diff options
| author | assar <assar@FreeBSD.org> | 2001-02-13 16:46:19 +0000 |
|---|---|---|
| committer | assar <assar@FreeBSD.org> | 2001-02-13 16:46:19 +0000 |
| commit | ebfe6dc471c206300fd82c7c0fd145f683aa52f6 (patch) | |
| tree | e66aa570ad1d12c43b32a7313b0f8e28971bf8a9 /crypto/heimdal/ChangeLog | |
| parent | e5f617598c2db0dd51906a38ecea9208123a8b70 (diff) | |
| download | FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.zip FreeBSD-src-ebfe6dc471c206300fd82c7c0fd145f683aa52f6.tar.gz | |
import of heimdal 0.3e
Diffstat (limited to 'crypto/heimdal/ChangeLog')
| -rw-r--r-- | crypto/heimdal/ChangeLog | 5659 |
1 files changed, 104 insertions, 5555 deletions
diff --git a/crypto/heimdal/ChangeLog b/crypto/heimdal/ChangeLog index b5d265e..8f3f512 100644 --- a/crypto/heimdal/ChangeLog +++ b/crypto/heimdal/ChangeLog @@ -1,5608 +1,157 @@ -2000-02-20 Assar Westerlund <assar@sics.se> +2001-02-05 Assar Westerlund <assar@assaris.sics.se> - * Release 0.2p + * Release 0.3e -2000-02-19 Assar Westerlund <assar@sics.se> +2001-01-30 Assar Westerlund <assar@sics.se> - * lib/krb5/Makefile.am: set version to 9:1:0 - - * lib/krb5/expand_hostname.c (krb5_expand_hostname): make sure - that realms is filled in even when getaddrinfo fails or does not - return any canonical name - - * kdc/connect.c (descr): add sockaddr and string representation - (*): re-write to use the above mentioned - -2000-02-16 Assar Westerlund <assar@sics.se> - - * lib/krb5/addr_families.c (krb5_parse_address): use - krb5_sockaddr2address to copy the result from getaddrinfo. - -2000-02-14 Assar Westerlund <assar@sics.se> - - * Release 0.2o - -2000-02-13 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am: set version to 9:0:0 - - * kdc/kaserver.c (do_authenticate): return the kvno of the server - and not the client. Thanks to Brandon S. Allbery KF8NH - <allbery@kf8nh.apk.net> and Chaskiel M Grundman - <cg2v@andrew.cmu.edu> for debugging. - - * kdc/kerberos4.c (do_version4): if an tgs-req is received with an - old kvno, return an error reply and write a message in the log. - -2000-02-12 Assar Westerlund <assar@sics.se> - - * appl/test/gssapi_server.c (proto): with `--fork', create a child - and send over/receive creds with export/import_sec_context - * appl/test/gssapi_client.c (proto): with `--fork', create a child - and send over/receive creds with export/import_sec_context - * appl/test/common.c: add `--fork' / `-f' (only used by gssapi) - -2000-02-11 Assar Westerlund <assar@sics.se> - - * kdc/kdc_locl.h: remove keyfile add explicit_addresses - * kdc/connect.c (init_sockets): pay attention to - explicit_addresses some more comments. better error messages. - * kdc/config.c: add some comments. - remove --key-file. - add --addresses. - - * lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use - proper abstraction - -2000-02-07 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/changepw.c: use roken_getaddrinfo_hostspec - -2000-02-07 Assar Westerlund <assar@sics.se> - - * Release 0.2n - -2000-02-07 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am: set version to 8:0:0 - * lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy - (krb5_kt_add_entry): set timestamp - -2000-02-06 Assar Westerlund <assar@sics.se> - - * lib/krb5/krb5.h: add macros for accessing krb5_realm - * lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead - of `int32_t' - - * lib/krb5/replay.c (checksum_authenticator): update to new API - for md5 - - * lib/krb5/krb5.h: remove des.h, it's not needed and applications - should not have to make sure to find it. - -2000-02-03 Assar Westerlund <assar@sics.se> - - * lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to - `out_key' to avoid conflicting with label. reported by Sean Doran - <smd@ebone.net> - -2000-02-02 Assar Westerlund <assar@sics.se> - - * lib/krb5/expand_hostname.c: remember to lower-case host names. - bug reported by <amu@mit.edu> - - * kdc/kerberos4.c (do_version4): look at check_ticket_addresses - and emulate that by setting krb_ignore_ip_address (not a great - interface but it doesn't seem like the time to go around fixing - libkrb stuff now) - -2000-02-01 Johan Danielsson <joda@pdc.kth.se> - - * kuser/kinit.c: change --noaddresses into --no-addresses - -2000-01-28 Assar Westerlund <assar@sics.se> - - * kpasswd/kpasswd.c (main): make sure the ticket is not - forwardable and not proxiable - -2000-01-26 Assar Westerlund <assar@sics.se> - - * lib/krb5/crypto.c: update to pseudo-standard APIs for - md4,md5,sha. some changes to libdes calls to make them more - portable. - -2000-01-21 Assar Westerlund <assar@sics.se> - - * lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to - clean up the correct creds. - -2000-01-16 Assar Westerlund <assar@sics.se> - - * lib/krb5/principal.c (append_component): change parameter to - `const char *'. check malloc - * lib/krb5/principal.c (append_component, va_ext_princ, va_princ): - const-ize - * lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname' - const - * lib/krb5/principal.c (replace_chars): also add space here - * lib/krb5/principal.c: (quotable_chars): add space - -2000-01-12 Assar Westerlund <assar@sics.se> - - * kdc/kerberos4.c (do_version4): check if preauth was required and - bail-out if so since there's no way that could be done in v4. - Return NULL_KEY as an error to the client (which is non-obvious, - but what can you do?) - -2000-01-09 Assar Westerlund <assar@sics.se> - - * lib/krb5/principal.c (krb5_sname_to_principal): use - krb5_expand_hostname_realms - * lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms - * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new - variant of krb5_expand_hostname that tries until it expands into - something that's digestable by krb5_get_host_realm, returning also - the result from that function. - -2000-01-08 Assar Westerlund <assar@sics.se> - - * Release 0.2m - -2000-01-08 Assar Westerlund <assar@sics.se> - - * configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN - - * lib/krb5/Makefile.am: bump version to 7:1:0 - - * lib/krb5/principal.c (krb5_sname_to_principal): use - krb5_expand_hostname - * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle - ai_canonname being set in any of the addresses returnedby - getaddrinfo. glibc apparently returns the reverse lookup of every - address in ai_canonname. - -2000-01-06 Assar Westerlund <assar@sics.se> - - * Release 0.2l - -2000-01-06 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am: set version to 7:0:0 - * lib/krb5/principal.c (krb5_sname_to_principal): remove `hp' - - * lib/hdb/Makefile.am: set version to 4:1:1 - - * kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms' - * lib/krb5/get_in_tkt.c (add_padata): change types to make - everything work out - (krb5_get_in_cred): remove const to make types match - * lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature - * lib/krb5/principal.c (krb5_sname_to_principal): handle not - getting back a canonname - -2000-01-06 Assar Westerlund <assar@sics.se> - - * Release 0.2k - -2000-01-06 Assar Westerlund <assar@sics.se> - - * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that - we actually parse the port number. based on a patch from Leif - Johansson <leifj@it.su.se> - -2000-01-02 Assar Westerlund <assar@sics.se> - - * admin/purge.c: remove all non-current and old entries from a - keytab - - * admin: break up ktutil.c into files - - * admin/ktutil.c (list): support --verbose (also listning time - stamps) - (kt_add, kt_get): set timestamp in newly created entries - (kt_change): add `change' command - - * admin/srvconvert.c (srvconv): set timestamp in newly created - entries - * lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp, - always go the a predicatble position on error - * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp - * lib/krb5/keytab_file.c (fkt_add_entry): store timestamp - (fkt_next_entry_int): return timestamp - * lib/krb5/krb5.h (krb5_keytab_entry): add timestamp - -1999-12-30 Assar Westerlund <assar@sics.se> - - * configure.in (krb4): use `-ldes' in tests - -1999-12-26 Assar Westerlund <assar@sics.se> - - * lib/hdb/print.c (event2string): handle events without principal. - From Luke Howard <lukeh@PADL.COM> - -1999-12-25 Assar Westerlund <assar@sics.se> - - * Release 0.2j - -Tue Dec 21 18:03:17 1999 Assar Westerlund <assar@sics.se> - - * lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and - related systems - - * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and - related systems - - * include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and - related systems - -1999-12-20 Assar Westerlund <assar@sics.se> - - * Release 0.2i - -1999-12-20 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1 - - * lib/krb5/send_to_kdc.c (send_via_proxy): free data - * lib/krb5/send_to_kdc.c (send_via_proxy): new function use - getaddrinfo instead of gethostbyname{,2} - * lib/krb5/get_for_creds.c: use getaddrinfo instead of - getnodebyname{,2} - -1999-12-17 Assar Westerlund <assar@sics.se> - - * Release 0.2h - -1999-12-17 Assar Westerlund <assar@sics.se> - - * Release 0.2g - -1999-12-16 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am: bump version to 6:2:1 - - * lib/krb5/principal.c (krb5_sname_to_principal): handle - ai_canonname not being set - * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle - ai_canonname not being set - - * appl/test/uu_server.c: print messages to stderr - * appl/test/tcp_server.c: print messages to stderr - * appl/test/nt_gss_server.c: print messages to stderr - * appl/test/gssapi_server.c: print messages to stderr - - * appl/test/tcp_client.c (proto): remove shadowing `context' - * appl/test/common.c (client_doit): add forgotten ntohs - -1999-12-13 Assar Westerlund <assar@sics.se> - - * configure.in (VERISON): bump to 0.2g-pre - -1999-12-12 Assar Westerlund <assar@sics.se> - - * lib/krb5/principal.c (krb5_425_conv_principal_ext): be more - robust and handle extra dot at the beginning of default_domain - -1999-12-12 Assar Westerlund <assar@sics.se> - - * Release 0.2f - -1999-12-12 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am: bump version to 6:1:1 - - * lib/krb5/changepw.c (get_kdc_address): use - `krb5_get_krb_changepw_hst' - - * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add - - * lib/krb5/get_host_realm.c: add support for _kerberos.domain - (according to draft-ietf-cat-krb-dns-locate-01.txt) - -1999-12-06 Assar Westerlund <assar@sics.se> - - * Release 0.2e - -1999-12-06 Assar Westerlund <assar@sics.se> - - * lib/krb5/changepw.c (krb5_change_password): use the correct - address - - * lib/krb5/Makefile.am: bump version to 6:0:1 - - * lib/asn1/Makefile.am: bump version to 1:4:0 - -1999-12-04 Assar Westerlund <assar@sics.se> - - * configure.in: move AC_KRB_IPv6 to make sure it's performed - before AC_BROKEN - (el_init): use new feature of AC_FIND_FUNC_NO_LIBS - - * appl/test/uu_client.c: use client_doit - * appl/test/test_locl.h (client_doit): add prototype - * appl/test/tcp_client.c: use client_doit - * appl/test/nt_gss_client.c: use client_doit - * appl/test/gssapi_client.c: use client_doit - * appl/test/common.c (client_doit): move identical code here and - start using getaddrinfo - - * appl/kf/kf.c (doit): rewrite to use getaddrinfo - * kdc/hprop.c: re-write to use getaddrinfo - * lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo - * lib/krb5/expand_hostname.c (krb5_expand_hostname): use - getaddrinfo - * lib/krb5/changepw.c: re-write to use getaddrinfo - * lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo - -1999-12-03 Assar Westerlund <assar@sics.se> - - * configure.in (BROKEN): check for freeaddrinfo, getaddrinfo, - getnameinfo, gai_strerror - (socklen_t): check for - -1999-12-02 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key - -1999-11-23 Assar Westerlund <assar@sics.se> - - * lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes - within unicode characters. this should probably be done in some - arbitrarly complex way to do it properly and you would have to - know what character encoding was used for the password and salt - string. - - * lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0 - (INADDR_ANY) - (ipv6_uninteresting): remove unused macro - -1999-11-22 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/krb5.h: rc4->arcfour - - * lib/krb5/crypto.c: rc4->arcfour - -1999-11-17 Assar Westerlund <assar@sics.se> - - * lib/krb5/krb5_locl.h: add <rc4.h> - * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4 - * lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might - not be totally different from some small company up in the - north-west corner of the US - - * lib/krb5/get_addrs.c (find_all_addresses): change code to - actually increment buf_size - -1999-11-14 Assar Westerlund <assar@sics.se> - - * lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces' - * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces - scanning optional - * lib/krb5/context.c (init_context_from_config_file): set - `scan_interfaces' - - * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c - * lib/krb5/add_et_list.c (krb5_add_et_list): new function - -1999-11-12 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_default_realm.c (krb5_get_default_realm, - krb5_get_default_realms): set realms if they were unset - * lib/krb5/context.c (init_context_from_config_file): don't - initialize default realms here. it's done lazily instead. - - * lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned - * lib/asn1/gen_glue.c (generate_2int, generate_units): make sure - bit constants are unsigned - * lib/asn1/gen.c (define_type): make length in sequences be - unsigned. - - * configure.in: remove duplicate test for setsockopt test for - struct tm.tm_isdst - - * lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate - preauthentication information if we get back ERR_PREAUTH_REQUIRED - * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove - preauthentication generation code. it's now in krb5_get_in_cred - - * configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct - tm.tm_gmtoff and timezone - -1999-11-11 Johan Danielsson <joda@pdc.kth.se> - - * kdc/main.c: make this work with multi-db - - * kdc/kdc_locl.h: make this work with multi-db - - * kdc/config.c: make this work with multi-db - -1999-11-09 Johan Danielsson <joda@pdc.kth.se> - - * kdc/misc.c: update for multi-database code - - * kdc/main.c: update for multi-database code - - * kdc/kdc_locl.h: update - - * kdc/config.c: allow us to have more than one database - -1999-11-04 Assar Westerlund <assar@sics.se> - - * Release 0.2d - - * lib/krb5/Makefile.am: bump version to 5:0:0 to be safe - (krb5_context_data has changed and some code do (might) access - fields directly) - - * lib/krb5/krb5.h (krb5_context_data): add `etypes_des' - - * lib/krb5/get_cred.c (init_tgs_req): use - krb5_keytype_to_enctypes_default - - * lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new - function - - * lib/krb5/context.c (set_etypes): new function - (init_context_from_config_file): set both `etypes' and `etypes_des' - -1999-11-02 Assar Westerlund <assar@sics.se> - - * configure.in (VERSION): bump to 0.2d-pre - -1999-10-29 Assar Westerlund <assar@sics.se> - - * lib/krb5/principal.c (krb5_parse_name): check memory allocations - -1999-10-28 Assar Westerlund <assar@sics.se> - - * Release 0.2c - - * lib/krb5/dump_config.c (print_tree): check for empty tree - - * lib/krb5/string-to-key-test.c (tests): update the test cases - with empty principals so that they actually use an empty realm and - not the default. use the correct etype for 3DES - - * lib/krb5/Makefile.am: bump version to 4:1:0 - - * kdc/config.c (configure): more careful with the port string - -1999-10-26 Assar Westerlund <assar@sics.se> - - * Release 0.2b - -1999-10-20 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am: bump version to 4:0:0 - (krb524_convert_creds_kdc and potentially some other functions - have changed prototypes) - - * lib/hdb/Makefile.am: bump version to 4:0:1 - - * lib/asn1/Makefile.am: bump version to 1:3:0 - - * configure.in (LIB_roken): add dbopen. getcap in roken - references dbopen and with shared libraries we need to add this - dependency. - - * lib/krb5/verify_krb5_conf.c (main): support speicifying the - configuration file to test on the command line - - * lib/krb5/config_file.c (parse_binding): handle line with no - whitespace before = - (krb5_config_parse_file_debug): set lineno earlier so that we don't - use it unitialized - - * configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need - more include files for these tests - - * lib/krb5/set_default_realm.c (krb5_set_default_realm): use - krb5_config_get_strings, which means that your configuration file - should look like: - - [libdefaults] - default_realm = realm1 realm2 realm3 - - * lib/krb5/set_default_realm.c (config_binding_to_list): fix - copy-o. From Michal Vocu <michal@karlin.mff.cuni.cz> - - * kdc/config.c (configure): add a missing strdup. From Michal - Vocu <michal@karlin.mff.cuni.cz> - -1999-10-17 Assar Westerlund <assar@sics.se> - - * Release 0.2a - - * configure.in: only test for db.h with using berkeley_db. remember - to link with LIB_tgetent when checking for el_init. add xnlock - - * appl/Makefile.am: add xnlock - - * kdc/kerberos5.c (find_etype): support null keys - - * kdc/kerberos4.c (get_des_key): support null keys - - * lib/krb5/crypto.c (krb5_get_wrapped_length): more correct - calculation - -1999-10-16 Johan Danielsson <joda@pdc.kth.se> - - * kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc - -1999-10-12 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning - -1999-10-10 Assar Westerlund <assar@sics.se> - - * lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm - - * lib/krb5/krb5.h (krb5_ccache_data): make `ops' const - - * lib/krb5/crypto.c (krb5_string_to_salttype): new function - - * **/*.