12000-02-14 Assar Westerlund <assar@sics.se>
2
3 * Release 0.2o
4
52000-02-13 Assar Westerlund <assar@sics.se>
6
7 * lib/krb5/Makefile.am: set version to 9:0:0
8
9 * kdc/kaserver.c (do_authenticate): return the kvno of the server
10 and not the client. Thanks to Brandon S. Allbery KF8NH
11 <allbery@kf8nh.apk.net> and Chaskiel M Grundman
12 <cg2v@andrew.cmu.edu> for debugging.
13
14 * kdc/kerberos4.c (do_version4): if an tgs-req is received with an
15 old kvno, return an error reply and write a message in the log.
16
172000-02-12 Assar Westerlund <assar@sics.se>
18
19 * appl/test/gssapi_server.c (proto): with `--fork', create a child
20 and send over/receive creds with export/import_sec_context
21 * appl/test/gssapi_client.c (proto): with `--fork', create a child
22 and send over/receive creds with export/import_sec_context
23 * appl/test/common.c: add `--fork' / `-f' (only used by gssapi)
24
252000-02-11 Assar Westerlund <assar@sics.se>
26
27 * kdc/kdc_locl.h: remove keyfile add explicit_addresses
28 * kdc/connect.c (init_sockets): pay attention to
29 explicit_addresses some more comments. better error messages.
30 * kdc/config.c: add some comments.
31 remove --key-file.
32 add --addresses.
33
34 * lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
35 proper abstraction
36
372000-02-07 Johan Danielsson <joda@pdc.kth.se>
38
39 * lib/krb5/changepw.c: use roken_getaddrinfo_hostspec
40
412000-02-07 Assar Westerlund <assar@sics.se>
42
43 * Release 0.2n
44
452000-02-07 Assar Westerlund <assar@sics.se>
46
47 * lib/krb5/Makefile.am: set version to 8:0:0
48 * lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy
49 (krb5_kt_add_entry): set timestamp
50
512000-02-06 Assar Westerlund <assar@sics.se>
52
53 * lib/krb5/krb5.h: add macros for accessing krb5_realm
54 * lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead
55 of `int32_t'
56
57 * lib/krb5/replay.c (checksum_authenticator): update to new API
58 for md5
59
60 * lib/krb5/krb5.h: remove des.h, it's not needed and applications
61 should not have to make sure to find it.
62
632000-02-03 Assar Westerlund <assar@sics.se>
64
65 * lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to
66 `out_key' to avoid conflicting with label. reported by Sean Doran
67 <smd@ebone.net>
68
692000-02-02 Assar Westerlund <assar@sics.se>
70
71 * lib/krb5/expand_hostname.c: remember to lower-case host names.
72 bug reported by <amu@mit.edu>
73
74 * kdc/kerberos4.c (do_version4): look at check_ticket_addresses
75 and emulate that by setting krb_ignore_ip_address (not a great
76 interface but it doesn't seem like the time to go around fixing
77 libkrb stuff now)
78
792000-02-01 Johan Danielsson <joda@pdc.kth.se>
80
81 * kuser/kinit.c: change --noaddresses into --no-addresses
82
832000-01-28 Assar Westerlund <assar@sics.se>
84
85 * kpasswd/kpasswd.c (main): make sure the ticket is not
86 forwardable and not proxiable
87
882000-01-26 Assar Westerlund <assar@sics.se>
89
90 * lib/krb5/crypto.c: update to pseudo-standard APIs for
91 md4,md5,sha. some changes to libdes calls to make them more
92 portable.
93
942000-01-21 Assar Westerlund <assar@sics.se>
95
96 * lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to
97 clean up the correct creds.
98
992000-01-16 Assar Westerlund <assar@sics.se>
100
101 * lib/krb5/principal.c (append_component): change parameter to
102 `const char *'. check malloc
103 * lib/krb5/principal.c (append_component, va_ext_princ, va_princ):
104 const-ize
105 * lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname'
106 const
107 * lib/krb5/principal.c (replace_chars): also add space here
108 * lib/krb5/principal.c: (quotable_chars): add space
109
1102000-01-12 Assar Westerlund <assar@sics.se>
111
112 * kdc/kerberos4.c (do_version4): check if preauth was required and
113 bail-out if so since there's no way that could be done in v4.
114 Return NULL_KEY as an error to the client (which is non-obvious,
115 but what can you do?)
116
1172000-01-09 Assar Westerlund <assar@sics.se>
118
119 * lib/krb5/principal.c (krb5_sname_to_principal): use
120 krb5_expand_hostname_realms
121 * lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms
122 * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new
123 variant of krb5_expand_hostname that tries until it expands into
124 something that's digestable by krb5_get_host_realm, returning also
125 the result from that function.
126
1272000-01-08 Assar Westerlund <assar@sics.se>
128
129 * Release 0.2m
130
1312000-01-08 Assar Westerlund <assar@sics.se>
132
133 * configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN
134
135 * lib/krb5/Makefile.am: bump version to 7:1:0
136
137 * lib/krb5/principal.c (krb5_sname_to_principal): use
138 krb5_expand_hostname
139 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
140 ai_canonname being set in any of the addresses returnedby
141 getaddrinfo. glibc apparently returns the reverse lookup of every
142 address in ai_canonname.
143
1442000-01-06 Assar Westerlund <assar@sics.se>
145
146 * Release 0.2l
147
1482000-01-06 Assar Westerlund <assar@sics.se>
149
150 * lib/krb5/Makefile.am: set version to 7:0:0
151 * lib/krb5/principal.c (krb5_sname_to_principal): remove `hp'
152
153 * lib/hdb/Makefile.am: set version to 4:1:1
154
155 * kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms'
156 * lib/krb5/get_in_tkt.c (add_padata): change types to make
157 everything work out
158 (krb5_get_in_cred): remove const to make types match
159 * lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature
160 * lib/krb5/principal.c (krb5_sname_to_principal): handle not
161 getting back a canonname
162
1632000-01-06 Assar Westerlund <assar@sics.se>
164
165 * Release 0.2k
166
1672000-01-06 Assar Westerlund <assar@sics.se>
168
169 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that
170 we actually parse the port number. based on a patch from Leif
171 Johansson <leifj@it.su.se>
172
1732000-01-02 Assar Westerlund <assar@sics.se>
174
175 * admin/purge.c: remove all non-current and old entries from a
176 keytab
177
178 * admin: break up ktutil.c into files
179
180 * admin/ktutil.c (list): support --verbose (also listning time
181 stamps)
182 (kt_add, kt_get): set timestamp in newly created entries
183 (kt_change): add `change' command
184
185 * admin/srvconvert.c (srvconv): set timestamp in newly created
186 entries
187 * lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp,
188 always go the a predicatble position on error
189 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp
190 * lib/krb5/keytab_file.c (fkt_add_entry): store timestamp
191 (fkt_next_entry_int): return timestamp
192 * lib/krb5/krb5.h (krb5_keytab_entry): add timestamp
193
1941999-12-30 Assar Westerlund <assar@sics.se>
195
196 * configure.in (krb4): use `-ldes' in tests
197
1981999-12-26 Assar Westerlund <assar@sics.se>
199
200 * lib/hdb/print.c (event2string): handle events without principal.
201 From Luke Howard <lukeh@PADL.COM>
202
2031999-12-25 Assar Westerlund <assar@sics.se>
204
205 * Release 0.2j
206
207Tue Dec 21 18:03:17 1999 Assar Westerlund <assar@sics.se>
208
209 * lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
210 related systems
211
212 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
213 related systems
214
215 * include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and
216 related systems
217
2181999-12-20 Assar Westerlund <assar@sics.se>
219
220 * Release 0.2i
221
2221999-12-20 Assar Westerlund <assar@sics.se>
223
224 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1
225
226 * lib/krb5/send_to_kdc.c (send_via_proxy): free data
227 * lib/krb5/send_to_kdc.c (send_via_proxy): new function use
228 getaddrinfo instead of gethostbyname{,2}
229 * lib/krb5/get_for_creds.c: use getaddrinfo instead of
230 getnodebyname{,2}
231
2321999-12-17 Assar Westerlund <assar@sics.se>
233
234 * Release 0.2h
235
2361999-12-17 Assar Westerlund <assar@sics.se>
237
238 * Release 0.2g
239
2401999-12-16 Assar Westerlund <assar@sics.se>
241
242 * lib/krb5/Makefile.am: bump version to 6:2:1
243
244 * lib/krb5/principal.c (krb5_sname_to_principal): handle
245 ai_canonname not being set
246 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
247 ai_canonname not being set
248
249 * appl/test/uu_server.c: print messages to stderr
250 * appl/test/tcp_server.c: print messages to stderr
251 * appl/test/nt_gss_server.c: print messages to stderr
252 * appl/test/gssapi_server.c: print messages to stderr
253
254 * appl/test/tcp_client.c (proto): remove shadowing `context'
255 * appl/test/common.c (client_doit): add forgotten ntohs
256
2571999-12-13 Assar Westerlund <assar@sics.se>
258
259 * configure.in (VERISON): bump to 0.2g-pre
260
2611999-12-12 Assar Westerlund <assar@sics.se>
262
263 * lib/krb5/principal.c (krb5_425_conv_principal_ext): be more
264 robust and handle extra dot at the beginning of default_domain
265
2661999-12-12 Assar Westerlund <assar@sics.se>
267
268 * Release 0.2f
269
2701999-12-12 Assar Westerlund <assar@sics.se>
271
272 * lib/krb5/Makefile.am: bump version to 6:1:1
273
274 * lib/krb5/changepw.c (get_kdc_address): use
275 `krb5_get_krb_changepw_hst'
276
277 * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add
278
279 * lib/krb5/get_host_realm.c: add support for _kerberos.domain
280 (according to draft-ietf-cat-krb-dns-locate-01.txt)
281
2821999-12-06 Assar Westerlund <assar@sics.se>
283
284 * Release 0.2e
285
2861999-12-06 Assar Westerlund <assar@sics.se>
287
288 * lib/krb5/changepw.c (krb5_change_password): use the correct
289 address
290
291 * lib/krb5/Makefile.am: bump version to 6:0:1
292
293 * lib/asn1/Makefile.am: bump version to 1:4:0
294
2951999-12-04 Assar Westerlund <assar@sics.se>
296
297 * configure.in: move AC_KRB_IPv6 to make sure it's performed
298 before AC_BROKEN
299 (el_init): use new feature of AC_FIND_FUNC_NO_LIBS
300
301 * appl/test/uu_client.c: use client_doit
302 * appl/test/test_locl.h (client_doit): add prototype
303 * appl/test/tcp_client.c: use client_doit
304 * appl/test/nt_gss_client.c: use client_doit
305 * appl/test/gssapi_client.c: use client_doit
306 * appl/test/common.c (client_doit): move identical code here and
307 start using getaddrinfo
308
309 * appl/kf/kf.c (doit): rewrite to use getaddrinfo
310 * kdc/hprop.c: re-write to use getaddrinfo
311 * lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo
312 * lib/krb5/expand_hostname.c (krb5_expand_hostname): use
313 getaddrinfo
314 * lib/krb5/changepw.c: re-write to use getaddrinfo
315 * lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo
316
3171999-12-03 Assar Westerlund <assar@sics.se>
318
319 * configure.in (BROKEN): check for freeaddrinfo, getaddrinfo,
320 getnameinfo, gai_strerror
321 (socklen_t): check for
322
3231999-12-02 Johan Danielsson <joda@pdc.kth.se>
324
325 * lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key
326
3271999-11-23 Assar Westerlund <assar@sics.se>
328
329 * lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes
330 within unicode characters. this should probably be done in some
331 arbitrarly complex way to do it properly and you would have to
332 know what character encoding was used for the password and salt
333 string.
334
335 * lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0
336 (INADDR_ANY)
337 (ipv6_uninteresting): remove unused macro
338
3391999-11-22 Johan Danielsson <joda@pdc.kth.se>
340
341 * lib/krb5/krb5.h: rc4->arcfour
342
343 * lib/krb5/crypto.c: rc4->arcfour
344
3451999-11-17 Assar Westerlund <assar@sics.se>
346
347 * lib/krb5/krb5_locl.h: add <rc4.h>
348 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4
349 * lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might
350 not be totally different from some small company up in the
351 north-west corner of the US
352
353 * lib/krb5/get_addrs.c (find_all_addresses): change code to
354 actually increment buf_size
355
3561999-11-14 Assar Westerlund <assar@sics.se>
357
358 * lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces'
359 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces
360 scanning optional
361 * lib/krb5/context.c (init_context_from_config_file): set
362 `scan_interfaces'
363
364 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c
365 * lib/krb5/add_et_list.c (krb5_add_et_list): new function
366
3671999-11-12 Assar Westerlund <assar@sics.se>
368
369 * lib/krb5/get_default_realm.c (krb5_get_default_realm,
370 krb5_get_default_realms): set realms if they were unset
371 * lib/krb5/context.c (init_context_from_config_file): don't
372 initialize default realms here. it's done lazily instead.
373
374 * lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned
375 * lib/asn1/gen_glue.c (generate_2int, generate_units): make sure
376 bit constants are unsigned
377 * lib/asn1/gen.c (define_type): make length in sequences be
378 unsigned.
379
380 * configure.in: remove duplicate test for setsockopt test for
381 struct tm.tm_isdst
382
383 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate
384 preauthentication information if we get back ERR_PREAUTH_REQUIRED
385 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove
386 preauthentication generation code. it's now in krb5_get_in_cred
387
388 * configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct
389 tm.tm_gmtoff and timezone
390
3911999-11-11 Johan Danielsson <joda@pdc.kth.se>
392
393 * kdc/main.c: make this work with multi-db
394
395 * kdc/kdc_locl.h: make this work with multi-db
396
397 * kdc/config.c: make this work with multi-db
398
3991999-11-09 Johan Danielsson <joda@pdc.kth.se>
400
401 * kdc/misc.c: update for multi-database code
402
403 * kdc/main.c: update for multi-database code
404
405 * kdc/kdc_locl.h: update
406
407 * kdc/config.c: allow us to have more than one database
408
4091999-11-04 Assar Westerlund <assar@sics.se>
410
411 * Release 0.2d
412
413 * lib/krb5/Makefile.am: bump version to 5:0:0 to be safe
414 (krb5_context_data has changed and some code do (might) access
415 fields directly)
416
417 * lib/krb5/krb5.h (krb5_context_data): add `etypes_des'
418
419 * lib/krb5/get_cred.c (init_tgs_req): use
420 krb5_keytype_to_enctypes_default
421
422 * lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new
423 function
424
425 * lib/krb5/context.c (set_etypes): new function
426 (init_context_from_config_file): set both `etypes' and `etypes_des'
427
4281999-11-02 Assar Westerlund <assar@sics.se>
429
430 * configure.in (VERSION): bump to 0.2d-pre
431
4321999-10-29 Assar Westerlund <assar@sics.se>
433
434 * lib/krb5/principal.c (krb5_parse_name): check memory allocations
435
4361999-10-28 Assar Westerlund <assar@sics.se>
437
438 * Release 0.2c
439
440 * lib/krb5/dump_config.c (print_tree): check for empty tree
441
442 * lib/krb5/string-to-key-test.c (tests): update the test cases
443 with empty principals so that they actually use an empty realm and
444 not the default. use the correct etype for 3DES
445
446 * lib/krb5/Makefile.am: bump version to 4:1:0
447
448 * kdc/config.c (configure): more careful with the port string
449
4501999-10-26 Assar Westerlund <assar@sics.se>
451
452 * Release 0.2b
453
4541999-10-20 Assar Westerlund <assar@sics.se>
455
456 * lib/krb5/Makefile.am: bump version to 4:0:0
457 (krb524_convert_creds_kdc and potentially some other functions
458 have changed prototypes)
459
460 * lib/hdb/Makefile.am: bump version to 4:0:1
461
462 * lib/asn1/Makefile.am: bump version to 1:3:0
463
464 * configure.in (LIB_roken): add dbopen. getcap in roken
465 references dbopen and with shared libraries we need to add this
466 dependency.
467
468 * lib/krb5/verify_krb5_conf.c (main): support speicifying the
469 configuration file to test on the command line
470
471 * lib/krb5/config_file.c (parse_binding): handle line with no
472 whitespace before =
473 (krb5_config_parse_file_debug): set lineno earlier so that we don't
474 use it unitialized
475
476 * configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need
477 more include files for these tests
478
479 * lib/krb5/set_default_realm.c (krb5_set_default_realm): use
480 krb5_config_get_strings, which means that your configuration file
481 should look like:
482
483 [libdefaults]
484 default_realm = realm1 realm2 realm3
485
486 * lib/krb5/set_default_realm.c (config_binding_to_list): fix
487 copy-o. From Michal Vocu <michal@karlin.mff.cuni.cz>
488
489 * kdc/config.c (configure): add a missing strdup. From Michal
490 Vocu <michal@karlin.mff.cuni.cz>
491
4921999-10-17 Assar Westerlund <assar@sics.se>
493
494 * Release 0.2a
495
496 * configure.in: only test for db.h with using berkeley_db. remember
497 to link with LIB_tgetent when checking for el_init. add xnlock
498
499 * appl/Makefile.am: add xnlock
500
501 * kdc/kerberos5.c (find_etype): support null keys
502
503 * kdc/kerberos4.c (get_des_key): support null keys
504
505 * lib/krb5/crypto.c (krb5_get_wrapped_length): more correct
506 calculation
507
5081999-10-16 Johan Danielsson <joda@pdc.kth.se>
509
510 * kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc
511
5121999-10-12 Johan Danielsson <joda@pdc.kth.se>
513
514 * lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning
515
5161999-10-10 Assar Westerlund <assar@sics.se>
517
518 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm
519
520 * lib/krb5/krb5.h (krb5_ccache_data): make `ops' const
521
522 * lib/krb5/crypto.c (krb5_string_to_salttype): new function
523
524 * **/*.[ch]: const-ize
525
5261999-10-06 Assar Westerlund <assar@sics.se>
527
528 * lib/krb5/creds.c (krb5_compare_creds): const-ify
529
530 * lib/krb5/cache.c: clean-up and comment-up
531
532 * lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the
533 strings
534
535 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the
536 correct realm part
537
538 * kdc/connect.c (handle_tcp): things work much better when ret is
539 initialized
540
5411999-10-03 Assar Westerlund <assar@sics.se>
542
543 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the
544 type of the session key
545
546 * lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell
547 correctly
548
549 * lib/krb5/creds.c (krb5_compare_creds): fix spelling of
550 krb5_enctypes_compatible_keys
551
552 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new
553 credentials from the KDC if the existing one doesn't have a DES
554 session key.
555
556 * lib/45/get_ad_tkt.c (get_ad_tkt): update to new
557 krb524_convert_creds_kdc
558
5591999-10-03 Johan Danielsson <joda@pdc.kth.se>
560
561 * lib/krb5/keytab_keyfile.c: make krb5_akf_ops const
562
563 * lib/krb5/keytab_memory.c: make krb5_mkt_ops const
564
565 * lib/krb5/keytab_file.c: make krb5_fkt_ops const
566
5671999-10-01 Assar Westerlund <assar@sics.se>
568
569 * lib/krb5/config_file.c: rewritten to allow error messages
570
571 * lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf
572 (libkrb5_la_SOURCES): add config_file_netinfo.c
573
574 * lib/krb5/verify_krb5_conf.c: new program for verifying that
575 krb5.conf is corret
576
577 * lib/krb5/config_file_netinfo.c: moved netinfo code here from
578 config_file.c
579
5801999-09-28 Assar Westerlund <assar@sics.se>
581
582 * kdc/hpropd.c (dump_krb4): kludge default_realm
583
584 * lib/asn1/check-der.c: add test cases for Generalized time and
585 make sure we return the correct value
586
587 * lib/asn1/der_put.c: simplify by using der_put_length_and_tag
588
589 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of
590 krb5_verify_user that tries in all the local realms
591
592 * lib/krb5/set_default_realm.c: add support for having several
593 default realms
594
595 * lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms'
596
597 * lib/krb5/get_default_realm.c (krb5_get_default_realms): add
598
599 * lib/krb5/krb5.h (krb5_context_data): change `default_realm' to
600 `default_realms'
601
602 * lib/krb5/context.c: change from `default_realm' to
603 `default_realms'
604
605 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
606 krb5_get_default_realms
607
608 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c
609
610 * lib/krb5/copy_host_realm.c: new file
611
6121999-09-27 Johan Danielsson <joda@pdc.kth.se>
613
614 * lib/asn1/der_put.c (encode_generalized_time): encode length
615
616 * lib/krb5/recvauth.c: new function `krb5_recvauth_match_version'
617 that allows more intelligent matching of the application version
618
6191999-09-26 Assar Westerlund <assar@sics.se>
620
621 * lib/asn1/asn1_print.c: add err.h
622
623 * kdc/config.c (configure): use parse_bytes
624
625 * appl/test/nt_gss_common.c: use the correct header file
626
6271999-09-24 Johan Danielsson <joda@pdc.kth.se>
628
629 * kuser/klist.c: add a `--cache' flag
630
631 * kuser/kinit.c (main): only get default value for `get_v4_tgt' if
632 it's explicitly set in krb5.conf
633
6341999-09-23 Assar Westerlund <assar@sics.se>
635
636 * lib/asn1/asn1_print.c (tag_names); add another univeral tag
637
638 * lib/asn1/der.h: update universal tags
639
6401999-09-22 Assar Westerlund <assar@sics.se>
641
642 * lib/asn1/asn1_print.c (loop): print length of octet string
643
6441999-09-21 Johan Danielsson <joda@pdc.kth.se>
645
646 * admin/ktutil.c (kt_get): add `--help'
647
6481999-09-21 Assar Westerlund <assar@sics.se>
649
650 * kuser/Makefile.am: add kdecode_ticket
651
652 * kuser/kdecode_ticket.c: new debug program
653
654 * appl/test/nt_gss_server.c: new program to test against `Sample *
655 SSPI Code' in Windows 2000 RC1 SDK.
656
657 * appl/test/Makefile.am: add nt_gss_client and nt_gss_server
658
659 * lib/asn1/der_get.c (decode_general_string): remember to advance
660 ret over the length-len
661
662 * lib/asn1/Makefile.am: add asn1_print
663
664 * lib/asn1/asn1_print.c: new program for printing DER-structures
665
666 * lib/asn1/der_put.c: make functions more consistent
667
668 * lib/asn1/der_get.c: make functions more consistent
669
6701999-09-20 Johan Danielsson <joda@pdc.kth.se>
671
672 * kdc/kerberos5.c: be more informative in pa-data error messages
673
6741999-09-16 Assar Westerlund <assar@sics.se>
675
676 * configure.in: test for strlcpy, strlcat
677
6781999-09-14 Assar Westerlund <assar@sics.se>
679
680 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return
681 KRB5_LIBOS_PWDINTR when interrupted
682
683 * lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return
684 value from des_read_pw_string
685
686 * kuser/kinit.c (main): don't print any error if reading the
687 password was interrupted
688
689 * kpasswd/kpasswd.c (main): don't print any error if reading the
690 password was interrupted
691
692 * kdc/string2key.c (main): check the return value from fgets
693
694 * kdc/kstash.c (main): check return value from des_read_pw_string
695
696 * admin/ktutil.c (kt_add): check the return-value from fgets and
697 overwrite the password for paranoid reasons
698
699 * lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the
700 newline if it's there
701
7021999-09-13 Assar Westerlund <assar@sics.se>
703
704 * kdc/hpropd.c (main): remove bogus error with `--print'. remove
705 sysloging of number of principals transferred
706
707 * kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL
708 principals
709 (main): get rid of bogus opening of hdb database when propagating
710 ka-server database
711
7121999-09-12 Assar Westerlund <assar@sics.se>
713
714 * lib/krb5/krb5_locl.h (O_BINARY): add fallback definition
715
716 * lib/krb5/krb5.h (krb5_context_data): add keytab types
717
718 * configure.in: revert back awk test, not worked around in
719 roken.awk
720
721 * lib/krb5/keytab_krb4.c: remove O_BINARY
722
723 * lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's. From
724 Love <lha@e.kth.se>
725
726 * lib/krb5/keytab_file.c: remove O_BINARY
727
728 * lib/krb5/keytab.c: move the list of keytab types to the context
729
730 * lib/krb5/fcache.c: remove O_BINARY
731
732 * lib/krb5/context.c (init_context_from_config_file): register all
733 standard cache and keytab types
734 (krb5_free_context): free `kt_types'
735
736 * lib/krb5/cache.c (krb5_cc_resolve): move the registration of the
737 standard types of credential caches to context
738
739 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c
740
7411999-09-10 Assar Westerlund <assar@sics.se>
742
743 * lib/krb5/keytab.c: add comments and clean-up
744
745 * admin/ktutil.c: add `ktutil copy'
746
747 * lib/krb5/keytab_krb4.c: new file
748
749 * lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field
750
751 * lib/krb5/Makefile.am: add keytab_krb4.c
752
753 * lib/krb5/keytab.c: add krb4 and correct some if's
754
755 * admin/srvconvert.c (srvconv): move common code
756
757 * lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables
758
759 * lib/krb5/keytab.c: move out file and memory functions
760
761 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c,
762 keytab_memory.c
763
764 * lib/krb5/keytab_memory.c: new file
765
766 * lib/krb5/keytab_file.c: new file
767
768 * kpasswd/kpasswdd.c: move out password quality functions
769
7701999-09-07 Assar Westerlund <assar@sics.se>
771
772 * lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c. From
773 Love <lha@e.kth.se>
774
775 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check
776 return value from `krb5_sendto_kdc'
777
7781999-09-06 Assar Westerlund <assar@sics.se>
779
780 * lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and
781 remove the sending of data. add a parameter `limit'. let callers
782 send the date themselves (and preferably with net_write on tcp
783 sockets)
784 (send_and_recv_tcp): read first the length field and then only that
785 many bytes
786
7871999-09-05 Assar Westerlund <assar@sics.se>
788
789 * kdc/connect.c (handle_tcp): try to print warning `TCP data of
790 strange type' less often
791
792 * lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly.
793 return on EOF. always free data. check return value from
794 realloc.
795 (send_and_recv_tcp, send_and_recv_http): check advertised length
796 against actual length
797
7981999-09-01 Johan Danielsson <joda@pdc.kth.se>
799
800 * configure.in: check for sgi capabilities
801
8021999-08-27 Johan Danielsson <joda@pdc.kth.se>
803
804 * lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return
805 extra addresses
806
807 * kpasswd/kpasswdd.c: use HDB keytabs; change some error messages;
808 add --realm flag
809
810 * lib/krb5/address.c (krb5_append_addresses): remove duplicates
811
8121999-08-26 Johan Danielsson <joda@pdc.kth.se>
813
814 * lib/hdb/keytab.c: HDB keytab backend
815
8161999-08-25 Johan Danielsson <joda@pdc.kth.se>
817
818 * lib/krb5/keytab.c
819 (krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
820 pointer
821
8221999-08-24 Johan Danielsson <joda@pdc.kth.se>
823
824 * kpasswd/kpasswdd.c: add `--keytab' flag
825
8261999-08-23 Assar Westerlund <assar@sics.se>
827
828 * lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr'
829 instead of the non-standard `s6_addr32'. From Yoshinobu Inoue
830 <shin@kame.net> by way of the KAME repository
831
8321999-08-18 Assar Westerlund <assar@sics.se>
833
834 * configure.in (--enable-new-des3-code): remove check for `struct
835 addrinfo'
836
837 * lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable
838 des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards
839 compatability
840
841 * lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key
842 derivation) just got assigned etype 16 by <bcn@isi.edu>. keep the
843 old etype at 7.
844
8451999-08-16 Assar Westerlund <assar@sics.se>
846
847 * lib/krb5/sendauth.c (krb5_sendauth): only look at errno if
848 krb5_net_read actually returns -1
849
850 * lib/krb5/recvauth.c (krb5_recvauth): only look at errno if
851 krb5_net_read actually returns -1
852
853 * appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't
854 returned -1
855
856 * appl/test/tcp_server.c (proto): only trust errno if
857 krb5_net_read actually returns -1
858
859 * appl/kf/kfd.c (proto): be more careful with the return value
860 from krb5_net_read
861
8621999-08-13 Assar Westerlund <assar@sics.se>
863
864 * lib/krb5/get_addrs.c (get_addrs_int): try the different ways
865 sequentially instead of just one. this helps if your heimdal was
866 built with v6-support but your kernel doesn't have it, for
867 example.
868
8691999-08-12 Assar Westerlund <assar@sics.se>
870
871 * kdc/hpropd.c: add inetd flag. default means try to figure out
872 if stdin is a socket or not.
873
874 * Makefile.am (ACLOCAL): just use `cf', this variable is only used
875 when the current directory is $(top_srcdir) anyways and having
876 $(top_srcdir) there breaks if it's a relative path
877
8781999-08-09 Johan Danielsson <joda@pdc.kth.se>
879
880 * configure.in: check for setproctitle
881
8821999-08-05 Assar Westerlund <assar@sics.se>
883
884 * lib/krb5/principal.c (krb5_sname_to_principal): remember to call
885 freehostent
886
887 * appl/test/tcp_client.c: call freehostent
888
889 * appl/kf/kf.c (doit): call freehostent
890
891 * appl/kf/kf.c: make v6 friendly and simplify
892
893 * appl/kf/kfd.c: make v6 friendly and simplify
894
895 * appl/test/tcp_server.c: simplify by using krb5_err instead of
896 errx
897
898 * appl/test/tcp_client.c: simplify by using krb5_err instead of
899 errx
900
901 * appl/test/tcp_server.c: make v6 friendly and simplify
902
903 * appl/test/tcp_client.c: make v6 friendly and simplify
904
9051999-08-04 Assar Westerlund <assar@sics.se>
906
907 * Release 0.1m
908
9091999-08-04 Assar Westerlund <assar@sics.se>
910
911 * kuser/kinit.c (main): some more KRB4-conditionalizing
912
913 * lib/krb5/get_in_tkt.c: type correctness
914
915 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in
916 flags. From Miroslav Ruda <ruda@ics.muni.cz>
917
918 * kuser/kinit.c (main): add config file support for forwardable
919 and krb4 support. From Miroslav Ruda <ruda@ics.muni.cz>
920
921 * kdc/kerberos5.c (as_rep): add an empty X500-compress string as
922 transited.
923 (fix_transited_encoding): check length.
924 From Miroslav Ruda <ruda@ics.muni.cz>
925
926 * kdc/hpropd.c (dump_krb4): check the realm so that we don't dump
927 principals in some other realm. From Miroslav Ruda
928 <ruda@ics.muni.cz>
929 (main): rename sa_len -> sin_len, sa_lan is a define on some
930 platforms.
931
932 * appl/kf/kfd.c: add regpag support. From Miroslav Ruda
933 <ruda@ics.muni.cz>
934
935 * appl/kf/kf.c: add `-G' and forwardable option in krb5.conf.
936 From Miroslav Ruda <ruda@ics.muni.cz>
937
938 * lib/krb5/config_file.c (parse_list): don't run past end of line
939
940 * appl/test/gss_common.h: new prototypes
941
942 * appl/test/gssapi_client.c: use gss_err instead of abort
943
944 * appl/test/gss_common.c (gss_verr, gss_err): add
945
9461999-08-03 Assar Westerlund <assar@sics.se>
947
948 * lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this
949 otherwise it doesn't build with shared libraries
950
951 * kdc/hpropd.c: v6-ify
952
953 * kdc/hprop.c: v6-ify
954
9551999-08-01 Assar Westerlund <assar@sics.se>
956
957 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname
958
9591999-07-31 Assar Westerlund <assar@sics.se>
960
961 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new
962 function that takes a FQDN
963
964 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c
965
966 * lib/krb5/expand_hostname.c: new file
967
9681999-07-28 Assar Westerlund <assar@sics.se>
969
970 * Release 0.1l
971
9721999-07-28 Assar Westerlund <assar@sics.se>
973
974 * lib/asn1/Makefile.am: bump version to 1:2:0
975
976 * lib/krb5/Makefile.am: bump version to 3:1:0
977
978 * configure.in: more inet_pton to roken
979
980 * lib/krb5/principal.c (krb5_sname_to_principal): use
981 getipnodebyname
982
9831999-07-26 Assar Westerlund <assar@sics.se>
984
985 * Release 0.1k
986
9871999-07-26 Johan Danielsson <joda@pdc.kth.se>
988
989 * lib/krb5/Makefile.am: bump version number (changed function
990 signatures)
991
992 * lib/hdb/Makefile.am: bump version number (changes to some
993 function signatures)
994
9951999-07-26 Assar Westerlund <assar@sics.se>
996
997 * lib/krb5/Makefile.am: bump version to 3:0:2
998
999 * lib/hdb/Makefile.am: bump version to 2:1:0
1000
1001 * lib/asn1/Makefile.am: bump version to 1:1:0
1002
10031999-07-26 Assar Westerlund <assar@sics.se>
1004
1005 * Release 0.1j
1006
10071999-07-26 Assar Westerlund <assar@sics.se>
1008
1009 * configure.in: rokenize inet_ntop
1010
1011 * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t
1012
1013 * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t
1014
1015 * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t
1016
1017 * lib/krb5/store.c: lots of changes from size_t to ssize_t
1018 (krb5_ret_stringz): check return value from realloc
1019
1020 * lib/krb5/mk_safe.c: some type correctness
1021
1022 * lib/krb5/mk_priv.c: some type correctness
1023
1024 * lib/krb5/krb5.h (krb5_storage): change return values of
1025 functions from size_t to ssize_t
1026
10271999-07-24 Assar Westerlund <assar@sics.se>
1028
1029 * Release 0.1i
1030
1031 * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
1032 in lib/roken/roken.awk
1033
1034 * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
1035 step over addresses if there's no `sa_lan' field
1036
1037 * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
1038 using `struct sockaddr_storage'
1039
1040 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
1041 `struct sockaddr_storage'
1042
1043 * lib/krb5/changepw.c (krb5_change_password): simplify by using
1044 `struct sockaddr_storage'
1045
1046 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
1047 simplify by using `struct sockaddr_storage'
1048
1049 * kpasswd/kpasswdd.c (*): simplify by using `struct
1050 sockaddr_storage'
1051
1052 * kdc/connect.c (*): simplify by using `struct sockaddr_storage'
1053
1054 * configure.in (sa_family_t): just test for existence
1055 (sockaddr_storage): also specify include file
1056
1057 * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
1058 (sa_family_t): test for
1059 (struct sockaddr_storage): test for
1060
1061 * kdc/hprop.c (propagate_database): typo, NULL should be
1062 auth_context
1063
1064 * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
1065 AF_INET6
1066
1067 * appl/kf/kf.c (main): use warnx
1068
1069 * appl/kf/kf.c (proto): remove shadowing context
1070
1071 * lib/krb5/get_addrs.c (find_all_addresses): try to handle the
1072 case of getting back an `sockaddr_in6' address when sizeof(struct
1073 sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
1074 tell us how large the address is. This obviously doesn't work
1075 with unknown protocol types.
