55d4342540
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14066 ec53bebd-3082-4978-b11e-865c3cabbd6b
1001 lines
30 KiB
Plaintext
1001 lines
30 KiB
Plaintext
2004-07-23 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kuser/klist.c (print_cred_verbose): keytypes are no longer, use
|
|
enctype
|
|
|
|
2004-07-22 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99
|
|
compilers, From metze at samba.org
|
|
|
|
2004-07-20 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/test_cc.c: more cc tests
|
|
|
|
* lib/krb5/krb5_check_transited.3: document krb5_check_transited
|
|
|
|
2004-07-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/pkinit.c (pk_principal_from_X509): reverse test, makes
|
|
principal in cert work From: Mayur Patel <patelm4@rpi.edu>
|
|
|
|
2004-07-18 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/Makefile.am: add krb5_verify_init_creds.3
|
|
|
|
* lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds
|
|
|
|
2004-07-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org
|
|
description for krb5_passwd_result_to_string
|
|
|
|
2004-07-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar
|
|
fixes; split sentence in two for better understanding. From
|
|
wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here.
|
|
|
|
* lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan
|
|
Stone <jonathan@dsg.stanford.edu>
|
|
|
|
* lib/krb5/changepw.c (process_reply): cast ssize_t to long and
|
|
print that From NetBSD via Havard Eidnes.
|
|
|
|
2004-07-09 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* configure.in: fix helpstring for hdb-openldap-module
|
|
|
|
* lib/krb5/test_cc.c: don't use krb5_err on error code 0
|
|
|
|
2004-07-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better
|
|
|
|
2004-07-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const
|
|
|
|
2004-07-01 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with
|
|
right argument
|
|
|
|
2004-06-27 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the
|
|
krbtgt is without addresses, default to not sending our own
|
|
addrport
|
|
|
|
* lib/asn1/lex.l: add support for /* */ and partial line --
|
|
comments
|
|
|
|
* kuser/Makefile.am: don't install copy_cred_cache manpage
|
|
|
|
2004-06-24 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if
|
|
copying a static opt, make sure to allocate the "private" field
|
|
|
|
2004-06-24 Love <lha@stacken.kth.se>
|
|
|
|
* kdc/config.c: add enable_pkinit_princ_in_cert
|
|
|
|
* kdc/kdc_locl.h: enable_pkinit_princ_in_cert
|
|
|
|
* kdc/pkinit.c: Check certificate for Kerberos Principal in
|
|
OtherName of subjectAltName Based on patch from Mayur Patel
|
|
<patelm4@rpi.edu>
|
|
|
|
2004-06-21 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use
|
|
session key for authorization-data
|
|
|
|
2004-06-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/connect.c (handle_tcp): note who is what that closed the
|
|
connection on us
|
|
|
|
2004-06-09 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* admin/get.c (kt_get): catch errors from krb5_parse_name
|
|
|
|
2004-06-05 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c: if its the entry just contains the
|
|
structural object (no samba nor heimdal object), add an aux
|
|
heimdal object on to it.
|
|
|
|
2004-06-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kpasswd/kpasswd.c: use krb5_set_password_using_ccache
|
|
|
|
* lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache
|
|
|
|
* lib/krb5/changepw.c: implement krb5_set_password_using_ccache
|
|
|
|
* lib/hdb/hdb-ldap.c: Allow the objectClass to be
|
|
"sambaSamAccount" or structural_object when searching for uid
|
|
entries.
|
|
|
|
* lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base
|
|
|
|
* lib/hdb/hdb-ldap.c: add creation base that defaults to the
|
|
search base
|
|
|
|
* lib/hdb/hdb-ldap.c: indent like the rest of the code
|
|
|
|
2004-06-01 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c: check return values from ldap operations and
|
|
close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you
|
|
should retry by yourself.