[ch]: const-ize - -1999-10-06 Assar Westerlund <assar@sics.se> - - * lib/krb5/creds.c (krb5_compare_creds): const-ify - - * lib/krb5/cache.c: clean-up and comment-up - - * lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the - strings - - * lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the - correct realm part - - * kdc/connect.c (handle_tcp): things work much better when ret is - initialized - -1999-10-03 Assar Westerlund <assar@sics.se> - - * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the - type of the session key - - * lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell - correctly - - * lib/krb5/creds.c (krb5_compare_creds): fix spelling of - krb5_enctypes_compatible_keys - - * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new - credentials from the KDC if the existing one doesn't have a DES - session key. - - * lib/45/get_ad_tkt.c (get_ad_tkt): update to new - krb524_convert_creds_kdc - -1999-10-03 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/keytab_keyfile.c: make krb5_akf_ops const - - * lib/krb5/keytab_memory.c: make krb5_mkt_ops const - - * lib/krb5/keytab_file.c: make krb5_fkt_ops const - -1999-10-01 Assar Westerlund <assar@sics.se> - - * lib/krb5/config_file.c: rewritten to allow error messages - - * lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf - (libkrb5_la_SOURCES): add config_file_netinfo.c - - * lib/krb5/verify_krb5_conf.c: new program for verifying that - krb5.conf is corret - - * lib/krb5/config_file_netinfo.c: moved netinfo code here from - config_file.c - -1999-09-28 Assar Westerlund <assar@sics.se> - - * kdc/hpropd.c (dump_krb4): kludge default_realm - - * lib/asn1/check-der.c: add test cases for Generalized time and - make sure we return the correct value - - * lib/asn1/der_put.c: simplify by using der_put_length_and_tag - - * lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of - krb5_verify_user that tries in all the local realms - - * lib/krb5/set_default_realm.c: add support for having several - default realms - - * lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms' - - * lib/krb5/get_default_realm.c (krb5_get_default_realms): add - - * lib/krb5/krb5.h (krb5_context_data): change `default_realm' to - `default_realms' - - * lib/krb5/context.c: change from `default_realm' to - `default_realms' - - * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use - krb5_get_default_realms - - * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c - - * lib/krb5/copy_host_realm.c: new file - -1999-09-27 Johan Danielsson <joda@pdc.kth.se> - - * lib/asn1/der_put.c (encode_generalized_time): encode length - - * lib/krb5/recvauth.c: new function `krb5_recvauth_match_version' - that allows more intelligent matching of the application version - -1999-09-26 Assar Westerlund <assar@sics.se> - - * lib/asn1/asn1_print.c: add err.h - - * kdc/config.c (configure): use parse_bytes - - * appl/test/nt_gss_common.c: use the correct header file - -1999-09-24 Johan Danielsson <joda@pdc.kth.se> - - * kuser/klist.c: add a `--cache' flag - - * kuser/kinit.c (main): only get default value for `get_v4_tgt' if - it's explicitly set in krb5.conf - -1999-09-23 Assar Westerlund <assar@sics.se> - - * lib/asn1/asn1_print.c (tag_names); add another univeral tag - - * lib/asn1/der.h: update universal tags - -1999-09-22 Assar Westerlund <assar@sics.se> - - * lib/asn1/asn1_print.c (loop): print length of octet string - -1999-09-21 Johan Danielsson <joda@pdc.kth.se> - - * admin/ktutil.c (kt_get): add `--help' - -1999-09-21 Assar Westerlund <assar@sics.se> - - * kuser/Makefile.am: add kdecode_ticket - - * kuser/kdecode_ticket.c: new debug program - - * appl/test/nt_gss_server.c: new program to test against `Sample * - SSPI Code' in Windows 2000 RC1 SDK. - - * appl/test/Makefile.am: add nt_gss_client and nt_gss_server - - * lib/asn1/der_get.c (decode_general_string): remember to advance - ret over the length-len - - * lib/asn1/Makefile.am: add asn1_print - - * lib/asn1/asn1_print.c: new program for printing DER-structures - - * lib/asn1/der_put.c: make functions more consistent - - * lib/asn1/der_get.c: make functions more consistent - -1999-09-20 Johan Danielsson <joda@pdc.kth.se> - - * kdc/kerberos5.c: be more informative in pa-data error messages - -1999-09-16 Assar Westerlund <assar@sics.se> - - * configure.in: test for strlcpy, strlcat - -1999-09-14 Assar Westerlund <assar@sics.se> - - * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return - KRB5_LIBOS_PWDINTR when interrupted - - * lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return - value from des_read_pw_string - - * kuser/kinit.c (main): don't print any error if reading the - password was interrupted - - * kpasswd/kpasswd.c (main): don't print any error if reading the - password was interrupted - - * kdc/string2key.c (main): check the return value from fgets - - * kdc/kstash.c (main): check return value from des_read_pw_string - - * admin/ktutil.c (kt_add): check the return-value from fgets and - overwrite the password for paranoid reasons - - * lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the - newline if it's there - -1999-09-13 Assar Westerlund <assar@sics.se> - - * kdc/hpropd.c (main): remove bogus error with `--print'. remove - sysloging of number of principals transferred - - * kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL - principals - (main): get rid of bogus opening of hdb database when propagating - ka-server database - -1999-09-12 Assar Westerlund <assar@sics.se> - - * lib/krb5/krb5_locl.h (O_BINARY): add fallback definition - - * lib/krb5/krb5.h (krb5_context_data): add keytab types - - * configure.in: revert back awk test, not worked around in - roken.awk - - * lib/krb5/keytab_krb4.c: remove O_BINARY - - * lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's. From - Love <lha@e.kth.se> - - * lib/krb5/keytab_file.c: remove O_BINARY - - * lib/krb5/keytab.c: move the list of keytab types to the context - - * lib/krb5/fcache.c: remove O_BINARY - - * lib/krb5/context.c (init_context_from_config_file): register all - standard cache and keytab types - (krb5_free_context): free `kt_types' - - * lib/krb5/cache.c (krb5_cc_resolve): move the registration of the - standard types of credential caches to context - - * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c - -1999-09-10 Assar Westerlund <assar@sics.se> - - * lib/krb5/keytab.c: add comments and clean-up - - * admin/ktutil.c: add `ktutil copy' - - * lib/krb5/keytab_krb4.c: new file - - * lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field - - * lib/krb5/Makefile.am: add keytab_krb4.c - - * lib/krb5/keytab.c: add krb4 and correct some if's + * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key + properly + (kdb_prop): decrypt key properly + * kdc/hprop.c: handle building with KRB4 always try to decrypt v4 + data with the master key leave it up to the v5 how to encrypt with + that master key - * admin/srvconvert.c (srvconv): move common code + * kdc/kstash.c: include file name in error messages + * kdc/hprop.c: fix a typo and check some more return values + * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s + correctly. From Jacques Vidrine <n@nectar.com> + * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than + ENOENT - * lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to + 15:0:0 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0 + * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2 + * kdc/misc.c (db_fetch): return an error code. change callers to + look at this and try to print it in log messages - * lib/krb5/keytab.c: move out file and memory functions + * lib/krb5/crypto.c (decrypt_internal_derived): check that there's + enough data - * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c, - keytab_memory.c +2001-01-29 Assar Westerlund <assar@sics.se> - * lib/krb5/keytab_memory.c: new file + * kdc/hprop.c (realm_buf): move it so it becomes properly + conditional on KRB4 - * lib/krb5/keytab_file.c: new file + * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey, + hdb_unseal_keys, hdb_seal_keys): check that we have the correct + master key and that we manage to decrypt the key properly, + returning an error code. fix all callers to check return value. - * kpasswd/kpasswdd.c: move out password quality functions + * tools/krb5-config.in: use @LIB_des_appl@ + * tools/Makefile.am (krb5-config): add LIB_des_appl + * configure.in (LIB_des): set correctly + (LIB_des_appl): add for the use by krb5-config.in -1999-09-07 Assar Westerlund <assar@sics.se> + * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write} + to make sure of not dropping data when doing it over a socket. + (this might break when used with ordinary files on win32) - * lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c. From - Love <lha@e.kth.se> + * lib/hdb/hdb_err.et (NO_MKEY): add - * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check - return value from `krb5_sendto_kdc' + * kdc/kerberos5.c (as_rep): be paranoid and check + krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se> -1999-09-06 Assar Westerlund <assar@sics.se> + * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3, + lib/krb5/krb5_auth_context.3: add new man pages, contributed by + <lha@stacken.kth.se> - * lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and - remove the sending of data. add a parameter `limit'. let callers - send the date themselves (and preferably with net_write on tcp - sockets) - (send_and_recv_tcp): read first the length field and then only that - many bytes + * use the openssl api for md4/md5/sha and handle openssl/*.h -1999-09-05 Assar Westerlund <assar@sics.se> + * kdc/kaserver.c (do_getticket): check length of ticket. noted by + <lha@stacken.kth.se> - * kdc/connect.c (handle_tcp): try to print warning `TCP data of - strange type' less often +2001-01-28 Assar Westerlund <assar@sics.se> - * lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly. - return on EOF. always free data. check return value from - realloc. - (send_and_recv_tcp, send_and_recv_http): check advertised length - against actual length + * configure.in: send -R instead of -rpath to libtool to set + runtime library paths -1999-09-01 Johan Danielsson <joda@pdc.kth.se> + * lib/krb5/Makefile.am: remove all dependencies on libkrb - * configure.in: check for sgi capabilities +2001-01-27 Assar Westerlund <assar@sics.se> -1999-08-27 Johan Danielsson <joda@pdc.kth.se> + * appl/rcp: add port of bsd rcp changed to use existing rsh, + contributed by Richard Nyberg <rnyberg@it.su.se> - * lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return - extra addresses +2001-01-27 Johan Danielsson <joda@pdc.kth.se> - * kpasswd/kpasswdd.c: use HDB keytabs; change some error messages; - add --realm flag + * lib/krb5/get_port.c: don't warn if the port name can't be found, + nobody cares anyway - * lib/krb5/address.c (krb5_append_addresses): remove duplicates +2001-01-26 Johan Danielsson <joda@pdc.kth.se> -1999-08-26 Johan Danielsson <joda@pdc.kth.se> + * kdc/hprop.c: make it possible to convert a v4 dump file without + having any v4 libraries; the kdb backend still require them - * lib/hdb/keytab.c: HDB keytab backend + * kdc/v4_dump.c: include shadow definition of kdb Principal, so we + don't have to depend on any v4 libraries -1999-08-25 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/keytab.c - (krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL - pointer - -1999-08-24 Johan Danielsson <joda@pdc.kth.se> - - * kpasswd/kpasswdd.c: add `--keytab' flag - -1999-08-23 Assar Westerlund <assar@sics.se> - - * lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr' - instead of the non-standard `s6_addr32'. From Yoshinobu Inoue - <shin@kame.net> by way of the KAME repository - -1999-08-18 Assar Westerlund <assar@sics.se> - - * configure.in (--enable-new-des3-code): remove check for `struct - addrinfo' - - * lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable - des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards - compatability - - * lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key - derivation) just got assigned etype 16 by <bcn@isi.edu>. keep the - old etype at 7. - -1999-08-16 Assar Westerlund <assar@sics.se> - - * lib/krb5/sendauth.c (krb5_sendauth): only look at errno if - krb5_net_read actually returns -1 - - * lib/krb5/recvauth.c (krb5_recvauth): only look at errno if - krb5_net_read actually returns -1 - - * appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't - returned -1 - - * appl/test/tcp_server.c (proto): only trust errno if - krb5_net_read actually returns -1 - - * appl/kf/kfd.c (proto): be more careful with the return value - from krb5_net_read - -1999-08-13 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_addrs.c (get_addrs_int): try the different ways - sequentially instead of just one. this helps if your heimdal was - built with v6-support but your kernel doesn't have it, for - example. - -1999-08-12 Assar Westerlund <assar@sics.se> - - * kdc/hpropd.c: add inetd flag. default means try to figure out - if stdin is a socket or not. - - * Makefile.am (ACLOCAL): just use `cf', this variable is only used - when the current directory is $(top_srcdir) anyways and having - $(top_srcdir) there breaks if it's a relative path - -1999-08-09 Johan Danielsson <joda@pdc.kth.se> - - * configure.in: check for setproctitle - -1999-08-05 Assar Westerlund <assar@sics.se> - - * lib/krb5/principal.c (krb5_sname_to_principal): remember to call - freehostent - - * appl/test/tcp_client.c: call freehostent - - * appl/kf/kf.c (doit): call freehostent - - * appl/kf/kf.c: make v6 friendly and simplify - - * appl/kf/kfd.c: make v6 friendly and simplify - - * appl/test/tcp_server.c: simplify by using krb5_err instead of - errx - - * appl/test/tcp_client.c: simplify by using krb5_err instead of - errx - - * appl/test/tcp_server.c: make v6 friendly and simplify - - * appl/test/tcp_client.c: make v6 friendly and simplify - -1999-08-04 Assar Westerlund <assar@sics.se> - - * Release 0.1m - -1999-08-04 Assar Westerlund <assar@sics.se> - - * kuser/kinit.c (main): some more KRB4-conditionalizing - - * lib/krb5/get_in_tkt.c: type correctness - - * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in - flags. From Miroslav Ruda <ruda@ics.muni.cz> - - * kuser/kinit.c (main): add config file support for forwardable - and krb4 support. From Miroslav Ruda <ruda@ics.muni.cz> - - * kdc/kerberos5.c (as_rep): add an empty X500-compress string as - transited. - (fix_transited_encoding): check length. - From Miroslav Ruda <ruda@ics.muni.cz> - - * kdc/hpropd.c (dump_krb4): check the realm so that we don't dump - principals in some other realm. From Miroslav Ruda - <ruda@ics.muni.cz> - (main): rename sa_len -> sin_len, sa_lan is a define on some - platforms. - - * appl/kf/kfd.c: add regpag support. From Miroslav Ruda - <ruda@ics.muni.cz> - - * appl/kf/kf.c: add `-G' and forwardable option in krb5.conf. - From Miroslav Ruda <ruda@ics.muni.cz> - - * lib/krb5/config_file.c (parse_list): don't run past end of line - - * appl/test/gss_common.h: new prototypes - - * appl/test/gssapi_client.c: use gss_err instead of abort - - * appl/test/gss_common.c (gss_verr, gss_err): add - -1999-08-03 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this - otherwise it doesn't build with shared libraries - - * kdc/hpropd.c: v6-ify - - * kdc/hprop.c: v6-ify - -1999-08-01 Assar Westerlund <assar@sics.se> - - * lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname - -1999-07-31 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new - function that takes a FQDN - - * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c - - * lib/krb5/expand_hostname.c: new file - -1999-07-28 Assar Westerlund <assar@sics.se> - - * Release 0.1l - -1999-07-28 Assar Westerlund <assar@sics.se> - - * lib/asn1/Makefile.am: bump version to 1:2:0 - - * lib/krb5/Makefile.am: bump version to 3:1:0 - - * configure.in: more inet_pton to roken - - * lib/krb5/principal.c (krb5_sname_to_principal): use - getipnodebyname - -1999-07-26 Assar Westerlund <assar@sics.se> - - * Release 0.1k - -1999-07-26 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/Makefile.am: bump version number (changed function - signatures) - - * lib/hdb/Makefile.am: bump version number (changes to some - function signatures) - -1999-07-26 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am: bump version to 3:0:2 - - * lib/hdb/Makefile.am: bump version to 2:1:0 - - * lib/asn1/Makefile.am: bump version to 1:1:0 - -1999-07-26 Assar Westerlund <assar@sics.se> - - * Release 0.1j - -1999-07-26 Assar Westerlund <assar@sics.se> - - * configure.in: rokenize inet_ntop - - * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t - - * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t - - * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t - - * lib/krb5/store.c: lots of changes from size_t to ssize_t - (krb5_ret_stringz): check return value from realloc - - * lib/krb5/mk_safe.c: some type correctness - - * lib/krb5/mk_priv.c: some type correctness - - * lib/krb5/krb5.h (krb5_storage): change return values of - functions from size_t to ssize_t - -1999-07-24 Assar Westerlund <assar@sics.se> - - * Release 0.1i - - * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \# - in lib/roken/roken.awk - - * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to - step over addresses if there's no `sa_lan' field - - * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by - using `struct sockaddr_storage' - - * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using - `struct sockaddr_storage' - - * lib/krb5/changepw.c (krb5_change_password): simplify by using - `struct sockaddr_storage' - - * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): - simplify by using `struct sockaddr_storage' - - * kpasswd/kpasswdd.c (*): simplify by using `struct - sockaddr_storage' - - * kdc/connect.c (*): simplify by using `struct sockaddr_storage' - - * configure.in (sa_family_t): just test for existence - (sockaddr_storage): also specify include file - - * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i - (sa_family_t): test for - (struct sockaddr_storage): test for - - * kdc/hprop.c (propagate_database): typo, NULL should be - auth_context - - * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of - AF_INET6 - - * appl/kf/kf.c (main): use warnx - - * appl/kf/kf.c (proto): remove shadowing context - - * lib/krb5/get_addrs.c (find_all_addresses): try to handle the - case of getting back an `sockaddr_in6' address when sizeof(struct - sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to - tell us how large the address is. This obviously doesn't work - with unknown protocol types. - -1999-07-24 Assar Westerlund <assar@sics.se> - - * Release 0.1h - -1999-07-23 Assar Westerlund <assar@sics.se> - - * appl/kf/kfd.c: clean-up and more paranoia - - * etc/services.append: add kf - - * appl/kf/kf.c: rename tk_file to ccache for consistency. clean-up - -1999-07-22 Assar Westerlund <assar@sics.se> - - * lib/krb5/n-fold-test.c (main): print the correct data - - * appl/Makefile.am (SUBDIRS): add kf - - * appl/kf: new program. From Miroslav Ruda <ruda@ics.muni.cz> - - * kdc/hprop.c: declare some variables unconditionally to simplify - things - - * kpasswd/kpasswdd.c: initialize kadm5 connection for every change - (otherwise the modifier in the database doesn't get set) - - * kdc/hpropd.c: clean-up and re-organize - - * kdc/hprop.c: clean-up and re-organize - - * configure.in (SunOS): define to xy for SunOS x.y - -1999-07-19 Assar Westerlund <assar@sics.se> - - * configure.in (AC_BROKEN): test for copyhostent, freehostent, - getipnodebyaddr, getipnodebyname - -1999-07-15 Assar Westerlund <assar@sics.se> - - * lib/asn1/check-der.c: more test cases for integers - - * lib/asn1/der_length.c (length_int): handle the case of the - largest negative integer by not calling abs - -1999-07-14 Assar Westerlund <assar@sics.se> - - * lib/asn1/check-der.c (generic_test): check malloc return value - properly - - * lib/krb5/Makefile.am: add string_to_key_test - - * lib/krb5/prog_setup.c (krb5_program_setup): always initialize - the context - - * lib/krb5/n-fold-test.c (main): return a relevant return value - - * lib/krb5/krbhst.c: do SRV lookups for admin server as well. - some clean-up. - -1999-07-12 Assar Westerlund <assar@sics.se> - - * configure.in: handle not building X programs - -1999-07-06 Assar Westerlund <assar@sics.se> - - * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate - variable - (ipv6_sockaddr2port): fix typo - - * etc/services.append: beginning of a file with services - - * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if - there's no prefix. also clean-up a little bit. - - * kdc/hprop.c (--kaspecials): new flag for handling special KA - server entries. From "Brandon S. Allbery KF8NH" - <allbery@kf8nh.apk.net> - -1999-07-05 Assar Westerlund <assar@sics.se> - - * kdc/connect.c (handle_tcp): make sure we have data before - starting to look for HTTP - - * kdc/connect.c (handle_tcp): always do getpeername, we can't - trust recvfrom to return anything sensible - -1999-07-04 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with - all enctypes - - * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry - - * admin/srvconvert.c (srvconv): better error messages - -1999-07-03 Assar Westerlund <assar@sics.se> - - * lib/krb5/principal.c (unparse_name): error check malloc properly - - * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc - properly - - * lib/krb5/crypto.c (*): do some malloc return-value checks - properly - - * lib/hdb/hdb.c (hdb_process_master_key): simplify by using - krb5_data_alloc - - * lib/hdb/hdb.c (hdb_process_master_key): check return value from - malloc - - * lib/asn1/gen_decode.c (decode_type): fix generation of decoding - information for TSequenceOf. - - * kdc/kerberos5.c (get_pa_etype_info): check return value from - malloc - -1999-07-02 Assar Westerlund <assar@sics.se> - - * lib/asn1/der_copy.c (copy_octet_string): don't fail if length == - 0 and malloc returns NULL - -1999-06-29 Assar Westerlund <assar@sics.se> - - * lib/krb5/addr_families.c (ipv6_parse_addr): implement - -1999-06-24 Assar Westerlund <assar@sics.se> - - * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address - as an addrport one - - * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT): - add - (krb5_auth_context): add local and remote port - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the - local and remote address and add them to the krb-cred packet - - * lib/krb5/auth_context.c: save the local and remove ports in the - auth_context - - * lib/krb5/address.c (krb5_make_addrport): create an address of - type KRB5_ADDRESS_ADDRPORT from (addr, port) - - * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for - grabbing the port number out of the sockaddr - -1999-06-23 Assar Westerlund <assar@sics.se> - - * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key. - increase possible verbosity. - - * lib/krb5/config_file.c (parse_list): handle blank lines at - another place - - * kdc/connect.c (add_port_string): don't return a value - - * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred - cache if the principals are different. close and NULL the old one - so that we create a new one. - - * configure.in: move around cgywin et al - (LIB_kdb): set at the end of krb4-block - (krb4): test for krb_enable_debug and krb_disable_debug - -1999-06-16 Assar Westerlund <assar@sics.se> - - * kuser/kdestroy.c (main): try to destroy v4 ticket even if the - destruction of the v5 one fails - - * lib/krb5/crypto.c (DES3_postproc): new version that does the - right thing - (*): don't put and recover length in 3DES encoding - other