1076
10771999-07-24 Assar Westerlund <assar@sics.se>
1078
1079 * Release 0.1h
1080
10811999-07-23 Assar Westerlund <assar@sics.se>
1082
1083 * appl/kf/kfd.c: clean-up and more paranoia
1084
1085 * etc/services.append: add kf
1086
1087 * appl/kf/kf.c: rename tk_file to ccache for consistency. clean-up
1088
10891999-07-22 Assar Westerlund <assar@sics.se>
1090
1091 * lib/krb5/n-fold-test.c (main): print the correct data
1092
1093 * appl/Makefile.am (SUBDIRS): add kf
1094
1095 * appl/kf: new program. From Miroslav Ruda <ruda@ics.muni.cz>
1096
1097 * kdc/hprop.c: declare some variables unconditionally to simplify
1098 things
1099
1100 * kpasswd/kpasswdd.c: initialize kadm5 connection for every change
1101 (otherwise the modifier in the database doesn't get set)
1102
1103 * kdc/hpropd.c: clean-up and re-organize
1104
1105 * kdc/hprop.c: clean-up and re-organize
1106
1107 * configure.in (SunOS): define to xy for SunOS x.y
1108
11091999-07-19 Assar Westerlund <assar@sics.se>
1110
1111 * configure.in (AC_BROKEN): test for copyhostent, freehostent,
1112 getipnodebyaddr, getipnodebyname
1113
11141999-07-15 Assar Westerlund <assar@sics.se>
1115
1116 * lib/asn1/check-der.c: more test cases for integers
1117
1118 * lib/asn1/der_length.c (length_int): handle the case of the
1119 largest negative integer by not calling abs
1120
11211999-07-14 Assar Westerlund <assar@sics.se>
1122
1123 * lib/asn1/check-der.c (generic_test): check malloc return value
1124 properly
1125
1126 * lib/krb5/Makefile.am: add string_to_key_test
1127
1128 * lib/krb5/prog_setup.c (krb5_program_setup): always initialize
1129 the context
1130
1131 * lib/krb5/n-fold-test.c (main): return a relevant return value
1132
1133 * lib/krb5/krbhst.c: do SRV lookups for admin server as well.
1134 some clean-up.
1135
11361999-07-12 Assar Westerlund <assar@sics.se>
1137
1138 * configure.in: handle not building X programs
1139
11401999-07-06 Assar Westerlund <assar@sics.se>
1141
1142 * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
1143 variable
1144 (ipv6_sockaddr2port): fix typo
1145
1146 * etc/services.append: beginning of a file with services
1147
1148 * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
1149 there's no prefix. also clean-up a little bit.
1150
1151 * kdc/hprop.c (--kaspecials): new flag for handling special KA
1152 server entries. From "Brandon S. Allbery KF8NH"
1153 <allbery@kf8nh.apk.net>
1154
11551999-07-05 Assar Westerlund <assar@sics.se>
1156
1157 * kdc/connect.c (handle_tcp): make sure we have data before
1158 starting to look for HTTP
1159
1160 * kdc/connect.c (handle_tcp): always do getpeername, we can't
1161 trust recvfrom to return anything sensible
1162
11631999-07-04 Assar Westerlund <assar@sics.se>
1164
1165 * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
1166 all enctypes
1167
1168 * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry
1169
1170 * admin/srvconvert.c (srvconv): better error messages
1171
11721999-07-03 Assar Westerlund <assar@sics.se>
1173
1174 * lib/krb5/principal.c (unparse_name): error check malloc properly
1175
1176 * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
1177 properly
1178
1179 * lib/krb5/crypto.c (*): do some malloc return-value checks
1180 properly
1181
1182 * lib/hdb/hdb.c (hdb_process_master_key): simplify by using
1183 krb5_data_alloc
1184
1185 * lib/hdb/hdb.c (hdb_process_master_key): check return value from
1186 malloc
1187
1188 * lib/asn1/gen_decode.c (decode_type): fix generation of decoding
1189 information for TSequenceOf.
1190
1191 * kdc/kerberos5.c (get_pa_etype_info): check return value from
1192 malloc
1193
11941999-07-02 Assar Westerlund <assar@sics.se>
1195
1196 * lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
1197 0 and malloc returns NULL
1198
11991999-06-29 Assar Westerlund <assar@sics.se>
1200
1201 * lib/krb5/addr_families.c (ipv6_parse_addr): implement
1202
12031999-06-24 Assar Westerlund <assar@sics.se>
1204
1205 * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
1206 as an addrport one
1207
1208 * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
1209 add
1210 (krb5_auth_context): add local and remote port
1211
1212 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
1213 local and remote address and add them to the krb-cred packet
1214
1215 * lib/krb5/auth_context.c: save the local and remove ports in the
1216 auth_context
1217
1218 * lib/krb5/address.c (krb5_make_addrport): create an address of
1219 type KRB5_ADDRESS_ADDRPORT from (addr, port)
1220
1221 * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
1222 grabbing the port number out of the sockaddr
1223
12241999-06-23 Assar Westerlund <assar@sics.se>
1225
1226 * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
1227 increase possible verbosity.
1228
1229 * lib/krb5/config_file.c (parse_list): handle blank lines at
1230 another place
1231
1232 * kdc/connect.c (add_port_string): don't return a value
1233
1234 * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
1235 cache if the principals are different. close and NULL the old one
1236 so that we create a new one.
1237
1238 * configure.in: move around cgywin et al
1239 (LIB_kdb): set at the end of krb4-block
1240 (krb4): test for krb_enable_debug and krb_disable_debug
1241
12421999-06-16 Assar Westerlund <assar@sics.se>
1243
1244 * kuser/kdestroy.c (main): try to destroy v4 ticket even if the
1245 destruction of the v5 one fails
1246
1247 * lib/krb5/crypto.c (DES3_postproc): new version that does the
1248 right thing
1249 (*): don't put and recover length in 3DES encoding
1250 other small fixes
1251
12521999-06-15 Assar Westerlund <assar@sics.se>
1253
1254 * lib/krb5/get_default_principal.c: rewrite to use
1255 get_default_username
1256
1257 * lib/krb5/Makefile.am: add n-fold-test
1258
1259 * kdc/connect.c: add fallbacks for all lookups by service name
1260 (handle_tcp): break-up and clean-up
1261
12621999-06-09 Assar Westerlund <assar@sics.se>
1263
1264 * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
1265 the loopback address as uninteresting
1266
1267 * lib/krb5/get_addrs.c: new magic flag to get loopback address if
1268 there are no other addresses.
1269 (krb5_get_all_client_addrs): use that flag
1270
12711999-06-04 Assar Westerlund <assar@sics.se>
1272
1273 * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
1274 length
1275 (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
1276 (encrypt_internal_derived): don't include the length and don't
1277 decrease by the checksum size twice
1278 (_get_derived_key): the constant should be 5 bytes
1279
12801999-06-02 Johan Danielsson <joda@pdc.kth.se>
1281
1282 * configure.in: use KRB_CHECK_X
1283
1284 * configure.in: check for netinet/ip.h
1285
12861999-05-31 Assar Westerlund <assar@sics.se>
1287
1288 * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
1289 on RTLD_NOW
1290
12911999-05-23 Assar Westerlund <assar@sics.se>
1292
1293 * appl/test/uu_server.c: removed unused stuff
1294
1295 * appl/test/uu_client.c: removed unused stuff
1296
12971999-05-21 Assar Westerlund <assar@sics.se>
1298
1299 * kuser/kgetcred.c (main): correct error message
1300
1301 * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
1302 directly, avoiding redundant lookups and memory leaks
1303
1304 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
1305 local and remote addresses
1306
1307 * lib/krb5/get_default_principal.c (get_logname): also try
1308 $USERNAME
1309
1310 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)
1311
1312 * lib/krb5/principal.c (USE_RESOLVER): try to define only if we
1313 have a libresolv (currently by checking for res_search)
1314
13151999-05-18 Johan Danielsson <joda@pdc.kth.se>
1316
1317 * kdc/connect.c (handle_tcp): remove %-escapes in request
1318
13191999-05-14 Assar Westerlund <assar@sics.se>
1320
1321 * Release 0.1g
1322
1323 * admin/ktutil.c (kt_remove): -t should be -e
1324
1325 * configure.in (CHECK_NETINET_IP_AND_TCP): use
1326
1327 * kdc/hpropd.c: support for dumping to krb4. From Miroslav Ruda
1328 <ruda@ics.muni.cz>
1329
1330 * admin/ktutil.c (kt_add): new option `--no-salt'. From Miroslav
1331 Ruda <ruda@ics.muni.cz>
1332
1333 * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
1334 and innetgr with roken versions
1335
1336 * kuser/kgetcred.c: new program
1337
1338Tue May 11 14:09:33 1999 Johan Danielsson <joda@pdc.kth.se>
1339
1340 * lib/krb5/mcache.c: fix paste-o
1341
13421999-05-10 Johan Danielsson <joda@pdc.kth.se>
1343
1344 * configure.in: don't use uname
1345
13461999-05-10 Assar Westerlund <assar@sics.se>
1347
1348 * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
1349 arguments :-)
1350
1351 * appl/test/uu_server.c (setsockopt): cast to get rid of a warning
1352
1353 * appl/test/tcp_server.c (setsockopt): cast to get rid of a
1354 warning
1355
1356 * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
1357 == NULL
1358
1359 * appl/test/gssapi_server.c (setsockopt): cast to get rid of a
1360 warning
1361
1362 * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
1363 setting the default ccache.
1364
1365 * configure.in (getsockopt, setsockopt): test for
1366 (AM_INIT_AUTOMAKE): bump version to 0.1g
1367
1368 * appl/Makefile.am (SUBDIRS): add kx
1369
1370 * lib/hdb/convert_db.c (main): handle the case of no master key
1371
13721999-05-09 Assar Westerlund <assar@sics.se>
1373
1374 * Release 0.1f
1375
1376 * kuser/kinit.c: add --noaddresses
1377
1378 * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
1379 empty sit of list as to not ask for any addresses.
1380
13811999-05-08 Assar Westerlund <assar@sics.se>
1382
1383 * acconfig.h (_GNU_SOURCE): define this to enable (used)
1384 extensions on glibc-based systems such as linux
1385
13861999-05-03 Assar Westerlund <assar@sics.se>
1387
1388 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
1389 `*out_creds' properly
1390
1391 * lib/krb5/creds.c (krb5_compare_creds): just verify that the
1392 keytypes/enctypes are compatible, not that they are the same
1393
1394 * kuser/kdestroy.c (cache): const-correctness
1395
13961999-05-03 Johan Danielsson <joda@pdc.kth.se>
1397
1398 * lib/hdb/hdb.c (hdb_set_master_key): initialise master key
1399 version
1400
1401 * lib/hdb/convert_db.c: add support for upgrading database
1402 versions
1403
1404 * kdc/misc.c: add flags to fetch
1405
1406 * kdc/kstash.c: unlink keyfile on failure, chmod to 400
1407
1408 * kdc/hpropd.c: add --print option
1409
1410 * kdc/hprop.c: pass flags to hdb_foreach
1411
1412 * lib/hdb/convert_db.c: add some flags
1413
1414 * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
1415 build prototype headers
1416
1417 * lib/hdb/hdb_locl.h: update prototypes
1418
1419 * lib/hdb/print.c: move printable version of entry from kadmin
1420
1421 * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
1422 sealed or not; add flags to hdb_foreach
1423
1424 * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
1425 NDBM_nextkey
1426
1427 * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey
1428
1429 * lib/hdb/common.c: add flags to _hdb_{fetch,store}
1430
1431 * lib/hdb/hdb.h: add master_key_version to struct hdb, update
1432 prototypes
1433
1434 * lib/hdb/hdb.asn1: make mkvno optional, update version to 2
1435
1436 * configure.in: --enable-netinfo
1437
1438 * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO
1439
1440 * config.sub: fix for crays
1441
1442 * config.guess: new version from automake 1.4
1443
1444 * config.sub: new version from automake 1.4
1445
1446Wed Apr 28 00:21:17 1999 Assar Westerlund <assar@sics.se>
1447
1448 * Release 0.1e
1449
1450 * lib/krb5/mcache.c (mcc_get_next): get the current cursor
1451 correctly
1452
1453 * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
1454 From Ake Sandgren <ake@cs.umu.se>
1455
14561999-04-27 Johan Danielsson <joda@pdc.kth.se>
1457
1458 * kdc/kerberos5.c: fix arguments to decrypt_ticket
1459
14601999-04-25 Assar Westerlund <assar@sics.se>
1461
1462 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
1463 DCE secd's that are not able to handle MD5 checksums by defaulting
1464 to MD4 if the keytype was DES-CBC-CRC
1465
1466 * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype
1467
1468 * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
1469 `cksumtype'
1470
1471 * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
1472 secd
1473 (init_tgs_req): add all supported enctypes for the keytype in
1474 `in_creds->session.keytype' if it's set
1475
1476 * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
1477 encryption types
1478 (do_checksum): new function
1479 (verify_checksum): take the checksum to use from the checksum message
1480 and not from the crypto struct
1481 (etypes): add F_PSEUDO flags
1482 (krb5_keytype_to_enctypes): new function
1483
1484 * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
1485 and cksumtype
1486 (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
1487 (krb5_auth_setkeytype, krb5_auth_getkeytype): implement
1488 (krb5_auth_setenctype): comment out, it's rather bogus anyway
1489
1490Sun Apr 25 16:55:50 1999 Johan Danielsson <joda@pdc.kth.se>
1491
1492 * lib/krb5/krb5_locl.h: fix for stupid aix warnings
1493
1494 * lib/krb5/fcache.c (erase_file): don't malloc
1495
1496Sat Apr 24 18:35:21 1999 Johan Danielsson <joda@pdc.kth.se>
1497
1498 * kdc/config.c: pass context to krb5_config_file_free
1499
1500 * kuser/kinit.c: add `--fcache-version' to set cache version to
1501 create
1502
1503 * kuser/klist.c: print cache version if verbose
1504
1505 * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort
1506
1507 * lib/krb5/principal.c: abort -> krb5_abortx
1508
1509 * lib/krb5/mk_rep.c: abort -> krb5_abortx
1510
1511 * lib/krb5/config_file.c: abort -> krb5_abortx
1512
1513 * lib/krb5/context.c (init_context_from_config_file): init
1514 fcache_version; add krb5_{get,set}_fcache_version
1515
1516 * lib/krb5/keytab.c: add support for reading (and writing?) old
1517 version keytabs
1518
1519 * lib/krb5/cache.c: add krb5_cc_get_version
1520
1521 * lib/krb5/fcache.c: add support for reading and writing old
1522 version cache files
1523
1524 * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags
1525
1526 * lib/krb5/store_emem.c (krb5_storage_emem): zero flags
1527
1528 * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags
1529
1530 * lib/krb5/store.c: add flags to change how various fields are
1531 stored, used for old cache version support
1532
1533 * lib/krb5/krb5.h: add support for reading and writing old version
1534 cache files, and keytabs
1535
1536Wed Apr 21 00:09:26 1999 Assar Westerlund <assar@sics.se>
1537
1538 * configure.in: fix test for readline.h remember to link with
1539 $LIB_tgetent when trying linking with readline
1540
1541 * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
1542 is given, request a postdated ticket.
1543
1544 * lib/krb5/data.c (krb5_data_free): free data as long as it's not
1545 NULL
1546
1547Tue Apr 20 20:18:14 1999 Assar Westerlund <assar@sics.se>
1548
1549 * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen
1550
1551 * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add
1552
1553 * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
1554 KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
1555 invalid
1556
1557Tue Apr 20 12:42:08 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1558
1559 * kpasswd/kpasswdd.c: don't try to load library by default; get
1560 library and function name from krb5.conf
1561
1562 * kpasswd/sample_passwd_check.c: sample password checking
1563 functions
1564
1565Mon Apr 19 22:22:19 1999 Assar Westerlund <assar@sics.se>
1566
1567 * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
1568 krb5_data_alloc and be careful with checking allocation and sizes.
1569
1570 * kuser/klist.c (--tokens): conditionalize on KRB4
1571
1572 * kuser/kinit.c (renew_validate): set all flags
1573 (main): fix cut-n-paste error when setting start-time
1574
1575 * kdc/kerberos5.c (check_tgs_flags): starttime of a validate
1576 ticket should be > than current time
1577 (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket
1578
1579 * kuser/kinit.c (renew_validate): use the client realm instead of
1580 the local realm when renewing tickets.
1581
1582 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
1583 (krb5_get_forwarded_creds): correct freeing of out_creds
1584
1585 * kuser/kinit.c (renew_validate): hopefully fix up freeing of
1586 memory
1587
1588 * configure.in: do all the krb4 tests with "$krb4" != "no"
1589
1590 * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
1591 keyvalue if it's NULL. noticed by Ake Sandgren <ake@cs.umu.se>
1592
1593 * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
1594 instead of just taking the first one. fix all callers. From
1595 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
1596
1597 * kdc/kdc_locl.h (enable_kaserver): declaration
1598
1599 * kdc/hprop.c (ka_convert): print the failing principal. AFS 3.4a
1600 creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around. From
1601 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
1602
1603 * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning
1604
1605 * kdc/connect.c (add_standard_ports, process_request): look at
1606 enable_kaserver. From "Brandon S. Allbery KF8NH"
1607 <allbery@kf8nh.apk.net>
1608
1609 * kdc/config.c: new flag --kaserver and config file option
1610 enable-kaserver. From "Brandon S. Allbery KF8NH"
1611 <allbery@kf8nh.apk.net>
1612
1613Mon Apr 19 12:32:04 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1614
1615 * configure.in: check for dlopen, and dlfcn.h
1616
1617 * kpasswd/kpasswdd.c: add support for dlopen:ing password quality
1618 check library
1619
1620 * configure.in: add appl/su
1621
1622Sun Apr 18 15:46:53 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1623
1624 * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
1625 cache
1626
1627Fri Apr 16 17:58:51 1999 Assar Westerlund <assar@sics.se>
1628
1629 * configure.in: LIB_kdb: -L should be before -lkdb
1630 test for prototype of strsep
1631
1632Thu Apr 15 11:34:38 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1633
1634 * lib/krb5/Makefile.am: update version
1635
1636 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
1637 ALLOC_SEQ
1638
1639 * lib/krb5/fcache.c: add some support for reading and writing old
1640 cache formats;
1641 (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
1642 krb5_ret_creds
1643
1644 * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
1645 initialize host_byteorder
1646
1647 * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
1648 host_byteorder
1649
1650 * lib/krb5/store_emem.c (krb5_storage_emem): initialize
1651 host_byteorder
1652
1653 * lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
1654 (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
1655 check host_byteorder flag; (krb5_store_creds): add;
1656 (krb5_ret_creds): add
1657
1658 * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
1659 storage of numbers
1660
1661 * lib/krb5/heim_err.et: add `host not found' error
1662
1663 * kdc/connect.c: don't use data after clearing decriptor
1664
1665 * lib/krb5/auth_context.c: abort -> krb5_abortx
1666
1667 * lib/krb5/warn.c: add __attribute__; add *abort functions
1668
1669 * configure.in: check for __attribute__
1670
1671 * kdc/connect.c: log bogus requests
1672
1673Tue Apr 13 18:38:05 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1674
1675 * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
1676 for all DES keys
1677
16781999-04-12 Assar Westerlund <assar@sics.se>
1679
1680 * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit
1681
1682 * lib/krb5/get_cred.c (init_tgs_req): some more error checking
1683
1684 * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
1685 value from malloc
1686
1687Sun Apr 11 03:47:23 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1688
1689 * lib/krb5/krb5.conf.5: update to reality
1690
1691 * lib/krb5/krb5_425_conv_principal.3: update to reality
1692
16931999-04-11 Assar Westerlund <assar@sics.se>
1694
1695 * lib/krb5/get_host_realm.c: handle more than one realm for a host
1696
1697 * kpasswd/kpasswd.c (main): use krb5_program_setup and
1698 print_version
1699
1700 * kdc/string2key.c (main): use krb5_program_setup and
1701 print_version
1702
1703Sun Apr 11 02:35:58 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1704
1705 * lib/krb5/principal.c (krb5_524_conv_principal): make it actually
1706 work, and check built-in list of host-type first-components
1707
1708 * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm
1709
1710 * lib/krb5/context.c: add srv_* flags to context
1711
1712 * lib/krb5/principal.c: add default v4_name_convert entries
1713
1714 * lib/krb5/krb5.h: add srv_* flags to context
1715
1716Sat Apr 10 22:52:28 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1717
1718 * kadmin/kadmin.c: complain about un-recognised commands
1719
1720 * admin/ktutil.c: complain about un-recognised commands
1721
1722Sat Apr 10 15:41:49 1999 Assar Westerlund <assar@sics.se>
1723
1724 * kadmin/load.c (doit): fix error message
1725
1726 * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
1727 fail to match.
1728 (krb5_get_wrapped_length): new function
1729
1730 * configure.in: security/pam_modules.h: check for
1731
1732 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
1733 around `ret_as_reply' semantics by only freeing it when ret == 0
1734
1735Fri Apr 9 20:24:04 1999 Assar Westerlund <assar@sics.se>
1736
1737 * kuser/klist.c (print_cred_verbose): handle the case of a bad
1738 enctype
1739
1740 * configure.in: test for more header files
1741 (LIB_roken): set
1742
1743Thu Apr 8 15:01:59 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1744
1745 * configure.in: fixes for building w/o krb4
1746
1747 * ltmain.sh: update to libtool 1.2d
1748
1749 * ltconfig: update to libtool 1.2d
1750
1751Wed Apr 7 23:37:26 1999 Assar Westerlund <assar@sics.se>
1752
1753 * kdc/hpropd.c: fix some error messages to be more understandable.
1754
1755 * kdc/hprop.c (ka_dump): remove unused variables
1756
1757 * appl/test/tcp_server.c: remove unused variables
1758
1759 * appl/test/gssapi_server.c: remove unused variables
1760
1761 * appl/test/gssapi_client.c: remove unused variables
1762
1763Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1764
1765 * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code
1766
1767 * kuser/klist.c: make it compile w/o krb4
1768
1769 * kuser/kdestroy.c: make it compile w/o krb4
1770
1771 * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
1772 strings
1773
1774Mon Apr 5 16:13:46 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1775
1776 * configure.in: test for MIPS ABI; new test_package
1777
1778Thu Apr 1 11:00:40 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1779
1780 * include/Makefile.am: clean krb5-private.h
1781
1782 * Release 0.1d
1783
1784 * kpasswd/kpasswdd.c (doit): pass context to
1785 krb5_get_all_client_addrs
1786
1787 * kdc/connect.c (init_sockets): pass context to
1788 krb5_get_all_server_addrs
1789
1790 * lib/krb5/get_in_tkt.c (init_as_req): pass context to
1791 krb5_get_all_client_addrs
1792
1793 * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
1794 krb5_get_all_client_addrs
1795
1796 * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses
1797
1798 * lib/krb5/krb5.h: add support for adding an extra set of
1799 addresses
1800
1801 * lib/krb5/context.c: add support for adding an extra set of
1802 addresses
1803
1804 * lib/krb5/addr_families.c: add krb5_parse_address
1805
1806 * lib/krb5/address.c: krb5_append_addresses
1807
1808 * lib/krb5/config_file.c (parse_binding): don't zap everything
1809 after first whitespace
1810
1811 * kuser/kinit.c (renew_validate): don't allocate out
1812
1813 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
1814 allocate out_creds
1815
1816 * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
1817 out_creds pointer;
1818 (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
1819 free more memory
1820
1821 * lib/krb5/crypto.c (encrypt_internal): free checksum
1822
1823 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
1824 and ticket
1825
1826 * kuser/Makefile.am: remove kfoo
1827
1828 * lib/Makefile.am: add auth
1829
1830 * lib/kadm5/iprop.h: getarg.h
1831
1832 * lib/kadm5/replay_log.c: use getarg
1833
1834 * lib/kadm5/ipropd_slave.c: use getarg
1835
1836 * lib/kadm5/ipropd_master.c: use getarg
1837
1838 * lib/kadm5/dump_log.c: use getarg
1839
1840 * kpasswd/kpasswdd.c: use getarg
1841
1842 * Makefile.am.common: make a more working check-local target
1843
1844 * lib/asn1/main.c: use getargs
1845
1846Mon Mar 29 20:19:57 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1847
1848 * kuser/klist.c (print_cred_verbose): use krb5_print_address
1849
1850 * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int
1851
1852 * lib/krb5/addr_families.c (krb5_print_address): handle unknown
1853 address types; (ipv6_print_addr): print in 16-bit groups (as it
1854 should)
1855
1856 * lib/krb5/crc.c: crc_{init_table,update} ->
1857 _krb5_crc_{init_table,update}
1858
1859 * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
1860 crc_{init_table,update} -> _krb5_crc_{init_table,update}
1861
1862 * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int
1863
1864 * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int
1865
1866 * lib/krb5/krb5_locl.h: include krb5-private.h
1867
1868 * kdc/connect.c (addr_to_string): use krb5_print_address
1869
1870 * lib/krb5/addr_families.c (krb5_print_address): int -> size_t
1871
1872 * lib/krb5/addr_families.c: add support for printing ipv6
1873 addresses, either with inet_ntop, or ugly for-loop
1874
1875 * kdc/524.c: check that the ticket came from a valid address; use
1876 the address of the connection as the address to put in the v4
1877 ticket (if this address is AF_INET)
1878
1879 * kdc/connect.c: pass addr to do_524
1880
1881 * kdc/kdc_locl.h: prototype for do_524
1882
1883Sat Mar 27 17:48:31 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1884
1885 * configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
1886 setlim; check for auth modules; siad.h, getpwnam_r;
1887 lib/auth/Makefile, lib/auth/sia/Makefile
1888
1889 * lib/krb5/crypto.c: n_fold -> _krb5_n_fold
1890
1891 * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold
1892
1893Thu Mar 25 04:35:21 1999 Assar Westerlund <assar@sics.se>
1894
1895 * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
1896 it
1897
1898 * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'
1899
1900 * lib/hdb/ndbm.c (NDBM_destroy): clear master key
1901
1902 * lib/hdb/db.c (DB_destroy): clear master key
1903 (DB_open): check malloc
1904
1905 * kdc/connect.c (init_sockets): free addresses
1906
1907 * kadmin/kadmin.c (main): make code more consistent. always free
1908 configuration information.
1909
1910 * kadmin/init.c (create_random_entry): free the entry
1911
1912Wed Mar 24 04:02:03 1999 Assar Westerlund <assar@sics.se>
1913
1914 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
1915 re-organize the code to always free `kdc_reply'
1916
1917 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
1918 freeing memory
1919
1920 * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close
1921
1922 * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'
1923
1924 * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
1925 header
1926
1927 * configure.in (db_185.h): check for
1928
1929 * admin/srvcreate.c: new file. contributed by Daniel Kouril
1930 <kouril@informatics.muni.cz>
1931
1932 * admin/ktutil.c: srvcreate: new command
1933
1934 * kuser/klist.c: add support for printing AFS tokens
1935
1936 * kuser/kdestroy.c: add support for destroying v4 tickets and AFS
1937 tokens. based on code by Love <lha@stacken.kth.se>
1938
1939 * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries
1940
1941 * configure.in: sys/ioccom.h: test for
1942
1943 * kuser/klist.c (main): don't print `no ticket file' with --test.
1944 From: Love <lha@e.kth.se>
1945
1946 * kpasswd/kpasswdd.c (doit): more braces to make gcc happy
1947
1948 * kdc/connect.c (init_socket): get rid of a stupid warning
1949
1950 * include/bits.c (my_strupr): cast away some stupid warnings
1951
1952Tue Mar 23 14:34:44 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1953
1954 * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
1955 loops, please
1956
1957Tue Mar 23 00:00:45 1999 Assar Westerlund <assar@sics.se>
1958
1959 * lib/kadm5/Makefile.am (install_build_headers): recover from make
1960 rewriting the names of the headers kludge to help solaris make
1961
1962 * lib/krb5/Makefile.am: kludge to help solaris make
1963
1964 * lib/hdb/Makefile.am: kludge to help solaris make
1965
1966 * configure.in (LIB_kdb): make sure there's a -L option in here by
1967 adding $(LIB_krb4)
1968
1969 * lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
1970 unsigned
1971
1972 * configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
1973 remove the `dnl' to work around an automake flaw
1974
1975Sun Mar 21 15:08:49 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1976
1977 * lib/krb5/get_default_realm.c: char* -> krb5_realm
1978
1979Sun Mar 21 14:08:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1980
1981 * include/bits.c: <bind/bitypes.h>
1982
1983 * lib/krb5/Makefile.am: create krb5-private.h
1984
1985Sat Mar 20 00:08:59 1999 Assar Westerlund <assar@sics.se>
1986
1987 * configure.in (gethostname): remove duplicate
1988
1989Fri Mar 19 14:48:03 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1990
1991 * lib/hdb/Makefile.am: add version-info
1992
1993 * lib/gssapi/Makefile.am: add version-info
1994
1995 * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
1996 to check_PROGRAMS
1997
1998 * lib/Makefile.am: add 45
1999
2000 * lib/kadm5/Makefile.am: split in client and server libraries
2001 (breaks shared libraries otherwise)
2002
2003Thu Mar 18 11:33:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2004
2005 * include/kadm5/Makefile.am: clean a lot of header files (since
2006 automake lacks a clean-hook)
2007
2008 * include/Makefile.am: clean a lot of header files (since automake
2009 lacks a clean-hook)
2010
2011 * lib/kadm5/Makefile.am: fix build-installation of headers
2012
2013 * lib/krb5/Makefile.am: remove include_dir hack
2014
2015 * lib/hdb/Makefile.am: remove include_dir hack
2016
2017 * lib/asn1/Makefile.am: remove include_dir hack
2018
2019 * include/Makefile.am: remove include_dir hack
2020
2021 * doc/whatis.texi: define sub for html
2022
2023 * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h
2024
2025 * lib/asn1/Makefile.am: der.h
2026
2027 * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h
2028
2029 * kdc/Makefile.am: remove junk
2030
2031 * kadmin/Makefile.am: sl.a -> sl.la
2032
2033 * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS
2034
2035 * admin/Makefile.am: sl.a -> sl.la
2036
2037 * configure.in: condition KRB5; AC_CHECK_XAU
2038
2039 * Makefile.am: include Makefile.am.common
2040
2041 * include/kadm5/Makefile.am: include Makefile.am.common; don't
2042 install headers from here
2043
2044 * include/Makefile.am: include Makefile.am.common; don't install
2045 headers from here
2046
2047 * doc/Makefile.am: include Makefile.am.common
2048
2049 * lib/krb5/Makefile.am: include Makefile.am.common
2050
2051 * lib/kadm5/Makefile.am: include Makefile.am.common
2052
2053 * lib/hdb/Makefile.am: include Makefile.am.common
2054
2055 * lib/gssapi/Makefile.am: include Makefile.am.common
2056
2057 * lib/asn1/Makefile.am: include Makefile.am.common
2058
2059 * lib/Makefile.am: include Makefile.am.common
2060
2061 * lib/45/Makefile.am: include Makefile.am.common
2062
2063 * kuser/Makefile.am: include Makefile.am.common
2064
2065 * kpasswd/Makefile.am: include Makefile.am.common
2066
2067 * kdc/Makefile.am: include Makefile.am.common
2068
2069 * kadmin/Makefile.am: include Makefile.am.common
2070
2071 * appl/test/Makefile.am: include Makefile.am.common
2072
2073 * appl/afsutil/Makefile.am: include Makefile.am.common
2074
2075 * appl/Makefile.am: include Makefile.am.common
2076
2077 * admin/Makefile.am: include Makefile.am.common
2078
2079Wed Mar 17 03:04:38 1999 Assar Westerlund <assar@sics.se>
2080
2081 * lib/krb5/store.c (krb5_store_stringz): braces fix
2082
2083 * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix
2084
2085 * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix
2086
2087 * kdc/connect.c (loop): braces fix
2088
2089 * lib/krb5/config_file.c: cast to unsigned char to make is* happy
2090
2091 * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy
2092
2093 * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
2094 be consistent
2095
2096 * kadmin/util.c (timeval2str): more braces to make gcc happy
2097
2098 * kadmin/load.c: cast in is* to get rid of stupid warning
2099
2100 * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
2101 warning
2102
2103 * kdc/kaserver.c: malloc checks and fixes
2104
2105 * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
2106 dot (if any) when looking up realms.
