjoined to a 245178825Sdfr domain). From Andy Polyakov. 246178825Sdfr 247178825Sdfr2007-10-07 Love H�rnquist �strand <lha@it.su.se> 248178825Sdfr 249178825Sdfr * doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell. 250127808Snectar 251178825Sdfr2007-10-04 Love H�rnquist �strand <lha@it.su.se> 252127808Snectar 253178825Sdfr * kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA 254178825Sdfr Ken'ichi. 255127808Snectar 256178825Sdfr * lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is 257178825Sdfr NULL on failure. 258127808Snectar 259178825Sdfr2007-10-03 Love H�rnquist �strand <lha@it.su.se> 260178825Sdfr 261178825Sdfr * kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from 262178825Sdfr krb5_addr2sockaddr and igore thte test is that case. 263127808Snectar 264178825Sdfr2007-09-29 Love H�rnquist �strand <lha@it.su.se> 265127808Snectar 266178825Sdfr * lib/krb5/context.c (krb5_free_context): free 267178825Sdfr default_cc_name_env, from Gunther Deschner. 268127808Snectar 269178825Sdfr2007-08-27 Love H�rnquist �strand <lha@it.su.se> 270178825Sdfr 271178825Sdfr * lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make 272178825Sdfr work with c++, reported by Hai Zaar 273178825Sdfr 274178825Sdfr * lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar 275178825Sdfr 276178825Sdfr2007-08-20 Love H�rnquist �strand <lha@it.su.se> 277178825Sdfr 278178825Sdfr * lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema 279178825Sdfr 280178825Sdfr2007-07-31 Love H�rnquist �strand <lha@it.su.se> 281178825Sdfr 282178825Sdfr * check return value of alloc functions, from Charles Longeau 283178825Sdfr 284178825Sdfr * lib/krb5/principal.c: spelling. 285178825Sdfr 286178825Sdfr * kadmin/kadmin.8: spelling 287178825Sdfr 288178825Sdfr * lib/krb5/crypto.c: Check return values from alloc 289178825Sdfr functions. Prompted by patch of Charles Longeau. 290178825Sdfr 291178825Sdfr * lib/krb5/n-fold.c: Make _krb5_n_fold return a error 292178825Sdfr code. Prompted by patch of Charles Longeau. 293178825Sdfr 294178825Sdfr2007-07-27 Love H�rnquist �strand <lha@it.su.se> 295178825Sdfr 296178825Sdfr * lib/krb5/init_creds.c: Always set the ticket options, use 297178825Sdfr KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset 298178825Sdfr tri-state not so useful. 299178825Sdfr 300178825Sdfr2007-07-24 Love H�rnquist �strand <lha@it.su.se> 301178825Sdfr 302178825Sdfr * tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of 303178825Sdfr libraries. 304178825Sdfr 305178825Sdfr * tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in 306178825Sdfr heimdal. 307178825Sdfr 308178825Sdfr * tools/Makefile.am: Add heimdal-gssapi.pc and install it into 309178825Sdfr $(libdir)/pkgconfig 310178825Sdfr 311178825Sdfr2007-07-23 Love H�rnquist �strand <lha@it.su.se> 312178825Sdfr 313178825Sdfr * lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default. 314178825Sdfr 315178825Sdfr2007-07-22 Love H�rnquist �strand <lha@it.su.se> 316178825Sdfr 317178825Sdfr * lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as 318178825Sdfr key if the entry is a correct entry. 319178825Sdfr 320178825Sdfr * lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from 321178825Sdfr Gunther Deschner. 322178825Sdfr 323178825Sdfr * lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS. 324178825Sdfr 325178825Sdfr * lib/krb5/test_renew.c: Test for krb5_get_renewed_creds. 326178825Sdfr 327178825Sdfr2007-07-21 Love H�rnquist �strand <lha@it.su.se> 328178825Sdfr 329178825Sdfr * lib/hdb/keys.c: Make parse_key_set handle key set string "v5", 330178825Sdfr from Peter Meinecke. 331178825Sdfr 332178825Sdfr * kdc/kaserver.c: Don't ovewrite the error code, from Peter 333178825Sdfr Meinecke. 334178825Sdfr 335178825Sdfr2007-07-18 Love H�rnquist �strand <lha@it.su.se> 336178825Sdfr 337178825Sdfr * TODO-1.0: remove 338178825Sdfr 339178825Sdfr * Makefile.am: remove TODO-1.0 340178825Sdfr 341178825Sdfr2007-07-17 Love H�rnquist �strand <lha@it.su.se> 342178825Sdfr 343178825Sdfr * Heimdal 1.0 release branch cut here 344127808Snectar 345178825Sdfr * doc/hx509.texi: use version.texi 346127808Snectar 347178825Sdfr * doc/heimdal.texi: use version.texi 348178825Sdfr 349178825Sdfr * doc/version.texi: version.texi 350127808Snectar 351178825Sdfr * lib/hdb/db3.c: avoid type-punned pointer warning. 352127808Snectar 353178825Sdfr * kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to 354178825Sdfr please OpenSSL and gcc. 355127808Snectar 356178825Sdfr * kdc/digest.c: Use unsigned char * as argument to MD5_Update to 357178825Sdfr please OpenSSL and gcc. 358127808Snectar 359178825Sdfr2007-07-16 Love H�rnquist �strand <lha@it.su.se> 360127808Snectar 361178825Sdfr * include/Makefile.am: Add krb_err.h. 362127808Snectar 363178825Sdfr * kdc/set_dbinfo.c: Print acl file too. 364127808Snectar 365178825Sdfr * kdc/kerberos4.c: Error codes are just fine, remove XXX now. 366127808Snectar 367178825Sdfr * lib/krb5/krb5-v4compat.h: Drop duplicate error codes. 368127808Snectar 369178825Sdfr * kdc/kerberos4.c: switch to ET errors. 370127808Snectar 371178825Sdfr * lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ. 372127808Snectar 373178825Sdfr * lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the 374178825Sdfr et BASE. 375127808Snectar 376178825Sdfr2007-07-15 Love H�rnquist �strand <lha@it.su.se> 377127808Snectar 378178825Sdfr * lib/krb5/krb5-v4compat.h: Include "krb_err.h". 379127808Snectar 380178825Sdfr * lib/krb5/v4_glue.c: return more interesting error codes. 381178825Sdfr 382178825Sdfr * lib/krb5/plugin.c: Prefix enum plugin_type. 383178825Sdfr 384178825Sdfr * lib/krb5/krb5_locl.h: Expose plugin structures. 385127808Snectar 386178825Sdfr * lib/krb5/krb5.h: Add plugin structures. 387127808Snectar 388178825Sdfr * lib/krb5/krb_err.et: V4 errors. 