[SCM] Samba Shared Repository - annotated tag switch-from-svn-to-git created
Andrew Bartlett
abartlet at samba.org
Fri Jun 24 00:35:45 MDT 2011
The annotated tag, switch-from-svn-to-git has been created
at 33d97bc64eb20e7016b481cba77711a3c3f2820a (tag)
tagging 2076c1c93e8628a51b6a5ec59e018ca5e504f911 (commit)
tagged by Love Hornquist Astrand
on Thu Jul 16 23:57:41 2009 -0700
- Log -----------------------------------------------------------------
git switch over
Assar Westerlund (6458):
Changed order for X-flags. I think @X_PRE_LIBS@ has to be after -lXt.
fclose of _PATH_THISCELL!
Removed sys_errlist
Use k_strerror
Removed sys_siglist. Not used.
<sys/resource.h>
more #includes
more #includes
Removed configure-stuff
Initial revision
Fixed several #endif's
Initial revision
Fixed several #endif's
comments in endif
New synonym for solaris.
Check for setpgid
Changed types of functions to get rid of some warnings.
*** empty log message ***
Use setpgid instead of setprgp, if available.
config.h
*** empty log message ***
Got rid of lots of warnings.
...
*** empty log message ***
header files
reconf
fix args for printsub
typo
rid of some warnings
removed multiple defined variables
boring includes
encrypt_verbose by default
broken AIX
hacks to make it compile everywhere
more #ifdefs
autoreconf
aix garbage
<sys/time.h>
lots of small fixes
Change the order of linking the libraries.
default values of TIOCPKT_FLUSHWRITE & c:o
Definition of _IOW
fixed link order
*** empty log message ***
CTRL conflict
use <sys/ioctl.h> instead of <sys/ioccom.h>
lots of new stuff
more changes
kinit now builds and works on some machines
more support for getting useful info out from get_in_tkt
Now even calls krb5_cc_store_cred.
klist
buf gixes
Fixed time magic.
Fixed ret_int8.
correct args to free_ccache
free free
new protos
stupid copyo
better handling of times
better
cc_cursor
Use AC_FIND_FUNC
better conf
FIND_FUNC
support for mail spool directory other than /var/spool/mail
cleanup
lots of small fixes
reconfigure
Moving around mail
last changes for 0.7
reconfigured
Always call k_afsklog with realm == NULL
Moved filename defines here
k_afsklog_all_local_cells: new function. Called when cell == NULL.
new program to forward x connections
Better handling of return value from waitpid.
Corrected cell truncation code.
Read password with des_read_pw_string. getpass truncates it too much.
MaxPathLen
*** empty log message ***
MaxPathLen
Some semicolons
oof
Rewrote kx & kxd. Now they share code and talk both ways.
Merged in REVERSE1-branch.
Merged in libdes3.21-branch
!warning
<config.h>
Don't forget config.h
<sys/resource.h> for AIX
Signal handler should take a single `int' argument
Not needed and make problems when building in source directory
less warnings
Fixed includes
includes and fixed to make it compile under Ultrix
libroken
broken AIX sys/wait.h
Do binary per default
More config.h and other include files.
Use local servent.
Do not use getlogin, it's different (and/or broken) on AIX
Removed external variable `sp'
slepping
Do not use getlogin, it's different (and/or broken) on AIX
config.h
include master config.h
Do not use -g with ls, it makes sysV ls only give group names.
Needed <time.h>
Added missing MKDIRHIER
grr
Handle passwords longer than 16 characters.
argh
New function k_getpwnam that should work with and without shadow
s/getpwnam/k_&/g.
Use libroken
definitions for `sys_nerr' and `sys_errlist'
Not needed and create problems when building in source directory
small indenting fixes
changed bzero/bcmp/bcopy to memset/memcmp/memcpy
spelling
includes ifdef'ed and clean up-ed
more generalized. More fallback functions
foo
gettimeofday buglet
verify_unix_user: New function for checking passwd in `/etc/passwd'.
*** empty log message ***
Use `verify_unix_user'
Support both kerberised and non-kerberised versions of the POP3
Call XCloseDisplay, otherwise screen saver changes are not updated
<stdio.h> for NULL.
Use `AC_FUNC_MMAP'
Check for `logwtmp'.
reconf
Get hostname even if user has no '.netrc' file.
Killed some old code
use TKT_ROOT
test for s/key
*** empty log message ***
Need S/Key
Add S/Key support.
ids
At least mention kerberos.
Support longer passwords when retrying login.
Only try clear-text password if S/Key said we could.
At least `srandom'.
For broken openlog.
more syslog
renamed popper
*** empty log message ***
*** empty log message ***
updated usage
Use bindir
use BINDIR
added tm2time
lunix has no SIGSYS
Use `SYS_afs_syscall' if defined.
Substitute `struct fd_set' with `fd_set'.
Substitute `struct fd_set' with `fd_set'.
Fixed typo.
undef AFS_SYSCALL if we are defining it.
s/timeout/ftpd_timeout/
Changed order of includes.
Less #include's.
s/timeout/ftpd_timeout/
Id in all makefiles
Added Id
Replaced `herror' by `hstrerror'.
Changed bogus 'strncpy' to 'strcpy'.
Added prototype for `verify_unix_user'.
Broken OSes need declartion of `crypt'.
Include type `int' on all definitions and remove unnecessary
<protos.h> are needed to get prototype for `ptsname'.
AFS_EXTRA_LIBS is always called `afslib.so'. Otherwise some makes get
Use <crypt.h> if there is one.
Fixed prototype of `inet_aton'
Some const-ness to get rid of a warning.
Use `inaddr2str'
New function `inaddr2str' to convert an IP address into a verified
Some const-ness
Add `inaddr2str.o'
Removed potential buffer overrun after `gethostbyaddr'.
Added support for afs_string_to_key.
Added ID
Added ID
Added declaration of `h_errno'
extern declarations of `h_nerr' and `h_errlist' when needed.
gcc is unable to create afslib.so on AIX with all these strange
Include roken.h
Add shared library flags to linking of destest
Removed yet another crypt prototype.
Check if ugly X11R6 defined `strerror'
Added ID
Added lots of Id:s
Use `ld' instead of `cc' for linking afslib.so. Not everybody has cc.
Do not start by checking if we have AFS in `k_afsklog'
Replace `-shared' with some other option when not using gcc.
Install man-page.
Incorrect use of `gethostname' replaced by correct use of `k_gethostname'.
s/gethostname/k_gethostname/
Fixed old comment.
Throw away passwd after use.
Removed '#if 0'-ed code.
new option -y for no warnings
more consistent makefiles
typing and spelling
Removed unused variables.
removed old extern declarations.
All signal handlers return RETSIGTYPE.
Name changed NEED_H_ERRLIST_{PROTO,DECLARATION}.
Name changed from !HAVE_H_ERRNO to NEED_H_ERRNO_DECLARATION.
Use @SET_MAKE@
Removed unused `abortsend'
exit with return code == 1 to indicate failure.
BFTPDAEMON: removed.
BFTPDAEMON: removed.
BFTPPATH: removed
UNICOS5: removed
NEWINIT, UNICOS7x, UNICOS5: removed
UNICOS5: removed
Removed all convex code.
Made `des_rand_data' non-static.
Added prototype for `des_rand_data'.
Added X libraries.
(get_local_xsocket): Now try to allocate the first free socket in
<X11/Xauth.h> used.
(display_num, xauthfile): New variables.
(doit): Send over the display number and the authority file actually
(get_local_xsocket): try to bind the socket instead of checking for
(des_rand_data): Use a table with random devices.
Install rxterm and rxtelnet.
(get_local_xsocket): Generate the /tmp/.X11-unix directory with the
shell scripts for doing remote X
(connect_host): write display_number in ascii.
(doit): read display_number in ascii.
Forgot some `read' that should be `krb_net_read'
(main): For now always use passive mode. That's the only thing that
(des_rand_data): Try /dev/urandom as well.
Added mini_inetd.o
Added prototype for `mini_inetd', and fallback definitions for
(main): use `mini_inetd'
Removed `conn_wait' and use `mini_inetd' instead.
*** empty log message ***
merged in TCP-branch
foo
Only include <roken.h> once.
Compile and link writeauth.c if necessary.
`-d' option to disable forking.
writeauth.c as separate file.
(mini_inetd): Also dup onto stderr.
Add STDERR_FILENO
Die after receiving SIGUSR1 and when number of children goes to zero.
new childhandler
Send USR1 to kx at appropriate moment.
Send SIGUSR1 to kx before starting xterm.
Remove childhandler. Not common any more.
Remove prototype of childhandler.
Updated man pages for kauthd, kx, and kxd.
NOPRINTF merged in
cut'n'paste error
removed syslog garbage
Removed SYSLOG-garbage and max.
Add `max', `min', and definitions for broken syslogs.
autoconfed a little to make it compile.
autoconfed a little to make it compile.
Use SET_MAKE
add more #ifdef before #include-ing
Don't build if we have no X11.
slepping
cast
New stuff for X_PROGRS
More ifdefs before including
Only call `filename_check' for guest users.
More fixup of old code.
Now using SIGUSR1 to mean `exit when number of children goes down to zero'.
Now using SIGUSR2.
check for failure from kx
(retrieve): Cut the argument to the command and the first character of
Call `endspent' to try to close the shadow password file.
Use `set --'
Got rid of all `register' declarations.
Call `endpwent'. If we are using a BSD-kind of system we should not leave the shadow password database open.
Given better error message when user is not authoized to login.
(retrieve): Got rid of `sprintf'.
(get_xsockets): `mkdir' the correct directory.
Look for kx in $PATH and %bindir%
Try to find some kind of terminal emulator for X.
rsh can reside in path or %bindir%
Support sending arguments to telnet.
PDC are unable to give correct instructions to their users and
dead
removeed
rm
old changes
(sumFile): consider the case that `res' is not longword-aligned.
Start the `xterm' process correctly.
Now uses generated ASN1-code.
now, kinit and klist seems to work
Moved lots of variables to common.c
More #ifdefs for include files.
(connect_host): Try all addresses of `host'
All static variables are now global.
Added code for handling the case of using `bison' and having no
Add SKEY-stuff.
New command "HELP".
Moved some variables into struct pop
Added support for spaces in passwords and S/Key.
SKEY-support
clean up
Removed old garbage and added SKEY.
clean-up
Option `-i'
SOCKS-support
replaced mkdirhier-sh by mkinstalldirs
added some PC-files
PC-binary files for password dialog
Generate headers for encode and decode functions.
stupid and quick fixes
clean-up
new files
Add md4 and sha.
new files
removed old code
Link `ftpd' with -lotp
New option `-a otp' to allow OTPs but no ordinary passwords in cleartext.
less warnings
picky compilers
Both kx and kxd requires @XauWriteAuth@
got rid of warning about signed vs unsigned
changed prototype of (*hash)
Use @LIB_tgetent@ and @LIB_setupterm@
Use @LIB_tgetent@
typo
Definition of LOG_NDELAY
removed shadowing variable declarations.
less warnings
removed stupid garbage
Do not use #if, use #ifdef.
Only define `update' if we actually use utmpx
save copies of addresses that otherwise get overwritten.
client and ipaddr should be char [] so that we can store the names there.
Add option `-e' for printing responses in extended mode (according to
Define OTP_HEXPREFIX and OTP_WORDPREFIX.
Add support for parsing extended responses (draft-ietf-otp-ext-01).
new module for creating a afskauthlib.so
New function `k_afsklog_uid'.
new prototype for `kafs_klog_uid`
correct size
Added afskauthlib
export PATH
Always build afskauthlib.so as a shared library.
Always build as a shared library.
now builds even with broken makes
New program `otpprint'
new file
removed print-functionality.
Add fallback for `T_TXT'.
Added `display' and `display_size'
remove library
Only build relevant subdirectories.
fixed name for the library.
removed duplicate TAGS
more conditional includes
Fix the problem with emtpy SUBDIRS
Do not add colon to the display any more.
Print out display and not display_nr
removed strlwr
Introduced option `-l user' to be able to login as some other user.
Accept username from `kx'
Added `-l' option.
Add options: -l username, -t args_to_telnet, and -x args_to_xterm
Add options: -l username, -r args_to_rsh, and -x args_to_xterm
spelling
updated
Full OTP support.
more fields in the struct and a new function.
(otp_error): New function.
return errors
Removed skey
Added option `-a'
removed skey and added otp
updated
constants for the different auth levels.
Removed require_securid and added require_otp
Removed SecurID support and send -a otp if require_otp
Removed `-s' for securID and added `-a otp' for OTP.
Add OTP_ALG_DEFAULT
Use OTP_ALG_DEFAULT.
fix
updated options and usage
(otp_db_open): Do a few retries.
Check for out of memory.
krb4-style
new file
add otptest
(otp_parse_hex): Bug when copying back key.
(otp_print_stddict): Get right of last space.
empty check
fix
(otp_print_stddict_extended, otp_print_hex_extended): New functions.
more testing
Use new functions.
*** empty log message ***
typo
more general quad_cksum test.
removed count
`-s' is now default.
removed all stupid register declarations
removed all stupid (void)
sun brain-damage compatible
Start using KRB_TICKET_GRANTING_TICKET
Removed unused rest from other makefile.
conditionalize
new directory
must link otptest with $LIBS in case the dbm-stuff is hiding there.
Install otp setuid root.
Changed location of otp database to /etc
Let `readline' to the \n-removal.
new file
Added `strtok_r'
include roken.h
Allow unlimited number of arguments.
Use k_getpw{uid,name}
Use k_getpw{name,uid} and strtok_r
(k_setpag): Handle AFS_SYSCALL3
dfeine strchr and strrchr if they don't exist.
Use INADDR_LOOPBACK
fix
careful not to thrust h_length from gethostby{name,addr}
got rid of lots of stupid casts
Try to set the screen number as well.
more conditional includes
Renamed `delete' and `store' to `do_delete' and `do_store' to avoid
check for INADDR_LOOPBACK
Initialize `challengep'
Nicer help output.
Remove white-space at the beginning of UIDL-string.
Declare AUTH_NONE, AUTH_OTP, and auth_level.
Add `-p' option and make `-a auth'-style
Convert to auth_level
moved and fixed bogus debug output.
Initialize `sin_family'
doc fix
Initialize error string and check for NULL from strdup.
protos.h
Also export XAUTHORITY
Link with roken before and after LIBS
more ifdefs for include files
removed
new files
Use -lroken
Use strupr
Use k_getsockinst.
Always use vsprintf
removed pop_lower
use strlwr
Use -lroken
more #ifdefs for OS/2. ugck
updated sources list
*** empty log message ***
more prototypes
new function
Default for S_ISLNK
Added keytab.h
solaris needs socket and nsl
Add krb5_kt_cursor
more stupid code
more empty functions
stupid prototypes
*** empty log message ***
fu
changed order of includes
moved INADDR_NONE
Use otp_locl.h
remove strtok_r
link with LIBROKEN
Use LIBPREFIX
Use @foo_prefix@ and @program_transform_name@
fixed @foodir@
makefile fixes. uninstall now works
fixed crc_update
replaced mit-crc.c by crc.c
*** empty log message ***
Use INSTALL_PROGRAM. Added install-strip
add get_window_size
new file
Use `get_window_size'
test for TIOCSWINSZ instead of incorrectly using TIOCGWINSZ
tab
no ifdef gnuc
ifdef
new name
Search for awk
Use test instead of [
Rename foo libfoo.a
Implement `krb5_auth_con_getkey' and `krb5_free_keyblock'
(krb5_build_authenticator): It seems the CRC should be stored LSW first. (?)
(krb5_free_keyblock): Fix prototype.
bug
*** empty log message ***
(krb5_get_credentials): Check for creds in cc before getting new ones.
*** empty log message ***
rsh -n
EXECSUFFIX-garbage for os2 stange file names
added bindir
clean-up
fixed stupid mistakes
conditional getsockopt
*** empty log message ***
correct dependency
slepping
includes
dependency on libdes
syntax
roken.h
removed unused variables
include
*** empty log message ***
*** empty log message ***
work-around for cygwin32
Work around for the non-existence of `h_errno' in cygwin32.
remove `upcase´
Use `strupr´ instead of `upcase´
Remove `upcase´
cygwin32
Check HAVE_H_ERRNO
replaced lots of \n by \r\n
Patch for sending -l to kx. From <map at stacken.kth.se>
fixed \n
(der_get_octet_string): Fixed bug with empty string.
changed paramater from void * to Foo *
moved all store and ret functions to store.c
better prototype
now even with some functionality.
changed types and prototypes
comment
ansi2knr?
AM_C_PROTOTYPES?
new files
*** empty log message ***
Rename FOO -> CHAR_FOO to avoid collision with symbol in sys/ioctl.h
It seems "$(SHELL) ./compile_et" is needed.
A DER integer should really be a `unsigned'
ifdef strdup
ifdef HAVE_STRDUP
*** empty log message ***
Add `-u' option
merged in geteuid-fix
remove unused shift.
allow specification of port number
I hope these modifications are better.
(otp_get, otp_simple_get): New functions.
Changed md4->md5
New options `-d' and `-r'. From Fabien COELHO <coelho at cri.ensmp.fr>
fix common.a
fix libtelnet.a
s/__CYGWIN32__/HAVE_H_ERRNO/
sys/termio.h
Check for `_setsid'
fix for signed char overflow.
fix some stuff to get forwarding code to compile
updated help string
More fixed from Fabien COELHO <coelho at cri.ensmp.fr>. Check for
fix include order
conditionalize SIGURG
New option `-g umask' for specifying the umask for anonymous users.
Documented the `-g' option.
perhaps even decodes bitstrings
more includes and prototypes
removed
Test for big endian, random, rand, setitimer
More -I
new file
fixed type
no encryption here anymore
new style?
use krb5_decrypt
include config.h
krb5_encrypt and krb5_decrypt
use krb5_encrypt
new style
don't depend on time_t == u_int32_t
more test code
*** empty log message ***
removed old code
more
more general
correct crc calculation and actually checks it as well.
now seems to work again
no more arithmetic with void*
Added checksum.c and mk_priv.c
new file
mk_safe, rd_safe, mk_priv, rd_priv
krb5_create_checksum
use krb5_create_checksum
XXX
store.h
*** empty log message ***
(krb5_verify_checksum): New function
(krb5_verify_checksum): prototype
fix
new file
rd_safe
*** empty log message ***
removed
clean-up
AC_HAVE_STRUCT_FIELD
try to figure out timezone
HAVE_TIMEZONE
get the timezone in some correct way
more code
free data
free
moved krb5_decrypt
more prototypes
Use krb5_decrypt
new files
*** empty log message ***
do some checks on times
*** empty log message ***
correct types
default endtime
added prototypes
(der_match_tag_and_length): new function
(der_put_length_and_tag): new function
reduced generated code by 1/5
*** empty log message ***
*** empty log message ***
(decrypt_tkt): First try with an EncASRepPart, then with an
(krb5_get_credentials): Use `mk_req_extended' and remove old code.
(krb5_mk_req): Use `krb5_mk_req_extended'
added prototype for `krb5_mk_req_extended'
standard endtime for tickets
optimize the case with a simple type
new file
added mk_req_ext.c
*** empty log message ***
Log foreign IP address together with hostname
Set `byte_count' even when using mmap.
renamed stime -> printable_time to avoid conflict on HP/UX
Added der_length.c
new file
more prototypes
all functions are now void
time2generalizedtime is used in der_length
Generate `length_FOO' functions
*** empty log message ***
add CLEANFILES
Id
Fix filename in generated files
*** empty log message ***
look for *dbm?
*** empty log message ***
setenv
Fix encoding and decoding of BitStrings
new files
(krb5_free_authenticator): add `context' argument
(krb5_free_principal): added `context' argument. Changed all callers.
(krb5_cc_get_name): return default if `id' == NULL
new and updated prototypes
Use `krb5_decrypt'
empty lines
implemented functionality
MIN
updated krb5_free_principal
*** empty log message ***
Hacked so that all TCP-connections are kx - > kxd
updated version
updated kx and kx man pages
more includes and prototypes
missing semicolon
(readline): strdup data before returning it.
(__ivaliduser): more cast to get rid of warnings
Do gettimeofday and then copy the data for the sake of those systems
prototypes for `readline' and `add_history'
removed unused code
Proper check for success of `base64_decode'
Proper check for success of `get_xsockets'
(renew): return correct status
new calling signature for `tf_setup'
Do gettimeofday and then copy the data for the sake of those systems
removed junk
(parse_reply): `host' should rather be char []
Change default global timeout
Make global lockfile actually work
test for failure of (*verify) correctly.
stupid type change
roken.h
removed old file
removed old (unused) junk
Added back old junk to get it to work with suns make
removed kerberos5.[co]
moved version.h and config.h to include
removed file
removed bad free of global data
always downcase the seed
Maybe-fix for HP-UX 10: Ifdef SO_OOBINLINE, don't even select for
added warnerr.c
more __attribute__'s
__attribute__ for warnerr
reindent
semicolon removed
*** empty log message ***
verify_and_remove_cookies, replace_cookie: new functions
major rewrite, reverse mode works again.
encdata and tenletxr
new file
removed prog. Use err & c:o
start using err & c:o
err.h
removed prog. Use err & c:o
more fixes
()
fixes
Support `-k'
updated
new files
copyright
add -k
-k
remove TRUE and FALSE
add TRUE and FALSE
Merged in from SHA
<sys/types.h>
(sha_finito_little_endian): byte-swap correctly.
correct call to `waitpid'
SHA is 20 bytes long!
more shared code
<sys/socket.h> needed by cygwin32
<sys/socket.h> contains the definition of `_IOW' on cygwin32.
Ugly addition of `_P'
include <arpa/inet.h>
(sl_match): initialize `partial_cmd'
more rfc/drafts
more doc
Added admin
moved config to include
Added extkeytab
use admin_locl.h
new program
Added md5.h, sha.h, and gssapi.h
Added gssapi
added timegm.c
new file
Add `timegm'
(generalizedtime2time): use `timegm'
Added md5.c and sha.c
updated
moved include
implemented krb5_kt_add_entry, krb5_kt_store_principal,
stupid comment
new files
new file
*** empty log message ***
updated from krb4
fix ifdef's
spelling
fix potential NULL deref
Use TIME_WITH_SYS_TIME
remove __P
fixed path to passwd_dlg
Use TIME_WITH_SYS_TIME
removed __P
simplified
ID
reformat and fix
On windows they've hidden `struct timeval' inside <winsock.h>!
Removed des_random_{seed,key}
newly generated version
replaced `u_char' with `unsigned char'
new files
don't include encdata.c in SOURCES_COMMON, otherwise DEC make gets
soriasis make stupidity
(hookup): terminate string from `gethostbyname`
paranoia with result from `gethostbyname'
use strdup
changed signature of `k_getsockinst'
(realm_of_cell): don't overwrite buffer with result from `gethostbyaddr'
removed stupid #if 0
some stupid include-fixes
(k_afsklog_all_local_cells): Use `k_concat'
first try at snprintf
implemented asprintf, vasprintf
prototypes for asprintf, vasprintf
removed old code and made briefer
Added asnprintf and vasnprintf
probably leaking less memory
replace sprintf all over the place
revert
more roken.h
s/%d/%u/
link ftpd with @LIB_DBM@
link otptest with @LIB_DBM@
link with @LIB_DBM@
removed duplicate min
Always link with snprintf.o
reorder
fix for the case of max_sz == 0
ifdef-out the code that is not used to avoid referencing `syscall' on
clean up
small fixes
use @LDSHARED@
inst fix
remove getstr
better(?) shared libraries support
more prototypes
rename ispeed and ospeed to handle netbsd
don't include <sys/ioctl.h> on sunos4
fix for mmap and restart_point
typo
shared library fixes
include <curses.h> before <termios.h>
Year 2000 fix
removed getent.c
always cast to (long) before printing out an `off_t'
(kauth): Use `DEFAULT_TKT_LIFE'
use ktypes.h
include krb.h
use ktypes.h
removed duplicate copy of `set_buffer_size'
handle some pseudo-unix defines as well.
implement a usage function
telnetd cleanup
hack for reget.
(krb4_vprintf): replaced vsprintf with vsnprintf
added some attributes for pop_log and pop_msg
(pop_log): replaced vsprintf with vsnprintf
(pop_msg): replaced vsprintf with vsnprintf
removed vsyslog
old version
Give a error message to old-version kx.
Use MAP_FAILED.
use MAP_FAILED
start probing at 4Mb
added __attribute__ ((format (printf)
make word table and reverse word table constant
mera rätt
gr
moved termios.h before curses.h
moved termios.h before curses.h
try to give a better error message (than a core dump :-) when talking
new file
prototype for `alloc_buffer'
added buffer.c
moved `alloc_buffer' to common
use `alloc_buffer'
fencepost error with KRB_SENDAUTH_VLEN
<curses.h> and <term.h> doesn't seem to be used and breaks on fujitsu.
Always use our own `setupterm' for compatibility reasons.
remove curses.h
no more setupterm
corrected spelling of `HAVE_PATHS_H'
removed herror, strchr, and strrchr
Use `bcopy' if there is no `memmove'
Added HAVE_STRTOK_R so it can be used in libkrb as well.
new file
restructured code
handle case where there's no wtmpx (such as HP-UX 10)
no set_utid
changed utmp-stuff not to use ut_id at all
die
Add support for logging to wtmpx
utmp stuff now seems to be compatible with login
clean-up
Added LOG_DAEMON
fix
made `new_login' const
removed `inline' from `des_set_key'
removed const-ness from clean_ttyname
code for checking the correct functioning of *nprintf is now #ifdef
Use `_getpty' if there's one
(ftpd_popen): Try standard binary if the one in ~ftp fails.
(retrieve): Generalise list of commands and basename argument.
(retrieve): file must exist to apply a command to it.
(setpeer): Check for `__unix'. This is (apparently) a standard with
(SYST): Check for `__unix'. This is (apparently) a standard with many
Check for `_PATH_WTMP'
Check for `_PATH_WTMP'.
Only include <utmp.h> and <utmpx.h> once
added daemon
_PATH_DEVNULL needed
(start_login): Set `ut_id' if we're using utmpx
(utmpx_update): Set `ut_id' if we're using utmpx
changed order of includes
do install correctly even if there are no programs to install
Initialize the `lasts' to NULL before calling strtok_r the first time.
clean-up
Initialize the `lasts' to NULL before calling strtok_r the first time.
Include <security/pam_appl.h> to make it compile on Solaris 2.6
check for HAVE_H_NERR
__CYGWIN32__ work around no longer needed
fix prototype for dummy `dns_lookup'
adapted to automake 1.1p
preliminary PREAUTH_ENC_TIMESTAMP
SUFFIXES as a variable to make automake happy
pa-enc-timestamp
avoid including <krb5.h>
Added generate_subkey.c, generate_seq_number.c
*** empty log message ***
implemented seq_number functions
(get_in_tkt): be prepared to parse an KRB_ERROR. Some support for
krb5_generate_seq_number
Some support for KRB5_AUTH_CONTEXT_DO_SEQUENCE
comment
*** empty log message ***
remove extra `krb5_data_free'
redone to enable pre-authentication
preauth
more support for ENC-TS-ENC
*** empty log message ***
fix the Makefile to do the for loops the automake way.
replace _PATH_TMP with _PATH_TMP_XXX
re-oder
new argument '-w term_emulator' for specifiying which terminal
document `-w'
(doit_conn): Fix typo in call to accept.
(copy_encrypted): do the type-corrected copy with IV.
removed incorrect free
(hdb_principal2key): use correct variable
initialize creds->second_ticket.data
initialize `reply'
added roken,sl,editline
adapted to heimdal
new file
*** empty log message ***
signal.h
removed foo.c
Do PA-ENC-TS-ENC the correct way.
*** empty log message ***
(process_request): Set `new'
Fix PA-ENC-TS-ENC
netinet/in6_machtypes.h
(ftpd_popen): Correct initialization of `foo' before call to
Use 'STDIN_FILENO' and `STDOUT_FILENO' instead of `sp'.
*** empty log message ***
comment
New functions `krb5_auth_setlocalseqnumber' and
new field names in `krb5_address'
time.h
Define a `krb_authenticator' as an ASN.1 Authenticator.
Adapt to new `krb5_authenticator'
(gss_accept_sec_context): Set KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify
moved 8003 to separate file
Add sequence number.
des.h and md5.h
do encrypt and add sequence number
*** empty log message ***
New field `lock_time' in OtpContext
(otp_get_internal): Save lock_time in returned struct.
List lock-time with `-l'.
a few warnings less
Adapt to krb5_principal adaption to PrincipalName
const
const argument to `krb5_net_write'
adapt to krb5 changes
Add appl
(doit): Fix reading of `y/n'.
string.h
(length_type): Make the length functions for SequenceOf
new files and reordered
fixes from krb4
use <bits.h>
removed stale prototype for `extract_ticket' and corrected call.
(krb5_kt_add_entry): change open mode to O_WRONLY | O_APPEND
prototype for `extract_ticket'
(krb5_get_salt): fix bug when unitialized data.
removed `krb5_encrypt' prototype
rsh: new program
*** empty log message ***
replaced abort with errx
Set WFLAGS if using gcc
Use WFLAGS from configure
conditional prototype for `timegm'
*** empty log message ***
got rid of a few more `abort'
(der_get_octet_string): fixed typo
some changes along the way
KRB5_RECVAUTH_IGNORE_VERSION
pwd.h
Use KRB5_SENDAUTH_VERSION
KRB5_RECVAUTH_IGNORE_VERSION
use krb5_get_default_realm
get_default_realm, set_default_realm
new c-based configuration reading stuff
removed
updated
removed memmove
new prototypes
config file update
removed krb5_get_lrealm
new file
*** empty log message ***
added kuserok.c
only remove final \n if there's one
removed trailing comma
something
replaced some `int's with `size_t'
md5_finito might handle unaligned data
might also handle unaligned data to *_finito
big-endian it should be
moved krb4 stuff to ../k
new file
moved some code to common
more functionality
_PATH*
check for setsockopt, setpcred, setlogin, vsyslog
string.h
fix all krb5_encrypt and krb5_decrypt
removed MIN
updated prototypes
removed md5.h
fix typo
enctype in auth_context
fix krb5_encrypt calls
removed md4.h
fix bug in `krb5_config_vget_string'
use `u_int32_t'
fix typos
add MD4
int len -> size_t len
Added enctyp in krb5_context
-= krb5_decrypt, krb5_encrypt, krb5_create_checksum,
removed extra free
fixed calls to `krb5_{en,de}crypt'
int len -> size_t len
(krb5_sendauth): fix bug with sending len
spelling
new file
*** empty log message ***
roken.h
handle strange case
new prototypes: krb5_get_host_realm, krb5_verify_user, krb5_init_ets
fixed printf
krb_store_string, krb5_ret_string, mem_store, mem_seek.
krb5_data_free
table-driven checksum
made checksum functions global. Used by checksum.c
Add prototypes for checksum functions.
adapt addresses to new `HostAddresses'
figure out all local addresses, possibly even IPv6!
krb5_addresses == HostAddresses
new defines
Added AC_KRB_STRUCT_SOCKADDR_SA_LEN
new headers and tests
updated to new type of krb5_address-s
Made HostAddresses = SEQUENCE OF HostAddress
conditional paths.h
updated usage
copy data that will be freed.
updated `documentation' of protocol
new types of addresses
new flag `-f'
roken.h
*** empty log message ***
parameter fix
updates and fixes (ha!)
try to free memory
updated prototypes
new file
better error messages
added kdestroy
removed unused code
redid part
Redid part.
implemented
*** empty log message ***
fixed prototypes
new prototypes
const stuff
parameter fix
New option `-p' and prompt
const
*** empty log message ***
default to local realm if none given
Made all `s_address' OPTIONAL according to
Added krb5_copy_address
Set cksumtype.
stupid seq_num optimization
malloc memory so that it gets freed correctly.
new prototypes
implement correctly
do it the right way
free
dynamic checksumtype
more checking for addresses and stuff
*** empty log message ***
use the correct user for the checksum
log the PID
*** empty log message ***
New stuff for telnet
more checks needed for telnet.
add telnet
updated to krb5
Makefile.am and quick hacks
*** empty log message ***
(kerberos5_status): call `krb5_kuserok'
*** empty log message ***
update to current API
fix typo
Added krb5_config_v?get_list
updated to current krb5_config_*
new prototypes
different type of encryption
*** empty log message ***
lots of includes and HAVE_FOO_H
foo
more tests
Use `test -n' and @LN_S@
Add `AC_KRB_PROG_LN_S' from krb4
Call `AC_KRB_PROG_LN_S'
*** empty log message ***
add appl/test
add test
fix argc checking
rename `setupterm'
const-ize fatalperror
set_progname
fix `krb5_address_compare'
allocate memory in `krb5_auth_con_setaddrs'
(krb5_kt_ret_string): 0-terminate string
allow no checksum
address compare
add address compare
new files
*** empty log message ***
try `mk_safe' and `mk_priv'
try `rd_safe' and `rd_priv'
Add `krb5_data_zero'
prototype for `krb5_data_zero'
fix typo
*** empty log message ***
Add gssapi_{server,client}
new files
fix pointer bug
Made `generate_random_block' global.
generate a random nonce.
prototype from `krb5_generate_random_block'
*** empty log message ***
return 0
check if the pre-auth was decrypted properly.
*** empty log message ***
Test for krb4
KRB4
support conditional KRB4
*** empty log message ***
Don't leak memory.
Generate a `destroy_' function.
better freeing in `krb5_cc_close'
New function `krb5_config_file_free'
(krb5_free_context): more freeing
be careful not to malloc 0 bytes
more freeing
better freeing
new prototype
new file
(krb5_ret_data): check for length == 0
(krb5_get_salt): Don't use `strncat'
added creds.c
new prototypes
*** empty log message ***
new param for `krb5_verify_checksum'
fix
(tgs_rep): support keyed checksums
change default checksum type
implement rsa-md4-des and rsa-md5-des
new functions `DES_encrypt_null_ivec' and `DES_encrypt_key_ivec'
simply and support keyed checksums
bug-compatible with MIT
free
more frees
Set `changed_by' and free entry.
fix KRB5_AUTH_CONTEXT_* constans
*** empty log message ***
Add support for genering and verifying checksums.
removed all krb5 calls
krb5_ticket update
Link with roken
roken.h
Give tags to generated structs.
Use `err' and `asprintf'
use `err'
don't worry about strdup, it's defined by roken
New funtion `gssaspi_krb5_verify_header'
New functions `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'
Use new OID
changed some declarations
new prototypes
Implement `gss_import_name'
set GSS_C_SEQUENCE_FLAG
Call `gssapi_krb5_verify_header'
Call `gssapi_krb5_make_header'
implement `krb5_address_order'
removed unimplemented functions
always generate a subkey.
fix void * misuse
got rid of some pointer-type warnings
make some tricks with `krb5_principal' to make gssapi not have to
got rid of some pointer-type warnings
(krb5_verify_ap_req): record authenticator subkey
new files
add gss_common.c
Use `output_name_type'
*** empty log message ***
updated krb5_ticket
fix typo
update with changing `krb5_ticket'
update with changing `krb5_ticket'
keep up with changing data structures
less warnings
new prototypes
(krb5_get_krbhst): Get all kdc's and try also with `kerberos.REALM'
use `max_skew'
*** empty log message ***
swap order of <sys/cdefs.h> and <ktypes.h>
generate a prototype for the `destroy_foo_error_table' function.
prototype for `gssapi_krb5_create_8003_checksum'
typo
staticize `sigterm'
`krb5_copy_address' should have a return value.
(krb5_cc_default_name): buffer range checking
crc.h
remove empty and unused function
?
comment out old diagonstic output
more prototypes
*** empty log message ***
roken.h
return value
test for err.h
err.h
kdc in libexec
err.h
removed
changed asn1_locl.h to gen_locl.h and der_locl.h
*** empty log message ***
new files
added {read,write}_message
Change default encryption type to `DES_CBC_MD5'
recognize all encryption types actually implemented
Use `krb5_init_etype'
implement `krb5_init_etype'
prototype for krb5_init_etype
Use krb5_{read,write}_message
*** empty log message ***
(krb5_get_in_tkt): only print error text is there's one
new file
id
typo
got rid of a XXX.
standardise
*** empty log message ***
updated to reality
add doc
some updates
new file
non-working kpasswd
renamed err -> ret
test for errno.h
*** empty log message ***
explicit `exit_kdb_edit'
new file
more includes
restructured and implemented some functionality
add passwd
*** empty log message ***
let each sl_func return an int indicate if sl_loop should return or not
updated to new sl
*** empty log message ***
add kpasswdd
check result of hdb_open
(krb5_get_host_realm): do the name2name thing
include error.h
prototype for arg_printusage
arg_printusage and some fixes
update with new getarg
partial matching for long options
line-up help strings
accept any number of no-
implement =maybe
print arguments in long usage as well.
support a string for the argument name
n -> number, s -> string
clearer code
(struct getargs): added `arg_help'
updated with getarg
*** empty log message ***
(krb5_kt_get_entry): check return from `krb5_kt_start_seq_get'. From
(kerberos5_is): Send a keyblock to krb5_verify_chekcsum
Check `require_enc_timestamp'
restructured code.
send a reply
break if des_read_pw_string() != 0
send the keyblock to `krb5_verify_checksum'
correct typo
don't free two times
added krb5_string_to_key_data
use gettimeofday
initialize `r'
implmenet `krb5_string_to_key_data'
*** empty log message ***
goodbye
dead
fix prompts and generation of random keys
removed read_password.c
use `des_read_pw_string'
Implement forwarding
enable forwarding
updated to hdb changes
added rd_cred and get_for_creds
zero authenticator
try default realm as last chance
removed old garbage
added krb5_rd_cred and krb5_get_forwarded_creds
fix
new files
*** empty log message ***
fix parsing
more logging
updated version
*** empty log message ***
free(d)
leak a little bit less memory
free some memory
exit on sigint. don't leak memory.
removed bogus code
free data
free `local_subkey'
free more and do etype correctly
free more
*** empty log message ***
*** empty log message ***
Add `METHOD-DATA'
Add `asn1_METHOD_DATA'
(krb5_get_kdc_cred): interpret the error number in KRB-ERROR
(krb5_get_in_tkt): interpret the error number in KRB-ERROR
(krb5_mk_error): return an error number and not a comerr'd number.
(krb5_mk_priv): Fetch the correct session key from auth_context
(krb5_rd_priv): Fetch the correct session key from auth_context
(krb5_verify_ap_req): do abs when verifying the timestamps
alloc seq_number so that it can be freed.
(krb5_kt_free_entry): don't free entry
only compare with local address if there's one.
use sequence numbers
fix freeing bug
(as_rep): Use `METHOD-DATA' when sending KRB5KDC_ERR_PREAUTH_REQUIRED,
*** empty log message ***
fix vsnprintf test
gettime prototype
(gettime): use `parse_time'
removed getdate.y
call new gettime
renamed parse_time
add parse_time.h
never clear about when to free
new files
parse_units and parse_time
*** empty log message ***
implement `-l' aka `--lifetime'
*** empty log message ***
revert 1.20
Use getarg. Implement forwarding.
implement forwarding
<sys/param.h> and <getarg.h>
(tgs_rep2): make sure we also have an defined `client' to return as
(krb5_build_authenticator): don't free `cksum'. It's allocated and
(krb5_get_kdc_cred): Don't free `addresses'.
fix bug parsing `no'
*** empty log message ***
new flags
Check the valid times on client and server.
check for and print expiry information in the `kdc_rep'
<time.h>
fixed name of KEY_EXPIRED
new flags `require_preauth' and `change_pw'
Set `ret_as_reply' if != NULL
fix proto of `krb5_get_in_tkt_with_password'
changed prototypes for krb5_get_in*
*** empty log message ***
fix new calls to `kdc_log'
Adapt to new name of HDB errors
roken.h
test for fcntl and flock
*** empty log message ***
flock replacement
change order of stuff in `main'
type of `require_preauth'
*** empty log message ***
*** empty log message ***
more up-to-date with the code
made some variables unsigned in a stupid attempt to cut down on the
(krb5_get_all_client_addrs): don't include loopback.
(krb5_get_in_cred): new function that is almost krb5_get_in_tkt but
make `krb5_password_key_proc' global
new prototypes
new files
try to use the new initial-ticket API
*** empty log message ***
include last-req's of type 6 and 7, if applicable
added mcache.c
moved krb5_free_keyblock to keyblock.c
cleanup
clean-up and mcache
new functions krb5_config_get and krb5_config_vget
Added krb5_free_creds_contents and krb5_copy_creds
clean-up
updated to new krb5_free_creds
more functionality
Added krb5_free_keyblock and krb5_copy_keyblock
new function puttime. Use it.
new prototypes
use puttime
new style of krb5_free_creds
call krb5_cc_initialize and update to new call-sequence of some
new type of krb5_free_creds
new file
*** empty log message ***
use SOMAXCONN
don't include getarg.h
removed dead code
converted to getarg and get_init_creds
new variable `kdc_warn_pwexpire'
look at `kdc_warn_pwexpire' before returning last-req of type 6
*** empty log message ***
getarg.h
remove unused variables
parse_time.h, err.h
added get_default_principal.c
formatting
Use `krb5_get_default_principal'. Print password expire information.
no newline
prototype for krb5_get_default_principal
use krb5_log*
add prototype for krb5_free_ticket
new file
*** empty log message ***
small fixes
new file
fix call to `krb5_sname_to_principal'
add kverify
remove dead code
(krb5_cc_gen_new): copy the newly allocated krb5_ccache
don't call clsoe in destroy, now that at the ccache level
(krb5_get_kdc_cred): copy the principals from in_creds -> out_creds.
(extract_ticket): don't copy over the principals in creds. Should
fix some bugs and a memory leak
krb5_free_host_realm prototype
fix some bugs
(krb5_mk_req_extended): free the checksum
more functionality
(krb5_sname_to_principal): implement different nametypes. Also free
Add free_host_realm.c and verify_init.c
new file
*** empty log message ***
(krb5_principal2principalname): return error code
adapt to new `extract_ticket'
reorganize. check everything and try to return memory even if there
new prototypes
changed extract_ticket prototype
*** empty log message ***
clean-up and try to free memory even when there're errors
*** empty log message ***
check for inline and <netinet/tcp.h>
add push and popper
use getarg.
Implement both v4 and v5.
new include files.
not used
add otp.h
new calling convention for kdc_log_msg
try to a little more careful when freeing data
add otp
kt_get_entry now has a const parameter
(krb5_kt_get_entry): made `principal' const
removed ugly cast
fresh
new files8
new file
*** empty log message ***
replace krb_net_write by krb5_net_write
(handle_udp): free buf
|uniq
(print_cred_verbose): free memory
leave stupid check
free more
strange and kludgey copying of creds before calling `extract_ticket'
k_flock -> flock
k_flock?
implement support for #-comments
correct order in linking
(init): add `kadmin/changepw'
(as_rep): fix flags checks
update password expire
use getarg
inline
changepw.c
support changing of password when it has expired
new prototypes
<sys/uio.h>
-> stderr \n
*** empty log message ***
Use krb5_change_password
(init_cred): set realm of server correctly.
(krb5_unparse_name): allocate memory properly
(krb5_free_ap_rep_enc_part): free all memory
*** empty log message ***
add else KRB4
print KDC offset iff verbose
Implement version 4 of the ccache format.
implement KDC time offset and use it if [libdefaults]kdc_timesync is
new file
remove old #if 0-code
use krb5_timeofday and krb5_us_timeofday
add time.c
new prototypes
*** empty log message ***
explicit rule bits.o: bits.c for stupid makes
(make_pa_enc_timestamp): put usec correctly(?)
*** empty log message ***
Use `krb5_sock_to_principal'
Use `krb5_sock_to_principal'
Use `krb5_sock_to_principal'
new file sock_principal.c
New function `krb5_auth_con_setaddrs_from_fd'
fix bug
Set addresses in auth_context if there aren't any
new prototypes
new file
*** empty log message ***
don't remove hostlist before it has been allocated
new functions `krb5_config_get_time' and `krb5_config_vget_time'
use krb5_config_get_time
use new krb5_config_get-functions
new prototypes
use krb5_config_get_bool
typo
removed
sys/timeb.h and sys/times.h
build destest, mdtest, des, rpw, speed
(get_entry): print more information about the entry
remove stuff that's actually done
*** empty log message ***
add appl/afsutil and lib/kafs
space
*** empty log message ***
*** empty log message ***
krb5_sname_to_principal fix from Luke Howard <lukeh at xedoc.com.au>
*** empty log message ***
define NBBY if needed
removed bogus reset of `debug'
clean-fix
include config.h
sgtty-support from Luke Howard <lukeh at xedoc.com.au>
always call PARSE_INT_FORMAT with three arguments
Add netinfo support from Luke Howard <lukeh at xedoc.com.au>
(gss_accept_sec_context): don't always pass server == NULL to
update
new files
test for <netinfo/ni.h>
*** empty log message ***
reverse the looking for xterm loops
more netinfo stuff
Added `gsskrb5_register_acceptor_identity'
prototype for `gsskrb5_register_acceptor_identity'
<sys/types.h>
more freeing
from luke
new stuff from luke
implement wrap_sizelimit
fix for stupid makes
foo
(krb5_sendauth): correct the protocol documentation and process
(krb5_recvauth): Send a KRB-ERROR iff there's an error.
*** empty log message ***
add v1.c
new file
fix krb5_build_principal_ext & c:o
new files
add --enable-kaserver
kaserver
now automake'd
Make `db-fetch4' global
added kaserver.c
KASERVER
quick hack at talking kaserver protocol
*** empty log message ***
ugly define
undo
fix up memory deallocation
(parse_keys): handle the case of an empty salt
*** empty log message ***
*** empty log message ***
(input_name): more names types.
*** empty log message ***
id
ifndef
(krb5_get_in_cred): don't print out krb-error text
(krb5_get_init_creds_password): If KDC_ERR_PREUATH_REQUIRED, add
removed `-p'
*** empty log message ***
updated
some more checks
(get_entry): be careful when printing out fields
typos
log poppers
define POP_INFO
syslog remote shells
*** empty log message ***
0.0f
*** empty log message ***
hata curses.h
nextstep bug fix from luke
correct patch
Add AC_TYPE_MODE_T
call AC_TYPE_MODE_T
mode_t
typo
Add F_OK
*** empty log message ***
add mod.c, life.c
junk
new prototypes
re-done
removed unused stuff.
removed unused stuff.
removed unused stuff.
add print_flags, parse_flags, init_entry, set_created_by,
renamed gettime.c -> life.c
new file for mod_entry
new files
removed KPASSWD_PORT
man pages
new man pages
port for kpasswd
*** empty log message ***
fix void * arithmetic
leak less memory
(DB_seq): check for valid hdb_entries
(NDBM_seq): check for valid hdb_entries
more includes
(hdb_free_entry): zero keys
(_warnerr): leak less memory
restructured
*** empty log message ***
install asn1.h
suffixes for man pages
clean copied files
fix asn1.h
more stuff and fixes
small fixes
update
update
typo
Use {un,}parse_flags for printing and parsing hdbflags.
parameter fix to `flags2int'
print_flags -> print_hdbflags
(parse_hdbflags2int): use `int2flags'
new prototypes
(DB__get): fix parameters in call to `krb5_data_copy'
moved krb5_data* functions to krb5.h
generalised `parse_units' and `unparse_units' and added new functions
update prototypes
*** empty log message ***
flags2int, int2flags, and flag_units are now generated by asn1_compile
renamed flags2int -> HDBFlags2int
roken.h
removed version_flag
new file
call generate_glue
generate_glue
parse_units.h
removed flags2int and int2flags
add gen_glue.c
*** empty log message ***
removed item
fix __P for stone age mode
removed ugly define
extract_ticket -> _krb5_extract_ticket
flags correctly
more intelligent check for passive mode
updated
-P
*** empty log message ***
documentation update
*** empty log message ***
test for sigaction
*** empty log message ***
Don't generate ifndef's in bits.h. Instead, use them when building
*** empty log message ***
(pass): chown the ticket file is logging in with clear-text passwords
check for sgtty.h
define SGTTY iff HAVE_SGTTY_H
some nextstep support
(krb5_get_in_cred): be more careful when checking for a v4 reply
fallback definition of `O_ACCMODE'
*** empty log message ***
quote the test for $(CC) correctly
only use SGTTY on nextstep
cast argument 1 to `gethostbyaddr' to `const char *'
make `salen' an int to get rid of some stupid warning
(set_salt_padata): new function
cast argument 1 to `gethostbyaddr' to `const char *'
include <fcntl.h>
*** empty log message ***
add misc.c
prototypes from misc.c
(ext_keytab): unseal key while extracting
(main): parse arguments, config file and read master key iff there's
seal and unseal key at appropriate places
(configure): add `--help'. check the number of arguments. handle the
default to HDB_DB_DIR "/m-key"
(main): use sigaction without SA_RESTART to break out of select when a
(srvconv): check number of arguments
(pop_init): check number of arguments
(main): check number of arguments
(main): use sigaction without SA_RESTART to break out of select when a
*** empty log message ***
*** empty log message ***
change prototype of `set_password'
(doit): don't add a new entry if `set_password' failed
remove old junk
(doit2): check the return value from `doit2'
(init_des_key): increase kvno
*** empty log message ***
0.0g
small fixes
updated to current code and added more text
*** empty log message ***
spelling
(pop_init): typo for argc vs argcount
hata
check for <netinet/in6_var.h>
fix for !KRB4
increase the arbitrary limit from 1024 to 8192
try printing IPv6 addresses
remove duplicate define
rewrote. Now should be able to handle aliases and IPv6 addresses
*** empty log message ***
Use `METHOD-DATA' instead of `SEQUENCE OF PA-DATA'
remove unneeded cast
*** empty log message ***
test for gethostbyname2 and struct sockaddr_in6
support AF_INET6
typo
support for printing IPv6-addresses
implement krb5_config_get_int
fixes and better #ifdef's
add `max_retries' in context
IPv6 support
check for `inet_ntop'
HAVE_SOCKADDR_IN6
new configuration variable `max_retries'
stricter #ifdef
rename `sa_len' -> `sa_size'
compat for different IPv6-APIs
new file
stricter #ifdef
AF_INET6 support
check for inet_ntop and inet_pton
fix
*** empty log message ***
init family
missing important line :-(
support ; for comments for compatability with MIT
new macro `AC_KRB_IPV6'
use AC_KRB_IPV6
rename it to HAVE_STRUCT_SOCKADDR_IN6
HAVE_SOCKADDR_IN6 -> HAVE_STRUCT_SOCKADDR_IN6
addr_families
new file
remove old code
const argument to krb5_data_copy
add KRB5_ADDRESS_INET6
use correct symbols for address families
use new addr_families functions. Now works over IPv6
use new addr_families functions
*** empty log message ***
fix typo in `ipv6_anyaddr'
(krb5_sendto_kdc): no data returned means no contact?
*** empty log message ***
(init_des_key, set_password): DES3 keys also
fix IPv6 conditionals
(valid_etype): remove hard-coded constants
fix check for keyed and collision-proof checksum
fix checksumtype for des3-cbc-sha1
*** empty log message ***
des_enc.c (hopefully)
*** empty log message ***
remove .cvsignore
got to be somewhere
check for <netinet6/in6.h>
netinet/in6.h and netinet6/in6.h
INET6_ADDRSTRLEN kludge
(ext_keytab): extract all keys
(krb5_auth_con_init): set `cksumtype' and `enctype' to 0
(krb5_build_authenticator): figure out what etype to use from the
(key_type): add `best_cksumtype'
(krb5_generate_seq_number): handle other key types than DES
(krb5_get_forwarded_creds): figure out what etype to use from the
(krb5_kt_get_entry): check the keytype
forward declaration of `struct sockaddr'
(krb5_mk_priv): figure out what etype to use from the keytype.
(krb5_mk_req_extended): figure out what cksumtype to use from the
(krb5_mk_safe): figure out what cksumtype to use from the keytype.
(krb5_rd_req): redone because we don't know the kvno or keytype before
get rid of a stupid warning
*** empty log message ***
updated version
*** empty log message ***
(start_login): moved `user' so it works even if !defined(HAVE_UTMPX_H)
print year as YYYY iff verbose
*** empty log message ***
updated
removed
removed misc.c
add `db' and remove misc-functions
new functions `hdb_create', `hdb_set_master_key' and
(struct HDB): add `open', `master_key*', and `destroy'
implement new interface
do the seal and unsealing
adapt to new hdb interface
removed all unsealing, now done by the hdb layer
removed seal and unsealing functions
update to new hdb interface
updated
*** empty log message ***
(sl_help): actually use the `help' field of `SL_cmd'
new prototypes
implement new commands: add_random_key(ark), change_password(cpw),
added add_random_key
added passwd and change_random_key
divided set_password into set_password and set_random_key
*** empty log message ***
*** empty log message ***
implement `help'
(kerberos4_is): only print UserNameRequested if != NULL
remove lots of old junk. clean-up. better error checking and
*** empty log message ***
remove unimplemented functions
(string_to_key_internal): return error instead of aborting. always
(krb5_prompter_posix): implement the case of unhidden prompts.
*** empty log message ***
add inline
make it work with perl4
revert
some more const-ness
HP-UX 10.20 seems to use 48
use cond_kdestroy
added kdestroy, krbtkfile and afslog
type correctnes
new macro `AC_PROTO_COMPAT'
add --{enable,disable}-otp.
prototype compat definitions
Use LIB_otp
conditionalize OTP-support
Add ugly macros for openlog, gethostbyname, gethostbyaddr, and
use roken_getservbyname
use roken_get*
use roken_*
const and char-cleanup
roken_*
signed vs unsigned
cond otp
signed char
const and char cleanup
use roken* macros
(krb5_init_context): support `KRB5_CONFIG' environment variable
use roken_gethostbyname
reformat
*** empty log message ***
0.0k
*** empty log message ***
hata
hm
mm
(encode_reply): return success
(_warnerr): handle the case of an illegal error code
*** empty log message ***
new file
newfile
*** empty log message ***
obvious fix
test for readv, writev
include <sys/uio.h> and <errno.h>
*** empty log message ***
*** empty log message ***
time2rstr
static-ize and fix fprintf
static-ize
<arpa/inet.h>
add prototypes for finddecryption and encrypt_delay
less warnings (some static-ization)
stdio.h
fix gss_common.h
add der.h
more includes
less warnings
int main
static-ize
der.h
(hdb_clear_master_key): return 0
more prototypes
removed some prototypes
correct prototype of krb5_max_sockaddr_size
const-ize
less warnings
(terminaltypeok): always return OK. It used to call `tgetent' to
*** empty log message ***
(kerberos4_is): send the peer address to krb_rd_req
*** empty log message ***
fix readv prototype
hmmmmm
add prototype for vsyslog
only include <sys/termio.h> iff !defined(HAVE_TERMIOS_H)
add some more source files to make soriasis make happy
*** empty log message ***
fclose prototype
*** empty log message ***
(getit): removed stupid goto
(sendrequest, recvrequest): do correct tests for `-'
*** empty log message ***
*** empty log message ***
updated broken list
fix comment
(parse_something): ignore white-space and ','
*** empty log message ***
print out old and new string
use xdbm.h
*** empty log message ***
be careful with msg-id, subject, and from
*** empty log message ***
cond otp. and use top_builddir
conditionalize otp
remove dead code
define NDBM
static-ize
add xdbm.h
update
const-ize
include <asn1.h> and <der.h>
change `int fd' to `void *p_fd'
fix calls to krb5_net_{read,write}
add <sys/socket.h>
*** empty log message ***
new files
add get_in_tkt_with_{keytab,skey}.c
*** empty log message ***
(krb5_auth_con_init): free memory on failure correctly.
(krb5_build_ap_req): check return value from malloc.
(send_request): free memory on error.
remove dead code
(valid_etype): remove
(krb5_copy_creds_contents): zero target
(krb5_etype_valid): new function
*** empty log message ***
implemented BSD-style reserved port `authentication'
*** empty log message ***
make `sa_buf' `void *'
set BINDIR
add AUTH_BROKEN and PATH_RSH
*** empty log message ***
removed unused variables and added some casts
removed an unused variable
(krb5_h_addr2addr): new function.
(krb5_get_forwarded_creds): restructured and fixed.
*** empty log message ***
*** empty log message ***
(krb5_copy_creds_contents): only free the contents if we fail.
removed old comment
indent
removed commented out
(gssapi_krb5_create_8003_checksum): remove unused variable
(krb5_compare_creds): check for KRB5_TC_MATCH_KEYTYPE
define KRB5_TC_MATCH_KEYTYPE
fix
remove old garbage and fix call to krb5_auth_con_setaddrs_from_fd
(krb5_kt_copy_entry_contents): new function
*** empty log message ***
(common_setup): don't use `optarg'
(krb5_build_ap_req): new parameter `enctype'
(krb5_build_authenticator): enctype as a parameter instead of guessing
handle the case of a specific keytype
(krb5_mk_req): use `(*auth_context)->enctype' if set.
(krb5_mk_req_ext): figure out the correct `enctype'
(kerberos5_send): always ask for a session key of type DES
*** empty log message ***
updated to new krb5 function prototypes
*** empty log message ***
free some more memory. check some more return values.
foo
stupid variable renaming
(main): default to local realm
(find_cells): work around broken realloc
*** empty log message ***
*** empty log message ***
*** empty log message ***
xxx
*** empty log message ***
less reallocing in init_sockets
(create_reply_ticket): use a random nonce in the reply packet.
(make_pa_tgs_req): added comment
(krb5_rd_req): fixed obvious bug
changed `struct fd_set' to `fd_set'
*** empty log message ***
updated to use getarg.
*** empty log message ***
(sn_append_char): don't write any terminating zero.
*** empty log message ***
(do_write): removed unused variable
iruserok
removed unused variable
adapt for roken
iruserok prototype
*** empty log message ***
changed `u_int32_t' to `unsigned' in iruserok-prototype
changed `u_int32_t' to `unsigned' in iruserok.
add --disable-otp
use defined(KRB4) || defined(KRB5) instead of KERBEROS
removed k_flock
k_gethostname -> gethostname
always compile strcasecmp
new files
added concat
concat
added gethostname and roken_concat*
ifdef on strcasecmp and strncasecmp
malloc checks
iruserok
check return value of base64_encode
(base64_encode): check return value from malloc
correct error-code for base64_enocde failed.
check malloc and strdup
(find_cells): check memory allocations
line up files
release 0.0l
(main): add 'b' to getopt
*** empty log message ***
more error testing from Love Hörnquist-Åstrand <e96_lho at elixir.e.kth.se>
add krb5_keytype_to_enctypes
(krb5_build_authenticator): use krb5_{free,copy}_keyblock instead of
use krb5_keytype_to_enctypes to be MIT-compatible
new draft
initialize_error_table_r -> initialize_error_table
remove a warning about unused variable
stuppid warning
err.h
get rid of a warning by some code restructuring (is this really worth
(renew): don't set the OTP if the reading of the string fails.
removed unused variables
stdlib.h and string.h
(print_arg): take care of impossible case.
more prototypes
(main): return a exit code.
(edit_entry): return a value
new signature for krb_verify_user
(send_krb5_auth): swap the order of the `local_user' and the
(recv_krb5_auth): swap the order of the `local_user' and the
(kerberos5_forward): zero out `creds'.
(tgs_check_authenticator): RFC1510 doesn't say that the checksum has
(add_new_key): test the return value of `krb5_parse_name'
update prototypes from util.c
(str2deltat, str2attr, get_deltat): return value as pointer and have
(print_flags_table, print_units_table): new functions
prorotypes for print_{flags,units}_table
(print_time_table): new function
print_time_table prototype
*** empty log message ***
id
fix up lots of stuff related to the forwarding of v4 tickets.
updated prototype of kerberos4_forward
*** empty log message ***
*** empty log message ***
new function
(init): create `default'
(edit_time): only set mask if != 0
(attr_to_flags): try to set `client'
strcpy_truncate
*** empty log message ***
4forward -> void
4forward void
*** empty log message ***
old krb_verify_user
from strcpy_truncate branch
(ank): don't zero password if --random-key was given.
*** empty log message ***
(tn): repair support for numeric addresses
*** empty log message ***
consistent order of CFLAGS and CPPFLAGS
(pop_updt): lseek before ftruncating the file. From
*** empty log message ***
Add OpenBSD
new VICEIOCTL's. From <rb at stacken.kth.se>
(main): only set admin_server if explicitly given
(main): htons correctly. moved kadm5_server_{recv,send}
use krb5_getportbyname
add kadm5_{store,ret}_principal_ent_mask.
add kadm5_server_{send,recv}{,_sp}
add FreeBSD
add new prototypes
*** empty log message ***
*** empty log message ***
rename logwtmp -> ftpd_logwtmp not to conflict with libc.
logwtmp -> ftpd_logwtmp
added admin.h
(main): use kadm5_server_{send,recv}_sp
(tgs_rep): initialize `i'
link with kadm5srv
rewritten to use the kadm5 API
(krb5_config_vget_next): handle c == NULL
(get_str): initialize pad space to zeor
new files
add log.c, dump_log and replay_log
(kadm5_s_chpass_principal): add change to log
(kadm5_s_randkey_principal): add change to log
(kadm5_s_modify_principal): add change to log
(kadm5_s_delete_principal): add change to log
(kadm5_s_init_with_password_ctx): initialize log_context
add kadm5_log_context and kadm5_log*-functions
(kadm5_s_rename_principal): log changes
(kadm5_s_create_principal): add change to log
rename `-s' to `-S' to be MIT-compatible.
*** empty log message ***
(edit_entry): remove unused variables
detect bad password. use krb5_err.
add signal stuff
(kadm5_log_flush): send a unix domain datagram to inform the possible
(kadm5_s_init_with_password_ctx): initialize `log_context.socket_name' and `log_context.socket_fd'
*** empty log message ***
get rid of potential warning
(get_pa_etype_info): remove gcc-ism of initializing local struct in
add PA_KEY_INFO and PA_KEY_INFO_ENTRY
include <sys/file.h>
(print_time_table): don't return a void value.
*** empty log message ***
(get_version): globalize
prototype for kadm5_log_get_version
*** empty log message ***
(_krb5_extract_ticket): if time difference is larger than max_skew,
strerror ugly fix
*** empty log message ***
set YACC and LEX
include parse_{time,units}
(unparse_units_approx): new function that will only print the first unit.
prototype for unparse_units_approx
(unparse_time_approx): new function that calls `unparse_units_approx'
prototype for unparse_time_approx
*** empty log message ***
compat with stupid make's
*** empty log message ***
(sl_loop): got rid of a warning
now it should actually work with perl4
@LEXLIB@
*** empty log message ***
(krb5_context_data): `et_list' should be `struct et_list *'
(kadm5_log_get_version): take an `fd' as argument
more stuff and updated
add ipropd
new files
(main): free `server'
more code
(kadm5_log_previous): avoid bad type conversion
(check_acl:) truncate buf correctly
(krb5_mk_priv): bump static limit to 10240. This should be fixed the
use WFLAGS_NOUNUSED
*** empty log message ***
foo
initialize ec->next
use `struct ndbm_db' everywhere.
fix lots of stuff
(ret_principal_ent): set `n_tl_data'
make `krb5_keytab_key_proc' global
(krb5_get_init_creds_keytab): use krb5_keytab_key_proc
krb5_keytab_key_proc_args
more WFLAGS and WFLAGS_NOUNUSED
*** empty log message ***
*** empty log message ***
(get_creds): get credentials for `iprop/master' directly.
print operation names
stupid type change
(send_diffs): more careful
use krb5_read_message
use krb5_{read,write}_message
remove arbitrary limit
add X-tests, and {bin,...}dir
*** empty log message ***
remove semicolon
new file
BINDIR, LIBDIR, LIBEXECDIR, SBINDIR
add kauth and kx
*** empty log message ***
(AC_KRB_IPV6): rewrote to avoid false positives
include <term.h>
add DESTDIR support and .PHONY
rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
add <arpa/nameser.h>
(get_xsockets): try getting sockets in lots of places
use new get_xsockets
updated copyright
update prototype for get_xsockets
(init_words): recognize both `-p' and `-prog'
define SunOS if running solaris
*** empty log message ***
(kadm5_s_get_principal): handle an empty salt
*** empty log message ***
include <termcap.h> instead of <term.h>
link with snprintf (From Derrick J Brashear <shadow at dementia.org>)
remove redundant preprocessor stuff
*** empty log message ***
*** empty log message ***
(srvconv): return 0 if successful
(print_cred_verbose): print IPv4-address in a portable way.
generate ftp Makefiles
(fkt_add_entry): use an explicit seek instead of O_APPEND
s/2/1
transform the man page
(tn): moved the printing of `trying...' to the loop
*** empty log message ***
(_kafs_afslog_all_local_cells): Try _PATH_ARLA_*
add arla paths
*** empty log message ***
include <io.h>
use EXECSUFFIX
add strcasecmp
use EXECSUFFIC
*** empty log message ***
merged in win32 changes from flag & jfa
call LIBNAME properly
(pop_dropcopy): first do mkstemp and tehn fdopen. Originally from
*** empty log message ***
simplify includes
shared library dependencies
define alloca to malloc in case we're using bison but don't have
*** empty log message ***
(LIB_DEPS): don't link with termcap. looses on HP-UX.
(SOURCES): add roken_gethostby.c to make solaris make happy
*** empty log message ***
top_builddir: add
typo in sed invocations
*** empty log message ***
(connect_local_xsocket): update to try the list of potential socket
(doit): fix flow-of-control bug in prev version
include paths.h
add symlink magic for linux
set INSTALL_DATA correctly
set LIB
*** empty log message ***
new file
krb4 compat
should work with krb4
*** empty log message ***
changeuser now returns int
(changeuser): check that `setuid' and `setgid' succeeded.
check return value from changeuser
white-space
*** empty log message ***
better default for v4 and v5
(main): init context correctly
*** empty log message ***
*** empty log message ***
clean-up
more symlink magic
maildir typo
(print_version): according to ISO/ANSI C the elements of `arg' are not
unifdef -DHAVE_H_ERRNO
s/strup/my_strupr/
O_BINARY
*** empty log message ***
don't test for winsock.h
*** empty log message ***
*** empty log message ***
add error_table_name
prototype for error_table_name
(krb5_mk_req_extended): only set encryption type in auth_context if
*** empty log message ***
missing int
LDFLAGS and LD_FLAGS
add CFLAGS when linking
(unpack_cred): fix subscripts
stuipd cray awk wants \#
clean up symlinking
solaris stupid make
*** empty log message ***
link with DBLIB
more NEED_*SPRINTF_PROTO
new option `--enable-kaserver-db'
(KASERVER_DB): add
conditionalize ka-server reading support on KASERVER_DB
*** empty log message ***
remove duplicate setenv
send -I to aclocal
more .la fixes (reversed)
new file
add display_status
link with DBLIB
*** empty log message ***
(gss_display_name): zero terminate output.
spelling
(repl_mutual): no output token
new file
*** empty log message ***
update?
*** empty log message ***
0.0q
libtool :)
make symlink magic work
*** empty log message ***
(clean): remove encdata.c
(clean): PROGS -> PROGRAMS
(clean): try to remove shared library debris
*** empty log message ***
(process_rings): correct call to `stilloob'
(doit): better error reporting
*** empty log message ***
(roken_rename.h): remove dependency
(strdup.c): remove dependency
*** empty log message ***
remove duplicate seteuid
(popper): add missing closing parenthesis
rewritten using AC_FIND_FUNC_NO_LIBS2
new file
*** empty log message ***
add <sys/socket.h>
only set CFLAGS if it wasn't set
fall-back definition of IN6_ADDR_V6_TO_V4
*** empty log message ***
LIB_tgetent: set
random fixes to make it build with socks
Release 0.0r
fix broken lines and typos
add str{cpy,cat}_truncate
(distclean): don't remove roken_rename.h
rewrite and add support for environment variable AFS_SYSCALL
fix misspelling of TIOCGWINSZ and bad use of fields
(AFS_SYSCALL): document
*** empty log message ***
spelling
(auth): free `app_data'
(do_cpw_entry): initialize `ret'
(del_entry): don't apply on zeroth argument
(foreach_principal): don't clobber `ret'
(do_524): initialize `ret'
(do_request): check for errors from `sendto'
(get_pa_etype_info): initialize `ret'
(mian): initialize `ticket_life'
(get_cred_cache): try to do the right thing with default_client
(_kadm5_set_keys): initialize `ret'
(krb5_build_authenticator): realloc correctly
(krb5_encode_EncKrbCredPart, krb5_encode_ETYPE_INFO): initialize `ret'
(parse_list, krb5_config_parse_file): ignore more spaces
(krb5_init_context): print error if parsing of config file produced an
(find_all_addresses): init j
realloc correctly
(krb5_sendto_kdc): do not close the unopened file
(issuid): add
*** empty log message ***
(main): create place-holder ticket file with open(O_EXCL | O_CREAT)
(map_syscall_name_to_number): new function for finding the number
*** empty log message ***
s/net_read/pop_net_read/
(net_{read,write}): remove
s/net_write/telnet_net_write/
new files
net_{read,write}.c: add
(net_write, net_read): add prototypes
*** empty log message ***
(parse_pobox): set f
use net_read from roken
use net_write from roken
(tn): don't advance hostent->h_addr_list, use a copy instead
(krb5_sendto_kdc): don't advance hostent->h_addr_list, use a copy instead
(inaddr2str): don't advance hostent->h_addr_list, use a copy instead
reorganize order of definitions.
*** empty log message ***
(simple_execlp): initialize `argv'
*** empty log message ***
include roken.h
(roken_gethostby_setup): remove unused variable
ctype.h
(simple_execvp): loop around waitpid when errno == EINTR
add cplucplus magic
*** empty log message ***
ROKEN_LIB_FUNCTION
DES_LIB_FUNCTION
*** empty log message ***
(krb5_mk_error): realloc until you die
kludges for parsing `rsh hostname -l user'
*** empty log message ***
Release 0.0s
(parse_binding): remove trailing whitespace
*** empty log message ***
Release 0.0t
remove brace
(find_cells): realloc more carefully
stupid changes to make solaris make happier
(toolong): fix type
moved up no realm fix from new-crypto
implement support for Solaris's named-pipe X transport
(doit_passive): conditionalize stream pipe code
*** empty log message ***
merged in 1.19.2.1->1.19.2.2
(arg_printusage): new parameter `progname'. NULL means __progname.
(arg_printusage): new signature
new arg_printusage
*** empty log message ***
*** empty log message ***
new arg_printusage
*** empty log message ***
(krb5_get_use_admin_kdc, krb5_set_use_admin_kdc): new functions
(krb5_context_data): add `use_admin_kdc'
(get_kdc_address): use krb5_get_krb_admin_hst
(krb5_get_krb_admin_hst): new function
(krb5_sendto_kdc): care about `use_admin_kdc'
*** empty log message ***
(krb4_auth, krb4_adat): minor fixes
(doit_active): minor fix
new support for specifying homedir
use krb_afslog_uid_home
(pam_sm_open_session): use krb_afslog_home
(siad_ses_launch, siad_ses_reauthent): use krb_afslog_home
*** empty log message ***
(recvmsg): patch from bpreece at unity.ncsu.edu
*** empty log message ***
(chown_xsockets): new prototype
(chown_xsockets): new function
create sockets before setuid to handle Solaris' strange permissions on
(LIBNAME): use LD_FLAGS
*** empty log message ***
(generate_c): use "..." in include
clean-up and simplification
*** empty log message ***
(LIB_DEPS): add LIB_tgetent
*** empty log message ***
fix from Ake Sandgren <ake at cs.umu.se>
(doit_active): check DISPLAY to figure out what local socket to
(krb5_get_krb_admin_hst, krb5_get_krbhst): fix typos
(recv_krb5_auth): disable `do_encrypt' if not encrypting.
(main): initialize host
(sec_login): fix loop and return value
(gss_auth): fixo typo(copyo?)
(getreply): remove extra `break'
(handle_udp, handle_tcp): correct type of `n'
(fcc_destroy): fix typo
fix unreachable code
*** empty log message ***
--from implementation from <lha at stacken.kth.se>
updated
*** empty log message ***
(add_cred): add termination NULL pointer
(KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
(doit_passive): parse $DISPLAY correctly
new argument -n for not starting any terminal emulator
document -n
*** empty log message ***
(main): new option `-p' for enable passive mode.
document -p
*** empty log message ***
(get_pobox): new function. add hesiod support.
link and include hesiod
add <hesiod.h>
*** empty log message ***
undef ECHO to work around AIX lex bug
*** empty log message ***
(fail_verify_is_ok): new function
(kt_remove): some more type correctness.
(gss_adat): more braces to shut up warnings
some more type correctness.
(usage): void-ize
(der_get_length): fix test of len
(krb5_auth_con_init): more type correctness
more type correctness
(krb5_free_creds_contents): new function
(krb5_xfree): new function
re-structure code.
more type correctness
*** empty log message ***
(k_getpwuid): check for `struct spwd'
(k_getpwnam): check for `struct spwd'
(guess_domain): new function
(retrying): support on-the-fly decompression
more braces
(pop_pass): try to always log
include err.h
include ctype and roken
more braces
(WFLAGS): set
include err.h
(ss_error): remove unused variable
(sl_command_loop): remove unused variable
*** empty log message ***
new test
*** empty log message ***
check for environ and `struct spwd'
*** empty log message ***
rename delete -> remove
rename delete -> remove
rename delete -> remove
<netdb.h>
build and install pfrom
new program
(install): fix typo
bindir -> libexecdir
HAVE_STRUCT_SPWD, HAVE_ENVIRON_DECLARATION
spelling
fix broken lines. Reported by Jukka Virtanen <jtv at cc.hut.fi>
(dns_lookup_int): send rr_class to res_search
(stot): constify
(addr2sockaddr, print_addr): new methods
(init_socket): bind to a particular address
(krb5_get_all_server_addrs): add. almost the same as
*** empty log message ***
(parse_something): func is called with val == 0 if no unit was given
*** empty log message ***
*** empty log message ***
(replace_cookie): try to handle the case of not finding any cookies
__attribute__: check for autoconf'd HAVE___ATTRIBUTE__ instead of GNUC
(inet_aton): also chedk NEED_INET_ATON_PROTO
unsigned char-correctness
*** empty log message ***
removed duplicated paths.h
mkstemp: add prototype
sparcv9 is also 64 bits, use `unsigned int' instead of `unsigned long'
*** empty log message ***
moved all check_login and check_login_no_guest to the end of the rules
roken renaming
(verify_and_remove_cookies): give back a meaningful error message if
reformat
document -t/--test
add option -t | --test
(_kadm5_c_init_context): move up initalize_kadm5_error_table_r. From
(kadm5_client_context): add `kadmind_port'. From Love
allow specification of port number.
(main): convert `debug_port' to network byte order
(tgs_rep2): print the principal with mismatching kvnos
(parse_ports): copy the string before mishandling it with strtok_r
less drive-by-deleting. From Love <lha at e.kth.se>
(fkt_remove_entry): remove KRB5_KT_NOTFOUND if we weren't able to
correct the help string for --server-port
(parse_keys): abort when detecting errors
(mod_entry): check the number of arguments. check that
(v4_prop): add krbtgt/THISREALM at OTHERREALM when finding cross-realm
added explicit rules for asn1_err.[ch]
(main): always set `name'
added explicit rules for hdb_err.[ch]
(DB_seq): unseal key
(NDBM_seq): unseal key
added explicit rules for kadm5_err.[ch]
(kadm5_s_get_principal): always return an error if the principal
(kadm5_s_rename_principal): call remove instead of rename, but
(afslog_uid_int): update to changes
KRB5_TGS_NAME: use
(krb5_error): typedef to KRB_ERROR
(krb5_mk_req_extended): more type-correctness
(krb5_free_error, krb5_free_error_contents): new functions
(krb5_sendauth): return the error in `ret_error' iff != NULL
environ: add declaration for
update
(check_flags): handle NULL client or server
(get_kadm_ticket): only remove creds if krb5_get_credentials was
explicit rules for *.et files
*** empty log message ***
Release 0.0u
*** empty log message ***
(parse_prots): always bind to AF_INET, there are v6-implementations
more magic for different v6 implementations. From Jun-ichiro itojun
*** empty log message ***
(tn): only call gethostbyname2 with AF_INET6 if we actually have
(krb5_sendto_kdc): only call gethostbyname2 with AF_INET6 if we
(krb5_get_forwarded_creds): only call gethostbyname2 with AF_INET6 if
(get_kdc_address): only call gethostbyname2 with AF_INET6 if we
*** empty log message ***
update usage string
(rxterm, rxtelnet, telnetxr): substitute VERSION and PACKAGE
add --version, [-h | --help], -v
print out what telnet program we are running. From
new files
(SOURCES, OBJECTS): add emalloc, erealloc, resolve
(libroken_la_SOURCES): add emalloc and erealloc
(emalloc, erealloc): add
roken.h
(estrdup): add prototype
new file
(estrdup): add
(filename): unused. remove.
all integer functions take `int' instead of `unsigned'
(der_get_unsigned): new function
(der_put_unsigned): new function
(length_unsigned): new function
(define_type): map ASN1 Integer to `int' instead of `unsigned'
(check_der): add
new file
(copy_stream): initialize `werr'
(kadm5_c_init_with_context): remove unused `error'
*** empty log message ***
more people
add <unistd.h>
homogenize broken detection with krb4
(match): remove #ifdef HAVE_FNMATCH. We have a fnmatch implementation
update prototypes
(WFLAGS): add `-O' to catch unitialized variables and such
update with configure.in
(print_entry_long): print the keytypes and salts available for the
(init_auth): remove unnecessary gssapi_krb5_init. ask for KEYTYPE_DES
(krb5_salttype_to_string): new function
(krb5_get_host_realm): constize orig_host
(krb5_init_etype): etypes are now `int'
(mkstemp, gethostname): also includes prototypes if they are needed.
*** empty log message ***
*** empty log message ***
(do_connect): init `s'
*** empty log message ***
(pfrom): use libexecdir
build and install pfrom
(abs): add
(add): on second thought, remove abs. there's already a standard
mention /dev/null. From: Simon Josefsson <jas at pdc.kth.se>
(krb5_mk_safe): sizeof(buf) -> buf_size, buf is now a `u_char *'
(SOURCES): add fnmatch
*** empty log message ***
remove unused variables, add braces.
*** empty log message ***
*** empty log message ***
0.1a
*** empty log message ***
Release 0.1a
pfrom should be a script and not a program
*** empty log message ***
(usage): update usage string
(error_message): printf format fixo
(pop_parse): cast when calling is* to get rid of a warning
(kerberos4_is): syslog root logins
(main): 0 -> STDIN_FILENO. remove abs
(generate_h): cast when calling is* to get rid of a warning
<roken.h>: add
*** empty log message ***
unsigned-ify
*** empty log message ***
(SOURCES): add glob.c
*** empty log message ***
(krb5_get_host_realm): include leading dot (if any) when looking up
malloc checks and fixes
add krb5.h to get heimdal_version
(append_hex): cast in isalnum to get rid of stupid warning
cast in is* to get rid of stupid warning
(timeval2str): more braces to make gcc happy
use YYACCEPT instead of return
(krb5_verify_checksum): rename C -> cksum to be consistent
krb_verify_user_multiple -> krb_verify_user
krb_verify_user_multiple -> krb_verify_user
*** empty log message ***
*** empty log message ***
document new configure options
*** empty log message ***
(krb5_addlog_dest): more braces to make gcc happy
cast to unsigned char to make is* happy
(loop): braces fix
(_kadm5_setup_entry): braces fix
(kadm5_s_get_principal): braces fix
(krb5_store_stringz): braces fix
*** empty log message ***
(verify): use KRB_VERIFY_SECURE instead of 1
(krb4_verify_password): use KRB_VERIFY_SECURE instead of 1
(afs_verify): use KRB_VERIFY_SECURE instead of 1
(doit): use KRB_VERIFY_SECURE instead of 1
(common_auth): use KRB_VERIFY_SECURE instead of 1
update
(libroken_la_SOURCES): add eread and ewrite
new files
add eread, ewrite
static-size
krb.h: add
correct path to Makefile.am.common
(telnet_gets): remove old extern declarations
correct path to Makefile.am.common
static-ize
correct path to Makefile.am.common
(des_rand_data): move declaration to get rid of warning
(swap_u_int32_t): correct reference in comment
correct path to Makefile.am.common
(daemon, innetgr): add prototypes
add <roken.h>
correct path to Makefile.am.common
replace return with YYACCEPT
(eread, ewrite): add
*** empty log message ***
fix reference to LIB_DBM
(gethostname): remove duplicate
*** empty log message ***
hesoid -> hesiod
hesoid -> hesiod
(SunOS): set to a number
(pass): 1 -> KRB_VERIFY_SECURE
*** empty log message ***
(pass): fall-back for KRB_VERIFY_SECURE
(generate_2int, generate_int2): int -> unsigned
(LIB_kdb): make sure there's a -L option in here by adding $(LIB_krb4)
*** empty log message ***
(install_build_headers): try to make it work better when list of
kludge to help solaris make
(install_build_headers): recover from make rewriting the names of the headers
*** empty log message ***
(loop): more braces to make gcc happy
(my_strupr): cast away some stupid warnings
(init_socket): get rid of a stupid warning
(doit): more braces to make gcc happy
(get_pobox): try to handle old and new hesiod APIs
*** empty log message ***
(main): don't print `no ticket file' with --test. From: Love
another warning destroyed
sys/ioccom.h: test for
*** empty log message ***
(kdestroy_LDADD, klist_LDADD): more libraries
add support for destroying v4 tickets and AFS tokens. based on code
homogenized includes
add support for printing AFS tokens
include krb4 and kafs
(ktutil_SOURCES): add srvcreate
srvcreate: new command
(srvcreate): add prototype
new file. contributed by Daniel Kouril <kouril at informatics.muni.cz>
include krb4 and kafs
*** empty log message ***
(install-build-headers): simplify loop
(db_185.h): check for
try db_185.h first in case db.h is a DB 2.0 header
(pfrom): fix typo
*** empty log message ***
more stuff in 0.1d
fix typo
(krb5_crypto_destroy): free `crypto'
(fcc_destroy): don't call fcc_close
(krb5_get_in_cred): be more careful about freeing memory
(krb5_get_init_creds_password): re-organize the code to always free
*** empty log message ***
(create_random_entry): free the entry
(main): make code more consistent. always free configuration
(init_sockets): free addresses
(DB_destroy): clear master key
(NDBM_destroy): clear master key
(kadm5_s_destroy): simplify
(kadm5_free_principal_ent): free `key_data'
(_kadm5_set_keys): free salt when zapping it
*** empty log message ***
*** empty log message ***
(get_xsockets): init local variable to get rid of a gcc warning
fix names of hesiod variables
(hpux): no library dependencies
spell-check a comment
remove unused variables
(ka_dump): remove unused variables
fix some error messages to be more understandable.
moved all FTPSEC commands from cmd to rcmd to avoid resetting
*** empty log message ***
*** empty log message ***
quote $@
test for more header files
(print_cred_verbose): handle the case of a bad enctype
use LIB_roken
*** empty log message ***
*** empty log message ***
*** empty log message ***
(krb5_get_init_creds_password): kludge around `ret_as_reply' semantics
security/pam_modules.h: check for
comment spell-fix
(encrypt_internal): free checksum if lengths fail to match.
add assert.h
(do_read): use krb5_get_wrapped_length
(doit): fix error message
(setup_copier): use `socketpair' instead of `pipe'. Some shells don't
*** empty log message ***
update
add missing *snprintf functions
(krb5_forward_cred): zero out creds
unifdef FORWARD
new option --forwardable
(main): use print_version
*** empty log message ***
(main): use krb5_program_setup and print_version
don't run testit as a check
*** empty log message ***
handle more than one realm for a host
issuid: nuke prototype
*** empty log message ***
(krb5_generate_subkey): check return value from malloc
(init_tgs_req): some more error checking
(init_tgs_req): re-structure a little bit
*** empty log message ***
LIB_kdb: -L should be before -lkdb
include strsep prototype if needed
not used anymore
*** empty log message ***
*** empty log message ***
new flag --kaserver and config file option enable-kaserver. From
(add_standard_ports, process_request): look at enable_kaserver. From
(open_socket): stupid cast to get rid of a warning
(ka_convert): print the failing principal. AFS 3.4a creates
(enable_kaserver): declaration
(add_padata): loop over all enctypes instead of just taking the first
add support for getting afs tokens with v4 and v5
<kafs.h>
(krb5_free_keyblock_contents): don't zero keyvalue if it's NULL.
do all the krb4 tests with "$krb4" != "no"
(LDADD): add kafs
conditionalize the kafs calls on KRB4
(renew_validate): hopefully fix up freeing of memory
(krb5_fwd_tgs_creds): compat function
try to handle the case of --without-package correctly
(renew_validate): use the client realm instead of the local realm when
(check_tgs_flags): starttime of a validate ticket should be > than
(renew_validate): set all flags
(--tokens): conditionalize on KRB4
(krb5_storage_to_data, krb5_ret_data): use krb5_data_alloc and be
(krb5_decrypt_ticket): add `flags` and
(KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add
(kpasswdd_LDADD): add LIB_dlopen
(krb5_data_free): free data as long as it's not NULL
(FILENAME): simplify definition
(get_init_creds_common): if start_time is given, request a postdated
implement -i
(-f): implement
fix test for readline.h
(main): send context to krb5_config_file_free
use LIB_otp
(kerberos5_send): use `krb5_auth_setkeytype' instead of
(krb5_auth_con_init): initalize keytype and cksumtype
copyright update
(F_PSEUDO): new flag for non-protocol encryption types
(make_pa_tgs_req): remove old kludge for secd
(krb5_auth_context_data): add `keytype' and `cksumtype'
(krb5_mk_req): use auth_context->keytype
(krb5_mk_req_internal): try to handle old DCE secd's that are not able
*** empty log message ***
correct definition of KRB_PUT_INT for old krb4 code. From Ake
(mcc_get_next): get the current cursor correctly
*** empty log message ***
Release 0.1e
pretty
update for 0.1e
(cache): const-correctness
(krb5_compare_creds): just verify that the keytypes/enctypes are
(get_cred_from_kdc_flags): allocate and free `*out_creds' properly
(kadm5_c_destroy): check if we should destroy the auth context
(get_new_cache): don't abort when interrupted from password prompt
add ACL checks
(kadmind_loop): break-up and restructure
re-insert krb_err.h and other miss
add prototypes
*** empty log message ***
(v5_loop): remove unused variable
*** empty log message ***
(get_default): check return value
(add_new_key): new options for setting max-ticket-life,
(edit_time, edit_attributes): don't do anything if it's already set
(init): new arguments realm-max-ticket-life and
(usage): update usage string
(set_entry): add prototype
(_kadm5_setup_entry): change so that it takes three masks, one for
call new _kadm5_setup_entry
(_kadm5_setup_entry): change prototype
*** empty log message ***
(kadm_ser_cpw): always allow a user to change her password
(_kadm5_set_keys2): don't check the recently created memory for NULL
bump version to 0.1f
*** empty log message ***
*** empty log message ***
some more error checking
(change_password): add colon to prompt strings
(add_new_key): initialize more variables
new file
(strndup): add
strndup.c: add
(strnlen): update prototype
(try_pie): more braces
(strndup): test for
(create_and_write_cookie): try to return better (and correct) errors.
(doit_active): handle error code from create_and_write_cookie
(doit_passive): handle error code from create_and_write_cookie
*** empty log message ***
(makeargv): fill in unused slots with NULL
getline -> ftpd_getline
rename getline -> ftpd_getline
try with more header files than ndbm.h
(k_hasafs): ifdef a variable properly
also try <db.h> with DB_DBM_HSEARCH == 1
*** empty log message ***
(_GNU_SOURCE): define this to enable (used) extensions on glibc-based
*** empty log message ***
*** empty log message ***
(init_as_req): interpret `addrs' being an empty sit of list as to not
add --noaddresses
add --noaddresses
(krb5_verify): check seteuid for errors
*** empty log message ***
Release 0.1f
pretty
(main): detect the case of no command given.
make sure it tries with all other authentication methods after one has
(doit, proto): take a function pointer to the auth function
(main): handle the case of no master key
(*_SOURCES): remove encdata, add krb[45].c, context.c
(do_enccopy, copy_encrypted): remove
update
(main): use getarg
new files
*** empty log message ***
(main): forgot to conditionalize some KRB5 code
(SOURCES*): update sources list
(SUBDIRS): add kx
*** empty log message ***
(getsockopt, setsockopt): test for
(krb5_sendauth): handle ccache == NULL by setting the default ccache.
(doit_v5): call krb5_sendauth with ccache == NULL
(do_v5): call krb5_sendauth with ccache == NULL
(do_write, do_read): always return -1 for failure
(send_krb5_auth): call krb5_sendmail with ccache == NULL. check
(proto): call krb5_sendauth with ccache == NULL
(setsockopt): cast to get rid of a warning
(KRB_PUT_INT): if we don't have KRB4 use four arguments :-)
*** empty log message ***
(net_read, net_write): remove prototypes
*** empty log message ***
(init): initialize realm_max_life and realm_max_rlife
(verfiy_krb5): get the name out of the ccache before closing it
(do_v5): remove unused and non-working code
*** empty log message ***
(main): add fallback to rlogin
*** empty log message ***
copy the v5 ccache to a file after having done setuid
update comments
comments
comments
comments
udpate comments
*** empty log message ***
(XauWriteAuth): junk declaration of malloc
new files
add kgetcred
fix
(telrcv): magic patch to make it work against DOS Clarkson Telnet.
add cygwin and DOS tests
(kt_add): new option `--no-salt'. From Miroslav Ruda
conditionalize otp.h
(doit): afslog correctly
link hpropd with kdb
support for dumping to krb4. From Miroslav Ruda <ruda at ics.muni.cz>
*** empty log message ***
(error_code:) try to handle really old krb4 distributions
we also need to check for XauFilename since it's used by appl/kx. And
*** empty log message ***
new file
*** empty log message ***
(CHECK_NETINET_IP_AND_TCP): use
proper autoheader tricks
*** empty log message ***
*** empty log message ***
(kt_remove): -t should be -e
update
*** empty log message ***
version, help
update
*** empty log message ***
*** empty log message ***
(swap_u_int32_t): only define when used
(error_code): typo
Release 0.1g
fix
add login_access
*** empty log message ***
(USE_RESOLVER): try to define only if we have a libresolv (currently
(handle_v5): read sendauth version correctly.
