2005-04-18 Love Hörnquist Åstrand * lib/krb5/acache.c (acc_resolve): if open_default_ccache failed with ccErrCCacheNotFound try again with create_default_ccache, this fixes the problem where the security server apperenly haven't started yet on Mac OS X * lib/krb5/get_default_principal.c (_krb5_get_default_principal_local): add, for use of functions that in ccache layer to avoid recursive calls. * lib/hdb/hdb-ldap.c: drop , no longer use any of the is* macros in this file * include/make_crypto.c: cast to unsigned char to make sure its not negative when passing it to is* functions 2005-04-15 Love Hörnquist Åstrand * doc/programming.texi: remove manpage macro, add some more references to manpages * doc/heimdal.texi: define manpage macro * doc/setup.texi: document new password policy code * kpasswd/kpasswdd.c: add verifier libraries with kadm5_add_passwd_quality_verifier * lib/krb5/krb5_keyblock.3: document krb5_keyblock_init 2005-04-14 Love Hörnquist Åstrand * kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the same, and clients (klog) can deal with that the kaserver returns the same thing for both * lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill in a keyblock from key data. 2005-04-12 Love Hörnquist Åstrand * configure.in: rk_WIN32_EXPORT for roken 2005-04-10 Love Hörnquist Åstrand * appl/test/gssapi_server.c: print out client principla of delegated credential 2005-04-07 Love Hörnquist Åstrand * lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert 2005-04-07 Love Hörnquist Åstrand * .cvsignore: ignore more generate files 2005-04-04 Love Hörnquist Åstrand * lib/asn1/check-der.c: use size_t, print size_t by casting to unsigned long * lib/krb5/test_crypto.c: print size_t by casting to unsigned long * lib/krb5/acache.c: Argument to create_new_ccache is a principal, not a credential cache name. Clean up lossage related to this problem. * lib/hdb/Makefile.am: CHECK_SYMBOLS += HDBFlags2int * lib/krb5/addr_families.c (krb5_address_prefixlen_boundary,krb5_free_address): use find_atype when we are dealing with a kerberos address type * lib/krb5/aes-test.c: size_t vs int + fix printf * lib/krb5/pkinit.c: Since the decode can't make out the diffrence between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to verify both cases 2005-04-03 Love Hörnquist Åstrand * appl/test/uu_client.c: print size_t by casting to unsigned long 2005-04-01 Johan Danielsson * kdc/kerberos4.c (do_version4): check client and server max_life * kdc/kaserver.c (do_getticket): check client max_life 2005-03-31 Love * lib/krb5/verify_krb5_conf.c: const poison * lib/krb5/test_alname.c: const poison * lib/asn1/main.c: const poison * lib/krb5/test_addr.c: test parse IPv6 RANGE addresses * lib/krb5/addr_families.c: implement mask boundary for IPv6 * lib/asn1/gen.c: avoid const string warnings steming from writeable-string 2005-03-28 Love Hörnquist Åstrand * lib/krb5/Makefile.am: TESTS += test_addr * lib/krb5/test_addr.c: simple test for addresses * lib/krb5/addr_families.c: make RANGE parse prefixlen style addresses too, fix printing of RANGE addresses, add krb5_address_prefixlen_boundary * lib/krb5/krb5_keytab.3: stop memory leak in example, expand on wildcards 2005-03-26 Love Hörnquist Åstrand * lib/krb5/krb5_principal.3: spelling, from Tomas Olsson * lib/krb5/krb5_warn.3: spelling, from Tomas Olsson 2005-03-19 Love Hörnquist Åstrand * lib/krb5/acache.c: add mutex for global variables, clean up returned error codes, implement storing addresses into the ccapi * appl/test/gssapi_server.c: free memory, make error strings match * appl/test/gssapi_server.c: use print_gss_name, print server name too * appl/test/gss_common.h (print_gss_name): common code for printing gss name * appl/test/gss_common.c (print_gss_name): common code for printing gss name * appl/test/http_client.c: Make constent with rest of the gssapi test programs 2005-03-17 Love