389178825Sdfr 390178825Sdfr * lib/krb5/version-script.map: First version of version script. 391178825Sdfr 392178825Sdfr2007-07-13 Love H�rnquist �strand <lha@it.su.se> 393178825Sdfr 394178825Sdfr * kdc/kerberos5.c: Java 1.6 expects the name to be the same type, 395178825Sdfr lets allow that for uncomplicated name-types. 396178825Sdfr 397178825Sdfr2007-07-12 Love H�rnquist �strand <lha@it.su.se> 398178825Sdfr 399178825Sdfr * lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains 400178825Sdfr address 0, its ticket less and don't really care about 401178825Sdfr from_addr. return better error codes. 402178825Sdfr 403178825Sdfr * kpasswd/kpasswdd.c: Fix pointer vs strict alias rules. 404178825Sdfr 405178825Sdfr2007-07-11 Love H�rnquist �strand <lha@it.su.se> 406178825Sdfr 407178825Sdfr * lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding 408178825Sdfr more then one enctype 23 to krb5EncryptionType. 409178825Sdfr 410178825Sdfr * lib/krb5/cache.c: Spelling. 411178825Sdfr 412178825Sdfr * kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO. 413178825Sdfr (get_pa_etype_info2): return the enctypes as sorted in the 414178825Sdfr database 415178825Sdfr 416178825Sdfr2007-07-10 Love H�rnquist �strand <lha@it.su.se> 417178825Sdfr 418178825Sdfr * kuser/kinit.c: krb5-v4compat.h defines prototypes for 419178825Sdfr v4 (semiprivate functions) in libkrb5, don't include 420178825Sdfr krb5-private.h any longer. 421178825Sdfr 422178825Sdfr * lib/krb5/krbhst.c: Set error string when there is no KDC for a 423178825Sdfr realm. 424178825Sdfr 425178825Sdfr * lib/krb5/Makefile.am: New library version. 426178825Sdfr 427178825Sdfr * kdc/Makefile.am: New library version. 428178825Sdfr 429178825Sdfr * lib/krb5/krb5_locl.h: Add default_cc_name_env. 430178825Sdfr 431178825Sdfr * lib/krb5/cache.c (enviroment_changed): return non-zero if 432178825Sdfr enviroment that will determine default krb5cc name has changed. 433178825Sdfr (krb5_cc_default_name): also check if cached value is uptodate. 434178825Sdfr 435178825Sdfr * lib/krb5/krb5_locl.h: Drop pkinit_flags. 436178825Sdfr 437178825Sdfr2007-07-05 Love H�rnquist �strand <lha@it.su.se> 438178825Sdfr 439178825Sdfr * configure.in: add tests/java/Makefile 440178825Sdfr 441178825Sdfr * lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file. 442178825Sdfr 443178825Sdfr2007-07-04 Love H�rnquist �strand <lha@it.su.se> 444178825Sdfr 445178825Sdfr * kdc/kerberos5.c: Improve the default salt detection to avoid 446178825Sdfr returning v4 password salting to java that doesn't look at the 447178825Sdfr returning padata for salting. 448178825Sdfr 449178825Sdfr * kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett 450178825Sdfr 451178825Sdfr2007-07-02 Love H�rnquist �strand <lha@it.su.se> 452178825Sdfr 453178825Sdfr * kdc/digest.c: Try harder to provide better error message for 454178825Sdfr digest messages. 455178825Sdfr 456178825Sdfr * lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on 457178825Sdfr krb5-pr*.h, make -j finds this. 458127808Snectar 459178825Sdfr2007-06-28 Love H�rnquist �strand <lha@it.su.se> 460127808Snectar 461178825Sdfr * kdc/digest.c: On success, print username, not ip-adress. 462127808Snectar 463178825Sdfr2007-06-26 Love H�rnquist �strand <lha@it.su.se> 464127808Snectar 465178825Sdfr * lib/krb5/get_cred.c: Add krb5_get_renewed_creds. 466178825Sdfr 467178825Sdfr * lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds 468178825Sdfr 469178825Sdfr * lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo. 470127808Snectar 471178825Sdfr2007-06-25 Love H�rnquist �strand <lha@it.su.se> 472127808Snectar 473178825Sdfr * doc/setup.texi: Add example for pkinit_win2k_require_binding 474178825Sdfr in [kdc] section. 475127808Snectar 476178825Sdfr * kdc/default_config.c: Rename require_binding to 477178825Sdfr win2k_require_binding to match client configuration. 478127808Snectar 479178825Sdfr * kdc/default_config.c: Add [kdc]pkinit_require_binding option. 480127808Snectar 481178825Sdfr * kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply 482178825Sdfr if its not required. 483127808Snectar 484178825Sdfr * kdc/default_config.c: rename pkinit_princ_in_cert and add 485178825Sdfr pkinit_require_binding 486127808Snectar 487178825Sdfr * kdc/kdc.h: rename pkinit_princ_in_cert and add 488178825Sdfr pkinit_require_binding 489178825Sdfr 490178825Sdfr * kdc/pkinit.c: rename pkinit_princ_in_cert 491178825Sdfr 492178825Sdfr2007-06-24 Love H�rnquist �strand <lha@it.su.se> 493178825Sdfr 494178825Sdfr * lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change. 495178825Sdfr 496178825Sdfr2007-06-21 Love H�rnquist �strand <lha@it.su.se> 497178825Sdfr 498178825Sdfr * kdc/krb5tgs.c: Drop unused variable. 499178825Sdfr 500178825Sdfr * kdc/krb5tgs.c: disable anonyous tgs requests 501178825Sdfr 502178825Sdfr * kdc/krb5tgs.c: Don't check PAC on cross realm for now. 503178825Sdfr 504178825Sdfr * kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse 505178825Sdfr nametypes. 506178825Sdfr 507178825Sdfr * lib/krb5/krb5_principal.3: Document krb5_parse_nametype. 508178825Sdfr 509178825Sdfr * lib/krb5/principal.c (krb5_parse_nametype): parse nametype and 510178825Sdfr return their integer values. 511178825Sdfr 512178825Sdfr * lib/krb5/krb5.h (krb5_get_creds): Add 513178825Sdfr KRB5_GC_CONSTRAINED_DELEGATION. 514178825Sdfr 515178825Sdfr * lib/krb5/get_cred.c (krb5_get_creds): if 516178825Sdfr KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous 517178825Sdfr and constrained_delegation. 518178825Sdfr 519178825Sdfr2007-06-20 Love H�rnquist �strand <lha@it.su.se> 520178825Sdfr 521178825Sdfr * kdc/digest.c: Return an error message instead of dropping the 522178825Sdfr packet for more failure cases. 