small fixes - -1999-06-15 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_default_principal.c: rewrite to use - get_default_username - - * lib/krb5/Makefile.am: add n-fold-test - - * kdc/connect.c: add fallbacks for all lookups by service name - (handle_tcp): break-up and clean-up - -1999-06-09 Assar Westerlund <assar@sics.se> - - * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider - the loopback address as uninteresting - - * lib/krb5/get_addrs.c: new magic flag to get loopback address if - there are no other addresses. - (krb5_get_all_client_addrs): use that flag - -1999-06-04 Assar Westerlund <assar@sics.se> - - * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the - length - (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64 - (encrypt_internal_derived): don't include the length and don't - decrease by the checksum size twice - (_get_derived_key): the constant should be 5 bytes - -1999-06-02 Johan Danielsson <joda@pdc.kth.se> - - * configure.in: use KRB_CHECK_X - - * configure.in: check for netinet/ip.h - -1999-05-31 Assar Westerlund <assar@sics.se> - - * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize - on RTLD_NOW - -1999-05-23 Assar Westerlund <assar@sics.se> - - * appl/test/uu_server.c: removed unused stuff - - * appl/test/uu_client.c: removed unused stuff - -1999-05-21 Assar Westerlund <assar@sics.se> - - * kuser/kgetcred.c (main): correct error message - - * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum) - directly, avoiding redundant lookups and memory leaks - - * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free - local and remote addresses - - * lib/krb5/get_default_principal.c (get_logname): also try - $USERNAME - - * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) - - * lib/krb5/principal.c (USE_RESOLVER): try to define only if we - have a libresolv (currently by checking for res_search) - -1999-05-18 Johan Danielsson <joda@pdc.kth.se> - - * kdc/connect.c (handle_tcp): remove %-escapes in request - -1999-05-14 Assar Westerlund <assar@sics.se> - - * Release 0.1g - - * admin/ktutil.c (kt_remove): -t should be -e - - * configure.in (CHECK_NETINET_IP_AND_TCP): use - - * kdc/hpropd.c: support for dumping to krb4. From Miroslav Ruda - <ruda@ics.muni.cz> - - * admin/ktutil.c (kt_add): new option `--no-salt'. From Miroslav - Ruda <ruda@ics.muni.cz> - - * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg, - and innetgr with roken versions - - * kuser/kgetcred.c: new program - -Tue May 11 14:09:33 1999 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/mcache.c: fix paste-o - -1999-05-10 Johan Danielsson <joda@pdc.kth.se> - - * configure.in: don't use uname - -1999-05-10 Assar Westerlund <assar@sics.se> - - * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four - arguments :-) - - * appl/test/uu_server.c (setsockopt): cast to get rid of a warning - - * appl/test/tcp_server.c (setsockopt): cast to get rid of a - warning - - * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache - == NULL - - * appl/test/gssapi_server.c (setsockopt): cast to get rid of a - warning - - * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by - setting the default ccache. - - * configure.in (getsockopt, setsockopt): test for - (AM_INIT_AUTOMAKE): bump version to 0.1g - - * appl/Makefile.am (SUBDIRS): add kx - - * lib/hdb/convert_db.c (main): handle the case of no master key - -1999-05-09 Assar Westerlund <assar@sics.se> - - * Release 0.1f - - * kuser/kinit.c: add --noaddresses - - * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an - empty sit of list as to not ask for any addresses. - -1999-05-08 Assar Westerlund <assar@sics.se> - - * acconfig.h (_GNU_SOURCE): define this to enable (used) - extensions on glibc-based systems such as linux - -1999-05-03 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free - `*out_creds' properly - - * lib/krb5/creds.c (krb5_compare_creds): just verify that the - keytypes/enctypes are compatible, not that they are the same - - * kuser/kdestroy.c (cache): const-correctness - -1999-05-03 Johan Danielsson <joda@pdc.kth.se> - - * lib/hdb/hdb.c (hdb_set_master_key): initialise master key - version - - * lib/hdb/convert_db.c: add support for upgrading database - versions - - * kdc/misc.c: add flags to fetch - - * kdc/kstash.c: unlink keyfile on failure, chmod to 400 - - * kdc/hpropd.c: add --print option - - * kdc/hprop.c: pass flags to hdb_foreach - - * lib/hdb/convert_db.c: add some flags - - * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2; - build prototype headers - - * lib/hdb/hdb_locl.h: update prototypes - - * lib/hdb/print.c: move printable version of entry from kadmin - - * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is - sealed or not; add flags to hdb_foreach - - * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and - NDBM_nextkey - - * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey - - * lib/hdb/common.c: add flags to _hdb_{fetch,store} - - * lib/hdb/hdb.h: add master_key_version to struct hdb, update - prototypes - - * lib/hdb/hdb.asn1: make mkvno optional, update version to 2 - - * configure.in: --enable-netinfo - - * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO - - * config.sub: fix for crays - - * config.guess: new version from automake 1.4 - - * config.sub: new version from automake 1.4 - -Wed Apr 28 00:21:17 1999 Assar Westerlund <assar@sics.se> - - * Release 0.1e - - * lib/krb5/mcache.c (mcc_get_next): get the current cursor - correctly - - * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code. - From Ake Sandgren <ake@cs.umu.se> - -1999-04-27 Johan Danielsson <joda@pdc.kth.se> - - * kdc/kerberos5.c: fix arguments to decrypt_ticket - -1999-04-25 Assar Westerlund <assar@sics.se> - - * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old - DCE secd's that are not able to handle MD5 checksums by defaulting - to MD4 if the keytype was DES-CBC-CRC - - * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype - - * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and - `cksumtype' - - * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for - secd - (init_tgs_req): add all supported enctypes for the keytype in - `in_creds->session.keytype' if it's set - - * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol - encryption types - (do_checksum): new function - (verify_checksum): take the checksum to use from the checksum message - and not from the crypto struct - (etypes): add F_PSEUDO flags - (krb5_keytype_to_enctypes): new function - - * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype - and cksumtype - (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement - (krb5_auth_setkeytype, krb5_auth_getkeytype): implement - (krb5_auth_setenctype): comment out, it's rather bogus anyway - -Sun Apr 25 16:55:50 1999 Johan Danielsson <joda@pdc.kth.se> - - * lib/krb5/krb5_locl.h: fix for stupid aix warnings - - * lib/krb5/fcache.c (erase_file): don't malloc - -Sat Apr 24 18:35:21 1999 Johan Danielsson <joda@pdc.kth.se> - - * kdc/config.c: pass context to krb5_config_file_free - - * kuser/kinit.c: add `--fcache-version' to set cache version to - create - - * kuser/klist.c: print cache version if verbose - - * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort - - * lib/krb5/principal.c: abort -> krb5_abortx - - * lib/krb5/mk_rep.c: abort -> krb5_abortx - - * lib/krb5/config_file.c: abort -> krb5_abortx - - * lib/krb5/context.c (init_context_from_config_file): init - fcache_version; add krb5_{get,set}_fcache_version - - * lib/krb5/keytab.c: add support for reading (and writing?) old - version keytabs - - * lib/krb5/cache.c: add krb5_cc_get_version - - * lib/krb5/fcache.c: add support for reading and writing old - version cache files - - * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags - - * lib/krb5/store_emem.c (krb5_storage_emem): zero flags - - * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags - - * lib/krb5/store.c: add flags to change how various fields are - stored, used for old cache version support - - * lib/krb5/krb5.h: add support for reading and writing old version - cache files, and keytabs - -Wed Apr 21 00:09:26 1999 Assar Westerlund <assar@sics.se> + * kdc/hprop.h: include shadow definition of kdb Principal, so we + don't have to depend on any v4 libraries - * configure.in: fix test for readline.h remember to link with - $LIB_tgetent when trying linking with readline + * lib/hdb/print.c: reduce number of memory allocations - * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time - is given, request a postdated ticket. + * lib/hdb/mkey.c: add support for reading krb4 /.k files - * lib/krb5/data.c (krb5_data_free): free data as long as it's not - NULL +2001-01-19 Assar Westerlund <assar@sics.se> -Tue Apr 20 20:18:14 1999 Assar Westerlund <assar@sics.se> + * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server + for realms document capath better - * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen + * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look + at kpasswd_server before admin_server - * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add + * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in + [libdefaults]capath for better hint of realm to send request to. + this allows the client to specify `realm routing information' in + case it cannot be done at the server (which is preferred) - * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and - KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is - invalid + * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as + zero when we were expecting a sequence number. MIT krb5 cannot + generate a sequence number of zero, instead generating no sequence + number + * lib/krb5/rd_safe.c (krb5_rd_safe): dito -Tue Apr 20 12:42:08 1999 Johan Danielsson <joda@hella.pdc.kth.se> +2001-01-11 Assar Westerlund <assar@sics.se> - * kpasswd/kpasswdd.c: don't try to load library by default; get - library and function name from krb5.conf + * kpasswd/kpasswdd.c: add --port option - * kpasswd/sample_passwd_check.c: sample password checking - functions +2001-01-10 Assar Westerlund <assar@sics.se> -Mon Apr 19 22:22:19 1999 Assar Westerlund <assar@sics.se> + * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition + just before returning - * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use - krb5_data_alloc and be careful with checking allocation and sizes. +2001-01-09 Assar Westerlund <assar@sics.se> - * kuser/klist.c (--tokens): conditionalize on KRB4 + * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred - * kuser/kinit.c (renew_validate): set all flags - (main): fix cut-n-paste error when setting start-time +2001-01-05 Johan Danielsson <joda@pdc.kth.se> - * kdc/kerberos5.c (check_tgs_flags): starttime of a validate - ticket should be > than current time - (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket + * kuser/kinit.c: call a time `time', and not `seconds' - * kuser/kinit.c (renew_validate): use the client realm instead of - the local realm when renewing tickets. + * lib/krb5/init_creds.c: not much point in setting the anonymous + flag here - * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function - (krb5_get_forwarded_creds): correct freeing of out_creds + * lib/krb5/krb5_appdefault.3: document appdefault_time - * kuser/kinit.c (renew_validate): hopefully fix up freeing of - memory +2001-01-04 Johan Danielsson <joda@pdc.kth.se> - * configure.in: do all the krb4 tests with "$krb4" != "no" + * lib/krb5/verify_user.c: use + krb5_get_init_creds_opt_set_default_flags - * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero - keyvalue if it's NULL. noticed by Ake Sandgren <ake@cs.umu.se> + * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags - * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes - instead of just taking the first one. fix all callers. From - "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> + * lib/krb5/init_creds.c: new function + krb5_get_init_creds_opt_set_default_flags to set options from + krb5.conf - * kdc/kdc_locl.h (enable_kaserver): declaration + * lib/krb5/rd_cred.c: make this match the MIT function - * kdc/hprop.c (ka_convert): print the failing principal. AFS 3.4a - creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around. From - "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> - - * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning - - * kdc/connect.c (add_standard_ports, process_request): look at - enable_kaserver. From "Brandon S. Allbery KF8NH" - <allbery@kf8nh.apk.net> - - * kdc/config.c: new flag --kaserver and config file option - enable-kaserver. From "Brandon S. Allbery KF8NH" - <allbery@kf8nh.apk.net> - -Mon Apr 19 12:32:04 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * configure.in: check for dlopen, and dlfcn.h - - * kpasswd/kpasswdd.c: add support for dlopen:ing password quality - check library - - * configure.in: add appl/su - -Sun Apr 18 15:46:53 1999 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a - cache - -Fri Apr 16 17:58:51 1999 Assar Westerlund <assar@sics.se> - - * configure.in: LIB_kdb: -L should be before -lkdb - test for prototype of strsep - -Thu Apr 15 11:34:38 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/krb5/Makefile.am: update version - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use - ALLOC_SEQ - - * lib/krb5/fcache.c: add some support for reading and writing old - cache formats; - (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use - krb5_ret_creds - - * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc, - initialize host_byteorder - - * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize - host_byteorder - - * lib/krb5/store_emem.c (krb5_storage_emem): initialize - host_byteorder - - * lib/krb5/store.c (krb5_storage_set_host_byteorder): add; - (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16): - check host_byteorder flag; (krb5_store_creds): add; - (krb5_ret_creds): add - - * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for - storage of numbers - - * lib/krb5/heim_err.et: add `host not found' error - - * kdc/connect.c: don't use data after clearing decriptor - - * lib/krb5/auth_context.c: abort -> krb5_abortx - - * lib/krb5/warn.c: add __attribute__; add *abort functions - - * configure.in: check for __attribute__ - - * kdc/connect.c: log bogus requests - -Tue Apr 13 18:38:05 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts - for all DES keys - -1999-04-12 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit - - * lib/krb5/get_cred.c (init_tgs_req): some more error checking - - * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return - value from malloc - -Sun Apr 11 03:47:23 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/krb5/krb5.conf.5: update to reality - - * lib/krb5/krb5_425_conv_principal.3: update to reality - -1999-04-11 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_host_realm.c: handle more than one realm for a host - - * kpasswd/kpasswd.c (main): use krb5_program_setup and - print_version - - * kdc/string2key.c (main): use krb5_program_setup and - print_version - -Sun Apr 11 02:35:58 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/krb5/principal.c (krb5_524_conv_principal): make it actually - work, and check built-in list of host-type first-components - - * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm - - * lib/krb5/context.c: add srv_* flags to context - - * lib/krb5/principal.c: add default v4_name_convert entries - - * lib/krb5/krb5.h: add srv_* flags to context - -Sat Apr 10 22:52:28 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * kadmin/kadmin.c: complain about un-recognised commands - - * admin/ktutil.c: complain about un-recognised commands - -Sat Apr 10 15:41:49 1999 Assar Westerlund <assar@sics.se> - - * kadmin/load.c (doit): fix error message - - * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths - fail to match. - (krb5_get_wrapped_length): new function - - * configure.in: security/pam_modules.h: check for - - * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge - around `ret_as_reply' semantics by only freeing it when ret == 0 - -Fri Apr 9 20:24:04 1999 Assar Westerlund <assar@sics.se> - - * kuser/klist.c (print_cred_verbose): handle the case of a bad - enctype - - * configure.in: test for more header files - (LIB_roken): set - -Thu Apr 8 15:01:59 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * configure.in: fixes for building w/o krb4 - - * ltmain.sh: update to libtool 1.2d - - * ltconfig: update to libtool 1.2d - -Wed Apr 7 23:37:26 1999 Assar Westerlund <assar@sics.se> - - * kdc/hpropd.c: fix some error messages to be more understandable. - - * kdc/hprop.c (ka_dump): remove unused variables - - * appl/test/tcp_server.c: remove unused variables - - * appl/test/gssapi_server.c: remove unused variables - - * appl/test/gssapi_client.c: remove unused variables - -Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code - - * kuser/klist.c: make it compile w/o krb4 - - * kuser/kdestroy.c: make it compile w/o krb4 - - * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help - strings - -Mon Apr 5 16:13:46 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * configure.in: test for MIPS ABI; new test_package - -Thu Apr 1 11:00:40 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * include/Makefile.am: clean krb5-private.h - - * Release 0.1d - - * kpasswd/kpasswdd.c (doit): pass context to - krb5_get_all_client_addrs - - * kdc/connect.c (init_sockets): pass context to - krb5_get_all_server_addrs - - * lib/krb5/get_in_tkt.c (init_as_req): pass context to - krb5_get_all_client_addrs - - * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to - krb5_get_all_client_addrs - - * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses - - * lib/krb5/krb5.h: add support for adding an extra set of - addresses - - * lib/krb5/context.c: add support for adding an extra set of - addresses - - * lib/krb5/addr_families.c: add krb5_parse_address - - * lib/krb5/address.c: krb5_append_addresses - - * lib/krb5/config_file.c (parse_binding): don't zap everything - after first whitespace - - * kuser/kinit.c (renew_validate): don't allocate out - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't - allocate out_creds - - * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make - out_creds pointer; - (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags): - free more memory - - * lib/krb5/crypto.c (encrypt_internal): free checksum - - * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply, - and ticket - - * kuser/Makefile.am: remove kfoo - - * lib/Makefile.am: add auth - - * lib/kadm5/iprop.h: getarg.h - - * lib/kadm5/replay_log.c: use getarg - - * lib/kadm5/ipropd_slave.c: use getarg - - * lib/kadm5/ipropd_master.c: use getarg - - * lib/kadm5/dump_log.c: use getarg - - * kpasswd/kpasswdd.c: use getarg - - * Makefile.am.common: make a more working check-local target - - * lib/asn1/main.c: use getargs - -Mon Mar 29 20:19:57 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * kuser/klist.c (print_cred_verbose): use krb5_print_address - - * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int - - * lib/krb5/addr_families.c (krb5_print_address): handle unknown - address types; (ipv6_print_addr): print in 16-bit groups (as it - should) - - * lib/krb5/crc.c: crc_{init_table,update} -> - _krb5_crc_{init_table,update} - - * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int - crc_{init_table,update} -> _krb5_crc_{init_table,update} - - * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int - - * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int - - * lib/krb5/krb5_locl.h: include krb5-private.h - - * kdc/connect.c (addr_to_string): use krb5_print_address - - * lib/krb5/addr_families.c (krb5_print_address): int -> size_t - - * lib/krb5/addr_families.c: add support for printing ipv6 - addresses, either with inet_ntop, or ugly for-loop - - * kdc/524.c: check that the ticket came from a valid address; use - the address of the connection as the address to put in the v4 - ticket (if this address is AF_INET) - - * kdc/connect.c: pass addr to do_524 - - * kdc/kdc_locl.h: prototype for do_524 - -Sat Mar 27 17:48:31 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * configure.in: check for OSF C2; bind/bitypes.h, getudbnam, - setlim; check for auth modules; siad.h, getpwnam_r; - lib/auth/Makefile, lib/auth/sia/Makefile - - * lib/krb5/crypto.c: n_fold -> _krb5_n_fold - - * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold - -Thu Mar 25 04:35:21 1999 Assar Westerlund <assar@sics.se> - - * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping - it - - * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data' - - * lib/hdb/ndbm.c (NDBM_destroy): clear master key - - * lib/hdb/db.c (DB_destroy): clear master key - (DB_open): check malloc - - * kdc/connect.c (init_sockets): free addresses - - * kadmin/kadmin.c (main): make code more consistent. always free - configuration information. - - * kadmin/init.c (create_random_entry): free the entry - -Wed Mar 24 04:02:03 1999 Assar Westerlund <assar@sics.se> - - * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): - re-organize the code to always free `kdc_reply' - - * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about - freeing memory - - * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close - - * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto' - - * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0 - header - - * configure.in (db_185.h): check for - - * admin/srvcreate.c: new file. contributed by Daniel Kouril - <kouril@informatics.muni.cz> - - * admin/ktutil.c: srvcreate: new command - - * kuser/klist.c: add support for printing AFS tokens - - * kuser/kdestroy.c: add support for destroying v4 tickets and AFS - tokens. based on code by Love <lha@stacken.kth.se> - - * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries - - * configure.in: sys/ioccom.h: test for - - * kuser/klist.c (main): don't print `no ticket file' with --test. - From: Love <lha@e.kth.se> - - * kpasswd/kpasswdd.c (doit): more braces to make gcc happy - - * kdc/connect.c (init_socket): get rid of a stupid warning - - * include/bits.c (my_strupr): cast away some stupid warnings - -Tue Mar 23 14:34:44 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite - loops, please - -Tue Mar 23 00:00:45 1999 Assar Westerlund <assar@sics.se> - - * lib/kadm5/Makefile.am (install_build_headers): recover from make - rewriting the names of the headers kludge to help solaris make - - * lib/krb5/Makefile.am: kludge to help solaris make - - * lib/hdb/Makefile.am: kludge to help solaris make - - * configure.in (LIB_kdb): make sure there's a -L option in here by - adding $(LIB_krb4) - - * lib/asn1/gen_glue.c (generate_2int, generate_int2): int -> - unsigned - - * configure.in (SunOS): set to a number KRB4, KRB5 conditionals: - remove the `dnl' to work around an automake flaw - -Sun Mar 21 15:08:49 1999 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/get_default_realm.c: char* -> krb5_realm - -Sun Mar 21 14:08:30 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * include/bits.c: <bind/bitypes.h> - - * lib/krb5/Makefile.am: create krb5-private.h - -Sat Mar 20 00:08:59 1999 Assar Westerlund <assar@sics.se> - - * configure.in (gethostname): remove duplicate - -Fri Mar 19 14:48:03 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/hdb/Makefile.am: add version-info - - * lib/gssapi/Makefile.am: add version-info - - * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der - to check_PROGRAMS - - * lib/Makefile.am: add 45 - - * lib/kadm5/Makefile.am: split in client and server libraries - (breaks shared libraries otherwise) - -Thu Mar 18 11:33:30 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * include/kadm5/Makefile.am: clean a lot of header files (since - automake lacks a clean-hook) - - * include/Makefile.am: clean a lot of header files (since automake - lacks a clean-hook) - - * lib/kadm5/Makefile.am: fix build-installation of headers - - * lib/krb5/Makefile.am: remove include_dir hack - - * lib/hdb/Makefile.am: remove include_dir hack - - * lib/asn1/Makefile.am: remove include_dir hack - - * include/Makefile.am: remove include_dir hack - - * doc/whatis.texi: define sub for html - - * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h - - * lib/asn1/Makefile.am: der.h - - * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h - - * kdc/Makefile.am: remove junk - - * kadmin/Makefile.am: sl.a -> sl.la - - * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS - - * admin/Makefile.am: sl.a -> sl.la - - * configure.in: condition KRB5; AC_CHECK_XAU - - * Makefile.am: include Makefile.am.common - - * include/kadm5/Makefile.am: include Makefile.am.common; don't - install headers from here - - * include/Makefile.am: include Makefile.am.common; don't install - headers from here - - * doc/Makefile.am: include Makefile.am.common - - * lib/krb5/Makefile.am: include Makefile.am.common - - * lib/kadm5/Makefile.am: include Makefile.am.common - - * lib/hdb/Makefile.am: include Makefile.am.common - - * lib/gssapi/Makefile.am: include Makefile.am.common - - * lib/asn1/Makefile.am: include Makefile.am.common - - * lib/Makefile.am: include Makefile.am.common - - * lib/45/Makefile.am: include Makefile.am.common - - * kuser/Makefile.am: include Makefile.am.common - - * kpasswd/Makefile.am: include Makefile.am.common - - * kdc/Makefile.am: include Makefile.am.common - - * kadmin/Makefile.am: include Makefile.am.common - - * appl/test/Makefile.am: include Makefile.am.common - - * appl/afsutil/Makefile.am: include Makefile.am.common - - * appl/Makefile.am: include Makefile.am.common - - * admin/Makefile.am: include Makefile.am.common - -Wed Mar 17 03:04:38 1999 Assar Westerlund <assar@sics.se> - - * lib/krb5/store.c (krb5_store_stringz): braces fix - - * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix - - * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix - - * kdc/connect.c (loop): braces fix - - * lib/krb5/config_file.c: cast to unsigned char to make is* happy - - * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy - - * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to - be consistent - - * kadmin/util.c (timeval2str): more braces to make gcc happy - - * kadmin/load.c: cast in is* to get rid of stupid warning - - * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid - warning - - * kdc/kaserver.c: malloc checks and fixes - - * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading - dot (if any) when looking up realms. - -Fri Mar 12 13:57:56 1999 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/get_host_realm.c: add dns support - - * lib/krb5/set_default_realm.c: use krb5_free_host_realm - - * lib/krb5/free_host_realm.c: check for NULL realmlist - - * lib/krb5/context.c: don't print warning if there is no krb5.conf - -Wed Mar 10 19:29:46 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * configure.in: use AC_WFLAGS - -Mon Mar 8 11:49:43 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * Release 0.1c - - * kuser/klist.c: use print_version - - * kuser/kdestroy.c: use print_version - - * kdc/hpropd.c: use print_version - - * kdc/hprop.c: use print_version - - * kdc/config.c: use print_version - - * kadmin/kadmind.c: use print_version - - * kadmin/kadmin.c: use print_version - - * appl/test/common.c: use print_version - - * appl/afsutil/afslog.c: use print_version - -Mon Mar 1 10:49:14 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN -> - HAVE_STRUCT_SOCKADDR_SA_LEN - - * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13 - -Sun Feb 28 18:19:20 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/asn1/gen.c: make `BIT STRING's unsigned - - * lib/asn1/{symbol.h,gen.c}: add TUInteger type - - * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to - krb5_get_init_creds_password - - * lib/krb5/fcache.c (fcc_gen_new): implement - -Sat Feb 27 22:41:23 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * doc/install.texi: krb4 is now automatically detected - - * doc/misc.texi: update procedure to set supported encryption - types - - * doc/setup.texi: change some silly wordings - -Sat Feb 27 22:17:30 1999 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/keytab.c (fkt_remove_entry): make this work - - * admin/ktutil.c: add minimally working `get' command - -Sat Feb 27 19:44:49 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/hdb/convert_db.c: more typos - - * include/Makefile.am: remove EXTRA_DATA (as of autoconf - 2.13/automake 1.4) - - * appl/Makefile.am: OTP_dir - -Fri Feb 26 17:37:00 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * doc/setup.texi: add kadmin section - - * lib/asn1/check-der.c: fix printf warnings - -Thu Feb 25 11:16:49 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * configure.in: -O does not belong in WFLAGS - -Thu Feb 25 11:05:57 1999 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/asn1/der_put.c: fix der_put_int - -Tue Feb 23 20:35:12 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * configure.in: use AC_BROKEN_GLOB - -Mon Feb 22 15:12:44 1999 Johan Danielsson <joda@blubb.pdc.kth.se> - - * configure.in: check for glob - -Mon Feb 22 11:32:42 1999 Johan Danielsson <joda@hella.pdc.kth.se> - - * Release 0.1b - -Sat Feb 20 15:48:06 1999 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and - des3-cbc-md5 - - * lib/krb5/crypto.c (DES3_string_to_key): make this actually do - what the draft said it should - - * lib/hdb/convert_db.c: little program for database conversion - - * lib/hdb/db.c (DB_open): try to open database w/o .db extension - - * lib/hdb/ndbm.c (NDBM_open): add test for database format - - * lib/hdb/db.c (DB_open): add test for database format - - * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being - unsigned - - * lib/hdb/hdb.c: change `hdb_set_master_key' to take an - EncryptionKey, and add a new function `hdb_set_master_keyfile' to - do what `hdb_set_master_key' used to do - - * kdc/kstash.c: add `--convert-file' option to change keytype of - existing master key file - -Fri Feb 19 07:04:14 1999 Assar Westerlund <assar@squid.pdc.kth.se> - - * Release 0.1a - -Sat Feb 13 17:12:53 1999 Assar Westerlund <assar@sics.se> - - * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf - is now a `u_char *' - - * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int' - - * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize - orig_host - - (krb5_salttype_to_string): new function (RSA_MD5_DES_verify, - RSA_MD5_DES3_verify): initialize ret - - * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary - gssapi_krb5_init. ask for KEYTYPE_DES credentials - - * kadmin/get.c (print_entry_long): print the keytypes and salts - available for the principal - - * configure.in (WFLAGS): add `-O' to catch unitialized variables - and such - (gethostname, mkstemp, getusershell, inet_aton): more tests - - * lib/hdb/hdb.h: update prototypes - - * configure.in: homogenize broken detection with krb4 - - * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused - `error' - - * lib/asn1/Makefile.am (check-der): add - - * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead - of `unsigned' - - * lib/asn1/der_length.c (length_unsigned): new function - (length_int): handle signed integers - - * lib/asn1/der_put.c (der_put_unsigned): new function - (der_put_int): handle signed integers - - * lib/asn1/der_get.c (der_get_unsigned): new function - (der_get_int): handle signed integers - - * lib/asn1/der.h: all integer functions take `int' instead of - `unsigned' - - * lib/asn1/lex.l (filename): unused. remove. - - * lib/asn1/check-der.c: new test program for der encoding and - decoding. - -Mon Feb 1 04:09:06 1999 Assar Westerlund <assar@sics.se> - - * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call - gethostbyname2 with AF_INET6 if we actually have IPv6. From - "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> - - * lib/krb5/changepw.c (get_kdc_address): dito - -Sun Jan 31 06:26:36 1999 Assar Westerlund <assar@sics.se> - - * kdc/connect.c (parse_prots): always bind to AF_INET, there are - v6-implementations without support for `mapped V4 addresses'. - From Jun-ichiro itojun Hagino <itojun@kame.net> - -Sat Jan 30 22:38:27 1999 Assar Westerlund <assar@juguete.sics.se> - - * Release 0.0u - -Sat Jan 30 13:43:02 1999 Assar Westerlund <assar@sics.se> - - * lib/krb5/Makefile.am: explicit rules for *.et files - - * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if - krb5_get_credentials was succesful. - (get_new_cache): return better error codes and return earlier. - (get_cred_cache): only delete default_client if it's different - from client - (kadm5_c_init_with_context): return a more descriptive error. - - * kdc/kerberos5.c (check_flags): handle NULL client or server - - * lib/krb5/sendauth.c (krb5_sendauth): return the error in - `ret_error' iff != NULL - - * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents): - new functions - - * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more - type-correctness - - * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR - - * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use - - * lib/krb5/get_cred.c: KRB5_TGS_NAME: use - - * lib/kafs/afskrb5.c (afslog_uid_int): update to changes - - * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove - instead of rename, but shouldn't this just call rename? - - * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an - error if the principal wasn't found. - - * lib/hdb/ndbm.c (NDBM_seq): unseal key - - * lib/hdb/db.c (DB_seq): unseal key - - * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch] - - * kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when - finding cross-realm tgts in the v4 database - - * kadmin/mod.c (mod_entry): check the number of arguments. check - that kadm5_get_principal worked. - - * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if - we weren't able to remove it. - - * admin/ktutil.c: less drive-by-deleting. From Love - <lha@e.kth.se> - - * kdc/connect.c (parse_ports): copy the string before mishandling - it with strtok_r - - * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching - kvnos - - * kadmin/kadmind.c (main): convert `debug_port' to network byte - order - - * kadmin/kadmin.c: allow specification of port number. - - * lib/kadm5/kadm5_locl.h (kadm5_client_context): add - `kadmind_port'. - - * lib/kadm5/init_c.c (_kadm5_c_init_context): move up - initalize_kadm5_error_table_r. - allow specification of port number. - - From Love <lha@stacken.kth.se> - - * kuser/klist.c: add option -t | --test - -Sat Dec 5 19:49:34 1998 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/krb5/context.c: remove ktype_is_etype - - * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE - - * configure.in: fix for AIX install; better tests for AIX dynamic - AFS libs; `--enable-new-des3-code' - -Tue Dec 1 14:44:44 1998 Johan Danielsson <joda@hella.pdc.kth.se> - - * appl/afsutil/Makefile.am: link with extra libs for aix - - * kuser/Makefile.am: link with extra libs for aix - -Sun Nov 29 01:56:21 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add. almost - the same as krb5_get_all_client_addrs except that it includes - loopback addresses - - * kdc/connect.c (init_socket): bind to a particular address - (init_sockets): get all local addresses and bind to them all - - * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new - methods - (find_af, find_atype): new functions. use them. - - * configure.in: add hesiod - -Wed Nov 25 11:37:48 1998 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03 - -Mon Nov 23 12:53:48 1998 Assar Westerlund <assar@sics.se> - - * lib/kadm5/log.c: rename delete -> remove - - * lib/kadm5/delete_s.c: rename delete -> remove - - * lib/hdb/common.c: rename delete -> remove - -Sun Nov 22 12:26:26 1998 Assar Westerlund <assar@sics.se> - - * configure.in: check for environ and `struct spwd' - -Sun Nov 22 11:42:45 1998 Johan Danielsson <joda@blubb.pdc.kth.se> - - * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if - ktype_is_etype - - * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate - etypes - (em): sort entries - -Sun Nov 22 06:54:48 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/init_creds_pw.c: more type correctness - - * lib/krb5/get_cred.c: re-structure code. remove limits on ASN1 - generated bits. - -Sun Nov 22 01:49:50 1998 Johan Danielsson <joda@hella.pdc.kth.se> - - * kdc/hprop.c (v4_prop): fix bogus indexing - -Sat Nov 21 21:39:20 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/verify_init.c (fail_verify_is_ok): new function - (krb5_verify_init_creds): if we cannot get a ticket for - host/`hostname` and fail_verify_is_ok just return. use - krb5_rd_req - -Sat Nov 21 23:12:27 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/free.c (krb5_xfree): new function - - * lib/krb5/creds.c (krb5_free_creds_contents): new function - - * lib/krb5/context.c: more type correctness - - * lib/krb5/checksum.c: more type correctness - - * lib/krb5/auth_context.c (krb5_auth_con_init): more type - correctness - - * lib/asn1/der_get.c (der_get_length): fix test of len - (der_get_tag): more type correctness - - * kuser/klist.c (usage): void-ize - - * admin/ktutil.c (kt_remove): some more type correctness. - -Sat Nov 21 16:49:20 1998 Johan Danielsson <joda@hella.pdc.kth.se> - - * kuser/klist.c: try to list enctypes as keytypes - - * kuser/kinit.c: remove extra `--cache' option, add `--enctypes' - to set list of enctypes to use - - * kadmin/load.c: load strings as hex - - * kadmin/dump.c: dump hex as string is possible - - * admin/ktutil.c: use print_version() - - * configure.in, acconfig.h: test for hesiod - -Sun Nov 15 17:28:19 1998 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/krb5/crypto.c: add some crypto debug code - - * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed - buffer when encoding ticket - - * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype' - - * kdc/kerberos5.c: allow mis-match of tgt session key, and service - session key - - * admin/ktutil.c: keytype -> enctype - -Fri Nov 13 05:35:48 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added - -Sat Nov 7 19:56:31 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_cred.c (add_cred): add termination NULL pointer - -Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/rd_req.c: adapt to new crypto api - - * lib/krb5/rd_rep.c: adapt to new crypto api - - * lib/krb5/rd_priv.c: adopt to new crypto api - - * lib/krb5/rd_cred.c: adopt to new crypto api - - * lib/krb5/principal.c: ENOMEM -> ERANGE - - * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api - - * lib/krb5/mk_req_ext.c: adopt to new crypto api - - * lib/krb5/mk_req.c: get enctype from auth_context keyblock - - * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api - - * lib/krb5/mk_priv.c: adopt to new crypto api - - * lib/krb5/keytab.c: adopt to new crypto api - - * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api - - * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api - - * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api - - * lib/krb5/get_in_tkt.c: adopt to new crypto api - - * lib/krb5/get_cred.c: adopt to new crypto api - - * lib/krb5/generate_subkey.c: use new crypto api - - * lib/krb5/context.c: rename etype functions to enctype ditto - - * lib/krb5/build_auth.c: use new crypto api - - * lib/krb5/auth_context.c: remove enctype and cksumtype from - auth_context - -Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se> - - * kdc/connect.c (handle_udp, handle_tcp): correct type of `n' - -Tue Sep 15 18:41:38 1998 Johan Danielsson <joda@hella.pdc.kth.se> - - * admin/ktutil.c: fix printing of unrecognized keytypes - -Tue Sep 15 17:02:33 1998 Johan Danielsson <joda@hella.pdc.kth.se> - - * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if - using AFS3 salt - -Tue Aug 25 23:30:52 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about - `use_admin_kdc' - - * lib/krb5/changepw.c (get_kdc_address): use - krb5_get_krb_admin_hst - - * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function - - * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc' - - * lib/krb5/context.c (krb5_get_use_admin_kdc, - krb5_set_use_admin_kdc): new functions - -Tue Aug 18 22:24:12 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/crypto.c: remove all calls to abort(); check return - value from _key_schedule; - (RSA_MD[45]_DES_verify): zero tmp and res; - (RSA_MD5_DES3_{verify,checksum}): implement - -Mon Aug 17 20:18:46 1998 Assar Westerlund <assar@sics.se> - - * kdc/kerberos4.c (swap32): conditionalize - - * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function - - * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname - returned from gethostby*() isn't a FQDN, try with the original - hostname - - * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal - and correct key usage - - * lib/krb5/crypto.c (verify_checksum): make static - - * admin/ktutil.c (kt_list): use krb5_enctype_to_string - -Sun Aug 16 20:57:56 1998 Assar Westerlund <assar@sics.se> - - * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt - - * kadmin/ank.c (ank): print principal name in prompt - - * lib/krb5/crypto.c (hmac): always allocate space for checksum. - never trust c.checksum.length - (_get_derived_key): try to return the derived key - -Sun Aug 16 19:48:42 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs - (get_checksum_key): assume usage is `formatted' - (create_checksum,verify_checksum): moved the guts of the krb5_* - functions here, both take `formatted' key-usages - (encrypt_internal_derived): fix various bogosities - (derive_key): drop key_type parameter (already given by the - encryption_type) - - * kdc/kerberos5.c (check_flags): handle case where client is NULL - - * kdc/connect.c (process_request): return zero after processing - kerberos 4 request - -Sun Aug 16 18:38:15 1998 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/crypto.c: merge x-*.