1 |
< |
2006-12-28 Love Hörnquist Åstrand <lha@it.su.se> |
1 |
> |
2006-12-28 Love Hörnquist Åstrand <lha@it.su.se> |
2 |
|
|
3 |
|
* kdc/process.c: Handle kx509 requests. |
4 |
|
|
26 |
|
* lib/krb5/digest.c (krb5_ntlm_rep_get_sessionkey): return value |
27 |
|
is krb5_error_code |
28 |
|
|
29 |
< |
2006-12-27 Love Hörnquist Åstrand <lha@it.su.se> |
29 |
> |
2006-12-27 Love Hörnquist Åstrand <lha@it.su.se> |
30 |
|
|
31 |
|
* lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): use md5 for |
32 |
|
des-cbc-md4 and des-cbc-md5. This is for (older) windows that |
33 |
|
will be unhappy anything else. From Inna Bort-Shatsky |
34 |
|
|
35 |
< |
2006-12-26 Love Hörnquist Åstrand <lha@it.su.se> |
35 |
> |
2006-12-26 Love Hörnquist Åstrand <lha@it.su.se> |
36 |
|
|
37 |
|
* kdc/digest.c: Prefix internal symbol with _kdc_. |
38 |
|
|
48 |
|
|
49 |
|
* kdc/digest.c: Add digest acl's |
50 |
|
|
51 |
< |
2006-12-22 Love Hörnquist Åstrand <lha@it.su.se> |
51 |
> |
2006-12-22 Love Hörnquist Åstrand <lha@it.su.se> |
52 |
|
|
53 |
|
* fix-export: build ntlm-private.h |
54 |
|
|
55 |
< |
2006-12-20 Love Hörnquist Åstrand <lha@it.su.se> |
55 |
> |
2006-12-20 Love Hörnquist Åstrand <lha@it.su.se> |
56 |
|
|
57 |
|
* include/make_crypto.c: Include <.../hmac.h>. |
58 |
|
|
65 |
|
* kdc/digest.c: Add support for generating NTLM2 session security |
66 |
|
answer. |
67 |
|
|
68 |
< |
2006-12-19 Love Hörnquist Åstrand <lha@it.su.se> |
68 |
> |
2006-12-19 Love Hörnquist Åstrand <lha@it.su.se> |
69 |
|
|
70 |
|
* lib/krb5/digest.c: Add sessionkey accessor functions. |
71 |
|
|
72 |
< |
2006-12-18 Love Hörnquist Åstrand <lha@it.su.se> |
72 |
> |
2006-12-18 Love Hörnquist Åstrand <lha@it.su.se> |
73 |
|
|
74 |
|
* kdc/digest.c: Unwrap the NTLM session key and return it to the |
75 |
|
server. |
76 |
|
|
77 |
< |
2006-12-17 Love Hörnquist Åstrand <lha@it.su.se> |
77 |
> |
2006-12-17 Love Hörnquist Åstrand <lha@it.su.se> |
78 |
|
|
79 |
|
* lib/krb5/store.c (krb5_ret_principal): Fix a bug in the malloc |
80 |
|
failure part, noticed by Arnaud Lacombe in NetBSD coverity scan. |
81 |
|
|
82 |
< |
2006-12-15 Love Hörnquist Åstrand <lha@it.su.se> |
82 |
> |
2006-12-15 Love Hörnquist Åstrand <lha@it.su.se> |
83 |
|
|
84 |
|
* lib/krb5/fcache.c (fcc_get_cache_next): avoid const warning. |
85 |
|
|
111 |
|
* lib/krb5/krb5_locl.h: Expand the default root for some of the cc |
112 |
|
type names. |
113 |
|
|
114 |
< |
2006-12-14 Love Hörnquist Åstrand <lha@it.su.se> |
114 |
> |
2006-12-14 Love Hörnquist Åstrand <lha@it.su.se> |
115 |
|
|
116 |
|
* lib/krb5/init_creds_pw.c (free_paid): free the krb5_data |
117 |
|
structure too. Bug report from Stefan Metzmacher. |
118 |
|
|
119 |
< |
2006-12-12 Love Hörnquist Åstrand <lha@it.su.se> |
119 |
> |
2006-12-12 Love Hörnquist Åstrand <lha@it.su.se> |
120 |
|
|
121 |
|
* kuser/kinit.c: Read the appdefault configration before we try to |
122 |
|
use the flags. Bug reported by Ingemar Nilsson. |
125 |
|
|
126 |
|
* kuser/kdigest-commands.in: prefix digest commands with digest- |
127 |
|
|
128 |
< |
2006-12-10 Love Hörnquist Åstrand <lha@it.su.se> |
128 |
> |
2006-12-10 Love Hörnquist Åstrand <lha@it.su.se> |
129 |
|
|
130 |
|
* kdc/hprop.c: Return error codes on failure, improve error |
131 |
|
reporting. |
132 |
|
|
133 |
< |
2006-12-08 Love Hörnquist Åstrand <lha@it.su.se> |
133 |
> |
2006-12-08 Love Hörnquist Åstrand <lha@it.su.se> |
134 |
|
|
135 |
|
* lib/krb5/pkinit.c: sprinkle more _krb5_pk_copy_error |
136 |
|
|
137 |
|
* lib/krb5/pkinit.c: Copy more hx509 error strings to krb5 error |
138 |
|
strings |
139 |
|
|
140 |
< |
2006-12-07 Love Hörnquist Åstrand <lha@it.su.se> |
140 |
> |
2006-12-07 Love Hörnquist Åstrand <lha@it.su.se> |
141 |
|
|
142 |
|
* include/Makefile.am: CLEANFILES += vis.h |
143 |
|
|
144 |
< |
2006-12-06 Love Hörnquist Åstrand <lha@it.su.se> |
144 |
> |
2006-12-06 Love Hörnquist Åstrand <lha@it.su.se> |
145 |
|
|
146 |
|
* kdc/kerberos5.c (_kdc_as_rep): add AD-INITAL-VERIFIED-CAS to the |
147 |
|
encrypted ticket |
164 |
|
really should be the trust anchors of the client. |
165 |
|
|
166 |
|
* kuser/generate-requests.c: Use strcspn to remove \n from |
167 |
< |
string returned by fgets. From Björn Sandell |
167 |
> |
string returned by fgets. From Björn Sandell |
168 |
|
|
169 |
|
* kpasswd/kpasswd-generator.c: Use strcspn to remove \n from |
170 |
< |
string returned by fgets. From Björn Sandell |
170 |
> |
string returned by fgets. From Björn Sandell |
171 |
|
|
172 |
< |
2006-12-05 Love Hörnquist Åstrand <lha@it.su.se> |
172 |
> |
2006-12-05 Love Hörnquist Åstrand <lha@it.su.se> |
173 |
|
|
174 |
|
* lib/hdb/hdb-ldap.c: Clear errno before calling the strtol |
175 |
< |
functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn |
175 |
> |
functions. From Paul Stoeber to OpenBSD by Ray Lai and Björn |
176 |
|
Sandell. |
177 |
|
|
178 |
|
* lib/krb5/config_file.c: Use strcspn to remove \n from fgets |
179 |
< |
result. Prompted by change by Ray Lai of OpenBSD via Björn |
179 |
> |
result. Prompted by change by Ray Lai of OpenBSD via Björn |
180 |
|
Sandell. |
181 |
|
|
182 |
|
* kdc/string2key.c: Use strcspn to remove \n from fgets |
183 |
< |
result. Prompted by change by Ray Lai of OpenBSD via Björn |
183 |
> |
result. Prompted by change by Ray Lai of OpenBSD via Björn |
184 |
|
Sandell. |
185 |
|
|
186 |
< |
2006-11-30 Love Hörnquist Åstrand <lha@it.su.se> |
186 |
> |
2006-11-30 Love Hörnquist Åstrand <lha@it.su.se> |
187 |
|
|
188 |
|
* lib/krb5/krbhst.c (plugin_get_hosts): be more paranoid and pass |
189 |
|
in a NULLed plugin list |
190 |
|
|
191 |
< |
2006-11-29 Love Hörnquist Åstrand <lha@it.su.se> |
191 |
> |
2006-11-29 Love Hörnquist Åstrand <lha@it.su.se> |
192 |
|
|
193 |
|
* lib/krb5/verify_krb5_conf.c: add more pkinit options. |
194 |
|
|
201 |
|
|
202 |
|
* lib/hdb/Makefile.am: Add LIB_com_err to pacify AIX |
203 |
|
|
204 |
< |
2006-11-28 Love Hörnquist Åstrand <lha@it.su.se> |
204 |
> |
2006-11-28 Love Hörnquist Åstrand <lha@it.su.se> |
205 |
|
|
206 |
|
* lib/hdb/hdb-ldap.c: Make build again from the hdb_entry |
207 |
|
wrapping. Patch from Andreas Hasenack. |
209 |
|
* kdc/pkinit.c: Need better code in the DH parameter rejection |
210 |
|
case, add comment to that effect. |
211 |
|
|
212 |
< |
2006-11-27 Love Hörnquist Åstrand <lha@it.su.se> |
212 |
> |
2006-11-27 Love Hörnquist Åstrand <lha@it.su.se> |
213 |
|
|
214 |
|
* kdc/krb5tgs.c: Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large |