Hörnquist Åstrand * lib/hdb/keys.c: AES is enabled by default, remove ifdefs * lib/krb5/crypto.c: AES is enabled by default, remove ifdefs * lib/krb5/aes-test.c: use hex encoder from roken AES is enabled by default, remove ifdefs * kdc/kerberos5.c: AES is enabled by default, remove ifdefs 2005-03-16 Love Hörnquist Åstrand * doc/setup.texi: Add some text about modifying the database 2005-03-15 Love Hörnquist Åstrand * kuser/kinit.c: widen lifetime/renewal warning text field, also make use of unparse_time_approx, no need to be specific to the second when ticket needs to be renewed or their lifetime. * doc/heimdal.texi: copyright maintenance, drop eay, use updated UCB license * lib/krb5/crypto.c: more static and unsigned issues * lib/krb5/crypto.c: fix signedness issues, prompted by report of Magnus Ahltorp 2005-03-13 Love Hörnquist Åstrand * lib/krb5/krb5_keytab.3: more text about how to free returned resources 2005-03-10 Love Hörnquist Åstrand * lib/krb5/pkinit.c: handle the -25 generation path * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19 * lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes 2005-03-09 Love Hörnquist Åstrand * kdc/pkinit.c: use generated oid's * lib/krb5/pkinit.c: use generated oid's 2005-03-08 Love Hörnquist Åstrand * kdc/pkinit.c: update to the asn1 structures used in -25's * lib/krb5/pkinit.c: update to the asn1 structures used in -25's 2005-03-04 Love Hörnquist Åstrand * lib/hdb/hdb-ldap.c: use the newly written hex function from roken and remove the old implementation 2005-03-01 Love Hörnquist Åstrand * appl/test/http_client.c: allow specifing port to connect to 2005-02-24 Love Hörnquist Åstrand * lib/krb5/Makefile.am: bump version to 21:0:4 * lib/hdb/Makefile.am: bump version to 8:0:1 * lib/asn1/Makefile.am: bump version to 7:0:1 2005-02-23 Love Hörnquist Åstrand * lib/krb5/crypto.c (DES_string_to_key_int): must check for weak keys after doing the DES_cbc_cksum 2005-02-19 Luke Howard * lib/krb5/krbhst.c: set KD_CONFIG after calling config_get_hosts() in kpasswd_get_next() From: Wynn Wilkes 2005-02-15 Love Hörnquist Åstrand * lib/hdb/db3.c (DB_open): correct the check for O_RDONLY From: Chaskiel M Grundman 2005-02-09 Love Hörnquist Åstrand * lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to make %d work 2005-02-08 Love Hörnquist Åstrand * lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the caller requested to provide the user with a glue what the caller was asking for. 2005-02-05 Luke Howard * lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop * kcm/acquire.c: don't leak salt if keyproc called multiple times * kcm/config.c: allow KCM system ccache to be configured from krb5.conf, in the system_ccache stanza of [kcm] 2005-02-03 Love Hörnquist Åstrand * kcm/protocol.c: use -1 as the invalid pid number * kcm/connect.c: support SCM_CREDS (for NetBSD) * kcm/Makefile.am: LDADD += LIB_pidfile * kcm/connect.c: make it possible to build on systems without SO_PEERCRED (still doesn't work) * kcm/config.c: cast argument to isdigit to unsigned char * lib/krb5/krb5.conf.5: document large_msg_size * lib/krb5/context.c (init_context_from_config_file): init large_msg_size to 6000 * lib/krb5/krb5.h (krb5_context_data): add large_msg_size, threshold where we start to use transport protocols without tiny max data transport sizes. * lib/krb5/kcm.h: drop prototypes, they all live in krb5-private.h by now 2005-02-02 Luke Howard * configure.in: generate kcm/Makefile * Makefile.am: recurse into kcm/ if KCM defined * kcm: add KCM daemon 2005-02-02 Love Hörnquist Åstrand * lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again * lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add some more error strings 2005-02-02 Luke Howard * configure.in: add --enable-kcm option for Kerberos Credentials Manager (KCM) * lib/krb5/Makefile.am: add kcm.c * lib/krb5/cache.c: use cc_retrieve_cred if present rather than enumerating ccache * lib/krb5/context.c: register KCM cc_ops * lib/krb5/get_cred.c: pass all options to cc_retrieve_cred * lib/krb5/init_creds_pw.c: add krb5_get_init_creds_keyblock * lib/krb5/kcm.