[ch] into one file - - * lib/krb5/cache.c: remove residual from krb5_ccache_data - -Fri Aug 14 16:28:23 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to - separate function (will eventually end up someplace else) - - * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key - - * configure.in, acconfig.h: test for four valued krb_put_int - -Thu Aug 13 23:46:29 1998 Assar Westerlund <assar@emma.pdc.kth.se> - - * Release 0.0t - -Thu Aug 13 22:40:17 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/config_file.c (parse_binding): remove trailing - whitespace - -Wed Aug 12 20:15:11 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type - to krb5_create_checksum - - * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a - few typos - -Wed Aug 5 12:39:54 1998 Assar Westerlund <assar@emma.pdc.kth.se> - - * Release 0.0s - -Thu Jul 30 23:12:17 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die - -Thu Jul 23 19:49:03 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kdc_locl.h: proto for `get_des_key' - - * configure.in: test for four valued el_init - - * kuser/klist.c: keytype -> enctype - - * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*' - - * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys - - * kdc/kaserver.c: use `get_des_key' - - * kdc/524.c: use new crypto api - - * kdc/kerberos4.c: use new crypto api - - * kdc/kerberos5.c: always treat keytypes as enctypes; use new - crypto api - - * kdc/kstash.c: adapt to new crypto api - - * kdc/string2key.c: adapt to new crypto api - - * admin/srvconvert.c: add keys for all possible enctypes - - * admin/ktutil.c: keytype -> enctype - - * lib/gssapi/init_sec_context.c: get enctype from auth_context - keyblock - - * lib/hdb/hdb.c: remove hdb_*_keytype2key - - * lib/kadm5/set_keys.c: adapt to new crypto api - - * lib/kadm5/rename_s.c: adapt to new crypto api - - * lib/kadm5/get_s.c: adapt to new crypto api - - * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4, - des-cbc-md5, and des3-cbc-sha1 - - * lib/krb5/heim_err.et: error message for unsupported salt - - * lib/krb5/codec.c: short-circuit these functions, since they are - not needed any more - - * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api - -Mon Jul 13 23:00:59 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance - hostent->h_addr_list, use a copy instead - -Mon Jul 13 15:00:31 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/config_file.c (parse_binding, parse_section): make sure - everything is ok before adding to linked list - - * lib/krb5/config_file.c: skip ws before checking for comment - -Wed Jul 8 10:45:45 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/asn1/k5.asn1: hmac-sha1-des3 = 12 - -Tue Jun 30 18:08:05 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the - unopened file - - * lib/krb5/mk_priv.c: realloc correctly - - * lib/krb5/get_addrs.c (find_all_addresses): init j - - * lib/krb5/context.c (krb5_init_context): print error if parsing - of config file produced an error. - - * lib/krb5/config_file.c (parse_list, krb5_config_parse_file): - ignore more spaces - - * lib/krb5/codec.c (krb5_encode_EncKrbCredPart, - krb5_encode_ETYPE_INFO): initialize `ret' - - * lib/krb5/build_auth.c (krb5_build_authenticator): realloc - correctly - - * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret' - - * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing - with default_client - - * kuser/kinit.c (main): initialize `ticket_life' - - * kdc/kerberos5.c (get_pa_etype_info): initialize `ret' - (tgs_rep2): initialize `krbtgt' - - * kdc/connect.c (do_request): check for errors from `sendto' - - * kdc/524.c (do_524): initialize `ret' - - * kadmin/util.c (foreach_principal): don't clobber `ret' - - * kadmin/del.c (del_entry): don't apply on zeroth argument - - * kadmin/cpw.c (do_cpw_entry): initialize `ret' - -Sat Jun 13 04:14:01 1998 Assar Westerlund <assar@juguete.sics.se> - - * Release 0.0r - -Sun Jun 7 04:13:14 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/addr_families.c: fall-back definition of - IN6_ADDR_V6_TO_V4 - - * configure.in: only set CFLAGS if it wasn't set look for - dn_expand and res_search - -Mon Jun 1 21:28:07 1998 Assar Westerlund <assar@sics.se> - - * configure.in: remove duplicate seteuid - -Sat May 30 00:19:51 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid - runtime dependencies on libkrb with some shared library - implementations - -Fri May 29 00:09:02 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * kuser/kinit_options.c: Default options for kinit. - - * kuser/kauth_options.c: Default options for kauth. - - * kuser/kinit.c: Implement lots a new options. - - * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime - is not NULL; set endtime to min of new starttime + old_life, and - requested endtime - - * lib/krb5/init_creds_pw.c (get_init_creds_common): if the - forwardable or proxiable flags are set in options, set the - kdc-flags to the value specified, and not always to one - -Thu May 28 21:28:06 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kerberos5.c: Optionally compare client address to addresses - in ticket. - - * kdc/connect.c: Pass client address to as_rep() and tgs_rep(). - - * kdc/config.c: Add check_ticket_addresses, and - allow_null_ticket_addresses variables. - -Tue May 26 14:03:42 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/kadm5/create_s.c: possibly make DES keys version 4 salted - - * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt - before zapping version 4 salts - -Sun May 24 05:22:17 1998 Assar Westerlund <assar@sics.se> - - * Release 0.0q - - * lib/krb5/aname_to_localname.c: new file - - * lib/gssapi/init_sec_context.c (repl_mutual): no output token - - * lib/gssapi/display_name.c (gss_display_name): zero terminate - output. - -Sat May 23 19:11:07 1998 Assar Westerlund <assar@sics.se> - - * lib/gssapi/display_status.c: new file - - * Makefile.am: send -I to aclocal - - * configure.in: remove duplicate setenv - -Sat May 23 04:55:19 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * kadmin/util.c (foreach_principal): Check for expression before - wading through the whole database. - - * kadmin/kadmin.c: Pass NULL password to - kadm5_*_init_with_password. - - * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use - of `password' parameter to init_with_password. - - * lib/kadm5/init_s.c: implement init_with_{skey,creds}* - - * lib/kadm5/server.c: Better arguments for - kadm5_init_with_password. - -Sat May 16 07:10:36 1998 Assar Westerlund <assar@sics.se> - - * kdc/hprop.c: conditionalize ka-server reading support on - KASERVER_DB - - * configure.in: new option `--enable-kaserver-db' - -Fri May 15 19:39:18 1998 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/get_cred.c: Better error if local tgt couldn't be - found. - -Tue May 12 21:11:02 1998 Assar Westerlund <assar@sics.se> - - * Release 0.0p - - * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set - encryption type in auth_context if it's compatible with the type - of the session key - -Mon May 11 21:11:14 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/hprop.c: add support for ka-server databases - - * appl/ftp/ftpd: link with -lcrypt, if needed - -Fri May 1 07:29:52 1998 Assar Westerlund <assar@sics.se> - - * configure.in: don't test for winsock.h - -Sat Apr 18 21:43:11 1998 Johan Danielsson <joda@puffer.pdc.kth.se> - - * Release 0.0o - -Sat Apr 18 00:31:11 1998 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/sock_principal.c: Save hostname. - -Sun Apr 5 11:29:45 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/mk_req_ext.c: Use same enctype as in ticket. - - * kdc/hprop.c (v4_prop): Check for null key. - -Fri Apr 3 03:54:54 1998 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/str2key.c: Fix DES3 string-to-key. - - * lib/krb5/keytab.c: Get default keytab name from context. - - * lib/krb5/context.c: Get `default_keytab_name' value. - - * kadmin/util.c (foreach_principal): Print error message if - `kadm5_get_principals' fails. - - * kadmin/kadmind.c: Use `kadmind_loop'. - - * lib/kadm5/server.c: Replace several other functions with - `kadmind_loop'. - -Sat Mar 28 09:49:18 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead - of O_APPEND - - * configure.in: generate ftp Makefiles - - * kuser/klist.c (print_cred_verbose): print IPv4-address in a - portable way. - - * admin/srvconvert.c (srvconv): return 0 if successful - -Tue Mar 24 00:40:33 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to - keytab entries, and change default keytab to `/etc/krb5.keytab'. - -Mon Mar 23 23:43:59 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'. - - * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'. - Fix bug in checking of pad. - - * lib/gssapi/{un,}wrap.c: Add support for just integrity - protecting data. - - * lib/gssapi/accept_sec_context.c: Use - `gssapi_krb5_verify_8003_checksum'. - - * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'. - - * lib/gssapi/init_sec_context.c: Zero cred, and store session key - properly in auth-context. - -Sun Mar 22 00:47:22 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/kadm5/delete_s.c: Check immutable bit. - - * kadmin/kadmin.c: Pass client name to kadm5_init. - - * lib/kadm5/init_c.c: Get creds for client name passed in. - - * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'. - -Sat Mar 21 22:57:13 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/mk_error.c: Verify that error_code is in the range - [0,127]. - - * kdc/kerberos5.c: Move checking of principal flags to new - function `check_flags'. - -Sat Mar 21 14:38:51 1998 Assar Westerlund <assar@sics.se> - - * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt - - * configure.in: define SunOS if running solaris - -Sat Mar 21 00:26:34 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/kadm5/server.c: Unifdef test for same principal when - changing password. - - * kadmin/util.c: If kadm5_get_principals failes, we might still be - able to perform the requested opreration (for instance someone if - trying to change his own password). - - * lib/kadm5/init_c.c: Try to get ticket via initial request, if - not possible via tgt. - - * lib/kadm5/server.c: Check for principals changing their own - passwords. - - * kdc/kerberos5.c (tgs_rep2): check for interesting flags on - involved principals. - - * kadmin/util.c: Fix order of flags. - -Thu Mar 19 16:54:10 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kerberos4.c: Return sane error code if krb_rd_req fails. - -Wed Mar 18 17:11:47 1998 Assar Westerlund <assar@sics.se> - - * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6 - -Wed Mar 18 09:58:18 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't - free keyseed; use correct keytab - -Tue Mar 10 09:56:16 1998 Assar Westerlund <assar@sics.se> - - * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives - -Mon Mar 16 23:58:23 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * Release 0.0n - -Fri Mar 6 00:41:30 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/gssapi/{accept_sec_context,release_cred}.c: Use - krb5_kt_close/krb5_kt_resolve. - - * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver - to lookup hosts, so CNAMEs can be ignored. - - * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http): - Add support for using proxy. - - * lib/krb5/context.c: Initialize `http_proxy' from - `libdefaults/http_proxy'. - - * lib/krb5/krb5.h: Add `http_proxy' to context. - - * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol - specifications. - -Wed Mar 4 01:47:29 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * admin/ktutil.c: Implement `add' and `remove' functions. Make - `--keytab' a global option. - - * lib/krb5/keytab.c: Implement remove with files. Add memory - operations. - -Tue Mar 3 20:09:59 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/keytab.c: Use function pointers. - - * admin: Remove kdb_edit. - -Sun Mar 1 03:28:42 1998 Assar Westerlund <assar@sics.se> - - * lib/kadm5/dump_log.c: print operation names - -Sun Mar 1 03:04:12 1998 Assar Westerlund <assar@sics.se> - - * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth} - - * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c: - remove arbitrary limit - - * kdc/hprop-common.c: use krb5_{read,write}_message - - * lib/kadm5/ipropd_master.c (send_diffs): more careful use - krb5_{write,read}_message - - * lib/kadm5/ipropd_slave.c (get_creds): get credentials for - `iprop/master' directly. - (main): use `krb5_read_message' - -Sun Mar 1 02:05:11 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * kadmin/kadmin.c: Cleanup commands list, and add help strings. - - * kadmin/get.c: Add long, short, and terse (equivalent to `list') - output formats. Short is the default. - - * kadmin/util.c: Add `include_time' flag to timeval2str. - - * kadmin/init.c: Max-life and max-renew can, infact, be zero. - - * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'. - - * kadmin/util.c: Add function `foreach_principal', that loops over - all principals matching an expression. - - * kadmin/kadmin.c: Add usage string to `privileges'. - - * lib/kadm5/get_princs_s.c: Also try to match aganist the - expression appended with `@default-realm'. - - * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that - excludes the realm if it's the same as the default realm. - -Fri Feb 27 05:02:21 1998 Assar Westerlund <assar@sics.se> - - * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing - headers and functions error -> com_err - - (krb5_get_init_creds_keytab): use krb5_keytab_key_proc - - * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc' - global - - * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data' - - * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere. - -Fri Feb 27 04:49:24 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240. - This should be fixed the correct way. - - * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly - (send_diffs): compare versions correctly - (main): reorder handling of events - - * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion - -Thu Feb 26 02:22:35 1998 Assar Westerlund <assar@sics.se> - - * lib/kadm5/ipropd_{slave,master}.c: new files - - * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as - argument - - * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct - et_list *' - - * aux/make-proto.pl: Should work with perl4 - -Mon Feb 16 17:20:22 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via - {asn1,krb5}_err.h). - -Thu Feb 12 03:28:40 1998 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference - is larger than max_skew, return KRB5KRB_AP_ERR_SKEW - - * lib/kadm5/log.c (get_version): globalize - - * lib/kadm5/kadm5_locl.h: include <sys/file.h> - - * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY - - * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of - initializing local struct in declaration. - -Sat Jan 31 17:28:58 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/524.c: Use krb5_decode_EncTicketPart. - - * kdc/kerberos5.c: Check at runtime whether to use enctypes - instead of keytypes. If so use the same value to encrypt ticket, - and kdc-rep as well as `keytype' for session key. Fix some obvious - bugs with the handling of additional tickets. - - * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and - krb5_decode_Authenticator. - - * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart. - - * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart. - - * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption - type, and not a key type. Use krb5_encode_EncAPRepPart. - - * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO. - - * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart. - - * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart. - - * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart. - - * lib/krb5/build_auth.c: Use krb5_encode_Authenticator. - - * lib/krb5/codec.c: Enctype conversion stuff. - - * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running - setuid. Get configuration for libdefaults ktype_is_etype, and - default_etypes. - - * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename - krb5_convert_etype to krb5_decode_keytype, and add - krb5_decode_keyblock. - -Fri Jan 23 00:32:09 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype. - - * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts - from protocol keytypes (that really are enctypes) to internal - representation. - -Thu Jan 22 21:24:36 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information - on keys in the database; and also a new `pa-key-info' padata-type. - - * kdc/kerberos5.c: If pre-authentication fails, return a list of - keytypes, salttypes, and salts. - - * lib/krb5/init_creds_pw.c: Add better support for - pre-authentication, by looking at hints from the KDC. - - * lib/krb5/get_in_tkt.c: Add better support for specifying what - pre-authentication to use. - - * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and - KEYTYPE_DES_AFS3. - - * lib/krb5/krb5.h: Add pre-authentication structures. - - * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL. - -Wed Jan 21 06:20:40 1998 Assar Westerlund <assar@sics.se> - - * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize - `log_context.socket_name' and `log_context.socket_fd' - - * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram - to inform the possible running ipropd of an update. - -Wed Jan 21 01:34:09 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/get_in_tkt.c: Return error-packet to caller. - - * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error. - - * kdc/kerberos5.c: Add some support for using enctypes instead of - keytypes. - - * lib/krb5/get_cred.c: Fixes to send authorization-data to the - KDC. - - * lib/krb5/build_auth.c: Only generate local subkey if there is - none. - - * lib/krb5/krb5.h: Add krb5_authdata type. - - * lib/krb5/auth_context.c: Add - krb5_auth_con_set{,localsub,remotesub}key. - - * lib/krb5/init_creds_pw.c: Return some error if prompter - functions return failure. - -Wed Jan 21 01:16:13 1998 Assar Westerlund <assar@sics.se> - - * kpasswd/kpasswd.c: detect bad password. use krb5_err. - - * kadmin/util.c (edit_entry): remove unused variables - -Tue Jan 20 22:58:31 1998 Assar Westerlund <assar@sics.se> - - * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible. - - * lib/kadm5/kadm5_locl.h: add kadm5_log_context and - kadm5_log*-functions - - * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to - log - - * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to - log - - * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize - log_context - - * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to - log - - * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to - log - - * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to - log - - * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to - log - - * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log - - * lib/kadm5/replay_log.c: new file - - * lib/kadm5/dump_log.c: new file - - * lib/kadm5/log.c: new file - - * lib/krb5/str2key.c (get_str): initialize pad space to zero - - * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL - - * kpasswd/kpasswdd.c: rewritten to use the kadm5 API - - * kpasswd/Makefile.am: link with kadm5srv - - * kdc/kerberos5.c (tgs_rep): initialize `i' - - * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp - - * include/Makefile.am: added admin.h - -Sun Jan 18 01:41:34 1998 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes. - - * lib/krb5/mcache.c (mcc_store_cred): restore linked list if - copy_creds fails. - -Tue Jan 6 04:17:56 1998 Assar Westerlund <assar@sics.se> - - * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp} - - * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask. - - * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use - krb5_getportbyname - - * kadmin/kadmind.c (main): htons correctly. - moved kadm5_server_{recv,send} - - * kadmin/kadmin.c (main): only set admin_server if explicitly - given - -Mon Jan 5 23:34:44 1998 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/hdb/ndbm.c: Implement locking of database. - - * kdc/kerberos5.c: Process AuthorizationData. - -Sat Jan 3 22:07:07 1998 Johan Danielsson <joda@blubb.pdc.kth.se> - - * kdc/string2key.c: Use AFS string-to-key from libkrb5. - - * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case. - - * lib/krb5/krb5.h: Add value for AFS salts. - - * lib/krb5/str2key.c: Add support for AFS string-to-key. - - * lib/kadm5/rename_s.c: Use correct salt. - - * lib/kadm5/ent_setup.c: Always enable client. Only set max-life - and max-renew if != 0. - - * lib/krb5/config_file.c: Add context to all krb5_config_*get_*. - -Thu Dec 25 17:03:25 1997 Assar Westerlund <assar@sics.se> - - * kadmin/ank.c (ank): don't zero password if --random-key was - given. - -Tue Dec 23 01:56:45 1997 Assar Westerlund <assar@sics.se> - - * Release 0.0m - - * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client' - - * kadmin/util.c (edit_time): only set mask if != 0 - (edit_attributes): only set mask if != 0 - - * kadmin/init.c (init): create `default' - -Sun Dec 21 09:44:05 1997 Assar Westerlund <assar@sics.se> - - * kadmin/util.c (str2deltat, str2attr, get_deltat): return value - as pointer and have return value indicate success. - - (get_response): check NULL from fgets - - (edit_time, edit_attributes): new functions for reading values and - offering list of answers on '?' - - (edit_entry): use edit_time and edit_attributes - - * kadmin/ank.c (add_new_key): test the return value of - `krb5_parse_name' - - * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say - that the checksum has to be keyed, even though later drafts do. - Accept unkeyed checksums to be compatible with MIT. - - * kadmin/kadmin_locl.h: add some prototypes. - - * kadmin/util.c (edit_entry): return a value - - * appl/afsutil/afslog.c (main): return a exit code. - - * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes - - * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function. - - * lib/krb5/build_auth.c (krb5_build_authenticator): use - krb5_{free,copy}_keyblock instead of the _contents versions - -Fri Dec 12 14:20:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey - -Mon Dec 8 08:48:09 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid - -Sat Dec 6 10:09:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL - keyblock - -Sat Dec 6 08:26:10 1997 Assar Westerlund <assar@sics.se> - - * Release 0.0l - -Thu Dec 4 03:38:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/send_to_kdc.c: Add TCP client support. - - * lib/krb5/store.c: Add k_{put,get}_int. - - * kadmin/ank.c: Set initial kvno to 1. - - * kdc/connect.c: Send version 5 TCP-reply as length+data. - -Sat Nov 29 07:10:11 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug - - * kdc/kaserver.c (create_reply_ticket): use a random nonce in the - reply packet. - - * kdc/connect.c (init_sockets): less reallocing. - - * **/*.c: changed `struct fd_set' to `fd_set' - -Sat Nov 29 05:12:01 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/get_default_principal.c: More guessing. - -Thu Nov 20 02:55:09 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/rd_req.c: Use principal from ticket if no server is - given. - -Tue Nov 18 02:58:02 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kuser/klist.c: Use krb5_err*(). - -Sun Nov 16 11:57:43 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge' - commands. - -Sun Nov 16 02:52:20 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct - `enctype' - - * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype' - if set. - - * lib/krb5/get_cred.c: handle the case of a specific keytype - - * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a - parameter instead of guessing it. - - * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter - `enctype' - - * appl/test/common.c (common_setup): don't use `optarg' - - * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function - (krb5_kt_get_entry): retrieve the latest version if kvno == 0 - - * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE - - * lib/krb5/creds.c (krb5_compare_creds): check for - KRB5_TC_MATCH_KEYTYPE - - * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove - unused variable - - * lib/krb5/creds.c (krb5_copy_creds_contents): only free the - contents if we fail. - -Sun Nov 16 00:32:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kpasswd/kpasswdd.c: Get password expiration time from config - file. - - * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size. - -Wed Nov 12 02:35:57 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): - restructured and fixed. - - * lib/krb5/addr_families.c (krb5_h_addr2addr): new function. - -Wed Nov 12 01:36:01 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other - methods fail. - -Tue Nov 11 22:22:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kadmin/kadmin.c: Add `-l' flag to use local database. - - * lib/kadm5/acl.c: Use KADM5_PRIV_ALL. - - * lib/kadm5: Use function pointer trampoline for easier dual use - (without radiation-hardening capability). - -Tue Nov 11 05:15:22 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/encrypt.c (krb5_etype_valid): new function - - * lib/krb5/creds.c (krb5_copy_creds_contents): zero target - - * lib/krb5/context.c (valid_etype): remove - - * lib/krb5/checksum.c: remove dead code - - * lib/krb5/changepw.c (send_request): free memory on error. - - * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value - from malloc. - - * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on - failure correctly. - (krb5_auth_con_setaddrs_from_fd): return error correctly. - - * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files - -Tue Nov 11 02:53:19 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/auth_context.c: Implement auth_con_setuserkey. - - * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey. - - * lib/krb5/keyblock.c: Rename krb5_free_keyblock to - krb5_free_keyblock_contents, and reimplement krb5_free_keyblock. - - * lib/krb5/rd_req.c: Use auth_context->keyblock if - ap_options.use_session_key. - -Tue Nov 11 02:35:17 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'. - fix callers. - - * lib/krb5/krb5_locl.h: include <asn1.h> and <der.h> - - * include/Makefile.am: add xdbm.h - -Tue Nov 11 01:58:22 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc. - -Mon Nov 10 22:41:53 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/ticket.c: Implement copy_ticket. - - * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible. - - * lib/krb5/data.c: Implement free_data and copy_data. - -Sun Nov 9 02:17:27 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals. - - * kadmin/kadmin.c: Add get_privileges function. - - * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with - specification. - - * kdc/connect.c: Exit if no sockets could be bound. - - * kadmin/kadmind.c: Check return value from krb5_net_read(). - - * lib/kadm5,kadmin: Fix memory leaks. - -Fri Nov 7 02:45:26 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/kadm5/create_s.c: Get some default values from `default' - principal. - - * lib/kadm5/ent_setup.c: Add optional default entry to get some - values from. - -Thu Nov 6 00:20:41 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/error/compile_et.awk: Remove generated destroy_*_error_table - prototype - - * kadmin/kadmind.c: Crude admin server. - - * kadmin/kadmin.c: Update to use remote protocol. - - * kadmin/get.c: Fix principal formatting. - - * lib/kadm5: Add client support. - - * lib/kadm5/error.c: Error code mapping. - - * lib/kadm5/server.c: Kadmind support function. - - * lib/kadm5/marshall.c: Kadm5 marshalling. - - * lib/kadm5/acl.c: Simple acl system. - - * lib/kadm5/kadm5_locl.h: Add client stuff. - - * lib/kadm5/init_s.c: Initialize acl. - - * lib/kadm5/*: Return values. - - * lib/kadm5/create_s.c: Correct kvno. - -Wed Nov 5 22:06:50 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/log.c: Fix parsing of log destinations. - -Mon Nov 3 20:33:55 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/principal.c: Reduce number of reallocs in unparse_name. - -Sat Nov 1 01:40:53 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kadmin: Simple kadmin utility. - - * admin/ktutil.c: Print keytype. - - * lib/kadm5/get_s.c: Set correct n_key_data. - - * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use - master key. - - * lib/kadm5/destroy_s.c: Check for allocated context. - - * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys(). - -Sat Nov 1 00:21:00 1997 Assar Westerlund <assar@sics.se> - - * configure.in: test for readv, writev - -Wed Oct 29 23:41:26 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/warn.c (_warnerr): handle the case of an illegal error - code - - * kdc/kerberos5.c (encode_reply): return success - -Wed Oct 29 18:01:59 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kerberos5.c (find_etype) Return correct index of selected - etype. - -Wed Oct 29 04:07:06 1997 Assar Westerlund <assar@sics.se> - - * Release 0.0k - - * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG' - environment variable - - * *: use the roken_get*-macros from roken.h for the benefit of - Crays. - - * configure.in: add --{enable,disable}-otp. check for compatible - prototypes for gethostbyname, gethostbyaddr, getservbyname, and - openlog (they have strange prototypes on Crays) - - * acinclude.m4: new macro `AC_PROTO_COMPAT' - -Tue Oct 28 00:11:22 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/connect.c: Log bad requests. - - * kdc/kerberos5.c: Move stuff that's in common between as_rep and - tgs_rep to separate functions. - - * kdc/kerberos5.c: Fix user-to-user authentication. - - * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials: - - add a kdc-options argument to krb5_get_credentials, and rename - it to krb5_get_credentials_with_flags - - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options - - add some more user-to-user glue - - * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new - function, krb5_decrypt_ticket, so it is easier to decrypt and - check a ticket without having an ap-req. - - * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER - flags. - - * lib/krb5/crc.c (crc_init_table): Check if table is already - inited. - -Sun Oct 26 04:51:02 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case - indefinite encoding. - - * lib/asn1/gen_glue.c (generate_units): Check for empty - member-list. - -Sat Oct 25 07:24:57 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/error/compile_et.awk: Allow specifying table-base. - -Tue Oct 21 20:21:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kerberos5.c: Check version number of krbtgt. - -Mon Oct 20 01:14:53 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the - case of unhidden prompts. - - * lib/krb5/str2key.c (string_to_key_internal): return error - instead of aborting. always free memory - - * admin/ktutil.c: add `help' command - - * admin/kdb_edit.c: implement new commands: add_random_key(ark), - change_password(cpw), change_random_key(crk) - -Thu Oct 16 05:16:36 1997 Assar Westerlund <assar@sics.se> - - * kpasswd/kpasswdd.c: change all the keys in the database - - * kdc: removed all unsealing, now done by the hdb layer - - * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key' - and `hdb_clear_master_key' - - * admin/misc.c: removed - -Wed Oct 15 22:47:31 1997 Assar Westerlund <assar@sics.se> - - * kuser/klist.c: print year as YYYY iff verbose - -Wed Oct 15 20:02:13 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kuser/klist.c: print etype from ticket - -Mon Oct 13 17:18:57 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * Release 0.0j - - * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be - used to decrypt the reply from DCE secds. - - * lib/krb5/auth_context.c: Add {get,set}enctype. - - * lib/krb5/get_cred.c: Fix for DCE secd. - - * lib/krb5/store.c: Store keytype twice, as MIT does. - - * lib/krb5/get_in_tkt.c: Use etype from reply. - -Fri Oct 10 00:39:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/connect.c: check for leading '/' in http request - -Tue Sep 30 21:50:18 1997 Assar Westerlund <assar@assaris.pdc.kth.se> - - * Release 0.0i - -Mon Sep 29 15:58:43 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know - the kvno or keytype before receiving the AP-REQ - - * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to - use from the keytype. - - * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what - cksumtype to use from the keytype. - - * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use - from the keytype. - - * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out - what etype to use from the keytype. - - * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): - handle other key types than DES - - * lib/krb5/encrypt.c (key_type): add `best_cksumtype' - (krb5_keytype_to_cksumtype): new function - - * lib/krb5/build_auth.c (krb5_build_authenticator): figure out - what etype to use from the keytype. - - * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype' - and `enctype' to 0 - - * admin/extkeytab.c (ext_keytab): extract all keys - - * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge - - * configure.in: check for <netinet6/in6.h>. check for -linet6 - -Tue Sep 23 03:00:53 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1 - - * lib/krb5/rd_safe.c: fix check for keyed and collision-proof - checksum - - * lib/krb5/context.c (valid_etype): remove hard-coded constants - (default_etypes): include DES3 - - * kdc/kerberos5.c: fix check for keyed and collision-proof - checksum - - * admin/util.c (init_des_key, set_password): DES3 keys also - - * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means - no contact? - - * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr' - -Mon Sep 22 11:44:27 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by - the client is used to select wich key to encrypt the kdc rep with - (in case of as-req), and with the server info to select the - session key type. The server key the ticket is encrypted is based - purely on the keys in the database. - - * kdc/string2key.c: Add keytype support. Default to version 5 - keys. - - * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse. - - * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add - many *_to_* functions. - - * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument - to krb5_string_to_key(). - - * lib/krb5/checksum.c: Some cleanup, and added: - - rsa-md5-des3 - - hmac-sha1-des3 - - keyed and collision proof flags to each checksum method - - checksum<->string functions. - - * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock. - -Sun Sep 21 15:19:23 1997 Assar Westerlund <assar@sics.se> - - * kdc/connect.c: use new addr_families functions - - * kpasswd/kpasswdd.c: use new addr_families functions. Now works - over IPv6 - - * kuser/klist.c: use correct symbols for address families - - * lib/krb5/sock_principal.c: use new addr_families functions - - * lib/krb5/send_to_kdc.c: use new addr_families functions - - * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6 - - * lib/krb5/get_addrs.c: use new addr_families functions - - * lib/krb5/changepw.c: use new addr_families functions. Now works - over IPv6 - - * lib/krb5/auth_context.c: use new addr_families functions - - * lib/krb5/addr_families.c: new file - - * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated - uses. - - * acinclude.m4: new macro `AC_KRB_IPV6'. Use it. - -Sat Sep 13 23:04:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable - principals. - -Sat Sep 13 00:59:36 1997 Assar Westerlund <assar@sics.se> - - * Release 0.0h - - * appl/telnet/telnet/commands.c: AF_INET6 support - - * admin/misc.c: new file - - * lib/krb5/context.c: new configuration variable `max_retries' - - * lib/krb5/get_addrs.c: fixes and better #ifdef's - - * lib/krb5/config_file.c: implement krb5_config_get_int - - * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c: - AF_INET6 support - - * kuser/klist.c: support for printing IPv6-addresses - - * kdc/connect.c: support AF_INET6 - - * configure.in: test for gethostbyname2 and struct sockaddr_in6 - -Thu Sep 11 07:25:28 1997 Assar Westerlund <assar@sics.se> - - * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF - PA-DATA' - -Wed Sep 10 21:20:17 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kerberos5.c: Fixes for cross-realm, including (but not - limited to): - - allow client to be non-existant (should probably check for - "local realm") - - if server isn't found and it is a request for a krbtgt, try to - find a realm on the way to the requested realm - - update the transited encoding iff - client-realm != server-realm != tgt-realm - - * lib/krb5/get_cred.c: Several fixes for cross-realm. - -Tue Sep 9 15:59:20 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/string2key.c: Fix password handling. - - * lib/krb5/encrypt.c: krb5_key_to_string - -Tue Sep 9 07:46:05 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_addrs.c: rewrote. Now should be able to handle - aliases and IPv6 addresses - - * kuser/klist.c: try printing IPv6 addresses - - * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192 - - * configure.in: check for <netinet/in6_var.h> - -Mon Sep 8 02:57:14 1997 Assar Westerlund <assar@sics.se> - - * doc: fixes - - * admin/util.c (init_des_key): increase kvno - (set_password): return -1 if `des_read_pw_string' failed - - * admin/mod.c (doit2): check the return value from `set_password' - - * admin/ank.c (doit): don't add a new entry if `set_password' - failed - -Mon Sep 8 02:20:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/verify_init.c: fix ap_req_nofail semantics - - * lib/krb5/transited.c: something that might resemble - domain-x500-compress - -Mon Sep 8 01:24:42 1997 Assar Westerlund <assar@sics.se> - - * kdc/hpropd.c (main): check number of arguments - - * appl/popper/pop_init.c (pop_init): check number of arguments - - * kpasswd/kpasswd.c (main): check number of arguments - - * kdc/string2key.c (main): check number of arguments - - * kuser/kdestroy.c (main): check number of arguments - - * kuser/kinit.c (main): check number of arguments - - * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to - break out of select when a signal arrives - - * kdc/main.c (main): use sigaction without SA_RESTART to break out - of select when a signal arrives - - * kdc/kstash.c: default to HDB_DB_DIR "/m-key" - - * kdc/config.c (configure): add `--version'. Check the number of - arguments. Handle the case of there being no specification of port - numbers. - - * admin/util.c: seal and unseal key at appropriate places - - * admin/kdb_edit.c (main): parse arguments, config file and read - master key iff there's one. - - * admin/extkeytab.c (ext_keytab): unseal key while extracting - -Sun Sep 7 20:41:01 1997 Assar Westerlund <assar@sics.se> - - * lib/roken/roken.h: include <fcntl.h> - - * kdc/kerberos5.c (set_salt_padata): new function - - * appl/telnet/telnetd/telnetd.c: Rename some variables that - conflict with cpp symbols on HP-UX 10.20 - - * change all calls of `gethostbyaddr' to cast argument 1 to `const - char *' - - * acconfig.h: only use SGTTY on nextstep - -Sun Sep 7 14:33:50 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kerberos5.c: Check invalid flag. - -Fri Sep 5 14:19:38 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds. - - * lib/kafs: Move functions common to krb/krb5 modules to new file, - and make things more modular. - - * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST - -> krb5_config_list - -Thu Sep 4 23:39:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/get_addrs.c: Fix loopback test. - -Thu Sep 4 04:45:49 1997 Assar Westerlund <assar@sics.se> - - * lib/roken/roken.h: fallback definition of `O_ACCMODE' - - * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when - checking for a v4 reply - -Wed Sep 3 18:20:14 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags. - - * lib/hdb/hdb.c: new {seal,unseal}_keys functions - - * kdc/{hprop,hpropd}.c: Add support to dump database to stdout. - - * kdc/hprop.c: Don't use same master key as version 4. - - * admin/util.c: Don't dump core if no `default' is found. - -Wed Sep 3 16:01:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * kdc/connect.c: Allow run time port specification. - - * kdc/config.c: Add flags for http support, and port - specifications. - -Tue Sep 2 02:00:03 1997 Assar Westerlund <assar@sics.se> - - * include/bits.c: Don't generate ifndef's in bits.h. Instead, use - them when building the program. This makes it possible to include - bits.h without having defined all HAVE_INT17_T symbols. - - * configure.in: test for sigaction - - * doc: updated documentation. - -Tue Sep 2 00:20:31 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * Release 0.0g - -Mon Sep 1 17:42:14 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/data.c: don't return ENOMEM if len == 0 - -Sun Aug 31 17:15:49 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/hdb/hdb.asn1: Include salt type in salt. - - * kdc/hprop.h: Change port to 754. - - * kdc/hpropd.c: Verify who tries to transmit a