bb6cdd8375
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14923 ec53bebd-3082-4978-b11e-865c3cabbd6b
550 lines
16 KiB
Plaintext
550 lines
16 KiB
Plaintext
2005-04-24 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c: use the unexported oid_to_enctype function
|
|
|
|
* lib/krb5/crypto.c: unexport the oid_to_enctype function, not for
|
|
external consumers
|
|
|
|
* kdc/Makefile.am: always add kaserver
|
|
|
|
* lib/krb5/krb5_ccache.3: document krb5_cc_new_unique
|
|
|
|
* lib/krb5/cache.c (krb5_cc_new_unique): new function to create a
|
|
new credential cache
|
|
|
|
* kdc/headers.h: don't include kerberos 4 headers here
|
|
|
|
* kdc/hpropd.c: include kerberos 4 headers here
|
|
|
|
* kdc/connect.c: add kaserver support independ of having krb4
|
|
support
|
|
|
|
* kdc/config.c: add kaserver support unconditionally, make kdc
|
|
only fail to start when there are no v4 realm configured and
|
|
krb4/kaserver is turned on
|
|
|
|
* kdc/kaserver.c: Use the new Kerberos 4 functions in libkrb5 and
|
|
so kaserver support is always compiled in (still default disabled)
|
|
|
|
* lib/krb5/v4_glue.c: simplify error handling
|
|
|
|
* doc/whatis.texi: add docbook version macro of @sub
|
|
|
|
* doc/heimdal.texi: change the wrapping around the Top node to
|
|
ifnottex, make html generation work
|
|
|
|
* lib/krb5/krb5_krbhst_init.3: spelling, from Björn Sandell
|
|
<biorn@dce.chalmers.se>
|
|
|
|
* lib/krb5/krb5_get_krbhst.3: spelling, from Björn Sandell
|
|
<biorn@dce.chalmers.se>
|
|
|
|
* lib/krb5/krb5_data.3: spelling, from Björn Sandell
|
|
<biorn@dce.chalmers.se>
|
|
|
|
* lib/krb5/krb5_aname_to_localname.3: spelling, from Björn Sandell
|
|
<biorn@dce.chalmers.se>
|
|
|
|
* lib/krb5/krb5_address.3: spelling, from Björn Sandell
|
|
<biorn@dce.chalmers.se>
|
|
|
|
2005-04-23 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so
|
|
kerberos 4 is always compiled in (still default disabled)
|
|
|
|
* kdc/kerberos4.c: Use the new Kerberos 4 functions in libkrb5 and
|
|
so kerberos 4 is always compiled in (still default disabled)
|
|
|
|
* lib/krb5/krb5_locl.h: forward declaration of _krb5_krb_auth_data
|
|
|
|
* lib/krb5/convert_creds.c: Move the kerberos v4 replacement
|
|
functions to v4_glue.c
|
|
|
|
* lib/krb5/v4_glue.c: Implement enough of kerberos 4 protocol to
|
|
be a KDC, move the v4 bits over here
|
|
|
|
* lib/krb5/krb5-v4compat.h: add more v4 defines
|
|
|
|
2005-04-22 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kpasswd/kpasswdd.c: Support multi-realms databases, requires
|
|
that all the realms are configured on the KDC in krb5.conf with
|
|
[libdefaults]default_realm stanzas.
|
|
|
|
2005-04-21 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden
|
|
|
|
* lib/krb5/addr_families.c: catch two more snprintf problems
|
|
|
|
2005-04-20 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/Makefile.am: this lib include com_err, add -com_err to
|
|
CHECK_SYMBOLS
|
|
|
|
* appl/test/http_client.c: cast ssize_t to unsigned long, fix
|
|
printf format
|
|
|
|
2005-04-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames
|
|
|
|
* lib/krb5/get_host_realm.c: check return value of snprintf
|
|
|
|
* lib/krb5/test_addr.c: check address truncation
|
|
|
|
* lib/krb5/addr_families.c: check return values from snprintf and
|
|
clean up semantics of ret_len
|
|
|
|
* lib/krb5/krb5_address.3: clarify what ret_len is in
|
|
krb5_print_address
|
|
|
|
* lib/krb5/test_kuserok.c: add --version and --help
|
|
|
|
* lib/krb5/kuserok.c: use getpwnamn_r if it exists
|
|
|
|
* lib/krb5/Makefile.am: noinst_PROGRAMS += test_kuserok
|
|
|
|
* lib/krb5/test_kuserok.c: test program for krb5_kuserok
|
|
|
|
2005-04-18 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/acache.c (acc_resolve): if open_default_ccache failed
|
|
with ccErrCCacheNotFound try again with create_default_ccache,
|
|
this fixes the problem where the security server apperenly haven't
|
|
started yet on Mac OS X
|
|
|
|
* lib/krb5/get_default_principal.c
|
|
(_krb5_get_default_principal_local): add, for use of functions
|
|
that in ccache layer to avoid recursive calls.
