12003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se>
2
3 * Release 0.6
4
52003-05-08 Love H�rnquist �strand <lha@it.su.se>
6
7 * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
8 support
9
10 * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
11 v4 support
12
13 * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
14 support
15
162003-05-06 Johan Danielsson <joda@pdc.kth.se>
17
18 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
19 tests
20
21 * lib/asn1/check-gen.c: there is no \e escape sequence; replace
22 everything with hex-codes, and cast to unsigned char* to make some
23 compilers happy
24
252003-05-06 Love H�rnquist �strand <lha@it.su.se>
26
27 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
28 argument to krb5_us_timeofday have correct type
29
302003-05-05 Assar Westerlund <assar@kth.se>
31
32 * include/make_crypto.c (main): include aes.h if ENABLE_AES
33
342003-05-05 Love H�rnquist �strand <lha@it.su.se>
35
36 * NEWS: 1.108->1.110: fix text about gssapi compat
37
382003-04-28 Love H�rnquist �strand <lha@it.su.se>
39
40 * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
41 from openbsd
42
432003-04-24 Love H�rnquist �strand <lha@it.su.se>
44
45 * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
46 <jmc@prioris.mini.pw.edu.pl>
47
482003-04-22 Love H�rnquist �strand <lha@it.su.se>
49
50 * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
51 via openbsd
52
532003-04-17 Love H�rnquist �strand <lha@it.su.se>
54
55 * lib/asn1/der_copy.c (copy_general_string): use strdup
56 * lib/asn1/der_put.c: remove sprintf
57 * lib/asn1/gen.c: remove strcpy/sprintf
58
59 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
60 that other (me) have such hosts in the local domain and the tests
61 fails, to take hokkigai.pdc.kth.se instead
62
63 * lib/krb5/test_alname.c: add --version and --help
64
652003-04-16 Love H�rnquist �strand <lha@it.su.se>
66
67 * lib/krb5/krb5_warn.3: add krb5_get_err_text
68
69 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
70 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
71 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
72 strlcpy, from openbsd
73 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
74 * appl/kf/kfd.c: use strlcpy, from openbsd
75
762003-04-16 Johan Danielsson <joda@pdc.kth.se>
77
78 * configure.in: fix for large file support in AIX, _LARGE_FILES
79 needs to be defined on the command line, since lex likes to
80 include stdio.h before we get to config.h
81
822003-04-16 Love H�rnquist �strand <lha@it.su.se>
83
84 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
85 from Thomas Klausner <wiz@netbsd.org>
86
87 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
88 <wiz@netbsd.org>
89
902003-04-15 Love H�rnquist �strand <lha@it.su.se>
91
92 * kdc/kerberos5.c: fix some more memory leaks
93
942003-04-11 Love H�rnquist �strand <lha@it.su.se>
95
96 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
97
982003-04-08 Love H�rnquist �strand <lha@it.su.se>
99
100 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
101
1022003-04-06 Love H�rnquist �strand <lha@it.su.se>
103
104 * lib/krb5/krb5.3: s/kerberos/Kerberos/
105 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
106 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
107 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
108 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
109 * kuser/kinit.1: s/kerberos/Kerberos/
110 * kdc/kdc.8: s/kerberos/Kerberos/
111
1122003-04-01 Love H�rnquist �strand <lha@it.su.se>
113
114 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
115
116 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
117 converting too root, make sure user is ok according to
118 krb5_kuserok before allowing it.
119
120 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
121
122 * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
123
124 * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
125 instead of the "illegal" salt #~, same change as kth-krb did
126 1999. Problems occur with crypt() that behaves like AT&T crypt
127 (openssl does this). Pointed out by Marcus Watts.
128
129 * admin/change.c (kt_change): collect all principals we are going
130 to change, and pick the highest kvno and use that to guess what
131 kvno the resulting kvno is going to be. Now two ktutil change in a
132 row works. XXX fix the protocol to pass the kvno back.
