diff options
| author | stas <stas@FreeBSD.org> | 2011-09-29 05:23:57 +0000 |
|---|---|---|
| committer | stas <stas@FreeBSD.org> | 2011-09-29 05:23:57 +0000 |
| commit | f6e720bf7e3d09d00d73f389a5dac8efdce0eb8c (patch) | |
| tree | cf5b65423910d126fddaaf04b885d0de3507d692 /crypto/heimdal/ChangeLog.2003 | |
| parent | 51b6601db456e699ea5d4843cbc7239ee92d9c13 (diff) | |
| download | FreeBSD-src-f6e720bf7e3d09d00d73f389a5dac8efdce0eb8c.zip FreeBSD-src-f6e720bf7e3d09d00d73f389a5dac8efdce0eb8c.tar.gz | |
- Flatten the vendor heimdal tree.
Diffstat (limited to 'crypto/heimdal/ChangeLog.2003')
| -rw-r--r-- | crypto/heimdal/ChangeLog.2003 | 1795 |
1 files changed, 0 insertions, 1795 deletions
diff --git a/crypto/heimdal/ChangeLog.2003 b/crypto/heimdal/ChangeLog.2003 deleted file mode 100644 index 8223351..0000000 --- a/crypto/heimdal/ChangeLog.2003 +++ /dev/null @@ -1,1795 +0,0 @@ -2003-12-19 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/error_string.c: protect error_string with mutex - - * lib/krb5/context.c: allocate and destroy mutex in krb5_context - - * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string - -2003-12-18 Love Hörnquist Åstrand <lha@it.su.se> - - * kuser/kinit.c: make -9 work again - -2003-12-17 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/init_creds_pw.c: try handle ts preauth better, still - not good, but at least it work with older heimdal releases that - doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was - sent - -2003-12-16 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer - used - -2003-12-11 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as - parameters, required by CMS - -2003-12-07 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab): - avoid memory leak that snuck in when krb5_keytab_key_proc was - exported, pointed out by Panases Inc - - * lib/krb5/keytab_file.c: do locking, found to be a problem for - Panasas Inc - - * lib/krb5/fcache.c: internally export x{,un}lock and thus prefix - them with _krb5_ - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use - KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded - krb-cred - - * lib/krb5/krb5_auth_context.3: some text about - krb5_auth_con_{add,remove}flags - - * lib/krb5/auth_context.c: add krb5_auth_con_addflags and - krb5_auth_con_removeflags - -2003-12-03 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to - avoid memory leak - -2003-12-02 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/crypto.c: require cipher-text to be padded to padsize - - * lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is - deprecated in RFC3493 - - * lib/krb5/verify_krb5_conf.c (check_host): don't check for - EAI_NODATA, because its depricated in RFC3493 Pointed out by - Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss - -2003-12-01 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS - - * lib/krb5/test_crypto.c: add --version,--help - - * kuser/kinit.c (main): return the return value from simple_execvp - -2003-11-26 Love Hörnquist Åstrand <lha@it.su.se> - - * kuser/kinit.c: don't use PKINIT DH per default since its too - slow - - * lib/krb5/pkinit.c: tweek to make pkinit work with the fact the - asn1_compile can't generate code for context tagless optionals - - * kdc/pkinit.c: add support for KDC side of DH PKINIT - - * lib/krb5/pkinit.c: clean up error handling, make enc-type work - again - -2003-11-25 Love Hörnquist Åstrand <lha@it.su.se> - - * kuser/kinit.c: add flag to make it work with pkinit dh - - * lib/krb5/pkinit.c: make PKINIT DH support work - -2003-11-24 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen - - * kdc/pkinit.c: clean up - - * lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field - - * lib/krb5/pkinit.c: remove most compile depencies clean up - - * kdc/pkinit.c: print an error and turn of pkinit if openssl - failed to load - - * kdc/config.c: read pkinit (pki-mumble) configuration options - - * kdc/kerberos5.c: add pkinit support - - * kdc/kdc_locl.h: add prototypes for pkinit - - * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I - removed the dependency on valicert asn1 parser, remove smartcard - and globus support (for now). Work to be done on this: DH support, - Globus support, Smartcard support, windows support (MS implements - -09 of the draft), make it conform to the new draft - - * lib/krb5/pkinit.c: fix bugs, improve error reporting - -2003-11-23 Love Hörnquist Åstrand <lha@it.su.se> - - * kuser/kinit.c: add some "struct foo;" glue for pkinit - structures that isn't used - - * lib/krb5/pkinit.c: clean up, make remove depenency on openssl's - api - - * lib/krb5/krb5_locl.h: add some glue for pkinit add reference - counter to _krb5_get_init_creds_opt_private - - * lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt - private component to avoid copy all the data in it - - * lib/krb5/crypto.c (AES_string_to_key): fix memory leak - - * lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak - - * lib/krb5/heim_threads.h: include pthread.h in the pthread case - -2003-11-18 Love Hörnquist Åstrand <lha@it.su.se> - - * kpasswd/kpasswdd.c (main): parse kdc.conf - From: Jeffrey Hutzelman <jhutz@cmu.edu> - -2003-11-15 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/Makefile.am (TESTS): add test_crypto - - * lib/krb5/test_crypto.c: time crypto operations - -2003-11-14 Love Hörnquist Åstrand <lha@it.su.se> - - * doc/init-creds: spelling, Bruno Rohee <bruno@rohee.com> - -2003-11-09 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free - the ticket now, rewrite error handling to handle that - - * kpasswd/kpasswdd.c (process): don't free ticket, - krb5_free_ticket does that now - - * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket - does that now - - * lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to - match mit behavior, pointed out by Derrick Brashear - - * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket - -2003-11-08 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/padata.c: add krb5_padata_add - - * lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible - - * lib/krb5/Makefile.am: add pkinit.c - - * kuser/kinit.c: add pkinit support - - * lib/krb5/init_creds_pw.c: add support for pkinit - - * lib/krb5/krb5_locl.h: add the opaque krb5_pk_init_ctx to - _krb5_get_init_creds_opt_private - - * lib/krb5/pkinit.c: rename krb5_pk_init_openssl_ctx to - krb5_pk_init_ctx fix win2k error handling - - * lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr - Holub, I removed the dependency on valicert asn1 parser, remove - smartcard and globus support (for now). Work to be done on this: - DH support, Globus support, Smartcard support, windows support (MS - implements -09 of the draft), verify that it conforms the new - draft - -2003-11-07 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/asn1/der_copy.c (copy_oid): copy all components - -2003-10-27 