(sendrequest): add argument for mode to open file in.
update calls to sendrequest and recvrequest to send "b" when
(sendrequest): update prototype
(main): try to use $USERNAME
*** empty log message ***
(parse_pobox): try $USERNAME
(main): try $USERNAME
(handle_v4): remove redundant prototype
(asn1_files): add $(EXEEXT)
(get_cred_cache): use $USERNAME
(get_logname): also try $USERNAME
*** empty log message ***
(krb5_auth_con_setaddrs_from_fd): free local and remote addresses
(verify_checksum): call (*ct->checksum) directly, avoiding redundant
(krb5_get_host_realm): don't free if we didn't manage to set anything
(main): correct error message
(main): don't byte-swap the argument to krb5_getportbyname
*** empty log message ***
(recv_conn): fix syslog messages
*** empty log message ***
(main): fix condition for login_access
(create_random_entry): more correct setting of mask
(create_principal): if there's no default entry the mask should be
removed unused stuff
*** empty log message ***
(intall-suid-programs): add space between else and \
(setup_passwd_quality_check): conditionalize on RTLD_NOW
(DES3_postproc): new version that does the right thing
(HMAC_SHA1_DES3_checksum): don't include the length
(add1): joda-fix
(swap_u_int32_t): add _CRAY
new magic flag to get loopback address if there are no other
(ipv6_uninteresting): don't consider the loopback address as
(realm_of_cell): rename to _kafs_realm_of_cell and un-staticize
*** empty log message ***
make it solaris make vpath-safe
add fallbacks for all lookups by service name
from last commit: handle both versions of HTTP (actually quite a lot
(context_set): const pollution
use get_default_username and resulting const pollution
const-pollution
use get_default_username and resulting const pollution
(main): conditionalize `getlogin'
(tn): use get_default_username
(get_cred_cache): use get_default_username
add n-fold-test
rewrite to use get_default_username
add get_default_username
(get_default_username): add prototype
new file
add get_default_username
*** empty log message ***
(krb4_auth): type correctness
(krb4_authenticate): get rid of a warning
(send_data): remove a warning
(fatal): more type correctness
*** empty log message ***
get_default_username and the resulting const propagation
*** empty log message ***
*** empty log message ***
*** empty log message ***
(main): try to destroy v4 ticket even if the destruction of the v5 one
*** empty log message ***
(RSH_BUFSIZ): bump to 16 * 1024 to be sure that we don't leave any
(main): hopefully do inetd confusion right
*** empty log message ***
new option `-e' for not trying to open an stderr socket
*** empty log message ***
*** empty log message ***
(add_standard_ports): add comma
(togkrbdebug): conditionalize on krb_disable_debug
*** empty log message ***
move around cgywin et al
conditionalize krb_enable_debug
*** empty log message ***
(values_to_ent): convert key data correctly
*** empty log message ***
(get_cred_cache): you cannot reuse the cred cache if the principals
(_kadm5_setup_entry): handle 0 == unlimited correctly. From Michal
add more people
make ank use the values of the default principal for prompting
(INCLUDES): add $(INCLUDE_krb4)
(edit_entry): update
(edit_entry): new prototype
(edit_entry): look at default
add test of -1
(acc_units): move the special case of 0 -> 1 to parse_something to
*** empty log message ***
(add_port_string): don't return a value
*** empty log message ***
(values_to_ent): ntohl key
(parse_list): handle blank lines at another place
*** empty log message ***
(srvcreate): always take the DES-CBC-MD5 key. increase possible
*** empty log message ***
(kadm_ser_cpw): read the key in the strange order it's sent
*** empty log message ***
(kerberos5_send): set the addresses in the auth_context
(krb5_sockaddr2port): new function for grabbing the port number out of
(krb5_make_addrport): create an address of type KRB5_ADDRESS_ADDRPORT
save the local and remove ports in the auth_context
(krb5_get_forwarded_creds): get the local and remote address and add
(KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT): add
(krb5_rd_cred): compare the sender's address as an addrport one
*** empty log message ***
heimdal-ized pagsh. Thanks to Miroslav Ruda <ruda at ics.muni.cz>
add pagsh
*** empty log message ***
(bin_PROGRAMS): only include pagsh if KRB4
*** empty log message ***
(kadm5_s_randkey_principal): nuke old mkvno, otherwise hdb will think
*** empty log message ***
(ipv6_parse_addr): implement
*** empty log message ***
(copy_octet_string): don't fail if length == 0 and malloc returns NULL
(construct_command): handle argc == 0 for generality
(v5_loop): handle data allocation with krb5_data_alloc and check
(encrypt_v4_ticket): error check malloc properly
(get_pa_etype_info): check return value from malloc
(decode_type): fix generation of decoding information for
(statement): use asprintf
(hdb_process_master_key): check return value from malloc
(hdb_process_master_key): simplify by using krb5_data_alloc
(*): do some malloc return-value checks properly
(krb5_init_etype): error check malloc properly
(unparse_name): error check malloc properly
(readv): error check malloc properly
(recvmsg): error check malloc properly
(parse_reply): error check malloc properly
(sendmsg): error check malloc properly
(writev): error check malloc properly
*** empty log message ***
(srvconv): better error messages
*** empty log message ***
fix stupid error in previous fix
(change): fetch the salt-type from the entry
(add_padat): encrypt pre-auth data with all enctypes
(expand_cell_name): terminate on #. From Miroslav Ruda
(epxand_cell_name): clean-up
*** empty log message ***
new draft
(expand_cell_name): repair more
*** empty log message ***
add ctype.h
more braces
test program
(handle_tcp): always do getpeername, we can't trust recvfrom to return
(handle_tcp): make sure we have data before starting to look for HTTP
(--kaspecials): new flag for handling special KA server entries. From
(krb5_cc_resolve): fall-back to files if there's no prefix. also
document -a otp
(start_login): print a different warning with `-a otp'
(readv): typo
*** empty log message ***
new file
*** empty log message ***
(ipv6_sockaddr2port): fix typo
(ipv6_parse_addr): remove duplicate variable
*** empty log message ***
more aliases
clarify
*** empty log message ***
(get_cred_cache): band-aid instead of rewriting
(store_principal_ent): encoding princ_expire_time and pw_expiration in
*** empty log message ***
(krb_realm_of_cell): new function
(krb5_realm_of_cell): new function
new prototypes
new prototype for _kafs_realm_of_cell
*** empty log message ***
(tn): extra bogus const-cast
*** empty log message ***
handle not building X programs
*** empty log message ***
(get_default_username): a better way of guessing when the user has
(k_getpwnam): const-ize
(k_getpwnam): update prototype
*** empty log message ***
test for (non-)posix getlogin
(freebsd[34]): don't use ld -Bshareable
*** empty log message ***
consequent name of cache variables
*** empty log message ***
use AC_FUNC_GETLOGIN
do SRV lookups for admin server as well.
(main): return a relevant return value
(krb5_program_setup): always initialize the context
add string_to_key_test
(generic_test): check malloc return value properly
new tests
(length_int): handle the case of the largest negative integer by not
more test cases for integers
new files
(SOURCES): add freehostent, copyhostent, getipnodebyname,
new constants for getipnodeby*
<netdb.h>: include
*** empty log message ***
(libroken_la_SOURCES): add copyhostent.c, freehostent.c,
(AC_BROKEN): test for copyhostent, freehostent, getipnodebyaddr,
*** empty log message ***
define AFS_SYSCALL to 73 for Solaris 2.7
(SunOS): define to xy for SunOS x.y
update to new format for cpp define SunOS
*** empty log message ***
clean-up and re-organize
initialize kadm5 connection for every change (otherwise the modifier
*** empty log message ***
declare some variables unconditionally to simplify things
new program
(SUBDIRS): add kf
(main): generate a better tty name
(kadm5_log_flush): extra cast
(main): print the correct data
*** empty log message ***
more clean-up
rename tk_file to ccache for consistency
add kf
clean-up and more paranoia
*** empty log message ***
(main): use warn
more fixes
(_kadm5_setup_entry): make princ_expire_time == 0 and pw_expiration ==
(add_one_principal): allow setting expiration times
(str2timeval): add prototype
(mod_entry): allow modifying expiration times
(str2timeval, edit_time): functions for parsing and editing times.
*** empty log message ***
merge in ruda improvements
*** empty log message ***
*** empty log message ***
(find_all_addresses): try to handle the case of getting back an
not used any longer
*** empty log message ***
(proto): remove shadowing context
(main): use warnx
conditionalize on HAVE_IPV6 instead of AF_INET6
(propagate_database): typo, NULL should be auth_context
(AM_INIT_AUTOMAKE): bump version to 0.1i
(sa_family_t): jsut test for existence
stolen from arla
(*): simplify by using `struct sockaddr_storage'
(krb5_auth_con_setaddrs_from_fd): simplify by using `struct sockaddr_storage'
(krb5_change_password): simplify by using `struct sockaddr_storage'
(krb5_sendto_kdc): simplify by using `struct sockaddr_storage'
(krb5_sock_to_principal): simplify by using `struct sockaddr_storage'
(struct sockaddr_storage): define it needed
*** empty log message ***
*** empty log message ***
try to get autoheader to co-operate
try to define funcs...
try to undefine properly
*** empty log message ***
<shadow.h>
(find_all_addresses): try to use SA_LEN to step over addresses if
*** empty log message ***
(AC_PROG_AWK): disable. mawk seems to mishandle \# in
*** empty log message ***
*** empty log message ***
make it handle v4 and v6 sockets. (it doesn't handle being given a v6
update prototypes
*** empty log message ***
(krb5_storage): change return values of functions from size_t to
some type correctness
lots of changes from size_t to ssize_t
lots of changes from size_t to ssize_t
some signed vs unsigned casts
*** empty log message ***
move some files from libroken_la_SOURCES to EXTRA_libroken_la_SOURCES
*** empty log message ***
merge in changes from 0.1j branch
0.1j announcement
rokenize inet_ntop
(EXTRA_libroken_la_SOURCES): add inet_ntop.c
new file
*** empty log message ***
(INET{,6}_ADDRSTRLEN): add
(inet_ntop): add prototype
*** empty log message ***
bump version to 1:1:0
bump version to 2:1:0
set version to 3:0:2
set version to 0:1:0
set version to 1:0:1
update versions to 2:0:1
*** empty log message ***
merge in ruda improvements
support IPv6
*** empty log message ***
(install-build-headers): add dependencies
*** empty log message ***
(getipnodebyname): try gethostbyname2 if we have it
(gss_auth): check return value from `gss_import_name' and print error
*** empty log message ***
(gss_auth): cast a little tiny bit
(import_hostbased_name): set minor_status
(krb5_sname_to_principal): use getipnodebyname
*** empty log message ***
*** empty log message ***
(EXTRA_libroken_la_SOURCES): add inet_pton
new file
(inet_pton): add prototype
more inet_pton to roken
(libcommon_a_SOURCES): add socket.c
add prototypes for functions in socket.c
(hookup): change prototype
add support for both AF_INET and AF_INET6 addresses
update to new types of addresses
update prototypes and variables
add EPRT and EPSV
make it more AF-neutral and v6-capable
(GSS_C_AF_INET6): add
*** empty log message ***
new file
bump version to 3:1:0
bump version to 1:2:0
set version to 2:0:2
*** empty log message ***
dig up changes
remove socket.c
moved to roken
remove socket functions
moved here from appl/ftp/common
(libroken_la_SOURCES): add socket.c
add socket* functions
(sockaddr_storage): fix typo
move around kafs.h
(mini_inetd): fix my stupid bugs
v6-ify
*** empty log message ***
quote macros when undefining
*** empty log message ***
(doit): remove unused variable mapped_sin
*** empty log message ***
new file
(libkrb5_la_SOURCES): add exapdn_hostname.c
(krb5_get_host_realm_int): new function that takes a FQDN
(krb5_mk_req): use krb5_expand_hostname
(socket_set_reuseaddr): remove duplicate
const fixes
*** empty log message ***
add socket and inet_ntop
(doit): only free hp if != NULL. From: Jonas Oberg <jonas at coyote.org>
*** empty log message ***
save file names when doing commands that might get aborted (and
*** empty log message ***
v6-ify
*** empty log message ***
(gss_auth): initialize application_data in bindings
*** empty log message ***
(active_mode): hide failure of EPRT by setting verbose
*** empty log message ***
(n_fold_test_LDADD): need to set this otherwise it doesn't build with
*** empty log message ***
(listen_v4, listen_v6): handle the case of the protocol not being
*** empty log message ***
(gss_verr, gss_err): add
use gss_err instead of abort
new prototypes
*** empty log message ***
(gss_print_errors): more type correctness
add Brian A May <bmay at dgs.monash.edu.au>
(do_read): handle EOF. From Brian A May <bmay at dgs.monash.edu.au>
add shutdown constants
(loop): shutdown one side of the TCP connection on EOF. From Brian A
(parse_list): don't run past end of line
*** empty log message ***
(main): use mkstemp to generate temporary file names. From Miroslav
*** empty log message ***
add `-G' and forwardable option in krb5.conf. From Miroslav Ruda
add regpag support. From Miroslav Ruda <ruda at ics.muni.cz>
add shadow
new file with functions for handling shadow passwords
fixes with v4 and shadow support. From Miroslav Ruda
add <shadow.h> and some prototypes
(utmpx_login): fix for Solaris. From Miroslav Ruda <ruda at ics.muni.cz>
add `-z' and `-G' options
always include kafs.h
re-write the handling of forwarded credentials and stuff. From
add libkafs
*** empty log message ***
add support for shadow passwords and rewrite some logic. From
(rmut): work around utmpx strangness. From Miroslav Ruda
*** empty log message ***
(dump_krb4): check the realm so that we don't dump principals in some
(as_rep): add an empty X500-compress string as transited.
(main): add config file support for forwardable and krb4 support.
incorporate patches from Miroslav Ruda <ruda at ics.muni.cz>
(calling_error, routine_error): right shift the code to make it
(init_sec_context): cosmetics
(krb5_fwd_tgs_creds): set forwarded in flags. From Miroslav Ruda
type correctness
add -G and config file support. From Miroslav Ruda <ruda at ics.muni.cz>
*** empty log message ***
don't run testit in `make check'
update usage message
(main): some more KRB4-conditionalizing
*** empty log message ***
ifdef KRB4
*** empty log message ***
from 0.1m
(rmut): free utxp
*** empty log message ***
make v6 friendly and simplify
fix typo
simplify by using krb5_err instead of errx
remove some dead code
make v6 friendly and simplify
(doit): call freehostent
(main): move down login incorrect to disallow account guessing
v6-ify
(do_connect): v6-ify
call freehostent
(krb5_sname_to_principal): remember to call freehostent
(inet_ntop_v4): remember to call ntohl
*** empty log message ***
(TTYinfo): copy backspace string to avoid referencing into a local
*** empty log message ***
(sockaddr_storage): cater for those that have v6-support also
*** empty log message ***
update to draft-ietf-cat-kerb-chg-password-02.txt
(check_shadow): check for a NULL sp
*** empty log message ***
(ACLOCAL): just use `cf', this variable is only used when the current
*** empty log message ***
add inetd flag. default means try to figure out if stdin is a socket
*** empty log message ***
(copy_stream): avoid calling mmap with `len == 0'. Some mmap:s rather
(send_data): avoid calling mmap with `len == 0'. Some mmap:s rather
*** empty log message ***
(get_addrs_int): try the different ways sequentially instead of just
*** empty log message ***
always enable md5 crypt
new test
*** empty log message ***
add md5crypt_test
*** empty log message ***
unsigned char makes everything better
add missing brace
(proto): be more careful with the return value from krb5_net_read
(do_read): be careful with the return value from krb5_net_read
*** empty log message ***
(proto): only trust errno if krb5_net_read actually returns -1
ifdef away
(proto): don't trust errno if krb5_net_read hasn't returned -1
(v5_loop, kadmind_loop): more error checking and more correct error
(handle_v4): more error checking and more correct error messages
(krb5_recvauth): only look at errno if krb5_net_read actually returns
(krb5_sendauth): only look at errno if krb5_net_read actually returns
*** empty log message ***
(getit): be more suspicious when parsing the result of MDTM. Do the
*** empty log message ***
(krb5_enctype): des3-cbc-sha1 (with key derivation) just got assigned
(etypes): remove NEW_DES3_CODE, enable des3-cbc-sha1 and keep
(--enable-new-des3-code): remove
(recv_conn): give better error message
*** empty log message ***
(kadm_ser_cpw): initialize password
*** empty log message ***
(doit): remember to step over the error message when we discover that
*** empty log message ***
move-around. clean-up, rename, make consistent (and some other weird
update util.c prototypes
add setting of expiration and password expiration
update with new names of functions in util
add parsing of lots of options. From Love <lha at stacken.kth.se>
(edit_timet): break when we manage to parse the time not the inverse.
update list of configure options
*** empty log message ***
(kadmin_SOURCES): add random_password.c
add support for --random-password
add prorotype for random_password
steal from krb4 and fix
*** empty log message ***
(hdb_set_master_key): don't call des_set_random_generator_seed
start describing changes to 0.1n
*** empty log message ***
(IN6_ADDR_V6_TO_V4): use `s6_addr' instead of the non-standard
(add_one_principal): initialize `default_ent'
(v5_loop): use correct error code
(set_password): use correct variable. From Love <lha at e.kth.se>
*** empty log message ***
(childhandler): watch for child `wait_on_pid' to die.
*** empty log message ***
(send_and_recv): handle EINTR properly. return on EOF. always free
(handle_tcp): try to print warning `TCP data of strange type' less
(telnet_spin): actually return the value from ttloop (otherwise it's
(ttloop): update prototype
(ttloop): make it return 1 if interrupted by a signal, which must have
*** empty log message ***
(send_and_recv): rename to recv_loop and remove the sending of data.
(krb524_convert_creds_kdc): check return value from `krb5_sendto_kdc'
(libhdb_la_SOURCES): add keytab.c. From Love <lha at e.kth.se>
admin doesn't need any keytab any longer
*** empty log message ***
something about password quality assurance
moved to lib/kadm5
sample password quality checker moved here from ../../kpasswd
(S_SOURCES): add password_quality.c
(kadm5_setup_passwd_quality_check,kadm5_check_password_quality): add
password quality checking functions
(kadm_ser_cpw): add password quality functions
move out password quality functions
*** empty log message ***
only create you loose packets when we fail decoding and not when an
*** empty log message ***
(init): also create `changepw/kerberos'
*** empty log message ***
*** empty log message ***
new files
(libkrb5_la_SOURCES): add keytab_file.c, keytab_memory.c
move out file and memory functions
(krb5_fkt_ops, krb5_mkt_ops): new variables
(srvconv): move common code
add krb4 and correct some if's
add keytab_krb4.c
(krb5_kt_cursor): add a `data' field
new file
add `ktutil copy'
*** empty log message ***
add comments and clean-up
revert back awk test, not worked around in roken.awk
*** empty log message ***
(libkrb5_la_SOURCES): add keytab_keyfile.c
(krb5_cc_resolve): move the registration of the standard types of
(init_context_from_config_file): register all standard cache and
move the list of keytab types to the context
new file
remove O_BINARY
(krb5_context_data): add keytab types
(O_BINARY): add fallback definition
*** empty log message ***
(krb5_cksumtype): comment out CKSUMTYPE_SHA1
*** empty log message ***
(ka_convert): set flags correctly for krbtgt/CELL principals
(main): remove bogus error with `--print'. remove sysloging of number
*** empty log message ***
(_kadm5_client_recv): return result in a `krb5_data' so that we avoid
(kadm5_c_chpass_principal): new _kadm5_client_recv
(kadm5_c_create_principal): new _kadm5_client_recv
(kadm5_c_delete_principal): new _kadm5_client_recv
(kadm5_c_get_principal): new _kadm5_client_recv
(kadm5_c_get_principals): new _kadm5_client_recv
(kadm5_c_modify_principal): new _kadm5_client_recv
(_kadm5_client_recv): update prototype
(kadm5_c_get_privs): new _kadm5_client_recv
(kadm5_c_randkey_principal): new _kadm5_client_recv
(kadm5_c_rename_principal): new _kadm5_client_recv
*** empty log message ***
(get_cell_and_realm): only remove the newline if it's there
(kt_add): check the return-value from fgets and overwrite the password
(verify_user_otp): check return value from des_read_pw_string
*** empty log message ***
(main): check return value from des_read_pw_string
(main): check the return value from fgets
(main): don't print any error if reading the password was interrupted
(krb5_password_key_proc): check return value from des_read_pw_string
(krb5_get_init_creds_password): return KRB5_LIBOS_PWDINTR when interrupted
*** empty log message ***
*** empty log message ***
revert 1.54, get_default_username should DTRT now
(strcpy_truncate): change return value to be the length of `src'
*** empty log message ***
rename strc{py,at}_truncate.c to strlc{py,at} strcpy_truncate.c strcat_truncate.c
rename strc{py,at}_truncate -> strlc{py,at}
test for strlcpy, strlcat
rename strc{py,at}_truncate to strlc{py,at}
update name and prototype
*** empty log message ***
(strlcat): call strlcpy
strc{py,at}_truncate -> strlc{py,at}
large strc{py,at}_truncate -> strlc{py,at} replacement
strc{py,at}_truncate -> strlc{py,at}
(recv_krb4_auth): set `iv'
*** empty log message ***
(mod_entry): print the correct principal name in error messages. From
make functions more consistent
new program for printing asn1 structures
add asn1_print
*** empty log message ***
(decode_general_string): remember to advance ret over the length-len
new files
add nt_gss_client and nt_gss_server
(gss_accept_sec_context): stove away `krb5_ticket' in context so that
(gss_delete_sec_context): free ticket
(gss_ctx_id_t_desc): add ticket in here. ick.
(gss_init_sec_context): initialize `ticket'
add kdecode_ticket
new debug program
*** empty log message ***
(loop): print length of octet string
update universal tags
(tag_names); add another univeral tag
*** empty log message ***
add win2k
use the correct header file
(configure): use parse_bytes
add err.h
(_kadm5_privs_to_string): forgot one strcpy_truncate -> strlcpy
new files
add parse_bytes.[ch]
*** empty log message ***
new file
(libkrb5_la_SOURCES): add copy_host_realm.c
(krb5_aname_to_localname): use krb5_get_default_realms
change from `default_realm' to `default_realms'
(krb5_context_data): change `default_realm' to `default_realms'
comment
(krb5_get_default_realms): add
(krb5_kuserok): use `krb5_get_default_realms'
add support for having several default realms
(krb5_verify_user_lrealm): ariant of krb5_verify_user that tries in
(krb5_verify): use krb5_verify_user_lrealm
(verify_krb5): remove krb5_kuserok. use krb5_verify_user_lrealm
(doauth): use krb5_get_local_realms and krb5_verify_user_lrealm
*** empty log message ***
simplify by using der_put_length_and_tag
add test cases for Generalized time and make sure we return the
*** empty log message ***
(dump_krb4): kludge default_realm
(match_local_auth): only look for FamilyLocal (and FamilyWild)
*** empty log message ***
*** empty log message ***
add prototype for fclose to make sunos happy
*** empty log message ***
moved netinfo code here
new file
(bin_PROGRAMS): add verify_krb5_conf
rewritten to allow error messages
*** empty log message ***
add and rename to 0.2a
link kadmind with -ldl when needed
(add_one_principal): `password' can cactually be NULL in the overwrite
(krb5_start_session): correct the ccache to krb524_convert_creds_kdc
*** empty log message ***
(get_ad_tkt): update to new krb524_convert_creds_kdc
(verify_krb5): update to new krb524_convert_creds_kdc
(get_cred): update to new krb524_convert_creds_kdc
(krb524_convert_creds_kdc): get new credentials from the KDC if the
(krb5_compare_creds): fix spelling of krb5_enctypes_compatible_keys
(krb5_enctypes_compatible_keys): spell correctly
*** empty log message ***
(_kadm5_c_init_context): use `krb5_get_krb_admin_hst'. check return
*** empty log message ***
comments
(krb524_convert_creds_kdc): look at the type of the session key
*** empty log message ***
fall-back definitions for constans and casts for printfs
*** empty log message ***
(OPTS): shouldn't this be a STRING instead of foo?
(getarg): also set optind when returning error
*** empty log message ***
(handle_tcp): things work much better when ret is initialized
*** empty log message ***
(krb5_verify_user_lrealm): free the correct realm part
(krb5_copy_host_realm): copy all the strings
*** empty log message ***
clean-up and comment-up
(krb5_compare_creds): const-ify
(krb5_mk_req): use krb5_free_host_realm
(CLEANFILES): add generated files so that they get cleaned away
const-ize the prototypes
const-ize and remove some casts
(krb5_string_to_salttype): new function
more const
(krb5_ccache_data): make `ops' const
const-ize
const-ize and comment
(RCSID): const correctness
*** empty log message ***
(MD5Update): type correctness
(AC_FIND_FUNC_NO_LIBS): new argument `extra libs'
(AC_FIND_FUNC_NO_LIBS2): new argument `extra libs'
*** empty log message ***
*** empty log message ***
(proto): be more careful and don't print errno when read() returns 0
*** empty log message ***
(_kadm5_set_keys): ignore old keys when setting new ones and always
(krb5_get_wrapped_length): more correct calculation
(loop): close some omre fd's
read fixes
(get_des_key): support null keys
(find_etype): support null keys
add xnlock
only test for db.h with using berkeley_db
check memory and such
check for db_185.h
reorder db includes
*** empty log message ***
add an explicit dependency
revert last commit
*** empty log message ***
(kadmin_LDADD): add LIB_dlopen
*** empty log message ***
*** empty log message ***
(free_keys): free more memory
(kadm5_s_randkey_principal): use _kadm5_set_keys_randomly
Release 0.2a
*** empty log message ***
-x
(make_proto): proper variable?
try again
move around _SOURCES to make fix-export happier
remove -x
(krb4): test for KRB_VERIFY_NOT_SECURE
(verify_krb5): need realm for v5 -> v4
*** empty log message ***
(configure): add a missing strdup. From Michal Vocu
(config_binding_to_list): fix copy-o. From Michal Vocu
(krb5_set_default_realm): use krb5_config_get_strings, which means
(AM_INIT_AUTOMAKE): bump to 0.2b-pre
(get_cred): always request a DES key
(parse_binding): handle line with no whitespace before =
(main): support speicifying the configuration file to test on the
(LIB_roken): add dbopen. getcap in roken references dbopen and with
(krb5_mk_req): remove unused variable
use LIB_roken
(LDADD): add $(LIB_dlopen)
bump version to 1:3:0
bump version to 0:2:0
bump version to 3:1:0
bump version to 4:0:0 (krb524_convert_creds_kdc and potentially some
set version to 0:2:0
set version to 3:0:0
set version to 0:1:0
set version to 1:1:1
set version of kadm5srv to 3:0:2 (new password quality functions)
*** empty log message ***
(do_read): the encoded length can be longer than the buffer being
(main): ignore SIGPIPE
*** empty log message ***
(show_issue): don't interpret contents of /etc/issue* as printf
(help): it's unnecessary to interpret help strings as printf commands
*** empty log message ***
*** empty log message ***
Release 0.2b
*** empty log message ***
bump version to 0.2c-pre
(do_login): chown and chmod the tty. some clean-up.
*** empty log message ***
(args): add `-B' as an alias for `--builtin-ls' to allow for stupid
some const-poisoning
(lstat_file): new function for avoiding stating AFS mount points.
*** empty log message ***
(builtin_ls): fix typo, 'd' shouldn't imply 'f'
*** empty log message ***
don't use warnx to print errors
(lstat_file): don't set st_mode, it should already be correct
one \n -> \r\n
remove getspuid
(configure): more careful with the port string
bump version to 4:1:0
*** empty log message ***
exit 1 when failing
Release 0.2c
fix
fix dependency on parse.h
some const-ing
some const
(start_logout_proceess): don't examine `prog' before setting it.
*** empty log message ***
typo
*** empty log message ***
use `unsigned char' instead of `u_int8_t' to avoid having to have that
bump version to 3:1:0
*** empty log message ***
test for pthread.h
more const
Release 0.2c
remove double
const
more dependencies to handle parallel makes
change the test case. apparently we should not include $ after the
*** empty log message ***
(tests): update the test cases with empty principals so that they
*** empty log message ***
(print_tree): check for empty tree
*** empty log message ***
(krb5_parse_name): check memory allocations
<sys/ioccom.h> is needed for kafs.h
(make_fileinfo): cast uid's and gid's to unsigned in printf, we don't
*** empty log message ***
(PARSE_INT_FORMAT): add redundant casts to work around a gcc-bug that
(login_DEPENDENCIES): remove, it's not entirely correct and was
*** empty log message ***
add yet another argument to allow specify linker flags that will be
*** empty log message ***
(install-build-headers): use `cp' instead of INSTALL_DATA for copying
*** empty log message ***
(list_file): correct prototype
foo const
(VERSION): bump to 0.2d-pre
(main): redo the v4/v5 selection for consistency.
*** empty log message ***
(_kadm5_set_keys_randomly): set enctypes correctly in the copied keys
(set_etypes): new function
(krb5_keytype_to_enctypes_default): new function
(init_tgs_req): use krb5_keytype_to_enctypes_default
add default_etypes_des
(krb5_context_data): add `etypes_des'
*** empty log message ***
bump version to 3:2:0
bump version to 5:0:0 to be safe (krb5_context_data has changed and
bump version to 4:0:0 and 3:0:0 (they access fields directly in
*** empty log message ***
Release 0.2d
*** empty log message ***
(S_ISSOCK, S_ISLNK): fallback definitions for systems that don't have
*** empty log message ***
spell copyhostent correctly
include X_PRE_LIBS and X_EXTRA_LIBS when testing
*** empty log message ***
(install-build-headers): use `cp' instead of INSTALL_DATA
*** empty log message ***
(do_login): conditionalize shadow stuff on getspnam
*** empty log message ***
(parse_something): try to handle the case of no value specified a
new file
add parse_bytes-test
*** empty log message ***
*** empty log message ***
new file
replace the BSD implementation by one of our own coding
(xyzprintf): try to do the right thing with an % at the end of the
add strptime and strpftime-test
add a new type of argument: `arg_counter'
add arg_counter
*** empty log message ***
(AC_BROKEN_SNPRINTF): add strptime
(args): use arg_counter for `l'
remove extra character
(krb5_get_init_creds_password): remove preauthentication generation
(krb5_get_in_cred): generate preauthentication information if we get
*** empty log message ***
*** empty log message ***
make `-v' a arg_counter
*** empty log message ***
remove duplicate test for setsockopt
type corretness
types
(str2deltat): update prototype
(str2deltat): actually use a `krb5_deltat'
(find_keys): etypes should be int
(define_type): make length in sequences be unsigned.
(generate_2int, generate_units): make sure bit constants are unsigned
some types
update prototypes
(kadm5_setup_passwd_quality_check): use correct types for function
(KRB5_TC_*): make constants unsigned
make sure to use db only if we have both the library and the header
signedness
(strftime): handle `%z' and `%Z' in a tm_gmtoff-less world
*** empty log message ***
(main): getopt returns -1 not EOF. From <art at stacken.kth.se>
(main): getopt returns -1 not EOF. From <art at stacken.kth.se>
*** empty log message ***
initial ?
(yylex): correct prototype
(include_HEADERS): add rc4.h
(init_context_from_config_file): don't initialize default realms
(krb5_get_default_realm, krb5_get_default_realms): set realms if they
remove some unused stuff
*** empty log message ***
(_kadm5_c_init_context): call krb5_add_et_list so that we aren't
(_kadm5_s_init_context): call krb5_add_et_list so that we aren't
*** empty log message ***
new file
(libkrb5_la_SOURCES): add add_et_list.c
(init_context_from_config_file): set `scan_interfaces'
(krb5_get_all_client_addrs): make interaces scanning optional
(krb5_context_data): add `scan_interfaces'
*** empty log message ***
set LIBNAME. From Enrico Scholz <Enrico.Scholz at informatik.tu-chemnitz.de>
*** empty log message ***
(afslog_uid_int): don't look at the local realm at all. just use the
*** empty log message ***
(find_all_addresses): change code to actually increment buf_size
*** empty log message ***
only build when we have X11. From: Simon Josefsson <jas at pdc.kth.se>
*** empty log message ***
new version of brezak-win2k-krb-rc4-hmac
some code for doing RC4/MD5/HMAC which might not be totally different
(get_addrs_int): fix typo
it works better with #ifdef USE_DB than #if USE_DB
(krb5_keytype): add KEYTYPE_RC4
add <rc4.h>
(krb5_destroy): free the correct part of the context
*** empty log message ***
(get_dbinfo): ugly cast work-around.
(make_fileinfo): cast to allow for non-const prototypes of readlink
(main): remember to close the priviledged sockets before calling
(find_db_spec): ugly cast work-around.
*** empty log message ***
(afslog_uid_int): handle d->realm == NULL
*** empty log message ***
(ipv4_uninteresting): ignore 0.0.0.0 (INADDR_ANY)
*** empty log message ***
(ARCFOUR_string_to_key): change order of bytes within unicode
*** empty log message ***
(krb4_auth): obtain the `local' address when doing NAT. also turn on
(krb4_authenticate): obtain the `local' address when doing NAT. also
(getopt): return -1 instead of EOF. From <art at stacken.kth.se>
*** empty log message ***
(libdes_la_SOURCES): add rc4_enc.c
new file for deleting enctypes
(kadmin_SOURCES): add del_enctype.c
add `del_enctype'
(kadm_ser_mod): use kadm5_s_modify_principal (no _with_key)
(kadm5_s_modify_principal_with_key): remove
(kadm5_s_modify_principal): support key_data
*** empty log message ***
(del_enctype): try not to leak memory
*** empty log message ***
kadmin del_enctype
(recv_conn): better errors when getting unrecognized data
*** empty log message ***
*** empty log message ***
(sec_login): check return value from realloc
*** empty log message ***
(crypt_md5): add trailing $
*** empty log message ***
(args): set correct variable when `-l' so that logging actually works
*** empty log message ***
(getdatasock): make sure to keep the port-number of the outgoing
*** empty log message ***
new files
driver program for testing getaddrinfo
new file
remove commented-out stuff
arpa/inet.h: include
(SOURCES): add freeaddinfo, getaddrinfo, getnameinfo, gai_strerror
(EXTRA_libroken_la_SOURCES): add freeaddinfo, getaddrinfo,
copyright update
(add_hostent): search for the canonical name among all aliases
(BROKEN): check for freeaddrinfo, getaddrinfo, getnameinfo,
(const_v*): no sizeof(sizeof())
(mini_inted): rewrite to use `getaddrinfo'
*** empty log message ***
*** empty log message ***
(krb5_parse_address): use getaddrinfo
(krb5_expand_hostname): use getaddrinfo
(krb5_sname_to_principal): use getaddrinfo
(install-build-headers): add dependency
re-write to use getaddrinfo
(hookup): re-write to use getaddrinfo
(guess_domain): re-write to use getaddrinfo
(doit): rewrite to use getaddrinfo
(find_auth_cookie, match_local_auth): re-write to use getaddrinfo
(connect_host): use getaddrinfo
use getaddrinfo
re-write to using getaddrinfo.
use getnameinfo
(client_doit): move identical code here and start using getaddrinfo
(client_doit): add prototype
use client_doit
*** empty log message ***
(socklen_t): make independent of sockaddr_storage
add constants for getaddrinfo, getnameinfo
move AC_KRB_IPv6 to make sure it's performed before AC_BROKEN
use krb5_warn{,x}
(kadm5_log_foreach): change to take a `kadm5_server_context'
adapt to changed kadm5_log_foreach
add err.h
(krb5_kuserok): type correctness
(_kadm5_set_keys_randomly): add prototype
(_kadm5_set_keys): make clearer by changing negative to possitive
*** empty log message ***
replace inaddr2str by getnameinfo
(recv_conn): replace inaddr2str with getnameinfo
remove items about getaddrinfo/rfc2553
new file
(getnameinfo_verified): add prototype
removed
(libroken_la_SOURCES); removed inaddr2str
*** empty log message ***
obvious fixes
(dolog): use getnameinfo_verified
(recv_conn): use getnameinfo_verified
(doit): use getnameinfo_verified
(inaddr2str): remove
*** empty log message ***
move getnameinfo_verified to roken.h.in
move getnameinfo_verified here from roken-common.h
*** empty log message ***
(dolog): update prototype
*** empty log message ***
add --count (print number of messages and bytes at beginning)
update with --count
remove roken.h
(do_connect): use `getaddrinfo'
*** empty log message ***
replace inaddr2str with getnameinfo_verified
*** empty log message ***
remove netdb.h
(INADDR_LOOPBACK): add fallback definition
(INADDR_LOOPBACK): remove. now in roken.
remove includes
remove netdb.h, arpa/inet.h
*** empty log message ***
*** empty log message ***
*** empty log message ***
(connect_host): typo
(recv_conn): type correctness
*** empty log message ***
(krb4_authenticate): the NAT address might not be the one for the
(krb4_auth): the nat-IP address might not be realm bounded.
*** empty log message ***
*** empty log message ***
*** empty log message ***
bump version to 1:4:0
bump version to 6:0:1
bump version to 0:3:0
bump version to 4:0:0
set version to 1:0:1
set version to 1:2:1
bump version to 5:0:0 and 4:0:0
*** empty log message ***
Release 0.2e
*** empty log message ***
(krb5_change_password): use the correct address
(kadm5_c_init_with_context): don't use unitialized stuff
*** empty log message ***
(kadm5_c_init_with_context): stupid fixes
add support for _kerberos.domain (according to
(krb5_get_krb_changepw_hst): add
(get_kdc_address): use `krb5_get_krb_changepw_hst'
*** empty log message ***
(mini_inetd): fix lack of brain (not permanently)
bump version to 6:1:1
*** empty log message ***
bump version to 4:1:0
Release 0.2f
*** empty log message ***
(krb5_425_conv_principal_ext): be more robust and handle extra dot at
*** empty log message ***
remove duplicate test for el_init
(VERISON): bump to 0.2g-pre
*** empty log message ***
macosx = rhapsody ~= nextstep also can't handle various definitions of
*** empty log message ***
add prototypes for str[pf]time
*** empty log message ***
(usage): don't use arg_printusage
*** empty log message ***
(do_connect): remove bogus local block variable
*** empty log message ***
(doit): addrinfo returned from getaddrinfo() is not usable directly as
(get_null): set loopback with correct endianess for v4. dunno about
(client_doit): add forgotten ntohs
(proto): remove shadowing `context'
*** empty log message ***
print messages to stderr
(name2number): not used here. remove.
*** empty log message ***
(match_local_auth): handle ai_canonname not being set
(krb5_expand_hostname): handle ai_canonname not being set
(krb5_sname_to_principal): handle ai_canonname not being set
(hookup): handle ai_canonname not being set
(guess_domain): handle ai_canonname not being set
(*): handle ai_canonname not being set
htons should really be ntohs
*** empty log message ***
(struct sockaddr_storage): redefine with the example code from rfc2553
*** empty log message ***
(tests): update to work
bump version to 6:2:1
*** empty log message ***
bump version to 4:2:0
Release 0.2g
*** empty log message ***
(match_local_auth): remove extra brace. spotted by Jakob Schlyter
Release 0.2h
*** empty log message ***
(get_nodes): use getipnodebyname instead of gethostbyname(2)
use getaddrinfo instead of getnodebyname{,2}
(send_via_proxy): new function
(send_via_proxy): free data
*** empty log message ***
(get_socket): use getaddrinfo
(pop_init): use getnameinfo_verified
*** empty log message ***
*** empty log message ***
(VERSION): bump to 0.2i-pre
(_kadm5_c_init_context): handle getting back port number from admin
*** empty log message ***
(libkrb5_la_LDFLAGS): bump version to 6:3:1
(libkadm5clnt_la_LDFLAGS): bump version to 4:1:0
(libroken_la_LDFLAGS): bump version to 4:3:0
*** empty log message ***
*** empty log message ***
Release 0.2i
*** empty log message ***
(roken.h): add $(EXEEXT) to make this work on cygwin et al
*** empty log message ***
(print_version.h): use $(EXEEXT)
(krb5-types.h): add $(EXEEXT) for cygwin and related systems
(asn1_files): add $(EXEEXT) for cygwin and related systems
(strpftime-test): define sources to avoid having '.o'
don't use sa_len as a parameter, it's defined on Irix
*** empty log message ***
add --without-ipv6
*** empty log message ***
add --without-ipv6
try linking, not only compiling
*** empty log message ***
(sockaddr_storage): drop leading underscore on `public' fields. this
*** empty log message ***
(TTYinfo): add fallback if we fail to find "le" in termcap.
*** empty log message ***
update mail address of Brian May per request
*** empty log message ***
Release 0.2j
clean
(event2string): handle events without principal. From Luke Howard
(kadm5_s_get_principal): handle modified_by->principal == NULL
*** empty log message ***
(gss_delete_sec_context): always set `output_token'
(init_auth): always initialize `output_token'
(gss_accept_sec_context): always set `output_token'
fix typo
(main): call krb5_getportbyname with the default in host-byte-order
*** empty log message ***
(main): call k_getportbyname with port number in network-byte-order
*** empty log message ***
(krb4): use `-ldes' in tests
(sockaddr_storage): change padding so that we have one char[] of pad
*** empty log message ***
(strpftime_test_SOURCES): correct source file name
*** empty log message ***
try to link with shared libraries if we don't find any static ones
*** empty log message ***
realloc properly without leaking memory
add requiring of AC_HEADER_STDC
not used
re-organize:
(env_opt_start): fix typo
(addarg): make void (return value isn't check anyway). fatal error
*** empty log message ***
(krb5_keytab_entry): add timestamp
(fkt_add_entry): store timestamp
*** empty log message ***
(krb5_kt_copy_entry_contents): copy timestamp
(akf_next_entry): set timetsamp, always go the a predicatble position
add change
(list): support --verbose (also listning time stamps)
update
(srvconv): set timestamp in newly created entries
(do_ext_keytab): set timestamp
check initial flag in ticket and allow users to change their own
(akf_next_entry): remove unused variable
*** empty log message ***
*** empty log message ***
bump copyright to 19100
0.2k
split up ktutil in several files
new function
add purge
update with purge
*** empty log message ***
(krb5_sendto_kdc): advance colon so that we actually parse the port
*** empty log message ***
(ktutil_SOURCES): add purge
(kt_purge): add
move stuff from common ldadd to kadmin dito
(read_v4_entry): set timestamp
Release 0.2k
*** empty log message ***
(krb5_sname_to_principal): handle not getting back a canonname
*** empty log message ***
random code
add ftp.1
add telnet.1
add telnetd.8
add man pages
add kafs.3
(ARCFOUR_string_to_key): correct signature
(add_padata): change types to make everything work out
(dump_krb4): use `krb5_get_default_realms'
(_kadm5_s_init_context): handle params == NULL
*** empty log message ***
set version to 4:1:1
set version to 7:0:0
set version to 0:4:0
(krb5_sname_to_principal): remove `hp'
bump version to 5:0:0
bump both versions to 0:1:0
(libkadm5srv.la): bump version to 5:1:0
*** empty log message ***
Release 0.2l
*** empty log message ***
revert timeval bonus
(hookup): handle ai_canonname being set in any of the addresses
(guess_domain): handle ai_canonname being set in any of the addresses
*** empty log message ***
(match_local_auth): handle ai_canonname being set in any of the addresses
(tn): handle ai_canonname being set in any of the addresses
(krb5_expand_hostname): handle ai_canonname being set in any of the
(krb5_sname_to_principal): use krb5_expand_hostname
*** empty log message ***
new file: replacement for ac_c_bigendian
move around --enable options
*** empty log message ***
replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN
fix cache variable names
move parentheseis around (hopefully better know)
(WORDS_BIGENDIAN): define based on result from KRB_C_BIGENDIAN
typo
add missing .El
add missing .el
Release 0.2m
*** empty log message ***
bump version to 7:1:0
*** empty log message ***
(krb5_expand_hostname_realms): new variant of krb5_expand_hostname
(krb5_km_req): use krb5_expand_hostname_realms
(krb5_sname_to_principal): use krb5_expand_hostname_realms
*** empty log message ***
new file
(_PATH_DEV): add
use vstrcollect
add strcollect.[co]
(libroken_la_SOURCES): add strcollect.c
*** empty log message ***
(libroken_la_SOURCES): add strcollect.c
(do_version4): check if preauth was required and bail-out if so since
*** empty log message ***
remove (unnecessary) text about adding keytab entry for kadmind
change the prefered order to be db.h, ndbm.h, dbm.h
quote spaces
(replace_chars): also add space here
(error_table_name): add __P
moved __P here and added it to the function prototypes
remove __P definition (now in com_right.h). this file always includes
*** empty log message ***
(krb5_mk_req): make `service' and `hostname' const
(append_component, va_ext_princ, va_princ): const-ize
(append_component): change parameter to `const char *'. check malloc
update to refer to the draft on rc4
(auth_init): const-ify
(auth_init, Name): const-ify
(encrypt_init): const-ify
(encrypt_init, Name): const-ify
(auth_encrypt_init, auth_encrypt_user): const-ify
(auth_encrypt_init, RemoteHostName, LocalHostName): const-ify
(RemoteHostName, LocalHostName): const-ify
re-indent a tiny bit
(krb5_verify_init_creds): make sure to clean up the correct creds.
*** empty log message ***
checking all parsing for errors and all memory allocations also
move to the pseudo-standard APIs for md4,md5,sha
start using the pseudo-standard APIs for the hash functions
update to pseudo-standard APIs for md4,md5,sha.
*** empty log message ***
update to pseudo-standard APIs for md4,md5,sha.
update to pseudo-standard APIs for md4,md5,sha.
spelling
(auth_encrypt_user): const-ify
update to pseudo-standard APIs for md4,md5,sha.
*** empty log message ***
(gss_delete_sec_context): handle a NULL output_token
(mini_inetd): make failing to create a socket non-fatal
(mini_inetd): count sockets properly. and fail if we cannot bind any
(mini_inetd): separate number of allocated sockets and number of
(mini_inetd): fix warn call
(main): figure out port number
*** empty log message ***
(main): make sure the ticket is not forwardable and not proxiable
(get_new_cache): make sure to request non-forwardable, non-proxiable
*** empty log message ***
add note about death to krb5_get_krbhst
*** empty log message ***
(main): kludge around lack of context by sending NULL to
unconfuse port usage
(kerberos5_forward): spelling fix
(do_version4): look at check_ticket_addresses and emulate that by
*** empty log message ***
modernize
remember to lower-case host names. bug reported by <amu at mit.edu>
(get_key_from_keytab): rename parameter to `out_key' to avoid
*** empty log message ***
klduge-around KLUDGELINEMODE
hopefully catch a few more declarations by including <ndbm.h> even if
(ring_encrypt): better proto
*** empty log message ***
add <des.h>
remove des.h, it's not needed and applications should not have to make
update to new prototype of krb5_timeofday
(checksum_authenticator): update to new API for md5
(krb5_timeofday): use `krb5_timestamp' instead of `int32_t'
*** empty log message ***
remove old prorotypes
*** empty log message ***
only have des stuff if KRB4
*** empty log message ***
add des.h
bump copyright to 2000
add missing .El. from itojun by way of NetBSD
add macros for accessing krb5_realm
*** empty log message ***
*** empty log message ***
new krb5_timeofday
*** empty log message ***
*** empty log message ***
(sec_read): more paranoia with return value from sec_get_data
(LDADD): make sure we use the heimdal libdes
(kerberos4_is): send a reject back to the client when we're not
*** empty log message ***
(change_password): replace strncpy with strlcpy
(krb5_kt_default_name): use strlcpy
(mkt_get_name): use strlcpy
use memcpy and strlcpy
*** empty log message ***
set version to 8:0:0
set version to 0:5:0
set version to 6:0:1
set version to 2:0:0
update version to 1:0:1
(libkadm5clnt_la_LDFLAGS): set version to 4:2:0
*** empty log message ***
Release 0.2n
fixup
remove extra files that got in
(help_flag, version_flag): they don't belong here
(help_flag, version_flag): should be static, these are not used by
(krb5_set_extra_addresses): const-ize and use proper abstraction
add some comments
(init_sockets): pay attention to explicit_addresses
remove key-file
remove keyfile
(addresses_str): make static
*** empty log message ***
(gss_accept_sec_context): set trans flag
updates
first try
add {export,import}_sec_context
(gss_delete_sec_context): set context to GSS_C_NO_CONTEXT
*** empty log message ***
(proto): divide up
(tn): only set tos for AF_INET. From itojun at iijlab.net
*** empty log message ***
(gss_accept_sec_context): set target in context_handle
(export_sec_context: add flags for what fields are included. do not
(import_sec_context: add flags for what fields are included. do not
add flags for import/export
*** empty log message ***
add `--fork' / `-f' (only used by gssapi)
(read_token): check malloc
(proto): with `--fork', create a child and send over/receive creds
*** empty log message ***
(do_authenticate): return the kvno of the server and not the client.
add chaskiel
*** empty log message ***
(do_version4): if an tgs-req is received with an old kvno, return an
*** empty log message ***
bump version to 7:0:2
set version to 1:0:1
set version to 9:0:0
*** empty log message ***
(mandoc_template): better man-stuff for negative options
move down roken-common.h
update to reality
(mandoc_template): also fix no- prefix in .Sh OPTIONS
*** empty log message ***
Release 0.2o
*** empty log message ***
move up roken-common.h again.
remove roken_getaddrinfo_hostspec
(fork_flag): add
(PARSE_INT_FORMAT): note that shorts are actually transmitted as ints
*** empty log message ***
(krb5_parse_address): use krb5_sockaddr2address to copy the result
(doit): check return value from parse_hdbflags2int correctly
*** empty log message ***
(descr): add sockaddr and string representation
*** empty log message ***
set version to 7:1:2
set version to 9:1:0
*** empty log message ***
(krb5_expand_hostname): make sure that realms is filled in even when
*** empty log message ***
Release 0.2p
*** empty log message ***
*** empty log message ***
upgrade
new stuff
initialize `descr' uniformly and correctly
*** empty log message ***
(add_new_tcp): use the correct entries in the descriptor table
(krb5_expand_hostname_realms): copy the correct hostname
*** empty log message ***
install mk_cmds in bin
set version to 9:2:0
Release 0.2q
*** empty log message ***
(krb5_store_creds): check to see that the stores are succesful.
(fcc_initialize, fcc_store_cred): verify that stores and close succeed
*** empty log message ***
bump to 0.2r-pre
(init_context_from_config_file): change rfc2052 default to no. 2782
(mod_entry): free princ_ent once
add back int (got lost)
(readline): be more liberal in what we accept from el_gets. if count
*** empty log message ***
add timeval prototypes
*** empty log message ***
add timeval functions
(libroken_la_SOURCES): add timeval.c
(SOURCES): add timeval.c
*** empty log message ***
(v4_prop): set the `valid_end' from the v4 expiration date instead of
(ka_entry): fix name pw_end -> valid_end. add some more fields
(dump_krb4): get expiration date from `valid_end' and not `pw_end'
*** empty log message ***
(kerberos5_init): check that we do have a keytab before saying that we
*** empty log message ***
remove extra stuff that was comitted accidently
*** empty log message ***
update and add reference to kdc.conf(8)
remove references to kdc.conf
add man-page for pfrom
*** empty log message ***
add man-page for string2key
kill help/version optiosn
add man-page for verify_krb5_conf
*** empty log message ***
add some more options
add support for anonyous tickets
(_krb5_extract_ticket): new parameter to determine whetever to ignore
(get_cred_kdc): update call of _krb5_extract_ticket
(krb5_get_init_creds_opt_set_anonymous): add
(get_init_creds_common): set request_anonymous flag appropriatly
(krb5_get_init_creds_opt): add `anonymous' and KRB5_GET_INIT_CREDS_OPT_ANONYMOUS
*** empty log message ***
add `krb4_get_tickets' per realm
update
mandoc-generation
*** empty log message ***
(SL_BADCOMMAND): define
*** empty log message ***
(arg_match_short): backup optind when there's a missing argument so
*** empty log message ***
(krb5_get_init_creds_password): evil hack to avoid recursion
*** empty log message ***
(check_flags): make global
(do_version4): call check_flags.
(do_authenticate, do_getticket): call check_flags
*** empty log message ***
(_SS_PAD1SIZE): try to write an inpenetrable expression that also
*** empty log message ***
add 230 for MacOS X per information from <warner.c at apple.com>
*** empty log message ***
add support for display v4 tickets
update documentation
*** empty log message ***
update
(map_syscall_name_to_number): ignore # at beginning-of-line
*** empty log message ***
(afslog_uid_int): use krb_get_tf_fullname instead of
warn we do not find any yacc
*** empty log message ***
newer drafts
make versions later than 5.7 of solaris also use 73
*** empty log message ***
add Id
add --key
(parse_des_key): add prototype
(kadmind_dispatch): add kadm_chpass_with_key
(hex2n, parse_des_key): add
(kadm5_c_chpass_principal_with_key): add
comment-ize and change calling convention for _kadm5_set_keys*
(kadm5_chpass_principal_with_key): add
update to new prorotype of _kadm5_setup_entry and _kadm5_set_keys
(_kadm5_setup_entry): add context
(set_funcs): add chpass_principal_with_key
new _kadm5_setup_entry
(struct kadm_func): add chpass_principal_with_key
(_kadm5_set_keys2): rewrite
*** empty log message ***
make sure to always call time, ctime, and gmtime with `time_t's.
(make_fileinfo): make sure to always call time, ctime, and gmtime with
(*): make sure to always call time, ctime, and gmtime with `time_t's.
time_t-foobar
(putenv): bug fixes from <hin at stacken.kth.se>
(print_expire): do not assume anything about the size of time_t,
*** empty log message ***
import current version from subversions.gnu.org plus small modifications
try to update to freebsd5 (and elf)
*** empty log message ***
recognize solaris 2.8
*** empty log message ***
(tn): clean-up a tiny little bit. give-up if we do not manage to
*** empty log message ***
AC_MSG_WARNING should be AC_MSG_WARN
*** empty log message ***
remember to repoint all descr->sa to _ss after realloc as this might
(krb5_425_conv_principal_ext): add some comments. add fall-back on
new stuff
*** empty log message ***
*** empty log message ***
rename all st_mtime variables to avoid conflict with #define.
(init): create changepw/kerberos with disallow-tgt and pwchange
(main): make parse errors a fatal error
add check_flags
*** empty log message ***
fix typo
Release 0.2r
*** empty log message ***
set version to 10:0:0
set version to 8:0:3
set version to 1:0:1
set version to 2:0:2
(libkadm5srv_la_LDFLAGS): set version to 6:0:1
*** empty log message ***
(krb_mk_req): const-ize the arguments
*** empty log message ***
(del_enctype): set ignore correctly
*** empty log message ***
(libroken_la_SOURCES): remove duplicate timelva
(krb_mk_req): conditionalize const-ness of arguments
(krb4): add test for const arguments to krb_mk_req
(krb4): fix the krb_mk_req test
*** empty log message ***
(_resolve_debug): explicitly set to zero. this moves the variable
(_et_lit): explicitly initialize it to NULL to make dyld on
From Luke Howard <lukeh at PADL.COM>
bump version to 0.2s-pre
(INCLUDE_openldap, LIB_openldap): add
add $(LIB_openldap)
add hdb-ldap.c and openldap
tweak the ifdef to OPENLDAP
add support for hdb methods (aka back-ends). include ldap.
(LDADD): add LIB_openldap
*** empty log message ***
remove clause 3 from the copyright. ok'ed by lukeh in
add some error codes from pkinit
update pre-authentication types
(decode_unsigned, encode_unsigned, length_unsigned): add prototypes
(decode_unsigned): add
(length_unsigned): add
(encode_unsigned): add
(define_asn1): add TUInteger
(copy_type): add TUInteger
(decode_type, generate_type_decode): add TUInteger
(encode_type, generate_type_encode): add TUInteger
(free_type): add TUInteger
(length_type): add TUInteger
(UNSIGNED): add.
(DOTDOT): add
regonize INTEGER (0..UNIT_MAX).
*** empty log message ***
*** empty log message ***
(krb5_get_init_creds_password): `in_tkt_service' can be NULL
(krb5_auth_context_data): make sequence number unsigned
(krb5_mk_priv): increment local sequence number after the fact and
(krb5_mk_safe): increment local sequence number after the fact and
*** empty log message ***
(krb5_generate_seq_number): make `seqno' be unsigned
(krb5_mk_priv): make `tmp_seq' unsigned
(krb5_mk_safe): make `tmp_seq' unsigned
(krb5_rd_priv): increment sequence number after comparing
(krb5_rd_safe): increment sequence number after comparing
*** empty log message ***
only include one of db.h and the dbm-series
count lines correctly.
be more tolerant in ranges
(filename): new function
(filename): add prototype
(gen_files): add asn1_UNSIGNED.x
(verify_krb5): add obtainting of v4 tickets.
(verfiy_krb5): get the v4-realm from the v5-ticket and not from the
allow conversion of v5 -> v4 tickets when logging in with forwarded
*** empty log message ***
(find_all_addresses): apperently solaris can return EINVAL when the
*** empty log message ***
(login): initialize tmp before calling fgets
*** empty log message ***
(krb_mk_req): cast-away warnings. no const-issues here, move on.
(krb5_store_stringz): const-ize parameter
const-ize a little bit
(krb5_get_wrapped_length): the padding should be done after having
*** empty log message ***
(krb5_get_wrapped_length): rewrite into different parts for the
*** empty log message ***
(gss_add_oid_set_member): actually check if the oid is a member
(gss_release_buffer): set value to NULL to be more robust. From
(gss_release_name): reset input_name for robustness. From GOMBAS
make help only print the commands that are actually available.
*** empty log message ***
(do_cpw_entry): call set_password if no argument is given, it will
*** empty log message ***
replace all erroneous calls to pop_log with POP_FAILURE with POP_PRIORITY. reported by Janne Johansson <jj at it.kth.se>
*** empty log message ***
(roken_getaddrinfo_hostspec): copy the correct length from `hostspec'.
*** empty log message ***
*** empty log message ***
(fcc_get_principal): be more truthful on errors
(gss_release_oid_set): clear set for robustness
*** empty log message ***
try hostname uncanonified if getaddrinfo() fails
*** empty log message ***
new drafts
(login): re-structure code so that we prompt for password for
*** empty log message ***
(fcc_initialize): just forget about over-writing the old cred cache.
(fcc_initialize): init `ret'
add LIB_tgetent. From Derrick J Brashear <shadow at dementia.org>
*** empty log message ***
a new try add hadnling the db-compat-ndbm and dbm jungle
(tn): re-enable source routing
(sourceroute): update prototype
*** empty log message ***
(krb5_config_vget_string_default, krb5_config_get_string_default): add
*** empty log message ***
default -> def_value
(main): also call sigterm on SIGTERM
(doit): catch SIGTERM
(set_field): free variable if it's already set
(kadm5_s_destroy): free all allocated memory
(kadm5_s_get_principal): set life, rlife to INT_MAX as a fallback.
(krb5_change_password): remember to close the socket on error
(erase_file): try to detect symlink games. also call revoke.
(krb5_key_usage): add some more
*** empty log message ***
(dbopen): add header files
(KRB5_DEFAULT_CCFILE_ROOT): add
(scrub_file): new function
*** empty log message ***
(krb5_mk_safe): fix seqno thinko
(krb5_rd_safe): only increment sequence number when succesful
(krb5_rd_priv): only increment sequence number when succesful
add Id
updates for win2k prof from <hin at stacken.kth.se>. some spelling
move __attribute__ from roken-common.h to roken.h.in
*** empty log message ***
(krb5_524_conv_principal): comment-ize, and simplify string copying
*** empty log message ***
this has been postponed
*** empty log message ***
(libasn1_la_LDFLAGS): bump to 2:0:0
(libhdb_la_LDFLAGS): set version to 4:2:1
(libkrb5_la_LDFLAGS): set version to 11:0:0
(libgssapi_la_LDFLAGS): set version to 1:1:1
(libroken_la_LDFLAGS): set version to 8:1:3
(libkadm5clnt_la_LDFLAGS): set version to 5:1:1
*** empty log message ***
add --with-openldap
(AM_INIT_AUTOMAKE): bump to 0.2t-pre
add limits.h
(scrub_file): do the second seek correctly.
(krb5_524_conv_principal): fix typo
(libkrb5_la_LDFLAGS): set version to 11:1:0
*** empty log message ***
*** empty log message ***
(args): should use `debug'. From Onno van der Linden
*** empty log message ***
change to use --random-key instead of --random (now ambigous).
add stdio.h in dbopen test
(krb5_storage): make store write-compatible
(mem_store): make it write-compatible
(fd_store): make it write-compatible
(emem_store): make it write-compatible
*** empty log message ***
*** empty log message ***
(vsyslog): actually haandle %m
(vsyslog): terminate string
*** empty log message ***
(vsyslog): calculate length of new format string correctly
(doit): if we fail to connect back to the stderr port, act as if `-e'
*** empty log message ***
(proto): select on the normal socket when waiting for the daemon to
*** empty log message ***
check allocation and return some other error codes too
*** empty log message ***
(ss_listen): fix typo
(SS_ET_COMMAND_NOT_FOUND): add
*** empty log message ***
add a fallback that tries to get a v4 ticket if built with krb4
continue even we have no v5 ccache.
*** empty log message ***
preview of 0.3a
spelling error
remove unused variables
(login_conf_get_string): extra cast to kill a warning
add des.h
(strupr): add
add des.h
try also to fallback to v4 when no KDC is found
print name when failing to open keytab
(doit): check return value of getspnam. From <haba at pdc.kth.se>
(main): just ignore shadow information if getspnam returns NULL
*** empty log message ***
add berkeley db3 interface. contributed by Derrick J Brashear <shadow at dementia.org>
bump copyright
add nop
(IPROP_PORT, IPROP_SERVICE): add
lots of improvements
and some more improvements
(kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
(kadm_ops): add kadm_nop
(keytab_str): set to "HDB:"
first try at an check-for-roken macro
re-organize so that we alays close database
(struct HDB): add
right
use syslog
use syslog. be less verbose
(kadm5_log_replay_modify): handle max_life == NULL and max_renew ==
call strlcpy correctly
(main): fix = -> ==
(krb524): add
(add_standard_ports): also listen on krb524 aka 4444
(kadm5_log_replay_create): handle more NULL pointers (should they
add something about krb524
add add-random-users and man-page for kadmind
add man-page
testing program, add random users
fix typo
add support for patterns of principals
(_kadm5_acl_check_permission): update prototype
adapt to new acl stuff
*** empty log message ***
(HDB): add dbc for db3
add more stuff from lha at stacken.kth.se
bug fixes, for actually writing the full dump to the database. based
add db3 detection stuff
*** empty log message ***
(receive_everything): remove duplicated `data'
enable shared libraries
stop installing libraries mode 0555
remove all setuid(getuid()). we do not support telnet being setuid root
*** empty log message ***
(do_login): work-around for setuid and capabilities bug fixed in Linux
(main): work-around for setuid and capabilities bug fixed in Linux
(krb5_get_all_client_addrs): revert back to only returning loopback
(find_all_addresses): remember to add in the size of ifr->ifr_name
*** empty log message ***
add test program for get_addrs
*** empty log message ***
(krb4_authenticate): do not exit on failure, just return
*** empty log message ***
use INSTALL_SCRIPT for installing rxterm, rxtelnet, tenletxr
*** empty log message ***
(add_addrs): zero memory before starting to copy memory
(add_addrs): ignore addresses of unknown type
(add_addrs): fix
*** empty log message ***
change default keytab to default keytab (as in typically
*** empty log message ***
(get_pa_etype_info): do not set salttype if it's vanilla pw-salt, that
new file for reading /etc/environment. From Ake Sandgren <ake at cs.umu.se>
new file
(libroken_la_SOURCES): add environment.c and write_pid.c
add prorotypes for write_pid.c and environment.c
add reading of /etc/environment. From Ake Sandgren <ake at cs.umu.se>
avoid SIGALRM to let login use that
make trying to use encryption and bsd authentication a crime
add otp and /etc/environment
(LDADD): add otp
*** empty log message ***
be more compatible with MIT code. From Daniel Kouril
code for token delegation. From Daniel Kouril <kouril at ics.muni.cz> and Miroslav Ruda <ruda at ics.muni.cz>
*** empty log message ***
support for authenticating user with krb5. From Daniel Kouril <kouril at ics.muni.cz>
*** empty log message ***
show off delegation stuff
add delegation. From Daniel Kouril <kouril at ics.muni.cz> and Miroslav Ruda <ruda at ics.muni.cz>
add SIG and KEY
add T_SIG, T_KEY
fix pid_file prorotypes
add roken.h
*** empty log message ***
fix printf formats on LP64, from NetBSD
(decode_type): fail on malloc error
(length_type): fail on malloc error
(error_message): update prototype
fix includes, and lex stuff
update a little bit
fix typo
(get_creds): remove strange const
(v5_prop): make static
clean up warnings and stuff
*** empty log message ***
revert automake-ed file
use .Dd for date, from fvdl at netbsd.org
add key,sig,cert
add key,sig,cert
export string_to_key and key_to_string
add prototypes for string_to_type and type_to_string
*** empty log message ***
fix prorotypes and kill warnings
(error_message, yylex): add prototypes
(yyerror): static-ize
(getnameinfo_verified): free memory returned from getaddrinfo
do not use variable as format string to syslog
replace MIN by min
(get_des_key): add missing []
(get_des_key): fix thinkos/typos
(dologout): add #endif
add roken.h (for sa_family_t)
permute pid_foo_file -> pid_file_foo
(gss_address_to_krb5addr): actually use `int' instead of `sa_family_t'
(krb5_verify): conditionalize on KRB5
*** empty log message ***
const-ify
*** empty log message ***
(login_timeout): add back
*** empty log message ***
(krb5_verify): static-ize
krb5.h before kafs.h
*** empty log message ***
dce stuff, by way of From Ake Sandgren <ake at cs.umu.se>
*** empty log message ***
intial code from Ake Sandgren <ake at cs.umu.se>
(SUBDIRS): add $(LIB_dce)
(SUBDIRS): add $(APPL_dce)
add --enable-dce and related stuff
*** empty log message ***
new directory for library for keeping track of versions
(pid_file_*): fix prptos
*** empty log message ***
add roken.h
use krb5.h instead of krb5_locl.h
*** empty log message ***
remove roken.h, now in lex.h
(SUBDIRS): explicitly list roken for now
(gss_add_oid_set_member): fix type of tmp
contributed by lha at s3.kth.se
(man_MANS): add kf.1
add kfd.8
DCE stuff
newer text from brezak
(noinst_PROGRAMS): add generate-requests
new test progrma
*** empty log message ***
(_PATH_ETC_ENVIRONMENT): add
DCE stuff from Ake Sandgren <ake at cs.umu.se>
(CP): set and use
(CLEANFILES): add rc4.h
add kpasswd-generator
new test program
fixes for pag setting
(akf_add_entry): remove unused variable
some comments
*** empty log message ***
(get_krbhst): only try SRV lookup if there are none in the
this probably wants to be here
introduce the `special' encryption methods that are not like all other
add arcfour-hmac-md5
only use a cursor when needed, from Derrick J Brashear
(default_etypes): add ETYPE_ARCFOUR_HMAC_MD5
add stdlib.h and string.h
(as_rep): be careful as to now overflowing when calculating the end of
do not call setproctitle with a variable as the format string
*** empty log message ***
(make_keys): also support `[kadmin]use_v4_salt' for backwards
*** empty log message ***
(get_des_key): rewrite some, be more paranoid
(hdb_next_enctype2key): make sure of skipping `*key'
(heimdal_version, krb4_version): const-ize, based on
*** empty log message ***
add krb5_locl.h (since we just use some stuff from there)
remove duplicate yylex
move unused variables inside their #if 0
move unused variables inside their #if 0
add der.h
update prototype for signal handlers to RETSIGTYPE (*)(int)
update prototype for signal handlers to RETSIGTYPE (*)(int)
add roken.h
(_hdb_unseal_keys_int, _hdb_seal_keys_int): rename and export them
update to new hdb_seal_keys_mkey
remove rests of print_version
resolve roken/vers stuff
merge roken independence stuff
remove shoot-by-commit
(SUBDIRS): make roken conditional
make lib/roken have its own configure
(ACLOCAL): fetch files from cf
(AC_ROKEN): update call
set CPPFLAGS_roken and call AC_CONFIG_SUBDIRS
(AM_CFLAGS): add CPPFLAGS_roken, I'm unsure if this is really the
(INCLUDES): add ../lib/krb5
add a arcfour-hmac-md5 test case
*** empty log message ***
(AC_BROKEN): add strsep_copy
*** empty log message ***
hdb-private.h: remove
(ALLOC_SEQ): undef
(AM_INIT_AUTOMAKE): bump version to 10
(AM_INIT_AUTOMAKE): bump to 0.3a-pre
*** empty log message ***
move rtbl to libroken_la_SOURCES
bring headers and functions more in-line with what's actually being used
(rtbl_add_column): initialize `col' completely
*** empty log message ***
(krb5_verify): try harder freeing. do not get upset on interrupted
*** empty log message ***
actually install su
actually install
*** empty log message ***
(as_rep): cut-n-pasto
const poising
(fcc_gen_new): do mkstemp correctly
be more careful of not returning creds at all when an error is
add parse_time.h
add --keytab
update
remove --port, and add to host description
(start_server): fix printf format
something about kadmin/hprop
remove lib/roken/Makefile.in
(rtbl_format): avoid printing an empty row at the end
*** empty log message ***
(HPROP_KEYTAB): use HDB for the keytab
add limits.h and sys/select.h
remove sys/select.h. make signal handlers type-correct and static
ports is a string argument
(init): also create `kadmin/hprop'
don't care what principal we recvauth as
remove --realm
add some text on slaves and new extension of kadmind.acl
note that the keytab used by default is HDB
add some text about automating propagation
print usage consistently
remove unused variables
add <sys/select.h>
map both princ_expire_time and pw_expiration to v4 principal expiration
remove sequence numbers
remove unused variable and handle some parameters being NULL
use a datagram socket and remove the sequence numbers
*** empty log message ***
(krb5_change_password): make timeout 1 + 2^{0,1,...}. also keep track
(gss_mech_krb5): define to be compatible with MIT api
*** empty log message ***
update OID for GSS_C_NT_HOSTBASED_SERVICE and other details from rfc2744
*** empty log message ***
(C_SOURCES): add keys.c
(kadm5_s_chpass_principal_cond): new function
add prorotypes
(kadm5_s_chpass_principal_cond): add prototype
(free_keys, init_keys): elevate to internal kadm5 functions
new file
*** empty log message ***
use kadm5_s_chpass_principal_cond instead of mis-doing it here
(krb5_change_password): clarify an expression, avoiding a warning
*** empty log message ***
do not define ndbm functions in terms of dbm functions if we're using
(str2time_t): be more careful with strptime that might zero out the
remove unused variable
*** empty log message ***
add new options
add DCE/DFS
(krb5_sock_to_principal): look in aliases for the real name
*** empty log message ***
(main): check that the ticket was for `hprop/' for paranoid reasons
(add_hostent): if there's no fqdn in `he' try reverse resolving to see
*** empty log message ***
(add_hostent): add back removed variable
(add_hostent): don't use just-freed memory
more
(change_password): reset forwardable and proxiable. copy
new file
(sbin_PROGRAMS): add truncate_log
new file
call _kadm5_bump_pw_expire
(print_entry): update and correct
(kadm5_log_get_version_fd): call
remove unused code
add prototypes
(kadm5_log_get_version): rename kadm5_log_get_version_fd and make a
(doit): truncate the log since there's no way of knowing what changes
*** empty log message ***
*** empty log message ***
(commands): add quit
*** empty log message ***
always create a cursor with db3. From Derrick J Brashear
(krb5_change_password): try to be more careful when not to resend
more update compat stuff and some more text about inter-realm. lots
make checksum and des-cbc-md5 situtation hopefully better
better on win2k+salting
spelling
(get_progname): add prototype
update nodes and menus
fix cross-reference and spell inter-realm correctly
mumble
@node-ify
tiny and little
pointer to more information about DCE stuff
(dump_database): write an empty message to signal end of dump
remove all superfluous header files
remove all superfluous header files
declare attributes of print_sl first, needed be some old versions of gcc
use sa_size instead of sa_len, some systems define this to emulate
fix parento
use sa_size instead of sa_len, some systems define this to emulate
un-conditionalize local_realm
extra braces
(get_cred_from_kdc_flags): remove unused variable
(krb5_mk_req): remove unused variable
(krb5_verify): only do AFS stuff if KRB4
*** empty log message ***
(gss_userok): only do AFS iff KRB4
*** empty log message ***
be compatible with libdes's des_cbc_* prototypes
remove unused variable
get the addresses in a cray-compat way
(decode_packet): be totally consistent with the prototype of
*** empty log message ***
remove all superfluous header files
update
*** empty log message ***
try to up AC_INIT too
just one argument
better regexp?
this time for sure
Release 0.3a
bump
add reference to ldap+win2k. new (empty) chapter
(check_tgs_flags): set endtime correctly when renewing, From Derrick J
(gssapi_krb5_verify_header): sanity-check length
(initialize_error_table_r): fix prototype
*** empty log message ***
(doit): loop until we create an error socket of an supported socket
*** empty log message ***
(_krb5_crc_update): const-ize (finally)
(krb5_425_conv_principal_ext): always put hostnames in lower case
some documentation on [kadmin] configuration. From
*** empty log message ***
(receive_everything): make `fd' an int instead of a pointer. From
*** empty log message ***
(main): ignore SIGPIPE
use socklen_t instead of int where appropriate. From <thorpej at netbsd.org>
*** empty log message ***
(main): only fetch stuff from krb5.conf when no option has been given
use socklen_t where appropriate instead of int. From <thorpej at netbsd.org>
add HAVE_UINT17_T
call AC_PROG_CC and AC_PROG_CPP to make sure later checks that should
use socklen_t where appropriate instead of int
(fetch_acl): fix wrong cases, use krb5_principal_match
move code to do config/command parsing correctly.
*** empty log message ***
add fnmatch.h
(krb5_init_context): do not leak memory on failure
(krb5_mk_req_internal): add comment on checksum type selection
(heimdal_version, heimdal_long_version): make const
(enet_read): add and use
*** empty log message ***
(accept_it): type-correctness on parameters to accept
add openssl linking item
*** empty log message ***
some more drafts
bump version to 0.3b-pre
re-write search for keys code. loop over all supported enctypes in
add another cpp symbol for 64bit ultra sparc. from matthew green
*** empty log message ***
use return instead of exit in main to avoid a warning
add stdlib.h
add test for gdbm/ndbm.h
test for gdbm/ndbm.h
(_warnerr): initialize args to make third, purify et al happy
(encrypt_internal_derived): free the checksum after use
(krb5_config_parse_file_debug): make sure of closing the file on error
*** empty log message ***
update
use $1 instead of hard-coding
*** empty log message ***
test for gdbm/ndbm.h
do getmsg testing the same way as in krb4
set version to 6:1:0
bump version to 13:0:0
bump version to 2:1:1
bump version to 10:0:1
bump version to 2:1:0
bump version to 1:1:0
(libkadm5srv_la_LDFLAGS): bump version to 7:1:0
(heimdal_version): make const
*** empty log message ***
add work-around for ultrix sh and for not running ranlib
*** empty log message ***
Release 0.3b
fix
update the database portion
*** empty log message ***
(usage): print init-usage and not add-dito
(kadmind_loop): add prototype
remove extra prototype of kadmind_loop
(handle_v5): accept any kadmin/admin@* principal as the server
*** empty log message ***
check return value from krb5_crypto_init
*** empty log message ***
(str2time_t): add alias for `now'.
add dependencies for libss/libsl shared libraries
*** empty log message ***
merge from arla: make it work better
*** empty log message ***
(str2time_t): rename to make it work
fix typo in mdoc markup
(find_type): make sure of always setting `ret_etype' correctly.
*** empty log message ***
(syslogvals): static-ize
*** empty log message ***
(krb5_auth_con_free): handle auth_context == NULL
(KRB5_KU_USAGE_MIC): rename to KRB5_KU_USAGE_SEQ
(send_via_proxy): handle `http://' at the beginning of the proxy
(gssapi_krb5_encapsulate): do not free `in_data', let the caller do
remove trailing commas
(gss_accept_sec_context): gssapi_krb5_encapsulate does not
re-organize and add 3DES code
(GSS_KRB5_CONF_C_QOP_DES, GSS_KRB5_CONF_C_QOP_DES3_KD): add
(gssapi_krb5_encapsulate, gss_krb5_getsomekey): update prototypes
re-organize. leak less memory.
re-organize and add 3DES code
*** empty log message ***
add --keytab
(keytab): add
re-write to delay the opening of the database till it's known which
actually pay attention to `time_req'
update
make _long_version const
add __attribute__ for gcc's pleasure
*** empty log message ***
(handle_v5): do not try to perform stupid stunts when printing errors
*** empty log message ***
with_dce -> enable_dce. noticed by Ake Sandgren <ake at cs.umu.se>
(_key_schedule): re-use an existing schedule
(krb5_vlog_msg): log just the format string it we fail to allocate the
(db_fetch): check malloc
(valid_princ): check return value of functions
new calls for free_ent
(tgs_rep2): try to avoid leaking auth_context
update prototypes
add printf attributes on kdc_log*
re-organize
(krb5_vlog_msg): fix const-ness
(krb5_decrypt_ticket): plug some memory leak
*** empty log message ***
(krb5_verify): remove bogus extra code
(print_entry_long): actually print the actual saltvalue used if it's
some mandoc fixes
*** empty log message ***
allow the specification of what keytab to use
(kadmind_loop): send in keytab to v4 handling function
(handle_v4): update prototype
*** empty log message ***
(libgssapi_la_LDFLAGS): bump to 2:2:1
*** empty log message ***
(libhdb_la_LDFLAGS): bump version to 6:2:0
(libkrb5_la_LDFLAGS): bump version to 13:1:0
(libkafs_la_LDFLAGS): bump version to 2:2:2
*** empty log message ***
*** empty log message ***
(command): add attributes
add some attributes to prototypes of sec*
remove some ifdef GNUC of attributes
swap order of includes
add roken.h
Release 0.3c
(set_address): fix bad return of pointer to automatic data
add esetenv
*** empty log message ***
update to version 2000-09-05 (aka 1.156) from subversions.gnu.org plus
update to version 2000-09-11 (aka 1.181) from subversions.gnu.org
(set_address): allocate memory for storing addresses in if the
*** empty log message ***
use esetenv
revert last change - we do not want this to depend on libroken
(LDADD): remove libroken. we do not want this to link with libroken
link with roken on everything except aix, where apperently it fails.
add id
fix superfluous semicolons in some of the __attribute__s
(cmdscanner): print a newline upon EOF
(*): check that fds are not too large to select on
(krb4_copy_encrypted): check that fds are not too large to select on
(krb5_copy_encrypted): check that fds are not too large to select on
(doit_active): check that fds are not too large to select on
(doit_passive): check that fds are not too large to select on
(doit): check that fds are not too large to select on
(stilloob): check that fds are not too large to select on
(process_rings): check that fds are not too large to select on
(EmptyTerminal): check that fds are not too large to select on
(my_telnet): check that fds are not too large to select on
(stilloob): check that fds are not too large to select on
(mini_inetd): check that fds are not too large to select on
*** empty log message ***
(do_authenticate): check for time skew
(loop): check that the socket fd is not too large to select on
(add_new_tcp): check for the socket fd being too large to selct on
(add_new_tcp): check for the socket fd being too large to select on
*** empty log message ***
new file
fuck-o
(krb5_to4): check another return code
*** empty log message ***
(sig_record): simplify types
use MAXHOSTNAMELEN
put-back bonus change that sneaked in
(LIBSRC, LIBOBJ): add rc4* and enc_{read,write} files so that this
*** empty log message ***
(install): remove mode 0555 to make everything consistent
(process_rings): actually check the correct file descriptors
*** empty log message ***
handle both ndbm.h and gdbm/ndbm.h
fix typo
add gdbm/ndbm.h
(do_roken_rename): add conditional to be compatible with krb4
add readline/readline.h
make libeditline and libel_compat into libtool libraries but always
*** empty log message ***
add prototype for simple_execl
(hdb_lock): make gcc happy by initializing a variable
link against the libtool-versions of libeditline and libel_compat
(recv_loop): check `fd' for being too big
*** empty log message ***
(mcc_close): free data
(krb5_mk_req_exact): new function that takes a krb5_principal
(krb5_build_authenticator): add a `usage' parameter to permit the
(krb5_mk_req_internal): allow different usages for the encryption.
(make_pa_tgs_req): update to new krb5_mk_req_internal
(init_auth): update to new krb5_build_authenticator
make the library static and don't install it
*** empty log message ***
new files, used by other programs linking against this
(krb4): add -Wl
use LIB_des
(CPPFLAGS_roken): rename to INCLUDES_roken
(INCLUDES): add $(INCLUDES_roken)
(SUBDIRS: add tools
*** empty log message ***
(lineedit): add variable indicated if we should use readline
(readline): add
add `-l' for no line-editing
add -l
(loop, proto): check that the fd's aren't too large to select on
(loop): check that the fd's aren't too large to select on
(telnet_getenv): const-ize some
(telnet_getenv): make somewhat const
(read_token): remove unused variable
(wait_for_connection): check for fd's being too large to select on
(tgs_rep2): adapt to new krb5_verify_ap_req2
print key versions numbers of v4 tickets in verbose mode
(SUBDIRS): try to only link des when needed
*** empty log message ***
(hdb_next_enctype2key): const-ize a little bit
(main): check for fd's being too large to select on
(make_keys): clean-up salting loop and try not to leak memory
(krb5_change_password): check for fd's being too large to select on
(decrypt_authenticator): add an encryption `usage'. also try the old
(telnet_getenv): make somewhat const
*** empty log message ***
krb5-config actually exists
*** empty log message ***
fix the -Wl stuff for krb4 linking
*** empty log message ***
use the libtool -rpath, do not rely on ld understanding -rpath
*** empty log message ***
*** empty log message ***
*** empty log message ***
solaris 8 apperently uses 65
*** empty log message ***
move older stuff over to ChangeLog.1999
enabled shared libraries on solaris2, from shadow at dementia.org
rename --ldflags to --libs to do things the same was as glib et al
add --prefix, --exec-prefix and gssapi
make --version print correctly
add kadm-client and kadm5-server as libraries
simple man-page for krb5-config
add krb5-config.1
*** empty log message ***
spelling
add --prefix and --exec-prefix
add documentation for --prefix and --exec-prefix
add generation of krb5-config at make-time instead of configure-time
remove configure-time generation of krb5-config
*** empty log message ***
use make variables instead of configure substitutions
add kludge for LIBS
*** empty log message ***
(scrub_env): change filtering algoritm from allowing everything except
(scrub_env): add LOGNAME and POSIXLY_CORRECT to the list of authorized
(scrub_env): remove some const-ness
move include files around to avoid getting SE from sys/*.h on HP to
fixo
from i-d repository
(DES_AFS3_CMU_string_to_key): always treat cell names as lower case
(krb5_enctype): add ETYPE_DES3_CBC_NONE_IVEC as a new pseudo-type
(init_auth): always zero fwd_data
(unwrap_des3): use the checksum as ivec when encrypting the sequence
(wrap_des3): use the checksum as ivec when encrypting the sequence
(gss_auth): be more explicit in error message
(gss_userok): handle getpwnam failing
*** empty log message ***
getifaddrs is done
*** empty log message ***
remove commented-out getifaddrs
add two more items
*** empty log message ***
*** empty log message ***
(scrub_env): add supporting non-file TERMCAP variables
*** empty log message ***
(str2data): const-ify
do not link with libroken on irix
sort header files in conventional order
(krb5_auth_con_genaddrs): fix parameter confusion
(find_all_addresses): initialize `ret'
remove duplicated strvisx
(str2data): add __attribute__
s/u_int32_t/unsigned/ for systems that do not define u_int32_t
(libkrb5_la_LIBADD): add library dependencies
(INCLUDES): add krb4 includes here, which are somewhat bogusly used
*** empty log message ***
undefine ifa_dstaddr in case it has been defined to be something else
(krb5_to4): always return a value
(do_login): set the group on the tty.
*** empty log message ***
(libhdb_la_LDFLAGS): update to 6:3:0
(libkrb5_la_LDFLAGS): set version to 14:0:0
(libgssapi_la_LDFLAGS): bump to 2:3:1
(libroken_la_LDFLAGS): set version to 11:0:2
(libkafs_la_LDFLAGS): set version to 2:3:2
(libss_la_LDFLAGS): bump version to 1:2:1
(libkadm5srv_la_LDFLAGS): bump version to 7:2:0
(libkdfs_la_LDFLAGS): set version to 0:1:0
*** empty log message ***
(sourceroute): make it not break if the rfc2292 api does not exist
*** empty log message ***
Release 0.3d
*** empty log message ***
(AC_INIT): bump version to 0.3e-pre
move so that roken-common gets inside c++ stuff
(warnerr): moved here from err.hin
(warnerr): remove, it's not part of the err.h interface
*** empty log message ***
(KDCOptions): add canonicalize (from draft-ietf-cat-kerberos-revisions-07.txt)
s/aix/irix/ is correct
only test for broken getnameinfo if it exists
*** empty log message ***
(srvconvert): do not use data after free:ing it
*** empty log message ***
need to set irix to no first. From Ake Sandgren <ake at cs.umu.se>
*** empty log message ***
s/ifval/m4_ifval/ to keep in sync with autoconf. from Ake Sandgren
*** empty log message ***
new variant of broken with includes and arguments
(inet_ntoa, inet_ntop, inet_pton): add necessary includes when testing
*** empty log message ***
clarify usage strings
(print_arg): add a case for arg_strings
*** empty log message ***
clarify usage strings
*** empty log message ***
support several headers, from <mattiasa at e.kth.se>
update to --headers
*** empty log message ***
(doit): move some code to handle non-from case correctly
remove some dnl that weren't the correct with modern autoconf
*** empty log message ***
(EXTRA_libroken_la_SOURCES): ifaddrs.h -> ifaddrs.hin
*** empty log message ***
(loop): check for length longer than data. inspired by
(spawn_child): use a struct sockaddr_storage
(kt_get): more error checking
*** empty log message ***
(krb5_make_context): handle krb5_init_context failure consistently
(doit_v5): handle krb5_init_context failure consistently
(pop_init): handle krb5_init_context failure consistently
(krb5_verify): handle krb5_init_context failure consistently
(kerberos5_init): check krb5_init_context for success
(krb5_init): check krb5_init_context for success
(proto): handle krb5_init_context failure consistently
(add_user): handle krb5_init_context failure consistently
(generate_requests): handle krb5_init_context failure consistently
(verify_krb5): handle krb5_init_context failure consistently
(siad_ses_init): handle krb5_init_context failure consistently
(gssapi_krb5_init): add comment
(init_context): handle krb5_init_context failure consistently
(*): handle krb5_init_context failure consistently
(krb5_program_setup): handle krb5_init_context failure consistently
(main): handle krb5_init_context failure consistently
*** empty log message ***
(main): handle EOF when reading from stdin
move older entries to ChangeLog.2000
(doit): print an error and bail out if storing an entry in the
*** empty log message ***
(proto): use krb5_rd_cred2 instead of krb5_rd_cred
(save_krb5_creds): use krb5_rd_cred2 instead of krb5_rd_cred
(kerberos5_is): use krb5_rd_cred2 instead of krb5_rd_cred
(gss_accept_sec_context): use krb5_rd_cred2 instead of krb5_rd_cred
*** empty log message ***
(krb5_appdefault_string): fix condition
*** empty log message ***
mdoc fixes from ru at freebsd.org
add --port option
update
(parse_attributes): make empty string mean no attributes, specifying
*** empty log message ***
more stuff
*** empty log message ***
(krb5_rd_safe): handle no sequence number as zero when we were
(krb5_rd_priv): handle no sequence number as zero when we were
(get_cred_from_kdc_flags): look in [libdefaults]capath for better hint
(krb5_get_krb_changepw_hst): preferably look at kpasswd_server before
document admin_server and kpasswd_server for realms
*** empty log message ***
*** empty log message ***
add err.h
(print_tickets): initialize `ct' to help gcc figure out it's not used
(main): initalize fd_out for extra clarity
include roken.h to get prototype for warnerr, which has moved from
err.h is also needed
add err.h
avoid using echo -n since that fails on system v-infected systems,
*** empty log message ***
mdoc fixed from ru at freebsd.org
(esetenv): cast to handle a setenv that takes a `char *var' which is
__attribute__ moved here from roken.h.in
move __attribute__ to roken-common.h
(esetenv): cast to handle a setenv that takes a `char *val' which is
*** empty log message ***
cast parameters to des function to non-const pointers to handle the
(SUBDIRS): add rcp
add port of bsd rcp changed to use existing rsh, contributed by Richard Nyberg <rnyberg at it.su.se>
(AC_CONFIG_FILES): add appl/rcp/Makefile
*** empty log message ***
remove __P
remove __P, use st_mtime et al from struct stat
add RCSID
add RCSID
replace vfork by fork
*** empty log message ***
ignore them
use -R for indicating dependent directories to libtool instead of
remove all dependencies on libkrb
remove unused include files
add rcp
*** empty log message ***
*** empty log message ***
add krb5_auth_context.3, from <lha at stacken.kth.se>
check for crypto headers in openssl/
add krb5_context.3 and krb5_init_context.3, from <lha at stacken.kth.se>
clarifyication on v4 behavioiur, from <lha at stacken.kth.se>
(do_getticket): check length of ticket. noted by <lha at stacken.kth.se>
update mail-adress for lha
more text on kaserver compatability from lha at stacken.kth.se
more text from lha at stacken.kth.se
add some text about salting and an example of kadmind.acl from
update to default_keys
add Id to texi files
(LDADD): remove unused libraries
use rcp_locl.h
remove some unused includes
*** empty log message ***
(as_rep): be paranoid and check krb5_enctype_to_string for failure,
(getifaddrs2): copy the entire sockaddr
(NO_MKEY): add
move up LIB_otp so we do not end up picking one from /usr/athena
*** empty log message ***
no calls to err with NULL
use the openssl api for md4/md5/sha. handle openssl/*.h
(_PATH_BSHELL): add
*** empty log message ***
*** empty log message ***
remove some krb5_free_context that might happen at unappropriate times
(fd_fetch, fd_store): use net_{read,write} to make sure of not
*** empty log message ***
update
missed one old-style *Update
quote @ properly in example
repair some api-change damage
add sys/types.h and sys/wait.h
*** empty log message ***
(LIB_des): set correctly
(krb5-config): add LIB_des_appl
use @LIB_des_appl@
*** empty log message ***
make time2generalizedtime return an error code
test two generated mallocs for success
(decode_packet): check success of krb5_425_conv_principal. from
(spawn_child): close the newly created socket in the packet, it's not
(realm_buf): move it so it becomes properly conditional on KRB4
(libsia_krb5.so): actually run ld in the case shared library case
*** empty log message ***
remove non-STDC code
*** empty log message ***
(roundup): add fallback definition
*** empty log message ***
*** empty log message ***
add gss_krb5_copy_ccache
use gss_krb5_copy_ccache
*** empty log message ***
add support for getting creds from a keytab, from fvdl at netbsd.org
*** empty log message ***
*** empty log message ***
(hdb_unseal_keys_mkey, hdb_seal_keys_mkey, hdb_unseal_keys,
adapt to new hdb_seal_keys and hdb_unseal_keys
(v5_prop): adapt to new hdb_seal_keys and hdb_unseal_keys
*** empty log message ***
(db_fetch): return an error code. change callers to look at this and
not used
adapt to new db_fetch, and try to print useful error messages when it fails
(libasn1_la_LDFLAGS): bump version to 4:0:2
(libdes_la_LDFLAGS): bump version to 3:0:0
(libhdb_la_LDFLAGS): bump version to 7:0:0
(libkrb5_la_LDFLAGS): bump version to 15:0:0
(libgssapi_la_LDFLAGS): bump version to 3:0:2
(libroken_la_LDFLAGS): bump versoin to 11:1:2
(libotp_la_LDFLAGS): bump version to 1:2:1
bump versions
+ richard nyberg, frank van der linden
*** empty log message ***
*** empty log message ***
(print_version): add 2001
*** empty log message ***
(db_fetch): HDB_ERR_NOENTRY makes more sense than ENOENT
(db_fetch): return better error code
(main): check for file being specified
spelling
(LDAP__lookup_princ): call ldap_search_s correctly. From Jacques
add another example on running hprop | hpropd
fix a typo and check some more return values
include file name in error messages
(decrypt_internal_derived): check that there's enough data
*** empty log message ***
indent
update
remove -static turning this into a convenience library
*** empty log message ***
handle building with KRB4
(v4_get_masterkey): check kdb_verify_master_key properly
*** empty log message ***
(ftpd_popen): avoid overwriting the bounds of argv and gargv
*** empty log message ***
Release 0.3e
fix typo
update to new db_fetch4
(AM_INIT_AUTOMAKE): bump version to 0.3f-pre
more bumping
*** empty log message ***
add krb5_keytab.3, from <lha at stacken.kth.se>
(login_access): add prototype
add login_access
add --keytab / _K, from Leif Johansson <leifj at it.su.se>
add --keytab / -K
add LIB_kdfs
(LIB_kdfs): set. use it. from Ake Sandgren <ake at cs.umu.se>
add config.h
(dpagaix_LDFLAGS): try to add export file
*** empty log message ***
*** empty log message ***
aix dce: fix misquotes, from Ake Sandgren <ake at cs.umu.se>
add -F for forwarding ticket, from Ake Sandgren <ake at cs.umu.se>
*** empty log message ***
(sec_end): only clean app_data if there is any
*** empty log message ***
(dpagaix): needs to be linked with ld, add an explicit command for
*** empty log message ***
update prototypes
(doit, my_telnet): re-write code to keep track both of remote hostname
(startslave, start_login): re-write code to keep track both of remote
try to write a useful string as host in utmp, using the same algoritm
*** empty log message ***
(getnameinfo_verified): always capture the service from getnameinfo so
*** empty log message ***
(doit): call inet_ntop with correct af, noted by Ake Sandgren
*** empty log message ***
(generate_type_decode): zero the data at the beginning of the
*** empty log message ***
fix @itemize markup
(getnameinfo_verified): do the first getnameinfo with NI_NUMERICSERV
*** empty log message ***
printf format fixes
roken rename dns functions used in libkafs
*** empty log message ***
add more functions to rename
*** empty log message ***
correct the two last weak keys in accordance with FIPS 74. noted by
(main): fix select-loop to decrement ret correctly. from "Brandon
(setpeer): handle both service names and port numbers for the second
*** empty log message ***
try to use handle using openssl instead of libdes better. based on patches from GOMBAS Gabor <gombasg at inf.elte.hu> and Brian May <bam at snoopy.apana.org.au>
try to handle libdes/libcrypto ont requiring -L
(main): use a `struct sockaddr_storage' to be able to store all types
fix a few kdc_log format types
(psyslog): do not log to console
(default_proc): add printf attributes
fix default_realm in example
(krb5_sendto): loop over all address returned by getaddrinfo before
(_warnerr): add printf attributes
*** empty log message ***
use krb5_generate_random_block for the confounders
*** empty log message ***
correct conditional
correct weak keys and update comment
*** empty log message ***
set minor_status in some cases where it was not done
add missing setting of minor_status and failure checks
(gss_accept_sec_context): either return gss_name NULL-ed or set
add string.h (for memset)
(gss_accept_sec_context): add missing variable
*** empty log message ***
s/[gs]et_progname/[gs]etprogname/
check for getprogname, setprogname
(setprogname, getprogname: add), leaving the underscore versions for
(setprogname, getprogname): add prototypes
add blank lines to make make-proto happier
*** empty log message ***
(tn): copy the hostname so it doesn't get overwritten while reading
(set_progname, get_progname): remove
*** empty log message ***
(set_progname, get_progname): remove prototypes
(warnerr): do not use __progname
*** empty log message ***
test for lber.h when trying to link against openldap to handle
*** empty log message ***
more documentation, from <lha at stacken.kth.se>
learn to live with libcrypto (from openssl)
*** empty log message ***
do not use -R when testing for des functions
(renew_validate): treat -1 as flags not being set
(main): only request a renewable ticket when explicitly requested. it
*** empty log message ***
(krb5_enctype): add ENCTYPE_* aliases for compatibility with MIT krb5
*** empty log message ***
make sure of using -rpath and not -R when calling ld
fix up some gratuitous externs
include roken_rename.h when appropriate
(krb5_enctype): remove trailing comma
re do the roken-renaming properly
*** empty log message ***
some minimal more amount of const-correctness
*** empty log message ***
(gss_acquire_cred): remove memory leaks. from Jason R Thorpe <thorpej at zembu.com>
*** empty log message ***
add new test vectors posted by Ken Raeburn <raeburn at mit.edu> in
more test vectors from same source
(krb5_derive_key): new function, used by derived-key-test.c
new tests on key derivation
add derived-key-test
*** empty log message ***
add documentation for forwardable, proxiable, date_format, srv_lookup,
(get_cred_kdc): add support for falling back to KRB5_KU_AP_REQ_AUTH
add more options
add GLOB_LIMIT from NetBSD
*** empty log message ***
(send_file_list): use GLOB_LIMIT if defined
(ftpd_popen): use GLOB_LIMIT if defined
*** empty log message ***
(parse_something): do not check the return value from strtod, it might
*** empty log message ***
(create_checksum): change so that `type == 0' means pick from the
(krb5_checksum, krb5_keyusage): add compatibility names
(krb5_mk_error): allow specifying both ctime and cusec
(tgs_rep2): try to set sec and usec in error replies
change order of includes to allow it to work with more versions of
*** empty log message ***
*** empty log message ***
handle new krb5_mk_error
(tgs_rep): call tgs_rep2 properly
update to new krb5_mk_error
restore CFLAGS if v6 is not detected
fix format error in error_message
also test for GLOB_LIMIT
always use GLOB_LIMIT
*** empty log message ***
*** empty log message ***
(inet_ntop_v6): always print at least one digit between colons
(fatalperror_errno): add a new function with explicit errno parameter
(start_login): give the correct error if exec fails
(fatalperror_errno): add prototype
*** empty log message ***
*** empty log message ***
*** empty log message ***
(get_init_creds_common): handle options == NULL. noted by
(libkrb5_la_SOURCES): add keytab_any.c
new file
(init_context_from_config_file): add krb5_any_ops
(krb5_any_ops): add declaration
asn1.h -> krb5_asn1.h
(krb5_verify_init_creds): do not try to close an unopened ccache,
*** empty log message ***
(free_getarg_strings): add function
(free_getarg_strings): add prototype
(kt_get): allow specification of encryption types
add -e/-enctypes for get
*** empty log message ***
(is_krbtgt): rename to get_krbtgt_realm
(tgs_rep2): return a reference to a krbtgt for the right realm if we
*** empty log message ***
mdoc fixes from ru at freebsd.org
another draft
mdoc fixes from ru at freebsd.org
remove config.h, this is an installed header file
add config.h for completeness
*** empty log message ***
add printf formats for gcc
(strdup): add
*** empty log message ***
new functions for setting error string
(libkrb5_la_SOURCES): add error_string.c
(krb5_context_data): add error_string and error_buf
*** empty log message ***
(krb5_get_in_cred): set some sensible error strings for errors
(main): try to print the error string
(foreach_principal): add `funcname' and try printing the error string
(cpw_entry): new foreach_principal
(del_entry): new foreach_principal
(ext_keytab): new foreach_principal
(getit): new foreach_principal
(foreach_principal): update prototype
*** empty log message ***
(_warnerr): print error_string in context in preference to error
simplify error printing code
call krb5_set_error_string when open fails fatally
*** empty log message ***
(freeaddrinfo): also free every `struct addrinfo'. from
*** empty log message ***
(gss_delete_sec_context): remember to free the memory used by the
(krb5_generate_seq_number): free the entire subkey. from
(krb5_sendto_kdc2): try to tell what realm we didn't manage to reach
(encryption_type): make field names more consistent
(mic_des3): new krb5_create_checksum
(wrap_des3): new krb5_create_checksum
(krb5_mk_req_internal): new krb5_create_checksum
(krb5_mk_safe): new krb5_create_checksum
*** empty log message ***
(gss_delete_sec_context): fix think-o
(init_context_from_config_file): set default_keytab_modify
(krb5_context_data): add default_keytab_modify
(krb5_get_host_realm_int): make `use_dns' parameter boolean
(krb5_get_in_cred): set error strings for a few more errors
(krb5_kt_default_modify_name): add
(KEYTAB_DEFAULT): change to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
(configure): call free_getarg_strings
*** empty log message ***
(main): do not open the keytab, let every sub-function handle it
(kt_add): reorganize some. open the keytab (defaulting to the modify
(kt_change): reorganize some. open the keytab (defaulting to the modify
(kt_copy): default to modify key name. re-organise
(kt_get): reorganize some. open the keytab (defaulting to the modify
different variables
(kt_list): reorganize some. open the keytab
(kt_purge): reorganize some. open the keytab (defaulting to the modify
(kt_remove): reorganize some. open the keytab (defaulting to the modify
*** empty log message ***
remove left-overs of keytab handling
print both v5 and v4 list by default
(do_list): always print complete names. print everything to stdout.
