12003-12-19 Love Hörnquist Åstrand <lha@it.su.se> 2 3 * lib/krb5/error_string.c: protect error_string with mutex 4 5 * lib/krb5/context.c: allocate and destroy mutex in krb5_context 6 7 * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string 8 92003-12-18 Love Hörnquist Åstrand <lha@it.su.se> 10 11 * kuser/kinit.c: make -9 work again 12 132003-12-17 Love Hörnquist Åstrand <lha@it.su.se> 14 15 * lib/krb5/init_creds_pw.c: try handle ts preauth better, still 16 not good, but at least it work with older heimdal releases that 17 doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was 18 sent 19 202003-12-16 Love Hörnquist Åstrand <lha@it.su.se> 21 22 * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer 23 used 24 252003-12-11 Love Hörnquist Åstrand <lha@it.su.se> 26 27 * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as 28 parameters, required by CMS 29 302003-12-07 Love Hörnquist Åstrand <lha@it.su.se> 31 32 * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab): 33 avoid memory leak that snuck in when krb5_keytab_key_proc was 34 exported, pointed out by Panases Inc 35 36 * lib/krb5/keytab_file.c: do locking, found to be a problem for 37 Panasas Inc 38 39 * lib/krb5/fcache.c: internally export x{,un}lock and thus prefix 40 them with _krb5_ 41 42 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use 43 KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded 44 krb-cred 45 46 * lib/krb5/krb5_auth_context.3: some text about 47 krb5_auth_con_{add,remove}flags 48 49 * lib/krb5/auth_context.c: add krb5_auth_con_addflags and 50 krb5_auth_con_removeflags 51 522003-12-03 Love Hörnquist Åstrand <lha@it.su.se> 53 54 * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to 55 avoid memory leak 56 572003-12-02 Love Hörnquist Åstrand <lha@it.su.se> 58 59 * lib/krb5/crypto.c: require cipher-text to be padded to padsize 60 61 * lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is 62 deprecated in RFC3493 63 64 * lib/krb5/verify_krb5_conf.c (check_host): don't check for 65 EAI_NODATA, because its depricated in RFC3493 Pointed out by 66 Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss 67 682003-12-01 Love Hörnquist Åstrand <lha@it.su.se> 69 70 * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS 71 72 * lib/krb5/test_crypto.c: add --version,--help 73 74 * kuser/kinit.c (main): return the return value from simple_execvp 75 762003-11-26 Love Hörnquist Åstrand <lha@it.su.se> 77 78 * kuser/kinit.c: don't use PKINIT DH per default since its too 79 slow 80 81 * lib/krb5/pkinit.c: tweek to make pkinit work with the fact the 82 asn1_compile can't generate code for context tagless optionals 83 84 * kdc/pkinit.c: add support for KDC side of DH PKINIT 85 86 * lib/krb5/pkinit.c: clean up error handling, make enc-type work 87 again 88 892003-11-25 Love Hörnquist Åstrand <lha@it.su.se> 90 91 * kuser/kinit.c: add flag to make it work with pkinit dh 92 93 * lib/krb5/pkinit.c: make PKINIT DH support work 94 952003-11-24 Love Hörnquist Åstrand <lha@it.su.se> 96 97 * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen 98 99 * kdc/pkinit.c: clean up 100 101 * lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field 102 103 * lib/krb5/pkinit.c: remove most compile depencies clean up 104 105 * kdc/pkinit.c: print an error and turn of pkinit if openssl 106 failed to load 107 108 * kdc/config.c: read pkinit (pki-mumble) configuration options 109 110 * kdc/kerberos5.c: add pkinit support 111 112 * kdc/kdc_locl.h: add prototypes for pkinit 113 114 * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I 115 removed the dependency on valicert asn1 parser, remove smartcard 116 and globus support (for now). Work to be done on this: DH support, 117 Globus support, Smartcard support, windows support (MS implements 118 -09 of the draft), make it conform to the new draft 119 120 * lib/krb5/pkinit.c: fix bugs, improve error reporting 121 1222003-11-23 Love Hörnquist Åstrand <lha@it.su.se> 123 124 * kuser/kinit.c: add some "struct foo;" glue for pkinit 125 structures that isn't used 126 127 * lib/krb5/pkinit.c: clean up, make remove depenency on openssl's 128 api 129 130 * lib/krb5/krb5_locl.h: add some glue for pkinit add reference 131 counter to _krb5_get_init_creds_opt_private 132 133 * lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt 134 private component to avoid copy all the data in it 135 136 * lib/krb5/crypto.c (AES_string_to_key): fix memory leak 137 138 * lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak 139 140 * lib/krb5/heim_threads.h: include pthread.h in the pthread case 141 1422003-11-18 Love Hörnquist Åstrand <lha@it.su.se> 143 144 * kpasswd/kpasswdd.c (main): parse kdc.conf 145 From: Jeffrey Hutzelman <jhutz@cmu.edu> 146 1472003-11-15 Love Hörnquist Åstrand <lha@it.su.se> 148 149 * lib/krb5/Makefile.am (TESTS): add test_crypto 150 151 * lib/krb5/test_crypto.c: time crypto operations 152 1532003-11-14 Love Hörnquist Åstrand <lha@it.su.se> 154 155 * doc/init-creds: spelling, Bruno Rohee <bruno@rohee.com> 156 1572003-11-09 Love Hörnquist Åstrand <lha@it.su.se> 158 159 * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free 160 the ticket now, rewrite error handling to handle that 161 162 * kpasswd/kpasswdd.c (process): don't free ticket, 163 krb5_free_ticket does that now 164 165 * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket 166 does that now 167 168 * lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to 169 match mit behavior, pointed out by Derrick Brashear 170 171 * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket 172 1732003-11-08 Love Hörnquist Åstrand <lha@it.su.se> 174 175 * lib/krb5/padata.c: add krb5_padata_add 176 177 * lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible 178 179 * lib/krb5/Makefile.am: add pkinit.c 180 181 * kuser/kinit.c: add pkinit support 182 183 * lib/krb5/init_creds_pw.c: add support for pkinit 184 185 * lib/krb5/krb5_locl.h: add the opaque krb5_pk_init_ctx to 186 _krb5_get_init_creds_opt_private 187 188 * lib/krb5/pkinit.c: rename krb5_pk_init_openssl_ctx to 189 krb5_pk_init_ctx fix win2k error handling 190 191 * lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr 192 Holub, I removed the dependency on valicert asn1 parser, remove 193 smartcard and globus support (for now). Work to be done on this: 194 DH support, Globus support, Smartcard support, windows support (MS 195 implements -09 of the draft), verify that it conforms the new 196 draft 197 1982003-11-07 Love Hörnquist Åstrand <lha@it.su.se> 199 200 * lib/asn1/der_copy.c (copy_oid): copy all components 201 2022003-10-27 Johan Danielsson <joda@pdc.kth.se> 203 204 * lib/krb5/krb5.conf.5: document capaths section 205 2062003-10-22 Johan Danielsson <joda@pdc.kth.se> 207 208 * kdc/kerberos5.c: make sure that the server realm and the krbtgt 209 second component are identical; get rpath from the capaths section 210 211 * kdc/kerberos5.c: change logic for when to check transited policy 212 to a tri-state model involving per principal flags (to be 213 implemented) 214 215 * kdc/kdc_locl.h: change enforce_transited_policy to a tri-state 216 variable 217 218 * kdc/config.c: change enforce_transited_policy to a tri-state 219 variable 220 2212003-10-22 Love Hörnquist Åstrand <lha@it.su.se> 222 223 * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out 224 encoding to make sure it have a defined value on failure 225 226 * lib/krb5/transited.c (krb5_domain_x500_encode): 227 if num_realms ==0, set encoding and return (avoids malloc(0)), 228 check return value for malloc 229 2302003-10-21 Johan Danielsson <joda@pdc.kth.se> 231 232 * kdc/kerberos5.c (fix_transited_encoding): always print 233 cross-realm information 234 2352003-10-21 Love Hörnquist Åstrand <lha@it.su.se> 236 237 * doc/setup.texi: spelling, From: Tracy Di Marco White 238 239 * kdc/kerberos5.c (fix_transited_encoding): set transited type 240 2412003-10-21 Johan Danielsson <joda@pdc.kth.se> 242 243 * kdc/kdc.8: document enforce-transited-policy 244 245 * kdc/kerberos5.c: always check transited policy if flag set 246 either globally or on principal 247 248 * kdc/config.c: add flag to always check transited policy 249 250 * lib/hdb/hdb.asn1: add flag to enforce transited policy 251 2522003-10-21 Love Hörnquist Åstrand <lha@it.su.se> 253 254 * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms 255 to zero not num_realms 256 257 * kuser/kgetcred.1: add --no-transit-check 258 259 * kuser/kgetcred.c: add --no-transit-check 260 261 * doc/setup.texi: describe Transit policy 262 2632003-10-20 Johan Danielsson <joda@pdc.kth.se> 264 265 * kdc/kerberos5.c (fix_transited_encoding): also verify with 266 policy, unless asked not to 267 268 * lib/krb5/rd_req.c (krb5_decrypt_ticket): try to verify transited 269 realms, unless the transited-policy-checked flag is set 270 271 * lib/krb5/transited.c (krb5_domain_x500_decode): handle zero 272 length tr data; 273 (krb5_check_transited): new function that does more useful stuff 274 275 * lib/krb5/get_cred.c: get capath info from [capaths] section 276 2772003-10-16 Johan Danielsson <joda@pdc.kth.se> 278 279 * lib/krb5/fcache.c: Sleep forever waiting for lock. Previous 280 method doesn't work well with a large number of clients accessing 281 the cache at the same time, and there is no simple way to add a 282 timeout to the lock. 283 2842003-10-13 Love Hörnquist Åstrand <lha@it.su.se> 285 286 * lib/krb5/verify_krb5_conf.c: print the error value 287 krb5_init_context failed with 288 289 * lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if 290 there is binding before a section declaration. Bug found by 291 Arkadiusz Miskiewicz <arekm@pld-linux.org> 292 2932003-10-13 Johan Danielsson <joda@pdc.kth.se> 294 295 * lib/krb5/fcache.c (erase_file): revert a change in previous; if 296 the ccache is a symlink, kdestroy should remove it 297 298 * lib/krb5/fcache.c: implement locking 299 3002003-10-12 Johan Danielsson <joda@pdc.kth.se> 301 302 * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred 303 returns error other than KRB5_CC_END 304 3052003-10-07 Love Hörnquist Åstrand <lha@it.su.se> 306 307 * lib/krb5/init_creds_pw.c: add some help function that is common 308 between ENC_TS and SAM2, free the etype{,2}-infos on failure, move 309 the pa counter into krb5_get_init_creds_ctx 310 3112003-10-06 Love Hörnquist Åstrand <lha@it.su.se> 312 313 * kdc/kaserver.c (do_getticket): if times data is shorter then 8 314 byte, request is malformed. 315 316 * kdc/kaserver.c (do_authenticate): if request length is less then 317 8 byte, its a bad request and fail. Pointed out by Marco Foglia 318 <marco@foglia.org> 319 320 * lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that 321 warns for mit syntax is used and just ignore the mit syntax when 322 its used 323 324 * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi] 325 3262003-10-04 Love Hörnquist Åstrand <lha@it.su.se> 327 328 * lib/asn1/lex.l: add BOOLEAN 329 330 * lib/asn1/parse.y: add BOOLEAN 331 3322003-10-03 Love Hörnquist Åstrand <lha@it.su.se> 333 334 * kuser/kinit.c: When running kinit in "fork mode" do pagsh 335 independent of krb4, also always do krb4 setup of cc. Always try 336 to destroy the v4 cc. 337 - add boolean --{,no-}request-pac that will request pac or not 338 339 * kuser/klist.c (check_for_tgt): set client as part of the 340 pattern/match cred 341 342 * lib/krb5/convert_creds.c (_krb5_krb_dest_tkt): unlink v4 token 343 (get_krb4_cc_name): move out from _krb5_krb_tf_setup 344 (_krb5_krb_tf_setup): adapt to allocated filename instead of 345 static filename 346 347 * lib/krb5/krb5-v4compat.h: add _krb5_krb_dest_tkt and TKT_ROOT 348 349 * lib/krb5/init_creds_pw.c (*) send PA_PAC_REQUEST when the user 350 have requested either use PAC or not use PAC, if the option not 351 set from the user, leave it up to the kdc to decide. 352 (init_creds_loop): clear error string on success 353 354 * lib/krb5/init_creds.c: add 355 krb5_get_init_creds_opt_set_paq_request break out common part of 356 extended opt functions to require_ext_opt 357 358 * lib/krb5/krb5_locl.h: add enum krb5_get_init_creds_req_pac and 359 use it in struct _krb5_get_init_creds_opt_private 360 361 * tools/kdc-log-analyze.pl: handle some more failure lines 362 363 * doc/programming.texi: some diffrences between Heimdal and MIT 364 Kerberos in the API 365 366 * doc/setup.texi: add Setting up DNS 367 368 * lib/krb5/rd_req.c (krb5_rd_req): always free keyblock since its 369 alway used 370 371 * lib/asn1/Makefile.am: add SAM types and PAC_REQUEST 372 373 * lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST 374 375 * lib/asn1: add boolean support 376 3772003-10-02 Love Hörnquist Åstrand <lha@it.su.se> 378 379 * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on 380 failure 381 3822003-09-30 Love Hörnquist Åstrand <lha@it.su.se> 383 384 * appl/test/http_client.c (do_connect): use ai_protocol 0 385 386 * lib/krb5/init_creds_pw.c (init_cred_loop): handle 387 KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting 388 LARGE_MSG from send to kdc, and if this is the second time bail 389 out; try to free memory 390 391 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc_flags): new function, 392 and then implement the order krb5_sendto_kdc* function with this 393 function. 394 395 * lib/krb5/krbhst.c (krb5_krbhst_init_flags): new function, use it 396 and adapt callers 397 (krbhst_get_default_proto): new function, returns udp, or in case 398 large_msg was requested for the krb5_krbhst_data, use tcp. 399 (*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid 400 using udp, use krbhst_get_default_proto 401 402 * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and 403 krb5_send_to_kdc_flags) 404 4052003-09-23 Love Hörnquist Åstrand <lha@it.su.se> 406 407 * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth 408 context, use that 409 410 * appl/test/uu_client.c: print authorization data if there are any 411 412 * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String 413 4142003-09-21 Love Hörnquist Åstrand <lha@it.su.se> 415 416 * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy 417 * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy 418 419 * lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen 420 421 * kuser/kinit.c: don't get v4 tickets by default 422 4232003-09-20 Love Hörnquist Åstrand <lha@it.su.se> 424 425 * kpasswd/kpasswdd.c (process): remove a abort() 426 427 * doc/win2k.texi: add some text about netdom.exe and trusts 428 429 * TODO-1.0: gssapi rc4 done 430 431 * kpasswd/kpasswdd.c: add support for Set password protocol as 432 defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change 433 Password and Set Password Protocols 434 4352003-09-19 Love Hörnquist Åstrand <lha@it.su.se> 436 437 * lib/hdb/db3.c: improve readability of ->open ifdef, check if 438 version >= 4.1 439 440 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add 441 442 * lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key 443 in the auth_context, they way processes that doesn't use the 444 keytab can still pass in the key of the service (matches behavior 445 of MIT Kerberos). 