215 |
|
packets when using datagram based transports. |
218 |
|
|
219 |
|
* lib/krb5/pkinit.c (build_auth_pack): set supportedCMSTypes. |
220 |
|
|
221 |
< |
2006-11-26 Love Hörnquist Åstrand <lha@it.su.se> |
221 |
> |
2006-11-26 Love Hörnquist Åstrand <lha@it.su.se> |
222 |
|
|
223 |
|
* lib/krb5/pkinit.c: Pass down hx509_peer_info. |
224 |
|
|
228 |
|
* kdc/pkinit.c (_kdc_pk_rd_padata): Pick up supportedCMSTypes and |
229 |
|
pass in into hx509_cms_create_signed_1 via hx509_peer_info blob. |
230 |
|
|
231 |
< |
2006-11-24 Love Hörnquist Åstrand <lha@it.su.se> |
231 |
> |
2006-11-24 Love Hörnquist Åstrand <lha@it.su.se> |
232 |
|
|
233 |
|
* lib/krb5/send_to_kdc.c: Set the large_msg_size to 1400, lets not |
234 |
|
fragment packets and avoid stupid linklayers that doesn't allow |
235 |
|
fragmented packets (unix dgram sockets on Mac OS X) |
236 |
|
|
237 |
< |
2006-11-23 Love Hörnquist Åstrand <lha@it.su.se> |
237 |
> |
2006-11-23 Love Hörnquist Åstrand <lha@it.su.se> |
238 |
|
|
239 |
|
* lib/krb5/pkinit.c (_krb5_pk_create_sign): stuff down the users |
240 |
|
certs in the pool to make sure a path is returned, without this |
241 |
|
proxy certificates wont work. |
242 |
|
|
243 |
< |
2006-11-21 Love Hörnquist Åstrand <lha@it.su.se> |
243 |
> |
2006-11-21 Love Hörnquist Åstrand <lha@it.su.se> |
244 |
|
|
245 |
|
* kdc/config.c: Make all pkinit options prefixed with pkinit_ |
246 |
|
|
257 |
|
* lib/krb5/get_cred.c: Use KRB5_KU_OTHER_CKSUM for the impersonate |
258 |
|
checksum. |
259 |
|
|
260 |
< |
2006-11-20 Love Hörnquist Åstrand <lha@it.su.se> |
260 |
> |
2006-11-20 Love Hörnquist Åstrand <lha@it.su.se> |
261 |
|
|
262 |
|
* lib/krb5/verify_user.c: Make krb5_get_init_creds_opt_free take a |
263 |
|
context argument. |
286 |
|
* appl/gssmask/gssmask.c: Make krb5_get_init_creds_opt_free take a |
287 |
|
context argument. |
288 |
|
|
289 |
< |
2006-11-19 Love Hörnquist Åstrand <lha@it.su.se> |
289 |
> |
2006-11-19 Love Hörnquist Åstrand <lha@it.su.se> |
290 |
|
|
291 |
|
* doc/setup.texi: fix pkinit option (s/-/_/) |
292 |
|
|
293 |
|
* kdc/config.c: revert the enable-pkinit change, and make it |
294 |
|
consistant with all other other enable- options |
295 |
|
|
296 |
< |
2006-11-17 Love Hörnquist Åstrand <lha@it.su.se> |
296 |
> |
2006-11-17 Love Hörnquist Åstrand <lha@it.su.se> |
297 |
|
|
298 |
|
* doc/setup.texi: Make all pkinit options prefixed with pkinit_ |
299 |
|
|
310 |
|
* lib/krb5/mit_glue.c (krb5_c_keylength): mit changed the api, |
311 |
|
deal. |
312 |
|
|
313 |
< |
2006-11-13 Love Hörnquist Åstrand <lha@it.su.se> |
313 |
> |
2006-11-13 Love Hörnquist Åstrand <lha@it.su.se> |
314 |
|
|
315 |
|
* lib/krb5/pac.c (fill_zeros): stop using MIN. |
316 |
|
|
325 |
|
* lib/krb5/krbhst.c: Use plugin for the other realm locate types |
326 |
|
too. |
327 |
|
|
328 |
< |
2006-11-12 Love Hörnquist Åstrand <lha@it.su.se> |
328 |
> |
2006-11-12 Love Hörnquist Åstrand <lha@it.su.se> |
329 |
|
|
330 |
|
* lib/krb5/krb5_locl.h: Add plugin api |
331 |
|
|
344 |
|
|
345 |
|
* lib/krb5/krb5.h: Add struct krb5_pac. |
346 |
|
|
347 |
< |
2006-11-09 Love Hörnquist Åstrand <lha@it.su.se> |
347 |
> |
2006-11-09 Love Hörnquist Åstrand <lha@it.su.se> |
348 |
|
|
349 |
|
* lib/krb5/test_pac.c: PAC testing. |
350 |
|
|
362 |
|
|
363 |
|
* lib/krb5/mit_glue.c: Add krb5_c_keylength. |
364 |
|
|
365 |
< |
2006-11-08 Love Hörnquist Åstrand <lha@it.su.se> |
365 |
> |
2006-11-08 Love Hörnquist Åstrand <lha@it.su.se> |
366 |
|
|
367 |
|
* lib/krb5/pac.c: Almost enough code to do PAC parsing and |
368 |
|
verification, missing in the unix2NTTIME and ucs2 corner. The |
372 |
|
|
373 |
|
* kdc/hpropd.c: Remove support dumping to a kerberos 4 database. |
374 |
|
|
375 |
< |
2006-11-07 Love Hörnquist Åstrand <lha@it.su.se> |
375 |
> |
2006-11-07 Love Hörnquist Åstrand <lha@it.su.se> |
376 |
|
|
377 |
|
* lib/krb5/context.c: rename krb5_[gs]et_time_wrap to |
378 |
|
krb5_[gs]et_max_time_skew |
382 |
|
|
383 |
|
* lib/krb5/rd_req.c: Add more krb5_rd_req_out_get functions. |
384 |
|
|
385 |
< |
2006-11-06 Love Hörnquist Åstrand <lha@it.su.se> |
385 |
> |
2006-11-06 Love Hörnquist Åstrand <lha@it.su.se> |
386 |
|
|
387 |
|
* lib/krb5/krb5.h: krb5_rd_req{,_in,_out}_ctx. |
388 |
|
|
390 |
|
dancing version of the krb5_rd_req and implement krb5_rd_req and |
391 |
|
krb5_rd_req_with_keyblock using it. |
392 |
|
|
393 |
< |
2006-11-04 Love Hörnquist Åstrand <lha@it.su.se> |
393 |
> |
2006-11-04 Love Hörnquist Åstrand <lha@it.su.se> |
394 |
|
|
395 |
|
* kdc/kerberos5.c (_kdc_as_rep): More verbose time skew logging. |
396 |
|
|
397 |
< |
2006-11-03 Love Hörnquist Åstrand <lha@it.su.se> |
397 |
> |
2006-11-03 Love Hörnquist Åstrand <lha@it.su.se> |
398 |
|
|
399 |
|
* lib/krb5/expand_hostname.c: Rename various routines and |
400 |
|
constants from canonize to canonicalize. From Andrew Bartlett |
407 |
|
* appl/gssmask/common.c (add_list): fix alloc statement. |
408 |
|
From Alex Deiter |
409 |
|
|
410 |
< |
2006-10-25 Love Hörnquist Åstrand <lha@it.su.se> |
410 |
> |
2006-10-25 Love Hörnquist Åstrand <lha@it.su.se> |
411 |
|
|
412 |
|
* include/Makefile.am: Move version.h and version.h.in to |
413 |
|
DISTCLEANFILES. |
414 |
|
|
415 |
< |
2006-10-24 Love Hörnquist Åstrand <lha@it.su.se> |
415 |
> |
2006-10-24 Love Hörnquist Åstrand <lha@it.su.se> |
416 |
|
|
417 |
|
* appl/gssmask/gssmask.c: Only log when there are resources left. |
418 |
|
|
421 |
|
* appl/gssmask/gssmask.c (AcquireCreds): free |
422 |
|
krb5_get_init_creds_opt |
423 |
|
|
424 |
< |
2006-10-23 Love Hörnquist Åstrand <lha@it.su.se> |
424 |
> |
2006-10-23 Love Hörnquist Åstrand <lha@it.su.se> |
425 |
|
|
426 |
|
* configure.in: heimdal 0.8-RC1 |
427 |
|
|
428 |
< |
2006-10-22 Love Hörnquist Åstrand <lha@it.su.se> |
428 |
> |
2006-10-22 Love Hörnquist Åstrand <lha@it.su.se> |
429 |
|
|
430 |
|
* lib/krb5/digest.c: Try to not leak memory. |
431 |
|
|
459 |
|
|
460 |
|
* lib/krb5/crypto.c (AES_string_to_key): Try to not leak memory. |
461 |
|
|
462 |
< |
2006-10-21 Love Hörnquist Åstrand <lha@it.su.se> |
462 |
> |
2006-10-21 Love Hörnquist Åstrand <lha@it.su.se> |
463 |
|
|
464 |
|
* tools/heimdal-build.sh: Add --test-environment |
465 |
|
|
468 |
|
* lib/hdb/Makefile.am: remove dependency on et files covert_db |
469 |
|
that now is removed |
470 |
|
|
471 |
< |
2006-10-20 Love Hörnquist Åstrand <lha@it.su.se> |
471 |
> |
2006-10-20 Love Hörnquist Åstrand <lha@it.su.se> |