|
|
|
|
* lib/hdb/hdb-ldap.c: require search base to be configured, create
|
|
local context structure
|
|
|
|
2004-05-31 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/setup.texi: more ldap text, partly from Tarjei Huse
|
|
<tarjei@nu.no>
|
|
|
|
2004-05-28 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c: clean, indent
|
|
|
|
* lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure
|
|
krb5KeyVersionNumber is added on new entires
|
|
|
|
2004-05-27 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/setup.texi: minor fixes, partly from Tarjei Huse
|
|
<tarjei@nu.no>
|
|
|
|
* lib/krb5/krb5.conf.5: some text about dbname and realm
|
|
|
|
* lib/krb5/krb5.conf.5: default value for
|
|
hdb-ldap-structural-object is account
|
|
|
|
2004-05-26 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* tools/Makefile.am: use ! instead of , as sed delimiter
|
|
|
|
2004-05-25 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions
|
|
|
|
2004-05-23 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean
|
|
|
|
* lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure
|
|
option
|
|
|
|
* lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From:
|
|
Andrew Bartlett <abartlet@samba.org>
|
|
|
|
* lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length
|
|
check From: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
* lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword
|
|
case, make sure ent->etypes are allocated, From: Andrew Bartlett
|
|
<abartlet@samba.org>
|
|
|
|
2004-05-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kuser/kinit.c: move "setpag if (argc < 1)" to common path
|
|
|
|
2004-05-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers
|
|
|
|
* fix-export: use right argument for -E
|
|
|
|
2004-05-06 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kuser/kinit.c: print some diagnostics if the exec fails
|
|
|
|
2004-04-29 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key
|
|
From: Luke Howard <lukeh@padl.com>
|
|
|
|
* lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket,
|
|
not just a pointer size of it From: Luke Howard <lukeh@padl.com>
|
|
|
|
2004-04-28 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* fix-export: add -E flag where needed to make-proto
|
|
|
|
2004-04-26 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/crypto.c: add set_param for RC2
|
|
|
|
* lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids
|
|
that are no longer needed
|
|
|
|
* kdc/pkinit.c: use krb5_enctype_to_oid
|
|
|
|
* lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists
|
|
before we compare with it
|
|
|
|
* lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length
|
|
before returning it add aes-oids
|
|
|
|
* lib/krb5/crypto.c: add krb5_enctype_to_oid and
|
|
krb5_oid_to_enctype
|
|
|
|
* kdc/pkinit.c: use krb5_crypto_set_params
|
|
|
|
* lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none
|
|
|
|
* lib/krb5/krb5.h: add KEYTYPE_AES192
|
|
|
|
* lib/krb5/pkinit.c: use krb5_crypto_get_params to implement
|
|
kcrypto RC2 support
|
|
|
|
* lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
|
|
rc2-cbc XXX RC2CBCParameter is wrong because the compiler is
|
|
broken
|
|
|
|
* lib/krb5/krb5.h: add KEYTYPE_RC2
|
|
|
|
* lib/krb5/crypto.c: add partial CMS parameter handling, this is
|
|
needed for RC2
|
|
|
|
* lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp
|
|
|
|
* lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c
|
|
|
|
* lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp
|
|
|
|
* lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE
|
|
|
|
* lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
|
|
rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken
|
|
|
|
2004-04-26 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/config_file.c: allow parsing directly from strings with
|
|
krb5_config_parse_string_multi
|
|
|
|
* lib/krb5/verify_krb5_conf.c: try to resolve hostnames
|
|
|
|
2004-04-25 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file
|
|
descriptor so we don't have to keep track of it in two places
|
|
|
|
* kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in
|
|
libkrb5
|
|
|
|
* lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its
|
|
own manpage
|
|
|
|
* replace krb5_free_creds_contents by krb5_free_cred_contents
|
|
|
|
* lib/krb5/cache.c: add krb5_cc_next_cred_match() and
|
|
krb5_cc_copy_cred_match()
|
|
|
|
* lib/krb5/creds.c (krb5_compare_creds): add more matching options
|
|
|
|
* lib/krb5/krb5.h: add more creds match flags
|
|
|
|
* kuser/copy_cred_cache: add --valid-for option
|
|
|
|
* lib/krb5/store.c (krb5_store_creds): set is_skey flag if length
|
|
of second ticket is > 0
|
|
|
|
2004-04-25 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c: use the right oid for pkauthdata
|
|
|
|
* lib/krb5/pkinit.c: always send both win2k compat version and the
|
|
ietf draft one, this is possible since microsoft use
|
|
wrong/diffrent PA number. Make the configuration flag boolean
|
|
configuring if NOT to send the win2k compat glue.
|
|
|
|
* lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec
|
|
|
|
* kuser/copy_cred_cache.1: pacify mdoclint
|
|
|
|
* kdc/pkinit.c: use IV for envelopeddata encryption, patch
|
|
originally from Luke Howard <lukeh@padl.com>, tweeked by me.