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/krb5.conf.5: document capaths section - -2003-10-22 Johan Danielsson <joda@pdc.kth.se> - - * kdc/kerberos5.c: make sure that the server realm and the krbtgt - second component are identical; get rpath from the capaths section - - * kdc/kerberos5.c: change logic for when to check transited policy - to a tri-state model involving per principal flags (to be - implemented) - - * kdc/kdc_locl.h: change enforce_transited_policy to a tri-state - variable - - * kdc/config.c: change enforce_transited_policy to a tri-state - variable - -2003-10-22 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out - encoding to make sure it have a defined value on failure - - * lib/krb5/transited.c (krb5_domain_x500_encode): - if num_realms ==0, set encoding and return (avoids malloc(0)), - check return value for malloc - -2003-10-21 Johan Danielsson <joda@pdc.kth.se> - - * kdc/kerberos5.c (fix_transited_encoding): always print - cross-realm information - -2003-10-21 Love Hörnquist Åstrand <lha@it.su.se> - - * doc/setup.texi: spelling, From: Tracy Di Marco White - - * kdc/kerberos5.c (fix_transited_encoding): set transited type - -2003-10-21 Johan Danielsson <joda@pdc.kth.se> - - * kdc/kdc.8: document enforce-transited-policy - - * kdc/kerberos5.c: always check transited policy if flag set - either globally or on principal - - * kdc/config.c: add flag to always check transited policy - - * lib/hdb/hdb.asn1: add flag to enforce transited policy - -2003-10-21 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms - to zero not num_realms - - * kuser/kgetcred.1: add --no-transit-check - - * kuser/kgetcred.c: add --no-transit-check - - * doc/setup.texi: describe Transit policy - -2003-10-20 Johan Danielsson <joda@pdc.kth.se> - - * kdc/kerberos5.c (fix_transited_encoding): also verify with - policy, unless asked not to - - * lib/krb5/rd_req.c (krb5_decrypt_ticket): try to verify transited - realms, unless the transited-policy-checked flag is set - - * lib/krb5/transited.c (krb5_domain_x500_decode): handle zero - length tr data; - (krb5_check_transited): new function that does more useful stuff - - * lib/krb5/get_cred.c: get capath info from [capaths] section - -2003-10-16 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/fcache.c: Sleep forever waiting for lock. Previous - method doesn't work well with a large number of clients accessing - the cache at the same time, and there is no simple way to add a - timeout to the lock. - -2003-10-13 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/verify_krb5_conf.c: print the error value - krb5_init_context failed with - - * lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if - there is binding before a section declaration. Bug found by - Arkadiusz Miskiewicz <arekm@pld-linux.org> - -2003-10-13 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/fcache.c (erase_file): revert a change in previous; if - the ccache is a symlink, kdestroy should remove it - - * lib/krb5/fcache.c: implement locking - -2003-10-12 Johan Danielsson <joda@pdc.kth.se> - - * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred - returns error other than KRB5_CC_END - -2003-10-07 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/init_creds_pw.c: add some help function that is common - between ENC_TS and SAM2, free the etype{,2}-infos on failure, move - the pa counter into krb5_get_init_creds_ctx - -2003-10-06 Love Hörnquist Åstrand <lha@it.su.se> - - * kdc/kaserver.c (do_getticket): if times data is shorter then 8 - byte, request is malformed. - - * kdc/kaserver.c (do_authenticate): if request length is less then - 8 byte, its a bad request and fail. Pointed out by Marco Foglia - <marco@foglia.org> - - * lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that - warns for mit syntax is used and just ignore the mit syntax when - its used - - * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi] - -2003-10-04 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/asn1/lex.l: add BOOLEAN - - * lib/asn1/parse.y: add BOOLEAN - -2003-10-03 Love Hörnquist Åstrand <lha@it.su.se> - - * kuser/kinit.c: When running kinit in "fork mode" do pagsh - independent of krb4, also always do krb4 setup of cc. Always try - to destroy the v4 cc. - - add boolean --{,no-}request-pac that will request pac or not - - * kuser/klist.c (check_for_tgt): set client as part of the - pattern/match cred - - * lib/krb5/convert_creds.c (_krb5_krb_dest_tkt): unlink v4 token - (get_krb4_cc_name): move out from _krb5_krb_tf_setup - (_krb5_krb_tf_setup): adapt to allocated filename instead of - static filename - - * lib/krb5/krb5-v4compat.h: add _krb5_krb_dest_tkt and TKT_ROOT - - * lib/krb5/init_creds_pw.c (*) send PA_PAC_REQUEST when the user - have requested either use PAC or not use PAC, if the option not - set from the user, leave it up to the kdc to decide. - (init_creds_loop): clear error string on success - - * lib/krb5/init_creds.c: add - krb5_get_init_creds_opt_set_paq_request break out common part of - extended opt functions to require_ext_opt - - * lib/krb5/krb5_locl.h: add enum krb5_get_init_creds_req_pac and - use it in struct _krb5_get_init_creds_opt_private - - * tools/kdc-log-analyze.pl: handle some more failure lines - - * doc/programming.texi: some diffrences between Heimdal and MIT - Kerberos in the API - - * doc/setup.texi: add Setting up DNS - - * lib/krb5/rd_req.c (krb5_rd_req): always free keyblock since its - alway used - - * lib/asn1/Makefile.am: add SAM types and PAC_REQUEST - - * lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST - - * lib/asn1: add boolean support - -2003-10-02 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on - failure - -2003-09-30 Love Hörnquist Åstrand <lha@it.su.se> - - * appl/test/http_client.c (do_connect): use ai_protocol 0 - - * lib/krb5/init_creds_pw.c (init_cred_loop): handle - KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting - LARGE_MSG from send to kdc, and if this is the second time bail - out; try to free memory - - * lib/krb5/send_to_kdc.c (krb5_sendto_kdc_flags): new function, - and then implement the order krb5_sendto_kdc* function with this - function. - - * lib/krb5/krbhst.c (krb5_krbhst_init_flags): new function, use it - and adapt callers - (krbhst_get_default_proto): new function, returns udp, or in case - large_msg was requested for the krb5_krbhst_data, use tcp. - (*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid - using udp, use krbhst_get_default_proto - - * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and - krb5_send_to_kdc_flags) - -2003-09-23 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth - context, use that - - * appl/test/uu_client.c: print authorization data if there are any - - * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String - -2003-09-21 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy - * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy - - * lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen - - * kuser/kinit.c: don't get v4 tickets by default - -2003-09-20 Love Hörnquist Åstrand <lha@it.su.se> - - * kpasswd/kpasswdd.c (process): remove a abort() - - * doc/win2k.texi: add some text about netdom.exe and trusts - - * TODO-1.0: gssapi rc4 done - - * kpasswd/kpasswdd.c: add support for Set password protocol as - defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change - Password and Set Password Protocols - -2003-09-19 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/db3.c: improve readability of ->open ifdef, check if - version >= 4.1 - - * lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add - - * lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key - in the auth_context, they way processes that doesn't use the - keytab can still pass in the key of the service (matches behavior - of MIT Kerberos). - -2003-09-18 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/init_creds_pw.c: collect all init_creds context into a - structure so it can easier be passed around, also, while here, - change nonce for every request - - * lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before - the loop, add_padata() will handle that itself - - * lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len - until in contains interesting data, use right iteration counter - when clearing the addresses - - * lib/krb5/log.c (log_realloc): increase len after realloc returns - sucessfully - -2003-09-12 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/config_file.c: fix prototypes - From: Fredrik Ljungberg <flag@pobox.se> - -2003-09-10 Love Hörnquist Åstrand <lha@it.su.se> - - * appl/test/http_client.c: close socket when we are done, don't - allow the server to restart gssapi negotiation - - * lib/hdb/hdb_locl.h: include <limits.h> for ULONG_MAX noted by - Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss - - * appl/test/gssapi_client.c (proto): use select_mech - - * appl/test/http_client.c: use getarg - - * appl/test/gss_common.h: prototype for select_mech - - * appl/test/gss_common.c (select_mech): return the gss_OID from a - mech name - - * appl/test/http_client.c: print both source and target - - * appl/test/Makefile.am: build http_client - -2003-09-09 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/asn1/asn1_print.c: add support for printing Enumerated - - * appl/test/gssapi_client.c: allow user to select mech; krb5, - spnego, and no-oid - - * appl/test/test_locl.h: add mech - - * appl/test/common.c: add --mech,-m argument - - * appl/test/gssapi_server.c: print the mech that was used - - * kdc/kerberos5.c (only_older_enctype_p): check request if the - client only supports old enctypes, before it used the database - -2003-09-08 Love Hörnquist Åstrand <lha@it.su.se> - - * **/*.c: add context argument to krb5_get_init_creds_opt_alloc - - * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add - context argument - - * lib/krb5/krb5_get_init_creds.3: spelling - -2003-09-04 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/context.c (add_file): make len argument an pointer to - an integer - - * lib/asn1/k5.asn1: add SAM types - - * lib/krb5/init_creds_pw.c: break out the encrypt timestamp - preauth to its function break out the pa_data_to_key_plain to its - own function make more variables const - -2003-09-04 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt} - -2003-09-03 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.h: Add key usage for encryption of the - SAM-NONCE-OR-SAD field. - - * include/make_crypto.c: include <openssl/ui.h> in the openssl - case - - * kdc/hprop.h: use new DES_ api - - * lib/krb5/krb5-v4compat.h: assume session key is a char array of - length 8 - - * lib/krb5/prompter_posix.c: - s/des_read_pw_string/UI_UTIL_read_pw_string/ - - * kuser/kinit.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ - - * kdc/string2key.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ - - * kdc/kstash.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ - - * admin/add.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ - - * lib/krb5/crypto.c: switch from the des_ to the DES_ api - - * kdc/hprop.c: use DES_KEY_SZ instead of sizeof(des_block) - - * kuser/kverify.c: use - krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free - - * kpasswd/kpasswd-generator.c: use - krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free - - * kdc/hprop.c: use - krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free compare - a uint32_t with 0xffffffff instead of -1 - - * lib/krb5/krb5_425_conv_principal.3: fix [Gt] - - * kuser/kinit.c: use - krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free - - * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): handle - password passed in though context - - * lib/krb5/Makefile.am (TESTS): += test_config - - * lib/krb5/aes-test.c: move variable thats used within a #ifdef to - be defined within that #ifdef - - * lib/krb5/data.c (krb5_data_free): reset whole krb5_data when - freeing it - - * lib/krb5/keyblock.c (krb5_keyblock_zero): new function, zeros - out a keyblock - - * lib/krb5/init_creds_pw.c: rewrite/implement - krb5_get_init_creds_password with new preauth handing, still it - can only work with krb5-pa-enc-timestamp for preauth, but now it - can handle etype-info2 - - * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): allocate - a opt structure - (krb5_get_init_creds_opt_free): free a opt structure - (krb5_get_init_creds_opt_set_pa_password): set preauth info for - enc-timestamp - - * lib/krb5/krb5_locl.h: add struct - _krb5_get_init_creds_opt_private - -2003-09-02 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef, - add a pointer to a private part of krb5_get_init_creds_opt - - * kdc/string2key.c (main): avoid const warning by using a extra - variable - -2003-08-31 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): - reindent - - * lib/krb5/ticket.c (krb5_copy_ticket): free all data when - failing, copy data to right memory, the later pointed out by Luke - Howard. - -2003-08-30 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers - -2003-08-29 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/db3.c: try to include more db headers - - * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss - From: Luke Howard <lukeh@PADL.COM> - -2003-08-28 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56 - - * appl/test/gssapi_client.c: send both INT and CONF wrapped token - - * appl/test/gssapi_server.c: recv both INT and CONF wrapped token - - * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE - -2003-08-27 Love Hörnquist Åstrand <lha@it.su.se> - - * appl/test/uu_client.c (proto): fill in client in the match cred - -2003-08-26 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers - - * lib/krb5/crypto.c (usage2arcfour): simplify, only include - special cases From: Luke Howard <lukeh@PADL.COM> - -2003-08-25 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard - <lukeh@PADL.COM> - - * lib/krb5/crypto.c (arcfour_checksum_p): return true when is - arcfour, not when its not pointed out by Luke Howard - - * doc/ack.texi: update Luke Howard email address - -2003-08-24 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5_encrypt.3: document: - krb5_crypto_getconfoundersize, krb5_crypto_getblocksize - krb5_crypto_getenctype, krb5_crypto_getpadsize - - * lib/krb5/crypto.c (krb5_crypto_getpadsize, - krb5_crypto_getconfoundersize): added From: Luke Howard - <lukeh@PADL.COM> - -2003-08-23 Love Hörnquist Åstrand <lha@it.su.se> - - * kdc/connect.c (handle_tcp): handle recvfrom returning 0 - (connection closed) - - * kdc/connect.c (grow_descr): increment the size after we succeed - to allocate the space - - * lib/krb5/krb5_create_checksum.3: text about when - krb5_crypto_get_checksum_type is useful - - * lib/krb5/crypto.c (krb5_crypto_get_checksum_type): fix format - string - - * lib/krb5/krb5_create_checksum.3: document - krb5_crypto_get_checksum_type - - * lib/krb5/crypto.c: add krb5_crypto_get_checksum_type - From: Luke Howard <lukeh@PADL.COM> - - * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code - From: Luke Howard <lukeh@PADL.COM> - -2003-08-21 Love Hörnquist Åstrand <lha@it.su.se> - - * include/make_crypto.c: include aes.h inc in the local libdes - case too - -2003-08-20 Johan Danielsson <joda@pdc.kth.se> - - * lib/asn1/der_free.c: set free'd poiners to NULL - - * lib/asn1/gen_free.c: set free'd poiners to NULL - -2003-08-20 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support - on netbsd - - * lib/krb5/crypto.c: Do the arcfour checksum mapping for - krb5_create_checksum and krb5_verify_checksum, From: Luke Howard - <lukeh@PADL.COM> - -2003-08-18 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/test_config.c: check krb5_prepend_config_files_default - and krb5_prepend_config_files - - * lib/krb5/context.c: add krb5_prepend_config_files and - krb5_prepend_config_files_default - -2003-08-17 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t - as argument - - * lib/krb5/parse-name-test.c: please lint (and me) - - * kdc/config.c (configure): remove only set variable 'e' - - * kdc/connect.c (init_socket): sockaddr size argument to - krb5_addr2sockaddr is a krb5_addr2sockaddr * - - * kdc/kerberos5.c (as_rep): remove usused variable - (tgs_rep2): don't use a temporary ret-variable, ret is reset later - - * lib/krb5/krb5_get_in_cred.3: these function will be deprecated - - * lib/krb5/Makefile.am: man_MANS += krb5_get_init_creds.3 - - * lib/krb5/krb5_get_init_creds.3: begining of documentation of - krb5_get_init_creds - - * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with - with the mit implemtation, don't free `creds' argument when done, - its up the the caller to do that, also allow a NULL ccache. - -2003-08-16 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.conf.5: document tgs_require_subkey - - * lib/asn1/Makefile.am: remove trance of generate tests files, its - not really for consumption yet - - * lib/hdb/Makefile.am: split generated source from non generated - source we make-proto.pl can generate prototypes for non - generate-source only (make-proto.pl dies on asn1compile's .c - files) - - * lib/krb5/get_cred.c (init_tgs_req): make generation of subkey - optional on configuration parameter - [realms]realm={tgs_require_subkey=bool} - defaults to off. The RFC1510 weakly defines the correct behavior, - so old DCE secd apparently required the subkey to be there, and MS - will use it when its there. But the request isn't encrypted in the - subkey, so you get to choose if you want to talk to a MS mdc or a - old DCE secd. - - * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero - -2003-08-15 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/principal.c (unparse_name): len can't be zero, so, - don't check for that - -2003-08-13 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/principal.c (unparse_name): make sure there are space - for a NUL, set *name to NULL when there is a failure (so caller - can't get hold of a freed pointer) - -2003-07-26 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/kerberos.8: remove duplicate manual, from - cjep@netbsd.org - -2003-07-25 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/cache.c: indent - - * lib/krb5/cache.c (krb5_cc_set_default_name): only read - KRB5CCNAME when not suid - -2003-07-24 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes, - use a char array instead of des_cblock - -2003-07-23 Love Hörnquist Åstrand <lha@it.su.se> - - * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2 - - * lib/krb5/crypto.c (hmac): make it return an error when out of - memory, update callsites to either return error or use krb5_abortx - (krb5_hmac): expose hmac - -2003-07-22 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype - of keyblock - - * lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3 - - * lib/krb5/krb5_keyblock.3: some information about krb5_keyblock - and related functions - - * lib/krb5/heim_threads.h: make the non-debug version of the mutex - macros "use" the "mutex" integer so the compile wont complain - about defined unused variables - - * lib/krb5/heim_threads.h: make thread local storage macros take a - "return" argument so no functions need to be created for the - no-pthread case - - * lib/krb5/heim_threads.h: adding RWLOCKS and [sg]etspecific - - * configure.in: use KRB_PTHREADS - - * lib/asn1/Makefile.am (gen_files): add asn1_KerberosString and - sort - - * lib/asn1/k5.asn1 (ETYPE-INFO2-ENTRY): salt is a KerberosString - - * lib/krb5/krb5.3: add ticket access functions - * lib/krb5/krb5_ticket.3: ditto - * lib/krb5/ticket.c: ditto - * lib/krb5/Makefile.am: ditto - - * lib/krb5/mit_glue.c: add some more krb5_c functions - - * lib/krb5/krb5_c_make_checksum.3: add some more krb5_c functions - - * lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type - is a valid one - - * lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented - error string when there is a context - (krb5_checksum_is_collision_proof): ditto - -2003-07-21 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data - argument optional - (krb5_c_{encrypt,decrypt}): return "better" error codes for - invalid ivec length - - * lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum - usage - - * lib/krb5/crypto.c (krb5_crypto_getenctype): new function - - * include/make_crypto.c: avoid redefining - OPENSSL_DES_LIBDES_COMPATIBILITY - - * lib/krb5/krb5.h: add krb5_enc_data - -2003-07-19 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.3: add krb5_c_ functions - - * lib/krb5/mit_glue.c: support passing in NULL as the - cipher_state/ivec - - * lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and - krb5_c_decrypt - - * lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue - - * lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when - calculating the length of the encrypted data, use the keyed - checksum length if the enctype supports a keyed checksum. This - only matter for aes, for all other enctypes the key and unkeyed - checksum have the same length. - -2003-07-18 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/mit_glue.c: first version of krb5_c encryption glue - - * doc/install.texi: update pointer to luke ldap documentation - - * lib/hdb/hdb.c (hdb_create): check for dynamic backend after - static to avoid warning from dynamic backend when using a known - static backend - -2003-07-16 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/cache.c: don't return value in void function - -2003-07-15 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/creds.c (krb5_compare_creds): if client is specified in - the mcreds, check that too - - * lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}: - prefix libasn1 types with heim_ - - * lib/asn1: prefix typedefs and structs with heim_ - -2003-07-13 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/hdb.c: avoid unnecessary setting of variable - -2003-07-07 Love Hörnquist Åstrand <lha@it.su.se> - - * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred - - * appl/test/uu_client.c (proto): use krb5_cc_clear_mcred - - * lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free - in the req_body addresses since they where pass in by caller - (find_cred): use krb5_cc_clear_mcred - - * lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred - - * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a - krb5_creds to use with krb5_cc_retrieve_cred - -2003-06-30 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix, - don't load anything - -2003-06-29 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke - Howard <lukeh@PADL.COM> - - * lib/hdb/hdb.h: add struct hdb_so_method and - HDB_INTERFACE_VERSION - -2003-06-28 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using - arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since - Microsoft calculates the keyed checksum with the subkey of the - authenticator. - - * kuser/kinit.c: write out v4 credential caches with - _krb5_krb_tf_setup - - * lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup - - * lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4 - credential to a new krb4 ticket file - -2003-06-27 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since - it contains more than 9 words; from wiz - -2003-06-25 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from - stefan sokoll <stefansokoll@yahoo.de> - -2003-06-24 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text - - * lib/krb5/time.c: improve comment for krb5_set_real_time - -2003-06-23 Johan Danielsson <joda@pdc.kth.se> - - * kuser/kinit.1: document -A - - * kuser/kinit.c: add -A as an alias for --no-addresses - -2003-06-22 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a - krb5_timestamp to krb5_us_timeofday - - * lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to - krb5_us_timeofday - - * lib/krb5/time.c (krb5_set_real_time): fix comment and make it - work - - * lib/krb5/time.c, lib/krb5/krb5_timeofday.3, - lib/krb5/Makefile.am lib/krb5/test_time.c: - - implement krb5_set_real_time, used by SAMBA, requested by Luke - Howard <lukeh@PADL.COM> - - * lib/asn1/k5.asn1: make the aes and sha1 checksum types match - draft-ietf-krb-wg-crypto-05 - -2003-06-21 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data - - * lib/krb5/crypto.c: clean up AES code to use a structure instead - of a key array - (_krb5_AES_string_to_default_iterator): set to 4096 as described in - aes draft -04 - (derive_key): always remove the key->schedule since its - will contain the wrong (parent key) info - -2003-06-18 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn - * doc/setup.texi: add more kdc's to the example - -2003-06-17 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto - Patino <jalbertop@aranea.com.mx>, Luke Howard <lukeh@PADL.COM> - Pointed out by Andrew Bartlett of Samba - - * lib/krb5/heim_threads.h: remove freebsd comment, don't use debug - pthread stubs by default - - * lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3 - - * lib/krb5/krb5_free_addresses.3: removed file, functions are - documented in krb5_address.3 - - * lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2 - - * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add - krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256 - -2003-06-06 Love Hörnquist Åstrand <lha@it.su.se> - - * doc/setup.texi: Point out that slave needs /var/heimdal - directory and masterkey From: Mans Nilsson <mansaxel@sunet.se>, - Fix spelling while here - -2003-06-02 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3: - add manpage for: krb5_get_in_cred, krb5_get_in_tkt, - krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password, - krb5_get_in_tkt_with_skey - -2003-05-28 Assar Westerlund <assar@kth.se> - - * lib/krb5/heim_threads.h: Fix unlock/destroy macros for the - non-threaded cases to work. Fix typo. - -2003-05-27 Johan Danielsson <joda@pdc.kth.se> - - * lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of - "unsigned" integers. If MSB is set, we need to pad with a zero - byte. - -2003-05-27 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes - - * lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap - connection - (LDAP_store): remove superfluous argument to asprintf - - From Alberto Patino <jalbertop@aranea.com.mx> - -2003-05-26 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/*.[0-9]: pacify mdoclink - - * lib/krb5/krb5_ccache.3: document diffrences between mit and - heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$// - -2003-05-21 Love Hörnquist Åstrand <lha@it.su.se> - - * appl/test/gssapi_server.c (proto): start to use - gss_krb5_copy_ccache - - * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t - groveling for now - -2003-05-20 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/asn1: - - add parser/generate glue for UTF8String and NULL - (DER primitive encode/decode functions missing) - - handle parsing of DEFAULT and, ... - -2003-05-16 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/heim_threads.h: add missing argument to mutex_init - - * lib/krb5/crypto.c: protect the random initiator with a mutex - - * lib/krb5/mcache.c: protect the mcc_head with a mutex - - * lib/krb5/krb5_locl.h: include heim_threads.h - - * lib/krb5/heim_threads.h: wrapper macros for thread - synchronization primitives - -2003-05-15 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5_principal.3 - lib/krb5/Makefile.am: - Add all Kerberos principal function to one manpage, add a few more - principal function to it, remove old now dup manpages - - * lib/krb5/krb5_build_principal.3: remove file - * lib/krb5/krb5_free_principal.3: remove file - * lib/krb5/krb5_sname_to_principal.3: remove file - * lib/krb5/krb5_principal_get_realm.3: remove file - -2003-05-14 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd - - * lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from - netbsd - - * lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort - sections, from netbsd - - * lib/krb5/krb5_keytab.3: .Sh EXAMPLE -> .Sh EXAMPLES, mdoc fixes, - from netbsd - - * lib/krb5/krb5_get_krbhst.3: .Sh EXAMPLE -> .Sh EXAMPLES, from - netbsd - - * lib/krb5/krb5_get_all_client_addrs.3: add .Os, from NetBSD - - * lib/krb5/krb5_build_principal.3: sort sections, from NetBSD - - * lib/krb5/krb5.conf.5: .Sh EXAMPLE -> .Sh EXAMPLES, from netbsd - - * lib/krb5/get_default_realm.c: compatability -> compatibility, - from netbsd - - * lib/krb5/krb5_warn.3: add copyright/license - - * lib/krb5/krb5_context.3: add SYNOPSIS and LIBRARY - - * lib/krb5/krb5.3: add RCSID - - * kdc/hprop.8: fix mdoc problem, from netbsd - - * lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner - <wiz@netbsd.org> - - * kuser/kinit.1: setup -> set up, new sentence, new line from - Thomas Klausner <wiz@netbsd.org> - -2003-05-13 Love Hörnquist Åstrand <lha@it.su.se> - - * kpasswd/kpasswd.1: handle setting passwords for multiple - principals at the same time - - * kpasswd/kpasswd.c: handle setting passwords for multiple - principals at the same time - - * lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and - rfc3244 share the response packet sure more constants now that - they exists - -2003-05-12 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.h: some define for rfc3244 - - * lib/krb5/krb5.3: add krb5_change_password and krb5_set_password - - * kpasswd/kpasswd.1: document --admin-principal - - * kpasswd/kpasswd.c: use krb5_set_password - - * lib/krb5/krb5_set_password.3: document krb5_change_password and - krb5_set_password - - * lib/krb5/changepw.c: implement rfc3244, partly from - shadow@dementia.org - - * lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for - RFC3244 - - * lib/asn1/k5.asn1: add ChangePasswdDataMS, for - RFC3244 - -2003-05-08 Love Hörnquist Åstrand <lha@it.su.se> - - * kuser/kdestroy.c: destroy tokens even if there isn't v4 support - - * kuser/kinit.c: get token even if there isn't v4 support - - * kuser/klist.c: print tokens even if there isn't v4 support - -2003-05-06 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/name-45-test.c: need to use empty krb5.conf for some - tests - - * lib/asn1/check-gen.c: there is no \e escape sequence; replace - everything with hex-codes, and cast to unsigned char* to make some - compilers happy - -2003-05-06 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first - argument to krb5_us_timeofday have correct type - -2003-05-05 Assar Westerlund <assar@kth.se> - - * include/make_crypto.c (main): include aes.h if ENABLE_AES - -2003-05-05 Love Hörnquist Åstrand <lha@it.su.se> - - * make-release: when fixing a valid cvs tag from release name - replace all number. to number- for all non-overlapping matches - -2003-05-04 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and - asn1_ETYPE_INFO2_ENTRY.x - (libasn1_la_LDFLAGS): set version to 6:1:1 - - * doc/Makefile.am: add apps.texi - - * doc/setup.texi: add move forward link to applications - - * doc/heimdal.texi: add applications - - * doc/misc.texi: move afs stuff to applications add link to - applications - - * doc/apps.texi: text about applications using kerberos - move afs text here - -2003-05-03 Love Hörnquist Åstrand <lha@it.su.se> - - * doc/setup.texi: add cross realm text - -2003-04-29 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and - krb5_string_to_enctype - -2003-04-28 Love Hörnquist Åstrand <lha@it.su.se> - - * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd - -2003-04-26 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2 - * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2 - -2003-04-25 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/build_auth.c (krb5_build_authenticator): if the local - sequence number is non-zero, don't generate a new one - - * lib/krb5/mk_rep.c (krb5_mk_rep): if the local sequence number is - non-zero, don't generate a new one - - * lib/krb5/time.c (krb5_us_timeofday): make the sec parameter a - krb5_timestamp - - * lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c - lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and - RET_TIME - - * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching - asn1) - -2003-04-24 Love Hörnquist Åstrand <lha@it.su.se> - - * doc/programming.texi: s/managment/management/, from jmc - <jmc@prioris.mini.pw.edu.pl> - -2003-04-23 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/context.c (default_etypes): also advertise that we - handle aes encryption types - - * lib/krb5/Makefile.am: add krb5_c_ checksum related functions - - * lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum - related functions - - * lib/krb5/mit_glue.c: add compat mit krb5_c checksum related - functions - - * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY - -2003-04-22 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd - -2003-04-17 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/asn1/der_copy.c (copy_general_string): use strdup - * lib/asn1/der_put.c: remove sprintf - * lib/asn1/gen.c: remove strcpy/sprintf - - * lib/krb5/name-45-test.c: use a more unique name then ratatosk so - that other (me) have such hosts in the local domain and the tests - fails, to take hokkigai.pdc.kth.se instead - - * lib/krb5/test_alname.c: add --version and --help - -2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5_warn.3: add krb5_get_err_text - - * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd - * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd - * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use - strlcpy, from openbsd - * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd - * appl/kf/kfd.c: use strlcpy, from openbsd - -2003-04-16 Johan Danielsson <joda@pdc.kth.se> - - * configure.in: fix for large file support in AIX, _LARGE_FILES - needs to be defined on the command line, since lex likes to - include stdio.h before we get to config.h - -2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h, - from Thomas Klausner <wiz@netbsd.org> - - * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner - <wiz@netbsd.org> - -2003-04-15 Love Hörnquist Åstrand <lha@it.su.se> - - * kdc/kerberos5.c: fix some more memory leaks - -2003-04-11 Love Hörnquist Åstrand <lha@it.su.se> - - * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> - -2003-04-08 Love Hörnquist Åstrand <lha@it.su.se> - - * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl> - -2003-04-06 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.3: s/kerberos/Kerberos/ - * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ - * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ - * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ - * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ - * kuser/kinit.1: s/kerberos/Kerberos/ - * kdc/kdc.8: s/kerberos/Kerberos/ - -2003-04-01 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/test_alname.c: more krb5_aname_to_localname tests - - * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when - converting too root, make sure user is ok according to - krb5_kuserok before allowing it. - - * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname - - * lib/krb5/test_alname.c: add test for krb5_aname_to_localname - - * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 - instead of the "illegal" salt #~, same change as kth-krb did - 1999. Problems occur with crypt() that behaves like AT&T crypt - (openssl does this). Pointed out by Marcus Watts. - - * admin/change.c (kt_change): collect all principals we are going - to change, and pick the highest kvno and use that to guess what - kvno the resulting kvno is going to be. Now two ktutil change in a - row works. XXX fix the protocol to pass the kvno back. - -2003-03-31 Love Hörnquist Åstrand <lha@it.su.se> - - * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl> - -2003-03-30 Love Hörnquist Åstrand <lha@it.su.se> - - * doc/setup.texi: add description on how to turn on v4, 524 and - kaserver support - -2003-03-29 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog - and afs-use-524 - -2003-03-28 Love Hörnquist Åstrand <lha@it.su.se> - - * kdc/kerberos5.c (as_rep): when the second enctype_to_string - failes, remember to free memory from the first enctype_to_string - - * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, - from Harald Joerg <harald.joerg@fujitsu-siemens.com> - (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc - - * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key - length when key is longer then expected length, its probably - longer since the encrypted data was padded, reported by Aidan - Cully <aidan@kublai.com> - - * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of - encyption type, inspired by Aidan Cully <aidan@kublai.com> - -2003-03-27 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 - (wildcard kvno) after principal when the keytab entry isn't found, - reported by Chris Chiappa <chris@chiappa.net> - -2003-03-26 Love Hörnquist Åstrand <lha@it.su.se> - - * doc/misc.texi: update 2b example to match reality (from - mattiasa@e.kth.se) - - * doc/misc.texi: spelling and add `Configuring AFS clients' - subsection - -2003-03-25 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.3: add krb5_free_data_contents.3 - - * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT - API - - * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat - with MIT API - - * lib/krb5/krb5_verify_user.3: write more about how the ccache - argument should be inited when used - -2003-03-25 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/addr_families.c (krb5_print_address): make sure - print_addr is defined for the given address type; make addrports - printable - - * kdc/string2key.c: print the used enctype for kerberos 5 keys - -2003-03-25 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/aes-test.c: add another arcfour test - -2003-03-22 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 - -2003-03-20 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5_ccache.3: update .Dd - - * lib/krb5/krb5.3: sort in krb5_data functions - - * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 - - * lib/krb5/krb5_data.3: document krb5_data - - * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if - prompter is NULL, don't try to ask for a password to - change. reported by Iain Moffat @ ufl.edu via Howard Chu - <hyc@highlandsun.com> - -2003-03-19 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5_keytab.3: spelling, from - <jmc@prioris.mini.pw.edu.pl> - - * lib/krb5/krb5.conf.5: . means new line - - * lib/krb5/krb5.conf.5: spelling, from - <jmc@prioris.mini.pw.edu.pl> - - * lib/krb5/krb5_auth_context.3: spelling, from - <jmc@prioris.mini.pw.edu.pl> - -2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> - - * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 - - * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time - - * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time - - * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out - #ifdef KRB4 from enable_v4_cross_realm since 524 needs it - - * kdc/config.c: 524 is independent of kerberos 4, so move out - enable_v4_cross_realm from #ifdef KRB4 since 524 needs it - -2003-03-17 Assar Westerlund <assar@kth.se> - - * kdc/kdc.8: document --kerberos4-cross-realm - * kdc/kerberos4.c: pay attention to enable_v4_cross_realm - * kdc/kdc_locl.h (enable_v4_cross_realm): add - * kdc/524.c (encode_524_response): check the enable_v4_cross_realm - flag before giving out v4 tickets for foreign v5 principals - * kdc/config.c: add --enable-kerberos4-cross-realm option (default - to off) - -2003-03-17 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 - - * lib/krb5/krb5_aname_to_localname.3: manpage for - krb5_aname_to_localname - - * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ - -2003-03-16 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 - - * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 - - * lib/krb5/krb5_set_default_realm.3: Manpage for - krb5_free_host_realm, krb5_get_default_realm, - krb5_get_default_realms, krb5_get_host_realm, and - krb5_set_default_realm. - - * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado - <sobrado@acm.org> via NetBSD - - * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type - - * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab - - * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix - - * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more - types, add krb5_fcc_ops and krb5_mcc_ops - - * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for - a id - -2003-03-15 Love Hörnquist Åstrand <lha@it.su.se> - - * doc/intro.texi: add reference to source code, binaries and the - manual - - * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal - -2003-03-14 Love Hörnquist Åstrand <lha@it.su.se> - - * kdc/kdc.8: better/difrent english - - * kdc/kdc.8: . -> .