472 |
|
|
473 |
|
* include/Makefile.am: add gssapi to subdirs |
474 |
|
|
507 |
|
|
508 |
|
* lib/krb5/Makefile.am: add more files |
509 |
|
|
510 |
< |
2006-10-19 Love Hörnquist Åstrand <lha@it.su.se> |
510 |
> |
2006-10-19 Love Hörnquist Åstrand <lha@it.su.se> |
511 |
|
|
512 |
|
* tools/Makefile.am: Add heimdal-build.sh to EXTRA_DIST. |
513 |
|
|
521 |
|
|
522 |
|
* configure.in: make --disable-pk-init help text also negative |
523 |
|
|
524 |
< |
2006-10-18 Love Hörnquist Åstrand <lha@it.su.se> |
524 |
> |
2006-10-18 Love Hörnquist Åstrand <lha@it.su.se> |
525 |
|
|
526 |
|
* kuser/kgetcred.c: Avoid memory leak. |
527 |
|
|
538 |
|
|
539 |
|
* lib/krb5/test_princ.c: Test principal parsing and unparsing. |
540 |
|
|
541 |
< |
2006-10-17 Love Hörnquist Åstrand <lha@it.su.se> |
541 |
> |
2006-10-17 Love Hörnquist Åstrand <lha@it.su.se> |
542 |
|
|
543 |
|
* lib/krb5/get_host_realm.c (krb5_get_host_realm): make sure we |
544 |
|
don't recurse |
591 |
|
|
592 |
|
* kdc/kerberos5.c: Prefix asn1 primitives with der_. |
593 |
|
|
594 |
< |
2006-10-16 Love Hörnquist Åstrand <lha@it.su.se> |
594 |
> |
2006-10-16 Love Hörnquist Åstrand <lha@it.su.se> |
595 |
|
|
596 |
|
* fix-export: Build lib/asn1/der-protos.h. |
597 |
|
|
598 |
< |
2006-10-14 Love Hörnquist Åstrand <lha@it.su.se> |
598 |
> |
2006-10-14 Love Hörnquist Åstrand <lha@it.su.se> |
599 |
|
|
600 |
|
* appl/gssmask/Makefile.am: Add explit depenency on libroken. |
601 |
|
|
618 |
|
|
619 |
|
* lib/krb5/data.c: Prefix der primitives with der_. |
620 |
|
|
621 |
< |
2006-10-12 Love Hörnquist Åstrand <lha@it.su.se> |
621 |
> |
2006-10-12 Love Hörnquist Åstrand <lha@it.su.se> |
622 |
|
|
623 |
|
* kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break. From |
624 |
|
Olga Kornievskaia. |
627 |
|
|
628 |
|
* include/bits.c: Include Xint64 types. |
629 |
|
|
630 |
< |
2006-10-10 Love Hörnquist Åstrand <lha@it.su.se> |
630 |
> |
2006-10-10 Love Hörnquist Åstrand <lha@it.su.se> |
631 |
|
|
632 |
|
* tools/heimdal-build.sh: Add socketwrapper and cputime limit. |
633 |
|
|
634 |
|
* kdc/connect.c (loop): Log that the kdc have started. |
635 |
|
|
636 |
< |
2006-10-09 Love Hörnquist Åstrand <lha@it.su.se> |
636 |
> |
2006-10-09 Love Hörnquist Åstrand <lha@it.su.se> |
637 |
|
|
638 |
|
* kdc/connect.c (do_request): tell krb5_kdc_process_request if its |
639 |
|
a datagram reply or not |
658 |
|
* kdc/krb5tgs.c (tgs_parse_request): set cusec, not csec from |
659 |
|
auth->cusec. |
660 |
|
|
661 |
< |
2006-10-08 Love Hörnquist Åstrand <lha@it.su.se> |
661 |
> |
2006-10-08 Love Hörnquist Åstrand <lha@it.su.se> |
662 |
|
|
663 |
|
* fix-export: dist_-ify libkadm5clnt_la_SOURCES too |
664 |
|
|
677 |
|
checksum is done over the whole packet. Reported by Olga |
678 |
|
Kornievskaia |
679 |
|
|
680 |
< |
2006-10-07 Love Hörnquist Åstrand <lha@it.su.se> |
680 |
> |
2006-10-07 Love Hörnquist Åstrand <lha@it.su.se> |
681 |
|
|
682 |
|
* include/Makefile.am: crypto-headers.h is a nodist header |
683 |
|
|
698 |
|
* kdc/kerberos5.c: Adapt to signature change of |
699 |
|
_krb5_principalname2krb5_principal. |
700 |
|
|
701 |
< |
2006-10-06 Love Hörnquist Åstrand <lha@it.su.se> |
701 |
> |
2006-10-06 Love Hörnquist Åstrand <lha@it.su.se> |
702 |
|
|
703 |
|
* lib/krb5/krbhst.c (common_init): don't try DNS when there is |
704 |
|
realm w/o a dot. |
736 |
|
|
737 |
|
* appl/gssmask/common.h: Maybe include <sys/wait.h>. |
738 |
|
|
739 |
< |
2006-10-05 Love Hörnquist Åstrand <lha@it.su.se> |
739 |
> |
2006-10-05 Love Hörnquist Åstrand <lha@it.su.se> |
740 |
|
|
741 |
|
* appl/gssmask/common.h: disable ENABLE_PTHREAD_SUPPORT and |
742 |
|
explain why |
749 |
|
|
750 |
|
* tools/heimdal-build.sh: first cut |
751 |
|
|
752 |
< |
2006-10-04 Love Hörnquist Åstrand <lha@it.su.se> |
752 |
> |
2006-10-04 Love Hörnquist Åstrand <lha@it.su.se> |
753 |
|
|
754 |
|
* configure.in: Call AB_INIT. |
755 |
|
|
762 |
|
|
763 |
|
* lib/krb5/krb5_digest.3: Add all protos |
764 |
|
|
765 |
< |
2006-10-03 Love Hörnquist Åstrand <lha@it.su.se> |
765 |
> |
2006-10-03 Love Hörnquist Åstrand <lha@it.su.se> |
766 |
|
|
767 |
|
* lib/krb5/krb5_digest.3: Basic krb5_digest manpage. |
768 |
|
|
769 |
< |
2006-10-02 Love Hörnquist Åstrand <lha@it.su.se> |
769 |
> |
2006-10-02 Love Hörnquist Åstrand <lha@it.su.se> |
770 |
|
|
771 |
|
* fix-export: build gssapi mech private files |
772 |
|
|
786 |
|
|
787 |
|
* fix-export: build gssapi mech private files |
788 |
|
|
789 |
< |
2006-09-26 Love Hörnquist Åstrand <lha@it.su.se> |
789 |
> |
2006-09-26 Love Hörnquist Åstrand <lha@it.su.se> |
790 |
|
|
791 |
|
* appl/gssmask/gssmaestro.c: Handle FIRST_CALL in the context |
792 |
|
building, better error handling. |
799 |
|
* appl/gssmask/gssmaestro.c: Check that the pre-wrapped data is |
800 |
|
the same as afterward. |
801 |
|
|
802 |
< |
2006-09-25 Love Hörnquist Åstrand <lha@it.su.se> |
802 |
> |
2006-09-25 Love Hörnquist Åstrand <lha@it.su.se> |
803 |
|
|
804 |
|
* appl/gssmask/gssmaestro.c: Remove stray GSS_C_DCE_STYLE. |
805 |
|
|
806 |
|
* appl/gssmask/gssmaestro.c: Add logsocket support. |
807 |
|
|
808 |
< |
2006-09-22 Love Hörnquist Åstrand <lha@it.su.se> |
808 |
> |
2006-09-22 Love Hörnquist Åstrand <lha@it.su.se> |
809 |
|
|
810 |
|
* appl/gssmask/gssmaestro.c (build_context): print the step the |
811 |
|
context exchange. |
812 |
|
|
813 |
< |
2006-09-21 Love Hörnquist Åstrand <lha@it.su.se> |
813 |
> |
2006-09-21 Love Hörnquist Åstrand <lha@it.su.se> |
814 |
|
|
815 |
|
* appl/gssmask/gssmaestro.c: Add GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG |
816 |
|
to all context flags |
826 |
|
* lib/krb5/rd_req.c: disable ETypeList parsing usage for now, cfx |
827 |
|
seems broken and its not good to upgrade to a broken enctype. |
828 |
|
|
829 |
< |
2006-09-20 Love Hörnquist Åstrand <lha@it.su.se> |
829 |
> |
2006-09-20 Love Hörnquist Åstrand <lha@it.su.se> |
830 |
|
|
831 |
|
* appl/gssmask/gssmask.c: Add wrap/unwrap ops |
832 |
|
|
842 |
|
* appl/gssmask/gssmaestro.c: test self context building and all |
843 |
|
permutation of clients |
844 |
|
|
845 |
< |
2006-09-19 Love Hörnquist Åstrand <lha@it.su.se> |
845 |
> |
2006-09-19 Love Hörnquist Åstrand <lha@it.su.se> |
846 |
|
|
847 |
|
* appl/gssmask/gssmask.c: add --logfile option, use htons() on |
848 |
|
port number |
851 |
|
|
852 |
|
* configure.in: Make pk-init turned on by default. |
853 |
|
|
854 |
< |