133
1342003-03-31 Love H�rnquist �strand <lha@it.su.se>
135
136 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
137
1382003-03-30 Love H�rnquist �strand <lha@it.su.se>
139
140 * doc/setup.texi: add description on how to turn on v4, 524 and
141 kaserver support
142
1432003-03-29 Love H�rnquist �strand <lha@it.su.se>
144
145 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
146 and afs-use-524
147
1482003-03-28 Love H�rnquist �strand <lha@it.su.se>
149
150 * kdc/kerberos5.c (as_rep): when the second enctype_to_string
151 failes, remember to free memory from the first enctype_to_string
152
153 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
154 from Harald Joerg <harald.joerg@fujitsu-siemens.com>
155 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
156
157 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
158 length when key is longer then expected length, its probably
159 longer since the encrypted data was padded, reported by Aidan
160 Cully <aidan@kublai.com>
161
162 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
163 encyption type, inspired by Aidan Cully <aidan@kublai.com>
164
1652003-03-27 Love H�rnquist �strand <lha@it.su.se>
166
167 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
168 (wildcard kvno) after principal when the keytab entry isn't found,
169 reported by Chris Chiappa <chris@chiappa.net>
170
1712003-03-26 Love H�rnquist �strand <lha@it.su.se>
172
173 * doc/misc.texi: update 2b example to match reality (from
174 mattiasa@e.kth.se)
175
176 * doc/misc.texi: spelling and add `Configuring AFS clients'
177 subsection
178
1792003-03-25 Love H�rnquist �strand <lha@it.su.se>
180
181 * lib/krb5/krb5.3: add krb5_free_data_contents.3
182
183 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
184 API
185
186 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
187 with MIT API
188
189 * lib/krb5/krb5_verify_user.3: write more about how the ccache
190 argument should be inited when used
191
1922003-03-25 Johan Danielsson <joda@pdc.kth.se>
193
194 * lib/krb5/addr_families.c (krb5_print_address): make sure
195 print_addr is defined for the given address type; make addrports
196 printable
197
198 * kdc/string2key.c: print the used enctype for kerberos 5 keys
199
2002003-03-25 Love H�rnquist �strand <lha@it.su.se>
201
202 * lib/krb5/aes-test.c: add another arcfour test
203
2042003-03-22 Love H�rnquist �strand <lha@it.su.se>
205
206 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
207
2082003-03-20 Love H�rnquist �strand <lha@it.su.se>
209
210 * lib/krb5/krb5_ccache.3: update .Dd
211
212 * lib/krb5/krb5.3: sort in krb5_data functions
213
214 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
215
216 * lib/krb5/krb5_data.3: document krb5_data
217
218 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
219 prompter is NULL, don't try to ask for a password to
220 change. reported by Iain Moffat @ ufl.edu via Howard Chu
221 <hyc@highlandsun.com>
222
2232003-03-19 Love H�rnquist �strand <lha@it.su.se>
224
225 * lib/krb5/krb5_keytab.3: spelling, from
226 <jmc@prioris.mini.pw.edu.pl>
227
228 * lib/krb5/krb5.conf.5: . means new line
229
230 * lib/krb5/krb5.conf.5: spelling, from
231 <jmc@prioris.mini.pw.edu.pl>
232
233 * lib/krb5/krb5_auth_context.3: spelling, from
234 <jmc@prioris.mini.pw.edu.pl>
235
2362003-03-18 Love H�rnquist �strand <lha@it.su.se>
237
238 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
239
240 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
241
242 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
243
244 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
245 #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
246
247 * kdc/config.c: 524 is independent of kerberos 4, so move out
248 enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
249
2502003-03-17 Assar Westerlund <assar@kth.se>
251
252 * kdc/kdc.8: document --kerberos4-cross-realm
253 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
254 * kdc/kdc_locl.h (enable_v4_cross_realm): add
255 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
256 flag before giving out v4 tickets for foreign v5 principals
257 * kdc/config.c: add --enable-kerberos4-cross-realm option (default
258 to off)
259
2602003-03-17 Love H�rnquist �strand <lha@it.su.se>
261
262 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
263
264 * lib/krb5/krb5_aname_to_localname.3: manpage for
265 krb5_aname_to_localname
266
267 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
268
2692003-03-16 Love H�rnquist �strand <lha@it.su.se>
270
271 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
272
273 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
274
275 * lib/krb5/krb5_set_default_realm.3: Manpage for
276 krb5_free_host_realm, krb5_get_default_realm,
277 krb5_get_default_realms, krb5_get_host_realm, and
278 krb5_set_default_realm.
