2004-03-12 Love Hörnquist Åstrand * lib/krb5/verify_krb5_conf.c: understand [password_quality] spelling * kuser/kgetcred.1: document --canonicalize * kuser/kgetcred.c: add --canonicalize 2004-03-10 Love Hörnquist Åstrand * lib/krb5/fcache.c (fcc_store_cred): NULL terminate krb5_config_get_bool_default' arglist 2004-03-09 Love Hörnquist Åstrand * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply * kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry * kdc/pkinit.c: pass client hdb_entry to pk_check_client * kdc/kdc_locl.h: pass client hdb_entry to pk_check_client * kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its more like that language in RFC3280 * lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since its more like that language in RFC3280 * lib/krb5/krb5.conf.5: document [libdefaults]fcc-mit-ticketflags=boolean * lib/krb5/fcache.c (fcc_store_cred): use [libdefaults]fcc-mit-ticketflags=boolean to decide what format to write the fcc in. Default to mit version (aka heimdal 0.7) * lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and _krb5_store_creds_heimdal_pre_0_7 that store the creds in just that format make krb5_store_creds default to mit format * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is the higher bits of the bitfield 2004-03-08 Love Hörnquist Åstrand * lib/krb5/store.c (krb5_store_creds): add disabled code that store the ticket flags in reverse order (bitswap32): new function * lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags are set, its a mit cache, reverse the bits, bug pointed out by Sergio Gelato 2004-03-07 Love Hörnquist Åstrand * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP * * kuser/kinit.c: when running kinit with a subprocess, fetch new tickets after half the tickets lifetime * lib/hdb/hdb.c: spelling * lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba password database. From: Andrew Bartlett * kdc/config.c: add --disable-DES * kdc/kdc.8: document --detach and --disable-DES * kdc/kerberos5.c: check if enctype is disabled before using it * lib/krb5/crypto.c: add support for disabling checksum/encryption types * tools/kdc-log-analyze.pl: add more cases * kdc/connect.c: on strange tcp error; log local port number and socket type * lib/asn1/der.h: fix prototype of encode_utf8string * lib/asn1/gen.c: catch CHOICE and generate dummy placeholder * lib/asn1/lex.l: added dummy parsing of CHOICE * lib/asn1/parse.y: added dummy parsing of CHOICE * lib/asn1/k5.asn1: drop SMTP_NAME 2004-03-06 Love Hörnquist Åstrand * lib/hdb/Makefile.am: support building ldap backend as module sort asn1 hdb files * lib/hdb/hdb.c: when building ldap as a shared module, don't include it in the list * configure.in: add --enable-hdb-openldap-module * lib/hdb/hdb-ldap.c: make ldap possible to build as a shared module * lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew Bartlett * lib/krb5/crypto.c (decrypt_internal_special): do not not modify the original data test case from Ronnie Sahlberg 2004-03-03 Love Hörnquist Åstrand * lib/krb5/test_cc.c: more cc tests, mostly related to mcc behavior * lib/krb5/mcache.c (mcc_get_principal): also check for primary_principal == NULL now that that isn't used as dead flag * lib/krb5/mcache.c: don't overload the primary_principal == NULL as dead since that doesn't always work. Based on patch from Jeffrey Hutzelman , tweeked by me 2004-02-22 Love Hörnquist Åstrand * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp * lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp * lib/hdb/db3.c: fix all db >= 4.1 cases * doc/setup.texi: add text about hostname to realm mapping using DNS 2004-02-20 Love Hörnquist Åstrand * kdc/pkinit.c: update error codes * lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_ * lib/krb5/pkinit.c: update error codes 2004-02-19 Love Hörnquist Åstrand * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort() * lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling * lib/krb5/store.c: handle memory allocate errors * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok, and don't put an error in the error strings then 2004-02-13 Love Hörnquist Åstrand * kdc/pkinit.c: s/heim_big_integer/heim_integer/ * lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/ * kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors * lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors 2004-02-12 Love Hörnquist Åstrand * configure.in: rename AC_WFLAGS to rk_WFLAGS * acinclude.m4: use m4_define, over-quote string 2004-02-11 Love Hörnquist Åstrand * lib/krb5/init_creds_pw.c (change_password): handle that printf("%.*s", 0, (void*)NULL); doesn't work on solaris 2004-02-10 Love Hörnquist Åstrand * kpasswd/kpasswd.c (change_password): handle that printf("%.*s", 0, (void*)NULL); doesn't work on solaris * lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses some locate.updatedb, use FILES section to describe where the file is instead. 2004-02-07 Love Hörnquist Åstrand * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned for certain negative integers, it got the length wrong" , from Panasas, Inc. * lib/asn1/der_length.c: Fix len_unsigned for certain negative integers, it got the length wrong, fix from Panasas, Inc. rename len_int and len_unsigned to _heim_\& * lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int 2004-02-06 Dave Love * configure.in: Check for sys/socket.h, net/if.h. Modify term.h, security/pam_appl.h tests. 2004-02-03 Love Hörnquist Åstrand * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add up the size of all the elements, don't use just the size of the last element. * lib/krb5/aes-test.c: add "next iv" test for aes128, check decryption case too * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of the next to last block, fix decryption case too * lib/krb5/aes-test.c: add "next iv" test for aes128 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of the next to last block * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode error * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode error * lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1 encode error * lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode error * lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1 encode error * lib/krb5/build_auth.c (krb5_build_authenticator): abort on internal asn1 encode error * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal asn1 encode error 2004-01-30 Love Hörnquist Åstrand * doc/setup.texi: some text about order of [capaths] realms 2004-01-25 Love Hörnquist Åstrand * lib/krb5/context.c: register WRFILE ops * lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE) * lib/krb5/krb5.h: add krb5_wrfkt_ops * kpasswd/kpasswdd.c (change): use the right password when changing the password 2004-01-21 Love Hörnquist Åstrand * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it means that the filesystem doesn't support locking * lib/krb5/keytab.c: remove #if 0 out file locking code 2004-01-19 Love Hörnquist Åstrand * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the size of all the elements, don't use just the size of the last element. 2004-01-13 Love Hörnquist Åstrand * kuser/kinit.c (renew_validate): if renewable_flag and not time specifed, use "1 month" 2004-01-08 Love Hörnquist Åstrand * lib/krb5/krb5_keyblock.3: add prototypes, describe krb5_keyblock_zero 2004-01-05 Love Hörnquist Åstrand * lib/krb5/get_for_creds.c (add_addrs): don't add same address multiple times * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to handle errors better for previous commit * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets are address-less, forward address-less tickets. * lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and export it