2006-03-27 Love Hörnquist Åstrand * tools/krb5-config.in: Add hx509 when using PK-INIT. * tools/Makefile.am: Add hx509 when using PK-INIT. 2006-03-26 Love Hörnquist Åstrand * lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS X Kerberos.app problems. * lib/krb5/krb5_ccapi.h: Add ticket flags definitions * lib/krb5/pkinit.c: Use less openssl, spell chelling. * kdc/pkinit.c (pk_mk_pa_reply_dh): encode the DH public key with asn1 wrapping * configure.in (AC_CONFIG_FILES): add lib/hx509/Makefile * lib/Makefile.am: Add hx509. * lib/krb5/Makefile.am: Add libhx509.la when PKINIT is used. * configure.in: define automake PKINIT variable * kdc/pkinit.c: Switch to hx509. * lib/krb5/pkinit.c: Switch to hx509. 2006-03-24 Love Hörnquist Åstrand * kdc/kerberos5.c (log_patypes): log the patypes requested by the client 2006-03-23 Love Hörnquist Åstrand * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the req_buffer in the w2k case too. From Douglas E. Engert. 2006-03-19 Love Hörnquist Åstrand * lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto error handling. Fixes Coverity NetBSD CID 2591 by catching a failing krb5_copy_keyblock() 2006-03-17 Love Hörnquist Åstrand * lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in address when free-ing. Fixes Coverity NetBSD bug #2605 (krb5_parse_address): reset val,len before possibly return errors Fixes Coverity NetBSD bug #2605 2006-03-07 Love Hörnquist Åstrand * lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but make sure nbytes > 0 * lib/krb5/get_for_creds.c (add_addrs): handle the case where addr->len == 0 and n == 0, then realloc might return NULL. * lib/krb5/crypto.c (decrypt_*): handle the case where the plaintext is 0 bytes long, realloc might then return NULL. 2006-02-28 Love Hörnquist Åstrand * lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived. * lib/krb5/krb5.3: Remove krb5_string_to_key_derived. * lib/krb5/crypto.c (AES_string_to_key): drop _krb5_PKCS5_PBKDF2 and use PKCS5_PBKDF2_HMAC_SHA1 instead. * lib/krb5/aes-test.c: reformat, avoid free-ing un-init'd memory * lib/krb5/aes-test.c: Only use PKCS5_PBKDF2_HMAC_SHA1. 2006-02-27 Johan Danielsson * doc/setup.texi: remove cartouches - we don't use them anywhere else, they should be around the example, not inside it, and probably shouldn't be used in html at all 2006-02-18 Love Hörnquist Åstrand * lib/krb5/krb5_warn.3: Document that applications want to use krb5_get_error_message, add example. 2006-02-16 Love Hörnquist Åstrand * lib/krb5/crypto.c (krb5_generate_random_block): check return value from RAND_bytes * lib/krb5/error_string.c: Change indentation, update (c) 2006-02-14 Love Hörnquist Åstrand * lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when compiling w/o pkinit. 2006-02-13 Love Hörnquist Åstrand * lib/krb5/pkinit.c: update to new paChecksum definition, update the dhgroup handling * kdc/pkinit.c: update to new paChecksum definition, use hdb_entry_ex 2006-02-09 Love Hörnquist Åstrand * lib/krb5/krb5_locl.h: Move Configurable options to last in the file. * lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef 2006-02-03 Love Hörnquist Åstrand * kpasswd/kpasswdd.c: Send back a better error-message to the client in case the password change was rejected. * lib/krb5/krb5_warn.3: Document krb5_get_error_message. * lib/krb5/error_string.c (krb5_get_error_message): new function, and combination of krb5_get_error_string and krb5_get_err_text * lib/krb5/krb5.3: sort, and krb5_get_error_message * lib/hdb/hdb-ldap.c: Log the filter string to the error message when doing searches. * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): Use KRB5_ADDRESSLESS_DEFAULT when checking [appdefault]no-addresses. * lib/krb5/get_cred.c (get_cred_from_kdc_flags): Use KRB5_ADDRESSLESS_DEFAULT when checking [appdefault]no-addresses. * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): Use [appdefault]no-addresses before checking if the krbtgt is address-less, use KRB5_ADDRESSLESS_DEFAULT. * lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that controlls all address-less behavior. Defaults to false. 2006-02-01 Love Hörnquist Åstrand * lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION * lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE failes to produce the matching lenghts. 2006-01-27 Love Hörnquist Åstrand * kcm/protocol.c (kcm_op_retrieve): remove unused variable 2006-01-15 Love Hörnquist Åstrand * tools/krb5-config.in: Move depenency on @LIB_dbopen@ to kadm-server, kerberos library doesn't depend on db-library. 2006-01-13 Love Hörnquist Åstrand * include/Makefile.am: Don't clean crypto headers, they now live in hcrypto/. Add hcrypto to SUBDIRS. * include/hcrypto/Makefile.am: clean installed headers * include/make_crypto.c: include crypto headers from hcrypto/ * include/make_crypto.c: Include more crypto headerfiles. Remove support for old hash names. 2006-01-02 Love Hörnquist Åstrand * kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry, from Andrew Bartlet. * Happy New Year.