(do_list): do not close the keytab if opening it failed
(krb5_kt_resolve): better error string
move printing of keytab strings to better times
add more calls to krb5_set_error_string
mdoc fixes
try to return the error string from krb5
*** empty log message ***
(des_string_to_key, des_string_to_2keys): avoid weak keys
*** empty log message ***
transpose last two paramaters to krb5_cc_next_cred (as MIT does, and not as they document). From "Jacques A. Vidrine" <n at nectar.com>
(add_to_error_table): new function, from Derrick J Brashear
(add_to_error_table): add prototype
*** empty log message ***
(krb5_prompt): add type
(krb5_prompter_posix): add name
update to new prompter, use prompter types and send two prompts at
*** empty log message ***
(nop_prompter): update prototype
add limits.h, from <shadow at dementia.org>
(tsg_rep): fix typo in variable name
*** empty log message ***
(LR-TYPE): add
(gen_files): add asn1_LR_TYPE.x
add some krb5_{set,clear}_error_string
update to new krb5_sockaddr2address
(foreach_principal): rely on krb5_warn to get reasonable error
new krb5_sockaddr2address
new krb5_config_parse_file
adapt to changing address functions
adapt to changing address functions
adapt to new address functions
*** empty log message ***
(krb5_eai_to_heim_errno): add `errno' (called system_error) to allow
update to new krb5_eai_to_heim_errno
*** empty log message ***
(main): some error cleaning required
(krb5_error_from_rd_error): use correct parenthesis
*** empty log message ***
update location of gnus' crash box
*** empty log message ***
(start_server): fix krb5_eai_to_heim_errno call
*** empty log message ***
remove dead code
(main): call free_getarg_strings
xref -> pxref
*** empty log message ***
add SRVTAB as an alias for krb4
(krb5_srvtab_fkt_ops): add
(init_context_from_config_file): register srvtab alias
*** empty log message ***
bump version to 5:0:0
bump version to 3:1:0
bump version to 7:1:0
bump version to 16:0:0
bump version to 3:1:2
re-add set_progname and get_progname for backwards compatability
bump version to 12:0:3
bump versions to 1:2:1 and 1:4:1
bump version to 2:0:1
*** empty log message ***
Release 0.3f
beautify mail address
add fallback definitions of u_int32_t and u_int16_t
no return <void value> in a void function
kludge for systems not having u_int{16,32}_t
make it kludge-compatilbe with bwap
include all the headers that AC_GROK_TYPES tries for finding u_int17_t
*** empty log message ***
fix typo
(tgs_rep2): alloc and free csec and cusec properly
*** empty log message ***
correct prototype of krb5_free_context. from Hans Insulander
(krb5_get_krb524hst): add and restructure the support functions
*** empty log message ***
*** empty log message ***
add
(krb524_convert_creds_kdc): call krb5_get_krb524hst
(krb5_get_in_cred): clear error string when preauth was required and
(krb5_get_init_creds_opt_set_default_flags): add reading of
remove configuration reading that is now done in
add [appdefaults]
*** empty log message ***
(krb5_get_init_creds_opt_set_default_flags): fix typo
make it robust enough so that it actually works
(main): initialize numerr
*** empty log message ***
add krb4_get_tickets
(krb5_to4): look for [realms]<realm>krb4_get_tickets to decide whether
*** empty log message ***
update copyright to ftp://ftp.porcupine.org/pub/security/logdaemon_license
*** empty log message ***
another relevant draft
add SRV priority and weight
simplify default_keys example
make catmans (from krb4's fix-export)
mdoc fix
remove extra .El
add mention of login
(ext_keytab): use the default modify keytab per default
check memory allocations. add some const
*** empty log message ***
(sizestr): remove and use snprintf to do this correctly instead
*** empty log message ***
add some const
some cleanup
*** empty log message ***
*** empty log message ***
it's -> its
(common_init): remove memory leak
program for testing krbhst
(noinst_PROGRAMS): add krbhst-test
use errx, errno might not be set, improve error message
make emalloc,ecalloc,erealloc,estrdup conditional
(AC_BROKEN): test for emalloc,ecalloc,erealloc,estrdup
add for symmetry
move emalloc et al to roken.h.in
add emalloc et al
*** empty log message ***
remove initstate and setstate, they should be in cf/roken-frag.m4
(AC_CHECK_HEADERS): test for initstate and setstate
(AC_CHECK_HEADERS): test for random
remove some more memory leaks
make it more verbose and useful
(KRB5_VERIFY_NO_ADDRESSES): add
(krb5_krbhst_get_addrinfo): add
update to use krb5_krbhst API
(krb5_change_password): update to use krb5_krbhst API
(krb524_convert_creds_kdc): update to use krb5_krbhst API
remove dns related items that has been solved
name function krb5_auth_con more consistenly
(mcc_remove_cred): use krb5_free_creds_contents
(krb5_verify_authenticator_checksum): use renamed
(man_MANS): add new manpages and sort them all
new stuff and add back removed 0.3f
*** empty log message ***
remove comment
(krb5_mk_safe): pick keys in the right order, local - remote - session
(krb5_rd_priv): pick keys in the correct order: remote - local - session
(krb5_rd_rep): save the remote sub key in the auth_context
(krb5_rd_safe): pick the keys in the right order: remote - local - session
(krb5_rd_req): use krb5_auth_con* functions and remove some comments
update krb5_auth_con function names
update krb5_auth_con function names
(gss_krb5_get_remotekey, gss_krb5_get_localkey): add prototypes
update krb5_auth_con function names
replace gss_krb5_getsomekey with gss_krb5_get_localkey and
*** empty log message ***
remove subkey, it's not really wrong
writes -> write
*** empty log message ***
update to new krb5_auth_con* names
*** empty log message ***
(admin_get_next): spell kerberos correctly
(krb524_convert_creds_kdc_ccache): remove some unused variables
(krb5_sendto): remove an extra freeaddrinfo
new krb524_convert_creds_kdc_ccache
(krb5_to4): dereference result from krb5_princ_realm. noted by Thomas
(main): dereference result from krb5_princ_realm. from Thomas Nystrom
*** empty log message ***
try to handle FreeBSD's GLOB_MAXPATH
try to handle GLOB_MAXPATH (FreeBSD)
(_kafs_realm_of_cell): changed to first try exact match in CellServDB,
*** empty log message ***
*** empty log message ***
(pipe_execv): remove unused variable
*** empty log message ***
removed the errors that were moved to k524_err.et
use getaddrinfo instead of dns_lookup when testing for
update (remove xor seq number, and add snprintf(NULL, 0))
add -b for pointing to the telnet program. from <mikan at mikan.net>
add -b for pointing to the rsh program. from <mikan at mikan.net>
*** empty log message ***
add -v/-b
*** empty log message ***
*** empty log message ***
add krb5_krbhst_format_string and krb5_krbhst_get_addrinfo
(fallback_get_hosts): do not copy trailing . of hostname
*** empty log message ***
only add -L and -R to the krb4 libdir if we are actually using it
(krb5_get_init_creds_opt_set_default_flags): make the appdefault
update to changed names used by
remove appdefaults item, seems to be handled
remove duplicate LIB_readline
remove duplicate check_der in TESTS
(verify_krb5): remove unused variable
*** empty log message ***
update to libtool 1.4
add kludge for handling { and } on the same line
remove an unused variable and add a const
change text
*** empty log message ***
add a missing <string.h>, noted by Staffan Thomen <duck at multi.fi>
move v6 tests later
(krb5_context_data): remove srv_try_rfc2052
*** empty log message ***
add >
make sure of building getaddrinfo et al if missing
*** empty log message ***
add a define for des_new_random_key when using openssl
add .Nd - from <hin at stacken.kth.se>
(any_resolve); improving parsing of ANY:
(any_resolve): make use of strsep_copy more consistent
add back INLCUDE_krb4
(krb5_storage_from_fd): check malloc returns
*** empty log message ***
*** empty log message ***
add krb5_verify_user.3
new man-page
remove enmpty environment. from Hubert Feyrer
document -y, from Hans Insulander <hin at stacken.kth.se>
(des_not_rand_data): conditionalize on HAVE_SETITIMER
(krb5_rd_cred): check calloc return value
(do_524): fix typo
remove extra clearing of password and some redundant code
update with new options. remove confusing text about KRB5_CONFIG
(krb5_get_forwarded_creds): if no_addresses is set, do not add any
add a missed openssl fix
remember the real port number when falling back from kpasswd ->
*** empty log message ***
add krb524_server documentation
(doit): make failing to bind a socket a non-fatal error, and abort if
*** empty log message ***
add note about mk_safe checksum not being backwards compatible
*** empty log message ***
fixup some kaserver text
Release 0.4a
*** empty log message ***
moved to ../vers
(krb5_425_conv_principal_ext): if the instance is the first component
update (config_file, snprintf)
rewrite so that it does not stop as soon as there are no more
*** empty log message ***
(libhdb_la_LDFLAGS): set version to 7:2:0
(libkrb5_la_LDFLAGS): set version to 17:0:0
(libgssapi_la_LDFLAGS): set version to 3:2:2
add snprintf_test
(libroken_la_LDFLAGS:) set version to 13:0:4
(libkafs_la_LDFLAGS): set versoin to 2:4:2
(libkadm5clnt_la_LDFLAGS): set version to 6:2:2
*** empty log message ***
(krb5_get_init_creds_opt_set_default_flags): change to take a const
(find_all_addresses): call free_addresses on ignore_addresses
(get_cred_kdc_la): fix typo
correct path to sample_password_check.c, from Hans Insulander
(SVIS): add some (unsigned char) before calling isfoo*
(setprogname): add const cast
(krb5_get_server_rcache): cast argument to printf
(send_via_proxy): initialize a variable to make gcc's optimizer happy
re-do some of the v4 fallbacks:
*** empty log message ***
reorder
make gsskrb5_register_acceptor_identity set the keytab to be used for gss_acquire_cred too
*** empty log message ***
fix spelling in comment. from Peter Valchev <pval at openbsd.org>
*** empty log message ***
move osf2c magic earlier. from Mark Davies <mark at MCS.VUW.AC.NZ>
*** empty log message ***
*** empty log message ***
add tests for snprintf
(LIB_des_a, LIB_des_so): add these so that they can be used by
use LDFLAGS, and conditional libdes
*** empty log message ***
bump version to 0.4c-pre
(krb5_sock_to_principal): copy hname before calling
separate out [gs]etprogname
add getprogname.c
*** empty log message ***
(krb5_get_extra_addresses): add missing context
separate find_fqdn
(libroken_la_SOURCES): add hostent_find_fqdn.c
(hostent_find_fqdn): add
*** empty log message ***
(hostent_find_fqdn): const-ize
(hostent_find_fqdn): update prototype
(add_hostent): adapt to const hostent_find_fqdn
add support for printing long long (if available)
add more %X tests, and long and conditional long long tests
(libasn1_la_LIBADD): add required library dependencies
use $(CC) instead of ld for linking
(libgssapi_la_LIBADD): add required library dependencies
*** empty log message ***
(libhdb_la_LIBADD): add required library dependencies
add required library dependencies
*** empty log message ***
*** empty log message ***
simple spelling
remove bogus -lroken
references and see also fixups from Ruslan Ermilov <ru at FreeBSD.org>
add paths for openafs debian (/etc/openafs)
look in /etc/openafs for debian openafs
add -K (send arguments to kx)
document -K
add -K (send arguments to kx)
document -K
*** empty log message ***
(connect_local_xsocket): handle a tcp socket as last resort
*** empty log message ***
*** empty log message ***
add some more error strings
remove make-print-version from LIBOBJS, it's no longer in lib/roken
use LIB_des, so that we link with libcrypto/libdes from krb4
*** empty log message ***
(define_asn1): remove an unused variable
add missing slash (noted by felipe at nada.kth.se)
*** empty log message ***
use make-rpath to create rpath argument to ld
*** empty log message ***
add limits.h
add snprintf-test.h (for renaming functions)
*** empty log message ***
(main): add missing setprogname
*** empty log message ***
(krb5_principal_get_type): add
remove two warnings
(output_data): make sure of not forwarding `nfrontp' too far, thereby
*** empty log message ***
(usage): clarify a tiny bit
try to update it with the code
add pointer to usenix 2001 paper
(fatal): use vsnprintf correctly
*** empty log message ***
(renew_validate): invert condition correctly. get v4 tickets if we
(krb5_get_default_realm): set an error string
(srv_find_realm): handle port numbers consistenly in local byte order
(krb5_sock_to_principal): use getnameinfo
*** empty log message ***
update hprop instruction
(libgssapi_la_LDFLAGS): update to 3:3:2
(libhdb_la_LDFLAGS): update to 7:3:0
(libkrb5_la_LDFLAGS): bump version to 18:0:1
(libroken_la_LDFLAGS): bump version to 14:0:5
(libkafs_la_LDFLAGS): set version to 3:0:3
*** empty log message ***
(krb5_fwd_tgt_creds): make it behave the same way as the MIT function
*** empty log message ***
Release 0.4c
*** empty log message ***
fix typo
add DBLIB
*** empty log message ***
(arg_match_long): fix parsing of arg_counter optional argument
*** empty log message ***
(LDADD): move otp earlier
(krb5_sock_to_principal): rename sa_len -> salen to avoid the macro
*** empty log message ***
(init_context_from_config_file): check parsing of addresses
*** empty log message ***
(libkrb5_la_LDFLAGS): update version to 18:1:1
(libroken_la_LDFLAGS): update version to 14:1:5
*** empty log message ***
Release 0.4d
(getifaddrs2): remove unused variables
*** empty log message ***
(main): handle --version
*** empty log message ***
(main): implement --version and --help
*** empty log message ***
(mini_inetd): explicitly use PF_UNSPEC. be more resilient to
*** empty log message ***
fix the sed expression for finding the man pages
add popper.8
add getarg.3
(man_MANS): add some missing man pages
add des.1 and des_crypt.3
*** empty log message ***
(setpeer): __NetBSD__ is also a unix-like OS
*** empty log message ***
remove header files checked by rk_db
*** empty log message ***
(gss_userok): make argument to printf type correct
add some (unsigned char) casts to is*
*** empty log message ***
(main): removed unused variable `e'
(dns_srv_order): fix type of dummy function
move h_errno to its own file
*** empty log message ***
(main): fix errx call
make -a and -A do the same as in ls(1)
*** empty log message ***
for general enjoyment
just add -L (if required) from krb4 when testing for libdes/libcrypto
*** empty log message ***
fix author
*** empty log message ***
tdp -> tcp, from fallsjo at isk.kth.se
merge of DB-NEW
update
(libhdb_la_LDFLAGS): update to 7:4:0
(libroken_la_LDFLAGS): update to 14:2:5
(getpty): call openpty if it exists
*** empty log message ***
check for openpty
*** empty log message ***
Release 0.4e
*** empty log message ***
0.4d never was
*** empty log message ***
this is really 0.4d
0.4d really
test for openpty in -lutil too
Release 0.4e
(get_response): fix krb5_err call
remove get_response
remove extra space after -L
*** empty log message ***
print some size_t correctly
(do_request): print size_t's correctly
remove all winsock.h
providd a fallback for ARG_MAX. from <tol at stacken.kth.se>
*** empty log message ***
include libutil.h if it exists
(get_des_key): check for null keys even if is_server
include libutil.h if it exists
*** empty log message ***
*** empty log message ***
fix typo
re-write the handling of crypto libraries. try to use the one of
*** empty log message ***
new style of using crypto libraries
bump prereq to 2.52
*** empty log message ***
SHA1_CTX should be SHA_CTX
*** empty log message ***
add LIB_openpty
cannot use NULL, so 0 will have to do
actually add the library
remember to restore saved values after testing for krb4's libdes
add DBLIB and LIB_NDBM to the dependencies for libhdb.la
remove getaddrinfo.c (added automatically since it's in LIBOBJS)
(gss_display_status): handle krb5_get_err_text failing
handle minor_status more consistently
*** empty log message ***
update encapsulate and decapsulate prototypes
*** empty log message ***
make it play better with recent automake
change one += to = to AM_CFLAGS to avoid an error with recent automake
(make_print_version_LDADD): use = instead of += (be nice to current
rename variable name to avoid error from current automake
(dpagaix): make sure of using $(EXEEXT) just to please automake (this
*** empty log message ***
rename variable name to avoid error from current automake
*** empty log message ***
add --help/--verify
parse arguments in a useful way
do add optind
remove CHECK_LOCAL - non bin programs require no special treatment now
(fetch_acl): do not return bogus flags and re-organize function
*** empty log message ***
add something about first-match in kadmind.acl, based on text from
mrege in some more text on salts from lha at stacken.kth.se
dns_srv_order was added
adopt to new KRB_CRYPTO
also link with the library for logout
handle both krb5 and krb4 cases
*** empty log message ***
*** empty log message ***
(libkrb5_la_LDFLAGS): set versoin to 18:2:1
(libgssapi_la_LDFLAGS): set version to 3:4:2
(libroken_la_LDFLAGS): set to 14:3:5
(libkadm5srv_la_LDFLAGS): set version to 7:4:0
*** empty log message ***
test for issetugid
(edit_timet): make non-static to be consistent
(issuid): call issetugid if it exists
*** empty log message ***
Release 0.4e
set and use INCLUDE_des
test for logout
handle both -llib and lib in the second argument
*** empty log message ***
supply an header file
kill some warnings
(gssapi_krb5_verify_8003_checksum, gssapi_krb5_create_8003_checksum): make more consistent by always returning an gssapi error and setting minor status. update callers
*** empty log message ***
new macro for doing --with-foo, --with-foo-include, and --with-foo-lib
use AC_WITH_ALL to allow separate specification of include and lib
check for ndbm functions in db3 library too
*** empty log message ***
(main): syslog with the correct name
*** empty log message ***
add back dependency on roken.h that seems to be required with some
ignore "no" as a library - another special case to make it easy to
(AUTOMAKE_OPTIONS): set 1.4b here so that users are warned if using
remove changequotes
*** empty log message ***
*** empty log message ***
only add /usr/include/et to CPPFLAGS if it's actually used
*** empty log message ***
add dependency on more headers to help make
(libotp_la_LDFLAGS): set version to 1:3:1
(libkafs_la_LDFLAGS): set version to 3:1:3
Release 0.4e
*** empty log message ***
check for atexit and on_exit
handle atexit or on_exit
*** empty log message ***
prefer ndbm.h to dbm.h
*** empty log message ***
not used any longer
prefer ndbm.h to dbm.h
(EXTRA_libroken_la_SOURCES): add vis.hin to help solaris make
*** empty log message ***
add another unsigned char cast
add resolv.h
include err.h (for errx)
unsigned char casts for is*, casts for socket functi, add headers
(krb5_print_address): fix typo found by hin at stacken.kth.se
(krb5_print_address): handle snprintf returning < 0
(gss_adat): leak less memory and check return value from asprintf
(doit): check return values from snprintf being negative
*** empty log message ***
(strftime): check for return values from snprintf() < 0
use int instead of size_t as return values to be compatible with snprintf
*** empty log message ***
(allocbuf): do not leak memory on failure and zero re-used memory,
*** empty log message ***
(LDADD): move libkafs further down
(INCLUDES:) make sure of finding com_err include files
*** empty log message ***
(run_err): always match va_start and va_end
*** empty log message ***
(INCLUDES): search for files in com_err's source directory
shadow is actually happy
use more randomness (arc4random + srandomdev)
update to the current version from :pserver:anoncvs at subversions.gnu.org:/home/cvs
add missing parenthesis
srandom paren fix
look for configuration files in /etc/arla (the location in debian's
*** empty log message ***
test for the ndbm database really being a .db one
*** empty log message ***
arpa/nameser.h is required by resolv.h on solaris
fix casts to long long
move roken.h earlier to grab definition of socklen_t
*** empty log message ***
move krb5_error_code inside a ifdef KRB5
rename STATUS -> el_STATUS to avoid conflict with STATUS in
*** empty log message ***
*** empty log message ***
allow specifying the number of users to create
*** empty log message ***
fix my mail address
use des functions to avoid generating warnings with openssl's
(krb5_appdefault_{boolean,string,time): make realm const
*** empty log message ***
undef ECHO to avoid warnings
rename 'struct state' -> 'struct snprintf_test' to avoid collision
*** empty log message ***
(libroken_la_LDFLAGS): bump to 14:4:5
*** empty log message ***
add a kludge to make it build on aix (that defines NOERROR in both
*** empty log message ***
undef PUTSHORT to avoid conflict
*** empty log message ***
add a kludge to make it build on aix (that defines NOERROR in both
move NOERROR
(do_login): add setpcred
*** empty log message ***
*** empty log message ***
(dns_srv_order): make sure of not reading after the array
(der_put_length): do not even try writing anything when len == 1
allocate several buffers for the list of words, instead of one strdup
*** empty log message ***
(valid_princ): use TRUE/FALSE
kludge: use absolute path to find prot.h so we do not get confused by
printf size_t correctly
add ENUMERATED and OBJECT IDENTIFIER
*** empty log message ***
remove some warnings
make comment reality-compliant
(krb5_passwd_result_to_string): add
improve error message printing
(KRB5_KPASSWD_*): set correct values
*** empty log message ***
add decode_oid
remove libasn1.h
*** empty log message ***
these two should be solved
(der_get_oid): add `n', increment p
add kauth as an alias for kinit
allow specification of afslog in krb5.conf, noted by jhutz at cs.cmu.edu
handle man pages without SYNOPSIS but looking for both SYNOPSIS and
*** empty log message ***
(dns_srv_order): rename correctly
(ROKEN_SRCS): add strtok_r.c
*** empty log message ***
(enctype_arcfour_hmac_md5): actually use a non-keyed checksum when it
add localtime_r
*** empty log message ***
spell fix
make all high-level encrypting and decrypting functions check the
*** empty log message ***
remove old comment
add strlcpy to the roken functions
*** empty log message ***
(afslog_uid_int): handle krb_get_tf_fullname that cannot take NULLs
*** empty log message ***
actually build the pam module
*** empty log message ***
(libroken_la_LDFLAGS): set version to 15:0:6
(libkafs_la_LDFLAGS): set version to 3:2:3
*** empty log message ***
add rokenification of strsep, update shared library version to 3:3:3
*** empty log message ***
remove bad empty line.
add man-page for krb5_free_addresses
add krb5.3 from netbsd
support SIOCGLIFCONF and SIOCGLIFFLAGS which are used on Solaris 8 to
move ipv6 tests after -lsocket (to handle Solaris 8)
*** empty log message ***
then -> that, from Thomas Klausner <wiz at netbsd.org>
use krb5_enctype consistently. From Ben Harris <bjh21 at netbsd.org>
*** empty log message ***
(create_checksum): make usage `unsigned' (it's not really a
*** empty log message ***
use SIG_DFL and not SIG_IGN for SIGCHLD.
*** empty log message ***
mdoc fixes (refer correctly to programs). from Ruslan Ermilov <ru at FreeBSD.org>
default to waiting for encryption if we are using authentication
make the kvno's in the krb4 universe by the real one % 256, since they
(error_message): do not call strerror with a negative error
make all functions taking 'struct sockaddr' actually take a socklen_t
rename functions DES_* to krb5_* to avoid colliding with modern
get a ticket with no addresses if no-addresses is set
(krb5_get_forwarded_creds): handle ports giving for the remote address
handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
store the kvno % 256 as the byte and the complete 32 bit kvno after
handle addresses with port numbers
*** empty log message ***
add 0.4f items
(libasn1_la_LDFLAGS): bump version to 6:0:0
(libhdb_la_LDFLAGS): bump version to 7:5:0
(libkrb5_la_LDFLAGS): bump version to 18:3:1
(gssapi_krb5_verify_8003_checksum): handle zero channel bindings
(libgssapi_la_LDFLAGS): bump version to 3:5:2
(libkadm5srv_la_LDFLAGS): set version to 7:5:0
(libcom_err_la_LDFLAGS): set version to 2:1:1
(libkdfs_la_LDFLAGS): set versoin to 0:2:0
*** empty log message ***
Release 0.4f
change Mars -> March, noted by Dima Dorfman <dima at trit.org>
remove the trial of afs at REALM for cell != realm, it tries to use the
*_LDADD: add LDADD, so that libroken is used
*** empty log message ***
add inclue files when testing for struct iovec and struct msghdr
(read_master_encryptionkey): use a proper type for len
removed unused variable
Release --help
removed old stuff
fix spelling
Release 0.4f
add dependencies from the generated source files to the header files
print OIDs too, based on a patch from Love <lha at stacken.kth.se>
*** empty log message ***
(der_get_int): handle len == 0. based on a patch from Love
*** empty log message ***
make this build again
make it use getarg so that it can handle --help and --version (and
*** empty log message ***
make it use getarg so that it can handle --help and --version (and
*** empty log message ***
*** empty log message ***
make it handle --version/--help
*** empty log message ***
actually use getarg
start using getarg
add --version as a special case
*** empty log message ***
test for the vis, strvis functions requiring prototypes
include <string.h> in the generated files (for memset)
(find_db): const-correctness in parameters to krb5_config_get_next
(find_db_spec): const-correctness in parameters to krb5_config_get_next
(receive_everything): type-correctness calling _krb5_get_int
add fallback definition for T_AAAA
add prototypes for str, unvis functions
(krb5_425_conv_principal_ext): lookup AAAA rrs before A ones when
*** empty log message ***
add missing semicolon
(parse_reply): verify the lengths (both external and internal) are
*** empty log message ***
define _GNU_SOURCE when running tests - it's needed to see all the
remove _GNU_SOURCE - it's now added by configure
*** empty log message ***
(make_print_version_LDADD): do not hardcode -ldes, use $(LIB_des)
*** empty log message ***
define HAVE_OPENSSL even if we got to hear about it by krb4
*** empty log message ***
add missing ifdef DAEMON
*** empty log message ***
also add LIB_tgetent in the case of editline
*** empty log message ***
add a program for testing parsing and unparsing principal names
add parse-name-test
use com_err/error_message API
also test _short functions
fix initializer
*** empty log message ***
add testcases for krb5_425_conv_principal
(TESTS): add name-45-test
also test krb5_524_conv_principal
(parse_reply): update the arguments to more reasonable types. allow
add a test case for parse_reply reading past the given buffer
(parse_reply-test): add
*** empty log message ***
add mention of linux getifaddrs
check for sys/mman.h and mmap (used by parse_reply-test)
add --disable-mmap
add --disable-mmap option, and tests for sys/mman.h and mmap
*** empty log message ***
make this build and return 77 if there is no mmap
*** empty log message ***
add Linux AF_NETLINK getifaddrs from Hideaki YOSHIFUJI of the Usagi
*** empty log message ***
krb5_crypto_block_size -> krb5_crypto_getblocksize
*** empty log message ***
(getnameinfo_verified): handle the case of forward but no backward DNS
(encode_reply): correct error logging
remove some warnings from the linux-portion
*** empty log message ***
(decode_packet): check the length of the version string and that rlen
*** empty log message ***
fix FreeBSD section
*** empty log message ***
(accept_with_timeout): use socklen_t
(verify): move ret to where it's used
*** empty log message ***
add --enable-kerberos4-cross-realm option (default to off)
(encode_524_response): check the enable_v4_cross_realm flag before
(enable_v4_cross_realm): add
pay attention to enable_v4_cross_realm
document --kerberos4-cross-realm
*** empty log message ***
(loop): only check errsock if it's valid
(_PATH_FTPUSERS): conditionalize
*** empty log message ***
fixed one incorrect fprintf to stderr
define OPENSSL_DES_LIBDES_COMPATIBILITY
include aes.h if ENABLE_AES
*** empty log message ***
Fix unlock/destroy macros for the non-threaded cases to work. Fix typo.
*** empty log message ***
add AM_PROG_CC_C_O for automake 1.9
Do not assume that des_key_schedule is an array.
*** empty log message ***
NIIL should be NIL
*** empty log message ***
Björn Groenvall (323):
Initial revision
Initial revision
Added Kerberos V4 style authentification.
Added newline to "Return-Path: user" line.
Don't write lines that get to long when constructing
Always create temporary maildrop with small permissions, even when we
Initial revision
Initial revision
Initial revision
New file key_par.c for MIT compat.
Removed des_fixup_key_parity(des_cblock *key).
Compat with MIT des_fixup_key_parity.
ranlib
Use INSTALL_DATA
enc_read.c was listed twice
Initial revision
Initial revision
Updated from 3.01 to 3.06 version.
Fix for multiple entry points in HP-UX.
Initial revision
x
Fix for _AIX
Fix for horror _AIX
Fix for AIX
Add default seed.
Fix for sgi
Allow realm argument to k_afsklog() to be 0 or "" for default realm.
Need to reinstall handler on SYSV.
Use stamps rather than .PHONY targets.
HP-UX declares macro SE in machine/cpu.h, undef:ed twice.
Ioctl TIOCSCTTY should not be used on HP-UX.
Foo?
Port to IRIX.
Fix for IRIX
Hack for Linux.
Linux hack but no port!
Fix for linux.
Initial revision
Fix linkage typeo, should not be static.
Initial revision
Add check for termio.h
Initial revision
Removed protection for multiple inclusions of termio(s).h since it
Option -k realm was broken due to a bogous external declaration.
Warn if encryption is not activated both ways!
When exporting variable DISPLAY, if hostname is not the full name, try
If remote host name is to long to fit into utmp try to remove domain
Add extern char *new_login;
Add new option -L /bin/login and variable char *new_login.
Ignore exit status from if.
Foo?
Bar?
New install
Foo?
Must include sys/filio.h on Psoriasis.
Initial revision
Added cell argument to k_afsklog().
First we try afs.cell at REALM, if there is no such thing try afs at CELL
Initial revision
Dont't link againts libresolv.
Portewd to HP-UX.
Ported to HP-UX.
Portewd to HP-UX, i.e use portable k_flock from libkrb.
Name changed to kpopper.
x
Define KERBEROS.
Link with and include X stuff.
Include config.h and define KERBEROS
Initial revision
Initial revision
AIX is just to ugly!
Posixized
Initial revision
Brief installation instructions.
Fix typo
Use autoconf stuff better.
Include unistd.h
x
y
z
Protoized.
Include protos.h
Not all systems have (or need) modules ttcompat and pckt so don't flag
Use name from ticket file rather than pw->pw_name.
Add timeout stuff.
Initial revision
Initial revision
Use stdarg instead of varargs. The code is still broken though, you'll
PROG_BIN should be PROG_LIBEXEC in install target.
x
Don't make root do a kill(-1, SIGHUP) when password LOGOUT is entered.
Also check for effective uid (paranoia).
Initial revision
x
strings.h -> string.h
L_ --> SEEK_dito
fcntl.h
index -> strchr
bin -> libexec
#include <unistd.h>
Don't try to redifine macros.
Under SunOS5 the same utmpx slot got used by sevral sessions.
Add support for Linux shared libraries.
Don't link with com_err.
Initial revision
Now integrated.
Always create a utmpx_login fucnction.
More uses of RCSID() in lib/* and appl/bsd.
Fix shared library stuff for other platforms than Linux.
Extend libdes crypt routine to "illegal" salts.
Don't create a new PAG since login does that also.
More RCS headers.
Fix multiple redundant includes.
Fix for SysV
Not used
Moved Zephyr support to external program
Added RCSID(msg) macro.
Add kludge for Mac NCSA telnet 2.6
Fix typo
x
Make popper timeout after 120 seconds.
Unifdef SYSV4. Essentially prompting.
Added RCSID("$Id$");
Add -x option to rcp.
New function stty_default to handle default tty settings.
Change $Header to $Id
If k_afsklog() returns KDC_PR_UNKNOWN one should not always report an
New BSD compatible signal function
Add rm -rf CVS to distclean target
Add -i option to su
Applied patch made by flag at it.kth.se that
Improve user feedback on password input.
Massaged the configure files so that we can build under NEXTSTEP 3.3. Some kludges to prevent cpp bugs and link errors where also neccessary.
Use getmsg not read when reading from pty master
x
wrong args
x
Minor fixup
Better support for multihomed servers in libkrb.
Better support for multihomed servers in libkrb.
cleanup
cleanup
backwards compat
cleanup
x
uniform indent
Integrated jodas random stuff
First draft version of random stuff
2nd draft version of random stuff
x
Fix some random generator problems.
Changed krb_err_msg(int) to krb_get_err_text(int)
Include unistd.h for SEEK_END and friends.
New file signal.c needed on systems with broken signal function.
sys/ioctl.h must be included manually before kafs.h
Change $Header$ to $Id$
Removed enc_(read|write) from libdes
Fix typos and some minor edits
Minor changes for HP compiler, some cleanup
Changes for better DBM support
Removed unused variables, dead code, redundant casts etc.
New function des_generate_random_block(des_cblock *block)
Added iruserok()
One byte off when appending trailing 0.
I guess it should have read
Error messages where written to limbo.
Remove possible newline not the last character of the cellname.
Slightly more descriptive error messages
Use libbroken.a
Add signal and strdup to libbroken
New file with protos for libroken.a
Renamed libbroken libroken
x
Improved shared library support.
Fix make environment
Better support for shared libs.
Use includes
Don't us -fpic when building archive library
Add unsetenv to libroken.
Psoriasis updates
undef SKEY
Remove old 3.06 files
Fix some protos for libroken
Fixed a gazillion warnings.
Use inet_addr for portability reasons.
Libdes updated to 3.23
Update to libdes 3.23
New files from libdes-3.23
Use interval-timer stuff for random generation.
Fix compile conflicts for HP-UX
Changed $Source and $Header to $Id
Minor security fixes.
Document -L /bin/login switch.
Minor security fix.
Added const to hstrerror.
Update.
Minor security fix.
Also try /dev/rnd for random data.
Include arpa/inet.h to get proto of inet_ntoa.
Remove bogous declaration of inet_ntoa().
Fix constness stuff.
Move extern int h_errno; to protos.H
Use protos.h.
Total confusion of what the return values shall be from k_afslog_file
Build and install des program and manuals.
Better support for shadow passwords.
Better support for shadow passwords.
Removed definition of min macro
Add experimental UIDL support in popper.
Fix typo.
VERSION stuff
Minur changes for HP-UX 10.1.
Fixed empty initializers.
More consistent use of CRLF.
Removed redundant -I/../../include
Fix copyright.
Test the experimental UIDL hack by default.
Formatting for readability.
If there is no record in utmpx that can be reused grow the file.
Document -L /bin/login switch.
Include signal.h before trying
Even when there are utmpx files on this system we should also log to
Use HAVE_UTMPX_H to check if the system does or does not use utmpx files.
Handle UTMPX_DOES_UTMP_LOGGING.
Only install lib on those systems that build it.
adat.realm --> adat.prealm
Made things compile again
Libroken dosen't need a shared lib target but in any case it should
Changed so it won't barf when building.
Fix sysntax error.
Remove unused variable afsdb
Fix warnings, remove unused variables.
Fix some warnings.
Fix warnings
Make things compile.
Removed typo.
Change the "LOGOUT" password to be managable through X-resources. The
Made things compile under SunOS4 again.
Fix mode bits
Compile under HP-UX 10.
Include roken.h to verify proto of set_progname().
Separate syscall functionality and
Move all the string constants into the same translation unit so they can be shared.
Made things compile with socks5-v1.0r1.
Avoid redundant multiple recursion in install targets
Accept strings in standard Internet notation (except the broadcast
Fix for socks5
MD5 support in crypt(3).
Remove libeditliline.* in uninstall target
According to hearsay the token lifetime should be even if we don't
New resource destroyTickets with corresponding option -nodestroytickets.
From libdes-4.01
From libdes 4.01
From libdes 4.01
Updated to libdes 4.01
From libdes 4.01
Updated to libdes 4.01
x
Removed superfluous copyright.
Reorder objects
This is not a leaf directory and nothing is "maked" so install should
Exported krb5_data_zero and krb5_data_free
Encrypted passwords are really long under FreeBSD.
Move call of md5_crypt from des_fcrypt to (des_)crypt where it belongs.
Fix documentation bug
Fix realloc problem
Add DNS debug support
Could no longer figure out that
Clear text passwords was nuked by somebody, now reimplemented.
stncmp --> strncmp
Remove unused modules
Fix makefile for parallel make.
Broken #ifdef, was HAVE_GETUID
Fix fatal Psoriasis compilation problem.
x
Add RCSID etc.
Build under Psoriasis 2.6
Change
x
Reinstall SysV signal handler.
Be carefull to preserve
Fix broken definition of __P.
roken_gethostby.o was not listed.
Make telnet compile on HP:s and Sun:s.
Fix buffer overrun and non terminated string problem.
Make it work under SysV again.
Simplifications and use standard functions.
Cleanup library references to libroken.
Always build archive library!
Fix off by one error.
Integrate Assars multi-realm patch.
Constness fixes.
Make compatible interpretation of $USER.
Although Cray's may want to have their #:s double quoted other machines don't.
Change code to make a clear distinction
d_namlen is not portable
Liberated from roken setenv
SVR4 don't have major and minor but a new interface.
Trim trailing whitespace from cellname.
getspuid() does not exist (even though it should), use getspnam().
x
SunOS 5.6 requires that pam modules are linked with -lpam.
x
y
Saamples for SunOS 5.6 and Red Hat 6.1.
Change define of TKT_ROOT to a funcall.
Also invoke session management hooks.
Use pam_putenv to export KRBTKFILE.
SunOS 5.6 make requires that source files are listed somewhere, e.g in
Restructured and also seems to work!
Target install depends on target all.
Linux fixes.
Missing CFLAGS.
Update to krb4-1.0.1
Not all systems implement setuid(2) the way you expect.
Missing strupr.
Missing newline in printf.
Loadable modules (but not libraries) require symbolic linking to avoid
More tests to avoid Linux security holes.
Build pam module from _pic libraries.
Build archive library with position independent code when --enable-shared.
Minor improvements of debug output.
Filter out some more environment variables.
Björn Sandell (7):
make it compile on OpenBSD again
x
mdoc fixes
A few words on digests
Clarify
Export DES_set_key_unchecked
x
Heimdal SVN import (1):
New repository initialized by cvs2svn.
Jacques A. Vidrine (61):
autoconf magic for compile_et/libcom_err
= Create a cache for delegated credentials when needed.
On systems with IP_PORTRANGE, have ftpd use `high-numbered'
Follow Assar's suggestion and be careful to not use
Only use the installed com_err if we can find a compile_et with the
x
We can't count on compile_et producing an error if it encounters
Fix a typo that was introduced earlier.
Call `pidfile'.
x
We can't share the krb5_data structure with multiple prompts. This
If we're going to call va_start again, we should call
Staticize `kadm5_config_params conf' passed to
x
Correct a heap buffer overrun.
Fix a bug where kstash crashes if there is no krb5.conf
Don't use getlogin() to determine whether we are root.
= gss_acquire_cred should handle a NULL desired_name
x
Attempt to handle GSS_C_INITIATE/GSS_C_ACCEPT/GSS_C_BOTH.
x
In gss_verify_mic and gss_unwrap, initialize the qop_state parameter
x
Do not attempt to free uninitialized pointer when
x
Bug fix: the default credentials cache was not being used if a client
x
Compare name types by value if pointers do
x
If krbhst fails to find an entry for `kpasswd_server', it will
x
RFC 2743 says (regarding gss_acquire_cred),
Rename the `srv_lookup' option to `dns_lookup_kdc'.
= Add a knob `dns_lookup_realm' to control global use of dns-locate for
x
Do not build pam_krb4 on FreeBSD. FreeBSD ships with a pam_kerberosIV
x
krb4_get_tickets goes in appdefaults (for kinit), not libdefaults
x
Add dns_lookup_kdc, dns_lookup_realm, dns_lookup_realm_labels
x
Document dns_lookup_srv, dns_lookup_realm, and the special token
x
Verify the combined lengths of the KRB_AP_REP and KRB_PRIV in the set
x
Check for truncated integers: the encoded length may be greater than
x
Validate some counts that may be received from the network:
x
We need <limits.h> now for UINT_MAX.
Use O_EXCL when creating a new keyfile.
While decoding arguments for kadm_chpass_with_key, sanity check the
Credit Sebastian for this potential problem.
Use strcspn to convert the newline to NUL in fgets results.
We need to define OPENSSL_DES_LIBDES_COMPATIBILITY in order to use
We need "crypto-headers.h" to get a prototype for des_read_pw_string.
x
[Dug this out of an email I sent November 2002.]
x
verify_mic_des3: If MIC verification fails, retry using the `old' MIC
x
Johan Danielsson (4678):
Use krb_get_default_principal
Cleaned up user verification code. Now uses new function
Fix auth name bug.
Removed function k_strerror, strerror is replaced in libroken.
Use roken.h
Global hostname and domainname
Allow default data protection level through a "prot level" in
Better prompting.
Fix stupid cast.
Include <roken.h>
Fix typo
Use MaxPathLen and MaxHostNameLen
Quick patch for systems that doesn't have setitimer (like UNICOS).
Fixed prototype conflict.
Use MaxHostNameLen and MaxPathLen
Removed unused MAXPATHLEN definition.
Fix for UNICOS.
Fixed assumptions about integer sizes.
Don't print warning about bad passwords.
Handle different sizes of returned checksum.
Fix bare newline bug.
Handle premature end of input.
Fix conflicts.
Simplified SYST response.
Test for mmap.
Somewhat changed the way utmpx entries are created. It should now work
Turn on verbose encryption when -x is given.
Read correct length.
Somewhat changed the way utmpx entries are created. It should now work
Fixed bug with systems lacking logwtmp.
Fix bug in port command. Cleaned up sendrequest.
Remove tty-prefix from ut_id; this field is usually very short.
Fix screensaver semantics.
Include unistd.h, which helps on some systems.
Remove snprintf.
Not used
Changed snprintf to sprintf.
Return four-byte checksum.
Make sure data is unsigned.
Prototype for ultrix.
Don't just send data in plain when doing NLST.
#include <string.h>
Removed configure from subdirectories.
What was this?
Add option to exclude afs support.
Include definition of S_ISLNK() for systems that lack.
Less bogus domain name handling.
Remove use of getpass().
Add generic kafs stuff.
Fix aix/afs brokenness.
Fix prototypes.
Fix for IRIX 4
Change HAVE_UTMPX_H to HAVE_UTMPX
Fix for systems that lack `ls -a'
Removed references to NetBSD
x
AFSLIBPATH can be set to point to afslib.so
Change HAVE_UTMPX_H to HAVE_UTMPX.
Removed unused envp from main()
getptyslave returns void
Fix return from some functions
Add third way to get AFS syscallno.
*** empty log message ***
Cray has a prototype for hstrerror but not the actual function.
x
Add support for a ~/.TheseCells.
Check for h_errlist prototype.
Add a cast.
Replace innetgr
Add a cast
Conditionalise st_blksize
Add ifdef for ut_host
Check for TCSETS*
Fix for Irix 4
Remove __P
New manuals.
Now should return correct value.
Fix for IRIX 4 compiler bug
Yet another fix.
x
Change name verify_unix_user -> unix_verify_user in analogy with
x
Use {krb,unix}_verify_user.
klogin is now unused
Not used
Add k_afs_cell_of_file.
-D option to not mangle display.
Cleanup.
x
foo
* -> krb_net_*
Hack for systems that lack setitimer (like crays).
Cleanup when remote side exits.
Don't close remote socket.
Save display socket.
x
Reap children
x
Set socket buffer size.
Create rxte{lnet,rm} at compile time.
x
Change -lXau to @LIB_XauReadAuth@
Include XauWriteAuth when necessary.
From X11R6.1
x
Add flag for stderr to popen.
Add special handling of nonexistant files with extensions
x
Add FIND site command.
strlen + strncpy - strcpy
Fix buffer length checking.
Add no_glob flag.
+strnlen
Execute files from ~ftp if possible.
Get locatedb from ~ftp.
+ftp_rooted
Fix verbosity bug.
Removed some commands from anonymous users.
Umask 777 for anonymous.
Remove built programs.
merged in code from d93-jka for WIN32
+= main
Ugh
*** empty log message ***
Less printouts
xxx
*** empty log message ***
Remove some warnings
Include <stdlib.h>
Add some prototypes
Removed some warnings
Changed name of output file to asn1.[ch]
Use automake
Reorganized file tree.
x
xx
*** empty log message ***
Change version number.
Spelling.
Fix copyright
Fix copyright
Add SIA kerberos module
x
Add su support.
Add su support.
*** empty log message ***
Fix typo.
Add generalized resolver routines.
Use dns_lookup
+pam
Quick pam hack.
Terminate list
Use krb_unparse_name()
Use krb_unparse_name()
Fix typo
Don't remove CVS
Really remove bad stuff from environment.
Only get tokens for each cell once.
Add explanations for new features. Updated section on anonymous ftp
Add generic *dbm header file.
Include <xdbm.h>.
Fix type mismatch.
Protoize
Protoize
Use <otp_locl.h> rather than <otp.h>.
Use krb_unparse_name_long
Use krb_principal
Ifdef TIOCPKT
Bugfix
Change version.
Orthogonalize arguments to -a
Change default auth level to what was formerly known as `user'.
Update
Include <protos.h>
Use ld rather than cc
Remove default Makefile
x
x
x
New library
Use readline compatible i/o.
Chown to correct GID.
Add library for getpwnam_r and libc when linking.
Now compiles under Digital UNIX 4.0.
Add pointer to Derrick J Brashear's PAM module.
Define dns_free_data even if res_search isn't available
Cast to Cardinal*
Fix abort bug.
Add some basic readline support.
Change output format.
test
Get afs-tokens when logging in with password.
Fix some warnings.
x
Fixes for broken DCE and MIT code.
Lots of random changes.
Zap!
Sending kvno makes secd happy.
Removed unsed code. Changed semantics for out_creds (to better match
Change int16 to int to be compatible with asn1.
x
Get correct address type from cache.
x
Add et_list to krb5_context.
Add primitive error library.
*** empty log message ***
Add error sub-directory.
x
Possible fix for lost characters.
Add *_err.h
Make krb5_data compatible with krb5.h
Add better error checking some useful return values.
Zero out TGS_REQ.
Zero out AS_REQ.
Fix some warnings.
Include some *_err.h
Get client from cache.
Fix krb5_auth_context.
From MIT.
Don't include krb5.h. Fix some warnings.
Moved to krb5.h
Guess principal.
x
Add asn1.
x
x
Include sys/ioctl.h for winsize.
Add linker magic fix for broken, conflicting kerberos code in xdm.
Add instructions for xdm.
Fix a bug with ticket filename. Add afs support.
Some changes.
Include ticket forwarding stuff.
From Jörgen Wahlsten: Zero out resource record, and send correct
It is nice if the usage string matches the rest of the code.
Better return values on error.
Renamed from aclocal.m4 for newer autoheader
Make krb5_{ret,store}_* functions able to write data to more than file
Protypes for new storage functions.
Moved some asn1-stuff here.
Use new storage functions.
Moved some functions to asn1_glue.c.
Add asn1_glue.c and error/*.c to libkrb5.
x
Fix typo.
Fix typo.
The beginnings of a kdc.
Add kdc/Makefile
Add kdc.
x
Include kuser_locl.h
*** empty log message ***
Use kuser_locl.h
Add PROTOTYPES
Initialize error table.
Remove realm parameter from krb5_get_salt.
Try strerror if error code wasn't found.
x
Add a declaration of struct error_list to header files, and multiple
Moved krb5_get_salt to str2key.c.
Moved krb5_get_salt from get_in_tkt.c.
Include <des.h> and <krb5_err.h>.
Calculate checksum of in_data.
Use krb5_mk_req rather than inlined code.
Add function krb5_rd_req_with_keyblock that takes a precomputed
Include <asn1_err.h>. Add prototype for krb5_rd_req_with_keyblock.
x
Some kind of non-working TGS support.
x
Print error string rather than number.
TGS -> AS
Return whole asn.1 ticket in krb5_ticket->tkt.
Add EncTicketPart to krb5_ticket.
x
Make keyblock const.
Make krb5_decrypt keyblock const.
Split of store.c
New resizable memory storage.
Split into smaller files.
Protos for new functions.
Add some comments.
Add free entry to krb5_storage.
Add new files.
x
Fix some bugs.
Specific free functions.
Generate free functions.
Add der_free.c
Remove some blanks.
Rewritten AS, and somewhat more working TGS support.
x
HDB error messages.
Add hdb_err.
New database routine library.
Add hdb.
Add hdb_err.h and hdb.h
Check for db.h and ndbm.h.
Changes reflecting new hdb library.
Use libhdb.
Fix type conflict.
Trivial database editing program.
Database dump program.
Remove kdc.h
Not used anymore.
Add ank.
x
Fix c&p-error.
Ditto.
Add MIN macro.
Zero out salt.
Use temporary variable with scanf.
Return NOENTRY if fetch fails. Don't free datums. Don't add .db to
x
Generate one file for each type.
Dependencies for libasn1 are not known before asn1_compile is run.
x
CRCs are 32 bits.
x
x
Add error/hdb_err.c
Add blocking of __BIT_TYPES_DEFINED__.
Properly free hostlist.
Fix some memory leaks.
x
New file.
Specific copy functions.
Split of gen.c
Remove unused functions.
Fix include files.
Fix include files. Add fix_dce().
Move fix_dce to der_get (where is belongs).
fix_dce moved from der_put.c
Moved a lot of code to gen_{encode,decode,free,length,copy}.c.
Fix include file mess.
Try to not always rebuild generated files.
Use new copying functions, and free some data.
x
Add rcs-id.
BSD Libedit compatible readline.
Get objects from configure.
Some fixes for editline.
Add prototypes for readline and add_history.
Fix hash mark printing.
Check return value from krb_net_write.
Change size of subbuffer to 2k.
Some cleanup.
Make sure library extension is a.
Add libdir.
Make sure library extension is a.
Add libdir.
Moved to admin.
Moved kdb-stuff to admin.
Restructure err and warn functions.
Add __progname definition.
Make __progname const.
Add optional declaration for __progname.
NEED*DECLARATION -> HAVE*DECLARATION
New function set_progname.
Prototype for set_progname.
Check for NULL argv0.
Fix typo.
Use set_progname.
Use stdout rather than stderr. Add newlines to many strings.
Rename suspend to telnetsuspend, since Unicos has one of its own.
Update copyright strings.
Add h_errno for systems that doesn't have one.
Fix some bugs and typos.
Fix passive mode.
Fix compatibility with mit deslib.
Change tests to reflect new des_quad_cksum.
Now working again (perhaps).
Clean up code.
Add tiny popper debug program.
+pop_debug
Add XOVER support.
Add support for xover. Fix 'From ' line parsing bug.
Fix 'From ' line parsing bug.
Add support for xover.
Incorporate /etc/ftpusers changes from NetBSD. Handle oob-stuff better.
*** empty log message ***
*** empty log message ***
Include <sys/select.h>
change "login" -> "authenticaion"
Local includes.
Use kafs_locl.h
Clean up the ifdef swamp.
Fix possible ANSI violation.
Last minute fix for Crays.
Make sure to create an ut_id.
Use unsigned rather than int.
Better prompting with su.
Merge code for for normal and su authentication.
Link with roken.
Some more cleanup.
More prototypes.
Cleanup.
Fix entries for ses_release and chk_user.
Fix some quirks. Might almost work with C2 now.
Clarify some statements. Add guide to C2.
*** empty log message ***
Use HAVE_UTMPX_H rather than HAVE_UTMPX.
bsdsetjmp.h
Remove cray compiler bug hack.
Changed checkaccess to make no file mean `allow'. Added shell matching
+set_buffer_size
Moved from ftp/ftpd
Moved set_buffer_size to common.
Make more in-line with the code.
KAFS documentation.
-B, -k, and -l are now ignored.
Remove -s and -I
Remove bftp.
Remove bogus description of -debug and fix synopsis, remove -edebug.
Fix final bug with encdata.c
Fix rpath
Include sockbuf.c
Use inet_aton.
UTMPX_DOES_UTMP_LOGGING -> HAVE_UTMPX_H
+pty.h
HAVE_UTMPX -> HAVE_UTMPX_H. Fix for OSF1. Some cleanup.
Add some const.
SIA module for Kerberos 5.
x
First stab at a verify user.
matrix.conf for krb5
matrix.conf for krb5+c2
x
+verify_user
You actually want linemode in the client.
+mkstemp
mkstemp
Some cleanup.
+mkstemp
Use mkstemp.
Cray rmut(3) needs ut_id.
Zero local address.
Remove XTND, and XTND XMIT. Rename XTND XOVER to XOVER.
Add contexts to many functions.
Fix SIGURG bug.
Fill in keytype and length.
x
Merge to one program.
Merge fetch and store.
Add some fields to hdb_entry.
Remove unused err.
x
foo
Merged with kdb_edit.
Merge extkeytab with kdb_edit.
x
Better follow 1510 (and some other changes).
Improve formatting.
Zero keyblock.
Reorder.
Allow more than one cache type.
Move file cache from cache.c.
x
Now generated.
Conditional compile.
Use AM_INIT_AUTOMAKE. Test for timegm.
Generate code to test for types.
Include gen_maybe.c
Generate a more readable header file.
Moved most of this to kerberos5.c
Fix comment.
Split into more files. Add support for TCP.
Make a KRB-ERROR message.
+mk_error.c
+krb5_mk_error
Remove der.h. Add some prototypes.
Moved stuff from asn1_locl.h that doesn't have anything to do with
Remove unused variable.
Remove some gcc-warnings.
Fix some dependencies.
krb5_data -> octet_string, char * -> general_string
x
Include asn1.h; krb5_data is now an octet_string.
x
Remove principal_p.c
Obsolete
Remove krb5_principal_{alloc,free}
Move stuff from principal_p.c.
Remove memmove macro.
Constness.
x
Use foreign strictness. Add some clean rules.
Use krb5_realm.
Add clean files.
Rename contents to keyvalue. Use des_new_random_key until
Rename contents to keyvalue.
Rename contents to keyvalue. Prepare for use of asn1-type for keys and
Replace contents with keyvalue. Prepare for use of asn1-types.
x
Use foreign strictness.
Fix typos.
Use krb5_realm.
Add a Principal type for use in libkrb5.
Rename contents to keyvalue.
Replace contents with keyvalue.
asn1-types
Rename contents to keyvalue.
gss_name_t is now void* (since it's impossible to declare it as a
+asn1_Principal
Use asn1-types for krb5_address and krb5_keyblock.
Use asn1-types for krb5_address.
Use asn1-type for krb5_address.
Now all decode_* and encode_* functions now take a final size_t*
Update to use new decode/encode syntax.
Be compatible with the asn1 principal format.
Return size in correct manner.
x
foo
+USE_ASN1_PRINCIPAL
Add etype to krb5_decrypt.
Add more checksum and encryption types.
Implement des-cbc-crc, and des-cbc-md5 in separate function.
x
Include <md5.h>
Add des-cbc-md5 to switch.
Add etype to krb5_encrypt.
Implement des-cbc-crc, and des-cbc-md5 in separate function.
x
Implement as a vector of function pointers.
Add <md4.h> and <sha.h>.
x
Make krb5_decrypt use the same struct as krb5_encrypt.
Moved to encrypt.c.
Fix prototype for krb5_encrypt.
Add some const.
Remove decrypt.c
automake options
Move checksum functions here. Add krb5_cksumsize function.
Use functions from checksum.c.
Add KEYTYPE_NULL. Add prototypes for krb5_encrypt_EncryptedData,
Keyblock generation functions.
+keyblock.c
x
Use more general etype functions.
Check authenticator. Even more generalized keytype functionality.
x
Remove checksum prototypes.
Add hdb_etype2key.
Prototype for hdb_etype2key.
KEYTYPE_NONE -> KEYTYPE_NULL
x
Update to reality.
Temporary hack to avoid des_rand_data.
x
Move definitions of error_table and error_list from krb5.h.
Don't use krb5_locl.h
Fix include path.
Remove error_table and error_list.
Remove error_list.
Remove use of error_list.
Avoid using static variables.
Check arguments.
CLEAN_FILES -> CLEANFILES
Accept "et" as well as "error_table". Typedef foo_error_number.
SUBDIRS += error
SUBDIRS -= error
Replace krb5_get_err_text with new function com_right.
Prototype for com_right.
Update *_err.h, add error.h
Move krb5_get_err_text, and krb5_init_ets here.
Moved to lib/error
x
Use foreign
krb5/error -> error
Must use signed char.
Remove usage of sub, gsub, and functions for compatibility with awk.
x
Add krb5_524_conv_principal.
Prototype for krb5_524_conv_principal.
Better return values from 524_conv, also zero terminate string.
Update TicketFlags, and KDCOptions to draft-ietf-cat-kerberos-r.00.txt
Use union of krb5_flags and TicketFlags to pass options to get_in_tkt.
KDCOptions was what I meant.
Use union of krb5_flags and KDCOptions to pass options.
Add ticket_flags to krb5_creds.
Save addresses and flags.
Save ticket flags.
x
Add verbose flag, and split main into smaller pieces.
x
Add <sys/socket.h>, <netinet/in.h>, and <arpa/inet.h>
Add {store,ret}_stringz (zero terminated string).
Add krb5_kdc_flags.
Fix ip4 address extraction.
x
Fix typo.
Fix for systems that has sa_len, but returns zero length from
x
Restore ticket flags.
Pass flags in request.
Check authenticator checksum type.
+foreign
Reset name_type before db lookup.
Allow `random' as special password.
Free a lot of fields.
Free allocated data.
Remove most of the most common memory leaks.
Check filedescriptor in select.
x
Use NEED_STRTOK_R_PROTO.
Rename flags union.
Don't free, don't malloc (by a paraphrased Yoshigasaki-sensei).
Free some memory. Close DB.
Rename flags union.
Correct length.
Initial documentation.
Split rd_req in two functions.
Add a max_skew to context.
Initialize max_skew.
x
Add typedef for AP_REQ.
Remove <asn1_locl.h>, add <stdlib.h>.
Remove -Wredundant-decls from WFLAGS.
x
Add const.
Print normal error code if no e_text is available.
Prototype for mk_error.
Add more fields.
Rename AP_REQ to krb5_ap_req.
Set flag in signal handler.
Pass address of request to as_rep and tgs_rep. Send KRB-ERROR.
Make db_fetch take a krb5_principal.
Update prototypes.
Split tgs_rep in smaller functions. Add better error handing. Do some
Add some simple logging facilities.
+log.c
x
Zero creds.
Remove non ASN.1 principal code.
x
Fix for non GNU-Make.
Some fixes for non GNU-Make.
Fix libasn1_a_OBJECTS target.
AUTOMAKE_OPTIONS
Try to get realm of local host if no default realm is available.
Check for NULL return from gethostent.
Don't print error string on success.
x
Version number 0.0a.
Remove generate_maybe().
Not used.
More fixes for non GNU Make.
Check for NULL in free_principal.
x
Add ticket.c
Add free_ticket.
Free remote subkey.
x
Free context.
Free ticket and ap_req in tgs_rep2.
x
Add prefix and version.h
Add copyright for UC, and MIT.
Add copyright notice.
*** empty log message ***
Removed
x
x
Add -p flags to disable pa-enc-timestamp test.
Declaration of require_enc_timestamp.
Conditionalize pa-enc-timestamp.
x
parse.c depends on parse.h (for parallel makes)
Don't overwrite flags.
Return error if no realm was found.
Print start time of ticket if available.
x
Add kdc_timeout to context.
Initialize kdc_timeout.
Get timeout from context.
Make an auth_context if none passed in.
Pass starttime and renew_till in request (a bit kludgy).
Move most of contents of get_creds to new function get_kdc_cred, that
Add krb5_free_kdc_rep
+free.c
Add `-r' flag.
Rewritten flags parsing, it now might work to get forwarded and
Add rcsid.
Crude ticket renewing program.
+krenew
x
New option parsing code.
+getarg.c
+getarg.h
Use new getarg.
Change ALLOC macro, remove FREE macro.
Changed ALLOC macro.
Use ALLOC.
Change EncTGSRepPart to EncKDCRepPart
Verify nonce in reply.
Check result of malloc.
copy_* functions now returns an int (0 or ENOMEM).
x
Null salt means use v4 string-to-key.
Undo.
Use getarg.
x
Ask for password before calling get_in_tkt. This makes it possible to
Add `version 4 salted key' flag.
The start of a collection of padata-functions.
+padata.c
XOR with some sane value.
Proto for krb5_find_padata.
Pass both version5 and version4 salted pa-data. DTRT if there is any
Try all valid pa-datas in as_rep before giving up. Send back an empty
Update to match current db-format.
Update with more pa-data types from draft-ietf-cat-kerberos-revisions-00.txt
x
argv[2] is basename of the headerfile
Update prototype for init_generate.
Recognize EXTERNAL
Handle external declarations.
Block definitions of octet_string and general_string.
Improve formatting of headerfile.
x
Rename basename to avoid conflict with basename(3).
Avoid using non-standard struct names.
x
Automake mania.
Add accidentally removed if.
Ask for password before call to get_in_tkt.
x
version 0.0b
Version 0.0b
Getdate from fileutils-3.15
Cast to char*
Pass addresses to extract_ticket.
extract_ticket
Pass address of krbtgt to extract_ticket.
x
Database definitions.
Library definitions for ASN.1 part of libhdb.
Get hdb_entry from ASN.1 generated code.
Use generated encode and decode functions.
Include <hdb_asn1.h>, updated prototypes.
Allocate principal.
Add stuff for ASN.1 generation.
+hdb_asn1.h
x
Use ALLOC.
Update to use new db format. Better checking of flags and such. More
Mostly updated for new db-format.
Quick hack for new db-format.
Update for new db-format.
Some random functions.
Get relative time via get_date.
Some prototypes.
Not updated for now db-format yet.
Add getdate.y gettime.c and util.c
x
Include salt in dump.
x
New db-format.
Fix some bugs.
Zero key.
Add comment about current dump format.
Handle empty files.
Check for working vsnprintf.
Rename require_enc_timestamp to require_preauth
Configuration stuff.
+config.c
Call configure()
logfile and loglevel moved to config.c
Don't free principal.
Handle `-f arg' correctly.
x
Check for umask
x
strsep
Add prototype for strsep.
constify delim
Use strsep
Prototypes for keyfile and unseal_key.
New functions set_master_key, unseal_key and free_key.
Initialize master key.
Unseal keys from database before use.
key-file
+getarg.h
kstash
+kstash
x
Don't include empty v4 instances.
Zero string.
Add some prototypes.
Add keytype->key and next key functions.
Quick patch to make 425_conv work somewhat.
Add functions that return the logged string.
Add Kerberos 4 realm.
Add Kerberos 4 processing.
Add some prototypes.
Add version 4 protocol handler. The requrement for this to work is
x
Manual page.
rd_error
Fix typo.
Use parse_time
Use krb5_rd_error.
Some logging functions.
x
Add vlog function.
Some prototypes.
x
Use req_time for time_ws.
Add krb4-stuff.
Add statement after `out' label.
Version string.
Put ifdefs around some facilities.
Add *vlog* and *_msg forms.
Add prototypes.
Add section about logging.
Remove logfile stuff.
Pass context to kdc_log.
Use krb5_log* functions.
Update prototypes.
Update for new logging.
Add lock functions.
Add lock and unlock functions.
Add database locking.
Add prototype.
Update for new error names.
Remove unused error messages.
x
Add locking framework.
Remove debug printf.
Bumb version.
release-making script
Remove make-release* also.
Make context global.
x
Include log-level.
Update prototypes.
Pass level to krb5_log
Don't free data in krb5_data_alloc.
Make parsing of levels work.
Default to `SYSLOG' when there is no `default' in krb5.conf.
x
Improve parsing of field widths, and more.
Manual page.
Moved logging stuff to krb5_openlog(3).
x
Declare version strings.
Add --cache option.
+getarg.h
Implement krb5_get_init_creds_keytab.
x
Prototype for krb5_get_init_creds_keytab.
Heimdal specific error messages.
+heim_err
+heim_err.h
Add prototypes for new log-functions.
Allow better control of destinations of logging (like passing explicit
x
Add documentation for initlog and addlog.
Make time optional when logging to file, set to false for STDERR.
Generic warn functions.
Add prototypes for warn functions.
krb5_vwarn*
protos for vwarn*
Generalize and add *err* functions.
Manual page.
Include protos for krb5_err functions.
Set err log_level to 0.
Update.
Some silly formatting.
+warn.c
Fix protos for *err*
Don't free memory in data_copy.
Random fixes.
Remove the log_time cruft.
Add krb5_make_principal.
Prototype for krb5_make_principal.
hdb_foreach.
hdb_foreach prototype
Use hdb_foreach.
Add keytab argument.
Add strings option.
Move seal/unseal functions here from various places.
seal protos
use hdb_unseal_key
free_key -> hdb_free_key
Remove loglevel.
Remove log_level, add max_request
implement max_request
Remove log-level
x
propagation stuff
Database propagation client.
Database propagation server.
Add hprop and hpropd.
x
Add name and rename to the HDB struct.
+DB_rename
(broken) NDBM_rename
Common hprop-functions.
protos
Clean-up.
Clean-up. Support v4-databases.
Fix hprop*
Remove duplicate cbc_cksum
Some cleanup.
Fix conv_db()
Include inttypes.h, sys/bitypes.h, and netinet/in6_machtypes.h in bits.h
Make sure sys/ioctl.h isn't included on sunos
Remove krb5_principal_set_component
x
fixes for sunos brokenness
now made from info
Include libotp.
Fix some krb4 stuff.
check return value
zero creds
Update prototypes.
New krb5_425_conv_principal.
Fix a few typos.
x
Use stddef.h to get NULL
Some updates.
Fix some uninitialized memory accesses.
More fixes.
Make get_credentials handle cross-realm.
x
krb5_cc_retrieve_cred_any_realm
krb5_principal_compare_any_realm
krb5_get_kdc_cred uses get_kdc_cred
Free creds.
changepw
Include version string.
Conditional for krb4
Add conditional hprop LDADD
x
cast from void
Fix for AIX lex.
Fix for AIX xlc
sys/select.h
sys/select.h
Remove stupid declarations.
Zero out_creds
Just copy relevant parts of in_creds
typo
Zero tm
<config.h>
check return value from 425_conv_princ
Move fron configure.in
x
Include heim_err.o. Add some manpages.
Include `heim' error table.
srvtab-to-keytab conversion utility
include srv2keytab
Move kdb_edit to sbin
conditionalize check for unsalted key
get_bool
protos
typo
425_conv: make `v4_instance_resolve' a boolean
manual page
update for krb5_424_conv_principal
fix oly typo
remove old get_cred
char* -> krb5_realm
proto
Some manual pages.
Fix reallocation bug.
Fix seek bug.
Fix endtime in reply.
Return error code from tgs_check_authenticator
x
Free name in close.
x
Fix kdc_timeout.
x
Fix leap year for 2000.
Add version 4 ticket encoding and encryption functions.
A somewhat working 524-protocol module.
Call do_525.
Make kdc-req-body.till OPTIONAL
524.c
kdc-req-body->till is optional.
krb524_convert_kredc_kdc
convert_creds.c
Implementation of get_ad_tkt using krb524_convert_creds_kdc.
lib45-stuff
x
Fix for old clients passing 0 for `no endtime'.
x
Return sane values from resolve and start_seq_get.
keytab utility header file
keytab utility
Add ktutil.
x
set progname
sl_command
+sl_command
Fix format string for *x type.
x
Makefile for libkafs. Without AIX and krb4 support for the moment.
Add krb5.h, remove resolve.h
Comment out sys/cdefs and ktypes.h
AFS through krb5 exchange.
Kerberos 5 afslog.
conditional compile
x
+kafs.h
Set EXTRA_HEADERS (for include/Makefile)
Automaked
EXTRA_HEADERS -> EXTRA_HDRS
Don't include ifdefs in output.
Fix memory leak in v4 protocol handler.
x
No void* operations.
Check cached afs tickets for expiration.
x
Print version number of ticket, include more flags.
krb5_config_get_strings
Add kvno parameter to encrypt_EncryptedData.
kvno for encrypt_EncryptedData
krb5_425_conv_principal_ext with better control of resulting
prototypes
Add ok-as-delegate, and anonymous ticket flags.
Include kvno in ticket.
Check database when converting v4 principals.
Don't check ticket file for afs ticket.
x
Fix installation.
typo
some logging
kerberos 4/asn1 type conflict
If no cells or files specified, get tokens for all local cells. Better
x
Compare 20 bytes with SHA.
Fix for Crays
x
Fix for Cray again.
typo
Mask nonce to 32 bits.
Mask nonce to 32 bits. Fix some type conflicts.
Fix some type conflicts.
x
Remove ##.
Zero and just free ap-req once.
HDB_DB_DIR
kdc_openlog
Always call openlog.
use config_get_{bool,time}
Check for null cf.
init context before reading config file
Fix a lot of error messages.
make kfoo krenew and kverify noinst
foo
krb5_425_conv_principal_ext
V4 srvtab conversion.
Some includes, some protos
srvconvert
srvconvert.c
remove srv2keytab
moved to admin/ktutil
x
EXISTS
BADVERSION
Move initialisation from generated code.
protos
A lot of common code moved to error.c. Add support for id strings.
use id
fix table base calculation
moved from lib/error
Include hdb_err stuff.
Version number.
Initialize database with version number.
protos
Add _put.
x
Remove hdb_err.o
Remove hdb_err
moved to lib/hdb
fixes for build headers
Make all-local depend in inc_DATA
Remove hdb error table.
-hdb_err.h
settable database
protos
x
include .h in suffixes
Add http support.
x
base64
base64.c
x
replace warn* with krb5_warn*
fix for broken recvfrom
Add some sanity checks and some logging to http code.
Check for v4 reply.
x
Don't use sendto on connected sockets.
x
prototype generation
warnx -> krb5_warnx
Use `struct credentials' instead of `CREDENTIALS'.
Remove all prototypes.
krb5-protos.h
fix for broken osf/1 net/if.h
x
don't include config_file.h
fcc_ops -> krb5_fcc_ops
[fm]cc_ops -> krb5_[fm]cc_ops
mcc_ops -> krb5_mcc_ops
moved to krb5.h/krb5-protos.h
Remove a lot of headerfiles.
Remove prototypes.
Include <stdarg.h>
make change_password and get_init_creds_common static
remove cache.h, config_file.h, keytab.h, and store.h
x
mcc_ops -> krb5_mcc_ops
make static
tests for nroff
x
fix for nroff test
dependencies for krb5-protos.h
Add broken MD4 compatible checksum.
krb_mk_req
x
+mk_req.c
fix after krb5.h cleanup
With fewer `sz', things tend to work better.
Set filedecriptor to -1 on allocated decriptor entries.
Fix for smake
Some functions in common.
Add _del, and replace arg to store.
Moved some functions to common.c
protos
Add _del routine, use common fetch/store/delete.
add `replace' arg to db->store
Log about duplicate entries.
Pass `database' to hdb_open.
Add `database' option.
database
Add timeout to select, and log about expired tcp connections.
common.c
use libotp.a
x
Remove unused definitions.
Call krb5_warnx instead of fprintf. Now takes port in host byte order.
x
Allow NULL context.
protos for common setup
common setup
use common setup
common.c
Use getarg.
Use krb5_log
context to krb5_getportbyname.
Verify who tries to transmit a database. Context to
Change port to 754.
context to krb5_getportbyname
x
Include salt type in salt.
asn1_Salt
new salt format
common program initialisation
prog_setup.c
don't return ENOMEM if len == 0
x
common headers
move some variables
Use headers.h. Add v4 m-keyfile support.
use headers.h
forward declaration of getargs
remove unused empty vector
remove unused variables
x
call make-proto
Release 0.0g
fix for relative srcdir
remove usage
void
krb5_store_xdr_data static
add protos
Add flags for http support, and port specifications.
Allow dynamic port specification.
x
krb5_error_code
fix proto
Don't dump core if no `default' is found.
x
send_clear, recv_clear
NEVERDATE
Add support to dump database to stdout. Don't use same master key as
Add support to read dump from stdin.
x
Add some master key support functions.
protos
call setsockopt(SO_REUSEADDR)
new {seal,unseal}_keys functions
protos
use new master key functions
fix proto
Add `--decrypt' and `--encrypt' flags.
x
Update to recent options.
x
fix some typos
Fix loopback test.
x
remove ison
rename STRING -> krb5_config_string, and LIST -> krb5_config_list
Fix prototypes
Functions in common with krb/krb5
Use new common framework.
Update for new common framework.
+afskrb.c
x
x
inttypes.h
Update for new kafs-names.
bits.h -> krb5-types.h
Use get_init_creds/verify_init_creds.
x
Don't call cc_get_principal.
Use config_get_strings
tpyo
Check invalid flag.
x
something that might resemble domain-x500-compress
x
x
fix ap_req_nofail semantics
remove close, since it breaks dec's awk
x
typo
some formatting
krb5_key_to_string
Fix password handling.
use krb5_key_to_string
string termination
(_krb5_extract_ticket): add allow_server_mismatch flag to not check
Several fixes for cross-realm.
transited.c
fix: allow NULL server
Fixes for cross-realm, including (but not limited to):
x
DOMAIN-X500-COMPRESS
Don't replace transited field.
remove `THIS IS INFO'
a note about version 4/5
ac_path_xtra
Kerberos 5 patches
x
x
fix for assar :-)
Don't encrypt twice. Complain on non-convertable principals.
x
Fix for duplicate `-- user'.
remove unintended commit of issue-code
encrypt_delay
HAVE_UT_EXIT
Use krb5_generate_random_keyblock.
x
Add CKSUMTYPE_HMAC_SHA1_DES3, CKSUMTYPE_SHA1, and KEYTYPE_DES3.
Some cleanup, and added:
x
Add des3 string-to-key. Add ktype argument to krb5_string_to_key().
Pass keytype to krb5_string_to_key().
remove comments
Add des3-cbc-md5, and des3-cbc-sha1. Add many *_to_* functions.
Moved generate_random_keyblock to encrypt.c
Fix a lot of etype/keytype misuse.
x
etype2keytype -> etype_to_keytype
Add keytype support. Default to version 5 keys.
Somewhat fix the etype usage. The list sent by the client is used to
x
Pass keytype to string_to_key
x
use keytype_to_string
`deprecate' krb5_key_to_string
make DES3_string_to_key static
Moved to roken
removed base64
add base64
some exports
x
+base64.c
base64_*
fix gettimeofday.c dependency
+winsock.h
x
check for leading '/' in http request
x
use correct etype
x
Change etype for des3 to des3-cbc-sha1; fix prototype for
fix warnings
cleanup default_etypes
remove string_to_key
include <arpa/inet.h>, <parse_time.h>, and <base64.h>.
base64.h
x
check for unopenable file
cleanup fcc_get_next
x
Store keytype twice, as MIT does.
Fix for DCE secd.
Add {get,set}enctype.
Get the subkey from mk_req so it can be used to decrypt the reply from
x
Release 0.0j
Fixes for code merge
Some fixes after merge.
Update after merge
use k_getportbyname with krb4
+getarg
fixes for krb4
remove read_password.c
fix NULL e_text bug
update from krb4
fixes after merge
krb5_error_code -> int
common.c
Allow specification of server to ticket for.
print etype from ticket
x
Check version number of krbtgt.
x
Allow specifying table-base.
x
Beginning of a kadm5-library
Add time2rstr to get a more readable string.
Initialize context earlier.
Pretty.
Fix formating of SEQUENCES.
Add constant for indefinite encoding.
Special-case indefinite encoding.
(generate_units) Check for empty member-list.
x
(crc_init_table) Check if table is already inited.
Add KRB5_GC_CACHED, and KRB5_GC_USER_USER flags.
Move parts of krb5_verify_ap_req into a new function,
Some restructuring of krb5_get_credentials:
Fix user-to-user authentication.
x
Move stuff that's in common between as_rep and tgs_rep to separate
x
Log bad requests.
x
The return value to process_request should only be non-zero if there
x
Fix for automake 1.2c
(find_etype) Return correct index of selected etype.
x
Add kadm5_s_init_with_password_ctx. Use master key.
Include context.
Use _kadm5_set_keys().
Check for allocated context.
Increment kvno.
kadm5_init_with_password_ctx
update protos
+set_keys.c
Moved from create/chpass
x
Set correct n_key_data.
x
Print keytype.
x
Simple kadmin utility.
x
Illegal -> invalid, cannot -> can't, and some other cleanup.
Reduce number of reallocs in unparse_name.
x
Fix parsing of log destinations.
x
Correct kvno. Return values.
Initialize acl.
Return values.
Add copyright and rcs string.
Add acl values.
Add client stuff.
Add client files.
Simple acl system
Kadm5 marshalling
Kadmind support function.
Error code mapping.
Add client support.
Fix principal formatting.
Add rename.
Use application version.
Application version.
Update to use remote protocol.
Crude admin server.
kadmind
x
kadm5
kadmin
Remove generated destroy_*_error_table prototype
+kafs
+afsutil
Add extra parameter to recvrequest, specifying if local filenames
Add extra arguments to recvrequest.
update proto
Don't retrieve files that start with `..' or `/' without asking.
(remglob) Use while-loop.
Move confirmation of suspicious filenames from remglob to mget.
Add note about mget and funny filenames.
don't split permissions on whitespace
Add optional default entry to get some values from.
update proto
Get some default values from `default' principal.
Add argument to setup_entry.
x
All files containing ../ should be considerd suspicious.
Add kadm*/Makefile
Add conditional for AIX
Compile afslib.so on AIX
add KADM5_ACL_ALL
don't free local data
constify
less leaks
Check return value from krb5_net_read()
deprecate HDB_ERR_INUSE
x
Add kadm5 subdir
Exit if no sockets could be bound.
Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with specification.
Add _kadm5_{string,privs}_to_{privs,string}
x
add kadm_get_privs
Client implementation of kadm5_get_privs.
Server implementation of kadm5_get_privs.
+privs*.c
Common glue functions
Use common_glue.c
+get_privs
x
constify store_string
test for fnmatch
+fnmatch.h
fnmatch from NetBSD
x
prototypes
Add kadm5_get_principals
remove HDB_ERR_INUSE
kadm5_free_name_list
kadm_get_princs
Client implementation of kadm5_get_principals.
Server implementation of kadm5_get_principals.
get_princs_*.c
protos for list_princs
function to list principals
Interface to kadm5_get_principals
+list.c
x
x
(create_and_write_cookie) Create temp file with mkstemp.
Move tmp-file creation to create_and_write_cookie.
update proto
Move X-includes to CPPFLAGS
proto for getusershell, if there isn't any
Fix for NetBSD 1.3 changes.
x
cplusplus -> __cplusplus
fix prototype for cc_register
Implement free_data and copy_data.
Make options parameter MIT-compatible.
some const
fix const-warning
implement copy_ticket
x
Add KDC_OPT_* flags.
x
Implement compare_creds.
Add flags for compare_creds.
Use krb5_compare_creds.
Implement krb5_get_cred_from_kdc.
x
x
dependencies
Make authcontext->keyblock a pointer.
Use auth_context->keyblock if ap_options.use_session_key.
Rename krb5_free_keyblock to krb5_free_keyblock_contents, and
fix typo
Make authcontext->keyblock a pointer.
Make authcontext->keyblock a pointer.
Rename krb5_free_keyblock to krb5_free_keyblock_contents.
x
Use krb5_auth_con_getkey.
Implement auth_con_setuserkey.
x
Don't write user-to-user tickets to the cache.
Check for NULL keyblock.
Remove krb5_rd_req_with_keytab.
User-to-user client.
User-to-user server.
Add uu_client, and uu_server.
Zero port.
Change the list of separating characters (between units) to comma,
x
Close socket.
Move stuff to util.c
Implement setting some more values.
Some random functions.
+util.c
get_privileges -> privileges
Use function pointer trampoline for easier dual use (without radiation-hardening capability).
x
Use KADM5_PRIV_ALL.
Add `-l' flag to use local database.
x
Modify entry.
+mod_entry
+modify
+mod.c
Fix warning.
Fix warnings by moving exit from warnerr to verr, verrx.
x
ret -> retdata
perl!
remove unused label
remove unused variable
Fall back to hostname's addresses if other methods fail.
x
Remove unused stuff.
Remove unused variable.
Check for hstrerror proto.
NEED_HSTRERROR_PROTO
hstrerror proto
Remove unused variable.
Remove unused variable.
Fix some warnings.
Remove unused variables.
Remove unused variable.
Prototype for timegm().
Remove unused variable.
+no-texinfo.tex
Add variable used with KRB4.
cleanup formatting
Fill in some encryption types.
Output contents of /etc/issue.
x
Allow passing NULL size.
x
Get password expiration time from config file.
x
Private functions.
+private.h
_kadm5_s_get_db()
KEYTYPE_DES3
Free keys.
Add local `init', `load', `dump', and `merge' commands.
protos
Some cleanup.
Incorporate into kadmin.
Change to use kadm5 api.
load.c dump.c init.c
x
Replay cache.
rcache types
initialise optind
Use krb5_err*().
x
Remove fix for broken realloc.
x
Use principal from ticket if no server is given.
x
x
x
x
x
Destroy tickets after verification.
x
Remove auth-state on lost peer.
rfc2228
Set protection level to zero after reset.
New login program.
utmp and some environment stuff
+cc_copy_cache
Change binary mode to do just that, and add a eight-bit mode for just
x
x
Make it build w/o krb4.
More guessing.
x
x
Add mandoc help back-end to getarg.
x
Send version 5 TCP-reply as length+data.
x
<config.h>
Set initial kvno to 1.
x
Updated.
Add k_{put,get}_int.
Add TCP client support.
x
roken.h
moved from krb
generate roken.h
<config.h>
k_ -> roken_
k_gethostname -> gethostname
roken.h -> roken-common.h>
conditional <sys/cdefs.h>
build roken.h
fix
remove use of <sys/cdefs.h>
initialize_error_table -> initialize_error_table_r
Use re-entrant error-table.
Changed for com_err compatibilty
x
more compatibility
fixup
libcom_err.a and compile_et
old com_err compat
build compile_et
fix _
_r
install compile_et
undo last change
undo last change
ajax ultra
libobjs depends on roken.h
check for innetgr
(krb5_free_keyblock) check for NULL keyblock
cleanup compilation of des_enc.c
bindir
cleanup get*key, use free_keyblock.
make subkeys into pointers
use free/copy_keyblock
use copy_EncryptionKey
changes for modified auth_context
x
don't look at KRB5_CONFIG if running setuid
typo
_PATH_HEQUIV
k_afsklog -> krb_afslog
draft-ietf-cat-ftpsec-08 -> RFC2228
draft-ietf-cat-ftpsec -> RFC2228
fix formatting
setuid(0) before calling krb_kuserok()
don't use freed data
k_afsklog -> krb_afslog, also add commented out krb5_* versions
k_afsklog -> krb_afslog
include <kafs.h>
Optionally don't use mmap.
trams
cond
inaddr2str.c
fix check for local/remote subkey
split of aclocal/acinclude
MODE_OUT8
In 8bit-mode, don't turn off OPOST.
Separate 8bit and binary output modes.
x
Include <err.h>, to get linux __progname.
x
unsigned
Use krb5_config_get_strings.
Always enable client. Only set max-life and max-renew if != 0.
Add context to all krb5_config_*get_*.
Use correct salt.
Add support for AFS string-to-key.
Add value for AFS salts.
Handle pa-afs3-salt case.
Add WFLAGS.
Use AFS string-to-key from libkrb5.
Add context to all krb5_config_*get_*.
Cleanup.
<sys/param.h>
x
x
<sys/un.h>
static
<kadm5/private.h>
WFLAGS
some cleanup
Process AuthorizationData.
x
static
WFLAGS
Implement locking of database.
x
const appl_version
Add siad_chg_password, and siad_chk_user.
copyright
Link with libkadm.
Add password changing support.
(mcc_store_cred): restore linked list if copy_creds fails.
x
Don't return ENOMEM if allocating 0 bytes.
x
Return some error if prompter functions return failure.
x
Check for special user-error from krb5_get_init_creds_password.
Add krb5_auth_con_set{,localsub,remotesub}key.
Add krb5_authdata type.
Add ALLOC_SEQ macro.
Only generate local subkey if there is none.
Fixes to send authorization-data to the KDC.
Fix for new authdata.
x
Add some support for using enctypes instead of keytypes.
x
Add KRB_ERROR to krb5_kdc_rep.
part1 -> kdc_rep, part2 -> enc_part
(krb5_free_kdc_rep) Free krb5_kdc_rep->error.
Return error-packet to caller.
Fix long form of negative flags.
x
Don't fail if realloc(X, 0) returns NULL.
Add pre-authentication structures.
Add entry for KEYTYPE_DES_AFS3.
Merge entries for KEYTYPE_DES and KEYTYPE_DES_AFS3.
Add better support for specifying what pre-authentication to use.
Add better support for pre-authentication, by looking at hints from
If pre-authentication fails, return a list of keytypes, salttypes, and
Add PA-KEY-INFO structure to hold information on keys in the database;
Rename `err' to `ret'.
Add krb5_convert_etype function - converts from protocol keytypes
Use krb5_convert_etype.
Cleanup some ktype-etype code.
remove sch
Add support for reauthentication.
Add entry for reauthent.
Chown ticket file when doing reauth.
Enctype conversion stuff.
Use krb5_encode_Authenticator.
Use krb5_encode_EncKrbCredPart.
Use krb5_decode_Enc{AS,TGS}RepPart.
Use krb5_decode_PA_KEY_INFO.
Make sure enc_part.etype is an encryption type, and not a key type.
Use krb5_decode_EncKrbCredPart.
Use krb5_decode_EncAPRepPart.
Use krb5_decode_EncTicketPart, and krb5_decode_Authenticator.
Add krb5_string_to_etype, rename krb5_convert_etype to
Add ktype_is_etype field to context.
Ignore KRB5_CONFIG if *not* running setuid. Get configuration for
Add codec.c
Check at runtime whether to use enctypes instead of keytypes. If so
Use krb5_decode_EncTicketPart.
x
Some more introduction. Switch to me.
Install/uninstall one library at a time.
x
update
Switch back to a yacc-based compile_et.
Rename error.h to com_right.h.
Move command line split to function `sl_make_argv'.
proto for sl_make_argv
SS compatibility functions.
config.h stdarg.h
A mk_cmds clone that creates SL structures.
Install libsl under the `libss' name too. Install mk_cmds, and ss.h.
x
Use fprintf instead of warnx.
Don't add the function name as an alias.
Some fixes for ss/mk_cmds.
New compile_et.
x
Add com_err, remove error.
Add com_err.h, and com_right.h.
Add rules for asn1_err.*; general cleanup.
initialize_*_error_table -> initialize_*_error_table_r
Remove <error.h> (it gets included via {asn1,krb5}_err.h).
Add quotes.
Add rules for {krb5,heim}_err.[ch].
Add quotes.
initialize_*_error_table -> initialize_*_error_table_r
initialize_*_error_table -> initialize_*_error_table_r
Swap error_table arguments.
Fix compile_et call; add WFLAGS.
Yet another case for the Cleaner.
Replace <com_right.h> with <com_err.h>.
Replace getc() with input().
x
Fix for new compile_et; add WFLAGS.
Add WFLAGS.
Replaced by lib/com_err. Error files moved to lib/asn1 and lib/krb5.
x
Remove a space.
A somewhat stricter grammar. Put everything in a linked list, and
Split generation of c and h files in separate functions. Also relevant
Some stuff for recent changes.
Files don't have to end with `end'.
(generate): Always return a value.
typo
x
Don't store expired tokens (this broke when using pag-less
x
Add `krb5_unparse_name_fixed_short', that excludes the realm if it's
x
Also try to match aganist the expression appended with
x
Add usage string to `privileges'.
proto
Add function `foreach_principal', that loops over all principals
1998
Use `foreach_principal'.
Max-life and max-renew can, infact, be zero.
Add `include_time' flag to timeval2str.
proto
Use `foreach_principal'. Add long, short, and terse (equivalent to
remove list.c
moved to get.c
Cleanup printing of help strings.
x
Cleanup commands list, and add help strings.
x
(fold): free tmp
(sl_loop): Fix general broken-ness.
x
Remove unused variables.
Move _kadm5_{privs,string{_to_{string,privs} to private.h.
Move _kadm5_{privs,string{_to_{string,privs} from kadm5_locl.h.
(edit_attributes): init `tmp'
x
typos
Remove kdb_edit.
x
Remove reference to kdb_edit(8).
remove -Wcast-align, since it produces too many warnings on alpha.
remove kauth and kx until they are working
Change krb5_keytab_data to use function pointers.
Use function pointers.
x
Implement remove with files. Add memory operations.
x
Implement `add' and `remove' functions. Make `--keytab' a global
update
Remove `--keytab' option.
Add WFLAGS.