2107
2108Fri Mar 12 13:57:56 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2109
2110 * lib/krb5/get_host_realm.c: add dns support
2111
2112 * lib/krb5/set_default_realm.c: use krb5_free_host_realm
2113
2114 * lib/krb5/free_host_realm.c: check for NULL realmlist
2115
2116 * lib/krb5/context.c: don't print warning if there is no krb5.conf
2117
2118Wed Mar 10 19:29:46 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2119
2120 * configure.in: use AC_WFLAGS
2121
2122Mon Mar 8 11:49:43 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2123
2124 * Release 0.1c
2125
2126 * kuser/klist.c: use print_version
2127
2128 * kuser/kdestroy.c: use print_version
2129
2130 * kdc/hpropd.c: use print_version
2131
2132 * kdc/hprop.c: use print_version
2133
2134 * kdc/config.c: use print_version
2135
2136 * kadmin/kadmind.c: use print_version
2137
2138 * kadmin/kadmin.c: use print_version
2139
2140 * appl/test/common.c: use print_version
2141
2142 * appl/afsutil/afslog.c: use print_version
2143
2144Mon Mar 1 10:49:14 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2145
2146 * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
2147 HAVE_STRUCT_SOCKADDR_SA_LEN
2148
2149 * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13
2150
2151Sun Feb 28 18:19:20 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2152
2153 * lib/asn1/gen.c: make `BIT STRING's unsigned
2154
2155 * lib/asn1/{symbol.h,gen.c}: add TUInteger type
2156
2157 * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
2158 krb5_get_init_creds_password
2159
2160 * lib/krb5/fcache.c (fcc_gen_new): implement
2161
2162Sat Feb 27 22:41:23 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2163
2164 * doc/install.texi: krb4 is now automatically detected
2165
2166 * doc/misc.texi: update procedure to set supported encryption
2167 types
2168
2169 * doc/setup.texi: change some silly wordings
2170
2171Sat Feb 27 22:17:30 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2172
2173 * lib/krb5/keytab.c (fkt_remove_entry): make this work
2174
2175 * admin/ktutil.c: add minimally working `get' command
2176
2177Sat Feb 27 19:44:49 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2178
2179 * lib/hdb/convert_db.c: more typos
2180
2181 * include/Makefile.am: remove EXTRA_DATA (as of autoconf
2182 2.13/automake 1.4)
2183
2184 * appl/Makefile.am: OTP_dir
2185
2186Fri Feb 26 17:37:00 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2187
2188 * doc/setup.texi: add kadmin section
2189
2190 * lib/asn1/check-der.c: fix printf warnings
2191
2192Thu Feb 25 11:16:49 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2193
2194 * configure.in: -O does not belong in WFLAGS
2195
2196Thu Feb 25 11:05:57 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2197
2198 * lib/asn1/der_put.c: fix der_put_int
2199
2200Tue Feb 23 20:35:12 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2201
2202 * configure.in: use AC_BROKEN_GLOB
2203
2204Mon Feb 22 15:12:44 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2205
2206 * configure.in: check for glob
2207
2208Mon Feb 22 11:32:42 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2209
2210 * Release 0.1b
2211
2212Sat Feb 20 15:48:06 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2213
2214 * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
2215 des3-cbc-md5
2216
2217 * lib/krb5/crypto.c (DES3_string_to_key): make this actually do
2218 what the draft said it should
2219
2220 * lib/hdb/convert_db.c: little program for database conversion
2221
2222 * lib/hdb/db.c (DB_open): try to open database w/o .db extension
2223
2224 * lib/hdb/ndbm.c (NDBM_open): add test for database format
2225
2226 * lib/hdb/db.c (DB_open): add test for database format
2227
2228 * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
2229 unsigned
2230
2231 * lib/hdb/hdb.c: change `hdb_set_master_key' to take an
2232 EncryptionKey, and add a new function `hdb_set_master_keyfile' to
2233 do what `hdb_set_master_key' used to do
2234
2235 * kdc/kstash.c: add `--convert-file' option to change keytype of
2236 existing master key file
2237
2238Fri Feb 19 07:04:14 1999 Assar Westerlund <assar@squid.pdc.kth.se>
2239
2240 * Release 0.1a
2241
2242Sat Feb 13 17:12:53 1999 Assar Westerlund <assar@sics.se>
2243
2244 * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
2245 is now a `u_char *'
2246
2247 * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'
2248
2249 * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
2250 orig_host
2251
2252 (krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
2253 RSA_MD5_DES3_verify): initialize ret
2254
2255 * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
2256 gssapi_krb5_init. ask for KEYTYPE_DES credentials
2257
2258 * kadmin/get.c (print_entry_long): print the keytypes and salts
2259 available for the principal
2260
2261 * configure.in (WFLAGS): add `-O' to catch unitialized variables
2262 and such
2263 (gethostname, mkstemp, getusershell, inet_aton): more tests
2264
2265 * lib/hdb/hdb.h: update prototypes
2266
2267 * configure.in: homogenize broken detection with krb4
2268
2269 * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
2270 `error'
2271
2272 * lib/asn1/Makefile.am (check-der): add
2273
2274 * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
2275 of `unsigned'
2276
2277 * lib/asn1/der_length.c (length_unsigned): new function
2278 (length_int): handle signed integers
2279
2280 * lib/asn1/der_put.c (der_put_unsigned): new function
2281 (der_put_int): handle signed integers
2282
2283 * lib/asn1/der_get.c (der_get_unsigned): new function
2284 (der_get_int): handle signed integers
2285
2286 * lib/asn1/der.h: all integer functions take `int' instead of
2287 `unsigned'
2288
2289 * lib/asn1/lex.l (filename): unused. remove.
2290
2291 * lib/asn1/check-der.c: new test program for der encoding and
2292 decoding.
2293
2294Mon Feb 1 04:09:06 1999 Assar Westerlund <assar@sics.se>
2295
2296 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
2297 gethostbyname2 with AF_INET6 if we actually have IPv6. From
2298 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
2299
2300 * lib/krb5/changepw.c (get_kdc_address): dito
2301
2302Sun Jan 31 06:26:36 1999 Assar Westerlund <assar@sics.se>
2303
2304 * kdc/connect.c (parse_prots): always bind to AF_INET, there are
2305 v6-implementations without support for `mapped V4 addresses'.
2306 From Jun-ichiro itojun Hagino <itojun@kame.net>
2307
2308Sat Jan 30 22:38:27 1999 Assar Westerlund <assar@juguete.sics.se>
2309
2310 * Release 0.0u
2311
2312Sat Jan 30 13:43:02 1999 Assar Westerlund <assar@sics.se>
2313
2314 * lib/krb5/Makefile.am: explicit rules for *.et files
2315
2316 * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
2317 krb5_get_credentials was succesful.
2318 (get_new_cache): return better error codes and return earlier.
2319 (get_cred_cache): only delete default_client if it's different
2320 from client
2321 (kadm5_c_init_with_context): return a more descriptive error.
2322
2323 * kdc/kerberos5.c (check_flags): handle NULL client or server
2324
2325 * lib/krb5/sendauth.c (krb5_sendauth): return the error in
2326 `ret_error' iff != NULL
2327
2328 * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
2329 new functions
2330
2331 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
2332 type-correctness
2333
2334 * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR
2335
2336 * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use
2337
2338 * lib/krb5/get_cred.c: KRB5_TGS_NAME: use
2339
2340 * lib/kafs/afskrb5.c (afslog_uid_int): update to changes
2341
2342 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
2343 instead of rename, but shouldn't this just call rename?
2344
2345 * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
2346 error if the principal wasn't found.
2347
2348 * lib/hdb/ndbm.c (NDBM_seq): unseal key
2349
2350 * lib/hdb/db.c (DB_seq): unseal key
2351
2352 * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]
2353
2354 * kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when
2355 finding cross-realm tgts in the v4 database
2356
2357 * kadmin/mod.c (mod_entry): check the number of arguments. check
2358 that kadm5_get_principal worked.
2359
2360 * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
2361 we weren't able to remove it.
2362
2363 * admin/ktutil.c: less drive-by-deleting. From Love
2364 <lha@e.kth.se>
2365
2366 * kdc/connect.c (parse_ports): copy the string before mishandling
2367 it with strtok_r
2368
2369 * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
2370 kvnos
2371
2372 * kadmin/kadmind.c (main): convert `debug_port' to network byte
2373 order
2374
2375 * kadmin/kadmin.c: allow specification of port number.
2376
2377 * lib/kadm5/kadm5_locl.h (kadm5_client_context): add
2378 `kadmind_port'.
2379
2380 * lib/kadm5/init_c.c (_kadm5_c_init_context): move up
2381 initalize_kadm5_error_table_r.
2382 allow specification of port number.
2383
2384 From Love <lha@stacken.kth.se>
2385
2386 * kuser/klist.c: add option -t | --test
2387
2388Sat Dec 5 19:49:34 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2389
2390 * lib/krb5/context.c: remove ktype_is_etype
2391
2392 * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE
2393
2394 * configure.in: fix for AIX install; better tests for AIX dynamic
2395 AFS libs; `--enable-new-des3-code'
2396
2397Tue Dec 1 14:44:44 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2398
2399 * appl/afsutil/Makefile.am: link with extra libs for aix
2400
2401 * kuser/Makefile.am: link with extra libs for aix
2402
2403Sun Nov 29 01:56:21 1998 Assar Westerlund <assar@sics.se>
2404
2405 * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add. almost
2406 the same as krb5_get_all_client_addrs except that it includes
2407 loopback addresses
2408
2409 * kdc/connect.c (init_socket): bind to a particular address
2410 (init_sockets): get all local addresses and bind to them all
2411
2412 * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
2413 methods
2414 (find_af, find_atype): new functions. use them.
2415
2416 * configure.in: add hesiod
2417
2418Wed Nov 25 11:37:48 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2419
2420 * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03
2421
2422Mon Nov 23 12:53:48 1998 Assar Westerlund <assar@sics.se>
2423
2424 * lib/kadm5/log.c: rename delete -> remove
2425
2426 * lib/kadm5/delete_s.c: rename delete -> remove
2427
2428 * lib/hdb/common.c: rename delete -> remove
2429
2430Sun Nov 22 12:26:26 1998 Assar Westerlund <assar@sics.se>
2431
2432 * configure.in: check for environ and `struct spwd'
2433
2434Sun Nov 22 11:42:45 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2435
2436 * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
2437 ktype_is_etype
2438
2439 * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
2440 etypes
2441 (em): sort entries
2442
2443Sun Nov 22 06:54:48 1998 Assar Westerlund <assar@sics.se>
2444
2445 * lib/krb5/init_creds_pw.c: more type correctness
2446
2447 * lib/krb5/get_cred.c: re-structure code. remove limits on ASN1
2448 generated bits.
2449
2450Sun Nov 22 01:49:50 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2451
2452 * kdc/hprop.c (v4_prop): fix bogus indexing
2453
2454Sat Nov 21 21:39:20 1998 Assar Westerlund <assar@sics.se>
2455
2456 * lib/krb5/verify_init.c (fail_verify_is_ok): new function
2457 (krb5_verify_init_creds): if we cannot get a ticket for
2458 host/`hostname` and fail_verify_is_ok just return. use
2459 krb5_rd_req
2460
2461Sat Nov 21 23:12:27 1998 Assar Westerlund <assar@sics.se>
2462
2463 * lib/krb5/free.c (krb5_xfree): new function
2464
2465 * lib/krb5/creds.c (krb5_free_creds_contents): new function
2466
2467 * lib/krb5/context.c: more type correctness
2468
2469 * lib/krb5/checksum.c: more type correctness
2470
2471 * lib/krb5/auth_context.c (krb5_auth_con_init): more type
2472 correctness
2473
2474 * lib/asn1/der_get.c (der_get_length): fix test of len
2475 (der_get_tag): more type correctness
2476
2477 * kuser/klist.c (usage): void-ize
2478
2479 * admin/ktutil.c (kt_remove): some more type correctness.
2480
2481Sat Nov 21 16:49:20 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2482
2483 * kuser/klist.c: try to list enctypes as keytypes
2484
2485 * kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
2486 to set list of enctypes to use
2487
2488 * kadmin/load.c: load strings as hex
2489
2490 * kadmin/dump.c: dump hex as string is possible
2491
2492 * admin/ktutil.c: use print_version()
2493
2494 * configure.in, acconfig.h: test for hesiod
2495
2496Sun Nov 15 17:28:19 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2497
2498 * lib/krb5/crypto.c: add some crypto debug code
2499
2500 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
2501 buffer when encoding ticket
2502
2503 * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'
2504
2505 * kdc/kerberos5.c: allow mis-match of tgt session key, and service
2506 session key
2507
2508 * admin/ktutil.c: keytype -> enctype
2509
2510Fri Nov 13 05:35:48 1998 Assar Westerlund <assar@sics.se>
2511
2512 * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
2513
2514Sat Nov 7 19:56:31 1998 Assar Westerlund <assar@sics.se>
2515
2516 * lib/krb5/get_cred.c (add_cred): add termination NULL pointer
2517
2518Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se>
2519
2520 * lib/krb5/rd_req.c: adapt to new crypto api
2521
2522 * lib/krb5/rd_rep.c: adapt to new crypto api
2523
2524 * lib/krb5/rd_priv.c: adopt to new crypto api
2525
2526 * lib/krb5/rd_cred.c: adopt to new crypto api
2527
2528 * lib/krb5/principal.c: ENOMEM -> ERANGE
2529
2530 * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api
2531
2532 * lib/krb5/mk_req_ext.c: adopt to new crypto api
2533
2534 * lib/krb5/mk_req.c: get enctype from auth_context keyblock
2535
2536 * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api
2537
2538 * lib/krb5/mk_priv.c: adopt to new crypto api
2539
2540 * lib/krb5/keytab.c: adopt to new crypto api
2541
2542 * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api
2543
2544 * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api
2545
2546 * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api
2547
2548 * lib/krb5/get_in_tkt.c: adopt to new crypto api
2549
2550 * lib/krb5/get_cred.c: adopt to new crypto api
2551
2552 * lib/krb5/generate_subkey.c: use new crypto api
2553
2554 * lib/krb5/context.c: rename etype functions to enctype ditto
2555
2556 * lib/krb5/build_auth.c: use new crypto api
2557
2558 * lib/krb5/auth_context.c: remove enctype and cksumtype from
2559 auth_context
2560
2561Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se>
2562
2563 * kdc/connect.c (handle_udp, handle_tcp): correct type of `n'
2564
2565Tue Sep 15 18:41:38 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2566
2567 * admin/ktutil.c: fix printing of unrecognized keytypes
2568
2569Tue Sep 15 17:02:33 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2570
2571 * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
2572 using AFS3 salt
2573
2574Tue Aug 25 23:30:52 1998 Assar Westerlund <assar@sics.se>
2575
2576 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
2577 `use_admin_kdc'
2578
2579 * lib/krb5/changepw.c (get_kdc_address): use
2580 krb5_get_krb_admin_hst
2581
2582 * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function
2583
2584 * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'
2585
2586 * lib/krb5/context.c (krb5_get_use_admin_kdc,
2587 krb5_set_use_admin_kdc): new functions
2588
2589Tue Aug 18 22:24:12 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2590
2591 * lib/krb5/crypto.c: remove all calls to abort(); check return
2592 value from _key_schedule;
2593 (RSA_MD[45]_DES_verify): zero tmp and res;
2594 (RSA_MD5_DES3_{verify,checksum}): implement
2595
2596Mon Aug 17 20:18:46 1998 Assar Westerlund <assar@sics.se>
2597
2598 * kdc/kerberos4.c (swap32): conditionalize
2599
2600 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function
2601
2602 * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
2603 returned from gethostby*() isn't a FQDN, try with the original
2604 hostname
2605
2606 * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
2607 and correct key usage
2608
2609 * lib/krb5/crypto.c (verify_checksum): make static
2610
2611 * admin/ktutil.c (kt_list): use krb5_enctype_to_string
2612
2613Sun Aug 16 20:57:56 1998 Assar Westerlund <assar@sics.se>
2614
2615 * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt
2616
2617 * kadmin/ank.c (ank): print principal name in prompt
2618
2619 * lib/krb5/crypto.c (hmac): always allocate space for checksum.
2620 never trust c.checksum.length
2621 (_get_derived_key): try to return the derived key
2622
2623Sun Aug 16 19:48:42 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2624
2625 * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
2626 (get_checksum_key): assume usage is `formatted'
2627 (create_checksum,verify_checksum): moved the guts of the krb5_*
2628 functions here, both take `formatted' key-usages
2629 (encrypt_internal_derived): fix various bogosities
2630 (derive_key): drop key_type parameter (already given by the
2631 encryption_type)
2632
2633 * kdc/kerberos5.c (check_flags): handle case where client is NULL
2634
2635 * kdc/connect.c (process_request): return zero after processing
2636 kerberos 4 request
2637
2638Sun Aug 16 18:38:15 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2639
2640 * lib/krb5/crypto.c: merge x-*.[ch] into one file
2641
2642 * lib/krb5/cache.c: remove residual from krb5_ccache_data
2643
2644Fri Aug 14 16:28:23 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2645
2646 * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
2647 separate function (will eventually end up someplace else)
2648
2649 * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key
2650
2651 * configure.in, acconfig.h: test for four valued krb_put_int
2652
2653Thu Aug 13 23:46:29 1998 Assar Westerlund <assar@emma.pdc.kth.se>
2654
2655 * Release 0.0t
2656
2657Thu Aug 13 22:40:17 1998 Assar Westerlund <assar@sics.se>
2658
2659 * lib/krb5/config_file.c (parse_binding): remove trailing
2660 whitespace
2661
2662Wed Aug 12 20:15:11 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2663
2664 * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
2665 to krb5_create_checksum
2666
2667 * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
2668 few typos
2669
2670Wed Aug 5 12:39:54 1998 Assar Westerlund <assar@emma.pdc.kth.se>
2671
2672 * Release 0.0s
2673
2674Thu Jul 30 23:12:17 1998 Assar Westerlund <assar@sics.se>
2675
2676 * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die
2677
2678Thu Jul 23 19:49:03 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2679
2680 * kdc/kdc_locl.h: proto for `get_des_key'
2681
2682 * configure.in: test for four valued el_init
2683
2684 * kuser/klist.c: keytype -> enctype
2685
2686 * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'
2687
2688 * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys
2689
2690 * kdc/kaserver.c: use `get_des_key'
2691
2692 * kdc/524.c: use new crypto api
2693
2694 * kdc/kerberos4.c: use new crypto api
2695
2696 * kdc/kerberos5.c: always treat keytypes as enctypes; use new
2697 crypto api
2698
2699 * kdc/kstash.c: adapt to new crypto api
2700
2701 * kdc/string2key.c: adapt to new crypto api
2702
2703 * admin/srvconvert.c: add keys for all possible enctypes
2704
2705 * admin/ktutil.c: keytype -> enctype
2706
2707 * lib/gssapi/init_sec_context.c: get enctype from auth_context
2708 keyblock
2709
2710 * lib/hdb/hdb.c: remove hdb_*_keytype2key
2711
2712 * lib/kadm5/set_keys.c: adapt to new crypto api
2713
2714 * lib/kadm5/rename_s.c: adapt to new crypto api
2715
2716 * lib/kadm5/get_s.c: adapt to new crypto api
2717
2718 * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
2719 des-cbc-md5, and des3-cbc-sha1
2720
2721 * lib/krb5/heim_err.et: error message for unsupported salt
2722
2723 * lib/krb5/codec.c: short-circuit these functions, since they are
2724 not needed any more
2725
2726 * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api
2727
2728Mon Jul 13 23:00:59 1998 Assar Westerlund <assar@sics.se>
2729
2730 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
2731 hostent->h_addr_list, use a copy instead
2732
2733Mon Jul 13 15:00:31 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2734
2735 * lib/krb5/config_file.c (parse_binding, parse_section): make sure
2736 everything is ok before adding to linked list
2737
2738 * lib/krb5/config_file.c: skip ws before checking for comment
2739
2740Wed Jul 8 10:45:45 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2741
2742 * lib/asn1/k5.asn1: hmac-sha1-des3 = 12
2743
2744Tue Jun 30 18:08:05 1998 Assar Westerlund <assar@sics.se>
2745
2746 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
2747 unopened file
2748
2749 * lib/krb5/mk_priv.c: realloc correctly
2750
2751 * lib/krb5/get_addrs.c (find_all_addresses): init j
2752
2753 * lib/krb5/context.c (krb5_init_context): print error if parsing
2754 of config file produced an error.
2755
2756 * lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
2757 ignore more spaces
2758
2759 * lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
2760 krb5_encode_ETYPE_INFO): initialize `ret'
2761
2762 * lib/krb5/build_auth.c (krb5_build_authenticator): realloc
2763 correctly
2764
2765 * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'
2766
2767 * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
2768 with default_client
2769
2770 * kuser/kinit.c (main): initialize `ticket_life'
2771
2772 * kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
2773 (tgs_rep2): initialize `krbtgt'
2774
2775 * kdc/connect.c (do_request): check for errors from `sendto'
2776
2777 * kdc/524.c (do_524): initialize `ret'
2778
2779 * kadmin/util.c (foreach_principal): don't clobber `ret'
2780
2781 * kadmin/del.c (del_entry): don't apply on zeroth argument
2782
2783 * kadmin/cpw.c (do_cpw_entry): initialize `ret'
2784
2785Sat Jun 13 04:14:01 1998 Assar Westerlund <assar@juguete.sics.se>
2786
2787 * Release 0.0r
2788
2789Sun Jun 7 04:13:14 1998 Assar Westerlund <assar@sics.se>
2790
2791 * lib/krb5/addr_families.c: fall-back definition of
2792 IN6_ADDR_V6_TO_V4
2793
2794 * configure.in: only set CFLAGS if it wasn't set look for
2795 dn_expand and res_search
2796
2797Mon Jun 1 21:28:07 1998 Assar Westerlund <assar@sics.se>
2798
2799 * configure.in: remove duplicate seteuid
2800
2801Sat May 30 00:19:51 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2802
2803 * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
2804 runtime dependencies on libkrb with some shared library
2805 implementations
2806
2807Fri May 29 00:09:02 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2808
2809 * kuser/kinit_options.c: Default options for kinit.
2810
2811 * kuser/kauth_options.c: Default options for kauth.
2812
2813 * kuser/kinit.c: Implement lots a new options.
2814
2815 * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
2816 is not NULL; set endtime to min of new starttime + old_life, and
2817 requested endtime
2818
2819 * lib/krb5/init_creds_pw.c (get_init_creds_common): if the
2820 forwardable or proxiable flags are set in options, set the
2821 kdc-flags to the value specified, and not always to one
2822
2823Thu May 28 21:28:06 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2824
2825 * kdc/kerberos5.c: Optionally compare client address to addresses
2826 in ticket.
2827
2828 * kdc/connect.c: Pass client address to as_rep() and tgs_rep().
2829
2830 * kdc/config.c: Add check_ticket_addresses, and
2831 allow_null_ticket_addresses variables.
2832
2833Tue May 26 14:03:42 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2834
2835 * lib/kadm5/create_s.c: possibly make DES keys version 4 salted
2836
2837 * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
2838 before zapping version 4 salts
2839
2840Sun May 24 05:22:17 1998 Assar Westerlund <assar@sics.se>
2841
2842 * Release 0.0q
2843
2844 * lib/krb5/aname_to_localname.c: new file
2845
2846 * lib/gssapi/init_sec_context.c (repl_mutual): no output token
2847
2848 * lib/gssapi/display_name.c (gss_display_name): zero terminate
2849 output.
2850
2851Sat May 23 19:11:07 1998 Assar Westerlund <assar@sics.se>
2852
2853 * lib/gssapi/display_status.c: new file
2854
2855 * Makefile.am: send -I to aclocal
2856
2857 * configure.in: remove duplicate setenv
2858
2859Sat May 23 04:55:19 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2860
2861 * kadmin/util.c (foreach_principal): Check for expression before
2862 wading through the whole database.
2863
2864 * kadmin/kadmin.c: Pass NULL password to
2865 kadm5_*_init_with_password.
2866
2867 * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
2868 of `password' parameter to init_with_password.
2869
2870 * lib/kadm5/init_s.c: implement init_with_{skey,creds}*
2871
2872 * lib/kadm5/server.c: Better arguments for
2873 kadm5_init_with_password.
2874
2875Sat May 16 07:10:36 1998 Assar Westerlund <assar@sics.se>
2876
2877 * kdc/hprop.c: conditionalize ka-server reading support on
2878 KASERVER_DB
2879
2880 * configure.in: new option `--enable-kaserver-db'
2881
2882Fri May 15 19:39:18 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2883
2884 * lib/krb5/get_cred.c: Better error if local tgt couldn't be
2885 found.
2886
2887Tue May 12 21:11:02 1998 Assar Westerlund <assar@sics.se>
2888
2889 * Release 0.0p
2890
2891 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
2892 encryption type in auth_context if it's compatible with the type
2893 of the session key
2894
2895Mon May 11 21:11:14 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2896
2897 * kdc/hprop.c: add support for ka-server databases
2898
2899 * appl/ftp/ftpd: link with -lcrypt, if needed
2900
2901Fri May 1 07:29:52 1998 Assar Westerlund <assar@sics.se>
2902
2903 * configure.in: don't test for winsock.h
2904
2905Sat Apr 18 21:43:11 1998 Johan Danielsson <joda@puffer.pdc.kth.se>
2906
2907 * Release 0.0o
2908
2909Sat Apr 18 00:31:11 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2910
2911 * lib/krb5/sock_principal.c: Save hostname.
2912
2913Sun Apr 5 11:29:45 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2914
2915 * lib/krb5/mk_req_ext.c: Use same enctype as in ticket.
2916
2917 * kdc/hprop.c (v4_prop): Check for null key.
2918
2919Fri Apr 3 03:54:54 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2920
2921 * lib/krb5/str2key.c: Fix DES3 string-to-key.
2922
2923 * lib/krb5/keytab.c: Get default keytab name from context.
2924
2925 * lib/krb5/context.c: Get `default_keytab_name' value.
2926
2927 * kadmin/util.c (foreach_principal): Print error message if
2928 `kadm5_get_principals' fails.
2929
2930 * kadmin/kadmind.c: Use `kadmind_loop'.
2931
2932 * lib/kadm5/server.c: Replace several other functions with
2933 `kadmind_loop'.
2934
2935Sat Mar 28 09:49:18 1998 Assar Westerlund <assar@sics.se>
2936
2937 * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
2938 of O_APPEND
2939
2940 * configure.in: generate ftp Makefiles
2941
2942 * kuser/klist.c (print_cred_verbose): print IPv4-address in a
2943 portable way.
2944
2945 * admin/srvconvert.c (srvconv): return 0 if successful
2946
2947Tue Mar 24 00:40:33 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2948
2949 * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
2950 keytab entries, and change default keytab to `/etc/krb5.keytab'.
2951
2952Mon Mar 23 23:43:59 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2953
2954 * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.
2955
2956 * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
2957 Fix bug in checking of pad.
2958
2959 * lib/gssapi/{un,}wrap.c: Add support for just integrity
2960 protecting data.
2961
2962 * lib/gssapi/accept_sec_context.c: Use
2963 `gssapi_krb5_verify_8003_checksum'.
2964
2965 * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.
2966
2967 * lib/gssapi/init_sec_context.c: Zero cred, and store session key
2968 properly in auth-context.
2969
2970Sun Mar 22 00:47:22 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2971
2972 * lib/kadm5/delete_s.c: Check immutable bit.
2973
2974 * kadmin/kadmin.c: Pass client name to kadm5_init.
2975
2976 * lib/kadm5/init_c.c: Get creds for client name passed in.
2977
2978 * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.
2979
2980Sat Mar 21 22:57:13 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2981
2982 * lib/krb5/mk_error.c: Verify that error_code is in the range
2983 [0,127].
2984
2985 * kdc/kerberos5.c: Move checking of principal flags to new
2986 function `check_flags'.
2987
2988Sat Mar 21 14:38:51 1998 Assar Westerlund <assar@sics.se>
2989
2990 * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt
2991
2992 * configure.in: define SunOS if running solaris
2993
2994Sat Mar 21 00:26:34 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2995
2996 * lib/kadm5/server.c: Unifdef test for same principal when
2997 changing password.
2998
2999 * kadmin/util.c: If kadm5_get_principals failes, we might still be
3000 able to perform the requested opreration (for instance someone if
3001 trying to change his own password).
3002
3003 * lib/kadm5/init_c.c: Try to get ticket via initial request, if
3004 not possible via tgt.
3005
3006 * lib/kadm5/server.c: Check for principals changing their own
3007 passwords.
3008
3009 * kdc/kerberos5.c (tgs_rep2): check for interesting flags on
3010 involved principals.
3011
3012 * kadmin/util.c: Fix order of flags.
3013
3014Thu Mar 19 16:54:10 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3015
3016 * kdc/kerberos4.c: Return sane error code if krb_rd_req fails.
3017
3018Wed Mar 18 17:11:47 1998 Assar Westerlund <assar@sics.se>
3019
3020 * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
3021
3022Wed Mar 18 09:58:18 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3023
3024 * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
3025 free keyseed; use correct keytab
3026
3027Tue Mar 10 09:56:16 1998 Assar Westerlund <assar@sics.se>
3028
3029 * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives
3030
3031Mon Mar 16 23:58:23 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3032
3033 * Release 0.0n
3034
3035Fri Mar 6 00:41:30 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3036
3037 * lib/gssapi/{accept_sec_context,release_cred}.c: Use
3038 krb5_kt_close/krb5_kt_resolve.
3039
3040 * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
3041 to lookup hosts, so CNAMEs can be ignored.
3042
3043 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
3044 Add support for using proxy.
3045
3046 * lib/krb5/context.c: Initialize `http_proxy' from
3047 `libdefaults/http_proxy'.
3048
3049 * lib/krb5/krb5.h: Add `http_proxy' to context.
3050
3051 * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
3052 specifications.
3053
3054Wed Mar 4 01:47:29 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3055
3056 * admin/ktutil.c: Implement `add' and `remove' functions. Make
3057 `--keytab' a global option.
3058
3059 * lib/krb5/keytab.c: Implement remove with files. Add memory
3060 operations.
3061
3062Tue Mar 3 20:09:59 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3063
3064 * lib/krb5/keytab.c: Use function pointers.
3065
3066 * admin: Remove kdb_edit.
3067
3068Sun Mar 1 03:28:42 1998 Assar Westerlund <assar@sics.se>
3069
3070 * lib/kadm5/dump_log.c: print operation names
3071
3072Sun Mar 1 03:04:12 1998 Assar Westerlund <assar@sics.se>
3073
3074 * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}
3075
3076 * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
3077 remove arbitrary limit
3078
3079 * kdc/hprop-common.c: use krb5_{read,write}_message
3080
3081 * lib/kadm5/ipropd_master.c (send_diffs): more careful use
3082 krb5_{write,read}_message
3083
3084 * lib/kadm5/ipropd_slave.c (get_creds): get credentials for
3085 `iprop/master' directly.
3086 (main): use `krb5_read_message'
3087
3088Sun Mar 1 02:05:11 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3089
3090 * kadmin/kadmin.c: Cleanup commands list, and add help strings.
3091
3092 * kadmin/get.c: Add long, short, and terse (equivalent to `list')
3093 output formats. Short is the default.
3094
3095 * kadmin/util.c: Add `include_time' flag to timeval2str.
3096
3097 * kadmin/init.c: Max-life and max-renew can, infact, be zero.
3098
3099 * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.
3100
3101 * kadmin/util.c: Add function `foreach_principal', that loops over
3102 all principals matching an expression.
3103
3104 * kadmin/kadmin.c: Add usage string to `privileges'.
3105
3106 * lib/kadm5/get_princs_s.c: Also try to match aganist the
3107 expression appended with `@default-realm'.
3108
3109 * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
3110 excludes the realm if it's the same as the default realm.
3111
3112Fri Feb 27 05:02:21 1998 Assar Westerlund <assar@sics.se>
3113
3114 * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
3115 headers and functions error -> com_err
3116
3117 (krb5_get_init_creds_keytab): use krb5_keytab_key_proc
3118
3119 * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
3120 global
3121
3122 * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'
3123
3124 * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.
3125
3126Fri Feb 27 04:49:24 1998 Assar Westerlund <assar@sics.se>
3127
3128 * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
3129 This should be fixed the correct way.
3130
3131 * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
3132 (send_diffs): compare versions correctly
3133 (main): reorder handling of events
3134
3135 * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion
3136
3137Thu Feb 26 02:22:35 1998 Assar Westerlund <assar@sics.se>
3138
3139 * lib/kadm5/ipropd_{slave,master}.c: new files
3140
3141 * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
3142 argument
3143
3144 * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
3145 et_list *'
3146
3147 * aux/make-proto.pl: Should work with perl4
3148
3149Mon Feb 16 17:20:22 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3150
3151 * lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
3152 {asn1,krb5}_err.h).
3153
3154Thu Feb 12 03:28:40 1998 Assar Westerlund <assar@sics.se>
3155
3156 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
3157 is larger than max_skew, return KRB5KRB_AP_ERR_SKEW
3158
3159 * lib/kadm5/log.c (get_version): globalize
3160
3161 * lib/kadm5/kadm5_locl.h: include <sys/file.h>
3162
3163 * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY
3164
3165 * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
3166 initializing local struct in declaration.