|
|
|
|
* lib/krb5/krb5_storage.3: document
|
|
KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
|
|
|
|
* lib/krb5/krb5_data.3: document that krb5_data_free cleans the
|
|
structure too
|
|
|
|
* lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch
|
|
originally from Luke Howard <lukeh@padl.com>, tweeked by me.
|
|
|
|
2004-04-24 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kuser/copy_cred_cache.{c,1}: add cred cache copy tool
|
|
|
|
* configure.in: use rk_SYS_LARGEFILE
|
|
|
|
* lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder
|
|
issue with a storage flag instead of a separate function.
|
|
|
|
2004-04-24 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c: move out the oid check from get_reply_key
|
|
|
|
* lib/krb5/pkinit.c: uniquify error messages
|
|
|
|
* lib/krb5/init_creds_pw.c: make the pkinit nonce same os the
|
|
plain nonce for now
|
|
|
|
* lib/krb5/pkinit.c: more w2k compat from Luke Howard
|
|
<lukeh@padl.com> add RC2 support, clean up error messages
|
|
|
|
* lib/krb5/pkinit.c: remove more dependency on
|
|
krb5_config->pkinit_flags
|
|
|
|
* lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft
|
|
style answer to IETF, From Luke Howard <lukeh@padl.com>
|
|
(_krb5_pk_create_sign): ms handles NULL in param, so always send it
|
|
(_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool }
|
|
|
|
* lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the
|
|
digestAlgorithm to sha1 (both for SignerInfo and SignedData, add
|
|
new function _set_digest_alg to set it
|
|
|
|
2004-04-23 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* include/make_crypto.c: include rc2.h, and when I'm here, make
|
|
aes mandatory
|
|
|
|
* lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT
|
|
kerberos
|
|
|
|
* lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on
|
|
failure
|
|
|
|
* lib/krb5/crypto.c (DES3_random_to_key): make it produce the
|
|
right result
|
|
(DES3_postproc): use DES3_random_to_key
|
|
(krb5_random_to_key): check the required number of bits (not the size
|
|
of the key)
|
|
|
|
* lib/krb5/aes-test.c: test random to key function
|
|
|
|
* lib/krb5/string-to-key-test.c: comment out the "@"/"" test for
|
|
now
|
|
|
|
2004-04-22 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krb5_string_to_key.3: document that
|
|
krb5_string_to_key_derived is broken for non 3des enctypes and
|
|
thus deprecated
|
|
|
|
* kdc/pkinit.c (generate_dh_keyblock): use the new function
|
|
krb5_random_to_key
|
|
|
|
* lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they
|
|
need special processing
|
|
|
|
* lib/krb5/crypto.c (krb5_random_to_key): new function
|
|
|
|
* lib/krb5/krb5_keyblock.3: document krb5_random_to_key
|
|
|
|
2004-04-21 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/pkinit.c: use the first proposed enable enctype
|
|
|
|
* lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the
|
|
return from krb5_enctype_valid
|
|
|
|
* kdc/pkinit.c: at least try to handle diffrent enveloped enctypes
|
|
|
|
2004-04-21 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid
|
|
components being smaller then 127 and allocate one extra element
|
|
since first byte is split to to elements.
