diff options
| author | nectar <nectar@FreeBSD.org> | 2002-08-30 21:23:27 +0000 |
|---|---|---|
| committer | nectar <nectar@FreeBSD.org> | 2002-08-30 21:23:27 +0000 |
| commit | a77dba08ca7d8ad2f2dcd653974ac66df78cfa49 (patch) | |
| tree | 6015f89700252fb05eb8fa267c46dba41913e9d8 /crypto/heimdal/ChangeLog | |
| parent | 69a91bec14ec3ad49d1c8a82c40a796755f9e4a3 (diff) | |
| download | FreeBSD-src-a77dba08ca7d8ad2f2dcd653974ac66df78cfa49.zip FreeBSD-src-a77dba08ca7d8ad2f2dcd653974ac66df78cfa49.tar.gz | |
Import of Heimdal Kerberos from KTH repository circa 2002/08/29.
Diffstat (limited to 'crypto/heimdal/ChangeLog')
| -rw-r--r-- | crypto/heimdal/ChangeLog | 1286 |
1 files changed, 297 insertions, 989 deletions
diff --git a/crypto/heimdal/ChangeLog b/crypto/heimdal/ChangeLog index 3c94624..ecccf1d 100644 --- a/crypto/heimdal/ChangeLog +++ b/crypto/heimdal/ChangeLog @@ -1,1170 +1,478 @@ -2002-02-15 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file - before we need to write to it - (from Åke Sandgren) - -2002-02-14 Johan Danielsson <joda@pdc.kth.se> - - * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via - rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES - directly - - * lib/krb5/rd_safe.c: actually use the correct key (from Daniel - Kouril) - -2002-02-12 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/context.c (krb5_get_err_text): protect against NULL - context - -2002-02-11 Johan Danielsson <joda@pdc.kth.se> - - * admin/ktutil.c: no need to use the "modify" keytab anymore - - * lib/krb5/keytab_any.c: implement add and remove - - * lib/krb5/keytab_krb4.c: implement add and remove - - * lib/krb5/store_emem.c (emem_free): clear memory before freeing - (this should perhaps be selectable with a flag) - -2002-02-04 Johan Danielsson <joda@pdc.kth.se> - - * kdc/config.c (get_dbinfo): if there are database specifications - in the config file, don't automatically try to use the default - values (from Gombas Gabor) - - * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer - (from Gombas Gabor) - -2002-01-30 Johan Danielsson <joda@pdc.kth.se> - - * admin/list.c: get the default keytab from krb5.conf, and list - all parts of an ANY type keytab - - * lib/krb5/context.c: default default_keytab_modify to NULL - - * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify - name is specified take it from the first component of the default - keytab name - -2002-01-29 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/keytab.c: compare keytab types case insensitively - -2002-01-07 Assar Westerlund <assar@sics.se> - - * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's - not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org> - * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben - Harris <bjh21@netbsd.org> - * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben - Harris <bjh21@netbsd.org> - * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris - <bjh21@netbsd.org> - -2001-12-20 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/crypto.c: use our own des string-to-key function, since - the one from openssl sometimes generates wrong output - -2001-12-05 Jacques Vidrine <n@nectar.cc> - - * lib/hdb/mkey.c: fix a bug in which kstash would crash if - there were no /etc/krb5.conf - -2001-10-29 Jacques Vidrine <n@nectar.com> - - * admin/get.c: fix a bug in which a reference to a data - structure on the stack was being kept after the containing - function's lifetime, resulting in a segfault during `ktutil - get'. - -2001-10-22 Assar Westerlund <assar@sics.se> - - * lib/krb5/crypto.c: make all high-level encrypting and decrypting - functions check the return value of the underlying function and - handle errors more consistently. noted by Sam Hartman - <hartmans@mit.edu> - -2001-10-21 Assar Westerlund <assar@sics.se> - - * lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a - non-keyed checksum when it should be non-keyed - -2001-09-29 Assar Westerlund <assar@sics.se> - - * kuser/kinit.1: add the kauth alias - * kuser/kinit.c: allow specification of afslog in krb5.conf, noted - by jhutz@cs.cmu.edu - -2001-09-27 Assar Westerlund <assar@sics.se> - - * lib/asn1/gen.c: remove the need for libasn1.h, also make - generated files include all files from IMPORTed modules - - * lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values - * kpasswd/kpasswd.c: improve error message printing - * lib/krb5/changepw.c (krb5_passwd_result_to_string): add change - to use sequence numbers connect the udp socket so that we can - figure out the local address - -2001-09-25 Assar Westerlund <assar@sics.se> - - * lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED - -2001-09-20 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/principal.c (krb5_425_conv_principal_ext): try using - lower case realm as domain, but only when given a verification - function - -2001-09-20 Assar Westerlund <assar@sics.se> - - * lib/asn1/der_put.c (der_put_length): do not even try writing - anything when len == 0 - -2001-09-18 Johan Danielsson <joda@pdc.kth.se> - - * kdc/hpropd.c: add realm override option - - * lib/krb5/set_default_realm.c (krb5_set_default_realm): make - realm parameter const - - * kdc/hprop.c: more free's - - * lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key - proc data - - * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free - addrinfo - - * lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when - not returning error - -2001-09-16 Assar Westerlund <assar@sics.se> - - * lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time): - make realm const - - * lib/krb5/crypto.c: use des functions to avoid generating - warnings with openssl's prototypes - -2001-09-05 Johan Danielsson <joda@pdc.kth.se> - - * configure.in: check for termcap.h - - * lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy - -2001-09-03 Assar Westerlund <assar@sics.se> - - * lib/krb5/addr_families.c (krb5_print_address): handle snprintf - returning < 0. noticed by hin@stacken.kth.se - -2001-09-03 Assar Westerlund <assar@sics.se> - - * Release 0.4e - -2001-09-02 Johan Danielsson <joda@pdc.kth.se> - - * kuser/Makefile.am: install kauth as a symlink to kinit - - * kuser/kinit.c: get v4_tickets by default - - * lib/asn1/Makefile.am: fix for broken automake - -2001-08-31 Johan Danielsson <joda@pdc.kth.se> - - * lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke - Howard - - * kuser/kinit.1: remove references