3167
3168Sat Jan 31 17:28:58 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3169
3170 * kdc/524.c: Use krb5_decode_EncTicketPart.
3171
3172 * kdc/kerberos5.c: Check at runtime whether to use enctypes
3173 instead of keytypes. If so use the same value to encrypt ticket,
3174 and kdc-rep as well as `keytype' for session key. Fix some obvious
3175 bugs with the handling of additional tickets.
3176
3177 * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
3178 krb5_decode_Authenticator.
3179
3180 * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.
3181
3182 * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.
3183
3184 * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
3185 type, and not a key type. Use krb5_encode_EncAPRepPart.
3186
3187 * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.
3188
3189 * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.
3190
3191 * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.
3192
3193 * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.
3194
3195 * lib/krb5/build_auth.c: Use krb5_encode_Authenticator.
3196
3197 * lib/krb5/codec.c: Enctype conversion stuff.
3198
3199 * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
3200 setuid. Get configuration for libdefaults ktype_is_etype, and
3201 default_etypes.
3202
3203 * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
3204 krb5_convert_etype to krb5_decode_keytype, and add
3205 krb5_decode_keyblock.
3206
3207Fri Jan 23 00:32:09 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3208
3209 * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.
3210
3211 * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
3212 from protocol keytypes (that really are enctypes) to internal
3213 representation.
3214
3215Thu Jan 22 21:24:36 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3216
3217 * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
3218 on keys in the database; and also a new `pa-key-info' padata-type.
3219
3220 * kdc/kerberos5.c: If pre-authentication fails, return a list of
3221 keytypes, salttypes, and salts.
3222
3223 * lib/krb5/init_creds_pw.c: Add better support for
3224 pre-authentication, by looking at hints from the KDC.
3225
3226 * lib/krb5/get_in_tkt.c: Add better support for specifying what
3227 pre-authentication to use.
3228
3229 * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
3230 KEYTYPE_DES_AFS3.
3231
3232 * lib/krb5/krb5.h: Add pre-authentication structures.
3233
3234 * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.
3235
3236Wed Jan 21 06:20:40 1998 Assar Westerlund <assar@sics.se>
3237
3238 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
3239 `log_context.socket_name' and `log_context.socket_fd'
3240
3241 * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
3242 to inform the possible running ipropd of an update.
3243
3244Wed Jan 21 01:34:09 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3245
3246 * lib/krb5/get_in_tkt.c: Return error-packet to caller.
3247
3248 * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.
3249
3250 * kdc/kerberos5.c: Add some support for using enctypes instead of
3251 keytypes.
3252
3253 * lib/krb5/get_cred.c: Fixes to send authorization-data to the
3254 KDC.
3255
3256 * lib/krb5/build_auth.c: Only generate local subkey if there is
3257 none.
3258
3259 * lib/krb5/krb5.h: Add krb5_authdata type.
3260
3261 * lib/krb5/auth_context.c: Add
3262 krb5_auth_con_set{,localsub,remotesub}key.
3263
3264 * lib/krb5/init_creds_pw.c: Return some error if prompter
3265 functions return failure.
3266
3267Wed Jan 21 01:16:13 1998 Assar Westerlund <assar@sics.se>
3268
3269 * kpasswd/kpasswd.c: detect bad password. use krb5_err.
3270
3271 * kadmin/util.c (edit_entry): remove unused variables
3272
3273Tue Jan 20 22:58:31 1998 Assar Westerlund <assar@sics.se>
3274
3275 * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.
3276
3277 * lib/kadm5/kadm5_locl.h: add kadm5_log_context and
3278 kadm5_log*-functions
3279
3280 * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
3281 log
3282
3283 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
3284 log
3285
3286 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
3287 log_context
3288
3289 * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
3290 log
3291
3292 * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
3293 log
3294
3295 * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
3296 log
3297
3298 * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
3299 log
3300
3301 * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log
3302
3303 * lib/kadm5/replay_log.c: new file
3304
3305 * lib/kadm5/dump_log.c: new file
3306
3307 * lib/kadm5/log.c: new file
3308
3309 * lib/krb5/str2key.c (get_str): initialize pad space to zero
3310
3311 * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL
3312
3313 * kpasswd/kpasswdd.c: rewritten to use the kadm5 API
3314
3315 * kpasswd/Makefile.am: link with kadm5srv
3316
3317 * kdc/kerberos5.c (tgs_rep): initialize `i'
3318
3319 * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp
3320
3321 * include/Makefile.am: added admin.h
3322
3323Sun Jan 18 01:41:34 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
3324
3325 * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.
3326
3327 * lib/krb5/mcache.c (mcc_store_cred): restore linked list if
3328 copy_creds fails.
3329
3330Tue Jan 6 04:17:56 1998 Assar Westerlund <assar@sics.se>
3331
3332 * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}
3333
3334 * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.
3335
3336 * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
3337 krb5_getportbyname
3338
3339 * kadmin/kadmind.c (main): htons correctly.
3340 moved kadm5_server_{recv,send}
3341
3342 * kadmin/kadmin.c (main): only set admin_server if explicitly
3343 given
3344
3345Mon Jan 5 23:34:44 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3346
3347 * lib/hdb/ndbm.c: Implement locking of database.
3348
3349 * kdc/kerberos5.c: Process AuthorizationData.
3350
3351Sat Jan 3 22:07:07 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
3352
3353 * kdc/string2key.c: Use AFS string-to-key from libkrb5.
3354
3355 * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.
3356
3357 * lib/krb5/krb5.h: Add value for AFS salts.
3358
3359 * lib/krb5/str2key.c: Add support for AFS string-to-key.
3360
3361 * lib/kadm5/rename_s.c: Use correct salt.
3362
3363 * lib/kadm5/ent_setup.c: Always enable client. Only set max-life
3364 and max-renew if != 0.
3365
3366 * lib/krb5/config_file.c: Add context to all krb5_config_*get_*.
3367
3368Thu Dec 25 17:03:25 1997 Assar Westerlund <assar@sics.se>
3369
3370 * kadmin/ank.c (ank): don't zero password if --random-key was
3371 given.
3372
3373Tue Dec 23 01:56:45 1997 Assar Westerlund <assar@sics.se>
3374
3375 * Release 0.0m
3376
3377 * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'
3378
3379 * kadmin/util.c (edit_time): only set mask if != 0
3380 (edit_attributes): only set mask if != 0
3381
3382 * kadmin/init.c (init): create `default'
3383
3384Sun Dec 21 09:44:05 1997 Assar Westerlund <assar@sics.se>
3385
3386 * kadmin/util.c (str2deltat, str2attr, get_deltat): return value
3387 as pointer and have return value indicate success.
3388
3389 (get_response): check NULL from fgets
3390
3391 (edit_time, edit_attributes): new functions for reading values and
3392 offering list of answers on '?'
3393
3394 (edit_entry): use edit_time and edit_attributes
3395
3396 * kadmin/ank.c (add_new_key): test the return value of
3397 `krb5_parse_name'
3398
3399 * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
3400 that the checksum has to be keyed, even though later drafts do.
3401 Accept unkeyed checksums to be compatible with MIT.
3402
3403 * kadmin/kadmin_locl.h: add some prototypes.
3404
3405 * kadmin/util.c (edit_entry): return a value
3406
3407 * appl/afsutil/afslog.c (main): return a exit code.
3408
3409 * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes
3410
3411 * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.
3412
3413 * lib/krb5/build_auth.c (krb5_build_authenticator): use
3414 krb5_{free,copy}_keyblock instead of the _contents versions
3415
3416Fri Dec 12 14:20:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3417
3418 * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey
3419
3420Mon Dec 8 08:48:09 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3421
3422 * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid
3423
3424Sat Dec 6 10:09:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3425
3426 * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
3427 keyblock
3428
3429Sat Dec 6 08:26:10 1997 Assar Westerlund <assar@sics.se>
3430
3431 * Release 0.0l
3432
3433Thu Dec 4 03:38:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3434
3435 * lib/krb5/send_to_kdc.c: Add TCP client support.
3436
3437 * lib/krb5/store.c: Add k_{put,get}_int.
3438
3439 * kadmin/ank.c: Set initial kvno to 1.
3440
3441 * kdc/connect.c: Send version 5 TCP-reply as length+data.
3442
3443Sat Nov 29 07:10:11 1997 Assar Westerlund <assar@sics.se>
3444
3445 * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug
3446
3447 * kdc/kaserver.c (create_reply_ticket): use a random nonce in the
3448 reply packet.
3449
3450 * kdc/connect.c (init_sockets): less reallocing.
3451
3452 * **/*.c: changed `struct fd_set' to `fd_set'
3453
3454Sat Nov 29 05:12:01 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3455
3456 * lib/krb5/get_default_principal.c: More guessing.
3457
3458Thu Nov 20 02:55:09 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3459
3460 * lib/krb5/rd_req.c: Use principal from ticket if no server is
3461 given.
3462
3463Tue Nov 18 02:58:02 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3464
3465 * kuser/klist.c: Use krb5_err*().
3466
3467Sun Nov 16 11:57:43 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3468
3469 * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
3470 commands.
3471
3472Sun Nov 16 02:52:20 1997 Assar Westerlund <assar@sics.se>
3473
3474 * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
3475 `enctype'
3476
3477 * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
3478 if set.
3479
3480 * lib/krb5/get_cred.c: handle the case of a specific keytype
3481
3482 * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
3483 parameter instead of guessing it.
3484
3485 * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
3486 `enctype'
3487
3488 * appl/test/common.c (common_setup): don't use `optarg'
3489
3490 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
3491 (krb5_kt_get_entry): retrieve the latest version if kvno == 0
3492
3493 * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE
3494
3495 * lib/krb5/creds.c (krb5_compare_creds): check for
3496 KRB5_TC_MATCH_KEYTYPE
3497
3498 * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
3499 unused variable
3500
3501 * lib/krb5/creds.c (krb5_copy_creds_contents): only free the
3502 contents if we fail.
3503
3504Sun Nov 16 00:32:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3505
3506 * kpasswd/kpasswdd.c: Get password expiration time from config
3507 file.
3508
3509 * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.
3510
3511Wed Nov 12 02:35:57 1997 Assar Westerlund <assar@sics.se>
3512
3513 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
3514 restructured and fixed.
3515
3516 * lib/krb5/addr_families.c (krb5_h_addr2addr): new function.
3517
3518Wed Nov 12 01:36:01 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3519
3520 * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
3521 methods fail.
3522
3523Tue Nov 11 22:22:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3524
3525 * kadmin/kadmin.c: Add `-l' flag to use local database.
3526
3527 * lib/kadm5/acl.c: Use KADM5_PRIV_ALL.
3528
3529 * lib/kadm5: Use function pointer trampoline for easier dual use
3530 (without radiation-hardening capability).
3531
3532Tue Nov 11 05:15:22 1997 Assar Westerlund <assar@sics.se>
3533
3534 * lib/krb5/encrypt.c (krb5_etype_valid): new function
3535
3536 * lib/krb5/creds.c (krb5_copy_creds_contents): zero target
3537
3538 * lib/krb5/context.c (valid_etype): remove
3539
3540 * lib/krb5/checksum.c: remove dead code
3541
3542 * lib/krb5/changepw.c (send_request): free memory on error.
3543
3544 * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
3545 from malloc.
3546
3547 * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
3548 failure correctly.
3549 (krb5_auth_con_setaddrs_from_fd): return error correctly.
3550
3551 * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files
3552
3553Tue Nov 11 02:53:19 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3554
3555 * lib/krb5/auth_context.c: Implement auth_con_setuserkey.
3556
3557 * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.
3558
3559 * lib/krb5/keyblock.c: Rename krb5_free_keyblock to
3560 krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.
3561
3562 * lib/krb5/rd_req.c: Use auth_context->keyblock if
3563 ap_options.use_session_key.
3564
3565Tue Nov 11 02:35:17 1997 Assar Westerlund <assar@sics.se>
3566
3567 * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
3568 fix callers.
3569
3570 * lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>
3571
3572 * include/Makefile.am: add xdbm.h
3573
3574Tue Nov 11 01:58:22 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3575
3576 * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.
3577
3578Mon Nov 10 22:41:53 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3579
3580 * lib/krb5/ticket.c: Implement copy_ticket.
3581
3582 * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.
3583
3584 * lib/krb5/data.c: Implement free_data and copy_data.
3585
3586Sun Nov 9 02:17:27 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3587
3588 * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.
3589
3590 * kadmin/kadmin.c: Add get_privileges function.
3591
3592 * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
3593 specification.
3594
3595 * kdc/connect.c: Exit if no sockets could be bound.
3596
3597 * kadmin/kadmind.c: Check return value from krb5_net_read().
3598
3599 * lib/kadm5,kadmin: Fix memory leaks.
3600
3601Fri Nov 7 02:45:26 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3602
3603 * lib/kadm5/create_s.c: Get some default values from `default'
3604 principal.
3605
3606 * lib/kadm5/ent_setup.c: Add optional default entry to get some
3607 values from.
3608
3609Thu Nov 6 00:20:41 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3610
3611 * lib/error/compile_et.awk: Remove generated destroy_*_error_table
3612 prototype
3613
3614 * kadmin/kadmind.c: Crude admin server.
3615
3616 * kadmin/kadmin.c: Update to use remote protocol.
3617
3618 * kadmin/get.c: Fix principal formatting.
3619
3620 * lib/kadm5: Add client support.
3621
3622 * lib/kadm5/error.c: Error code mapping.
3623
3624 * lib/kadm5/server.c: Kadmind support function.
3625
3626 * lib/kadm5/marshall.c: Kadm5 marshalling.
3627
3628 * lib/kadm5/acl.c: Simple acl system.
3629
3630 * lib/kadm5/kadm5_locl.h: Add client stuff.
3631
3632 * lib/kadm5/init_s.c: Initialize acl.
3633
3634 * lib/kadm5/*: Return values.
3635
3636 * lib/kadm5/create_s.c: Correct kvno.
3637
3638Wed Nov 5 22:06:50 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3639
3640 * lib/krb5/log.c: Fix parsing of log destinations.
3641
3642Mon Nov 3 20:33:55 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3643
3644 * lib/krb5/principal.c: Reduce number of reallocs in unparse_name.
3645
3646Sat Nov 1 01:40:53 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3647
3648 * kadmin: Simple kadmin utility.
3649
3650 * admin/ktutil.c: Print keytype.
3651
3652 * lib/kadm5/get_s.c: Set correct n_key_data.
3653
3654 * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
3655 master key.
3656
3657 * lib/kadm5/destroy_s.c: Check for allocated context.
3658
3659 * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().
3660
3661Sat Nov 1 00:21:00 1997 Assar Westerlund <assar@sics.se>
3662
3663 * configure.in: test for readv, writev
3664
3665Wed Oct 29 23:41:26 1997 Assar Westerlund <assar@sics.se>
3666
3667 * lib/krb5/warn.c (_warnerr): handle the case of an illegal error
3668 code
3669
3670 * kdc/kerberos5.c (encode_reply): return success
3671
3672Wed Oct 29 18:01:59 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3673
3674 * kdc/kerberos5.c (find_etype) Return correct index of selected
3675 etype.
3676
3677Wed Oct 29 04:07:06 1997 Assar Westerlund <assar@sics.se>
3678
3679 * Release 0.0k
3680
3681 * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
3682 environment variable
3683
3684 * *: use the roken_get*-macros from roken.h for the benefit of
3685 Crays.
3686
3687 * configure.in: add --{enable,disable}-otp. check for compatible
3688 prototypes for gethostbyname, gethostbyaddr, getservbyname, and
3689 openlog (they have strange prototypes on Crays)
3690
3691 * acinclude.m4: new macro `AC_PROTO_COMPAT'
3692
3693Tue Oct 28 00:11:22 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3694
3695 * kdc/connect.c: Log bad requests.
3696
3697 * kdc/kerberos5.c: Move stuff that's in common between as_rep and
3698 tgs_rep to separate functions.
3699
3700 * kdc/kerberos5.c: Fix user-to-user authentication.
3701
3702 * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
3703 - add a kdc-options argument to krb5_get_credentials, and rename
3704 it to krb5_get_credentials_with_flags
3705 - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
3706 - add some more user-to-user glue
3707
3708 * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
3709 function, krb5_decrypt_ticket, so it is easier to decrypt and
3710 check a ticket without having an ap-req.
3711
3712 * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
3713 flags.
3714
3715 * lib/krb5/crc.c (crc_init_table): Check if table is already
3716 inited.
3717
3718Sun Oct 26 04:51:02 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3719
3720 * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
3721 indefinite encoding.
3722
3723 * lib/asn1/gen_glue.c (generate_units): Check for empty
3724 member-list.
3725
3726Sat Oct 25 07:24:57 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3727
3728 * lib/error/compile_et.awk: Allow specifying table-base.
3729
3730Tue Oct 21 20:21:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3731
3732 * kdc/kerberos5.c: Check version number of krbtgt.
3733
3734Mon Oct 20 01:14:53 1997 Assar Westerlund <assar@sics.se>
3735
3736 * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
3737 case of unhidden prompts.
3738
3739 * lib/krb5/str2key.c (string_to_key_internal): return error
3740 instead of aborting. always free memory
3741
3742 * admin/ktutil.c: add `help' command
3743
3744 * admin/kdb_edit.c: implement new commands: add_random_key(ark),
3745 change_password(cpw), change_random_key(crk)
3746
3747Thu Oct 16 05:16:36 1997 Assar Westerlund <assar@sics.se>
3748
3749 * kpasswd/kpasswdd.c: change all the keys in the database
3750
3751 * kdc: removed all unsealing, now done by the hdb layer
3752
3753 * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
3754 and `hdb_clear_master_key'
3755
3756 * admin/misc.c: removed
3757
3758Wed Oct 15 22:47:31 1997 Assar Westerlund <assar@sics.se>
3759
3760 * kuser/klist.c: print year as YYYY iff verbose
3761
3762Wed Oct 15 20:02:13 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3763
3764 * kuser/klist.c: print etype from ticket
3765
3766Mon Oct 13 17:18:57 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3767
3768 * Release 0.0j
3769
3770 * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
3771 used to decrypt the reply from DCE secds.
3772
3773 * lib/krb5/auth_context.c: Add {get,set}enctype.
3774
3775 * lib/krb5/get_cred.c: Fix for DCE secd.
3776
3777 * lib/krb5/store.c: Store keytype twice, as MIT does.
3778
3779 * lib/krb5/get_in_tkt.c: Use etype from reply.
3780
3781Fri Oct 10 00:39:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3782
3783 * kdc/connect.c: check for leading '/' in http request
3784
3785Tue Sep 30 21:50:18 1997 Assar Westerlund <assar@assaris.pdc.kth.se>
3786
3787 * Release 0.0i
3788
3789Mon Sep 29 15:58:43 1997 Assar Westerlund <assar@sics.se>
3790
3791 * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
3792 the kvno or keytype before receiving the AP-REQ
3793
3794 * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
3795 use from the keytype.
3796
3797 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
3798 cksumtype to use from the keytype.
3799
3800 * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
3801 from the keytype.
3802
3803 * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype
3804
3805 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
3806 what etype to use from the keytype.
3807
3808 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
3809 handle other key types than DES
3810
3811 * lib/krb5/encrypt.c (key_type): add `best_cksumtype'
3812 (krb5_keytype_to_cksumtype): new function
3813
3814 * lib/krb5/build_auth.c (krb5_build_authenticator): figure out
3815 what etype to use from the keytype.
3816
3817 * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
3818 and `enctype' to 0
3819
3820 * admin/extkeytab.c (ext_keytab): extract all keys
3821
3822 * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge
3823
3824 * configure.in: check for <netinet6/in6.h>. check for -linet6
3825
3826Tue Sep 23 03:00:53 1997 Assar Westerlund <assar@sics.se>
3827
3828 * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1
3829
3830 * lib/krb5/rd_safe.c: fix check for keyed and collision-proof
3831 checksum
3832
3833 * lib/krb5/context.c (valid_etype): remove hard-coded constants
3834 (default_etypes): include DES3
3835
3836 * kdc/kerberos5.c: fix check for keyed and collision-proof
3837 checksum
3838
3839 * admin/util.c (init_des_key, set_password): DES3 keys also
3840
3841 * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
3842 no contact?
3843
3844 * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'
3845
3846Mon Sep 22 11:44:27 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3847
3848 * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
3849 the client is used to select wich key to encrypt the kdc rep with
3850 (in case of as-req), and with the server info to select the
3851 session key type. The server key the ticket is encrypted is based
3852 purely on the keys in the database.
3853
3854 * kdc/string2key.c: Add keytype support. Default to version 5
3855 keys.
3856
3857 * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.
3858
3859 * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
3860 many *_to_* functions.
3861
3862 * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
3863 to krb5_string_to_key().
3864
3865 * lib/krb5/checksum.c: Some cleanup, and added:
3866 - rsa-md5-des3
3867 - hmac-sha1-des3
3868 - keyed and collision proof flags to each checksum method
3869 - checksum<->string functions.
3870
3871 * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.
3872
3873Sun Sep 21 15:19:23 1997 Assar Westerlund <assar@sics.se>
3874
3875 * kdc/connect.c: use new addr_families functions
3876
3877 * kpasswd/kpasswdd.c: use new addr_families functions. Now works
3878 over IPv6
3879
3880 * kuser/klist.c: use correct symbols for address families
3881
3882 * lib/krb5/sock_principal.c: use new addr_families functions
3883
3884 * lib/krb5/send_to_kdc.c: use new addr_families functions
3885
3886 * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6
3887
3888 * lib/krb5/get_addrs.c: use new addr_families functions
3889
3890 * lib/krb5/changepw.c: use new addr_families functions. Now works
3891 over IPv6
3892
3893 * lib/krb5/auth_context.c: use new addr_families functions
3894
3895 * lib/krb5/addr_families.c: new file
3896
3897 * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated
3898 uses.
3899
3900 * acinclude.m4: new macro `AC_KRB_IPV6'. Use it.
3901
3902Sat Sep 13 23:04:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3903
3904 * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
3905 principals.
3906
3907Sat Sep 13 00:59:36 1997 Assar Westerlund <assar@sics.se>
3908
3909 * Release 0.0h
3910
3911 * appl/telnet/telnet/commands.c: AF_INET6 support
3912
3913 * admin/misc.c: new file
3914
3915 * lib/krb5/context.c: new configuration variable `max_retries'
3916
3917 * lib/krb5/get_addrs.c: fixes and better #ifdef's
3918
3919 * lib/krb5/config_file.c: implement krb5_config_get_int
3920
3921 * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
3922 AF_INET6 support
3923
3924 * kuser/klist.c: support for printing IPv6-addresses
3925
3926 * kdc/connect.c: support AF_INET6
3927
3928 * configure.in: test for gethostbyname2 and struct sockaddr_in6
3929
3930Thu Sep 11 07:25:28 1997 Assar Westerlund <assar@sics.se>
3931
3932 * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
3933 PA-DATA'
3934
3935Wed Sep 10 21:20:17 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3936
3937 * kdc/kerberos5.c: Fixes for cross-realm, including (but not
3938 limited to):
3939 - allow client to be non-existant (should probably check for
3940 "local realm")
3941 - if server isn't found and it is a request for a krbtgt, try to
3942 find a realm on the way to the requested realm
3943 - update the transited encoding iff
3944 client-realm != server-realm != tgt-realm
3945
3946 * lib/krb5/get_cred.c: Several fixes for cross-realm.
3947
3948Tue Sep 9 15:59:20 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3949
3950 * kdc/string2key.c: Fix password handling.
3951
3952 * lib/krb5/encrypt.c: krb5_key_to_string
3953
3954Tue Sep 9 07:46:05 1997 Assar Westerlund <assar@sics.se>
3955
3956 * lib/krb5/get_addrs.c: rewrote. Now should be able to handle
3957 aliases and IPv6 addresses
3958
3959 * kuser/klist.c: try printing IPv6 addresses
3960
3961 * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192
3962
3963 * configure.in: check for <netinet/in6_var.h>
3964
3965Mon Sep 8 02:57:14 1997 Assar Westerlund <assar@sics.se>
3966
3967 * doc: fixes
3968
3969 * admin/util.c (init_des_key): increase kvno
3970 (set_password): return -1 if `des_read_pw_string' failed
3971
3972 * admin/mod.c (doit2): check the return value from `set_password'
3973
3974 * admin/ank.c (doit): don't add a new entry if `set_password'
3975 failed
3976
3977Mon Sep 8 02:20:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3978
3979 * lib/krb5/verify_init.c: fix ap_req_nofail semantics
3980
3981 * lib/krb5/transited.c: something that might resemble
3982 domain-x500-compress
3983
3984Mon Sep 8 01:24:42 1997 Assar Westerlund <assar@sics.se>
3985
3986 * kdc/hpropd.c (main): check number of arguments
3987
3988 * appl/popper/pop_init.c (pop_init): check number of arguments
3989
3990 * kpasswd/kpasswd.c (main): check number of arguments
3991
3992 * kdc/string2key.c (main): check number of arguments
3993
3994 * kuser/kdestroy.c (main): check number of arguments
3995
3996 * kuser/kinit.c (main): check number of arguments
3997
3998 * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
3999 break out of select when a signal arrives
4000
4001 * kdc/main.c (main): use sigaction without SA_RESTART to break out
4002 of select when a signal arrives
4003
4004 * kdc/kstash.c: default to HDB_DB_DIR "/m-key"
4005
4006 * kdc/config.c (configure): add `--version'. Check the number of
4007 arguments. Handle the case of there being no specification of port
4008 numbers.
4009
4010 * admin/util.c: seal and unseal key at appropriate places
4011
4012 * admin/kdb_edit.c (main): parse arguments, config file and read
4013 master key iff there's one.
4014
4015 * admin/extkeytab.c (ext_keytab): unseal key while extracting
4016
4017Sun Sep 7 20:41:01 1997 Assar Westerlund <assar@sics.se>
4018
4019 * lib/roken/roken.h: include <fcntl.h>
4020
4021 * kdc/kerberos5.c (set_salt_padata): new function
4022
4023 * appl/telnet/telnetd/telnetd.c: Rename some variables that
4024 conflict with cpp symbols on HP-UX 10.20
4025
4026 * change all calls of `gethostbyaddr' to cast argument 1 to `const
4027 char *'
4028
4029 * acconfig.h: only use SGTTY on nextstep
4030
4031Sun Sep 7 14:33:50 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4032
4033 * kdc/kerberos5.c: Check invalid flag.
4034
4035Fri Sep 5 14:19:38 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4036
4037 * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.
4038
4039 * lib/kafs: Move functions common to krb/krb5 modules to new file,
4040 and make things more modular.
4041
4042 * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
4043 -> krb5_config_list
4044
4045Thu Sep 4 23:39:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4046
4047 * lib/krb5/get_addrs.c: Fix loopback test.
4048
4049Thu Sep 4 04:45:49 1997 Assar Westerlund <assar@sics.se>
4050
4051 * lib/roken/roken.h: fallback definition of `O_ACCMODE'
4052
4053 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
4054 checking for a v4 reply
4055
4056Wed Sep 3 18:20:14 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4057
4058 * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.
4059
4060 * lib/hdb/hdb.c: new {seal,unseal}_keys functions
4061
4062 * kdc/{hprop,hpropd}.c: Add support to dump database to stdout.
4063
4064 * kdc/hprop.c: Don't use same master key as version 4.
4065
4066 * admin/util.c: Don't dump core if no `default' is found.
4067
4068Wed Sep 3 16:01:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4069
4070 * kdc/connect.c: Allow run time port specification.
4071
4072 * kdc/config.c: Add flags for http support, and port
4073 specifications.
4074
4075Tue Sep 2 02:00:03 1997 Assar Westerlund <assar@sics.se>
4076
4077 * include/bits.c: Don't generate ifndef's in bits.h. Instead, use
4078 them when building the program. This makes it possible to include
4079 bits.h without having defined all HAVE_INT17_T symbols.
4080
4081 * configure.in: test for sigaction
4082
4083 * doc: updated documentation.
4084
4085Tue Sep 2 00:20:31 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4086
4087 * Release 0.0g
4088
4089Mon Sep 1 17:42:14 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4090
4091 * lib/krb5/data.c: don't return ENOMEM if len == 0
4092
4093Sun Aug 31 17:15:49 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4094
4095 * lib/hdb/hdb.asn1: Include salt type in salt.
4096
4097 * kdc/hprop.h: Change port to 754.
4098
4099 * kdc/hpropd.c: Verify who tries to transmit a database.
4100
4101 * appl/popper: Use getarg and krb5_log.
4102
4103 * lib/krb5/get_port.c: Add context parameter. Now takes port in
4104 host byte order.
4105
4106Sat Aug 30 18:48:19 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4107
4108 * kdc/connect.c: Add timeout to select, and log about expired tcp
4109 connections.
4110
4111 * kdc/config.c: Add `database' option.
4112
4113 * kdc/hpropd.c: Log about duplicate entries.
4114
4115 * lib/hdb/{db,ndbm}.c: Use common routines.
4116
4117 * lib/hdb/common.c: Implement more generic fetch/store/delete
4118 functions.
4119
4120 * lib/hdb/hdb.h: Add `replace' parameter to store.
4121
4122 * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
4123 entries.
4124
4125Fri Aug 29 03:13:23 1997 Assar Westerlund <assar@sics.se>
4126
4127 * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket
4128
4129 * aux/make-proto.pl: fix __P for stone age mode
4130
4131Fri Aug 29 02:45:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4132
4133 * lib/45/mk_req.c: implementation of krb_mk_req that uses 524
4134 protocol
4135
4136 * lib/krb5/init_creds_pw.c: make change_password and
4137 get_init_creds_common static
4138
4139 * lib/krb5/krb5.h: Merge stuff from removed headerfiles.
4140
4141 * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops
4142
4143 * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops
4144
4145Fri Aug 29 01:45:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4146
4147 * lib/krb5/krb5.h: Remove all prototypes.
4148
4149 * lib/krb5/convert_creds.c: Use `struct credentials' instead of
4150 `CREDENTIALS'.
4151
4152Fri Aug 29 00:08:18 1997 Assar Westerlund <assar@sics.se>
4153
4154 * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
4155 and units for bit strings.
4156
4157 * admin/util.c: flags2int, int2flags, and flag_units are now
4158 generated by asn1_compile
4159
4160 * lib/roken/parse_units.c: generalised `parse_units' and
4161 `unparse_units' and added new functions `parse_flags' and
4162 `unparse_flags' that use these
4163
4164 * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h
4165
4166 * admin/util.c: Use {un,}parse_flags for printing and parsing
4167 hdbflags.
4168
4169Thu Aug 28 03:26:12 1997 Assar Westerlund <assar@sics.se>
4170
4171 * lib/krb5/get_addrs.c: restructured
4172
4173 * lib/krb5/warn.c (_warnerr): leak less memory
4174
4175 * lib/hdb/hdb.c (hdb_free_entry): zero keys
4176 (hdb_check_db_format): leak less memory
4177
4178 * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
4179 NDBM__get, NDBM__put
4180
4181 * lib/hdb/db.c (DB_seq): check for valid hdb_entries
4182
4183Thu Aug 28 02:06:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4184
4185 * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.
4186
4187Thu Aug 28 01:13:17 1997 Assar Westerlund <assar@sics.se>
4188
4189 * kuser/kinit.1, klist.1, kdestroy.1: new man pages
4190
4191 * kpasswd/kpasswd.1, kpasswdd.8: new man pages
4192
4193 * kdc/kstash.8, hprop.8, hpropd.8: new man pages
4194
4195 * admin/ktutil.8, admin/kdb_edit.8: new man pages
4196
4197 * admin/mod.c: new file
4198
4199 * admin/life.c: renamed gettime and puttime to getlife and putlife
4200 and moved them to life.c
4201
4202 * admin/util.c: add print_flags, parse_flags, init_entry,
4203 set_created_by, set_modified_by, edit_entry, set_password. Use
4204 them.
4205
4206 * admin/get.c: use print_flags
4207
4208 * admin: removed unused stuff. use krb5_{warn,err}*
4209
4210 * admin/ank.c: re-organized and abstracted.
4211
4212 * admin/gettime.c: removed
4213
4214Thu Aug 28 00:37:39 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4215
4216 * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.
4217
4218 * lib/roken/base64.c: Add base64 functions.
4219
4220 * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.
4221
4222Wed Aug 27 00:29:20 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4223
4224 * include/Makefile.am: Don't make links to built files.
4225
4226 * admin/kdb_edit.c: Add command to set the database path.
4227
4228 * lib/hdb: Include version number in database.
4229
4230Tue Aug 26 20:14:54 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4231
4232 * admin/ktutil: Merged v4 srvtab conversion.
4233
4234Mon Aug 25 23:02:18 1997 Assar Westerlund <assar@sics.se>
4235
4236 * lib/roken/roken.h: add F_OK
4237
4238 * lib/gssapi/acquire_creds.c: fix typo
4239
4240 * configure.in: call AC_TYPE_MODE_T
4241
4242 * acinclude.m4: Add AC_TYPE_MODE_T
4243
4244Sun Aug 24 16:46:53 1997 Assar Westerlund <assar@sics.se>
4245
4246 * Release 0.0f
4247
4248Sun Aug 24 08:06:54 1997 Assar Westerlund <assar@sics.se>
4249
4250 * appl/popper/pop_pass.c: log poppers
4251
4252 * kdc/kaserver.c: some more checks
4253
4254 * kpasswd/kpasswd.c: removed `-p'
4255
4256 * kuser/kinit.c: removed `-p'
4257
4258 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
4259 KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.
4260
4261 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
4262 krb-error text
4263
4264 * lib/gssapi/import_name.c (input_name): more names types.