|
|
|
|
* lib/hdb/hdb-ldap.c: drop <ctype.h>, no longer use any of the is*
|
|
macros in this file
|
|
|
|
* include/make_crypto.c: cast to unsigned char to make sure its
|
|
not negative when passing it to is* functions
|
|
|
|
2005-04-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/programming.texi: remove manpage macro, add some more
|
|
references to manpages
|
|
|
|
* doc/heimdal.texi: define manpage macro
|
|
|
|
* doc/setup.texi: document new password policy code
|
|
|
|
* kpasswd/kpasswdd.c: add verifier libraries with
|
|
kadm5_add_passwd_quality_verifier
|
|
|
|
* lib/krb5/krb5_keyblock.3: document krb5_keyblock_init
|
|
|
|
2005-04-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the
|
|
same, and clients
|
|
(klog) can deal with that the kaserver returns the same thing for
|
|
both
|
|
|
|
* lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill
|
|
in a keyblock from key data.
|
|
|
|
2005-04-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* configure.in: rk_WIN32_EXPORT for roken
|
|
|
|
2005-04-10 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* appl/test/gssapi_server.c: print out client principla of
|
|
delegated credential
|
|
|
|
2005-04-07 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check
|
|
for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert
|
|
|
|
2005-04-07 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* .cvsignore: ignore more generate files
|
|
|
|
2005-04-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/asn1/check-der.c: use size_t, print size_t by casting to
|
|
unsigned long
|
|
|
|
* lib/krb5/test_crypto.c: print size_t by casting to unsigned long
|
|
|
|
* lib/krb5/acache.c: Argument to create_new_ccache is a principal,
|
|
not a credential cache name. Clean up lossage related to this
|
|
problem.
|
|
|
|
* lib/hdb/Makefile.am: CHECK_SYMBOLS += HDBFlags2int
|
|
|
|
* lib/krb5/addr_families.c
|
|
(krb5_address_prefixlen_boundary,krb5_free_address):
|
|
use find_atype when we are dealing with a kerberos address type
|
|
|
|
* lib/krb5/aes-test.c: size_t vs int + fix printf
|
|
|
|
* lib/krb5/pkinit.c: Since the decode can't make out the diffrence
|
|
between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to
|
|
verify both cases
|
|
|
|
2005-04-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* appl/test/uu_client.c: print size_t by casting to unsigned long
|
|
|
|
2005-04-01 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/kerberos4.c (do_version4): check client and server max_life
|
|
|
|
* kdc/kaserver.c (do_getticket): check client max_life
|
|
|
|
2005-03-31 Love <lha@kth.se>
|
|
|
|
* lib/krb5/verify_krb5_conf.c: const poison
|
|
|
|
* lib/krb5/test_alname.c: const poison
|
|
|
|
* lib/asn1/main.c: const poison
|
|
|
|
* lib/krb5/test_addr.c: test parse IPv6 RANGE addresses
|
|
|
|
* lib/krb5/addr_families.c: implement mask boundary for IPv6
|
|
|
|
* lib/asn1/gen.c: avoid const string warnings steming from
|
|
writeable-string
|
|
|
|
2005-03-28 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/Makefile.am: TESTS += test_addr
|
|
|
|
* lib/krb5/test_addr.c: simple test for addresses
|
|
|
|
* lib/krb5/addr_families.c: make RANGE parse prefixlen style
|
|
addresses too, fix printing of RANGE addresses, add
|
|
krb5_address_prefixlen_boundary
|
|
|
|
* lib/krb5/krb5_keytab.3: stop memory leak in example, expand on
|
|
wildcards
|
|
|
|
2005-03-26 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krb5_principal.3: spelling, from Tomas Olsson
|
|
|
|
* lib/krb5/krb5_warn.3: spelling, from Tomas Olsson
|
|
|
|
2005-03-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/acache.c: add mutex for global variables, clean up
