2004-03-20 Love Hörnquist Åstrand * lib/krb5/aes-test.c: remove #if 0'ed code * lib/krb5/krb5.3: add keyblock functions, 177 functions to go * lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache * lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket * lib/krb5/krb5_config.3: document krb5_config_free_strings and krb5_config_file_free * lib/krb5/krb5_create_checksum.3: add krb5_hmac * lib/krb5/krb5.3: add keyblock functions, 190 functions to go * lib/krb5/krb5_keyblock.3: update .Dd * lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and krb5_generate_random_keyblock * lib/krb5/krb5_init_context.3: add krb5_init_ets * lib/krb5/krb5_config.3: add more krb5_config_ functions and prototypes * lib/krb5/krb5_init_context.3: document context modifcation functions: address list, config file, use admin kdc, fcc version * lib/krb5/krb5_storage.3: document krb5_storage and related functions * lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc manpages and test_acl test program * lib/krb5/krb5.3: add error string functions and sort * lib/krb5/krb5_warn.3: document krb5_abort and error string functions * lib/krb5/krb5.3: add missing functions, only 285 left to document * lib/krb5/krb5_crypto_init.3: remove various enctype related function * lib/krb5/krb5_encrypt.3: add various enctype related function here * lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid krb5_cksumtype_valid * lib/krb5/crypto.c: real return values for krb5_{enctype,cksumtype}_valid * lib/krb5/krb5_create_checksum.3: add some functions and descriptions * lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions * lib/krb5/krb5_auth_context.3: document krb5_auth_con_generatelocalsubkey * lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags * lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name * lib/krb5/krb5_init_context.3: document krb5_add_et_list * lib/krb5/krb524_convert_creds_kdc.3: document krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache * lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_* * lib/krb5/test_acl.c: test for generic acl code * lib/krb5/acl.c: plug memory leak on file matching, make it not fall over when no non matching acl, make fnmatch matching useful by switching arguments 2004-03-19 Love Hörnquist Åstrand * kdc/config.c: add --builtin-hdb command * lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin backends * doc/setup.texi: include Luke Howard of PADL.COM ldap hdb documentation * doc/win2k.texi: fix bugs in examples, add more restrictions, use example.com as an example. From: Pavel Ferdan 2004-03-18 Johan Danielsson * lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin] password_lifetime; from Henry B. Hotz 2004-03-14 Love Hörnquist Åstrand * lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY is set send subkey (generate if needed) * lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY 2004-03-14 Love Hörnquist Åstrand * lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks, and free memory in error path, assume realloc(NULL, ...) works, factor out common code, indent 2004-03-12 Love Hörnquist Åstrand * lib/krb5/verify_krb5_conf.c: understand [password_quality] spelling * kuser/kgetcred.1: document --canonicalize * kuser/kgetcred.c: add --canonicalize 2004-03-10 Love Hörnquist Åstrand * lib/krb5/fcache.c (fcc_store_cred): NULL terminate krb5_config_get_bool_default' arglist 2004-03-09 Love Hörnquist Åstrand * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply * kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry * kdc/pkinit.c: pass client hdb_entry to pk_check_client * kdc/kdc_locl.h: pass client hdb_entry to pk_check_client * kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its more like that language in RFC3280 * lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since its more like that language in RFC3280 * lib/krb5/krb5.conf.5: document [libdefaults]fcc-mit-ticketflags=boolean * lib/krb5/fcache.c (fcc_store_cred): use [libdefaults]fcc-mit-ticketflags=boolean to decide what format to write the fcc in. Default to mit version (aka heimdal 0.7) * lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and _krb5_store_creds_heimdal_pre_0_7 that store the creds in just that format make krb5_store_creds default to mit format * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is the higher bits of the bitfield 2004-03-08 Love Hörnquist Åstrand * lib/krb5/store.c (krb5_store_creds): add disabled code that store the ticket flags in reverse order (bitswap32): new function * lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags are set, its a mit cache, reverse the bits, bug pointed out by Sergio Gelato 2004-03-07 Love Hörnquist Åstrand * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP * * kuser/kinit.c: when running kinit with a subprocess, fetch new tickets after half the tickets lifetime * lib/hdb/hdb.c: spelling * lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba password database. From: Andrew Bartlett * kdc/config.c: add --disable-DES * kdc/kdc.8: document --detach and --disable-DES * kdc/kerberos5.c: check if enctype is disabled before using it * lib/krb5/crypto.c: add support for disabling checksum/encryption types * tools/kdc-log-analyze.pl: add more cases * kdc/connect.c: on strange tcp error; log local port number and socket type * lib/asn1/der.h: fix prototype of encode_utf8string * lib/asn1/gen.c: catch CHOICE and