to kauth - - * kuser/Makefile.am: kauth is no more - - * kuser/kinit.c: use appdefaults for everything. defaults are now - as in kauth. - - * lib/krb5/appdefault.c: also check libdefaults, and realms/realm - - * lib/krb5/context.c (krb5_free_context): free more stuff - -2001-08-30 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/verify_krb5_conf.c: do some checks of the values in the - file - - * lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling - - * lib/krb5/context.c: don't init srv_try_txt, since it isn't used - anymore - -2001-08-29 Jacques Vidrine <n@nectar.com> - - * configure.in: Check for already-installed com_err. - -2001-08-28 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1 - -2001-08-24 Assar Westerlund <assar@sics.se> - - * kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require - no special treatment now - - * kuser/generate-requests.c: parse arguments in a useful way - * kuser/kverify.c: add --help/--verify - -2001-08-22 Assar Westerlund <assar@sics.se> - - * configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4 - - * configure.in: re-write the handling of crypto libraries. try to - use the one of openssl's libcrypto or krb4's libdes that has all - the required functionality (md4, md5, sha1, des, rc4). if there - is no such library, the included lib/des is built. - - * kdc/headers.h: include libutil.h if it exists - * kpasswd/kpasswd_locl.h: include libutil.h if it exists - * kdc/kerberos4.c (get_des_key): check for null keys even if - is_server - -2001-08-21 Assar Westerlund <assar@sics.se> - - * lib/asn1/asn1_print.c: print some size_t correctly - * configure.in: remove extra space after -L check for libutil.h - -2001-08-17 Johan Danielsson <joda@pdc.kth.se> - - * kdc/kdc_locl.h: fix prototype for get_des_key - - * kdc/kaserver.c: fix call to get_des_key - - * kdc/524.c: fix call to get_des_key - - * kdc/kerberos4.c (get_des_key): if getting a key for a server, - return any des-key not just keys that can be string-to-keyed by - the client - -2001-08-10 Assar Westerlund <assar@sics.se> - - * Release 0.4d - -2001-08-10 Assar Westerlund <assar@sics.se> - - * configure.in: check for openpty - * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0 - -2001-08-08 Assar Westerlund <assar@sics.se> - - * configure.in: just add -L (if required) from krb4 when testing - for libdes/libcrypto - -2001-08-04 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am (man_MANS): add some missing man pages - * fix-export: fix the sed expression for finding the man pages - -2001-07-31 Assar Westerlund <assar@sics.se> - - * kpasswd/kpasswd-generator.c (main): implement --version and - --help - - * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to - 18:1:1 - -2001-07-27 Assar Westerlund <assar@sics.se> - - * lib/krb5/context.c (init_context_from_config_file): check - parsing of addresses - -2001-07-26 Assar Westerlund <assar@sics.se> - - * lib/krb5/sock_principal.c (krb5_sock_to_principal): rename - sa_len -> salen to avoid the macro that's defined on irix. noted - by "Jacques A. Vidrine" <n@nectar.com> - -2001-07-24 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/addr_families.c: add support for type - KRB5_ADDRESS_ADDRPORT - - * lib/krb5/addr_families.c (krb5_address_order): complain about - unsuppored address types - -2001-07-23 Johan Danielsson <joda@pdc.kth.se> - - * admin/get.c: don't open connection to server until we loop over - the principals, at that time we know the realm of the (first) - principal and we can default to that admin server - - * admin: add a rename command - -2001-07-19 Assar Westerlund <assar@sics.se> - - * kdc/hprop.c (usage): clarify a tiny bit - -2001-07-19 Assar Westerlund <assar@sics.se> +2002-08-28 Assar Westerlund <assar@kth.se> - * Release 0.4c + * kdc/config.c: add missing ifdef DAEMON -2001-07-19 Assar Westerlund <assar@sics.se> +2002-08-28 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to - 18:0:1 - - * lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave - the same way as the MIT function - - * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0 - * lib/krb5/sock_principal.c (krb5_sock_to_principal): use - getnameinfo - - * lib/krb5/krbhst.c (srv_find_realm): handle port numbers - consistenly in local byte order - - * lib/krb5/get_default_realm.c (krb5_get_default_realm): set an - error string - - * kuser/kinit.c (renew_validate): invert condition correctly. get - v4 tickets if we succeed renewing - * lib/krb5/principal.c (krb5_principal_get_type): add - (default_v4_name_convert): add "smtp" - -2001-07-13 Assar Westerlund <assar@sics.se> - - * configure.in: remove make-print-version from LIBOBJS, it's no - longer in lib/roken but always built in lib/vers - -2001-07-12 Johan Danielsson <joda@pdc.kth.se> - - * lib/hdb/mkey.c: more set_error_string - -2001-07-12 Assar Westerlund <assar@sics.se> - - * lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library - dependencies - - * lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library - dependencies - -2001-07-11 Johan Danielsson <joda@pdc.kth.se> - - * kdc/hprop.c: remove v4 master key handling; remove old v4-db and - ka-db flags; add defaults for v4_realm and afs_cell - -2001-07-09 Assar Westerlund <assar@sics.se> - - * lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname - before calling krb5_sname_to_principal. from "Jacques A. Vidrine" - <n@nectar.com> - -2001-07-08 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/context.c: use krb5_copy_addresses instead of - copy_HostAddresses - -2001-07-06 Assar Westerlund <assar@sics.se> - - * configure.in (LIB_des_a, LIB_des_so): add these so that they can - be used by lib/auth/sia - - * kuser/kinit.c: re-do some of the v4 fallbacks: look at - get-tokens flag do not print extra errors do not try to do 524 if - we got tickets from a v4 server - -2001-07-03 Assar Westerlund <assar@sics.se> - - * lib/krb5/replay.c (krb5_get_server_rcache): cast argument to - printf - - * lib/krb5/get_addrs.c (find_all_addresses): call free_addresses - on ignore_addresses correctly - * lib/krb5/init_creds.c - (krb5_get_init_creds_opt_set_default_flags): change to take a - const realm - - * lib/krb5/principal.c (krb5_425_conv_principal_ext): if the - instance is the first component of the local hostname, the - converted host should be the long hostname. from - <shadow@dementia.org> - -2001-07-02 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/Makefile.am: address.c is no more; add a couple of - manpages - - * lib/krb5/krb5_timeofday.3: new manpage - - * lib/krb5/krb5_get_all_client_addrs.3: new manpage - - * lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as - wildcard - - * lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as - wildcard - - * lib/krb5/get_addrs.c: don't include client addresses that match - ignore_addresses - - * lib/krb5/context.c: initialise ignore_addresses - - * lib/krb5/addr_families.c: add new `arange' fake address type, - that matches more than one address; this required some internal - changes to many functions, so all of address.c got moved here - (wasn't much left there) - - * lib/krb5/krb5.h: add list of ignored addresses to context - -2001-07-03 Assar Westerlund <assar@sics.se> - - * Release 0.4b - -2001-07-03 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0 - * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0 + * configure.in: use rk_SUNOS -2001-07-03 Assar Westerlund <assar@sics.se> + * kdc/config.c: add detach options - * Release 0.4a + * kdc/main.c: maybe detach from console? -2001-07-02 Johan Danielsson <joda@pdc.kth.se> + * kdc/kdc.8: markup changes - * kuser/kinit.c: make this compile without krb4 support + * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE - * lib/krb5/write_message.c: remove priv parameter from - write_safe_message; don't know why it was there in the first place + * configure.in: use rk_TELNET, rename some other macros, and don't + add -ldes to krb4 link command - * doc/install.texi: remove kaserver switches, it's always compiled - in now + * kuser/kinit.1: whitespace fix (from NetBSD) - * kdc/hprop.c: always include kadb support + * include/bits.c: we may need unistd.h for ssize_t - * kdc/kaserver.c: always include kaserver support +2002-08-26 Assar Westerlund <assar@kth.se> -2001-07-02 Assar Westerlund <assar@sics.se> + * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA + rrs before A ones when using the resolver to verify a mapping, + also use getaddrinfo when resolver is not available - * kpasswd/kpasswdd.c (doit): make failing to bind a socket a - non-fatal error, and abort if no sockets were bound + * lib/hdb/keytab.c (find_db): const-correctness in parameters to + krb5_config_get_next -2001-07-01 Assar Westerlund <assar@sics.se> + * lib/asn1/gen.c: include <string.h> in the generated files (for + memset) - * lib/krb5/krbhst.c: remember the real port number when falling - back from kpasswd -> kadmin, and krb524 -> kdc +2002-08-22 Assar Westerlund <assar@kth.se> -2001-06-29 Assar Westerlund <assar@sics.se> + * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use + getarg so that it can handle --help and --version (and thus make + check can pass) - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if - no_addresses is set, do not add any local addresses to KRB_CRED + * lib/asn1/check-der.c: make this build again - * kuser/kinit.c: remove extra clearing of password and some - redundant code +2002-08-22 Assar Westerlund <assar@kth.se> -2001-06-29 Johan Danielsson <joda@pdc.kth.se> + * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a + patch from Love <lha@stacken.kth.se> - * kuser/kinit.c: move ticket conversion code to separate function, - and call that from a couple of places, like when renewing a - ticket; also add a flag for just converting a ticket +2002-08-22 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/init_creds_pw.c: set renew-life to some sane value - - * kdc/524.c: don't send more data than required - -2001-06-24 Assar Westerlund <assar@sics.se> - - * lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns - - * lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY: - (any_start_seq_get): remove a double free - (any_next_entry): iterate over all (sub) keytabs and avoid leave data - around to be freed again + * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP + KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter + + * kdc/kdc.8: add blurb about adding and removing addresses; update + kdc.conf section to match reality - * kdc/kdc_locl.h: add a define for des_new_random_key when using - openssl's libcrypto + * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so + don't define it + +2002-08-21 Assar Westerlund <assar@kth.se> + + * lib/asn1/asn1_print.c: print OIDs too, based on a patch from + Love <lha@stacken.kth.se> - * configure.in: move v6 tests down +2002-08-21 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052 + * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2 + since it might not exist, and we don't actually care about the key + +2002-08-20 Johan Danielsson <joda@pdc.kth.se> - * update to libtool 1.4 and autoconf 2.50 + * lib/krb5/krb5.conf.5: correct documentation for + verify_ap_req_nofail -2001-06-22 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from + Mattias Amnefelt) - * lib/hdb/hdb.c: use krb5_add_et_list + * kuser/klist.c (display_tokens): increase token buffer size, and + add more checks of the kernel data (from Love) -2001-06-21 Johan Danielsson <joda@pdc.kth.se> +2002-08-19 Johan Danielsson <joda@pdc.kth.se> - * lib/hdb/Makefile.am: add generation number - * lib/hdb/common.c: add generation number code - * lib/hdb/hdb.asn1: add generation number - * lib/hdb/print.c: use krb5_storage to make it more dynamic + * fix-export: use make to parse Makefile.am instead of perl -2001-06-21 Assar Westerlund <assar@sics.se> + * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it + groks AC_INIT with package name etc. - * lib/krb5/krb5.conf.5: update to changed names used by - krb5_get_init_creds_opt_set_default_flags - * lib/krb5/init_creds.c - (krb5_get_init_creds_opt_set_default_flags): make the appdefault - keywords have the same names + * kpasswd/kpasswdd.c: include <kadm5/private.h> - * configure.in: only add -L and -R to the krb4 libdir if we are - actually using it + * lib/asn1/asn1_print.c: include com_right.h - * lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing - dot of hostname add some comments - * lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when - testing for kerberos.REALM. this allows reusing that information - when actually contacting the server and thus avoids one DNS lookup + * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t -2001-06-20 Johan Danielsson <joda@pdc.kth.se> + * include/bits.c: define krb5_socklen_t type; this should really + go someplace else, but this was easy - * lib/krb5/krb5.h: include k524_err.h + * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file + fails, just warn about it - * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test - for keytype, the server will do this for us if it has anything to - complain about + * kdc/log.c (kdc_openlog): no need for a config_file parameter - * lib/krb5/context.c: add protocol compatible krb524 error codes + * kdc/config.c: just treat kdc.conf like any other config file - * lib/krb5/Makefile.am: add protocol compatible krb524 error codes + * lib/krb5/context.c (krb5_get_default_config_files): ignore + duplicate files - * lib/krb5/k524_err.et: add protocol compatible krb524 error codes +2002-08-16 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/krb5_principal_get_realm.3: manpage + * lib/krb5/krb5.h: turn strings into pointers, so we can assign to + them - * lib/krb5/principal.c: add functions `krb5_principal_get_realm' - and `krb5_principal_get_comp_string' that returns parts of a - principal; this is a replacement for the internal - `krb5_princ_realm' and `krb5_princ_component' macros that everyone - seem to use + * lib/krb5/constants.c: turn strings into pointers, so we can + assign to them -2001-06-19 Assar Westerlund <assar@sics.se> + * lib/krb5/get_addrs.c (get_addrs_int): initialise res if + SCAN_INTERFACES is not set - * kuser/kinit.c (main): dereference result from krb5_princ_realm. - from Thomas Nystrom <thn@saeab.se> + * lib/krb5/context.c: fix various borked stuff in previous commits -2001-06-18 Johan Danielsson <joda@pdc.kth.se> +2002-08-16 Jacques Vidrine <n@nectar.com> - * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done - * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak - * lib/krb5/krbhst.c (config_get_hosts): free hostlist - * kuser/kinit.c: free principal + * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using + the `admin_server' entry for kpasswd, override the `proto' result + to be UDP. -2001-06-18 Assar Westerlund <assar@sics.se> +2002-08-15 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra - freeaddrinfo + * lib/krb5/auth_context.c: check return value of + krb5_sockaddr2address - * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache): - remove some unused variables + * lib/krb5/addr_families.c: check return value of + krb5_sockaddr2address - * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly - * kdc/kerberos5.c: update to new krb5_auth_con* names - * kdc/hpropd.c: update to new krb5_auth_con* names - * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions - and remove some comments - * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right - order: remote - local - session - * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the - auth_context - * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct - order: remote - local - session - * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order, - local - remote - session + * lib/krb5/context.c: get the default keytab from KRB5_KTNAME -2001-06-18 Johan Danielsson <joda@pdc.kth.se> +2002-08-14 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/convert_creds.c: use starttime instead of authtime, - from Chris Chiappa + * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file - * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match - the MIT function by the same name; add - krb524_convert_creds_kdc_ccache that does what the old version did + * lib/krb5/context.c: allow changing config files with the + function krb5_set_config_files, there are also related functions + krb5_get_default_config_files and krb5_free_config_files; these + should work similar to their MIT counterparts - * admin/list.c (do_list): make sure list of keys is NULL - terminated; similar to patch sent by Chris Chiappa + * lib/krb5/config_file.c: allow the use of more than one config + file by using the new function krb5_config_parse_file_multi -2001-06-18 Assar Westerlund <assar@sics.se> +2002-08-12 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/mcache.c (mcc_remove_cred): use - krb5_free_creds_contents + * use sysconfdir instead of /etc - * lib/krb5/auth_context.c: name function krb5_auth_con more - consistenly - * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use - renamed krb5_auth_con_getauthenticator + * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc + to appease automake; force sysconfdir and localstatedir to /etc + and /var/heimdal for now - * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to - use krb5_krbhst API - * lib/krb5/changepw.c (krb5_change_password): update to use - krb5_krbhst API - * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API - * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port - in krb5_krbhst_info - (krb5_krbhst_free): free everything + * kdc/connect.c (addr_to_string): check return value of + sockaddr2address - * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add - (krb5_krbhst_info): add def_port (default port for this service) +2002-08-09 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/krbhst-test.c: make it more verbose and useful - * lib/krb5/krbhst.c: remove some more memory leaks do not try any - dns operations if there is local configuration admin: fallback to - kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin - add some comments + * lib/krb5/rd_cred.c: if the remote address isn't an addrport, + don't try comparing to one; this should make old clients work with + new servers - * configure.in: remove initstate and setstate, they should be in - cf/roken-frag.m4 + * lib/asn1/gen_decode.c: remove unused variable - * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test - * lib/krb5/krbhst-test.c: new program for testing krbhst - * lib/krb5/krbhst.c (common_init): remove memory leak - (main): move test program into krbhst-test +2002-07-31 Johan Danielsson <joda@pdc.kth.se> -2001-06-17 Johan Danielsson <joda@pdc.kth.se> + * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick + Brashear) - * lib/krb5/krb5_krbhst_init.3: manpage + * lib/krb5/principal.c: actually lower case the lower case + instance name (spotted by Derrick Brashear) - * lib/krb5/krb5_get_krbhst.3: manpage +2002-07-24 Johan Danielsson <joda@pdc.kth.se> -2001-06-16 Johan Danielsson <joda@pdc.kth.se> + * fix-export: if DATEDVERSION is set, change the version to + current date - * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type + * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set + LTLIBOBJS - * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle +2002-07-04 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/krb5.h: types for new krbhst api + * kdc/connect.c: add some cache-control-foo to the http responses + (from Gombas Gabor) - * lib/krb5/krbhst.c: implement a new api that looks up one host at - a time, instead of making a list of hosts + * lib/krb5/addr_families.c (krb5_print_address): don't copy size + if ret_len == NULL -2001-06-09 Johan Danielsson <joda@pdc.kth.se> +2002-06-28 Johan Danielsson <joda@pdc.kth.se> - * configure.in: test for initstate and setstate + * kuser/klist.c (display_tokens): don't bail out before we get + EDOM (signaling the end of the tokens), the kernel can also return + ENOTCONN, meaning that the index does not exist anymore (for + example if the token has expired) - * lib/krb5/krbhst.c: remove rfc2052 support +2002-06-06 Johan Danielsson <joda@pdc.kth.se> -2001-06-08 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/changepw.c: make sure we return an error if there are + no changepw hosts found; from Wynn Wilkes - * fix some manpages for broken mdoc.old grog test +2002-05-29 Johan Danielsson <joda@pdc.kth.se> -2001-05-28 Assar Westerlund <assar@sics.se> + * lib/krb5/cache.c (krb5_cc_register): break out of loop when the + same type is found; spotted by Wynn Wilkes - * lib/krb5/krb5.conf.5: add [appdefaults] - * lib/krb5/init_creds_pw.c: remove configuration reading that is - now done in krb5_get_init_creds_opt_set_default_flags - * lib/krb5/init_creds.c - (krb5_get_init_creds_opt_set_default_flags): add reading of - libdefaults versions of these and add no_addresses +2002-05-15 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string - when preauth was required and we retry + * kdc/kerberos5.c: don't free encrypted padata until we're really + done with it -2001-05-25 Assar Westerlund <assar@sics.se> +2002-05-07 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call - krb5_get_krb524hst - * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the - support functions + * kdc/kerberos5.c: when decrypting pa-data, try all keys matching + enctype -2001-05-22 Assar Westerlund <assar@sics.se> + * kuser/kinit.1: document -a - * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec - properly + * kuser/kinit.c: add command line switch for extra addresses -2001-05-17 Assar Westerlund <assar@sics.se> +2002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se> - * Release 0.3f + * configure.in: remove some duplicate tests -2001-05-17 Assar Westerlund <assar@sics.se> + * configure.in: use AC_HELP_STRING - * lib/krb5/Makefile.am: bump version to 16:0:0 - * lib/hdb/Makefile.am: bump version to 7:1:0 - * lib/asn1/Makefile.am: bump version to 5:0:0 - * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4 - * lib/krb5/codec.c: remove dead code +2002-04-29 Johan Danielsson <joda@pdc.kth.se> -2001-05-17 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is + unknown - * kdc/config.c: actually check the ticket addresses +2002-04-25 Johan Danielsson <joda@pdc.kth.se> -2001-05-15 Assar Westerlund <assar@sics.se> + * configure.in: use rk_DESTDIRS - * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct - parenthesis +2002-04-22 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add - `errno' (called system_error) to allow callers to make sure they - pass the current and relevant value. update callers + * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies + the principal -2001-05-14 Johan Danielsson <joda@pdc.kth.se> +2002-04-19 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/verify_user.c: krb5_verify_user_opt + * lib/krb5/verify_init.c: fix typo in error string - * lib/krb5/krb5.h: verify_opt +2002-04-18 Johan Danielsson <joda@pdc.kth.se> - * kdc/kerberos5.c: pass context to krb5_domain_x500_decode + * acconfig.h: remove some stuff that is defined elsewhere -2001-05-14 Assar Westerlund <assar@sics.se> + * lib/krb5/krb5_locl.h: include <sys/file.h> - * kpasswd/kpasswdd.c: adapt to new address functions - * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE - * kdc/connect.c: adapt to changing address functions - * kdc/config.c: new krb5_config_parse_file - * kdc/524.c: new krb5_sockaddr2address - * lib/krb5/*: add some krb5_{set,clear}_error_string + * lib/krb5/acl.c: rename acl_string parameter - * lib/asn1/k5.asn1 (LR_TYPE): add - * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x + * lib/krb5/Makefile.am: remove __P from protos, and put parameter + names in comments -2001-05-11 Assar Westerlund <assar@sics.se> + * kuser/klist.c: better align some headers - * kdc/kerberos5.c (tsg_rep): fix typo in variable name + * kdc/kerberos4.c: storage tweaks - * kpasswd/kpasswd-generator.c (nop_prompter): update prototype - * lib/krb5/init_creds_pw.c: update to new prompter, use prompter - types and send two prompts at once when changning password - * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name - * lib/krb5/krb5.h (krb5_prompt): add type - (krb5_prompter_fct): add anem + * kdc/kaserver.c: storage tweaks - * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two - paramaters to krb5_cc_next_cred (as MIT does, and not as they - document). From "Jacques A. Vidrine" <n@nectar.com> + * kdc/524.c: storage tweaks -2001-05-11 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/keytab_krb4.c: storage tweaks - * lib/krb5/Makefile.am: store-test + * lib/krb5/keytab_keyfile.c: storage tweaks - * lib/krb5/store-test.c: simple bit storage test + * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero + sized keytab files - * lib/krb5/store.c: add more byteorder storage flags - - * lib/krb5/krb5.h: add more byteorder storage flags - - * kdc/kerberos5.c: don't use NULL where we mean 0 + * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END - * kdc/kerberos5.c: put referral test code in separate function, - and test for KRB5_NT_SRV_INST + * lib/krb5/fcache.c: storage tweaks -2001-05-10 Assar Westerlund <assar@sics.se> + * lib/krb5/store_mem.c: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable - * admin/list.c (do_list): do not close the keytab if opening it - failed - * admin/list.c (do_list): always print complete names. print - everything to stdout. - * admin/list.c: print both v5 and v4 list by default - * admin/remove.c (kt_remove): reorganize some. open the