523178825Sdfr 524178825Sdfr * lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY. 525178825Sdfr 526178825Sdfr * appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more 527178825Sdfr gracefully 528127808Snectar 529178825Sdfr2007-06-18 Love H�rnquist �strand <lha@it.su.se> 530127808Snectar 531178825Sdfr * lib/krb5/pac.c: make compile. 532127808Snectar 533178825Sdfr * lib/krb5/pac.c (verify_checksum): memset cksum to avoid using 534178825Sdfr pointer from stack. 535178825Sdfr 536178825Sdfr * lib/krb5/plugin.c: Don't expose free pointer. 537178825Sdfr 538178825Sdfr * lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first 539178825Sdfr calloc. 540127808Snectar 541178825Sdfr * lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory 542127808Snectar 543178825Sdfr * lib/krb5/krbhst.c: Host is static memory, don't free. 544127808Snectar 545178825Sdfr * lib/krb5/crypto.c (decrypt_internal_derived): make sure length 546178825Sdfr is longer then confounder + checksum. 547127808Snectar 548178825Sdfr * kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from 549178825Sdfr users. This to allows libkdc users to to specify their own 550178825Sdfr databases 551127808Snectar 552178825Sdfr * lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of 553178825Sdfr content data (and avoid leaking memory). 554127808Snectar 555178825Sdfr * kdc/misc.c (_kdc_db_fetch): set error string for failures. 556178825Sdfr 557178825Sdfr2007-06-15 Love H�rnquist �strand <lha@it.su.se> 558127808Snectar 559178825Sdfr * kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS. 560178825Sdfr 561178825Sdfr2007-06-13 Love H�rnquist �strand <lha@it.su.se> 562178825Sdfr 563178825Sdfr * kdc/pkinit.c: tell user when they got a pk-init request with 564178825Sdfr pkinit disabled. 565178825Sdfr 566178825Sdfr2007-06-12 Love H�rnquist �strand <lha@it.su.se> 567127808Snectar 568178825Sdfr * lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to 569178825Sdfr UNPARSE_DISPLAY. 570127808Snectar 571178825Sdfr * lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY. 572178825Sdfr 573178825Sdfr * lib/krb5/principal.c: Make no-quote mean replace strange chars 574178825Sdfr with space. 575178825Sdfr 576178825Sdfr * lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. 577178825Sdfr 578178825Sdfr * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. 579178825Sdfr 580178825Sdfr * lib/krb5/test_princ.c: Test quoteing. 581178825Sdfr 582178825Sdfr * lib/krb5/pkinit.c: update (c) 583127808Snectar 584178825Sdfr * lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC. 585127808Snectar 586178825Sdfr * lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole 587178825Sdfr process needs to restart or just skip this KDC. 588178825Sdfr 589178825Sdfr * lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to 590178825Sdfr KDC. 591178825Sdfr 592178825Sdfr * lib/krb5/krb5.h: Add sendto hooks and opaque structure. 593178825Sdfr 594178825Sdfr * lib/krb5/krb5_rd_error.3: Update prototype. 595178825Sdfr 596178825Sdfr * lib/krb5/send_to_kdc.c: Add hooks for processing the reply from 597178825Sdfr the server. 598127808Snectar 599178825Sdfr2007-06-11 Love H�rnquist �strand <lha@it.su.se> 600127808Snectar 601178825Sdfr * lib/krb5/krb5_err.et: Some new error codes from RFC 4120. 602127808Snectar 603178825Sdfr2007-06-09 Love H�rnquist �strand <lha@it.su.se> 604127808Snectar 605178825Sdfr * kdc/krb5tgs.c: Constify. 606178825Sdfr 607178825Sdfr * kdc/kerberos5.c: Constify. 608178825Sdfr 609178825Sdfr * kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify. 610178825Sdfr 611178825Sdfr2007-06-08 Love H�rnquist �strand <lha@it.su.se> 612178825Sdfr 613178825Sdfr * include/Makefile.am: Make krb5-types.h nodist_include_HEADERS. 614178825Sdfr 615178825Sdfr * kdc/Makefile.am: EXTRA_DIST += version-script.map. 616127808Snectar 617178825Sdfr2007-06-07 Love H�rnquist �strand <lha@it.su.se> 618178825Sdfr 619178825Sdfr * Makefile.am (print-distdir): print name of dist 620127808Snectar 621178825Sdfr * kdc/pkinit.c: Break out loading of mappings file to a separate 622178825Sdfr function and remove warning that it can't open the mapping file, 623178825Sdfr there are now mappings in the db, maybe the users uses that 624178825Sdfr instead... 625127808Snectar 626178825Sdfr * lib/krb5/crypto.c: Require the raw key have the correct size and 627178825Sdfr do away with the minsize. Minsize was a thing that originated 628178825Sdfr from RC2, but since RC2 is done in the x509/cms subsystem now 629178825Sdfr there is no need to keep that around. 630103423Snectar 631178825Sdfr * lib/hdb/dbinfo.c: If there is no default dbname, also check for 632178825Sdfr unset mkey_file and set it default mkey name, make backward compat 633178825Sdfr stuff work. 634103423Snectar 635178825Sdfr * kdc/version-script.map: add new symbols 636103423Snectar 637178825Sdfr * kdc/kdc-replay.c: Also update krb5_context view of what the time 638178825Sdfr is. 639103423Snectar 640178825Sdfr * configure.in: add tests/can/Makefile 641103423Snectar 642178825Sdfr * kdc/kdc-replay.c: Add --[version|help]. 643103423Snectar 644178825Sdfr * kdc/pkinit.c: Push down the kdc time into the x509 library. 645107207Snectar 646178825Sdfr * kdc/connect.c: Move up krb5_kdc_save_request so we can catch the 647178825Sdfr reply data too. 648107207Snectar 649178825Sdfr * kdc/kdc-replay.c: verify reply by checking asn1 class, type and 650178825Sdfr tag of the reply if there is one. 651107207Snectar 652178825Sdfr * kdc/process.c: Save asn1 class, type and tag of the reply if 653178825Sdfr there is one. Used to verify the reply in kdc-replay. 654107207Snectar 655178825Sdfr2007-06-06 Love H�rnquist �strand <lha@it.su.se> 656178825Sdfr 657178825Sdfr * kdc/kdc_locl.h: extern for request_log. 658178825Sdfr 659178825Sdfr * kdc/Makefile.am: Add kdc-replay. 660178825Sdfr 661178825Sdfr * kdc/kdc-replay.c: Replay kdc messages to the KDC library. 