|
|
|
|
2004-04-20 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE:
|
|
private use, lukeh@padl.com
|
|
|
|
2004-04-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode
|
|
DH public key
|
|
|
|
2004-04-18 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krb5_init_context.3: add krb5_context to so its added
|
|
as manpage-link too
|
|
|
|
2004-04-17 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation,
|
|
XXX add locking
|
|
|
|
* kuser/kdestroy.c: add --credential argument that just remove one
|
|
credential entry out of the cache specified
|
|
|
|
* kdc/pkinit.c: replace the krb5.conf configuration option that
|
|
describes the mapping between principals and subject names with a
|
|
file, default /var/heimdal/pki-mapping. XXX this should be pushed
|
|
into HDB. XXX should add issuer too
|
|
|
|
* kdc/config.c: merge certificate/private_key to a user_id
|
|
|
|
2004-04-16 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/kdc_locl.h: update prototype for pk_initialize
|
|
|
|
* kuser/kinit.c: merge certificate/private_key to a user_id
|
|
|
|
* kdc/pkinit.c: adapt to heim_integer changes
|
|
|
|
* lib/krb5/pkinit.c: merge certificate/private_key to a user_id
|
|
|
|
* kdc/pkinit.c: adapt to heim_integer changes,
|
|
merge certificate/private_key to a user_id
|
|
|
|
2004-04-15 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE
|
|
|
|
2004-04-13 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building
|
|
libkrb5.la, add KRB5_LIB_FUNCTION proto
|
|
|
|
* lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION
|
|
|
|
* configure.in: export KRB5_LIB_FUNCTION when building with
|
|
BUILD_KRB5_LIB
|
|
|
|
* lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add
|
|
error strings
|
|
|
|
* lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing
|
|
is printed on stderr, fflush it
|
|
|
|
* lib/krb5/krb5_keyblock.3: free functions also zeros out the key
|
|
|
|
* lib/krb5/krb5_get_init_creds.3: some text about
|
|
krb5_prompter_posix
|
|
|
|
* lib/krb5/krb5.conf.5: document hdb-ldap-structural-object
|
|
|
|
* lib/krb5/cache.c: add krb5_cc_get_prefix_ops
|
|
|
|
* lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops
|
|
|
|
2004-04-05 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* appl/test/http_client.c: support GSS_C_DELEG_FLAG and
|
|
GSS_C_MUTUAL_FLAG
|
|
|
|
* appl/test/http_client.c: verbose logging
|
|
|
|
2004-04-02 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/connect.c: case size_t to unsigned long for LP64 platforms
|
|
|
|
2004-04-01 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of
|
|
default structural object
|
|
|
|
* tools/Makefile.am: handle sed expression breaking
|
|
|
|
2004-03-31 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr
|
|
|
|
* lib/krb5/changepw.c: add tcp support to the set protocol, should
|
|
be cleaned up to enable sharing code with krb5_sendto
|
|
|
|
* kpasswd/kpasswd.c (change_password): remove extra free
|
|
|
|
* lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on
|
|
osf/1
|
|
|
|
2004-03-30 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't
|
|
increase md->len, krb5_padata_add already does that
|
|
|
|
* lib/krb5/init_creds.c: its PAC not PAQ
|
|
|
|
* kuser/kinit.c: its PAC not PAQ
|
|
|
|
* kdc/kerberos4.c: stop the client from renewing tickets into the
|
|
future From: Jeffrey Hutzelman <jhutz@cmu.edu>
|
|
|
|
2004-03-29 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* configure.in: try to handle sys/strtty.h needing sys/stream.h
|
|
|
|
2004-03-23 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no
|
|
longer used
|
|
|
|
* kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/
|
|
|
|
* lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to
|
|
external users by prefixing it with _
|
|
|
|
* lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/
|
|
|
|
* lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external
|
|
users by prefixing it with _
|
|
|
|
2004-03-22 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c: add missing }
|
|
|
|
2004-03-21 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/pkinit.c: adapt to change of signature of
|
|
_krb5_pk_load_openssl_id
|
|
|
|
* lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add
|
|
prompter argument and use it
|
|
|
|
* kuser/kinit.c: adapt to signature change of
|
|
krb5_get_init_creds_opt_set_pkinit
|
|
|
|
* lib/krb5/krb5.3: add more stuff, 105 functions to go
|
|
|
|
* lib/krb5/krb5_rcache.3: add krb5_get_server_rcache
|
|
|
|
* lib/krb5/krb5_rcache.3: framework for replay cache manpage
|
|
|
|