446 4472003-09-18 Love Hörnquist Åstrand <lha@it.su.se> 448 449 * lib/krb5/init_creds_pw.c: collect all init_creds context into a 450 structure so it can easier be passed around, also, while here, 451 change nonce for every request 452 453 * lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before 454 the loop, add_padata() will handle that itself 455 456 * lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len 457 until in contains interesting data, use right iteration counter 458 when clearing the addresses 459 460 * lib/krb5/log.c (log_realloc): increase len after realloc returns 461 sucessfully 462 4632003-09-12 Love Hörnquist Åstrand <lha@it.su.se> 464 465 * lib/krb5/config_file.c: fix prototypes 466 From: Fredrik Ljungberg <flag@pobox.se> 467 4682003-09-10 Love Hörnquist Åstrand <lha@it.su.se> 469 470 * appl/test/http_client.c: close socket when we are done, don't 471 allow the server to restart gssapi negotiation 472 473 * lib/hdb/hdb_locl.h: include <limits.h> for ULONG_MAX noted by 474 Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss 475 476 * appl/test/gssapi_client.c (proto): use select_mech 477 478 * appl/test/http_client.c: use getarg 479 480 * appl/test/gss_common.h: prototype for select_mech 481 482 * appl/test/gss_common.c (select_mech): return the gss_OID from a 483 mech name 484 485 * appl/test/http_client.c: print both source and target 486 487 * appl/test/Makefile.am: build http_client 488 4892003-09-09 Love Hörnquist Åstrand <lha@it.su.se> 490 491 * lib/asn1/asn1_print.c: add support for printing Enumerated 492 493 * appl/test/gssapi_client.c: allow user to select mech; krb5, 494 spnego, and no-oid 495 496 * appl/test/test_locl.h: add mech 497 498 * appl/test/common.c: add --mech,-m argument 499 500 * appl/test/gssapi_server.c: print the mech that was used 501 502 * kdc/kerberos5.c (only_older_enctype_p): check request if the 503 client only supports old enctypes, before it used the database 504 5052003-09-08 Love Hörnquist Åstrand <lha@it.su.se> 506 507 * **/*.c: add context argument to krb5_get_init_creds_opt_alloc 508 509 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add 510 context argument 511 512 * lib/krb5/krb5_get_init_creds.3: spelling 513 5142003-09-04 Love Hörnquist Åstrand <lha@it.su.se> 515 516 * lib/krb5/context.c (add_file): make len argument an pointer to 517 an integer 518 519 * lib/asn1/k5.asn1: add SAM types 520 521 * lib/krb5/init_creds_pw.c: break out the encrypt timestamp 522 preauth to its function break out the pa_data_to_key_plain to its 523 own function make more variables const 524 5252003-09-04 Johan Danielsson <joda@pdc.kth.se> 526 527 * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt} 528 5292003-09-03 Love Hörnquist Åstrand <lha@it.su.se> 530 531 * lib/krb5/krb5.h: Add key usage for encryption of the 532 SAM-NONCE-OR-SAD field. 533 534 * include/make_crypto.c: include <openssl/ui.h> in the openssl 535 case 536 537 * kdc/hprop.h: use new DES_ api 538 539 * lib/krb5/krb5-v4compat.h: assume session key is a char array of 540 length 8 541 542 * lib/krb5/prompter_posix.c: 543 s/des_read_pw_string/UI_UTIL_read_pw_string/ 544 545 * kuser/kinit.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ 546 547 * kdc/string2key.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ 548 549 * kdc/kstash.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ 550 551 * admin/add.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ 552 553 * lib/krb5/crypto.c: switch from the des_ to the DES_ api 554 555 * kdc/hprop.c: use DES_KEY_SZ instead of sizeof(des_block) 556 557 * kuser/kverify.c: use 558 krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 559 560 * kpasswd/kpasswd-generator.c: use 561 krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 562 563 * kdc/hprop.c: use 564 krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free compare 565 a uint32_t with 0xffffffff instead of -1 566 567 * lib/krb5/krb5_425_conv_principal.3: fix [Gt] 568 569 * kuser/kinit.c: use 570 krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free 571 572 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): handle 573 password passed in though context 574 575 * lib/krb5/Makefile.am (TESTS): += test_config 576 577 * lib/krb5/aes-test.c: move variable thats used within a #ifdef to 578 be defined within that #ifdef 579 580 * lib/krb5/data.c (krb5_data_free): reset whole krb5_data when 581 freeing it 582 583 * lib/krb5/keyblock.c (krb5_keyblock_zero): new function, zeros 584 out a keyblock 585 586 * lib/krb5/init_creds_pw.c: rewrite/implement 587 krb5_get_init_creds_password with new preauth handing, still it 588 can only work with krb5-pa-enc-timestamp for preauth, but now it 589 can handle etype-info2 590 591 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): allocate 592 a opt structure 593 (krb5_get_init_creds_opt_free): free a opt structure 594 (krb5_get_init_creds_opt_set_pa_password): set preauth info for 595 enc-timestamp 596 597 * lib/krb5/krb5_locl.h: add struct 598 _krb5_get_init_creds_opt_private 599 6002003-09-02 Love Hörnquist Åstrand <lha@it.su.se> 601 602 * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef, 603 add a pointer to a private part of krb5_get_init_creds_opt 604 605 * kdc/string2key.c (main): avoid const warning by using a extra 606 variable 607 6082003-08-31 Love Hörnquist Åstrand <lha@it.su.se> 609 610 * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): 611 reindent 612 613 * lib/krb5/ticket.c (krb5_copy_ticket): free all data when 614 failing, copy data to right memory, the later pointed out by Luke 615 Howard. 616 6172003-08-30 Love Hörnquist Åstrand <lha@it.su.se> 618 619 * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers 620 6212003-08-29 Love Hörnquist Åstrand <lha@it.su.se> 622 623 * lib/hdb/db3.c: try to include more db headers 624 625 * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss 626 From: Luke Howard <lukeh@PADL.COM> 627 6282003-08-28 Love Hörnquist Åstrand <lha@it.su.se> 629 630 * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56 631 632 * appl/test/gssapi_client.c: send both INT and CONF wrapped token 633 634 * appl/test/gssapi_server.c: recv both INT and CONF wrapped token 635 636 * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE 637 6382003-08-27 Love Hörnquist Åstrand <lha@it.su.se> 639 640 * appl/test/uu_client.c (proto): fill in client in the match cred 641 6422003-08-26 Love Hörnquist Åstrand <lha@it.su.se> 643 644 * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers 645 646 * lib/krb5/crypto.c (usage2arcfour): simplify, only include 647 special cases From: Luke Howard <lukeh@PADL.COM> 648 6492003-08-25 Love Hörnquist Åstrand <lha@it.su.se> 650 651 * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard 652 <lukeh@PADL.COM> 653 654 * lib/krb5/crypto.c (arcfour_checksum_p): return true when is 655 arcfour, not when its not pointed out by Luke Howard 656 657 * doc/ack.texi: update Luke Howard email address 658 6592003-08-24 Love Hörnquist Åstrand <lha@it.su.se> 660 661 * lib/krb5/krb5_encrypt.3: document: 662 krb5_crypto_getconfoundersize, krb5_crypto_getblocksize 663 krb5_crypto_getenctype, krb5_crypto_getpadsize 664 665 * lib/krb5/crypto.c (krb5_crypto_getpadsize, 666 krb5_crypto_getconfoundersize): added From: Luke Howard 667 <lukeh@PADL.COM> 668 6692003-08-23 Love Hörnquist Åstrand <lha@it.su.se> 670 671 * kdc/connect.c (handle_tcp): handle recvfrom returning 0 672 (connection closed) 673 674 * kdc/connect.c (grow_descr): increment the size after we succeed 675 to allocate the space 676 677 * lib/krb5/krb5_create_checksum.3: text