279
280 * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
281 <sobrado@acm.org> via NetBSD
282
283 * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
284
285 * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
286
287 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
288
289 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
290 types, add krb5_fcc_ops and krb5_mcc_ops
291
292 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
293 a id
294
2952003-03-15 Love H�rnquist �strand <lha@it.su.se>
296
297 * doc/intro.texi: add reference to source code, binaries and the
298 manual
299
300 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
301
3022003-03-14 Love H�rnquist �strand <lha@it.su.se>
303
304 * kdc/kdc.8: better/difrent english
305
306 * kdc/kdc.8: . -> .\n, copyright/license
307
308 * kdc/kdc.8: changed configuration file -> restart kdc
309
310 * kdc/kerberos4.c: add krb4 into the most error messages written
311 to the logfile
312
313 * lib/krb5/krb5_ccache.3: add missing name of argument
314 (krb5_context) to most functions
315
3162003-03-13 Love H�rnquist �strand <lha@it.su.se>
317
318 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
319 function and return FALSE when there isn't a local account for
320 `luser'.
321
322 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
323 describing the function
324
3252003-03-12 Love H�rnquist �strand <lha@it.su.se>
326
327 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
328 returned memory, don't return ENOMEM
329
3302003-03-11 Love H�rnquist �strand <lha@it.su.se>
331
332 * lib/krb5/krb5.3: add krb5_address stuff and sort
333
334 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
335
336 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
337
338 * lib/krb5/krb5_address.3: document types krb5_address and
339 krb5_addresses and their helper functions
340
3412003-03-10 Love H�rnquist �strand <lha@it.su.se>
342
343 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
344
345 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
346
347 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
348
349 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
350
351 * lib/krb5/krb5.3: add more functions
352
353 * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
354 functions
355
356 * lib/krb5/krb5_kuserok.3: document krb5_kuserok
357
358 * lib/krb5/krb5_verify_user.3: document
359 krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
360
361 * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
362 krb5_verify_user_opt
363
364 * lib/krb5/*.[0-9]: add copyright/licenses on more manpages
365
366 * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
367 return NULL
368
369 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
370 (TESTS): add test_cc
371
372 * lib/krb5/test_cc.c: test some
373 krb5_cc_default_name/krb5_cc_set_default_name combinations
374
375 * lib/krb5/context.c (init_context_from_config_file): set
376 default_cc_name to NULL
377 (krb5_free_context): free default_cc_name if set
378
379 * lib/krb5/cache.c (krb5_cc_set_default_name): new function
380 (krb5_cc_default_name): use krb5_cc_set_default_name
381
382 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
383
3842003-02-25 Love H�rnquist �strand <lha@it.su.se>
385
386 * appl/kf/kf.1: s/securly/securely/ from NetBSD
387
3882003-02-18 Love H�rnquist �strand <lha@it.su.se>
389
390 * kdc/connect.c: s/intialize/initialize, from
391 <jmc@prioris.mini.pw.edu.pl>
392
3932003-02-17 Love H�rnquist �strand <lha@it.su.se>
394
395 * configure.in: add AM_MAINTAINER_MODE
396
3972003-02-16 Love H�rnquist �strand <lha@it.su.se>
398
399 * **/*.[0-9]: add copyright/licenses on all manpages
400
4012003-14-16 Jacques Vidrine <nectar@kth.se>
402
403 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
404 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
405 type specified by the KDC.
406
4072003-02-15 Love H�rnquist �strand <lha@it.su.se>
408
409 * fix-export: some autoconf put their version number in
410 autom4te.cache, so remove autom4te*.cache
411
412 * fix-export: make sure $1 is a directory
413
4142003-02-04 Love H�rnquist �strand <lha@it.su.se>
415
416 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
417
418 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
419
4202003-01-31 Love H�rnquist �strand <lha@it.su.se>
421
422 * kdc/hpropd.8: s/databases/a database/ s/Not/not/
423
424 * kdc/hprop.8: add missing .