* lib/krb5/krb5_string_to_key.3: document string to key functions
|
|
|
|
* lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3
|
|
krb5_find_padata.3 krb5_generate_random_block.3
|
|
|
|
* lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length
|
|
|
|
* lib/krb5/krb5.3: add some more, 137 to go
|
|
|
|
* lib/krb5/krb5_principal.3: document krb5_get_default_principal
|
|
|
|
* lib/krb5/krb5_keyblock.3: document krb5_generate_subkey
|
|
|
|
* lib/krb5/krb5_generate_random_block.3: document
|
|
krb5_generate_random_block
|
|
|
|
* lib/krb5/krb5_find_padata.3: document padata functions
|
|
|
|
* lib/krb5/krb5.3: add some more, 142 to go
|
|
|
|
* lib/krb5/krb5_creds.3: drop .Pp before .Sh
|
|
|
|
* lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm
|
|
|
|
* lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname
|
|
and krb5_expand_hostname_realms
|
|
|
|
* lib/krb5/krb5.3: add more functions, 147 to go
|
|
|
|
* lib/krb5/krb5_creds.3: document krb5_creds
|
|
|
|
* lib/krb5/krb5_get_init_creds.3: add more functions, some more
|
|
text
|
|
|
|
* lib/krb5/krb5_ticket.3: document
|
|
krb5_ticket_get_authorization_data_type
|
|
|
|
2004-03-20 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/aes-test.c: remove #if 0'ed code
|
|
|
|
* lib/krb5/krb5.3: add keyblock functions, 177 functions to go
|
|
|
|
* lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache
|
|
|
|
* lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket
|
|
|
|
* lib/krb5/krb5_config.3: document krb5_config_free_strings and
|
|
krb5_config_file_free
|
|
|
|
* lib/krb5/krb5_create_checksum.3: add krb5_hmac
|
|
|
|
* lib/krb5/krb5.3: add keyblock functions, 190 functions to go
|
|
|
|
* lib/krb5/krb5_keyblock.3: update .Dd
|
|
|
|
* lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and
|
|
krb5_generate_random_keyblock
|
|
|
|
* lib/krb5/krb5_init_context.3: add krb5_init_ets
|
|
|
|
* lib/krb5/krb5_config.3: add more krb5_config_ functions and
|
|
prototypes
|
|
|
|
* lib/krb5/krb5_init_context.3: document context modifcation
|
|
functions: address list, config file, use admin kdc, fcc version
|
|
|
|
* lib/krb5/krb5_storage.3: document krb5_storage and related
|
|
functions
|
|
|
|
* lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc
|
|
manpages and test_acl test program
|
|
|
|
* lib/krb5/krb5.3: add error string functions and sort
|
|
|
|
* lib/krb5/krb5_warn.3: document krb5_abort and error string
|
|
functions
|
|
|
|
* lib/krb5/krb5.3: add missing functions, only 285 left to
|
|
document
|
|
|
|
* lib/krb5/krb5_crypto_init.3: remove various enctype related
|
|
function
|
|
|
|
* lib/krb5/krb5_encrypt.3: add various enctype related function
|
|
here
|
|
|
|
* lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid
|
|
krb5_cksumtype_valid
|
|
|
|
* lib/krb5/crypto.c: real return values for
|
|
krb5_{enctype,cksumtype}_valid
|
|
|
|
* lib/krb5/krb5_create_checksum.3: add some functions and
|
|
descriptions
|
|
|
|
* lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions
|
|
|
|
* lib/krb5/krb5_auth_context.3: document
|
|
krb5_auth_con_generatelocalsubkey
|
|
|
|
* lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags
|
|
|
|
* lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name
|
|
|
|
* lib/krb5/krb5_init_context.3: document krb5_add_et_list
|
|
|
|
* lib/krb5/krb524_convert_creds_kdc.3: document
|
|
krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache
|
|
|
|
* lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_*
|
|
|
|
* lib/krb5/test_acl.c: test for generic acl code
|
|
|
|
* lib/krb5/acl.c: plug memory leak on file matching,
|
|
make it not fall over when no non matching acl,
|
|
make fnmatch matching useful by switching arguments
|
|
|
|
2004-03-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/config.c: add --builtin-hdb command
|
|
|
|
* lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin
|
|
backends
|
|
|
|
* doc/setup.texi: include Luke Howard of PADL.COM ldap hdb
|
|
documentation
|
|
|
|
* doc/win2k.texi: fix bugs in examples, add more restrictions, use
|
|
example.com as an example. From: Pavel Ferdan
|
|
<xferdan@informatics.muni.cz>
|
|
|
|
2004-03-18 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin]
|
|
password_lifetime; from Henry B. Hotz
|
|
|
|
2004-03-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY
|
|
is set send subkey
|
|
(generate if needed)
|
|
|
|
* lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY
|
|
|
|
2004-03-14 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks,
|
|
and free memory in error path, assume realloc(NULL, ...) works,