\n, copyright/license - - * kdc/kdc.8: changed configuration file -> restart kdc - - * kdc/kerberos4.c: add krb4 into the most error messages written - to the logfile - - * lib/krb5/krb5_ccache.3: add missing name of argument - (krb5_context) to most functions - -2003-03-13 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of - function and return FALSE when there isn't a local account for - `luser'. - - * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text - describing the function - -2003-03-12 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name - returned memory, don't return ENOMEM - -2003-03-11 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.3: add krb5_address stuff and sort - - * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description - - * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 - - * lib/krb5/krb5_address.3: document types krb5_address and - krb5_addresses and their helper functions - -2003-03-10 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 - - * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se - - * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 - - * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se - - * lib/krb5/krb5.3: add more functions - - * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc - functions - - * lib/krb5/krb5_kuserok.3: document krb5_kuserok - - * lib/krb5/krb5_verify_user.3: document - krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior - - * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and - krb5_verify_user_opt - - * lib/krb5/*.[0-9]: add copyright/licenses on more manpages - - * kuser/kdestroy.c (main): handle that krb5_cc_default_name can - return NULL - - * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor - (TESTS): add test_cc - - * lib/krb5/test_cc.c: test some - krb5_cc_default_name/krb5_cc_set_default_name combinations - - * lib/krb5/context.c (init_context_from_config_file): set - default_cc_name to NULL - (krb5_free_context): free default_cc_name if set - - * lib/krb5/cache.c (krb5_cc_set_default_name): new function - (krb5_cc_default_name): use krb5_cc_set_default_name - - * lib/krb5/krb5.h (krb5_context_data): add default_cc_name - -2003-02-25 Love Hörnquist Åstrand <lha@it.su.se> - - * appl/kf/kf.1: s/securly/securely/ from NetBSD - -2003-02-18 Love Hörnquist Åstrand <lha@it.su.se> - - * kdc/connect.c: s/intialize/initialize, from - <jmc@prioris.mini.pw.edu.pl> - -2003-02-17 Love Hörnquist Åstrand <lha@it.su.se> - - * configure.in: add AM_MAINTAINER_MODE - -2003-02-16 Love Hörnquist Åstrand <lha@it.su.se> - - * **/*.[0-9]: add copyright/licenses on all manpages - -2003-14-16 Jacques Vidrine <nectar@kth.se> - - * lib/krb5/get_in_tkt.c (init_as_req): Send only a single - PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption - type specified by the KDC. - -2003-02-15 Love Hörnquist Åstrand <lha@it.su.se> - - * fix-export: some autoconf put their version number in - autom4te.cache, so remove autom4te*.cache - - * fix-export: make sure $1 is a directory - -2003-02-04 Love Hörnquist Åstrand <lha@it.su.se> - - * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> - - * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> - -2003-01-31 Love Hörnquist Åstrand <lha@it.su.se> - - * kdc/hpropd.8: s/databases/a database/ s/Not/not/ - - * kdc/hprop.8: add missing . - -2003-01-30 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, - address, write out encryption type in sentences, s/Host/host - -2003-01-26 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/asn1/check-gen.c: add checks for Authenticator too - -2003-01-25 Love Hörnquist Åstrand <lha@it.su.se> - - * doc/setup.texi: in the hprop example, use hprop and the first - component, not host - - * lib/krb5/get_addrs.c (find_all_addresses): address-less - point-to-point might not have an address, just ignore - those. Reported by Harald Barth. - -2003-01-23 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/verify_krb5_conf.c (check_section): when key isn't - found, don't print out all known keys - - * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity - and facility start resp - (check_log): find_value() returns -1 when key isn't found - - * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a - 'const void *' to avoid AES_KEY being exposed in krb5-private.h - - * lib/krb5/krb5.conf.5: add [kdc]use_2b - - * kdc/524.c (encode_524_response): its 2b not b2 - - * doc/misc.texi: quote @ where missing - - * lib/asn1/Makefile.am: add check-gen - - * lib/asn1/check-gen.c: add Principal check - - * lib/asn1/check-common.h: move generic asn1/der functions from - check-der.c to here - - * lib/asn1/check-common.c: move generic asn1/der functions from - check-der.c to here - - * lib/asn1/check-der.c: move out the generic asn1/der functions to - a common file - -2003-01-22 Love Hörnquist Åstrand <lha@it.su.se> - - * doc/misc.texi: more text about afs, how to get get your KeyFile, - and how to start use 2b tokens - - * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre - <jmc@cvs.openbsd.org> - -2003-01-21 Jacques Vidrine <nectar@kth.se> - - * kuser/kuser_locl.h: include crypto-headers.h for - des_read_pw_string prototype - -2003-01-16 Love Hörnquist Åstrand <lha@it.su.se> - - * admin/ktutil.8: document -v, --verbose - - * admin/get.c (kt_get): make getarg usage consistent with other - other parts of ktutil - - * admin/copy.c (kt_copy): remove adding verbose_flag to args - struct, since it will overrun the args array (from Sumit Bose) - -2003-01-15 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = - ... } - - * lib/krb5/aes-test.c: test vectors in aes-draft - - * lib/krb5/Makefile.am: add aes-test.c - - * lib/krb5/crypto.c: Add support for AES - (draft-raeburn-krb-rijndael-krb-02), not enabled by default. - (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify - to support checksumtype that are have a shorter wireformat then - their output block size. - - * lib/krb5/crypto.c (struct encryption_type): split the blocksize - into blocksize and padsize, padsize is the minimum padding - size. they are the same for now - (enctype_*): add padsize - (encrypt_internal): use padsize - (encrypt_internal_derived): use padsize - (wrapped_length): use padsize - (wrapped_length_dervied): use padsize - - * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key - function for each enctype in preparation enctypes that uses - `Encryption and Checksum Specifications for Kerberos 5' draft - - * lib/asn1/k5.asn1: add checksum and enctype for AES from - draft-raeburn-krb-rijndael-krb-02.txt - - * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, - KEYTYPE_AES256 - -2003-01-14 Love Hörnquist Åstrand <lha@it.su.se> - - * lib/hdb/common.c (_hdb_fetch): handle error code from - hdb_value2entry - - * kdc/Makefile.am: always include kerberos4.c and 524.c in - kdc_SOURCES to support 524 - - * kdc/524.c: always compile in support for 524 - - * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 - - * kdc/config.c: always compile in support for 524 - - * kdc/connect.c: always compile in support for 524 - - * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() - even when we build without kerberos 4, 524 needs them - - * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out - Kerberos 4 help functions/structures so other parts of the source - tree can use it (like the KDC) - |