425
4262003-01-30 Love H�rnquist �strand <lha@it.su.se>
427
428 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
429 address, write out encryption type in sentences, s/Host/host
430
4312003-01-26 Love H�rnquist �strand <lha@it.su.se>
432
433 * lib/asn1/check-gen.c: add checks for Authenticator too
434
4352003-01-25 Love H�rnquist �strand <lha@it.su.se>
436
437 * doc/setup.texi: in the hprop example, use hprop and the first
438 component, not host
439
440 * lib/krb5/get_addrs.c (find_all_addresses): address-less
441 point-to-point might not have an address, just ignore
442 those. Reported by Harald Barth.
443
4442003-01-23 Love H�rnquist �strand <lha@it.su.se>
445
446 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
447 found, don't print out all known keys
448
449 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
450 and facility start resp
451 (check_log): find_value() returns -1 when key isn't found
452
453 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
454 'const void *' to avoid AES_KEY being exposed in krb5-private.h
455
456 * lib/krb5/krb5.conf.5: add [kdc]use_2b
457
458 * kdc/524.c (encode_524_response): its 2b not b2
459
460 * doc/misc.texi: quote @ where missing
461
462 * lib/asn1/Makefile.am: add check-gen
463
464 * lib/asn1/check-gen.c: add Principal check
465
466 * lib/asn1/check-common.h: move generic asn1/der functions from
467 check-der.c to here
468
469 * lib/asn1/check-common.c: move generic asn1/der functions from
470 check-der.c to here
471
472 * lib/asn1/check-der.c: move out the generic asn1/der functions to
473 a common file
474
4752003-01-22 Love H�rnquist �strand <lha@it.su.se>
476
477 * doc/misc.texi: more text about afs, how to get get your KeyFile,
478 and how to start use 2b tokens
479
480 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
481 <jmc@cvs.openbsd.org>
482
4832003-01-21 Jacques Vidrine <nectar@kth.se>
484
485 * kuser/kuser_locl.h: include crypto-headers.h for
486 des_read_pw_string prototype
487
4882003-01-16 Love H�rnquist �strand <lha@it.su.se>
489
490 * admin/ktutil.8: document -v, --verbose
491
492 * admin/get.c (kt_get): make getarg usage consistent with other
493 other parts of ktutil
494
495 * admin/copy.c (kt_copy): remove adding verbose_flag to args
496 struct, since it will overrun the args array (from Sumit Bose)
497
4982003-01-15 Love H�rnquist �strand <lha@it.su.se>
499
500 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
501 ... }
502
503 * lib/krb5/aes-test.c: test vectors in aes-draft
504
505 * lib/krb5/Makefile.am: add aes-test.c
506
507 * lib/krb5/crypto.c: Add support for AES
508 (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
509 (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
510 to support checksumtype that are have a shorter wireformat then
511 their output block size.
512
513 * lib/krb5/crypto.c (struct encryption_type): split the blocksize
514 into blocksize and padsize, padsize is the minimum padding
515 size. they are the same for now
516 (enctype_*): add padsize
517 (encrypt_internal): use padsize
518 (encrypt_internal_derived): use padsize
519 (wrapped_length): use padsize
520 (wrapped_length_dervied): use padsize
521
522 * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
523 function for each enctype in preparation enctypes that uses
524 `Encryption and Checksum Specifications for Kerberos 5' draft
525
526 * lib/asn1/k5.asn1: add checksum and enctype for AES from
527 draft-raeburn-krb-rijndael-krb-02.txt
528
529 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
530 KEYTYPE_AES256
531
5322003-01-14 Love H�rnquist �strand <lha@it.su.se>
533
534 * lib/hdb/common.c (_hdb_fetch): handle error code from
535 hdb_value2entry
536
537 * kdc/Makefile.am: always include kerberos4.c and 524.c in
538 kdc_SOURCES to support 524
539
540 * kdc/524.c: always compile in support for 524
541
542 * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
543
544 * kdc/config.c: always compile in support for 524
545
546 * kdc/connect.c: always compile in support for 524
547
548 * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
549 even when we build without kerberos 4, 524 needs them
550
551 * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
552 Kerberos 4 help functions/structures so other parts of the source
553 tree can use it (like the KDC)
554
2
