From a77dba08ca7d8ad2f2dcd653974ac66df78cfa49 Mon Sep 17 00:00:00 2001 From: nectar Date: Fri, 30 Aug 2002 21:23:27 +0000 Subject: Import of Heimdal Kerberos from KTH repository circa 2002/08/29. --- crypto/heimdal/ChangeLog.2001 | 1122 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1122 insertions(+) create mode 100644 crypto/heimdal/ChangeLog.2001 (limited to 'crypto/heimdal/ChangeLog.2001') diff --git a/crypto/heimdal/ChangeLog.2001 b/crypto/heimdal/ChangeLog.2001 new file mode 100644 index 0000000..b048488 --- /dev/null +++ b/crypto/heimdal/ChangeLog.2001 @@ -0,0 +1,1122 @@ +2001-12-20 Johan Danielsson + + * lib/krb5/crypto.c: use our own des string-to-key function, since + the one from openssl sometimes generates wrong output + +2001-12-05 Jacques Vidrine + + * lib/hdb/mkey.c: fix a bug in which kstash would crash if + there were no /etc/krb5.conf + +2001-11-09 Johan Danielsson + + * lib/krb5/krb5_verify_user.3: sort references (from Thomas + Klausner) + + * lib/krb5/krb5_principal_get_realm.3: add section to reference + (from Thomas Klausner) + + * lib/krb5/krb5_krbhst_init.3: sort references (from Thomas + Klausner) + + * lib/krb5/krb5_keytab.3: white space fixes (from Thomas Klausner) + + * lib/krb5/krb5_get_krbhst.3: remove extra white space (from + Thomas Klausner) + + * lib/krb5/krb5_get_all_client_addrs.3: add section to reference + (from Thomas Klausner) + +2001-10-29 Jacques Vidrine + + * admin/get.c: fix a bug in which a reference to a data + structure on the stack was being kept after the containing + function's lifetime, resulting in a segfault during `ktutil + get'. + +2001-10-22 Assar Westerlund + + * lib/krb5/crypto.c: make all high-level encrypting and decrypting + functions check the return value of the underlying function and + handle errors more consistently. noted by Sam Hartman + + +2001-10-21 Assar Westerlund + + * lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a + non-keyed checksum when it should be non-keyed + +2001-09-29 Assar Westerlund + + * kuser/kinit.1: add the kauth alias + * kuser/kinit.c: allow specification of afslog in krb5.conf, noted + by jhutz@cs.cmu.edu + +2001-09-27 Assar Westerlund + + * lib/asn1/gen.c: remove the need for libasn1.h, also make + generated files include all files from IMPORTed modules + + * lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values + * kpasswd/kpasswd.c: improve error message printing + * lib/krb5/changepw.c (krb5_passwd_result_to_string): add change + to use sequence numbers connect the udp socket so that we can + figure out the local address + +2001-09-25 Assar Westerlund + + * lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED + +2001-09-20 Johan Danielsson + + * lib/krb5/principal.c (krb5_425_conv_principal_ext): try using + lower case realm as domain, but only when given a verification + function + +2001-09-20 Assar Westerlund + + * lib/asn1/der_put.c (der_put_length): do not even try writing + anything when len == 0 + +2001-09-18 Johan Danielsson + + * kdc/hpropd.c: add realm override option + + * lib/krb5/set_default_realm.c (krb5_set_default_realm): make + realm parameter const + + * kdc/hprop.c: more free's + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key + proc data + + * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free + addrinfo + + * lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when + not returning error + +2001-09-16 Assar Westerlund + + * lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time): + make realm const + + * lib/krb5/crypto.c: use des functions to avoid generating + warnings with openssl's prototypes + +2001-09-05 Johan Danielsson + + * configure.in: check for termcap.h + + * lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy + +2001-09-03 Assar Westerlund + + * lib/krb5/addr_families.c (krb5_print_address): handle snprintf + returning < 0. noticed by hin@stacken.kth.se + +2001-09-03 Assar Westerlund + + * Release 0.4e + +2001-09-02 Johan Danielsson + + * kuser/Makefile.am: install kauth as a symlink to kinit + + * kuser/kinit.c: get v4_tickets by default + + * lib/asn1/Makefile.am: fix for broken automake + +2001-08-31 Johan Danielsson + + * lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke + Howard + + * kuser/kinit.1: remove references to kauth + + * kuser/Makefile.am: kauth is no more + + * kuser/kinit.c: use appdefaults for everything. defaults are now + as in kauth. + + * lib/krb5/appdefault.c: also check libdefaults, and realms/realm + + * lib/krb5/context.c (krb5_free_context): free more stuff + +2001-08-30 Johan Danielsson + + * lib/krb5/verify_krb5_conf.c: do some checks of the values in the + file + + * lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling + + * lib/krb5/context.c: don't init srv_try_txt, since it isn't used + anymore + +2001-08-29 Jacques Vidrine + + * configure.in: Check for already-installed com_err. + +2001-08-28 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1 + +2001-08-24 Assar Westerlund + + * kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require + no special treatment now + + * kuser/generate-requests.c: parse arguments in a useful way + * kuser/kverify.c: add --help/--verify + +2001-08-22 Assar Westerlund + + * configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4 + + * configure.in: re-write the handling of crypto libraries. try to + use the one of openssl's libcrypto or krb4's libdes that has all + the required functionality (md4, md5, sha1, des, rc4). if there + is no such library, the included lib/des is built. + + * kdc/headers.h: include libutil.h if it exists + * kpasswd/kpasswd_locl.h: include libutil.h if it exists + * kdc/kerberos4.c (get_des_key): check for null keys even if + is_server + +2001-08-21 Assar Westerlund + + * lib/asn1/asn1_print.c: print some size_t correctly + * configure.in: remove extra space after -L check for libutil.h + +2001-08-17 Johan Danielsson + + * kdc/kdc_locl.h: fix prototype for get_des_key + + * kdc/kaserver.c: fix call to get_des_key + + * kdc/524.c: fix call to get_des_key + + * kdc/kerberos4.c (get_des_key): if getting a key for a server, + return any des-key not just keys that can be string-to-keyed by + the client + +2001-08-10 Assar Westerlund + + * Release 0.4d + +2001-08-10 Assar Westerlund + + * configure.in: check for openpty + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0 + +2001-08-08 Assar Westerlund + + * configure.in: just add -L (if required) from krb4 when testing + for libdes/libcrypto + +2001-08-04 Assar Westerlund + + * lib/krb5/Makefile.am (man_MANS): add some missing man pages + * fix-export: fix the sed expression for finding the man pages + +2001-07-31 Assar Westerlund + + * kpasswd/kpasswd-generator.c (main): implement --version and + --help + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to + 18:1:1 + +2001-07-27 Assar Westerlund + + * lib/krb5/context.c (init_context_from_config_file): check + parsing of addresses + +2001-07-26 Assar Westerlund + + * lib/krb5/sock_principal.c (krb5_sock_to_principal): rename + sa_len -> salen to avoid the macro that's defined on irix. noted + by "Jacques A. Vidrine" + +2001-07-24 Johan Danielsson + + * lib/krb5/addr_families.c: add support for type + KRB5_ADDRESS_ADDRPORT + + * lib/krb5/addr_families.c (krb5_address_order): complain about + unsuppored address types + +2001-07-23 Johan Danielsson + + * admin/get.c: don't open connection to server until we loop over + the principals, at that time we know the realm of the (first) + principal and we can default to that admin server + + * admin: add a rename command + +2001-07-19 Assar Westerlund + + * kdc/hprop.c (usage): clarify a tiny bit + +2001-07-19 Assar Westerlund + + * Release 0.4c + +2001-07-19 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to + 18:0:1 + + * lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave + the same way as the MIT function + + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0 + * lib/krb5/sock_principal.c (krb5_sock_to_principal): use + getnameinfo + + * lib/krb5/krbhst.c (srv_find_realm): handle port numbers + consistenly in local byte order + + * lib/krb5/get_default_realm.c (krb5_get_default_realm): set an + error string + + * kuser/kinit.c (renew_validate): invert condition correctly. get + v4 tickets if we succeed renewing + * lib/krb5/principal.c (krb5_principal_get_type): add + (default_v4_name_convert): add "smtp" + +2001-07-13 Assar Westerlund + + * configure.in: remove make-print-version from LIBOBJS, it's no + longer in lib/roken but always built in lib/vers + +2001-07-12 Johan Danielsson + + * lib/hdb/mkey.c: more set_error_string + +2001-07-12 Assar Westerlund + + * lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library + dependencies + + * lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library + dependencies + +2001-07-11 Johan Danielsson + + * kdc/hprop.c: remove v4 master key handling; remove old v4-db and + ka-db flags; add defaults for v4_realm and afs_cell + +2001-07-09 Assar Westerlund + + * lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname + before calling krb5_sname_to_principal. from "Jacques A. Vidrine" + + +2001-07-08 Johan Danielsson + + * lib/krb5/context.c: use krb5_copy_addresses instead of + copy_HostAddresses + +2001-07-06 Assar Westerlund + + * configure.in (LIB_des_a, LIB_des_so): add these so that they can + be used by lib/auth/sia + + * kuser/kinit.c: re-do some of the v4 fallbacks: look at + get-tokens flag do not print extra errors do not try to do 524 if + we got tickets from a v4 server + +2001-07-03 Assar Westerlund + + * lib/krb5/replay.c (krb5_get_server_rcache): cast argument to + printf + + * lib/krb5/get_addrs.c (find_all_addresses): call free_addresses + on ignore_addresses correctly + * lib/krb5/init_creds.c + (krb5_get_init_creds_opt_set_default_flags): change to take a + const realm + + * lib/krb5/principal.c (krb5_425_conv_principal_ext): if the + instance is the first component of the local hostname, the + converted host should be the long hostname. from + + +2001-07-02 Johan Danielsson + + * lib/krb5/Makefile.am: address.c is no more; add a couple of + manpages + + * lib/krb5/krb5_timeofday.3: new manpage + + * lib/krb5/krb5_get_all_client_addrs.3: new manpage + + * lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as + wildcard + + * lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as + wildcard + + * lib/krb5/get_addrs.c: don't include client addresses that match + ignore_addresses + + * lib/krb5/context.c: initialise ignore_addresses + + * lib/krb5/addr_families.c: add new `arange' fake address type, + that matches more than one address; this required some internal + changes to many functions, so all of address.c got moved here + (wasn't much left there) + + * lib/krb5/krb5.h: add list of ignored addresses to context + +2001-07-03 Assar Westerlund + + * Release 0.4b + +2001-07-03 Assar Westerlund + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0 + +2001-07-03 Assar Westerlund + + * Release 0.4a + +2001-07-02 Johan Danielsson + + * kuser/kinit.c: make this compile without krb4 support + + * lib/krb5/write_message.c: remove priv parameter from + write_safe_message; don't know why it was there in the first place + + * doc/install.texi: remove kaserver switches, it's always compiled + in now + + * kdc/hprop.c: always include kadb support + + * kdc/kaserver.c: always include kaserver support + +2001-07-02 Assar Westerlund + + * kpasswd/kpasswdd.c (doit): make failing to bind a socket a + non-fatal error, and abort if no sockets were bound + +2001-07-01 Assar Westerlund + + * lib/krb5/krbhst.c: remember the real port number when falling + back from kpasswd -> kadmin, and krb524 -> kdc + +2001-06-29 Assar Westerlund + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if + no_addresses is set, do not add any local addresses to KRB_CRED + + * kuser/kinit.c: remove extra clearing of password and some + redundant code + +2001-06-29 Johan Danielsson + + * kuser/kinit.c: move ticket conversion code to separate function, + and call that from a couple of places, like when renewing a + ticket; also add a flag for just converting a ticket + + * lib/krb5/init_creds_pw.c: set renew-life to some sane value + + * kdc/524.c: don't send more data than required + +2001-06-24 Assar Westerlund + + * lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns + + * lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY: + (any_start_seq_get): remove a double free + (any_next_entry): iterate over all (sub) keytabs and avoid leave data + around to be freed again + + * kdc/kdc_locl.h: add a define for des_new_random_key when using + openssl's libcrypto + + * configure.in: move v6 tests down + + * lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052 + + * update to libtool 1.4 and autoconf 2.50 + +2001-06-22 Johan Danielsson + + * lib/hdb/hdb.c: use krb5_add_et_list + +2001-06-21 