|
|
factor out common code, indent
|
|
|
|
2004-03-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/verify_krb5_conf.c: understand [password_quality]
|
|
spelling
|
|
|
|
* kuser/kgetcred.1: document --canonicalize
|
|
|
|
* kuser/kgetcred.c: add --canonicalize
|
|
|
|
2004-03-10 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/fcache.c (fcc_store_cred): NULL terminate
|
|
krb5_config_get_bool_default' arglist
|
|
|
|
2004-03-09 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply
|
|
|
|
* kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry
|
|
|
|
* kdc/pkinit.c: pass client hdb_entry to pk_check_client
|
|
|
|
* kdc/kdc_locl.h: pass client hdb_entry to pk_check_client
|
|
|
|
* kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its
|
|
more like that language in RFC3280
|
|
|
|
* lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since
|
|
its more like that language in RFC3280
|
|
|
|
* lib/krb5/krb5.conf.5: document
|
|
[libdefaults]fcc-mit-ticketflags=boolean
|
|
|
|
* lib/krb5/fcache.c (fcc_store_cred): use
|
|
[libdefaults]fcc-mit-ticketflags=boolean to decide what format to
|
|
write the fcc in. Default to mit version (aka heimdal 0.7)
|
|
|
|
* lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and
|
|
_krb5_store_creds_heimdal_pre_0_7 that store the creds in just
|
|
that format make krb5_store_creds default to mit format
|
|
|
|
* lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is
|
|
the higher bits of the bitfield
|
|
|
|
2004-03-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/store.c (krb5_store_creds): add disabled code that
|
|
store the ticket flags in reverse order
|
|
(bitswap32): new function
|
|
|
|
* lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags
|
|
are set, its a mit cache, reverse the bits, bug pointed out by
|
|
Sergio Gelato <Sergio.Gelato@astro.su.se>
|
|
|
|
2004-03-07 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP *
|
|
|
|
* kuser/kinit.c: when running kinit with a subprocess, fetch new
|
|
tickets after half the tickets lifetime
|
|
|
|
* lib/hdb/hdb.c: spelling
|
|
|
|
* lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba
|
|
password database. From: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
* kdc/config.c: add --disable-DES
|
|
|
|
* kdc/kdc.8: document --detach and --disable-DES
|
|
|
|
* kdc/kerberos5.c: check if enctype is disabled before using it
|
|
|
|
* lib/krb5/crypto.c: add support for disabling checksum/encryption
|
|
types
|
|
|
|
* tools/kdc-log-analyze.pl: add more cases
|
|
|
|
* kdc/connect.c: on strange tcp error; log local port number and
|
|
socket type
|
|
|
|
* lib/asn1/der.h: fix prototype of encode_utf8string
|
|
|
|
* lib/asn1/gen.c: catch CHOICE and generate dummy placeholder
|
|
|
|
* lib/asn1/lex.l: added dummy parsing of CHOICE
|
|
|
|
* lib/asn1/parse.y: added dummy parsing of CHOICE
|
|
|
|
* lib/asn1/k5.asn1: drop SMTP_NAME
|
|
|
|
2004-03-06 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/hdb/Makefile.am: support building ldap backend as module
|
|
sort asn1 hdb files
|
|
|
|
* lib/hdb/hdb.c: when building ldap as a shared module, don't
|
|
include it in the list
|
|
|
|
* configure.in: add --enable-hdb-openldap-module
|
|
|
|
* lib/hdb/hdb-ldap.c: make ldap possible to build as a shared
|
|
module
|
|
|
|
* lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew
|
|
Bartlett <abartlet@samba.org>
|
|
|
|
* lib/krb5/crypto.c (decrypt_internal_special): do not not modify
|
|
the original data test case from Ronnie Sahlberg
|
|
<ronnie_sahlberg@ozemail.com.au>
|
|
|
|
2004-03-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/test_cc.c: more cc tests, mostly related to mcc
|
|
behavior
|
|
|
|
* lib/krb5/mcache.c (mcc_get_principal): also check for
|
|
primary_principal == NULL now that that isn't used as dead flag
|
|
|
|
* lib/krb5/mcache.c: don't overload the primary_principal == NULL
|
|
as dead since that doesn't always work. Based on patch from
|
|
Jeffrey Hutzelman <jhutz@cmu.edu>, tweeked by me
|
|
|
|
2004-02-22 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
|
|
|
|
* lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
|
|
|
|
* lib/hdb/db3.c: fix all db >= 4.1 cases
|
|
|
|
* doc/setup.texi: add text about hostname to realm mapping using
|
|
DNS
|
|
|
|
2004-02-20 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/pkinit.c: update error codes
|
|
|
|
* lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_
|
|
|
|
* lib/krb5/pkinit.c: update error codes
|
|
|
|
2004-02-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort()
|
|
|
|
* lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling
|
|
|
|
* lib/krb5/store.c: handle memory allocate errors
|
|
|
|
* lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok,
|
|
and don't put an error in the error strings then
|
|
|
|
2004-02-13 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kdc/pkinit.c: s/heim_big_integer/heim_integer/
|
|
|
|
* lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/
|
|
|
|
* kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors
|
|
|
|
* lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT
|
|
errors
|
|
|
|
* lib/krb5/heim_err.et: add HEIM_PKINIT specific errors
|
|
|
|
2004-02-12 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* configure.in: rename AC_WFLAGS to rk_WFLAGS
|
|
|
|
* acinclude.m4: use m4_define, over-quote string
|
|
|
|
2004-02-11 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/init_creds_pw.c (change_password): handle that
|
|
printf("%.*s", 0, (void*)NULL); doesn't work on solaris
|
|
|
|
2004-02-10 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kpasswd/kpasswd.c (change_password): handle that printf("%.*s",
|
|
0, (void*)NULL); doesn't work on solaris
|
|
|
|
* lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses
|
|
some locate.updatedb, use FILES section to describe where the file
|
|
is instead.
|
|
|
|
2004-02-07 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned
|
|
for certain negative integers, it got the length wrong" , from
|
|
Panasas, Inc.
|
|
|
|
* lib/asn1/der_length.c: Fix len_unsigned for certain negative
|
|
integers, it got the length wrong, fix from Panasas, Inc.
|
|
|
|
rename len_int and len_unsigned to _heim_\&
|
|
|
|
* lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int
|
|
|
|
2004-02-06 Dave Love <d.love@dl.ac.uk>
|
|
|
|
* configure.in: Check for sys/socket.h, net/if.h. Modify term.h,
|
|
security/pam_appl.h tests.
|
|
|
|
2004-02-03 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add
|
|
up the size of all the elements, don't use just the size of the
|
|
last element.
|
|
|
|
* lib/krb5/aes-test.c: add "next iv" test for aes128, check
|
|
decryption case too
|
|
|
|
* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
|
|
the next to last block, fix decryption case too
|
|
|
|
* lib/krb5/aes-test.c: add "next iv" test for aes128
|
|
|
|
* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
|
|
the next to last block
|
|
|
|
* lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
|
|
error
|
|
|
|
* lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
|
|
error
|
|
|
|
* lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1
|
|
encode error
|
|
|
|
* lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode
|
|
error
|
|
|
|
* lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1
|
|
encode error
|
|
|
|
* lib/krb5/build_auth.c (krb5_build_authenticator): abort on
|
|
internal asn1 encode error
|
|
|
|
* lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal
|
|
asn1 encode error
|
|
|
|
2004-01-30 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* doc/setup.texi: some text about order of [capaths] realms
|
|
|
|
2004-01-25 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/context.c: register WRFILE ops
|
|
|
|
* lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE)
|
|
|
|
* lib/krb5/krb5.h: add krb5_wrfkt_ops
|
|
|
|
* kpasswd/kpasswdd.c (change): use the right password when
|
|
changing the password
|
|
|
|
2004-01-21 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it
|
|
means that the filesystem doesn't support locking
|
|
|
|
* lib/krb5/keytab.c: remove #if 0 out file locking code
|
|
|
|
2004-01-19 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/asn1/gen_length.c (length_type): TSequenceOf: add up the
|
|
size of all the elements, don't use just the size of the last
|
|
element.
|
|
|
|
2004-01-13 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* kuser/kinit.c (renew_validate): if renewable_flag and not time
|
|
specifed, use "1 month"
|
|
|
|
2004-01-08 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/krb5_keyblock.3: add prototypes, describe
|
|
krb5_keyblock_zero
|
|
|
|
2004-01-05 Love Hörnquist Åstrand <lha@it.su.se>
|
|
|
|
* lib/krb5/get_for_creds.c (add_addrs): don't add same address
|
|
multiple times
|
|
|
|
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to
|
|
handle errors better for previous commit
|
|
|
|
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets
|
|
are address-less, forward address-less tickets.
|
|
|
|
* lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and
|
|
export it
|
|
|