2006-09-18 Love Hörnquist Åstrand <lha@it.su.se> |
854 |
> |
2006-09-18 Love Hörnquist Åstrand <lha@it.su.se> |
855 |
|
|
856 |
|
* fix-export: Build lib/hx509/{hx509-protos.h,hx509-private.h}. |
857 |
|
|
864 |
|
* kdc/krb5tgs.c: Check the adtkt in the constrained delegation |
865 |
|
case too. |
866 |
|
|
867 |
< |
2006-09-16 Love Hörnquist Åstrand <lha@it.su.se> |
867 |
> |
2006-09-16 Love Hörnquist Åstrand <lha@it.su.se> |
868 |
|
|
869 |
|
* kdc/main.c (sigterm): don't _exit, let loop() catch the signal |
870 |
|
instead. |
871 |
|
|
872 |
< |
* lib/krb5/krb5_timeofday.3: Fixes from Björn Sandell. |
872 |
> |
* lib/krb5/krb5_timeofday.3: Fixes from Björn Sandell. |
873 |
|
|
874 |
< |
* lib/krb5/krb5_get_init_creds.3: Fixes from Björn Sandell. |
874 |
> |
* lib/krb5/krb5_get_init_creds.3: Fixes from Björn Sandell. |
875 |
|
|
876 |
< |
2006-09-15 Love Hörnquist Åstrand <lha@it.su.se> |
876 |
> |
2006-09-15 Love Hörnquist Åstrand <lha@it.su.se> |
877 |
|
|
878 |
|
* tools/krb5-config.in: Add "kafs" option. |
879 |
|
|
880 |
< |
2006-09-12 Love Hörnquist Åstrand <lha@it.su.se> |
880 |
> |
2006-09-12 Love Hörnquist Åstrand <lha@it.su.se> |
881 |
|
|
882 |
|
* lib/hdb/db.c: By using full function calling conversion (*func) |
883 |
|
we avoid problem when close(fd) is overridden using a macro. |
886 |
|
conversion (*func) we avoid problem when close(fd) is overridden |
887 |
|
using a macro. |
888 |
|
|
889 |
< |
2006-09-11 Love Hörnquist Åstrand <lha@it.su.se> |
889 |
> |
2006-09-11 Love Hörnquist Åstrand <lha@it.su.se> |
890 |
|
|
891 |
|
* kdc/kerberos5.c: Signing outgoing tickets. |
892 |
|
|
896 |
|
* lib/krb5/pkinit.c: Adapt to new signature of |
897 |
|
hx509_cms_unenvelope. |
898 |
|
|
899 |
< |
2006-09-09 Love Hörnquist Åstrand <lha@it.su.se> |
899 |
> |
2006-09-09 Love Hörnquist Åstrand <lha@it.su.se> |
900 |
|
|
901 |
|
* lib/krb5/pkinit.c (pk_verify_host): set errorstrings in a |
902 |
|
sensable way |
903 |
|
|
904 |
< |
2006-09-08 Love Hörnquist Åstrand <lha@it.su.se> |
904 |
> |
2006-09-08 Love Hörnquist Åstrand <lha@it.su.se> |
905 |
|
|
906 |
|
* lib/krb5/krb5_init_context.3: Prevent a font generation warning, |
907 |
|
from Jason McIntyre. |
908 |
|
|
909 |
< |
2006-09-06 Love Hörnquist Åstrand <lha@it.su.se> |
909 |
> |
2006-09-06 Love Hörnquist Åstrand <lha@it.su.se> |
910 |
|
|
911 |
|
* lib/krb5/context.c (krb5_init_ets): Add the hx errortable |
912 |
|
|
915 |
|
* lib/krb5/pkinit.c (_krb5_pk_verify_sign): catch the error string |
916 |
|
from the hx509 lib |
917 |
|
|
918 |
< |
2006-09-04 Love Hörnquist Åstrand <lha@it.su.se> |
918 |
> |
2006-09-04 Love Hörnquist Åstrand <lha@it.su.se> |
919 |
|
|
920 |
|
* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): |
921 |
|
fix argument to krb5_get_init_creds_opt_set_addressless. |
945 |
|
instead of passing in the empty set of address into |
946 |
|
krb5_get_init_creds_opt_set_addresses. |
947 |
|
|
948 |
< |
2006-09-01 Love Hörnquist Åstrand <lha@it.su.se> |
948 |
> |
2006-09-01 Love Hörnquist Åstrand <lha@it.su.se> |
949 |
|
|
950 |
|
* kuser/kinit.c (renew_validate): inherit the proxiable and |
951 |
|
forwardable from the orignal ticket, pointed out by Bernard |
952 |
|
Antoine of CERN. |
953 |
|
|
954 |
|
* doc/setup.texi: More text about the acl_file entry and |
955 |
< |
hdb-ldap-structural-object. From Rüdiger Ranft. |
955 |
> |
hdb-ldap-structural-object. From Rüdiger Ranft. |
956 |
|
|
957 |
|
* lib/krb5/krbhst.c (fallback_get_hosts): limit the fallback |
958 |
|
lookups to 5. Patch from Wesley Craig, umich.edu |
963 |
|
* appl/test/tcp_server.c (proto): use keytab for krb5_recvauth |
964 |
|
Patch from Ingemar Nilsson <init@pdc.kth.se> |
965 |
|
|
966 |
< |
2006-08-28 Love Hörnquist Åstrand <lha@it.su.se> |
966 |
> |
2006-08-28 Love Hörnquist Åstrand <lha@it.su.se> |
967 |
|
|
968 |
|
* kuser/kdigest.c (help): use sl_slc_help(). |
969 |
|
|
971 |
|
|
972 |
|
* lib/krb5/digest.c: Catch more error. |
973 |
|
|
974 |
< |
2006-08-25 Love Hörnquist Åstrand <lha@it.su.se> |
974 |
> |
2006-08-25 Love Hörnquist Åstrand <lha@it.su.se> |
975 |
|
|
976 |
|
* doc/setup.texi: language. |
977 |
|
|
984 |
|
* lib/krb5/digest.c: In the case where we get a DigestError back, |
985 |
|
save the error string and code. |
986 |
|
|
987 |
< |
2006-08-24 Love Hörnquist Åstrand <lha@it.su.se> |
987 |
> |
2006-08-24 Love Hörnquist Åstrand <lha@it.su.se> |
988 |
|
|
989 |
|
* kdc/kerberos5.c: Remove _kdc_find_etype(), its no longer used. |
990 |
|
|
1027 |
|
tgt etype, now the krbtgt can be a aes-only key without the need |
1028 |
|
to support not-as-good etypes for the krbtgt. |
1029 |
|
|
1030 |
< |
2006-08-23 Love Hörnquist Åstrand <lha@it.su.se> |
1030 |
> |
2006-08-23 Love Hörnquist Åstrand <lha@it.su.se> |
1031 |
|
|
1032 |
|
* kdc/misc.c: Change _kdc_db_fetch() to return the database |
1033 |
|
pointer to if needed by the consumer. |
1059 |
|
|
1060 |
|
* lib/krb5/digest.c: Add digest support to the client side. |
1061 |
|
|
1062 |
< |
2006-08-21 Love Hörnquist Åstrand <lha@it.kth.se> |
1062 |
> |
2006-08-21 Love Hörnquist Åstrand <lha@it.kth.se> |
1063 |
|
|
1064 |
|
* lib/krb5/rd_rep.c (krb5_rd_rep): free krb5_ap_rep_enc_part on |
1065 |
|
error and set return pointer to NULL |
1066 |
|
(krb5_free_ap_rep_enc_part): permit freeing of NULL |
1067 |
|
|
1068 |
< |
2006-08-18 Love Hörnquist Åstrand <lha@it.kth.se> |
1068 |
> |
2006-08-18 Love Hörnquist Åstrand <lha@it.kth.se> |
1069 |
|
|
1070 |
|
* kdc/{Makefile.am,kdigest.c,kdigest-commands.in}: |
1071 |
|
Frontend for remote digest service in KDC |
1081 |
|
* lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): clear |
1082 |
|
error string on error. |
1083 |
|
|
1084 |
< |
2006-07-20 Love Hörnquist Åstrand <lha@it.su.se> |
1084 |
> |
2006-07-20 Love Hörnquist Åstrand <lha@it.su.se> |
1085 |
|
|
1086 |
|
* lib/krb5/crypto.c: remove aes-192 (CMS) |
1087 |
|
|
1089 |
|
|
1090 |
|
* lib/krb5/crypto.c: Remove CMS symmetric encryption support. |
1091 |
|
|
1092 |
< |
2006-07-13 Love Hörnquist Åstrand <lha@it.su.se> |
1092 |
> |
2006-07-13 Love Hörnquist Åstrand <lha@it.su.se> |
1093 |
|
|
1094 |
|
* kdc/pkinit.c (_kdc_pk_check_client): make it not crash when |
1095 |
|
there are no acl |
1105 |
|
|
1106 |
|
* lib/hdb/ext.c: Add hdb_entry_get_pkinit_hash(). |
1107 |
|
|
1108 |
< |
2006-07-10 Love Hörnquist Åstrand <lha@it.su.se> |
1108 |
> |
2006-07-10 Love Hörnquist Åstrand <lha@it.su.se> |
1109 |
|
|
1110 |
|