Johan Danielsson + + * lib/hdb/Makefile.am: add generation number + * lib/hdb/common.c: add generation number code + * lib/hdb/hdb.asn1: add generation number + * lib/hdb/print.c: use krb5_storage to make it more dynamic + +2001-06-21 Assar Westerlund + + * lib/krb5/krb5.conf.5: update to changed names used by + krb5_get_init_creds_opt_set_default_flags + * lib/krb5/init_creds.c + (krb5_get_init_creds_opt_set_default_flags): make the appdefault + keywords have the same names + + * configure.in: only add -L and -R to the krb4 libdir if we are + actually using it + + * lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing + dot of hostname add some comments + * lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when + testing for kerberos.REALM. this allows reusing that information + when actually contacting the server and thus avoids one DNS lookup + +2001-06-20 Johan Danielsson + + * lib/krb5/krb5.h: include k524_err.h + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test + for keytype, the server will do this for us if it has anything to + complain about + + * lib/krb5/context.c: add protocol compatible krb524 error codes + + * lib/krb5/Makefile.am: add protocol compatible krb524 error codes + + * lib/krb5/k524_err.et: add protocol compatible krb524 error codes + + * lib/krb5/krb5_principal_get_realm.3: manpage + + * lib/krb5/principal.c: add functions `krb5_principal_get_realm' + and `krb5_principal_get_comp_string' that returns parts of a + principal; this is a replacement for the internal + `krb5_princ_realm' and `krb5_princ_component' macros that everyone + seem to use + +2001-06-19 Assar Westerlund + + * kuser/kinit.c (main): dereference result from krb5_princ_realm. + from Thomas Nystrom + +2001-06-18 Johan Danielsson + + * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done + * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak + * lib/krb5/krbhst.c (config_get_hosts): free hostlist + * kuser/kinit.c: free principal + +2001-06-18 Assar Westerlund + + * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra + freeaddrinfo + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache): + remove some unused variables + + * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly + * kdc/kerberos5.c: update to new krb5_auth_con* names + * kdc/hpropd.c: update to new krb5_auth_con* names + * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions + and remove some comments + * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right + order: remote - local - session + * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the + auth_context + * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct + order: remote - local - session + * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order, + local - remote - session + +2001-06-18 Johan Danielsson + + * lib/krb5/convert_creds.c: use starttime instead of authtime, + from Chris Chiappa + + * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match + the MIT function by the same name; add + krb524_convert_creds_kdc_ccache that does what the old version did + + * admin/list.c (do_list): make sure list of keys is NULL + terminated; similar to patch sent by Chris Chiappa + +2001-06-18 Assar Westerlund + + * lib/krb5/mcache.c (mcc_remove_cred): use + krb5_free_creds_contents + + * lib/krb5/auth_context.c: name function krb5_auth_con more + consistenly + * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use + renamed krb5_auth_con_getauthenticator + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to + use krb5_krbhst API + * lib/krb5/changepw.c (krb5_change_password): update to use + krb5_krbhst API + * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API + * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port + in krb5_krbhst_info + (krb5_krbhst_free): free everything + + * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add + (krb5_krbhst_info): add def_port (default port for this service) + + * lib/krb5/krbhst-test.c: make it more verbose and useful + * lib/krb5/krbhst.c: remove some more memory leaks do not try any + dns operations if there is local configuration admin: fallback to + kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin + add some comments + + * configure.in: remove initstate and setstate, they should be in + cf/roken-frag.m4 + + * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test + * lib/krb5/krbhst-test.c: new program for testing krbhst + * lib/krb5/krbhst.c (common_init): remove memory leak + (main): move test program into krbhst-test + +2001-06-17 Johan Danielsson + + * lib/krb5/krb5_krbhst_init.3: manpage + + * lib/krb5/krb5_get_krbhst.3: manpage + +2001-06-16 Johan Danielsson + + * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type + + * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle + + * lib/krb5/krb5.h: types for new krbhst api + + * lib/krb5/krbhst.c: implement a new api that looks up one host at + a time, instead of making a list of hosts + +2001-06-09 Johan Danielsson + + * configure.in: test for initstate and setstate + + * lib/krb5/krbhst.c: remove rfc2052 support + +2001-06-08 Johan Danielsson + + * fix some manpages for broken mdoc.old grog test + +2001-05-28 Assar Westerlund + + * lib/krb5/krb5.conf.5: add [appdefaults] + * lib/krb5/init_creds_pw.c: remove configuration reading that is + now done in krb5_get_init_creds_opt_set_default_flags + * lib/krb5/init_creds.c + (krb5_get_init_creds_opt_set_default_flags): add reading of + libdefaults versions of these and add no_addresses + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string + when preauth was required and we retry + +2001-05-25 Assar Westerlund + + * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call + krb5_get_krb524hst + * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the + support functions + +2001-05-22 Assar Westerlund + + * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec + properly + +2001-05-17 Assar Westerlund + + * Release 0.3f + +2001-05-17 Assar Westerlund + + * lib/krb5/Makefile.am: bump version to 16:0:0 + * lib/hdb/Makefile.am: bump version to 7:1:0 + * lib/asn1/Makefile.am: bump version to 5:0:0 + * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4 + * lib/krb5/codec.c: remove dead code + +2001-05-17 Johan Danielsson + + * kdc/config.c: actually check the ticket addresses + +2001-05-15 Assar Westerlund + + * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct + parenthesis + + * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add + `errno' (called system_error) to allow callers to make sure they + pass the current and relevant value. update callers + +2001-05-14 Johan Danielsson + + * lib/krb5/verify_user.c: krb5_verify_user_opt + + * lib/krb5/krb5.h: verify_opt + + * kdc/kerberos5.c: pass context to krb5_domain_x500_decode + +2001-05-14 Assar Westerlund + + * kpasswd/kpasswdd.c: adapt to new address functions + * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE + * kdc/connect.c: adapt to changing address functions + * kdc/config.c: new krb5_config_parse_file + * kdc/524.c: new krb5_sockaddr2address + * lib/krb5/*: add some krb5_{set,clear}_error_string + + * lib/asn1/k5.asn1 (LR_TYPE): add + * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x + +2001-05-11 Assar Westerlund + + * kdc/kerberos5.c (tsg_rep): fix typo in variable name + + * kpasswd/kpasswd-generator.c (nop_prompter): update prototype + * lib/krb5/init_creds_pw.c: update to new prompter, use prompter + types and send two prompts at once when changning password + * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name + * lib/krb5/krb5.h (krb5_prompt): add type + (krb5_prompter_fct): add anem + + * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two + paramaters to krb5_cc_next_cred (as MIT does, and not as they + document). From "Jacques A. Vidrine" + +2001-05-11 Johan Danielsson + + * lib/krb5/Makefile.am: store-test + + * lib/krb5/store-test.c: simple bit storage test + + * lib/krb5/store.c: add more byteorder storage flags + + * lib/krb5/krb5.h: add more byteorder storage flags + + * kdc/kerberos5.c: don't use NULL where we mean 0 + + * kdc/kerberos5.c: put referral test code in separate function, + and test for KRB5_NT_SRV_INST + +2001-05-10 Assar Westerlund + + * admin/list.c (do_list): do not close the keytab if opening it + failed + * admin/list.c (do_list): always print complete names. print + everything to stdout. + * admin/list.c: print both v5 and v4 list by default + * admin/remove.c (kt_remove): reorganize some. open the keytab + (defaulting to the modify one). + * admin/purge.c (kt_purge): reorganize