about when 678 krb5_crypto_get_checksum_type is useful 679 680 * lib/krb5/crypto.c (krb5_crypto_get_checksum_type): fix format 681 string 682 683 * lib/krb5/krb5_create_checksum.3: document 684 krb5_crypto_get_checksum_type 685 686 * lib/krb5/crypto.c: add krb5_crypto_get_checksum_type 687 From: Luke Howard <lukeh@PADL.COM> 688 689 * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code 690 From: Luke Howard <lukeh@PADL.COM> 691 6922003-08-21 Love Hörnquist Åstrand <lha@it.su.se> 693 694 * include/make_crypto.c: include aes.h inc in the local libdes 695 case too 696 6972003-08-20 Johan Danielsson <joda@pdc.kth.se> 698 699 * lib/asn1/der_free.c: set free'd poiners to NULL 700 701 * lib/asn1/gen_free.c: set free'd poiners to NULL 702 7032003-08-20 Love Hörnquist Åstrand <lha@it.su.se> 704 705 * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support 706 on netbsd 707 708 * lib/krb5/crypto.c: Do the arcfour checksum mapping for 709 krb5_create_checksum and krb5_verify_checksum, From: Luke Howard 710 <lukeh@PADL.COM> 711 7122003-08-18 Love Hörnquist Åstrand <lha@it.su.se> 713 714 * lib/krb5/test_config.c: check krb5_prepend_config_files_default 715 and krb5_prepend_config_files 716 717 * lib/krb5/context.c: add krb5_prepend_config_files and 718 krb5_prepend_config_files_default 719 7202003-08-17 Love Hörnquist Åstrand <lha@it.su.se> 721 722 * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t 723 as argument 724 725 * lib/krb5/parse-name-test.c: please lint (and me) 726 727 * kdc/config.c (configure): remove only set variable 'e' 728 729 * kdc/connect.c (init_socket): sockaddr size argument to 730 krb5_addr2sockaddr is a krb5_addr2sockaddr * 731 732 * kdc/kerberos5.c (as_rep): remove usused variable 733 (tgs_rep2): don't use a temporary ret-variable, ret is reset later 734 735 * lib/krb5/krb5_get_in_cred.3: these function will be deprecated 736 737 * lib/krb5/Makefile.am: man_MANS += krb5_get_init_creds.3 738 739 * lib/krb5/krb5_get_init_creds.3: begining of documentation of 740 krb5_get_init_creds 741 742 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with 743 with the mit implemtation, don't free `creds' argument when done, 744 its up the the caller to do that, also allow a NULL ccache. 745 7462003-08-16 Love Hörnquist Åstrand <lha@it.su.se> 747 748 * lib/krb5/krb5.conf.5: document tgs_require_subkey 749 750 * lib/asn1/Makefile.am: remove trance of generate tests files, its 751 not really for consumption yet 752 753 * lib/hdb/Makefile.am: split generated source from non generated 754 source we make-proto.pl can generate prototypes for non 755 generate-source only (make-proto.pl dies on asn1compile's .c 756 files) 757 758 * lib/krb5/get_cred.c (init_tgs_req): make generation of subkey 759 optional on configuration parameter 760 [realms]realm={tgs_require_subkey=bool} 761 defaults to off. The RFC1510 weakly defines the correct behavior, 762 so old DCE secd apparently required the subkey to be there, and MS 763 will use it when its there. But the request isn't encrypted in the 764 subkey, so you get to choose if you want to talk to a MS mdc or a 765 old DCE secd. 766 767 * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero 768 7692003-08-15 Love Hörnquist Åstrand <lha@it.su.se> 770 771 * lib/krb5/principal.c (unparse_name): len can't be zero, so, 772 don't check for that 773 7742003-08-13 Love Hörnquist Åstrand <lha@it.su.se> 775 776 * lib/krb5/principal.c (unparse_name): make sure there are space 777 for a NUL, set *name to NULL when there is a failure (so caller 778 can't get hold of a freed pointer) 779 7802003-07-26 Love Hörnquist Åstrand <lha@it.su.se> 781 782 * lib/krb5/kerberos.8: remove duplicate manual, from 783 cjep@netbsd.org 784 7852003-07-25 Love Hörnquist Åstrand <lha@it.su.se> 786 787 * lib/krb5/cache.c: indent 788 789 * lib/krb5/cache.c (krb5_cc_set_default_name): only read 790 KRB5CCNAME when not suid 791 7922003-07-24 Love Hörnquist Åstrand <lha@it.su.se> 793 794 * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes, 795 use a char array instead of des_cblock 796 7972003-07-23 Love Hörnquist Åstrand <lha@it.su.se> 798 799 * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2 800 801 * lib/krb5/crypto.c (hmac): make it return an error when out of 802 memory, update callsites to either return error or use krb5_abortx 803 (krb5_hmac): expose hmac 804 8052003-07-22 Love Hörnquist Åstrand <lha@it.su.se> 806 807 * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype 808 of keyblock 809 810 * lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3 811 812 * lib/krb5/krb5_keyblock.3: some information about krb5_keyblock 813 and related functions 814 815 * lib/krb5/heim_threads.h: make the non-debug version of the mutex 816 macros "use" the "mutex" integer so the compile wont complain 817 about defined unused variables 818 819 * lib/krb5/heim_threads.h: make thread local storage macros take a 820 "return" argument so no functions need to be created for the 821 no-pthread case 822 823 * lib/krb5/heim_threads.h: adding RWLOCKS and [sg]etspecific 824 825 * configure.in: use KRB_PTHREADS 826 827 * lib/asn1/Makefile.am (gen_files): add asn1_KerberosString and 828 sort 829 830 * lib/asn1/k5.asn1 (ETYPE-INFO2-ENTRY): salt is a KerberosString 831 832 * lib/krb5/krb5.3: add ticket access functions 833 * lib/krb5/krb5_ticket.3: ditto 834 * lib/krb5/ticket.c: ditto 835 * lib/krb5/Makefile.am: ditto 836 837 * lib/krb5/mit_glue.c: add some more krb5_c functions 838 839 * lib/krb5/krb5_c_make_checksum.3: add some more krb5_c functions 840 841 * lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type 842 is a valid one 843 844 * lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented 845 error string when there is a context 846 (krb5_checksum_is_collision_proof): ditto 847 8482003-07-21 Love Hörnquist Åstrand <lha@it.su.se> 849 850 * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data 851 argument optional 852 (krb5_c_{encrypt,decrypt}): return "better" error codes for 853 invalid ivec length 854 855 * lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum 856 usage 857 858 * lib/krb5/crypto.c (krb5_crypto_getenctype): new function 859 860 * include/make_crypto.c: avoid redefining 861 OPENSSL_DES_LIBDES_COMPATIBILITY 862 863 * lib/krb5/krb5.h: add krb5_enc_data 864 8652003-07-19 Love Hörnquist Åstrand <lha@it.su.se> 866 867 * lib/krb5/krb5.3: add krb5_c_ functions 868 869 * lib/krb5/mit_glue.c: support passing in NULL as the 870 cipher_state/ivec 871 872 * lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and 873 krb5_c_decrypt 874 875 * lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue 876 877 * lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when 878 calculating the length of the encrypted data, use the keyed 879 checksum length if the enctype supports a keyed checksum. This 880 only matter for aes, for all other enctypes the key and unkeyed 881 checksum have the same length. 