|
|
returned error codes, implement storing addresses into the ccapi
|
|
|
|
* appl/test/gssapi_server.c: free memory, make error strings match
|
|
|
|
* appl/test/gssapi_server.c: use print_gss_name, print server name
|
|
too
|
|
|
|
* appl/test/gss_common.h (print_gss_name): common code for
|
|
printing gss name
|
|
|
|
* appl/test/gss_common.c (print_gss_name): common code for
|
|
printing gss name
|
|
|
|
* appl/test/http_client.c: Make constent with rest of the gssapi
|
|
test programs
|
|
|
|
2005-03-17 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/keys.c: AES is enabled by default, remove ifdefs
|
|
|
|
* lib/krb5/crypto.c: AES is enabled by default, remove ifdefs
|
|
|
|
* lib/krb5/aes-test.c: use hex encoder from roken AES is enabled
|
|
by default, remove ifdefs
|
|
|
|
* kdc/kerberos5.c: AES is enabled by default, remove ifdefs
|
|
|
|
2005-03-16 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/setup.texi: Add some text about modifying the database
|
|
|
|
2005-03-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kuser/kinit.c: widen lifetime/renewal warning text field, also
|
|
make use of unparse_time_approx, no need to be specific to the
|
|
second when ticket needs to be renewed or their lifetime.
|
|
|
|
* doc/heimdal.texi: copyright maintenance, drop eay, use updated
|
|
UCB license
|
|
|
|
* lib/krb5/crypto.c: more static and unsigned issues
|
|
|
|
* lib/krb5/crypto.c: fix signedness issues, prompted by report of
|
|
Magnus Ahltorp
|
|
|
|
2005-03-13 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krb5_keytab.3: more text about how to free returned
|
|
resources
|
|
|
|
2005-03-10 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c: handle the -25 generation path
|
|
|
|
* lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_19
|
|
|
|
* lib/krb5/pkinit.c: fold in pk-init-25 asn1 changes
|
|
|
|
2005-03-09 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/pkinit.c: use generated oid's
|
|
|
|
* lib/krb5/pkinit.c: use generated oid's
|
|
|
|
2005-03-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/pkinit.c: update to the asn1 structures used in -25's
|
|
|
|
* lib/krb5/pkinit.c: update to the asn1 structures used in -25's
|
|
|
|
2005-03-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c: use the newly written hex function from
|
|
roken and remove the old implementation
|
|
|
|
2005-03-01 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* appl/test/http_client.c: allow specifing port to connect to
|
|
|
|
2005-02-24 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/Makefile.am: bump version to 21:0:4
|
|
|
|
* lib/hdb/Makefile.am: bump version to 8:0:1
|
|
|
|
* lib/asn1/Makefile.am: bump version to 7:0:1
|
|
|
|
2005-02-23 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/crypto.c (DES_string_to_key_int): must check for weak
|
|
keys after doing the DES_cbc_cksum
|
|
|
|
2005-02-19 Luke Howard <lukeh@padl.com>
|
|
|
|
* lib/krb5/krbhst.c: set KD_CONFIG after calling
|
|
config_get_hosts() in kpasswd_get_next()
|
|
From: Wynn Wilkes <wynnw@vintela.com>
|
|
|
|
2005-02-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/db3.c (DB_open): correct the check for O_RDONLY
|
|
From: Chaskiel M Grundman <cg2v@andrew.cmu.edu>
|
|
|
|
2005-02-09 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/crypto.c (krb5_random_to_key): cast size_t to int to
|
|
make %d work
|
|
|
|
2005-02-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/keytab.c (krb5_kt_get_entry): tell what enctype the
|
|
caller requested to provide the user with a glue what the caller
|
|
was asking for.