some. open the keytab + (defaulting to the modify one). correct usage strings + * admin/list.c (kt_list): reorganize some. open the keytab + * admin/get.c (kt_get): reorganize some. open the keytab + (defaulting to the modify one) + * admin/copy.c (kt_copy): default to modify key name. re-organise + * admin/change.c (kt_change): reorganize some. open the keytab + (defaulting to the modify one) + * admin/add.c (kt_add): reorganize some. open the keytab + (defaulting to the modify one) + * admin/ktutil.c (main): do not open the keytab, let every + sub-function handle it + + * kdc/config.c (configure): call free_getarg_strings + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for + a few more errors + + * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make + `use_dns' parameter boolean + + * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify + * lib/krb5/context.c (init_context_from_config_file): set + default_keytab_modify + * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to + ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab + (KEYTAB_DEFAULT_MODIFY): add + * lib/krb5/keytab.c (krb5_kt_default_modify_name): add + (krb5_kt_resolve): set error string for failed keytab type + +2001-05-08 Assar Westerlund + + * lib/krb5/crypto.c (encryption_type): make field names more + consistent + (create_checksum): separate usage and type + (krb5_create_checksum): add a separate type parameter + (encrypt_internal): only free once on mismatched checksum length + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what + realm we didn't manage to reach any KDC for in the error string + + * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free + the entire subkey. from + +2001-05-07 Johan Danielsson + + * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return + KT_NOTFOUND if the file is empty + +2001-05-07 Assar Westerlund + + * lib/krb5/fcache.c: call krb5_set_error_string when open fails + fatally + * lib/krb5/keytab_file.c: call krb5_set_error_string when open + fails fatally + + * lib/krb5/warn.c (_warnerr): print error_string in context in + preference to error string derived from error code + * kuser/kinit.c (main): try to print the error string + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible + error strings for errors + + * lib/krb5/krb5.h (krb5_context_data): add error_string and + error_buf + * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c + * lib/krb5/error_string.c: new file + +2001-05-02 Johan Danielsson + + * lib/krb5/time.c: krb5_string_to_deltat + + * lib/krb5/sock_principal.c: one less data copy + + * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's + + * lib/krb5/get_default_principal.c: change this slightly + + * lib/krb5/crypto.c: make checksum_types into an array of pointers + + * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc + ticket + +2001-04-29 Assar Westerlund + + * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for + the right realm if we fail to find a non-krbtgt service in the + database and the second component does a succesful non-dns lookup + to get the real realm (which has to be different from the + originally-supplied realm). this should help windows 2000 clients + that always start their lookups in `their' realm and do not have + any idea of how to map hostnames into realms + * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm + +2001-04-27 Johan Danielsson + + * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra + parameter to request use of dns or not + +2001-04-25 Assar Westerlund + + * admin/get.c (kt_get): allow specification of encryption types + * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to + close an unopened ccache, noted by + + * lib/krb5/krb5.h (krb5_any_ops): add declaration + * lib/krb5/context.c (init_context_from_config_file): register + krb5_any_ops + + * lib/krb5/keytab_any.c: new file, implementing union of keytabs + * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c + + * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options + == NULL. noted by + +2001-04-19 Johan Danielsson + + * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything + else, from Jacques Vidrine + +2001-04-18 Johan Danielsson + + * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h + + * lib/asn1/Makefile.am: add