3 * Release 0.6
4
52003-05-08 Love H�rnquist �strand <lha@it.su.se>
6
7 * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
8 support
9
10 * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
11 v4 support
12
13 * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
14 support
15
162003-05-06 Johan Danielsson <joda@pdc.kth.se>
17
18 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
19 tests
20
21 * lib/asn1/check-gen.c: there is no \e escape sequence; replace
22 everything with hex-codes, and cast to unsigned char* to make some
23 compilers happy
24
252003-05-06 Love H�rnquist �strand <lha@it.su.se>
26
27 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
28 argument to krb5_us_timeofday have correct type
29
302003-05-05 Assar Westerlund <assar@kth.se>
31
32 * include/make_crypto.c (main): include aes.h if ENABLE_AES
33
342003-05-05 Love H�rnquist �strand <lha@it.su.se>
35
36 * NEWS: 1.108->1.110: fix text about gssapi compat
37
382003-04-28 Love H�rnquist �strand <lha@it.su.se>
39
40 * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
41 from openbsd
42
432003-04-24 Love H�rnquist �strand <lha@it.su.se>
44
45 * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
46 <jmc@prioris.mini.pw.edu.pl>
47
482003-04-22 Love H�rnquist �strand <lha@it.su.se>
49
50 * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
51 via openbsd
52
532003-04-17 Love H�rnquist �strand <lha@it.su.se>
54
55 * lib/asn1/der_copy.c (copy_general_string): use strdup
56 * lib/asn1/der_put.c: remove sprintf
57 * lib/asn1/gen.c: remove strcpy/sprintf
58
59 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
60 that other (me) have such hosts in the local domain and the tests
61 fails, to take hokkigai.pdc.kth.se instead
62
63 * lib/krb5/test_alname.c: add --version and --help
64
652003-04-16 Love H�rnquist �strand <lha@it.su.se>
66
67 * lib/krb5/krb5_warn.3: add krb5_get_err_text
68
69 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
70 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
71 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
72 strlcpy, from openbsd
73 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
74 * appl/kf/kfd.c: use strlcpy, from openbsd
75
762003-04-16 Johan Danielsson <joda@pdc.kth.se>
77
78 * configure.in: fix for large file support in AIX, _LARGE_FILES
79 needs to be defined on the command line, since lex likes to
80 include stdio.h before we get to config.h
81
822003-04-16 Love H�rnquist �strand <lha@it.su.se>
83
84 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
85 from Thomas Klausner <wiz@netbsd.org>
86
87 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
88 <wiz@netbsd.org>
89
902003-04-15 Love H�rnquist �strand <lha@it.su.se>
91
92 * kdc/kerberos5.c: fix some more memory leaks
93
942003-04-11 Love H�rnquist �strand <lha@it.su.se>
95
96 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
97
982003-04-08 Love H�rnquist �strand <lha@it.su.se>
99
100 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
101
1022003-04-06 Love H�rnquist �strand <lha@it.su.se>
103
104 * lib/krb5/krb5.3: s/kerberos/Kerberos/
105 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
106 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
107 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
108 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
109 * kuser/kinit.1: s/kerberos/Kerberos/
110 * kdc/kdc.8: s/kerberos/Kerberos/
111
1122003-04-01 Love H�rnquist �strand <lha@it.su.se>
113
114 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
115
116 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
117 converting too root, make sure user is ok according to
118 krb5_kuserok before allowing it.
119
120 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
121
122 * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
123
124 * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
125 instead of the "illegal" salt #~, same change as kth-krb did
126 1999. Problems occur with crypt() that behaves like AT&T crypt
127 (openssl does this). Pointed out by Marcus Watts.
128
129 * admin/change.c (kt_change): collect all principals we are going
130 to change, and pick the highest kvno and use that to guess what
131 kvno the resulting kvno is going to be. Now two ktutil change in a
132 row works. XXX fix the protocol to pass the kvno back.