Some more documentation.
x
Add resolve.c
Remove some references to krb4-stuff.
change HAVE_ARPA_NAMESER_H -> T_A
Add <arpa/nameser.h>, move signal decl to roken-common.h
Signal decl from roken.h.in.
Another miracle of the 20th century: gethostby* over HTTP.
x
Recognize `http/' and `udp/' as protocol specifications.
x
Add `http_proxy' to context.
Initialize `http_proxy' from `libdefaults/http_proxy'.
(krb5_sendto_kdc, send_and_recv_http): Add support for using proxy.
x
(krb5_425_conv_principal_ext): Use resolver to lookup hosts, so CNAMEs
check for `dn_expand', and `res_search'
Use krb5_kt_close/krb5_kt_resolve.
WFLAGS
x
remove unused variables
Make `roken_gethostby_setup' take url-like specification instead of
x
Changes to make this work with new `--disable-dynamic-afs' option to
Fix type of `Pioctl'.
Add prototypes for `aix_pioctl' and `aix_setpag'.
This is the original README file for libdl.a.
update copyright
error_table -> et_list
u_char -> unsigned char
Remove <arpa/nameser.h>, since some definitions confict with
Include <arpa/nameser.h> and <resolv.h>.
Start using resolve again.
change with_shared -> enable_shared
Pull down 1.2.2.1: "Figure out output if not given."
# -> dnl
Use `upcase'
Import changes from heimdal/acinclude.m4:1.12.
use acinclude.m4.in
Hack to avoid `unused variable'.
Remove WFLAGS_NOUNUSED.
Remove dependency for parse.c
Include <arpa/nameser.h> (should really go some where else).
Protos for `roken_gethostbyaddr', `roken_gethostbyname', and
update copyright
add roken_gethostby.c
Add ifdefed out call to `roken_gethostby_setup'.
add ugly hack for dns-proxy
Add `[]' to LIBOBJS assignment to fool automake.
create acinclude.m4
resolve.h
Make things compile.
x
Release 0.0n
remove extra AC_PATH_XTRA
sys/select.h
(krb5_keytab_key_proc): don't free keyseed; use correct keytab
x
Return sane error code if krb_rd_req fails.
x
Simple fork+exec system() replacement.
proto
simple_exec.c
x
Fix order of flags.
(sl_loop): check that there is at least one argument before calling
x
(tgs_rep2): check for interesting flags on involved principals.
Rename PA-KEY-INFO -> ETYPE-INFO. Better cleanup on errors.
Rename PA-KEY-INFO -> ETYPE-INFO. Add log format to context.
Add log format to context.
Rename PA-KEY-INFO -> ETYPE-INFO.
x
Remove unused variable.
Ifdef unused variable.
Check for principals changing their own passwords.
Try to get ticket via initial request, if not possible via tgt.
Add `--keytab' option.
x
(v4_prop): use krb5_unparse_name_short
copyright
<kadm5/kadm5_err.h>
If kadm5_get_principals failes, we might still be able to perform the
Unifdef test for same principal when changing password.
x
Move checking of principal flags to new function `check_flags'.
x
Verify that error_code is in the range [0,127].
fix some XXX comments
static
x
Add some more flags.
(v4_prop): Check for `changepw.kerberos'.
*_LDADD -> LDADD
Check immutable bit.
Get creds for client name passed in.
Pass client name to kadm5_init.
x
Zero cred, and store session key properly in auth-context.
Use `gssapi_krb5_verify_8003_checksum'.
Implement `gssapi_krb5_verify_8003_checksum'.
Add support for just integrity protecting. Implement and use
Add support for just integrity protecting. Use `gss_krb5_getsomekey'.
Add some protos.
x
Add offset to krb5_kt_cursor struct.
MIT compatible changes: add and use sizes to keytab entries, and
x
generic include file for ftpd
Use <ftpd_locl.h>.
x
Add kauth prototypes.
<krb.h>
Changes for new merged security stuff.
Add parenthesis around boolean expression.
New unified security framework.
GSS-API backend for the unified security framework.
Updated for the unified security framework.
Add -DFTP_SERVER
x
removed
replaced by new framework
arpa/ftp.h
x
Try `test -f' before makeing links.
#if-0 indentification string.
Make compile w/o krb4.
x
ftp
Replace several other functions with `kadmind_loop'.
protos
Use `kadmind_loop'.
(foreach_principal): Print error message if `kadm5_get_principals'
x
zero priv
Add `krb5_storage_from_data'.
Add `default_keytab' to context_data.
Get `default_keytab_name' value.
Get default keytab name from context.
Move KEYTAB_DEFAULT from keytab.c.
x
Fix DES3 string-to-key.
x
Add `encode_as_rep_as_tgs_rep' flag.
Check for `encode_as_rep_as_tgs_rep' flag. Emit an error message if no
Add list of etypes to hdb_entry.
(hdb_next_etype2key): check etype against those listed as supported by
Dump etypes.
Load etypes.
Make cred caches version 4 compatible.
Use `gss_krb5_getsomekey'.
Check for error before returning errno.
x
Add krb5_config_{vget,get}_{bool,time,int}_default.
Add some headers.
(v4_prop): Check for null key.
x
Use same enctype as in ticket.
Return value.
htonl ipv4 address
x
Fix for IRIX cc.
ac_check_type + extra headers
check-type-extra.m4
move some type checks
add note about ftp/ftpd
update
random notes
x
Replace `AC_PROG_LEX' and `AC_DECL_YYTEXT' with `AM_PROG_LEX'.
More protos for {,v}snprintf.
NEED_{,V}SNPRINTF_PROTO
AC_NEED_PROTO
Don't add libdb, libdbm, or libutil to LIBS.
Use LIB_logwtmp.
Cleanup LDADD.
Use DBLIB.
have-declaration.m4 -> check-declaration.m4
remove duplicate
WFLAGS
Some casts.
Add <des.h> for proto.
Save hostname.
x
Zero kdc_reply.
Don't try v5 if (only) `-4' is specified.
x
fix for AIX
remove some cruft
Release 0.0o
aux -> cf
x
aux -> cf
Back out of previous change, it doesn't work with bison. Rename STAT
Check return values from XGrab*.
Fix mismatched parenthesis.
x
(MsgInfoList): replace `del_flag' and `retr_flag' with single `flags'
Replace `del_flag' and `retr_flag' with `flags'.
x
Move parsing of headers to separate functions.
Move changing of uid to separate function.
Add maildir support.
maildir + WFLAGS
maildir
x
Replace lots of snprintf's with new function `make_path'.
foo
typo
remove extra .SE
some more babbling
Add some debug diagnostics for dlopen.
Link with -lc when building afslib.so (this seems to be required with
add decl of _kafs_debug
print_version
check for get{euid,gid,egid}
getegid
getgid
geteuid
set-uid test
isSuid -> issuid
issuid
use issuid
check for get{e,}[ug]id
add issuid.o
check for crypt in -lcrypt
add @LIB_crypt@
Header for hprop ka-server database support.
Add ka-server support.
x
schlemm to get rid of references to *_version
schlemm to get rid of references to *_version from print_version.o
clean more
x
Userok for gssapi.
Save client name for userok().
gss_userok.c
x
remove call to abort()
remove calls to abort()
use print_version
x
Release 0.0p
add cast
Always print errors from mk_req.
Better error if local tgt couldn't be found.
x
check for {v,}as{n,}printf prototypes
prototypes for {v,}as{n,}printf
test for mips abi
remove exit
Fix for AC_CACHE_CHECK broken-ness; change `default' -> `yes'.
renamed functions for com_err
Hack to get rid of ROKEN_NAME.
ROKEN_RENAME
fix abi and abilibdirext if using old GCC
fix dependencies for parse.[ch]
typo
setuid before setgid
strcasecmp w/o table
strncasecmp w/o table
strncasecmp
-strcasecmp.c
remove use of strdup
kadm5_s_* -> kadm5_*
update prototypes
Add init_with_{skey,creds}*.
Better arguments for kadm5_init_with_password.
implement init_with_{skey,creds}*
Implement init_with_{skey,creds}*. Make use of `password' parameter to
x
Pass NULL password to kadm5_*_init_with_password.
const
kadm5_s_* -> kadm5_*
x
libtoolize
from libtool 1.2a
stuff for libtool
automagically generated
remove libtool stuff (install libtool-1.2a instead)
lib*.a -> lib*.la
*_a_* -> *_la_*
*_a_* -> *_la_*
*_a_* -> *_la_*
LIBOBJS -> LTLIBOBJS
(foreach_principal): Check for expression before wading through the
x
Add newline after each maildir message.
(make_path): fix reversed args
x
check config file for kadmin/use_v4_salt before zapping version 4
possibly make DES keys version 4 salted
typo
krb_enable_debug
x
roken_rename
foo
get_xsockets returns int, not unsigned
fix for (compiler?) bug in solaris 2.4 bind
x
move libdes after krb4 libs to avoid multiple definitions with shared libs
proto for print_version
Add check_ticket_addresses, and allow_null_ticket_addresses variables.
proto
Pass client address to as_rep() and tgs_rep().
Optionally compare client address to addresses in ticket.
x
(arg_match_long): make sure you only get an exact match if the strings
(get_init_creds_common): if the forwardable or proxiable flags are set
x
(check_tgs_flags): make sure kdc-req-body->rtime is not NULL; set
(mandoc_template): Put short and long options in DESCRIPTION on the
x
Implement lots a new options.
Default options for kauth.
Default options for kinit.
updated
update
kinit now has support for renewing tickets
x
move from branch
(get_window_size): check COLUMNS and LINES
(arg_printusage): try to keep options shorter than column width
x
import _krb_time_to_life, to avoid runtime dependencies on libkrb with
int -> krb5_boolean
str{cpy,cat}_truncate
zero tmp
str*_truncate
(mandoc_template): Put short and long options in SYNOPSIS within the
x
some kind of manual page
Link programs with $(LINK), not $(CC).
always build libeditline; move readline compatibility for libedit to
don't install el_compat
always build libeditline; move readline compatibility for libedit to
x
link with libkafs iff KRB4
optionally exclude shared library dependencies
EXESUFFIX -> EXECSUFFIX
remove references to undefined variables
add missing newlines
remove proto for pop_sendline (made static)
quote '^From ' properly
x
fix for rhapsody
find database library
pass client address to krb_rd_req
x
merge strcpy_truncate branch
allow `po:user at host' mailbox syntax
x
cleanup pobox parsing
update to reflect new po-box syntax
x
support for newer libedit
x
hmac-sha1-des3 = 12
x
skip ws before checking for comment
x
(parse_binding, parse_section): make sure everything is ok before
x
net_{read,write}.c
x
change /usr/athena/bin/login to /usr/heimdal/bin/login
(quote1): fix % quoting bug
x
add KEYTYPE_USE_AFS3_SALT to keytype if using AFS3 salt
x
don't depend on the existance of warnx (use fprintf)
merge changes from 0.9.9 branch
x
merge changes on 0.9.9 branch
(error_message): try to pass code to strerror, to see if it might be
x
lots of C2 magic
(try_pipe): return -1 if I_PUSH fails with ENOSYS
x
remove LD_FLAGS for now
case MAY_HAVE_X11_PIPES with Solaris
x
VIOC_GCPAGS
(krb5_keytype_to_etypes): zero terminate etypes
(as_rep): set keytype to sess_ktype if ktype_is_etype
x
eliminate some warnings
x
add T_NAPTR
some cleanup
x
asprintf
snprintf.c
add snprintf.o to make_cmds
x
merge new-crypto branch
set AIX_SRC also if !AIX
x
x
remove appl/su/Makefile
add `--convert-file' option to change keytype of existing master key
update year
change `hdb_set_master_key' to take an EncryptionKey, and add a new
prototype for `hdb_set_master_keyfile'
hdb_set_master_key -> hdb_set_master_keyfile
(generate_2int): don't depend on flags being unsigned
(DB_open): add test for database format
(NDBM_open): add test for database format
convert_db
(DB_open): try to open database w/o .db extension
little program for database conversion
x
add copyright and rcsid
(DES3_string_to_key): make this actually do what the draft said it
x
convert DES3 keys to des3-cbc-sha1, and des3-cbc-md5
x
add DBLIB to LDADD
set_progname
Release 0.1b
check for glob
glob.h
move glob.c to roken
move to roken
remove glob
x
c
use AC_BROKEN_GLOB
x
x
fix der_put_int
NEED_GLOB_PROTO
-O does not belong in WFLAGS
fix index
x
fix printf warnings
typo
use version.texi
import
add kadmin section
x
build login
add Makefile.am
OTP_dir
0.1c
remove EXTRA_DATA (as of autoconf 2.13/automake 1.4)
x
more typos
x
appl/otp
include <kadm5/admin.h> and <kadm5/kadm5_err.h>
add minimally working `get' command
x
(fkt_remove_entry): make this work
libkadm5clnt
x
change some silly wordings
update procedure to set supported encryption types
krb4 is now automatically detected
update nodes
x
(fcc_gen_new): implement
(krb5_verify_user): pass prompter to krb5_get_init_creds_password
add TUInteger type
make `BIT STRING's unsigned
x
HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
SOCKADDR_HAS_SA_LEN -> HAVE_STRUCT_SOCKADDR_SA_LEN
update to automake 1.4/autoconf 2.13
x
better handling of types with spaces
SIAENTITY_HAS_OUID -> HAVE_SIAENTITY_OUID
update to autoconf 2.13
x
update to autoconf 2.13
typo
x
remove extra AC_MSG_RESULT
x
DESTDIR
x
x
remove special AIX install case (works in autoconf 2.13)
remove -g CFLAGS from distributions
fix handling of messages w/o body
x
use print_version
protos for {un,}setenv
x
re-add version in greeting message
x
ugly fix for crays
x
AC_WFLAGS
x
use AC_WFLAGS
openlog -> roken_openlog
@WFLAGS@ -> $(WFLAGS) in CFLAGS
remove ifdef HAVE_FNMATCH
x
add -Wno-return-type to WFLAGS
remove -Wno-return-type from WFLAGS
no-return-type -> no-implicit-int
x
fix types in format string
fix some warnings
remove unused variables
add WFLAGS
x
add some if-braces
x
fix some warnings
protoize
add some if-braces to keep gcc happy
WFLAGS
prototype for error_message
fix types in format string
(hstrerror): add const to return type
protos
move innetgr() to separate file
add netgroup_match()
back out previous
x
add prototypes, and defaults for _PATH_*
staticize
add some consts
x
don't print warning if there is no krb5.conf
check for NULL realmlist
use krb5_free_host_realm
add dns support
add version info
(des_rand_data): if not using setitimer, block SIGCHLD around fork(),
replace perror/exit with fatalperror
x
strncasecmp headers
x
remove protos for read/write
x
common Makefile stuff
test for Xau{Read,Write}Auth
subst DBLIB also
x
\? -> ?
include Makefile.am.common
removed
remove junk
add gcc-braces
x
include Makefile.am.common
include Makefile.am.common
x
include Makefile.am.common
include Makefile.am.common; don't install headers from here
include Makefile.am.common
x
condition KRB5; AC_CHECK_XAU
x
move include of krb5.h here
remove krb5.h (breaks in ftpcmd.y)
x
remove EXTRA_bin_PROGRAMS
define LIB_kafs and LIB_gssapi
sl.a -> sl.la
remove junk
admin.h -> kadm5/admin.h
der.h
parse_units.h
LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h
define KRB_VERIFY_SECURE if not defined
x
define sub for html
remove include_dir hack
x
fix build-installation of headers
make install-build-headers a multi dependency target
install ss.h
x
clean ftpcmd.c
clean pfrom
clean a lot of header files (since automake lacks a clean-hook)
clean some lex.c parse.c parse.h
x
split in client and server libraries (breaks shared libraries
add 45
use $(x:y=z) make syntax; move check-der to check_PROGRAMS
add version-info
add libss; add version-info
x
*** empty log message ***
add gcc-braces
x
move shared lib stuff here
add
fix broken checkin
revert
put public and private functions (starting with underscore) in
create krb5-private.h
x
don't roken-rename
typo
tests for authentication modules
x
manual page formatting tests
clean up
remove stuff that is automatically includes by autoconf
remove LEXLIB
`-h' is host, not help
BINDIR is defined in config.h
better handling of otp
add {INCLUDE,LIB}_{hesoid,krb4,readline}
add decription to AC_DEFINE
define {INCLUDE,LIB}_* as well as *{INCLUDE,LIB} (which is used in
LIBDIR is defined in config.h
char* -> krb5_realm
fix some typos
fix typo
remove unused variables
bindir -> libexecdir
x
merge with krb5 version
move from sia.c
merge with krb4 version
makefile for sia
makefile
add posix_getpw.c
x
fix for automake bug/feature; add more LIB_*
x
<bind/bitypes.h>
typo
x
HESIOD{INCLUDE,LIB} -> {INCLUDE,LIB}_hesiod
common stuff from md4, md5, and sha1
use hash.h; fixes for crays
hash.h
x
fix typo
_PATH_UTMP
x
(krb5_get_host_realm): no infinite loops, please
don't rename
x
add `-P', `-v', and `-L' flags
kafs.h
libkafs
x
check for getpwnam_r, and if it's posix or not
x
add some brackets
x
add
link print_version with -ldes to avoid unresolved references if -lkrb
x
cleanup option parsing
x
new updating of protos in krb5, and hdb
typos
take three
(vasnprintf): correct check if realloc returns NULL
x
n_fold -> _krb5_n_fold
x
bsd_locl -> login_locl
do_osfc2_magic proto
magic for OSF C2, and Crays
osfc2.c
--enable-osfc2
check for OSF C2; bind/bitypes.h, getudbnam, setlim; check for auth
x
link with $(LIB_security)
quotes
sleepexit -> exit
_CRAY -> HAVE_STRUCT_UTMP_UT_ID
x
check for XauWriteAuth before checking for XauReadAuth to catch
x
prototype for do_524
pass addr to do_524
check that the ticket came from a valid address; use the address of
x
add support for printing ipv6 addresses, either with inet_ntop, or
(krb5_print_address): int -> size_t
(addr_to_string): use krb5_print_address
(do_524): sockaddr_in -> sockaddr
krb5-private.h
k_{put,get}_int -> _krb5_{put,get}_int
k_{put,get}_int -> _krb5_{put,get}_int
crc_{init_table,update} -> _krb5_crc_{init_table,update}
(krb5_print_address): handle unknown address types;
removed
(print_cred_verbose): use krb5_print_address
k_{put,get}_int -> _krb5_{put,get}_int
CFLAGS -> AM_CFLAGS
x
use getargs
x
use getargs
x
noinst_PROGRAMS -> check_PROGRAMS; add TESTS; don't build rpw, and speed
x
remove
use getarg
x
make a more working check-local target
don't run check-local
getarg.h
add auth
use getarg
x
remove kfoo
POSIX_GETPWNAM_R is defined in config.h
x
(krb524_convert_creds_kdc): free reply
(encrypt_internal): free checksum
(krb524_convert_creds_kdc): free ticket
(krb5_get_forwarded_creds): don't allocate out_creds
(get_cred_kdc, get_cred_kdc_la): make out_creds pointer;
(renew_validate): don't allocate out
(parse_binding): don't zap everything after first whitespace
krb5_append_addresses
add krb5_parse_address
add support for adding an extra set of addresses
(get_addrs_int): add extra host addresses
(get_cred_kdc_la): pass context to krb5_get_all_client_addrs
(init_as_req): pass context to krb5_get_all_client_addrs
(init_sockets): pass context to krb5_get_all_server_addrs
(doit): pass context to krb5_get_all_client_addrs
x
lib/auth/{afskauthlib,pam}
Release 0.1d
fix for writeauth.o
x
don't run check-local
clean krb5-private.h
compile and link, rather than looking for files; also export more
x
test for MIPS ABI; new test_package
x
fix {srv,key}2{srv,key}tab confusion; add help strings
remove donep (check gssapi_krb5_context directly)
set minor_status
(krb5_get_err_text): long -> krb5_error_code
make it compile w/o krb4
remove extra .Fn
add AUTH_{OK,CONTINUE,ERROR}
(sec_login): if mechanism returns AUTH_CONTINUE, just continue with
return AUTH_{CONTINUE,ERROR}, where appropriate
(gss_auth): call gss_display_status to get a sane error message;
x
build afskauthlib.so
add krb5 support
x
build w/o krb4
update to libtool 1.2d
include udb.h, sys/resource.h, and sys/category.h
fixes for building w/o krb4
remove definition of KRB_VERIFY_USER et.al. (moved to config.h)
remove definition of KRB_VERIFY_USER (moved to config.h)
add some whitespace
nuke NEW, DISPOSE, RENEW, and COPYFROMTO macros
nuke NEW, DISPOSE, RENEW, and COPYFROMTO macros; (rl_complete): call
build testit
x
add snprintf, asprintf
snprintf
x
x
complain about un-recognised commands
x
(rl_complete_filename): return if there were no matches
x
fixes for crays
x
add default v4_name_convert entries
add srv_* flags to context
lookup SRV-records to find a kdc for a realm
x
(krb5_524_conv_principal): make it actually work, and check built-in
x
update to reality
x
(kadm5_s_create_principal): create v4 salts for all DES keys
x
log bogus requests
x
make print-version.h depend on version.h
x
handle __attribute__
more __attribute__ fixes
check for __attribute__
add __attribute__; add *abort functions
abort -> krb5_abortx
it's probably make-print-version.o that should depend on version.h
x
don't use data after clearing decriptor
x
add `host not found' error
(krb5_storage): add `host_byteorder' flag for storage of numbers
(krb5_storage_set_host_byteorder): add
(krb5_storage_emem): initialize host_byteorder
(krb5_storage_from_fd): initialize host_byteorder
(krb5_storage_from_mem): check malloc, initialize host_byteorder
add some support for reading and writing old cache formats;
(krb5_get_forwarded_creds): use ALLOC_SEQ
update version
x
_PATH_NOLOGIN
check _PATH_NOLOGIN
x
add krb5_cc_get_type that returns type of a cache
initial version
add __attribute__
use krb5_cc_get_type
afskauthlib actually works
x
x
su
add su
add appl/su
x
add support for dlopen:ing password quality check library
update
x
check for dlopen, and dlfcn.h
x
sample password checking functions
x
don't try to load library by default; get library and function name
x
don't depend on paths.h
x
add support for reading and writing old version cache files, and
add flags to change how various fields are stored, used for old cache
(krb5_storage_from_fd): zero flags
(krb5_storage_emem): zero flags
(krb5_storage_from_mem): zero flags
add support for reading and writing old version cache files
cleanup
add krb5_cc_get_version
add support for reading (and writing?) old version keytabs
(init_context_from_config_file): init fcache_version; add
abort -> krb5_abortx
(krb5_domain_x500_decode): don't abort
print cache version if verbose
add `--fcache-version' to set cache version to create
pass context to krb5_config_file_free
x
(erase_file): don't malloc
fix for stupid aix warnings
fix arguments to decrypt_ticket
new version from automake 1.4
fix for crays
x
HAVE_NETINFO_NI_H -> HAVE_NETINFO
--enable-netinfo
move stuff from kadm5_locl.h
move stuff to private.h
add kadm5_s_chpass_principal_with_key
add kadm5_s_create_principal_with_key
add kadm5_s_modify_principal_with_key
add _kadm5_set_keys2 to sey keys from key_data
(_kadm5_setup_entry): set key_data
add prototypes
remove server.c
move recvauth to kadmind_loop()
move from lib/kadm5
include <sys/un.h>
link with krb4
x
moved to kadmin
make mkvno optional, update version to 2
add master_key_version to struct hdb, update prototypes
add flags to _hdb_{fetch,store}
add flags to DB_seq, DB_firstkey, and DB_nextkey
add flags to NDBM_seq, NDBM_firstkey, and NDBM_nextkey
change hdb_{seal,unseal}_* to check if the key is sealed or not; add
move printable version of entry from kadmin
update prototypes
build prototype headers
remove extra LDFLAGS, update version to 2
add some flags
add flags to fetch and store; seal keys before logging
clear mkvno
proto
remove free
version 4 support
use hdb_print_entry
check for (un-)encrypted keys
pass flags to hdb_foreach
add --print option
unlink keyfile on failure, chmod to 400
add flags to fetch
fix arguments to _kadm5_set_keys2
add support for upgrading database versions
x
(hdb_set_master_key): initialise master key version
check for failure from _kadm5_client_{send,recv}
(_kadm5_client_recv): handle arbitrarily sized packets, check for errors
x
cleanup _kadm5_client_{send,recv}
x
remove some junk
add some text about how to actually convert a database; add something
some cleanup
x
don't use uname
fix past-o
x
(get_cred_cache): figure out principal
(handle_tcp): remove %-escapes in request
x
(do_login): set $SHELL
x
check for netinet/ip.h
x
(sendrequest): lmode != rmode
x
extended test for X
use KRB_CHECK_X
x
x
back out 1.163->1.164
add kerberos debugging option
x
x
use puts, as suggested by Jeffrey Hutzelman <jhutz+ at cmu.edu>
x
bump version number (changes to md*, sha)
x
bump version number (changes to some function signatures)
x
bump version number (changed function signatures)
x
fix broken formatting
change `site find' to `site locate' (to match what it does, and other
x
remove again
add configuration file support
move prototypes to login_protos.h
generate login_protos.h
add support for starting extra processes at login and logout; always
getcap from NetBSD
x
add simple_exec{ve,le}
check for cgetent
make it build
cgetent
declare struct spwd
dependencies
fix test for cgetent
x
x
prototype generation for login
(start_logout_process): call setproctitle
x
check for setproctitle
x
make this compile w/o krb4
x
fix typo in previous
ignore the comlicated aix construct if !krb4
x
argh!
implement XDELE to delete a range of messages
x
use XDELE
x
(pop_init): don't freehostent if ch == NULL
x
err -> errx
(crypt_md5): don't use snprintf
x
protect from db-less systems
x
(do_login): show issue-file
(recv_conn): call setjob on crays;
add `--keytab' flag
x
(main): init keytab
add OPNOTSUPP
(krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
x
HDB keytab backend
hdb_kt_ops
use HDB keytabs
(hdb_get_entry): give some more useful return codes
x
(krb5_append_addresses): remove duplicates
use HDB keytabs; change some error messages; add --realm flag
clarify messages from server
krb5_get_all_server_addrs shouldn't return extra addresses
(rr13): handle zero length bit strings
print contents of krb5.conf
add dump_config
x
fix some buglets (from ake at cs.umu.se)
(handle_v5): give more informative message if KRB5_KT_NOTFOUND
link with res_search/dn_expand libraries
x
sgi capabilities
check for sgi capabilities
x
also check for capability.h
SGI capability mumbo-jumbo
x
(configure): don't bail out if there isn't any kdc.conf
x
be more informative in pa-data error messages
set minor_status
(_kadm5_privs_to_string): return `none' if privs == 0
(kt_get): add `--help'
x
make this work with mips 64-bit abi
x
(main): only get default value for `get_v4_tgt' if it's explicitly set
x
add a `--cache' flag
x
0.2a
add floating point support
add a callback type to do more complicated processing
x
remove unused `optind'
remove unused `optind'
getarg manpage
x
new function `krb5_recvauth_match_version' that allows more
x
(encode_generalized_time): encode length
x
x
make krb5_fkt_ops const
make krb5_mkt_ops const
make krb5_akf_ops const
x
make it possible to set the command protection level with `prot'
(set_command_prot): set command protection level
proto
(kauth): make sure we're using private protection level
x
remove extra \
(doauth): s->context
x
add `sec_vfprintf2' and `sec_fprintf2' that prints to the data stream
proto
simple ls
(LIST): call list_file
(main): make this use getarg; add `list_file'
protos
ls.c
x
x
FEAT
x
(krb5_enctype_to_keytype): remove warning
x
(krb5_authenticate): don't use the principal associated with the
x
(main): pass ccache to krb524_convert_creds_kdc
x
(list_file): pass filename to ls
x
change type of the collect function
change the way arg_collect works; it's still quite horrible though
document arg_collect
change `-l' flag to use arg_collect (this makes `-ll' work again)
x
bump current and age (added keytab stuff)
add w2k crypto draft
Initial revision
*** empty log message ***
make this build
get_command_prot; (sec_prot): partially match `command' and `data'
(kauth): set private level earlier
(krb4_decode): syslog failure reason
proto
(kauth): complain if protection level isn't `private'
x
add
move to subdirectory
(_kadm5_s_init_context): get dbname, acl_file, and stash_file from the
(kadm5_s_init_with_context): actually use some passed values
(kadm5_c_init_with_context): try to cope with old servers
marshalling of config parameters
(kadm5_server_context): add config_params struct and remove acl_file;
correctly get acl file
allow passing a realm
allow us to have more than one database
update
update for multi-database code
remove version string
cope with old clients
remove case for not having cgetent, since it's in roken
(kadm5_config_params): remove fields we're not using
always bail out if the fetch fails
x
remove DES3_postproc
make this work with multi-db
x
indent
newer draft
rc4->arcfour
x
inttypes.h
do not use krb_get_our_ip_for_realm unless it exists
clean up krb4 tests; check for krb_get_our_ip_for_realm
(process_msg): check for short reads
ARCFOUR_set_key -> RC4_set_key
typo
remove advertising clause
remove advertising clause
print more interesting things
(kadm5_log_foreach): pass context
prototype
optionally trace connected addresses to a file
x
x
don't use string concatenation with TKT_ROOT
x
(dataconn): make sure from points to actual data
x
some cleanup:
add /etc/issue{,.net}
free some memory
change --noaddresses into --no-addresses
x
document kauth
(init_context_from_config_file): change default log timestamp to
x
illegal -> invalid
krb5_check_transited_realms
check_transited
getaddrinfo via string specifying host and port
getaddrinfo_hostspec.c
proto
use roken_getaddrinfo_hostspec
x
call list_file for broken usages of nlst too
increase count by one, reported by GOMBAS Gabor <gombasg at inf.elte.hu>
change case of `verbose' to match the other options
jox
jox
x
initshells for aix
make aix part work
x
tests for aix initshells
move test for getconfattr to correct place
make this actually work
x
handle non-existant server principals (from Daniel Kouril)
don't try to encrypt if auth is broken (Daniel Kouril)
nuke long option from -z
x
change unix test to be negative
x
add options to enable/disable v4 and 524 requests
only listen to port 4444 if 524 is enabled
if v4 is not enabled, just generate error reply and exit
if 524 is not enabled, just generate error reply and exit
x
changes upto 1998
check for strsep_copy
strsep_copy
strsep, but with const stringp so returns string in separate buffer
x
slightly generic acl code
strncpy -> memcpy
strsep_copy prototype
acl.c
x
x
add support for more standards like import statements, and
add support for more standards like import statements
support for distinguished value integers
use distinguished value integers
update with reality
use new import syntax
use some definitions from asn1.h
pa_* -> KRB5_PADATA_*
generalize source database handing, add support for non-standard local
code for readine krb4 dump files
add some prototypes
update with reality
add realm override flag
x
build v4_dump.c
pa_* -> KRB5_PADATA_*
x
HDB_NDBM_H -> HAVE_NDBM_H
ALLOC_SEQ
move prop_data here
move prop_data to hprop.h
back out 1.64
x
add hdb keytabs
x
(add_standard_ports): only listen to port 750 if serving v4 requests
x
(ka_convert): allow using null salt, and treat 0 pw_expire as never
x
(_kadm5_set_keys): rewrite this to be more easily adaptable to
x
(get_des_key): change to return v4 or afs keys if possible
x
pass extra parameter to get_des_key
proto
x
move environment stuff to separate file, allow specifying list of
new file for environment related functions
extern env and num_env
x
typo in previous
add date_fmt to context
(init_context_from_config_file): init date_fmt, also do some cleanup
(krb5_format_time): new function to format time
add printing of timestamp and key data; some cleanup
(krb5_vlog_msg): use krb5_format_time
use parse_time to parse age
x
update to reality
login_proto.h -> login_protos.h
change some funny etypes to use negative numbers, and add some more
more errors
add some more pseudo crypto types
more master key function to separate file
rewrite master key handling
cleanup
add mkey.c, and bump version number
remove bogus externs
make this work with the new mkey code
pass context to seal/unseal_keys
(read_master_mit): fix this
only get master key if we're actually going to use it; enable reading
read MIT krb5 dump files
x
set initial master key version number to 0 instead of 1; if we lated
x
remove kauth
add mit_dump.c
protos
x
replace NOERROR with a generic error
convert getaddrinfo error codes to something that can be passed to
x
use krb5_eai_to_heim_errno
x
document mit-dump
(hdb_read_master_key): set mkey to NULL before doing anything else
eai_to_heim_errno.c
add lib/vers
(read_master_encryptionkey): handle old keytype based files, and
x
remove writing of old keyfile, and treat --convert-file as just
add key usage
fix type in des3-cbc-none
x
typo in previous
simple table functions
rtbl
declare ether_addr and sockaddr_dl for AIX
use rtbl to format cred listing
x
add flags for preauth and hwauth
update for -f and add some more text for -v
x
language; say something about kadmin del_enctype
x
(deltat2str): treat 0 and INT_MAX as never
socket creation functions
if stdin is not a socket create and listen to sockets
proto
kadm_conn.c
x
allow setting kvno
x
change log strings to match the v5 counterparts
break out connection code to separate function, and defer calling it
move private prototypes here
move public prototypes here
remove prototypes
add more fields to client context; remove prototypes
call _kadm5_connect
assert that we have a connected socket
no need to call gethostname, since sname_to_principal will
x
add more generic krb5_sendto that send to a port at arbitrary list of
use krb5_sendto
try port kerberos/88 if no response on krb524/4444
x
krb5_read_{priv,save}_message
krb5_write_{priv,save}_message
really build su
make this point to the correct keytab
add new function that takes socktype hint as parameter
proto
use roken_getaddrinfo_hostspec2
use conditional for dce
update this to newer auto*/libtool
update to libtool 1.3c
cleanup
test for broken realloc
test for signal handler return type
add 6th parameter for now
use cleaner autoheader trick
workaround feature of newer autoconf
x
pass sixth parameter to test-package; use some newer autoconf constructs
subst AIX compiler flags
set compiler flags
x
(v5_loop): use krb5_{read,write}_priv_message
put all processes in a new process group
try to get xlc flags from ibmcxx.cfg
use conditional for X
set ACLOCAL_AMFLAGS
add some braces to make gcc happy
update to missing from automake 1.4a
dceutil*s*
don't subst AFS_EXTRA_LD
use cache_check, and make this work with new autoconf
AM_PROG_LIBTOOL -> AC_PROG_LIBTOOL
fix some typos
x
AC_ERROR -> AC_MSG_ERROR
db tests
other roken tests
rename to rk_CHECK_VAR, transposing the arguments, and making the
revert version number for now
remove stuff that belong in roken, and remove some obsolete constructs
x
use autoreconf
make upcase a proper autoconf macro, and rk_CONFIG_HEADER
require rk_CONFIG_HEADER; restructure slightly
not used
make this compatible with `make dist'
x
(krb5_read_message): return error if EOF
nuke extra definitions of krb5_read_priv_message et.al
use krb5_read_priv_message; (v5_loop): check for EOF
x
(wait_term): if we're doing something, set just set a flag otherwise
variables
(v5_loop): check for termination
(handle_v4): check for termination
x
use krb5_write_priv_message
use krb5_{read,write}_priv_message
ws
x
make -a and -n aliases for -v
x
ifdef KRB4
x
fix broken comment
call krb5_read_priv_message
x
braino
make the parent process wait for children and terminate after
x
document some more
say something about starting kadmind from the command line
x
x
add get_progname
x
manpage
implementation of the krb5_appdefault set of functions
appdefault.c
x
increase version to 12:0:1
x
bump version to 3:0:1
bump version to 2:0:1
bump version to 6:0:0
bump versions to 7:0:0 and 6:0:2
bump version to 2:1:2
bump version to 1:1:1
bump ss version to 1:1:1
bump version to 9:0:0
x
don't compress library, since 5.0 seems to have a problem with this
x
define uint*_t
check for uint*_t
BSIZE -> des_BSIZE to avoid conflicts with AIX jfs/fsparam.h
x
x
add pidfile function
x
conditionalise pidfile
x
tests for util.h and pidfile
add library for pidfile
write a pid file
util.h
write a pid file, and setup password quality functions
link with pidfile library
c
change void** to void*
x
x
check getsockname for proto compat
add proto compat for getsockname
use roken_getsockname
x
krb5_principal_match
x
212 -> 2121
handle all sorts of weird MIT salt types
x
,
_PATH_DEFPATH
(do_login): set PATH to something sane;
x
implement resolve
x
x
set KRBTKFILE
x
change redundant password message to something people can understand
short kerberos intro page
x
fix typo, and remove unused option
update manual page
x
fix dpagaix test
x
`quit' should be a alias for `exit', not `help'
x
short manpage
add kadmin manpage
x
calling the command `add' make more sense from an english pov
make `get' and `list' aliases to each other, but with different
add option parsing
complain if there's no realm name specified
add option parsing, and add `privs' as an alias for `privileges'
x
add macro constants for kdc.conf, and kdc.log
use _PATH_KDC_CONF
use DEFAULT_LOG_DEST
x
correct arguments to some snprintf:s
x
fix log messge
x
change bad filename message slightly
HAVE_ST_BLKSIZE -> HAVE_STRUCT_STAT_ST_BLKSIZE
x
fix v4 fallback lifetime calculation
x
x
simple_execl
proto
rcsid
only allow pasv if logged in
set aix
x
switch to automake
x
ignore Makefile.in
fake entry if no tgetent
x
move manpages to where they belong
don't try to print modifier name if it isn't set
(sec_read): fix bug in previous (from Jacques A. Vidrine
x
move manpages to where they belong
remove extra .Xc
x
x
print the principal we're trying to use
x
add space to usage
x
x
don't use AC_CONFIG_FILES here, since it doesn't work with automake
add roken/Makefile here, since it can't live in rk_ROKEN
x
close list
x
sort parameters and close a list
x
work around bug in grog that makes it think it needs mdoc.old
x
change cat handling
work with krb4 only
x
script to install preformatted manual pages
use install-catman.sh
use libtool
x
update this after recent changes
AC_CHECK_MAN -> rk_CHECK_MAN
x
getifaddrs implementation using SIOCGIFCONFIG etc
x
x
test for broken getnameinfo
x
test for broken AIX getnameinfo
test for getifaddrs
deal with sa_len in test
(find_all_addresses): use getifaddrs, from Jason Thorpe <thorpej at netbsd.org>
x
free some memory
x
fix freeifaddrs prototype, and add ifa_broadaddr macro
add getifaddrs.c, and ifaddrs.h, remove getnameinfo.c
add more quotes
just warn if we fail to setuid a program
require encryption if passed -x
x
pretend that empty files are non-existant
check for NULL remove_cred function
add kerberos.8 manpage
x
move undef of ECHO
test for strvis*
x
add prototypes for strvis*
strvis implementation from NetBSD
make `extern "C"' into a macro, this make emacs much happier
vis.c
x
add some more KRB5_AUTH_CONTEXT_* flags
implement krb5_auth_con_genaddrs, and make setaddrs_from_fd use that
auth_context should not be a pointer
implement krb5_get_server_rcache
actually build replay cache code
de-pointerise auth_context parameter to krb5_mk_rep
x
test for unvis, and vis.h
x
cleanup previous
unvis from NetBSD
vis.h from NetBSD
unvis.c, and vis.h
x
make sure _DIAGASSERT is defined
x
rename to *.hin, so it won't collide with system headers
remove trailing comma
x
implement krb5_auth_con_{get,set}rcache
rename some headers to avoid conflict with possible system headers
ifaddrs.h
x
implement -1CFx flags
some spec-violating mirror software assumes that you can do things
x
x
make it possible to set list of good filename characters from command
x
move sa_len test to before test for broken getnameinfo
x
fix last commit differently
add c++ externs
x
fix query-replace-o from MD5 API change, and the struct is called
s/krb5_donot_reply/krb5_donot_replay/
x
reverse time and size sort order (pointed out by tege)
x
fix option parsing
x
(append_string): handle NULL strings by printing `(null)'
x
avoid asprintf'ing NULL strings
x
We don't really need to include krb.h here, since we only use the
declare krb4_ftk_ops
always register the krb4 keytab functions
always build keytab_krb4.c
x
merge srvconvert with copy
merge srvcreate with copy
x
don't copy an entry that already exists in the keytab, and warn if the
x
reflect recent changes
x
(krb5_appdefault_string): handle NULL def_val
make this match the MIT function
new function krb5_get_init_creds_opt_set_default_flags to set options
use krb5_get_init_creds_opt_set_default_flags
x
use krb5_get_init_creds_opt_set_default_flags
x
document appdefault_time
not much point in setting the anonymous flag here
typo
call a time `time', and not `seconds'
some cleanup
x
x
don't write to string constants
x
(pasv): close already open passive port
x
(lstat_file): handle case where file lives in `/'
x
fix bug in previous; make it easier to build test version
x
(sl_command_loop): try to handle user pressing C-c
proto
bump revision
x
add support for reading krb4 /.k files
reduce number of memory allocations
x
include shadow definition of kdb Principal, so we don't have to depend
make it possible to convert a v4 dump file without having any v4
x
snprintf
ignore SIGINT for now
don't warn if the port name can't be found, nobody cares anyway
x
add --{start-end}-version flags to replay just part of the log
x
implement krb5_get_cred_from_kdc_opt
x
(initialize_error_table_r): put table at end of the list
x
(krb5_init_ets): use krb5_add_et_list
don't explicitly set the krb4 ticket file
x
END has to be last with Sun's awk
x
add simple support for running commands
x
document run-command-mode
(getifaddrs2): close socket when done
x
use strtol to parse constants
rename asn1.h to krb5_asn1.h to avoid conflicts
move enctypes here
adapt to asn1 changes
add asn1_ENCTYPE.x
asn1.h -> krb5_asn1.h
fix argument count check after getarg change; spotted by
x
(do_store): call closefunc before claiming that everything went ok, if
x
set ret_creds to NULL before doing anything else, from Jacques Vidrine
x
do a better job of supporting files larger than 2GB
x
convert to use getarg
pack short flag options togther, to shorten the usage string
2001
x
(krb5_get_host_realm_int): add extra parameter to request use of dns
x
make sure we always use a des-cbc-crc ticket
make checksum_types into an array of pointers
change this slightly
conversion function for h_errno's
one less data copy
krb5_string_to_deltat
fix argument number test
x
(akf_start_seq_get): return KT_NOTFOUND if the file is empty
x
typo
put referral test code in separate function, and test for
x
don't use NULL where we mean 0
x
add more byteorder storage flags
x
bswap{16,32}
bswap{16,32}
bswap.c
x
__attribute -> __attribute__
simple bit storage test
store-test
dtrt with realm-less principals
x
revert, since it apparently worked anyway
x
verify_opt
krb5_verify_user_opt
pass context to krb5_domain_x500_decode
x
actually check the ticket addresses
just use standard C types
just use standard C types with bswap*
x
define `ROKEN_RENAME' conditionalised on `do_roken_rename'
only build resolve.c if doing renaming
x
can't define ROKEN_RENAME here
x
base64 tests
clean up the decode mess somewhat
x
build base64_test
fix for broken mdoc.old grog test
spelling
fix for broken mdoc.old grog test
Grog tries to figure out if to use mdoc.old instead of mdoc by looking
x
fix for broken mdoc.old grog test
remove rfc2052 support
x
test for initstate and setstate
dns_srv_order to order srv records
x
implement a new api that looks up one host at a time, instead of
types for new krbhst api
change void* to krb5_krbhst_handle
add opaque krb5_krbhst_handle type
x
manpage
x
x
(do_list): make sure list of keys is NULL terminated; similar to patch
make krb524_convert_creds_kdc match the MIT function by the same name;
use starttime instead of authtime, from Chris Chiappa
x
add some krb524 error codes
x
free principal
test for getaddrinfo needs netdb.h on Tru64
(config_get_hosts): free hostlist
(krb5_string_to_key_derived): leak less memory
x
silly casts
(krb5_mk_req_exact): free creds when done
x
prototypes for wait_for_process and pipe_execv
rename check_status to wait_for_process, and export it; function
x
fix typo in obviously never used sysctl case
x
add functions `krb5_principal_get_realm' and
manpage
x
try to install links to manpages
x
add protocol compatible krb524 error codes
x
(krb524_convert_creds_kdc): don't test for keytype, the server will do
typo in previous
include k524_err.h
use krb5_storage to make it more dynamic
add generation number code
add generation number
x
use krb5_add_et_list
don't send more data than required
call krb5_get_init_creds_opt_set_default_flags
x
set renew-life to some sane value
move ticket conversion code to separate function, and call that from a
x
always include kaserver support
always include kaserver support
formatting changes
remove kaserver switches, it's always compiled in now
fix typo
x
remove priv parameter from write_safe_message; don't know why it was
x
make this compile without krb4 support
x
missed to commit these
x
add list of ignored addresses to context
add new `arange' fake address type, that matches more than one
initialise ignore_addresses
don't include client addresses that match ignore_addresses
(get_cred_kdc_la): treat no addresses as wildcard
(init_as_req): treat no addresses as wildcard
new manpage
address.c is no more; add a couple of manpages
now included in addr_families.c
x
use krb5_copy_addresses instead of copy_HostAddresses
x
remove v4 master key handling; remove old v4-db and ka-db flags; add
x
(read_master_mit): set_error_string
more set_error_string
x
move common code for opening the keytab to ktutil.c
add rename command
document rename
x
typo
don't open connection to server until we loop over the principals, at
x
some changes
(krb5_address_order): complain about unsuppored address types
x
add support for type KRB5_ADDRESS_ADDRPORT
x
increase line buffer to 8k
x
manual page
iff -d, set the SO_DEBUG flags of the stdout and stderr socket;
x
man page
add some compat flags
x
add an EXAMPLE
x
rshd.8
print help message on bad options
x
don't try broken auth if rresvport failed; try to give some more
x
(edit_entry): move setting of default values to a separate function,
prototype for set_defaults
call this operation "passwd" in usage
add "del" alias for delete
add a --use-defaults option to just use default values without questions
x
only register hdb-ops once
remove unused etypes code, and add parsing of the generation field
x
add comment
do something to handle C-c in prompts
return error code
(gsskrb5_register_acceptor_identity): init context and check return
x
add easier afs configuration, defaulting to the local realm in lower
(krb5_sockaddr_uninteresting): don't try to call uninteresting
x
x
fix some problems with previous
rewritten man page
x
test for getaddrinfo's that doesn't like numeric services
only complain about encryption flag when old authentication is
fix prototype for gssapi_krb5_init
x
(get_des_key): if getting a key for a server, return any des-key not
fix call to get_des_key
fix prototype for get_des_key
x
add test for non-existant in6addr_loopback in AIX
include a definition of in6addr_loopback if it doesn't exist
x
this is *shell*
AC_TR_CPP -> AS_TR_CPP to make autoconf 2.52 happy
x
implement -R
x
athena -> heimdal
x
use INCLUDE_des
try using "host" if there's no "ftp" principal
x
use LDADD directly
don't init srv_try_txt, since it isn't used anymore
remove srv_try_txt, fix spelling
do some checks of the values in the file
x
(krb5_free_context): free more stuff
also check libdefaults, and realms/realm
x
use appdefaults for everything. defaults are now as in kauth.
kauth is no more
remove references to kauth
some pretty much untested changes from Luke Howard
fix for broken automake
fix for broken automake
get v4_tickets by default
install kauth as a symlink to kinit
x
restrict is a keyword
x
add another undef ECHO to keep AIX lex happy
x
include util.h for pidfile
link with LIB_pidfile
x
check for termcap.h
x
replace MAXDROPLEN with MAXPATHLEN
x
(dataconn): don't wait forever on accept
x
make sure we don't include . in recursive listings
(hdb_set_master_keyfile): clear error string when not returning error
include freeaddrinfo if using getaddrinfo
x
(krb5_expand_hostname_realms): free addrinfo
(krb5_get_init_creds_keytab): free key proc data
more free's
x
real draft
(krb5_set_default_realm): make realm parameter const
add realm override option
x
also don't compress krb5 library, at least siacfg fails with
(krb5_425_conv_principal_ext): try using lower case realm as domain,
x
more va_* fixing; from Thomas Klausner
va_{start,end} fixes; from Thomas Klausner
x
(dns_srv_order): don't try to return a value
x
remove extra white space (from Thomas Klausner)
white space fixes (from Thomas Klausner)
add section to reference (from Thomas Klausner)
sort references (from Thomas Klausner)
some spelling from Thomas Klausner
some spelling from Thomas Klausner
make the syslog messages somewhat more informative
x
bail out if encryption has been requested but could not be enabled
use our own des string-to-key function, since the one from openssl
x
commit some forgotten changes
compare keytab types case insensitively
(krb5_kt_default_modify_name): if no modify name is specified take it
default default_keytab_modify to NULL
get the default keytab from krb5.conf, and list all parts of an ANY
x
(krb5_closelog): don't pass pointer to pointer (from Gombas Gabor)
(get_dbinfo): if there are database specifications in the config file,
only claim krb5 support if really present
print a more informative message than "done" after negotiating
x
we have to create our own param struct before marshaling
x
(emem_free): clear memory before freeing (this should perhaps be
implement add and remove
no need to use the "modify" keytab anymore
no need to use the "modify" keytab anymore
x
(krb5_get_err_text): protect against NULL context
x
actually use the correct key (from Daniel Kouril)
x
rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via rk_ROKEN (from
not used
make FILES section more standard
(akf_add_entry): don't create the file before we need to write to it
x
mini_inetd_addrinfo that takes an addrinfo instead of a port number
bump version
x
make this build without krb5
make this build without krb5; also use the addrinfo interface to
x
if we're not building with any kerberos support, just call read/write
don't show options that doesn't apply
x
make this build without krb5
include netgroup.h and rpcsvc/ypclnt.h
x
make this build without krb5
x
change confusing wording
reset signals to default, needed on solaris 8
x
(builtin_ls): return status; also don't print fatal error messages to
proto
if builtin_ls failes, return error
x
foo
clarify some acl wording, and add an example file
x
(gss_adat): if accept_sec_context fails, syslog a reason and give a
x
add forward (-f) option
add the GSS-API checksum type here
x
(find_etype): unsigned -> krb5_enctype (from Reinoud Zandijk)
remove non-functional stuff accidentally committed
x
(get_cred_cache): when getting the default_client from the cred cache,
x
rename ctime parameter to client_time
rename send parameter to send_data
fix an old cut-n-paste typo (via debian)
x
make sure gl_pathc != 0 before referencing gl_pathv
x
(krb5_crypto_init): check that the key size matches the expected length
x
(krb5_addlog_dest): reorganise syslog parsing
add some log checking
rename optind and optarg to avoid some gcc warnings
(append_number): make rep const
(ipv4_sockaddr2port): constify
(krb5_aname_to_localname): constify local variable
constify
constify some
(krb5_init_etype): constify
(krb5_get_init_creds_password): const qualify
constify
constify some struct members
(krb5_cc_register): don't make a copy of the prefix
(krb5_free_context): don't try to free the ccache prefix
(mcc_get_name): constify return type
(krb5_parse_name): const qualify
constify
remove unnecessary cast
constify
constify
make port_str const
constify
(get_pa_etype_info): sort ETYPE-INFOs by requested KDC-REQ etypes
x
(find_cells): make file parameter const
optionally remove __P and parameter names
include <sys/socket.h> to get socklen_t
make the krb5_storage opaque, and add function wrappers for
use KRB5_KT_END instead of KRB5_CC_END
storage tweaks; also try to handle zero sized keytab files
storage tweaks
storage tweaks
better align some headers
x
remove __P from protos, and put parameter names in comments
rename acl_string parameter
include <sys/file.h>
be more informative in the error message if SO_OOBINLINE fails
remove some stuff that is defined elsewhere
move mini_inetd protos to after addrinfo definition
x
fix typo in error string
x
make it clear that _lrealm modifies the principal
fix buffer overrun when receiving long replies
x
define BINDIR et al
use rk_DESTDIRS
x
(usage2arcfour): don't abort if the usage is unknown
x
use AC_HELP_STRING
OTP test
remove some duplicate tests
ndbm wrapper for newer db libraries
x
rework this somewhat; check for db3/4 in subdirs, change --with to
x
use AC_HELP_STRING
use AC_HELP_STRING; fix logic bug in AC_MSG_RESULT call
x
revert some accidentally commited code in previous
am_cond HAVE_*
only try to negotiate encryption if we're talking to a real telnet
x
use krb5_warn where appropriate
x
add command line switch for extra addresses
document -a
x
when decrypting pa-data, try all keys matching enctype
add tests for sha-{256,384,512}
don't free encrypted padata until we're really done with it
x
make it possible to redefine the "private" regexp
also install nodist_include_HEADERS
make it possible to run this twice
am-conditionalise HAVE_OPENSSL
remove old dbm part
use ndbm_wrap
add hooks for ndbm_wrap
x
recognise aix5
x
make separate library for test target; avoids libtool problem
just link mk_cmds against libsl; avoids libtool problem
x
newer automake doesn't allow redefining variables, so handle
LIBS is already set
move check-local target here since it's shared with krb4
move check-local target to cf/Makefile.am.common
set SUFFIXES with +=
use AC_LIBOBJ
ac_enable --diable-dynamic-afs
automake can't handle macros passed to AC_LIBOBJ, so add an alias to
s/AC_LIBOBJ/rk_LIBOBJ/
don't AC_LIBOBJ more than one function at a time
x
check db_type instead of precence of dbm_firstkey
fix ndbm test
x
[]-less is apparently the way to go
x
version number
x
update year
x
x
add missing semi in previous
fix for storage change
change \100 back to @; some m4's (probably some regex) doesn't like
x
only add to INCLUDES
check size of entry before trying to read 32-bit kvno; also fix typo
(krb5_cc_register): break out of loop when the same type is found;
x
make sure we return an error if there are no changepw hosts found
x
remove unused variable; reported by Hans Insulander
x
(display_tokens): don't bail out before we get EDOM (signaling the end
x
print a notice if the returned ticket life/renew is different from the
better handle continuation lines (from Aidan Cully)
x
add a flags parameter to the pop context
don't print our version in the greeting string
implement CAPA
use RESP-CODES
x
(krb5_print_address): don't copy size if ret_len == NULL
KADM5_SLAVE_STATS
handle slaves that come and go; add status reporting (both from Love)
x
add some cache-control-foo to the http responses (from Gombas Gabor)
don't use AC_PROG_RANLIB, and use magic foo to set LTLIBOBJS
x
if DATEDVERSION is set, change the version to current date
x
actually lower case the lower case instance name (spotted by Derrick
x
ENOENT -> HDB_ERR_NOENTRY (from Derrick Brashear)
x
newer openssl seems to take the address of the schedule parameter to
x
in unused code: pass file mode in call to open(); found by Martin Laubach
remove unused variable
v0.4
newer mkinstalldirs
libtool 1.4.2
newer
if the remote address isn't an addrport, don't try comparing to one;
x
(addr_to_string): check return value of sockaddr2address
x
rename dpagaix_LDFLAGS etc to appease automake
x
require autoconf 2.53; rename dpagaix_LDFLAGS etc to appease automake;
use sysconfdir
don't use ## in string concatenation
also define localstatedir and sysconfdir
x
just declare er_list directly instead of including com_right in
include <stdarg.h> to get va_list
include <stdarg.h> to get va_list
x
on second thoughts, move stdarg to krb5-protos.h
x
add ROKEN_RENAME variable
use $(ROKEN_RENAME)
roken_rename
add some code to print the read config file
don't write to buf if len == 0
allow the use of more than one config file by using the new function
allow changing config files with the function krb5_set_config_files,
allow parsing of more than one file
x
get the default keytab from KRB5_KTNAME
x
check return value of krb5_sockaddr2address
typo
x
fix various borked stuff in previous commits
(get_addrs_int): initialise res if SCAN_INTERFACES is not set
turn strings into pointers, so we can assign to them
generate kadm5-{protos,private}.h
rename header file flag macro
generated
x
(krb5_get_default_config_files): ignore duplicate files
x
just treat kdc.conf like any other config file
(kdc_openlog): no need for a config_file parameter
update protos
don't bail out if parsing of a file fails, just warn about it
define krb5_socklen_t type; this should really go someplace else, but
socklen_t -> krb5_socklen_t
include com_right.h
include <kadm5/private.h>
more renaming
generated headers
prefix these functions to avoid conflicts with other packages
add bug-report message
x
use argument-less AM_INIT_AUTOMAKE, now that it groks AC_INIT with
only define ROKEN_RENAME if do_roken_rename
x
add "-q -P comment" to header generation
add "-q -P comment" to header generation
use make to parse Makefile.am instead of perl
x
(display_tokens): increase token buffer size, and add more checks of
x
make this dtrt with AC_INIT
make the logic simpler, and handle dst_sz == 0
add some consistency checks
rename syslog_data to avoid name conflicts (from Mattias Amnefelt)
x
(verify_common): the nofail option is the logic inverse of the secure
(fail_verify_is_ok): correct inverted return value
x
add blurb about ap_req_nofail logic inversion
AI_NUMERICHOST needs special handling
damn typos
test for altzone
only use altzone if we have it
don't add comma after last enum member
remove unused variable
x
include stdio.h and roken.h
can't test for EAI_SERVICE here since AIX is even more fsck:ed
x
hmm, back out previous, since it was correct after all
correct documentation for verify_ap_req_nofail
emit ni sdrawkcab
x
use PACKAGE_TARNAME and PACKAGE_STRING
_res might not be available
x
don't put Ns before comma
test for _res
remove Ns before comma (from Thomas Klausner)
more, mostly whitespace, fixes from Thomas Klasusner
more ws
remove duplicate tests
HAVE_TYPE instead of CHECK_TYPE ssize_t
typedef ssize_t here
same with krb5_ssize_t
ssize_t -> krb5_ssize_t
move ssize_t before roken-common.h
(do_v4_fallback): don't use krb_get_pw_in_tkt2 since it might not
x
more krb5_ssize_t
test for more krb4 features
x
changes from 2001
uxp/v lacks _S_IFMT, but has S_IFMT
KRB_SENDAUTH_VLEN seems to always have existed, so don't define it
x
add blurb about adding and removing addresses; update kdc.conf section
x
we seem to call KRB5KDC_ERR_KEY_EXP KRB5KDC_ERR_KEY_EXPIRED, so define
use AS_TR_CPP
some rototilling
we may need a prototype for strndup
remove only reference to strndup
x
if motd is set in login.conf, output its contents before starting the
x
missing comma
x
use full month name
use full month name, and add LIBRARY section
add some disabled code to bail out if there is no parable config file
add LIBRARY section (partly from NetBSD)
we may need unistd.h for ssize_t
whitespace fix (from NetBSD)
(command): clean up va_{start,end}ing (from NetBSD)
x
test for dlopen suitable for AC_REQUIRE
restructure this somewhat
move NeXT SGTTY stuff here
move SGTTY stuff to read_pwd.c
move some stuff here and rename to irix.m4
rename to irix.m4
x
move telnet tests here
rename to rk_AIX
move ENDIANESS_IN_SYS_PARAM_H tests here
use rk_TELNET, rename some other macros, and don't add -ldes to krb4
add the possibility to use a *-config program to get flags; rename to
AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
don't add -rpath to LIB_readline (libtool should to this for us), also
try to extract the crypto compiler flags from {INCLUDE,LIB}_krb4
x
now empty
various sunos tests
x
move around sections (from NetBSD)
(dns_srv_order): do alignment tricks with the random() state (from NetBSD)
x
IRIX == 4 -> IRIX4
remove extra "Toggle"'s
add kerberos5_set_forward{,able} functions suitable for the command parser
kerberos5_set_forward{,able} protos
only register what forwarding options are asked for when parsing
proto for set_forward_options
add forward and forwardable toggle options, and call
kill some might be uninitialized warnings
rename functions to what they're really called
x
markup changes
maybe detach from console?
add detach options
invert detach flag meaning to lessen the confusion
use rk_SUNOS
x
x
add LIB_tgetent to LIB_readline if we have to
x
spelling (from Adrian Mrva)
add AP_OPTS_USE_SUBKEY
x
set AP_OPTS_USE_SUBKEY
(send_request): set AP_OPTS_USE_SUBKEY
(init_auth): set AP_OPTS_USE_SUBKEY
x
(init_context_from_config_file): simplify initialisation of srv_lookup
only set kdc_sec_offset if looking at an initial ticket
new function krb5_auth_con_generatelocalsubkey
we don't have enough information about whether to generate a local
generate a local subkey if AP_OPTS_USE_SUBKEY is set
we need to generate a local subkey here
x
back out 1.144, since it will re-create krb5-protos.h at build-time,
just get the length of the encoded authenticator instead of trying to
get rid of DES3_CBC_encrypt_ivec, just use zero ivec in
remove ENCTYPE_DES3_CBC_NONE_IVEC
remove ETYPE_DES3_CBC_NONE_IVEC
(unwrap_des3): use ETYPE_DES3_CBC_NONE
(wrap_des3): use ETYPE_DES3_CBC_NONE
x
add function krb5_crypto_getblocksize that extracts the required
(krb5_get_forwarded_creds): don't blindly use the local subkey
handle protocol version 2
x
revert to protocol v1 if not asked for specific protocol
x
(init_tgs_req): use in_creds->session.keytype literally instead of
document -P
x
add convenience macro that allocates a buffer and encoded into that
use ASN1_MALLOC_ENCODE
use ASN1_MALLOC_ENCODE
set AP_OPTS_USE_SUBKEY
use ASN1_MALLOC_ENCODE
we need a protocol version string
use krb5_err instead of sysloging directly, handle the new protocol,
handle new protocol
x
(parse_generation): return if there is no generation (spotted by
x
use res_nsearch if we have it (from Larry Greenfield)
test for res_nsearch
x
(init_tgs_req): init ret
x
(rtbl_destroy): free whole table
close ccache if we opened it
free some memory
x
(active_mode): no need to allocate buffer for EPRT
(gss_decode): release buffer
(sec_vfprintf): free encoded data
x
(krb5_vlog_msg): delay message formating till we know we need it
fix warning string
x
(krb5_authenticate): use subkey
x
change IRIX == 4 to IRIX4
only include modules explicitly asked for
x
rename to rk_AUTH_MODULES
don't try to build pam module
x
fix typo in previous
don't use LOG_CONS (from NetBSD)
update version number
fix res_nsearch call, but don't use it for now, AIX5 has a broken
x
x
(do_524init): free principals
remove some unneeded stuff
use AC_CONFIG_SRCDIR
add INCLUDE_des to cflags
subst INCLUDE_des
x
filter contents of LDFLAGS
move krb4 test before test for openssl, and bail out if krb4 is
x
we don't set package_libdir anymore, so no point in testing for it
change some lingering krb_err_base
include dep libraries in LIB_*
x
don't use NULL when we mean 0
use krb5_prompter_posix instead of calling des_read_pw_string directly
constify match_appl_version()
on second thoughts, back out previous
use m4 macros for test cases, also test for older hash names
x
move crypto test to just after testing for krb4, and move roken tests
crypto header generation tool
use make_crypto to create crypto-headers.h
use crypto-headers.h
don't need des.h here
include config.h before stdio.h (breaks with _FILE_OFFSET_BITS on
x
get limits.h for UINT_MAX
x
don't use function macros if possible
if we only have old hash names, we need to include functions here that
x
remove autom4ate.cache
remove extra "application"
remove unneeded Ns
x
fix rcsid
(doit_broken): call print_addr from parent process, and skip
check the processed string for closing ), not the source
x
(krb5_set_config_files): return ENXIO instead of ENOENT when
x
(kerberos5_is): check that the subkey is non-NULL
also try to use the session key (if this is really correct is beyond
(fkt_remove_entry): check return value from start_seq_get (from Wynn
x
(process_reply): fix reply length check calculation (reported by
x
check length of txt records
x
some ipv6 support (from Love)
x
more quoting
x
fix parsing of epsv ports (from Love)
x
(display_tokens): allow tokens up to size of buffer (from Magnus
x
check size of rlen
x
make sure life is positive (from John Godehn)
x
add option to disable kerberos 4 kadmin
properly close the open keytabs (from Larry Greenfield)
check that %-quotes are followed by two hex digits
x
don't allow trailing backslashes in components
(emem_store): limit how much we allocate (from Olaf Kirch)
more strcspn
(from Derrick Brashear): Propagating a large database without this
x
do a better job at matching headers to libraries
x
reinstate -n flag (from Torbjörn Granlund)
x
speling
speling (from Tomas Olsson)
(gssapi_krb5_verify_8003_checksum): check size of input
x
check return value from gssapi_krb5_init
bump COMMAND_SZ to NCARGS+1
x
move encrypt_v4_ticket to 524.c, since that's where it's used
implement crude b2 style (non-)conversion for use with afs
remove trailing comma in enum
clarify -x and kerberos 5
x
create a list of cells to get tokens for, before actually doing
x
try more files when trying to expand a cell name
manpage
add afslog manpage
x
remove plural form in help string
x
(init_socket): initialise sa_size to size of sockaddr_storage
(doit): initialise sa_size to size of sockaddr_storage
x
add --help
check return value from edit_deltat
(add_one_principal): don't continue if create_principal fails
(add_one_principal): check return value from edit_entry
(mod_entry): check return value from edit_entry
(get_response): print a newline if interrupted
remove old encrypt_v4_ticket prototype
(connect_host): pass size of thisaddr_ss to getsockname
x
res_nsearch takes 6 parameters; spotted by Howard Chu
x
free allocated storage; reported by Howard Chu
x
make VERSIONLIST a string instead of an array of strings
considerable clean up
x
login.access manual page
allow "welcome" as well as "motd" in login.conf
manpage for login
install man pages
x
(save_krb5_creds): if rd_cred fails, syslog a reason
print the used enctype for kerberos 5 keys
(krb5_print_address): make sure print_addr is defined for the given
x
2002
move 2002 to separate file
remove old drafts
(xyzprintf): recognise, but ignore, the linux(?) ' thousands grouping
file needs an @
add a -4 option
brief manpage
add a HISTORY section
x
work around problem with conditional += and some automakes
set NCARGS to 8k if undefined
x
fix for large file support in AIX, _LARGE_FILES needs to be defined on
x
don't directly use sockaddr_storage, since we can't always know what
x
(doit_{passive,active}): use kc->thataddr directly
x
(read_str): return allocated string
use ARG_MAX instead of COMMAND_SZ
use ARG_MAX + 1
use krb5_appdefault to get defaults for forward and encrypt
x
(v5_convert): better match what other functions do with values from
x
(krb5_replay_data): make usec signed (matching asn1)
initial man page
implement RET_SEQUENCE and RET_TIME
x
(krb5_us_timeofday): make the sec parameter a krb5_timestamp
x
(krb5_mk_rep): if the local sequence number is non-zero, don't
(krb5_build_authenticator): if the local sequence number is non-zero,
remove accidentally committed code that prints the command being
x
there is no \e escape sequence; replace everything with hex-codes, and
no checks here
x
need to use empty krb5.conf for some tests
x
change install-data-local to install-data-hook
x
don't call this 0.6* anymore
Fix encoding of "unsigned" integers. If MSB is set, we need to pad
x
can't have sequence.c in two different places
x
(gss_adat): fix name allocation bug
x
add -A as an alias for --no-addresses
document -A
x
put Nd argument in double quotes since it contains more than 9 words; from wiz
x
* don't ever print sign for unsigned conversions
x
manpage
x
-P also with KRB5
x
set free'd poiners to NULL
x
fix automake conditional foo
x
test for poll and poll.h
x
test for variable-length arrays
x
don't include discovered files in EXTRA_SOURCES; don't depend on
x
use $DATEDVERSION as version number
(doit): remove leftover sockets
document appdefaults/{forward,encrypt}
document -d
x
stuff to generate headerfile for roken
(pop_init): change call to authentication function, from a ?:
x
(print_tickets): bail out if krb5_cc_next_cred returns error other
implement locking
x
(erase_file): revert a change in previous; if the ccache is a symlink,
x
move automake options to configure.in, and depend on automake 1.7
old pk-cross foo
get branch from CVS/Tag
mkstemp formats must end in exactly six X's
x
Sleep forever waiting for lock. Previous method doesn't work well with
x
krb5_princ_realm -> krb5_principal_get_realm
krb5_princ_realm -> krb5_principal_get_realm
get capath info from [capaths] section
(krb5_domain_x500_decode): handle zero length tr data;
(krb5_decrypt_ticket): try to verify transited realms, unless the
(fix_transited_encoding): also verify with policy, unless asked not to
x
add flag to enforce transited policy
add flag to always check transited policy
always check transited policy if flag set either globally or on
document enforce-transited-policy
x
[capaths] section
ize->ise
fix capaths example
(fix_transited_encoding): always print cross-realm information
x
change enforce_transited_policy to a tri-state variable
change logic for when to check transited policy to a tri-state model
document recent changes
make sure that the server realm and the krbtgt second component are
x
document capaths section
x
add telnet -F option
x
strncasecmp returns integer so don't compare with NULL
reorder some options
include kafs.h if krb4 || krb5
reorder and document some options
(krb5_get_default_realm): let krb5_set_default_realm set an error
need to filter out if/else/endif too
add a bunch of Li and document [kadmin] password_lifetime; from Henry B. Hotz
x
parse_time manpage
protect the world from des_encrypt in crypt.h
x
allow wildcarding principals, and make parameters a work same as if
update manpage
x
Fix the cache flags bitorder issue with a storage flag instead of a
like AC_SYS_LARGEFILE, but also add to CPPFLAGS
x
use rk_SYS_LARGEFILE
add cred cache copy tool
x
(krb5_store_creds): set is_skey flag if length of second ticket is > 0
add --valid-for option
add more creds match flags
(krb5_compare_creds): add more matching options
add krb5_cc_next_cred_match() and krb5_cc_copy_cred_match()
replace krb5_free_creds_contents by krb5_free_cred_contents
move krb5_compare_creds to its own manpage
add krb5_compare_creds.3
krb5_cc_copy_cache_match now lives in libkrb5
x
(krb5_storage_from_fd): dup the file descriptor so we don't have to
x
try to resolve hostnames
allow parsing directly from strings with
x
print some diagnostics if the exec fails
x
(str2time_t): fix end-of-day logic, from Duncan McEwan/Mark Davies.
x
nuke kerberos 4 kadmin goo
x
remove traces of krb4, and update the date
if not local time set tm_isdst to 0
add -e (passed to rsh)
x
these do not need to be in the repository
add AUTH_SASL flag
recognise sasl auth level
if using SASL, don't allow plaintext USER/PASS
add SASL hooks
improved SASL support
SASL
x
fix license text
alloc memory to handle very long lines
x
s/void static/static void/
export sl_match
add simple command+option compiler
convert to use slc; also add stash subcommand
implement a bunch of stuff:
add protos and macros
x
(_krb5_get_init_creds_opt_copy): if copying a static opt, make sure to
mod needs default kvno of -1
replace "roken" hack with more generic flags
fix some protos
ebola in previous
remove extra prototype
add rtbl manpage
don't install copy_cred_cache manpage
add support for /* */ and partial line -- comments
move kadmin-commands.h from kadmin_locl.h so kadmind does not depend on it
make get -l the default again, and add column selection flag; sync
implement output column selection, similar to ps -o
document get -o and stash
x
(krb5_get_forwarded_creds): if the krbtgt is without addresses,
x
push local mode check to affected functions
check for local mode
note which functions only work in local mode
print error messages to stderr; change all in-string quoting to use "
add min_args/max_args checking
x
add min_args and max_args
this concludes the case of the missing braces
argument number checks are now done by slc
inline sl_loop so we can more easily get a useful exit status
rename -a "none" to "plaintext", also bail out if requesting
(pop_pass): put login code in separate function
proto
(auth_loop): actually logging the user in is a good idea
add sasl and add some more text to a few options
reverse help strings for --no-gss-bindings and --no-gss-delegate
x
add --detach
x
if a .k5login file exist, don't give implicit rights to anyone; also
update to reality
x
replace AC_HELP_STRING with AS_HELP_STRING
replace INCLUDES with AM_CPPFLAGS
replace AC_TRY_COMPILE with AC_COMPILE_IFELSE
replace AC_TRY_LINK with AC_LINK_IFELSE
replace AC_TRY_COMPILE with AC_COMPILE_IFELSE
replace AC_TRY_LINK with AC_LINK_IFELSE
change AM_CONFIG_HEADER to AC_CONFIG_HEADERS, and remove AC_PROG_CC_STDC
replace AC_TRY_RUN with AC_RUN_IFELSE
replace AC_TRY_CPP with AC_PREPROC_IFELSE
LTLIBOBJS is handled automatically by autoconf these days
replace INCLUDES with AM_CPPFLAGS
correct some AC_LANG_SOURCE/AC_LANG_PROGRAM snafu
always clean generated headers
x
no need to declare __progname here
HAVE_FOO_DECLARATION -> HAVE_DECL_FOO
replace AC_CHECK_DECLARATION with standard AC_CHECK_DECL(S)
remove unused variable
add message to NOOP result to appease gcc
x
move extern decl out of function
remove const from argument list passed to execv
need AC_LANG_PROGRAM here
mmm, more filling, er quoting.
use krb5_appdefault_boolean instead of krb5_config_get_bool
x
make sure we don't always get renewable creds
x
move keepalive setting to after setting up sockets
if we don't have an errsock, dup stdout to stderr (this would normally
(init_ivecs): if we don't have an errsock the ivecs should point to
fix proto
(loop): pass errsock status to init_ivecs
rename loop() to rsh_loop()
pass errsock status to init_ivecs
rename loop to rshd_loop
x
add --detach
(krb5_format_time): check return value from localtime and strftime
(write_stats): use krb5_format_time
one more
add support for "strings" and "negative-flag" types, plus some
x
check /Library/Preferences/edu.mit.Kerberos on OSX
add help strings to some options
x
use rtbl
x
slc source file
convert to slc; warn if resetting disallow-all-tix
convert to slc
convert to slc; don't purge keys older that a certain time, instead
note change in purge
add slc glue
x
(ihave): use krb5_write_priv_message
use rtbl_set_separator
x
euthanise {get,set}_progname
(tgets): return whatever fgets returns
(do_getticket): check client max_life
(do_version4): check client and server max_life
x
(do_version4): fix stupid error in previous
implement a parser for limits.conf
read limits.conf (from /etc/security by default, overridable in
template for limits.conf
x
limits_conf.c
document limits.conf
x
(putf): %t: the regular and streamspty case are functionally
x
check the user's ~/.k5login.d directory for access files, all of which
x
put address comparison in separate function
x
(start_login): set encryption pointers to NULL, so we don't try to do
x
am_conditional have_cgetent
x
eliminate duplicates
test for read_environment()
add test_readenv
only link with dblib if we need it
x
(sigterm) set exit_flag to signal causing exit; (main) trap SIGXCPU
log signal causing exit
x
punctuation
rename sendlength to prependlength (which hopefully better represents
x
add -x (encrypt) option
if doing command line encryption (-x), ignore prot commands in .netrc
add -x (encrypt) option; implement cprotect (from MIT); make sure we
implement cprotect (from MIT)
document -x
x
remove dump_config as there's a --dumpconfig for verify_krb5_conf now
remove newline from syslog string
log successful logins
x
(kerberos5_is): also syslog all messages printed in auth_debug_mode
rename foo to ap_msg
fix reversed logic when deciding to print tty or not
x
(verify_unix): if su:ing to root, check that user is a member of group
if su:ing to root, check that user is a member of group "wheel"
(pass): remove unused variable in the !OTP case
x
unused
(krb5_start_session): syslog failures to store cred cache
x
use table lookup for types instead of inline list
fix grammar in --no-insecure-oob option
grammar (from Thomas Klausner)
x
remove cartouches - we don't use them anywhere else, they should be
x
spelling
fix html subscript macro
spelling
more spelling
texinfo-multiple-files-update
remove email addresses (no real reason to keep them here)
use exactly six X:es with mkstemp
replace u_intN_t with uintN_t
(krb5_store_uint16): change parameter to match function name
change some casts from unsigned to signed types
Ken'ichi Kamada (1):
use the correct server name for logging.
Love Hörnquist Åstrand (12446):
Split out Kerberos 4 help functions/structures so other parts of the
export encode_v4_ticket() and get_des_key() even when we build without
move out krb/524 protos from under #ifdef KRB4
always compile in support for 524
always include kerberos4.c and 524.c in kdc_SOURCES to support 524
*** empty log message ***
(_hdb_fetch): handle error code from hdb_value2entry
x
(krb5_keytype): add KEYTYPE_AES128, KEYTYPE_AES256
add checksum and enctype for AES from draft-raeburn-krb-rijndael-krb-02.txt
soon replaced draft
add extra `opaque' argument to string_to_key function for each enctype
(struct encryption_type): split the blocksize into blocksize and
Add support for AES (draft-raeburn-krb-rijndael-krb-02), not enabled
add aes-test.c
write more about [realms] REALM = { kdc = ... }
*** empty log message ***
*** empty log message ***
(kt_copy): remove adding verbose_flag to args struct, since it will
(kt_get): make getarg usage consistent with other other parts of ktutil
x
document -v, --verbose
x
spelling
spelling, from Jason McIntyre <jmc at cvs.openbsd.org>
*** empty log message ***
more text about afs, how to get get your KeyFile, and how to start use
move out the generic asn1/der functions to a common file
move generic asn1/der functions from check-der.c to here
add Principal check
add check-gen
*** empty log message ***
quote @ where missing
add [kdc]use_2b
(encode_524_response): its 2b not b2
*** empty log message ***
x
spelling
(_krb5_aes_cts_encrypt): make key argument a 'const void *' to avoid
(syslogvals): mark up where severity and facility start resp
(check_section): when key isn't found, don't print out all known keys
(find_all_addresses): address-less point-to-point might not have an
in the hprop example, use hprop and the first component, not host
add checks for Authenticator too
check for compatiblity with other heimdal's 3des get_mic/verify_mic
(gss_accept_sec_context): check if we need compat for older get_mic/verify_mic
add gssapi COMPATIBILITY documentation
add gssapi.3 and compat.c
(more_flags): add COMPAT_OLD_DES3
add prototype for _gss_DES3_get_mic_compat
(init_auth): check if we need compat for older get_mic/verify_mic
(mic_des3): fix 3des get_mic to conform to rfc (and mit kerberos),
(verify_mic_des3): fix 3des verify_mic to conform to rfc (and mit
x
(kadmind_dispatch): kadm_chpass: require the password to pass the
*** empty log message ***
x
documentation for of boolean, etypes, address
add missing .
s/databases/a database/
*** empty log message ***
spelling, from jmc <jmc at prioris.mini.pw.edu.pl>
spelling, from jmc <jmc at prioris.mini.pw.edu.pl>
*** empty log message ***
x
use syscall 208 on openbsd (all version)
*** empty log message ***
make sure $1 is a directory
some autoconf put their version number in autom4te.cache, so remove
add copyright/license statment
x
add a check if the variable is avaible when we include the headerfiles
*** empty log message ***
add AM_MAINTAINER_MODE
*** empty log message ***
s/intialize/initialize, from <jmc at prioris.mini.pw.edu.pl>
*** empty log message ***
x
(init_auth): only generate one subkey
x
s/utilize/use/
s/utilizes/uses/
*** empty log message ***
use readlink with bufsize - 1, From NetBSD
s/securly/securely/ from NetBSD
remove \n from warnx, from NetBSD
*** empty log message ***
remove \n from errx, from NetBSD
x
all 0.5.x version had broken token delegation
(do_delegation): remove unused variable subkey
*** empty log message ***
x
(gss_inquire_context): rename argument open to open_context
(gss_inquire_context): rename argument open to open_context
x
x
use full prototype for main
use struct units instead of units
(krb5_context_data): add default_cc_name
(krb5_cc_set_default_name): new function
(init_context_from_config_file): set default_cc_name to NULL
test some krb5_cc_default_name/krb5_cc_set_default_name combinations
(libkrb5_la_LDFLAGS): bump minor
(main): handle that krb5_cc_default_name can return NULL
*** empty log message ***
add copyright/licenses on more manpages
x
document krb5_verify_opt* and krb5_verify_user_opt
document krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
document krb5_kuserok
document krb5_ccache and krb5_cc functions
add more functions
x
spelling, from cizzi at it.su.se
(man_MANS): += krb5_ccache.3
spelling, from cizzi at it.su.se
(man_MANS): += krb5_kuserok.3
*** empty log message ***
document types krb5_address and krb5_addresses and their helper functions
(man_MANS): += krb5_address.3
fix krb5_addr2sockaddr description
add krb5_address stuff and sort
x
check if the output of compile_et needs initialize_error_table_r
x
(krb5_cc_default): if krb5_cc_default_name returned memory, don't return ENOMEM
fix prototype, spelling and more text describing the function
(krb5_kuserok): preserve old behviour of function and return FALSE
x
add missing name of argument (krb5_context) to most functions
(gss_auth): print out the name we authenticated too
x
x
add krb4 into the most error messages written to the logfile
x
changed configuration file -> restart kdc
. -> .\n
x
better/difrent english
the gssapi api manpage
man_MANS += gss_aquire_cred.3
rename
s/gss_aquire_cred.3/gss_acquire_cred.3/
x
krb5.h isn't in krb5 directory in heimdal
add reference to source code, binaries and the manual
add LIST OF FUNCTIONS and copyright/license
x
add Cizzi Storm since she make english of the texts that I give her
comment out the argument names
add prototypes for gss_oid_equal and gss_verify_mic_internal
(import_export_name): new function, parses a GSS_C_NT_EXPORT_NAME
(gss_export_name): export name with GSS_C_NT_EXPORT_NAME wrapping, not
(gss_ctx_id_t_desc): store the lifetime in the cred, since there is no
(gss_indicate_mechs): use gss_create_empty_oid_set and gss_add_oid_set_member
(gss_accept_sec_context): take care to set export value to something
(gss_inquire_cred): take care to set export value to something sane
(gss_inquire_context): set lifetime_rec now when we know it, set minor_status
(gss_duplicate_name): set minor_status
(gss_display_status): use gss_oid_equal, handle supplementary errors
(gss_display_name): set minor_status
(gss_delete_sec_context): set minor_status
(gss_create_empty_oid_set): set minor_status
(gss_krb5_copy_ccache): set minor_status
(gss_context_time): set minor_status
(check_compat): make sure ret have a defined value
(gss_compare_name): set minor_status
(gss_add_oid_set_member): set minor_status
(gss_release_cred): set minor_status
(gss_release_name): set minor_status
(gss_release_oid_set): set minor_status
(gss_test_oid_set_member): use gss_oid_equal
set minor_status
(gss_verify_mic_internal): rename verify_mic to
make sure minor_status get set
(gss_release_buffer): set minor_status
take care to set export value to something sane before we start so
(gss_import_sec_context): add error checking, pick up lifetime (if
set minor_status
send lifetime, also set minor_status
(gss_acquire_cred): more testing of input argument, make sure output
implement gss_add_cred
implement gss_inquire_cred_by_mech
implement gss_inquire_mechs_for_name
implement gss_inquire_names_for_mech
implement gss_process_context_token
now that we have a functions, uncomment the missing ones
(libgssapi_la_LDFLAGS): bump to 3:6:2
x
(krb5_cc_get_ops): new function, return ops for a id
x
document krb5_cc_get_ops, add more types, add krb5_fcc_ops and
(KRB5_KT_PREFIX_MAX_LEN): max length of prefix
(krb5_kt_get_type): get prefix/type of keytab
add documention for krb5_kt_get_type
s/entype/enctype/, from Igor Sobrado <sobrado at acm.org> via NetBSD
x
Manpage for krb5_free_host_realm, krb5_get_default_realm,
add manpages from krb5_set_default_realm.3
x
(gss_adat): now that gss_export_name exports a principal, bandaid with
x
x
add more ietf work
(man_MANS): add krb5_set_default_realm.3
text about gss_display_name
x
s/KRB5_USEROK/KRB5_KUSEROK/
manpage for krb5_aname_to_localname
x
(man_MANS) += krb5_aname_to_localname.3
x
524 is independent of kerberos 4, so move out enable_v4_cross_realm
524 is independent of kerberos 4, so move out from #ifdef KRB4
x
x
add _krb5_krb_life_to_time
add prototypes for kafs_settoken_rxkad and kafs_settoken5
x
include krb5-v4compat.h if needed, define an internal structure struct
move kafs_settoken here
(kafs_settoken5): new function, inserts a krb5_creds into kernel
(kafs_settoken_rxkad): move all content kerberos version from
expose the krb5 functions
fix c
always build the libkafs library now that the kerberos 5 can stand on
x
x
make build without KRB4
always build afsutils now
--no-v4, --no-v5
x
x
(kafs_settoken5): change signature to include a krb5_context
(kafs_settoken5): change signature to include a krb5_context, use v5_convert
list supported mechanism and nametypes
x
(LDADD): use LIB_kafs
always define LIB_kafs
INCLUDES: -I$(srcdir)/../lib/krb5
x
(krb5_start_session): krb5_afslog doesn't depend on KRB4 any more
x
always include kafs
always try krb5_afslog, and while here do a setpag too
(main): set afs PAG
revert previous delta
drop setpag
if there is kerberos 5, call krb5_afslog\*
also need pag_set
x
always include kafs.h
do krb5_afslog when compling with afs support
(krb5_verify): always do krb5_afslog, remove setpag (its done in main)
x
add names of pop states, add some more debugging and use
x
document the kafs_settoken functions
x
(main): make sure we don't consider dead slave for select processing
x
document v1 interface (and that they are obsolete)
x
x
spelling, from <jmc at prioris.mini.pw.edu.pl>
. means new line
spelling, from <jmc at prioris.mini.pw.edu.pl>
x
(krb5_get_init_creds_password): if prompter is NULL, don't try to ask
x
document krb5_data
(man_MANS): += krb5_data.3
x
sort in krb5_data functions
update .Dd
(c) year update
fixed a couple of gssapi issues
0.6pre1
sneek in a test for arcfour-hmac-md5
add another arcfour test
x
write more about how the ccache argument should be inited when used
x
add krb5_free_data_contents for compat with MIT API
add krb5_free_data_contents.3
spelling and add `Configuring AFS clients' subsection
x
update 2b example to match reality (from mattiasa at e.kth.se)
x
libkafs is always built now, lets include it
x
(krb5_kt_get_entry): avoid printing 0 (wildcard kvno) after principal
x
(krb5_enctype_keysize): return key size of encyption type, inspired by
(hdb_unseal_keys_mkey): truncate key to the key length when key is
x
x
(usage2arcfour): map KRB5_KU_TICKET to 2, rom Harald Joerg <harald.joerg at fujitsu-siemens.com>. (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
x
(as_rep): when the second enctype_to_string failes, remember to free
x
(appdefaults_entries): add afslog and afs-use-524
x
add missing @
add description on how to turn on v4, 524 and kaserver support
x
principal, not pricipal. From Thomas Klausner <wiz at netbsd.org>
x
initialises -> initializes, from Perry E. Metzger" <perry at piermont.com>
x
afs->AFS, from jmc <jmc at acn.waw.pl>
x
(kt_change): collect all principals we are going to change, and pick
(kadm_connect): if a context realm was passed in, use that to form the
x
(krb5_DES_AFS3_CMU_string_to_key): used p1 instead of the "illegal"
x
add test for krb5_aname_to_localname
(noinst_PROGRAMS): += test_alname
(krb5_aname_to_localname): when converting too root, make sure user is
more krb5_aname_to_localname tests
x
s/gssapi/GSS-API/
in the case where se don't link with kerberos 4, use
x
sunOS -> SunOS, from jmc <jmc at prioris.mini.pw.edu.pl>
x
check if libcrypto needs -lnsl or -lsocket
x
simple gss_acquire_cred test
build test_acquire_cred
test gss_add_cred too
(gss_add_cred): don't create a new ccache, just open the old one;
(acquire_initiator_cred): if the requested name isn't in the ccache,
x
0.6pre2
remove stuff that sneaked in with last commit
x
spelling
x
x
s/kerberos/Kerberos/
x
about 0.6, also add 0.5.[12]
typos, from jmc <jmc at acn.waw.pl>
x
spellings, from jmc <jmc at prioris.mini.pw.edu.pl>
spelling, from jmc <jmc at prioris.mini.pw.edu.pl>
x
Check the cell part of the name, not the realm part when checking if
add INCLUDE_krb4 when using krb4, add INCLUDE_des when using krb5,
x
tell that cell-name is uppercased
x
(kafs_data): add name
(krb_afslog_uid_home): set name
(get_cred): handle that inst can be the empty string too
(kafs_set_verbose): add function that (re)sets the logging function
document kafs_set_verbose
drop in-lining strupr.c from roken, its no longer used
(ROKEN_SRCS): drop strupr.c
(libkafs_la_LDFLAGS): update version
set kafs log function if verbose is turned on
x
spell
(GetPasswd): cast argument to isprint to unsigned char
x
case argument to toupper to unsigned charm,
cast argument to tolower to unsigned char,
cast argument to toupper to unsigned char,
cast argument to tolower to unsigned char,
x
x
spelling
x
(socket_set_tos): if setsockopt failed with EINVAL failed, just ignore
x
test build many combinations of kth-krb/heimdal/openssl
0.6pre3
fix some more memory leaks
x
print hostname and uname
try to find a gzip/gunzip program
spelling, from Thomas Klausner <wiz at netbsd.org>
x
Change .Fd #include <header.h> to .In header.h
spelling
x
make sure argument to is* functions are unsigned
x
use strlcpy, from openbsd
s/strcat/strlcat/, inspired from openbsd
(krb5_aname_to_localname): use strlcpy, from openbsd
(srv_find_realm): use strlcpy, from openbsd
add missing variable from last commit
use strlcat/strlcpy, from openbsd
do strdup again, we desupport ultrix
use strlcat/strlcpy, from openbsd
x
use strlcpy, from openbsd
x
build with strlcat strlcpy
rename strlcat, strlcpy
x
remove typedef for units to avoid problems with shadowing
x
(kafs_set_verbose): add prototype
(print_entry): check return values from krb5_data_alloc
x
x
check return values from krb5_data_alloc
x
add krb5_get_err_text
x
spelling, from jmc <jmc at prioris.mini.pw.edu.pl>
x
include <limits.h>
better/diffrent
add --version and --help
use a more unique name then ratatosk so that other (me) have such
x
make test work again
improve even more
disabled building is not a failure
fix post tests for heimdal w/o krb4 + openssl
remove strcpy/sprintf
remove sprintf
(copy_general_string): use strdup
x
make make_check_version work
move failure testing into build function
0.6pre4
replace > with \*[Gt]
replace <,> with \*[Lt],\*[Gt]
replace > with \*[Gt]
x
copy NUL too, from janj at wenf.org via openbsd
copy NUL too, from janj at wenf.org via openbsd
x
update copyright
update copyright years
add ETYPE-INFO2 and ETYPE-INFO2-ENTRY
x
test_acquire_cred_LDADD: use libgssapi.la not ./libgssapi.la (make make -jN work)
x
add compat mit krb5_c checksum related functions
document krb5_c_ checksum related functions
add krb5_c_ checksum related functions
x
(default_etypes): also advertise that we handle aes encryption types
drop the int argument (the error code) from the logging function
(log_func): drop the error number
x
s/managment/management/, from jmc <jmc at prioris.mini.pw.edu.pl>
x
(libgssapi_la_LDFLAGS): update major version of gssapi for
x
(gss_krb5_compat_des3_mic): new function, turn on/off des3 mic compat
(gss_krb5_compat_des3_mic): enable turning on/off des3 mic compat
document gss_krb5_compat_des3_mic
x
(gss_krb5_compat_des3_mci): return a value
document [gssapi]correct_des3_mic [gssapi]broken_des3_mic
x
if lifetime of context have expired, set time_rec to 0 and return
document gss_context_time
x
more about name type and access control
x
more about difference between comparing IN and MN
x
unexport krb5_PKCS5_PBKDF2
use _krb5_PKCS5_PBKDF2
(v4_prop_dump): limit strings length, from openbsd
x
include kafs.h in the krb5 case
x
document krb5_enctype_to_string and krb5_string_to_enctype
add krb5_enctype_to_string and krb5_string_to_enctype
(verify_mic_des3): always check if the mic is the correct mic or the
x
more about the des3 mic mess
always includes kafs now that its built
x
(_kadm5_set_keys_randomly): add ETYPE_AES256_CTS_HMAC_SHA1_96 key when
x
fix text about gssapi compat
x
add cross realm text
x
add missing word
text about applications using kerberos
add applications
move afs stuff to applications
add move forward link to applications
(heimdal_TEXINFOS): add apps.texi
gen_files += asn1_ETYPE_INFO2.x and asn1_ETYPE_INFO2_ENTRY.x
don't fail when AM_INIT_AUTOMAKE isn't found
when fixing a valid cvs tag from release name replace all number. to
x
(make_pa_enc_timestamp): make sure first argument to krb5_us_timeofday
x
if __cplusplus, wrap the extern variable (just to be safe) and
x
do afslog in the krb5 case too
always include auth.c
always include kauth.c
include afslog in both the krb4 and krb5 case
x
x
inline COMPILE since (modern) automake doesn't add it by itself for some reason
x
print tokens even if there isn't v4 support
x
get token even if there isn't v4 support
destroy tokens even if there isn't v4 support
x
check that first line doesn't contain a name operatingsystem
x
add ChangePasswdDataMS, for RFC3244
(gen_files): asn1_ChangePasswdDataMS.x for RFC3244
password changeing protocol à ms
implement rfc3244, partly from shadow at dementia.org
document krb5_change_password and krb5_set_password
use krb5_set_password
document --admin-principal
add krb5_change_password and krb5_set_password
x
update c
some define for rfc3244
x
draft-ietf-cat-kerb-chg-password-02 and rfc3244 share the response packet
x
ooops, remove cut and paste error
handle setting passwords for multiple principals at the same time
setup -> set up, new sentence, new line
x
uppercase url, from Thomas Klausner <wiz at netbsd.org>
fix mdoc problem, from netbsd
support afslog <cell> and afslog when compiled with krb5
add RCSID
add SYNOPSIS and LIBRARY
add copyright/license
x
spelling, from netbsd
compatability -> compatibility, from netbsd
sort sections, from netbsd
add .Os, from NetBSD
.Sh EXAMPLE -> .Sh EXAMPLES, mdoc fixes, from netbsd
.Sh EXAMPLE -> .Sh EXAMPLES, sort sections, from netbsd
.Sh EXAMPLE -> .Sh EXAMPLES, from netbsd
sort sections, from netbsd
x
(recv_conn): if getnameinfo failes, send error to client (and syslog)
x
(recv_conn): get sizeof of the sockaddr_storage, not the sockaddr pointer
(recv_conn): pass pointer to sockaddr, not pointer to pointer
x
Add all Kerberos principal function to one manpage, add a few more
x
wrapper macros for thread synchronization primitives
include heim_threads.h
protect the mcc_head with a mutex
protect the random initiator with a mutex
x
test gss_add_cred more then once
add missing argument to mutex_init
x
fix errors found with mdoclint
-= add parser/generate glue for UTF8String and NULL
(typetype): sort
draft-ietf-krb-wg-kerberos-set-passwd-00.txt
add missing structures
s/FROM KERBEROS5/FROM krb5
document argument lifetime_rec to function gss_inquire_context
- do some basic locking (no reference counting so contexts can be
x
(gss_userok): remove poking inside the delegated handle
(gss_adat): remove poking inside the delegated handle, also fixes
(gss_userok): release delegated cred handle
(proto): comment out gss_ctx_id_t groveling for now
(proto): start to use gss_krb5_copy_ccache
*** empty log message ***
x
x
document diffrences between mit and heimdal krb5_cc_gen_new
pacify mdoclint
x
pacify mdoclink
remove again, not yet
revert previous
(LDAP__connect): bind sasl "EXTERNAL" to ldap connection
x
some more mdoc fixes
add manpage for: krb5_get_in_cred, krb5_get_in_tkt,
x
make sure minor_status is always set, pointed out by Luke Howard <lukeh at PADL.COM>
(gss_context_time): remove unused variable
(init_auth): if the cred is expired before we tries to create a token,
(gss_aquire_cred): make sure time is returned in seconds from now, not
(gss_accept_sec_context): make sure time is returned in seconds from
sequence number checks, order and replay
(libgssapi_la_SOURCES): add sequence.c
add prototypes for sequence.c
x
(sub_wrap_size): gss_wrap_size_limit() has req_output_size and
Point out that slave needs /var/heimdal directory and masterkey
x
x
check rollover, print summery
prefix glob symbols with rk_
x
export and rename encode_om_uint32/decode_om_uint32 and start to use them
don't clear output_token twice
remember to free data
destroy sequence number verifier
prototypes for gssapi_{encode_om_uint32,decode_om_uint32}
add sequence number verifier
remove unused function, indent, add gssapi_msg_order_f that filter gss
reorder code so sequence numbers can can be used
x
add _krb5_AES_string_to_default_iterator
add krb5_{de,en}code_ETYPE_INFO2
all this is documented in krb5_address.3
(man_MANS): drop krb5_free_addresses.3
remove freebsd comment, don't use debug pthread stubs by default
x
use int2HDBFlags/HDBFlags2int
add more kdc's to the example
add aes256 test vectors from Ken Raeburn
clean up AES code to use a structure instead of a key array
add a test for aes kcrypto encrypted data
x
(v5_convert): rename one of the two c to cred4
x
make the aes and sha1 checksum types match draft-ietf-krb-wg-crypto-05
x
implement krb5_set_real_time, used by SAMBA, requested by Luke Howard <lukeh at PADL.COM>
(krb5_set_real_time): fix comment and make it work
(krb5_mk_error): pass in a krb5_timestamp to krb5_us_timeofday
(krb5_get_forwarded_creds): pass in a krb5_timestamp to krb5_us_timeofday
improve comment for krb5_set_real_time
improve krb5_set_real_time text
x
add missing " within #if 0, from stefan sokoll <stefansokoll at yahoo.de>
fix off by one in the aes case, pointed out by Ken Raeburn
x
(make_keys): add aes support
x
(_krb5_krb_tf_setup): create/append v4 credential to a new krb4
add _krb5_krb_tf_setup
write out v4 credential caches with _krb5_krb_tf_setup
(krb5_mk_req_internal): when using arcfour-hmac-md5, use an unkeyed
add struct hdb_so_method and HDB_INTERFACE_VERSION
Dynamic backend loading, based on patch from Luke Howard <lukeh at PADL.COM>
x
(find_dynamic_method): if there isn't a prefix, don't load anything
x
(main): add missing ``if (ret)''
x
Add probing from the server that the client is still there, also make
x
(krb5_cc_clear_mcred): new function, clear a krb5_creds to use with
document krb5_cc_clear_mcred
(init_tgs_req): in case of error, don't free in the req_body addresses
(krb5_to4): use krb5_cc_clear_mcred
(proto): use krb5_cc_clear_mcred
(check_for_tgt): use krb5_cc_clear_mcred
(verify_krb5): use krb5_cc_clear_mcred
x
XXX inline COMPILE since automake wont add it
x
AIX have broken res_nsearch() in 5.1 (5.0 also ?)
x
avoid unnecessary setting of variable
unconditionally set KRBTKFILE
x
(do_afslog): is cell is unset, set it "<default cell>" for error printing
x
prefix typedef\'s and structs with heim_
prefix libasn1 types with heim_
x
(krb5_compare_creds): if client is specified in the mcreds, check that too
don't return value in void function
x
(LDAP_store): log what principal/dn failed
(hdb_create): check for dynamic backend after static to avoid warning
update pointer to luke ldap documentation
x
first version of krb5_c encryption glue
krb5_c encryption glue
(wrapped_length/wrapped_length_derived): when calculating the length
x
add test for krb5_c_encrypt_length and krb5_c_decrypt
support passing in NULL as the cipher_state/ivec
add krb5_c_ functions
document --gss-bindings
(args): add gss-bindings
(args): add gss-bindings
Optionally support gss bindings, client does it by default, server not.
document --no-gss-bindings
fix mdoc bug
add ftp_do_gss_bindings
x
x
add missing prototype and missing .Ft arguments
x
add krb5_enc_data
avoid redefining OPENSSL_DES_LIBDES_COMPATIBILITY
(krb5_crypto_getenctype): new function
x
update krb5_c_get_checksum usage
(krb5_c_get_checksum): make type and data argument optional
x
(krb5_checksum_is_keyed): only set extented error string when there is a context
(krb5_cksumtype_valid): check is checksum type is a valid one
add some more krb5_c functions
add ticket access functions
x
(ETYPE-INFO2-ENTRY): salt is a KerberosString
(gen_files): add asn1_KerberosString and sort
pthread test
x
use KRB_PTHREADS
adding RWLOCKS and [sg]etspecific
enable pthread if != no
only enable netbsd thread support if ENABLE_PTHREAD_SUPPORT is defined (so it can be disabled)
Provide locking around the creation of the global krb5_context. Add
use thread specific storage to set/get the kerberos error message
Add destruction/creation prototypes and structure for the thread specific storage.