4265
4266 * admin/load.c (parse_keys): handle the case of an empty salt
4267
4268 * kdc/kaserver.c: fix up memory deallocation
4269
4270 * kdc/kaserver.c: quick hack at talking kaserver protocol
4271
4272 * kdc/kerberos4.c: Make `db-fetch4' global
4273
4274 * configure.in: add --enable-kaserver
4275
4276 * kdc/rx.h, kdc/kerberos4.h: new header files
4277
4278 * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o
4279
4280Sun Aug 24 03:52:44 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4281
4282 * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
4283 type conflicts.
4284
4285 * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.
4286
4287 * lib/des/{md4,md5,sha}.c: Now works on Crays.
4288
4289Sat Aug 23 18:15:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4290
4291 * appl/afsutil/afslog.c: If no cells or files specified, get
4292 tokens for all local cells. Better test for files.
4293
4294Thu Aug 21 23:33:38 1997 Assar Westerlund <assar@sics.se>
4295
4296 * lib/gssapi/v1.c: new file with v1 compatibility functions.
4297
4298Thu Aug 21 20:36:13 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4299
4300 * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.
4301
4302 * kdc/kerberos4.c: Check database when converting v4 principals.
4303
4304 * kdc/kerberos5.c: Include kvno in Ticket.
4305
4306 * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.
4307
4308 * kuser/klist.c: Print version number of ticket, include more
4309 flags.
4310
4311Wed Aug 20 21:26:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4312
4313 * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
4314 expiration.
4315
4316Wed Aug 20 17:40:31 1997 Assar Westerlund <assar@sics.se>
4317
4318 * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
4319 there's an error.
4320
4321 * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
4322 documentation and process KRB-ERROR's
4323
4324Tue Aug 19 20:41:30 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4325
4326 * kdc/kerberos4.c: Fix memory leak in v4 protocol handler.
4327
4328Mon Aug 18 05:15:09 1997 Assar Westerlund <assar@sics.se>
4329
4330 * lib/gssapi/accept_sec_context.c: Added
4331 `gsskrb5_register_acceptor_identity'
4332
4333Sun Aug 17 01:40:20 1997 Assar Westerlund <assar@sics.se>
4334
4335 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
4336 always pass server == NULL to krb5_rd_req.
4337
4338 * lib/gssapi: new files: canonicalize_name.c export_name.c
4339 context_time.c compare_name.c release_cred.c acquire_cred.c
4340 inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au>
4341
4342 * lib/krb5/config_file.c: Add netinfo support from Luke Howard
4343 <lukeh@xedoc.com.au>
4344
4345 * lib/editline/sysunix.c: sgtty-support from Luke Howard
4346 <lukeh@xedoc.com.au>
4347
4348 * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
4349 Howard <lukeh@xedoc.com.au>
4350
4351Sat Aug 16 00:44:47 1997 Assar Westerlund <assar@koi.pdc.kth.se>
4352
4353 * Release 0.0e
4354
4355Sat Aug 16 00:23:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4356
4357 * appl/afsutil/afslog.c: Use new libkafs.
4358
4359 * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.
4360
4361 * lib/krb5/warn.c: Fix format string for *x type.
4362
4363Fri Aug 15 22:15:01 1997 Assar Westerlund <assar@sics.se>
4364
4365 * admin/get.c (get_entry): print more information about the entry
4366
4367 * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed
4368
4369 * lib/krb5/config_file.c: new functions `krb5_config_get_time' and
4370 `krb5_config_vget_time'. Use them.
4371
4372Fri Aug 15 00:09:37 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4373
4374 * admin/ktutil.c: Keytab manipulation program.
4375
4376 * lib/krb5/keytab.c: Return sane values from resolve and
4377 start_seq_get.
4378
4379 * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.
4380
4381 * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
4382 krb524_convert_creds_kdc.
4383
4384 * lib/krb5/convert_creds.c: Implementation of
4385 krb524_convert_creds_kdc.
4386
4387 * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL
4388
4389 * kdc/524.c: A somewhat working 524-protocol module.
4390
4391 * kdc/kerberos4.c: Add version 4 ticket encoding and encryption
4392 functions.
4393
4394 * lib/krb5/context.c: Fix kdc_timeout.
4395
4396 * lib/hdb/{ndbm,db}.c: Free name in close.
4397
4398 * kdc/kerberos5.c (tgs_check_autenticator): Return error code
4399
4400Thu Aug 14 21:29:03 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4401
4402 * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.
4403
4404 * lib/krb5/store_emem.c: Fix reallocation bug.
4405
4406Tue Aug 12 01:29:46 1997 Assar Westerlund <assar@sics.se>
4407
4408 * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
4409 `krb5_sock_to_principal'. Send server parameter to
4410 krb5_rd_req/krb5_recvauth. Set addresses in auth_context.
4411
4412 * lib/krb5/recvauth.c: Set addresses in auth_context if there
4413 aren't any
4414
4415 * lib/krb5/auth_context.c: New function
4416 `krb5_auth_con_setaddrs_from_fd'
4417
4418 * lib/krb5/sock_principal.c: new function
4419 `krb5_sock_to_principal'
4420
4421 * lib/krb5/time.c: new file with `krb5_timeofday' and
4422 `krb5_us_timeofday'. Use these functions.
4423
4424 * kuser/klist.c: print KDC offset iff verbose
4425
4426 * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
4427 [libdefaults]kdc_timesync is set.
4428
4429 * lib/krb5/fcache.c: Implement version 4 of the ccache format.
4430
4431Mon Aug 11 05:34:43 1997 Assar Westerlund <assar@sics.se>
4432
4433 * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory
4434
4435 * lib/krb5/principal.c (krb5_unparse_name): allocate memory
4436 properly
4437
4438 * kpasswd/kpasswd.c: Use `krb5_change_password'
4439
4440 * lib/krb5/init_creds_pw.c (init_cred): set realm of server
4441 correctly.
4442
4443 * lib/krb5/init_creds_pw.c: support changing of password when it
4444 has expired
4445
4446 * lib/krb5/changepw.c: new file
4447
4448 * kuser/klist.c: use getarg
4449
4450 * admin/init.c (init): add `kadmin/changepw'
4451
4452Mon Aug 11 04:30:47 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4453
4454 * lib/krb5/get_cred.c: Make get_credentials handle cross-realm.
4455
4456Mon Aug 11 00:03:24 1997 Assar Westerlund <assar@sics.se>
4457
4458 * lib/krb5/config_file.c: implement support for #-comments
4459
4460Sat Aug 9 02:21:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4461
4462 * kdc/hprop*.c: Add database propagation programs.
4463
4464 * kdc/connect.c: Max request size.
4465
4466Sat Aug 9 00:47:28 1997 Assar Westerlund <assar@sics.se>
4467
4468 * lib/otp: resurrected from krb4
4469
4470 * appl/push: new program for fetching mail with POP.
4471
4472 * appl/popper/popper.h: new include files. new fields in `POP'
4473
4474 * appl/popper/pop_pass.c: Implement both v4 and v5.
4475
4476 * appl/popper/pop_init.c: Implement both v4 and v5.
4477
4478 * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5
4479
4480 * appl/popper: Popper from krb4.
4481
4482 * configure.in: check for inline and <netinet/tcp.h> generate
4483 files in appl/popper, appl/push, and lib/otp
4484
4485Fri Aug 8 05:51:02 1997 Assar Westerlund <assar@sics.se>
4486
4487 * lib/krb5/get_cred.c: clean-up and try to free memory even when
4488 there're errors
4489
4490 * lib/krb5/get_cred.c: adapt to new `extract_ticket'
4491
4492 * lib/krb5/get_in_tkt.c: reorganize. check everything and try to
4493 return memory even if there are errors.
4494
4495 * kuser/kverify.c: new file
4496
4497 * lib/krb5/free_host_realm.c: new file
4498
4499 * lib/krb5/principal.c (krb5_sname_to_principal): implement
4500 different nametypes. Also free memory.
4501
4502 * lib/krb5/verify_init.c: more functionality
4503
4504 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum
4505
4506 * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
4507 principals in creds. Should also compare them with that received
4508 from the KDC
4509
4510 * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
4511 krb5_ccache
4512 (krb5_cc_destroy): call krb5_cc_close
4513 (krb5_cc_retrieve_cred): delete the unused creds
4514
4515Fri Aug 8 02:30:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4516
4517 * lib/krb5/log.c: Allow better control of destinations of logging
4518 (like passing explicit destinations, and log-functions).
4519
4520Fri Aug 8 01:20:39 1997 Assar Westerlund <assar@sics.se>
4521
4522 * lib/krb5/get_default_principal.c: new file
4523
4524 * kpasswd/kpasswdd.c: use krb5_log*
4525
4526Fri Aug 8 00:37:47 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4527
4528 * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.
4529
4530Fri Aug 8 00:37:17 1997 Assar Westerlund <assar@sics.se>
4531
4532 * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
4533 Print password expire information.
4534
4535 * kdc/config.c: new variable `kdc_warn_pwexpire'
4536
4537 * kpasswd/kpasswd.c: converted to getarg and get_init_creds
4538
4539Thu Aug 7 22:17:09 1997 Assar Westerlund <assar@sics.se>
4540
4541 * lib/krb5/mcache.c: new file
4542
4543 * admin/gettime.c: new function puttime. Use it.
4544
4545 * lib/krb5/keyblock.c: Added krb5_free_keyblock and
4546 krb5_copy_keyblock
4547
4548 * lib/krb5/init_creds_pw.c: more functionality
4549
4550 * lib/krb5/creds.c: Added krb5_free_creds_contents and
4551 krb5_copy_creds. Changed callers.
4552
4553 * lib/krb5/config_file.c: new functions krb5_config_get and
4554 krb5_config_vget
4555
4556 * lib/krb5/cache.c: cleanup added mcache
4557
4558 * kdc/kerberos5.c: include last-req's of type 6 and 7, if
4559 applicable
4560
4561Wed Aug 6 20:38:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4562
4563 * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.
4564
4565Tue Aug 5 22:53:54 1997 Assar Westerlund <assar@sics.se>
4566
4567 * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
4568 prompter_posix.c: the beginning of an implementation of the cygnus
4569 initial-ticket API.
4570
4571 * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global
4572
4573 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
4574 almost krb5_get_in_tkt but doesn't write the creds to the ccache.
4575 Small fixes in krb5_get_in_tkt
4576
4577 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
4578 loopback.
4579
4580Mon Aug 4 20:20:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4581
4582 * kdc: Make context global.
4583
4584Fri Aug 1 17:23:56 1997 Assar Westerlund <assar@sics.se>
4585
4586 * Release 0.0d
4587
4588 * lib/roken/flock.c: new file
4589
4590 * kuser/kinit.c: check for and print expiry information in the
4591 `kdc_rep'
4592
4593 * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL
4594
4595 * kdc/kerberos5.c: Check the valid times on client and server.
4596 Check the password expiration.
4597 Check the require_preauth flag.
4598 Send an lr_type == 6 with pw_end.
4599 Set key.expiration to min(valid_end, pw_end)
4600
4601 * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'
4602
4603 * admin/util.c, admin/load.c: handle the new flags.
4604
4605Fri Aug 1 16:56:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4606
4607 * lib/hdb: Add some simple locking.
4608
4609Sun Jul 27 04:44:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4610
4611 * lib/krb5/log.c: Add some general logging functions.
4612
4613 * kdc/kerberos4.c: Add version 4 protocol handler. The requrement
4614 for this to work is that all involved principals has a des key in
4615 the database, and that the client has a version 4 (un-)salted
4616 key. Furthermore krb5_425_conv_principal has to do it's job, as
4617 present it's not very clever.
4618
4619 * lib/krb5/principal.c: Quick patch to make 425_conv work
4620 somewhat.
4621
4622 * lib/hdb/hdb.c: Add keytype->key and next key functions.
4623
4624Fri Jul 25 17:32:12 1997 Assar Westerlund <assar@sics.se>
4625
4626 * lib/krb5/build_auth.c (krb5_build_authenticator): don't free
4627 `cksum'. It's allocated and freed by the caller
4628
4629 * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.
4630
4631 * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
4632 `client' to return as part of the KRB-ERROR
4633
4634Thu Jul 24 08:13:59 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4635
4636 * kdc/kerberos5.c: Unseal keys from database before use.
4637
4638 * kdc/misc.c: New functions set_master_key, unseal_key and
4639 free_key.
4640
4641 * lib/roken/getarg.c: Handle `-f arg' correctly.
4642
4643Thu Jul 24 01:54:43 1997 Assar Westerlund <assar@sics.se>
4644
4645 * kuser/kinit.c: implement `-l' aka `--lifetime'
4646
4647 * lib/roken/parse_units.c, parse_time.c: new files
4648
4649 * admin/gettime.c (gettime): use `parse_time'
4650
4651 * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
4652 KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.
4653
4654 * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
4655 addresses in auth_context bind one socket per interface.
4656
4657 * kpasswd/kpasswd.c: use sequence numbers
4658
4659 * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
4660 the timestamps
4661
4662 * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
4663 from auth_context
4664
4665 * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
4666 from auth_context
4667
4668 * lib/krb5/mk_error.c (krb5_mk_error): return an error number and
4669 not a comerr'd number.
4670
4671 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
4672 number in KRB-ERROR correctly.
4673
4674 * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
4675 number in KRB-ERROR correctly.
4676
4677 * lib/asn1/k5.asn1: Add `METHOD-DATA'
4678
4679 * removed some memory leaks.
4680
4681Wed Jul 23 07:53:18 1997 Assar Westerlund <assar@sics.se>
4682
4683 * Release 0.0c
4684
4685 * lib/krb5/rd_cred.c, get_for_creds.c: new files
4686
4687 * lib/krb5/get_host_realm.c: try default realm as last chance
4688
4689 * kpasswd/kpasswdd.c: updated to hdb changes
4690
4691 * appl/telnet/libtelnet/kerberos5.c: Implement forwarding
4692
4693 * appl/telnet/libtelnet: removed totally unused files
4694
4695 * admin/ank.c: fix prompts and generation of random keys
4696
4697Wed Jul 23 04:02:32 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4698
4699 * admin/dump.c: Include salt in dump.
4700
4701 * admin: Mostly updated for new db-format.
4702
4703 * kdc/kerberos5.c: Update to use new db format. Better checking of
4704 flags and such. More logging.
4705
4706 * lib/hdb/hdb.c: Use generated encode and decode functions.
4707
4708 * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.
4709
4710 * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
4711 in the reply.
4712
4713Sun Jul 20 16:22:30 1997 Assar Westerlund <assar@sics.se>
4714
4715 * kuser/kinit.c: break if des_read_pw_string() != 0
4716
4717 * kpasswd/kpasswdd.c: send a reply
4718
4719 * kpasswd/kpasswd.c: restructured code. better report on
4720 krb-error break if des_read_pw_string() != 0
4721
4722 * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
4723 starttime and renew_till
4724
4725 * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
4726 keyblock to krb5_verify_chekcsum
4727
4728Sun Jul 20 06:35:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4729
4730 * Release 0.0b
4731
4732 * kpasswd/kpasswd.c: Avoid using non-standard struct names.
4733
4734Sat Jul 19 19:26:23 1997 Assar Westerlund <assar@sics.se>
4735
4736 * lib/krb5/keytab.c (krb5_kt_get_entry): check return from
4737 `krb5_kt_start_seq_get'. From <map@stacken.kth.se>
4738
4739Sat Jul 19 04:07:39 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4740
4741 * lib/asn1/k5.asn1: Update with more pa-data types from
4742 draft-ietf-cat-kerberos-revisions-00.txt
4743
4744 * admin/load.c: Update to match current db-format.
4745
4746 * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
4747 up. Send back an empty pa-data if the client has the v4 flag set.
4748
4749 * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
4750 pa-data. DTRT if there is any pa-data in the reply.
4751
4752 * lib/krb5/str2key.c: XOR with some sane value.
4753
4754 * lib/hdb/hdb.h: Add `version 4 salted key' flag.
4755
4756 * kuser/kinit.c: Ask for password before calling get_in_tkt. This
4757 makes it possible to call key_proc more than once.
4758
4759 * kdc/string2key.c: Add flags to output version 5 (DES only),
4760 version 4, and AFS string-to-key of a password.
4761
4762 * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
4763 ENOMEM).
4764
4765Fri Jul 18 02:54:58 1997 Assar Westerlund <assar@sics.se>
4766
4767 * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
4768 name2name thing
4769
4770 * kdc/misc.c: check result of hdb_open
4771
4772 * admin/kdb_edit: updated to new sl
4773
4774 * lib/sl: sl_func now returns an int. != 0 means to exit.
4775
4776 * kpasswd/kpasswdd: A crude (but somewhat working) implementation
4777 of `draft-ietf-cat-kerb-chg-password-00.txt'
4778
4779Fri Jul 18 00:55:39 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4780
4781 * kuser/krenew.c: Crude ticket renewing program.
4782
4783 * kdc/kerberos5.c: Rewritten flags parsing, it now might work to
4784 get forwarded and renewed tickets.
4785
4786 * kuser/kinit.c: Add `-r' flag.
4787
4788 * lib/krb5/get_cred.c: Move most of contents of get_creds to new
4789 function get_kdc_cred, that always contacts the kdc and doesn't
4790 save in the cache. This is a hack.
4791
4792 * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
4793 (a bit kludgy).
4794
4795 * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.
4796
4797 * lib/krb5/send_to_kdc.c: Get timeout from context.
4798
4799 * lib/krb5/context.c: Add kdc_timeout to context struct.
4800
4801Thu Jul 17 20:35:45 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4802
4803 * kuser/klist.c: Print start time of ticket if available.
4804
4805 * lib/krb5/get_host_realm.c: Return error if no realm was found.
4806
4807Thu Jul 17 20:28:21 1997 Assar Westerlund <assar@sics.se>
4808
4809 * kpasswd: non-working kpasswd added
4810
4811Thu Jul 17 00:21:22 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4812
4813 * Release 0.0a
4814
4815 * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.
4816
4817Wed Jul 16 03:37:41 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4818
4819 * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.
4820
4821 * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
4822 subkey.
4823
4824 * lib/krb5/principal.c (krb5_free_principal): Check for NULL.
4825
4826 * lib/krb5/send_to_kdc.c: Check for NULL return from
4827 gethostbyname.
4828
4829 * lib/krb5/set_default_realm.c: Try to get realm of local host if
4830 no default realm is available.
4831
4832 * Remove non ASN.1 principal code.
4833
4834Wed Jul 16 03:17:30 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4835
4836 * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
4837 error handing. Do some logging.
4838
4839 * kdc/log.c: Some simple logging facilities.
4840
4841 * kdc/misc.c (db_fetch): Take a krb5_principal.
4842
4843 * kdc/connect.c: Pass address of request to as_rep and
4844 tgs_rep. Send KRB-ERROR.
4845
4846 * lib/krb5/mk_error.c: Add more fields.
4847
4848 * lib/krb5/get_cred.c: Print normal error code if no e_text is
4849 available.
4850
4851Wed Jul 16 03:07:50 1997 Assar Westerlund <assar@sics.se>
4852
4853 * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
4854 Change encryption type of pa_enc_timestamp to DES-CBC-MD5
4855
4856 * lib/krb5/context.c: recognize all encryption types actually
4857 implemented
4858
4859 * lib/krb5/auth_context.c (krb5_auth_con_init): Change default
4860 encryption type to `DES_CBC_MD5'
4861
4862 * lib/krb5/read_message.c, write_message.c: new files
4863
4864Tue Jul 15 17:14:21 1997 Assar Westerlund <assar@sics.se>
4865
4866 * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.
4867
4868 * lib/error/compile_et.awk: generate a prototype for the
4869 `destroy_foo_error_table' function.
4870
4871Mon Jul 14 12:24:40 1997 Assar Westerlund <assar@sics.se>
4872
4873 * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
4874 with `kerberos.REALM'
4875
4876 * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
4877 `max_skew'
4878
4879 * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
4880 subkey
4881
4882 * lib/krb5/build_auth.c (krb5_build_authenticator): always
4883 generate a subkey.
4884
4885 * lib/krb5/address.c: implement `krb5_address_order'
4886
4887 * lib/gssapi/import_name.c: Implement `gss_import_name'
4888
4889 * lib/gssapi/external.c: Use new OID
4890
4891 * lib/gssapi/encapsulate.c: New functions
4892 `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed
4893 callers.
4894
4895 * lib/gssapi/decapsulate.c: New function
4896 `gssaspi_krb5_verify_header'. Changed callers.
4897
4898 * lib/asn1/gen*.c: Give tags to generated structs.
4899 Use `err' and `asprintf'
4900
4901 * appl/test/gss_common.c: new file
4902
4903 * appl/test/gssapi_server.c: removed all krb5 calls
4904
4905 * appl/telnet/libtelnet/kerberos5.c: Add support for genering and
4906 verifying checksums. Also start using session subkeys.
4907
4908Mon Jul 14 12:08:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4909
4910 * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.
4911
4912Sun Jul 13 03:07:44 1997 Assar Westerlund <assar@sics.se>
4913
4914 * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT
4915
4916 * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
4917 `DES_encrypt_key_ivec'
4918
4919 * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des
4920
4921 * kdc/kerberos5.c (tgs_rep): support keyed checksums
4922
4923 * lib/krb5/creds.c: new file
4924
4925 * lib/krb5/get_in_tkt.c: better freeing
4926
4927 * lib/krb5/context.c (krb5_free_context): more freeing
4928
4929 * lib/krb5/config_file.c: New function `krb5_config_file_free'
4930
4931 * lib/error/compile_et.awk: Generate a `destroy_' function.
4932
4933 * kuser/kinit.c, klist.c: Don't leak memory.
4934
4935Sun Jul 13 02:46:27 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4936
4937 * kdc/connect.c: Check filedescriptor in select.
4938
4939 * kdc/kerberos5.c: Remove most of the most common memory leaks.
4940
4941 * lib/krb5/rd_req.c: Free allocated data.
4942
4943 * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
4944 fields.
4945
4946Sun Jul 13 00:32:16 1997 Assar Westerlund <assar@sics.se>
4947
4948 * appl/telnet: Conditionalize the krb4-support.
4949
4950 * configure.in: Test for krb4
4951
4952Sat Jul 12 17:14:12 1997 Assar Westerlund <assar@sics.se>
4953
4954 * kdc/kerberos5.c: check if the pre-auth was decrypted properly.
4955 set the `pre_authent' flag
4956
4957 * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.
4958
4959 * lib/krb5/encrypt.c: Made `generate_random_block' global.
4960
4961 * appl/test: Added gssapi_client and gssapi_server.
4962
4963 * lib/krb5/data.c: Add `krb5_data_zero'
4964
4965 * appl/test/tcp_client.c: try `mk_safe' and `mk_priv'
4966
4967 * appl/test/tcp_server.c: try `rd_safe' and `rd_priv'
4968
4969Sat Jul 12 16:45:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4970
4971 * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
4972 returns zero length from SIOCGIFCONF.
4973
4974Sat Jul 12 16:38:34 1997 Assar Westerlund <assar@sics.se>
4975
4976 * appl/test: new programs
4977
4978 * lib/krb5/rd_req.c: add address compare
4979
4980 * lib/krb5/mk_req_ext.c: allow no checksum
4981
4982 * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string
4983
4984 * lib/krb5/address.c: fix `krb5_address_compare'
4985
4986Sat Jul 12 15:03:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4987
4988 * lib/krb5/get_addrs.c: Fix ip4 address extraction.
4989
4990 * kuser/klist.c: Add verbose flag, and split main into smaller
4991 pieces.
4992
4993 * lib/krb5/fcache.c: Save ticket flags.
4994
4995 * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
4996 flags.
4997
4998 * lib/krb5/krb5.h: Add ticket_flags to krb5_creds.
4999
5000Sat Jul 12 13:12:48 1997 Assar Westerlund <assar@sics.se>
5001
5002 * configure.in: Call `AC_KRB_PROG_LN_S'
5003
5004 * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4
5005
5006Sat Jul 12 00:57:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5007
5008 * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
5009 pass options.
5010
5011Fri Jul 11 15:04:22 1997 Assar Westerlund <assar@sics.se>
5012
5013 * appl/telnet: telnet & telnetd seems to be working.
5014
5015 * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
5016 krb5_config_vget_next
5017
5018 * appl/telnet/libtelnet/kerberos5.c: update to current API
5019
5020Thu Jul 10 14:54:39 1997 Assar Westerlund <assar@sics.se>
5021
5022 * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
5023 `krb5_kuserok'
5024
5025 * appl/telnet: Added.
5026
5027Thu Jul 10 05:09:25 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5028
5029 * lib/error/compile_et.awk: Remove usage of sub, gsub, and
5030 functions for compatibility with awk.
5031
5032 * include/bits.c: Must use signed char.
5033
5034 * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
5035 here.
5036
5037 * lib/error/error.c: Replace krb5_get_err_text with new function
5038 com_right.
5039
5040 * lib/error/compile_et.awk: Avoid using static variables.
5041
5042 * lib/error/error.c: Don't use krb5_locl.h
5043
5044 * lib/error/error.h: Move definitions of error_table and
5045 error_list from krb5.h.
5046
5047 * lib/error: Moved from lib/krb5.
5048
5049Wed Jul 9 07:42:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5050
5051 * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.
5052
5053Wed Jul 9 06:58:00 1997 Assar Westerlund <assar@sics.se>
5054
5055 * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
5056 according to pseudocode from 1510
5057
5058Wed Jul 9 06:06:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5059
5060 * lib/hdb/hdb.c: Add hdb_etype2key.
5061
5062 * kdc/kerberos5.c: Check authenticator. Use more general etype
5063 functions.
5064
5065Wed Jul 9 03:51:12 1997 Assar Westerlund <assar@sics.se>
5066
5067 * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
5068 draft-ietf-cat-kerberos-r-00.txt
5069
5070 * lib/krb5/principal.c (krb5_parse_name): default to local realm
5071 if none given
5072
5073 * kuser/kinit.c: New option `-p' and prompt
5074
5075Wed Jul 9 02:30:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5076
5077 * lib/krb5/keyblock.c: Keyblock generation functions.
5078
5079 * lib/krb5/encrypt.c: Use functions from checksum.c.
5080
5081 * lib/krb5/checksum.c: Move checksum functions here. Add
5082 krb5_cksumsize function.
5083
5084Wed Jul 9 01:15:38 1997 Assar Westerlund <assar@sics.se>
5085
5086 * lib/krb5/get_host_realm.c: implemented
5087
5088 * lib/krb5/config_file.c: Redid part. New functions:
5089 krb5_config_v?get_next
5090
5091 * kuser/kdestroy.c: new program
5092
5093 * kuser/kinit.c: new flag `-f'
5094
5095 * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress
5096
5097 * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN
5098
5099 * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all
5100 users.
5101
5102 * lib/krb5/get_addrs.c: figure out all local addresses, possibly
5103 even IPv6!
5104
5105 * lib/krb5/checksum.c: table-driven checksum
5106
5107Mon Jul 7 21:13:28 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5108
5109 * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
5110 krb5_encrypt.
5111
5112Mon Jul 7 11:15:51 1997 Assar Westerlund <assar@sics.se>
5113
5114 * lib/roken/vsyslog.c: new file
5115
5116 * lib/krb5/encrypt.c: add des-cbc-md4.
5117 adjust krb5_encrypt and krb5_decrypt to reality
5118
5119Mon Jul 7 02:46:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5120
5121 * lib/krb5/encrypt.c: Implement as a vector of function pointers.
5122
5123 * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
5124 des-cbc-md5 in separate functions.
5125
5126 * lib/krb5/krb5.h: Add more checksum and encryption types.
5127
5128 * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.
5129
5130Sun Jul 6 23:02:59 1997 Assar Westerlund <assar@sics.se>
5131
5132 * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files
5133
5134 * lib/krb5/config_file.[ch]: new c-based configuration reading
5135 stuff
5136
5137Wed Jul 2 23:12:56 1997 Assar Westerlund <assar@sics.se>
5138
5139 * configure.in: Set WFLAGS if using gcc
5140
5141Wed Jul 2 17:47:03 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5142
5143 * lib/asn1/der_put.c (der_put_int): Return size correctly.
5144
5145 * admin/ank.c: Be compatible with the asn1 principal format.
5146
5147Wed Jul 1 23:52:20 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5148
5149 * lib/asn1: Now all decode_* and encode_* functions now take a
5150 final size_t* argument, that they return the size in. Return
5151 values are zero for success, and anything else (such as some
5152 ASN1_* constant) for error.
5153
5154Mon Jun 30 06:08:14 1997 Assar Westerlund <assar@sics.se>
5155
5156 * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
5157 O_WRONLY | O_APPEND
5158
5159 * lib/krb5/get_cred.c: removed stale prototype for
5160 `extract_ticket' and corrected call.
5161
5162 * lib/asn1/gen_length.c (length_type): Make the length functions
5163 for SequenceOf non-destructive
5164
5165 * admin/ank.c (doit): Fix reading of `y/n'.
5166
5167Mon Jun 16 05:41:43 1997 Assar Westerlund <assar@sics.se>
5168
5169 * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number
5170
5171 * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.
5172
5173 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
5174 KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum.
5175
5176 * lib/gssapi/8003.c: New file.
5177
5178 * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
5179 Authenticator.
5180
5181 * lib/krb5/auth_context.c: New functions
5182 `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'
5183
5184Tue Jun 10 00:35:54 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5185
5186 * lib/krb5: Preapre for use of some asn1-types.
5187
5188 * lib/asn1/*.c (copy_*): Constness.
5189
5190 * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
5191 octet_string.
5192
5193 * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
5194 general_string
5195
5196 * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
5197 have anything to do with asn1_compile.
5198
5199 * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.
5200
5201Sun Jun 8 03:51:55 1997 Assar Westerlund <assar@sics.se>
5202
5203 * kdc/kerberos5.c: Fix PA-ENC-TS-ENC
5204
5205 * kdc/connect.c(process_request): Set `new'
5206
5207 * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.
5208
5209 * lib: Added editline,sl,roken.
5210
5211Mon Jun 2 00:37:48 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5212
5213 * lib/krb5/fcache.c: Move file cache from cache.c.
5214
5215 * lib/krb5/cache.c: Allow more than one cache type.
5216
5217Sun Jun 1 23:45:33 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5218
5219 * admin/extkeytab.c: Merged with kdb_edit.
5220
5221Sun Jun 1 23:23:08 1997 Assar Westerlund <assar@sics.se>
5222
5223 * kdc/kdc.c: more support for ENC-TS-ENC
5224
5225 * lib/krb5/get_in_tkt.c: redone to enable pre-authentication
5226
5227Sun Jun 1 22:45:11 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5228
5229 * lib/hdb/db.c: Merge fetch and store.
5230
5231 * admin: Merge to one program.
5232
5233 * lib/krb5/str2key.c: Fill in keytype and length.
5234
5235Sun Jun 1 16:31:23 1997 Assar Westerlund <assar@sics.se>
5236
5237 * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
5238 lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
5239 KRB5_AUTH_CONTEXT_DO_SEQUENCE
5240
5241 * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
5242 KRB_ERROR. Some support for PA_ENC_TS_ENC.
5243
5244 * lib/krb5/auth_context.c: implemented seq_number functions
5245
5246 * lib/krb5/generate_subkey.c, generate_seq_number.c: new files
5247
5248 * lib/gssapi/gssapi.h: avoid including <krb5.h>
5249
5250 * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
5251 happy
5252
5253 * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP
5254
5255 * configure.in: adapted to automake 1.1p
5256
5257Mon May 26 22:26:21 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5258
5259 * lib/krb5/principal.c: Add contexts to many functions.
5260
5261Thu May 15 20:25:37 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5262
5263 * lib/krb5/verify_user.c: First stab at a verify user.
5264
5265 * lib/auth/sia/sia5.c: SIA module for Kerberos 5.
5266
5267Mon Apr 14 00:09:03 1997 Assar Westerlund <assar@sics.se>
5268
5269 * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
5270 able to (mostly) run gss-client and gss-server.
5271
5272 * lib/krb5/keytab.c: implemented krb5_kt_add_entry,
5273 krb5_kt_store_principal, krb5_kt_store_keyblock
5274
5275 * lib/des/md5.[ch], sha.[ch]: new files
5276
5277 * lib/asn1/der_get.c (generalizedtime2time): use `timegm'
5278
5279 * lib/asn1/timegm.c: new file
5280
5281 * admin/extkeytab.c: new program
5282
5283 * admin/admin_locl.h: new file
5284
5285 * admin/Makefile.am: Added extkeytab
5286
5287 * configure.in: moved config to include
5288 removed timezone garbage
5289 added lib/gssapi and admin
5290
5291 * Makefile.am: Added admin
5292
5293Mon Mar 17 11:34:05 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5294
5295 * kdc/kdc.c: Use new copying functions, and free some data.
5296
5297 * lib/asn1/Makefile.am: Try to not always rebuild generated files.
5298
5299 * lib/asn1/der_put.c: Add fix_dce().
5300
5301 * lib/asn1/der_{get,length,put}.c: Fix include files.
5302
5303 * lib/asn1/der_free.c: Remove unused functions.
5304
5305 * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
5306 gen_length, and gen_copy.