662178825Sdfr 663178825Sdfr * kdc/config.c: Pick up request_log from [kdc]kdc-request-log. 664178825Sdfr 665178825Sdfr * kdc/connect.c: Option to save the request to disk. 666178825Sdfr 667178825Sdfr * kdc/process.c (krb5_kdc_save_request): save request to file. 668178825Sdfr 669178825Sdfr * kdc/process.c (krb5_kdc_process*): dont update _kdc_time 670178825Sdfr automagicly. 671178825Sdfr (krb5_kdc_update_time): set or get current kdc-time. 672178825Sdfr 673178825Sdfr * kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and 674178825Sdfr pkauthdata as the signeddata oid 675120945Snectar 676178825Sdfr * kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong. 677107207Snectar 678178825Sdfr2007-06-05 Love H�rnquist �strand <lha@it.su.se> 679178825Sdfr 680178825Sdfr * kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to 681178825Sdfr match windows DC behavior better. 682178825Sdfr 683178825Sdfr2007-06-04 Love H�rnquist �strand <lha@it.su.se> 684107207Snectar 685178825Sdfr * configure.in: use test for -framework Security 686107207Snectar 687178825Sdfr * appl/test/uu_server.c: Print status to stdout. 688178825Sdfr 689178825Sdfr * kdc/digest.c (digest ntlm): provide log entires by setting ret 690178825Sdfr to an error. 691120945Snectar 692178825Sdfr2007-06-03 Love H�rnquist �strand <lha@it.su.se> 693107207Snectar 694178825Sdfr * doc/hx509.texi: Indent crl-sign. 695103423Snectar 696178825Sdfr * doc/hx509.texi: One more crl-sign example. 697107207Snectar 698178825Sdfr * lib/krb5/test_princ.c: plug memory leaks. 699103423Snectar 700178825Sdfr * lib/krb5/pac.c: plug memory leaks. 701103423Snectar 702178825Sdfr * lib/krb5/test_pac.c: plug memory leaks. 703103423Snectar 704178825Sdfr * lib/krb5/test_prf.c: plug memory leak. 705103423Snectar 706178825Sdfr * lib/krb5/test_cc.c: plug memory leaks. 707178825Sdfr 708178825Sdfr * doc/hx509.texi: Simple blob about publishing CRLs. 709178825Sdfr 710178825Sdfr * doc/win2k.texi: drop text about enctypes. 711120945Snectar 712178825Sdfr2007-06-02 Love H�rnquist �strand <lha@it.su.se> 713103423Snectar 714178825Sdfr * kdc/pkinit.c: In case of OCSP verification failure, referash 715178825Sdfr every 5 min. In case of success, refreash 2 min before expiring or 716178825Sdfr faster. 717120945Snectar 718178825Sdfr2007-05-31 Love H�rnquist �strand <lha@it.su.se> 719120945Snectar 720178825Sdfr * lib/krb5/krb5_err.et: add error 68, WRONG_REALM 721103423Snectar 722178825Sdfr * kdc/pkinit.c: Handle the ms san in a propper way, still cheat 723178825Sdfr with the realm name. 724103423Snectar 725178825Sdfr * kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out 726178825Sdfr directly and hand the error back to the client. 727178825Sdfr 728178825Sdfr * lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE 729178825Sdfr and fix error message for CLIENT_NAME_MISMATCH. 730178825Sdfr 731178825Sdfr * kdc/pkinit.c: More logging for pk-init client mismatch. 732178825Sdfr 733178825Sdfr * kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for 734178825Sdfr windows pk-init (-9) to make MIT clients happy. 735120945Snectar 736178825Sdfr2007-05-30 Love H�rnquist �strand <lha@it.su.se> 737120945Snectar 738178825Sdfr * kdc/pkinit.c: Force des3 for win2k. 739103423Snectar 740178825Sdfr * kdc/pkinit.c: Add wrapping to ContentInfo wrapping to 741178825Sdfr COMPAT_WIN2K. 742103423Snectar 743178825Sdfr * lib/krb5/keytab_keyfile.c: Spelling. 744178825Sdfr 745178825Sdfr * kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta 746178825Sdfr doesn't deal with case of realm. 747120945Snectar 748178825Sdfr2007-05-16 Love H�rnquist �strand <lha@it.su.se> 749103423Snectar 750178825Sdfr * lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead 751178825Sdfr of encryption. 752120945Snectar 753178825Sdfr2007-05-10 Dave Love <fx@gnu.org> 754178825Sdfr 755178825Sdfr * doc/win2k.texi: Update some URLs. 756103423Snectar 757178825Sdfr2007-05-13 Love H�rnquist �strand <lha@it.su.se> 758178825Sdfr 759178825Sdfr * kuser/kimpersonate.c: Fix version number of ticket, it should be 760178825Sdfr 5 not the kvno. 761120945Snectar 762178825Sdfr2007-05-08 Love H�rnquist �strand <lha@it.su.se> 763103423Snectar 764178825Sdfr * doc/setup.texi: Salting is really Encryption types and salting. 765120945Snectar 766178825Sdfr2007-05-07 Love H�rnquist �strand <lha@it.su.se> 767178825Sdfr 768178825Sdfr * doc/setup.texi: spelling, from Ronny Blomme 769103423Snectar 770178825Sdfr * doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny 771178825Sdfr Blomme 772120945Snectar 773178825Sdfr2007-05-02 Love H�rnquist �strand <lha@it.su.se> 774103423Snectar 775178825Sdfr * lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database 776178825Sdfr specified, create one and let it use the defaults. 777120945Snectar 778178825Sdfr2007-04-27 Love H�rnquist �strand <lha@it.su.se> 779120945Snectar 780178825Sdfr * lib/hdb/test_dbinfo.c: test acl file 781103423Snectar 782178825Sdfr * lib/hdb/test_dbinfo.c: test acl file 783178825Sdfr 784178825Sdfr * lib/hdb/dbinfo.c: add acl file 785178825Sdfr 786178825Sdfr * etc: ignore Makefile.in 787178825Sdfr 788178825Sdfr * Makefile.am: SUBDIRS += etc 789178825Sdfr 790178825Sdfr * configure.in: Add etc/Makefile. 791178825Sdfr 792178825Sdfr * etc/Makefile.am: make sure services.append is distributed 793178825Sdfr 794178825Sdfr2007-04-24 Love H�rnquist �strand <lha@it.su.se> 795178825Sdfr 796178825Sdfr * kdc: rename windc_init to krb5_kdc_windc_init 797178825Sdfr 798178825Sdfr * kdc/version-script.map: version script for libkdc 799120945Snectar 800178825Sdfr * kdc/Makefile.am: version script for libkdc 801178825Sdfr 802178825Sdfr2007-04-23 Love H�rnquist �strand <lha@it.su.se> 803103423Snectar 804178825Sdfr * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): 805178825Sdfr correct the order of the arguments. 