* kuser/kinit.c: If --password-file gets STDIN, read the password |
1111 |
|
from the standard input. |
1114 |
|
|
1115 |
|
* lib/krb5/krb5_string_to_key.3: Remove duplicate to. |
1116 |
|
|
1117 |
< |
2006-07-06 Love Hörnquist Åstrand <lha@it.su.se> |
1117 |
> |
2006-07-06 Love Hörnquist Åstrand <lha@it.su.se> |
1118 |
|
|
1119 |
|
* kdc/krb5tgs.c: (tgs_build_reply): when checking for removed |
1120 |
|
principals, check the second component of the krbtgt, otherwise |
1121 |
|
cross realm wont work. Prompted by report from Mattias Amnefelt. |
1122 |
|
|
1123 |
< |
2006-07-05 Love Hörnquist Åstrand <lha@it.su.se> |
1123 |
> |
2006-07-05 Love Hörnquist Åstrand <lha@it.su.se> |
1124 |
|
|
1125 |
|
* kdc/connect.c (handle_vanilla_tcp): use unsigned integer for for |
1126 |
|
length |
1127 |
|
(handle_tcp): if the high bit it set in the unknown case, send |
1128 |
|
back a KRB_ERR_FIELD_TOOLONG |
1129 |
|
|
1130 |
< |
2006-07-03 Love Hörnquist Åstrand <lha@it.su.se> |
1130 |
> |
2006-07-03 Love Hörnquist Åstrand <lha@it.su.se> |
1131 |
|
|
1132 |
|
* appl/gssmask/gssmaestro.c: Add get_version_capa, cache |
1133 |
|
target_name. |
1143 |
|
* appl/gssmask/gssmaestro.c: break out out the build context |
1144 |
|
function |
1145 |
|
|
1146 |
< |
2006-07-01 Love Hörnquist Åstrand <lha@it.su.se> |
1146 |
> |
2006-07-01 Love Hörnquist Åstrand <lha@it.su.se> |
1147 |
|
|
1148 |
|
* appl/gssmask/gssmaestro.c: externalize slave handling, add |
1149 |
|
GetTargetName glue |
1160 |
|
* appl/gssmask: break out common function; add gssmaestro (that |
1161 |
|
only tests one context for now) |
1162 |
|
|
1163 |
< |
2006-06-30 Love Hörnquist Åstrand <lha@it.su.se> |
1163 |
> |
2006-06-30 Love Hörnquist Åstrand <lha@it.su.se> |
1164 |
|
|
1165 |
|
* lib/krb5/store_fd.c (krb5_storage_from_fd): don't leak fd on |
1166 |
|
malloc failure |
1173 |
|
* lib/krb5/cache.c (krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME |
1174 |
|
as the default prefix |
1175 |
|
|
1176 |
< |
2006-06-28 Love Hörnquist Åstrand <lha@it.su.se> |
1176 |
> |
2006-06-28 Love Hörnquist Åstrand <lha@it.su.se> |
1177 |
|
|
1178 |
|
* doc/heimdal.texi: Add Doug Rabson's license |
1179 |
|
|
1180 |
< |
2006-06-22 Love Hörnquist Åstrand <lha@it.su.se> |
1180 |
> |
2006-06-22 Love Hörnquist Åstrand <lha@it.su.se> |
1181 |
|
|
1182 |
|
* lib/krb5/init_creds.c: Add storing and getting KRB-ERROR in the |
1183 |
|
krb5_get_init_creds_opt structure. |
1187 |
|
* lib/krb5/krb5_locl.h (_krb5_get_init_creds_opt_private): add |
1188 |
|
KRB-ERROR |
1189 |
|
|
1190 |
< |
2006-06-21 Love Hörnquist Åstrand <lha@it.su.se> |
1190 |
> |
2006-06-21 Love Hörnquist Åstrand <lha@it.su.se> |
1191 |
|
|
1192 |
|
* doc/setup.texi: section about verify_krb5_conf and kadmin check |
1193 |
|
|
1194 |
< |
2006-06-15 Love Hörnquist Åstrand <lha@it.su.se> |
1194 |
> |
2006-06-15 Love Hörnquist Åstrand <lha@it.su.se> |
1195 |
|
|
1196 |
|
* lib/krb5/init_creds_pw.c (get_init_creds_common): drop cred |
1197 |
|
argument, its unused |
1200 |
|
|
1201 |
|
* lib/krb5/krb5_get_creds.3: new file |
1202 |
|
|
1203 |
< |
2006-06-14 Love Hörnquist Åstrand <lha@it.su.se> |
1203 |
> |
2006-06-14 Love Hörnquist Åstrand <lha@it.su.se> |
1204 |
|
|
1205 |
|
* lib/hdb/hdb-ldap.c: don't use the sambaNTPassword if there is |
1206 |
|
ARCFOUR key already. Idea from Andreas Hasenack. While here, set |
1211 |
|
|
1212 |
|
* kdc/kdc.h: Add enable_v4_per_principal |
1213 |
|
|
1214 |
< |
2006-06-12 Love Hörnquist Åstrand <lha@it.su.se> |
1214 |
> |
2006-06-12 Love Hörnquist Åstrand <lha@it.su.se> |
1215 |
|
|
1216 |
|
* kdc/kerberos5.c (_kdc_as_rep): if kdc_time + |
1217 |
|
config->kdc_warn_pwexpire is past pw_end, add expiration |
1222 |
|
|
1223 |
|
* kdc/kerberos5.c: indent. |
1224 |
|
|
1225 |
< |
2006-06-07 Love Hörnquist Åstrand <lha@it.su.se> |
1225 |
> |
2006-06-07 Love Hörnquist Åstrand <lha@it.su.se> |
1226 |
|
|
1227 |
|
* kdc/kerberos5.c: constify |
1228 |
|
|
1229 |
< |
2006-06-06 Love Hörnquist Åstrand <lha@it.su.se> |
1229 |
> |
2006-06-06 Love Hörnquist Åstrand <lha@it.su.se> |
1230 |
|
|
1231 |
|
* lib/krb5/get_cred.c: Allow setting additional tickets in the |
1232 |
|
tgs-req |
1252 |
|
* lib/krb5/krb5.h: Add krb5_get_creds_opt_data and some more |
1253 |
|
KRB5_GC flags. |
1254 |
|
|
1255 |
< |
2006-06-01 Love Hörnquist Åstrand <lha@it.su.se> |
1255 |
> |
2006-06-01 Love Hörnquist Åstrand <lha@it.su.se> |
1256 |
|
|
1257 |
|
* lib/hdb/ext.c (hdb_entry_get_ConstrainedDelegACL): new function. |
1258 |
|
|
1271 |
|
* kdc/kerberos5.c: split out krb5 tgs req to make it easier to |
1272 |
|
reorganize the code. |
1273 |
|
|
1274 |
< |
2006-05-29 Love Hörnquist Åstrand <lha@it.su.se> |
1274 |
> |
2006-05-29 Love Hörnquist Åstrand <lha@it.su.se> |
1275 |
|
|
1276 |
< |
* lib/krb5/krb5_get_init_creds.3: spelling Björn Sandell |
1276 |
> |
* lib/krb5/krb5_get_init_creds.3: spelling Björn Sandell |
1277 |
|
|
1278 |
< |
* lib/krb5/krb5_get_in_cred.3: spelling Björn Sandell |
1278 |
> |
* lib/krb5/krb5_get_in_cred.3: spelling Björn Sandell |
1279 |
|
|
1280 |
< |
2006-05-13 Love Hörnquist Åstrand <lha@it.su.se> |
1280 |
> |
2006-05-13 Love Hörnquist Åstrand <lha@it.su.se> |
1281 |
|
|
1282 |
|
* kpasswd/kpasswdd.c (change): select the realm based on the |
1283 |
|
target principal From Gabor Gombas |
1286 |
|
|
1287 |
|
* lib/krb5/krb5.h: Add KRB5_PROMPT_TYPE_INFO |
1288 |
|
|
1289 |
< |
2006-05-12 Love Hörnquist Åstrand <lha@it.su.se> |
1289 |
> |
2006-05-12 Love Hörnquist Åstrand <lha@it.su.se> |
1290 |
|
|
1291 |
|
* lib/krb5/pkinit.c: Hidden field of hx509 prompter is removed. |
1292 |
|
Fix a warning. |
1307 |
|
* lib/krb5/krb5_acl_match_file.3: Various tweaks, from Jason |
1308 |
|
McIntyre. |
1309 |
|
|
1310 |
< |
2006-05-11 Love Hörnquist Åstrand <lha@it.su.se> |
1310 |
> |
2006-05-11 Love Hörnquist Åstrand <lha@it.su.se> |
1311 |
|
|
1312 |
|
* kuser/kinit.c: Move parsing of the PK-INIT configuration file to |
1313 |
|
the library so application doesn't need to deal with it. |
1322 |
|
* lib/krb5/pkinit.c (hx_pass_prompter): return 0 on success and 1 |
1323 |
|
on failure. Pointed out by Douglas E. Engert. |
1324 |
|
|
1325 |
< |
2006-05-08 Love Hörnquist Åstrand <lha@it.su.se> |
1325 |
> |
2006-05-08 Love Hörnquist Åstrand <lha@it.su.se> |
1326 |
|
|
1327 |
|
* lib/krb5/crypto.c: Catches both keyed checkout w/o crypto |
1328 |
|
context cases and doesn't reset the string, and corrects the |
1331 |
|