(repl_mutual): don't set kerberos error where there was no kerberos error
x
make thread local storage macros take a "return" argument so no
make the non-debug version of the mutex macros "use" the "mutex"
some information about krb5_keyblock and related functions
(man_MANS): += krb5_keyblock.3
(krb5_keyblock_get_enctype): return enctype of keyblock
x
provide dummy krb_ function to there is no need to bump major
always include v4 symbols
x
x
add aes support
x
(hmac): make it return an error when out of memory, update callsites
x
add support for KRB5_PADATA_ETYPE_INFO2
(read_v4_entry): the des key is 8 bytes, use a char array instead of des_cblock
(receive_everything): switch close and rename
x
(krb5_cc_set_default_name): only read KRB5CCNAME when not suid
x
indent
remove duplicate manual, from cjep at netbsd.org
x
check if compile_et support ``error_table N M''
x
when building DATEDVERSION, just ignore operating system tags in manpages
(unparse_name): make sure there are space for a NUL, set *name to NULL
x
x
(unparse_name): len can't be zero, so, don't check for that
x
use default_keys for the both random keys and password derived keys if
x
(*): handle krb5_unparse_name returning non-zero
(init_tgs_req): make generation of subkey optional on configuration parameter
split generated source from non generated source we make-proto.pl can
remove trance of generate tests files, its not really for consumption yet
remove stuff more stuff that sneeked in with last commit
don't try doing local checks if CHECK_LOCAL is set to no-check-local
x
(CHECK_LOCAL): set to no-check-local
Don't do local checks on xnlock, it only passes if there is a working
x
document tgs_require_subkey
x
(krb5_get_in_tkt): for compatibility with with the mit implemtation,
x
begining of documentation of krb5_get_init_creds
man_MANS += krb5_get_init_creds.3
x
these function will be deprecated
x
(as_rep): remove usused variable
(init_socket): sockaddr size argument to krb5_addr2sockaddr is a
(configure): remove only set variable 'e'
please lint (and me)
x
(main): make sure current_version is initialized
(_kadm5_set_keys_randomly): remove dup return
x
(read_master_mit): krb5_ret_int16 takes a int16_t as argument
(gss_acquire_cred): 4th argument to gss_test_oid_set_member is a int
sa_size argument to krb5_addr2sockaddr is a krb5_socklen_t
(check_compat): avoid leaking principal when finding a match
x
x
(print_time): time is returned in seconds from now, not unix time
add krb5_prepend_config_files and krb5_prepend_config_files_default
check krb5_prepend_config_files_default and krb5_prepend_config_files
(main): use krb5_prepend_config_files_default, now all options in
x
break out extensions and document gsskrb5_register_acceptor_identity
Do the arcfour checksum mapping for krb5_create_checksum and
x
x
wrap gssapi stuff with KRB5
XXX don't use "plain" pthread support on netbsd
include aes.h inc in the local libdes case too
(print_entry_terse): handle error when unparsing name
x
s/UTF8String/heim_utf8_string/ in generated code
spelling
don't prefix the pretty printer with heim_
add krb5_crypto_get_checksum_type
(krb5_crypto_get_checksum_type): fix format string
document krb5_crypto_get_checksum_type
text about when krb5_crypto_get_checksum_type is useful
x
(grow_descr): increment the size after we succeed to allocate the space
x
(handle_tcp): handle recvfrom returning 0 (connection closed)
x
(krb5_crypto_getpadsize, krb5_crypto_getconfoundersize): added
document: krb5_crypto_getconfoundersize, krb5_crypto_getblocksize
x
(gss_inquire_cred): handle cred_handle beeing GSS_C_NO_CREDENTIAL and
x
update Luke Howard email address
(arcfour_checksum_p): return true when is arcfour, not when its not
(elem_insert): fix a off by one index counter
x
add encap functions that doesn't take the token type
add decap functions that doesn't take the token type
include cfx.h if we need it
encap/decap now takes a oid
encap/decap now takes a oid
x
code rewrite from Luke Howard <lukeh at PADL.COM>
x
(usage2arcfour): simplify, only include special cases
add _gssapi_decapsulate
x
Implementation of draft-ietf-krb-wg-gssapi-cfx-00.txt from Luke Howard <lukeh at PADL.COM>
x
(libgssapi_la_SOURCES) += cfx.c
CFX uses slightly diffrent usage numbers
x
make the include protectors more uniq
always include cfx.h
(proto): fill in client in the match cred
arcfour gss-api mech, get_mic/verify_mic working
include "arcfour.h"
(libgssapi_la_SOURCES): += arcfour.c
(_gssapi_verify_mic_arcfour): Do the checksum on right area. Swap
x
make the function threadsafe by removing static on the local variable zeros
x
add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE
add gssapi_{en,de}code_be_om_uint32
implement wrap/unwarp
hook in arcfour get_mic
hook in arcfour verify_mic
hook in arcfour wrap
hook in arcfour unwrap
x
recv both INT and CONF wrapped token
send both INT and CONF wrapped token
add gss_krb5_nt_general_name as an mit compat glue
x
include the confounder in the checksum
add KEYTYPE_ARCFOUR_56
use right seal alg, inherit keytype from parent key
support KEYTYPE_ARCFOUR_56 keys, from Luke Howard <lukeh at PADL.COM>
x
rc4 gssapi stuff fixed
(_gssapi_verify_pad): verify padding of a gss wrapped message and
added _gssapi_verify_pad
(_gssapi_wrap_arcfour): set the correct padding
(unwrap_des3): use _gssapi_verify_pad
rename token structure in consistency with rest of GSS-API
release the right buffer
prefix cfx symbols with _gssapi_
x
swap two last arguments to verify_mic for consistency with des3
(arcfour_mic_cksum): use free_Checksum to free the checksum
x
patch for working with DB4 on heimdal-discuss
x
try to include more db headers
x
cfx-01 use diffrent usage numbers
draft-ietf-krb-wg-gssapi-cfx-01.txt implemetation
x
x
(krb5_copy_ticket): free all data when failing, copy data to right
fix spelling in last commit
(krb5_ticket_get_authorization_data_type): reindent
x
(gss_verify_mic_internal): switch type and key argument
(gss_krb5_extract_authz_data_from_sec_context):
document gss_krb5_extract_authz_data_from_sec_context
(gss_krb5_extract_authz_data_from_sec_context):
x
rename gss_krb5_extract_authz_data_from_sec_context to
x
(tgets): avoid be clobbered by `longjmp' or `vfork' warning
x
(main): avoid const warning by using a extra variable
add SAM keyusage numbers
x
add struct _krb5_get_init_creds_opt_private
(krb5_get_init_creds_opt_alloc): allocate a opt structure
rewrite/implement krb5_get_init_creds_password with new preauth
(krb5_keyblock_zero): new function, zeros out a keyblock
(krb5_data_free): reset whole krb5_data when freeing it
move variable thats used within a #ifdef to be defined within that #ifdef
(TESTS): += test_config
(krb5_get_init_creds_password): handle password passed in though context
use krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
fix [Gt]
use krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
x
use krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
x
x
test program for _kadm5_generate_key_set
add and enable check program default_keys
x
(krb5_to4): set client princ of the mcred
x
use DES_KEY_SZ instead of sizeof(des_block)
EC is not included in the checksum since the length might change
x
switch to the DES_ api, dont provide any compat glue
(MD5_Final): make the function threadsafe by removing static on the
(MD4_Final): make the function threadsafe by removing static on the
x
switch from the des_ to the DES_ api
s/des_read_pw_string/UI_UTIL_read_pw_string/
use new DES_ api
check for DES_, AES_, and if openssl UI_
x
assume session key is a char array of length 8
x
s/des_read_pw_string/UI_UTIL_read_pw_string/
include <openssl/ui.h> in the openssl case
use new DES_ api
Add key usage for encryption of the SAM-NONCE-OR-SAD field.
x
s/des_read_pw_string/UI_UTIL_read_pw_string/
break out the encrypt timestamp preauth to its function
add SAM types
x
(gssapi_krb5_encap_length): don't return void
(add_file): make len argument an pointer to an integer
x
RRC also need to be zero before wraping them
x
SPENGO ASN1
turn on aes support unconditional
spelling
(krb5_get_init_creds_opt_alloc): add context argument
add context argument to krb5_get_init_creds_opt_alloc
x
SPENGO and IAKERB oids
(only_older_enctype_p): check request if the client only supports old
build SPNEGO file
(gssapi_krb5_get_mech): make non static
include spnego_as.h
export GSS_SPNEGO_MECHANISM
Add support for SPNEGO on the initator side. Tested with ldap server
x
Add support for SPNEGO on the initator side. Implementation initially
print the mech that was used
add --mech,-m argument
add mech
allow user to select mech; krb5, spnego, and no-oid
x
x
(spnego_reply): SPNEGO doesn't include gss wrapping on
SPNEGO doesn't include gss wrapping on SubsequentContextToken like the
now support for GSS_SPNEGO_MECHANISM
update .Dd
add support for printing Enumerated
(spnego_initial): catch errors and return them
A simplistic client implementing draft-brezak-spnego-http-04.txt
build http_client
x
print both source and target
x
(select_mech): return the gss_OID from a mech name
prototype for select_mech
use getarg
(proto): use select_mech
x
close socket when we are done, don't allow the server to restart
(spnego_initial): add #if 0 out version of the CHOICE branch encoding,
x
include <limits.h> for ULONG_MAX
x
x
fix prototypes
x
fix another int vs krb5_error_code
x
(gss_indicate_mechs): add SPNEGO
(gss_indicate_mechs): in case of error, free mech_set
x
(gss_wrap_size_limit): use existing function
(*): set minor_status
x
(init_auth): set sequence number when not requesting mutual auth
(gsskrb5_accept_sec_context): set sequence number when not requesting
x
(log_realloc): increase len after realloc returns sucessfully
(add_addrs): don't increase addr->len until in contains interesting
(init_as_req): don't realloc data before the loop, add_padata() will
x
remove #if 0'ed code
x
collect all init_creds context into a structure so it can easier be
(init_init_creds_ctx): make void since it doesn't return an error,
(krb5_rd_req): allow caller to pass in a key in the auth_context, they
x
(krb5_get_init_creds_opt_copy): add
prefix all struct HDB elements with hdb_
x
improve readability of ->open ifdef, check if version >= 4.1
remove depenency on gss_arcfour_mic_token and gss_arcfour_warp_token
x
add support for Set password protocol as defined by RFC3244 --
x
add arcfour and aes as valid enctypes
gssapi rc4 done
add some text about netdom.exe and trusts
(process): remove a abort()
don't get v4 tickets by default
libhdb might depend on LIB_dlopen
don't export krb5_get_init_creds_opt_copy
use _krb5_get_init_creds_opt_copy
no longer in use
no ASN.1-ish header on per-message tokens
x
x
rrc_rotate() was untested and broken, fix it
correct token ID for wrap tokens, were accidentally swapped with delete tokens
x
decode IA5Stringa and UTF8String
add TBoolean
remove boolean for now
print authorization data if there are any
x
- EC and RRC are big-endian, not little-endian
x
(krb5_rd_req): if we have a keyblock in auth context, use that
x
Add support for AFS when using Kerberos 5,
(afslog_uid_int): just belive that realm hint the user passed us
x
(telnet_spin): if Scheduler() returns failure (-1) propagate to higher level
(my_telnet): if telnet_spin returns failure, complain that the server
export Scheduler and scheduler_lockout_tty
x
spelling
x
flags for krb5_krbhst_init_flags (and krb5_send_to_kdc_flags)
(krb5_krbhst_init_flags): new function, use it and adapt callers
(krb5_sendto_kdc_flags): new function, and then implement the order
(init_cred_loop): handle KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again,
x
(krb5_afslog_uid_home): be even more friendly to the user and fetch
(do_connect): use ai_protocol 0
(verify_krb5): set mcred.client too
x
x
parse kdc log
remember last address
sort
count principal and ip addresses using des
count preauth failuire too
(setpw_send_request): free ap_req_data on failure
x
add boolan support
add more preauth types, add PA-PAC-REQUEST
add SAM types and PAC_REQUEST
(krb5_rd_req): always free keyblock since its alway used
add Setting up DNS
add krb5_principal_set_type
document krb5_principal_{get,set}_type
some diffrences between Heimdal and MIT Kerberos in the API
handle some more failure lines
(islocalrealm): exact match is also fine
add enum krb5_get_init_creds_req_pac
add krb5_get_init_creds_opt_set_paq_request
(*) send PA_PAC_REQUEST when the user have requested either use PAC or
add _krb5_krb_dest_tkt and TKT_ROOT
(_krb5_krb_dest_tkt): unlink v4 token
(check_for_tgt): set client as part of the pattern/match cred
When running kinit in "fork mode" do pagsh independent of krb4, also
x
add BOOLEAN
x
let t and n match zero or more whitespaces
(str2time_t): allow whitespace between date and time
x
x
parse [kdc]use_2b and [gssapi]
add flag --warn-mit-syntax that warns for mit syntax is used and just
(do_authenticate): if request length is less then 8, its a bad request
(do_getticket): if times data is shorter then 8 byte, request is mailformed.
x
spelling
(acquire_initiator_cred): use kret instead of ret where appropriate
(gss_release_cred): if its a mcc, destroy it rather the just release it
x
If its a MEMORY cc, make a copy. We need to do this since now
x
add some help function that is common between ENC_TS and SAM2
x
test program for verifying password quality function
x
(krb5_config_parse_file_debug): punt if there is binding before a
x
print the error value krb5_init_context failed with
x
x
instead of the cryptic "Request:" use "HTTP request:"
handle requests to forward non-forwardable ticket and HTTP requests
count IP v4/v6 requests now that my kdc supports v6
describe Transit policy
x
add --no-transit-check
x
(krb5_domain_x500_decode): set *num_realms to zero not num_realms
x
(fix_transited_encoding): set transited type
x
spelling, From: Tracy Di Marco White
(krb5_domain_x500_encode): if num_realms == 0, set encoding and return
x
(krb5_domain_x500_encode): always zero out encoding to make sure it
x
x
checksum the header last in MIC token, update to -03
x
(copy_oid): copy all components
x
x
spelling, partly from jmc <jmc at prioris.mini.pw.edu.pl>
x
PKINIT patch from Daniel Kouril and Petr Holub, I removed the
add the opaque krb5_pk_init_ctx to _krb5_get_init_creds_opt_private
make compile again
rename krb5_pk_init_openssl_ctx to krb5_pk_init_ctx
add support for pkinit
add pkinit support
x
add pkinit.c
krb5_context_data.pkinit_win2k_compatible
add krb5_padata_add
x
add [appdefaults]kinit/pkinit-ca-dir
krb5_free_ticket free the whole ticket
(krb5_free_ticket): free the ticket itself to match mit behavior,
(tgs_rep2): don't free ticket, krb5_free_ticket does that now
(process): don't free ticket, krb5_free_ticket does that now
(gss_delete_sec_context): don't free ticket, krb5_free_ticket does that now
x
(krb5_verify_ap_req2): krb5_free_ticket free the ticket now, rewrite
x
Sequence number should be stored in bigendian order
x
fix {} error, pointed out by Liqiang Zhu
x
spelling, Bruno Rohee <bruno at rohee.com>
typo, Bruno Rohee <bruno at rohee.com>
x
time crypto operations
(TESTS): add test_crypto
(main): move opening the logfile to after reading kdc.conf
(main): parse kdc.conf
x
(main): parse kdc.conf
x
(receive_loop): when seeking over the entries we already have, skip
Don't require timestamp to be set on delegated token, its already
x
stop using krb5 lib private byte-frobbing functions and replace them
don't include <krb5-private.h>
x
include pthread.h in the pthread case
(init_cred_loop): fix memory leak
(AES_string_to_key): fix memory leak
reference count krb5_get_init_creds_opt private component to avoid
add some glue for pkinit
clean up, make remove depenency on openssl's api
XXX add some "struct foo;" glue for pkinit structures that isn't used
fix bugs, improve error reporting
PKINIT patch from Daniel Kouril and Petr Holub, I removed the
add prototypes for pkinit
add pkinit support
read pkinit (pki-muble) configuration options
(kdc_SOURCES): += pkinit.c
print an error and turn of pkinit if openssl failed to load
remove most compile depencies
make pkinit_win2k_compatible into a flag field
clean up
x
(LDADD): link with LIB_dlopen
x
x
make PKINIT DH support work
add flag to make it work with dh
x
clean up error handling, make enc-type work again
add support for KDC side of DH PKINIT
tweek to make pkinit work with the fact the asn1_compile can't
don't use PKINIT DH per default since its too slow
x
(main): return the return value from simple_execvp
x
add --version,--help
move test_crypto to noinst_PROGRAMS
x
(check_host): don't check for EAI_NODATA, because its depricated in RFC3493
use EAI_NONAME instead of EAI_ADDRFAMILY to check for if we need EAI_ macros
EAI_ADDRFAMILY and EAI_NODATA is deprecated
EAI_ADDRFAMILY and EAI_NODATA is deprecated in RFC3493
x
x
require cipher-text to be padded to padsize
x
add _PATH_ARLA_OPENBSD & c/o
x
(decrypt_internal_derived): move up padsize to avoid memory leak
x
add AcceptorSubkey (but no code understand it yet)
x
Wrap token was in wrong order, found by Sam Hartman
x
add more T_ types and inline the dns headers, all this for bind9 resolvers
x
add krb5_auth_con_addflags and krb5_auth_con_removeflags
some text about krb5_auth_con_{add,remove}flags
update Dd
use krb5_auth_con_addflags
(krb5_get_forwarded_creds): use KRB5_AUTH_CONTEXT_DO_TIME if we want
internally export x{,un}lock and thus prefix them with _krb5_
do locking, found to be a problem for Panasas Inc
uninitialized variable, from Panasas Inc
x
(_krb5_xlock): fix compile error in last commit
(krb5_get_in_tkt_with_keytab): avoid memory leak that snuck in when
(kadm5_c_destroy): fix memory leaks, From Panasas, Inc
x
(add_one_principal): pass right argument to kadm5_free_principal_ent
x
x
add krb5_auth_con_{add,remove}flags
(kadm5_s_rename_principal): allow principal to change realm
x
(_krb5_pk_create_sign): fill in NULL as parameters, required by CMS
x
make rrc a modulus operation if its longer then the length of the message
x
x
remove depency on c99 types
remove depency on c99 types in resolv.h
x
number-of fields no longer stored in network order
x
remove HEADER for crays
x
add SSHFP, clean up the the dns_header
add cpp rewrite for sshfp_record
parse dns header, add support for SSHFP
x
remove enforce-transited-policy, its no longer used
x
try handle ts preauth better, still not good, but at least it work
x
make -9 work again
(ftp_do_gss_delegate): delegate creds (default on)
(getargs): negative flag for delegating gss creds
add ftp_do_gss_delegate
x
(krb5_context_data): add mutex for error_string
allocate and destroy mutex in krb5_context
protect error_string with mutex
x
(main): avoid warning by sending empty string as formatstring instead
x
x
(_kadm5_c_init_context): catch errors from strdup and other krb5_ functions
x
(change): fix same-password-again by decrypting keys and setting an error code
x
correct ifdef for EAI_ADDRFAMILY
add year 2004
x
x
rename get_krbtgt to _krb5_get_krbtgt and export it
(krb5_get_forwarded_creds): If tickets are address-less, forward
(krb5_get_forwarded_creds): try to handle errors better for previous commit
(add_addrs): don't add same address multiple times
add prototypes, describe krb5_keyblock_zero
x
clean up krb5 support, log to syslog instead of stdout (very confusing
x
(renew_validate): if renewable_flag and not time specifed, use "1 month"
x
new year
(length_type): TSequenceOf: add up the size of all the elements, don't
x
remove #if 0 out file locking code
(_krb5_xlock): catch EINVAL and assume that it means that the
x
search paths for AFS configuration files for the OpenAFS MacOS X
search paths for AFS configuration files for the OpenAFS MacOS X,
x
(change): use the right password when changing the password
x
document gss_krb5_ccache_name
add missing gss_krb5_ references
(gss_krb5_ccache_name): help function enable to set krb5 name, using
(libgssapi_la_SOURCES): += ccache_name.c
add gss_krb5_ccache_name
x
add krb5_wrfkt_ops
add krb5_wrfkt_ops/WRFILE (same as FILE)
register WRFILE ops
some text about order of [capaths] realms
(krb5_build_ap_req): abort on internal asn1 encode error
(krb5_build_authenticator): abort on internal asn1 encode error
(make_pa_tgs_req): abort on internal asn1 encode error
(krb5_mk_priv): abort on internal asn1 encode error
(krb5_get_in_cred): abort on internal asn1 encode error
(krb5_mk_rep): abort on internal asn1 encode error
(krb5_mk_rep): abort on internal asn1 encode error
x
x
(_krb5_aes_cts_encrypt): out iv is the iv of the next to last block
add "next iv" test for aes128
(_krb5_aes_cts_encrypt): out iv is the iv of the next to last block,
add "next iv" test for aes128, check decryption case too
test for: (length_type): TSequenceOf: add up the size of all the
x
add _heim_len_unsigned, _heim_len_int
Fix len_unsigned for certain negative integers, it got the length
test for "der_length.c: Fix len_unsigned for certain negative
don't use path's in first .Nm, it confuses some locate.updatedb, use
x
(change_password): handle that printf(".*s", 0, (void*)NULL); doesn't
x
x
(change_password): handle that printf("%.*s", 0, (void*)NULL); doesn't
x
If there is a --with-PACKAGE=path but no --with-PACKAGE-config, go
x
Check for sys/socket.h, net/if.h. Modify term.h, security/pam_appl.h
AC_CHECK_HEADERS(net/if.h netinet6/in6_var.h sys/sysctl.h sys/proc.h,
x
resolv.h is even more special
x
x
x
use m4_define, over-quote string
overquote to pacify automake1.8
x
rename AC_WFLAGS to rk_WFLAGS
x
add timed simple_exec
x
add simple_execve_timed
x
add HEIM_PKINIT specific errors
adapt to asn1 bignum code, use HEIM_PKINIT errors
adapt to asn1 bignum code, use HEIM_PKINIT errors
s/heim_big_integer/heim_integer/
adapt to the new format of heim_integer, start working on w2k compat
possibly return ENOMEM
(add_string): catch error from realloc
x
x
remove dup on
x
(process_pa_data_to_key): spelling
indent, use krb5_abortx() instead of abort()
(_krb5_xlock): handle that everything was ok, and don't put an error
handle memory allocate errors
prefix pkinit error codes with KRB5_
update error codes
add text about hostname to realm mapping using DNS
fix all db >= 4.1 cases
adapt to rename of oid_cmp to heim_oid_cmp
x
x
0.6.1
(_kadm5_set_*): don't change the kvno, let the callee to that
(kadm5_s_randkey_principal): bump kvno
(change): bump kvno
(kadm5_s_create_principal_with_key): don't call _kadm5_set_keys2,
(_kadm5_set_keys_randomly): make sure enctype to copy enctype for des keys
(create_random_entry): print error message on failure
x
include <crypt.h>, From: Fredrik Ljungberg <flag at pobox.se>
x
make it possible to use libsl from c++
x
don't overload the primary_principal == NULL as dead since that
(mcc_get_principal): also check for primary_principal == NULL now that
more cc tests, mostly related to mcc behavior
(process_reply): log into result_string if something goes bad, return
(decrypt_internal_special): do not not modify the original data
x
x
add hdb_{,un}seal_key{,_mkey} from Andrew Bartlett <abartlet at samba.org>
make ldap possible to build as a shared module
add --hdb-openldap-module
when building ldap as a shared module, don't include it in the list
support building ldap backend as module
drop SMTP_NAME
revert the part of the file I didn't mean to commit yet (samba support)
added dummy parsing of CHOICE
catch CHOICE and generate dummy placeholder
spnego_files += asn1_NegotiationToken.x
uncomment NegotiationToken
move NegotiationToken to avoid warning
x
fix prototype of encode_utf8string
(spnego_reply): make sure the length of the choice element doesn't
(spnego_accept_sec_context): make sure the length of the choice
x
(add_one_principal): even though the principal is disabled (creation
x
on strange tcp error; log local port number and socket type
add more cases
ifdef protect label that is only uesd with pkinit
add support for disabling checksum/encryption types
check if enctype is disabled before using it
document --detach and --disable-DES
add --disable-DES
x
even if kx failes, start anyway
document new behavior
x
Intergrate Heimdal's hdb-ldap and the Samba password database.
x
framework for
(default_etypes): avoid using disabled enctypes
spelling
when running kinit with a subprocess, fetch new tickets after half the
x
use macro for HDB * -> LDAP *
x
x
comment describing message formats
drop structures for message formats, no longer used
(kadm5_s_create_principal): remove old XXX command and related code,
x
test run the password quality function
kadmin_SOURCES += pw_quality.c
add password-quality/pwq command
add prototype for password_quality
document password-quality
x
(krb5_ret_creds): if the higher ticket flags are set, its a mit cache,
(krb5_store_creds): add disabled code that store the ticket flags in
x
(krb5_ret_creds): Runtime detect the what is the higher bits of the
x
add _krb5_store_creds_heimdal_0_7 and
(fcc_store_cred): use [libdefaults]fcc-mit-ticketflags=boolean to
x
document [libdefaults]fcc-mit-ticketflags=boolean
x
rename ca_dir to pkinit/x509_anchors since its more like that language
pass client hdb_entry to pk_check_client
x
(pk_mk_pa_reply): add hdb_entry
update prototype for pk_mk_pa_reply
add missing req argument to pk_mk_pa_reply
x
x
(fcc_store_cred): NULL terminate krb5_config_get_bool_default' arglist
x
add --canonicalize
document --canonicalize
understand [password_quality]
x
clean up error handling, plug memory leaks, and free memory in error path,
gssapi credential testing
fix comment
(noinst_PROGRAMS) += test_cred
add partial support for CFX
add dummy use_64 argument to gssapi_msg_order_create
enforce AcceptorSubkey
add KRB5_AUTH_CONTEXT_USE_SUBKEY
(krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY is set send subkey
handle acceptor asserted subkey
handle changed signature of gssapi_msg_order_create
support cfx
support cfx, try to handle acceptor asserted subkey
(gss_acquire_cred): check usage before even bothering to process it,
x
(main): setpag if there is krb4 OR krb5 support
x
(krb5_destroy): free allocated memory, not something else
x
x
document gss_krb5_get_tkt_flags
Get ticket-flags from acceptor ticket
add ticket_flags.c
add gss_krb5_get_tkt_flags
x
fix bugs in examples, add more restrictions, use example.com as an
x
include Luke Howard of PADL.COM ldap hdb documentation
x
(hdb_list_builtin): return a list of builtin backends
add --builtin-hdb command
plug memory leak on file matching
test generatic acl code
test unknown acl format specifier
document krb5_acl_match_*
document krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache
document krb5_add_et_list
document krb5_kt_default_modify_name
document krb5_krbhst_init_flags
document krb5_auth_con_generatelocalsubkey
move out non krb5_c functions
add some functions and descriptions
real return values for krb5_{enctype,cksumtype}_valid
add krb5_cksumtype_valid krb5_cksumtype_valid
add various enctype related function here
remove various enctype related function
add missing functions, only 285 left to document
x
document krb5_abort and error string functions
add error string functions and sort
add acl and krb524_convert_creds_kdc manpages and test_acl test program
document krb5_storage and related functions
document context modifcation functions: address list, config file, use
add more krb5_config_ functions and prototypes
add even more functions
man_MANS += krb5_storage.3
add krb5_init_ets
document krb5_copy_keyblock and krb5_generate_random_keyblock
update .Dd
add keyblock functions, 190 functions to go
add krb5_hmac
document krb5_config_free_strings and krb5_config_file_free
document krb5_decrypt_ticket
add more functions, 177 to go
add krb5_verify_opt_set_ccache
remove #if 0'ed code
x
document krb5_ticket_get_authorization_data_type
add more functions, some more text
add missing .Nd
document krb5_creds
add more functions, 147 to go
man_MANS += krb5_creds.3
document krb5_copy_host_realm
document krb5_expand_hostname and krb5_expand_hostname_realms
drop .Pp before .Sh
document padata functions
add some more functions, 142 to go
document krb5_generate_random_block
document krb5_generate_subkey
document krb5_get_default_principal
add some more, 137 to go
document krb5_get_wrapped_length
man_MANS += krb5_expand_hostname.3 krb5_find_padata.3 krb5_generate_random_block.3
document string to key functions
framework for replay cache manpage
add krb5_get_server_rcache
add more stuff, 105 functions to go
(krb5_get_init_creds_opt_set_pkinit): add prompter argument and use it
adapt to change of signature of _krb5_pk_load_openssl_id
adapt to signature change of krb5_get_init_creds_opt_set_pkinit
x
x
add missing }
update .Dd
call setprogname to make libvers happy
x
unexport krb5_mk_req_internal to external users by prefixing it with _
s/krb5_mk_req_internal/_&/
unexport krb5_get_host_realm_int to external users by prefixing it with _
s/krb5_get_host_realm_int/_&/
remove function krb5_sendto_kdc2, its no longer used
x
add manpage for su
man_MANS = su.1
man_MANS += krb5_string_to_key.3 krb5_rcache.3
add 0.7 item, plus one 0.6.1
test for arcfour
remove
replace with new implementation
implemented from description in draft-kaukonen-cipher-arcfour-03.txt
new arcfour implementation
x
try to handle sys/strtty.h needing sys/stream.h
x
stop the client from renewing tickets into the future
x
update year
* kdc: stop clients from renewing tickets into the future
its PAC not PAQ
(pa_data_add_pac_request): don't increase md->len, krb5_padata_add
x
try to pacify mdoc macros on osf/1
(change_password): remove extra free
add tcp support to the set protocol, should be cleaned up to enable
also lookup _kpasswd._tcp SRV-rr
x
handle sed expression breaking
x
(hdb_ldap_create): allow configuration of default structural object
case size_t to unsigned long for LP64 platforms
make encrypt, forwardable, forward use appdefault (that also searches
x
(spnego_initial): handle mech_token better
verbose logging
avoid the malloc loop and just allocate the propper amount of data
use ASN1_MALLOC_ENCODE
remove unused variable
(gsskrb5_is_cfx): krb5_keyblock->keytype is an enctype, not keytype
support GSS_C_DELEG_FLAG and GSS_C_MUTUAL_FLAG
(gsskrb5_register_acceptor_identity): allow reseting to default keytab
x
add _gss_spnego_require_mechlist_mic for compatibility with MS SPNEGO
add _gss_spnego_require_mechlist_mic, From: Luke Howard <lukeh at padl.com>
(send_accept): use _gss_spnego_require_mechlist_mic to figure out if
(spnego_reply): use _gss_spnego_require_mechlist_mic to figure out if
x
add GSS_C_EXPECTING_MECH_LIST_MIC_FLAG
s/CTXAcceptorSubkey/CFXAcceptorSubkey/
x
x
add krb5_cc_get_prefix_ops
x
document hdb-ldap-structural-object
some text about krb5_prompter_posix
free functions also zeros out the key
(krb5_prompter_posix): if some thing is printed on stderr, fflush it
(krb5_ticket_get_authorization_data_type): add error strings
add rk_WIN32_EXPORT
x
export KRB5_LIB_FUNCTION when building with BUILD_KRB5_LIB
if -E, add windows standard calling conv to headerfile if needed
add KRB5_LIB_FUNCTION
define BUILD_KRB5_LIB when building libkrb5.la, add KRB5_LIB_FUNCTION proto
x
use AC_RUN_IFELSE so we can handle cross compiling
x
even more evil stuff for cross-compiling
x
use KRB5_PADATA_PK_AS_REQ_WIN
adapt to heim_integer changes
merge certificate/private_key to a user_id
adapt to heim_integer changes
merge certificate/private_key to a user_id
update prototype for pk_initialize
merge certificate/private_key to a user_id
replace the krb5.conf configuration option that describes the mapping
x
add --credential argument that just remove one credential entry out of
(fcc_remove_cred): simplistic implementation, XXX add locking
add krb5_context to so its added as manpage-link too
(build_auth_pack): use heim_integer to encode DH public key
ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE: private use, lukeh at padl.com
x
1.28.2.16: (der_get_oid): handle all oid components being smaller then
x
at least try to handle diffrent enveloped enctypes
(krb5_set_default_in_tkt_etypes): use the return from krb5_enctype_valid
use the first proposed enable enctype
document krb5_random_to_key
(krb5_random_to_key): new function
add des and DES3 random_to_key hooks, they need special processing
(generate_dh_keyblock): use the new function krb5_random_to_key
x
document that krb5_string_to_key_derived is broken for non 3des
comment out the "@"/"" test for now
test random to key function
(DES3_random_to_key): make it produce the right result
x
rc2 implementation
x
(krb5_crypto_init): clear return pointer on failure
add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT kerberos
include rc2.h, and when I'm here, make aes mandatory
(RC2_set_key): handle keys where effective bits are diffrent from keylength
(RC2_set_key): rewrite the mask calculation
test vectors from RFC2268
x
(_krb5_pk_create_sign): always set the digestAlgorithm to sha1 (both
(_krb5_pk_convert_rep): convert microsoft style answer to IETF, From
remove more dependency on krb5_config->pkinit_flags
more w2k compat from Luke Howard <lukeh at padl.com>
make the pkinit nonce same os the plain nonce for now
uniquify error messages
move out the oid check from get_reply_key
x
use IV for envelopeddata encryption, patch originally from Luke Howard
document that krb5_data_free cleans the structure too
document KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
use IV for envelopeddata encryption, patch originally from Luke Howard
pacify mdoclint
document krb5_{de,en}crypt_ivec
always send both win2k compat version and the ietf draft one, this is
x
use the right oid for pkauthdata
add AES_cbc_encrypt
handle non blocksized cbc messages
x
add partial CMS parameter handling, this is needed for RC2
add KEYTYPE_RC2
add CMS symmetrical parameters here, enctype rc2-cbc
add CMS symmetrical parameters
use krb5_crypto_get_params to implement kcrypto RC2 support
add ETYPE_AESNNN_CBC_NONE
add KEYTYPE_AES192
add krb5_crypto_set_params, aes aes-NNN-cbc-none
use krb5_crypto_set_params
add krb5_enctype_to_oid and krb5_oid_to_enctype
add heim_oid_cmp heim_octet_string_cmp
add heim_oid_cmp and heim_octet_string_cmp
(libasn1_la_SOURCES) += der_cmp.c
x
(krb5_crypto_get_params): check ivec length before returning it
(krb5_oid_to_enctype): make sure oid exists before we compare with it
use krb5_enctype_to_oid
use krb5_oid_to_enctype and remove all oids that are no longer needed
add set_param for RC2
x
add -E flag where needed to make-proto
x
(krb5_verify_ap_req2): clear the whole ticket, not just a pointer size of it
(pk_rd_pa_reply_dh): use krb5_random_to_key
x
make kerberos4 support default turned off
x
(handle_v4): make sure length is longer then 2,
x
spelling from Josef El-Rayes <josef at FreeBSD.org>
x
use right argument for -E
pacify pre c99 compilers
x
move "setpag if (argc < 1)" to common path
x
(LDAP_message2entry): in the sambaNTPassword case, make sure
(LDAP_message2entry): remove bogus length check
(LDAP_message2entry): fix [] test
(LDAP_message2entry): allow samba entires to be forwarded
x
make samba forwarding a runtime configure option
make samba_forwardable a krb5_boolean
x
(stot): add AAAA
add KRB5_LIB_FUNCTION to all exported functions
x
x
use ! instead of , as sed delimiter
x
framework for windows AD backend
try all ldap servers in dns, generate a random password,
x
(prop_one): store the opcode in the begining of the blob, not the end
add kadm5_ad_context
x
(SOURCES_client): += ad.c
add support for tsasl
x
more code for get, only fetches kvno for now
more code for get, handle time stamps and bad password counter
more code for get, handle attributes
default value for hdb-ldap-structural-object is account
some text about dbname and realm
minor fixes, partly from Tarjei Huse <tarjei at nu.no>
indent
(LDAP_entry2mods): make sure krb5KeyVersionNumber is added on new entires
clean, indent
handle create and delete
x
more ldap text, partly from Tarjei Huse <tarjei at nu.no>
fix url
add modify operations
add --ad flag, XXX rewrite the init kadm5 interface
add expiration time
x
x
try handle spn's better
x
require search base to be configured, create local context structure
x
check return values from ldap operations and close it we get back
x
indent like the rest of the code
add creation base that defaults to the search base
document [kdc]hdb-ldap-create-base
x
Allow the objectClass to be "sambaSamAccount" or structural_object
x
x
implement krb5_set_password_using_ccache
add krb5_set_password_using_ccache
use krb5_set_password_using_ccache
x
define AES_{EN,DE}CRYPT; remove #ifdefs, this is an installed file
don't include krb4 headers
x
rename get_cred_cache to _kadm5_c_get_cred_cache and export locally
if its the entry just contains the structural object (no samba nor
(main): process all slaves, not just up to the last slave sending data
x
(kt_get): catch errors from krb5_parse_name
x
if keyfile is set, pass in to libkadm5
drop keyfile, not used
x
(handle_tcp): note who is what that closed the connection on us
x
(main): keytab mode requires principal name
x
(Data): allocate the data needed to be send
make subbuffer larger XXX resize dynamicly
make network rings larger
make cbuf 64k to handle lager tickets
x
x
add and use and bind9 version of rr type (rk_ns_t_XXX) instead of the
x
new password check interface
new password check interface (old still supported)
document new password quality api
man_MANS = kadm5_pwcheck.3
pull in <stdlib.h> and <vers.h> to avoid warnings
(init_tgs_req): if subkey not avaible, use session key for authorization-data
x
support the linux /proc/fs/mumel/afs_ioctl afs "syscall" interface
x
update copyright
s/arla/nnpfs/
x
x
Check certificate for Kerberos Principal in OtherName of subjectAltName
enable_pkinit_princ_in_cert
add enable_pkinit_princ_in_cert
x
use .In for header, remove trailing space
x
implement kadm5_ad_init_with_password_ctx
use kadm5_ad_init_with_password_ctx
x
x
(LDAP__connect): call ldap_initialize with right argument
x
fix slc lossage
fix usage string
make merge/load work again
x
(set_ptypes): make ptypes const
use new tsasl interface
(do_ext_keytab): if there isn't any keydata, try using kadm5_randkey_principal
(format_field): allow mod_name to be optional
(LDAP_seq): try handling errors better
x
don't use krb5_err on error code 0
x
fix helpstring for hdb-openldap-module
add -pthread to LIBS since libtool doesn't preserve it for us when
x
(process_reply): cast ssize_t to long and print that
x
nroff and spelling, from Jonathan Stone <jonathan at dsg.stanford.edu>
x
x
Remove superfluous comma; grammar fixes; split sentence
x
spelling from wiz at netbsd.org
x
update (c) year
add krb5_verify_init_creds
add krb5_verify_init_creds.3
(pk_principal_from_X509): reverse test, makes principal in cert work
x
document krb5_check_transited
add some functions I missed before
more cc tests
x
(LDAP_entry2mods): allow for pre-c99 compilers, From metze at samba.org
x
x
(print_cred_verbose): keytypes are no longer, use enctype
x
x
krb5_get_credentials and friends
krb5_get_forwarded_creds and friends
krb5_get_credentials, krb5_get_forwarded_creds and friends
add krb5_get_kdc_cred
add get_cred functions
clarify on what string krb5_free_error_string should operate on
krb5_rd_error and friends
man_MANS += krb5_rd_error
x
x
sort, add krb5_free_authenticator
remove dup krb5_get_init_creds
document krb5_free_kdc_rep
krb5_get_host_realm result should be free with krb5_free_host_realm
krb5_expand_hostname_realms result should be free with krb5_free_host_realm
x
use setprogname
x
add krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno
document krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno
add krb5_eai_to_heim_errno.3
x
allow to specify what credential cache to use
document --cache/-c
(krb5_cc_set_default_name): allow setting the default cc name, this is
CCAPI v3 implementation, the read only support was from Magnus Ahltorp
add krb5_acc_ops
register krb5_acc_ops
libkrb5_la_SOURCES += acache.c
remove magic 3 with ccapi_version_3
x
mutex buglet, From: Luke Howard <lukeh at PADL.COM>
x
dragonflybsd uses 339 just like freebsd5
x
ifdef protect AFS_SYSCALL for DragonFly since they still define
x
(DES_rand_data): also try /dev/arandom
(krb5_cc_set_default_name): s/libdefault/libdefaults/
document default_cc_name
x
x
Add _krb5_expand_default_cc_name that expand variables in the default
drop ${time}, its not very useful
explain support for varibles in [libdefaults]default_cc_name
test variables in default_cc_name
x
data needs to be freed when using krb5_ticket_get_authorization_data_type
document krb5_free_salt
x
print keytypes on long format
x
(get_pa_etype_info{,2}): check for dup enctypes from the client and
document krb5_enctype_valid
krb5_free_salt and krb5_enctype_valid
x
add krb5_getportbyname
manpage for krb5_getportbyname
man_MANS = krb5_getportbyname.3
(krb5_get_err_text): if neither of com_right nor strerror finds the
Remove all traces of setjmp/longjmp.
x
send ABOR protect with security layer if its there
*** empty log message ***
(set_auth_data): set pointer to NULL after free
x
(_kadm5_generate_key_set): since arcfour-hmac-md5 is without salting,
x
spkm, rfc2025
(fetch_acl): use " \t\n" instead of just "\n" for the delim of the
x
I fixed the OOB send cleartext problem in 0.6.3 ftp client
(krb5_get_init_creds): kdc_reply can be set in case of failure too,
x
add cpluscplus extern "C" support
x
use negative string help string for arg_negative_flag
x
(decode_boolean): fail if length of tag is larger then len
x
(decode_*): name all tag-length variables the same
x
(seed_something): avoid poking at memory that is uninitialized, make
link libkrb5 with LIB_dlopen
gss_krb5_extract_authz_data_from_sec_context was renamed to
x
make all_etypes const and move outside function to avoid returning
Fix memory leak, don't return stack variables
x
make variable shorter, make error messages from pkinit, make freeing easier
x
add AM_CPPFLAGS to libkrb5_la_CPPFLAGS since AM_CPPFLAGS overridden by
break out krb5 api definitions to separate (not installed) file
use krb5_ccapi.h
(dns_lookup_int): grow the answer buffer to the size the server send
add constant for max DNS protocol packet size
add resolve-test
test program for libroken resolve from resolve.c
x
(parse_key_set): do way with static returning (function) static
(_kadm5_free_keys): change prototype, make it use krb5_context instead
deal with changed prototype for _kadm5_free_keys
x
make resolve-test a noinst program
x
add --version/--help
x
(get_cred_kdc_usage): retry using "large message safe" transport if we
x
un c99'ify, from Anders.Magnusson at ltu.se
x
(krb5_string_to_deltat): set default unit to minute for compatibility
(krb5_appdefault_time): use krb5_string_to_deltat
(krb5_config_vget_time_default): use krb5_string_to_deltat
assume minutes for time
x
stop using AlgorithmIdentifierNonOpt
x
improve error logging
support padding as its done in CMS
stop using AlgorithmIdentifierNonOpt, add openssl engine support for
x
filter out dup openssl engine keys, parse user options first
x
undefine open so this works on solaris with large file support
x
free openssl engine
free openssl engine
adapt to new signature of krb5_get_init_creds_opt_set_pkinit
x
Move keyset parsing and password based keyset generation into hdb.
x
(parse_file): use hdb_generate_key_set
x
add enctype_des3_cbc_none_cms
use ETYPE_DES3_CBC_NONE_CMS
support hex numbers
(readd) support negative numbers
sync enctypes with pkinit branch
x
(krb5_string_to_deltat): default to "s" again, MIT's behavior was
time defaults to "s"
sync with mit krb5_err.et (require major version bump)
x
use KRB5_KT_BADNAME
x
make error messages sane again
match new error names
x
match new error names
add ds_record
put dns_type_to_string and dns_string_to_type in the abi
x
Make sure argument passed to ctype isn't signed char
test parse_time
Change the behavior of the parse_unit code to return the number of
update .Dd
x
(make_cred_from_ccred): the address isn't a sockaddr but rather a
(del_enctype): fix off-by-one error in del_enctype
x
unbreak 2b entry
x
(add_one_principal): catch error from UI_UTIL_read_pw_string
(krb5_rd_rep): free ap_rep message earlier so we don't leak it on error
(getit): always free columns
x
x
(_krb5_get_init_creds_opt_copy): if the in options NULL, just make a clean copy
fold init_init_creds_ctx into get_init_creds_common
unexport krb5_get_init_creds_opt_free_pkinit
add description for opt_init, opt_alloc, opt_free
x
document some more functions
x
use constrained integers
x
x
make krb5_get_init_creds_keytab work again
x
add more text describing the krb5_get_init_creds functions
(change_password): handle old_options being NULL
x
(krb5_get_in_cred): clear pointer after freeing data
(find_keys): log what principal is missing enctypes
(get_new_tickets): only complain about ticket renewable lifetime when
x
(krb5_free_context): clear error string before destroying mutex
x
Reverse order of HEIMDAL_MUTEX_unlock and gss_release_cred to avoid
x
x
x
x
s/KEYTYPE_DES/ETYPE_DES_CBC_CRC/
x
x
use keeps around options, "improve" spelling, from openbsd
use keeps around options, from OpenBSD
x
use keeps around options, from OpenBSD
use .
use keeps around options, spelling, from openbsd
spelling, from openbsd
x
add --random-key
document --random-key and the need to do backup of the master key
x
use keeps for options, From OpenBSD
spelling, from OpenBSD
x
(LDAP_message2entry): if the entry is missing both krb5PrincipalName
(krb5kdcentry_attrs): ask for attribute uid too
x
(LDAP_firstkey): When iterating over all entries, search for samba
x
ldap schema from PADL.COM
s/objectclass/objectClass/
(LDAP__bytes2hex,LDAP__hex2bytes): encode nibbels in the other order
x
(pos): uppercase in character
add (c) kth
fix spurious cross-reference makeinfo warning
add new node: Providing Kerberos credentials to servers and programs
clarify credentials refreshing stuff
x
(handle_http_tcp): handle error from write(2)
(main): catch sigpipe, we don't bother select()ing for errors
don't print garabage for octet strings
(configure): check for deprecated enforce-transited-policy is set and
default for check-ticket-addresses is TRUE
drop key-file, no longer used
NetBSD 2.99.11 (any maybe 2.1) just needs pthread.h, threadlib is dead
x
spelling and text fixes, from Dave Love
x
s/@kdb/@kbd/
Add account expiration for samba from James F. Hranicky <jfh at cise.ufl.edu>.
add some text about samba, use example.com
make default_acc_name static
make lots of crypto related variables static
make procs static
make default_v4_name_convert static
x
add key usage for server referrals
make principalname functions private
use private version of principalname
use private version of principalname
update (c)
add CHECK_SYMBOLS tests, so that we don't export to much stuff
add CHECK_SYMBOLS, approve of:
add exported symbols test
x
make all_etypes static
add -asn1compile symbols
add CHECK_SYMBOLS
x
(CHECK_SYMBOLS): add heim_ and pkcs7_ for now (used in pkinit)
Happy New Year
x
Happy New Year
2004
move 2004 entries to ChangeLog.2004
(change_password_loop): on failing to find a kdc, set result_code to
x
(krb5_is_thread_safe): return TRUE is the library was compiled with
x
(man_MANS) += krb5_is_thread_safe.3
document krb5_generate_subkey_extended
x
add 0.6.2 and 0.6.3 items
constify to avoid warning with -Wwrite-string
allow specifying a credential cache to use for the admin principal
document -c
(krb5_parse_address): filter out dup addresses from getaddrinfo
add --addresses, controls what addresses kpasswd should listen too
document --addresses, controls what addresses kpasswd should listen too
x
x
x
text dump format
x
krb5_enctype_is_disabled is the same thing as krb5_enctype_valid, so
drop krb5_checksum_is_disabled, krb5_checksum_valid handles that just fine
drop krb5_{checksum,enctype}_isdisabled
drop krb5_enctype_is_disabled, more text about krb5_enctype_valid
drop krb5_{checksum,enctype}_is_disabled
x
(kfd_match_version): cast argument to islower to unsigned char
x
(hashcaseadd): cast argument to toupper to unsigned char
cast argument to toupper to unsigned char
cast argument to isdigit to unsigned char
cast argument to tolower to unsigned char
x
cast argument to tolower to unsigned char
x
cast argument to is* to unsigned char
cast argument to toupper to unsigned char
x
x
get_v4_tgt only used when compileing with kerberos 4 support
x
cast argument to isalnum to unsigned char
x
revert part (server) referals draft patch that shouldn't have gone in,
make build, for real this time
Texinfo fixes. Text about irix 6.5 using PAM. From: Dave Love <d.love at dl.ac.uk>
x
s/random_key/random_key_flag/, From Dave Love <d.love at dl.ac.uk>
x
x
(dump): handle errors
include <ctype.h>, cast argument to isspace to unsigned char
include <roken.h>
x
x
x
use AF_UNIX like the rest of the codebase, add some more error strings
(send_and_recv_udp): make private again
x
drop prototypes, they all live in krb5-private.h by now
(krb5_context_data): add large_msg_size, threshold where we start to
(init_context_from_config_file): init large_msg_size to 6000
document large_msg_size
de-__P
x
cast argument to isdigit to unsigned char
make it possible to build on systems without SO_PEERCRED (still doesn't work)
LDADD += LIB_pidfile
support SCM_CREDS (for NetBSD)
use -1 as the invalid pid number
x
x
(krb5_kt_get_entry): tell what enctype the caller requested to provide
x
(krb5_random_to_key): cast size_t to int to make %d work
x
manpag for pagsh
add --cache-type that allows the user to control the resulting
x
man_MANS += pagsh.1
x
(DB_open): correct the check for O_RDONLY
x
x
Replace the eay DES code with key scheule setup code by me and DES
bring back from the dead
use errx on failures, not warnx
make destest only once
remove dependency on asprintf
key argument to RC4_set_key is not const, remove const from variable
x
(DES_string_to_key_int): must check for weak keys after doing the
x
x
x
bump version to 7:0:1
bump version to 8:0:1
bump version to 7:7:0 and 6:5:2
bump version to 4:1:4
bump version to 21:0:4
bump version to 17:0:1
x
allow specifing port to connect to
x
(_gss_DES3_get_mic_compat): don't unlock mutex here. Bug reported by
note in a comment that this is a generated file
x
Match solaris 10. From: Joakim Fallsjo <fallsjo at sanchin.se>
x
Update new revision from NetBSD (copyright update)
remove stray ( in output
In 1997, the University of California, Berkeley issued a statement
x
add hex encoder/decoder
add hex.[ch]
use the newly written hex function from roken and remove the old implementation
x
make it work
use size_t for length
hex encoding/decoding test
fix decodeing, it processed to much data and thus returned the wrong length
x
check_PROGRAMS += hex-test
x
update to the asn1 structures used in -25's
use the new generated oid functions
use generated oid's
use generated oid's
fold in pk-init-25 asn1 changes
use KRB5_PADATA_PK_AS_REQ_19
do error handling and catch programmers errors
handle the -25 generation path
x
more text about how to free returned resources
x
add DES_set_key_checked
x
fix signedness issues, prompted by report of Magnus Ahltorp
more static and unsigned issues
x
(gssapi_krb5_set_error_string): don't misuse the krb5_get_error_string api
x
copyright maintenance, drop eay, use updated UCB license
widen lifetime/renewal warning text field, also make use of
include <sys/socket.h> for <netinet6/in6_var.h>
x
Add some text about modifying the database
x
(gssapi_krb5_set_error_string): pass in the krb5_context to
x
make example better
AES is enabled by default, remove ifdefs
use hex encoder from roken
AES is enabled by default, remove ifdefs
(hex_encode): wrap SIZE_T_MAX
use RCSID instead of __RCSID
use $Id$, not the mangled netbsd version
x
Make constent with rest of the gssapi test programs
x
(print_gss_name): common code for printing gss name
use print_gss_name, print server name too
x
free memory, make error strings match
add mutex for global variables, clean up returned error codes,
(make_ccred_from_cred): addresses is filled in now, remove comment
move <des.h> to after include <krb5-types.h> so the C99 integer types exists
x
include config.h and protect some headers
x
check for overflows
Make editline a non-static library and let libtool decide (same with
x
use $(LIB_roken)
x
provide compatibility function DES_key_sched, same as DES_set_key
x
provide c99 types to the built-in libdes functions
(c)
fix prototype for DES_random_key
use DES_set_key_checked
remove setting of DES_check_key, all code uses DES_set_key_checked
x
spelling, from Tomas Olsson
List of attributes, from James F. Hranicky <jfh at cise.ufl.edu>
use defined(TEST_SNPRINTF) like on all other places in the same file
x
stop memory leak in example, expand on wildcards
x
make RANGE parse prefixlen style addresses too, fix printing of RANGE
simple test for addresses
TESTS += test_addr
From FreeBSD:
x
avoid shadowing div
(dns_lookup_int): s/stat/state/ to avoid shadowing
(roken_gethostby): s/sin/addr/ to avoid shadowing
make previous commit really work
avoid const string and strict aliasing warnings
x
avoid const string warnings steming from writeable-string
implement mask boundary for IPv6
test parse IPv6 RANGE addresses
wrap IPv6 test code with HAVE_IPV6
const poison
const poison
(try): reset va_list argument between reuse, from Peter Kruty <xkruty at fi.muni.cz>
x
(gssapi_krb5_verify_8003_checksum): check that cksum isn't NULL
x
"must set with '=' before using '+='"
x
x
print size_t by casting to unsigned long
x
make generation of pa data into a switch instead of a bitmask
Since the decode can't make out the diffrence between PA-PK-AS-REP-19
x
size_t vs int + fix printf
(krb5_address_prefixlen_boundary,krb5_free_address): use find_atype
assume symbols prefixed with _ is a sideeffekt of the local linker and
x
CHECK_SYMBOLS += HDBFlags2int
Argument to create_new_ccache is a principal, not a credential cache name.
x
one more v6 range test
x
print size_t by casting to unsigned long
x
print size_t by casting to unsigned long
max-life and max-renew is of unsigned int in asn1 compiler, use that
x
MacOS is also a unix that doesn't define __unix__/unix
print size_t by casting to unsigned long
print size_t by casting to unsigned long
use size_t, print size_t by casting to unsigned long
x
x
use NULL as last argument to execl
x
use NULL as last argument to execl, not 0
remove unused variable
x
fix 3 'var' might be used uninitialized warnings
x
remove last leftover ENABLE_AES
remove libdes leftovers
ignore more generate files
clean_ttyname might be unused, mark it so with __attribute__
x
(process_pa_data_to_key): also check for KRB5_PADATA_PK_AS_REP_19,
x
sync patypes with pkinit branch
add test_sequence to TESTS
make less verbose in case of success
print out client principla of delegated credential
x
break out the processing of the delegated credential to a separate
x
x
ignore login_protos.h, its a built file
print DS
x
#ifdef wrap
don't include bit types, the user must do that
x
define ROKEN_LIB_FUNCTION on all exported functions
rk_WIN32_EXPORT for roken
x
provide ROKEN_LIB_FUNCTION glue
add closefrom
drop <errno.h>
check for closefrom
(pipe_execv): use closefrom
x
don't close stderr, close all fd that is num 3 and larger
x
add external passsword quality check builtin module
x
add closefrom
add ROKEN_LIB_FUNCTION glue
x
add an end tag to the external password quality check protocol
x
Add krb5_keyblock_init to allocate an fill in a keyblock from key data.
document option -H --hex to the add command
add option -H --hex to the add command
x
AUTHENTICATE and AUTHENTICATE_V2 is almost the same, and clients
x
include <hex.h>
x
(kadm5_add_passwd_quality_verifier): if NULL is passed in, load defaults
x
add verifier libraries with kadm5_add_passwd_quality_verifier
replace dash with underscore in the new configuration file option,
document new password policy code
x
external password verifier sample
x
x
document krb5_keyblock_init
x
define manpage macro
remove manpage macro, add some more references to manpages
(mget): cast char to unsigned char to make sure its not negative when
(statcmd): cast argument to isdigit to unsigned char
use unsigned char * to make sure its not negative when passing it to
x
cast to unsigned char to make sure its not negative when passing it to
(TTYget): use unsigned char to make sure a positive number is returned
drop <ctype.h>, no longer use any of the is* macros in this file
cast to unsigned char to make sure its not negative when passing it to
x
cast to unsigned char to make sure its not negative when passing it to
x
x
change version to 0.7pre1
pagsh is in section 1
change back to 0.7pre again
ignore filename symbols
x
(_krb5_get_default_principal_local): add, for use of functions that in
(acc_resolve): if open_default_ccache failed with ccErrCCacheNotFound
x
fix getpw*_r calls, they return 0 even when the entry isn't found and
x
test program for krb5_kuserok
noinst_PROGRAMS += test_kuserok
use getpwnamn_r if it exists
x
add --version and --help
include <config.h> since defines _GNU_SOURCE if needed, avoid asprintf warning
x
include krb5.h to avoid krb5_getportbyname warning
rewrite getpty to make use openpty when its found, save the slave fd
x
catch when snprint needs a larger buffer
x
clearify what ret_len is in krb5_print_address
check return values from snprintf and clean up semantics of ret_len
check address truncation
check return value of snprintf
use asprintf to avoid truncating pathnames
x
x
cast size_t to unsigned long
(foreach_principal): initialize ret to make sure it have a value
cast ssize_t to unsigned long, fix printf format
cast size_t to unsigned long
x
document supported mechamisms
(c)
spell spnego
add 0.6.4 items
spelling, from Tracy
pre2
remove unused variables
print the type so I don't need to ask for it
more error table symbols, run in LANG=C to unconfuse gawk
this lib include com_err, add -com_err to CHECK_SYMBOLS
x
x
more stuff that was added
catch two more snprintf problems
spell succeeded correctly, From Sean Chittenden
x
rename log10 to find_log10, because log10 in a builtin function on FreeBSD5
fix warnings
x
remove more leftovers
Support multi-realms databases, requires that all the realms are
x
Implement enough of kerberos 4 protocol to be a KDC, move the v4 bits over here
add more v4 defines
Move the kerberos v4 replacement functions to v4_glue.c
forward declaration of _krb5_krb_auth_data
move all Kerberos 4 related stuff to one place
Use the new Kerberos 4 functions in libkrb5 and so kerberos 4 is
make compile
add forward declaration of krb5_krb_auth_data
libkrb5_la_SOURCES += v4_glue.c
spelling, from Björn Sandell <biorn at dce.chalmers.se>
spelling, from Björn Sandell <biorn at dce.chalmers.se>
update .Dd
more spelling
x
change the wrapping around the Top node to ifnottex, make html generation work
add docbook version macro of @sub
simplify error handling
Use the new Kerberos 4 functions in libkrb5 and so kaserver support is
always add kaserver
add kaserver support unconditionally, make kdc only fail to start when
add kaserver support independ of having krb4 support
include kerberos 4 headers here
don't include kerberos 4 headers here
(krb5_cc_new_unique): new function to create a new credential cache
document krb5_cc_new_unique
x
unexport the oid_to_enctype function, not for external consumers
use the unexport the oid_to_enctype
x
we no longer use eay libdes, make acknowledgment still be there, but
don't use sizeof(pointer)
unexpose undefined part of the API, included strlcat
x
add strlcpy
s/strlcpy/strlcat/
include strlcpy and *printf and use them
x
use strlcpy
declear yyparse as a function taking no arguments
use strlcat
forward declaration for private structures
use strlcpy
use strlcat
make compile again
remove another strcpy
x
comment out docbook stuff for now
x
(acc_gen_new): remove debug printf
pre3
go back to pre
use snprintf to format tkfile
x
handle string trunctions
x
use strlcpy
x
add EQUALITY rule for krb5ValidStart, krb5ValidEnd, krb5PasswordEnd
x
use PADL version
switch the units variable to a function. gcc-4.1 needs the size of the
use the newly generated units function
x
use the newly generated units function
limit the units functions to asn1_[A-Za-z0-9]*_units$
add the documented option --port
x
x
(getpty): Declare p.
Include roken.h
Maybe include stdlib.h
x
define _POSIX_PTHREAD_SEMANTICS so we get posix getpwnam_r
x
Add support for Solaris, Irix, and modern Linux. From David Love <fx at gnu.org>
x
Include krb5-types.h
also include <stddef.h>
Include hash.h first.
x
add rk_realloc, unbroken version of realloc
add realloc
fix (c)
use rk_realloc if realloc is broken, this makes "host-tools" not
x
add rk_realloc
x
Use larger buffer for recving data to be compatible with older
Use larger buffer for recving data to be compatible with older
x
prefix all sequence symbols with _, they are not part of the GSS-API api. By comment from Wynn Wilkes <wynnw at vintela.com>
x
check the 0 length string too
add some more tests
test the NULL string, fix printfs
check that string is properly terminated
use BINDIR instead of "/usr/bin/ with _PATH_RSH
x
(krb5_set_config_files): ignore permission denied on configuration
x
Set PTHREADS_LIBS on Irix.
x
Maybe include sys/resource.h. Use various RLIMIT_ macros conditionally.
x
Check for correct vis.h.
Add LIB_roken.
x
(LDADD): Add libsl.la.
x
(LDADD): Add libcom_err.la
x
add LIB_com_err
x
use $(LIB_com_err)
require compile_et to generate a initialize_FOO_error_table_r (they
x
include checking if snprintf(NULL, 0, "") works
use LIB_com_err for libkrb5.la
x
replace <strings.h> with <string.h>
(UI_UTIL_read_pw_string): remove unused variable plen
x
(UI_UTIL_read_pw_string): make the prompt argument const
Include <des.h>.
(connect_host): make sure s is initialized
x
sys/ptyvar.h might need <sys/tty.h>
Include <err.h>.
x
add check that snprintf doesn't write the NUL into the last byte when
(vsnprintf): don't write the NUL into the string if the length was 0
x
add <err.h>
x
include <err.h>
#include <err.h>
#include <err.h>, only print salt it its longer then 0, use krb5_err
add break on default: statements, from Douglas E. Engert
x
Pass prompter data to the prompter function, implement a UI prompter
pass a NULL prompter data to _krb5_pk_load_openssl_id
krb5_get_init_creds_opt_set_pkinit
if we are using PKINIT, strip of the highest bit to make windows
x
(main): Call setprogname.
Include <krb5-types.h>.
(afskauthlib.so): Use libtool.
Check RLIMIT_MEMLOCK, not RLIMIT_LOCK.
x
(init_socket): rename variable sun to un to avoid namespace collision.
x
include <crypt.h>
Don't declare des_salt &c as static with incomplete type (invalid in
x
Now that we fixed the signed-ness of nonce for windows, remove the
x
(help): Don't use non-constant initializer for `fake'.
x
(krb5_ui_method_read_string): use the fill in length
add com_err to required libs
Add member fd to map.
sys/tty.h (for sys/ptyvar.h) might need termios.h.
x
(init): Don't disable forwardable for kadmin/changepw.
x
if we have a $srcdir/lib/asn1/pkcs12.asn1, define PKINIT
x
initial manpage
man_MANS += kcm.8
x
more text about usage
x
Include snprintf-test.h earlier.
x
Enabled to build on cygwin, based on patch from David Love <fx at gnu.org>
x
add David Love
Clearify what version of libdes we are using and who's code in it we
Fix typo for HAVE_STDLIB_H.
x
Include snprintf-test.h earlier.
x
expand on what "trailing component" means
x
spelling
x
fix type right test, include <termios.h> for sys/strtty.h, not sys/ptyvar.h
ignore N symbols too
x
add manpage for ipropd-master and ipropd-slave
man_MANS += iprop.8
(_gssapi_wrap_arcfour): fix calculating the encap length
x
(krb5_print_address): catch when the custom print v6-adresss don't fit
x
(sl_command_loop): new return code -2 for EOF
(main): catch -2 as EOF
x
(krb5_kuserok): use POSIX_GETPWNAM_R instead of HAVE_GETPWNAM_R
x
(main): Call kadm5_setup_passwd_quality_check and
(find_func): Fix off-by-one and logic error.
x
Fix and clarify password quality check examples.
x
make more pretty, from Björn Sandell
x
document krb5_storage_is_flags
x
add pkinit people
(as_rep): search for pkinit-9, pkinit-19, and pkinit-25 pa-data,
handle pkinit-9, pkinit-19, and pkinit-25 enckey, still no DH
x
Include <stdlib.h>.
x
Include <crypt.h>.
x
#ifdef protect _PATH_ISSUE
MODEMASK is defined in sys/vnode.h on Solaris, so undef it before we
undef ISASCII before we define our own (problem on Irix)
x
AC_CHECK_DECL and AC_CHECK_DECLS have a subtile diffrence, the later
x
Get daemon declared on Solaris (it's in unistd.h but masked by a
Get daemon declared on Solaris (it's in unistd.h but masked by a
x
(issuid): change the #ifdef order to avoid unreachable code warning.
x
(AES_cbc_encrypt): use unsigned char to avoid signess warning
use unsigned char to avoid signess warning
x
(_kadm5_c_init_context): fix memory leak in case of failure
x
use strlcpy
include <err.h>
catch buffer overrun and check allocation errors
check allocation errors correctly
check allocation errors
x
x
Add new keytab file format JAVA14 that doesn't the use extended kvnos,
KRB5_GC_EXPIRED_OK: expired credentials is ok to return from
(krb5_init_context): register krb5_javakt_ops
(krb5_get_forwarded_creds): honor
(init_auth): set KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED (for java
x
Remove expired credentials, based on patches and comments from Anders
document KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
update (c), .Dd
x
(fcc_get_first): check return value from malloc, memset the structure,
add krb5_cc_new_unique
document KRB5_GC_EXPIRED_OK
zero out content of all krb5_free_x_content like functions to make sure data doesnt get reused, idea from Wynn Wilkes <wwilkes at vintela.com>
test memory corruption in MEMORY keytab
(mkt_remove_entry): check if there isn't any entries in the keytab
document behavior of krb5_kt_remove_entry
(krb4_kt_remove_entry): plug memory leak, avoid crashing on empty keytab
TESTS += test_keytab
use english spelling of March
x
s/sizeo/sizeof/
(fkt_remove_entry): need to call krb5_kt_free_entry after each
(fkt_remove_entry): need to call krb5_kt_free_entry after each
(process_pa_data_to_md): add comment that the caller always free
depend on automake 1.8, we don't test anything older
x
Make Solaris find tgetent
define _POSIX_PTHREAD_SEMANTICS to make solaris provide the right getpwname_r
x
(kt_change): plug memory leak from krb5_kt_remove_entry, print
(krb5_kt_free_entry): zero out content of all krb5_free_x_content like
x
add pkinit and password quailty check options
(pk_verify_chain_standard): store better error message in the context
x
(_krb5_pk_rd_pa_reply): non non asn1 decoding errors, fail. Make sure
x
add missing options, prompted by James F. Hranicky mail to heimdal-discuss
x
(rk_read_env_file): move assignment to later to make pre c99 compiler happy
x
(start_login): put utmpx code into a new scope to avoid pre c99 problems.
x
tests all keytab format
x
(srv_find_realm): make sure `res' and `count' have good values
(srv_get_hosts): if srv_get_hosts failes, return and ignore the error
x
Remove duplicate line that was commented using c99 style comments.
ignore weak symbols too
x
rc1
document WRFILE and JAVA14
x
Adding new and improve old documentation
x
move declaration of detach_from_console here
move declaration of detach_from_console away from here to kcm_locl.h
Don't test HAVE_DAEMON since roken supplies it.
x
x
struct kcm_op: jumptable structure
Merge the description and function jumptables into one structure.
(snprintf_test_SOURCES): Add snprintf-test.h.
x
KRB5CCNAME needs an literal uid, not ${uid}, spelling
x
(kcm_alloc): allow kcm socket to be configured by [libdefaults]kcm_socket=/path
(update_client_creds): add support for getpeerucred and getpeereid
check for functions getpeerucred and getpeereid
include <ucred.h> if we have getpeerucred
Added some info about defaults, fixed some markup.
x
s/HAS_GETPEERUCRED/HAVE_GETPEERUCRED/
fix error in last commit, use right function
(kcm_SOURCES): add headerfiles
remove prototypes and add <kcm_protos.h>
add make_proto for kcm/kcm_protos.h
(do_request): use sendmsg to send the reply
update copyright
document kadm5_add_passwd_quality_verifier, improve text
x
please mdoclint
remove trailing whitespace
remove . for .Nd
remove trailing space
x
x
include "roken.h" to avoid undefined size_t/ssize_t
x
(set_termbuf): use {} around if to make else unambiguous
case uid_t to unsigned long in printf format
x
(cipher3): used unsigned char to avoid problems with platforms using
add LOCAL_PEERCRED and experimental doors support
add LIB_roken as a explit dependency
x
(_krb5_expand_default_cc_name): change format for expantion variables
fix last commit
change format for expantion variables in default_cc_name to
prefix Der_class with ASN1_C_ to avoid problems with system headerfiles that pollute the name space
(kcm_send_request): add support for doing a door call to kcm
Maybe include <sys/mman.h>, maybe include <door.h>.
provide variable LIB_door_create
libkrb5_la_LIBADD += LIB_door_create
use [libdefaults]kcm_door to find the door to kcm
add _PATH_KCM_DOOR, default path to kcm door
add dependcy on kcm_protos.h
detect doors using door_create
Prefix Der_class with ASN1_C_ to avoid problems with system
x
add extern door_path;
Maybe include <door.h>.
x
add test for the empty password ""
(DES_cbc_cksum): init u to make sure it have a value in case of the
x
change format for expantion variables in default_cc_name to
(update_client_creds): fix compile error in the getpeerucred case
(generate_random_pw): fix signed-ness warnings
comment what the "detect doors on solaris" fragment tries to do
Include <alloca.h> at the same time as <door.h>. XXX replace this with
add --door-path=
fix doors support, fix signedness warnings
x
x
provde RTLD_NOW and RTLD_GLOBAL if they don't exists
x
XXX don't run the test unless the machine is in kth.se or su.se
fix test
undef _PATH_RSH to make sure our version is used
x
avoid signedness warnings
x
avoid 'unused variable' warnings
x
spelling, from Björn Sandell
Spelling, from Björn Sandell
x
Add option to disallow getting krbtgt out from from KCM. KCM will do
x
ignore SIGPIPE
(kcm_op_retrieve): check server for krbtgt, not client
x
document --disallow-getting-krbtgt and --door-path
x
rc2
(tgs_make_reply): copy ok-as-delegate flag from server entry to
add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags
(getit): init data.mask to 0.
(kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE
(attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
(kdb_attrs): add ok-as-delegate
x
export check_compat as _gss_check_compat
prototype for _gss_check_compat
(init_auth): honor ok-as-delegate if local configuration approves
x
x
(_krb5_xunlock): catch the error and turn it into something sensable
Adapt to changed signature of _krb5_xunlock, clear more error string
When returning a new error code, either set error string or clear it
When returning a new error code, set error string.
x
Check for [kdc]v4-realm
If we are allocating 0 entires, avoid failing if ALLOC returns NULL
AIX have a diffrent nm, use -B to get bsd like output
aix case: assume gcc handles -pthread, in the non-gcc case, use the
x
x
s/else if/elif/
x
x
Include <stdlib.h> for srandom/random.
Don't building map_syscall_name_to_number where its not used.
rename more resolve.c symbols
use struct kafs_data everywhere, don't mix with the typedef kafs_data
x
rename KRB5_TL_MOD_PRINC to mit_KRB5_TL_MOD_PRINC to hint its a
x
(mit_prop_dump): cast argument to krb5_parse_principal to avoid warning
x
(filename_check): change signednes of p to avoid warning, move typecasts
rework how pthreads support to turned on/off, always run though the
x
(disallow_getting_krbtgt): Declare.
(kcm_door_server): make static
Clarify, spelling and add examples.
x
Spelling.
x
(recv_conn): init variables to using them uninitialized
init some important variables and check that they are set checking
(do_authenticate): check return value from unparse_auth_args
x
init kvno to please gcc
Add an option to disable ndbm, from Stefan Metzmacher <metze at samba.org>
(krb5_log_facility): drop const from program element
(krb5_closelog): free all content in krb5_log_facility
(pk_principal_from_X509): remember to free KRB5PrincipalName
Add more missig entires, from Mathias Feiler <feiler at uni-hohenheim.de>
x
(main): catch KRB5_CONFIG_BADFORMAT from krb5_init_context
(main): catch KRB5_CONFIG_BADFORMAT from krb5_init_context
x
Test run functions, to be used with valgrind to detect memoryleaks.
TESTS += test_mem
x
x
0.8pre
(tgs_rep2): rename loop to nloop to avoid shadow warning
(tgs_rep2): rename one of the tkey to uukey to avoid shadow warning
(krb5_get_forwarded_creds): rename two of the local `realm' to srealm
rename index to i to avoid shadowing
rename variable to avoid shadowing
rename close and log to avoid shadow warnings
x
(_krb5_expand_default_cc_name): replace strndup with inline copy
replace strndup with inline copy, free data on failure
(make_etype_info2_entry): NUL terminate the string
x
check for brokenness in getaddrinfo on AIX that can't handle "0" as
disable threads on aix because of utmp/utmpx problems
x
rename index to idx to avoid shadowing
since we got no feedback regarding people running heimdal on the
add rk_UNCONST that can be used to unconstify variables to avoid
(parse_record): fix casting to avoid losing const
avoid shadowing sin
rk_UNCONST argument mktime
UNCONST return value from strptime
rename optind to optidx to avoid shadowing
ansi'ify the code
avoid shadowing sin
include headerfiles and set prototype for tgetent
add headers and prototypes to logwtmp, logout and openpty checks
rename optind to optidx
move const to make it pass -Wcast-qual
use ansi c declarations
x
rename optind to optidx
(name2number): rename base to num to avoid shadowing
rename base to base_id since flex defines a function with the argument base
x
use rk_UNCONST to un-constify
rename index to idx
rename optind to optidx, move variable define to avoid shadowing
rename optind to optidx, rename variables to avoid shadowing
use HAVE_DLOPEN around cc_handle
add headers and argument to dlopen
x
use ansi c declarations
fix a merge error
x
use get_filename
rename function filename to get_filename
rename to avoid shadowing
rename optind to optidx
rename optind to optidx, remove shadowed variables
rename sin to sin4
use rk_UNCONST to silence const warning
(_krb5_expand_default_cc_name): just copy the string instead of losing const
rename to avoid shadowing
rename optind to optidx
x
use rk_UNCONST to unconstify
give kret in GSSAPI_KRB5_INIT a more unique name
rename to avoid shadowing
use rk_UNCONST
x
include headers and provide arguments for the tests
use ansi prototypes
use ansi c prototypes
use rk_UNCONST
rename index to idx
x
(k_afs_cell_of_file): unconst path
rename index to idx
rename `encrypt' to avoid shadow warning
remove cast that to avoid dropping const
(default_s2k_func): unconst password
unconst argumen to connect, unconst argument to krb5_store (XXX this
rename optind to optidx
(krb5_krbhst_init_flags): rename variable to avoid shadowing
rename variable time to timestr to avoid shadowing
rename variable index to idx
rename optind to optidx
(krb5_rd_cred): remove shadowing unnessecery variable len
(krb5_sendto): remove shadowing unnessecery variable ret
unconst argument to krb5_store (XXX this should be fixed, krb5_store
rename optind to optidx
rename the temporary string variable to `str'
rename optind to optidx
(krb5_keytab_key_proc): unconst argument
rename pvno to krb5-pvno
(krb5_string_to_key): unconst password
const poison, add a unconst where needed
rename optind to optidx
const poison
rename shadowing len to num
rename variable exp to expression
rename local variable slave to s, optind -> optidx
avoid shadowing
rename variable password to avoid shadowing
rename optind to optidx
constify
x
(krb5_rd_rep): check if KRB5_AUTH_CONTEXT_DO_TIME set and use that as
x
indent
x
Rename parameter, as encrypt shadows a global, from Andrew Bartlett
x
fix example
x
add 0.6.5 notes
Write a new parse_number function that is possible to limit that
x
unconst
x
test for "%Y%m"
x
Add const, from Andrew Abartlet <abartlet at samba.org>
x
(DB_open): in case of error, close database
(NDBM_open): in case of error, close database
(DB_open): in case of error, close database
log the kaserver requests, avoid shadowing variables
x
(password_quality_entries): add min_length and min_classes
Documentation for password quality control. From: "James F. Hranicky" <jfh at cise.ufl.edu>
no more libdes, gssapi lib is complete
Always include <krb5-v4compat.h>.
add strpool, a printf collector to make it eaiser to collect strings
(libroken_la_SOURCES): += strpool.c
x
(as_req): print the supported encryption types so its possible to know
Add logging of all timestamps in AS-REQ and TGS-REQ, for auditing
x
fix format attribute
add --disable-afs-string-to-key to allow removal of support for afs
optionally compile in support for string2key
const poision for unwriteable strings
Merge in the libkdc/kdc configuration split from Andrew Bartlet <abartlet at samba.org>
there is no export script, not pretend there is
add krb5_425_conv_principal_ext2 that work just like
Don't pollute namespace, generate public headerfile
indent, remove dup prototypes
x
remove variable names
x
Merge in the libkdc/kdc configuration split from Andrew Bartlet <abartlet at samba.org>
add depency on LIB_dlopen and LIB_door_create
x
adapt pkinit code to libkdc split
s/optind/optidx/
avoid shadowing global variable
avoid shadowing variables
prefix pkinit symbols with _kdc
x
build kdc-protos.h
Spelling, from David Love
document kadmin command password-quality instead of the not installed
revert previous, wrong file
document kadmin command password-quality instead of the not installed
arcfour-hmac-md5 support for windows cross was added in w2k3-sp1
x
(krb5_verify_init_creds): `entry' unused, remove
clarify that krb5_kt_close frees all resources, even on error
update (c)
krb5_kt_close frees all resources, even on error.
x
(krb5_kt_get_entry): clear error string when returning a new error
x
rk_strpoolprintf first variable identifier is 3
x
remove duplicate ;
x
Include <stdarg.h> for va_list to help AIX 5.2.
x
Document some com_err functions (still missing _r ones), contributed
allow symbols to start with ., aix uses this
x
If we have <strings.h> include it, its needed for strcasecmp() on
x
(parse_words): avoid const warnings by making a (shorter) copy of the
x
(change_entry): just use global context to avoid shadowing; make a
don't include <version.h>, it forces unnecessary rebuilds
x
(TTYinfo): only call tgetent if we found it using autoconf
x
make a copy of realm and admin_server to avoid un-consting
make a copy of realm and admin_server to avoid un-consting
rename optind to optidx
x
lower amount of shadow and const warnings
x
revert previous until I've have cleaned libvers mess
Check a very simple format string
x
check for strings.h explicitly instead of depending on AC_HEADER_STDC
x
run AM_INIT_AUTOMAKE before AM_PROG_CC_C_O otherwise am_aux_dir will
(time_encryption): free cleartext buffer
test encryption wrapping
ETYPE_ARCFOUR_HMAC_MD5_56 isn't not supported
(wrapped_length): the underived encrypted types checksum are all
(TESTS): add test_crypto_wrapping
fix unconst and shadow warnings
(doit): only cleaup for active sockets, passive does it own cleaning up
x
If there are no addresses, print addressless instead of nothing.
make input data to krb5_encrypt{,_ivec} const
krb5_encrypt now takes a const, no need for casting
remove parameter names to avoid shadow warnings
x
comment out paramenter name in typedef functions to avoid shadow warnings
sprinkel check_secure, check if CCC was passed in check_secure
variable to keep track of if CCC was passed
keep track of if CCC was passed
x
x
make scope variables unique to avoid shadow warnings
heim_any
x
Commit much improved ASN.1 compiler from joda-choice-branch.
x
check that initialize_conf_error_table_r have the right argument
x
Use a configure switch to turn on PK-INIT, not by detecting existence
(_krb5_pk_octetstring2key): string2key function used in pk-init-25
clean up pk-init DH support, not finished yet;
x
x
(cmp_Name): do at least some checking
(decode_type): TChoice: set the label
(_krb5_pk_octetstring2key): fix arguments
(pk_rd_pa_reply_dh): client do not contribute to the DH when the
x
reapply 1.43 that got lost in the merge: rename pvno to krb5-pvno
(fkt_start_seq_get_int): check return value from krb5_storage_from_fd
x
update (c)
x
the new asn.1 compiler includes the modules name in the depend file
(spnego_initial): NegotiationToken encoder now that we have one with
x
(krb5_get_credentials_with_flags): only call krb5_cc_retrieve_cred
(nl_getlist): poll to get messages from kernel, and retry if the
x
avoid const warning, use sin4 instead of sin to avoid shadow warning,
(krb5_rd_cred): don't leak memory
(gss_adat): avoid leaking memory
x
(TChoice): add () to make sure variable expression is evaluated correctly
x
Check encoder lengths from ASN1_MALLOC_ENCODE.
x
x
(find_tag): Fix return in TType case.
(free_heim_any_set): Fix return.
x
(find_tag): find external references, we can't handle those, so tell
x
(generic_decode_fail): only copy in if checklen its less then 0xffffff
rewrite integer overflow tests w/o SIZE_T_MAX
x
(check_fail_bitstring): check for length overflow
*** empty log message ***
Add Kerberos 5 klist, old patch from Tomas Nyström (remove krb4 support).
Kerberos 5 klist.
x
(length_type): cast size_t argument to unsigned long and use
(der_match_tag): tag is unsigned int.
(decode_heim_any): tag is unsigned int.
(decode_type): tagdatalen should be an size_t.
fix shadow warnings
Remove parameter names to avoid shadow warnings.
x
Fix shadow warnings.
Fix shadow warning.
(generate_constant): oid elements are unsigned
print size_t by casting to unsigned long and use right printf format
x
(_krb5_pk_octetstring2key): make sha1 output unsigned char to match openssl
x
(de_http): sscanf takes a char *, not unsigned ditto, cast approriately
(doit): krb5_addr2sockaddr takes a krb5_socklen_t
x
change unsigned char * to void *
x
framework for testing _krb5_pk_octetstring2key
TESTS += test_pkinit_dh2key
use AS_HELP_STRING instead of AC_HELP_STRING
some of the structure are in the IMPLICIT TAGS module, adapt
x
x
Expand on what is wrong with the IMPLICIT tagging
tests for IMPLICIT
test several IMPLICIT tag level deep
test several IMPLICIT tag level deep
Added #ifdef out test for IMPLICIT tagging.
x
hint that there are IMPLICIT content when we find it
x
gen_files_test += asn1_TESTImplicit2.x
Two implicit tests, one with all structures inlined
fix workaround for IMPLICIT CONS case
x
x
Include enough workarounds that this even might work.
x
x
handle IMPLICIT and share some common structures
add some more oid's needed for CMS
include SET OF in Attribute to make the type more useful
add new files
Adapt to IMPLICIT changes in CMS module.
add PKCS12-OctetString
Initial revision
x
fix id tags
x
(_hx509_write_file): add a function that write a data blob to disk too
(_hx509_write_file): in case of write error, return errno
Use _hx509_map_file, _hx509_unmap_file and _hx509_write_file.
allow matching on SubjectKeyId
x
Add missing break.
more checks on KeyUsage, allow to query on them too
add checks for KeyUsage
add KeyUsage error
add KeyUsage query bits
(cms_create_sd): add KU digitalSigature as a requirement to the query
x
test chain
test certs
Add regression tests.
x
more checks
generate test certs
test certs that lasts 10 years
test_chain depends on hxtool
(mem_iter): follow conversion and return NULL when we get to the end,
(file_iter): make sure endpointer is NULL
x
(heim_bit_string_cmp): try handle corner cases better
(free_type): free bignum integers
(parse_certificate): return errno's not 1 in case of error
x
return errors from iterations
return error
clean up checks
x
(_hx509_name_ds_cmp): make sure all strings are not equal
x
free hx509_verify_ctx
(hx509_verify_destroy_ctx): add
x
start testing BIT STRING
make it work for non c99 compilers too
x
x
update to pkinit-27
Update to pkinit-27
x
rename optind to optidx
x
remove duplicate asn1_CMSAttributes.x
x
switch to slc
x
change to c89 comment
Make variable initiation constant by moving them to global context
x
(gen_wrapper): use the generated version of name for function, if no
x
add more options for create-sd
use (some of the) options for -create-sd
test for cms
add test for cms
fix filenames for ds/ke files, add pkcs12 files, regen
test query interface
add query, add more options to verify-sd
add more cms tests
add query, add more options to verify-sd and create-sd
explain what signer is for create-sd
add test_query to TESTS, fix dependency on hxtool sources on hxtool-commands.h
add test cases turds to CLEANFILES
x
(hx509_certs_append): needs a hx509_lock, add one
add HX509_QUERY_MATCH_FRIENDLY_NAME
add hx509_octet_string_list, remove bad comment
add hx509_cert_find_subjectAltName_otherName
slightly less verboese
fix const warning
(hx509_cms_verify_signed): add external store of certificates, use the
(_hx509_certs_find): add error code for keyset not found
add CERT_NOT_FOUND
make digest_alg a digest_oid, it's not needed right now
(hx509_cms_create_signed_1): pass in a full AlgorithmIdentifier
add --content-info to cms-verify-sd
add DER NULL to the digest oid's
sprinkel rk_UNCONST
(cms_create_sd): support certificate store, add support to unwrap a
CMS SignedData messages, wrapped inside ContentInfo
generate SignedData
test more cms signeddata messages
(cms_create_sd): support wrapping in content info
(cms_create_sd): support wrapping in content info
verify ContentInfo wrapping code in hxtool
Add HX509_QUERY_MATCH_FUNCTION that allows caller to match by
x
add another oid for rc2
x
add id-rsadsi-rc2-cbc
x
add "new" RC2 oid
add enveloped data (aes128)
regen
add contentinfo wrapping for create/unwrap enveloped data
use id-envelopedData for ContentInfo
add EnvelopeData tests
x
Use --certificate= for enveloped/unenvelope.