882 8832003-07-18 Love Hörnquist Åstrand <lha@it.su.se> 884 885 * lib/krb5/mit_glue.c: first version of krb5_c encryption glue 886 887 * doc/install.texi: update pointer to luke ldap documentation 888 889 * lib/hdb/hdb.c (hdb_create): check for dynamic backend after 890 static to avoid warning from dynamic backend when using a known 891 static backend 892 8932003-07-16 Love Hörnquist Åstrand <lha@it.su.se> 894 895 * lib/krb5/cache.c: don't return value in void function 896 8972003-07-15 Love Hörnquist Åstrand <lha@it.su.se> 898 899 * lib/krb5/creds.c (krb5_compare_creds): if client is specified in 900 the mcreds, check that too 901 902 * lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}: 903 prefix libasn1 types with heim_ 904 905 * lib/asn1: prefix typedefs and structs with heim_ 906 9072003-07-13 Love Hörnquist Åstrand <lha@it.su.se> 908 909 * lib/hdb/hdb.c: avoid unnecessary setting of variable 910 9112003-07-07 Love Hörnquist Åstrand <lha@it.su.se> 912 913 * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred 914 915 * appl/test/uu_client.c (proto): use krb5_cc_clear_mcred 916 917 * lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free 918 in the req_body addresses since they where pass in by caller 919 (find_cred): use krb5_cc_clear_mcred 920 921 * lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred 922 923 * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a 924 krb5_creds to use with krb5_cc_retrieve_cred 925 9262003-06-30 Love Hörnquist Åstrand <lha@it.su.se> 927 928 * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix, 929 don't load anything 930 9312003-06-29 Love Hörnquist Åstrand <lha@it.su.se> 932 933 * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke 934 Howard <lukeh@PADL.COM> 935 936 * lib/hdb/hdb.h: add struct hdb_so_method and 937 HDB_INTERFACE_VERSION 938 9392003-06-28 Love Hörnquist Åstrand <lha@it.su.se> 940 941 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using 942 arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since 943 Microsoft calculates the keyed checksum with the subkey of the 944 authenticator. 945 946 * kuser/kinit.c: write out v4 credential caches with 947 _krb5_krb_tf_setup 948 949 * lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup 950 951 * lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4 952 credential to a new krb4 ticket file 953 9542003-06-27 Johan Danielsson <joda@pdc.kth.se> 955 956 * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since 957 it contains more than 9 words; from wiz 958 9592003-06-25 Love Hörnquist Åstrand <lha@it.su.se> 960 961 * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from 962 stefan sokoll <stefansokoll@yahoo.de> 963 9642003-06-24 Love Hörnquist Åstrand <lha@it.su.se> 965 966 * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text 967 968 * lib/krb5/time.c: improve comment for krb5_set_real_time 969 9702003-06-23 Johan Danielsson <joda@pdc.kth.se> 971 972 * kuser/kinit.1: document -A 973 974 * kuser/kinit.c: add -A as an alias for --no-addresses 975 9762003-06-22 Love Hörnquist Åstrand <lha@it.su.se> 977 978 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a 979 krb5_timestamp to krb5_us_timeofday 980 981 * lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to 982 krb5_us_timeofday 983 984 * lib/krb5/time.c (krb5_set_real_time): fix comment and make it 985 work 986 987 * lib/krb5/time.c, lib/krb5/krb5_timeofday.3, 988 lib/krb5/Makefile.am lib/krb5/test_time.c: 989 990 implement krb5_set_real_time, used by SAMBA, requested by Luke 991 Howard <lukeh@PADL.COM> 992 993 * lib/asn1/k5.asn1: make the aes and sha1 checksum types match 994 draft-ietf-krb-wg-crypto-05 995 9962003-06-21 Love Hörnquist Åstrand <lha@it.su.se> 997 998 * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data 999 1000 * lib/krb5/crypto.c: clean up AES code to use a structure instead 1001 of a key array 1002 (_krb5_AES_string_to_default_iterator): set to 4096 as described in 1003 aes draft -04 1004 (derive_key): always remove the key->schedule since its 1005 will contain the wrong (parent key) info 1006 10072003-06-18 Love Hörnquist Åstrand <lha@it.su.se> 1008 1009 * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn 1010 * doc/setup.texi: add more kdc's to the example 1011 10122003-06-17 Love Hörnquist Åstrand <lha@it.su.se> 1013 1014 * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto 1015 Patino <jalbertop@aranea.com.mx>, Luke Howard <lukeh@PADL.COM> 1016 Pointed out by Andrew Bartlett of Samba 1017 1018 * lib/krb5/heim_threads.h: remove freebsd comment, don't use debug 1019 pthread stubs by default 1020 1021 * lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3 1022 1023 * lib/krb5/krb5_free_addresses.3: removed file, functions are 1024 documented in krb5_address.3 1025 1026 * lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2 1027 1028 * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add 1029 krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256 1030 10312003-06-06 Love Hörnquist Åstrand <lha@it.su.se> 1032 1033 * doc/setup.texi: Point out that slave needs /var/heimdal 1034 directory and masterkey From: Mans Nilsson <mansaxel@sunet.se>, 1035 Fix spelling while here 1036 10372003-06-02 Love Hörnquist Åstrand <lha@it.su.se> 1038 1039 * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3: 1040 add manpage for: krb5_get_in_cred, krb5_get_in_tkt, 1041 krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password, 1042 krb5_get_in_tkt_with_skey 1043 10442003-05-28 Assar Westerlund <assar@kth.se> 1045 1046 * lib/krb5/heim_threads.h: Fix unlock/destroy macros for the 1047 non-threaded cases to work. Fix typo. 1048 10492003-05-27 Johan Danielsson <joda@pdc.kth.se> 1050 1051 * lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of 1052 "unsigned" integers. If MSB is set, we need to pad with a zero 1053 byte. 1054 10552003-05-27 Love Hörnquist Åstrand <lha@it.su.se> 1056 1057 * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes 1058 1059 * lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap 1060 connection 1061 (LDAP_store): remove superfluous argument to asprintf 1062 1063 From Alberto Patino <jalbertop@aranea.com.mx> 1064 10652003-05-26 Love Hörnquist Åstrand <lha@it.su.se> 1066 1067 * lib/krb5/*.[0-9]: pacify mdoclink 1068 1069 * lib/krb5/krb5_ccache.3: document diffrences between mit and 1070 heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$// 1071 10722003-05-21 Love Hörnquist Åstrand <lha@it.su.se> 1073 1074 * appl/test/gssapi_server.c (proto): start to use 1075 gss_krb5_copy_ccache 1076 1077 * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t 1078 groveling for now 1079 10802003-05-20 Love Hörnquist Åstrand <lha@it.su.se> 1081 1082 * lib/asn1: 1083 - add parser/generate glue for UTF8String and NULL 1084 (DER primitive encode/decode functions missing) 1085 - handle parsing of DEFAULT and, ... 1086 10872003-05-16 Love Hörnquist Åstrand <lha@it.su.se> 1088 1089 * lib/krb5/heim_threads.h: add missing argument to mutex_init 1090 1091 * lib/krb5/crypto.c: protect the random initiator with a mutex 1092 1093 * lib/krb5/mcache.c: protect the mcc_head with a mutex 1094 1095 * lib/krb5/krb5_locl.h: include heim_threads.h 1096 1097 * lib/krb5/heim_threads.h: wrapper macros for thread 1098 synchronization primitives 1099 11002003-05-15 Love Hörnquist Åstrand <lha@it.su.se> 1101 1102 * lib/krb5/krb5_principal.3 1103 lib/krb5/Makefile.am: 1104 Add all Kerberos principal function to one manpage, add a few more 1105 principal function to it, remove old now dup manpages 1106 1107 * lib/krb5/krb5_build_principal.3: remove file 1108 * lib/krb5/krb5_free_principal.3: remove file 1109 * lib/krb5/krb5_sname_to_principal.3: remove file 1110 * lib/krb5/krb5_principal_get_realm.3: remove file 1111 11122003-05-14 Love Hörnquist Åstrand <lha@it.su.se> 1113 1114 * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd 1115 1116 * lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from 1117 netbsd 1118 1119 * lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort 1120 sections, from netbsd 1121 1122 * lib/krb5/krb5_keytab.3: .Sh EXAMPLE -> .Sh EXAMPLES, mdoc fixes, 1123 from netbsd 1124 1125 * lib/krb5/krb5_get_krbhst.3: .Sh EXAMPLE -> .Sh EXAMPLES, from 1126 netbsd 1127 1128 * lib/krb5/krb5_get_all_client_addrs.3: add .Os, from NetBSD 1129 1130 * lib/krb5/krb5_build_principal.3: sort sections, from NetBSD 1131 1132 * lib/krb5/krb5.conf.5: .Sh EXAMPLE -> .Sh EXAMPLES, from netbsd 1133 1134 * lib/krb5/get_default_realm.c: compatability -> compatibility, 1135 from netbsd 1136 1137 * lib/krb5/krb5_warn.3: add copyright/license 1138 1139 * lib/krb5/krb5_context.3: add SYNOPSIS and LIBRARY 1140 1141 * lib/krb5/krb5.3: add RCSID 1142 1143 * kdc/hprop.8: fix mdoc problem, from netbsd 1144 1145 * lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner 1146 <wiz@netbsd.org> 1147 1148 * kuser/kinit.1: setup -> set up, new sentence, new line from 1149 Thomas Klausner <wiz@netbsd.org> 1150 11512003-05-13 Love Hörnquist Åstrand <lha@it.su.se> 1152 1153 * kpasswd/kpasswd.1: handle setting passwords for multiple 1154 principals at the same time 1155 1156 * kpasswd/kpasswd.c: handle setting passwords for multiple 1157 principals at the same time 1158 1159 * lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and 1160 rfc3244 share the response packet sure more constants now that 1161 they exists 1162 11632003-05-12 Love Hörnquist Åstrand <lha@it.su.se> 1164 1165 * lib/krb5/krb5.h: some define for rfc3244 1166 1167 * lib/krb5/krb5.3: add krb5_change_password and krb5_set_password 1168 1169 * kpasswd/kpasswd.1: document --admin-principal 1170 1171 * kpasswd/kpasswd.c: use krb5_set_password 1172 1173 * lib/krb5/krb5_set_password.3: document krb5_change_password and 1174 krb5_set_password 1175 1176 * lib/krb5/changepw.c: implement rfc3244, partly from 1177 shadow@dementia.org 1178 1179 * lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for 1180 RFC3244 1181 1182 * lib/asn1/k5.asn1: add ChangePasswdDataMS, for 1183 RFC3244 1184 11852003-05-08 Love Hörnquist Åstrand <lha@it.su.se> 1186 1187 * kuser/kdestroy.c: destroy tokens even if there isn't v4 support 1188 1189 * kuser/kinit.c: get token even if there isn't v4 support 1190 1191 * kuser/klist.c: print tokens even if there isn't v4 support 1192 11932003-05-06 Johan Danielsson <joda@pdc.kth.se> 1194 1195 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some 1196 tests 1197 1198 * lib/asn1/check-gen.c: there is no \e escape sequence; replace 1199 everything with hex-codes, and cast to unsigned char* to make some 1200 compilers happy 1201 12022003-05-06 Love Hörnquist Åstrand <lha@it.su.se> 1203 1204 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first 1205 argument to krb5_us_timeofday have correct type 1206 12072003-05-05 Assar Westerlund <assar@kth.se> 1208 1209 * include/make_crypto.c (main): include aes.h if ENABLE_AES 1210 12112003-05-05 Love Hörnquist Åstrand <lha@it.su.se> 1212 1213 * make-release: when fixing a valid cvs tag from release name 1214 replace all number. to number- for all non-overlapping matches 1215 12162003-05-04 Love Hörnquist Åstrand <lha@it.su.se> 1217 1218 * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and 1219 asn1_ETYPE_INFO2_ENTRY.x 1220 (libasn1_la_LDFLAGS): set version to 6:1:1 1221 1222 * doc/Makefile.am: add apps.texi 1223 1224 * doc/setup.texi: add move forward link to applications 1225 1226 * doc/heimdal.texi: add applications 1227 1228 * doc/misc.texi: move afs stuff to applications add link to 1229 applications 1230 1231 * doc/apps.texi: text about applications using kerberos 1232 move afs text here 1233 12342003-05-03 Love Hörnquist Åstrand <lha@it.su.se> 1235 1236 * doc/setup.texi: add cross realm text 1237 12382003-04-29 Love Hörnquist Åstrand <lha@it.su.se> 1239 1240 * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and 1241 krb5_string_to_enctype 1242 12432003-04-28 Love Hörnquist Åstrand <lha@it.su.se> 1244 1245 * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd 1246 12472003-04-26 Love Hörnquist Åstrand <lha@it.su.se> 1248 1249 * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2 1250 * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2 1251 12522003-04-25 Johan Danielsson <joda@pdc.kth.se> 1253 1254 * lib/krb5/build_auth.c (krb5_build_authenticator): if the local 1255 sequence number is non-zero, don't generate a new one 1256 1257 * lib/krb5/mk_rep.c (krb5_mk_rep): if the local sequence number is 1258 non-zero, don't generate a new one 1259 1260 * lib/krb5/time.c (krb5_us_timeofday): make the sec parameter a 1261 krb5_timestamp 1262 1263 * lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c 1264 lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and 1265 RET_TIME 1266 1267 * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching 1268 asn1) 1269 12702003-04-24 Love Hörnquist Åstrand <lha@it.su.se> 1271 1272 * doc/programming.texi: s/managment/management/, from jmc 1273 <jmc@prioris.mini.pw.edu.pl> 1274 12752003-04-23 Love Hörnquist Åstrand <lha@it.su.se> 1276 1277 * lib/krb5/context.c (default_etypes): also advertise that we 1278 handle aes encryption types 1279 1280 * lib/krb5/Makefile.am: add krb5_c_ checksum related functions 1281 1282 * lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum 1283 related functions 1284 1285 * lib/krb5/mit_glue.c: add compat mit krb5_c checksum related 1286 functions 1287 1288 * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY 1289 12902003-04-22 Love Hörnquist Åstrand <lha@it.su.se> 1291 1292 * lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd 1293 12942003-04-17 Love Hörnquist Åstrand <lha@it.su.se> 1295 1296 * lib/asn1/der_copy.c (copy_general_string): use strdup 1297 * lib/asn1/der_put.c: remove sprintf 1298 * lib/asn1/gen.c: remove strcpy/sprintf 1299 1300 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so 1301 that other (me) have such hosts in the local domain and the tests 1302 fails, to take hokkigai.pdc.kth.se instead 1303 1304 * lib/krb5/test_alname.c: add --version and --help 1305 13062003-04-16 Love Hörnquist Åstrand <lha@it.su.se> 1307 1308 * lib/krb5/krb5_warn.3: add krb5_get_err_text 1309 1310 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd 1311 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd 1312 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use 1313 strlcpy, from openbsd 1314 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd 1315 * appl/kf/kfd.c: use strlcpy, from openbsd 1316 13172003-04-16 Johan Danielsson <joda@pdc.kth.se> 1318 1319 * configure.in: fix for large file support in AIX, _LARGE_FILES 1320 needs to be defined on the command line, since lex likes to 1321 include stdio.h before we get to config.h 1322 13232003-04-16 Love Hörnquist Åstrand <lha@it.su.se> 1324 1325 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h, 1326 from Thomas Klausner <wiz@netbsd.org> 1327 1328 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner 1329 <wiz@netbsd.org> 1330 13312003-04-15 Love Hörnquist Åstrand <lha@it.su.se> 1332 1333 * kdc/kerberos5.c: fix some more memory leaks 1334 13352003-04-11 Love Hörnquist Åstrand <lha@it.su.se> 1336 1337 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 1338 13392003-04-08 Love Hörnquist Åstrand <lha@it.su.se> 1340 1341 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl> 1342 13432003-04-06 Love Hörnquist Åstrand <lha@it.su.se> 1344 1345 * lib/krb5/krb5.3: s/kerberos/Kerberos/ 1346 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ 1347 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ 1348 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ 1349 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ 1350 * kuser/kinit.1: s/kerberos/Kerberos/ 1351 * kdc/kdc.8: s/kerberos/Kerberos/ 1352 13532003-04-01 Love Hörnquist Åstrand <lha@it.su.se> 1354 1355 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests 1356 1357 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when 1358 converting too root, make sure user is ok according to 1359 krb5_kuserok before allowing it. 1360 1361 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname 1362 1363 * lib/krb5/test_alname.c: add test for krb5_aname_to_localname 1364 1365 * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 1366 instead of the "illegal" salt #~, same change as kth-krb did 1367 1999. Problems occur with crypt() that behaves like AT&T crypt 1368 (openssl does this). Pointed out by Marcus Watts. 