asn1_ENCTYPE.x + + * lib/krb5/krb5.h: adapt to asn1 changes + + * lib/asn1/k5.asn1: move enctypes here + + * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid + conflicts + + * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid + conflicts + + * lib/asn1/lex.l: use strtol to parse constants + +2001-04-06 Johan Danielsson + + * kuser/kinit.c: add simple support for running commands + +2001-03-26 Assar Westerlund + + * lib/hdb/hdb-ldap.c: change order of includes to allow it to work + with more versions of openldap + + * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error + replies + (*): update callers of krb5_km_error + (check_tgs_flags): handle renews requesting non-renewable tickets + + * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime + and cusec + + * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add + compatibility names + + * lib/krb5/crypto.c (create_checksum): change so that `type == 0' + means pick from the `crypto' (context) and otherwise use that + type. this is not a large change in practice and allows callers + to specify the exact checksum algorithm to use + +2001-03-13 Assar Westerlund + + * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back + to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad + integrity'. this helps for talking to old (pre 0.3d) KDCs + +2001-03-12 Assar Westerlund + + * lib/krb5/crypto.c (krb5_derive_key): new function, used by + derived-key-test.c + * lib/krb5/string-to-key-test.c: add new test vectors posted by + Ken Raeburn in to + ietf-krb-wg@anl.gov + * lib/krb5/n-fold-test.c: more test vectors from same source + * lib/krb5/derived-key-test.c: more tests from same source + +2001-03-06 Assar Westerlund + + * acconfig.h: include roken_rename.h when appropriate + +2001-03-06 Assar Westerlund + + * lib/krb5/krb5.h (krb5_enctype): remove trailing comma + +2001-03-04 Assar Westerlund + + * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for + compatibility with MIT krb5 + +2001-03-02 Assar Westerlund + + * kuser/kinit.c (main): only request a renewable ticket when + explicitly requested. it still gets a renewable one if the renew + life is specified + * kuser/kinit.c (renew_validate): treat -1 as flags not being set + +2001-02-28 Johan Danielsson + + * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list + +2001-02-27 Johan Danielsson + + * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt + +2001-02-25 Assar Westerlund + + * configure.in: do not use -R when testing for des functions + +2001-02-14 Assar Westerlund + + * configure.in: test for lber.h when trying to link against + openldap to handle openldap v1, from Sumit Bose + + +2001-02-19 Assar Westerlund + + * lib/asn1/libasn1.h: add string.h (for memset) + +2001-02-15 Assar Westerlund + + * lib/krb5/warn.c (_warnerr): add printf attributes + * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address + returned by getaddrinfo before trying the next kdc. from + thorpej@netbsd.org + + * lib/krb5/krb5.conf.5: fix default_realm in example + + * kdc/connect.c: fix a few kdc_log format types + + * configure.in: try to handle libdes/libcrypto ont requiring -L + +2001-02-10 Assar Westerlund + + * lib/asn1/gen_decode.c (generate_type_decode): zero the data at + the beginning of the generated function, and add a label `fail' + that the code jumps to in case of errors that frees all allocated + data + +2001-02-07 Assar Westerlund + + * configure.in: aix dce: fix misquotes, from Ake Sandgren + + + * configure.in (dpagaix_LDFLAGS): try to add export file + +2001-02-05 Assar Westerlund + + * lib/krb5/krb5_keytab.3: new man page, contributed by + + + * kdc/kaserver.c: update to new db_fetch4 + +2001-02-05 Assar Westerlund + + * Release 0.3e + +2001-01-30 Assar Westerlund + + * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key + properly + (kdb_prop): decrypt key properly + * kdc/hprop.c: handle building with KRB4 always try to decrypt v4 + data with the master key leave it up to the v5 how to encrypt with + that master key + + * kdc/kstash.c: include file name in error messages + * kdc/hprop.c: fix a typo and check some more return values + * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s + correctly. From Jacques Vidrine + * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than + ENOENT + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to + 15:0:0 + * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0 + * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2 + * kdc/misc.c (db_fetch): return an error code. change callers to + look at this and try to print it in log messages + + * lib/krb5/crypto.c (decrypt_internal_derived): check that there's + enough data + +2001-01-29 Assar Westerlund + + * kdc/hprop.c (realm_buf): move it so it becomes properly + conditional on KRB4 + + * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey, + hdb_unseal_keys, hdb_seal_keys): check that we have the correct + master key and that we manage to decrypt the key properly, + returning an error code. fix all callers to check return value. + + * tools/krb5-config.in: use @LIB_des_appl@ + * tools/Makefile.am (krb5-config): add LIB_des_appl + * configure.in (LIB_des): set correctly + (LIB_des_appl): add for the use by krb5-config.in + + * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write} + to make sure of not dropping data when doing it over a socket. + (this might break when used with ordinary files on win32) + + * lib/hdb/hdb_err.et (NO_MKEY): add + + * kdc/kerberos5.c (as_rep): be paranoid and check + krb5_enctype_to_string for failure, noted by + + * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3, + lib/krb5/krb5_auth_context.3: add new man pages, contributed by + + + * use the openssl api for md4/md5/sha and handle openssl/*.h + + * kdc/kaserver.c (do_getticket): check length of ticket. noted by + + +2001-01-28 Assar Westerlund + + * configure.in: send -R instead of -rpath to libtool to set + runtime library paths + + * lib/krb5/Makefile.am: remove all dependencies on libkrb + +2001-01-27 Assar Westerlund + + * appl/rcp: add port of bsd rcp changed to use existing rsh, + contributed by Richard Nyberg + +2001-01-27 Johan Danielsson + + * lib/krb5/get_port.c: don't warn if the port name can't be found, + nobody cares anyway + +2001-01-26 Johan Danielsson + + * kdc/hprop.c: make it possible to convert a v4 dump file without + having any v4 libraries; the kdb backend still require them + + * kdc/v4_dump.c: include shadow definition of kdb Principal, so we + don't have to depend on any v4 libraries + + * kdc/hprop.h: include shadow definition of kdb Principal, so we + don't have to depend on any v4 libraries + + * lib/hdb/print.c: reduce number of memory allocations + + * lib/hdb/mkey.c: add support for reading krb4 /.k files + +2001-01-19 Assar Westerlund + + * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server + for realms document capath better + + * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look + at kpasswd_server before admin_server + + * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in + [libdefaults]capath for better hint of realm to send request to. + this allows the client to specify `realm routing information' in + case it cannot be done at the server (which is preferred) + + * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as + zero when we were expecting a sequence number. MIT krb5 cannot + generate a sequence number of zero, instead generating no sequence + number + * lib/krb5/rd_safe.c (krb5_rd_safe): dito + +2001-01-11 Assar Westerlund + + * kpasswd/kpasswdd.c: add --port option + +2001-01-10 Assar Westerlund + + * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition + just before returning + +2001-01-09 Assar Westerlund + + * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred + +2001-01-05 Johan Danielsson + + * kuser/kinit.c: call a time `time', and not `seconds' + + * lib/krb5/init_creds.c: not much point in setting the anonymous + flag here + + * lib/krb5/krb5_appdefault.3: document appdefault_time + +2001-01-04 Johan Danielsson + + * lib/krb5/verify_user.c: use + krb5_get_init_creds_opt_set_default_flags + + * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags + + * lib/krb5/init_creds.c: new function + krb5_get_init_creds_opt_set_default_flags to set options from + krb5.conf + + * lib/krb5/rd_cred.c: make this match the MIT function + + * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL + def_val + (krb5_appdefault_time): new function + +2001-01-03 Assar Westerlund + + * kdc/hpropd.c (main): handle EOF when reading from stdin -- cgit v1.1