keytab - (defaulting to the modify one). - * admin/purge.c (kt_purge): reorganize some. open the keytab - (defaulting to the modify one). correct usage strings - * admin/list.c (kt_list): reorganize some. open the keytab - * admin/get.c (kt_get): reorganize some. open the keytab - (defaulting to the modify one) - * admin/copy.c (kt_copy): default to modify key name. re-organise - * admin/change.c (kt_change): reorganize some. open the keytab - (defaulting to the modify one) - * admin/add.c (kt_add): reorganize some. open the keytab - (defaulting to the modify one) - * admin/ktutil.c (main): do not open the keytab, let every - sub-function handle it + * lib/krb5/store_fd.c: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable - * kdc/config.c (configure): call free_getarg_strings + * lib/krb5/store_emem.c: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable - * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for - a few more errors + * lib/krb5/store.c: make the krb5_storage opaque, and add function + wrappers for store/fetch/seek, and also make the eof-code + configurable - * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make - `use_dns' parameter boolean + * lib/krb5/store-int.h: make the krb5_storage opaque, and add + function wrappers for store/fetch/seek, and also make the eof-code + configurable - * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify - * lib/krb5/context.c (init_context_from_config_file): set - default_keytab_modify - * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to - ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab - (KEYTAB_DEFAULT_MODIFY): add - * lib/krb5/keytab.c (krb5_kt_default_modify_name): add - (krb5_kt_resolve): set error string for failed keytab type + * lib/krb5/krb5.h: make the krb5_storage opaque, and add function + wrappers for store/fetch/seek, and also make the eof-code + configurable -2001-05-08 Assar Westerlund <assar@sics.se> + * include/bits.c: include <sys/socket.h> to get socklen_t - * lib/krb5/crypto.c (encryption_type): make field names more - consistent - (create_checksum): separate usage and type - (krb5_create_checksum): add a separate type parameter - (encrypt_internal): only free once on mismatched checksum length + * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by + requested KDC-REQ etypes - * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what - realm we didn't manage to reach any KDC for in the error string + * kdc/hpropd.c: constify - * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free - the entire subkey. from <tmartin@mirapoint.com> + * kdc/hprop.c: constify -2001-05-07 Johan Danielsson <joda@pdc.kth.se> + * kdc/string2key.c: constify - * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return - KT_NOTFOUND if the file is empty + * kdc/kdc_locl.h: make port_str const -2001-05-07 Assar Westerlund <assar@sics.se> + * kdc/config.c: constify - * lib/krb5/fcache.c: call krb5_set_error_string when open fails - fatally - * lib/krb5/keytab_file.c: call krb5_set_error_string when open - fails fatally + * lib/krb5/config_file.c: constify - * lib/krb5/warn.c (_warnerr): print error_string in context in - preference to error string derived from error code - * kuser/kinit.c (main): try to print the error string - * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible - error strings for errors + * kdc/kstash.c: constify - * lib/krb5/krb5.h (krb5_context_data): add error_string and - error_buf - * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c - * lib/krb5/error_string.c: new file + * lib/krb5/verify_user.c: remove unnecessary cast -2001-05-02 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/recvauth.c: constify - * lib/krb5/time.c: krb5_string_to_deltat + * lib/krb5/principal.c (krb5_parse_name): const qualify - * lib/krb5/sock_principal.c: one less data copy + * lib/krb5/mcache.c (mcc_get_name): constify return type - * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's + * lib/krb5/context.c (krb5_free_context): don't try to free the + ccache prefix - * lib/krb5/get_default_principal.c: change this slightly + * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the + prefix - * lib/krb5/crypto.c: make checksum_types into an array of pointers + * lib/krb5/krb5.h: constify some struct members - * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc - ticket + * lib/krb5/log.c: constify -2001-04-29 Assar Westerlund <assar@sics.se> + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const + qualify - * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for - the right realm if we fail to find a non-krbtgt service in the - database and the second component does a succesful non-dns lookup - to get the real realm (which has to be different from the - originally-supplied realm). this should help windows 2000 clients - that always start their lookups in `their' realm and do not have - any idea of how to map hostnames into realms - * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm + * lib/krb5/get_in_tkt.c (krb5_init_etype): constify -2001-04-27 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/crypto.c: constify some - * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra - parameter to request use of dns or not + * lib/krb5/config_file.c: constify -2001-04-25 Assar Westerlund <assar@sics.se> + * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): + constify local variable - * admin/get.c (kt_get): allow specification of encryption types - * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to - close an unopened ccache, noted by <marc@mit.edu> + * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify - * lib/krb5/krb5.h (krb5_any_ops): add declaration - * lib/krb5/context.c (init_context_from_config_file): register - krb5_any_ops +2002-04-17 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/keytab_any.c: new file, implementing union of keytabs - * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c + * lib/krb5/verify_krb5_conf.c: add some log checking - * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options - == NULL. noted by <marc@mit.edu> - -2001-04-19 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything - else, from Jacques Vidrine - -2001-04-18 Johan Danielsson <joda@pdc.kth.se> - - * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h - - * lib/asn1/Makefile.am: add asn1_ENCTYPE.x - - * lib/krb5/krb5.h: adapt to asn1 changes - - * lib/asn1/k5.asn1: move enctypes here - - * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid - conflicts - - * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid - conflicts - - * lib/asn1/lex.l: use strtol to parse constants - -2001-04-06 Johan Danielsson <joda@pdc.kth.se> - - * kuser/kinit.c: add simple support for running commands - -2001-03-26 Assar Westerlund <assar@sics.se> - - * lib/hdb/hdb-ldap.c: change order of includes to allow it to work - with more versions of openldap - - * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error - replies - (*): update callers of krb5_km_error - (check_tgs_flags): handle renews requesting non-renewable tickets - - * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime - and cusec - - * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add - compatibility names - - * lib/krb5/crypto.c (create_checksum): change so that `type == 0' - means pick from the `crypto' (context) and otherwise use that - type. this is not a large change in practice and allows callers - to specify the exact checksum algorithm to use - -2001-03-13 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back - to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad - integrity'. this helps for talking to old (pre 0.3d) KDCs - -2001-03-12 Assar Westerlund <assar@pdc.kth.se> - - * lib/krb5/crypto.c (krb5_derive_key): new function, used by - derived-key-test.c - * lib/krb5/string-to-key-test.c: add new test vectors posted by - Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to - ietf-krb-wg@anl.gov - * lib/krb5/n-fold-test.c: more test vectors from same source - * lib/krb5/derived-key-test.c: more tests from same source - -2001-03-06 Assar Westerlund <assar@sics.se> - - * acconfig.h: include roken_rename.h when appropriate - -2001-03-06 Assar Westerlund <assar@sics.se> - - * lib/krb5/krb5.h (krb5_enctype): remove trailing comma - -2001-03-04 Assar Westerlund <assar@sics.se> - - * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for - compatibility with MIT krb5 - -2001-03-02 Assar Westerlund <assar@sics.se> + * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing - * kuser/kinit.c (main): only request a renewable ticket when - explicitly requested. it still gets a renewable one if the renew - life is specified - * kuser/kinit.c (renew_validate): treat -1 as flags not being set +2002-04-16 Johan Danielsson <joda@pdc.kth.se> -2001-02-28 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/crypto.c (krb5_crypto_init): check that the key size + matches the expected length - * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list +2002-03-27 Johan Danielsson <joda@pdc.kth.se> -2001-02-27 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/send_to_kdc.c: rename send parameter to send_data - * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt + * lib/krb5/mk_error.c: rename ctime parameter to client_time -2001-02-25 Assar Westerlund <assar@sics.se> +2002-03-22 Johan Danielsson <joda@pdc.kth.se> - * configure.in: do not use -R when testing for des functions + * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from + Reinoud Zandijk) -2001-02-14 Assar Westerlund <assar@sics.se> +2002-03-18 Johan Danielsson <joda@pdc.kth.se> - * configure.in: test for lber.h when trying to link against - openldap to handle openldap v1, from Sumit Bose - <sumit.bose@suse.de> + * lib/asn1/k5.asn1: add the GSS-API checksum type here -2001-02-19 Assar Westerlund <assar@sics.se> - - * lib/asn1/libasn1.h: add string.h (for memset) - -2001-02-15 Assar Westerlund <assar@sics.se> - - * lib/krb5/warn.c (_warnerr): add printf attributes - * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address - returned by getaddrinfo before trying the next kdc. from - thorpej@netbsd.org - - * lib/krb5/krb5.conf.5: fix default_realm in example - - * kdc/connect.c: fix a few kdc_log format types - - * configure.in: try to handle libdes/libcrypto ont requiring -L - -2001-02-10 Assar Westerlund <assar@sics.se> - - * lib/asn1/gen_decode.c (generate_type_decode): zero the data at - the beginning of the generated function, and add a label `fail' - that the code jumps to in case of errors that frees all allocated - data - -2001-02-07 Assar Westerlund <assar@sics.se> - - * configure.in: aix dce: fix misquotes, from Ake Sandgren - <ake@cs.umu.se> - - * configure.in (dpagaix_LDFLAGS): try to add export file - -2001-02-05 Assar Westerlund <assar@sics.se> - - * lib/krb5/krb5_keytab.3: new man page, contributed by - <lha@stacken.kth.se> - - * kdc/kaserver.c: update to new db_fetch4 - -2001-02-05 Assar Westerlund <assar@assaris.sics.se> - - * Release 0.3e - -2001-01-30 Assar Westerlund <assar@sics.se> - - * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key - properly - (kdb_prop): decrypt key properly - * kdc/hprop.c: handle building with KRB4 always try to decrypt v4 - data with the master key leave it up to the v5 how to encrypt with - that master key - - * kdc/kstash.c: include file name in error messages - * kdc/hprop.c: fix a typo and check some more return values - * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s - correctly. From Jacques Vidrine <n@nectar.com> - * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than - ENOENT +2002-03-11 Assar Westerlund <assar@sics.se> * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to - 15:0:0 - * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0 - * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2 - * kdc/misc.c (db_fetch): return an error code. change callers to - look at this and try to print it in log messages - - * lib/krb5/crypto.c (decrypt_internal_derived): check that there's - enough data - -2001-01-29 Assar Westerlund <assar@sics.se> - - * kdc/hprop.c (realm_buf): move it so it becomes properly - conditional on KRB4 - - * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey, - hdb_unseal_keys, hdb_seal_keys): check that we have the correct - master key and that we manage to decrypt the key properly, - returning an error code. fix all callers to check return value. - - * tools/krb5-config.in: use @LIB_des_appl@ - * tools/Makefile.am (krb5-config): add LIB_des_appl - * configure.in (LIB_des): set correctly - (LIB_des_appl): add for the use by krb5-config.in - - * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write} - to make sure of not dropping data when doing it over a socket. - (this might break when used with ordinary files on