1369 1370 * admin/change.c (kt_change): collect all principals we are going 1371 to change, and pick the highest kvno and use that to guess what 1372 kvno the resulting kvno is going to be. Now two ktutil change in a 1373 row works. XXX fix the protocol to pass the kvno back. 1374 13752003-03-31 Love Hörnquist Åstrand <lha@it.su.se> 1376 1377 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl> 1378 13792003-03-30 Love Hörnquist Åstrand <lha@it.su.se> 1380 1381 * doc/setup.texi: add description on how to turn on v4, 524 and 1382 kaserver support 1383 13842003-03-29 Love Hörnquist Åstrand <lha@it.su.se> 1385 1386 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog 1387 and afs-use-524 1388 13892003-03-28 Love Hörnquist Åstrand <lha@it.su.se> 1390 1391 * kdc/kerberos5.c (as_rep): when the second enctype_to_string 1392 failes, remember to free memory from the first enctype_to_string 1393 1394 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, 1395 from Harald Joerg <harald.joerg@fujitsu-siemens.com> 1396 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc 1397 1398 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key 1399 length when key is longer then expected length, its probably 1400 longer since the encrypted data was padded, reported by Aidan 1401 Cully <aidan@kublai.com> 1402 1403 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of 1404 encyption type, inspired by Aidan Cully <aidan@kublai.com> 1405 14062003-03-27 Love Hörnquist Åstrand <lha@it.su.se> 1407 1408 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 1409 (wildcard kvno) after principal when the keytab entry isn't found, 1410 reported by Chris Chiappa <chris@chiappa.net> 1411 14122003-03-26 Love Hörnquist Åstrand <lha@it.su.se> 1413 1414 * doc/misc.texi: update 2b example to match reality (from 1415 mattiasa@e.kth.se) 1416 1417 * doc/misc.texi: spelling and add `Configuring AFS clients' 1418 subsection 1419 14202003-03-25 Love Hörnquist Åstrand <lha@it.su.se> 1421 1422 * lib/krb5/krb5.3: add krb5_free_data_contents.3 1423 1424 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT 1425 API 1426 1427 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat 1428 with MIT API 1429 1430 * lib/krb5/krb5_verify_user.3: write more about how the ccache 1431 argument should be inited when used 1432 14332003-03-25 Johan Danielsson <joda@pdc.kth.se> 1434 1435 * lib/krb5/addr_families.c (krb5_print_address): make sure 1436 print_addr is defined for the given address type; make addrports 1437 printable 1438 1439 * kdc/string2key.c: print the used enctype for kerberos 5 keys 1440 14412003-03-25 Love Hörnquist Åstrand <lha@it.su.se> 1442 1443 * lib/krb5/aes-test.c: add another arcfour test 1444 14452003-03-22 Love Hörnquist Åstrand <lha@it.su.se> 1446 1447 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 1448 14492003-03-20 Love Hörnquist Åstrand <lha@it.su.se> 1450 1451 * lib/krb5/krb5_ccache.3: update .Dd 1452 1453 * lib/krb5/krb5.3: sort in krb5_data functions 1454 1455 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 1456 1457 * lib/krb5/krb5_data.3: document krb5_data 1458 1459 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if 1460 prompter is NULL, don't try to ask for a password to 1461 change. reported by Iain Moffat @ ufl.edu via Howard Chu 1462 <hyc@highlandsun.com> 1463 14642003-03-19 Love Hörnquist Åstrand <lha@it.su.se> 1465 1466 * lib/krb5/krb5_keytab.3: spelling, from 1467 <jmc@prioris.mini.pw.edu.pl> 1468 1469 * lib/krb5/krb5.conf.5: . means new line 1470 1471 * lib/krb5/krb5.conf.5: spelling, from 1472 <jmc@prioris.mini.pw.edu.pl> 1473 1474 * lib/krb5/krb5_auth_context.3: spelling, from 1475 <jmc@prioris.mini.pw.edu.pl> 1476 14772003-03-18 Love Hörnquist Åstrand <lha@it.su.se> 1478 1479 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 1480 1481 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time 1482 1483 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time 1484 1485 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out 1486 #ifdef KRB4 from enable_v4_cross_realm since 524 needs it 1487 1488 * kdc/config.c: 524 is independent of kerberos 4, so move out 1489 enable_v4_cross_realm from #ifdef KRB4 since 524 needs it 1490 14912003-03-17 Assar Westerlund <assar@kth.se> 1492 1493 * kdc/kdc.8: document --kerberos4-cross-realm 1494 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm 1495 * kdc/kdc_locl.h (enable_v4_cross_realm): add 1496 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm 1497 flag before giving out v4 tickets for foreign v5 principals 1498 * kdc/config.c: add --enable-kerberos4-cross-realm option (default 1499 to off) 1500 15012003-03-17 Love Hörnquist Åstrand <lha@it.su.se> 1502 1503 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 1504 1505 * lib/krb5/krb5_aname_to_localname.3: manpage for 1506 krb5_aname_to_localname 1507 1508 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ 1509 15102003-03-16 Love Hörnquist Åstrand <lha@it.su.se> 1511 1512 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 1513 1514 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 1515 1516 * lib/krb5/krb5_set_default_realm.3: Manpage for 1517 krb5_free_host_realm, krb5_get_default_realm, 1518 krb5_get_default_realms, krb5_get_host_realm, and 1519 krb5_set_default_realm. 1520 1521 * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado 1522 <sobrado@acm.org> via NetBSD 1523 1524 * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type 1525 1526 * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab 1527 1528 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix 1529 1530 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more 1531 types, add krb5_fcc_ops and krb5_mcc_ops 1532 1533 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for 1534 a id 1535 15362003-03-15 Love Hörnquist Åstrand <lha@it.su.se> 1537 1538 * doc/intro.texi: add reference to source code, binaries and the 1539 manual 1540 1541 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal 1542 15432003-03-14 Love Hörnquist Åstrand <lha@it.su.se> 1544 1545 * kdc/kdc.8: better/difrent english 1546 1547 * kdc/kdc.8: . -> .\n, copyright/license 1548 1549 * kdc/kdc.8: changed configuration file -> restart kdc 1550 1551 * kdc/kerberos4.c: add krb4 into the most error messages written 1552 to the logfile 1553 1554 * lib/krb5/krb5_ccache.3: add missing name of argument 1555 (krb5_context) to most functions 1556 15572003-03-13 Love Hörnquist Åstrand <lha@it.su.se> 1558 1559 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of 1560 function and return FALSE when there isn't a local account for 1561 `luser'. 