|
|
|
|
2005-02-05 Luke Howard <lukeh@padl.com>
|
|
|
|
* lib/krb5/kcm.c: add _krb5_kcm_is_running, _krb5_kcm_noop
|
|
|
|
* kcm/acquire.c: don't leak salt if keyproc called multiple
|
|
times
|
|
|
|
* kcm/config.c: allow KCM system ccache to be configured from
|
|
krb5.conf, in the system_ccache stanza of [kcm]
|
|
|
|
2005-02-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kcm/protocol.c: use -1 as the invalid pid number
|
|
|
|
* kcm/connect.c: support SCM_CREDS (for NetBSD)
|
|
|
|
* kcm/Makefile.am: LDADD += LIB_pidfile
|
|
|
|
* kcm/connect.c: make it possible to build on systems without
|
|
SO_PEERCRED (still doesn't work)
|
|
|
|
* kcm/config.c: cast argument to isdigit to unsigned char
|
|
|
|
* lib/krb5/krb5.conf.5: document large_msg_size
|
|
|
|
* lib/krb5/context.c (init_context_from_config_file): init
|
|
large_msg_size to 6000
|
|
|
|
* lib/krb5/krb5.h (krb5_context_data): add large_msg_size,
|
|
threshold where we start to use transport protocols without tiny
|
|
max data transport sizes.
|
|
|
|
* lib/krb5/kcm.h: drop prototypes, they all live in krb5-private.h
|
|
by now
|
|
|
|
2005-02-02 Luke Howard <lukeh@padl.com>
|
|
|
|
* configure.in: generate kcm/Makefile
|
|
|
|
* Makefile.am: recurse into kcm/ if KCM defined
|
|
|
|
* kcm: add KCM daemon
|
|
|
|
2005-02-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/send_to_kdc.c (send_and_recv_udp): make private again
|
|
|
|
* lib/krb5/kcm.c: use AF_UNIX like the rest of the codebase, add
|
|
some more error strings
|
|
|
|
2005-02-02 Luke Howard <lukeh@padl.com>
|
|
|
|
* configure.in: add --enable-kcm option for Kerberos
|
|
Credentials Manager (KCM)
|
|
|
|
* lib/krb5/Makefile.am: add kcm.c
|
|
|
|
* lib/krb5/cache.c: use cc_retrieve_cred if present rather
|
|
than enumerating ccache
|
|
|
|
* lib/krb5/context.c: register KCM cc_ops
|
|
|
|
* lib/krb5/get_cred.c: pass all options to cc_retrieve_cred
|
|
|
|
* lib/krb5/init_creds_pw.c: add krb5_get_init_creds_keyblock
|
|
|
|
* lib/krb5/kcm.[ch]: add initial implementation of KCM
|
|
client library
|
|
|
|
* lib/krb5/krb5.h: fix cc_retrieve prototype, add KCM cc_ops
|
|
|
|
* lib/krb5/send_to_kdc.c: add _krb5_send_and_recv_tcp
|
|
|
|
* lib/krb5/store.c: add krb5_store_creds_tag, krb5_ret_creds_tag
|
|
|
|
2005-01-24 Luke Howard <lukeh@padl.com>
|
|
|
|
* lib/krb5/init_creds_pw.c: allow NULL in_options to be passed
|
|
krb5_get_init_creds_password()
|
|
|
|
* kdc/kerberos5.c: don't crash when logging no server etype
|
|
support if client == NULL
|
|
|
|
2005-01-17 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/kstash.c: s/random_key/random_key_flag/, From Dave Love
|
|
<d.love@dl.ac.uk>
|
|
|
|
2005-01-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/apps.texi: Texinfo fixes. Text about irix 6.5 using
|
|
PAM. From: Dave Love <d.love@dl.ac.uk>
|
|
|
|
2005-01-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/verify_krb5_conf.c: cast argument to isdigit to
|
|
unsigned char
|
|
|
|
* lib/krb5/keytab_keyfile.c: cast argument to toupper to unsigned
|
|
char
|
|
|
|
* lib/asn1/hash.c (hashcaseadd): cast argument to toupper to
|
|
unsigned char
|
|
|
|
* appl/kf/kfd.c (kfd_match_version): cast argument to islower to