* lib/krb5/crypto.c: Drop aes-cbc, rc2 and CMS padding support, |
1332 |
|
its all containted in libhcrypto and libhx509 now. |
1333 |
|
|
1334 |
< |
2006-05-07 Love Hörnquist Åstrand <lha@it.su.se> |
1334 |
> |
2006-05-07 Love Hörnquist Åstrand <lha@it.su.se> |
1335 |
|
|
1336 |
|
* lib/krb5/pkinit.c (_krb5_pk_verify_sign): Use |
1337 |
|
hx509_get_one_cert. |
1339 |
|
* lib/krb5/crypto.c (create_checksum): provide a error message |
1340 |
|
that a key checksum needs a key. From Andew Bartlett. |
1341 |
|
|
1342 |
< |
2006-05-06 Love Hörnquist Åstrand <lha@it.su.se> |
1342 |
> |
2006-05-06 Love Hörnquist Åstrand <lha@it.su.se> |
1343 |
|
|
1344 |
|
* lib/krb5/pkinit.c: Now that hcrypto supports DH, remove check |
1345 |
|
for hx509 null DH. |
1357 |
|
* kcm/acl.c: Multicache kcm interation isn't done yet, let wait |
1358 |
|
with this enum. |
1359 |
|
|
1360 |
< |
2006-05-05 Love Hörnquist Åstrand <lha@it.su.se> |
1360 |
> |
2006-05-05 Love Hörnquist Åstrand <lha@it.su.se> |
1361 |
|
|
1362 |
< |
* lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Björn |
1362 |
> |
* lib/krb5/krb5_set_default_realm.3: Spelling/mdoc from Björn |
1363 |
|
Sandell |
1364 |
|
|
1365 |
< |
* lib/krb5/krb5_rcache.3: Spelling/mdoc from Björn Sandell |
1365 |
> |
* lib/krb5/krb5_rcache.3: Spelling/mdoc from Björn Sandell |
1366 |
|
|
1367 |
< |
* lib/krb5/krb5_keytab.3: Spelling/mdoc from Björn Sandell |
1367 |
> |
* lib/krb5/krb5_keytab.3: Spelling/mdoc from Björn Sandell |
1368 |
|
|
1369 |
< |
* lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Björn Sandell |
1369 |
> |
* lib/krb5/krb5_get_in_cred.3: Spelling/mdoc from Björn Sandell |
1370 |
|
|
1371 |
< |
* lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Björn |
1371 |
> |
* lib/krb5/krb5_expand_hostname.3: Spelling/mdoc from Björn |
1372 |
|
Sandell |
1373 |
|
|
1374 |
< |
* lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Björn |
1374 |
> |
* lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc from Björn |
1375 |
|
Sandell |
1376 |
|
|
1377 |
|
* lib/krb5/keytab_file.c (fkt_next_entry_int): read the 32 bit |
1399 |
|
|
1400 |
|
* lib/krb5/store.c: Rewrite the krb5_ret_u as proposed by Johan. |
1401 |
|
|
1402 |
< |
2006-05-04 Love Hörnquist Åstrand <lha@it.su.se> |
1402 |
> |
2006-05-04 Love Hörnquist Åstrand <lha@it.su.se> |
1403 |
|
|
1404 |
|
* kdc/kerberos4.c: Use the new unsigned integer storage types. |
1405 |
|
|
1417 |
|
|
1418 |
|
* lib/krb5/test_store.c: Test the integer storage types. |
1419 |
|
|
1420 |
< |
2006-05-03 Love Hörnquist Åstrand <lha@it.su.se> |
1420 |
> |
2006-05-03 Love Hörnquist Åstrand <lha@it.su.se> |
1421 |
|
|
1422 |
|
* lib/krb5/store.c (krb5_store_principal): make it take a |
1423 |
|
krb5_const_principal, indent |
1432 |
|
|
1433 |
|
* kdc/config.c: read [kdc]pki-kdc-ocsp |
1434 |
|
|
1435 |
< |
2006-05-02 Love Hörnquist Åstrand <lha@it.su.se> |
1435 |
> |
2006-05-02 Love Hörnquist Åstrand <lha@it.su.se> |
1436 |
|
|
1437 |
|
* kdc/pkinit.c (_kdc_pk_mk_pa_reply): send back ocsp response if |
1438 |
|
it seems to be valid, simplfy the pkinit-windows DH case (it |
1439 |
|
doesn't exists). |
1440 |
|
|
1441 |
< |
2006-05-01 Love Hörnquist Åstrand <lha@it.su.se> |
1441 |
> |
2006-05-01 Love Hörnquist Åstrand <lha@it.su.se> |
1442 |
|
|
1443 |
< |
* lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Björn Sandell. |
1443 |
> |
* lib/krb5/krb5_warn.3: Spelling/mdoc changes, from Björn Sandell. |
1444 |
|
|
1445 |
< |
* lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Björn |
1445 |
> |
* lib/krb5/krb5_verify_user.3: Spelling/mdoc changes, from Björn |
1446 |
|
Sandell. |
1447 |
|
|
1448 |
|
* lib/krb5/krb5_verify_init_creds.3: Spelling/mdoc changes, from |
1449 |
< |
Björn Sandell. |
1449 |
> |
Björn Sandell. |
1450 |
|
|
1451 |
< |
* lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Björn |
1451 |
> |
* lib/krb5/krb5_timeofday.3: Spelling/mdoc changes, from Björn |
1452 |
|
Sandell. |
1453 |
|
|
1454 |
< |
* lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Björn |
1454 |
> |
* lib/krb5/krb5_ticket.3: Spelling/mdoc changes, from Björn |
1455 |
|
Sandell. |
1456 |
|
|
1457 |
< |
* lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Björn |
1457 |
> |
* lib/krb5/krb5_rd_safe.3: Spelling/mdoc changes, from Björn |
1458 |
|
Sandell. |
1459 |
|
|
1460 |
< |
* lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Björn |
1460 |
> |
* lib/krb5/krb5_rcache.3: Spelling/mdoc changes, from Björn |
1461 |
|
Sandell. |
1462 |
|
|
1463 |
< |
* lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Björn |
1463 |
> |
* lib/krb5/krb5_principal.3: Spelling/mdoc changes, from Björn |
1464 |
|
Sandell. |
1465 |
|
|
1466 |
< |
* lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Björn |
1466 |
> |
* lib/krb5/krb5_parse_name.3: Spelling/mdoc changes, from Björn |
1467 |
|
Sandell. |
1468 |
|
|
1469 |
< |
* lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Björn |
1469 |
> |
* lib/krb5/krb5_mk_safe.3: Spelling/mdoc changes, from Björn |
1470 |
|
Sandell. |
1471 |
|
|
1472 |
< |
* lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Björn |
1472 |
> |
* lib/krb5/krb5_keyblock.3: Spelling/mdoc changes, from Björn |
1473 |
|
Sandell. |
1474 |
|
|
1475 |
|
* lib/krb5/krb5_is_thread_safe.3: Spelling/mdoc changes, from |
1476 |
< |
Björn Sandell. |
1476 |
> |
Björn Sandell. |
1477 |
|
|
1478 |
|
* lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, |
1479 |
< |
from Björn Sandell. |
1479 |
> |
from Björn Sandell. |
1480 |
|
|
1481 |
|
* lib/krb5/krb5_generate_random_block.3: Spelling/mdoc changes, |
1482 |
< |
from Björn Sandell. |
1482 |
> |
from Björn Sandell. |
1483 |
|
|
1484 |
|
* lib/krb5/krb5_expand_hostname.3: Spelling/mdoc changes, from |
1485 |
< |
Björn Sandell. |
1485 |
> |
Björn Sandell. |
1486 |
|
|
1487 |
|
* lib/krb5/krb5_check_transited.3: Spelling/mdoc changes, from |
1488 |
< |
Björn Sandell. |
1488 |
> |
Björn Sandell. |
1489 |
|
|
1490 |
|
* lib/krb5/krb5_c_make_checksum.3: Spelling/mdoc changes, from |
1491 |
< |
Björn Sandell. |
1491 |
> |
Björn Sandell. |
1492 |
|
|
1493 |
|
* lib/krb5/krb5_address.3: Spelling/mdoc changes, from |
1494 |
< |
Björn Sandell. |
1494 |
> |
Björn Sandell. |
1495 |
|
|
1496 |
|
* lib/krb5/krb5_acl_match_file.3: Spelling/mdoc changes, from |
1497 |
< |
Björn Sandell. |
1497 |
> |
Björn Sandell. |
1498 |
|
|
1499 |
< |
* lib/krb5/krb5.3: Spelling, from Björn Sandell. |
1499 |
> |