5307
5308Sun Mar 16 18:13:52 1997 Assar Westerlund <assar@sics.se>
5309
5310 * lib/krb5/sendauth.c: implemented functionality
5311
5312 * lib/krb5/rd_rep.c: Use `krb5_decrypt'
5313
5314 * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
5315 NULL
5316
5317 * lib/krb5/principal.c (krb5_free_principal): added `context'
5318 argument. Changed all callers.
5319
5320 (krb5_sname_to_principal): new function
5321
5322 * lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
5323 argument. Changed all callers
5324
5325 * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files
5326
5327 * lib/asn1/gen.c: Fix encoding and decoding of BitStrings
5328
5329Fri Mar 14 11:29:00 1997 Assar Westerlund <assar@sics.se>
5330
5331 * configure.in: look for *dbm?
5332
5333 * lib/asn1/gen.c: Fix filename in generated files. Check fopens.
5334 Put trailing newline in asn1_files.
5335
5336Fri Mar 14 05:06:44 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5337
5338 * lib/krb5/get_in_tkt.c: Fix some memory leaks.
5339
5340 * lib/krb5/krbhst.c: Properly free hostlist.
5341
5342 * lib/krb5/decrypt.c: CRCs are 32 bits.
5343
5344Fri Mar 14 04:39:15 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5345
5346 * lib/asn1/gen.c: Generate one file for each type.
5347
5348Fri Mar 14 04:13:47 1997 Assar Westerlund <assar@sics.se>
5349
5350 * lib/asn1/gen.c: Generate `length_FOO' functions
5351
5352 * lib/asn1/der_length.c: new file
5353
5354 * kuser/klist.c: renamed stime -> printable_time to avoid conflict
5355 on HP/UX
5356
5357Fri Mar 14 03:37:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5358
5359 * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
5360 datums. Don't add .db to filename.
5361
5362Fri Mar 14 02:49:51 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5363
5364 * kdc/dump.c: Database dump program.
5365
5366 * kdc/ank.c: Trivial database editing program.
5367
5368 * kdc/{kdc.c, load.c}: Use libhdb.
5369
5370 * lib/hdb: New database routine library.
5371
5372 * lib/krb5/error/Makefile.am: Add hdb_err.
5373
5374Wed Mar 12 17:41:14 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5375
5376 * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.
5377
5378 * lib/asn1/gen.c: Generate free functions.
5379
5380 * Some specific free functions.
5381
5382Wed Mar 12 12:30:13 1997 Assar Westerlund <assar@sics.se>
5383
5384 * lib/krb5/krb5_mk_req_ext.c: new file
5385
5386 * lib/asn1/gen.c: optimize the case with a simple type
5387
5388 * lib/krb5/get_cred.c (krb5_get_credentials): Use
5389 `mk_req_extended' and remove old code.
5390
5391 * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
5392 EncASRepPart, then with an EncTGSRepPart.
5393
5394Wed Mar 12 08:26:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5395
5396 * lib/krb5/store_emem.c: New resizable memory storage.
5397
5398 * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c
5399
5400 * lib/krb5/krb5.h: Add free entry to krb5_storage.
5401
5402 * lib/krb5/decrypt.c: Make keyblock const.
5403
5404Tue Mar 11 20:22:17 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5405
5406 * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.
5407
5408 * lib/krb5/rd_req.c: Return whole asn.1 ticket in
5409 krb5_ticket->tkt.
5410
5411 * lib/krb5/get_in_tkt.c: TGS -> AS
5412
5413 * kuser/kfoo.c: Print error string rather than number.
5414
5415 * kdc/kdc.c: Some kind of non-working TGS support.
5416
5417Mon Mar 10 01:43:22 1997 Assar Westerlund <assar@sics.se>
5418
5419 * lib/asn1/gen.c: reduced generated code by 1/5
5420
5421 * lib/asn1/der_put.c: (der_put_length_and_tag): new function
5422
5423 * lib/asn1/der_get.c (der_match_tag_and_length): new function
5424
5425 * lib/asn1/der.h: added prototypes
5426
5427Mon Mar 10 01:15:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5428
5429 * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
5430 krb5_rd_req_with_keyblock.
5431
5432 * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
5433 takes a precomputed keyblock.
5434
5435 * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.
5436
5437 * lib/krb5/mk_req.c: Calculate checksum of in_data.
5438
5439Sun Mar 9 21:17:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5440
5441 * lib/krb5/error/compile_et.awk: Add a declaration of struct
5442 error_list, and multiple inclusion block to header files.
5443
5444Sun Mar 9 21:01:12 1997 Assar Westerlund <assar@sics.se>
5445
5446 * lib/krb5/rd_req.c: do some checks on times
5447
5448 * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
5449 address.c}: new files
5450
5451 * lib/krb5/auth_context.c: more code
5452
5453 * configure.in: try to figure out timezone
5454
5455Sat Mar 8 11:41:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5456
5457 * lib/krb5/error/error.c: Try strerror if error code wasn't found.
5458
5459 * lib/krb5/get_in_tkt.c: Remove realm parameter from
5460 krb5_get_salt.
5461
5462 * lib/krb5/context.c: Initialize error table.
5463
5464 * kdc: The beginnings of a kdc.
5465
5466Sat Mar 8 08:16:28 1997 Assar Westerlund <assar@sics.se>
5467
5468 * lib/krb5/rd_safe.c: new file
5469
5470 * lib/krb5/checksum.c (krb5_verify_checksum): New function
5471
5472 * lib/krb5/get_cred.c: use krb5_create_checksum
5473
5474 * lib/krb5/checksum.c: new file
5475
5476 * lib/krb5/store.c: no more arithmetic with void*
5477
5478 * lib/krb5/cache.c: now seems to work again
5479
5480Sat Mar 8 06:58:09 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5481
5482 * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.
5483
5484 * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.
5485
5486 * lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
5487
5488 * lib/krb5/{cache,keytab}.c: Use new storage functions.
5489
5490 * lib/krb5/krb5.h: Protypes for new storage functions.
5491
5492 * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
5493 data to more than file descriptors.
5494
5495Sat Mar 8 01:01:17 1997 Assar Westerlund <assar@sics.se>
5496
5497 * lib/krb5/encrypt.c: New file.
5498
5499 * lib/krb5/Makefile.am: More -I
5500
5501 * configure.in: Test for big endian, random, rand, setitimer
5502
5503 * lib/asn1/gen.c: perhaps even decodes bitstrings
5504
5505Thu Mar 6 19:05:29 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5506
5507 * lib/krb5/config_file.y: Better return values on error.
5508
5509Sat Feb 8 15:59:56 1997 Assar Westerlund <assar@pdc.kth.se>
5510
5511 * lib/asn1/parse.y: ifdef HAVE_STRDUP
5512
5513 * lib/asn1/lex.l: ifdef strdup
5514 brange-dead version of list of special characters to make stupid
5515 lex accept it.
5516
5517 * lib/asn1/gen.c: A DER integer should really be a `unsigned'
5518
5519 * lib/asn1/der_put.c: A DER integer should really be a `unsigned'
5520
5521 * lib/asn1/der_get.c: A DER integer should really be a `unsigned'
5522
5523 * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
5524 needed.
5525
5526 * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
5527 lib/krb/store.h: new files.
5528
5529 * lib/krb5/keytab.c: now even with some functionality.
5530
5531 * lib/asn1/gen.c: changed paramater from void * to Foo *
5532
5533 * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
5534 string.
5535
5536Sun Jan 19 06:17:39 1997 Assar Westerlund <assar@pdc.kth.se>
5537
5538 * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
5539 cc before getting new ones.
5540
5541 * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.
5542
5543 * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
5544 CRC should be stored LSW first. (?)
5545
5546 * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
5547 `krb5_free_keyblock'
5548
5549 * lib/**/Makefile.am: Rename foo libfoo.a
5550
5551 * include/Makefile.in: Use test instead of [
5552 -e does not work with /bin/sh on psoriasis
5553
5554 * configure.in: Search for awk
5555 create lib/krb/error/compile_et
5556
5557Tue Jan 14 03:46:26 1997 Assar Westerlund <assar@pdc.kth.se>
5558
5559 * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c
5560
5561Wed Dec 18 00:53:55 1996 Johan Danielsson <joda@emma.pdc.kth.se>
5562
5563 * kuser/kinit.c: Guess principal.
5564
5565 * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
5566 warnings.
5567
5568 * lib/krb5/error/asn1_err.et: Add ASN.1 error messages.
5569
5570 * lib/krb5/mk_req.c: Get client from cache.
5571
5572 * lib/krb5/cache.c: Add better error checking some useful return
5573 values.
5574
5575 * lib/krb5/krb5.h: Fix krb5_auth_context.
5576
5577 * lib/asn1/der.h: Make krb5_data compatible with krb5.h
5578
5579Tue Dec 17 01:32:36 1996 Johan Danielsson <joda@emma.pdc.kth.se>
5580
5581 * lib/krb5/error: Add primitive error library.
5582
5583Mon Dec 16 16:30:20 1996 Johan Danielsson <joda@emma.pdc.kth.se>
5584
5585 * lib/krb5/cache.c: Get correct address type from cache.
5586
5587 * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.
5588
| 212000-02-14 Assar Westerlund <assar@sics.se>
22
23 * Release 0.2o
24
252000-02-13 Assar Westerlund <assar@sics.se>
26
27 * lib/krb5/Makefile.am: set version to 9:0:0
28
29 * kdc/kaserver.c (do_authenticate): return the kvno of the server
30 and not the client. Thanks to Brandon S. Allbery KF8NH
31 <allbery@kf8nh.apk.net> and Chaskiel M Grundman
32 <cg2v@andrew.cmu.edu> for debugging.
33
34 * kdc/kerberos4.c (do_version4): if an tgs-req is received with an
35 old kvno, return an error reply and write a message in the log.
36
372000-02-12 Assar Westerlund <assar@sics.se>
38
39 * appl/test/gssapi_server.c (proto): with `--fork', create a child
40 and send over/receive creds with export/import_sec_context
41 * appl/test/gssapi_client.c (proto): with `--fork', create a child
42 and send over/receive creds with export/import_sec_context
43 * appl/test/common.c: add `--fork' / `-f' (only used by gssapi)
44
452000-02-11 Assar Westerlund <assar@sics.se>
46
47 * kdc/kdc_locl.h: remove keyfile add explicit_addresses
48 * kdc/connect.c (init_sockets): pay attention to
49 explicit_addresses some more comments. better error messages.
50 * kdc/config.c: add some comments.
51 remove --key-file.
52 add --addresses.
53
54 * lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
55 proper abstraction
56
572000-02-07 Johan Danielsson <joda@pdc.kth.se>
58
59 * lib/krb5/changepw.c: use roken_getaddrinfo_hostspec
60
612000-02-07 Assar Westerlund <assar@sics.se>
62
63 * Release 0.2n
64
652000-02-07 Assar Westerlund <assar@sics.se>
66
67 * lib/krb5/Makefile.am: set version to 8:0:0
68 * lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy
69 (krb5_kt_add_entry): set timestamp
70
712000-02-06 Assar Westerlund <assar@sics.se>
72
73 * lib/krb5/krb5.h: add macros for accessing krb5_realm
74 * lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead
75 of `int32_t'
76
77 * lib/krb5/replay.c (checksum_authenticator): update to new API
78 for md5
79
80 * lib/krb5/krb5.h: remove des.h, it's not needed and applications
81 should not have to make sure to find it.
82
832000-02-03 Assar Westerlund <assar@sics.se>
84
85 * lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to
86 `out_key' to avoid conflicting with label. reported by Sean Doran
87 <smd@ebone.net>
88
892000-02-02 Assar Westerlund <assar@sics.se>
90
91 * lib/krb5/expand_hostname.c: remember to lower-case host names.
92 bug reported by <amu@mit.edu>
93
94 * kdc/kerberos4.c (do_version4): look at check_ticket_addresses
95 and emulate that by setting krb_ignore_ip_address (not a great
96 interface but it doesn't seem like the time to go around fixing
97 libkrb stuff now)
98
992000-02-01 Johan Danielsson <joda@pdc.kth.se>
100
101 * kuser/kinit.c: change --noaddresses into --no-addresses
102
1032000-01-28 Assar Westerlund <assar@sics.se>
104
105 * kpasswd/kpasswd.c (main): make sure the ticket is not
106 forwardable and not proxiable
107
1082000-01-26 Assar Westerlund <assar@sics.se>
109
110 * lib/krb5/crypto.c: update to pseudo-standard APIs for
111 md4,md5,sha. some changes to libdes calls to make them more
112 portable.
113
1142000-01-21 Assar Westerlund <assar@sics.se>
115
116 * lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to
117 clean up the correct creds.
118
1192000-01-16 Assar Westerlund <assar@sics.se>
120
121 * lib/krb5/principal.c (append_component): change parameter to
122 `const char *'. check malloc
123 * lib/krb5/principal.c (append_component, va_ext_princ, va_princ):
124 const-ize
125 * lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname'
126 const
127 * lib/krb5/principal.c (replace_chars): also add space here
128 * lib/krb5/principal.c: (quotable_chars): add space
129
1302000-01-12 Assar Westerlund <assar@sics.se>
131
132 * kdc/kerberos4.c (do_version4): check if preauth was required and
133 bail-out if so since there's no way that could be done in v4.
134 Return NULL_KEY as an error to the client (which is non-obvious,
135 but what can you do?)
136
1372000-01-09 Assar Westerlund <assar@sics.se>
138
139 * lib/krb5/principal.c (krb5_sname_to_principal): use
140 krb5_expand_hostname_realms
141 * lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms
142 * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new
143 variant of krb5_expand_hostname that tries until it expands into
144 something that's digestable by krb5_get_host_realm, returning also
145 the result from that function.
146
1472000-01-08 Assar Westerlund <assar@sics.se>
148
149 * Release 0.2m
150
1512000-01-08 Assar Westerlund <assar@sics.se>
152
153 * configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN
154
155 * lib/krb5/Makefile.am: bump version to 7:1:0
156
157 * lib/krb5/principal.c (krb5_sname_to_principal): use
158 krb5_expand_hostname
159 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
160 ai_canonname being set in any of the addresses returnedby
161 getaddrinfo. glibc apparently returns the reverse lookup of every
162 address in ai_canonname.
163
1642000-01-06 Assar Westerlund <assar@sics.se>
165
166 * Release 0.2l
167
1682000-01-06 Assar Westerlund <assar@sics.se>
169
170 * lib/krb5/Makefile.am: set version to 7:0:0
171 * lib/krb5/principal.c (krb5_sname_to_principal): remove `hp'
172
173 * lib/hdb/Makefile.am: set version to 4:1:1
174
175 * kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms'
176 * lib/krb5/get_in_tkt.c (add_padata): change types to make
177 everything work out
178 (krb5_get_in_cred): remove const to make types match
179 * lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature
180 * lib/krb5/principal.c (krb5_sname_to_principal): handle not
181 getting back a canonname
182
1832000-01-06 Assar Westerlund <assar@sics.se>
184
185 * Release 0.2k
186
1872000-01-06 Assar Westerlund <assar@sics.se>
188
189 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that
190 we actually parse the port number. based on a patch from Leif
191 Johansson <leifj@it.su.se>
192
1932000-01-02 Assar Westerlund <assar@sics.se>
194
195 * admin/purge.c: remove all non-current and old entries from a
196 keytab
197
198 * admin: break up ktutil.c into files
199
200 * admin/ktutil.c (list): support --verbose (also listning time
201 stamps)
202 (kt_add, kt_get): set timestamp in newly created entries
203 (kt_change): add `change' command
204
205 * admin/srvconvert.c (srvconv): set timestamp in newly created
206 entries
207 * lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp,
208 always go the a predicatble position on error
209 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp
210 * lib/krb5/keytab_file.c (fkt_add_entry): store timestamp
211 (fkt_next_entry_int): return timestamp
212 * lib/krb5/krb5.h (krb5_keytab_entry): add timestamp
213
2141999-12-30 Assar Westerlund <assar@sics.se>
215
216 * configure.in (krb4): use `-ldes' in tests
217
2181999-12-26 Assar Westerlund <assar@sics.se>
219
220 * lib/hdb/print.c (event2string): handle events without principal.
221 From Luke Howard <lukeh@PADL.COM>
222
2231999-12-25 Assar Westerlund <assar@sics.se>
224
225 * Release 0.2j
226
227Tue Dec 21 18:03:17 1999 Assar Westerlund <assar@sics.se>
228
229 * lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
230 related systems
231
232 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
233 related systems
234
235 * include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and
236 related systems
237
2381999-12-20 Assar Westerlund <assar@sics.se>
239
240 * Release 0.2i
241
2421999-12-20 Assar Westerlund <assar@sics.se>
243
244 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1
245
246 * lib/krb5/send_to_kdc.c (send_via_proxy): free data
247 * lib/krb5/send_to_kdc.c (send_via_proxy): new function use
248 getaddrinfo instead of gethostbyname{,2}
249 * lib/krb5/get_for_creds.c: use getaddrinfo instead of
250 getnodebyname{,2}
251
2521999-12-17 Assar Westerlund <assar@sics.se>
253
254 * Release 0.2h
255
2561999-12-17 Assar Westerlund <assar@sics.se>
257
258 * Release 0.2g
259
2601999-12-16 Assar Westerlund <assar@sics.se>
261
262 * lib/krb5/Makefile.am: bump version to 6:2:1
263
264 * lib/krb5/principal.c (krb5_sname_to_principal): handle
265 ai_canonname not being set
266 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
267 ai_canonname not being set
268
269 * appl/test/uu_server.c: print messages to stderr
270 * appl/test/tcp_server.c: print messages to stderr
271 * appl/test/nt_gss_server.c: print messages to stderr
272 * appl/test/gssapi_server.c: print messages to stderr
273
274 * appl/test/tcp_client.c (proto): remove shadowing `context'
275 * appl/test/common.c (client_doit): add forgotten ntohs
276
2771999-12-13 Assar Westerlund <assar@sics.se>
278
279 * configure.in (VERISON): bump to 0.2g-pre
280
2811999-12-12 Assar Westerlund <assar@sics.se>
282
283 * lib/krb5/principal.c (krb5_425_conv_principal_ext): be more
284 robust and handle extra dot at the beginning of default_domain
285
2861999-12-12 Assar Westerlund <assar@sics.se>
287
288 * Release 0.2f
289
2901999-12-12 Assar Westerlund <assar@sics.se>
291
292 * lib/krb5/Makefile.am: bump version to 6:1:1
293
294 * lib/krb5/changepw.c (get_kdc_address): use
295 `krb5_get_krb_changepw_hst'
296
297 * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add
298
299 * lib/krb5/get_host_realm.c: add support for _kerberos.domain
300 (according to draft-ietf-cat-krb-dns-locate-01.txt)
301
3021999-12-06 Assar Westerlund <assar@sics.se>
303
304 * Release 0.2e
305
3061999-12-06 Assar Westerlund <assar@sics.se>
307
308 * lib/krb5/changepw.c (krb5_change_password): use the correct
309 address
310
311 * lib/krb5/Makefile.am: bump version to 6:0:1
312
313 * lib/asn1/Makefile.am: bump version to 1:4:0
314
3151999-12-04 Assar Westerlund <assar@sics.se>
316
317 * configure.in: move AC_KRB_IPv6 to make sure it's performed
318 before AC_BROKEN
319 (el_init): use new feature of AC_FIND_FUNC_NO_LIBS
320
321 * appl/test/uu_client.c: use client_doit
322 * appl/test/test_locl.h (client_doit): add prototype
323 * appl/test/tcp_client.c: use client_doit
324 * appl/test/nt_gss_client.c: use client_doit
325 * appl/test/gssapi_client.c: use client_doit
326 * appl/test/common.c (client_doit): move identical code here and
327 start using getaddrinfo
328
329 * appl/kf/kf.c (doit): rewrite to use getaddrinfo
330 * kdc/hprop.c: re-write to use getaddrinfo
331 * lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo
332 * lib/krb5/expand_hostname.c (krb5_expand_hostname): use
333 getaddrinfo
334 * lib/krb5/changepw.c: re-write to use getaddrinfo
335 * lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo
336
3371999-12-03 Assar Westerlund <assar@sics.se>
338
339 * configure.in (BROKEN): check for freeaddrinfo, getaddrinfo,
340 getnameinfo, gai_strerror
341 (socklen_t): check for
342
3431999-12-02 Johan Danielsson <joda@pdc.kth.se>
344
345 * lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key
346
3471999-11-23 Assar Westerlund <assar@sics.se>
348
349 * lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes
350 within unicode characters. this should probably be done in some
351 arbitrarly complex way to do it properly and you would have to
352 know what character encoding was used for the password and salt
353 string.
354
355 * lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0
356 (INADDR_ANY)
357 (ipv6_uninteresting): remove unused macro
358
3591999-11-22 Johan Danielsson <joda@pdc.kth.se>
360
361 * lib/krb5/krb5.h: rc4->arcfour
362
363 * lib/krb5/crypto.c: rc4->arcfour
364
3651999-11-17 Assar Westerlund <assar@sics.se>
366
367 * lib/krb5/krb5_locl.h: add <rc4.h>
368 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4
369 * lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might
370 not be totally different from some small company up in the
371 north-west corner of the US
372
373 * lib/krb5/get_addrs.c (find_all_addresses): change code to
374 actually increment buf_size
375
3761999-11-14 Assar Westerlund <assar@sics.se>
377
378 * lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces'
379 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces
380 scanning optional
381 * lib/krb5/context.c (init_context_from_config_file): set
382 `scan_interfaces'
383
384 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c
385 * lib/krb5/add_et_list.c (krb5_add_et_list): new function
386
3871999-11-12 Assar Westerlund <assar@sics.se>
388
389 * lib/krb5/get_default_realm.c (krb5_get_default_realm,
390 krb5_get_default_realms): set realms if they were unset
391 * lib/krb5/context.c (init_context_from_config_file): don't
392 initialize default realms here. it's done lazily instead.
393
394 * lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned
395 * lib/asn1/gen_glue.c (generate_2int, generate_units): make sure
396 bit constants are unsigned
397 * lib/asn1/gen.c (define_type): make length in sequences be
398 unsigned.
399
400 * configure.in: remove duplicate test for setsockopt test for
401 struct tm.tm_isdst
402
403 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate
404 preauthentication information if we get back ERR_PREAUTH_REQUIRED
405 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove
406 preauthentication generation code. it's now in krb5_get_in_cred
407
408 * configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct
409 tm.tm_gmtoff and timezone
410
4111999-11-11 Johan Danielsson <joda@pdc.kth.se>
412
413 * kdc/main.c: make this work with multi-db
414
415 * kdc/kdc_locl.h: make this work with multi-db
416
417 * kdc/config.c: make this work with multi-db
418
4191999-11-09 Johan Danielsson <joda@pdc.kth.se>
420
421 * kdc/misc.c: update for multi-database code
422
423 * kdc/main.c: update for multi-database code
424
425 * kdc/kdc_locl.h: update
426
427 * kdc/config.c: allow us to have more than one database
428
4291999-11-04 Assar Westerlund <assar@sics.se>
430
431 * Release 0.2d
432
433 * lib/krb5/Makefile.am: bump version to 5:0:0 to be safe
434 (krb5_context_data has changed and some code do (might) access
435 fields directly)
436
437 * lib/krb5/krb5.h (krb5_context_data): add `etypes_des'
438
439 * lib/krb5/get_cred.c (init_tgs_req): use
440 krb5_keytype_to_enctypes_default
441
442 * lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new
443 function
444
445 * lib/krb5/context.c (set_etypes): new function
446 (init_context_from_config_file): set both `etypes' and `etypes_des'
447
4481999-11-02 Assar Westerlund <assar@sics.se>
449
450 * configure.in (VERSION): bump to 0.2d-pre
451
4521999-10-29 Assar Westerlund <assar@sics.se>
453
454 * lib/krb5/principal.c (krb5_parse_name): check memory allocations
455
4561999-10-28 Assar Westerlund <assar@sics.se>
457
458 * Release 0.2c
459
460 * lib/krb5/dump_config.c (print_tree): check for empty tree
461
462 * lib/krb5/string-to-key-test.c (tests): update the test cases
463 with empty principals so that they actually use an empty realm and
464 not the default. use the correct etype for 3DES
465
466 * lib/krb5/Makefile.am: bump version to 4:1:0
467
468 * kdc/config.c (configure): more careful with the port string
469
4701999-10-26 Assar Westerlund <assar@sics.se>
471
472 * Release 0.2b
473
4741999-10-20 Assar Westerlund <assar@sics.se>
475
476 * lib/krb5/Makefile.am: bump version to 4:0:0
477 (krb524_convert_creds_kdc and potentially some other functions
478 have changed prototypes)
479
480 * lib/hdb/Makefile.am: bump version to 4:0:1
481
482 * lib/asn1/Makefile.am: bump version to 1:3:0
483
484 * configure.in (LIB_roken): add dbopen. getcap in roken
485 references dbopen and with shared libraries we need to add this
486 dependency.
487
488 * lib/krb5/verify_krb5_conf.c (main): support speicifying the
489 configuration file to test on the command line
490
491 * lib/krb5/config_file.c (parse_binding): handle line with no
492 whitespace before =
493 (krb5_config_parse_file_debug): set lineno earlier so that we don't
494 use it unitialized
495
496 * configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need
497 more include files for these tests
498
499 * lib/krb5/set_default_realm.c (krb5_set_default_realm): use
500 krb5_config_get_strings, which means that your configuration file
501 should look like:
502
503 [libdefaults]
504 default_realm = realm1 realm2 realm3
505
506 * lib/krb5/set_default_realm.c (config_binding_to_list): fix
507 copy-o. From Michal Vocu <michal@karlin.mff.cuni.cz>
508
509 * kdc/config.c (configure): add a missing strdup. From Michal
510 Vocu <michal@karlin.mff.cuni.cz>
511
5121999-10-17 Assar Westerlund <assar@sics.se>
513
514 * Release 0.2a
515
516 * configure.in: only test for db.h with using berkeley_db. remember
517 to link with LIB_tgetent when checking for el_init. add xnlock
518
519 * appl/Makefile.am: add xnlock
520
521 * kdc/kerberos5.c (find_etype): support null keys
522
523 * kdc/kerberos4.c (get_des_key): support null keys
524
525 * lib/krb5/crypto.c (krb5_get_wrapped_length): more correct
526 calculation
527
5281999-10-16 Johan Danielsson <joda@pdc.kth.se>
529
530 * kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc
531
5321999-10-12 Johan Danielsson <joda@pdc.kth.se>
533
534 * lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning
535
5361999-10-10 Assar Westerlund <assar@sics.se>
537
538 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm
539
540 * lib/krb5/krb5.h (krb5_ccache_data): make `ops' const
541
542 * lib/krb5/crypto.c (krb5_string_to_salttype): new function
543
544 * **/*.[ch]: const-ize
545
5461999-10-06 Assar Westerlund <assar@sics.se>
547
548 * lib/krb5/creds.c (krb5_compare_creds): const-ify
549
550 * lib/krb5/cache.c: clean-up and comment-up
551
552 * lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the
553 strings
554
555 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the
556 correct realm part
557
558 * kdc/connect.c (handle_tcp): things work much better when ret is
559 initialized
560
5611999-10-03 Assar Westerlund <assar@sics.se>
562
563 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the
564 type of the session key
565
566 * lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell
567 correctly
568
569 * lib/krb5/creds.c (krb5_compare_creds): fix spelling of
570 krb5_enctypes_compatible_keys
571
572 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new
573 credentials from the KDC if the existing one doesn't have a DES
574 session key.
575
576 * lib/45/get_ad_tkt.c (get_ad_tkt): update to new
577 krb524_convert_creds_kdc
578
5791999-10-03 Johan Danielsson <joda@pdc.kth.se>
580
581 * lib/krb5/keytab_keyfile.c: make krb5_akf_ops const
582
583 * lib/krb5/keytab_memory.c: make krb5_mkt_ops const
584
585 * lib/krb5/keytab_file.c: make krb5_fkt_ops const
586
5871999-10-01 Assar Westerlund <assar@sics.se>
588
589 * lib/krb5/config_file.c: rewritten to allow error messages
590
591 * lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf
592 (libkrb5_la_SOURCES): add config_file_netinfo.c
593
594 * lib/krb5/verify_krb5_conf.c: new program for verifying that
595 krb5.conf is corret
596
597 * lib/krb5/config_file_netinfo.c: moved netinfo code here from
598 config_file.c
599
6001999-09-28 Assar Westerlund <assar@sics.se>
601
602 * kdc/hpropd.c (dump_krb4): kludge default_realm
603
604 * lib/asn1/check-der.c: add test cases for Generalized time and
605 make sure we return the correct value
606
607 * lib/asn1/der_put.c: simplify by using der_put_length_and_tag
608
609 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of
610 krb5_verify_user that tries in all the local realms
611
612 * lib/krb5/set_default_realm.c: add support for having several
613 default realms
614
615 * lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms'
616
617 * lib/krb5/get_default_realm.c (krb5_get_default_realms): add
618
619 * lib/krb5/krb5.h (krb5_context_data): change `default_realm' to
620 `default_realms'
621
622 * lib/krb5/context.c: change from `default_realm' to
623 `default_realms'
624
625 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
626 krb5_get_default_realms
627
628 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c
629
630 * lib/krb5/copy_host_realm.c: new file
631
6321999-09-27 Johan Danielsson <joda@pdc.kth.se>
633
634 * lib/asn1/der_put.c (encode_generalized_time): encode length
635
636 * lib/krb5/recvauth.c: new function `krb5_recvauth_match_version'
637 that allows more intelligent matching of the application version
638
6391999-09-26 Assar Westerlund <assar@sics.se>
640
641 * lib/asn1/asn1_print.c: add err.h
642
643 * kdc/config.c (configure): use parse_bytes
644
645 * appl/test/nt_gss_common.c: use the correct header file
646
6471999-09-24 Johan Danielsson <joda@pdc.kth.se>
648
649 * kuser/klist.c: add a `--cache' flag
650
651 * kuser/kinit.c (main): only get default value for `get_v4_tgt' if
652 it's explicitly set in krb5.conf
653
6541999-09-23 Assar Westerlund <assar@sics.se>
655
656 * lib/asn1/asn1_print.c (tag_names); add another univeral tag
657
658 * lib/asn1/der.h: update universal tags
659
6601999-09-22 Assar Westerlund <assar@sics.se>
661
662 * lib/asn1/asn1_print.c (loop): print length of octet string
663
6641999-09-21 Johan Danielsson <joda@pdc.kth.se>
665
666 * admin/ktutil.c (kt_get): add `--help'
667
6681999-09-21 Assar Westerlund <assar@sics.se>
669
670 * kuser/Makefile.am: add kdecode_ticket
671
672 * kuser/kdecode_ticket.c: new debug program
673
674 * appl/test/nt_gss_server.c: new program to test against `Sample *
675 SSPI Code' in Windows 2000 RC1 SDK.
676
677 * appl/test/Makefile.am: add nt_gss_client and nt_gss_server
678
679 * lib/asn1/der_get.c (decode_general_string): remember to advance
680 ret over the length-len
681
682 * lib/asn1/Makefile.am: add asn1_print
683
684 * lib/asn1/asn1_print.c: new program for printing DER-structures
685
686 * lib/asn1/der_put.c: make functions more consistent
687
688 * lib/asn1/der_get.c: make functions more consistent
689
6901999-09-20 Johan Danielsson <joda@pdc.kth.se>
691
692 * kdc/kerberos5.c: be more informative in pa-data error messages
693
6941999-09-16 Assar Westerlund <assar@sics.se>
695
696 * configure.in: test for strlcpy, strlcat
697
6981999-09-14 Assar Westerlund <assar@sics.se>
699
700 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return
701 KRB5_LIBOS_PWDINTR when interrupted
702
703 * lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return
704 value from des_read_pw_string
705
706 * kuser/kinit.c (main): don't print any error if reading the
707 password was interrupted
708
709 * kpasswd/kpasswd.c (main): don't print any error if reading the
710 password was interrupted
711
712 * kdc/string2key.c (main): check the return value from fgets
713
714 * kdc/kstash.c (main): check return value from des_read_pw_string
715
716 * admin/ktutil.c (kt_add): check the return-value from fgets and
717 overwrite the password for paranoid reasons
718
719 * lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the
720 newline if it's there
721
7221999-09-13 Assar Westerlund <assar@sics.se>
723
724 * kdc/hpropd.c (main): remove bogus error with `--print'. remove
725 sysloging of number of principals transferred
726
727 * kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL
728 principals
729 (main): get rid of bogus opening of hdb database when propagating
730 ka-server database
731
7321999-09-12 Assar Westerlund <assar@sics.se>
733
734 * lib/krb5/krb5_locl.h (O_BINARY): add fallback definition
735
736 * lib/krb5/krb5.h (krb5_context_data): add keytab types
737
738 * configure.in: revert back awk test, not worked around in
739 roken.awk
740
741 * lib/krb5/keytab_krb4.c: remove O_BINARY
742
743 * lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's. From
744 Love <lha@e.kth.se>
745
746 * lib/krb5/keytab_file.c: remove O_BINARY
747
748 * lib/krb5/keytab.c: move the list of keytab types to the context
749
750 * lib/krb5/fcache.c: remove O_BINARY
751
752 * lib/krb5/context.c (init_context_from_config_file): register all
753 standard cache and keytab types
754 (krb5_free_context): free `kt_types'
755
756 * lib/krb5/cache.c (krb5_cc_resolve): move the registration of the
757 standard types of credential caches to context
758
759 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c
760
7611999-09-10 Assar Westerlund <assar@sics.se>
762
763 * lib/krb5/keytab.c: add comments and clean-up
764
765 * admin/ktutil.c: add `ktutil copy'
766
767 * lib/krb5/keytab_krb4.c: new file
768
769 * lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field
770
771 * lib/krb5/Makefile.am: add keytab_krb4.c
772
773 * lib/krb5/keytab.c: add krb4 and correct some if's
774
775 * admin/srvconvert.c (srvconv): move common code
776
777 * lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables
778
779 * lib/krb5/keytab.c: move out file and memory functions
780
781 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c,
782 keytab_memory.c
783
784 * lib/krb5/keytab_memory.c: new file
785
786 * lib/krb5/keytab_file.c: new file
787
788 * kpasswd/kpasswdd.c: move out password quality functions
789
7901999-09-07 Assar Westerlund <assar@sics.se>
791
792 * lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c. From
793 Love <lha@e.kth.se>
794
795 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check
796 return value from `krb5_sendto_kdc'
797
7981999-09-06 Assar Westerlund <assar@sics.se>
799
800 * lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and
801 remove the sending of data. add a parameter `limit'. let callers
802 send the date themselves (and preferably with net_write on tcp
803 sockets)
804 (send_and_recv_tcp): read first the length field and then only that
805 many bytes
806
8071999-09-05 Assar Westerlund <assar@sics.se>
808
809 * kdc/connect.c (handle_tcp): try to print warning `TCP data of
810 strange type' less often
811
812 * lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly.