|
|
unsigned char
|
|
|
|
* lib/krb5/krb5.3: drop krb5_{checksum,enctype}_is_disabled
|
|
|
|
* lib/krb5/krb5_encrypt.3: drop krb5_enctype_is_disabled, more
|
|
text about krb5_enctype_valid
|
|
|
|
* lib/krb5/krb5_create_checksum.3: drop
|
|
krb5_checksum_is_disabled
|
|
|
|
* lib/krb5/crypto.c: drop krb5_{checksum,enctype}_isdisabled
|
|
|
|
* lib/krb5/context.c: krb5_enctype_is_disabled is the same thing
|
|
as krb5_enctype_valid, so use the later since its older and the
|
|
api doesn't really need another entry point
|
|
|
|
* lib/krb5/rd_req.c: krb5_enctype_is_disabled is the same thing as
|
|
krb5_enctype_valid, so use the later since its older and the api
|
|
doesn't really need another entry point
|
|
|
|
* kdc/kerberos5.c: krb5_enctype_is_disabled is the same thing as
|
|
krb5_enctype_valid, so use the later since its older and the api
|
|
doesn't really need another entry point
|
|
|
|
2005-01-05 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kpasswd/kpasswdd.8: document --addresses, controls what
|
|
addresses kpasswd should listen too
|
|
|
|
* kpasswd/kpasswdd.c: add --addresses, controls what addresses
|
|
kpasswd should listen too
|
|
|
|
* lib/krb5/addr_families.c (krb5_parse_address): filter out dup
|
|
addresses from getaddrinfo
|
|
|
|
* kpasswd/kpasswd.1: document -c
|
|
|
|
* kpasswd/kpasswd.c: allow specifying a credential cache to use
|
|
for the admin principal
|
|
|
|
* include/bits.c: constify to avoid warning with -Wwrite-string
|
|
|
|
* NEWS: add 0.6.2 and 0.6.3 items
|
|
|
|
* lib/krb5/krb5_keyblock.3: document krb5_generate_subkey_extended
|
|
|
|
* lib/krb5/krb5_is_thread_safe.3: document function
|
|
|
|
* lib/krb5/Makefile.am (man_MANS) += krb5_is_thread_safe.3
|
|
|
|
* lib/krb5/context.c (krb5_is_thread_safe): return TRUE is the
|
|
library was compiled with multithreading support. If not,
|
|
application must global lock the library, it it uses threads that
|
|
call kerberos functions at the same time.
|
|
|
|
2005-01-05 Luke Howard <lukeh@padl.com>
|
|
|
|
* lib/krb5/auth_context.c: use krb5_generate_subkey_extended()
|
|
|
|
* lib/krb5/appdefault.c: remove redundant KRB5_LIB_FUNCTION
|
|
|
|
* lib/krb5/build_auth.c: support for enctype negotiation
|
|
(client sends EtypeList in Authenticator authz data)
|
|
|
|
* lib/krb5/context.c: mutex should be destroyed last in
|
|
krb5_free_context()
|
|
|
|
* lib/krb5/generate_subkey.c: add krb5_generate_subkey_extended(),
|
|
set *subkey to NULL if key geneartion fails
|
|
|
|
* lib/krb5/krb5.h: add KRB5_KU_PA_SERVER_REFERRAL_DATA
|
|
|
|
* lib/krb5/mk_req_ext.c: support ETYPE_ARCFOUR_HMAC_MD5_56
|
|
|
|
* lib/krb5/rd_req.c: support for enctype negotiation
|
|
(client sends EtypeList in Authenticator authz data)
|
|
|
|
2005-01-04 Luke Howard <lukeh@padl.com>
|
|
|
|
* lib/asn1/k5.asn1: add authorization data types for enctype
|
|
negotiation implementation
|
|
|
|
2005-01-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/changepw.c (change_password_loop): on failing to find a
|
|
kdc, set result_code to KRB5_KPASSWD_HARDERROR
|
|
|
|
2005-01-01 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/heimdal.texi: Happy New Year
|
|
|