database. - - * appl/popper: Use getarg and krb5_log. - - * lib/krb5/get_port.c: Add context parameter. Now takes port in - host byte order. - -Sat Aug 30 18:48:19 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/connect.c: Add timeout to select, and log about expired tcp - connections. - - * kdc/config.c: Add `database' option. - - * kdc/hpropd.c: Log about duplicate entries. - - * lib/hdb/{db,ndbm}.c: Use common routines. - - * lib/hdb/common.c: Implement more generic fetch/store/delete - functions. - - * lib/hdb/hdb.h: Add `replace' parameter to store. - - * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor - entries. - -Fri Aug 29 03:13:23 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket - - * aux/make-proto.pl: fix __P for stone age mode - -Fri Aug 29 02:45:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/45/mk_req.c: implementation of krb_mk_req that uses 524 - protocol - - * lib/krb5/init_creds_pw.c: make change_password and - get_init_creds_common static - - * lib/krb5/krb5.h: Merge stuff from removed headerfiles. - - * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops - - * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops - -Fri Aug 29 01:45:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/krb5.h: Remove all prototypes. - - * lib/krb5/convert_creds.c: Use `struct credentials' instead of - `CREDENTIALS'. - -Fri Aug 29 00:08:18 1997 Assar Westerlund <assar@sics.se> - - * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions - and units for bit strings. - - * admin/util.c: flags2int, int2flags, and flag_units are now - generated by asn1_compile - - * lib/roken/parse_units.c: generalised `parse_units' and - `unparse_units' and added new functions `parse_flags' and - `unparse_flags' that use these - - * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h - - * admin/util.c: Use {un,}parse_flags for printing and parsing - hdbflags. - -Thu Aug 28 03:26:12 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_addrs.c: restructured - - * lib/krb5/warn.c (_warnerr): leak less memory - - * lib/hdb/hdb.c (hdb_free_entry): zero keys - (hdb_check_db_format): leak less memory - - * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement - NDBM__get, NDBM__put - - * lib/hdb/db.c (DB_seq): check for valid hdb_entries - -Thu Aug 28 02:06:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets. - -Thu Aug 28 01:13:17 1997 Assar Westerlund <assar@sics.se> - - * kuser/kinit.1, klist.1, kdestroy.1: new man pages - - * kpasswd/kpasswd.1, kpasswdd.8: new man pages - - * kdc/kstash.8, hprop.8, hpropd.8: new man pages - - * admin/ktutil.8, admin/kdb_edit.8: new man pages - - * admin/mod.c: new file - - * admin/life.c: renamed gettime and puttime to getlife and putlife - and moved them to life.c - - * admin/util.c: add print_flags, parse_flags, init_entry, - set_created_by, set_modified_by, edit_entry, set_password. Use - them. - - * admin/get.c: use print_flags - - * admin: removed unused stuff. use krb5_{warn,err}* - - * admin/ank.c: re-organized and abstracted. - - * admin/gettime.c: removed - -Thu Aug 28 00:37:39 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply. - - * lib/roken/base64.c: Add base64 functions. - - * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support. - -Wed Aug 27 00:29:20 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * include/Makefile.am: Don't make links to built files. - - * admin/kdb_edit.c: Add command to set the database path. - - * lib/hdb: Include version number in database. - -Tue Aug 26 20:14:54 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * admin/ktutil: Merged v4 srvtab conversion. - -Mon Aug 25 23:02:18 1997 Assar Westerlund <assar@sics.se> - - * lib/roken/roken.h: add F_OK - - * lib/gssapi/acquire_creds.c: fix typo - - * configure.in: call AC_TYPE_MODE_T - - * acinclude.m4: Add AC_TYPE_MODE_T - -Sun Aug 24 16:46:53 1997 Assar Westerlund <assar@sics.se> - - * Release 0.0f - -Sun Aug 24 08:06:54 1997 Assar Westerlund <assar@sics.se> - - * appl/popper/pop_pass.c: log poppers - - * kdc/kaserver.c: some more checks - - * kpasswd/kpasswd.c: removed `-p' - - * kuser/kinit.c: removed `-p' - - * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If - KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again. - - * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out - krb-error text - - * lib/gssapi/import_name.c (input_name): more names types. - - * admin/load.c (parse_keys): handle the case of an empty salt - - * kdc/kaserver.c: fix up memory deallocation - - * kdc/kaserver.c: quick hack at talking kaserver protocol - - * kdc/kerberos4.c: Make `db-fetch4' global - - * configure.in: add --enable-kaserver - - * kdc/rx.h, kdc/kerberos4.h: new header files - - * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o - -Sun Aug 24 03:52:44 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific - type conflicts. - - * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits. - - * lib/des/{md4,md5,sha}.c: Now works on Crays. - -Sat Aug 23 18:15:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * appl/afsutil/afslog.c: If no cells or files specified, get - tokens for all local cells. Better test for files. - -Thu Aug 21 23:33:38 1997 Assar Westerlund <assar@sics.se> - - * lib/gssapi/v1.c: new file with v1 compatibility functions. - -Thu Aug 21 20:36:13 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket. - - * kdc/kerberos4.c: Check database when converting v4 principals. - - * kdc/kerberos5.c: Include kvno in Ticket. - - * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData. - - * kuser/klist.c: Print version number of ticket, include more - flags. - -Wed Aug 20 21:26:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for - expiration. - -Wed Aug 20 17:40:31 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff - there's an error. - - * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol - documentation and process KRB-ERROR's - -Tue Aug 19 20:41:30 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kerberos4.c: Fix memory leak in v4 protocol handler. - -Mon Aug 18 05:15:09 1997 Assar Westerlund <assar@sics.se> - - * lib/gssapi/accept_sec_context.c: Added - `gsskrb5_register_acceptor_identity' - -Sun Aug 17 01:40:20 1997 Assar Westerlund <assar@sics.se> - - * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't - always pass server == NULL to krb5_rd_req. - - * lib/gssapi: new files: canonicalize_name.c export_name.c - context_time.c compare_name.c release_cred.c acquire_cred.c - inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au> - - * lib/krb5/config_file.c: Add netinfo support from Luke Howard - <lukeh@xedoc.com.au> - - * lib/editline/sysunix.c: sgtty-support from Luke Howard - <lukeh@xedoc.com.au> - - * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke - Howard <lukeh@xedoc.com.au> - -Sat Aug 16 00:44:47 1997 Assar Westerlund <assar@koi.pdc.kth.se> - - * Release 0.0e - -Sat Aug 16 00:23:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * appl/afsutil/afslog.c: Use new libkafs. - - * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol. - - * lib/krb5/warn.c: Fix format string for *x type. - -Fri Aug 15 22:15:01 1997 Assar Westerlund <assar@sics.se> - - * admin/get.c (get_entry): print more information about the entry - - * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed - - * lib/krb5/config_file.c: new functions `krb5_config_get_time' and - `krb5_config_vget_time'. Use them. - -Fri Aug 15 00:09:37 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * admin/ktutil.c: Keytab manipulation program. - - * lib/krb5/keytab.c: Return sane values from resolve and - start_seq_get. - - * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'. - - * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using - krb524_convert_creds_kdc. - - * lib/krb5/convert_creds.c: Implementation of - krb524_convert_creds_kdc. - - * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL - - * kdc/524.c: A somewhat working 524-protocol module. - - * kdc/kerberos4.c: Add version 4 ticket encoding and encryption - functions. - - * lib/krb5/context.c: Fix kdc_timeout. - - * lib/hdb/{ndbm,db}.c: Free name in close. - - * kdc/kerberos5.c (tgs_check_autenticator): Return error code - -Thu Aug 14 21:29:03 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply. - - * lib/krb5/store_emem.c: Fix reallocation bug. - -Tue Aug 12 01:29:46 1997 Assar Westerlund <assar@sics.se> - - * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use - `krb5_sock_to_principal'. Send server parameter to - krb5_rd_req/krb5_recvauth. Set addresses in auth_context. - - * lib/krb5/recvauth.c: Set addresses in auth_context if there - aren't any - - * lib/krb5/auth_context.c: New function - `krb5_auth_con_setaddrs_from_fd' - - * lib/krb5/sock_principal.c: new function - `krb5_sock_to_principal' - - * lib/krb5/time.c: new file with `krb5_timeofday' and - `krb5_us_timeofday'. Use these functions. - - * kuser/klist.c: print KDC offset iff verbose - - * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if - [libdefaults]kdc_timesync is set. - - * lib/krb5/fcache.c: Implement version 4 of the ccache format. - -Mon Aug 11 05:34:43 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory - - * lib/krb5/principal.c (krb5_unparse_name): allocate memory - properly - - * kpasswd/kpasswd.c: Use `krb5_change_password' - - * lib/krb5/init_creds_pw.c (init_cred): set realm of server - correctly. - - * lib/krb5/init_creds_pw.c: support changing of password when it - has expired - - * lib/krb5/changepw.c: new file - - * kuser/klist.c: use getarg - - * admin/init.c (init): add `kadmin/changepw' - -Mon Aug 11 04:30:47 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/get_cred.c: Make get_credentials handle cross-realm. - -Mon Aug 11 00:03:24 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/config_file.c: implement support for #-comments - -Sat Aug 9 02:21:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/hprop*.c: Add database propagation programs. - - * kdc/connect.c: Max request size. - -Sat Aug 9 00:47:28 1997 Assar Westerlund <assar@sics.se> - - * lib/otp: resurrected from krb4 - - * appl/push: new program for fetching mail with POP. - - * appl/popper/popper.h: new include files. new fields in `POP' - - * appl/popper/pop_pass.c: Implement both v4 and v5. - - * appl/popper/pop_init.c: Implement both v4 and v5. - - * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5 - - * appl/popper: Popper from krb4. - - * configure.in: check for inline and <netinet/tcp.h> generate - files in appl/popper, appl/push, and lib/otp - -Fri Aug 8 05:51:02 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_cred.c: clean-up and try to free memory even when - there're errors - - * lib/krb5/get_cred.c: adapt to new `extract_ticket' - - * lib/krb5/get_in_tkt.c: reorganize. check everything and try to - return memory even if there are errors. - - * kuser/kverify.c: new file - - * lib/krb5/free_host_realm.c: new file - - * lib/krb5/principal.c (krb5_sname_to_principal): implement - different nametypes. Also free memory. - - * lib/krb5/verify_init.c: more functionality - - * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum - - * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the - principals in creds. Should also compare them with that received - from the KDC - - * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated - krb5_ccache - (krb5_cc_destroy): call krb5_cc_close - (krb5_cc_retrieve_cred): delete the unused creds - -Fri Aug 8 02:30:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/log.c: Allow better control of destinations of logging - (like passing explicit destinations, and log-functions). - -Fri Aug 8 01:20:39 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_default_principal.c: new file - - * kpasswd/kpasswdd.c: use krb5_log* - -Fri Aug 8 00:37:47 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab. - -Fri Aug 8 00:37:17 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'. - Print password expire information. - - * kdc/config.c: new variable `kdc_warn_pwexpire' - - * kpasswd/kpasswd.c: converted to getarg and get_init_creds - -Thu Aug 7 22:17:09 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/mcache.c: new file - - * admin/gettime.c: new function puttime. Use it. - - * lib/krb5/keyblock.c: Added krb5_free_keyblock and - krb5_copy_keyblock - - * lib/krb5/init_creds_pw.c: more functionality - - * lib/krb5/creds.c: Added krb5_free_creds_contents and - krb5_copy_creds. Changed callers. - - * lib/krb5/config_file.c: new functions krb5_config_get and - krb5_config_vget - - * lib/krb5/cache.c: cleanup added mcache - - * kdc/kerberos5.c: include last-req's of type 6 and 7, if - applicable - -Wed Aug 6 20:38:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'. - -Tue Aug 5 22:53:54 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c, - prompter_posix.c: the beginning of an implementation of the cygnus - initial-ticket API. - - * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global - - * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is - almost krb5_get_in_tkt but doesn't write the creds to the ccache. - Small fixes in krb5_get_in_tkt - - * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include - loopback. - -Mon Aug 4 20:20:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc: Make context global. - -Fri Aug 1 17:23:56 1997 Assar Westerlund <assar@sics.se> - - * Release 0.0d - - * lib/roken/flock.c: new file - - * kuser/kinit.c: check for and print expiry information in the - `kdc_rep' - - * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL - - * kdc/kerberos5.c: Check the valid times on client and server. - Check the password expiration. - Check the require_preauth flag. - Send an lr_type == 6 with pw_end. - Set key.expiration to min(valid_end, pw_end) - - * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw' - - * admin/util.c, admin/load.c: handle the new flags. - -Fri Aug 1 16:56:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/hdb: Add some simple locking. - -Sun Jul 27 04:44:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/log.c: Add some general logging functions. - - * kdc/kerberos4.c: Add version 4 protocol handler. The requrement - for this to work is that all involved principals has a des key in - the database, and that the client has a version 4 (un-)salted - key. Furthermore krb5_425_conv_principal has to do it's job, as - present it's not very clever. - - * lib/krb5/principal.c: Quick patch to make 425_conv work - somewhat. - - * lib/hdb/hdb.c: Add keytype->key and next key functions. - -Fri Jul 25 17:32:12 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/build_auth.c (krb5_build_authenticator): don't free - `cksum'. It's allocated and freed by the caller - - * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'. - - * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined - `client' to return as part of the KRB-ERROR - -Thu Jul 24 08:13:59 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kerberos5.c: Unseal keys from database before use. - - * kdc/misc.c: New functions set_master_key, unseal_key and - free_key. - - * lib/roken/getarg.c: Handle `-f arg' correctly. - -Thu Jul 24 01:54:43 1997 Assar Westerlund <assar@sics.se> - - * kuser/kinit.c: implement `-l' aka `--lifetime' - - * lib/roken/parse_units.c, parse_time.c: new files - - * admin/gettime.c (gettime): use `parse_time' - - * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending - KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA. - - * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set - addresses in auth_context bind one socket per interface. - - * kpasswd/kpasswd.c: use sequence numbers - - * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying - the timestamps - - * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key - from auth_context - - * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key - from auth_context - - * lib/krb5/mk_error.c (krb5_mk_error): return an error number and - not a comerr'd number. - - * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error - number in KRB-ERROR correctly. - - * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error - number in KRB-ERROR correctly. - - * lib/asn1/k5.asn1: Add `METHOD-DATA' - - * removed some memory leaks. - -Wed Jul 23 07:53:18 1997 Assar Westerlund <assar@sics.se> - - * Release 0.0c - - * lib/krb5/rd_cred.c, get_for_creds.c: new files - - * lib/krb5/get_host_realm.c: try default realm as last chance - - * kpasswd/kpasswdd.c: updated to hdb changes - - * appl/telnet/libtelnet/kerberos5.c: Implement forwarding - - * appl/telnet/libtelnet: removed totally unused files - - * admin/ank.c: fix prompts and generation of random keys - -Wed Jul 23 04:02:32 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * admin/dump.c: Include salt in dump. - - * admin: Mostly updated for new db-format. - - * kdc/kerberos5.c: Update to use new db format. Better checking of - flags and such. More logging. - - * lib/hdb/hdb.c: Use generated encode and decode functions. - - * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code. - - * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none - in the reply. - -Sun Jul 20 16:22:30 1997 Assar Westerlund <assar@sics.se> - - * kuser/kinit.c: break if des_read_pw_string() != 0 - - * kpasswd/kpasswdd.c: send a reply - - * kpasswd/kpasswd.c: restructured code. better report on - krb-error break if des_read_pw_string() != 0 - - * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for - starttime and renew_till - - * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a - keyblock to krb5_verify_chekcsum - -Sun Jul 20 06:35:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * Release 0.0b - - * kpasswd/kpasswd.c: Avoid using non-standard struct names. - -Sat Jul 19 19:26:23 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/keytab.c (krb5_kt_get_entry): check return from - `krb5_kt_start_seq_get'. From <map@stacken.kth.se> - -Sat Jul 19 04:07:39 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/asn1/k5.asn1: Update with more pa-data types from - draft-ietf-cat-kerberos-revisions-00.txt - - * admin/load.c: Update to match current db-format. - - * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving - up. Send back an empty pa-data if the client has the v4 flag set. - - * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted - pa-data. DTRT if there is any pa-data in the reply. - - * lib/krb5/str2key.c: XOR with some sane value. - - * lib/hdb/hdb.h: Add `version 4 salted key' flag. - - * kuser/kinit.c: Ask for password before calling get_in_tkt. This - makes it possible to call key_proc more than once. - - * kdc/string2key.c: Add flags to output version 5 (DES only), - version 4, and AFS string-to-key of a password. - - * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or - ENOMEM). - -Fri Jul 18 02:54:58 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the - name2name thing - - * kdc/misc.c: check result of hdb_open - - * admin/kdb_edit: updated to new sl - - * lib/sl: sl_func now returns an int. != 0 means to exit. - - * kpasswd/kpasswdd: A crude (but somewhat working) implementation - of `draft-ietf-cat-kerb-chg-password-00.txt' - -Fri Jul 18 00:55:39 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * kuser/krenew.c: Crude ticket renewing program. - - * kdc/kerberos5.c: Rewritten flags parsing, it now might work to - get forwarded and renewed tickets. - - * kuser/kinit.c: Add `-r' flag. - - * lib/krb5/get_cred.c: Move most of contents of get_creds to new - function get_kdc_cred, that always contacts the kdc and doesn't - save in the cache. This is a hack. - - * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request - (a bit kludgy). - - * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in. - - * lib/krb5/send_to_kdc.c: Get timeout from context. - - * lib/krb5/context.c: Add kdc_timeout to context struct. - -Thu Jul 17 20:35:45 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * kuser/klist.c: Print start time of ticket if available. - - * lib/krb5/get_host_realm.c: Return error if no realm was found. - -Thu Jul 17 20:28:21 1997 Assar Westerlund <assar@sics.se> - - * kpasswd: non-working kpasswd added - -Thu Jul 17 00:21:22 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * Release 0.0a - - * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement. - -Wed Jul 16 03:37:41 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req. - - * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote - subkey. - - * lib/krb5/principal.c (krb5_free_principal): Check for NULL. - - * lib/krb5/send_to_kdc.c: Check for NULL return from - gethostbyname. - - * lib/krb5/set_default_realm.c: Try to get realm of local host if - no default realm is available. - - * Remove non ASN.1 principal