1562 1563 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text 1564 describing the function 1565 15662003-03-12 Love Hörnquist Åstrand <lha@it.su.se> 1567 1568 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name 1569 returned memory, don't return ENOMEM 1570 15712003-03-11 Love Hörnquist Åstrand <lha@it.su.se> 1572 1573 * lib/krb5/krb5.3: add krb5_address stuff and sort 1574 1575 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description 1576 1577 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 1578 1579 * lib/krb5/krb5_address.3: document types krb5_address and 1580 krb5_addresses and their helper functions 1581 15822003-03-10 Love Hörnquist Åstrand <lha@it.su.se> 1583 1584 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 1585 1586 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se 1587 1588 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 1589 1590 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se 1591 1592 * lib/krb5/krb5.3: add more functions 1593 1594 * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc 1595 functions 1596 1597 * lib/krb5/krb5_kuserok.3: document krb5_kuserok 1598 1599 * lib/krb5/krb5_verify_user.3: document 1600 krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior 1601 1602 * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and 1603 krb5_verify_user_opt 1604 1605 * lib/krb5/*.[0-9]: add copyright/licenses on more manpages 1606 1607 * kuser/kdestroy.c (main): handle that krb5_cc_default_name can 1608 return NULL 1609 1610 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor 1611 (TESTS): add test_cc 1612 1613 * lib/krb5/test_cc.c: test some 1614 krb5_cc_default_name/krb5_cc_set_default_name combinations 1615 1616 * lib/krb5/context.c (init_context_from_config_file): set 1617 default_cc_name to NULL 1618 (krb5_free_context): free default_cc_name if set 1619 1620 * lib/krb5/cache.c (krb5_cc_set_default_name): new function 1621 (krb5_cc_default_name): use krb5_cc_set_default_name 1622 1623 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name 1624 16252003-02-25 Love Hörnquist Åstrand <lha@it.su.se> 1626 1627 * appl/kf/kf.1: s/securly/securely/ from NetBSD 1628 16292003-02-18 Love Hörnquist Åstrand <lha@it.su.se> 1630 1631 * kdc/connect.c: s/intialize/initialize, from 1632 <jmc@prioris.mini.pw.edu.pl> 1633 16342003-02-17 Love Hörnquist Åstrand <lha@it.su.se> 1635 1636 * configure.in: add AM_MAINTAINER_MODE 1637 16382003-02-16 Love Hörnquist Åstrand <lha@it.su.se> 1639 1640 * **/*.[0-9]: add copyright/licenses on all manpages 1641 16422003-14-16 Jacques Vidrine <nectar@kth.se> 1643 1644 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single 1645 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption 1646 type specified by the KDC. 1647 16482003-02-15 Love Hörnquist Åstrand <lha@it.su.se> 1649 1650 * fix-export: some autoconf put their version number in 1651 autom4te.cache, so remove autom4te*.cache 1652 1653 * fix-export: make sure $1 is a directory 1654 16552003-02-04 Love Hörnquist Åstrand <lha@it.su.se> 1656 1657 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 1658 1659 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 1660 16612003-01-31 Love Hörnquist Åstrand <lha@it.su.se> 1662 1663 * kdc/hpropd.8: s/databases/a database/ s/Not/not/ 1664 1665 * kdc/hprop.8: add missing . 1666 16672003-01-30 Love Hörnquist Åstrand <lha@it.su.se> 1668 1669 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, 1670 address, write out encryption type in sentences, s/Host/host 1671 16722003-01-26 Love Hörnquist Åstrand <lha@it.su.se> 1673 1674 * lib/asn1/check-gen.c: add checks for Authenticator too 1675 16762003-01-25 Love Hörnquist Åstrand <lha@it.su.se> 1677 1678 * doc/setup.texi: in the hprop example, use hprop and the first 1679 component, not host 1680 1681 * lib/krb5/get_addrs.c (find_all_addresses): address-less 1682 point-to-point might not have an address, just ignore 1683 those. Reported by Harald Barth. 1684 16852003-01-23 Love Hörnquist Åstrand <lha@it.su.se> 1686 1687 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't 1688 found, don't print out all known keys 1689 1690 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity 1691 and facility start resp 1692 (check_log): find_value() returns -1 when key isn't found 1693 1694 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a 1695 'const void *' to avoid AES_KEY being exposed in krb5-private.h 1696 1697 * lib/krb5/krb5.conf.5: add [kdc]use_2b 1698 1699 * kdc/524.c (encode_524_response): its 2b not b2 1700 1701 * doc/misc.texi: quote @ where missing 1702 1703 * lib/asn1/Makefile.am: add check-gen 1704 1705 * lib/asn1/check-gen.c: add Principal check 1706 1707 * lib/asn1/check-common.h: move generic asn1/der functions from 1708 check-der.c to here 1709 1710 * lib/asn1/check-common.c: move generic asn1/der functions from 1711 check-der.c to here 1712 1713 * lib/asn1/check-der.c: move out the generic asn1/der functions to 1714 a common file 1715 17162003-01-22 Love Hörnquist Åstrand <lha@it.su.se> 1717 1718 * doc/misc.texi: more text about afs, how to get get your KeyFile, 1719 and how to start use 2b tokens 1720 1721 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre 1722 <jmc@cvs.openbsd.org> 1723 17242003-01-21 Jacques Vidrine <nectar@kth.se> 1725 1726 * kuser/kuser_locl.h: include crypto-headers.h for 1727 des_read_pw_string prototype 1728 17292003-01-16 Love Hörnquist Åstrand <lha@it.su.se> 1730 1731 * admin/ktutil.8: document -v, --verbose 1732 1733 * admin/get.c (kt_get): make getarg usage consistent with other 1734 other parts of ktutil 1735 1736 * admin/copy.c (kt_copy): remove adding verbose_flag to args 1737 struct, since it will overrun the args array (from Sumit Bose) 1738 17392003-01-15 Love Hörnquist Åstrand <lha@it.su.se> 1740 1741 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = 1742 ... } 1743 1744 * lib/krb5/aes-test.c: test vectors in aes-draft 1745 1746 * lib/krb5/Makefile.am: add aes-test.c 1747 1748 * lib/krb5/crypto.c: Add support for AES 1749 (draft-raeburn-krb-rijndael-krb-02), not enabled by default. 1750 (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify 1751 to support checksumtype that are have a shorter wireformat then 1752 their output block size. 1753 1754 * lib/krb5/crypto.c (struct encryption_type): split the blocksize 1755 into blocksize and padsize, padsize is the minimum padding 1756 size. they are the same for now 1757 (enctype_*): add padsize 1758 (encrypt_internal): use padsize 1759 (encrypt_internal_derived): use padsize 1760 (wrapped_length): use padsize 1761 (wrapped_length_dervied): use padsize 1762 1763 * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key 1764 function for each enctype in preparation enctypes that uses 1765 `Encryption and Checksum Specifications for Kerberos 5' draft 1766 1767 * lib/asn1/k5.asn1: add checksum and enctype for AES from 1768 draft-raeburn-krb-rijndael-krb-02.txt 1769 1770 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, 1771 KEYTYPE_AES256 1772 17732003-01-14 Love Hörnquist Åstrand <lha@it.su.se> 1774 1775 * lib/hdb/common.c (_hdb_fetch): handle error code from 1776 hdb_value2entry 1777 1778 * kdc/Makefile.am: always include kerberos4.c and 524.c in 1779 kdc_SOURCES to support 524 1780 1781 * kdc/524.c: always compile in support for 524 1782 1783 * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 1784 1785 * kdc/config.c: always compile in support for 524 1786 1787 * kdc/connect.c: always compile in support for 524 1788 1789 * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() 1790 even when we build without kerberos 4, 524 needs them 1791 1792 * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out 1793 Kerberos 4 help functions/structures so other parts of the source 1794 tree can use it (like the KDC) 1795 1796