Use --certificate= for enveloped/unenvelope.
x
(hdb_unseal_key_mkey): try to unseal key with keyusage 0 in case the
indent printf strings
Use the _krb5_krb_life_to_time function from libkrb5 instead of
(_kdc_as_rep): log what enctypes was using in ENC-TS preauth, both for
x
(kdc_LDADD): add LDADD
x
Add <sys/types.h>, OpenSSL 0.9.8 needs it for size_t.
x
Make return value of gai_strerror const to match SUSv3.
x
sprinkel more const
x
(do_login): only do krb4_get_afs_tokens if we have done v4
x
make writenet take const void * and size_t
no need to typecast argument to writenet
Fix ansi c warning.
make writenet take const void * and size_t, abort if size it too large
Fix printing of /etc/issue{,.net}.
x
(DB_open): catch errors from the d->open calls instead of letting them
x
Document krb5_verify_opt_alloc and krb5_verify_opt_free.
Add krb5_verify_opt_alloc and krb5_verify_opt_free.
(log_timestamp): avoid shadow warnings
Indent strings.
(tgs_rep2): only needs to log "Failed to verify authenticator" once,
(_kdc_as_rep): preserve the error code in the ENC-TS case.
x
even more bits, not done yet
Expose the crypto operations on the master key.
x
add tests vectors from "Liqiang(Larry) Zhu" <lzhu at windows.microsoft.com>
x
Print out the three last commands that is needed to make a release.
rename optind to optidx to avoid shadow warnings
avoid warnings, update (c)
x
Add support for HDB-extension.
Update interface version (and indent).
Update (c).
Add error "Entry contains unknown mandatory extension".
Print extensions.
Build extensions.
Add more TL types (password and extension).
Operations modify extensions, mark that with TL_DATA.
Merge in KADM5_TL_DATA in the database.
Expose KADM5_TL_DATA options to the client.
Make BAD_TL_TYPE error more helpful.
(kadm5_log_replay_modify): Check return values of malloc(), replace
Operation modifies tl_data.
Set and clear password where appropriate.
x
Extend struct field_name to have a subvalue and a extra_mask. Use
Include <hex.h>.
Parse extensions.
Avoid shadowing exp().
x
New ASN.1 compiler
test loading and dumping of the database
Add tests/Makefile and tests/db/Makefile.
x
Use krb5_set_password instead of krb5_change_password.
Allocation is done on CONTEXT tags.
Add more options that was missing.
x
x
Update (c).
x
Indent.
Rename password-quality to verify-password-quality.
Implement KADM5_LAST_PWD_CHANGE.
Remove structure that is never used (sneaked in the large TL_DATA patch).
x
HDB extensions access glue.
Fill in asChecksum, we now implements -27 in the KDC.
(_kdc_as_rep): Pass down the request buffer to _kdc_pk_mk_pa_reply.
Pass down the request buffer to _kdc_as_rep().
update prototype for _kdc_as_rep
Implement verification of asChecksum, now client side code is using
Make compile.
Update prototype for krb5_create_checksum.
(pk_mk_pa_reply_enckey): add missing break;
Switch over logging and comments to -27.
(fcc_store_cred): default to MIT style ticket flags.
Document fcc-mit-ticketflags in COMPATIBILITY section.
x
Revert previous, I was confused.
Fix the version number for fcc-mit-ticketflags.
x
Rename optind to optidx to avoid shadowing.
Rename logf to avoid shadowing.
x
Save the request buffer so that pre-auth mechanism that needs it can
x
Update prototype for _kdc_pk_mk_pa_reply.
x
provide interface to find avaible databates
only add krb5EncryptionType for already existing entries or heidmal entries
provide locking for version entries
(hdb_seal_key_mkey): dont double encrypt keys
Fix printing of size_t.
Add KRB5-PADATA-PK-AS-09-BINDING, client send this (with an empty
Check for res_ndestroy.
(dns_lookup_int): if we have res_ndestroy, prefeer that before res_nclose
x
(check_for_tgt): Re-order code so it only free the credential if one
x
Document what happens with NULL to krb5_config_free_strings
(dns_find_realm): Fix const warnings, plug memory leak. From: Stefan
Constify strings to avoid warnings.
x
(krb5_425_conv_principal_ex2): Remove shadowing variable.
moved to libvers
(setprogname): const poision
x
Build KCM if we have doors or unix sockets.
Remove argument names, no functional change.
Const poision.
Const poision yyerror.
x
Change name of oldret for each instance its used to avoid shadow
Use rk_UNCONST to avoid const warning.
x
Testprogram for krb5_expand_hostname() and krb5_expand_hostname_realms().
Add test_hostname to check_PROGRAMS but not TESTS, I have no same dns to use.
x
New program iprop-log that incorperates dump_log as a subcommand,
(kadm5_log_previous): catch errors instead of asserting and set error string.
Update to new signature of kadm5_log_previous.
x
Make compile.
Make this work with a clean directory.
Move truncate_log and replay_log into iprop-log.
(kadm5_log_foreach): add a context variable and pass it down to `func´.
folded into iprop-log
x
Basic for documentation of iprop-log.
man_MANS += iprop-log.8
SEE ALSO iprop-log.
x
Add --disable-afs-support.
x
More text about iprop-log.
x
(rk_strpoolprintf): remove debug printf, plug memory leak
x
RFC 4120 replaces RFC 1510
x
Default to use 2b tokens.
x
Libkafs defaults to use 2b tokens.
(fix_transited_encoding): Allow empty content of type 0 because that
(check_transited): Allow empty content of type 0 because that is was
x
include <sys/ucred.h>
(update_client_creds): in case there is no UCRED_VERSION, skip LOCAL_PEERCRED
Check for <sys/ucred.h>.
Explicit typecast to avoid signess warning.
x
(log_timestamp): endtime, not endtype
(make_etype_info_entry): Dont send salttype at all, use KRB5-PADATA-AFS3-SALT
x
Add socket_set_ipv6only, remove some argument names.
Add socket_set_ipv6only.
x
Use socket_set_reuseaddr and socket_set_ipv6only.
x
Resolver checks, broken out so samba can use it
Resolver check moved to rk_RESOLV, from Andrew Bartlet <abartlet at samba.org>
x
Use echo, the function check isn't defined here.
Fix signedness warning.
Cast size_t to unsigned long when print.
(hx509_cert_get_attribute): remove const, its not
Use void * instead of char * for to avoid signedness issues
Abstract out PBE_string2key so I can add PBE2 s2k later.
pass in password to cms-create-sd
add UNKNOWN_LOCK_COMMAND and CRYPTO_NO_PROMPTER
Add hx509_lock_command_string.
Pass in password, add more tests.
Add --pass to all commands.
Use option --pass.
Pass in --pass to all commands.
x
Add DC, handle all Directory strings, fix signless problems.
Make _hx509_pbe_decrypt take a hx509_lock, workaround for empty password.
_hx509_pbe_decrypt now takes a hx509_lock.
Split verify and print.
add --content to print
Implement prompter.
Document krb5_mk_req, krb5_mk_req_exact, krb5_mk_req_extended,
MAN_mans+= krb5_mk_req.3
x
Document krb5_rd_req.
x
(create_random_entry): create principal with random password even
(kadm5_s_get_principal): clear error string
(_kadm5_unmarshal_params): avoid signed-ness warnings
Add KRB5_TL_PKINIT_ACL.
Constify password
x
Constify password.
(test_one_int): len and len_len is size_t
(check_directory): use passed directory name
Removed wrong variable.
unput() have to hanppen in actions for flex 2.5.31, can do them in
Fix signedness warnings.
Don't depend on malloc(very-very-larger-value) will fail.
Don't depend on malloc(very-very-larger-value) will fail.
Makes bytes native platform signed to avoid casting everywhere
Avoid signedness warnings.
(PKCS8PrivateKeyInfo): Inline SET OF to avoid compiler "feature"
x
cast to unsigned char to make sure its not negative when passing it to
x
Avoid empty array initiators.
Add extensions, fill in missing fields.
x
Starting point for a pkcs11 module.
Add ks_p11.c, install hxtool.
Register pkcs11 module.
Cast to unsigned char to avoid warning.
x
Use libtool's default values for building shared/static libaries, ie
x
x
x
Remove signedness warnings.
(make_etype_info2_entry): When its a afs3-salted key, use send the
(krb5_DES_string_to_key): If the opaque length it set to 1, and
(pk_verify_chain_standard): set cert to NULL to make sure its not freed.
Support PK-INIT-27 DH (and remove -19)
Ignore __i686.get_pc_thunk.
Remove double free, now pk-init works again.
Disable sending -19, fix parsing -27 of the protocol.
TSequenceOf/TSetOf: Increase the length of the array after successful
x
Move DH support from -19 to -27.
Don't check oid's too closely, they change in Windows Vista.
Implement correct DH for -27, now working with client.
Add rk_dumpdata() that write a chunk of data into a file for later
Add rk_dumpdata.
(libroken_la_SOURCES) += dumpdata.c
(krb5_rd_cred): try both the session key and the sender subkey. Both
Add DHPublicKey, and INTEGER to for storing the DH public key in the
(gen_files_rfc2459) += asn1_DHPublicKey.x
x
Wrap DH public key in a ASN.1 INTEGER wrapping.
Support cached DH variable (still need to store it though), don't
The public DH key is encoded as an INTEGER in subjectPublicKey.
More verbose PK-INIT logging.
Remove leftovers, remove extra space.
Include <stdint.h> if it exists.
Move rk_UNCONST to roken.h.in since it might use uintptr_t depending
Check for <stdint.h> and uintptr_t
x
(krb5_cc_ops): add cache iteration functions
Add cache iteration funcations. Add internal allocation function for
Test the new cache iteration functions.
Implement the cache iteration functions.
Implement the cache iteration functions.
Use all DES keys, not just des-cbc-md5, verify that they all are the same.
Support the new MacOS X 10.4 ioctl interface that is a device
x
Return KRB5_CC_NOSUPP for ccErrServerUnavailable.
Add option --list-caches that lists the avaible caches and their status.
x
Maybe include <sys/sysctl.h>.
Mac OS X 10.4 needs a runtime check if we are going to use the
Update text about Kerberos RFC's.
x
(init_ccapi): return kerberos errors, callers expect it
RFC 1510 was obsoleted by 4120.
x
Validate that issuerAltName and subjectAltName isn't empty.
x
Change short flag of --list-caches to -l (-v is already used).
Document --list-caches
Add parse and print functions for heim_integer.
Add tests for parse and print functions for heim_integer.
Add support for reading a moduli-file for DH parameters.
Provide forward declartion of krb5_dh_moduli.
Update error codes. Add name to group. Change return value of
Match error code with pk-init-27.
x
x
x
x
Check dh group parameters from client.
(_krb5_dh_group_ok): if q is zero, ignore it.
Save DH group name and print it on success.
(_krb5_dh_group_ok): return DH group name on success.
Removing PK-INIT-19 support.
Fix comment
Add forward declaration for krb5_dh_moduli.
rename moduli file to SYSCONFDIR "/krb5.moduli"
moduli file
Describe format.
Install krb5.moduli in sysconfdir.
x
HDB extensions
Remove pk-init-19 support.
Inline short functions, share more code, rename COMPAT_27 to
Prepare to pass down a krb5_krbhst_info into the pre-auth mechs
x
add Q for group 14
(_krb5_krbhost_info_move): new function
Don't install krb5.moduli for now.
Add gssapi_krb5_clear_status, gssapi_krb5_set_status for handling error
(spnego_reply): Don't pass back raw Kerberos errors, use GSS-API
x
(krb5_get_init_creds_opt): rename element private to opt_private to
rename element private to opt_private to make c++ picky compilers less upset.
Rename private to opt_private.
x
Add gssapi_krb5_set_status and gssapi_krb5_clear_status
x
Clarifiying comment.
Add example how to use krb5_get_credentials.
Specify that krb5_unparse_name sets name to NULL on failure.
x
Try to explain krb5_ccache, krb5_principal and errors.
Nits in the credential cache text.
Add krb5_cc_start_seq_get and an example.
Update .Dd and (c)
Fix all prototypes, they got krb5_context argument wrong.
x
Catch error returned by ->hdb_unlock. From Henry B. Hotz
(krb5_cc_cache_match): add function that iterates over all credential
Test krb5_cc_copy_cache and krb5_cc_cache_match.
Test copy FILE -> FILE, and MEMORY -> MEMORY too.
x
x
Try both ReplyKey and ReplyKey-Win2k for the Windows case to support
x
Text about Kerberos errors.
x
Add option to require binding between reply and response.
x
x
(k_hasafs_recheck): new function, allow rechecking if AFS client have
Add k_hasafs_recheck.
Remove untested patch that sneaked in.
x
(acquire_initiator_cred): use krb5_cc_cache_match to find a matching
x
x
Add pkinit_dh_min_bits to krb5_kdc_configuration.
Fill in pkinit_dh_min_bits from configuration file.
(get_dh_param): Pass down config so this function can check pkinit_dh_min_bits
(_krb5_dh_group_ok): if not enough bits are generated from the DH groups, fail.
Remove leftover pkinit-19 bits.
Check return value from asprintf instead of string != NULL since it
Check return value from asprintf instead of string != NULL since it
x
Check return value from asprintf instead of string != NULL since it
x
Check return value from asprintf instead of string != NULL since it
x
Check return value from asprintf instead of string != NULL since it
Check return value from asprintf instead of string != NULL since it
Check return value from asprintf instead of string != NULL since it
x
add missing }
Check return value from asprintf instead of string != NULL since it
More verbose errors.
Fix mdoc for krb5_encrypt_EncryptedData, Johnny Lam <jlam at pkgsrc.org>
Install krb5_set_password.3, Johnny Lam <jlam at pkgsrc.org>
Add variable INSTALL_CATPAGES that controls if cat pages are installed,
x
test gss_krb5_import_ccache
add gss_krb5_import_ccache, reverse of gss_krb5_copy_ccache
Add _gssapi_krb5_ccache_lifetime, used to extract lifetime from a
(_gssapi_krb5_ccache_lifetime): break out code used to extract
x
Sort and add gss_krb5_import_ccache.
Document gss_krb5_import_ccache
build test_kcred
x
In the list caches view, rename the Status field to Expires.
x
(krb5_ticket_get_authorization_data_type): understand
Spelling.
Use NIST test certificates to test the x509 stack.
control data to drive the NIST tests
Print that it started, it takes a while...
Add all nist certificates.
allow breaking early, print a dot for each certificate that is processed.
Add some more tests.
Add some X9.57 (DSA) oids.
Add some X9.57 (DSA) oids, sort lines
x
Support DSA signature operations.
Maybe include <sys/param.h>.
(Data): Use right variable. From Tomas Olsson
x
Remove memory leaks.
x
(gss_krb5_import_ccache): Instead of making a copy of the ccache, make
Document that gss_krb5_import_ccache is copy by reference.
x
Remove signedness warnings.
Spelling, From Michael Banck <mbanck at debian.org>
x
(krb5_cc_get_full_name): Add
Document krb5_cc_get_full_name.
(gss_krb5_import_ccache): Use krb5_cc_get_full_name.
s/RFC2140/RFC4120/ From Andrew Bartlet
(gss_cred_id_t_desc_struct): add field cred_flags
(gsskrb5_accept_delegated_token): rewrite to use gss_krb5_import_ccache
(acquire_initiator_cred): GSS_CF_DESTROY_CRED_ON_RELEASE on created credentials.
(gss_release_cred): use GSS_CF_DESTROY_CRED_ON_RELEASE to decide if
Change sematics of ok-as-delegate to match windows if
Spelling in comments, from Dave Love <fx at gnu.org>
x
Print the time the principal expired, based on patch from Andrew Bartlett.
x
Add timing code for s2k function.
Split encryption and s2k iterations to diffrent counters, 38seconds of
x
Rename gss_krb5_import_ccache to gss_krb5_import_cred and let it grow
Rename gss_krb5_import_ccache to gss_krb5_import_cred.
Use gss_krb5_import_cred
(krb5_kt_get_full_name): new function
x
s/krb5_keytab_get_full_name/krb5_kt_get_full_name/
(_kdc_as_rep): add comment when we send ETYPE-INFO and ETYPE-INFO2,
x
(krb5_get_forwarded_creds): use session key for delegated credentials
x
(gss_krb5_import_cred): fix buglet, from Andrew Bartlett.
(hdb_ndbm_create): use calloc to allocate memory
(hdb_db_create): use calloc to callocate memory
(krb5_cc_get_prefix_ops): if there are not colon (:) in the name, its
(krb5_cc_get_prefix_ops): change the behavior to return NULL when its
test krb5_cc_get_prefix_ops
(check_transited): explain the TR-type 0 better and why it matters.
(krb5_verify_ap_re2): check timestamp in authenticator
Update (c)
Only match db databases on filename starting with '/'.
x
(libdefaults_entries): add default_cc_name
(kcm_loop): Use HAVE_DOOR_CREATE, not HAVE_DOORS.
x
Make compile again
Remove usage of krb5_enctype_to_keytype.
(find_method): accept relative paths as old db format too.
Specifify explicitly that the database is in the current directory.
(kadm5_log_init): set error string on failures
(set_field): try another way to calculate the path to the
(krb5_address_type): add KRB5_ADDRESS_NETBIOS (20)
Add ank as an alias to add, it lost in transition to slc, from Måns Nilsson.
x
Index by name and start reference counting on entries.
Test that memory keytab are refcounted.
Memory keytab are now named and refcounted.
x
spelling, From Måns Nilsson
x
Initialize the slc mapping table before its used.
x
remove setlinebuf that sneeked in
x
(acquire_acceptor_cred): check that the acceptor exists in the keytab
x
(acquire_acceptor_cred): only check if principal exists if we got
x
update (c)
Free more of the allocated memory.
(krb5_derive_key): Free more of the allocated memory, this function is
Free more of the allocated memory.
(acl_parse_format): tmp needs to be freed too on failure to parse
(gssapi_lifetime_left): define the 0 lifetime as GSS_C_INDEFINITE.
(gss_add_cred): avoid deadlock
test acquire_cred(GSS_C_ACCEPT)
x
Change gss_krb5_import_ccache to gss_krb5_import_cred, it can handle keytabs too.
x
(mkt_remove_entry): realloc can return NULL on success in the case 0
more tests, From Andrew Bartlet
x
Add support for parsing part of the Constraint-s
Set new constraints pointer in Type to NULL for inline constructed types.
Add support for part of the Constraint-s
Add test string for constraints.
x
drop convert_db, 0.0 to 0.1 transition was a long long time ago
x
Constify principal argument to on krb5_principal_get_ functions.
spelling, From Måns Nilsson
Spelling, From Måns Nilsson.
x
Split long line
Document the _r functions.
x
Remove some stuff that have been done.
KDC 4 support is always compiled in.
(configure): wrap line
Build kdc-private.h and depend on it.
Remove private prototypes and instead include <kdc-private.h>.
(tgs_make_reply): there are no such things a keytypes any more, just
Replace gss_krb5_import_ccache with gss_krb5_import_cred and add more references
x
Wrap hdb_entry with hdb_entry_ex, add url support, add ldapi support.
Wrap hdb_entry with hdb_entry_ex, patch originally from Andrew Bartlet
x
x
Default to use DH when fetching keys.
Print error code on failure.
Can handle DSA certificate.
If there is a target principal, use the realm of the realm to change
Add some more entrypoints.
x
Try handle HP/UX 11.nn
x
Test parse PKCS12 files from NIST.
Add test_nist and test_nist_pkcs12
x
(kadm5_s_get_principal): memset hdb_entry_ex before use
x
memset hdb_entry_ex before use
memset hdb_entry_ex before use
x
Add KRB5_DEFAULT_CCNAME, pointer to default credential cache.
(krb5_cc_set_default_name): use KRB5_DEFAULT_CCNAME.
x
Default to use the API cache on Mac OS X
Finish up transition from hdb_entry with hdb_entry_ex.
Finish up transition from hdb_entry to hdb_entry_ex.
x
Drop ExceptionSpec for now, its not used.
x
x
(tgs_rep2): also print the principal for which the enctype was missing
x
Build kdc-private.h.
(tgs_make_reply): less const on hdb_entry_ex to make samba happy
x
Remove dependency on config.h, breaks IRIX build, could depend on
x
(doit): move creation of users ticket file to later to avoid
Remove DCE support.
x
(_kdc_db_fetch): use calloc to allocate the entry, from Andrew Bartlet.
ChangeLog 2005
x
Add new keystore that treats all files in a directory a keystore,
Factor out certificate parsing code.
Remove pcert_pkcs11.
Remove pkcs11.
(libhx509_la_SOURCES): += ks_dir.c
Add _hx509_ks_dir_register.
(oidtostring): avoid leaking memory
(parse_certificate): avoid stomping before array
x
(hx509_name_to_string): don't overwrite with 1 byte with bmpString.
(hx509_name_to_string): don't cut bmpString in half.
x
use _hx509_abort
Use _hx509_abort.
x
Add options to allow select principal or credential cache when doing afslog.
Document options to allow select principal or credential cache when
x
(hx509_cert_free): if there is a private key assosited with this cert, free it
less printf and memory leaks
Less verbose.
Add enough glue to support certificate iteration.
Use the new hx509_collector support functions.
Support functions to collect certificates and private keys and then match them.
forward type declaration of struct hx509_collector.
libhx509_la_SOURCES += collector.c
(_hx509_abort): add newline to output and flush stdout
(_hx509_private_key_assign_ptr): new function, exposes EVP_PKEY
(_hx509_lock_unlock_certs): return unlock certificates
Avoid warning from missing __attribute__((noreturn))
x
(print_f): print if there is a friendly name and if there is a private key
Remove most of the EVP_PKEY code, and use RSA directly, this temporary
Use hx509_private_key to assign private keys.
Partly assign private key, enough to complete collection, but not
Implement signing using pkcs11.
Less printf, less memory leaks.
x
Implement rsa_private_decrypt and add stubs for public ditto.
(hx509_cert_ref): more refcount paranoia
Revert previous, refcounter is unsigned, so it can never be negative.
(_hx509_private_key_assign_key_file): use function to extra rsa key
x
drop extra wrapping of p11_init
(rsa_pkcs1_method): constify
Rewrite to use collector and mapping support function.
x
(_hx509_match_keys): function that determins if a private key matches
(struct private_key): remove temporary key data storage, convert directly to a key
more paranoid on refcount, set refcounter ealier, reset pointers after free
x
fix syntax error.
pkcs11 is now supported by library
add a hx509_context where we can store configuration
x
(copy_heim_integer): copy the negative flag
x
implement enough glue to support OpenSSLs EVP, RSA, DSA, DH, HMAC and ENGINE interfaces for use in hx509. rename all symbols to start with hc_ to avoid clobbering namespaces. contains no RSA/DH/DSA code, just glue to support using dynamic ENGINE. hx509 supports this via pkcs11 and there is a gmp ENGINE module supporting RSA
x
Add code for public key decryption (not supported yet) and use
Make compile with both OpenSSL and heimdal libdes.
Use "crypto-headers.h".
Use "crypto-headers.h". Load ENGINE configuration.
Include the two diffrent implementation of crypto headers.
Use "crypto_headers.h".
Depend on LIB_des
Add test for RSA.
x
Add test for RSA encryption.
x
Add ENGINE_set_default_DH and ENGINE_get_default_DH
Add DH_new_method, add ENGINE refcounting.
x
x
Add test for DH.
Check that we can decode single character hex chars.
(hex_decode): support decoding odd number of characters, in the odd
x
x
return the right blocksize for digests.
Make hmac work.
Simple regression test for HMAC.
(check_PROGRAMS): add test_hmac
x
(EVP_CIPHER_CTX_cleanup): clean up less aggressively
x
Provide glue to compile with less warnings with OpenSSL
(p11_rsa_public_decrypt): since is wrong, don't provide it. PKCS11
x
(BN_rand): clear the bits above the bits that user requested.
(BN_rand): don't leak memory on failure, cache malloc(0) case
(BN_uadd): Add.
Test BN_uadd.
Free memory.
Need BN_is_negative too.
x
Rename rc2_40_cbc internal variable to something better.
Test for EVP_CIPHER.
Add test_cipher, test_pkcs12, add pkcs12.[ch].
Add PKCS12_key_gen().
BN_get_negative was really named BN_is_negative, a comment confused me.
BN_get_negative was really named BN_is_negative, a comment confused me.
Indent.
Reorder includes to avoid compile errors, provide DH_new_method().
(ENGINE_add_conf_module): Also load DH
Drop HMAC_CTX_create and HMAC_CTX_destroy.
x
Test for PKCS12_key_gen.
(PBE_string2key): libdes now supports PKCS12_key_gen
x
Include more crypto headerfiles. Remove support for old hash names.
x
Remove support for old hash names.
Rename library to hcrypto and install headerfiles in hcrypto/.
Expose dsa symbols
x
build include/hcrypto/Makefile
x
include crypto headers from hcrypto/
Don't clean crypto headers, they now live in hcrypto/.
libdes is renamed to hcrypto
x
Add RSAPrivateKey
Add RSAPrivateKey.
delete crypto_headers.h, use global file instead
Don't use db support unless its build into libc but we dont check for
Don't depend on dblibrary.
provide a symlink so the directory hcrypto/ seems to exists
use #include <hcrypto/...>
x
(libkadm5clnt.la) doesn't depend on libhdb, remove dependency
Move depenency on @LIB_dbopen@ to kadm-server, kerberos library
x
(gss_delete_sec_context): if the context handle is GSS_C_NO_CONTEXT,
x
(der_parse_hex_heim_integer): make more resiliant to errors, handle
check that der_parse_hex_heim_integer() handles odd length numbers.
x
Include <limits.h>. From David Love <fx at gnu.org>.
(group_member_p): rename from group_member to avoid name pollution
x
Set [libdefaults] default_realm = EXAMPLE.ORG.
x
(heim_integer_cmp): make it work with negative numbers.
x
Compare numbers with BN_cmp().
Remove unused fragment.
(DH_check_pubkey): New function.
Add DH_check_pubkey and defines it uses.
x
Check for <openssl/engine.h> if we are to consider using OpenSSL, also
(DH_compute_key): check public key
x
Check OPTIONAL context-tagless elements.
Add CRL and TESTAlloc structures and OIDs.
Add CRL structures and OIDs.
"Allocation is done on CONTEXT tags" works just fine.
x
Its cRLReason no cRLReasons
Add hx509_revoke_ctx.
x
Add framework for handling CRLs.
libhx509_la_SOURCES += revoke.c
Verify no certificates has been revoked with the new revoke interface.
change syntax to make match better with crl checks
Attach revoke context to verify context.
Its cRLReason, not cRLReasons.
A file that wont change its content.
Use static file, add --missing-crl.
Use static-file to generate tests.
regen
Change format so we can deal with CRLs, also note the test-id from PKITS.
Parse CRL info.
Parse and verify CRLs (simplistic).
x
Add HX509_CTX_CRL_MISSING_OK.
(hx509_context_set_missing_crl): new function
Add CRL errors.
Add --missing-crl to verify commands.
(hx509_unparse_der_name): Rename from hx509_parse_name.
Add --missing-crl.
Parse new format to handle CRL info.
x
Add more CRL checks
Make compile again.
(hx509_revoke_free): free all memory
Check for unknown extentions in CRLs and CRLEntries.
Add HX509_CRL_UNKNOWN_EXTENSION.
Test parse all nist certs.
fail on failure.
less verbose
x
Drop verifying certifiates, its done in another test now.
x
fixup kill-rectangle leftovers
x
Drop verifying certifiates, its done in another test now.
check heim_integer.
(der_get_heim_integer): handle negative integers.
(length_heim_integer): Try handle negative length of integers better.
x
Print $id instead of . when running the tests.
Add some more CRL-tests.
Add test_nist_cert.
x
Start on 4.1 Signature Verification
Make less verbose to use.
Add 4.2 Validity Periods.
x
x
Add commited out DSA tests (they fail).
remove premature end
x
Indent.
x
(foreach_principal): If any of calls to `func' failes, the first error
Add printing of pkinit-acls. Don't print password by default. Return 1
(add_new_key): return 1 on failure.
(del_entry): return 1 on failure.
(rename_entry): return 1 on failure.
(cpw_entry): return 1 on failure.
return 1 on failure, update (c)
Clear error string when introducing new errors.
Clear error-string when introducing new errors.
Clear error-string when introducing new errors.
Clear error-string when introducing new errors.
(kcm_op_retrieve): remove unused variable
x
Fix spelling of "Kungliga Tekniska Högskolan".
Spelling.
x
Remove , after the last element of enum.
x
UniversalString and BMPString are both implemented.
check for "tagless ANY OPTIONAL"
Stub-generator now generates alloc statements for tagless ANY
x
Drop partial pkcs12 string2key implementation.
x
Add the ~/.k5login.d feature.
(krb5_mk_priv): abort if ASN1_MALLOC_ENCODE failes to produce the
x
main is not a KRB5_LIB_FUNCTION
(PASS_REUSE): Spelling, from Václav H?la <ax at natur.cuni.cz>
x
Introduce KRB5_ADDRESSLESS_DEFAULT that controlls all address-less behavior.
(krb5_get_forwarded_creds): Use [appdefault]no-addresses before
(get_cred_from_kdc_flags): Use KRB5_ADDRESSLESS_DEFAULT when checking
(krb5_get_init_creds_opt_set_default_flags): Use
Log the filter string to the error message.
x
sort, and krb5_get_error_message
(krb5_get_error_message): new function, and combination of
Document krb5_get_error_message.
update (c) and .Dd
(krb5_get_error_message): peek inside the context and make a copy of
Revert previous commit.
Send back a better error-message to the client in case the password
x
0.7.2 and 0.6.6
Spelling, from Alexey Dobriyan, via Jason McIntyre
x
one asn.1 item fixed
Wrap KRB5_ADDRESSLESS_DEFAULT with #ifndef
Move Configurable options to last in the file.
x
paChecksum is now OPTIONAL so it can be upgraded to something better then SHA1
x
Add new (-34) pk-init error codes.
update to new paChecksum definition, use hdb_entry_ex
update to new paChecksum definition, update the dhgroup handling
x
Make struct krb5_dh_moduli available when compiling w/o pkinit.
x
(dsa_verify_signature): if test if malloc failed
update (c)
Try handle name constraints a little bit better.
Handle more name constraints cases.
x
Accept both GSS_C_NT_HOSTBASED_SERVICE and
x
Change indentation, update (c)
(BN_rand): check return value from RAND_bytes
(krb5_generate_random_block): check return value from RAND_bytes
(RAND_bytes): Don't abort() on failure, return error.
x
Document that applications want to use krb5_get_error_message, add example.
x
Return error code so that toplevel function can catch them.
(del_entry): make sure ret have a defined value
(cpw_entry): make sure ret have a defined value
x
Name constraits needs to be evaluated in block as they appear in the
x
Add some of the test from 4.13 Name Constraints.
x
Add some more name constraints tests.
Add exceptions for null (empty) subjectNames
Digest key when it exceeds block size, not when it exceeds the size of
(PKCS5_PBKDF2_HMAC_SHA1): new function.
Testcases for pkcs5 pbe2.
Add pkcs5 files.
x
Only use PKCS5_PBKDF2_HMAC_SHA1.
reformat, avoid free-ing un-init'd memory
(AES_string_to_key): drop _krb5_PKCS5_PBKDF2 and use PKCS5_PBKDF2_HMAC_SHA1
Remove krb5_string_to_key_derived.
Drop krb5_string_to_key_derived.
x
EVP interface depends on dlopen, add it to LIBFLAGS
x
(decrypt_*): handle the case where the plaintext is 0 bytes long,
(add_addrs): handle the case where addr->len == 0 and n == 0, then
(recv_loop): it should never happen, but make sure nbytes > 0
x
(init_generate): Nothing in the generated files needs timegm(), so no
x
(krb5_free_addresses): reset val,len in address when free-ing.
(krb5_read_message): reset out data before return error or success,
(krb5_rd_safe): reset outdata before returning error or success
(krb5_rd_priv): reset outdata before returning error or success
(_krb5_mk_req_internal): on failure, goto error handling.
(_krb5_mk_req_internal): Indent and remove unused code block.
Add undocument flags and spelling, from Ted Percival <Ted.Percival at quest.com>
(gss_init): add missing ; from Ted Percival
(_krb5_pk_rd_pa_reply): pass down the req_buffer in the w2k case
Spelling.
x
(log_patypes): log the patypes requested by the client
x
Add pkinit-san.
Rename id-pksan to id-pkinit-san
Add hx509_query.
Remove hx509_query, its exposed now.
(hx509_certs_free): allow free-ing NULL
hx509_certs_find is now exposed.
Expose more of the hx509_query interface.
(_hx509_private_key_assign_key_file): ask for password if nothing matches.
Switch to hx509.
define automake PKINIT variable
Add libhx509.la when PKINIT is used.
x
Add hx509.
(AC_CONFIG_FILES): add lib/hx509/Makefile
(hx509_query_alloc): allocate slight more more then a sizeof(pointer)
(_kdc_pk_check_client): More logging.
(pk_mk_pa_reply_dh): encode the DH public key with asn1 wrapping
Use less openssl, spell chelling.
Add ticket flags definitions
Use ticket flags definition, might fix Mac OS X Kerberos.app problems.
(_hx509_collector_alloc): handle errors
(file_init): leak less memory
x
x
Add hx509 when using PK-INIT.
x
Spelling
Check for signature error, check consitency of error
(_hx509_name_ds_cmp): make DirectoryString case insenstive
Add new error code SIGNATURE_WITHOUT_SIGNER.
(hx509_cert_free): ok to free NULL
Add REQUIRE_SIGNER
x
Pass on flags, unbreaks last commit.
(match_localkeyid): no need to add back the cert to the cert pool, its
(_hx509_pbe_decrypt): also try the empty password
(PADATA-TYPE): Add KRB5-PADATA-PA-PK-OCSP-RESPONSE
x
(log_patype): Add case for KRB5_PADATA_PA_PK_OCSP_RESPONSE.
Add id-pkinit-ms-san.
x
Manual page claims RSA_public_decrypt will return -1 on error, lets check for that
(check_altName): Print the othername oid.
x
Allow passing in related certificates used to build the chain.
x
(_hx509_pbe_decrypt): try all passwords, not just the first one.
x
Add pool of certificates to help certificate path building for clients
Add pool of certificates to help certificate path building for clients
(krb5_get_init_creds_opt_set_pkinit); fix prototype
x
Put all the IMPORTed headers into the headerfile to avoid hidden depencies.
x
Add <krb5-types.h> to make it compile on Solaris, from Alex V. Labuta.
(LDAP_message2entry): in declaration set variable_name as "hdb_entry_ex"
RFC2560 - Online Certificate Status Protocol
Include OCSP.
rename HX509_CTX_CRL_MISSING_OK to HX509_CTX_VERIFY_MISSING_OK now
Add command ocsp-fetch
Add stub for ocsp-fetch, _hx509_map_file changed prototype, add ocsp
_hx509_map_file changed prototype, returns struct stat if requested.
_hx509_map_file changed prototype.
Update for ocsp merge. handle building path w/o subject (using subject key id)
Add code to load OCSPBasicOCSPResponse files, reload crl when its
x
TODO list
x
clean ev.data and ev.data.out
Pick out certs in chain.
(generate_header_of_codefile): remove unused variable.
Add ExtKeyUsage
gen_files_rfc2459 += ExtKeyUsage.x
x
x
add id_kp_OCSPSigning.x
Add ocsp glue, use new _hx509_verify_signature_bitstring, add eku
(hx509_cms_envelope_1): check for internal ASN.1 encoder error
(_hx509_verify_signature_bitstring): new function, commonly use when
Add ocsp_time_diff to hx509_context
Use HX509_DEFAULT_OCSP_TIME_DIFF.
Update ocsp-fetch.
implement ocsp-fetch
add url-path argument to ocsp-fetch
Add id-kp-OCSPSigning
Add ocsp checker.
Comments and renamed generic CRL related errors
Renamed generic CRL related errors.
Plug one memory leak.
rename missing-crl to missing-revoke
refactor code, fix a un-init-ed variable
rename missing-crl to missing-revoke
Add revoked ocsp cert test
make ca use openssl ca command so we can add ocsp tests, and regen certs
Added crl tests
generate crl
revoked cert
rename missing-crl to missing-revoke
x
x
Add nonce to ocsp request.
(hx509_ocsp_request): Add nonce to ocsp request.
x
Support OCSPResponderID.byKey, indent.
Add HX509_QUERY_MATCH_KEY_HASH_SHA1
Add asn1_id_pkix_ocsp*.
(load_ocsp): test that we got back a BasicReponse
generate ocsp keyhash version too
test ocsp keyhash
x
(pkcs10_print): new function.
PKCS#10
Add pkcs10.asn1
Include <pkcs10_asn1.h>.
add pkcs10-print
fill out what do
Plug memory leak found by IBM checker (and try to please it).
x
x
(roken_gethostby): make addr_list one larger to avoid a off-by-one
x
(krb5_addlog_dest): make string length match strings in strcasecmp.
(hdb_generate_key_set): set ret_key_set before going into the error
x
(hdb_resolve): off by one, found by IBM checker.
(_krb5_expand_default_cc_name): avoid return pointer to freed memory
x
(_krb5_expand_default_cc_name): plug memory leak. Found by IBM checker.
(krb5_config_vget_strings): IBM checker thought it found a memory
(fcc_gen_new): fix a use after free, found by IBM checker.
(krb5_copy_data): avoid exposing free-ed memory on error. Found by IBM checker.
(_krb5_get_init_creds_opt_copy): use calloc to avoid uninitialized
(default_s2k_func): avoid exposing free-ed memory on error. Found by
(init_creds_init_as_req): in AS-REQ the cname must always be given,
(fkt_next_entry_int): remove a dereferencing NULL pointer, found by
(get_cell_and_realm): plug a memory leak, found by IBM checker.
(_krb5_krbhost_info_move): replace a strcpy with a memcpy
(krb5_rd_cred): avoid a memory leak on malloc failure, found by IBM checker.
(expand_realm): avoid passing NULL to strlen, found by IBM checker.
Avoid using free memory, found by IBM checker.
(_kdc_check_flags): make it take hdb_entry_ex to avoid ?:'s at callers
_kdc_check_flags takes hdb_entry_ex
(check_addresses): treat netbios as no addresses
x
(wrap*): Reset output_buffer on error.
x
(get_mic*)_: make sure message_token is cleaned on error, found by IBM checker.
x
(krb5_make_addrport): clear return value on error, found by IBM checker.
(krb5_rd_cred): don't expose freed pointer, found by IBM checker.
(send_and_recv_http): don't expose freed pointer, found by IBM checker.
fix spelling
(hx509_name_copy): new function.
Add pkcs10_create
Create certificate requests, prototype converts the request in a pkcs10 packet.
Add req.c
more stuff
Add hx509_request.
Add pkcs10-create command.
Remove a delta from last revision that should have gone in later.
x
Add _hx509_private_key2SPKI and support functions (only support RSA for now).
(pkcs10-create): Add arguments to
(pkcs10_create): implement
(hx509_parse_name): new function.
Add i2d_RSAPublicKey
Implement i2d_RSAPublicKey
x
make rsa_private_key2SPKI static.
Test for pkcs10 commands.
Add test_req to commands
Add pkcs10-create --subject
(pkcs10_create): use opt->subject_string
Avoid crashing on bad input.
Rename pkcs10-create to request-create
adapt to rename of pkcs10-create to request-create
needed for cert request test
x
build CRMF files
(verify_ocsp): require issuer to match too.
Include <hex.h>.
New command "ocsp-print".
Add ocsp_print.
expose print_cert_subject internally
(hx509_ci_print_names): make it print issuer too.
(verify_ocsp): spelling.
(request_create): store the request in a file, no in bitbucket.
(hx509_ocsp_request): comment on why we need to match the issuer too.
Add printing ocsp replys
control sending nonce
Add nonce flag to ocsp-fetch
split certificate request into pkcs10 and CRMF
x
Split libhx509_la_SOURCES into build file and distributed files so we
(read_words): catch empty file case, will cause PBE (division by zero)
x
(kt_remove): Free memory in error handling cases.
(generate_password): memory leak in error condition case
x
(rename_entry): free the right entry in the error case,
(main): remove dead code.
x
(tokey): catch warnings, free memory after use.
(mit_prop_dump): close fd when done processing
(main): make sure type doesn't need to be set
(krb5_kt_ret_principal): plug a memory leak
(kadmind_dispatch): case kadm_rename, free princ2 on acl check failure.
(_kdc_do_524): Handle memory allocation failure
(hashtabnew): check for NULL before setting structure.
x
(krb5_ret_principal): fix memory leak
x
Make compile again.
x
(RC2_set_key): abort on erroneous input (len <= 0) size that will case
(v4_prop_dump): close FILE handle f when done.
(doit): when done, close all fd in the sockets array and free it.
(krb5_verify_ap_req2): make sure `ticket´ points to NULL in case of
Check that cred != GSS_C_NO_CREDENTIAL, this is a standard conformance
Spelling.
(_kadm5_c_get_cred_cache): Free client principal in case of error.
(_kadm5_c_get_cred_cache): handle ccache case better in case no client
(kadm5_log_rename): handle errors better
(kadm5_log_delete): add error handling Coverity, NetBSD CID#626
(afslog_uid_int): use the simpler krb5_principal_get_realm function.
(krb5_build_authenticator): use calloc. removed check that was never
(krb5_string_to_key_derived): deref after NULL check.
(any_next_entry): restructure to make it easier to read
(krb5_get_forwarded_creds): in_creds->client should always be set, assume so.
Fix deref before NULL check, fix error handling.
(krb5_addlog_dest): free fn in case of error
(krb5_rc_resolve_full): don't return pointer to a allocated
(krb5_425_conv_principal_ext2): remove memory leak in case of weird
(krb5_parse_name): remember to free realm in case of error
(krb5_verify_authenticator_checksum): on protocol failure, avoid leaking memory
(make_path): make sure we return allocated memory
Try harder to get the pioctl to work via the /proc or /dev interface,
x
(krb4_kt_start_seq_get_int): make compile again.
(krb5_rc_resolve_full): make compile
x
x
use afs_ioctlnum, From Tomas Olsson <tol at it.su.se>
Catch empty file case. From Tobias Stoeckmann.
x
(_krb5_pk_load_id): Added certificate revoke information, ie CRL's
Added certificate revoke information from configuration file.
x
Fix argument to krb5_data_zero.
(krb5_rd_safe): fix argument to krb5_data_zero, handle message size = 0
Add test for import/export sequence.
(_gssapi_msg_order_import,_gssapi_msg_order_export):
Import sequence order element. From Wynn Wilkes <wynn.wilkes at quest.com>.
Export sequence order element. From Wynn Wilkes <wynn.wilkes at quest.com>.
x
(dns_srv_order): change a if (ptr == NULL) continue into a assert(ptr
x
(DES_cfb64_encrypt): add asserts that the *num pointers is >= 0,
x
Break out the parameter handling code for encrypting data to handle RC2.
Update prototypes changes for hx509_crypto_[gs]et_params.
test cases for rc2
test rc2-40 rc2-64 rc2-128 enveloped data
Inital (naive) SHA-256 implementation.
Test SHA-256.
Add sha-256 symbols.
Add SHA-256.
Add SHA-256 symbols.
x
Turn CMSRC2CBCParameter.rc2ParameterVersion into a constrained integer
x
Add id-pkcs1-sha256WithRSAEncryption and friends
x
(libhcrypto_la_SOURCES): Add sha256.c.
Add SHA256 support, and symbols for the other new SHA-2 types.
generate rc2 tests
x
Add EVP_rc2_64_cbc
Fix breakage from sha256 code.
Require SHA256
x
(i2d_RSAPublicKey): fix prototype
x
(ENGINE_by_dso): less printf
x
Test BN_rand
Add RAND_METHOD and some associated functions.
Use right flags to open(2) when doing reading/writing.
s/rc4_64/rc2_64/
add RAND support
Split out unix /dev/random to a RAND_METHOD
Add more RAND functions.
x
x
Add inital version of CRMF asn1 spec, not getting IMPLICIT quite right yet
(fnmatch): CPP rename to rk_fnmatch
x
Use the right length for the sha256 checksums.
Rename pki-chain to pki-pool to match rest of code.
test "sub-cert -> sub-ca"
(hx509_verify_path): if trust anchor is not self signed, don't check sig
Handle diffrences between libhcrypto and libcrypto.
x
Handle diffrences between libhcrypto and libcrypto.
Add cpp-rename for DH_check_pubkey
unbreak
x
Make hx509_cms_{,un}wrap_ContentInfo usable in asn1 un-aware code.
Use hx509_cms_{,un}wrap_ContentInfo
(_kdc_pk_rd_padata): use hx509_cms_unwrap_ContentInfo.
Handle rsa private keys better.
Add support for parsing unencrypted RSA PRIVATE KEY
move code here from ks_file.c now that its no longer used.
Remove unused function.
handle PEM RSA PRIVATE KEY files
adapt test now that we can use any certificate and trust anchor
remove stray #
Add an encrypted key.
x
Add commeted out password protected PEM file, remove password for
Add glue code for PEM encrypted password files.
Add <ctype.h>
x
Add stub for EVP_BytesToKey
Add prototype for EVP_BytesToKey
(parse_rsa_private_key): Implement enought for testing.
(parse_rsa_private_key): make working for one password.
(parse_rsa_private_key): use EVP_get_cipherbyname
Add EVP_get_cipherbyname, unbreak EVP_BytesToKey
make EVP_BytesToKey return an error
Remove (commented out) debug printf
x
Test signed data using keyfile that is encrypted.
implement EVP_BytesToKey
add sha-1 and sha-2
x
Create test.combined.crt.
check with test.combined.crt.
(file_init): reset length when done with a part
Use oid from asn1 generator.
(oid_private_rc2_40): simply
x
Add support for parsing slot-number.
x
(hx509_query_match_friendly_name): New function.
x
Add check for fnmatch.h, its needed to be done for the automake
x
quiet down
add tests for enveloped data using des-ede3 and aes256
generate tests for enveloped data using des-ede3 and aes256
(hx509_query_match_friendly_name): fix return value
Add names to cipher types.
Test generating des-ede3 aes-128 aes-256 enveloped data
(cms_create_enveloped): Add support for choosing the encryption type
x
cms-envelope: Add support for choosing the encryption type
swich to the public query interface
(hx509_cms_create_signed_1): calculate path and add it to the
Expose the path building function to internal functions.
Test that certs in signed data is picked up.
Allow passing in pool and anchor to signedData
x
Adapt to change in hx509_cms_create_signed_1.
x
count v5 cross realms too
x
Add text about pk-init
x
Add pkinit_require_eku and pkinit_require_krbtgt_otherName
"document" pkinit_require_eku and pkinit_require_krbtgt_otherName
make compile
use --no-split to make one large file, mostly for html
(add_engine): reassign engines variable after realloc
(info): new function, prints info about that default modules are in use
SKIP test if there is no RSA support.
print dh method too
(RSA_check_key): don't do any checking if there is no private key
x
SKIP test if there is no RSA support.
make quiet
x
reindent
x
(pk_verify_host): Add begining of finding subjectAltName_otherName
x
merge with old todo file
Pass down realm to _krb5_pk_rd_pa_reply
Pass down realm to pk_verify_host so the function can verify the
Add Setting up PK-INIT to Detailed Node Listing.
More text about FILE and DIR.
make compile
Add attribute type oids from X520 and RFC 2247 DC oid
Add id-pkcs9-email
rename id-pkcs9-email to id-pkcs9-emailAddress
Add id-Userid
Add UID and email
x
indent
libhcrypto might depend on libasn1, switch order
Switch over to asn1 generaed oids.
some error checking
x
Move assertion and add another restriction, used as hint to beam that its ok
Sprinkel some assertions.
(get_cell_and_realm): reset d->cell to make sure its not refereced
(log_file): reset pointer to freed memory
Remove a double free introduced in 1.93
include <krb5-types.h>
x
x
(hdb_create): print out what we don't support
(parse_key_set): handle error case better
clean messages file
log all message to localhost
Test framework for getting and checking tickets.
Test framework for getting and checking tickets, start kdc on localhost:8888.
x
SUBDIR += kdc
(hdb_replace_extension): set error message on failure, not success.
basic kadmin tests
Add add-modify-delete
check kdc too
create a server too
Catch the case where the client sends no encryption types or no pa-types.
(create_principal*): If client doesnt send kvno, make sure to set it to 1.
check that the keytab have the right kvno
x
make tests/kdc/Makefile
krb5.conf template
x
more tests regarding doing AS-REQ and TGS-REQ
x
Try to detect another KDC running.
x
ignore Makefile.in
x
Add option password-file, read password from the first line of a file.
document option password-file
x
Add definitions from RFC 3820, Proxy Certificate Profile.
x
Initial support for policy certificates.
(hx509_verify_set_proxy_certificate): Add
(hx509_verify_path): verify proxy certificate have no san or ian
proxy certs
Add definition for proxy certs
gen proxy and non-proxy tests certificates
tests for proxy certs
Make proxy certificate work.
Fix comment about subject name of proxy certificate.
Add proxy certificate errors.
add verify --allow-proxy-certificate
Add verify --allow-proxy-certificate.
(hx509_verify_path): Need to mangle name to remove the CN of the
x
(find_keys): add client_name and server_name argument and use them,
Now that find_keys speaks for it self, remove extra logging.
Add another proxy certificate error.
x
add more certs
add def for proxy10_cert
build proxy certificates
regen
x
enable two proxy certificates in a chain test
(hx509_verify_path): handle the case where the where two proxy certs
OpenSSL have a serious issue of user confusion -subj in -ca takes the
(hx509_parse_name): make compile pre c99
remove debug printf's
(hx509_parse_name): fix length argument to stringtooid, 1 too short.
(hx509_parse_name): fix length argument to printf string
test to parse and print name and check that they are the same.
x
Add test_name to regression tests
regen
When verifying certificates, store subject basename for later consumption.
(_kdc_pk_check_client): Use hx509_cert_get_base_subject to get subject
(_krb5_pk_allow_proxy_certificates): expose hx509_verify_set_proxy_certificate
Add option [kdc]pki-allow-proxy-certificate=bool to allow using proxy certificate.
document pki-allow-proxy-certificate
x
make compile
(_krb5_pk_allow_proxy_certificate); less arguments better
Test failure parsing name.
(hx509_parse_name): don't abort on error, rather return error
Add name malformated error
x
ignore leftover from OpenSSL generation
x
CRL delta support
Shared paths between login and rshd.
x
Read limits from limits.conf, patch from Daniel Ahlin on non-root login.
Include "loginpaths.h"
rshd_SOURCES += add limits_conf.c
x
Break out the that we request from principal from the entry and pass
Break out the that we request from principal from the entry and pass
(hdb_get_entry): Break out the that we request from principal from the
(_kdc_db_fetch): Break out the that we request from principal from the
Break out the that we request from principal from the entry and pass
Break out the that we request from principal from the entry and pass
set and clear error string
x
Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for
x
(_kdc_db_fetch4): pass down flags though krb5_425_conv_principal_ext2
pass down HDB_F_GET_ flags as appropriate
(tgs_rep2): check that the client exists in the kerberos database if
x
simple test program checking that as ap-req/as-rep exchange works
Sprinkel some as-req
Build as-req.
x
check that AP_OPTS_MUTUAL_REQUIRED matches, check seqnumber
Sprinkle more ap-req now that the credential is removed from the cache
x
Document --credential=principal.
x
Bump hdb interface version to 4.
x
Add missing ;'s, found by bison on a SuSE 8.2 machine.
x
(pk_verify_host): verify hostname/address
(hx509_verify_hostname): implement stub function
Example pki-mapping file.
x
x
More options and some text about windows clients, certificate and KDCs.
x
Add kinit example.
Add openssl ca example
Add pkcs11 example.
Add pk-init mapping file
Add pkinit glue.
Generate pkinit certificates.
pkinit certificates
x
(hx509_cert_get_base_subject): reject un-canon proxy certs, not the reverse
(_kdc_pk_check_client): reorganize and make log when a SAN matches.
(pk_verify_host): set better error string, only check kdc name/address
Add EKU for the KDC certificate
x
regen, now with EKU in kdc certificate
Add pkinit glue
Add test for pk-init
change principal mapping.
clean the tempfile
clean the server.keytab
x
x
(main): add missing argument to printf
x
Add ExternalPrincipalIdentifiers, shared between several elements.
x
Send over what trust anchors the client have configured.
Expose more of Name.
remove _hx509_cert_private_sigature
Add hx509_name_is_null_p
(cert2epi): don't include subject if its null
x
Don't try pkinit if there is no rsa
x
Add the time the crl/ocsp info expire
Make compile.
(hx509_revoke_verify): update usage
Reverse previous patch, lets do it another way.
Revert previous patch.
Spelling, from Björn Sandell
update .Dd
x
Spelling, from Björn Sandell.
Spelling/mdoc changes, from Björn Sandell.
update .Dd and (c)
Spelling/mdoc changes, from Björn Sandell.
x
Spelling/mdoc changes, from Björn Sandell.
update .Dd
Spelling/mdoc changes, from Björn Sandell.
x
(hx509_certs_init): pass the right error code back
Add string error handling functions.
Sprinkel setting error strings.
ibhx509_la_files += error.c
Add support for error strings.
changed signature of _hx509_query_match_cert
remove extra x
changed signature of _hx509_check_key_usage
x
_hx509_path_append changed signature.
Sprinkle setting error strings.
Add some more errors
(hx509_set_error_stringv): clear errors on malloc failure
(pcert_print): use hx509_err so I can test it
_hx509_set_cert_attribute changed signature
renamed one error code
x
Sprinkle setting error strings.
Sprinkle setting error strings.
Sprinkle setting error strings.
Sprinkle setting error strings.
(_kdc_pk_mk_pa_reply): send back ocsp response if it seems to be
x
read [kdc]pki-kdc-ocsp
(krb5_kdc_configuration): add pkinit_kdc_ocsp_file
x
Make hx509_prompt.reply not a pointer.
Deal with that hx509_prompt.reply is no longer a pointer.
Use the prompter from the lock function.
More to do about the about the PKCS11 code.
x
Deal with that hx509_prompt.reply is no longer a pointer.
krb5_store_principal takes a krb5_const_principal
(krb5_store_principal): make it take a krb5_const_principal, indent
Test the integer storage types.
Add ret and store function for the unsigned fixed size integer types.
(krb5_ret_uint32): fix typecast
Use the new unsigned integer storage types. Fail that the address
Document ret and store function for the unsigned fixed size integer types.
Use the new unsigned integer storage types. Sprinkle some error handling.
Use the new unsigned integer storage types.
Use the new unsigned integer storage types.
(gssapi_decode_*): make data argument const void *
Avoid pointer signedness warnings.
Less pointer signedness warnings.
x
Rewrite the krb5_ret_u as proposed by Johan.
x
Catch using hx509 null DH and print a more useful error message.
Add test_store to TESTS
Rename u_intXX_t to uintXX_t
x
x
Rename u_intXX_t to uintXX_t
x
Rename u_intXX_t to uintXX_t
x
x
Rename u_intXX_t to uintXX_t
x
Add fileformats.
Add fileformats.
moved to info documentation
x
Michael B Allen
(fkt_next_entry_int): read the 32 bit kvno if the reset of the data is
x
Spelling.
Keytab is in network order.
Spelling/mdoc from Björn Sandell
Spelling/mdoc from Björn Sandell
(DH_compute_key): check return status value from DH_check_pubkey
x
Multicache kcm interation isn't done yet, let wait with this enum.
Move up evp.h to please OpenSSL, from Douglas E. Engert.
x
Add Douglas E Engert
(DH_check_pubkey): describe what the function do
x
import core of imath 1.1.9
Implement DH using imath.
Default to use DH-imath.
(ENGINE_load_builtin_engines): Load the internal engine.
Cpp rename some ENGINE symbols.
If there are no arguments, use the internal engine.
Print the name of the METHOD.
Lets say we have RSA_null_method(), not really useable, but still.
x
Default to test DH.
Add imath source, add test_engine_dso to TESTS.
x
Expose DH_imath_method.
x
Add license file
IMath is Copyright 2002-2005 Michael J. Fromberger
Add blob about imath.
x
Don't call DH_check_pubkey, it doesn't exists in older OpenSSL.
x
Now that hcrypto supports DH, remove check for hx509 null DH.
Add RSA support using imath.
Add rsa-imath.c to libhcrypto
Default to use rsa-imath.
rename the DH_METHOD
rename the DSA_METHOD
(RSA_check_key): Do sign/verify instead.
expose RSA_imath_method
(ENGINE_load_builtin_engines): use RSA_imath_method for the building engine.
Fix a off by one.
print the lengths when they don't match.
x
DH and RSA method names are renamed
(create_checksum): provide a error message that a key checksum needs a key.
x
(_krb5_pk_verify_sign): Use hx509_get_one_cert.
(mic_des3): make sure message_buffer doesn't point to free()ed memory
x
Less "pointer targets in passing argument differ in signedness" warnings.
x
(kadm_get_privs): one less "pointer targets in passing argument differ
(kadm5_c_get_privs): privs is a uint32_t, let copy it that way.
Drop aes-cbc, rc2 and CMS padding support, its all containted in
Catches both keyed checkout w/o crypto context cases and doesn't reset
x
Less "pointer targets in passing argument differ in signedness" warnings.
x
If RAND_bytes fails, then we will attempt to double-free crypt->key.data.
x
(hx509_crypto_encrypt): free correctly in error path. From Andrew Bartlett.
x
(get_device_fd): use /dev/urandom first.
(gsskrb5_is_cfx): always set is_cfx. From Andrew Abartlet.
x
(hx_pass_prompter): return 0 on success and 1 on failure. Pointed out
(_krb5_pk_load_id): pass the hx509_lock to when trying to read the
Catch more errors.
Make compile.
(krb5_get_init_creds_opt_set_pkinit): move parsing of the
Move parsing of the PK-INIT configuration file to the library so
Implement DIR: caches useing FILE: caches.
(file_init): Avoid shadowing ret (and thus avoiding crashing).
x
Various tweaks, from Jason McIntyre.
x
Add Jason McIntyre.
Fix the last one of the asserts.
x
(_krb5_pk_load_id): only use password if its longer then 0
Pass down prompter and password to krb5_get_init_creds_opt_set_pkinit.
x
generate pkinit password protected file
(hx509_revoke_free): allow free of NULL.
Check password protected pk-init keyfile.
x
DIR now handles both PEM and DER.
Point to more examples, hint that you have to use openssl 0.9.8a or later.
x
PK-INIT support.
(hx509_prompt_hidden): return if the prompt should be hidden or not
Reshuffle the prompter types, remove the hidden field.
(hx509_prompt_hidden): reshuffle to avoid gcc warning
Hidden field of prompter is removed.
Hidden field of hx509 prompter is removed.
x
CKF_PROTECTED_AUTHENTICATION_PATH
Add KRB5_PROMPT_TYPE_INFO
x
Less pointer signedness warnings.
Less pointer signedness warnings (partly by using the new asn.1 CHOICE decoder)
Less pointer signedness warnings.
Less pointer signedness warnings.
Use const void * to instead of unsigned char * to avoid pointer
Less pointer signedness warnings.
x
(main): argc_in_out argument to XtVaAppInitialize should be an 'int *'
x
Check database for strange configurations on default principals.
Add check command
Document the new check command.
(change): select the realm based on the target principal
(der_parse_hex_heim_integer): avoid shadowing.
(BN_rand): avoid shadowing.
Avoid shadowing.
Avoid shadowing.
Avoid shadowing.
Avoid shadowing.
Avoid shadowing.
Avoid shadowing.
Avoid shadowing.
x
kadmin_SOURCES += add check.c
x
Sprinkle some hx509_set_error_strings
x
sprinkle more hx509_clear_error_string
x
Add reference counting on certifiates, push out CK_SESSION_HANDLE from slot.
Add release function for certifiates so backend knowns when its no
prototype for _hx509_cert_release_func
Iterate over all slots, not just the first/selected one.
x
spelling Björn Sandell
x
(kadm5_check_password_quality): set error message in context.
x
(tgs_rep2): check for memory alloc failure
split out krb5 tgs req to make it easier to reorganize the code.
Add krb5tgs.c
Split tgs_rep2 into tgs_parse_request and tgs_build_reply.
x
Plug old memory leaks, unify all goto's.
Split up the reverse cross krbtgt check and local clien must exists test.
(do_request): clean reply with krb5_data_zero
test cross realm and deleted user
Avoid more shadowing.
Less verbose, spelling.
(hdb_entry_get_ConstrainedDelegACL): new function.
Less shadowing.
x
revert previous
Add EXAMPLE.COM
Add krb5_get_creds_opt_data and some more KRB5_GC flags.
(HDBFlags): add trusted-for-delegation
Add impersonate.
Add impersonate support functions.
Add KRB5_GC_NO_TRANSIT_CHECK
(krb5_get_creds): add KRB5_GC_NO_TRANSIT_CHECK
use new krb5_get_creds interface, add impersonation.
Impersonation support bits.
Impersonation support bits (and sort)
Add impersonation.
Add impersonation tests.
x
(tgs_build_reply): add constrained delegation.
x
add --delegation-credential-cache
Allow setting additional tickets in the tgs-req
(kadm5_s_get_principal): Add trusted_for_delegation
Add KRB5_KDB_TRUSTED_FOR_DELEGATION
(attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION
(kdb_attrs): Add trusted-for-delegation
Test delegation
constify
(do_mod_entry): Add setting 1 delegation entry
test that delegated cred works too
x
x
x
supress -> suppress, from Jason McIntyre
indent.
(krb5_kdc_default_config): set kdc_warn_pwexpire to 0
(_kdc_as_rep): if kdc_time + config->kdc_warn_pwexpire is past pw_end,
Add enable_v4_per_principal
Use enable_v4_per_principal and check the new hdb flag.
(HDBFlags): Add allow-kerberos4
Add KRB5_KDB_ALLOW_KERBEROS4
(kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4
(attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4
(kdb_attrs): Add KRB5_KDB_ALLOW_KERBEROS4
x
don't use the sambaNTPassword if there is ARCFOUR key already.
x
install krb5_get_creds.3
(get_init_creds_common): drop cred argument, its unused
x
Add text about iprop-log.
Document krb5_get_creds.
Add password reuse checking. From Harald Barth.
x
Check if afs at REALM and afs/cellname at REALM both exists.
x
section about verify_krb5_conf and kadmin check
x
Add extern "C" for C++. From joerg at britannica dot bec dot de
x
s/11/RSA_PKCS1_PADDING_SIZE/
(_krb5_get_init_creds_opt_private): add KRB-ERROR
Add storing and getting KRB-ERROR int the krb5_get_init_creds_opt structure
Save KRB-ERROR on error.
x
(_krb5_get_init_creds_opt_set_krb5_error): make compile again.
Add one check for heim_int, add checking for oid printing
(test_heim_oid_format_same): add printing on failure
(der_print_heim_oid): new function
Add printing of bignums and use der_print_heim_oid
(der_get_heim_integer): Add more checks
Add test for gss_oid_to_str()
Add gss_oid_to_str
add oid_to_str and test_oid
Add oid_to_str.
x
(der_get_heim_integer): revert part of previous
(check_fail_heim_integer): disable test
x
run kadmin check
x
(gss_userok): create a local krb5_context and use that instead of the
x
Initial revision
Rename local include file, remove global files.
move kerberos files to krb5/
Rename gss_context_id_t and gss_cred_id_t to local names
Bug fixes, cleanup, compiler warnings, restructure code.
merge mechglue code
remove manpages, add leftover files from merge
add leftover files from merge
Add dependency on gsskrb5-private.h
ignore gsskrb5-private.h
x
remove no longer used makefile
remove dependency on libkrb5
use toplevel file
Add lib dependencies and test programs
make compile again
Add dummy gss_krb5_import_cred
Add gss_set_{sec_context,cred}_option
Add GSS_KRB5_IMPORT_CRED_X
spelling
Add gss_inquire_cred_by_oid
Add gss_set_sec_context_option
Add gss_set_cred_option
Add gss_set_cred_option
(gss_krb5_import_cred): almost an implementation
fix compile warning
Add gss_set_{sec_context,cred}_option
Add gss_set_{sec_context,cred}_option and sort
(gss_krb5_import_cred): implement
Add _gsskrb5_set_{sec_context,cred}_option
Make work.
make "work", GSS_KRB5_COPY_CCACHE_X interface needs to be re-done,
Reimplement GSS_KRB5_COPY_CCACHE_X to instead pass a fullname to the
Reimplement GSS_KRB5_COPY_CCACHE_X to instead pass a fullname to the
Add Doug Rabson's license
x
(gss_acquire_cred): if desired_mechs is NO_OID_SET, there is a need to
(gss_krb5_import_cred): make sure cred is GSS_C_NO_CREDENTIAL on failure.
Add gss_set_cred_option
(gss_set_cred_option): support the case where *cred_handle == NULL
make gss_name_t an opaque type
Make gss_name_t an opaque type.
x
avoid type-punned/strict aliasing rules
x
x
x
(gss_import_name): avoid type-punned/strict aliasing rules
On failure to find a correct error string, set status_string to NULL
(_gss_spnego_delete_sec_context): don't release preferred_mech_type
preferred_mech_type was allocated with gss_duplicate_oid in one place
Add gss_release_oid, reverse of gss_duplicate_oid
Add mech/gss_release_oid.c
x
(gss_print_errors): don't try to print error when gss_display_status failed
x
Build the gss program.
indicate mechs (for now)
testrun gss program
build and check gss
Add gss to SUBDIR
add tests/gss
Add rtbl_add_column_entryv functions, printf like
x
Add extern "C" for C++.
correct the directory for the gss test program
(krb5_cc_new_unique): use KRB5_DEFAULT_CCNAME as the default prefix
(gss_set_cred_option): laod mechs
(add_builtin): set _gss_mech_switch->gm_mech_oid
(gss_accept_sec_context): handle the case where ret_flags == NULL
Insert the delegated sub cred on the delegated cred handle, not cred handle
(_gsskrb5_set_cred_option): init global kerberos context
(_gsskrb5_set_sec_context_option): init global kerberos context
(gss_set_cred_option): free memory on failure
(do_delegation): use KDCOptions2int to convert fwd_flags to an
gssapi maggot replacement, handles context testing
split out fetching of credentials for easier reuse for pk-init testing
x
Add appl/gssmask/Makefile
Add gssmask
x
Make work on compilers that are somewhat more picky then gcc4 (like gcc2.95)
x
(krb5_storage_from_fd): don't leak fd on malloc failure
break out common function; add gssmaestro (that only tests one context for now)
x
fix argument to gss_release_cred
x
externalize principal/password handling
x
AcquireCreds: set principal to NULL to avoid memory corruption
(krb5_parse_name): set *principal to NULL the first thing we do, so
externalize slave handling, add GetTargetName glue
ignore Makefile.in
x
x
break out out the build context function
break out creation of a client and make handleServer pthread_create compatible
x
include <sys/utsname.h>
use utname() to find the local hostname
Add get_version_capa, cache target_name.
(handle_vanilla_tcp): use unsigned integer for for length(
x
remove gss_spnego_inquire_names_for_mech, let the mechglue layer implement it
(gss_spnego_acquire_cred): don't care about desired_mechs, get our own
let the mech glue layer implement gss_indicate_mechs
if the underlaying mech doesn't support gss_indicate_mechs, use the
drop gss_spnego_indicate_mechs
Only allow exporting MN, reset exported_name.
(tgs_build_reply): when checking for removed principals, check the
Check for cross realm case where remove user doesn't exists in the
x
x
reimplement gss_spnego_inquire_names_for_mech
readd gss_spnego_inquire_names_for_mech
If the desired mechanism can't convert the name to a MN, fail with
The variable `mechanisms´ might be NULL, use a diffrent counter if we
move the check if we found any cred where it matter for both cases
(_gsskrb5_inquire_cred): When cred provided is the default cred,
Don't free return values on success.
Add SLIST macros
Include <krb5-types.h> and "mechqueue.h"
switch order of headerfiles
Remove duplicate to.
x
Document --password-file=STDIN.
If --password-file gets STDIN, read the password from the standard input.
x
x
(_gsskrb5_accept_sec_context): use GSS_C_NO_NAME
Add hdb_entry_get_pkinit_hash().
rename asn1_HDB_Ext_PKINIT_certificate to asn1_HDB_Ext_PKINIT_hash
Rename HDB-Ext-PKINIT-certificate to HDB-Ext-PKINIT-hash.
(_kdc_pk_check_client): use the acl in the kerberos database
(_kdc_pk_check_client): make it not crash when there are no acl
x
(format_field): optionally print issuer and anchor.
x
Handle more error codes.
test max_wrap_size in cfx.c
Expose the wrap length calculations in cfx for external testing.
Redo the wrap length calculations.
x
no need to mark _gss_find_mn extern.
no need to mark functions extern.
Make _gss_load_mech() atomic and run only once, this have the side
(gss_inquire_cred): call _gss_load_mech
call _gss_load_mech
add GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
implement gsskrb5_register_acceptor_identity
reimplement gsskrb5_register_acceptor_identity
catch GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
add GSS_KRB5_REGISTER_ACCEPTOR_IDENTITY_X
Add test_cfx
x
Remove dup prototype of _gsskrb5_init()
use slc
add slc commands for gss
test names
more name testing
Avoid calling sl_command w/o command name.
Remove CMS symmetric encryption support.
Remove CMS symmetric encryption support.
x
DigestProtocol
Remove CMS symmetric encryption support.
x
make chap work too (needed for eap-md5)
Remove more CMS bits.
remove aes-192
Add the slc file gss-commands.in to gss program
Make gss objects depend on the slc built gss-commands.h
x
rename command to supported-mechanisms
rename command to supported-mechanisms
Check return values from seteuid, prompted by MIT advisory.
Add comment by seteuid call isn't not needed.
Check return values from seteuid, prompted by MIT advisory.
x
Check for seteuid failure, prompted by MIT advisory.
x
Check return values from setuid, prompted by MIT
If seteuid() failes, break out of the function. Prompted by MIT advisory.
(krb5_get_init_creds_opt_get_error): clear error string on error.
Default to address-less tickets.
Add krb5_{ret,store}_stringnl functions, stores/retrieves a \n
Document krb5_{ret,store}_stringnl functions.
Frontend for remote digest service in KDC
x
Fill in more how this is supposed to work.
use the secret digestkey, not the public session key
unbreak tagging, add identifier.
(krb5_rd_rep): free krb5_ap_rep_enc_part on error and set return pointer to NULL
Tweak to make consisten and more easier to use.
add realm to server-init
Remove empty lines for picky awks
x
save the passwords
add test for chap
Add some missing fields needed for digest.
Add digest.c to libkrb5.so
Add digest support to the client side.
(krb5_digest_set_authentication_user): use krb5_principal
Add digest glue.
Use the krb5_digest api. Return useful errorstring on no-existant command.
Add --kerberos-realm, add client request command.
Change _kdc_db_fetch() to return the database pointer too if needed by
Handle session key etype separately from the tgt etype, now the krbtgt
Adapt to the new sigature of _kdc_find_keys().
(_kdc_get_preferred_key): new function, Use the order list of
(krb5_kerberos_enctypes): new function, returns the list of Kerberos
Include <digest_asn1.h>.
(krb5_kdc_configuration): Add enable_digest
(configure): Add enable_digest, default off
(krb5_kdc_default_config): default to all bits set to zero.
First revision of the digest (CHAP so far) code.
enable digest
Test aes only krbtgt and des3 only service.
x
Make a return a goto to avoid freeing un-inited memory in cleanup code.
add digest to libkdc
document [kdc]enable-digest=boolean
Remove channel bindings from CHAP tests, there is no such thing for CHAP.
Register hdb keytab operations.
(krb5_kdc_process_generic_request): check if we got a digest request
Build and run check-digest test.
x
(HDBFlags): Add allow-digest
Add KRB5_KDB_ALLOW_DIGEST
Set allow digest flag on the server.
x
Use the server as the server and set diffrent password for the user and service.
Simply the disabled-service case.
x
Remove local error label and have just one exit label, set error
x
Remove _kdc_find_etype(), its no longer used.
In the case where we get a DigestError back, save the error string and code.
Comment describing on how to communicate the sasl int/conf mode.
Inital Heimdal css for the info manual
Use heimdal css for makeinfo html mode
Add last updated text.
make box around heimdal title
language.
(DigestRequest): add authid
(krb5_digest_set_authid): new function.
Catch more error.
Catch more error, add SASL DIGEST MD5.
x
x
Add sl_slc_help.
(help): use sl_slc_help().
x
indent.
(sl_slc_help): remove return
x
(proto): use keytab for krb5_recvauth
x
Add special tests for <sys/ucred.h>, include test for sys/param.h and
x
(fallback_get_hosts): limit the fallback lookups to 5.
x
More text about the acl_file entry and hdb-ldap-structural-object.
*** empty log message ***
(renew_validate): inherit the proxiable and forwardable from the
x
Start to hang the private key operations of the private key,
(hx509_keyset_ops): add printinfo
Test hxtool print --info.
Add hxtool print --info.
(pcert_print) print keystore info when --info flag is given.
(hx509_certs_info): print information about the keyset.
pass context to _hx509_create_signature
Include <parse_units.h>.
save the mechs supported when initing the token, print them in printinfo.
x
(p11_printinfo): print mechs in diffrent order
(p11_printinfo): print proper plural s
x
pass context to _hx509_create_signature
x
(no): add OU and sort
x
add more mechflags
x
Even more pretty printing.
(krb5_get_init_creds_opt_set_addressless): used to control the
use new addressless, convert pa-pac option to use the same tri-state
Use new function krb5_get_init_creds_opt_set_addressless.
Document krb5_get_init_creds_opt_set_addressless.
Remove debug printf
Remove debug printfs.
x
(kerberos5_forward): use KDCOptions2int on flags before passing them
x
(init_cred_loop): try to catch the error when we actually have an
x
(krb5_get_init_creds_opt_set_default_flags): fix argument to
update to pkcs11 referens files 2.20
add tests for size_t printf formater
Add size_t formater (z modifer).
x
reapply patch that went away in last commit
unbreak from previous commit
x
Add generated add_ and remove_ for "SEQUENCE OF TType". I'm tried of
add --sequence
Generate sequence function.
add new prototypes, remove unused ones.
asn1_compile += gen_seq.c
enctype is part of the krb5 module now, use that instead of locally defining it.
make generated data work
fix warning.
Add TESTSeqOf for testing sequence generation code.
Add sequence tests.
Add TESTSeqOf for testing sequence generation code.
(p11_get_session): return better error messages
x
(no): Add serialNumber
x
Add cms test for digitalSignature and keyEncipherment certs.
add selection on KU and printing to query
improve pretty printing in print and query
tests more selection
keep one session around for the whole life of the keyset
add _hx509_cert_get_keyusage
add hx509_cert_keyusage_print, simplify oid printing
print keyusage
x
Check for Daniel Bleichenbacher an attack on PKCS #1 v1.5 signatures.
x
check that there are no extra bytes in the checksum and that the
x
(p11_list_keys): fetch CKA_LABEL and use it to set the friendlyname
Try returning what certificates failed to parse or be found.
More pretty printing, make verify_signed return the error string from
(_krb5_pk_verify_sign): catch the error string from the hx509 lib
x
Include hx509_err.h.
(krb5_init_ets): Add the hx errortable
x
(hx509_cms_unenvelope): try to save the error string from
x
Reverse 1.5, not needed.
x
Comment about the DIR module.
Don't build most of the pkcs11 module if there are no dlopen().
x
(find_CMSIdentifier): only free string when we allocated one.
Sprinkle some more error strings.
Sprinkle even more error messages.
x
Sprinkle error messages.
x
(CMSVersion): rename versions from v0 to CMSVersion_v0, ...
x
Prevent a font generation warning, from Jason McIntyre.
x
New function _hx509_Name_to_string.
cast void * to char * when using it for %s formating in printf.
x
(pk_verify_host): set errorstrings in a sensable way
x
Allow passing in encryptedContent and flag.
Add HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT.
Adapt to new signature of hx509_cms_unenvelope.
Add new sequence generation for GeneralNames.
Use the new add_GeneralNames function.
x
x
Add KRB5SignedPath and friends.
Add keyusage for KRB5SignedPath.
Add KRB5SignedPath and friends.
x
Add signing and checking of tickets to s4u2self works securely.
Signing outgoing tickets.
By using full function calling conversion (*func) we avoid problem
Add socket-wrapper test
Make compile again.
By using full function calling conversion (*func) we avoid problem
x
HX509_CMS_UE_DONT_REQUIRE_KU_ENCIPHERMENT is a negative flag, treat it
x
Make common function for all getarg_strings and hx509_certs_append
test bleichenbacher from eay
Improve printing and error reporting.
Add a strict rfc3280 verification flag. rfc3280 requires certificates
x
Add test for yutaka certs.
yutaka test certs
Add "kafs" option.
x
Add commeted out test that exponent is > 3
Fixes from Björn Sandell.
x
(sigterm): don't _exit, let loop() catch the signal instead.
Add samba_SOCKET_WRAPPER fragment
Add samba socket wrapper fragment.
x
Change the password on krbtgt a couple of times to have a non boring kvno.
x
Check the adtkt in the constrained delegation case too.
Add tool for printing tickets.
Test constrained delegation impersonation.
x
Add (c)
Build lib/hx509/{hx509-protos.h,hx509-private.h}.
x
x
Make pk-init turned on by default.
If encryption is required, don't allow it to be turned off.
Allow encryption to be required, wait to the client to turn it on, if
Add require_encryption.
Add documentation for -e, require encryption.
Log port in connection message.
add --logfile option, use htons() on port number
Add check-gssmask and krb5.conf targets
Add krb5.conf for krb5.conf
test for gssmask + gssmaestro.
x
Bleichenbacher bad cert from Ralf-Philipp Weinmann and Andrew Pyshkin, pad right.
starfield test root cert and Ralf-Philipp and Andreis correctly padded bad cert
x
test self context building and all permutation of clients
use new flags, return moniker
Add permutate_all
Add permutate_all (and support functions).
Add eGetVersionAndCapabilities flags
Add a third client
x
Add wrap/unwrap ops
x
update useage for kafs, and add right lib (kafs) to lib_flags.
Add tests to wrap/unwrap.
clean more files
limit keys to des3-cbc-sha1:pw-salt for now
disable ETypeList parsing usage for now, cfx seems broken and its not
x
dont exit early then co-worker is bad.
x
Add previous ETypeList code again, it was a halfbuilt context that
Add mic tests
Add wrap and mic tests for all elements
Add GSS_C_INTEG_FLAG|GSS_C_CONF_FLAG to all flags
x
Catch failures from gssmaestro.
x
merge most of the initiator part from the samba patch by Stefan Metzmacher and Andrew Bartlet (still missing DCE/RPC support)
x
Add GSS_C_DCE_STYLE.
x
(build_context): print the step the context exchange.
Merge of the acceptor part from the samba patch by Stefan Metzmacher
x
Free service_keyblock and fwd_data, indent.
Add GSS_C flags from draft-brezak-win2k-krb-rc4-hmac-04.txt.
try to not call signaction for signal 0 and use NSIG if it exists to
x
(read_string): Try to not call signaction for signal 0 and use NSIG if
x
(decode_type): drop unused variable realtype.
x
remove unused file
x
Fix logging.
Add logsocket support.
x
(gss_accept_sec_context): if the token doesn't start with [APPLICATION
x
Remove stray GSS_C_DCE_STYLE.
Support DCE-style unwrap, tested with w2k3server-sp1.
move the arcfour specific stuff to the arcfour header.
Add wrap support, interrop with itself but not w2k3s-sp1
DCE-style token do include padding, add it back.
Check that the pre-wrapped data is the same as afterward.
Don't announce spn if there is non.
make less exit() happy
switch from wrap/unwrap to encrypt/decrypt
Handle FIRST_CALL in the context building, better error handling.
x
Grow (%p, %a, %n) tables for Solaris 10 lex. From Harald Barth.
remove ^M, it breaks solaris 10s cc. From Harald Barth
Include <sys/param.h> for MAXHOSTNAMELEN.
Add ret16.
Fix "if (x) lock(y)" bug. From Harald Barth.
Fix double free's, NULL ptr de-reference, and conform better to pkcs11.
x
Make internal function static (and rename).
Split all mech to diffrent mechsrc variables.
prefix all gss_spnego with _, use generated headers
build gssapi mech private files
x
Move _gssapi_wrap_size_arcfour here.
(_gsskrb5_wrap_size_limit): use _gssapi_wrap_size_arcfour for arcfour
x
(digest_request): if NULL is passed in as realm, use default realm.
Don't require --kerberos-realm.
x
Always use the kdc_flags in the right bit order.
Make compile.
minimize layering and remove krb5_kdc_flags
x
Improve the calcucation of header lengths. DCE-STYLE data is also
x
try harder to get the header calculations right
Thinker more with header lengths.
indent comment
Add more libs to libhx509
x
x
Add krb5_digest functions.
Basic krb5_digest manpage.
x
Add all protos
man_MANS += krb5_digest.3
x
In generation of remove_TYPE: if you just removed the last element,
x
Sign the request in the encKey case.
x
Add flag --pk-use-enckey.
Test pkinit encKey case.
x
Add autobuild, GPLed, but free to use in projects not avaible under
x
Call AB_INIT.
x
(hdb_get_entry): memset ent before passing it into ->hdb_fetch().
first cut
More liberal parsing of AC_INIT
small fixes
Clean better.
Another mail header.
More options and flags.
spelling
add --build-dir
add missing fi, default to wget
build all first
disable ENABLE_PTHREAD_SUPPORT and explain why
remove <sys/queue.h>
x
Maybe include <sys/wait.h>.
(_hx509_Name_to_string): remove dup const
#if 0 out unused code.
Cast argument to ctype(3) functions to (unsigned char).
x
Print how wrong the lenght are. Try more context token exchanges.
Include uname -a output in mail, and log delimiter
Don't unpack cvs
More stuff we have completed.
Make digest argument o MD5_final unsigned char to help OpenSSL.
x
(parse_rsa_private_key): free type after use
x
(parse_rsa_private_key): free type earlier.
x
Add bonus path
(methods): Add hook for ldb.
(hdb_get_entry): close and destroy the database later, the
(_krb5_principalname2krb5_principal): adapt to signature change
(_krb5_principalname2krb5_principal): add krb5_context to signature.
Adapt to signature change of _krb5_principalname2krb5_principal.
x
(common_init): don't try DNS when there is realm w/o a dot.
Adapt to signature change of _krb5_principalname2krb5_principal.
place holder for socket_wrapper
ignore Makefile.in
split build files into dist_ and noinst_ SOURCES
x
split build files into dist_ and noinst_ SOURCES
split build files into dist_ and noinst_ SOURCES
x
split build files into dist_ and noinst_ SOURCES
split build files into dist_ and noinst_ SOURCES
x
split build files into dist_ and noinst_ SOURCES
x
added tests script depenencies
splits script tests and binary tests
x
Include manpages in distribution.
x
revert previous
Add man_MANS to EXTRA_DIST
x
Add man_MANS to EXTRA_DIST
x
Add all openssl algs and init asn1 et
add OPENSSL_add_all_algorithms and friends
add symbol rewrites
add OPENSSL_add_all_algorithms and friends
Add to all objects BUILD_ROKEN_LIB.
Make argument to PKCS5_PBKDF2_HMAC_SHA1 unsigned char to make OpenSSL happy.
Grow an even larger output table size.
x
Add man_MANS to EXTRA_DIST
revert previous
Require openssl have OpenSSL_add_all_algorithms
x
crypto-headers.h is a nodist header
Add man_MANS to EXTRA_DIST
x
Add build_HEADERZ to EXTRA_DIST
Fix spelling.
OpenSSL_add_all_algorithms is not a openssl specific requirement,
memset the structure to make sure that we don't get compiler warnings.
x
Add build_HEADERZ to EXTRA_DIST
x
Include <roken.h>.
Maybe include <sys/types.h>.
x
Remove dup return.
import imath 1.6
Fix depenency for slc built files.
Make depenency for slc built files just like everywhere else.
fix generation of prototypes headerfiles.
Install <gssapi.h> in gssapi/, provide a compatiblity header.
(install-build-headers): make this function convoluted and deal with
x
Move the gssapi.h from lib/gssapi/ to lib/gssapi/gssapi/ to please automake.
Move the gssapi.h from lib/gssapi/ to lib/gssapi/gssapi/ to please automake.
Correct header file inclusion protection.
Add file inclusion protection.
x
reference all include files using krb5/
Move gssapi_spengo.h over here.
reference all include files using spnego/
Drop some -I no longer needed.
x
Move krb5 stuff to <gssapi/gssapi_krb5.h>.
fix local install-build-headers
fix local install-build-headers (again)
fix local install-build-headers (again * 2)
install gssapi_krb5.H and gssapi_spnego.h
x
(handle_vanilla_tcp): shorten length when we shorten the buffer, this
x
Add new pkcs11 related errors in a new section: keystore related error.
Return HX509_PKCS11_NO_SLOT when there are no slots and
Adapt to signature change of _krb5_principalname2krb5_principal.
x
added by autoreconf -f -i
Clarify protocol.
x
Update (c) years.
x
dist_-ify libkadm5clnt_la_SOURCES too
x
test_name is a PROGRAM_TESTS
Add option time.
Implement --time= option.
Put all test stuck at 2006-09-25 since all their chains where valied then.
x
Include socket wrapper from samba4 (rev 19179).
x
Memset irep to zero.
(tgs_parse_request): set cusec, not csec from auth->cusec.
x
Add more HDB_F flags to hdb_fetch. Pointed out by Andrew Bartlet.
x
Add v6 support.
Use a symbol for the v6 address.
define RTLD_LOCAL to 0 if not defined.
x
Add back :file to sample format.
x
Protect AF_INET6 with #ifdef HAVE_IPV6.
x
Maybe include <config.h>.
x
Change || to |, From metze.
x
(krb5_kdc_config): Add max_datagram_reply_length.
check for [kdc]max-kdc-datagram-reply-length
Rename krb5_kdc_process_generic_request to krb5_kdc_process_request
Reply KRB5KRB_ERR_RESPONSE_TOO_BIG error if its a datagram reply and
(do_request): tell krb5_kdc_process_request if its a datagram reply or not
x
Parameterise the invocation of hxtool, so we can make it run under TESTS_ENVIRONMENT. From Andrew Bartlett
Heimdal uses TESTS_ENVIRONMENT before every binary being tested directly from the Makefile. This now uses the same for the scripts, so we can run them under valgrind. From Andrew Bartlet
x
x
(loop): Log that the kdc have started.
Force no socket wrapper for socket_wrapper itself.
try even hard to not use socket wrapper for socket_wrapper itself.
x
"wait for kdc to start"-script
use wait-kdc.sh script
x
Add socketwrapper and cputime limit.
use wait-kdc.sh script
x
more consitity check, remove dead code, add socket length code, add
x
(parse_rsa_private_key): try all password and prompter.
x
(p11_release_module): j needs to be used as inter loop index. From
x
(RSA_free): Call the meth->finish before releasing the engine.
Maybe include <netdb.h>.
x
Add lucid interface, renumber oids to my delegated space.
Add lucid interface.
Add OM_uint64_t.
x
Test lucid oid.
x
Include Xint64 types.
x
document max-kdc-datagram-reply-length
x
Make it work.
x
a tests for gss lucid interface
add test_context
Check if the gss context tester test_context works ok.
x
(pk_mk_pa_reply_enckey): add missing break. From Olga Kornievskaia.
x
et KRB5CCNAME in global enviorment
x
New der_put_heim_integer signature.
New der_put_heim_integer signature.
x
remove der_parse_oid prototype, it was never implemented.
move any definitions here.
Generate der prototypes.
use newly built <der-protos.h>
Add der-protos.h to nodist_include_HEADERS.
x
rename copy_ to der_copy_
prefix primitive types with der_
make der_free_ia5_string compile again.
prefix primitive types with der_
Add der_parse_heim_oid
move prototype any from where.
x
rename the buildin timegm to _der_timegm
Drop heim_any.h.
Drop heim_any.h, prefix der primitives with der_
Drop heim_any.h
x
Match the prompt type PROMPT exact.
prefix der primitives with der_
x
Prefix der primitives with der_.
Remove workaround from when there wasn't always aes.
x
x
Prefix der primitives with der_.
Prefix der primitives with der_.
Include "crypto-headers.h".
x
Prefix primitive types with der_.
x
update (c)
Be more explit about what test failed.
x
Add explit depenency on libroken.
x
(HMAC_CTX_cleanup): destroy the EVP_MD_CTX, so it will be freed.
x
Remember to release certs.
Move out rand-unix functions from the core unix lib.
add rand-unix.c
Move out rand-unix functions from the core lib.
Add random-data.
Add random-data command, use sl_slc_help.
random-data
RAND_bytes() return 1 for cryptographic strong data, check for that.
x
Test random-data.
x
extra depencies on der-protos.h
Build lib/asn1/der-protos.h.
x
Include <parse_bytes.h>.
x
Prefix asn1 primitives with der_.
remove stale comment
x
add bits to make lucid context work
x
handle more bits
x
Maybe include <sys/filio.h>.
fix error string
fix builddir
add pwd to socketwrapper dir
set ret, remember to free ivdata
Set status.
x
x
tell when done and add status
(krb5_context): add dns_canonize_hostname.
use dns_canonize_hostname to determin if we should talk to dns to find
add [libdefaults]dns_canonize_hostname
Add krb5_set_dns_canonize_hostname and krb5_get_dns_canonize_hostname
x
Add krb5_set_dns_canonize_hostname and krb5_get_dns_canonize_hostname
add GSS_KRB5_SET_DNS_CANONIZE_X
add GSS_KRB5_SET_DNS_CANONIZE_X
implement GSS_KRB5_SET_DNS_CANONIZE_X
Add gsskrb5_set_dns_canonlize.
remove gss_krb5_compat_des3_mic
add test for dns canon flag
test with and without dns-canon
x
Provide symbol renaming, let see what breaks.
x
Revert prevois for now, the problem is that we have to include
x
vJust fail if tm_mon is out of range for now XXXX this is wrong.
spelling
x
sort 0.8 items
Add krb5_get_kdc_sec_offset().
Document krb5_get_kdc_sec_offset()
Use krb5_get_kdc_sec_offset.
Hide krb5_context_data from public exposure.
Add krb5_parse_name_flags flags.
Add krb5_parse_name_flags.
Document krb5_parse_name_flags.
x
Add krb5_unparse_name_flags and krb5_unparse_name_fixed_flags.
x
Document krb5_unparse_name{_fixed,}_flags.
x
Add flags for krb5_unparse_name_flags
(krb5_get_host_realm): no components -> no dns. no mapping, try local
x
(krb5_get_host_realm): make sure we don't recurse
More name tests.
Support switching on name type oid's
x
remove dup exit
x
Test principal parsing and unparsing.
More error string, handle realm-less printing.
Add test_princ.
x
Wrap function call pointer calls in (*func) to avoid macros rewriting
x
Add more verbose logging, add version of script and heimdal to the mail.
x
add GSS_KRB5_GET_INITIATOR_SUBKEY_X
add GSS_KRB5_GET_INITIATOR_SUBKEY_X and GSS_KRB5_GET_SUBKEY_X
x
Add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X.
try new subkey handling
add GSS_KRB5_GET_ACCEPTOR_SUBKEY_X
x
GSSAPIContextToken is IMPLICIT SEQUENCE
Avoid memory leak.
x
Make it into a heim_any_set, its doesn't except a tag.
x
(digest_request): fix usage of realm vs r arguments.
Comment out random-data for now, not all hosts have /dev/random.
Fix awk statement, put RE on the right side.
x
Maybe include <sys/time.h> and/or maybe include <time.h>.
x
Rename timegm to _der_timegm.
x
Include sys/types.h for sys/socket.h and netdb.h.
x
make --disable-pk-init help text also negative
x
Check if the kdc have any useful builtin database.
build have-db
If there is no useful db support compile in, disable test
If there is no useful db support compile in, disable test
Add commeted out digest check.
Rename GSS_DIGEST_MECHANISM to GSS_SASL_DIGEST_MD5_MECHANISM
add GSS_SASL_DIGEST_MD5_MECHANISM (for now)
Allow specifing mech.
update (c)
x
Include <roken.h>, gives os socklen_t on IRIX 6.4.
x
(p11_list_keys): make element of search_data[0] constants and set them later
Does function typecasts instead of void * type-casts.
Does function typecasts instead of void * type-casts.
remove stray ;
remove stray ;
Remove bonus , that Love sneeked in.
x
Does function typecasts instead of void * type-casts.
x
(print_sl): remove unused function
give path to have-db
x
x
Remove stray ;
add timegm
update (c)
make more strict
always use _der_timegm
(generalizedtime2time): always use _der_timegm.
Add check for _der_timegm.
Add check for timegm.
Add timegm glue.
Don't check for timegm, libroken provides it for us.
x
(DH_compute_key): return -1 on bad public key.
x
Add heimdal-build.sh to EXTRA_DIST.
remove spnego/gssapi_spnego.h, its now in gssapi/
fix spelling of build_HEADERZ
x
(libeditline_la_SOURCES): add edit_locl.h
x
(libel_compat_la_SOURCES): add edit_compat.h
(compile_et_SOURCES): add lex.h
x
(ES): add roken_rename.h
x
(asn1_compile_SOURCES): add gen_locl.h
x
Add missing files
Add hash.h and des-tables.h.
x
Add more files.