806178825Sdfr 807178825Sdfr * lib/hdb/Makefile.am: Add and test dbinfo. 808178825Sdfr 809178825Sdfr * lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo; 810178825Sdfr 811178825Sdfr * kdc/config.c: Use krb5_kdc_get_config and just fill in what the 812178825Sdfr users wanted differently. 813178825Sdfr 814178825Sdfr * kdc/default_config.c: Make the default configuration fetch info 815178825Sdfr from the krb5.conf. 816120945Snectar 817178825Sdfr2007-04-22 Love H�rnquist �strand <lha@it.su.se> 818103423Snectar 819178825Sdfr * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to 820178825Sdfr determine if to send the session-key, for the second place in the 821178825Sdfr function. 822103423Snectar 823178825Sdfr * tools/krb5-config.in: rename des to hcrypto 824103423Snectar 825178825Sdfr * kuser/Makefile.am: depend on libheimntlm 826103423Snectar 827178825Sdfr * kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for 828178825Sdfr this domain if the Kerberos password auth worked. 829103423Snectar 830178825Sdfr * kuser/klist.c: add new option --hidden that doesn't display 831178825Sdfr principal that starts with @ 832103423Snectar 833178825Sdfr * tools/krb5-config.in: Add heimntlm when we use gssapi. 834103423Snectar 835178825Sdfr * lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to 836178825Sdfr free 'cred' with. 837103423Snectar 838178825Sdfr * lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free 839178825Sdfr 'cred' with. 840120945Snectar 841178825Sdfr2007-04-21 Love H�rnquist �strand <lha@it.su.se> 842103423Snectar 843178825Sdfr * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to 844178825Sdfr determine if to send the session-key. 845178825Sdfr 846178825Sdfr * kcm/client.c (kcm_ccache_new_client): make root be able to pass 847178825Sdfr the name constraints, not the opposite. From Bryan Jacobs. 848120945Snectar 849178825Sdfr2007-04-20 Love H�rnquist �strand <lha@it.su.se> 850103423Snectar 851178825Sdfr * kcm/acl.c: make compile again. 852103423Snectar 853178825Sdfr * kcm/client.c: fix warning. 854178825Sdfr 855178825Sdfr * kcm: First, it allows root to ignore the naming conventions. 856178825Sdfr Second, it allows root to always perform any operation on any 857178825Sdfr ccache. Note that root could do this anyway with FILE ccaches. 858178825Sdfr From Bryan Jacobs. 859103423Snectar 860178825Sdfr * Rename libdes to libhcrypto. 861103423Snectar 862178825Sdfr2007-04-19 Love H�rnquist �strand <lha@it.su.se> 863103423Snectar 864178825Sdfr * kinit: remove code that depend on kerberos 4 library 865103423Snectar 866178825Sdfr * kdc: remove code that depend on kerberos 4 library 867120945Snectar 868178825Sdfr * configure.in: Drop kerberos 4 support. 869103423Snectar 870178825Sdfr * kdc/hpropd.c (main): free the message when done with it. 871103423Snectar 872178825Sdfr * lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit): 873178825Sdfr remember to free memory too. 874103423Snectar 875178825Sdfr * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when 876178825Sdfr done. 877103423Snectar 878178825Sdfr * configure.in: test rk_VERSIONSCRIPT 879120945Snectar 880178825Sdfr2007-04-18 Love H�rnquist �strand <lha@it.su.se> 881103423Snectar 882178825Sdfr * fix-export: remove, all done by make dist now 883103423Snectar 884178825Sdfr2007-04-15 Love H�rnquist �strand <lha@it.su.se> 885103423Snectar 886178825Sdfr * lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre 887103423Snectar 888178825Sdfr2007-04-11 Love H�rnquist �strand <lha@it.su.se> 889103423Snectar 890178825Sdfr * kdc/kstash.8: Spelling, from raga <raga@comcast.net> 891178825Sdfr via Bjorn Sandell. 892103423Snectar 893178825Sdfr * lib/krb5/store_mem.c: indent. 894103423Snectar 895178825Sdfr * lib/krb5/recvauth.c: Set error string. 896103423Snectar 897178825Sdfr * lib/krb5/rd_req.c: clear error strings. 898103423Snectar 899178825Sdfr * lib/krb5/rd_cred.c: clear error string. 900103423Snectar 901178825Sdfr * lib/krb5/pkinit.c: Set error strings. 902103423Snectar 903178825Sdfr * lib/krb5/get_cred.c: Tell what principal we are not finding for 904178825Sdfr all KRB5_CC_NOTFOUND. 905120945Snectar 906178825Sdfr2007-02-22 Love H�rnquist �strand <lha@it.su.se> 907120945Snectar 908178825Sdfr * kdc/kerberos5.c: Return the same error codes as a windows KDC. 909103423Snectar 910178825Sdfr * kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password 911178825Sdfr failed. 912120945Snectar 913178825Sdfr * kdc/kerberos5.c: Make handling of replying e_data more generic, 914178825Sdfr from metze. 915103423Snectar 916178825Sdfr * kdc/kerberos5.c: Fix (string const and shadow) warnings, from 917178825Sdfr metze. 918103423Snectar 919178825Sdfr * lib/krb5/pac.c: Create the PAC element in the same order as 920178825Sdfr w2k3, maybe there's some broken code in windows which relies on 921178825Sdfr this... From metze. 922103423Snectar 923178825Sdfr * kdc/kerberos5.c: Select a session enctype from the list of the 924178825Sdfr crypto systems supported enctype, is supported by the client and 925178825Sdfr is one of the enctype of the enctype of the krbtgt. 926120945Snectar 927178825Sdfr The later is used as a hint what enctype all KDC are supporting to 928178825Sdfr make sure a newer version of KDC wont generate a session enctype 929178825Sdfr that and older version of a KDC in the same realm can't decrypt. 930178825Sdfr 931178825Sdfr But if the KDC admin is paranoid and doesn't want to have "no the 932178825Sdfr best" enctypes on the krbtgt, lets save the best pick from the 933178825Sdfr client list and hope that that will work for any other KDCs. 934178825Sdfr 935178825Sdfr Reported by metze. 