133
1342003-03-31 Love H�rnquist �strand <lha@it.su.se>
135
136 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
137
1382003-03-30 Love H�rnquist �strand <lha@it.su.se>
139
140 * doc/setup.texi: add description on how to turn on v4, 524 and
141 kaserver support
142
1432003-03-29 Love H�rnquist �strand <lha@it.su.se>
144
145 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
146 and afs-use-524
147
1482003-03-28 Love H�rnquist �strand <lha@it.su.se>
149
150 * kdc/kerberos5.c (as_rep): when the second enctype_to_string
151 failes, remember to free memory from the first enctype_to_string
152
153 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
154 from Harald Joerg <harald.joerg@fujitsu-siemens.com>
155 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
156
157 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
158 length when key is longer then expected length, its probably
159 longer since the encrypted data was padded, reported by Aidan
160 Cully <aidan@kublai.com>
161
162 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
163 encyption type, inspired by Aidan Cully <aidan@kublai.com>
164
1652003-03-27 Love H�rnquist �strand <lha@it.su.se>
166
167 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
168 (wildcard kvno) after principal when the keytab entry isn't found,
169 reported by Chris Chiappa <chris@chiappa.net>
170
1712003-03-26 Love H�rnquist �strand <lha@it.su.se>
172
173 * doc/misc.texi: update 2b example to match reality (from
174 mattiasa@e.kth.se)
175
176 * doc/misc.texi: spelling and add `Configuring AFS clients'
177 subsection
178
1792003-03-25 Love H�rnquist �strand <lha@it.su.se>
180
181 * lib/krb5/krb5.3: add krb5_free_data_contents.3
182
183 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
184 API
185
186 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
187 with MIT API
188
189 * lib/krb5/krb5_verify_user.3: write more about how the ccache
190 argument should be inited when used
191
1922003-03-25 Johan Danielsson <joda@pdc.kth.se>
193
194 * lib/krb5/addr_families.c (krb5_print_address): make sure
195 print_addr is defined for the given address type; make addrports
196 printable
197
198 * kdc/string2key.c: print the used enctype for kerberos 5 keys
199
2002003-03-25 Love H�rnquist �strand <lha@it.su.se>
201
202 * lib/krb5/aes-test.c: add another arcfour test
203
2042003-03-22 Love H�rnquist �strand <lha@it.su.se>
205
206 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
207
2082003-03-20 Love H�rnquist �strand <lha@it.su.se>
209
210 * lib/krb5/krb5_ccache.3: update .Dd
211
212 * lib/krb5/krb5.3: sort in krb5_data functions
213
214 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
215
216 * lib/krb5/krb5_data.3: document krb5_data
217
218 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
219 prompter is NULL, don't try to ask for a password to
220 change. reported by Iain Moffat @ ufl.edu via Howard Chu
221 <hyc@highlandsun.com>
222
2232003-03-19 Love H�rnquist �strand <lha@it.su.se>
224
225 * lib/krb5/krb5_keytab.3: spelling, from
226 <jmc@prioris.mini.pw.edu.pl>
227
228 * lib/krb5/krb5.conf.5: . means new line
229
230 * lib/krb5/krb5.conf.5: spelling, from
231 <jmc@prioris.mini.pw.edu.pl>
232
233 * lib/krb5/krb5_auth_context.3: spelling, from
234 <jmc@prioris.mini.pw.edu.pl>
235
2362003-03-18 Love H�rnquist �strand <lha@it.su.se>
237
238 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
239
240 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
241
242 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
243
244 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
245 #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
246
247 * kdc/config.c: 524 is independent of kerberos 4, so move out
248 enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
249
2502003-03-17 Assar Westerlund <assar@kth.se>
251
252 * kdc/kdc.8: document --kerberos4-cross-realm
253 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
254 * kdc/kdc_locl.h (enable_v4_cross_realm): add
255 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
256 flag before giving out v4 tickets for foreign v5 principals
257 * kdc/config.c: add --enable-kerberos4-cross-realm option (default
258 to off)
259
2602003-03-17 Love H�rnquist �strand <lha@it.su.se>
261
262 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
263
264 * lib/krb5/krb5_aname_to_localname.3: manpage for
265 krb5_aname_to_localname
266
267 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
268
2692003-03-16 Love H�rnquist �strand <lha@it.su.se>
270
271 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
272
273 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
274
275 * lib/krb5/krb5_set_default_realm.3: Manpage for
276 krb5_free_host_realm, krb5_get_default_realm,
277 krb5_get_default_realms, krb5_get_host_realm, and
278 krb5_set_default_realm.