Add more files.
x
Return -1 dh_compute_key on failure, pointed out by Olga Kornievskaia.
x
add more files
Try harder to generate a good keypair.
x
make compile
(dh_compute_key): fix signness test
x
add more files
x
Allocate more bits.
x
x
x
more files
x
more files
x
Include roken.h last to avoid rewriting the wrong symbol
split dist and nondist HEADERS
x
move socket_wrapper.h to dist headers
Add loginpaths.h
x
more files
add wait-kdc.sh
Add make check data.
x
add missing \
Add krb5_send_to_kdc_func prototype.
Add send_to_kdc hook.
x
Add sent_to_kdc hook, from Andrew Bartlet.
x
Disable TEXI2DVI for now.
More files, now for make check.
x
more files
Add pki-mapping to dist file.
x
Rename krb5_set_send_recv_func to krb5_set_send_to_kdc_func.
add GSS_KRB5_SEND_TO_KDC_X
Add GSS_KRB5_SEND_TO_KDC_X and gsskrb5_set_send_to_kdc
Add gsskrb5_set_send_to_kdc
add cf/install-catman.sh
Implement GSS_KRB5_SEND_TO_KDC_X.
x
provide uninstall command
provide uninstall hook for cat/manpages.
x
Put Heimdal in the dircategory Security.
(krb5_free_context): free send_to_kdc context
x
clean files
Avoid creating a file called --version.
argc > 1
no need to clean --version any longer
clean more files
clean files in submakefiles
add include/gssapi/Makefile.
include more test.asn1 built files
Avoid creating a file called --version.
x
x
Avoid creating a file called --version.
clean have-db
Clean temporary files
sort tempfiles
x
add nt_gss_common.h
ignore kcm_protos.h
ignore kdc-protos.h and kdc-private.h
ignore der-protos.h
ignore spnego-private.h
x
Make compile.
add gssapi to subdirs
ignore Makefile.in
x
add GSS_KRB5_GET_AUTHTIME_X
remove dups from gen_files_test, add check-timegm.
x
Add get_authtime.
add gsskrb5_extract_authtime_from_sec_context
Add gsskrb5_extract_authtime_from_sec_context.
x
try harder to remove generated testfiles
krb5_set_send_to_kdc_func takes two arguments.
includes some STREAMSPTY header here to avoid ioctl vs socket_wrapper horror.
Dont't include some streamspty headers here.
x
Call setprogname.
x
files to run yacc/lex on
need %e for hpux lex
remove dependency on et files covert_db that now is removed
x
Borrow test for autoconf cvs to help hpux hosts
x
add missing */
x
split dist and nodist sources
Drop -pthread for now.
Fix spelling.
Don't include <X11/Xos.h>, its x11's "roken.h" and we do that just
x
Remove strerror workaround now that we don't include <X11/Xos.h>.
Try to align data, IA64's gets upset if its unaligned.
x
add EGREP to do_subst
Use EGREP.
x
Print size_t as (unsigned long) and cast.
x
unbreak previous
x
x
Add more dh tests.
HP/UX defines SE in sys/uio.h, #undef it.
x
add imath-1.7
add --prepend-path
provide dummy functions with content
Add --ccache-dir
Add --test-environment
x
include <string.h>
x
(der_parse_heim_oid): avoid leaking memory
x
avoid leaking memory
x
Try harder to free certificate.
leak a little bit less
Leak less memory.
unbreak.
Add missing argument.
Include roken.h before the local headerfiles.
use a sensable content type
x
Try to not leak memory (again).
Try to not leak memory.
Clean error string on failure just to make sure.
(RSA_free): free the whole key
x
Try to not leak memory.
(hx509_crypto_destroy): free oid.
Try to not leak memory.
(hx509_certs_add): add comment on refcounting.
Try to not leak memory.
Try to not leak memory.
Try to not leak memory.
unbreak
Try to not leak memory.
Try to not leak memory.
(unix_bytes): read until the other side give us all or fail.
Read 50 kilobyte random data
x
Try to not leak memory.
(_hx509_private_key2SPKI): indent
Try to not leak memory.
x
Try to not leak memory.
clean memory before free
x
(AES_string_to_key): Try to not leak memory.
(arange_free): Try to not leak memory.
Try to not leak memory.
Try to not leak memory.
Try to not leak memory.
Try to not leak memory.
Make test work again.
Allocate the memory we later use.
(gss_release_name): free input_name it-self.
free krb5_context
free krb5_crypto.
x
remove since it didnt help
Use old implementation of gss_add_oid_set_member, it leaks less memory.
x
(hdb_generate_key_set): free list of enctype when done.
Try to not leak memory.
x
x
Try to not leak memory.
Try to not leak memory.
Make make fix-export less verbose.
x
(check_KRB5SignedPath): free KRB5SignedPath on successful completion
Try to not leak memory.
use libtool to build binaries
x
indent
Try to not leak memory.
unbreak.
valgrind suppressions
Add target for valgrind debugging
remove valgrind target, it doesn't belong here.
Add target for valgrind debugging
x
tell more what the kdc though about the failure.
make have-db being built in the "make all" target.
spelling
x
fail diffrently
x
Try to not leak memory.
x
RC1
x
lowercase rc
go back to pre for now
run eval on the testfailed variable so we run all commands
x
comment to clearify success-case
(hx509_cert_get_base_subject): one less EINVAL
add HX509_LOCAL_ATTRIBUTE_MISSING
No more EINVAL.
(d2i_RSAPrivateKey): Return NULL on failure
unbreak.
add context variable to _hx509_collector_private_key_add
Sprinkle more hx509_context so we can return propper errors.
Sprinkle more hx509_context so we can return propper errors.
add HX509_PARSING_KEY_FAILED
Sprinkle more hx509_context so we can return propper errors.
return less EINVAL
Pass in context to _hx509_parse_private_key.
Return less EINVAL.
add EXTRA_DATA
sprinkel more hx509_set_error_string
Return less EINVAL.
x
more error-codes
x
(export_lucid_sec_context_v1): remove locking around
Default to always print subject dn for pk-init authorization.
add more pkcs11 errors
Return less EINVAL.
set more error strings
(import_cred): free sp
(AcquireCreds): free krb5_get_init_creds_opt
make compile
x
(_gssapi_verify_mic_cfx): always free crypto context.
Free the security contexts when done.
make compile
(gss_release_buffer_set): don't leak the ->elements memory.
x
Avoid leaking memory. rename ->handle to ->handles.
Avoid leaking memory.
Sleep some longer.
Try free all resources.
Only log when there are resources left.
SLIST_INIT the ->gc_mc
x
(loop): free target_name
(gsskrb5_accept_delegated_token): need to free ccache
x
Move version.h and version.h.in to DISTCLEANFILES.
x
(add_list): fix alloc statement
(add_list): fix alloc statement, From Alex Deiter
x
Rename various routines and constants from canonize to canonicalize.
Rename various routines and constants from canonize to canonicalize.
Rename various routines and constants from canonize to canonicalize.
Add krb5_[gs]et_time_wrap
Rename various routines and constants from canonize to canonicalize.
x
(_kdc_as_rep): More verbose time skew logging.
(hx509_query_match_cmp_func): allow setting the match function.
add context variable to cmp function.
(hx509_query_match_cmp_func): return 0
x
Add GSS_KRB5_GET_SERVICE_KEYBLOCK_X
Add extraction of keyblock function, from Andrew Bartlett.
Add gsskrb5_extract_authz_data_from_sec_context and keyblock
Add keyblock extraction functions, set more errorstrings
Test gsskrb5_extract_service_keyblock, needed in PAC valication.
x
A few fixes to have Heimdal pass the make check under socket_wrapper.
x
x
Fix extraction of authz data from the AuthorizationData sequence:
(krb5_ticket_get_authorization_data_type): unbreak.
Set more error strings, use right enum for acceptor subkey.
(krb5_rd_req_ctx): Add context all singing-all dancing version of the
krb5_rd_req_{in,out}_ctx.
x
check if there is any key at all
(gsskrb5_get_subkey): return the per message token subkey
(gsskrb5_acceptor_start): use krb5_rd_req_ctx
Add more krb5_rd_req_out_get functions.
Sprinkle error strings.
Catch error string from hx509_cms_verify_signed.
(init_auth): There is no OID wrapping on the reply token. From Andrew Bartlett
Add IS_DCE_STYLE macro.
test wrap/unwrap, add flag for dce-style and mutual auth,
Use IS_DCE_STYLE flag. There is no padding in DCE-STYLE, don't try to use to.
Test mutual contexts and a commited out dce-style test
x
x
Include <roken.h> for compatiblity.
x
Add GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X.
Add dummy gss_krb5_set_allowable_enctypes for now.
(gsskrb5_extract_authtime_from_sec_context): use _gsskrb5_decode_om_uint32
No depenency of the krb5 gssapi mech.
x
Add krb5_storage_from_readonly_mem that is safe to use on
x
_gsskrb5_extract_authz_data_from_sec_context no longer used, bye bye
Check that authtime is sane, From Andrew Bartlet
use krb5_get_time_wrap
rename krb5_[gs]et_time_wrap to krb5_[gs]et_max_time_skew
x
Use EGREP.
Use EGREP.
Remove support dumping to a kerberos 4 database.
document krb5_[gs]et_max_time_skew
Add gsskrb5_set_default_realm.
add GSS_KRB5_SET_DEFAULT_REALM_X
Support GSS_KRB5_SET_DEFAULT_REALM_X.
x
Add gsskrb5_set_default_realm.
x
Almost enough code to do PAC parsing and verification, missing in the
Add krb5_c_keylength.
Document krb5_c_keylength.
x
Move the GSS_KRB5_S error here.
Build and install gkrb5_err.h
Add gss_krb5_set_allowable_enctypes.
Include <gkrb5_err.h>.
GSS_KRB5_S_
Implement gss_krb5_set_allowable_enctypes
Use int32_t for enctypes for now.
add GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X
x
libgssapi_la_OBJECTS: add depency on gkrb5_err.h
(swrap_sendto): fail on to unknown si->type
x
Try better guessing what is mech we are going to select by looking
x
(_kdc_as_rep): drop client_princ from _kdc_pk_check_client since its
(_kdc_pk_check_client): drop client_princ as an argument
x
remove include $(srcdir)/Makefile-digest.am for now
Verify LOGON_NAME.
Sprinkle error strings.
PAC testing.
x
Add struct krb5_pac.
Add code to sign PACs, only arcfour for now.
Test signing.
Build PAC code.
x
Spelling.
Add first version of the plugin interface.
Add plugin interface for resolving that is API compatible with MITs version.
Test resolve plugin
Use the resolve plugin interface.
Add plugin api.
Help solaris make.
Help solaris make even more.
Read config file and allow multi directories.
Add plugin types.
update (c)
x
Use plugin for the other realm locate types too.
Set sin_len if it exists.
Fill in hints for picky getaddrinfo()s.
x
Use 127.0.0.2 to make us slightly diffrent from the rest of the world.
Use NOTHERE.H5L.SE.
x
Use TEST.H5L.ORG instead of EXAMPLE.ORG
use TEST.H5L.SE
use TEST2.H5L.SE
regen with TEST.H5L.SE
SE not ORG
Update all strings
x
x
Change realm to TEST.H5L.SE
When calling ->gm_set_cred_option and checking for success, use
x
switch to test.h5l.se
x
Forward decl
(fill_zeros): stop using MIN.
Create our own krb5_context.
Switch from using a specific error message context in the TLS to have
x
Forward decl.
x
Better error strings, from Andrew Bartlet.
x
(_gss_mech_cred_find): break out the cred finding to its own function
x
Filter out SPNEGO from the out supported mechs list and make sure we
test more combination of context building
Add dce-style context building test.
Use ASN.1 encoder functions to encode CHOICE structure now that we can handle it.
Keep track of the opportunistic token in the inital message, it might
Add delegate flag and check that the delegated cred works.
x
(_gss_spnego_accept_sec_context): send back ad accept_completed when
x
Use ASN.1 encoder functions to encode CHOICE structure now that we can handle it.
x
Make bitfields unsigned, add maybe_open.
how to build a mac package
x
clean after ourself.
x
Talk about how far the build have progressed.
Resources
Info.plist.in
We shouldn't be running /bin/ls under valgrind, but for now, at least
x
Test that token keys are the same, return actual_mech.
(hx509_get_error_string): Put ", " between strings in error message.
x
Add krb5_enctype_keybits.
(krb5_c_keylength): mit changed the api, deal.
(krb5_c_keylengths): rename.
Update krb5_c_keylengths
(krb5_c_keylengths): make compile again.
Make app pkinit options prefixed with pkinit_
Make all pkinit options prefixed with pkinit_
x
fix spelling
rename enable-digest to digest_enable
revert previous
x
revert the enable-pkinit change, and make it consistant with all other
fix pkinit option (s/-/_/)
x
Make krb5_get_init_creds_opt_free take a context argument.
x
Make krb5_get_init_creds_opt_free take a context argument.
Use KRB5_KU_OTHER_CKSUM for the impersonate checksum.
Drop KRB5_KU_TGS_IMPERSONATE.
Make KRB5-PADATA-S4U2SELF pa type 129.
x
document krb5_[gs]et_warn_dest
(krb5_get_warn_dest): return warn_dest from krb5_context
x
update (c)
Make all pkinit options prefixed with pkinit_
x
(renew_func): if the initial ticket wasn't renewable from the
(krb5_get_init_creds_opt_free): allow free on NULL.
Build pk-init proxy cert.
(hx509_cms_create_signed_1): provide a best effort path to the trust
regen
(_hx509_calculate_path): allow to calculate optimistic path when we
(_krb5_pk_create_sign): stuff down the users certs in the pool to make
Test proxy cert.
x
check that the getarg -- option works for delete and add.
x
pkinit_allow_proxy_certificate=true
(der_print_heim_oid): use delim when printing.
x
Handle printing and parsing raw oids in name.
test printing and parsing raw oids in name.
Set the large_msg_size to 1400, lets not fragment packets and avoid
x
Add LIB_roken and (implictly by that libvers for print_version) to LDADD
x
Sprinkle context and error strings.
Sprinkle error strings.
Handle that _hx509_verify_signature takes a context.
x
x
Add hx509_peer_info and hx509_select selectors.
Allow selection of a better digest using hx509_peer_info.
Allow selection of digest/sig-alg
add struct hx509_peer_info
Update hx509_cms_create_signed_1.
add peer.c
(hx509_select): new function.
x
fixed some, added some
(_kdc_pk_rd_padata): Pick up supportedCMSTypes and pass in into
Add some more comments about how this works.
x
Sprinkle error string and hx509_contexts.
Sprinkle more error strings.
Sprinkle more error string and hx509_contexts.
x
Pass down hx509_peer_info.
x
print return value for RSA_private_decrypt
Split error codes for now
x
(hx509_crypto_select): improve
(der_print_heim_oid): oid with zero length is invalid, fail to print.
(hx509_crypto_available): use right index.
x
Add crypto-select and crypto-available.
x
Rename hx509_select to hx509_crypto_select.
add HX509_SELECT_ALL
Spelling.
update (c)
x
Its ok with smaller signatures.
Return -1 for failure.
x
test crypto-select and crypto-available
Expand crypto-select
(hx509_crypto_available): let alg pass if its keyless
(crypto-available): add --type
test crypto-select and crypto-available
x
(hx509_crypto_select): check sig_algs[j]->key_oid
(build_auth_pack): set supportedCMSTypes.
rewrite comment to make more sense
Remove trailing white space.
x
Pass down datagram_reply to _kdc_tgs_rep.
Reply KRB5KRB_ERR_RESPONSE_TOO_BIG for too large packets when using
x
Need better code in the DH parameter rejection case, add comment to
use unsigned int as counter to fit better with the asn1 compiler
Allow selection of minium bits from the DH parameters.
(hdb_lock): also ignore EAGAIN as a locking retry error.
x
split return values.
sprinkle more error strings
x
Make build again from the hdb_entry wrapping. Patch from Andreas Hasenack.
x
revert previous patch
Don't check the trust anchors expiration time since they are
x
Add explicit depenency to LIB_roken for libasn1.la, make AIX happy.
x
Remove anther strndup that causes AIX to fall over.
Depend on LIB_com_err for AIX.
x
(hx509_cms_verify_signed): specify what signature we failed to verify
x
Add LIB_com_err to pacify AIX
Add LIB_com_err to pacify AIX
x
Add LIB_pkinit to pacify AIX
Don't (afs) unlog using kdestroy
x
Store what PK-INIT type we used to know reply to expect, this avoids
x
add RSA_PKCS1_OAEP_PADDING
add more pkinit options.
x
spelling
(kadm_connect): clear error string before trying to print a errno,
(plugin_get_hosts): be more paranoid and pass in a NULLed plugin list
x
Check if header is there
x
Use mp_int_to_binary to encode bignums
x
Revert preious, something fishy is going on.
Fix the rsa-decrypt failed case that been hauting me for a while.
Test rsa operations
test rsa key
Make faster and less verbose
rsa and crypto engine test cases
x
x
Report to syslog strings that start with NUL; prevents negative index
Use strcspn to remove \n from fgets result. Prompted by change by Ray
x
Clear errno before calling the strtol functions. From Paul Stoeber to
x
Explain what the fixed "sha1" checksum test tries to test.
x
Add more spaces to allow sh to parse this
x
rc2
0.8pre again
Split built programs and scripts for tests
Add test_crypto.in to EXTRA_DIST.
x
Tests for CMS SignedData with incomplete chain from the signer.
add time validity-testing to query mask
(find_parent): when checking for certs and its not a trust anchor,
Provide time to _hx509_calculate_path so we don't send no longer valid certs to our peer.
x
Add rsakey.der to EXTRA_DIST.
x
Use strcspn to remove \n from string returned by fgets.
x
(rsa_create_signature): Abort when signature is longer, not shorter.
x
add HX509_CALCULATE_PATH_NO_ANCHOR
(hx509_cms_create_signed_1): when building the path, omit the trust
(_hx509_calculate_path): add flag to allow leaving out trust anchor
x
Add comment that the anchors in the signed data really should be the
x
(find_CMSIdentifier): require the certificate we are looking for to be valid.
Parse and use PA-PK-AS-REQ.trustedCertifiers
(hx509_query_match_issuer_serial): allow matching on issuer and serial num
x
Remove unused function.
update (c)
(hx509_query_match_issuer_serial): make a copy of the data
(_kdc_pk_rd_padata): leak less memory for ExternalPrincipalIdentifiers
x
set automake symbol COM_ERR when we build local com_err
Make the directories test automake conditional so automake can include
x
fix test for COM_ERR
x
(EXTRA_DIST): add tst-crypto* files
x
(_kdc_tkt_add_if_relevant_ad): new function.
(_kdc_tkt_add_if_relevant_ad): use _kdc_tkt_add_if_relevant_ad to add the SignedPath.
(_kdc_add_inital_verified_cas): new function, adds an empty (for now)
(_kdc_as_rep): add AD-INITAL-VERIFIED-CAS to the encrypted ticket
x
(EXTRA_DIST): add data/pkinit-proxy* files
x
Print more of the SAN's, esp id-pkinit-san.
Prettyprint SAN/IAN
Include <pkinit_asn1.h>.
CLEANFILES += vis.h
CLEANFILES += test_crypto
CLEANFILES += test
x
(Time2string): print hour as hour not min
x
AltNames: Print all diffrent names of a GeneralName
Add id-pkix-on-dnsSRV and related oids
ops, remove extra stuff copied from the draft
Split OtherName printing code to a oid lookup and print function.
(check_key_usage): tell what keyusages are missing
(check_key_usage): print subject, not issuer
unbreak id-pe-proxyCertInfo
x
Clairfy and make proxy cert handling work for multiple levels, before
Fix names and restrictions on the proxy certificates
x
EXTRA_DIST: add data/proxy10-child-child-test.{key,crt}
test proxy cert (third level)
regen
fix errorstring for PROXY_CERT_NAME_WRONG
x
make a note that we MUST check info.proxyPolicy
add pkix proxy cert policy lang oids
x
regen, this time with openssl 0.9.8x
Copy more hx509 error strings to krb5 error strings
Pass filename to the parse functions and use it in the error messages
sprinkle more _krb5_pk_copy_error
x
(try_decrypt): pass down AlgorithmIdentifier that key uses to do sigatures
Pass in hx509_signature_rsa to key collector
(_hx509_private_key_assign_rsa): set a default sig alg
Return error codes on failure, improve error reporting.
x
Less verbose error message.
Remember to p11_put_session in the failure cases too.
Install extra posix headers in <roken/...> to avoid dup headers.
x
prefix strvis functions with rk_
Prefix strvis functions with rk_ and do symbol renaming.
Prefix getifaddrs functions with rk_
(no): add S=stateOrProvinceName
x
(print_certificate): print serial number.
x
(libgssapi_la_OBJECTS): depends on gssapi_asn1.h spnego_asn1.h.
x
drop include
remove stuff that should have be commited yet
prefix digest commands with digest-
prefix digest commands with digest_
x
prefix digest commands with digest-
Read the appdefault configration before we try to use the flags.
(init_auth): only turn on GSS_C_CONF_FLAG and GSS_C_INT_FLAG if the
x
inital version of a NTLM library, only handles ntml version 1 and ascii strings for now
Provide some prototypes for the rk_vis functions.
x
add simple parser test app
x
(free_paid): free the krb5_data structure too.
x
(GSS_KRB5_SET_DEFAULT_REALM_X): don't fail on success.
ntlm gssapi module, only support context building
Fix argument for unvis and strsvisx.
prefix unvis functions with rk_, and prototypes.
x
strsvisx takes 5 arguments
Remove unvis prototypes, use internal version of rk_strsvisx.
Include rk_versions.
add strsvis rename.
Always include rk_ versions.
Use internal version of rk_unvis
x
Don't fail, mech glue layer can't stand that.
Check after a credential to use.
x
Expand the default root for some of the cc type names.
Support "iteration" of file credential caches by giving the user back
x
Catch more error errors.
Add bits for handling NTLM.
Add ntlm files.
API to authenticate ntlm requests.
add forward declaration for krb5_ntlm
(AC_CONFIG_FILES): add lib/ntlm/Makefile
hook in ntlm
Add ntlm gss-api module.
Switch OID to the ms ntlmssp oid
add ntlm mech oid
Add detection of NTLMSSP.
NTLM test app.
Add the builtin ntlm mech
(handle_type3): verify that the kdc approved of the ntlm exchange too
add __gss_ntlm_initialize
allow testing of ntlm.
Make compile.
Check that ntlm works.
x
just run autoreconf -i -f
libkdc needs libheimntlm.la
libheimntlm.la needs to be built after libkrb5.la
Include <heimntlm.h>.
kdigest depends on libheimntlm.la
add ntlm-server-init
if the user have a kadmin/admin initial ticket, don't ask for
x
Support NTLM verification, note that the KDC does no NTLM packet
(fcc_get_cache_next): avoid const warning.
x
Add ntlm_name.
(_gss_ntlm_import_name): add support for GSS_C_NT_HOSTBASED_SERVICE names
ntlm username and password file
Use the target_name to figure out what username/password to use
store username and password in the ntlm_ctx
(_gss_ntlm_release_name): free name.
free username and password
(init_sec_context): Tell the other side what domain we think we are
test more combinations of names
x
less bash in the test script
Allocate the buffer from the right length.
x
(krb5_ret_principal): Fix a bug in the malloc failure part, noticed by
update (c)
Its very sad, but NegHints its are not part of the NegTokenInit, this
try harder to handle names better. handle missing acceptor and initator creds better (ie dont propose/accept mech that there are no credentials for) split NegTokenInit and NegTokenResp in acceptor
add _gss_free_oid, reverse of _gss_copy_oid
return GSS_S_UNAVAILABLE
Check that the KDC seem to there and answering us, we can't do better
add _gss_ntlm_allocate_ctx
allow asserting return mech
check spnego combinations.
add check-spnego
x
ntlm username/password file.
less bash in the automated version.
x
Abstract out the initiator filter function, it will be needed for the
Abstract out the initiator filter function, it will be needed for the
check that the generated acceptor mechlist is acceptable too
x
Generate sequence code for MechTypeList
move _gss_spnego_indicate_mechtypelist() to compat.c
move _gss_spnego_indicate_mechtypelist() to compat.c, use the sequence
x
test more combination of spnego contexts
x
add --wrapunwrap flag
Add "windows" versions of the NegTokenInitWin and friends.
Resurect negHints for the acceptor sends first packet.
Unwrap the NTLM session key and return it to the server.
(heim_ntlm_build_ntlm1_master): calculate the ntlm version 1 "master" key.
Calculate the NTLM version 1 "master" key.
x
turn off dns, enable digest, generate all keys
catch EXIT traps
x
add back default_keytab_name
add trap, remove allow-digest, pretty print.
x
disable spnego test for now
Define GSSAPI_SPNEGO_NAME and re-add spnego
x
try using gss_accept_sec_context() on the opportunistic token instead
don't need to set GSSAPI_SPNEGO_NAME any longer
x
pass on GSS_C_CONF_FLAG and GSS_C_INTEG_FLAG, save the session master key
Move get and verify mic to the same file since they share code,
Move get and verify mic to the same file (crypto.c) since they share code.
Add NTLM_NEG_ALWAYS_SIGN.
(heim_ntlm_build_ntlm1_master): return session master key.
x
Save session master key.
move to crypto.c
add crypto bits.
revert previous that was done to krb5 mech and do it for ntlm instead.
request INT and CONF from the gss layer, test get and verify MIC.
Test get and verify MIC.
move gss_wrap/gss_unwrap here
move to crypto.c
x
remove ntlm/{,un}wrap.c, move functions to ntlm/crypto.c
Overwrite the first 4 bytes of the encrypted checksum with a random
test wrapunwrap
Implement SEAL.
split RC4 send and recv keystreams
x
x
Add sessionkey accessor functions.
x
Add NTLM_NEG_NTLM2_SESSION, NTLMv2 session security.
Add support for generating NTLM2 session security answer.
x
Add NTLM_NEG_NTLM2_SESSION, NTLMv2 session security (disable because
Set error code on wrong lm.length.
sent lm hashes, needed for NTLM2 session
x
Add key exchange (NTLM_NEG_KEYEX).
Announce that we support key exchange and add bits to detect when it
Announce that we support key exchange.
x
Leak less memory.
x
reorder to show slot here ntlmv2 code will be placed.
x
Include <.../hmac.h>.
Add ntlmv2 answer calculating functions.
add some new tests.
Build ntlmv2 answer buffer.
Don't send targetinfo now.
x
build ntlm-private.h
use top_builddir for libasn1.la
x
Test str2time_t parser.
Add test_util test program.
x
Make str2time_t parser more robust.
x
Include <limits.h>.
x
(heim_ntlm_verify_ntlm2): verify the ntlmv2 reply
Extract the infotarget from the answer.
Verify infotarget.
x
Add ntlm v2 processing, more verbose logging.
Add digest acl's
forward decl;
Parse digest acl's
Add digests acls (all)
Add digests acls (ntlm)
Add krb5_ntlm_init_get_targetinfo.
return NTLM2 targetinfo structure.
disable ntlmv2 since we can't handle wrap/unwrap
add digests_allowed
Prefix internal symbol with _kdc_.
add v2 sign and seal function (commented out, key derivation still missing).
make sure built headers are copied to the ${build_topdir}/include
x
(_krb5_mk_req_internal): use md5 for des-cbc-md4 and des-cbc-md5.
x
x
(sl_make_argv): Add quoting support (both "" and \ style).
test sl_make_argv
Add test_sl as a TEST
Include <ctype.h>.
x
Test more quoting variants.
x
catch test that should fail but didn't
x
Correct DOMAIN name
(krb5_ntlm_rep_get_sessionkey): return value is krb5_error_code
NTLMv2 sign and verify.
NTLMv2 keys.
Set dummy ntlmv2 keys and Check TI.
Set dummy ntlmv2 keys.
(_gss_ntlm_set_key): set ntlm v2 keys.
use _gss_ntlm_set_key
break out struct ntlmv2_key;
add ntlmv2 test
Return session key for the NTLMv2 case too
x
(_gss_ntlm_set_key): add signseal argument
Pass signseal argument to _gss_ntlm_set_key.
x
Remove <digest_asn.h>, its already included in headers.h
Add VisibleString parsing
x
add hxtool_hex
add hex
Document krb5_ticket_get_endtime
add krb5_ticket_get_endtime
Kx509server (external certificate genration).
Add kx509.
x
add kx509.c
add enable_kx509
code to parse [kdc]enable-kx509
Include <kx509_asn1.h>.
Listen to 9878 if kca is turned on.
Handle kx509 requests.
x
Fix caseing for case-sensitive filesystems
x
update (c)
Naive certificate signer.
Basic test of generating a pkcs10 request, signing it and verifying the chain.
Add hx509_ca_tbs and HX509_QUERY_OPTION_KU_KEYCERTSIGN.
Add HX509_QUERY_OPTION_KU_KEYCERTSIGN.
Add the sign-certificate tool.
Add _hx509_create_signature_bitstring.
Add sign-certificate tests.
x
Update (c).
x
Add --sequence=Extensions to rfc2459.
Check all other silly bitstring combinations.
Named bit strings have this horrible, disgusting, compress bits until
x
update (c)
Add KeyUsage extension.
x
add error handling
remove id-kp-OCSPSigning, its in rfc2459.asn1 now
Add id-pkix-kp oids.
x
Add --type and --pk-init-principal
Add eku, ku and san to the certificate.
test adding eku, ku and san to the certificate (https and pk-init)
x
Test dnsname and rfc822 SANs.
x
Add dnsname and rfc822 SANs.
x
Locally export _hx509_find_extension_subject_key_id.
Add Add Authority Key Identifier.
Add Subject Key Identifier.
use new OCSPSigning.
Add bits to allow issuing CA certificates.
Add bits to allow issuing self-signed and CA certificates.
test issuing self-signed and CA certificates.
x
clean test_ca files.
Split building RDN to a separate function.
make hx509_parse_name take a hx509_context.
add new error, PARSING_NAME_FAILED
Allow generation of proxy certificates.
Allow generation of proxy certificates, always include
Test generation of proxy certificates.
x
allow setting notBefore and notAfter.
add --lifetime to ca command.
Issue a long living cert.
x
(proxy_cert) make length 0
Fix test for proxy certs chain length, it was too restrictive.
regen
Allow setting path length
x
add RSA_generate_key_ex
rename DCHECK to CHECK
ChangeLog from 2006
happy new year
sprinkle const
Add/remove pac buffer functions.
test Add/remove pac buffer functions.
Add KRB5_KRBHST_KCA.
test krb5_pac_get_types
add comments, fix pac_get_types test
(krb5_pac_get_types): gettypes.
original from Brian Tung
Support all keyed checksum types.
add krb5_HEADERS to build_HEADERZ
Callbacks specific to emulating a Windows Domain Controller.
Rename the init function to windc instead of pac.
Init callbacks for emulating a Windows Domain Controller.
Call callbacks for emulating a Windows Domain Controller.
Call callbacks for emulating a Windows Domain Controller.
Include windc.c and use windc_plugin.h
Include <windc_plugin.h>.
test WinDC PAC functionallity
Include plugin in tests
x
x
Test security layer in ntlm.
only include plugin if there is a dlopen.
x
typedef for krb5_pac.
spelling
x
Get right key for PAC krbtgt verification.
log that the function is called.
test tgs-req
x
(pcert_verify): Fix format string.
(hxtool_LDADD): Add libasn1.la
x
add tests/plugin/Makefile
Check if iruserok needs a prototype.
Declare iruserok if needed, based on bug report from David Love.
fix ifdef
x
(ntlmsrc): add ntlm/ntlm-private.h
x
x
Maybe include <sys/wait.h>.
another key
pkinit specific krb5.conf
add other foo at TEST
Generate a ca, kdc cert and client cert and try to use them
Add test for pkinit with locally generated certs.
x
Try all formats on the binary file before giving up, this way we can
x
add LIB_roken for test_ntlm
x
Resign the PAC in tgsreq if we have a PAC.
export some more pac functions.
Add verification of PAC.
rename functions after export some more pac functions.
Verify PAC on server end too.
Add _kdc_windc_client_access.
Add client_access.
More comments add a client_access hook.
(_kdc_as_rep): call windc client access hook.
x
(krb5_rd_req_ctx): If there is a PAC, verify its server signature.
Make it possible to turn off PAC check, its default on.
(hx509_ca_tbs_set_proxy): allow negative pathLenConstraint to signal no limit
Spelling.
x
Scope etype.
(tgs_build_reply): check if krb5_generate_random_keyblock failes.
(_kdc_as_rep): check if krb5_generate_random_keyblock failes.
x
test explicit requested pac and explicit negative requested pac.
Check for KRB5_PADATA_PA_PAC_REQUEST to check if we should include the
x
Add --distcheck.
x
Include build (private) prototypes header files.
fix name of krb5-gss private header
Add more people.
Update (c).
Add imath_rsa_generate_key.
test RSA_generate_key_ex
x
cb_func should return 1 to have the generation code to continue.
EXTRA_DIST += krb5.conf.in
(_hx509_request_to_pkcs10): PKCS10 needs to have a subject
Add i2d_RSAPrivateKey.
add generate key commands
handle other keys the pkcs10 requested keys
Test to generate key and use them.
x
describe how to use hx509 to create certificates.
x
add missing ;
Add timeing version of the loop.
fix quoting for texinfo.
(imath_rsa_generate_key): make p > q
Add iqmp.
spelling and hx509
0.8-rc3
x
mangle my name
Replace with Marcus Brinkmann of g10 Code GmbH pkcs11 headerfile that is compatible with GPL (file taken from scute)
x
Headerfile <pkcs11.h> is now freestanding, remove pkcs11u.h.
pkcs11.h from scutle.
Add keyblinding, add a commented out CRT based RSA.
x
(issue-certificate): Allow setting serialNumber (needed for reissuing
Allow setting serialNumber (needed for reissuing certificates)
test reissueing ca certificate (xxx time validAfter).
Change --key argument to --out-key.
add hx509_ca_tbs_set_serialnumber
x
Drop most of the pkcs11 files.
remember absolute path to result-directory
Add fetch method "fetch".
add RSA_FLAG_NO_BLINDING
x
Use a larger table of small primes, cut down genenration in best cases
x
Use mp_int_exptmod directly.
Prune off stuff we don't use from imathsource
Use mp_int_compare_zero instead of "MP_SIGN(&u) == MP_NEG"
prune off stuff we dont use
x
don't include <imath/rsamath.h>
Add timing info to rsa keygen.
x
Allow testing effect of key-blinding
x
With this crt works, but something is wrong in the key generation, so
x
Fix a silly typo, and with that enable CRT since now it works.
try some more loops for check_rsa
x
Tell my the pac verification failes.
document some more options.
add --configure-flags
Make sure expression have constant value, for picky compilers.
More verbose debugging in case of assertion failure. XXX temporary for
x
Add fc_softc for AIX as ignore syms.
x
One of the hosts I sometimes uses is named "bar.domain", this make one
x
fix other place "bar" is used.
(loadlib): pass RTLD_LAZY to dlopen, without it linux is unhappy.
x
More headerfiles for iruserok prototype check.
x
Check for internal ASN1 encoder error.
(i2d_RSAPrivateKey): Fail if private key isn't complete.
(print_cred_verbose): include ticket length in the verbose output
x
Generate a no password pkcs12 file.
regen
Correct the test if the rsa is a complete RSA private key.
x
Make sure we don't sent both ENC-TS and PK-INIT pa data, no need to
x
Factor out private key operation out of the signing, operations, support import, export, and generation of private keys. Add support for writing PEM and PKCS12 files with private keys in them.
Prefix key with FILE:
x
Update to new hxtool issue-certificate usage
Test more PAC (note that the values used in this test is wrong, they
A tiny 2 char diffrence that make the code work for real.
move around to code test on real PAC.
x
copy out the key with the self signed CA cert
rename all files to PEM files, since that is what they are.
x
update (c)
(collect_private_key): Missing CKA_MODULUS is ok too (XXX why should
x
(krb5_rd_req_ctx): Use the correct keyblock when verifying the PAC.
Provide a automake symbol ENABLE_SHARED if shared libraries are built.
Only traverse into plugin if there is shared library support.
x
pass down server entry to verify_pac function, from Andrew Bartlett <abartlet at samba.org>
Pass down server entry to verify_pac function.
indent.
Spelling.
Update to validate function signature change.
x
(s_udiv): make a copy of a and b before we start to make sure there is
x
display messages.log and help that that tells us what went wrong.
Use other keys to sign with.
Add check to verify the windc module as loaded.
--verify-pac no means verify existance of PAC in ticket, the signature
x
Rename keys to be more obvious what they do.
x
add user2user test
fix --distcheck
print both "server" and "client"
x
(hx509_name_cmp): add
More validation checks.
Even more validation checks.
fix the version vs extension test
Make basicConstraints critical if this is a CA.
BasicConstraints vs criticality bit is complicated and not really
Hint about hxtool validate.
x
add data/test-nopw.p12 to EXTRA_DIST
(krb5_pac_add_buffer): unbreak buffer handling.
add ntlm-user-file.txt
add data/key2.der
(krb5_rd_safe): set length before trying to allocate data
x
add ntlm-user-file.txt
(s_udiv): Allocate one more for q, remove debug printfs
x
remove more debug stuff from s_udiv
macro kcrypto_oid_enc now longer used
MCC_CURSOR not used, remove.
Avoid shadowing.
remove no longer used stuff, move set_digest_alg here from cms.c since
move _hx509_set_digest_alg from cms.c to crypto.c since its only used there.
make printinfo char * argument const.
constify
constify
remove files created by tests
x
remove install headerfiles
spelling
Use more interesting data to cause more errors.
remove files created by tests
remove install headerfiles
x
Start of a x.509 manual.
Add hx509 manual
More about issuing certificates.
x
more about certificates
Update to imath-1.8 from Michael Fromberger
x
if RAND is unhappy, don't run the tests.
(info): print status of random generator
no random, no RSA/DH tests
Add PKIXXmppAddr and id-pkix-on-xmppAddr.
Print id-pkix-on-xmppAddr OtherName.
(hx509_ca_tbs_add_san_jid): Allow adding id-pkix-on-xmppAddr OtherName.
(certificate-sign): add --jid
(eval_types): add jid if user gave one
test issue cert with jid
add Application requirements and write about xmpp/jabber.
x
More about jabber and application certs in general.
update (c)
Try harder to call res_ndestroy().
x
Allow setting parameters to private key generation.
x
test email, null subject dn
Check there is a SAN if subject DN is NULL.
Fix previous test.
Don't issue certs with subject DN that is NULL and have no SANs
x
key-value pair help functions
add hx509_name_expand
test name expansion
less printing
update (c)
x
add hx509_env
Remove abort, add error handling.
add env.c
(hx509_ca_tbs_add_eku): filter out dups
Add type email and add email eku when using option --email.
More about certificates.
update (c)
x
update LICENSE
Export more stuff from certificate.
Add certificate template processing. Fix return messages from
Add certificate template processing.
Add certificate template processing, fix hx509_err usage.
clean out new files
Add template flags.
test template handling
About extending ca lifetime and sub cas.
Examples for pk-init.
x
x
(hx509_name_expand): if env is NULL, return directly
(hx509_ca_tbs_subject_expand): new function.
(_kdc_find_padata): if there is not padata, there is nothing find.
add kx509 config
Parse kx509/kca configuration.
Issue certificates.
(hx509_cert_binary): return binary encoded certificate (DER format)
(store_func): use hx509_cert_binary
(hx509_cms_create_signed_1): use hx509_cert_binary
x
x
tell me about certifiate that we have generated
x
Use = instead of ==, make solaris more happy.
Use test instead of [.
(krb5_rd_req_ctx): The code failed to consider the enc_tkt_in_skey
Use argument as principal if passed an argument. Bug report from
x
Detect NTLM.
x
Glue to catch the error from the lower gss-api layer and save that for
Protoypes for _gss_mg_.
Don't include the NUL in the length of the string.
(gss_display_status): use _gss_mg_get_error to fetch the error from
sprinkel _gss_mg_error
PKIX rfcs
mechsrc += mech/context.c
Add id-at-streetAddress.
x
Add STREET.
make cvs keep quiet
Revert previous, the PAC should always be verified using o->keyblock,
Proper sentence.
Don't assume display_string is truncated with NUL.
Set num of bits before we generate the key.
x
Many, many, other update to code and info manual and manual pages.
x
Add fortuna based on Marko Kreen s pgcrypt, no enabled yet
add Marko Kreen
check for arc4random
x
Spelling and more about proxy certificates.
x
(_mg_buffer_zero): new macro that zaps a gss_buffer_t
Reset out variables using propper macros.
Reset out variables.
Reset out variables using propper macros.
Reset out variables.
Reset out variables.
Reset out variables.
x
Reset out variables.
Zero out outbuffer on failure.
Reset out variables.
Reset out variables, fix memory leak.
Reset out variables.
Fix reset out variables.
Reset variables.
Reset out variables.
Check in variable.
Reset out variables.
add --cvs-branch
0.9pre
x
x
Don't assume bufer from gss_display_status is ok.
x
(krb5_sendto): zero out receive buffer.
update version number and remove depenency on libvers for libraries
Fix makefile problem.
x
fix mdoc errors
x
Add an extra variable for roken, LIBADD, that should be used for
its LIBADD_roken (and shouldn't really exist, our libtool usage it broken)
use LIBADD_roken
drop remove that is no longer used
drop rm that is no longer used
save log, wait longer
x
Don't use C99 syntax.
x
Really test sub-ca code, add basic constraints tests
x
add EGD/PRNGD support
x
Implement RAND_load_file and RAND_write_file.
expose _hc_rand_unix_status
expose _hc_rand_unix_status and the internal RAND_METHODs
x
Allow select rand method.
x
add branchname to branches
spelling
Add BAD_CHARACTER error.
Check for NUL characters in string and return ASN1_BAD_CHARACTER
Test for NUL char in string in GENERAL STRING.
x
check BMPstring oddlength more
switch to sha256 as default digest for signinging
x
x
SGI cc doesn' like return void_returning_function(); in a void
x
add basic random tests
x
access private functions though the RAND_METHOD switch, don't truncate
Unexport internal functions.
unexport private functions.
access private functions though the RAND_METHOD switch
access private functions though the RAND_METHOD switch, move global
clean more files
x
Fix sha2 oids.
x
Add krb5_data_cmp.
Document krb5_data_cmp.
Add Kerberos RFC 3961 PRF functions.
Add MIT glue for Kerberos RFC 3961 PRF functions.
Basic test of prf.
Add hook for gm_pseudo_random.
Add gss_pseudo_random.
try to load pseudo_random
Add mech/gss_pseudo_random.c
x
add KG_INPUT_TOO_LONG
Checks for gss_pseudo_random.
gss_pseudo_random for krb5
Add krb5/prf.c
Catch error from underlaying mech on failure.
(krb5_mech): add _gsskrb5_pseudo_random
x
constrain desired_output_len
x
revert 1.75: (init_auth): only turn on GSS_C_CONF_FLAG and
x
update (c)
Always use the RAND_ interface now that hcrypto provides it.
add RAND_file_name
Provide dummy implementation of RAND_file_name.
x
test RAND_file_name().
Implement RAND_file_name.
x
Try to help how to use this command.
x
add CRLDistributionPoints and friends
No need to include <gssapi.h>.
x
split out the error printing function and try to return better errors
x
(is_proxy_cert): free info if we wont return it.
indent
build heimntlm-protos.h
Use right printf formater.
x
don't verify identifier in CHAP, its the client that chooses it.
x
(RAND_write_file): default to failure.
Make get_bytes static.
x
Make hx509.info too
(hx509_general_name_unparse): function for unparsing GeneralName, only
Check CRLDistributionPointNames.
x
Code to set CRLDistributionPoints in certificates.
x
add ca --crl-uri
Add ca --crl-uri.
Add test for ca --crl-uri.
x
seq rules for CRLDistributionPoints
x
Set hdb->hdb_db for ldap.
update (c)
Add support for MS-CHAP v2.
New functions to send in requestResponse to KDC and get status of the request.
Add elements to send in requestResponse to KDC and get status of the request.
x
Check the digest response in the KDC.
Negative check too.
Better logging and return status = FALSE when checksum doesn't match.
Print status instead of response.
add --client-response
x
Name the random file ~/.rnd, this is the same as OpenSSL.
x
Don't restrict the type.
x
Drop unused variable.
First version from kllin.
Set client nonce if avaible, from Klas.
Use right size, from Klas Lindfors.
x
x
rename hash-a1 to session key
print rsp if there is one, from Klas.
Add get_master from RFC 3079 3.4 for MS-CHAP-V2
rename hash-a1 to session key
Print session key if there is one.
Fix ms-chap-v2 mutual response auth code.
Fix ms-chap-v2 get_masterkey
x
allow ms-chap-v2
Test ms-chap-v2 (client response, server response, session key)
Add support for ms-chap-v2 client.
Remove debug output.
x
update (c)
sleep more to see if this catches the race
add printing of SubjectKeyIdentifier and AuthorityKeyIdentifier
Fix printing and plug leak-on-error.
x
Use less printf. Use hx509_general_name_unparse.
(hx509_general_name_unparse): unparse the other GeneralName nametypes.
x
Heimntlm and digest subsystem.
hcrypto.
Support detached sigatures.
Flag to generate detached signatures.
Add flags to generate detached signatures.
Add options to generate detached signatures.
Allow mapping using heim_octet_string.
pass extra flags for detached signatures.
x
Add some more \n's.
x
fill in more bits of id-pkinit-ms-san
add id-pkinit-ms-eku
x
add asn1_id_pkinit_ms_eku.x
Disable CRLDistributionPoints for now, its IMPLICIT code in the asn1 parser.
Disable CRLDistributionPoints test for now.
x
(test_uint16): unsigned ints can't be negative
x
Plug memory leak, from Michael B Allen.
Try to leak less memory in the failure case.
Explain why we don't destroy the ccache.
x
use diffrent port, 49188, and hope that it isnt used, help on solaris where the help services runs on port 8888
use @port@ as port
Drop one over INT_MAX test-case.
x
Spelling, from Guido Guenther
(krb5_kt_get_entry): Use krb5_kt_get_full_name to print out the keytab name.
Be better att clearing error string.
Be better at setting and clearing error string.
x
prune trailing space
Heimdal is coverted by this license (among others).
Make work again.
ldap test, inspired from the samba ldb tests
x
Add KRB5_PRINCIPAL_PARSE_ENTERPRISE.
Add support for parsing enterprise-names.
test parsing enterprise-names.
Add EXTRACT_TICKET_* flags.
Use EXTRACT_TICKET_* flags.
(krb5_get_init_creds_opt_set_canonicalize): new function.
Use EXTRACT_TICKET_* flags, support canonicalize.
Add canonicalize flag.
x
Add link for gsskrb5_register_acceptor_identity.
Stop overwriting cmd.
x
x
update(c)
add simple alias support to the database backends
add support to get aliases
x
add setting and displaying aliases
x
Add HDB_F_CANON.
Pass down canonicalize request to hdb layer, sign client referrals.
switch some "return ret" to "goto out".
Verify client referral data.
add KRB5_KU_CANONICALIZED_NAMES.
Add PA-ClientCanonicalized and friends.
x
add tests/ldap/Makefile.am
Add PA-ClientCanonicalized and friends.
add check-referral
add ldap
x
x
Don't check PACs on cross realm requests.
(find_pa_data): if there is no list, there is no entry.
x
(kcm_ccache_new_client): Cast snprintf'ed value.
x
Small fixes, from David Love.
x
merge all flags into one entity
use the new merged flags field.
use the new merged flags field.
x
Only check service key for cross realm PACs.
document new options.
x
(propagate_database): on any failure, drop the connection to the peer
x
Select a session enctype from the list of the crypto systems supported
x
Create the PAC element in the same order as w2k3,
Fix (string const and shadow) warnings, from metze.
Make handling of replying e_data more generic, from metze.
KRB5KDC_ERR_PREAUTH_FAILED is also a password failed.
Return the same error codes as a windows KDC.
Add support for adding a random key enctype to a principal.
Add new command, add_enctype.
test new kadmin add_enctype functionallity
x
document kadmin add_enctype functionallity.
x
update(c)
x
darwin supports native pthreads.
Allow trailing NULs. We allow this since MIT Kerberos sends an strings
spelling.
x
(kadm5_s_get_principal): use right context
mdoc fixes
Tell what principal we are not finding for all KRB5_CC_NOTFOUND.
add PAC_CONSTRAINED_DELEGATION
Set error strings.
clear error string.
clear error strings
Set error string.
indent.
Add $Id$ tag.
x
- options must be lexicographically ordered; again, options without
- options must be lexicographically ordered; again, options without
x
drop test for broken getnameinfo, that old aix is no longer relevant.
x
Spelling, from raga <raga at comcast.net> via Bjorn Sandell.
x
Use heimdal-bugs at h5l.se.
(gss_krb5_set_allowable_enctypes): use the length of the array passed
(gsskrb5_cred): add list of supported enctypes.
Implement GSS_KRB5_SET_ALLOWABLE_ENCTYPES_X.
Add hideous glue for (NFS) clients that wants to limit the available
Free list of limit enctypes if there is one.
spelling
Add randi.h.
x
Test if commit mail works
spelling, from Jason McIntyre
x
x
x
add test_common.h
x
x
add slapd-init.in
remove extra ^Q
x
CLEANFILES += test.file
x
CLEANFILES += cert-null.pem cert-sub-ca2.pem
CLEANFILES += sdigest-init
x
switch to svn
x
x
(gss_acquire_cred): dont init cred->gc_mc every time in the loop.
basic tests that might require a KDC.
add check-basic
use this test as part of the regression suite.
Need to import spnego name before we can use it as a gss_name_t.
x
More tests for trailing NULs.
test more combinations of NUL
Try to be more correct and don't fall off the end. Pointed out by
plug memory leak
x
include packages/mac and all related files
all done by make dist now
x
reimplement gss_krb5_ccache_name
refactor code, implement GSS_KRB5_CCACHE_NAME_X
add GSS_KRB5_CCACHE_NAME_X
add lib/gssapi/krb5/external.c
add more test options.
test_acquire_cred need test_common.[ch]
more gss_acquire_cred tests
x
x
write the sizeof(arr)/sizeof(arr[0]) on the common form.
(test_cipher): avoid leaking memory
(mem_getkeys): allocate one more the we have elements so its possible
(hxtool_ca): free cert
(hxtool_ca): free SPKI
(hxtool_ca): free subject name
(get_AuthorityKeyIdentifier): leak less memory
(crypto_available): free peer too.
(hxtool_ca): free signer
x
free private key and tbs
(mem_free): free key array too
x
free template
x
check if ld supports --version-script
test rk_VERSIONSCRIPT
x
add version script if ld supports it
x
svn:keywords
svn:keywords
export more symbols.
x
(test_heim_oid_format_same): avoid leaking memory in the non failure case too
x
basic imath test
add test_imath
shortest program causing the problem.
fix warnings, make test into function.
x
stop leaking memory
(crypto_select): only free peer if it was used.
(hx509_peer_info_free): free memory used too
x
delete sec context when done.
don't check size since that currently leaks memory
(pk_rd_pa_reply_dh): free content-type when done.
x
(_krb5_get_init_creds_opt_free_pkinit): remember to free memory too.
(main): free the message when done with it.
x
list all exported symbols explicitly, tag all other symbols as local.
drop gss_*
changes in 0.8.1
add missing ;
add more kerberos symbols
libgssapi_la_OBJECTS depends on version-script.map
Call out to Heimdal's krb5.conf processing to configure many aspects
Unconfuse newer versions of automake that doesn't know the diffrence
x
make encoding function independent of krb4 and krb5, enable removal of krb4
x
revert 20447, it doesnt pass the regression tests, exports too much
Drop kerberos 4 support.
remove code that depend on kerberos 4 library
x
remove code that depend on kerberos 4 library
x
try generate a couple of rsa keys of diffrent (random) sizes.
try generate a couple of rsa keys of diffrent (random) sizes,
x
ignore built files
ignore built files
rename des to hcrypto
ignore built files
rename des to hcrypto
x
First, it allows root to ignore the
fix warning.
make compile again.
x
Add version-script.map to EXTRA_DIST.
x
move where hash is calculated to make it easier to add ccache support.
x
add version script for hcrypto too
x
heimdal in next major release.
Add dependency on slc-gram.h for slc-lex.c, breaks in disttree with make -j
x
(kcm_ccache_new_client): make root be able to pass the name
Switch oid to one that is exported.
x
x
secretly export _gsskrb5cfx_
switch password for a key
free the key stored in the context
x
(krb5_store_creds_tag): use session.keytype to determine if to send
x
make kstash quiet
kadmin now parses kdc.conf
x
(krb5_cc_retrieve_cred): document what to free 'cred' with.
(krb5_cc_retrieve_cred): document what to free 'cred' with.
x
Add heimntlm when we use gssapi.
indent, bugs fixes
x
test ntlm client credentials code.
Add check-ntlm.
(get_user_ccache): pick up the ntlm creds from the krb5 credential cache.
x
add new option --hidden that doesn't display principal that starts with @
Add --ntlm-domain that store the ntlm cred for this domain if the
ntlm-key credential entry is prefix with @
x
depend on libheimntlm
symbol versioning.
add versionscript
x
x
x
x
rename des to hcrypto
(krb5_store_creds_tag): use session.keytype to determine if to send
x
Make the default configuration fetch info from the krb5.conf.
Use krb5_kdc_get_config and just fill in what the users wanted differently.
x
Forward declaration for struct hdb_dbinfo;
Add and test dbinfo.
basic testing for dbinfo
x
x
spelling
(krb5_get_init_creds_opt_get_error): correct the order of the
x
(check_seq): free seq.
x
(crypto_select): stop memory leak
x
version script for libkdc
version script for libkdc
(_gss_ntlm_delete_sec_context): free credcache when done
x
x
x
x
move to text, thanks gk
rename windc_init to krb5_kdc_windc_init
x
Handle the case of resize to 0 and realloc that returns NULL.
x
make sure services.append is distributed
Add etc/Makefile.
SUBDIRS += etc
x
Add malloc paranoid, it shouldn't matter if sizeof(uint{32,16}_t) is 4,2.
ignore Makefile.in
Add longer example.
x
add acl file
test acl file
(hdb_get_dbinfo) If there are no database specified, create one and
x
spelling and fixes problems, pointed out by Hai Zaar.
split out backend ntlm server processing
add ntlm/digest.c
x
Reimplement.
drop unused variable.
(kadm5_log_previous): document assumptions and make less broken.
x
Fix ksetup /SetComputerPassword, from Ronny Blomme
x
spelling, from Ronny Blomme
spelling, from Ronny Blomme
(last_version): print last version of the log.
new command last-version: print last version of the log.
try iprop-log commands.
x
Document last-version.
x
clean more files.
make it slightly more working.
(iprop_replay): create the database with more liberal mode.
Add default values to make this working again.
x
try replay
use a non default log_file
Remove comment.
Write log entry after store is successful.
Write log entry after store is successful.
indent.
Write log entry after store is successful.
Write log entry after store is successful.
Write log entry after store is successful, rename out goto statments.
x
check in /usr/lib/openldap too for slapd and slapadd
One more test.
x
reimplement
make ntlm gss_inquire_cred fail for now, need to find default cred and friends.
(gss_inquire_cred*): wrap the name with a spnego_name.
more correct tests
test using test_kcred
(add_builtin): ok for __gss_mech_initialize() to return NULL
dont keep track of gc_usage, just figure it out at gss_inquire_cred() time
x
Fix copy and paste error, bug spotted by from Phil Fisher.
x
Salting is really Encryption types and salting.
Salting is really Encryption types and salting.
Fill in all of the variables if they are passed in. Pointed out by Phil Fisher.
x
Do recursive call to rk_fnmatch
we have a fnmatch.h only if there is a working implementation and a
x
Add some more hashes.
Add some US Fed PKI oids.
add U.S. Federal PKI Common Policy Framework
add U.S. Federal PKI Common Policy Framework
x
x
add pk-init command
modify --pkinit-acl
x
try principal subject in DB
x
Add VIOCSETTOK2
x
one more pkcs12-pbe-s2k check
x
Try both the empty password and the NULL password (nothing vs the
Netscape extentions
Netscape extentions
add Netscape cert comment
x
There is a diffrence between the no password string and the empty
test the difference between "" and NULL password.
x
(hx509_cms_create_signed_1): if no eContentType is given, use pkcs7-data.
test crypto command
add test-crypto command
x
Indent.
x
Add struct units; as a forward declaration. Pointed out by Marcus Watts.
x
add more mechtypes
x
Fix version number of ticket, it should be 5 not the kvno.
update ms urls, from David Love.
x
switched MIN to min to make compile on solaris.
x
Set session key only if we are returned a session key.
x
(krb5_crypto_overhead): return static overhead of encryption.
x
document krb5_crypto_overhead
Drop the gss oid_set function for the krb5 mech, use the mech glue
Use gss oid_set functions from mechglue
Allow matching by MS UPN SAN, note that this delta doesn't deal with
x
remove more files
x
more testing of lifetimes
Spelling.
x
catch failures from _krb5_principalname2krb5_principal
Catch errors and return the up the stack.
x
Fix warning.
Add wrapping to ContentInfo wrapping to COMPAT_WIN2K.
Add HX509_SELECT_SECRET_ENC.
Force des3 for win2k.
Add selection code for secret key crypto.
hook for testing secrety key algs
x
Don't prefix all symbols with _
x
Add asn1_id_ms_cert_enroll_domaincontroller.x
id-ms-cert-enroll-domaincontroller
add ca --domain-controller
Add hx509_ca_tbs_set_domaincontroller.
add ca --domain-controller option, add secret key option to avaible.
test windows stuff
test windows stuff
check for aes256-cbc
check for aes256-cbc
x
Resurect killed e.
Add hx509_ca_tbs_add_san_ms_upn and refactor code.
add --ms-upn and add more EKU's for pk-init client.
Add ca --ms-upn.
(hx509_crypto_select): copy AI to the right place.
create windows client certificate
make ca and alias of certificate-sign
x
Fix printing of CRL DPnames (I hate IMPLICIT encoded structures).
Do evil things to handle IMPLICIT encoded structures.
add asn1_id_ms_client_authentication.x
Readd the crl adding code, it works (somewhat) now.
Add glue for adding CRL dps.
x
Printf formating.
Also add a KRB5_PADATA_PK_AS_REQ_WIN for windows pk-init (-9) to make MIT clients happy.
x
More logging for pk-init client mismatch.
x
W2K tests.
generate a krb5-pkinit-win.conf
x
Add missing REVOCATION_STATUS_UNAVAILABLE and fix error message for CLIENT_NAME_MISMATCH.
If _kdc_pk_check_client failes, bail out directly and hand the error back to the client.
add MS-UPN-SAN
add MS-UPN-SAN
x
Add crl-uri for the ee certs.
x
Handle the ms san in a propper way, still cheat with the realm name.
Try pkinit in w2k mode, also add tests for MS SAN.
Also add some secret key encryption types to the supported list.
update supported algs
Allow turning off sending trustedCertifiers in the request.
Give an minor_status argument to gss_release_oid_set.
Use the return value before is overwritten by later calls.
x
add some more people.
New snapshot for Michael Fromberger, lets see if this corrupts memory
add error 68, WRONG_REALM
Fix windows client cert name.
print utf8 type SAN's
x
New snapshot for Michael Fromberger, lets see if this corrupts memory
x
(main): also fclose yyin.
x
(hx509_ca_tbs_add_crl_dp_uri): plug memory leak
x
plug memory leak
Statistics printing.
Add statistics hook.
Update _hx509_collector_alloc prototype.
Update _hx509_collector_alloc prototype.
Update _hx509_collector_alloc prototype.
Add statistic hook.
(_hx509_collector_alloc): return error code instead of pointer.
Add stat and objdir.
sprinle stat saveing
x
turn on stat collecting
If there are no querystat file, whine.
Add querystat to hx509_context.
Sort and print more info.
(hx509_certs_find): collects stats for queries.
x
Indent.
Provide default AlgorithmIdentifier.
Provide default AlgorithmIdentifier and use them.
Use default AlgorithmIdentifier.
Use default AlgorithmIdentifier.
Switched default types.
Switched default types.
clean crl.crl
Support to generate an empty CRL.
Add crl-sign commands.
Add hx509_crl.
Sign CRL command.
Create crl and verify that is works.
x
Set keyex flag and calculate session key.
If we didn't set session key, don't expect one back.
Test both with and without keyex.
New command ocsp-verify.
New command ocsp-verify, check if ocsp contains all certs and are
New error code, CERT_NOT_IN_OCSP
(hx509_ocsp_verify): explain what its useful for and provide sane error message.
test ocsp-verify
x
x
In case of OCSP verification failure, referash every 5 min. In case of
x
Plug memory leak.
x
Make free functions free memory.
try free some more.
free some more memory
infotarget
free some more memory
free some more memory
Free memory diffrently.
x
(hx509_context_free): free querystat
x
Don't try to load gmp module.
x
really, don't load random methods from non existing engine.
(crl_sign): free lock
x
Some test about CRLs and OCSP.
Try to find ABR in mp_int_mul.
x
drop text about enctypes.
x
Simple blob about publishing CRLs.
(test_authenticator): free memory
Fix hx509_set_error_string calls, add hx509_crl_add_revoked_certs(),
(certificate_copy): free lock
(der_parse_hex_heim_integer): check length before reading data.
more check for der_parse_hex_heim_integer
plug memory leaks.
plug memory leak.
plug memory leaks.
plug memory leaks.
plug memory leaks.
argument is certificates.. for crl-sign
Add revoking certs.
More crl checks.
Add lifetime to crls.
Add lifetime to crls.
Add lifetime to crls.
x
new update from Michael Fromberger
Close asn1 file while done.
x
x
fclose file, not string.
Also free right memory.
x
Don't accect zero length hex numbers.
x
Free more memory.
x
(free_environment): free result of read_environment().
(free_environment): free result of read_environment().
(free_environment): free result of read_environment().
Free environment.
x
(hash_test): free result.
(hx509_crl_*): fix sizeof() mistakes to fix memory corruption.
x
One more crl-sign example.
Indent crl-sign.
x
x
(digest ntlm): provide log entires by setting ret to an error.
x
Use stdout from uu_server.
Print status to stdout.
x
Free memory when done.
Reset name before parsing it.
Reset name before parsing it.
Reset name before parsing it.
test for -framework Security
x
use test for -framework Security
Certificate only KeyChain backend.
Use right element out of the CHOICE for printableString and utf8String
(quote_string): don't sign extend the (signed) char to avoid printing
x
x
Leak less memory, use functions that does same but more.
Leak less memory.
Leak less memory.
x
Print certificate with utf8.
x
Add ks_keychain.c and related libs.
register the NULL keystore.
Register NULL and KEYCHAIN.
Set subject DN to Windows-CA for the ca cert.
Add cRLSign to CA certs.
Default path-length to -1.
Whine if its a non CA/proxy and doesn't have CRL DP.
Use selfsigned for CRL DP whine, tell if its a self-signed.
Check that the self-signed cert is really self-signed.
(store_func): free whole CertBag, not just the data part.
Fix status string.
(hx509_certs_merge): its ok to merge in the NULL set of certs.
(hx509_get_error_string): if the error code is not the one we expect,
Remove err(), remove extra empty comment, fix _iter function.
Add concept of default_trust_anchors.
Read in and use default trust anchors if they exists.
(verify): Friendlier error message.
Allow opening a specific chain, making "system" special and be the
x
x
Prefix rsa method with p11_
Find and attach private key (does not provide operations yet though).
include -framework Security specific header files after #ifdef
Limit the searches to the selected keychain.
x
Provide rsa signatures.
When we are not using pkcs7-data, avoid seing signedAttributes since
Use oid_id_pkcs7_data for pkinit-9 encKey reply to match windows DC
x
Make sure the gethostname() returned string is NUL terminated.
Disable KEYCHAIN for now, its slow.
x
add wcrl.crl
Create crl, because everyone needs one.
Use _hx509_crypto_default_sig_alg.
Add cms-create-sd --peer-alg.
Merge init of hx509_peer_info structure and allow it for cms-create-sd.
(hx509_cms_create_signed_1): Use hx509_peer_info to select the
Make free function return void.
(rsa_create_signature): make oid_id_pkcs1_rsaEncryption mean
Test cms peer-alg.
x
(_kdc_pk_rd_padata): Try to log what went wrong.
(_kdc_pk_rd_padata): accept both pkcs-7 and pkauthdata as the signeddata oid
x
rename functions, leaks less memory and more paranoia.
x
(krb5_kdc_process*): dont update _kdc_time automagicly.
Update kdc time.
(krb5_kdc_save_request): save request to file.
Option to save the request to disk.
Pick up request_log from [kdc]kdc-request-log.
Replay kdc messages to the KDC library.
Add kdc-replay.
extern for request_log.
x
Save asn1 class, type and tag of the reply if there is one. Used to
verify reply by checking asn1 class, type and tag of the reply if
Move up krb5_kdc_save_request so we can catch the reply data too.
Remove out2, no longer used.
Push down the kdc time into the x509 library.
x
Add check for key lengths for known enctypes for all principals.
Add --[version|help].
x
pre-canned requests from older versions and other implementations
SUBDIRS += can
add tests/can/Makefile
x
Disable, needs more fixing.
Also update krb5_context view of what the time is.
Fixed problem, enable again.
Don't need to start a kdc for this test.
x
Apple Tiger 10.4/MIT Kerberos 1.4
x
Update.
Update.
add new symbols
If there is no default dbname, also check for unset mkey_file and set
x
Require the raw key have the correct size and do away with the
x
export _hc_DES_ipfp_test
x
Build library libhctest.la for testing and link with that when testing.
Unexport _hc_DES_ipfp_test now there is a separate test lib.
Pick up the right generated krb5.conf (spelling).
Create specific configurtion files for some tests.
Add mit-pkinit test.
mit pkinit-9 request
x
ignore Makefile.in
Catch error from kadmin.
Simplify error reporting.
x
Break out loading of mappings file to a separate function and remove
x
Include more ui.[ch] in libbctest.
x
Add more items.
use "roken.h" consitantly
revert 21003
use "roken.h" consitantly
x
(print-distdir): print name of dist
x
More files we want in the dist.
unbreak.
More files in EXTRA
Add test_windows.in.
Add data/j.pem.
x
Clean up more cruft.
x
remove trailing \
x
EXTRA_DIST += version-script.map.
EXTRA_DIST += version-script.map.
x
More cmp checks.
Make krb5-types.h nodist_include_HEADERS.
Add heimdal-lorikeet target distdir-in-tree
simplify
remove cvs ignore files
x
don't clean yacc/lex files in CLEANFILES, maintainers clean will do that for us.
don't clean yacc/lex files in CLEANFILES, maintainers clean will do that for us.
don't clean yacc/lex files in CLEANFILES, maintainers clean will do that for us.
don't clean yacc/lex files in CLEANFILES, maintainers clean will do that for us.
x
Check is there is a working db backend here.
x
(_gss_spnego_display_name): if input_name is null, fail.
(kdc_destroy): free context when done, pointed out by Rafal Malinowski.
(kdc_alloc): free memory on failure, pointed out by Rafal Malinowski.
x
Check for KRB5-PADATA-PK-AS-09-BINDING. Constify.
Constify.
Constify.
x
(test_BN_rand): skip this test if there is no random device
Test for random device.
Test for random device before running the tests.
x
Add <rand.h>.
Add some more as-req canon tests, add disable tgs-req tests.
x
Some new error codes from RFC 4120.
Tell use what the messages.log told us.
Test renaming a user.
Also test rename user to anther realm.
x
(krb5_rd_error): make indata const.
Add hooks for processing the reply from the server.
Update prototype.
Add sendto hooks and opaque structure.
Use krb5_sendto_context to talk to KDC.
(_krb5_kdc_retry): check if the whole process needs to restart or just
use krb5_sendto_context to talk to the KDC.
update (c)
x
Change logic for default trust anchors, make it be either default
Add refcounting to keystores.
x
Fix logic for allow_default_trust_anchors
x
Test quoteing.
Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
Make no-quote mean replace strange chars with space.
Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY.
Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY.
Use KRB5_PRINCIPAL_UNPARSE_DISPLAY, this is not ment for machine consumption.
x
Use ctx->gssflags for flags.
Set ref to 1 for the new object.
x
Implement trust anchor support with SecTrustCopyAnchorCertificates.
Now that KEYCHAIN:system-anchors is fast again, use that.
x
Add hx509_cert_init_data and use everywhere
x
tell user when they got a pk-init request with pkinit disabled.
Make the pkinit nonce signed (like the kerberos nonce).
x
Fix testcase for unparse_display.
Commit workaround for LH (disabled).
Add KRB5-AUTHDATA-INITIAL-VERIFIED-CAS.
x
Drop ad-initial-verified-cas.
Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.
x
Introduce subtypes.
Add hc_RAND_timer_method.
Pick up timing diffrences in the timeing info from realtime timer,
Fall back to gattering data from timer and secret files, this is
Provide timer prototypes.
add rand-timer.c
x
Use /etc/shadow, not /dev/shadow, pointed out by Andrew Bartlett
x
(_kdc_db_fetch): set error string for failures.
Unknown suppression in runtime link editor
x
(pk_rd_pa_reply_enckey): simplify handling of content data (and avoid
export get_dbinfo as krb5_kdc_set_dbinfo and call from users. This to allows libkdc users to to specify their own databases
x
More logging for ntlm v2 digest hash mismatch case.
provide better error string for the common failure case.
Remove printing of ntlmv2 hash, was running wrong version of the kdc.
more supressions in runtime link editors
(makedir-in-tree): depend on INFO_DEPS.
x
spoon feed kadmin diffrently
(sl_make_argv): use memmove since we are dealing with overlapping strings.
Init data to something.
Merge from samba config.
x
Free memory in error case, found by beam.
Handle cred_name being NULL.
Handle mech_type being NULL.
Free memory in failure case, found by beam.
Init get_mic to 0.
Set *minor_status unconditionallty, its done later anyway.
(_gsskrb5_pseudo_random): add missing break.
(decrypt_internal_derived): make sure length is longer then confounder
Host is static memory, don't free.
(get_reply_key*): don't expose freed memory
(_krb5_pk_load_id): fail directoy for first calloc.
Don't expose free pointer.
(verify_checksum): memset cksum to avoid using pointer from stack.
Don't expose freed pointer.
Free memory in failure case.
x
Free memory in failure case.
Avoid useing freed memory.
Fail if not finding iv.
Pass in pointer to strlen().
x
x
x
free memory on failure, don't operate on NULL.
make compile.
x
make compile
Provide __attribute__ for _hx509_abort.
x
Avoid reusing i.
Avoid stomping on NULL.
Remove unused assert.
Leak less memory.
Avoid stoping unrelated memory.
Set proxy port to 0 to unconfuse BEAM.
x
x
Unbugger, really.
more cert and keyset tests.
add test_cert
Shorter backtrace for runtime link editor ld warnings.
readline seems strange, try diffrent way to setup the database.
x
Remove extra \n.
Add content-type.
Implement --content-type.
test --content-type.
Also print NULL:
x
Unify parse_oid code.
x
Windows likes little endian, so lets use that.
Added peap-server for to make windows peap clients happy.
x
Make compile again.
x
If not root and not setuid, print warning.
x
Factor out fetching of password and move it to the code that uses
remove newline.
Add --enable-developer and make it cause -Werror to be included.
move down rk_WFLAGS
Fixed memory leak pointed out by Rafal Malinowski, also while here
Only wrap the delegated cred if we are going to return it to the consumer.
Only wrap the delegated cred if we got a delegated mech cred.
x
Test heim_ntlm_calculate_ntlm2_sess_resp from Puneet Mehra.
Test heim_ntlm_calculate_ntlm2_sess_resp from Puneet Mehra.
Add heim_ntlm_calculate_ntlm2_sess_resp from Puneet Mehra.
(heim_ntlm_ntlmv2_key): target should be uppercase.
Merge in changes from Puneet Mehra and make work again.
Its ok if infotarget2 length is longer.
x
Reseed the random generator now and then from external sources.
x
Default to fortuna due to weired /dev/*random that failes to deliver
x
update (c)
update (c)
Change prototype to match other heim_ntlm_calculate functions.
heim_ntlm_calculate_ntlm2_sess_resp
drop _resp
drop _resp
Use heim_ntlm_calculate_ntlm2_sess.
x
0.9rc1
Catch return value from krb5_program_setup. From Steven Luo.
x
0.9pre
0.9rc1
0.9pre
fix symbol name
Make copies of the mechname if there is no canonical name. Also don't
catch error (and ignore it)
x
(acquire_acceptor_cred): don't claim everything is well on failure.
move ksetpag after initgroups to make it work on Linux when its without syscall hooks to change sys_setgroups preserve the pag. From abo
x
provide prototype for sec_userok().
if no mech have no session, its ok, just don't call it.
x
x
Add mattiasa, abo, phil and sort
(AcquirePKInitCreds): fail more gracefully
x
x
Add KRB5_PRINCIPAL_UNPARSE_DISPLAY.
x
x
Make sure src_name is always set to GSS_C_NO_NAME when returning.
x
Handle underlaying mech not returning mn.
x
Handle underlaying mech not returning mn.
x
Return an error message instead of dropping the packet for more
x
Wrap name in a spnego_name instead of just a copy of the underlaying object.
(gss_display_name): no name -> fail. From Rafal Malinswski.
x
make compile.
Provide message for GSS_S_COMPLETE.
If the canned string is "", its no use to the user, make it fall back
x
Implement _gss_ntlm_inquire_cred.
x
Add KRB5_GC_CONSTRAINED_DELEGATION.
(krb5_get_creds): if KRB5_GC_CONSTRAINED_DELEGATION is set, set both
(krb5_parse_nametype): parse nametype and return their integer values.
Document krb5_parse_nametype.
Set KRB5_GC_CONSTRAINED_DELEGATION and parse nametypes.
x
Don't check PAC on cross realm for now.
x
disable anonyous tgs requests
x
Drop unused variable.
disable dns canon on test, break on some buildfarm hosts.
x
(match_general_name): more strict rfc822Name matching.
Add HX509_CMS_SIGATURE_ID_NAME, use subject name for CMS.Identifier.
Implement and use HX509_CMS_SIGATURE_ID_NAME.
Use HX509_CMS_SIGATURE_ID_NAME.
add cms-create-sd --id-by-name
Adapt to hx509_verify_hostname change.
x
Test --id-by-name.
x
Verify hostname and test max-depth.
Verify hostname and max-depth.
add --hostname add --max-depth
fixate HX509_HN_HOSTNAME at 0.
test max-depth.
test --hostname.
x
Limited exported symbols.
x
Add version script.
x
(nametypes) += static const.
rename pkinit_princ_in_cert
rename pkinit_princ_in_cert and add pkinit_require_binding
rename pkinit_princ_in_cert and add pkinit_require_binding
x
(pk_mk_pa_reply_enckey): only allow non-bound reply if its not required.
Add [kdc]pkinit_require_binding option.
x
Test hostname if first CN.
Match is first component is in a CN=.
x
Rename require_binding to win2k_require_binding to match client
x
Add example for pkinit_win2k_require_binding in [kdc] section.
x
Issue and test null subject cert.
(hx509_pem_write): Add.
(cms-create-signed): add --pem
Enable writing out signed data as a pem attachment.
export hx509_pem_write
Export some semi-private functions.
Use hx509_pem_write.
PEM encode/decoding functions.
Use PEM encoding/decoding functions.
x
PEM struct/function declarations.
test creation of PEM signeddata.
Update to new hx509_pem_write().
x
Add writing DER certificates.
Test PEM and DER FILE writing functionallity.
x
Add comments.
Split out the iv creation from hx509_crypto_encrypt since
Use hx509_crypto_random_iv.
x
Use hx509_cms_unwrap_ContentInfo.
Spelling.
x
add missing ;
add more missing ;
x
Add krb5_get_renewed_creds.
add krb5_get_renewed_creds
x
don't _hx509_abort
Export more crap^W semiprivate functions.
x
Missed some semi-private functions.
use _hx509_request_print
Move _hx509_request_print here.
Unexport internal asn.1 symbols, add _hx509_request_print.
x
Use hx509_err to print error and exit.
Add initialize_hx_error_table_r.
x
Adapt to new request handling.
Adapt to new request handling.
Adapt to new request handling.
Allow export some of the request parameters.
Adapt to new request handling.
Export more functions.
x
Fix hxtool issue-certificate --req.
x
Add one more principal and list the database.
x
Test zero length integer.
x
Move zero length integercheck to a better place.
test dates from last century.
Test failure cases for der_get_tag.
test universal strings.
x
Test boolean.
x
Paranoia check in buffer overun in output function.
Check for multipication overrun.
x
Include <limits.h> for UINT_MAX.
x
Fix spelling caused by too much query-replace.
No need to undef timetm, we don't use it any more.
x
(der_get_time): avoid using wrapping of octet_string and realloc.
x
Find out the absolute path to top_builddir before we might starting to
Need reference to the top source directory too
x
Spelling hard, lets try again.
Add authorityInfoAccess, rename proxyCertInfo.
Add authorityInfoAccess, rename proxyCertInfo.
Rename proxyCertInfo oid.
x
Rename proxyCertInfo oid.
Rename proxyCertInfo oid.
Print authorityInfoAccess.
Add AuthorityInfoAccessSyntax.
Add AuthorityInfoAccessSyntax.
x
Add sha2 CKM's.
Sync with scute.
Add sha2 types.
x
On success, print username, not ip-adress.
x
(HMAC_Init_ex): also zero out key material on re-init.
x
Parse size limitations to SEQ OF.
(min|max|exact) constraints.
Check range on SEQ OF and OCTET STRING.
Add back SIZE limitations.
verify_krb5_conf_OBJECTS depends on krb5-pr*.h, make -j finds this.
Try harder to provide better error message for digest messages.
x
Add size limits from RFC 4120.
x
x
Indent and make NegTokenInit and NegTokenResp extendable.
x
Split out krb5_kdc_set_dbinfo, From Andrew Bartlett
x
Try harder to use the right principal.
x
Refuse to print GSS_C_NULL_OID, from Rafal Malinowski.
x
Improve the default salt detection to avoid returning v4 password
x
Use hdb_get_dbinfo to pick up configuration.
x
Add hdb_dbinfo_get_log_file.
x
simple java kinit test
Add java.
add tests/java/Makefile
x
x
x
move pkinit internal flags to krb5_locl.h
Drop pkinit_flags.
drop internal flags that was impossile to set.
(enviroment_changed): return non-zero if enviroment that will
Add default_cc_name_env.
update (c)
New library version.
New library version.
New library version.
New library version.
x
New library version.
x
New library version.
x
New library version.
x
New library version.
x
New library version.
New library version.
x
New library version.
New library version.
x
x
x
New library version.
x
New library version.
x
(OctetStringType): add SIZE to OCTET STRING.
Test SIZE attribute for SEQ and OCTET STRING
x
Set error string when there is no KDC for a realm.
x
remove checks that are done by the previous function.
x
Make compile again.
(find_db_spec): match realm-less as the default realm.
x
ACL file for check-admin test.
x
Simple test for server based kadmin.
Add check-kadmin.
x
Add bits needed for kadmind server test.
x
store password before we start
Send kill outout to /dev/null.
(_gss_find_mn): Return an error code for caller.
New signature of _gss_find_mn.
New signature of _gss_find_mn.
New signature of _gss_find_mn.
New signature of _gss_find_mn.
New signature of _gss_find_mn.
New signature of _gss_find_mn.
New signature of _gss_find_mn.
update (c), indent.
x
krb5-v4compat.h defines prototypes for v4 (semiprivate functions) in
x
x
x
more default keys.
x
spelling.
Move the aes enctypes first.
x
Turn on debugging by default, sun.security.krb5.debug.
Only print when there is an error.
x
Print stacktrace.
Don't send newer enctypes in ETYPE-INFO.
x
Spelling.
x
When using sambaNTPassword, avoid adding more then one enctype 23 to
Add depenency on asn1_compile for asn1 built files.
x
try to avoid aliasing of pointers enum {} vs int
x
Fix pointer vs strict alias rules.
Samba entry to do testing with.
Samba schema for those that doesn't have it.
Add samba schema.
add samba.schema.
Add more entries to tests with.
Fix pointer vs strict alias rules.
x
Fix pointer vs strict alias rules.
x
Fix pointer vs strict alias rules.
Fix pointer vs strict alias rules.
x
GLIBC made the choice that ut_tv should be shared between 32 and 64
x
Remove leftover.
Fix pointer vs strict alias rules.
Fix pointer vs strict alias rules.
(_krb5_krb_rd_req): if ticket contains address 0, its ticket less and
x
Java 1.6 expects the name to be the same type, lets allow that
x
0.9rc2
Remove cruft from last commit.
remove *.class files.
add check-kadmin.in
x
add heimdal.acl
Include more sizeof tests.
not time for asn1_parse yet.
test SEQ OF SIZE (...)
x
First version of version script.
xx
Add version script.
0.9pre again.
Syntax.
add more shared.
Add v4 compat glue.
more symbols needed by libkdc.
Need _krb5_get_host_realm_int too.
V4 errors.
Add plugin structures.
Expose plugin structures.
plugin structures are not exposed.
Prefix enum plugin_type.
Prefix enum plugin_type.
version script.
add testing.
use version script.
x
add more testing.
x
Add more testing funcs, really part of libkdc usage interfaces though.
x
x
Add v4 error codes.
add error table functions.
help solairs make
Prefix with KRB4.
return more interesting error codes.
Include "krb_err.h".
x
If its a Kerberos 4 error-code, remove the et BASE.
Add krb_err.h to build_HEADERZ.
switch to ET errors.
Drop duplicate error codes.
x
Error codes are just fine, remove XXX now.
x
Print acl file too.
x
Only do roken rename for the library.
x
Give more hints of what went wrong.
Add version-script.map.
x
rc3
Add dup(dummy stub) and dup2(real).
Add dup(dummy stub) and dup2(real).
x
Add krb_err.h.
x
Implement swrap_dup too.
x
Passe object id is its part of the module defintion statement.
x
more hints about what can go wrong.
update (c)
0.9pre again.
Disable test if we use socket wrapper.
x
Make failing to compile a java program a no-fatal error.
more verbose what we are testing.
x
Use unsigned char * as argument to HMAC_Update to please OpenSSL and gcc.
Init val to avoid gss error.
Use unsigned char * as argument to MD5_Update to please OpenSSL and gcc.
Use unsigned char * as argument to MD5_Update to please OpenSSL and gcc.
x
rc4
avoid type-punned pointer warning.
x
EXTRA_DIST += have_java.sh
x
(dbm_fetch): set dsize to 0 on failure.
x
add ndbm_wrap.[ch] to EXTRA_DIST
split source files in dist and nodist.
x
split source files in dist and nodist.
x
split source files in dist and nodist.
x
(dbm_get): set dsize to 0 on failure.
x
roken_rename.h is a dist_ source
x
warning about when it long long print tests fails.
version.texi
add version.texi
use version.texi
use version.texi
x
add krb5 to version symboled libaries.
make compile.
define version locally
drop version.texi
rc5
fix dependency
Depend on EVP_CIPHER_iv_length.
move to right spot to avoid c89 errors.
x
rc6
1.1pre
done or moved to TODO already
TODO-1.0
x
x
autotooling is autogen.sh now
Don't ovewrite the error code, from Peter Meinecke.
x
Test some simple salt types.
Configuration file for testing keys.
Test for simple salt types.
Make parse_key_set handle key set string "v5", from Peter Meinecke.
x
Test app for krb5_get_renewed_creds().
Test for krb5_get_renewed_creds.
x
Add test_renew to noinst_PROGRAMS.
Test renewing.
x
Make krb5_get_renewed_creds work, from Gunther Deschner.
1.0.1 contains bugfixes
(get_dbinfo): use dbname instead of realm as key if the entry is a
x
Don't print realm, its probably NULL anyway.
Fold in pk-init-alg-agilty.
Fold in pk-init-alg-agilty.
x
Add RFC3526 modp group14 as a default.
x
fix spelling.
Add Camellia
Add NTT copyright.
x
Add heimdal-gssapi.pc and install it into $(libdir)/pkgconfig
pkg-config file for libgssapi in heimdal.
x
Add LIB_pkinit to the list of libraries.
x
add missing camellia files
x
x
Don't try to do dlopen if system doesn't have dlopen. From Rune of Chalmers.
x
Don't try to do dlopen if system doesn't have dlopen. From Rune of Chalmers.
(get_cache_principal): make sure id is reset if we fail. From Benjamin Bennet.
x
Test donotexists case too.
Clear error string, just to be sure.
x
EXTRA_DIST += donotexists.txt
check response from donotexists testcase.
Always set the ticket options, use KRB5_ADDRESSLESS_DEFAULT as the
Add missing "iprop-log dump".
More comments and some more error checking.
x
(check-local): also check that --help works.
missing file.
x
Add --help.
x
Changes in 1.0.1
x
Include <krb5-types.h>.
x
(send_diffs): make current slave's version uptodate when diff have been sent.
x
Catch --help, reported by David Love.
Add --help.
x
Usage is static now.
Add --help and --version.
Make _krb5_n_fold return a error code. Prompted by patch of Charles Longeau.
Check return values from alloc functions. Prompted by patch of Charles Longeau.
x
spelling
x
spelling.
x
(check-local::): exit on failure to perform test.
x
check return value of alloc functions, from Charles Longeau
x
x
(usage): use exit_code, add --version and --help.
x
(krb5_read_message): clear error string.
(krb5_rd_priv): clear error string.
iprop acl file
Test for iprop.
Add stuff for iprop.
Add check-iprop and related files.
add configuration for signal file and acl file, let user select hostname, catch signals and print why we are quiting, make nop cause one new version, not two
x
more iprop tests.
Clean after iprop tests.
x
clean more
add krb5-slave.conf
reformat.
only free the orignal entries extentions if there was any.
x
x
x
wait longer for iprop, dump messages.log on failure.
x
Release 1.1.
version script fro kadm5 server libary.
add version-script for libkadm5srv.la
x
NIST PKITS tests
Unpack PKITS_data.zip and run tests.
clean PKITS_data
Adapt to new nist pkits framework.
Adapt to new nist pkits framework.
remove stale comment.
regen
make quiet
Spelling.
Check all local realms when su-ing, from Magnus Holmberg.
x
Add more logging, to figure out what is happening in the master.
x
Handle CRL signing certificate better, try to not revalidate invalid
x
Search for the right issuer when looking for the issuer of the CRL signer.
x
(_hx509_Name_to_string): make printableString handle space (0x20)
provide slightly helpful text for unknown CRL extensions.
Make CERT_REVOKED error OCSP/CRL agnostic.
Update to use CERT_REVOKED error, shortcut out of OCSP checking when OCSP reply is a revocation reply.
x
nist pkits tests
x
Start the server at the current version, not 0.
x
Sprinkle more info about what versions the master thinks about the client versions.
(kadm5_log_foreach): check that the postamble contains the right data.
x
more paranoid check that the log entires are self consistant
x
always update log version, because that is whats happning in reality.
make more sane.
x
Print what version the client starts at.
Try using -d to unzip.
Try using -d to unzip.
Try using -d to unzip.
Try using -d to unzip.
- don't push whole database to the new client every time.
x
GNU GCC Java doesn't support Kerberos
x
Sprinkle EVP cipher names.
x
Update (c).
Provide better error why kadm5_log_replay failed.
x
Sprinkle krb5_set_error_string().
x
Checking master going backward, create iprop-stats.
x
dump more info.
Make wait-kdc.sh able to wait on other things.
x
look futher back in the logfile.
Use wait-kdc.sh to wait for ipropd-{master,slave}.
empty messages.log
empty messages.log
empty messages.log
empty messages.log
empty messages.log
empty messages.log
empty messages.log
move emptying of messages.log to same space as all other checks.
x
empty messages.log
empty messages.log
x
empty messages.log
empty messages.log
empty messages.log
update (c)
Fix NC, comment on how to use _hx509_check_key_usage.
(verify_crl): handle with the signer is the CRLsigner (shortjcut).
*** empty log message ***
Spelling.
(verify_crl): set error strings.
make compile.
(_gss_spnego_internal_delete_sec_context): release ctx->target_name too
x
"self-signed doesn't count" doesn't apply to trust anchor certificate.
x
use wait-kdc.sh for all diffrent places we start ipropd-{master,slave}.
x
trap kill output, silence picky tail.
Make quiet about killing master and slave.
Catch bind ../../tests/kdc/signal: Operation not permitted
x
Don't run this test in AFS since AFS is missing unix sockets.
x
try /bin/pwd first.
Readd gss_krb5_get_tkt_flags.
x
add TEST_STRPFTIME
rewrite str[pf]time for testing.
rewrite str[pf]time for testing.
rewrite str[pf]time for testing.
rewrite str[pf]time for testing.
x
match rfc822 contrains better, provide better error strings.
x
Add missing prototype for check_length().
build sample_passwd_check.la as part of noinst.
x
Document that the caller needs to do make a local copy of the result
Add java source code.
x
Unexport the specific log replay operations.
export kadm5_log_ symbols.
export _kadm5_acl_check_permission
export _kadm5_unmarshal_params
x
kadm5_s_init_
add _kadm5_s_get_db
export _kadm5_privs_to_string
add kadm5_s_chpass_principal_cond;
Make work on case senstive filesystems too.
x
Make camellia-128-cbc tests pass.
x
Export camellia.
x
Use test from camellia samples.
x
EXTRA_DIST += jaas.conf
EXTRA_DIST += hdb.schema
x
Make work with c++, reported by Hai Zaar
x
(krb5_get_init_creds_password): init the creds_opt too. Reported by Hai Zaar.
make work with cpp again, reported by Hai Zaar
x
(krb5_free_context): free default_cc_name_env, from Gunther Deschner.
x
fix spelling, From Antoine Jacoutt.
x
openssl might require -ldl too, so lets check that.
x
Sleep some before checking that the slave got the update.
Catch KRB5_PROG_ATYPE_NOSUPP from krb5_addr2sockaddr and igore thte
x
(krb5_enctype_to_string): make sure string is NULL on failure.
More prettier printing of enctype, from KAMADA Ken'ichi.
x
Spelling, from Mark Peoples via Bjorn Sandell.
don't run local checks.
x
don't run local checks.
clean better.
(older_enctype): old windows enctypes (arcfour based) "old", this to support windows 2000 clients (unjoined to a domain). From Andy Polyakov.
Some "old" windows enctypes. From Andy Polyakov.
x
x
Allow setting multiple allowed-to-delegate-to.
Allow setting multiple allowed-to-delegate-to.
We are getting default_client, not client. this way the user can
x
(get_pa_etype_info2): more paranoia, avoid sending warning about pruned etypes.
x
(init_fcc): provide better error codes
(krb5_cc_retrieve_cred): check return value from krb5_cc_start_seq_get. From Zeqing (Fred) Xia
x
rename to 1.0.99
PATH file.
Add supaths.h
add more paths.
read environment from _PATH_ETC_ENVIRONMENT
x
x
sprinkle @kbd{}
fix section for manpage
from ubuntu 7.10
match 1.0.2RC2
correct
how to build binaries
fix version
autoreconf -f -i
no need to build if there is an package already
extra dist
SUBDIRS += debian
x
add libheimntlm, libhx509 and libhcrypto.
add new libs
x
add packages/debian/Makefile
remove dup entry for libheimntlm
Adding same enctype is enough one time. From Andy Polyakov and Bjorn Sandell.
x
Try multiple enctypes.
x
sort, expose krb5_plugin_register
expose krb5_plugin_register
expose krb5_plugin_register
x
Doxygen documentation.
doxygen introduction
doxygen configuration
doxygen documentation
doxygen documentation
doxygen documentation
doxygen documentation
doxygen documentation
x
doxygen configuration
x
add doxygen.c
doxygen documentation
update (c)
doxygen documentation
export heim_ntlm_free_buf, start doxygen documenation
doxygen
add doxygen docu for ntlm lib
Add doxygen documentation.
move doxygen into the main file
x
defgroup text
Sprinkle some more doxygen.
Doxygenify.
doxygen syntax
Add the krb5_v4compat group.
its the gsssapi lib that implments transport int/conf.
more doxygen.
x
Last doxygen in this file.
Doxygen.
fix syntax of doxygen
use krb5_free_cred_contents
use krb5_free_cred_contents
deprecate krb5_free_creds_contents, doxygen.
deprecated functions.
use krb5_data_cmp
deprecated functions.
(c)
Doxygenify.
Don't send auth data in referrals, microsoft clients have started to
Should pass different key usage constants depending on whether or not
x
its vs it\'s etc. From Bjorn Sandell
rebuild
remove index.txt*
Cast 0 to EVP_CIPHER_iv_length to (EVP_CIPHER *).
x
Make compile on Leopard.
use autoconf macro
Check if SecKeyGetCSPHandle needs prototype.
x
existant -> existent, from Martynas Venckus via Joason McIntyre.
Drop variable names to avoid -Wshadow.
Implement the move operation. Avoid using cc_set_principal() since it
Add move to the krb5_cc_ops, causes major version bump.
Implement the move operation.
(krb5_cc_move): new function.
export krb5_cc_move
x
Implement the move operation.
implement dummy kcm_move
Free context when done, implement krb5_cc_ops->default_name.
Add krb5_cc_ops->default_name.
Implement krb5_cc_ops->default_name.