936103423Snectar 937178825Sdfr * kdc/hprop.c (propagate_database): on any failure, drop the 938178825Sdfr connection to the peer and try next one. 939120945Snectar 940178825Sdfr2007-02-18 Love H�rnquist �strand <lha@it.su.se> 941103423Snectar 942178825Sdfr * lib/krb5/krb5_get_init_creds.3: document new options. 943103423Snectar 944178825Sdfr * kdc/krb5tgs.c: Only check service key for cross realm PACs. 945103423Snectar 946178825Sdfr * lib/krb5/init_creds.c: use the new merged flags field. 947178825Sdfr (krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k 948178825Sdfr compat flags. 949103423Snectar 950178825Sdfr * lib/krb5/init_creds_pw.c: use the new merged flags field. 951103423Snectar 952178825Sdfr * lib/krb5/krb5_locl.h: merge all flags into one entity 953102644Snectar 954178825Sdfr2007-02-11 Dave Love <fx@gnu.org> 955102644Snectar 956178825Sdfr * lib/krb5/krb5_aname_to_localname.3: Small fixes 957102644Snectar 958178825Sdfr * lib/krb5/krb5_digest.3: Small fixes 959102644Snectar 960178825Sdfr * kuser/kimpersonate.1: Small fixes 96190926Snectar 962178825Sdfr2007-02-17 Love H�rnquist �strand <lha@it.su.se> 96390926Snectar 964178825Sdfr * lib/krb5/init_creds_pw.c (find_pa_data): if there is no list, 965178825Sdfr there is no entry. 96690926Snectar 967178825Sdfr * kdc/krb5tgs.c: Don't check PACs on cross realm requests. 96890926Snectar 969178825Sdfr * lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES. 97090926Snectar 971178825Sdfr * lib/krb5/init_creds_pw.c: Verify client referral data. 972178825Sdfr 973178825Sdfr * kdc/kerberos5.c: switch some "return ret" to "goto out". 974120945Snectar 975178825Sdfr * kdc/kerberos5.c: Pass down canonicalize request to hdb layer, 976178825Sdfr sign client referrals. 977178825Sdfr 978178825Sdfr * lib/hdb/hdb.h: Add HDB_F_CANON. 97990926Snectar 980178825Sdfr * lib/hdb: add simple alias support to the database backends 98190926Snectar 982178825Sdfr2007-02-16 Love H�rnquist �strand <lha@it.su.se> 98390926Snectar 984178825Sdfr * kuser/kinit.c: Add canonicalize flag. 98590926Snectar 986178825Sdfr * lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support 987178825Sdfr canonicalize. 98890926Snectar 989178825Sdfr * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize): 990178825Sdfr new function. 991178825Sdfr 992178825Sdfr * lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags. 99390926Snectar 994178825Sdfr * lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags. 99590926Snectar 996178825Sdfr * lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags. 997178825Sdfr 998178825Sdfr2007-02-15 Love H�rnquist �strand <lha@it.su.se> 99990926Snectar 1000178825Sdfr * lib/krb5/test_princ.c: test parsing enterprise-names. 100190926Snectar 1002178825Sdfr * lib/krb5/principal.c: Add support for parsing enterprise-names. 1003178825Sdfr 1004178825Sdfr * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE. 1005178825Sdfr 1006178825Sdfr * lib/hdb/hdb-ldap.c: Make work again. 1007120945Snectar 1008178825Sdfr2007-02-11 Dave Love <fx@gnu.org> 1009178825Sdfr 1010178825Sdfr * kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value. 1011120945Snectar 1012178825Sdfr2007-02-10 Love H�rnquist �strand <lha@it.su.se> 1013120945Snectar 1014178825Sdfr * doc/setup.texi: prune trailing space 101590926Snectar 1016178825Sdfr * lib/hdb/db.c: Be better at setting and clearing error string. 101790926Snectar 1018178825Sdfr * lib/hdb/hdb.c: Be better at setting and clearing error string. 101990926Snectar 1020178825Sdfr2007-02-09 Love H�rnquist �strand <lha@it.su.se> 102190926Snectar 1022178825Sdfr * lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name 1023178825Sdfr to print out the keytab name. 102490926Snectar 1025178825Sdfr * doc/setup.texi: Spelling, from Guido Guenther 1026120945Snectar 1027178825Sdfr2007-02-08 Love H�rnquist �strand <lha@it.su.se> 1028178825Sdfr 1029178825Sdfr * lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen. 1030178825Sdfr 1031178825Sdfr2007-02-06 Love H�rnquist �strand <lha@it.su.se> 1032178825Sdfr 1033178825Sdfr * lib/krb5/test_store.c (test_uint16): unsigned ints can't be 1034178825Sdfr negative 1035120945Snectar 1036178825Sdfr2007-02-03 Love H�rnquist �strand <lha@it.su.se> 103790926Snectar 1038178825Sdfr * kdc/pkinit.c: pass extra flags for detached signatures. 1039178825Sdfr 1040178825Sdfr * lib/krb5/pkinit.c: pass extra flags for detached signatures. 1041178825Sdfr 1042178825Sdfr * kdc/digest.c: Remove debug output. 1043178825Sdfr 1044178825Sdfr * kuser/kdigest.c: Add support for ms-chap-v2 client. 1045120945Snectar 1046178825Sdfr2007-02-02 Love H�rnquist �strand <lha@it.su.se> 1047178825Sdfr 1048178825Sdfr * kdc/digest.c: Fix ms-chap-v2 get_masterkey 104990926Snectar 1050178825Sdfr * kdc/digest.c: Fix ms-chap-v2 mutual response auth code. 105190926Snectar 1052178825Sdfr * kuser/kdigest.c: Print session key if there is one. 105390926Snectar 1054178825Sdfr * lib/krb5/digest.c: rename hash-a1 to session key 105590926Snectar 1056178825Sdfr * kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2 105790926Snectar 1058178825Sdfr * kuser/kdigest.c: print rsp if there is one, from Klas. 1059178825Sdfr 1060178825Sdfr * kdc/digest.c: Use right size, from Klas Lindfors. 1061178825Sdfr 1062178825Sdfr * kuser/kdigest.c: Set client nonce if avaible, from Klas. 1063178825Sdfr 1064178825Sdfr * kdc/digest.c: First version from kllin. 1065178825Sdfr 1066178825Sdfr * kuser/kdigest.c: Don't restrict the type. 1067120945Snectar 1068178825Sdfr2007-02-01 Love H�rnquist �strand <lha@it.su.se> 1069178825Sdfr 1070178825Sdfr * kuser/kdigest-commands.in: add --client-response 107190926Snectar 1072178825Sdfr * kuser/kdigest.c: Print status instead of response. 107390926Snectar 1074178825Sdfr * kdc/digest.c: Better logging and return status = FALSE when 1075178825Sdfr checksum doesn't match. 