win32) - - * lib/hdb/hdb_err.et (NO_MKEY): add - - * kdc/kerberos5.c (as_rep): be paranoid and check - krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se> - - * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3, - lib/krb5/krb5_auth_context.3: add new man pages, contributed by - <lha@stacken.kth.se> - - * use the openssl api for md4/md5/sha and handle openssl/*.h - - * kdc/kaserver.c (do_getticket): check length of ticket. noted by - <lha@stacken.kth.se> - -2001-01-28 Assar Westerlund <assar@sics.se> - - * configure.in: send -R instead of -rpath to libtool to set - runtime library paths - - * lib/krb5/Makefile.am: remove all dependencies on libkrb - -2001-01-27 Assar Westerlund <assar@sics.se> - - * appl/rcp: add port of bsd rcp changed to use existing rsh, - contributed by Richard Nyberg <rnyberg@it.su.se> + 18:3:1 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0 + * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0 + +2002-03-10 Assar Westerlund <assar@sics.se> -2001-01-27 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/rd_cred.c: handle addresses with port numbers - * lib/krb5/get_port.c: don't warn if the port name can't be found, - nobody cares anyway + * lib/krb5/keytab_file.c, lib/krb5/keytab.c: + store the kvno % 256 as the byte and the complete 32 bit kvno after + the end of the current keytab entry -2001-01-26 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/init_creds_pw.c: + handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way - * kdc/hprop.c: make it possible to convert a v4 dump file without - having any v4 libraries; the kdb backend still require them + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): + handle ports giving for the remote address - * kdc/v4_dump.c: include shadow definition of kdb Principal, so we - don't have to depend on any v4 libraries + * lib/krb5/get_cred.c: + get a ticket with no addresses if no-addresses is set - * kdc/hprop.h: include shadow definition of kdb Principal, so we - don't have to depend on any v4 libraries + * lib/krb5/crypto.c: + rename functions DES_* to krb5_* to avoid colliding with modern + openssl - * lib/hdb/print.c: reduce number of memory allocations + * lib/krb5/addr_families.c: + make all functions taking 'struct sockaddr' actually take a socklen_t + instead of int and that acts as an in-out parameter (indicating the + maximum length of the sockaddr to be written) - * lib/hdb/mkey.c: add support for reading krb4 /.k files + * kdc/kerberos4.c: + make the kvno's in the krb4 universe by the real one % 256, since they + cannot only be 8 bit, and the v5 ones are actually 32 bits -2001-01-19 Assar Westerlund <assar@sics.se> +2002-02-15 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server - for realms document capath better + * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file + before we need to write to it + (from Åke Sandgren) - * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look - at kpasswd_server before admin_server +2002-02-14 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in - [libdefaults]capath for better hint of realm to send request to. - this allows the client to specify `realm routing information' in - case it cannot be done at the server (which is preferred) + * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via + rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES + directly - * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as - zero when we were expecting a sequence number. MIT krb5 cannot - generate a sequence number of zero, instead generating no sequence - number - * lib/krb5/rd_safe.c (krb5_rd_safe): dito + * lib/krb5/rd_safe.c: actually use the correct key (from Daniel + Kouril) -2001-01-11 Assar Westerlund <assar@sics.se> +2002-02-12 Johan Danielsson <joda@pdc.kth.se> - * kpasswd/kpasswdd.c: add --port option + * lib/krb5/context.c (krb5_get_err_text): protect against NULL + context -2001-01-10 Assar Westerlund <assar@sics.se> +2002-02-11 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition - just before returning + * admin/ktutil.c: no need to use the "modify" keytab anymore -2001-01-09 Assar Westerlund <assar@sics.se> + * lib/krb5/keytab_any.c: implement add and remove - * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred + * lib/krb5/keytab_krb4.c: implement add and remove -2001-01-05 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/store_emem.c (emem_free): clear memory before freeing + (this should perhaps be selectable with a flag) - * kuser/kinit.c: call a time `time', and not `seconds' +2002-02-04 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/init_creds.c: not much point in setting the anonymous - flag here + * kdc/config.c (get_dbinfo): if there are database specifications + in the config file, don't automatically try to use the default + values (from Gombas Gabor) - * lib/krb5/krb5_appdefault.3: document appdefault_time + * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer + (from Gombas Gabor) -2001-01-04 Johan Danielsson <joda@pdc.kth.se> +2002-01-30 Johan Danielsson <joda@pdc.kth.se> - * lib/krb5/verify_user.c: use - krb5_get_init_creds_opt_set_default_flags + * admin/list.c: get the default keytab from krb5.conf, and list + all parts of an ANY type keytab - * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags + * lib/krb5/context.c: default default_keytab_modify to NULL - * lib/krb5/init_creds.c: new function - krb5_get_init_creds_opt_set_default_flags to set options from - krb5.conf + * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify + name is specified take it from the first component of the default + keytab name - * lib/krb5/rd_cred.c: make this match the MIT function - - * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL - def_val - (krb5_appdefault_time): new function +2002-01-29 Johan Danielsson <joda@pdc.kth.se> -2001-01-03 Assar Westerlund <assar@sics.se> + * lib/krb5/keytab.c: compare keytab types case insensitively - * kdc/hpropd.c (main): handle EOF when reading from stdin +2002-01-07 Assar Westerlund <assar@sics.se> + * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's + not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org> + * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben + Harris <bjh21@netbsd.org> + * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben + Harris <bjh21@netbsd.org> + * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris + <bjh21@netbsd.org> |
