897a0a37cb
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19994 ec53bebd-3082-4978-b11e-865c3cabbd6b
250 lines
6.7 KiB
Plaintext
250 lines
6.7 KiB
Plaintext
2007-01-20 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/kx509.c: Don't use C99 syntax.
|
|
|
|
2007-01-17 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* configure.in: its LIBADD_roken (and shouldn't really exist, our
|
|
libtool usage it broken)
|
|
|
|
* configure.in: Add an extra variable for roken, LIBADD, that
|
|
should be used for library depencies.
|
|
|
|
* lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer.
|
|
|
|
* lib/krb5/krb5_init_context.3: fix mdoc errors
|
|
|
|
* 0.8 branch cut today
|
|
|
|
* doc/hx509.texi: Spelling and more about proxy certificates.
|
|
|
|
* configure.in: check for arc4random
|
|
|
|
2007-01-16 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data
|
|
before starting
|
|
|
|
* tools/heimdal-build.sh: make cvs keep quiet
|
|
|
|
* kuser/kverify.c: Use argument as principal if passed an
|
|
argument. Bug report from Douglas E. Engert
|
|
|
|
2007-01-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider
|
|
the enc_tkt_in_skey case, from Douglas E. Engert.
|
|
|
|
* kdc/kx509.c: Issue certificates.
|
|
|
|
* kdc/config.c: Parse kx509/kca configuration.
|
|
|
|
* kdc/kdc.h: add kx509 config
|
|
|
|
2007-01-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/kerberos5.c (_kdc_find_padata): if there is not padata,
|
|
there is nothing find.
|
|
|
|
* doc/hx509.texi: Examples for pk-init.
|
|
|
|
* doc/hx509.texi: About extending ca lifetime and sub cas.
|
|
|
|
2007-01-13 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/hx509.texi: More about certificates.
|
|
|
|
2007-01-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/hx509.texi: add Application requirements and write about
|
|
xmpp/jabber.
|
|
|
|
2007-01-11 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/hx509.texi: More about issuing certificates.
|
|
|
|
* doc/hx509.texi: Start of a x.509 manual.
|
|
|
|
* include/Makefile.am: remove install headerfiles
|
|
|
|
* lib/krb5/test_pac.c: Use more interesting data to cause more
|
|
errors.
|
|
|
|
* include/Makefile.am: remove install headerfiles
|
|
|
|
* lib/krb5/mcache.c: MCC_CURSOR not used, remove.
|
|
|
|
* lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used
|
|
|
|
* lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to
|
|
allocate data
|
|
|
|
2007-01-10 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/setup.texi: Hint about hxtool validate.
|
|
|
|
* appl/test/uu_server.c: print both "server" and "client"
|
|
|
|
* kdc/krb5tgs.c: Rename keys to be more obvious what they do.
|
|
|
|
* kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew
|
|
Bartlett
|
|
|
|
* kdc/windc.c: ident, spelling.
|
|
|
|
* kdc/windc_plugin.h: indent.
|
|
|
|
* kdc/krb5tgs.c: Pass down server entry to verify_pac function.
|
|
from Andrew Bartlett
|
|
|
|
* kdc/windc.c: pass down server entry to verify_pac function, from
|
|
Andrew Bartlett
|
|
|
|
* kdc/windc_plugin.h: pass down server entry to verify_pac
|
|
function, from Andrew Bartlett
|
|
|
|
* configure.in: Provide a automake symbol ENABLE_SHARED if shared
|
|
libraries are built.
|
|
|
|
* lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock
|
|
when verifying the PAC. From Andrew Bartlett.
|
|
|
|
2007-01-09 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/test_pac.c: move around to code test on real PAC.
|
|
|
|
* lib/krb5/pac.c: A tiny 2 char diffrence that make the code work
|
|
for real.
|
|
|
|
* lib/krb5/test_pac.c: Test more PAC (note that the values used in
|
|
this test is wrong, they have to be fixed when the pac code is
|
|
fixed).
|
|
|
|
* doc/setup.texi: Update to new hxtool issue-certificate usage
|
|
|
|
* lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS
|
|
and PK-INIT pa data, no need to expose our password protecting our
|
|
PKCS12 key.