1076178825Sdfr 1077178825Sdfr * kdc/digest.c: Check the digest response in the KDC. 1078178825Sdfr 1079178825Sdfr * lib/krb5/digest.c: New functions to send in requestResponse to 1080178825Sdfr KDC and get status of the request. 1081178825Sdfr 1082178825Sdfr * kdc/digest.c: Add support for MS-CHAP v2. 1083178825Sdfr 1084178825Sdfr * lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap. 1085120945Snectar 1086178825Sdfr2007-01-31 Love H�rnquist �strand <lha@it.su.se> 108790926Snectar 1088178825Sdfr * fix-export: Make hx509.info too 1089178825Sdfr 1090178825Sdfr * kdc/digest.c: don't verify identifier in CHAP, its the client 1091178825Sdfr that chooses it. 1092120945Snectar 1093178825Sdfr2007-01-23 Love H�rnquist �strand <lha@it.su.se> 109490926Snectar 1095178825Sdfr * lib/krb5/Makefile.am: Basic test of prf. 109690926Snectar 1097178825Sdfr * lib/krb5/test_prf.c: Basic test of prf. 109890926Snectar 1099178825Sdfr * lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF 1100178825Sdfr functions. 1101178825Sdfr 1102178825Sdfr * lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions. 1103178825Sdfr 1104178825Sdfr * lib/krb5/krb5_data.3: Document krb5_data_cmp. 1105178825Sdfr 1106178825Sdfr * lib/krb5/data.c: Add krb5_data_cmp. 1107120945Snectar 1108178825Sdfr2007-01-20 Love H�rnquist �strand <lha@it.su.se> 110990926Snectar 1110178825Sdfr * kdc/kx509.c: Don't use C99 syntax. 1111178825Sdfr 1112178825Sdfr2007-01-17 Love H�rnquist �strand <lha@it.su.se> 1113178825Sdfr 1114178825Sdfr * configure.in: its LIBADD_roken (and shouldn't really exist, our 1115178825Sdfr libtool usage it broken) 111690926Snectar 1117178825Sdfr * configure.in: Add an extra variable for roken, LIBADD, that 1118178825Sdfr should be used for library depencies. 111990926Snectar 1120178825Sdfr * lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer. 112190926Snectar 1122178825Sdfr * lib/krb5/krb5_init_context.3: fix mdoc errors 112390926Snectar 1124178825Sdfr * Heimdal 0.8 branch cut today 1125178825Sdfr 1126178825Sdfr * doc/hx509.texi: Spelling and more about proxy certificates. 1127178825Sdfr 1128178825Sdfr * configure.in: check for arc4random 1129120945Snectar 1130178825Sdfr2007-01-16 Love H�rnquist �strand <lha@it.su.se> 1131120945Snectar 1132178825Sdfr * lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data 1133178825Sdfr before starting 113490926Snectar 1135178825Sdfr * tools/heimdal-build.sh: make cvs keep quiet 113690926Snectar 1137178825Sdfr * kuser/kverify.c: Use argument as principal if passed an 1138178825Sdfr argument. Bug report from Douglas E. Engert 1139120945Snectar 1140178825Sdfr2007-01-15 Love H�rnquist �strand <lha@it.su.se> 1141178825Sdfr 1142178825Sdfr * lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider 1143178825Sdfr the enc_tkt_in_skey case, from Douglas E. Engert. 114490926Snectar 1145178825Sdfr * kdc/kx509.c: Issue certificates. 114690926Snectar 1147178825Sdfr * kdc/config.c: Parse kx509/kca configuration. 1148178825Sdfr 1149178825Sdfr * kdc/kdc.h: add kx509 config 1150120945Snectar 1151178825Sdfr2007-01-14 Love H�rnquist �strand <lha@it.su.se> 1152178825Sdfr 1153178825Sdfr * kdc/kerberos5.c (_kdc_find_padata): if there is not padata, 1154178825Sdfr there is nothing find. 115590926Snectar 1156178825Sdfr * doc/hx509.texi: Examples for pk-init. 1157178825Sdfr 1158178825Sdfr * doc/hx509.texi: About extending ca lifetime and sub cas. 1159120945Snectar 1160178825Sdfr2007-01-13 Love H�rnquist �strand <lha@it.su.se> 1161178825Sdfr 1162178825Sdfr * doc/hx509.texi: More about certificates. 1163178825Sdfr 1164178825Sdfr2007-01-12 Love H�rnquist �strand <lha@it.su.se> 116590926Snectar 1166178825Sdfr * doc/hx509.texi: add Application requirements and write about 1167178825Sdfr xmpp/jabber. 1168120945Snectar 1169178825Sdfr2007-01-11 Love H�rnquist �strand <lha@it.su.se> 117090926Snectar 1171178825Sdfr * doc/hx509.texi: More about issuing certificates. 117290926Snectar 1173178825Sdfr * doc/hx509.texi: Start of a x.509 manual. 117490926Snectar 1175178825Sdfr * include/Makefile.am: remove install headerfiles 117690926Snectar 1177178825Sdfr * lib/krb5/test_pac.c: Use more interesting data to cause more 1178178825Sdfr errors. 117990926Snectar 1180178825Sdfr * include/Makefile.am: remove install headerfiles 118190926Snectar 1182178825Sdfr * lib/krb5/mcache.c: MCC_CURSOR not used, remove. 118390926Snectar 1184178825Sdfr * lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used 1185178825Sdfr 1186178825Sdfr * lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to 1187178825Sdfr allocate data 1188120945Snectar 1189178825Sdfr2007-01-10 Love H�rnquist �strand <lha@it.su.se> 1190120945Snectar 1191178825Sdfr * doc/setup.texi: Hint about hxtool validate. 1192178825Sdfr 1193178825Sdfr * appl/test/uu_server.c: print both "server" and "client" 1194178825Sdfr 1195178825Sdfr * kdc/krb5tgs.c: Rename keys to be more obvious what they do. 1196178825Sdfr 1197178825Sdfr * kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew 1198178825Sdfr Bartlett 1199120945Snectar 1200178825Sdfr * kdc/windc.c: ident, spelling. 120190926Snectar 1202178825Sdfr * kdc/windc_plugin.h: indent. 120390926Snectar 1204178825Sdfr * kdc/krb5tgs.c: Pass down server entry to verify_pac function. 1205178825Sdfr from Andrew Bartlett 120690926Snectar 1207178825Sdfr * kdc/windc.c: pass down server entry to verify_pac function, from 1208178825Sdfr Andrew Bartlett 120990926Snectar 1210178825Sdfr * kdc/windc_plugin.h: pass down server entry to verify_pac 1211178825Sdfr function, from Andrew Bartlett 121290926Snectar 1213178825Sdfr * configure.in: Provide a automake symbol ENABLE_SHARED if shared 1214178825Sdfr libraries are built. 1215178825Sdfr 1216178825Sdfr * lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock 1217178825Sdfr when verifying the PAC. From Andrew Bartlett. 