* lib/krb5/krb5.3: Spelling, from Björn Sandell. |
1500 |
|
|
1501 |
< |
* doc/ack.texi: add Björn |
1501 |
> |
* doc/ack.texi: add Björn |
1502 |
|
|
1503 |
< |
2006-04-30 Love Hörnquist Åstrand <lha@it.su.se> |
1503 |
> |
2006-04-30 Love Hörnquist Åstrand <lha@it.su.se> |
1504 |
|
|
1505 |
|
* lib/krb5/pkinit.c (cert2epi): don't include subject if its null |
1506 |
|
|
1507 |
< |
2006-04-29 Love Hörnquist Åstrand <lha@it.su.se> |
1507 |
> |
2006-04-29 Love Hörnquist Åstrand <lha@it.su.se> |
1508 |
|
|
1509 |
|
* lib/krb5/pkinit.c: Send over what trust anchors the client have |
1510 |
|
configured. |
1516 |
|
* kdc/pkinit.c (_kdc_pk_check_client): reorganize and make log |
1517 |
|
when a SAN matches. |
1518 |
|
|
1519 |
< |
2006-04-28 Love Hörnquist Åstrand <lha@it.su.se> |
1519 |
> |
2006-04-28 Love Hörnquist Åstrand <lha@it.su.se> |
1520 |
|
|
1521 |
|
* doc/setup.texi: More options and some text about windows |
1522 |
|
clients, certificate and KDCs. |
1529 |
|
|
1530 |
|
* lib/hdb/hdb.h: Bump hdb interface version to 4. |
1531 |
|
|
1532 |
< |
2006-04-27 Love Hörnquist Åstrand <lha@it.su.se> |
1532 |
> |
2006-04-27 Love Hörnquist Åstrand <lha@it.su.se> |
1533 |
|
|
1534 |
|
* kuser/kdestroy.1: Document --credential=principal. |
1535 |
|
|
1556 |
|
the entry and pass it in as a seprate argument. Add more flags to |
1557 |
|
->hdb_get(). Re-indent. |
1558 |
|
|
1559 |
< |
2006-04-26 Love Hörnquist Åstrand <lha@it.su.se> |
1559 |
> |
2006-04-26 Love Hörnquist Åstrand <lha@it.su.se> |
1560 |
|
|
1561 |
|
* doc/setup.texi: document pki-allow-proxy-certificate |
1562 |
|
|
1576 |
|
* kdc/kerberos5.c (find_keys): add client_name and server_name |
1577 |
|
argument and use them, and adapt callers. |
1578 |
|
|
1579 |
< |
2006-04-25 Love Hörnquist Åstrand <lha@it.su.se> |
1579 |
> |
2006-04-25 Love Hörnquist Åstrand <lha@it.su.se> |
1580 |
|
|
1581 |
|
* kuser/kinit.1: document option password-file |
1582 |
|
|
1594 |
|
* lib/hdb/keys.c (parse_key_set): handle error case better |
1595 |
|
(hdb_generate_key_set): return better error |
1596 |
|
|
1597 |
< |
2006-04-24 Love Hörnquist Åstrand <lha@it.su.se> |
1597 |
> |
2006-04-24 Love Hörnquist Åstrand <lha@it.su.se> |
1598 |
|
|
1599 |
|
* lib/hdb/hdb.c (hdb_create): print out what we don't support |
1600 |
|
|
1619 |
|
* lib/krb5/init_creds_pw.c: Pass down realm to |
1620 |
|
_krb5_pk_rd_pa_reply |
1621 |
|
|
1622 |
< |
2006-04-23 Love Hörnquist Åstrand <lha@it.su.se> |
1622 |
> |
2006-04-23 Love Hörnquist Åstrand <lha@it.su.se> |
1623 |
|
|
1624 |
|
* lib/krb5/pkinit.c (pk_verify_host): Add begining of finding |
1625 |
|
subjectAltName_otherName pk-init-san and verifing it. |
1639 |
|
|
1640 |
|
* tools/kdc-log-analyze.pl: count v5 cross realms too |
1641 |
|
|
1642 |
< |
2006-04-22 Love Hörnquist Åstrand <lha@it.su.se> |
1642 |
> |
2006-04-22 Love Hörnquist Åstrand <lha@it.su.se> |
1643 |
|
|
1644 |
|
* kdc/pkinit.c: Adapt to change in hx509_cms_create_signed_1. |
1645 |
|
|
1646 |
|
* lib/krb5/pkinit.c: Adapt to change in hx509_cms_create_signed_1. |
1647 |
|
|
1648 |
< |
2006-04-20 Love Hörnquist Åstrand <lha@it.su.se> |
1648 |
> |
2006-04-20 Love Hörnquist Åstrand <lha@it.su.se> |
1649 |
|
|
1650 |
|
* kdc/pkinit.c (_kdc_pk_rd_padata): use |
1651 |
|
hx509_cms_unwrap_ContentInfo. |
1658 |
|
* kdc/config.c: Rename pki-chain to pki-pool to match rest of |
1659 |
|
code. |
1660 |
|
|
1661 |
< |
2006-04-12 Love Hörnquist Åstrand <lha@it.su.se> |
1661 |
> |
2006-04-12 Love Hörnquist Åstrand <lha@it.su.se> |
1662 |
|
|
1663 |
|
* lib/krb5/rd_priv.c: Fix argument to krb5_data_zero. |
1664 |
|
|
1673 |
|
* lib/krb5/pkinit.c (_krb5_pk_load_id): Added certificate revoke |
1674 |
|
information, ie CRL's |
1675 |
|
|
1676 |
< |
2006-04-10 Love Hörnquist Åstrand <lha@it.su.se> |
1676 |
> |
2006-04-10 Love Hörnquist Åstrand <lha@it.su.se> |
1677 |
|
|
1678 |
|
* lib/krb5/replay.c (krb5_rc_resolve_full): make compile again. |
1679 |
|
|
1718 |
|
calloc. removed check that was never really used. Coverity NetBSD |
1719 |
|
CID#2370 |
1720 |
|
|
1721 |
< |
2006-04-09 Love Hörnquist Åstrand <lha@it.su.se> |
1721 |
> |
2006-04-09 Love Hörnquist Åstrand <lha@it.su.se> |
1722 |
|
|
1723 |
< |
* lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket´ |
1723 |
> |
* lib/krb5/rd_req.c (krb5_verify_ap_req2): make sure `ticket´ |
1724 |
|
points to NULL in case of error, add error handling, use calloc. |
1725 |
|
|
1726 |
|
* kpasswd/kpasswdd.c (doit): when done, close all fd in the |
1727 |
|
sockets array and free it. Coverity NetBSD CID#1916 |
1728 |
|
|
1729 |
< |
2006-04-08 Love Hörnquist Åstrand <lha@it.su.se> |
1729 |
> |
2006-04-08 Love Hörnquist Åstrand <lha@it.su.se> |
1730 |
|
|
1731 |
|
* lib/krb5/store.c (krb5_ret_principal): fix memory leak Coverity, |
1732 |
|
NetBSD CID#1695 |
1734 |
|
* kdc/524.c (_kdc_do_524): Handle memory allocation failure |
1735 |
|
Coverity, NetBSD CID#2752 |
1736 |
|
|
1737 |
< |
2006-04-07 Love Hörnquist Åstrand <lha@it.su.se> |
1737 |
> |
2006-04-07 Love Hörnquist Åstrand <lha@it.su.se> |
1738 |
|
|
1739 |
|
* lib/krb5/keytab_file.c (krb5_kt_ret_principal): plug a memory |
1740 |
|
leak Coverity NetBSD CID#1890 |
1749 |
|
|
1750 |
|
* kdc/hprop.c (main): remove dead code. Coverity NetBSD CID#633 |
1751 |
|
|
1752 |
< |
2006-04-04 Love Hörnquist Åstrand <lha@it.su.se> |
1752 |
> |
2006-04-04 Love Hörnquist Åstrand <lha@it.su.se> |
1753 |
|
|
1754 |
|
* kpasswd/kpasswd-generator.c (read_words): catch empty file case, |
1755 |
|
will cause PBE (division by zero) later. From Tobias Stoeckmann. |
1756 |
|
|
1757 |
< |
2006-04-02 Love Hörnquist Åstrand <lha@it.su.se> |
1757 |
> |
2006-04-02 Love Hörnquist Åstrand <lha@it.su.se> |
1758 |
|
|
1759 |
|
* lib/hdb/keytab.c: Remove a delta from last revision that should |
1760 |
|
have gone in later. |
1832 |
|
* lib/krb5/log.c (krb5_addlog_dest): make string length match |
1833 |
|
strings in strcasecmp. Found by IBM checker. |
1834 |
|
|
1835 |
< |
2006-03-30 Love Hörnquist Åstrand <lha@it.su.se> |
1835 |
> |
2006-03-30 Love Hörnquist Åstrand <lha@it.su.se> |
1836 |
|
|
1837 |
|
* lib/hdb/hdb-ldap.c (LDAP_message2entry): in declaration set |
1838 |
|
variable_name as "hdb_entry_ex" |
1846 |
|
* kuser/kinit.c: Add pool of certificates to help certificate path |
1847 |
|
building for clients sending incomplete path in the signedData. |
1848 |
|
|
1849 |
< |
2006-03-28 Love Hörnquist Åstrand <lha@it.su.se> |
1849 |