|
|
|
|
* kuser/klist.c (print_cred_verbose): include ticket length in the
|
|
verbose output
|
|
|
|
2007-01-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without
|
|
it linux is unhappy.
|
|
|
|
* lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without
|
|
it linux is unhappy.
|
|
|
|
* lib/krb5/name-45-test.c: One of the hosts I sometimes uses is
|
|
named "bar.domain", this make one of the tests pass when it
|
|
shouldn't.
|
|
|
|
2007-01-05 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/setup.texi: Change --key argument to --out-key.
|
|
|
|
* kuser/kimpersonate.1: mangle my name
|
|
|
|
2007-01-04 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/setup.texi: describe how to use hx509 to create
|
|
certificates.
|
|
|
|
* tools/heimdal-build.sh: Add --distcheck.
|
|
|
|
* kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check
|
|
if we should include the PAC in the krbtgt.
|
|
|
|
* kdc/pkinit.c (_kdc_as_rep): check if
|
|
krb5_generate_random_keyblock failes.
|
|
|
|
* kdc/kerberos5.c (_kdc_as_rep): check if
|
|
krb5_generate_random_keyblock failes.
|
|
|
|
* kdc/krb5tgs.c (tgs_build_reply): check if
|
|
krb5_generate_random_keyblock failes.
|
|
|
|
* kdc/krb5tgs.c: Scope etype.
|
|
|
|
* lib/krb5/rd_req.c: Make it possible to turn off PAC check, its
|
|
default on.
|
|
|
|
* lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify
|
|
its server signature.
|
|
|
|
* kdc/kerberos5.c (_kdc_as_rep): call windc client access hook.
|
|
(_kdc_tkt_add_if_relevant_ad): constify in data argument.
|
|
|
|
* kdc/windc_plugin.h: More comments add a client_access hook.
|
|
|
|
* kdc/windc.c: Add _kdc_windc_client_access.
|
|
|
|
* kdc/krb5tgs.c: rename functions after export some more pac
|
|
functions.
|
|
|
|
* lib/krb5/test_pac.c: export some more pac functions.
|
|
|
|
* lib/krb5/pac.c: export some more pac functions.
|
|
|
|
* kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC.
|
|
|
|
* configure.in: add tests/plugin/Makefile
|
|
|
|
2007-01-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/krb5tgs.c: Get right key for PAC krbtgt verification.
|
|
|
|
* kdc/config.c: spelling
|
|
|
|
* lib/krb5/krb5.h: typedef for krb5_pac.
|
|
|
|
* kdc/headers.h: Include <windc_plugin.h>.
|
|
|
|
* kdc/Makefile.am: Include windc.c and use windc_plugin.h
|
|
|
|
* kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain
|
|
Controller.
|
|
|
|
* kdc/kerberos5.c: Call callbacks for emulating a Windows Domain
|
|
Controller. Move the some of the log related stuff to its own
|
|
function.
|
|
|
|
* kdc/config.c: Init callbacks for emulating a Windows Domain
|
|
Controller.
|
|
|
|
* kdc/windc.c: Rename the init function to windc instead of pac.
|
|
|
|
* kdc/windc.c: Callbacks specific to emulating a Windows Domain
|
|
Controller.
|
|
|
|
* kdc/windc_plugin.h: Callbacks specific to emulating a Windows
|
|
Domain Controller.
|
|
|
|
* lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ
|
|
|
|
* lib/krb5/pac.c: Support all keyed checksum types.
|
|
|
|
2007-01-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pac.c (krb5_pac_get_types): Return list of types.
|
|
|
|
* lib/krb5/test_pac.c: test krb5_pac_get_types
|
|
|
|
* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
|
|
|
|
* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
|
|
|
|
* lib/krb5/krb5.h: Add KRB5_KRBHST_KCA.
|
|
|
|
* lib/krb5/test_pac.c: test Add/remove pac buffer functions.
|
|
|
|
* lib/krb5/pac.c: Add/remove pac buffer functions.
|
|
|
|
* lib/krb5/pac.c: sprinkle const
|
|
|
|
* lib/krb5/pac.c: rename DCHECK to CHECK
|
|
|
|
* Happy New Year.
|