Implement krb5_cc_ops->default_name.
Implement krb5_cc_ops->default_name.
Use krb5_cc_ops->default_name to get the default name.
Add KRB5_DEFAULT_CCNAME_KCM, redefine KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE
x
(mcc_default_name): Remove const
Implement krb5_cc_ops->default_name.
add missing sia_locl.h posix_getpw.c
drop data/serial
s/krb5_free_creds_contents/krb5_free_cred_contents/
Put back code that was needed, move gen_new into new_unique.
x
update (c)
Use krb5_cc_move to make an atomic switch of the cred cache.
use krb5_free_cred_contents
use krb5_free_cred_contents
quote?
(fcc_move): make sure ->version is uptodate.
x
bump version
spelling
(acquire_acceptor_cred): Check if there is at least one entry in the
(krb5_context_data): Flag if default_cc_name was set by the user.
Flag if default_cc_name was set by the user, ignore envirnoment updates then.
global krb5_context no longer used.
Always try to fetch cred (even with GSS_C_NO_NAME).
Test GSS_C_NO_NAME too.
x
(init_context_from_config_file): set default_cc_name_set
1.0.2rc5
Packagemaker switch location.
x
Make krb5_get_error_string return an allocated string to make the
x
Avoid trying to deref NULL, from Phil Fisher.
x
Return GSS_C_NO_CREDENTIAL if there is no credential, ntlm have (not
use the right error code.
Add _gss_ntlm_get_user_info() that return the user info so it can be
add group krb5_digest
Implement supportedMechs request.
Add supportedMechs request.
x
Add DigestTypes, add --seq to antoher type.
x
(krb5_digest_probe): return what mechs are supported/allowed.
(digest-probe): new command
(digest-probe): implement command.
test kdigest digest-probe command.
x
x
x
add credential handling, add probe function, add better acquired cred function
Move probe up and comment why its called.
Check if there is initial creds with _gss_ntlm_get_user_cred().
x
Use credential if it was passed in.
x
Less warnings.
Less warnings.
set version from makepackage
content static now
Adapt to macos 10.5 packagemaker
drop exit 0
add missing \
Drop -ds and use --domain system.
Remove .dmg before trying to build it.
x
Rename Info.plist.in Info.plist.
x
x
Check that admin-less principal works.
x
spelling
spelling
use variables for paths in info docs
use variables for paths in info docs
(krb5_generate_random_block): try to avoid the dead-lock in by not
Use HAVE_FCNTL for both lock and unlock, from Hai Zaar.
x
move static path into local headers that are not installed to prepare for configure-time relocations. Prompted by Hai Zaars FHS thread on heimdal-discuss
Can't call getpwuid(getuid()) at all since that causes recursive
revert previous patch, the problem is located in the RAND_file_name()
x
x
x
Add --with-hdbdir to specify where the database is stored.
Rename DIR_hdbdir
(hdb_db_dir): Return the directory where the hdb database resides.
handle removal of HDB_DB_DIR
build_HEADERZ += heim_threads.h
use hdb_db_dir() and hdb_default_db()
generate links
add hx509 doxygen foo
(_hx509_revoke_ref): new function.
Add doxygen.
Add doxygen main page.
add doxygen.c
fix doxygen compiling.
make work the doxygen.
spelling.
*** empty log message ***
(DH_check_pubkey): doxygen + if g == 2, pub_key have more then one bit
doxygen main page
add doxygen documentation to hcrypto
x
Replace the dns flag with a flag field and use that.
Adapt to changes in hx509 interface.
Adapt to changing dns_canonicalize_hostname into flags field, add
Adapt to changing dns_canonicalize_hostname into flags field.
use KRB5_CTX_F_CHECK_PAC to init check_pac field in the krb5_rd_req_in_ctx
x
use _ in configuration option.
Check check_pac.
x
Document krb5_rd_req_in_set_pac_check.
add doxygen.c
Add HX509_VHN_F_ALLOW_NO_MATCH.
Move HX509_VHN_F_ALLOW_NO_MATCH to hx509.h
document flags
Drop printing of $id.
Print that this is version 2 of the tests
x
Adapt to hx509 changes, use hdb_db_dir().
Use hdb_db_dir().
Use hdb_default_db().
x
add KDC_LOG_FILE
Use hdb_db_dir().
x
Use hdb_db_dir().
Use hdb_db_dir().
Use hdb_db_dir().
Use hdb_db_dir().
Use hdb_db_dir().
x
drop echo -n, doesn't work with posix sh
x
(BN_is_negative): make argument const.
(BN_is_negative): make argument const.
fix compile error
some doxygen documentation.
DH is a subpage
handle refcount on NULL
Test of DH by Matthias Koenig.
RSA implementation written using GMP.
add test_dh and rsa-gmp.c
add RSA_gmp_method
x
More documentation.
More documentation.
export hc_DH_gmp_method
x
More documentation
Fix type of name-type. From Andy Polyakov.
x
Add missing files, from Buchan Milne.
x
Add missing files, from Buchan Milne.
x
Add missing files, from Buchan Milne.
Add missing files, from Buchan Milne.
Add missing files, from Buchan Milne.
not used
x
Add missing files, from Buchan Milne.
fix syntax error, from David Love.
Add newline to avoid generating broken krb5-protos. from David Love.
Move test HAVE_GMP to make it not include the header files, and thus
Another place where schemas are installed, from Buchan Milne.
Add space to make valid ldiff file, from Buchan Milne
SRCS
add newline at end
Add SRCS to EXTRA_DIST
Add SRCS to EXTRA_DIST
Move EXTRA_DIST to somewhere else.
Add some extra cf/*.
x
One EXTRA_DIST is enought, from dave love.
x
Add hdb_default_db().
x
x
Doxygen documentation.
x
Some more documentation.
Add page referance
add keyset page and lock page
correct cms linkc
x
more documentation
add NO_STORE
drop NO_STORE
use HX509_UNSUPPORTED_OPERATION and some more documentation.
Add documentation.
Add error documentation
use hx509_free_error_string
More deps, change mail address.
doxygen
add ca
x
x
x
doxygen.
x
add more groups
drop req, its all internal
docxygen
syntax
add hx509_xfree
doxygen.
add print.
add print.
add page_env
add header add footer to html pages
drop hx509_print_func, add hx509_xfree
x
doxygen.
x
sprinkle doxygen
add evp
document return values.
more doxygen
complete the EVP_MD functions doxygen.
x
more doxygen
more doxygen
Add last of the doxygen documentation for functions in this module.
x
more documentation bits.
more stuff
document.
update hc_dh_imath_method
Make heim_ntlm_decode_type3 more useful and provide a username. From
Check result of heim_ntlm_decode_type3().
less rk_UNCONST
handle username part of the ntlm name
Log probe message, add NTLM_TARGET_DOMAIN to the type2 message.
x
Add NTLM_TARGET_*
Add NTLM_TARGET_*
Use ntlm_name.
make compile
clean up name handling
x
Don't confuse target name and source name, make regressiont tests pass again.
x
more doxygen.
Add some doxygen.
Add rsa.
More doxygen.
ENGINE_get_default_RSA can return NULL.
x
Use strlcpy instead of strncpy, thanks to Antoine Brodin.
x
More news.
1.1rc1
spelling
add bar at TEST as admin
remove heim_threads.h
more stuff
drop freebsd Makefile
Add mech/mech.5 and move stuff around.
drop file
Add extra files missing from dist.
x
add check-cracklib.pl, flush.c, sample_passwd_check.c
x
add missing files
drop
drop
drop
add missing files.
x
drop unused file
add missing files.
add missing files.
drop old todofile
drop unused files
x
x
x
use krb5_free_cred_contents
make print_func static
x
doxygen
Test source name (and make the acceptor in ntlm gss mech useful).
x
Quoting.
add and use der_{malloc,free}
x
Its 2008.
REVERT: add and use der_{malloc,free}
More documentation.
Replace hx509_name_to_der_name with hx509_name_binary.
Replace hx509_name_to_der_name with hx509_name_binary.
Replace hx509_name_to_der_name with hx509_name_binary.
Update link.
Add a PKCS11 provider supporting signing and verifing sigatures.
Test the PKCS11 provider built-in to libhx509.
x
Read-only PKCS11 provider built-in to hx509.
rename SoftToken to Heimdal hx509 SoftToken.
1.1rc2
add missing file.
remove p11dbg.log
test debug
x
add asn1_id_heim_rsa_pkcs1_x509.x
Add id-heim-rsa-pkcs1-x509.
clean test-rc-file.rc
Add debug.
Add hx509_cert_get_SPKI_AlgorithmIdentifier, remove unused stuff, add hx509_context to some functions.
Spelling.
Add more glue to figure out what keytype this certificate is using.
x
x
Drop unused stuff.
x
adapt to new hx509_cert_get_SPKI
Bump version.
first version of disable java test
add java pkcs11 test
Support PINs to login to the store.
x
Only log in if needed.
Use HX509_CERTS_UNPROTECT_ALL when there is no pin code.
add HX509_CERTS_UNPROTECT_ALL
Support HX509_CERTS_UNPROTECT_ALL.
document HX509_CERTS_UNPROTECT_ALL
Test password less certificates too
x
x
Add option app-fatal to control if softtoken should abort() on
x
Use option app-fatal.
x
x
fix comment, remove label.
only export C_GetFunctionList
use C_GetFunctionList
x
Remove un-used stuff.
Export hx509_free_error_string().
x
Add krb5_digest_probe.
x
use func for more C_ functions.
x
add missing )
use version script instead
remove the check-symbols check
drop CHECK_SYMBOLS
drop CHECK_SYMBOLS
x
drop CHECK_SYMBOLS
x
Use hdb_free_keys().
x
rc3
remove check-symbols.sh
Try to handle ticket full and ticketless tickets better.
Add krb5_credential group.
Used for testing krb5_get_forwarded_creds().
noinst_PROGRAMS += test_forward
x
x
Use on variable less.
x
1.2pre
update mail addresses
use h5l.org as email base
(fcc_move): more explict why the fcc_move failes, handle cross device links.
x
Avoid free-ing type1 message before its allocated.
x
evil hack to support libtool
change version on head to 1.1.99
Fix caps of prefix, from Joakim Fallsjo.
x
Remove support for [libdefaults]capath (not [libdefaults] capaths though).
Catch deprecated entries.
better error strings for the keytab fetching functions
Improve the error message.
update (c)
x
Test unreadable/non existant keytab and its error message.
x
Add matching on EKU, validate EKUs, add hxtool matching glue, add check. Adapted from pach from Tim Miller of Mitre
(hx509_query_match_eku): update to support the NULL eku (reset),
x
Add introtext.
See the Kerberos 5 API introduction and documentation on the Heimdal
x
break out fileformat to a separate page.
drop references.
update (c)
update (c)
doxygen-ify
doxygenify
doxygenify
libwind from Assar. stringprep library supporting nameprep, saslprep and ldapprep
Add lib/wind/Makefile, change version to 1.1.99
x
SUBDIRS: add wind
x
Add and use com_err error codes
drop autogenerate file
x
UCS-2 read/write functions
Fix overaggressive checks, fix comments.
x
Use libwind.
libkrb5_la_LIBADD: depend on libwind.la
Add wind.
Add wind.
x
Does not work yet error case.
x
Make error reporting somewhat more correct for SPNEGO.
x
Test wind_utf8ucs4_length().
Make wind_utf8ucs4_length() work again.
x
Make compile on-pre c99 compilers. From Dennis Davis.
Remove extra ;, From Dennis Davis.
x
2008
use generated constant for length
use generated constant for length, check for overruns, dont use gcc/c99 extentions
Add partial support for LDAP-prep Insignificant Character Handling
Use ldap-prep (with libwind) to compare names
add libwind
libwind
test tgs req too
Use ldap_get_values_len, from LaMont Jones via Brian May and Debian.
Use malloc() instead of static buffer.
x
x
add xn-- and handle error
make work again.
Move else to make it work again.
Move logic into wind_punycode_label_toascii()
rename wind_punycode_toascii to wind_punycode_label_toascii
(acquire_initiator_cred): handle the credential cache better, use
x
(spnego_reply): if the reply token was of length 0, make it the same
x
make the SPNEGO mech store the error itself instead, works for everything except other stackable mechs
Check spnego error messages too.
Add gss_mg_collect_error;
(krb5_add_et_list): doxygen.
(_gss_spnego_inquire_context): make work, based on patch from Ryan Sleevi.
Use AM_CPPFLAGS instead, not really right, but definatly better then
x
oids used by heimdal project
Add more oids.
(_wind_ldap_case_exact_attribute): case exact matching.
x
Drop com_err files from dist sources.
Test ldap cases.
x
drop unused variable.
s/warn_err/wind_err/
add generate.py
add more missing .py files.
x
add windlocl.h
Make this pass the test cases again.
x
Make DEFAULT_INCLUDES work better, avoid picking up the wrong
make AM_CPPFLAGS +=
x
Handle c-comments.
x
Add unicode header files.
x
Strip of xn-- that puny-code adds.
(CLEANFILES): add wind.h and wind_err.h and sort.
Add more built files.
x
x
Add LIB_com_err.
x
add wind_ucs2read.
add version-script.map
Make all apps depend on libroken.
Clean symlinks and built-files.
Use unsigned char as argument to isspace(), from Michael ven Elst.
Use unsigned char as argument to isspace(), from Michael ven Elst.
Use unsigned char as argument to ctype function, from Michael ven Elst.
libhx509_la_OBJECTS depends on hx_locl.h
x
Support verifying PEM signature files.
Test verifying PEM signature files.
Add --pem to cms-verify-sd.
x
Add flag to not add gss-api INT|CONF to the negotiation
reshuffle depenencies
x
add missing (c)
Don't test the chmod 0'ed keytab, since that test doesn't work for root
add missing \
x
add hx509_pem_read
Add more built files so they are distributed.
x
Dont need to set this as the controlling PTY on steams sockets, don't
x
(acc_get_name): just return the cache_name directly instead of trying
x
Create a new credential cache is ->get_name is called, make
x
(init_auth): use right variable to detect if we want to free or not.
x
Try searchin the key by to use by first looking for for PK-INIT
x
Add (c).
Add (c).
Add language to support querying certificates to find a match. Support constructs like "1.3.6.1.5.2.3.5" IN %{certificate.eku} AND %{certificate.subject} TAILMATCH "C=SE"".
Export hx509_query_match_expr.
rename to be more consistent, export for teting
x
Add test for gsskrb5_register_acceptor_identity.
x
Test gsskrb5_register_acceptor_identity.
x
add Zeqing Xia
Adapt to hx509_env changes.
x
Make delegated credentials delegated directly, Oleg Sharoiko pointed out that it always didnt work with the old code. Also add som missing cred and context pass-thou functions in the SPNEGO layer
add missing symbols
x
Check for dup aliases before overwriting, pointed out by Johanna Mannung
Describe certificate matching syntax.
kdc: Provide extended error information in AS-REP error replies.
Drop unused defined that originates from aes.
x
Try to find unzip.
x
Fix sasl-regexp, from Howard Chu.
x
update (c)
Attached is a patch that fixes the following:
Update to match new API for windc interface.
first version of the tgs referrals pathcheck
Add stub --canonicalize implementation.
x
Test TGS referrals.
x
Catch KRB5_GC_CANONICALIZE.
set KRB5_GC_CANONICALIZE.
set KRB5_GC_CANONICALIZE.
x
x
Also check KDCOptions->canonicalize when looking for referrals requests.
Dont try key usage KRB5_KU_AP_REQ_AUTH for TGS-REQ. This drop
x
x
Refactor code to flatten the call-tree.
Fix error message to match function called.
Find_cred to try krb5_cc_retrieve_cred first, remove comment.
Fix [domain_realm] section.
More verbose checks, disable check that no longer works with referrals.
x
Insecure tgs referrals.
add krb5_principal_set_realm
add krb5_principal_set_realm
use krb5_principal_set_realm
use krb5_principal_set_realm
use krb5_principal_set_realm
Better referrals support, use canonicalize flag.
x
remove lost bits from using krb5_principal_set_realm
x
kill trailing whitespace
kill trailing whitespace
Send SERVER-REFERRAL data in rep.padata instead of auth_data in ticket.
x
Add code to check PA_ServerReferralData.
Try client side guessing too.
Rename tgs_build_referral to build_server_referral since it can be
Try moving referrals checking into _krb5_extract_ticket().
add referral-valid-until
x
Try moving referrals checking into _krb5_extract_ticket().
x
Match name in ClientCanonicalizedNames with -10
x
Make working with client referrals.
More bits for server referral.
Move client referral checking to _krb5_extract_ticket().
x
(_krb5_principal_compare_PrincipalName): new function to compare a
x
Match name in ClientCanonicalizedNames with -10
x
check no server referral, don't use stringent length tests since
Ident.
x
Make work for constrained delegation and impersonation.
x
better error message, try to handle server referrals slightly better.
Make server referral work.
x
Tell _krb5_extract_ticket that this is an AS-REQ.
Add flag EXTRACT_TICKET_AS_REQ.
x
Fix status messages.
x
Don't do canonicalize by default, make add_cred() sane, make loop
x
Try both kdc server referral and the old client chasing mode.
x
Test now works again with old client side capath referrals.
warnings on platforms where sig_atomic_t is not a int, from netbsd via Michael van Elst, Havard Eidnes and T K Spindler
<sys/bswap.h> cannot be included alone on NetBSD. From KAMADA Ken'ichi.
Move _krb5_pk_copy_error() within #ifdef (from Björn Schlögl) and
add Björn Schlögl
first implementation of kcm-move-cache
Drop unused variable krb5_kcmcache *k.
Match man_MANS = files with directories in them.
x
add back k, its needed by consumers.
Return KRB5_CC_NOSUPP on no kcm daemon in other end.
Test krb5_cc_move().
more verbose info.
Make work when moving to a non-existant cred-cache.
x
Check if new credential cache exists, if not create one.
More people.
Make erase_file() to locking too.
x
spelling.
Make the storing credential an atomic write(2) to avoid signal races,
x
spelling
x
No patching of OpenLDAP is needed, from Buchan Milne.
x
sasl-regexp is now authz-regexp, from Quanah Gibson-Mount.
More text about OpenLDAP.
sqlite
First implementation.
SUBDIRS += sqlite
lib/sqlite/Makefile
First implementation.
Add scache.
x
add libsqlite.al
register SCACHE.
export SCACHE cc ops.
Make the cache less broken, not working yet.
Make compile.
Make somewhat more working...
Implement destroy.
Implement cache iteration and clean up modue.
Only release context if its in use.
x
test acc and scc
x
Make it pass most of the tests.
no test_init_vs_destroy for API: cache, more tests
Translate ccErrInvalidCCache.
x
first try to get the default cache code right
Search backward for :, make sample name not include :
Make default cache work.
Do credential iteration by temporary table.
x
Implement temporary table for interation of caches too.
Make the remove cred slight more atomic, now it might lose creds, but
Support delete credential.
test remove
x
Extend krb5_cc_ops and add set_default to set the default cc name for
Implement set_default.
Implement set_default.
x
Add krb5_cc_switch, to set the default credential cache.
x
Enable switching between existing caches.
Add kswitch.
allow returning the default cc-type.
Add version number to krb5_cc_ops
Add version number to krb5_cc_ops
x
Implement --principal.
x
(BN_set_word): simplify.
make refcount slightly more sane.
x
make refcount slightly more sane.
make refcount slightly more sane.
make refcount slightly more sane.
x
call va_start before using vsnprintf.
x
simplify
simplify
x
Use unsigned where appropriate.
x
Use unsigned where appropriate.
Use unsigned where appropriate.
Use unsigned where appropriate.
Use unsigned where appropriate.
Use size_t where appropriate.
x
Use unsigned where appropriate.
Use unsigned where appropriate.
Use unsigned where appropriate.
Use unsigned where appropriate.
x
Use unsigned where appropriate.
x
Use unsigned where appropriate.
Use unsigned where appropriate.
Add missing op.
x
Use unsigned where appropriate.
remove one line.
Adapt to chenge to krb5_cc_ops.
x
Use unsigned where appropriate.
Use unsigned where appropriate.
Use unsigned where appropriate.
Use unsigned where appropriate.
Use unsigned where appropriate.
Use size_t where appropriate.
Use size_t where appropriate.
Use unsigned where appropriate.
x
x
use unsigned/size_t where approprite
Use unsigned where appropriate.
x
Use unsigned/size_t where appropriate.
Use unsigned where appropriate.
x
Add -Wstrict-overflow=5 as an example.
x
Sort and add krb5_cc_switch.
x
(scc_alloc): %x is unsigned int.
x
Pick up krb5_pk_identity from krb5_locl.h.
Make self-standing by including missing files.
x
Include pkinit and include add krb5_pk_identity.
Drop krb5_pk_identity and rename constants to match global header.
Drop krb5_pk_identity and rename constants to match global header.
x
Name the pkinit type enum.
x
include roken.h
x
Rename the pkinit type enum.
Rename the pkinit type enum.
export krb5_scc_ops
Add text about smbk5pwd overlay from Buchan Milne.
x
Revert "Use size_t where appropriate."
Add PkinitSP80056AOtherInfo
add PkinitSP80056AOtherInfo
First version of KDF in draft-ietf-krb-wg-pkinit-alg-agility-03.txt.
x
Complete _krb5_pk_kdf.
x
add id-pkinit-kdf
add id-pkinit-kdf
Test the new pkinit nist kdf.
x
Add test_pknistkdf
x
(_krb5_pk_kdf): Check that is sha1 we are using.
Comment testcase[0]
correct second half of key
Check kdf params. calculate the second half of the key.
x
sort and export _krb5_pk_kdf
2007's changelog
x
add AlgorithmIdentifier for glue.
add AlgorithmIdentifier for glue.
use struct for AlgorithmIdentifier.
Remove utmp warning on mac os x
x
Check for <asl.h>.
x
Use asl for logging ftpd wtmp messages.
x
Really, mac os uses wtmpx (or asl).
x
Use matching prototypes, prompted by bug report by David Rosenstrauch.
x
cpp wrappers
c++ wrappers
c++ wrappers + deprecated.
deprecated.
x
@xref{AFS} better
Make wind_stringprep match prototype in .c file. pointed out by David
x
Rename yyerror to sel_yyerror and make it static.
Drop need to camellia-ntt.h by including some more defines.
Move the typedef u<num> to camellia-ntt.h header file.
Move the typedef u<num> to camellia-ntt.h header file. Use u32 to
x
x
Avoid using entry points depending on _IOWR if there is no _IOWR (on cygwin).
x
More ifdef protection of VIOC_SYSCALL_DEV*
rename yyerror to sel_yyerror in the whole library, not just the lexer
export sel_yyerror
Rename even more.
More prototypes.
Prefix sel_error with _hx509_ since its global on platforms w/o symbol
x
If cygwin doesnt have WTMPX_FILE, it uses wtmp for wtmpx
x
Should just drop wtmp support, make a comment that we should.
Reorder to avoid prototype.
x
get_version returns an int, update
Make num_entries an uint32 to avoid negative numbers and type warnings.
x
Cast krb5_error_code to int to avoid warning.
Cast size_t to unsigned long to avoid warning.
Cast krb5_error_code to int to avoid warning.
Cast enum to int to avoid warning.
Cast krb5_error_code to int to avoid warning.
Cast krb5_error_code to int to avoid warning.
x
BasicConstraints.pathLenConstraint unsigned int.
x
Use tmp to read ac->flags value to avoid warning.
x
Don't print krb5_error_code since we are using krb5_err().
x
Add __declspec(dllimport) to the exported functions.
x
replace _export with __declspec(dllexport)
x
Run autoupdate, use LT_INIT().
x
Export _FUNCTION and _VARIABLE for _win32 magic
Update make-proto usage.
Update make-proto usage.
x
Rename cache variable to AC_CACHE_CHECK to make the cached.
x
Use LT_INIT the right way.
x
Use at least libtool-2.2.
x
Lets try dependency tracking for automake 1.10 and later.
x
Export _FUNCTION and _VARIABLE for _win32 magic
Update rk_WIN32_EXPORT, add gssapi to rk_WIN32_EXPORT.
x
x
Define both export variables.
x
Add declspec for Windows
Add declspec for Windows
x
Sync with NetBSD rcp, add v6 parsing support and no setuid code at all.
Release Notes - Heimdal - Version Heimdal 1.2
1.2rc1
--disable-dependency-tracking
Use DES_new_random_key().
x
No need to call DES_init_random_number_generator, hcrypto is sane now.
x
Add documentation.
Undeprecate DES_new_random_key.
Reimplement using RAND_ interface.
Add reference to DES, more quick links.
x
Document, implement RAND_set_rand_engine().
x
add page_rand.
Use --file to test_rand.
x
do a head vs tail test on the random buffer.
x
break long lines.
one more.
History of DES.
History of hcrypto.
*** empty log message ***
Document using doxygen.
x
DES is withdrawn.
x
add hcrypto_misc
misc functions.
Document PKCS5_PBKDF2_HMAC_SHA1.
x
Move OpenLDAP includes to AM_CPPFLAGS to avoid dropping other defines
x
Use <string.h> instead of <strings.h>.
x
Include <config.h>
x
hx509 now includes a pkcs11 implementation.
No MIT code in hx509.
Pick up version from vars.texi
About the pkcs11 module.
x
Use subject name as friendly name if there is no friendly name for certificate.
x
Only log "sending AYT" once, pointed out by Dr A V Le Blanc.
x
pty testing application
pty testing application
drop whitespace at end of line.
x
use rkpty to test kpasswd/kpasswdd
x
spelling.
Add timeout, add password command, add diffrent verbosity levels.
x
Wait for success, use password command to test it.
x
Sort options.
x
Use RAND_bytes() + DES_is_weak_key() to generate random DES
x
decrecate DES_new_random_key again, no longer used
More includes.
x
Drop const warnings.
x
Add rkpty.
x
Add --version and --help.
drop )
x
DES_set_odd_parity "returns" void.
Export DES_check_key_parity.
x
Add DES_check_key_parity, deprecate DES_set_key.
x
Document missing functions, add DES_check_key_parity().
x
Use DES_set_key_unchecked().
x
use DES_set_key_unchecked()
Use DES_set_key_unchecked().
x
two more
Remove inifinite loop in DES_set_key().
x
use DES_set_key_unchecked().
x
use DES_set_key_unchecked().
Fixup key parity before going ahead and using the key.
unbreak des-test
x
test SDB: cache
Test SDB combinations.
x
x
Pick up [libdefaults]default_cc_type
x
Document default_cc_type.
x
less verbose
Use EVP_MD_CTX_create()/EVP_MD_CTX_destroy().
Use EVP_MD_CTX_create()/EVP_MD_CTX_destroy().
Internalize hc_EVP_MD_CTX.
Internalize hc_EVP_MD_CTX.
x
deprecate functions that are needed for exported EVP_MD_CTX.
Use DES_set_key_unchecked().
x
EVP_MD_CTX_init already implemented.
x
use libtool to probe for version script to make it work on amd64/ia64
x
Move _hx509_sel_yyerror here.
Use _hx509_sel_yyerror() instead of error_message().
x
Use the _ext api for OpenLDAP, from Honza Machacek (gentoo).
x
x
indent
x
Changes from doug barton to make spnego indepedant of the heimdal version of the plugin system.
Add AC_CONFIG_MACRO_DIR
drop libss and make_cmds
Add back "mech/utils.h", its needed for oid/buffer functions.
x
Add -rpath to avoid building a convince library, also sprinkle some
x
First version of hdb version script.
Add version script for hdb.
1.2.99 aka pre 1.3
replace hashes with keys.
x
If we forked, force a reseed again. Add the pid as part of the reseed().
x
Detect solaris2.11 and later and assume its sunos=58.
x
x
Add generade acode files.
heim_acode.
Add der_free_generic().
x
Some framework for code generation.
drop
revert
x
x
x
Include <krb5-types.h> to get fixed int types.
x
Include <limits.h> for TYPE_MAX defines.
x
krb5_cc_new_unique() is name of the creation function.
x
Add krb5_get_error_message().
x
Make compile again.
add krb5_gss_register_acceptor_identity
add krb5_gss_register_acceptor_identity
add krb5_gss_register_acceptor_identity
Make compile.
(krb5_free_error_message): constify
(krb5_free_error_message): unconst to avoid warning
Use krb5_get_error_message.
Free error message with krb5_free_error_message().
make compile
use krb5_get_error_message
x
Don't clean out distributed built files (requires python).
x
Try sliding mmap window over memory file (10MB window), works better with larger files (ie doesn't fail).
x
Rewrite sliding window code so it doesn't have a integer overrun.
x
Use the correct length for unmap, msync
Use <krb5-types.h>
x
Add back krb5_kcmcache argument to try_door().
x
Drop <stdint.h>
x
x
utf8.c
Support utf8 to utf16 conversion.
add libwind.la
Use wind_utf8ucs2_length to convert the password to utf16.
use offset to go over the array.
Add <wind.h>
x
Build python files into source tree, add propper depenencies.
Clean built files in maintainer mode.
generate files into the source tree
x
use full hostname to avoid realm resolving errors
Clear context error that is not useful.
Add utf8 <-> utf16 support.
x
Test globbing acl's
x
test acls
more test acls
check non globing request
Don't add asn1 wrapping to token when using DCE_STYLE.
x
x
convert gnu ld symbols file to a flat file, only export variables in
(krb5_set_real_time): handle negative usec
x
move encrypt.h and misc.h later
Pass in time to hx509_cms_verify_signed
drop time to verify context
add _hx509_verify_get_time
drop time_now, its part of the verify context.
Pass in time_now to unevelope, us verify context time in verify_signed.
pass in time_now to unevelope
x
pass time time now to hx509_cms_unenvelope
Remove error_buf, add error_code.
switch to krb5_set_error_message
HEIMDAL_SMALLER includes no v4 compat functions.
switch to krb5_set_password().
x
Doxygen, deprecate krb5_change_password.
Use krb5_set_error_message(), drop unused functions.
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
use krb5_set_error_message
Krb5plugin_send_to_kdc_ftable From Andrew Bartlet.
more includes files for solaris.
export krb5_(v)set_error_message.
new version
use krb5_set_error_message
use krb5_free_error_message
skip unknown types
Drop support for reading kerberos 4 srvtab
bump version
Send newline from use to stderr, just like the prompt. From Ted Percival.
x
no more srvtabs.
krb5: just don't force, but allow the flags when GSS_CF_NO_CI_FLAGS is given
fix gss_krb5_cred_no_ci_flags_x_oid_desc variable name
replace <stdint.h> with <krb5-types.h>, From David Leonard
x
Always print output for status.
x
More output.
add krb5_free_error_message
x
spelling, from openbsd via janne johansson
spelling, from openbsd via janne johansson
x
Make cert types more dynamtic and provide help string.
make it clear that ca --type can be used more then once.
can't do --self-signed and --request at the same time.
Break out print_eval_types().
x
EXTRA_DIST += version-script.map
x
use constant KRB5_PLUGIN_LOCATE
define constant KRB5_PLUGIN_LOCATE
add plugin interface to sendtokdc
already here
add plugin error codes
add send_to_kdc_plugin.h
Add support for the send_to_kdc plugin interface.
x
use the right type for error message
and right num of arguments
add punycode_examples.[ch] to built files.
x
no more krb4
Drop kerberos 4 support.
no krb4
x
handle KRB5_PLUGIN_NO_HANDLE for lookup plugin.
add name for send_to_kdc plugin.
x
Try to do depencies better.
x
x
dont build editline if not needed. From Guillame Rosse
Try afs/cell at REALM before afs at REALM since that is what OpenAFS folks
x
some random bits needed for libkadm
some random bits needed for libkadm
make compile
Allow numbers to be enctypes to as long as they are valid.
x
Allow checking the session enctype
indent
Build a service without aes, build context and see that we still got
Need to use mutual to make this work.
remove stray bash
Check keyblock instead of keyblock2, doesn't matter which, they will
Make resolver output more pretty
restore flags after mk_rep is done. Prompted by comments from metze
Match the orignal patch I got from metze, seems that DCE-STYLE is even
x
add rk_undumpdata
add rk_undumpdata
Add krb5_cc_[gs]et_config.
x
Use krb5_cc_set_config.
Use krb5_cc_get_config.
x
x
Switch to krb5_set_password.
x
Check for realm-config in the ccache configuration, and use that.
add --ok-as-delegate and --windows flags
x
copy the ticket data from the cred, not that matching cred.
realm-config > 0
check for creds
test --ok-as-delgate and not
make delegated checks work....
restore username parsing
add rk_xfree()
add rk_xfree()
add xfree.c
fix warning
use rk_undumpdata, spelling
export hdb_kt_ops
Save the session ticket key when we know everything is fine and the
export krb5_cc_[gs]et_config
Add principal to storing config data.
pass extra argument to krb5_cc_[gs]et_config.
pass extra argument to krb5_cc_[gs]et_config.
Support parsing KRB-ERROR passed back from windows server when the time is out of sync, modify krb5_cc_[sg]et_config interface to handle principals too, add tests for this
check client code
Break on failure
remove gbd
check max loop, pretty status messages
check max looops
remove lefterover debug message
Ignore errors from socket with getaddrinfo since getaddrinfo is clearly broken in glibc.
Patch from Björn Schlögl to enable disable-ness of ipv6.
x
Always return GSS_S_CONTINUE_NEEDED, pointed out from Metze.
Reset minor_status to 0.
Add Stefan Metzmacher.
No reply in non-MUTUAL mode, but we don't know that its non-MUTUAL
update (c)
export krb5_set_kdc_sec_offset
Wrapper function for close on exec().
Add cloexec.c
set log file close on exec
close-on-exec
close-on-exec
close-on-exec
indent
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
close-on-exec
xfree, close-on-exec
xfree, close-on-exec
close-on-exec
close-on-exec
run libtool out of .
less libtool
sprinle O_CLOEXEC, from Andrew Bartlett
The "kaserver" part of Heimdal occasionally issues invalid AFS tokens
x
x
add Rainer Toebbicke
Add -shared to build shared library. From Brian May.
add GSS_C_DELEG_POLICY_FLAG = 32768
If we used GSS_C_DELEG_POLICY_FLAG, trust KDC, still trust realm configuration.
add GSS_C_DELEG_POLICY_FLAG
x
Add gsskrb5_[gs]et_time_offset
More bits from the KDF.
delegate policy
make max_sz int since it will passed to %*s
Not init m, return never used (overwritten later).
x
Not init len, return never used (overwritten later).
Catch hx509_certs_init() to fail.
Catch store failure.
x
Catch error
x
set error code and catch them.
remove #if 0'ed code
catch errors from _kdc_do_version4
don't bother setting verify_mic if its not used after this.
Delete context on failure.
remove allocated_ctx.
keep return from ret.
check right error variable.
catch error from iterate_entries
catch error and return error from krb5_openlog().
ignore error from crypto_destro to catch more intresting error
return whatever krb5_copy_data returnd
return exit_value
catch error
remove unread assignment
catch error
catch error
catch error
catch error
no need to step p forward if we are not going to use it.
Specify lazy loading. From Milosz Kmieciak.
use SOCK_CLOEXEC
add Milosz Kmieciak
update to imath 1.13
define IMATH_LARGE_PRIME_TABLE
Include larger table with IMATH_LARGE_PRIME_TABLE.
Merge documentation update from Mustafa Hashmi.
add Mustafa A. Hashmi
export more
x
x
Only strip DELEG_FLAG if there is a realm setting, simplify the
If there is a initiator subkey, copy that to acceptor subkey to match
x
export more
try really hard to rename the symbols
try really hard to rename the symbols
add missing flag policy-delegate
make acquire_initiator_cred work again
make quiet
provide slightly better error codes
provide slightly better error codes
provide slightly better error codes
provide slightly better error codes
Avoid checking mech for now...
Only send KRB_ERROR token when there is clock skew, limits when we
If we change the error code, change the context error code too.
Copy the krb5 context error.
fix errors
As long as we got one kerberos cred, be happy with the first one.
catch error, zero out variable.
Test initiate keytab files.
evp-hcrypto.c
break out the hcrypto part
break out the hcrypto part
add (c)
add new symbols
add aes cts
add evp-aes-cts
spelling
add evp-aes-cts
test evp-aes-cts
Use EVP for AES
EVP_wincrypt_des_ede3_cbc
make this as cryptolib
handle building as part of openssl and libkrb5
pull in hcrypto/evp-aes-cts.c if we use openssl
generic hash (sample md5)
Start switch to EVP digest.
_krb5_aes_cts_encrypt no longer used.
cleanup of crypto context, for encryptes that needs to do malloc
Moved cts test to hcrypto.
Only clean keys that had their schedule setup.
expose hc_evp_md
expose hc_evp_md
maybe this should work...
More EVP.
More EVP.
use EVP for des-crc-mdX functions
remove #if 0 debug stuff that haven't been used for a couple of years
switch aes and des-cbc-{crc,md4,md5} to evp
Pass down EVP_CIPHER to key schedule and clean up.
The PRF slightly more generic
drop aes.h, now we use evp.
webpage is http://www.h5l.org/
enable crypto
enable crypto
add krb5_enctype_enable and some doxygen
move to group crypto
spelling
deprecated functions
no des.
play games to move make make-proto not see this functions.
Play games to move make make-proto not see this EVP_hcrypto_aes.
add [libdefaults]allow_weak_crypto to allow des
add EVP_des_cbc
add EVP_des_cbc
add EVP_des_cbc
All keys doesn't include des keys
set ret before use.
set ret before use.
check that des expection works
make excpetion for known weak types
make excpetion for known weak types
test disabling and expection of des.
allow weak crypto
flag to allow switching weak crytpo
flag to allow switching weak crytpo
allow optionally to drop weak enctypes and unstandard enctypes.
optional check for sqlite3
don't build sqlite if there is a system one
pick up sqlite from variables.
spelling
include <sqlite3.h> instead of "sqlite3.h"
define HC_DEPRECATED_CRYPTO
define HC_DEPRECATED_CRYPTO
Mark weak crypto as HC_DEPRECATED_CRYPTO
define HC_DEPRECATED_CRYPTO
define HC_DEPRECATED_CRYPTO
define HC_DEPRECATED_CRYPTO
switch des3 to evp
remove unused
remove unused debug code that haven't been used in yeras
remove HMAC_MD5_checksum_enc, it was never used.
switch last MD5 to EVP
top_srcdir for sqlite3 header
Use -fPIC with linking, from bryan may and Russ Allbery
Add prototypes for EVP_CipherUpdate EVP_CipherFinal_ex
Dummy EVP_CipherUpdate EVP_CipherFinal_ex
add EXAMPLE_PATH
drop EXAMPLE_PATH
Detect old version of sqlite3
documentation and fix des
define HC_DEPRECATED_CRYPTO
add example_evp_cipher
Test program
ref to example.
comments
Tell what buf_len is used for.
First implementation of EVP_CipherUpdate and EVP_CipherFinal_ex that
Try to update buf_len to catch more errors
add krb5_enctype_enable
KRB5-PADATA-EPAC
KRB5-AUTHDATA-SIGNTICKET is assigned 142 from Tom Yu.
allow selecting blocksize
Do incremental encryption.
Test EVP_CIPHER
clean up
Dummy krb5_enctype_iov and friends.
Add krb5_crypto_iov
test krb5_decrypt_iov_ivec
krb5_{encrypt,decrypt}_iov_ivec for derived crypto.
update comments
drop len from krb5_crypto_length()
drop len from krb5_crypto_length()
test encryption and decryption.
remove krb5_encrypt_ivec_new now that we have new sample code
* XXX CTS EVP is broken, can't handle multi buffers :(
fix iov useage, check length and padding buffer
Pick out header and trailer first before treating data and sign_only data.
define HC_DEPRECATED_CRYPTO
new functions.
remove dead store
Don't use the side effect of ++var, just use the result
don't need to store the last col =
remove dead store
check return value
drop never used variable
check return value
Use explit result for counters
use the right database to get the error from.
reset outdata
reset outdata
Drop this keytype code, there is only enctypes
deprecate keytype functions, catch return value
catch return value
minor status must be set.
output buffer always set
krb5_sname_to_principal gets the hostname if we tell is host = NULL.
Check return value of gethostname() and truncate string.
allow setting referrals flag
test use referrals
Avoid dns canonlisation for hosts, until we know what client credential we are going to use, and when we know that, lets check if the user really want to use canonlision, XXX should be able to configure per target realm too
x
pass down HDB_F_CANON to hdb_fetch for tgs req too, use the server name in the request.
add --no-delete flags
add --no-delete flags
negative flags defaults to on
test aliases
fail on error
spelling
update (c)
Always set output_cred_handle to GSS_C_NO_CREDENTIAL in the begining.
add missing depency on libhcrypto (needed when using openssl in on default location.
sync with netbsd current
add netbsd (c) (2 clause bsd license)
Split out copyrights and licenses
add copyright.texi
move copyright and licenses here
add ref to Copyrights and Licenses
Richard Outerbridge des core is in public domain
tell what parts end up where
allow registration of krb5_plugins though the gss-api layer
change type to int
make compile
check for duplicates
spelling
add doxygen
add group krb5_pac
Mark gsskrb5_set_send_to_kdc deprecated.
use macro
ifNOTdef
fix index
Use ALLOC to allocate memory, from harald barth.
kadmin/hprop -> hprop/hostname
Don't hide the checksums from the caller, From Andrew Bartlett.
clean send_to_kdc_plugin.h
clean tempfile
Move krb5_cc_[gs]et_config doxygen group krb5_ccache.
2008
drop krbv5 dependency
add example
add EXAMPLE_PATH
add krb5_cksumtype_to_enctype
add krb5_cksumtype_to_enctype
add krb5_create_checksum_iov
krb5_create_checksum_iov
doxygen.
simplify
pass in type 0 to krb5_create_checksum().
Malloc enough memory, from Brian Scott.
Please see info documentation for the complete list of licenses.
ASL_KEY_FACILITY missing on Mac OS X, 10.4, From Mans Nilsson.
provide i18n hooks and renew krb5_create_checksum_iov from comments from metze
make quiet without --verbose flag
add more i18n
toggle on HAVE_LIBINTL
Provide i18n support.
Make i18n support compile.
Make i18n support compile.
add check for libintl
add COM_ERR_BINDDOMAIN_%s
bindtextdomain
glue for bindtextdomain
add libintl support
add libintl support
fix ifdef
quote more
remove .pot files
Prefix domain with "heim_com_err"
longer string
Prefix domain with "heim_com_err"
finish support for libintl
make work
translate some more
More i18n
more translations.
more translations
make compile again
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
more strings
strings should be i18n
strings should be i18n
make compile
more strings
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
N_()ify
make compile again
make compile again
N_()ify
N_()ify
make compile again
make compile again
N_()ify
update
SUBDIRS += po
gen-po.sh is a script.
include old old draft that I wrote long time ago.
switch to utf8 encoding of all files
remove trailing whitespace
Only claime configuration exists if the plugin returned some useful data.
provide arg_printusage_i18n
catch keyword NP_ too
Add domain heimdal_kuser
heimdal_kuser.pot
if i18n function, default to builtin (no i18n).
add usage argument
update
i18n kinit
drop debian until someone can support it again
add launchpad target
indent
add \
N_()ify
Use unparse_flags for ticket flags.
N_()ify
N_()ify
regen
translate some
select heimdal_kuser as text domain
select heimdal_kuser as text domain
select heimdal_kuser as text domain
add textdomain
add some more kuser i18n
more swedish
check for <locale.h>
Maybe include <locale.h>
Default to use the username as passed in by the user.
[capaths]
don't use the generated name, use the real name
Strip of ok-as-delegate for the tgt/service if the cross ticket didn't
add some more tests
try cross realm
check delegation
less verbose
Document krb5_sname_to_principal().
add slave example.
s/slave/master/ for some strings, from harald barth.
add master att the end as argument, from harald barth
update (c)
update(c)
don't try to clean unset P11_SESSION_IN_USE
don't set P11_LOGIN_DONE before we're logged in
add Guido Günther
fix usage
Patch from Shi Hosoda to add back windows XP SP2 compat that we have
Add sho hosoda
Use line continuation for line in hprop.8 manual page. The line is
add kdigest.1
add kdigest
add basic mandoc page for kdigest.1
use krb5_is_config_principal()
allow : in realm names
add krb5_is_config_principal()
split long lines
more translations
export krb5_is_config_principal
check transative properties of name compare function
use gsskrb5_extract_authz_data_from_sec_context()
point to msft documentation.
KRB5_CC_NOTFOUND is ok from krb5_cc_remove_cred().
fix previous
use krb5_get_error_message
Drop duplicate gss_inquire_sec_context_by_oid, From Christin Krause.
make any_start_seq_get try more the then first keytab when looking for
Add krb5_cc_get_flags() and krb5_cc_copy_creds().
provide convenice lib
provide convenice lib
provide convenice lib
provide convenice lib
provide convenice lib
provide convenice lib
super-library containing everything of heimdal
fix typo
spelling
add libnwind.la
super-library containing everything of heimdal
provide convenice lib
add krb5_ticket
add krb5_ticket_get_flags
add krb5_creds_get_ticket_flags
make krb5_creds_get_ticket_flags work
make krb5_ticket_get_flags compile
drop context from argument
always reset input pointer.
add krb5_principal_get_num_comp
x
update to sqlite 3.6.3
add krb5_cccol and documentation
new krb5_cc_cache_match
Add patch from Petr Salinger, from Debian via Brian May.
add krb5_clear_error_message
dummy implementation of krb5_copy_context
(krb5_copy_context): copy (most of) context
add helper function _krb5_copy_send_to_kdc_func
switch to krb5_clear_error_message
switch to krb5_clear_error_message
switch to krb5_clear_error_message
switch to krb5_clear_error_message
switch to krb5_clear_error_message
switch to krb5_clear_error_message
switch to krb5_clear_error_message
switch to krb5_clear_error_message
document krb5_clear_error_string
add krb5_get_validated_creds().
Make compile
add lastchange
add lastmodified
add krb5_cccol_last_change_time
export stuff
more working copy
make _krb5_copy_send_to_kdc_func handle no set functions
add copy config
Patch to handle sambaPwdLastSet, sambaPwdMustChange was drop some Samba versions ago.
add David Markey
make compile
return an error code
allocate the right size
Allocate the right size and init the right krb5_context
return the while list, not just the last entry.
Make slave more resiliant to master that go down, make them retry now and then.
check master downing down
allow waiting for a user selected string
reconnect values for testing
check that kinit *@$R failes
Filter out searches for *@REALM, which takes very long time, and other
fix sort order
make roken not provide environ, its really something that doesnt work in a multinamespace enviroments (read mac os x)
add EVP_CIPH_RAND_KEY and typify ctrl
add EVP_CIPHER_CTX_ctrl and EVP_CIPHER_CTX_rand_key
add EVP_CIPHER_CTX_ctrl and EVP_CIPHER_CTX_rand_key
update(c)
add EVP_CTRL_RAND_KEY
add EVP_CIPHER_CTX_ctrl and EVP_CIPHER_CTX_rand_key
Move the each of the cursors one step forward in the chain if creds matches.
kcm_ccache_remove_cred_internal, call kcm_cursor_update to move cursor
add krb5_clear_error_message
The man page for kdc(8) says --disable-DES, the source says --disable-des.
Use ldap_bv2escaped_filter_value to filter the search query. Idea from Michael Ströder.
quote userid too
Build sqlite as a real library, not as a convince lib, rename it to heimsqlite.
Build sqlite as a real library, not as a convince lib, rename it to heimsqlite.
make get_default_name have a better name
make standard_error a const string.
(pop_msg): make format const
(pop_msg): make format const
heimdal is smaller w/o the v4 compat functions
hide more functions (dead stripping caugth these)
heimdal smaller
heimdal smaller
digest is not for heimdal smaller
no AFSKEYFILE in small libraries
no pkinit, means no pkinit, not ever for the kdc
heimdal smaller includes no ntlm
heimdal smaller includes no ntlm, again
Use wrapping of the error message.
move deprecated
mark unused encode/decoders as deprecated.
don't export hx509 stuff
comment out krb5 too, only gssapi
include krb5 stuff again
move deprecated def
hide find_chpw_proto under HEIMDAL_SMALLER
build on heimdal-smaller
mark krb5_get_init_creds_opt_init deprecated
fix comment
use krb5_get_init_creds_opt_alloc
no need to use krb5_get_init_creds_opt_init(o);
memset will zero out everything.
make attribute work
RANGE: is not small
add back krb55 symbols
make sqlite optional
include des in heimdal smaller
no digest
make scache dependant on sqlite
make scache dependant on sqlite
fix build
fix N_() arguments, From metze
Fix build, define __attribute__ as nop, from metze
(krb5_rd_req_out_ctx_free): free ticket, from Klas Lindfors
indent
indent
add kcm_ccache_find_cred_uuid
include <uuid/uuid.h>
cursor is dead
cursor is dead, add uuid to kcm_creds
make get_first return uuid of cache, get_next fetch the next uuid and end_get do nothing but log
cursor.c is dead
cursor.c is dead
Get list of credential uuids and stuff them into the cursor and
handle reading uuids diffrently
change major version number
handle return value of krb5_storage_{read,write}
handle return value of krb5_storage_{read,write}
make independant of uuid's
drop uuid.h
remove kcmuuid_t
move kcmuuid_t here
switch to kcmuuid_t
switch to kcmuuid_t
switch to kcmuuid_t
don't even compile in the doors code if there is no door_create
Allow the PAC to be passed along during cross-realm authentication.
x
We stop writing change logs, see the source code version control systems history log instead
Reject if any key in old keys are in the new keyset, the list of enctypes might have changed. Pointed out by David Markey
krb5_cc_default_name() can fail if the configuration file is strange.
try handle gss_import_name() better, its not really perfect, its breaks spengo inquire_names_for_mech, but that less common....
if not explicity disabled sqlite, use the builtin
use sqlite
handle krb5_cc_default_name() returning NULL in a diffrent way.
Provide a more standard way to produce hdb plugins. From Andrew Bartlett
always include SDB backend
always include SDB backend
make compile
include krb5.
make sure we dont print off the end of the gss_buffer_t, they are defined to not included NULL, in heimdal they are but thats an implementation detail, dont teach people about that. From: Christian Krause
check id returned from krb5_cccol_cursor_next
check cache returned from krb5_cccol_cursor_next
test pac from christian
Send the PK-INIT acl to the client in TL-data, from Henry B. Hotz.
more complicated check for asl.h. From Tom Payerle.
Additional patch from Christan Krause to handle asprintf better
fix documentation
x
fix uuid
add length_HDB_Ext_PKINIT_acl, encode_HDB_Ext_PKINIT_acl
better english
make profiles const
try slight better english, from Julius
allow testing on sha1 hash in cert queries
better error checks
better error message
better language in error, make nounce more random
truncate the number so it will if in a signed 32bit integer, apples pkinit uses signed int32 for the pkinit nonce
use decode_EncAPRepPart directly
implement the new gss_*_iov interfaces
pass back header/trailer sizes
make IS_CFX a more_flag
dont need cfx flag here
init optidx
use asn1 decoder function directly
make new pac test fail
some failes pass or succeed based on size_t size, lets have it either way for now
use krb5_get_init_creds_opt_alloc
use asn1 decoder function directly
support egrep
fix spelling
use the krb5_crypto directly, skipping some per packet calculation, make cfx handling simpler
new function
use the asn1 decoder directly
use the asn1 decoder directly
use the asn1 decoder directly
krb5_enctypes_compatible_keys and krb5_c_enctype_compare deprecated
krb5_enctypes_compatible_keys
use krb5_get_init_creds_opt_alloc
use #pragma(pack) on __APPLE__ computers, use int32_t for the time type
print pointer with %p
use DESTDIR when installing
use int for num_data
check that num_data >= 0
dont use krb5_enctypes_compatible_keys
fix typo
add x86_64
switch from unsigned int to int for iov_count
add hx509 error codes
use krb5_data_alloc to allocate memory
avoid strndup since it doesnt do what we expect on aix
include krb5_locl.h only, no need to pull in krb5.h twice
remove const-ness to please coverity
simplify CMS handling, coverity #158
free name on error, from coverity #115
avoid double free, coverity #153
init content before use coverity #149
init content before use coverity #148
init content before use coverity #147
init content before use coverity #146
init count before use, coverity #150
check NULL pointer before use, cid#137, 136, 135
free utf8 string on failure, cid#87
free on error cid#68
dont double free on error cid#155
free hx509_query on non matching cert. cid#120
krb5_copy_keyblock: on malloc error, free keyblock
free subkey earlier, part of #cid 122
remove dead code: cid# 11
free data on write error back on the tcp socket cid#123, make sure we dont write more data back then we got
mutex is always allocated, cid#142
check that length > 0, not that data is a pointer, cid#143
check for value of get_mic, not that is a pointer. cid#141
check for value of get_mic, not that is a pointer. cid#141
check that ctx is not a null ptr before deref cid#140
check that ctx is not a null ptr before deref cid#133
check that ctx is not a null ptr before deref cid#132
check that ctx is not a null ptr before deref cid#131
check that ctx is not a null ptr before deref cid#130
free array when done, cid#127
use calloc
allow NULL input to krb5_free_config_files
check that valid enctypes are not 0, cid#29
dont leak scache context on error, cid#82
dont leak addr on error, cid#81
on failure set hex_encode output to NULL
on failure set hex_encode output to NULL
copy data is there is data to copy, cid#22
free krb5_storage
free krb5_ccache on error, cid#49
free name on error, cid#69
check the right variable, cid#3
return NULL in return value on error
check return value from krb5_decrypt_iov_ivec
return up kdc_cert from signing operation so that OSCP can do the right thing. cid#55
allow freeing of client_params=NULL cid#54
read dead code, cid#5
use calloc and by that way avoid NULL de-ref, cid#31
keys cant be NULL after assiging a static variable to it, cid#4
leak less memory on malloc failure
return error when we cant find enctype, cid#59
release mechs when done, cid#75
release m1, cid#117e
check the right variable for mallocation failure, cid#9
free data on failure, cid#86
check return values
free name
check return value, cid#62
free data on error, cid#89
free only lock on existance, cid#53
check return value
check for null before freeing, cid#34
check for null before freeing, cid#33
check for null before freeing, cid#32
cleanup before returning cid#70
check for failues for hex_encode, cid#159
check for failues, cid#160
plug memory leak when we find a dup adress
plug memory leak of DH public key
call cleanup callback on free schedule in setup
plug memory leak
plug memory leak
make sure all addresses are added
check for memory leaks
kill kdc using leaks-kill
plug memory leak
plug memory leak
use leaks-kill
remove leaks-log
use leaks-kill.sh
dont use leaks kill on non existant process
plug memory leak
insert space to please parser
regen
better doxygen for krb5_data_free
x
clean up from others before trying to run this
add krb5_init_creds_context
support split processing of AS and add support for keytab/keyblock
Make heimdal smaller and deprecate old functions
Deprecate old functions
use krb5_get_init_creds_password
Handle ASN1_INDEFINITE encoding
better error messages
Allow DER encoding for CMS
add krb5_cc_[gs]et_friendly_name, match MIT config name
print friendly name
print friendly name in klist output if it differs from principal
add [gs]_friendly_name
handle ASN1_INDEFINITE
handle BER octet string, remove EoD tag before parsing content of a INDEF encoding to the greedy encodings in inside (like ANY) will swallow the EoD
Use asn1 decoder now that it can handle CHOICE
change prototype for der_match_tag_and_length to return the Der_type, add BER decoder for octet string
use new der_match_tag_and_length to parse the UT_EndOfContent tag
turn on symbols for libasn1 and add check-ber for checking INDEF encoding with any
return of der_match_tag2
add flags to hx509_cms_verify_signed
add flags to hx509_cms_verify_signed
better error message
Add switch to select friendly_name of the certificate.
- Add switch to select friendly_name of the certificate.
add options to skipping KeyUsage check
Add HX509_CMS_EV_NO_KU_CHECK and HX509_CMS_VS_ALLOW_DATA_OID_MISMATCH
add flag to hx509_cms_verify_signed
add INDEF_OVERRUN, INDEF_UNDERRUN
der_get_octet_string_ber meet reality and now works
implement kc_rsa_private_decrypt
make der_get_octet_string_ber less restrictive
option to turn off the KeyUsage check in CMS verify SignedData
stricter check that enctype matches checksum type when using keyed checksum
turn off supportedCMSTypes for now, allow kdc not sending correct certs
simplify
reindent
add BTMM style pkinit reply
add BTMM style pkinit reply
doxygen
doxygen
remove unused stuff
remove unused stuff
only set password if we have one, dont free krb-error since it removed
remove krb_error from init_creds_opt
send supportedCMSTypes
use bug handling system instead
add krb5_init_creds_prompt_expire and use
make compile
drop unused variable
add version-script.map
x
start doxygen
use krb5_storage_truncate
Add krb5_storage_truncate
remove test-store-data
test truncate behavior
clear memory before returning it
make sure emem_trunc doesnt point past end
doxygen krb5.h
add enterprise flag
s/KRB5_PRINCIPAL_PARSE_MUST_REALM/KRB5_PRINCIPAL_PARSE_REQUIRE_REALM/
fixup krb5_storage_truncate return value, add krb5_{store,ret}_data_xdr, doxygen
check acl match for foo/*.example.org
add NOT_SEEKABLE
add TOO_BIG
doxygen, fix seeking on non file fds
clean up krb5_store_data_xdr
add support for add,get,delete,chrand for the MIT kadmin protocol
remove debug log
plug memory leak
cleanup
verify verf header
make paranoia check less paranoid
return Success instead of unknown error: 0
plug memory leaks and other bugs
update ->ptr on rebase, return -1 on failure
fix signness
fix signess warning
add _hx509_signature_best_before
use _hx509_signature_best_before
add hx509_verify_ctx_f_allow_best_before_signature_algs
Skip the leaf certificate HX509_VERIFY_CTX_F_NO_BEST_BEFORE_CHECK check for now
Check server aliases.
add --server-any
If no server given, interate over keytab to find a key that can
Allow inctx to be NULL.
add group krb5_auth
some more iprop
add ALGORITHM_BEST_BEFORE
process the last request structures
add krb5_get_init_creds_opt_set_process_last_req
add krb5_gic_process_last_req
add krb5_gic_process_last_req
abstract out principal not found in keytab code
Use principal not found in keytab code.
doxygen
doxygen
doxygen
doxygen fixup
doxygen
doxygen fixup
doxygen fixup
doxygen fixup
doxygen fixup
doxygen fixup
doxygen fixup
doxygen fixup
doxygen fixup
doxygen fixup
doxygen fixup
doxygen
x
use KRB5_DEPRECATED
use KRB5_DEPRECATED
use KRB5_DEPRECATED
remove krb5_keytab.3
remove krb5_keytab.3
use KRB5_DEPRECATED
use KRB5_DEPRECATED
add back __attribute__
move krb5_init_etype here.
remove krb5_init_etype
move _krb5_extract_ticket here
move _krb5_extract_ticket to ticket.c
use KRB5_DEPRECATED
make aware of DEPRECATED
add deprecated.c, remove get_in_tkt_pw.c
remove get_in_tkt_pw.c
remove
remove
move deprecated functions here
drop get_in_tkt_with_skey.c get_in_tkt_with_keytab.c
move out some deprecated functions
use KRB5_DEPRECATED
keytypes are really the same as enctypes
cheat for krb5_c_enctype_compare() and make it as KRB5_DEPRECATED
syntax
define
define
move xdr function to kadmin/rpc.c
move xdr function here
add krb5_storage_get_eof_code
add krb5_storage_get_eof_code
make xdr function static
add krb5_ccache_intro
more refs
remove trailing .
doxygen
doxygen
more casting
use KRB5_DEPRECATED
drop krb5_ccache.3
drop
install/uninstall doxygen manpages.
add krb5_storage_truncate
do doxygen as part of disthook
no longer used
move generated manpages to srcdir
doxygen.
doxygen.
explicit pthread for netbsd3 and newer
fix warnings
follow client realm referals
follow client realm referals when referrals in on
remove -DHAVE_CONFIG_H, add --one-source-file, rename krb5 and cms to "better" file names
Drop HAVE_CONFIG_H
Spelling
drop simple_execl
use KRB5_DEPRECATED
use krb5_data_free
prompte krb5_data_free
prompte krb5_data_free
drop RCSID
--option-file
make work
don't include version.h here
no used
drop RCSID
drop RCSID
drop RCSID
drop RCSID
drop RCSID
drop RCSID
drop rcsid
drop RCSID
drop HAVE_CONFIG_H
drop RCSID
krb5 asn1 options
cms asn1 options
use --file-option
we are only heimdal, drop building of header
move rcsid, make afs optional
move rcsid, make afs optional
move rcsid, make afs optional, make ntlm optional
add spnego options
make work
create directory
Include more aix in finding the matching. From Niklas Edmundsson.
include prepare_utmp() for aix
set len too
s/file-option/option-file/
fix compile
flatten world, use --option-file
fix header files
fix header files
fix header files
fix header files
no implicit include of mech headers
Include <gssapi.h> for compat reasons.
flatten include headers
wrong directory
make build
NO_AFS
flatten includes
flatten includes
flatten includes
flatten includes
use gssapi/*.h
less warnings
fix define
use gssapi/*.h
use gssapi/*.h
use gssapi/*.h
use gssapi/*.h
use gssapi/*.h
use gssapi/*.h
use gssapi/*.h
test free(NULL)
indent
use gssapi/*.h
spelling
spelling
spelling
drop RCSID
make digest and kx509 optional
make digest and kx509 optional
make digest and kx509 optional
wrap detach
wrap detach
wrap detach
wrap detach
make digest and kx509 optional
wrap detach
wrap detach
wrap detach
wrap detach
make digest and kx509 optional, wrap detach
make digest and kx509 optional
drop <strings.h>
use 'gssapi/*.h'
make compie
Darwin is weird, and in some senses not unix, launchd doesn't want
drop libnroken.la
drop RCSID
x
s/KRB5SignedPathPrincipals/Principals/
s/KRB5SignedPathPrincipals/Principals/
add krb5_principals (and add it to krb5_keytab_entry)
s/KRB5SignedPathPrincipals/Principals/
add destroy
add destroy
add destroy
add destroy
add destroy
add destroy
s/KRB5SignedPathPrincipals/Principals/
s/KRB5SignedPathPrincipals/Principals/
add dependency on opt file
add dependency on opt file
Framework for perforamnce testing.
drop libnkrb5
compile errors
drop libnhx509
use kt_destroy
add krb5_kt_destroy
add y
Add fkt_destroy
export _krb5_erase_file
use krb5_kt_destroy
add destroy, remove krb4 functions
add kt_destroy
remove krb4 functions
add destroy
drop removal of no existig file
drop shadowing variable
set flags and aliases
set flags and aliases
If caller specified a server, fail on failure to find keytab entry.
testing removal of keytab
more comments
drop libnasn1.la
drop libngssapi.la
drop libncom_err.la
drop libnwind.la
drop libnheimntlm.la
drop digest init
parse/store flags field
document flags
print aliases if there is any
compare aliases
release notes for Heimdal 1.3
use wind to convert strings
(c)
fix warning
fix out of range bug
fix warning
fix out of range bug
add ntlm to includedir
remove rcsid
flatten namespace
include ntlm module
make digest, kx509 and krb4
use struct
less casting to make it work on LP64 platforms where off_t is signed.
catch error
wrap with krb4
split into probe functions
add --disable-krb4
wrap with krb4
add krb5_kdc_service
remove krb4 support
kill krb4 support
drop krb4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
remove krb4
remove krb4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
drop krbv4 support
remove krb4
drop krbv4 support
drop krbv4 support
drop krbv4 support
remove krb4 support
drop krbv4 support
fix length bits
fix length bits
drop name
drop name
force submodules to claim the package
force submodules to claim the package
remove malloc-log
check ip based name and alias to ditto
drop krb4
no krb4
no krb4
drop strndup
remove heimdal smaller, kadm5 needs it
move NTLM mech to its own file
add gssapi/gssapi_ntlm.h
add NTLM mech to its own file
add gsspi_ntml.h
add gsspi_ntml.h
drop HAVE_CONFIG_H
drop <gssapi/*
drop <gssapi/*
drop HAVE_CONFIG_H
use kadm5_s_init_with_password_ctx
use kadm5_s_init_with_password_ctx
fix header protection
add gsspi_ntml.h
drop ap-req
build ap-req
include gssapi header files directly
ap-req
move test-ap-req
move ap-req
x
shuffle around bits
collect enctype printing into one statement
move ap-req
remove leaks log, disable check for now
Verify flags after the user been required to prove its identity * with
use test_apreq
s/apreq/test_apreq
Check windc access after check_flags.
add KRB5_NT_WELLKNOWN
Add KRB5_WELLKNOWN_NAME and KRB5_ANON_NAME
Only send etype-info{,2} for the enctype we selected.
create WELLKNOWN/ANONYMOUS
fix warning
fix warning
add more hx509_cms_verify_signed flags.
deny non valid use of anonymous requests.
better name for zero signer
Add HX509_CMS_VS_ALLOW_ZERO_SIGNER and HX509_CMS_VS_NO_VALIDATE
Use HX509_CMS_VS_ALLOW_ZERO_SIGNER for anonymous requests.
Move the check client/anonoymous logic to pkinit.c
use hx509_cms_create_signed to create signed data
Add hx509_cms_create_signed() that allows signing with 0 or more certs.
add HX509_CMS_SIGATURE_NO_SIGNER and indent
Add hx509_certs_filter().
doxygen
add hx509_certs_filter
handle unsigned signeddata
test unsigned SignedData
handle unsigned SignedData in cms-create-sd and cms-verify-sd
spelling
spelling
spelling
spelling and doxygen
intern export is_anonymous()
use is_anonymous(), extra new argument to _krb5_pk_load_id()
Anonymous pkinit support.
fix spelling
allow anonymous
test anonymous
Disable anonymous code.
kdestroy after test
Remove extra anonymous check.
make anonymous work
Drop DES from default keys.
Check that decoding worked before before checking is its a primitive
indent
rename dce-stype to support_ber
add version-script.map
add more bits
make --anonymous only take realm.
make --anonymous only take realm.
test weak enctypes too
Change prototype of hx509_certs_filter().
Change prototype of hx509_certs_filter().
doxygen
hack in enterprise name support
anonymous doesn't require service name change
Add _krb5_pk_enterprise_cert that figures out the enterprise name to
use _krb5_pk_enterprise_cert
pass hx509_context to the matching function
pass hx509_context to the matching function
More symbols, from Martin von Gagern.
Don't return void.
add ecc bits, sort
add ecMQV
Add ECC bits
add asn1_id_ecdsa_with_SHA256.x
add id-ecdsa-with-SHA256
add ECDSA_Sig_Value
add ECDSA_Sig_Value
Move lexlib before libroken to make sure we don't get an empty line. From John Center.
add John Center
drop id_ec.
drop unused $type
add secp256r1
fix --pk-enterprise to not alias -C
add ec-group-secp256r1
add ec-group-secp256r1
First drop of EC support.
Prepare for ECDH.
Fix _ALL_SOURCE def to get working headers on AIX, From Ted Percival
test for krb5_get_init_creds_opt_set_process_last_req
add test_gic
Handle relative time syntax using +<parse_time>.
(process_last_request): Process the lr.func even if we have no prompter.
print etype on one line
test password expiration warning and new gic interface
remove rcsid
x
add id-ecdsa-with-SHA1
Add secp160r1 and secp160r2
Add secp160r1 and secp160r2
Add ecdsa-with-sha1 and secp160r1, secp160r2 since openssl uses.
add test for eccerts
add pre-generated ec certs
gen ec-cert
regen
Hooks for ECDSA private key ops
Make parsing of private key generic, prepare for EC private keys.
Remove bits that never been used.
use hx509_err
more bits for ecdsa signing
more EC bits, now parses the private key
Test signing cms data with ecdsa.
make error unique
signing alg selection based on private key type.
Default to hx509_signature_ecdsa_with_sha1 since private crypto
fix quoting
spelling
Fix output length, with this the code sign and verfies cms data.
drop printf within the library
Basic support for ECDSA when using OpenSSL
Export oid as variable, simplies codebase.
stuff to do.
remove dup
simplify by using the variable
simplify by using the variable
drop variable at the end
less oid functions
x
remove printf
Calculate the ECDSA max signature runtime and use that select the signature alg
remove unused varaibale
drop more oid pointers
done
Also select crypto alg based on private key.
abort on interface misuse
ECDH bits, still need negotiation
Abstract out use of DH
more bits for ECDH
Disable test that breaks for ECDSA.
don't deref ops, they might be null.
don't deref ops, they might be null.
don't deref ops, they might be null.
use variable instead of oid function
Create key and assign group before starting to parse.
Implement ECDH in the KDC.
x
mrore DH bits
Make ECDH work.
Make ECDH work
Move DH code out of the common path.
doxygen
ECDSA_METHOD-not-export if openssl
Test ECDSA (and thus ECDH).
better printing of keyex mech
Check that we use ECDH when we have a ECDSA cert
Pick cert upfront, so that we know that we are using an ECDSA cert and
keyex
add selected cert
fix warning
regen
keyex support
ECDH too
More flags to be compatible with MIT.
Switch arguments.
Switch arguments.
More flags to be compatible with MIT.
make compile
make compile
compile warning
Switch arguments.
sign_only do not contribute to length
doxygen
doxygen.c
add depenency for PROJECTS, add gssapi
add gssapi
add gss_context_query_attributes()
some more bits of gss_context_query_attributes
doxygen
x
Trap exit code from rkpty. Reported by John Center.
Streams pty code.
prefix warnerr with rk_
prefix warnerr with rk_
prefix warnerr with rk_
prefix warnerr with rk_
prefix warnerr with rk_
prefix warnerr with rk_
prefix warnerr with rk_
include streams header
Less includes for STREAMS, and let hope it work, Add missing realm.
move gss_context_stream_sizes here
move gss_context_stream_sizes to gssapi.h
add GSS_C_ATTR_STREAM_SIZES
Drop sign/seal functions (version 1 of the interface).
deprecate sign/seal functions (version 1 of the interface).
no longer used
rop krb5/v1.c, no longer used
sort
Only one buffer.
Only one DATA buffer for _iov functions.
simplify now that there is only one data buffer.
Verify checksum.
doxygen
doxygen
hx509_cms_create_signed;
add krb5_get_init_creds_opt_set_process_last_req, from Martin von Gagern.
add _krb5_pk_enterprise_cert, from Martin von Gagern.
add missing file
prefix symbols with rk_, patch from Martin von Gagern
rename xyzprintf symbols
rename different symbols
rename different symbols
rename different symbols
rename different symbols
rename different symbols
prefix printf symbols with rk_
Martin von Gagern
glob/globfree is no longer used, prefixed with rk_
{,un}wrapExt
Code to handle WrapExt
add conf_state to iov_length
add conf_state to iov_length
add conf_state to iov_length
add conf_state to iov_length
change seqno to bflag to allow testing dce style
use WRAP_EXP_ONLY_HEADER
define WRAP_EXP_ONLY_HEADER, and bflags, flags is used.
make compile
test
add flags to test WrapExt
implement UnwrapExt
uniquify error messages
zero out conf_state
test wrapunwrap
test conf state
test gss_wrap_iov
doxygen
add stub for internalVSmechname
name forms
some gssapi bits
more on main page
less errors
test wrap-ext
always include <config.h>
remove rcsid
drop <heim_extra.h>
include <stdarg.h>
add struct _krb5_krb_auth_data;
include <stdio.h>
add bits needed for EC
makefile fixes from Martin von Gagern
makefile fixes from Martin von Gagern
bits for match_keys_ec()
add ec files
x
add BN_CTX_new(), BN_CTX_free()
make types more typesafe.
add BN_CTX_get
remove var
add BN_CTX_{start,end}
add BN_CTX
inplement BN_CTX
off by one
make it pass the regression test
test BN_CTX
fix typo
export hx509_crypto_allow_weak
don't allow weak crypto by default
allow weak flags for cms
allow weak flags for cms
allow weak in PBE_string2key
remove dup return
Allow weak only for windows 2000 KDCs.
Plug memory leaks, from Roman Divacky.
add Roman Divacky
drop unused value for exec_stat()
only copy out padding if we had a padding buffer
check return value.
Remove unused variable.
q not used, don't increment
pass flag to hx509_cms_create_signed_1
Catch error from functions.
Catch error from functions.
Catch error from functions.
Catch error from functions.
catch underflow/overflow errors
drop unused return value
check return value instead of guessing on variable
krb5_425_conv_principal_ext is deprecated
krb5_425_conv_principal is deprecated
krb5_425_conv_* misc functions are deprecated
catch error from krb5_store_int32
remove dead assignment
client_realm is never read
running strsep_copy again, yield same result
error never read again, just drop it
catch error code
catch error code
catch error code
assign array instead of p++
drop temp variable
dont increment nhost since its no longer used
dont increment p since its no longer used
dont increment p since its no longer used
move convert_func to deprecated
move convert_func to deprecated
don't touch unused arguments
don't touch unused arguments
don't touch unused arguments
catch error code
catch errors
make db NULL to make it not pass undefined value to hdb_print_entry().
make vno set to a valid, so that in case master disconnects before it sent us any entries, don't print stack value.
Remove unsed variable kerberos_error.
Remove strange code around getarg(), just do like everyone else does it.
catch error and, while here, destroy credential caches on error
don't set unused variables, move cc to propper scope.
don't set unused variables
don't set unused variables, remove undefined behavior:
don't set unused variables
don't set unused variables
don't set unused variables, make it more obvious that the switchstatement return.
don't set unused variables
abort on memory error
catch bad privs
ignore the error from the free function.
handle error
prefix names
prefix names
prefix names
Use dns_ API when available. Om MacOS this avoids repeted lookups
Check for dns_search and dns.h
prefix dns_ symbols
dns_ symbols are no more.
remove compat glue, fix prototype
C++ protection
prefix dns_ symbols
less unprefixed structs
prefix dns_ symbols
dns: switch to rk types, prefix types with rk_
dns: switch to rk types, prefix types with rk_
dns: switch to rk types
dns: switch to rk types
remove bind4 types
stop using Bind4 types
provide glue for classes too
dns: switch to rk types, prefix types with rk_
disable 425 functions and include 524 if not smaller
include 524 if not smaller
Prefer /dev/random on MacOS since it's always there and have good performance.
Do locking around file descriptor, this allows caching of the file
spelling
add hdb_keyset and opaque
add hdb_keyset
add store_cred
first draft of gss_store_cred
added newline
Try adapt to timeskrew when we are using pre-auth, and if there was a
Adapt to time skew in KRB-ERROR.
Add support for setting and getting kdc offset
If data == NULL, not store the config.
argc not use, don't increment
ep not use, don't increment
argc/argv not used, don't increment
nkeys not used any more, don't increment
return instad of break out to return
ops is not used any more, remove
qop_state is not used any more, remove
make compile
make compile
checker warning
openlog failed, exit
Freeglob is not read again, just free.
don't set j to 0, since it never read again
wrap more EC stuff in HAVE_OPENSSL
update documentation
x
add store_cred.c
add store-cred
basic implementation
add store-cred
add krb5_set_home_dir_access
Parse ~/Library/Preferences/edu.mit.Kerberos too if running on an Apple platform.
add change-defaults
Expand ~ to $HOME or pw_dir.
Add krb5_set_home_dir_access.
Add KRB5_CTX_F_HOMEDIR_ACCESS.
x
add generation of session key here
move generation of session key to preauth hook.
simplify
comment on what to add
x
Patch from Riverbed (Derrick Pallas) under the license of the files they are in:
Patch from Riverbed (Derrick Pallas) under the license of the files they are in:
Use blocksize instead of 16.
Use calloc().
Code to print hdb_keysets.
add test_hdbkeys
add KRB5_KU_PA_PKINIT_KX
make compile (missing implementation)
make homedir work
unlock mutex instead of lock twice
fix printf
set new filename
switch to sha256
switch to sha256
switch to sha256
add allow weak crypto flag
add allow weak crypto flag
add allow weak crypto flag
document flags
use res_ for platforms w/o dns_
pull back name_convert array since its used by krb5_524_conv_principal
add gss_wrap_iov_length and gss_release_iov_buffer
add encode_hdb_keyset and length_hdb_keyset
buildfix on irix, from metze
add timeout to krb5_send_to_kdc_func, from metze
add timeout to krb5_send_to_kdc_func, from metze
unexport hdb_db_create
unexport more internal symbols
document part of hdb.h
document
don't use hdb_dbc.
Always generate session key
make module private functions static
doxygen
make better conditional for v4_name_convert
use SHA_DIGEST_LENGTH
add pkinit-cert
cert
make attach release the keyset
make compile
ENOMEM, not ret
unexport stuff that are no longer needed by kdc
unexport stuff that are no longer needed by kdc
Make one verify context per client, this way we can add our own trust
memset salt before copy
use calloc to allocate salt
use calloc to allocate salt
use leaks kill
use leaks-kill
kill -9 to make store its dead
rename client_params and set proxy cert bit on the right context
no conf_state test, no wrap-ex test
add hdb_entry_get_pkinit_cert
use leaks-kill
disable master down test, since that doesn't work if we kill -9
add proxy bit
new signature for _kdc_pk_rd_padata
Flatten the reply
If the client sent more then 10 EDI, don't bother looking more then 10
don't send more then 10 EDIs
fix name forms link
drop heimdal-build
check-kdc-weak is build from check-kdc.in, drop check-kdc-weak.in
add hdb_entry_get_pkinit_cert and sort
add ec certs
move krb5_cc_copy_creds to mit_glue.c
move krb5_cc_copy_creds here
change name of krb5_cc_copy_cache_match since it changed signature
add KRB5-PADATA-EPAK-AS-{REQ,REP}
sync more bits from pa-framework
more bits
more bits
more bits
rename copy_match to copy_match_f
rename copy_match to copy_match_f
use copy_match_f
plugs leaks
plugs leaks
remove krb5_cc_next_cred_match, make work
test krb5_cc_[sg]et_config, plug leaks
plug memory leak
test leak and make behavie sanely.
don't reset id pointer on free, upper layer does that for us.
free on failure
move krb5_cc_gen_new to deprecated, but don't mark it yet.
move krb5_cc_gen_new to deprecated, but don't mark it yet.
Use krb5_cc_new_unique() instead of krb5_cc_gen_new()
simplify
use krb5_cc_new_unique()
use krb5_cc_new_unique()
use krb5_cc_new_unique()
use constants for memory types
use constants for memory types
use constants for cache types
use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
add missing,
fix pku2u-name
rename S4U2SELF to FOR_USER
rename S4U2SELF to FOR_USER
rename S4U2SELF to FOR_USER
use krb5_make_principal instead of krb5_425_conv_principal, since they
make comile
make comile
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use constants for cache types
use krb5_cc_new_unique, use constants for cache types
use krb5_cc_new_unique, use constants for cache types
rename scache to scc
rename scache to scc
rename scache to scc
rename SDB to SCC
rename SDB to SCC
rename SDB to SCC
rename SDB to SCC
rename SDB to SCC
rename SDB to SCC
rename SDB to SCC
krb5_cc_gen_new now deprecated.
scache -> scc
better free of scache data
hdb documentation
doxygen
doxygen
sort and add hdb
document hdb__ functions.
don't leak memory
add malloc options
add malloc logging
don't leak memory
plug memory leak
plug memory leak
plug memory leak
more malloc debug
plug memory leak
plug memory leak
enable leaks checking for darwin again
disable deprecated warning since this module uses 425 function and we
disable deprecated warning since this module uses 425 function and we
spelling
try to clean up ckey handling, esp when there is no ckey
spelling
fix comment
merge from mdoc, comments from Joason McIntyre.
move to doxygen
drop mandoc page for krb5_expand_hostname
drop #include <krb5.h>
Add krb5_cc_get_lifetime().
add krb5_cc_get_lifetime
deprecate krb5_princ_realm and krb5_princ_set_realm, there are better replacements
deprecate krb5_princ_realm and krb5_princ_set_realm, there are better replacements
make compile
use krb5_principal_get_realm
use krb5_principal_get_realm
drop krb5_princ_realm
use krb5_principal_get_realm
use krb5_principal_get_realm
use krb5_principal_get_realm
use krb5_principal_get_realm
drop krb5_princ_realm
use krb5_principal_get_realm
use krb5_principal_get_realm
Less empty if statements.
Don't bother asking for password if there is no prompter.
regen with sha256 + sha512
extra sha-2 and sha-1
handle pkcs8 PrivateKeyInfo
test sha256
regen
regen
Make KRB5KRB_AP_ERR_TKT_NYV trigger error_token too.
Hide home directory when chrooted or guest. From Ake Holmlund
Try handle MS san better.
doxygen
Simplify datagram_reply
remove reference to kauth
remove extra kinit
drop configuration in netinfo
non have netinfo any more
netinfo is dead
non have netinfo any more
Problem with .Nm, From Jeremy C. Reed.
export krb5_cc_type_ *
make argument to cwd() const
make argument to cwd() const
Find first CN= in the name, and try to match the hostname on that
shuffle for openssl-1.0.0-beta1
regen with unbroken otherName parser
test krb5_crypto_fx_cf2
Add krb5_crypto_fx_cf2().
add test_fx
more key combinations
doxygen
doxygen
doxygen
krb5_keyblock.3 replaced with doxygen
replaced with doxygen
krb5_data.3 replaced with doxygen
move krb5_free_creds_contents here
move krb5_free_creds_contents to deprecated.c
no deprecated function here
define KRB5_DEPRECATED
define KRB5_DEPRECATED
move krb5_set_error_string() and friend here
move krb5_set_error_string() and friend to deprecated.c
define KRB5_DEPRECATED
more deprecated bits
add hx509_peer_info_add_cms_algs
hx509_peer_info_add_cms_algs rename to hx509_peer_info_add_cms_alg()
Assume old client if it doesn't send supportedCMSTypes.
OTP errors.
FAST bits
drop RCSID
remove RCSID
remove RCSID
the name of the plugin is service_locator
find macos framework plugins
doxygen
fix syntax
More bits for fast.
remove trailer after #undef token
remove unused return value
remove code for unsupported option
KRB5_GET_INIT_CREDS_OPT_SALT is not supported
comment out unsupported options
comment out unsupported options
cast size_t to int for "%.*s"
catch write to socket error
catch write to socket error
catch write to socket error
catch read from socket error
drop unused variable
use right variable
make error reporting better
catch memory leak
better error handling
need output_cred_handle, don't pretend
only set ret flags i we have them
remove #if 0 codeblock
use constant for locate plugin name
check that alias is added
set right return value
set right return value
output_name == NULL is invalid
catch failure
catch failure
catch failure
Turn else info else if to avoid falling of into FALSE.
handle out of memory
use flags to hx509_cms_envelope_1
Pull out address and compare, from Ake Holmlund, otherwise it wont work for IPv6 on Solaris10.
more const-ification
more const-ification
More documentation about pkinit_principal_in_certificate
kadmind version 4 is dead
make _stdcall __stdcall
make _stdcall __stdcall
add ROKEN_LIB_FUNCTION
its ok to not have a password
Make sure that we can parse EC private keys
handle EC private keys for real
pass more bit so that EC keys works
Pass up error code from PEM format parser.
Support parsing keys that have the group parameter include in the
add --never-fail flag to print
ignore failure when --never-fail flag is passed in
clear error string, it makes no sense
catch extra data
no wrapext
remove unused variable, set ret before use
use S_ISDIR
use S_ISDIR and S_ISREG
use S_ISDIR
Use S_ISREG
remove trailing whitespace
use oid variable
use oid variable
use oid variable
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
Use OID variable instead of function.
remove unused stuff
don't calculate unused stuff
The max_ arguments are really "%.*s" format input paramaters, to make them into ints.
use strerror(errno) + "%s" instead of "%m", since %m is not really a printf formater
rename parse.y to asn1parse.y
add hx509_peer_info_add_cms_alg and sort
Drop changing the password, really need kadmin/ldap support to do it
x
Generate header as foo.hx so that we don't overwrite it.
add .hx depenencies
copy .hx files to .h files
.hx is a SUFFIX
filename != headername
more depencies
add depencies for ocsp_asn1.h pkcs10_asn1.h
hdb_asn1.h
add depencies for asn1 headers
fix depencies for asn1 headers
SQLite3 backend from Pontus Walck and Stockholm Univerity.
x
drop heim_threads. move to $srcroot/include
move heim_threads.h to $srcroot/include
x
one more HAVE_OPENSSL for EC
Close f if its not stdout, from cppcheck
Close f, from cppcheck
Close f, from cppcheck
Close f, from cppcheck
Maybe include <libutil.h>. Needed for FreeBSD.
Release p2, valgrind output from Andrew Bartlett
(emem_trunc): if offset is NULL, free all memory
plug memory leak
Fix logic error when we do client referrals.
disable code
remove unused type
Implement gss_wrap_iov, gss_unwrap_iov for CFX type encryption types.
start of unpack stream if there is one.
remove stream bits for now
rename find_buffer
fix spelling
hostname is not_defined_in_RFC4178 at please_ignore
rename gssapi/ntlm/digest.c to kdc.c since that is what its talking too
From Andrew Bartlet via heimdal-bugs at h5l.org
Patch from Andrew bartlett via heimdal-bugs at h5l.org
fix error message in constrained delegation, from andrew bartlett
comment about hdb_capability_flags
add HDBFlags: locked-out
add ->hdb_password and ->hdb_auth_status
sync check flags
sync check flags
check for hdb->hdb_password
add hdb_check_constrained_delegation
If backend implements ->hdb_check_constrained_delegation, use it for processing.
if client delegates to itself, that ok
make compile
Check locked-out flag for client and server.
Provide auth_status to backend.
Report HDB_AUTH_SUCCESS for PK-INIT too.
make compile w/o warning, fixup from abartletts patch
set hdb_capability_flags = 0
set hdb_capability_flags = 0
set hdb_capability_flags = 0
set hdb_capability_flags = 0
reset iteration query before continuing.
Push enterprise support into the bdblayer.
Push enterprise support into the bdblayer.
Push enterprise support into the bdblayer.
Push enterprise support into the bdblayer.
drop RCSID
make compile
check for NULL pointer not no NULL pointer...
x
remove unused variable
plug a memory leak.
Test two realms.
Use hdb_get_dbinfo() to find the realms.
Have two realms in the configuration file so that kpasswdd works with both of them.
Contributed by Andrew Bartlett:
add paranoid
add paranoid check for PORT and EPRT, make it default
rename ruserpass to ruserpassword to not collide with uclibc, prompted by [HEIMDAL-534]
Add paranoid printing using strvisx.
More tests for GSSAPI_DEPRECATED
More tests for KRB5_DEPRECATED
improve msft compiler case
More tests for HC_DEPRECATED
More tests for HC_DEPRECATED
Add PAC to the first entry in the array since Windows and samba3 expects it there.
Luke Howard (56):
Add authorization data types for enctype negotiation implementation
x
use symbolic name for checksum type
allow client to indicate that subkey should be used
plug leak
use gss_krb5_get_subkey() instead of gss_krb5_get_{local,remote}key()
use krb5_generate_subkey_extended()
support for enctype negotiation
x
Set *subkey to NULL if key generation fails
x
move GSS-API ChangeLog entries to correct place
plug leak
support KEYTYPE_ARCFOUR_56
Remove redundant KRB5_LIB_FUNCTION
mutex should be destroyed last in krb5_free_context()
add KRB5_KU_PA_SERVER_REFERRAL_DATA
support ETYPE_ARCFOUR_HMAC_MD5_56
x
Allow NULL in_options to be passed to krb5_get_init_creds_password()
Don't crash when logging no server etype support if client == NULL
x
Add --enable-kcm option
use cc_retrieve_cred if present rather than enumerating ccache
register KCM cc_ops
pass all options to cc_retrieve_cred
add krb5_get_init_creds_keyblock (for now - subject to change)
add initial implementation of KCM client library
add _krb5_send_and_recv_tcp
fix cc_retrieve prototype, add KCM cc_ops
add krb5_store_creds_tag, krb5_ret_creds_tag
Add kcm.c
x
make KCM socket "/var/run/.kcm_socket"
Add kcm
Add kcm/Makefile
Initial version of KCM daemon
fix uninitialized variable
x
Fix typo
Use kcm_client
Fix compile error for SO_PEERCRED
fix more SO_PEERCRED breakage
Automatically change machine passwords on expiry, and write to keytab
fix warnings
Allow system credentials cache to be configured in krb5.conf
Add _krb5_kcm_is_running/_krb5_kcm_noop API
x
Set KD_CONFIG after calling config_get_hosts() in kpasswd_get_next()
x
don't call krb5_get_credentials() with
Remove GSS_C_EXPECTING_MECH_LIST_MIC_FLAG, it is no longer in rfc2478bis
If ticket is expired, reacquire credentials instead of renewing
x
* kcm/connect.c: fix arguments to kcm_log() when reporting
x
Unknown User PSV (2):
Initial revision
Added Return-Path: handling (gets the address on the "From " line).
Unknown User d91-jda (159):
Initial revision
Initial revision
Some mucking with termio
Syscall != AIX
Initial revision
Initial revision
Initial revision
Try mutual kerberos4 authentication first
A working gethostid for Solaris et al.
Initial revision
Initial revision
Use des_new_random_key instead of a loop with des_random_key
Initial revision
Only ouput warnig about "connection not encrypted" if decrypt_input != NULL
Initial revision
Slightly changed semantics of encryption and autologin options:
Added support for mutual authentication with challenge response. This
Use des_init_random_number_generator instead of des_set_random_generator_seed.
No change.
Now the AIX stuff works.
Initial revision
Initial revision
Initial revision
Initial revision
Initial revision
Initial revision
Added support for autoconf.
*** empty log message ***
Added support for autoconf
"Better" use of DEFAULT_IM - see utility.c rev 1.2
Added support for autoconf
Initial revision
The #ifndef BSD was a bit early on OSF/1
Include <sys/select.h>
<termios.h> not <sys/termios.h>
*** empty log message ***
UTMPX -> HAVE_UTMPX_H
Now links on systems that lack vhangup (such as AIX) - it might also work...
Initial revision
_PATH_LOGIN -> LOGIN_PATH that defaults to /usr/athena/bin/login
Removed gethostid() declaration.
include <sys/bitypes.h> <sys/cdefs.h>
Initial revision
*** empty log message ***
#ifdef for setupterm
Initial revision
Import some changes from telnet.95.10.19.
Initial revision
*** empty log message ***
Fixed a fix from telnet.95.10.23
Various fixes for AIX 4.1
*** empty log message ***
Renamed README to README.ORIG
Now possible to configure with external athena tree.
Moved definitions of global variables into global.c rather than doing
More ANSI/ISO 9899-1990 to the people!
Add netbsd support.
*** empty log message ***
*** empty log message ***
Removed incorrect function declarations.
*** empty log message ***
Minor cleanup.
Major nuking of dead code.
Silly bug.
Removal of huge amounts of dead code.
Updates to reflect changes in the rest of the telnet code.
*** empty log message ***
General cleanup of old and ugly code.
Initial revision
Protoized some more.
Print message about not encrypting when receiving WONT or DONT encrypt.
Show difference between MUTUAL and ONE_WAY KERBEROS4.
Now it will only print "not encrypting" when a won't (as a reply to a
Death to varargs.
Fix for old syslogs (as in Ultrix).
Variable encrypt_verbose had to be turned on in main.
Add Ultrix syscall.
Fix for AIX getmsg.
*** empty log message ***
*** empty log message ***
Fix for possibly broken I_FIND.
OSF1 patch
Fixed a few bugs as reported by Fredrik Ljungberg <flag at it.kth.se>.
Added flags -z to have telnetd log unauthenticated logins, such as
Added new function krb_err_msg() that should be used instead of
Removed warning about zrefresh.
Minor fixes.
x
foo
Additions for aklog
Initial revision
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
*** empty log message ***
Minor cleanup.
*** empty log message ***
Fixed (hopefully) double utmp-entries in Solaris. Only put entries in
More thorough guessing of what realm a cell belongs to.
FTP client from NetBSD
Now compiles on alpha
Version 0.0
*** empty log message ***
Encryption of data stream. Cleanup.
Fixes.
Patch for HP-UX.
Patch for Lunix.
Patch for Linux.
Patch for Linux.
Now possible to deny unauthorized access.
Kerberized password checks.
Fixes.
*** empty log message ***
Test for strerror.
*** empty log message ***
Fixed a potential overwrite bug. Also works with more than one screen,
Removed some unused variables. Also gets the right size and colors on
Add libbroken.
Get getdtablesize() from libbroken.
Import of kerberized ftp.
x
Add declaration for __progname.
Authentication modes are given as strings.
*** empty log message ***
*** empty log message ***
Removed tests for functions that lives in libroken.
Removed hp-ux stuff.
Removed prototypes.
*** empty log message ***
*** empty log message ***
x
Fixed rd_safe address mixup.
Filename sanity check. Currently checks filenames in store(),
Removed references to removed code.
Fixed refresh bug.
Removed references to __progname.
*** empty log message ***
Removed progname.
x
*** empty log message ***
Install.
Removed __progname.
*** empty log message ***
Include top-level config.h.
Check for install.
*** empty log message ***
Prototype for delete_ftp_command()
Prototype for klogin()
ANSI nit-picking.
Slightly different functionality. Works on systems that has more
*** empty log message ***
Removed __P
*** empty log message ***
Stop encrypting on quit.
Fixed verbosity test.
Klist command.
Add klist.
Unknown User uid1094 (2):
HESIOD
add hesiod
-----------------------------------------------------------------------
--
Samba Shared Repository
More information about the samba-cvs
mailing list