[ch]: add initial implementation of KCM client library * lib/krb5/krb5.h: fix cc_retrieve prototype, add KCM cc_ops * lib/krb5/send_to_kdc.c: add _krb5_send_and_recv_tcp * lib/krb5/store.c: add krb5_store_creds_tag, krb5_ret_creds_tag 2005-01-24 Luke Howard * lib/krb5/init_creds_pw.c: allow NULL in_options to be passed krb5_get_init_creds_password() * kdc/kerberos5.c: don't crash when logging no server etype support if client == NULL 2005-01-17 Love Hörnquist Åstrand * kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love 2005-01-12 Love Hörnquist Åstrand * doc/apps.texi: Texinfo fixes. Text about irix 6.5 using PAM. From: Dave Love 2005-01-08 Love Hörnquist Åstrand * lib/krb5/verify_krb5_conf.c: cast argument to isdigit to unsigned char * lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned char * lib/asn1/hash.c (hashcaseadd): cast argument to toupper to unsigned char * appl/kf/kfd.c (kfd_match_version): cast argument to islower to unsigned char * lib/krb5/krb5.3: drop krb5_{checksum,enctype}_is_disabled * lib/krb5/krb5_encrypt.3: drop krb5_enctype_is_disabled, more text about krb5_enctype_valid * lib/krb5/krb5_create_checksum.3: drop krb5_checksum_is_disabled * lib/krb5/crypto.c: drop krb5_{checksum,enctype}_isdisabled * lib/krb5/context.c: krb5_enctype_is_disabled is the same thing as krb5_enctype_valid, so use the later since its older and the api doesn't really need another entry point * lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as krb5_enctype_valid, so use the later since its older and the api doesn't really need another entry point * kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as krb5_enctype_valid, so use the later since its older and the api doesn't really need another entry point 2005-01-05 Love Hörnquist Åstrand * kpasswd/kpasswdd.8: document --addresses, controls what addresses kpasswd should listen too * kpasswd/kpasswdd.c: add --addresses, controls what addresses kpasswd should listen too * lib/krb5/addr_families.c (krb5_parse_address): filter out dup addresses from getaddrinfo * kpasswd/kpasswd.1: document -c * kpasswd/kpasswd.c: allow specifying a credential cache to use for the admin principal * include/bits.c: constify to avoid warning with -Wwrite-string * NEWS: add 0.6.2 and 0.6.3 items * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey_extended * lib/krb5/krb5_is_thread_safe.3: document function * lib/krb5/Makefile.am (man_MANS) += krb5_is_thread_safe.3 * lib/krb5/context.c (krb5_is_thread_safe): return TRUE is the library was compiled with multithreading support. If not, application must global lock the library, it it uses threads that call kerberos functions at the same time. 2005-01-05 Luke Howard * lib/krb5/auth_context.c: use krb5_generate_subkey_extended() * lib/krb5/appdefault.c: remove redundant KRB5_LIB_FUNCTION * lib/krb5/build_auth.c: support for enctype negotiation (client sends EtypeList in Authenticator authz data) * lib/krb5/context.c: mutex should be destroyed last in krb5_free_context() * lib/krb5/generate_subkey.c: add krb5_generate_subkey_extended(), set *subkey to NULL if key geneartion fails * lib/krb5/krb5.h: add KRB5_KU_PA_SERVER_REFERRAL_DATA * lib/krb5/mk_req_ext.c: support ETYPE_ARCFOUR_HMAC_MD5_56 * lib/krb5/rd_req.c: support for enctype negotiation (client sends EtypeList in Authenticator authz data) 2005-01-04 Luke Howard * lib/asn1/k5.asn1: add authorization data types for enctype negotiation implementation 2005-01-04 Love Hörnquist Åstrand * lib/krb5/changepw.c (change_password_loop): on failing to find a kdc, set result_code to KRB5_KPASSWD_HARDERROR 2005-01-01 Love Hörnquist Åstrand * doc/heimdal.texi: Happy New Year