279
280 * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
281 <sobrado@acm.org> via NetBSD
282
283 * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
284
285 * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
286
287 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
288
289 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
290 types, add krb5_fcc_ops and krb5_mcc_ops
291
292 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
293 a id
294
2952003-03-15 Love H�rnquist �strand <lha@it.su.se>
296
297 * doc/intro.texi: add reference to source code, binaries and the
298 manual
299
300 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
301
3022003-03-14 Love H�rnquist �strand <lha@it.su.se>
303
304 * kdc/kdc.8: better/difrent english
305
306 * kdc/kdc.8: . -> .\n, copyright/license
307
308 * kdc/kdc.8: changed configuration file -> restart kdc
309
310 * kdc/kerberos4.c: add krb4 into the most error messages written
311 to the logfile
312
313 * lib/krb5/krb5_ccache.3: add missing name of argument
314 (krb5_context) to most functions
315
3162003-03-13 Love H�rnquist �strand <lha@it.su.se>
317
318 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
319 function and return FALSE when there isn't a local account for
320 `luser'.
321
322 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
323 describing the function
324
3252003-03-12 Love H�rnquist �strand <lha@it.su.se>
326
327 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
328 returned memory, don't return ENOMEM
329
3302003-03-11 Love H�rnquist �strand <lha@it.su.se>
331
332 * lib/krb5/krb5.3: add krb5_address stuff and sort
333
334 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
335
336 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
337
338 * lib/krb5/krb5_address.3: document types krb5_address and
339 krb5_addresses and their helper functions
340
3412003-03-10 Love H�rnquist �strand <lha@it.su.se>
342
343 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
344
345 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
346
347 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
348
349 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
350
351 * lib/krb5/krb5.3: add more functions
352
353 * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
354 functions
355
356 * lib/krb5/krb5_kuserok.3: document krb5_kuserok
357
358 * lib/krb5/krb5_verify_user.3: document
359 krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
360
361 * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
362 krb5_verify_user_opt
363
364 * lib/krb5/*.[0-9]: add copyright/licenses on more manpages
365
366 * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
367 return NULL
368
369 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
370 (TESTS): add test_cc
371
372 * lib/krb5/test_cc.c: test some
373 krb5_cc_default_name/krb5_cc_set_default_name combinations
374
375 * lib/krb5/context.c (init_context_from_config_file): set
376 default_cc_name to NULL
377 (krb5_free_context): free default_cc_name if set
378
379 * lib/krb5/cache.c (krb5_cc_set_default_name): new function
380 (krb5_cc_default_name): use krb5_cc_set_default_name
381
382 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
383
3842003-02-25 Love H�rnquist �strand <lha@it.su.se>
385
386 * appl/kf/kf.1: s/securly/securely/ from NetBSD
387
3882003-02-18 Love H�rnquist �strand <lha@it.su.se>
389
390 * kdc/connect.c: s/intialize/initialize, from
391 <jmc@prioris.mini.pw.edu.pl>
392
3932003-02-17 Love H�rnquist �strand <lha@it.su.se>
394
395 * configure.in: add AM_MAINTAINER_MODE
396
3972003-02-16 Love H�rnquist �strand <lha@it.su.se>
398
399 * **/*.[0-9]: add copyright/licenses on all manpages
400
4012003-14-16 Jacques Vidrine <nectar@kth.se>
402
403 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
404 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
405 type specified by the KDC.
406
4072003-02-15 Love H�rnquist �strand <lha@it.su.se>
408
409 * fix-export: some autoconf put their version number in
410 autom4te.cache, so remove autom4te*.cache
411
412 * fix-export: make sure $1 is a directory
413
4142003-02-04 Love H�rnquist �strand <lha@it.su.se>
415
416 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
417
418 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
419
4202003-01-31 Love H�rnquist �strand <lha@it.su.se>
421
422 * kdc/hpropd.8: s/databases/a database/ s/Not/not/
423
424 * kdc/hprop.8: add missing .