813 return on EOF. always free data. check return value from
814 realloc.
815 (send_and_recv_tcp, send_and_recv_http): check advertised length
816 against actual length
817
8181999-09-01 Johan Danielsson <joda@pdc.kth.se>
819
820 * configure.in: check for sgi capabilities
821
8221999-08-27 Johan Danielsson <joda@pdc.kth.se>
823
824 * lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return
825 extra addresses
826
827 * kpasswd/kpasswdd.c: use HDB keytabs; change some error messages;
828 add --realm flag
829
830 * lib/krb5/address.c (krb5_append_addresses): remove duplicates
831
8321999-08-26 Johan Danielsson <joda@pdc.kth.se>
833
834 * lib/hdb/keytab.c: HDB keytab backend
835
8361999-08-25 Johan Danielsson <joda@pdc.kth.se>
837
838 * lib/krb5/keytab.c
839 (krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
840 pointer
841
8421999-08-24 Johan Danielsson <joda@pdc.kth.se>
843
844 * kpasswd/kpasswdd.c: add `--keytab' flag
845
8461999-08-23 Assar Westerlund <assar@sics.se>
847
848 * lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr'
849 instead of the non-standard `s6_addr32'. From Yoshinobu Inoue
850 <shin@kame.net> by way of the KAME repository
851
8521999-08-18 Assar Westerlund <assar@sics.se>
853
854 * configure.in (--enable-new-des3-code): remove check for `struct
855 addrinfo'
856
857 * lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable
858 des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards
859 compatability
860
861 * lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key
862 derivation) just got assigned etype 16 by <bcn@isi.edu>. keep the
863 old etype at 7.
864
8651999-08-16 Assar Westerlund <assar@sics.se>
866
867 * lib/krb5/sendauth.c (krb5_sendauth): only look at errno if
868 krb5_net_read actually returns -1
869
870 * lib/krb5/recvauth.c (krb5_recvauth): only look at errno if
871 krb5_net_read actually returns -1
872
873 * appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't
874 returned -1
875
876 * appl/test/tcp_server.c (proto): only trust errno if
877 krb5_net_read actually returns -1
878
879 * appl/kf/kfd.c (proto): be more careful with the return value
880 from krb5_net_read
881
8821999-08-13 Assar Westerlund <assar@sics.se>
883
884 * lib/krb5/get_addrs.c (get_addrs_int): try the different ways
885 sequentially instead of just one. this helps if your heimdal was
886 built with v6-support but your kernel doesn't have it, for
887 example.
888
8891999-08-12 Assar Westerlund <assar@sics.se>
890
891 * kdc/hpropd.c: add inetd flag. default means try to figure out
892 if stdin is a socket or not.
893
894 * Makefile.am (ACLOCAL): just use `cf', this variable is only used
895 when the current directory is $(top_srcdir) anyways and having
896 $(top_srcdir) there breaks if it's a relative path
897
8981999-08-09 Johan Danielsson <joda@pdc.kth.se>
899
900 * configure.in: check for setproctitle
901
9021999-08-05 Assar Westerlund <assar@sics.se>
903
904 * lib/krb5/principal.c (krb5_sname_to_principal): remember to call
905 freehostent
906
907 * appl/test/tcp_client.c: call freehostent
908
909 * appl/kf/kf.c (doit): call freehostent
910
911 * appl/kf/kf.c: make v6 friendly and simplify
912
913 * appl/kf/kfd.c: make v6 friendly and simplify
914
915 * appl/test/tcp_server.c: simplify by using krb5_err instead of
916 errx
917
918 * appl/test/tcp_client.c: simplify by using krb5_err instead of
919 errx
920
921 * appl/test/tcp_server.c: make v6 friendly and simplify
922
923 * appl/test/tcp_client.c: make v6 friendly and simplify
924
9251999-08-04 Assar Westerlund <assar@sics.se>
926
927 * Release 0.1m
928
9291999-08-04 Assar Westerlund <assar@sics.se>
930
931 * kuser/kinit.c (main): some more KRB4-conditionalizing
932
933 * lib/krb5/get_in_tkt.c: type correctness
934
935 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in
936 flags. From Miroslav Ruda <ruda@ics.muni.cz>
937
938 * kuser/kinit.c (main): add config file support for forwardable
939 and krb4 support. From Miroslav Ruda <ruda@ics.muni.cz>
940
941 * kdc/kerberos5.c (as_rep): add an empty X500-compress string as
942 transited.
943 (fix_transited_encoding): check length.
944 From Miroslav Ruda <ruda@ics.muni.cz>
945
946 * kdc/hpropd.c (dump_krb4): check the realm so that we don't dump
947 principals in some other realm. From Miroslav Ruda
948 <ruda@ics.muni.cz>
949 (main): rename sa_len -> sin_len, sa_lan is a define on some
950 platforms.
951
952 * appl/kf/kfd.c: add regpag support. From Miroslav Ruda
953 <ruda@ics.muni.cz>
954
955 * appl/kf/kf.c: add `-G' and forwardable option in krb5.conf.
956 From Miroslav Ruda <ruda@ics.muni.cz>
957
958 * lib/krb5/config_file.c (parse_list): don't run past end of line
959
960 * appl/test/gss_common.h: new prototypes
961
962 * appl/test/gssapi_client.c: use gss_err instead of abort
963
964 * appl/test/gss_common.c (gss_verr, gss_err): add
965
9661999-08-03 Assar Westerlund <assar@sics.se>
967
968 * lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this
969 otherwise it doesn't build with shared libraries
970
971 * kdc/hpropd.c: v6-ify
972
973 * kdc/hprop.c: v6-ify
974
9751999-08-01 Assar Westerlund <assar@sics.se>
976
977 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname
978
9791999-07-31 Assar Westerlund <assar@sics.se>
980
981 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new
982 function that takes a FQDN
983
984 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c
985
986 * lib/krb5/expand_hostname.c: new file
987
9881999-07-28 Assar Westerlund <assar@sics.se>
989
990 * Release 0.1l
991
9921999-07-28 Assar Westerlund <assar@sics.se>
993
994 * lib/asn1/Makefile.am: bump version to 1:2:0
995
996 * lib/krb5/Makefile.am: bump version to 3:1:0
997
998 * configure.in: more inet_pton to roken
999
1000 * lib/krb5/principal.c (krb5_sname_to_principal): use
1001 getipnodebyname
1002
10031999-07-26 Assar Westerlund <assar@sics.se>
1004
1005 * Release 0.1k
1006
10071999-07-26 Johan Danielsson <joda@pdc.kth.se>
1008
1009 * lib/krb5/Makefile.am: bump version number (changed function
1010 signatures)
1011
1012 * lib/hdb/Makefile.am: bump version number (changes to some
1013 function signatures)
1014
10151999-07-26 Assar Westerlund <assar@sics.se>
1016
1017 * lib/krb5/Makefile.am: bump version to 3:0:2
1018
1019 * lib/hdb/Makefile.am: bump version to 2:1:0
1020
1021 * lib/asn1/Makefile.am: bump version to 1:1:0
1022
10231999-07-26 Assar Westerlund <assar@sics.se>
1024
1025 * Release 0.1j
1026
10271999-07-26 Assar Westerlund <assar@sics.se>
1028
1029 * configure.in: rokenize inet_ntop
1030
1031 * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t
1032
1033 * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t
1034
1035 * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t
1036
1037 * lib/krb5/store.c: lots of changes from size_t to ssize_t
1038 (krb5_ret_stringz): check return value from realloc
1039
1040 * lib/krb5/mk_safe.c: some type correctness
1041
1042 * lib/krb5/mk_priv.c: some type correctness
1043
1044 * lib/krb5/krb5.h (krb5_storage): change return values of
1045 functions from size_t to ssize_t
1046
10471999-07-24 Assar Westerlund <assar@sics.se>
1048
1049 * Release 0.1i
1050
1051 * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
1052 in lib/roken/roken.awk
1053
1054 * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
1055 step over addresses if there's no `sa_lan' field
1056
1057 * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
1058 using `struct sockaddr_storage'
1059
1060 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
1061 `struct sockaddr_storage'
1062
1063 * lib/krb5/changepw.c (krb5_change_password): simplify by using
1064 `struct sockaddr_storage'
1065
1066 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
1067 simplify by using `struct sockaddr_storage'
1068
1069 * kpasswd/kpasswdd.c (*): simplify by using `struct
1070 sockaddr_storage'
1071
1072 * kdc/connect.c (*): simplify by using `struct sockaddr_storage'
1073
1074 * configure.in (sa_family_t): just test for existence
1075 (sockaddr_storage): also specify include file
1076
1077 * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
1078 (sa_family_t): test for
1079 (struct sockaddr_storage): test for
1080
1081 * kdc/hprop.c (propagate_database): typo, NULL should be
1082 auth_context
1083
1084 * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
1085 AF_INET6
1086
1087 * appl/kf/kf.c (main): use warnx
1088
1089 * appl/kf/kf.c (proto): remove shadowing context
1090
1091 * lib/krb5/get_addrs.c (find_all_addresses): try to handle the
1092 case of getting back an `sockaddr_in6' address when sizeof(struct
1093 sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
1094 tell us how large the address is. This obviously doesn't work
1095 with unknown protocol types.
1096
10971999-07-24 Assar Westerlund <assar@sics.se>
1098
1099 * Release 0.1h
1100
11011999-07-23 Assar Westerlund <assar@sics.se>
1102
1103 * appl/kf/kfd.c: clean-up and more paranoia
1104
1105 * etc/services.append: add kf
1106
1107 * appl/kf/kf.c: rename tk_file to ccache for consistency. clean-up
1108
11091999-07-22 Assar Westerlund <assar@sics.se>
1110
1111 * lib/krb5/n-fold-test.c (main): print the correct data
1112
1113 * appl/Makefile.am (SUBDIRS): add kf
1114
1115 * appl/kf: new program. From Miroslav Ruda <ruda@ics.muni.cz>
1116
1117 * kdc/hprop.c: declare some variables unconditionally to simplify
1118 things
1119
1120 * kpasswd/kpasswdd.c: initialize kadm5 connection for every change
1121 (otherwise the modifier in the database doesn't get set)
1122
1123 * kdc/hpropd.c: clean-up and re-organize
1124
1125 * kdc/hprop.c: clean-up and re-organize
1126
1127 * configure.in (SunOS): define to xy for SunOS x.y
1128
11291999-07-19 Assar Westerlund <assar@sics.se>
1130
1131 * configure.in (AC_BROKEN): test for copyhostent, freehostent,
1132 getipnodebyaddr, getipnodebyname
1133
11341999-07-15 Assar Westerlund <assar@sics.se>
1135
1136 * lib/asn1/check-der.c: more test cases for integers
1137
1138 * lib/asn1/der_length.c (length_int): handle the case of the
1139 largest negative integer by not calling abs
1140
11411999-07-14 Assar Westerlund <assar@sics.se>
1142
1143 * lib/asn1/check-der.c (generic_test): check malloc return value
1144 properly
1145
1146 * lib/krb5/Makefile.am: add string_to_key_test
1147
1148 * lib/krb5/prog_setup.c (krb5_program_setup): always initialize
1149 the context
1150
1151 * lib/krb5/n-fold-test.c (main): return a relevant return value
1152
1153 * lib/krb5/krbhst.c: do SRV lookups for admin server as well.
1154 some clean-up.
1155
11561999-07-12 Assar Westerlund <assar@sics.se>
1157
1158 * configure.in: handle not building X programs
1159
11601999-07-06 Assar Westerlund <assar@sics.se>
1161
1162 * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
1163 variable
1164 (ipv6_sockaddr2port): fix typo
1165
1166 * etc/services.append: beginning of a file with services
1167
1168 * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
1169 there's no prefix. also clean-up a little bit.
1170
1171 * kdc/hprop.c (--kaspecials): new flag for handling special KA
1172 server entries. From "Brandon S. Allbery KF8NH"
1173 <allbery@kf8nh.apk.net>
1174
11751999-07-05 Assar Westerlund <assar@sics.se>
1176
1177 * kdc/connect.c (handle_tcp): make sure we have data before
1178 starting to look for HTTP
1179
1180 * kdc/connect.c (handle_tcp): always do getpeername, we can't
1181 trust recvfrom to return anything sensible
1182
11831999-07-04 Assar Westerlund <assar@sics.se>
1184
1185 * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
1186 all enctypes
1187
1188 * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry
1189
1190 * admin/srvconvert.c (srvconv): better error messages
1191
11921999-07-03 Assar Westerlund <assar@sics.se>
1193
1194 * lib/krb5/principal.c (unparse_name): error check malloc properly
1195
1196 * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
1197 properly
1198
1199 * lib/krb5/crypto.c (*): do some malloc return-value checks
1200 properly
1201
1202 * lib/hdb/hdb.c (hdb_process_master_key): simplify by using
1203 krb5_data_alloc
1204
1205 * lib/hdb/hdb.c (hdb_process_master_key): check return value from
1206 malloc
1207
1208 * lib/asn1/gen_decode.c (decode_type): fix generation of decoding
1209 information for TSequenceOf.
1210
1211 * kdc/kerberos5.c (get_pa_etype_info): check return value from
1212 malloc
1213
12141999-07-02 Assar Westerlund <assar@sics.se>
1215
1216 * lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
1217 0 and malloc returns NULL
1218
12191999-06-29 Assar Westerlund <assar@sics.se>
1220
1221 * lib/krb5/addr_families.c (ipv6_parse_addr): implement
1222
12231999-06-24 Assar Westerlund <assar@sics.se>
1224
1225 * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
1226 as an addrport one
1227
1228 * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
1229 add
1230 (krb5_auth_context): add local and remote port
1231
1232 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
1233 local and remote address and add them to the krb-cred packet
1234
1235 * lib/krb5/auth_context.c: save the local and remove ports in the
1236 auth_context
1237
1238 * lib/krb5/address.c (krb5_make_addrport): create an address of
1239 type KRB5_ADDRESS_ADDRPORT from (addr, port)
1240
1241 * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
1242 grabbing the port number out of the sockaddr
1243
12441999-06-23 Assar Westerlund <assar@sics.se>
1245
1246 * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
1247 increase possible verbosity.
1248
1249 * lib/krb5/config_file.c (parse_list): handle blank lines at
1250 another place
1251
1252 * kdc/connect.c (add_port_string): don't return a value
1253
1254 * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
1255 cache if the principals are different. close and NULL the old one
1256 so that we create a new one.
1257
1258 * configure.in: move around cgywin et al
1259 (LIB_kdb): set at the end of krb4-block
1260 (krb4): test for krb_enable_debug and krb_disable_debug
1261
12621999-06-16 Assar Westerlund <assar@sics.se>
1263
1264 * kuser/kdestroy.c (main): try to destroy v4 ticket even if the
1265 destruction of the v5 one fails
1266
1267 * lib/krb5/crypto.c (DES3_postproc): new version that does the
1268 right thing
1269 (*): don't put and recover length in 3DES encoding
1270 other small fixes
1271
12721999-06-15 Assar Westerlund <assar@sics.se>
1273
1274 * lib/krb5/get_default_principal.c: rewrite to use
1275 get_default_username
1276
1277 * lib/krb5/Makefile.am: add n-fold-test
1278
1279 * kdc/connect.c: add fallbacks for all lookups by service name
1280 (handle_tcp): break-up and clean-up
1281
12821999-06-09 Assar Westerlund <assar@sics.se>
1283
1284 * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
1285 the loopback address as uninteresting
1286
1287 * lib/krb5/get_addrs.c: new magic flag to get loopback address if
1288 there are no other addresses.
1289 (krb5_get_all_client_addrs): use that flag
1290
12911999-06-04 Assar Westerlund <assar@sics.se>
1292
1293 * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
1294 length
1295 (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
1296 (encrypt_internal_derived): don't include the length and don't
1297 decrease by the checksum size twice
1298 (_get_derived_key): the constant should be 5 bytes
1299
13001999-06-02 Johan Danielsson <joda@pdc.kth.se>
1301
1302 * configure.in: use KRB_CHECK_X
1303
1304 * configure.in: check for netinet/ip.h
1305
13061999-05-31 Assar Westerlund <assar@sics.se>
1307
1308 * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
1309 on RTLD_NOW
1310
13111999-05-23 Assar Westerlund <assar@sics.se>
1312
1313 * appl/test/uu_server.c: removed unused stuff
1314
1315 * appl/test/uu_client.c: removed unused stuff
1316
13171999-05-21 Assar Westerlund <assar@sics.se>
1318
1319 * kuser/kgetcred.c (main): correct error message
1320
1321 * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
1322 directly, avoiding redundant lookups and memory leaks
1323
1324 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
1325 local and remote addresses
1326
1327 * lib/krb5/get_default_principal.c (get_logname): also try
1328 $USERNAME
1329
1330 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)
1331
1332 * lib/krb5/principal.c (USE_RESOLVER): try to define only if we
1333 have a libresolv (currently by checking for res_search)
1334
13351999-05-18 Johan Danielsson <joda@pdc.kth.se>
1336
1337 * kdc/connect.c (handle_tcp): remove %-escapes in request
1338
13391999-05-14 Assar Westerlund <assar@sics.se>
1340
1341 * Release 0.1g
1342
1343 * admin/ktutil.c (kt_remove): -t should be -e
1344
1345 * configure.in (CHECK_NETINET_IP_AND_TCP): use
1346
1347 * kdc/hpropd.c: support for dumping to krb4. From Miroslav Ruda
1348 <ruda@ics.muni.cz>
1349
1350 * admin/ktutil.c (kt_add): new option `--no-salt'. From Miroslav
1351 Ruda <ruda@ics.muni.cz>
1352
1353 * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
1354 and innetgr with roken versions
1355
1356 * kuser/kgetcred.c: new program
1357
1358Tue May 11 14:09:33 1999 Johan Danielsson <joda@pdc.kth.se>
1359
1360 * lib/krb5/mcache.c: fix paste-o
1361
13621999-05-10 Johan Danielsson <joda@pdc.kth.se>
1363
1364 * configure.in: don't use uname
1365
13661999-05-10 Assar Westerlund <assar@sics.se>
1367
1368 * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
1369 arguments :-)
1370
1371 * appl/test/uu_server.c (setsockopt): cast to get rid of a warning
1372
1373 * appl/test/tcp_server.c (setsockopt): cast to get rid of a
1374 warning
1375
1376 * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
1377 == NULL
1378
1379 * appl/test/gssapi_server.c (setsockopt): cast to get rid of a
1380 warning
1381
1382 * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
1383 setting the default ccache.
1384
1385 * configure.in (getsockopt, setsockopt): test for
1386 (AM_INIT_AUTOMAKE): bump version to 0.1g
1387
1388 * appl/Makefile.am (SUBDIRS): add kx
1389
1390 * lib/hdb/convert_db.c (main): handle the case of no master key
1391
13921999-05-09 Assar Westerlund <assar@sics.se>
1393
1394 * Release 0.1f
1395
1396 * kuser/kinit.c: add --noaddresses
1397
1398 * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
1399 empty sit of list as to not ask for any addresses.
1400
14011999-05-08 Assar Westerlund <assar@sics.se>
1402
1403 * acconfig.h (_GNU_SOURCE): define this to enable (used)
1404 extensions on glibc-based systems such as linux
1405
14061999-05-03 Assar Westerlund <assar@sics.se>
1407
1408 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
1409 `*out_creds' properly
1410
1411 * lib/krb5/creds.c (krb5_compare_creds): just verify that the
1412 keytypes/enctypes are compatible, not that they are the same
1413
1414 * kuser/kdestroy.c (cache): const-correctness
1415
14161999-05-03 Johan Danielsson <joda@pdc.kth.se>
1417
1418 * lib/hdb/hdb.c (hdb_set_master_key): initialise master key
1419 version
1420
1421 * lib/hdb/convert_db.c: add support for upgrading database
1422 versions
1423
1424 * kdc/misc.c: add flags to fetch
1425
1426 * kdc/kstash.c: unlink keyfile on failure, chmod to 400
1427
1428 * kdc/hpropd.c: add --print option
1429
1430 * kdc/hprop.c: pass flags to hdb_foreach
1431
1432 * lib/hdb/convert_db.c: add some flags
1433
1434 * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
1435 build prototype headers
1436
1437 * lib/hdb/hdb_locl.h: update prototypes
1438
1439 * lib/hdb/print.c: move printable version of entry from kadmin
1440
1441 * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
1442 sealed or not; add flags to hdb_foreach
1443
1444 * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
1445 NDBM_nextkey
1446
1447 * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey
1448
1449 * lib/hdb/common.c: add flags to _hdb_{fetch,store}
1450
1451 * lib/hdb/hdb.h: add master_key_version to struct hdb, update
1452 prototypes
1453
1454 * lib/hdb/hdb.asn1: make mkvno optional, update version to 2
1455
1456 * configure.in: --enable-netinfo
1457
1458 * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO
1459
1460 * config.sub: fix for crays
1461
1462 * config.guess: new version from automake 1.4
1463
1464 * config.sub: new version from automake 1.4
1465
1466Wed Apr 28 00:21:17 1999 Assar Westerlund <assar@sics.se>
1467
1468 * Release 0.1e
1469
1470 * lib/krb5/mcache.c (mcc_get_next): get the current cursor
1471 correctly
1472
1473 * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
1474 From Ake Sandgren <ake@cs.umu.se>
1475
14761999-04-27 Johan Danielsson <joda@pdc.kth.se>
1477
1478 * kdc/kerberos5.c: fix arguments to decrypt_ticket
1479
14801999-04-25 Assar Westerlund <assar@sics.se>
1481
1482 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
1483 DCE secd's that are not able to handle MD5 checksums by defaulting
1484 to MD4 if the keytype was DES-CBC-CRC
1485
1486 * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype
1487
1488 * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
1489 `cksumtype'
1490
1491 * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
1492 secd
1493 (init_tgs_req): add all supported enctypes for the keytype in
1494 `in_creds->session.keytype' if it's set
1495
1496 * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
1497 encryption types
1498 (do_checksum): new function
1499 (verify_checksum): take the checksum to use from the checksum message
1500 and not from the crypto struct
1501 (etypes): add F_PSEUDO flags
1502 (krb5_keytype_to_enctypes): new function
1503
1504 * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
1505 and cksumtype
1506 (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
1507 (krb5_auth_setkeytype, krb5_auth_getkeytype): implement
1508 (krb5_auth_setenctype): comment out, it's rather bogus anyway
1509
1510Sun Apr 25 16:55:50 1999 Johan Danielsson <joda@pdc.kth.se>
1511
1512 * lib/krb5/krb5_locl.h: fix for stupid aix warnings
1513
1514 * lib/krb5/fcache.c (erase_file): don't malloc
1515
1516Sat Apr 24 18:35:21 1999 Johan Danielsson <joda@pdc.kth.se>
1517
1518 * kdc/config.c: pass context to krb5_config_file_free
1519
1520 * kuser/kinit.c: add `--fcache-version' to set cache version to
1521 create
1522
1523 * kuser/klist.c: print cache version if verbose
1524
1525 * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort
1526
1527 * lib/krb5/principal.c: abort -> krb5_abortx
1528
1529 * lib/krb5/mk_rep.c: abort -> krb5_abortx
1530
1531 * lib/krb5/config_file.c: abort -> krb5_abortx
1532
1533 * lib/krb5/context.c (init_context_from_config_file): init
1534 fcache_version; add krb5_{get,set}_fcache_version
1535
1536 * lib/krb5/keytab.c: add support for reading (and writing?) old
1537 version keytabs
1538
1539 * lib/krb5/cache.c: add krb5_cc_get_version
1540
1541 * lib/krb5/fcache.c: add support for reading and writing old
1542 version cache files
1543
1544 * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags
1545
1546 * lib/krb5/store_emem.c (krb5_storage_emem): zero flags
1547
1548 * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags
1549
1550 * lib/krb5/store.c: add flags to change how various fields are
1551 stored, used for old cache version support
1552
1553 * lib/krb5/krb5.h: add support for reading and writing old version
1554 cache files, and keytabs
1555
1556Wed Apr 21 00:09:26 1999 Assar Westerlund <assar@sics.se>
1557
1558 * configure.in: fix test for readline.h remember to link with
1559 $LIB_tgetent when trying linking with readline
1560
1561 * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
1562 is given, request a postdated ticket.
1563
1564 * lib/krb5/data.c (krb5_data_free): free data as long as it's not
1565 NULL
1566
1567Tue Apr 20 20:18:14 1999 Assar Westerlund <assar@sics.se>
1568
1569 * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen
1570
1571 * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add
1572
1573 * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
1574 KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
1575 invalid
1576
1577Tue Apr 20 12:42:08 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1578
1579 * kpasswd/kpasswdd.c: don't try to load library by default; get
1580 library and function name from krb5.conf
1581
1582 * kpasswd/sample_passwd_check.c: sample password checking
1583 functions
1584
1585Mon Apr 19 22:22:19 1999 Assar Westerlund <assar@sics.se>
1586
1587 * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
1588 krb5_data_alloc and be careful with checking allocation and sizes.
1589
1590 * kuser/klist.c (--tokens): conditionalize on KRB4
1591
1592 * kuser/kinit.c (renew_validate): set all flags
1593 (main): fix cut-n-paste error when setting start-time
1594
1595 * kdc/kerberos5.c (check_tgs_flags): starttime of a validate
1596 ticket should be > than current time
1597 (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket
1598
1599 * kuser/kinit.c (renew_validate): use the client realm instead of
1600 the local realm when renewing tickets.
1601
1602 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
1603 (krb5_get_forwarded_creds): correct freeing of out_creds
1604
1605 * kuser/kinit.c (renew_validate): hopefully fix up freeing of
1606 memory
1607
1608 * configure.in: do all the krb4 tests with "$krb4" != "no"
1609
1610 * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
1611 keyvalue if it's NULL. noticed by Ake Sandgren <ake@cs.umu.se>
1612
1613 * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
1614 instead of just taking the first one. fix all callers. From
1615 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
1616
1617 * kdc/kdc_locl.h (enable_kaserver): declaration
1618
1619 * kdc/hprop.c (ka_convert): print the failing principal. AFS 3.4a
1620 creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around. From
1621 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
1622
1623 * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning
1624
1625 * kdc/connect.c (add_standard_ports, process_request): look at
1626 enable_kaserver. From "Brandon S. Allbery KF8NH"
1627 <allbery@kf8nh.apk.net>
1628
1629 * kdc/config.c: new flag --kaserver and config file option
1630 enable-kaserver. From "Brandon S. Allbery KF8NH"
1631 <allbery@kf8nh.apk.net>
1632
1633Mon Apr 19 12:32:04 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1634
1635 * configure.in: check for dlopen, and dlfcn.h
1636
1637 * kpasswd/kpasswdd.c: add support for dlopen:ing password quality
1638 check library
1639
1640 * configure.in: add appl/su
1641
1642Sun Apr 18 15:46:53 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1643
1644 * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
1645 cache
1646
1647Fri Apr 16 17:58:51 1999 Assar Westerlund <assar@sics.se>
1648
1649 * configure.in: LIB_kdb: -L should be before -lkdb
1650 test for prototype of strsep
1651
1652Thu Apr 15 11:34:38 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1653
1654 * lib/krb5/Makefile.am: update version
1655
1656 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
1657 ALLOC_SEQ
1658
1659 * lib/krb5/fcache.c: add some support for reading and writing old
1660 cache formats;
1661 (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
1662 krb5_ret_creds
1663
1664 * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
1665 initialize host_byteorder
1666
1667 * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
1668 host_byteorder
1669
1670 * lib/krb5/store_emem.c (krb5_storage_emem): initialize
1671 host_byteorder
1672
1673 * lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
1674 (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
1675 check host_byteorder flag; (krb5_store_creds): add;
1676 (krb5_ret_creds): add
1677
1678 * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
1679 storage of numbers
1680
1681 * lib/krb5/heim_err.et: add `host not found' error
1682
1683 * kdc/connect.c: don't use data after clearing decriptor
1684
1685 * lib/krb5/auth_context.c: abort -> krb5_abortx
1686
1687 * lib/krb5/warn.c: add __attribute__; add *abort functions
1688
1689 * configure.in: check for __attribute__
1690
1691 * kdc/connect.c: log bogus requests
1692
1693Tue Apr 13 18:38:05 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1694
1695 * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
1696 for all DES keys
1697
16981999-04-12 Assar Westerlund <assar@sics.se>
1699
1700 * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit
1701
1702 * lib/krb5/get_cred.c (init_tgs_req): some more error checking
1703
1704 * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
1705 value from malloc
1706
1707Sun Apr 11 03:47:23 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1708
1709 * lib/krb5/krb5.conf.5: update to reality
1710
1711 * lib/krb5/krb5_425_conv_principal.3: update to reality
1712
17131999-04-11 Assar Westerlund <assar@sics.se>
1714
1715 * lib/krb5/get_host_realm.c: handle more than one realm for a host
1716
1717 * kpasswd/kpasswd.c (main): use krb5_program_setup and
1718 print_version
1719
1720 * kdc/string2key.c (main): use krb5_program_setup and
1721 print_version
1722
1723Sun Apr 11 02:35:58 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1724
1725 * lib/krb5/principal.c (krb5_524_conv_principal): make it actually
1726 work, and check built-in list of host-type first-components
1727
1728 * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm
1729
1730 * lib/krb5/context.c: add srv_* flags to context
1731
1732 * lib/krb5/principal.c: add default v4_name_convert entries
1733
1734 * lib/krb5/krb5.h: add srv_* flags to context
1735
1736Sat Apr 10 22:52:28 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1737
1738 * kadmin/kadmin.c: complain about un-recognised commands
1739
1740 * admin/ktutil.c: complain about un-recognised commands
1741
1742Sat Apr 10 15:41:49 1999 Assar Westerlund <assar@sics.se>
1743
1744 * kadmin/load.c (doit): fix error message
1745
1746 * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
1747 fail to match.
1748 (krb5_get_wrapped_length): new function
1749
1750 * configure.in: security/pam_modules.h: check for
1751
1752 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
1753 around `ret_as_reply' semantics by only freeing it when ret == 0
1754
1755Fri Apr 9 20:24:04 1999 Assar Westerlund <assar@sics.se>
1756
1757 * kuser/klist.c (print_cred_verbose): handle the case of a bad
1758 enctype
1759
1760 * configure.in: test for more header files
1761 (LIB_roken): set
1762
1763Thu Apr 8 15:01:59 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1764
1765 * configure.in: fixes for building w/o krb4
1766
1767 * ltmain.sh: update to libtool 1.2d
1768
1769 * ltconfig: update to libtool 1.2d
1770
1771Wed Apr 7 23:37:26 1999 Assar Westerlund <assar@sics.se>
1772
1773 * kdc/hpropd.c: fix some error messages to be more understandable.