generate dummy placeholder * lib/asn1/lex.l: added dummy parsing of CHOICE * lib/asn1/parse.y: added dummy parsing of CHOICE * lib/asn1/k5.asn1: drop SMTP_NAME 2004-03-06 Love Hörnquist Åstrand * lib/hdb/Makefile.am: support building ldap backend as module sort asn1 hdb files * lib/hdb/hdb.c: when building ldap as a shared module, don't include it in the list * configure.in: add --enable-hdb-openldap-module * lib/hdb/hdb-ldap.c: make ldap possible to build as a shared module * lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew Bartlett * lib/krb5/crypto.c (decrypt_internal_special): do not not modify the original data test case from Ronnie Sahlberg 2004-03-03 Love Hörnquist Åstrand * lib/krb5/test_cc.c: more cc tests, mostly related to mcc behavior * lib/krb5/mcache.c (mcc_get_principal): also check for primary_principal == NULL now that that isn't used as dead flag * lib/krb5/mcache.c: don't overload the primary_principal == NULL as dead since that doesn't always work. Based on patch from Jeffrey Hutzelman , tweeked by me 2004-02-22 Love Hörnquist Åstrand * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp * lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp * lib/hdb/db3.c: fix all db >= 4.1 cases * doc/setup.texi: add text about hostname to realm mapping using DNS 2004-02-20 Love Hörnquist Åstrand * kdc/pkinit.c: update error codes * lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_ * lib/krb5/pkinit.c: update error codes 2004-02-19 Love Hörnquist Åstrand * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort() * lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling * lib/krb5/store.c: handle memory allocate errors * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok, and don't put an error in the error strings then 2004-02-13 Love Hörnquist Åstrand * kdc/pkinit.c: s/heim_big_integer/heim_integer/ * lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/ * kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors * lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors 2004-02-12 Love Hörnquist Åstrand * configure.in: rename AC_WFLAGS to rk_WFLAGS * acinclude.m4: use m4_define, over-quote string 2004-02-11 Love Hörnquist Åstrand * lib/krb5/init_creds_pw.c (change_password): handle that printf("%.*s", 0, (void*)NULL); doesn't work on solaris 2004-02-10 Love Hörnquist Åstrand * kpasswd/kpasswd.c (change_password): handle that printf("%.*s", 0, (void*)NULL); doesn't work on solaris * lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses some locate.updatedb, use FILES section to describe where the file is instead. 2004-02-07 Love Hörnquist Åstrand * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned for certain negative integers, it got the length wrong" , from Panasas, Inc. * lib/asn1/der_length.c: Fix len_unsigned for certain negative integers, it got the length wrong, fix from Panasas, Inc. rename len_int and len_unsigned to _heim_\& * lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int 2004-02-06 Dave Love * configure.in: Check for sys/socket.h, net/if.h. Modify term.h, security/pam_appl.h tests. 2004-02-03 Love Hörnquist Åstrand * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add up the size of all the elements, don't use just the size of the last element. * lib/krb5/aes-test.c: add "next iv" test for aes128, check decryption case too * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of the next to last block, fix decryption case too * lib/krb5/aes-test.c: add "next iv" test for aes128 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of the next to last block * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode error * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode error * lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1 encode error * lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode error * lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1 encode error * lib/krb5/build_auth.c (krb5_build_authenticator): abort on internal asn1 encode error * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal asn1 encode error 2004-01-30 Love Hörnquist Åstrand * doc/setup.texi: some text about order of [capaths] realms 2004-01-25 Love Hörnquist Åstrand * lib/krb5/context.c: register WRFILE ops * lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE) * lib/krb5/krb5.h: add krb5_wrfkt_ops * kpasswd/kpasswdd.c (change): use the right password when changing the password 2004-01-21 Love Hörnquist Åstrand * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it means that the filesystem doesn't support locking * lib/krb5/keytab.c: remove #if 0 out file locking code 2004-01-19 Love Hörnquist Åstrand * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the size of all the elements, don't use just the size of the last element. 2004-01-13 Love Hörnquist Åstrand * kuser/kinit.c (renew_validate): if renewable_flag and not time specifed, use "1 month" 2004-01-08 Love Hörnquist Åstrand * lib/krb5/krb5_keyblock.3: add prototypes, describe krb5_keyblock_zero 2004-01-05 Love Hörnquist Åstrand * lib/krb5/get_for_creds.c (add_addrs): don't add same address multiple times * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to handle errors better for previous commit * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets are address-less, forward address-less tickets. * lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and export it