425
4262003-01-30 Love H�rnquist �strand <lha@it.su.se>
427
428 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
429 address, write out encryption type in sentences, s/Host/host
430
4312003-01-26 Love H�rnquist �strand <lha@it.su.se>
432
433 * lib/asn1/check-gen.c: add checks for Authenticator too
434
4352003-01-25 Love H�rnquist �strand <lha@it.su.se>
436
437 * doc/setup.texi: in the hprop example, use hprop and the first
438 component, not host
439
440 * lib/krb5/get_addrs.c (find_all_addresses): address-less
441 point-to-point might not have an address, just ignore
442 those. Reported by Harald Barth.
443
4442003-01-23 Love H�rnquist �strand <lha@it.su.se>
445
446 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
447 found, don't print out all known keys
448
449 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
450 and facility start resp
451 (check_log): find_value() returns -1 when key isn't found
452
453 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
454 'const void *' to avoid AES_KEY being exposed in krb5-private.h
455
456 * lib/krb5/krb5.conf.5: add [kdc]use_2b
457
458 * kdc/524.c (encode_524_response): its 2b not b2
459
460 * doc/misc.texi: quote @ where missing
461
462 * lib/asn1/Makefile.am: add check-gen
463
464 * lib/asn1/check-gen.c: add Principal check
465
466 * lib/asn1/check-common.h: move generic asn1/der functions from
467 check-der.c to here
468
469 * lib/asn1/check-common.c: move generic asn1/der functions from
470 check-der.c to here
471
472 * lib/asn1/check-der.c: move out the generic asn1/der functions to
473 a common file
474
4752003-01-22 Love H�rnquist �strand <lha@it.su.se>
476
477 * doc/misc.texi: more text about afs, how to get get your KeyFile,
478 and how to start use 2b tokens
479
480 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
481 <jmc@cvs.openbsd.org>
482
4832003-01-21 Jacques Vidrine <nectar@kth.se>
484
485 * kuser/kuser_locl.h: include crypto-headers.h for
486 des_read_pw_string prototype
487
4882003-01-16 Love H�rnquist �strand <lha@it.su.se>
489
490 * admin/ktutil.8: document -v, --verbose
491
492 * admin/get.c (kt_get): make getarg usage consistent with other
493 other parts of ktutil
494
495 * admin/copy.c (kt_copy): remove adding verbose_flag to args
496 struct, since it will overrun the args array (from Sumit Bose)
497
4982003-01-15 Love H�rnquist �strand <lha@it.su.se>
499
500 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
501 ... }
502
503 * lib/krb5/aes-test.c: test vectors in aes-draft
504
505 * lib/krb5/Makefile.am: add aes-test.c
506
507 * lib/krb5/crypto.c: Add support for AES
508 (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
509 (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
510 to support checksumtype that are have a shorter wireformat then
511 their output block size.
512
513 * lib/krb5/crypto.c (struct encryption_type): split the blocksize
514 into blocksize and padsize, padsize is the minimum padding
515 size. they are the same for now
516 (enctype_*): add padsize
517 (encrypt_internal): use padsize
518 (encrypt_internal_derived): use padsize
519 (wrapped_length): use padsize
520 (wrapped_length_dervied): use padsize
521
522 * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
523 function for each enctype in preparation enctypes that uses
524 `Encryption and Checksum Specifications for Kerberos 5' draft
525
526 * lib/asn1/k5.asn1: add checksum and enctype for AES from
527 draft-raeburn-krb-rijndael-krb-02.txt
528
529 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
530 KEYTYPE_AES256
531
5322003-01-14 Love H�rnquist �strand <lha@it.su.se>
533
534 * lib/hdb/common.c (_hdb_fetch): handle error code from
535 hdb_value2entry
536
537 * kdc/Makefile.am: always include kerberos4.c and 524.c in
538 kdc_SOURCES to support 524
539
540 * kdc/524.c: always compile in support for 524
541
542 * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
543
544 * kdc/config.c: always compile in support for 524
545
546 * kdc/connect.c: always compile in support for 524
547
548 * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
549 even when we build without kerberos 4, 524 needs them
550
551 * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
552 Kerberos 4 help functions/structures so other parts of the source
553 tree can use it (like the KDC)
554