code. - -Wed Jul 16 03:17:30 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better - error handing. Do some logging. - - * kdc/log.c: Some simple logging facilities. - - * kdc/misc.c (db_fetch): Take a krb5_principal. - - * kdc/connect.c: Pass address of request to as_rep and - tgs_rep. Send KRB-ERROR. - - * lib/krb5/mk_error.c: Add more fields. - - * lib/krb5/get_cred.c: Print normal error code if no e_text is - available. - -Wed Jul 16 03:07:50 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'. - Change encryption type of pa_enc_timestamp to DES-CBC-MD5 - - * lib/krb5/context.c: recognize all encryption types actually - implemented - - * lib/krb5/auth_context.c (krb5_auth_con_init): Change default - encryption type to `DES_CBC_MD5' - - * lib/krb5/read_message.c, write_message.c: new files - -Tue Jul 15 17:14:21 1997 Assar Westerlund <assar@sics.se> - - * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'. - - * lib/error/compile_et.awk: generate a prototype for the - `destroy_foo_error_table' function. - -Mon Jul 14 12:24:40 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also - with `kerberos.REALM' - - * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use - `max_skew' - - * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator - subkey - - * lib/krb5/build_auth.c (krb5_build_authenticator): always - generate a subkey. - - * lib/krb5/address.c: implement `krb5_address_order' - - * lib/gssapi/import_name.c: Implement `gss_import_name' - - * lib/gssapi/external.c: Use new OID - - * lib/gssapi/encapsulate.c: New functions - `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed - callers. - - * lib/gssapi/decapsulate.c: New function - `gssaspi_krb5_verify_header'. Changed callers. - - * lib/asn1/gen*.c: Give tags to generated structs. - Use `err' and `asprintf' - - * appl/test/gss_common.c: new file - - * appl/test/gssapi_server.c: removed all krb5 calls - - * appl/telnet/libtelnet/kerberos5.c: Add support for genering and - verifying checksums. Also start using session subkeys. - -Mon Jul 14 12:08:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up. - -Sun Jul 13 03:07:44 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT - - * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and - `DES_encrypt_key_ivec' - - * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des - - * kdc/kerberos5.c (tgs_rep): support keyed checksums - - * lib/krb5/creds.c: new file - - * lib/krb5/get_in_tkt.c: better freeing - - * lib/krb5/context.c (krb5_free_context): more freeing - - * lib/krb5/config_file.c: New function `krb5_config_file_free' - - * lib/error/compile_et.awk: Generate a `destroy_' function. - - * kuser/kinit.c, klist.c: Don't leak memory. - -Sun Jul 13 02:46:27 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * kdc/connect.c: Check filedescriptor in select. - - * kdc/kerberos5.c: Remove most of the most common memory leaks. - - * lib/krb5/rd_req.c: Free allocated data. - - * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of - fields. - -Sun Jul 13 00:32:16 1997 Assar Westerlund <assar@sics.se> - - * appl/telnet: Conditionalize the krb4-support. - - * configure.in: Test for krb4 - -Sat Jul 12 17:14:12 1997 Assar Westerlund <assar@sics.se> - - * kdc/kerberos5.c: check if the pre-auth was decrypted properly. - set the `pre_authent' flag - - * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce. - - * lib/krb5/encrypt.c: Made `generate_random_block' global. - - * appl/test: Added gssapi_client and gssapi_server. - - * lib/krb5/data.c: Add `krb5_data_zero' - - * appl/test/tcp_client.c: try `mk_safe' and `mk_priv' - - * appl/test/tcp_server.c: try `rd_safe' and `rd_priv' - -Sat Jul 12 16:45:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but - returns zero length from SIOCGIFCONF. - -Sat Jul 12 16:38:34 1997 Assar Westerlund <assar@sics.se> - - * appl/test: new programs - - * lib/krb5/rd_req.c: add address compare - - * lib/krb5/mk_req_ext.c: allow no checksum - - * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string - - * lib/krb5/address.c: fix `krb5_address_compare' - -Sat Jul 12 15:03:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/get_addrs.c: Fix ip4 address extraction. - - * kuser/klist.c: Add verbose flag, and split main into smaller - pieces. - - * lib/krb5/fcache.c: Save ticket flags. - - * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and - flags. - - * lib/krb5/krb5.h: Add ticket_flags to krb5_creds. - -Sat Jul 12 13:12:48 1997 Assar Westerlund <assar@sics.se> - - * configure.in: Call `AC_KRB_PROG_LN_S' - - * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4 - -Sat Jul 12 00:57:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to - pass options. - -Fri Jul 11 15:04:22 1997 Assar Westerlund <assar@sics.se> - - * appl/telnet: telnet & telnetd seems to be working. - - * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed - krb5_config_vget_next - - * appl/telnet/libtelnet/kerberos5.c: update to current API - -Thu Jul 10 14:54:39 1997 Assar Westerlund <assar@sics.se> - - * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call - `krb5_kuserok' - - * appl/telnet: Added. - -Thu Jul 10 05:09:25 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/error/compile_et.awk: Remove usage of sub, gsub, and - functions for compatibility with awk. - - * include/bits.c: Must use signed char. - - * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets - here. - - * lib/error/error.c: Replace krb5_get_err_text with new function - com_right. - - * lib/error/compile_et.awk: Avoid using static variables. - - * lib/error/error.c: Don't use krb5_locl.h - - * lib/error/error.h: Move definitions of error_table and - error_list from krb5.h. - - * lib/error: Moved from lib/krb5. - -Wed Jul 9 07:42:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data. - -Wed Jul 9 06:58:00 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff - according to pseudocode from 1510 - -Wed Jul 9 06:06:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/hdb/hdb.c: Add hdb_etype2key. - - * kdc/kerberos5.c: Check authenticator. Use more general etype - functions. - -Wed Jul 9 03:51:12 1997 Assar Westerlund <assar@sics.se> - - * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to - draft-ietf-cat-kerberos-r-00.txt - - * lib/krb5/principal.c (krb5_parse_name): default to local realm - if none given - - * kuser/kinit.c: New option `-p' and prompt - -Wed Jul 9 02:30:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/keyblock.c: Keyblock generation functions. - - * lib/krb5/encrypt.c: Use functions from checksum.c. - - * lib/krb5/checksum.c: Move checksum functions here. Add - krb5_cksumsize function. - -Wed Jul 9 01:15:38 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/get_host_realm.c: implemented - - * lib/krb5/config_file.c: Redid part. New functions: - krb5_config_v?get_next - - * kuser/kdestroy.c: new program - - * kuser/kinit.c: new flag `-f' - - * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress - - * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN - - * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all - users. - - * lib/krb5/get_addrs.c: figure out all local addresses, possibly - even IPv6! - - * lib/krb5/checksum.c: table-driven checksum - -Mon Jul 7 21:13:28 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as - krb5_encrypt. - -Mon Jul 7 11:15:51 1997 Assar Westerlund <assar@sics.se> - - * lib/roken/vsyslog.c: new file - - * lib/krb5/encrypt.c: add des-cbc-md4. - adjust krb5_encrypt and krb5_decrypt to reality - -Mon Jul 7 02:46:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/encrypt.c: Implement as a vector of function pointers. - - * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and - des-cbc-md5 in separate functions. - - * lib/krb5/krb5.h: Add more checksum and encryption types. - - * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt. - -Sun Jul 6 23:02:59 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files - - * lib/krb5/config_file.[ch]: new c-based configuration reading - stuff - -Wed Jul 2 23:12:56 1997 Assar Westerlund <assar@sics.se> - - * configure.in: Set WFLAGS if using gcc - -Wed Jul 2 17:47:03 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/asn1/der_put.c (der_put_int): Return size correctly. - - * admin/ank.c: Be compatible with the asn1 principal format. - -Wed Jul 1 23:52:20 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/asn1: Now all decode_* and encode_* functions now take a - final size_t* argument, that they return the size in. Return - values are zero for success, and anything else (such as some - ASN1_* constant) for error. - -Mon Jun 30 06:08:14 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to - O_WRONLY | O_APPEND - - * lib/krb5/get_cred.c: removed stale prototype for - `extract_ticket' and corrected call. - - * lib/asn1/gen_length.c (length_type): Make the length functions - for SequenceOf non-destructive - - * admin/ank.c (doit): Fix reading of `y/n'. - -Mon Jun 16 05:41:43 1997 Assar Westerlund <assar@sics.se> - - * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number - - * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number. - - * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set - KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum. - - * lib/gssapi/8003.c: New file. - - * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1 - Authenticator. - - * lib/krb5/auth_context.c: New functions - `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber' - -Tue Jun 10 00:35:54 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5: Preapre for use of some asn1-types. - - * lib/asn1/*.c (copy_*): Constness. - - * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an - octet_string. - - * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * -> - general_string - - * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't - have anything to do with asn1_compile. - - * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes. - -Sun Jun 8 03:51:55 1997 Assar Westerlund <assar@sics.se> - - * kdc/kerberos5.c: Fix PA-ENC-TS-ENC - - * kdc/connect.c(process_request): Set `new' - - * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way. - - * lib: Added editline,sl,roken. - -Mon Jun 2 00:37:48 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/fcache.c: Move file cache from cache.c. - - * lib/krb5/cache.c: Allow more than one cache type. - -Sun Jun 1 23:45:33 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * admin/extkeytab.c: Merged with kdb_edit. - -Sun Jun 1 23:23:08 1997 Assar Westerlund <assar@sics.se> - - * kdc/kdc.c: more support for ENC-TS-ENC - - * lib/krb5/get_in_tkt.c: redone to enable pre-authentication - -Sun Jun 1 22:45:11 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/hdb/db.c: Merge fetch and store. - - * admin: Merge to one program. - - * lib/krb5/str2key.c: Fill in keytype and length. - -Sun Jun 1 16:31:23 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c, - lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for - KRB5_AUTH_CONTEXT_DO_SEQUENCE - - * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an - KRB_ERROR. Some support for PA_ENC_TS_ENC. - - * lib/krb5/auth_context.c: implemented seq_number functions - - * lib/krb5/generate_subkey.c, generate_seq_number.c: new files - - * lib/gssapi/gssapi.h: avoid including <krb5.h> - - * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake - happy - - * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP - - * configure.in: adapted to automake 1.1p - -Mon May 26 22:26:21 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/principal.c: Add contexts to many functions. - -Thu May 15 20:25:37 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/verify_user.c: First stab at a verify user. - - * lib/auth/sia/sia5.c: SIA module for Kerberos 5. - -Mon Apr 14 00:09:03 1997 Assar Westerlund <assar@sics.se> - - * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be - able to (mostly) run gss-client and gss-server. - - * lib/krb5/keytab.c: implemented krb5_kt_add_entry, - krb5_kt_store_principal, krb5_kt_store_keyblock - - * lib/des/md5.[ch], sha.[ch]: new files - - * lib/asn1/der_get.c (generalizedtime2time): use `timegm' - - * lib/asn1/timegm.c: new file - - * admin/extkeytab.c: new program - - * admin/admin_locl.h: new file - - * admin/Makefile.am: Added extkeytab - - * configure.in: moved config to include - removed timezone garbage - added lib/gssapi and admin - - * Makefile.am: Added admin - -Mon Mar 17 11:34:05 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * kdc/kdc.c: Use new copying functions, and free some data. - - * lib/asn1/Makefile.am: Try to not always rebuild generated files. - - * lib/asn1/der_put.c: Add fix_dce(). - - * lib/asn1/der_{get,length,put}.c: Fix include files. - - * lib/asn1/der_free.c: Remove unused functions. - - * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free, - gen_length, and gen_copy. - -Sun Mar 16 18:13:52 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/sendauth.c: implemented functionality - - * lib/krb5/rd_rep.c: Use `krb5_decrypt' - - * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' == - NULL - - * lib/krb5/principal.c (krb5_free_principal): added `context' - argument. Changed all callers. - - (krb5_sname_to_principal): new function - - * lib/krb5/auth_context.c (krb5_free_authenticator): add `context' - argument. Changed all callers - - * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files - - * lib/asn1/gen.c: Fix encoding and decoding of BitStrings - -Fri Mar 14 11:29:00 1997 Assar Westerlund <assar@sics.se> - - * configure.in: look for *dbm? - - * lib/asn1/gen.c: Fix filename in generated files. Check fopens. - Put trailing newline in asn1_files. - -Fri Mar 14 05:06:44 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/get_in_tkt.c: Fix some memory leaks. - - * lib/krb5/krbhst.c: Properly free hostlist. - - * lib/krb5/decrypt.c: CRCs are 32 bits. - -Fri Mar 14 04:39:15 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/asn1/gen.c: Generate one file for each type. - -Fri Mar 14 04:13:47 1997 Assar Westerlund <assar@sics.se> - - * lib/asn1/gen.c: Generate `length_FOO' functions - - * lib/asn1/der_length.c: new file - - * kuser/klist.c: renamed stime -> printable_time to avoid conflict - on HP/UX - -Fri Mar 14 03:37:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free - datums. Don't add .db to filename. - -Fri Mar 14 02:49:51 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * kdc/dump.c: Database dump program. - - * kdc/ank.c: Trivial database editing program. - - * kdc/{kdc.c, load.c}: Use libhdb. - - * lib/hdb: New database routine library. - - * lib/krb5/error/Makefile.am: Add hdb_err. - -Wed Mar 12 17:41:14 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support. - - * lib/asn1/gen.c: Generate free functions. - - * Some specific free functions. - -Wed Mar 12 12:30:13 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/krb5_mk_req_ext.c: new file - - * lib/asn1/gen.c: optimize the case with a simple type - - * lib/krb5/get_cred.c (krb5_get_credentials): Use - `mk_req_extended' and remove old code. - - * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an - EncASRepPart, then with an EncTGSRepPart. - -Wed Mar 12 08:26:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/store_emem.c: New resizable memory storage. - - * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c - - * lib/krb5/krb5.h: Add free entry to krb5_storage. - - * lib/krb5/decrypt.c: Make keyblock const. - -Tue Mar 11 20:22:17 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket. - - * lib/krb5/rd_req.c: Return whole asn.1 ticket in - krb5_ticket->tkt. - - * lib/krb5/get_in_tkt.c: TGS -> AS - - * kuser/kfoo.c: Print error string rather than number. - - * kdc/kdc.c: Some kind of non-working TGS support. - -Mon Mar 10 01:43:22 1997 Assar Westerlund <assar@sics.se> - - * lib/asn1/gen.c: reduced generated code by 1/5 - - * lib/asn1/der_put.c: (der_put_length_and_tag): new function - - * lib/asn1/der_get.c (der_match_tag_and_length): new function - - * lib/asn1/der.h: added prototypes - -Mon Mar 10 01:15:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for - krb5_rd_req_with_keyblock. - - * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that - takes a precomputed keyblock. - - * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code. - - * lib/krb5/mk_req.c: Calculate checksum of in_data. - -Sun Mar 9 21:17:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/error/compile_et.awk: Add a declaration of struct - error_list, and multiple inclusion block to header files. - -Sun Mar 9 21:01:12 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/rd_req.c: do some checks on times - - * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c, - address.c}: new files - - * lib/krb5/auth_context.c: more code - - * configure.in: try to figure out timezone - -Sat Mar 8 11:41:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/error/error.c: Try strerror if error code wasn't found. - - * lib/krb5/get_in_tkt.c: Remove realm parameter from - krb5_get_salt. - - * lib/krb5/context.c: Initialize error table. - - * kdc: The beginnings of a kdc. - -Sat Mar 8 08:16:28 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/rd_safe.c: new file - - * lib/krb5/checksum.c (krb5_verify_checksum): New function - - * lib/krb5/get_cred.c: use krb5_create_checksum - - * lib/krb5/checksum.c: new file - - * lib/krb5/store.c: no more arithmetic with void* - - * lib/krb5/cache.c: now seems to work again - -Sat Mar 8 06:58:09 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5. - - * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c. - - * lib/krb5/asn1_glue.c: Moved some asn1-stuff here. - - * lib/krb5/{cache,keytab}.c: Use new storage functions. - - * lib/krb5/krb5.h: Protypes for new storage functions. - - * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write - data to more than file descriptors. - -Sat Mar 8 01:01:17 1997 Assar Westerlund <assar@sics.se> - - * lib/krb5/encrypt.c: New file. - - * lib/krb5/Makefile.am: More -I - - * configure.in: Test for big endian, random, rand, setitimer - - * lib/asn1/gen.c: perhaps even decodes bitstrings - -Thu Mar 6 19:05:29 1997 Johan Danielsson <joda@blubb.pdc.kth.se> - - * lib/krb5/config_file.y: Better return values on error. - -Sat Feb 8 15:59:56 1997 Assar Westerlund <assar@pdc.kth.se> - - * lib/asn1/parse.y: ifdef HAVE_STRDUP - - * lib/asn1/lex.l: ifdef strdup - brange-dead version of list of special characters to make stupid - lex accept it. - - * lib/asn1/gen.c: A DER integer should really be a `unsigned' - - * lib/asn1/der_put.c: A DER integer should really be a `unsigned' - - * lib/asn1/der_get.c: A DER integer should really be a `unsigned' - - * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is - needed. - - * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c, - lib/krb/store.h: new files. - - * lib/krb5/keytab.c: now even with some functionality. - - * lib/asn1/gen.c: changed paramater from void * to Foo * - - * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty - string. - -Sun Jan 19 06:17:39 1997 Assar Westerlund <assar@pdc.kth.se> - - * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in - cc before getting new ones. - - * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype. - - * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the - CRC should be stored LSW first. (?) - - * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and - `krb5_free_keyblock' - - * lib/**/Makefile.am: Rename foo libfoo.a - - * include/Makefile.in: Use test instead of [ - -e does not work with /bin/sh on psoriasis - - * configure.in: Search for awk - create lib/krb/error/compile_et - -Tue Jan 14 03:46:26 1997 Assar Westerlund <assar@pdc.kth.se> - - * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c - -Wed Dec 18 00:53:55 1996 Johan Danielsson <joda@emma.pdc.kth.se> - - * kuser/kinit.c: Guess principal. - - * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some - warnings. - - * lib/krb5/error/asn1_err.et: Add ASN.1 error messages. - - * lib/krb5/mk_req.c: Get client from cache. - - * lib/krb5/cache.c: Add better error checking some useful return - values. - - * lib/krb5/krb5.h: Fix krb5_auth_context. - - * lib/asn1/der.h: Make krb5_data compatible with krb5.h - -Tue Dec 17 01:32:36 1996 Johan Danielsson <joda@emma.pdc.kth.se> - - * lib/krb5/error: Add primitive error library. - -Mon Dec 16 16:30:20 1996 Johan Danielsson <joda@emma.pdc.kth.se> + * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL + def_val + (krb5_appdefault_time): new function - * lib/krb5/cache.c: Get correct address type from cache. +2001-01-03 Assar Westerlund <assar@sics.se> - * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1. + * kdc/hpropd.c (main): handle EOF when reading from stdin |