1218120945Snectar 1219178825Sdfr2007-01-09 Love H�rnquist �strand <lha@it.su.se> 122090926Snectar 1221178825Sdfr * lib/krb5/test_pac.c: move around to code test on real PAC. 122290926Snectar 1223178825Sdfr * lib/krb5/pac.c: A tiny 2 char diffrence that make the code work 1224178825Sdfr for real. 122590926Snectar 1226178825Sdfr * lib/krb5/test_pac.c: Test more PAC (note that the values used in 1227178825Sdfr this test is wrong, they have to be fixed when the pac code is 1228178825Sdfr fixed). 122990926Snectar 1230178825Sdfr * doc/setup.texi: Update to new hxtool issue-certificate usage 123190926Snectar 1232178825Sdfr * lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS 1233178825Sdfr and PK-INIT pa data, no need to expose our password protecting our 1234178825Sdfr PKCS12 key. 1235178825Sdfr 1236178825Sdfr * kuser/klist.c (print_cred_verbose): include ticket length in the 1237178825Sdfr verbose output 1238120945Snectar 1239178825Sdfr2007-01-08 Love H�rnquist �strand <lha@it.su.se> 1240178825Sdfr 1241178825Sdfr * lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without 1242178825Sdfr it linux is unhappy. 124390926Snectar 1244178825Sdfr * lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without 1245178825Sdfr it linux is unhappy. 124690926Snectar 1247178825Sdfr * lib/krb5/name-45-test.c: One of the hosts I sometimes uses is 1248178825Sdfr named "bar.domain", this make one of the tests pass when it 1249178825Sdfr shouldn't. 125090926Snectar 1251178825Sdfr2007-01-05 Love H�rnquist �strand <lha@it.su.se> 1252178825Sdfr 1253178825Sdfr * doc/setup.texi: Change --key argument to --out-key. 1254178825Sdfr 1255178825Sdfr * kuser/kimpersonate.1: mangle my name 1256120945Snectar 1257178825Sdfr2007-01-04 Love H�rnquist �strand <lha@it.su.se> 1258178825Sdfr 1259178825Sdfr * doc/setup.texi: describe how to use hx509 to create 1260178825Sdfr certificates. 126190926Snectar 1262178825Sdfr * tools/heimdal-build.sh: Add --distcheck. 1263178825Sdfr 1264178825Sdfr * kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check 1265178825Sdfr if we should include the PAC in the krbtgt. 1266178825Sdfr 1267178825Sdfr * kdc/pkinit.c (_kdc_as_rep): check if 1268178825Sdfr krb5_generate_random_keyblock failes. 1269178825Sdfr 1270178825Sdfr * kdc/kerberos5.c (_kdc_as_rep): check if 1271178825Sdfr krb5_generate_random_keyblock failes. 1272178825Sdfr 1273178825Sdfr * kdc/krb5tgs.c (tgs_build_reply): check if 1274178825Sdfr krb5_generate_random_keyblock failes. 1275178825Sdfr 1276178825Sdfr * kdc/krb5tgs.c: Scope etype. 1277178825Sdfr 1278178825Sdfr * lib/krb5/rd_req.c: Make it possible to turn off PAC check, its 1279178825Sdfr default on. 1280178825Sdfr 1281178825Sdfr * lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify 1282178825Sdfr its server signature. 1283178825Sdfr 1284178825Sdfr * kdc/kerberos5.c (_kdc_as_rep): call windc client access hook. 1285178825Sdfr (_kdc_tkt_add_if_relevant_ad): constify in data argument. 1286178825Sdfr 1287178825Sdfr * kdc/windc_plugin.h: More comments add a client_access hook. 1288178825Sdfr 1289178825Sdfr * kdc/windc.c: Add _kdc_windc_client_access. 1290178825Sdfr 1291178825Sdfr * kdc/krb5tgs.c: rename functions after export some more pac 1292178825Sdfr functions. 1293178825Sdfr 1294178825Sdfr * lib/krb5/test_pac.c: export some more pac functions. 1295178825Sdfr 1296178825Sdfr * lib/krb5/pac.c: export some more pac functions. 1297178825Sdfr 1298178825Sdfr * kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC. 1299178825Sdfr 1300178825Sdfr * configure.in: add tests/plugin/Makefile 130178527Sassar 1302178825Sdfr2007-01-03 Love H�rnquist �strand <lha@it.su.se> 130378527Sassar 1304178825Sdfr * kdc/krb5tgs.c: Get right key for PAC krbtgt verification. 130578527Sassar 1306178825Sdfr * kdc/config.c: spelling 130778527Sassar 1308178825Sdfr * lib/krb5/krb5.h: typedef for krb5_pac. 130978527Sassar 1310178825Sdfr * kdc/headers.h: Include <windc_plugin.h>. 131178527Sassar 1312178825Sdfr * kdc/Makefile.am: Include windc.c and use windc_plugin.h 1313178825Sdfr 1314178825Sdfr * kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain 1315178825Sdfr Controller. 1316178825Sdfr 1317178825Sdfr * kdc/kerberos5.c: Call callbacks for emulating a Windows Domain 1318178825Sdfr Controller. Move the some of the log related stuff to its own 1319178825Sdfr function. 1320178825Sdfr 1321178825Sdfr * kdc/config.c: Init callbacks for emulating a Windows Domain 1322178825Sdfr Controller. 1323178825Sdfr 1324178825Sdfr * kdc/windc.c: Rename the init function to windc instead of pac. 1325178825Sdfr 1326178825Sdfr * kdc/windc.c: Callbacks specific to emulating a Windows Domain 1327178825Sdfr Controller. 1328178825Sdfr 1329178825Sdfr * kdc/windc_plugin.h: Callbacks specific to emulating a Windows 1330178825Sdfr Domain Controller. 1331178825Sdfr 1332178825Sdfr * lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ 1333178825Sdfr 1334178825Sdfr * lib/krb5/pac.c: Support all keyed checksum types. 133578527Sassar 1336178825Sdfr2007-01-02 Love H�rnquist �strand <lha@it.su.se> 1337120945Snectar 1338178825Sdfr * lib/krb5/pac.c (krb5_pac_get_types): Return list of types. 1339120945Snectar 1340178825Sdfr * lib/krb5/test_pac.c: test krb5_pac_get_types 1341178825Sdfr 1342178825Sdfr * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA. 1343178825Sdfr 1344178825Sdfr * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA. 1345178825Sdfr 1346178825Sdfr * lib/krb5/krb5.h: Add KRB5_KRBHST_KCA. 1347178825Sdfr 1348178825Sdfr * lib/krb5/test_pac.c: test Add/remove pac buffer functions. 1349178825Sdfr 1350178825Sdfr * lib/krb5/pac.c: Add/remove pac buffer functions. 1351178825Sdfr 1352178825Sdfr * lib/krb5/pac.c: sprinkle const 1353178825Sdfr 1354178825Sdfr * lib/krb5/pac.c: rename DCHECK to CHECK 1355120945Snectar 1356178825Sdfr * Happy New Year. 1357