> |
2006-03-28 Love Hörnquist Åstrand <lha@it.su.se> |
1850 |
|
|
1851 |
|
* kdc/pkinit.c: Add pool of certificates to help certificate path |
1852 |
|
building for clients sending incomplete path in the signedData. |
1855 |
|
path building for clients sending incomplete path in the |
1856 |
|
signedData. |
1857 |
|
|
1858 |
< |
2006-03-27 Love Hörnquist Åstrand <lha@it.su.se> |
1858 |
> |
2006-03-27 Love Hörnquist Åstrand <lha@it.su.se> |
1859 |
|
|
1860 |
|
* kdc/config.c: Allow passing in related certificates used to |
1861 |
|
build the chain. |
1872 |
|
|
1873 |
|
* tools/Makefile.am: Add hx509 when using PK-INIT. |
1874 |
|
|
1875 |
< |
2006-03-26 Love Hörnquist Åstrand <lha@it.su.se> |
1875 |
> |
2006-03-26 Love Hörnquist Åstrand <lha@it.su.se> |
1876 |
|
|
1877 |
|
* lib/krb5/acache.c: Use ticket flags definition, might fix Mac OS |
1878 |
|
X Kerberos.app problems. |
1896 |
|
|
1897 |
|
* lib/krb5/pkinit.c: Switch to hx509. |
1898 |
|
|
1899 |
< |
2006-03-24 Love Hörnquist Åstrand <lha@it.su.se> |
1899 |
> |
2006-03-24 Love Hörnquist Åstrand <lha@it.su.se> |
1900 |
|
|
1901 |
|
* kdc/kerberos5.c (log_patypes): log the patypes requested by the |
1902 |
|
client |
1903 |
|
|
1904 |
< |
2006-03-23 Love Hörnquist Åstrand <lha@it.su.se> |
1904 |
> |
2006-03-23 Love Hörnquist Åstrand <lha@it.su.se> |
1905 |
|
|
1906 |
|
* lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): pass down the |
1907 |
|
req_buffer in the w2k case too. From Douglas E. Engert. |
1908 |
|
|
1909 |
< |
2006-03-19 Love Hörnquist Åstrand <lha@it.su.se> |
1909 |
> |
2006-03-19 Love Hörnquist Åstrand <lha@it.su.se> |
1910 |
|
|
1911 |
|
* lib/krb5/mk_req_ext.c (_krb5_mk_req_internal): on failure, goto |
1912 |
|
error handling. Fixes Coverity NetBSD CID 2591 by catching a |
1913 |
|
failing krb5_copy_keyblock() |
1914 |
|
|
1915 |
< |
2006-03-17 Love Hörnquist Åstrand <lha@it.su.se> |
1915 |
> |
2006-03-17 Love Hörnquist Åstrand <lha@it.su.se> |
1916 |
|
|
1917 |
|
* lib/krb5/addr_families.c (krb5_free_addresses): reset val,len in |
1918 |
|
address when free-ing. Fixes Coverity NetBSD bug #2605 |
1919 |
|
(krb5_parse_address): reset val,len before possibly return errors |
1920 |
|
Fixes Coverity NetBSD bug #2605 |
1921 |
|
|
1922 |
< |
2006-03-07 Love Hörnquist Åstrand <lha@it.su.se> |
1922 |
> |
2006-03-07 Love Hörnquist Åstrand <lha@it.su.se> |
1923 |
|
|
1924 |
|
* lib/krb5/send_to_kdc.c (recv_loop): it should never happen, but |
1925 |
|
make sure nbytes > 0 |
1930 |
|
* lib/krb5/crypto.c (decrypt_*): handle the case where the |
1931 |
|
plaintext is 0 bytes long, realloc might then return NULL. |
1932 |
|
|
1933 |
< |
2006-02-28 Love Hörnquist Åstrand <lha@it.su.se> |
1933 |
> |
2006-02-28 Love Hörnquist Åstrand <lha@it.su.se> |
1934 |
|
|
1935 |
|
* lib/krb5/krb5_string_to_key.3: Drop krb5_string_to_key_derived. |
1936 |
|
|
1949 |
|
else, they should be around the example, not inside it, and |
1950 |
|
probably shouldn't be used in html at all |
1951 |
|
|
1952 |
< |
2006-02-18 Love Hörnquist Åstrand <lha@it.su.se> |
1952 |
> |
2006-02-18 Love Hörnquist Åstrand <lha@it.su.se> |
1953 |
|
|
1954 |
|
* lib/krb5/krb5_warn.3: Document that applications want to use |
1955 |
|
krb5_get_error_message, add example. |
1956 |
|
|
1957 |
< |
2006-02-16 Love Hörnquist Åstrand <lha@it.su.se> |
1957 |
> |
2006-02-16 Love Hörnquist Åstrand <lha@it.su.se> |
1958 |
|
|
1959 |
|
* lib/krb5/crypto.c (krb5_generate_random_block): check return |
1960 |
|
value from RAND_bytes |
1961 |
|
|
1962 |
|
* lib/krb5/error_string.c: Change indentation, update (c) |
1963 |
|
|
1964 |
< |
2006-02-14 Love Hörnquist Åstrand <lha@it.su.se> |
1964 |
> |
2006-02-14 Love Hörnquist Åstrand <lha@it.su.se> |
1965 |
|
|
1966 |
|
* lib/krb5/pkinit.c: Make struct krb5_dh_moduli available when |
1967 |
|
compiling w/o pkinit. |
1968 |
|
|
1969 |
< |
2006-02-13 Love Hörnquist Åstrand <lha@it.su.se> |
1969 |
> |
2006-02-13 Love Hörnquist Åstrand <lha@it.su.se> |
1970 |
|
|
1971 |
|
* lib/krb5/pkinit.c: update to new paChecksum definition, update |
1972 |
|
the dhgroup handling |
1974 |
|
* kdc/pkinit.c: update to new paChecksum definition, use |
1975 |
|
hdb_entry_ex |
1976 |
|
|
1977 |
< |
2006-02-09 Love Hörnquist Åstrand <lha@it.su.se> |
1977 |
> |
2006-02-09 Love Hörnquist Åstrand <lha@it.su.se> |
1978 |
|
|
1979 |
|
* lib/krb5/krb5_locl.h: Move Configurable options to last in the |
1980 |
|
file. |
1981 |
|
|
1982 |
|
* lib/krb5/krb5_locl.h: Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef |
1983 |
|
|
1984 |
< |
2006-02-03 Love Hörnquist Åstrand <lha@it.su.se> |
1984 |
> |
2006-02-03 Love Hörnquist Åstrand <lha@it.su.se> |
1985 |
|
|
1986 |
|
* kpasswd/kpasswdd.c: Send back a better error-message to the |
1987 |
|
client in case the password change was rejected. |
2011 |
|
* lib/krb5/krb5_locl.h: Introduce KRB5_ADDRESSLESS_DEFAULT that |
2012 |
|
controlls all address-less behavior. Defaults to false. |
2013 |
|
|
2014 |
< |
2006-02-01 Love Hörnquist Åstrand <lha@it.su.se> |
2014 |
> |
2006-02-01 Love Hörnquist Åstrand <lha@it.su.se> |
2015 |
|
|
2016 |
|
* lib/krb5/n-fold-test.c: main is not a KRB5_LIB_FUNCTION |
2017 |
|
|
2018 |
|
* lib/krb5/mk_priv.c (krb5_mk_priv): abort if ASN1_MALLOC_ENCODE |
2019 |
|
failes to produce the matching lenghts. |
2020 |
|
|
2021 |
< |
2006-01-27 Love Hörnquist Åstrand <lha@it.su.se> |
2021 |
> |
2006-01-27 Love Hörnquist Åstrand <lha@it.su.se> |
2022 |
|
|
2023 |
|
* kcm/protocol.c (kcm_op_retrieve): remove unused variable |
2024 |
|
|
2025 |
< |
2006-01-15 Love Hörnquist Åstrand <lha@it.su.se> |
2025 |
> |
2006-01-15 Love Hörnquist Åstrand <lha@it.su.se> |
2026 |
|
|
2027 |
|
* tools/krb5-config.in: Move depenency on @LIB_dbopen@ to |
2028 |
|
kadm-server, kerberos library doesn't depend on db-library. |
2029 |
|
|
2030 |
< |
2006-01-13 Love Hörnquist Åstrand <lha@it.su.se> |
2030 |
> |
2006-01-13 Love Hörnquist Åstrand <lha@it.su.se> |
2031 |
|
|
2032 |
|
* include/Makefile.am: Don't clean crypto headers, they now live |
2033 |
|
in hcrypto/. Add hcrypto to SUBDIRS. |
2039 |
|
* include/make_crypto.c: Include more crypto headerfiles. Remove |
2040 |
|
support for old hash names. |
2041 |
|
|
2042 |
< |
2006-01-02 Love Hörnquist Åstrand <lha@it.su.se> |
2042 |
> |
2006-01-02 Love Hörnquist Åstrand <lha@it.su.se> |
2043 |
|
|
2044 |
|
* kdc/misc.c (_kdc_db_fetch): use calloc to allocate the entry, |
2045 |
|
from Andrew Bartlet. |