1774
1775 * kdc/hprop.c (ka_dump): remove unused variables
1776
1777 * appl/test/tcp_server.c: remove unused variables
1778
1779 * appl/test/gssapi_server.c: remove unused variables
1780
1781 * appl/test/gssapi_client.c: remove unused variables
1782
1783Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1784
1785 * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code
1786
1787 * kuser/klist.c: make it compile w/o krb4
1788
1789 * kuser/kdestroy.c: make it compile w/o krb4
1790
1791 * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
1792 strings
1793
1794Mon Apr 5 16:13:46 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1795
1796 * configure.in: test for MIPS ABI; new test_package
1797
1798Thu Apr 1 11:00:40 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1799
1800 * include/Makefile.am: clean krb5-private.h
1801
1802 * Release 0.1d
1803
1804 * kpasswd/kpasswdd.c (doit): pass context to
1805 krb5_get_all_client_addrs
1806
1807 * kdc/connect.c (init_sockets): pass context to
1808 krb5_get_all_server_addrs
1809
1810 * lib/krb5/get_in_tkt.c (init_as_req): pass context to
1811 krb5_get_all_client_addrs
1812
1813 * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
1814 krb5_get_all_client_addrs
1815
1816 * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses
1817
1818 * lib/krb5/krb5.h: add support for adding an extra set of
1819 addresses
1820
1821 * lib/krb5/context.c: add support for adding an extra set of
1822 addresses
1823
1824 * lib/krb5/addr_families.c: add krb5_parse_address
1825
1826 * lib/krb5/address.c: krb5_append_addresses
1827
1828 * lib/krb5/config_file.c (parse_binding): don't zap everything
1829 after first whitespace
1830
1831 * kuser/kinit.c (renew_validate): don't allocate out
1832
1833 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
1834 allocate out_creds
1835
1836 * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
1837 out_creds pointer;
1838 (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
1839 free more memory
1840
1841 * lib/krb5/crypto.c (encrypt_internal): free checksum
1842
1843 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
1844 and ticket
1845
1846 * kuser/Makefile.am: remove kfoo
1847
1848 * lib/Makefile.am: add auth
1849
1850 * lib/kadm5/iprop.h: getarg.h
1851
1852 * lib/kadm5/replay_log.c: use getarg
1853
1854 * lib/kadm5/ipropd_slave.c: use getarg
1855
1856 * lib/kadm5/ipropd_master.c: use getarg
1857
1858 * lib/kadm5/dump_log.c: use getarg
1859
1860 * kpasswd/kpasswdd.c: use getarg
1861
1862 * Makefile.am.common: make a more working check-local target
1863
1864 * lib/asn1/main.c: use getargs
1865
1866Mon Mar 29 20:19:57 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1867
1868 * kuser/klist.c (print_cred_verbose): use krb5_print_address
1869
1870 * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int
1871
1872 * lib/krb5/addr_families.c (krb5_print_address): handle unknown
1873 address types; (ipv6_print_addr): print in 16-bit groups (as it
1874 should)
1875
1876 * lib/krb5/crc.c: crc_{init_table,update} ->
1877 _krb5_crc_{init_table,update}
1878
1879 * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
1880 crc_{init_table,update} -> _krb5_crc_{init_table,update}
1881
1882 * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int
1883
1884 * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int
1885
1886 * lib/krb5/krb5_locl.h: include krb5-private.h
1887
1888 * kdc/connect.c (addr_to_string): use krb5_print_address
1889
1890 * lib/krb5/addr_families.c (krb5_print_address): int -> size_t
1891
1892 * lib/krb5/addr_families.c: add support for printing ipv6
1893 addresses, either with inet_ntop, or ugly for-loop
1894
1895 * kdc/524.c: check that the ticket came from a valid address; use
1896 the address of the connection as the address to put in the v4
1897 ticket (if this address is AF_INET)
1898
1899 * kdc/connect.c: pass addr to do_524
1900
1901 * kdc/kdc_locl.h: prototype for do_524
1902
1903Sat Mar 27 17:48:31 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1904
1905 * configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
1906 setlim; check for auth modules; siad.h, getpwnam_r;
1907 lib/auth/Makefile, lib/auth/sia/Makefile
1908
1909 * lib/krb5/crypto.c: n_fold -> _krb5_n_fold
1910
1911 * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold
1912
1913Thu Mar 25 04:35:21 1999 Assar Westerlund <assar@sics.se>
1914
1915 * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
1916 it
1917
1918 * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'
1919
1920 * lib/hdb/ndbm.c (NDBM_destroy): clear master key
1921
1922 * lib/hdb/db.c (DB_destroy): clear master key
1923 (DB_open): check malloc
1924
1925 * kdc/connect.c (init_sockets): free addresses
1926
1927 * kadmin/kadmin.c (main): make code more consistent. always free
1928 configuration information.
1929
1930 * kadmin/init.c (create_random_entry): free the entry
1931
1932Wed Mar 24 04:02:03 1999 Assar Westerlund <assar@sics.se>
1933
1934 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
1935 re-organize the code to always free `kdc_reply'
1936
1937 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
1938 freeing memory
1939
1940 * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close
1941
1942 * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'
1943
1944 * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
1945 header
1946
1947 * configure.in (db_185.h): check for
1948
1949 * admin/srvcreate.c: new file. contributed by Daniel Kouril
1950 <kouril@informatics.muni.cz>
1951
1952 * admin/ktutil.c: srvcreate: new command
1953
1954 * kuser/klist.c: add support for printing AFS tokens
1955
1956 * kuser/kdestroy.c: add support for destroying v4 tickets and AFS
1957 tokens. based on code by Love <lha@stacken.kth.se>
1958
1959 * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries
1960
1961 * configure.in: sys/ioccom.h: test for
1962
1963 * kuser/klist.c (main): don't print `no ticket file' with --test.
1964 From: Love <lha@e.kth.se>
1965
1966 * kpasswd/kpasswdd.c (doit): more braces to make gcc happy
1967
1968 * kdc/connect.c (init_socket): get rid of a stupid warning
1969
1970 * include/bits.c (my_strupr): cast away some stupid warnings
1971
1972Tue Mar 23 14:34:44 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1973
1974 * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
1975 loops, please
1976
1977Tue Mar 23 00:00:45 1999 Assar Westerlund <assar@sics.se>
1978
1979 * lib/kadm5/Makefile.am (install_build_headers): recover from make
1980 rewriting the names of the headers kludge to help solaris make
1981
1982 * lib/krb5/Makefile.am: kludge to help solaris make
1983
1984 * lib/hdb/Makefile.am: kludge to help solaris make
1985
1986 * configure.in (LIB_kdb): make sure there's a -L option in here by
1987 adding $(LIB_krb4)
1988
1989 * lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
1990 unsigned
1991
1992 * configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
1993 remove the `dnl' to work around an automake flaw
1994
1995Sun Mar 21 15:08:49 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1996
1997 * lib/krb5/get_default_realm.c: char* -> krb5_realm
1998
1999Sun Mar 21 14:08:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2000
2001 * include/bits.c: <bind/bitypes.h>
2002
2003 * lib/krb5/Makefile.am: create krb5-private.h
2004
2005Sat Mar 20 00:08:59 1999 Assar Westerlund <assar@sics.se>
2006
2007 * configure.in (gethostname): remove duplicate
2008
2009Fri Mar 19 14:48:03 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2010
2011 * lib/hdb/Makefile.am: add version-info
2012
2013 * lib/gssapi/Makefile.am: add version-info
2014
2015 * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
2016 to check_PROGRAMS
2017
2018 * lib/Makefile.am: add 45
2019
2020 * lib/kadm5/Makefile.am: split in client and server libraries
2021 (breaks shared libraries otherwise)
2022
2023Thu Mar 18 11:33:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2024
2025 * include/kadm5/Makefile.am: clean a lot of header files (since
2026 automake lacks a clean-hook)
2027
2028 * include/Makefile.am: clean a lot of header files (since automake
2029 lacks a clean-hook)
2030
2031 * lib/kadm5/Makefile.am: fix build-installation of headers
2032
2033 * lib/krb5/Makefile.am: remove include_dir hack
2034
2035 * lib/hdb/Makefile.am: remove include_dir hack
2036
2037 * lib/asn1/Makefile.am: remove include_dir hack
2038
2039 * include/Makefile.am: remove include_dir hack
2040
2041 * doc/whatis.texi: define sub for html
2042
2043 * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h
2044
2045 * lib/asn1/Makefile.am: der.h
2046
2047 * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h
2048
2049 * kdc/Makefile.am: remove junk
2050
2051 * kadmin/Makefile.am: sl.a -> sl.la
2052
2053 * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS
2054
2055 * admin/Makefile.am: sl.a -> sl.la
2056
2057 * configure.in: condition KRB5; AC_CHECK_XAU
2058
2059 * Makefile.am: include Makefile.am.common
2060
2061 * include/kadm5/Makefile.am: include Makefile.am.common; don't
2062 install headers from here
2063
2064 * include/Makefile.am: include Makefile.am.common; don't install
2065 headers from here
2066
2067 * doc/Makefile.am: include Makefile.am.common
2068
2069 * lib/krb5/Makefile.am: include Makefile.am.common
2070
2071 * lib/kadm5/Makefile.am: include Makefile.am.common
2072
2073 * lib/hdb/Makefile.am: include Makefile.am.common
2074
2075 * lib/gssapi/Makefile.am: include Makefile.am.common
2076
2077 * lib/asn1/Makefile.am: include Makefile.am.common
2078
2079 * lib/Makefile.am: include Makefile.am.common
2080
2081 * lib/45/Makefile.am: include Makefile.am.common
2082
2083 * kuser/Makefile.am: include Makefile.am.common
2084
2085 * kpasswd/Makefile.am: include Makefile.am.common
2086
2087 * kdc/Makefile.am: include Makefile.am.common
2088
2089 * kadmin/Makefile.am: include Makefile.am.common
2090
2091 * appl/test/Makefile.am: include Makefile.am.common
2092
2093 * appl/afsutil/Makefile.am: include Makefile.am.common
2094
2095 * appl/Makefile.am: include Makefile.am.common
2096
2097 * admin/Makefile.am: include Makefile.am.common
2098
2099Wed Mar 17 03:04:38 1999 Assar Westerlund <assar@sics.se>
2100
2101 * lib/krb5/store.c (krb5_store_stringz): braces fix
2102
2103 * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix
2104
2105 * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix
2106
2107 * kdc/connect.c (loop): braces fix
2108
2109 * lib/krb5/config_file.c: cast to unsigned char to make is* happy
2110
2111 * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy
2112
2113 * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
2114 be consistent
2115
2116 * kadmin/util.c (timeval2str): more braces to make gcc happy
2117
2118 * kadmin/load.c: cast in is* to get rid of stupid warning
2119
2120 * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
2121 warning
2122
2123 * kdc/kaserver.c: malloc checks and fixes
2124
2125 * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
2126 dot (if any) when looking up realms.
2127
2128Fri Mar 12 13:57:56 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2129
2130 * lib/krb5/get_host_realm.c: add dns support
2131
2132 * lib/krb5/set_default_realm.c: use krb5_free_host_realm
2133
2134 * lib/krb5/free_host_realm.c: check for NULL realmlist
2135
2136 * lib/krb5/context.c: don't print warning if there is no krb5.conf
2137
2138Wed Mar 10 19:29:46 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2139
2140 * configure.in: use AC_WFLAGS
2141
2142Mon Mar 8 11:49:43 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2143
2144 * Release 0.1c
2145
2146 * kuser/klist.c: use print_version
2147
2148 * kuser/kdestroy.c: use print_version
2149
2150 * kdc/hpropd.c: use print_version
2151
2152 * kdc/hprop.c: use print_version
2153
2154 * kdc/config.c: use print_version
2155
2156 * kadmin/kadmind.c: use print_version
2157
2158 * kadmin/kadmin.c: use print_version
2159
2160 * appl/test/common.c: use print_version
2161
2162 * appl/afsutil/afslog.c: use print_version
2163
2164Mon Mar 1 10:49:14 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2165
2166 * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
2167 HAVE_STRUCT_SOCKADDR_SA_LEN
2168
2169 * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13
2170
2171Sun Feb 28 18:19:20 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2172
2173 * lib/asn1/gen.c: make `BIT STRING's unsigned
2174
2175 * lib/asn1/{symbol.h,gen.c}: add TUInteger type
2176
2177 * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
2178 krb5_get_init_creds_password
2179
2180 * lib/krb5/fcache.c (fcc_gen_new): implement
2181
2182Sat Feb 27 22:41:23 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2183
2184 * doc/install.texi: krb4 is now automatically detected
2185
2186 * doc/misc.texi: update procedure to set supported encryption
2187 types
2188
2189 * doc/setup.texi: change some silly wordings
2190
2191Sat Feb 27 22:17:30 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2192
2193 * lib/krb5/keytab.c (fkt_remove_entry): make this work
2194
2195 * admin/ktutil.c: add minimally working `get' command
2196
2197Sat Feb 27 19:44:49 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2198
2199 * lib/hdb/convert_db.c: more typos
2200
2201 * include/Makefile.am: remove EXTRA_DATA (as of autoconf
2202 2.13/automake 1.4)
2203
2204 * appl/Makefile.am: OTP_dir
2205
2206Fri Feb 26 17:37:00 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2207
2208 * doc/setup.texi: add kadmin section
2209
2210 * lib/asn1/check-der.c: fix printf warnings
2211
2212Thu Feb 25 11:16:49 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2213
2214 * configure.in: -O does not belong in WFLAGS
2215
2216Thu Feb 25 11:05:57 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2217
2218 * lib/asn1/der_put.c: fix der_put_int
2219
2220Tue Feb 23 20:35:12 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2221
2222 * configure.in: use AC_BROKEN_GLOB
2223
2224Mon Feb 22 15:12:44 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2225
2226 * configure.in: check for glob
2227
2228Mon Feb 22 11:32:42 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2229
2230 * Release 0.1b
2231
2232Sat Feb 20 15:48:06 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2233
2234 * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
2235 des3-cbc-md5
2236
2237 * lib/krb5/crypto.c (DES3_string_to_key): make this actually do
2238 what the draft said it should
2239
2240 * lib/hdb/convert_db.c: little program for database conversion
2241
2242 * lib/hdb/db.c (DB_open): try to open database w/o .db extension
2243
2244 * lib/hdb/ndbm.c (NDBM_open): add test for database format
2245
2246 * lib/hdb/db.c (DB_open): add test for database format
2247
2248 * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
2249 unsigned
2250
2251 * lib/hdb/hdb.c: change `hdb_set_master_key' to take an
2252 EncryptionKey, and add a new function `hdb_set_master_keyfile' to
2253 do what `hdb_set_master_key' used to do
2254
2255 * kdc/kstash.c: add `--convert-file' option to change keytype of
2256 existing master key file
2257
2258Fri Feb 19 07:04:14 1999 Assar Westerlund <assar@squid.pdc.kth.se>
2259
2260 * Release 0.1a
2261
2262Sat Feb 13 17:12:53 1999 Assar Westerlund <assar@sics.se>
2263
2264 * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
2265 is now a `u_char *'
2266
2267 * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'
2268
2269 * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
2270 orig_host
2271
2272 (krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
2273 RSA_MD5_DES3_verify): initialize ret
2274
2275 * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
2276 gssapi_krb5_init. ask for KEYTYPE_DES credentials
2277
2278 * kadmin/get.c (print_entry_long): print the keytypes and salts
2279 available for the principal
2280
2281 * configure.in (WFLAGS): add `-O' to catch unitialized variables
2282 and such
2283 (gethostname, mkstemp, getusershell, inet_aton): more tests
2284
2285 * lib/hdb/hdb.h: update prototypes
2286
2287 * configure.in: homogenize broken detection with krb4
2288
2289 * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
2290 `error'
2291
2292 * lib/asn1/Makefile.am (check-der): add
2293
2294 * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
2295 of `unsigned'
2296
2297 * lib/asn1/der_length.c (length_unsigned): new function
2298 (length_int): handle signed integers
2299
2300 * lib/asn1/der_put.c (der_put_unsigned): new function
2301 (der_put_int): handle signed integers
2302
2303 * lib/asn1/der_get.c (der_get_unsigned): new function
2304 (der_get_int): handle signed integers
2305
2306 * lib/asn1/der.h: all integer functions take `int' instead of
2307 `unsigned'
2308
2309 * lib/asn1/lex.l (filename): unused. remove.
2310
2311 * lib/asn1/check-der.c: new test program for der encoding and
2312 decoding.
2313
2314Mon Feb 1 04:09:06 1999 Assar Westerlund <assar@sics.se>
2315
2316 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
2317 gethostbyname2 with AF_INET6 if we actually have IPv6. From
2318 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
2319
2320 * lib/krb5/changepw.c (get_kdc_address): dito
2321
2322Sun Jan 31 06:26:36 1999 Assar Westerlund <assar@sics.se>
2323
2324 * kdc/connect.c (parse_prots): always bind to AF_INET, there are
2325 v6-implementations without support for `mapped V4 addresses'.
2326 From Jun-ichiro itojun Hagino <itojun@kame.net>
2327
2328Sat Jan 30 22:38:27 1999 Assar Westerlund <assar@juguete.sics.se>
2329
2330 * Release 0.0u
2331
2332Sat Jan 30 13:43:02 1999 Assar Westerlund <assar@sics.se>
2333
2334 * lib/krb5/Makefile.am: explicit rules for *.et files
2335
2336 * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
2337 krb5_get_credentials was succesful.
2338 (get_new_cache): return better error codes and return earlier.
2339 (get_cred_cache): only delete default_client if it's different
2340 from client
2341 (kadm5_c_init_with_context): return a more descriptive error.
2342
2343 * kdc/kerberos5.c (check_flags): handle NULL client or server
2344
2345 * lib/krb5/sendauth.c (krb5_sendauth): return the error in
2346 `ret_error' iff != NULL
2347
2348 * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
2349 new functions
2350
2351 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
2352 type-correctness
2353
2354 * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR
2355
2356 * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use
2357
2358 * lib/krb5/get_cred.c: KRB5_TGS_NAME: use
2359
2360 * lib/kafs/afskrb5.c (afslog_uid_int): update to changes
2361
2362 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
2363 instead of rename, but shouldn't this just call rename?
2364
2365 * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
2366 error if the principal wasn't found.
2367
2368 * lib/hdb/ndbm.c (NDBM_seq): unseal key
2369
2370 * lib/hdb/db.c (DB_seq): unseal key
2371
2372 * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]
2373
2374 * kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when
2375 finding cross-realm tgts in the v4 database
2376
2377 * kadmin/mod.c (mod_entry): check the number of arguments. check
2378 that kadm5_get_principal worked.
2379
2380 * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
2381 we weren't able to remove it.
2382
2383 * admin/ktutil.c: less drive-by-deleting. From Love
2384 <lha@e.kth.se>
2385
2386 * kdc/connect.c (parse_ports): copy the string before mishandling
2387 it with strtok_r
2388
2389 * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
2390 kvnos
2391
2392 * kadmin/kadmind.c (main): convert `debug_port' to network byte
2393 order
2394
2395 * kadmin/kadmin.c: allow specification of port number.
2396
2397 * lib/kadm5/kadm5_locl.h (kadm5_client_context): add
2398 `kadmind_port'.
2399
2400 * lib/kadm5/init_c.c (_kadm5_c_init_context): move up
2401 initalize_kadm5_error_table_r.
2402 allow specification of port number.
2403
2404 From Love <lha@stacken.kth.se>
2405
2406 * kuser/klist.c: add option -t | --test
2407
2408Sat Dec 5 19:49:34 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2409
2410 * lib/krb5/context.c: remove ktype_is_etype
2411
2412 * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE
2413
2414 * configure.in: fix for AIX install; better tests for AIX dynamic
2415 AFS libs; `--enable-new-des3-code'
2416
2417Tue Dec 1 14:44:44 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2418
2419 * appl/afsutil/Makefile.am: link with extra libs for aix
2420
2421 * kuser/Makefile.am: link with extra libs for aix
2422
2423Sun Nov 29 01:56:21 1998 Assar Westerlund <assar@sics.se>
2424
2425 * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add. almost
2426 the same as krb5_get_all_client_addrs except that it includes
2427 loopback addresses
2428
2429 * kdc/connect.c (init_socket): bind to a particular address
2430 (init_sockets): get all local addresses and bind to them all
2431
2432 * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
2433 methods
2434 (find_af, find_atype): new functions. use them.
2435
2436 * configure.in: add hesiod
2437
2438Wed Nov 25 11:37:48 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2439
2440 * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03
2441
2442Mon Nov 23 12:53:48 1998 Assar Westerlund <assar@sics.se>
2443
2444 * lib/kadm5/log.c: rename delete -> remove
2445
2446 * lib/kadm5/delete_s.c: rename delete -> remove
2447
2448 * lib/hdb/common.c: rename delete -> remove
2449
2450Sun Nov 22 12:26:26 1998 Assar Westerlund <assar@sics.se>
2451
2452 * configure.in: check for environ and `struct spwd'
2453
2454Sun Nov 22 11:42:45 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2455
2456 * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
2457 ktype_is_etype
2458
2459 * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
2460 etypes
2461 (em): sort entries
2462
2463Sun Nov 22 06:54:48 1998 Assar Westerlund <assar@sics.se>
2464
2465 * lib/krb5/init_creds_pw.c: more type correctness
2466
2467 * lib/krb5/get_cred.c: re-structure code. remove limits on ASN1
2468 generated bits.
2469
2470Sun Nov 22 01:49:50 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2471
2472 * kdc/hprop.c (v4_prop): fix bogus indexing
2473
2474Sat Nov 21 21:39:20 1998 Assar Westerlund <assar@sics.se>
2475
2476 * lib/krb5/verify_init.c (fail_verify_is_ok): new function
2477 (krb5_verify_init_creds): if we cannot get a ticket for
2478 host/`hostname` and fail_verify_is_ok just return. use
2479 krb5_rd_req
2480
2481Sat Nov 21 23:12:27 1998 Assar Westerlund <assar@sics.se>
2482
2483 * lib/krb5/free.c (krb5_xfree): new function
2484
2485 * lib/krb5/creds.c (krb5_free_creds_contents): new function
2486
2487 * lib/krb5/context.c: more type correctness
2488
2489 * lib/krb5/checksum.c: more type correctness
2490
2491 * lib/krb5/auth_context.c (krb5_auth_con_init): more type
2492 correctness
2493
2494 * lib/asn1/der_get.c (der_get_length): fix test of len
2495 (der_get_tag): more type correctness
2496
2497 * kuser/klist.c (usage): void-ize
2498
2499 * admin/ktutil.c (kt_remove): some more type correctness.
2500
2501Sat Nov 21 16:49:20 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2502
2503 * kuser/klist.c: try to list enctypes as keytypes
2504
2505 * kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
2506 to set list of enctypes to use
2507
2508 * kadmin/load.c: load strings as hex
2509
2510 * kadmin/dump.c: dump hex as string is possible
2511
2512 * admin/ktutil.c: use print_version()
2513
2514 * configure.in, acconfig.h: test for hesiod
2515
2516Sun Nov 15 17:28:19 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2517
2518 * lib/krb5/crypto.c: add some crypto debug code
2519
2520 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
2521 buffer when encoding ticket
2522
2523 * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'
2524
2525 * kdc/kerberos5.c: allow mis-match of tgt session key, and service
2526 session key
2527
2528 * admin/ktutil.c: keytype -> enctype
2529
2530Fri Nov 13 05:35:48 1998 Assar Westerlund <assar@sics.se>
2531
2532 * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
2533
2534Sat Nov 7 19:56:31 1998 Assar Westerlund <assar@sics.se>
2535
2536 * lib/krb5/get_cred.c (add_cred): add termination NULL pointer
2537
2538Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se>
2539
2540 * lib/krb5/rd_req.c: adapt to new crypto api
2541
2542 * lib/krb5/rd_rep.c: adapt to new crypto api
2543
2544 * lib/krb5/rd_priv.c: adopt to new crypto api
2545
2546 * lib/krb5/rd_cred.c: adopt to new crypto api
2547
2548 * lib/krb5/principal.c: ENOMEM -> ERANGE
2549
2550 * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api
2551
2552 * lib/krb5/mk_req_ext.c: adopt to new crypto api
2553
2554 * lib/krb5/mk_req.c: get enctype from auth_context keyblock
2555
2556 * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api
2557
2558 * lib/krb5/mk_priv.c: adopt to new crypto api
2559
2560 * lib/krb5/keytab.c: adopt to new crypto api
2561
2562 * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api
2563
2564 * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api
2565
2566 * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api
2567
2568 * lib/krb5/get_in_tkt.c: adopt to new crypto api
2569
2570 * lib/krb5/get_cred.c: adopt to new crypto api
2571
2572 * lib/krb5/generate_subkey.c: use new crypto api
2573
2574 * lib/krb5/context.c: rename etype functions to enctype ditto
2575
2576 * lib/krb5/build_auth.c: use new crypto api
2577
2578 * lib/krb5/auth_context.c: remove enctype and cksumtype from
2579 auth_context
2580
2581Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se>
2582
2583 * kdc/connect.c (handle_udp, handle_tcp): correct type of `n'
2584
2585Tue Sep 15 18:41:38 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2586
2587 * admin/ktutil.c: fix printing of unrecognized keytypes
2588
2589Tue Sep 15 17:02:33 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2590
2591 * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
2592 using AFS3 salt
2593
2594Tue Aug 25 23:30:52 1998 Assar Westerlund <assar@sics.se>
2595
2596 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
2597 `use_admin_kdc'
2598
2599 * lib/krb5/changepw.c (get_kdc_address): use
2600 krb5_get_krb_admin_hst
2601
2602 * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function
2603
2604 * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'
2605
2606 * lib/krb5/context.c (krb5_get_use_admin_kdc,
2607 krb5_set_use_admin_kdc): new functions
2608
2609Tue Aug 18 22:24:12 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2610
2611 * lib/krb5/crypto.c: remove all calls to abort(); check return
2612 value from _key_schedule;
2613 (RSA_MD[45]_DES_verify): zero tmp and res;
2614 (RSA_MD5_DES3_{verify,checksum}): implement
2615
2616Mon Aug 17 20:18:46 1998 Assar Westerlund <assar@sics.se>
2617
2618 * kdc/kerberos4.c (swap32): conditionalize
2619
2620 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function
2621
2622 * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
2623 returned from gethostby*() isn't a FQDN, try with the original
2624 hostname
2625
2626 * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
2627 and correct key usage
2628
2629 * lib/krb5/crypto.c (verify_checksum): make static
2630
2631 * admin/ktutil.c (kt_list): use krb5_enctype_to_string
2632
2633Sun Aug 16 20:57:56 1998 Assar Westerlund <assar@sics.se>
2634
2635 * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt
2636
2637 * kadmin/ank.c (ank): print principal name in prompt
2638
2639 * lib/krb5/crypto.c (hmac): always allocate space for checksum.
2640 never trust c.checksum.length
2641 (_get_derived_key): try to return the derived key
2642
2643Sun Aug 16 19:48:42 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2644
2645 * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
2646 (get_checksum_key): assume usage is `formatted'
2647 (create_checksum,verify_checksum): moved the guts of the krb5_*
2648 functions here, both take `formatted' key-usages
2649 (encrypt_internal_derived): fix various bogosities
2650 (derive_key): drop key_type parameter (already given by the
2651 encryption_type)
2652
2653 * kdc/kerberos5.c (check_flags): handle case where client is NULL
2654
2655 * kdc/connect.c (process_request): return zero after processing
2656 kerberos 4 request
2657
2658Sun Aug 16 18:38:15 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2659
2660 * lib/krb5/crypto.c: merge x-*.[ch] into one file
2661
2662 * lib/krb5/cache.c: remove residual from krb5_ccache_data
2663
2664Fri Aug 14 16:28:23 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2665
2666 * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
2667 separate function (will eventually end up someplace else)
2668
2669 * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key
2670
2671 * configure.in, acconfig.h: test for four valued krb_put_int
2672
2673Thu Aug 13 23:46:29 1998 Assar Westerlund <assar@emma.pdc.kth.se>
2674
2675 * Release 0.0t
2676
2677Thu Aug 13 22:40:17 1998 Assar Westerlund <assar@sics.se>
2678
2679 * lib/krb5/config_file.c (parse_binding): remove trailing
2680 whitespace
2681
2682Wed Aug 12 20:15:11 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2683
2684 * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
2685 to krb5_create_checksum
2686
2687 * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
2688 few typos
2689
2690Wed Aug 5 12:39:54 1998 Assar Westerlund <assar@emma.pdc.kth.se>
2691
2692 * Release 0.0s
2693
2694Thu Jul 30 23:12:17 1998 Assar Westerlund <assar@sics.se>
2695
2696 * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die
2697
2698Thu Jul 23 19:49:03 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2699
2700 * kdc/kdc_locl.h: proto for `get_des_key'
2701
2702 * configure.in: test for four valued el_init
2703
2704 * kuser/klist.c: keytype -> enctype
2705
2706 * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'
2707
2708 * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys
2709
2710 * kdc/kaserver.c: use `get_des_key'
2711
2712 * kdc/524.c: use new crypto api
2713
2714 * kdc/kerberos4.c: use new crypto api
2715
2716 * kdc/kerberos5.c: always treat keytypes as enctypes; use new
2717 crypto api
2718
2719 * kdc/kstash.c: adapt to new crypto api
2720
2721 * kdc/string2key.c: adapt to new crypto api
2722
2723 * admin/srvconvert.c: add keys for all possible enctypes
2724
2725 * admin/ktutil.c: keytype -> enctype
2726
2727 * lib/gssapi/init_sec_context.c: get enctype from auth_context
2728 keyblock
2729
2730 * lib/hdb/hdb.c: remove hdb_*_keytype2key
2731
2732 * lib/kadm5/set_keys.c: adapt to new crypto api
2733
2734 * lib/kadm5/rename_s.c: adapt to new crypto api
2735
2736 * lib/kadm5/get_s.c: adapt to new crypto api
2737
2738 * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
2739 des-cbc-md5, and des3-cbc-sha1
2740
2741 * lib/krb5/heim_err.et: error message for unsupported salt
2742
2743 * lib/krb5/codec.c: short-circuit these functions, since they are
2744 not needed any more
2745
2746 * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api
2747
2748Mon Jul 13 23:00:59 1998 Assar Westerlund <assar@sics.se>
2749
2750 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
2751 hostent->h_addr_list, use a copy instead
2752
2753Mon Jul 13 15:00:31 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2754
2755 * lib/krb5/config_file.c (parse_binding, parse_section): make sure
2756 everything is ok before adding to linked list
2757
2758 * lib/krb5/config_file.c: skip ws before checking for comment
2759
2760Wed Jul 8 10:45:45 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2761
2762 * lib/asn1/k5.asn1: hmac-sha1-des3 = 12
2763
2764Tue Jun 30 18:08:05 1998 Assar Westerlund <assar@sics.se>
2765
2766 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
2767 unopened file
2768
2769 * lib/krb5/mk_priv.c: realloc correctly
2770
2771 * lib/krb5/get_addrs.c (find_all_addresses): init j
2772
2773 * lib/krb5/context.c (krb5_init_context): print error if parsing
2774 of config file produced an error.
2775
2776 * lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
2777 ignore more spaces
2778
2779 * lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
2780 krb5_encode_ETYPE_INFO): initialize `ret'
2781
2782 * lib/krb5/build_auth.c (krb5_build_authenticator): realloc
2783 correctly
2784
2785 * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'
2786
2787 * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
2788 with default_client
2789
2790 * kuser/kinit.c (main): initialize `ticket_life'
2791
2792 * kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
2793 (tgs_rep2): initialize `krbtgt'
2794
2795 * kdc/connect.c (do_request): check for errors from `sendto'
2796
2797 * kdc/524.c (do_524): initialize `ret'
2798
2799 * kadmin/util.c (foreach_principal): don't clobber `ret'
2800
2801 * kadmin/del.c (del_entry): don't apply on zeroth argument
2802
2803 * kadmin/cpw.c (do_cpw_entry): initialize `ret'
2804
2805Sat Jun 13 04:14:01 1998 Assar Westerlund <assar@juguete.sics.se>
2806
2807 * Release 0.0r
2808
2809Sun Jun 7 04:13:14 1998 Assar Westerlund <assar@sics.se>
2810
2811 * lib/krb5/addr_families.c: fall-back definition of
2812 IN6_ADDR_V6_TO_V4
2813
2814 * configure.in: only set CFLAGS if it wasn't set look for
2815 dn_expand and res_search
2816
2817Mon Jun 1 21:28:07 1998 Assar Westerlund <assar@sics.se>
2818
2819 * configure.in: remove duplicate seteuid
2820
2821Sat May 30 00:19:51 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2822
2823 * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
2824 runtime dependencies on libkrb with some shared library
2825 implementations
2826
2827Fri May 29 00:09:02 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2828
2829 * kuser/kinit_options.c: Default options for kinit.
2830
2831 * kuser/kauth_options.c: Default options for kauth.
2832
2833 * kuser/kinit.c: Implement lots a new options.
2834
2835 * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
2836 is not NULL; set endtime to min of new starttime + old_life, and
2837 requested endtime
2838
2839 * lib/krb5/init_creds_pw.c (get_init_creds_common): if the
2840 forwardable or proxiable flags are set in options, set the
2841 kdc-flags to the value specified, and not always to one
2842
2843Thu May 28 21:28:06 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2844
2845 * kdc/kerberos5.c: Optionally compare client address to addresses
2846 in ticket.
2847
2848 * kdc/connect.c: Pass client address to as_rep() and tgs_rep().
2849
2850 * kdc/config.c: Add check_ticket_addresses, and
2851 allow_null_ticket_addresses variables.
2852
2853Tue May 26 14:03:42 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2854
2855 * lib/kadm5/create_s.c: possibly make DES keys version 4 salted
2856
2857 * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
2858 before zapping version 4 salts
2859
2860Sun May 24 05:22:17 1998 Assar Westerlund <assar@sics.se>
2861
2862 * Release 0.0q
2863
2864 * lib/krb5/aname_to_localname.c: new file
2865
2866 * lib/gssapi/init_sec_context.c (repl_mutual): no output token
2867
2868 * lib/gssapi/display_name.c (gss_display_name): zero terminate
2869 output.
2870
2871Sat May 23 19:11:07 1998 Assar Westerlund <assar@sics.se>
2872
2873 * lib/gssapi/display_status.c: new file
2874
2875 * Makefile.am: send -I to aclocal
2876
2877 * configure.in: remove duplicate setenv
2878
2879Sat May 23 04:55:19 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2880
2881 * kadmin/util.c (foreach_principal): Check for expression before
2882 wading through the whole database.
2883
2884 * kadmin/kadmin.c: Pass NULL password to
2885 kadm5_*_init_with_password.
2886
2887 * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
2888 of `password' parameter to init_with_password.
2889
2890 * lib/kadm5/init_s.c: implement init_with_{skey,creds}*
2891
2892 * lib/kadm5/server.c: Better arguments for
2893 kadm5_init_with_password.
2894
2895Sat May 16 07:10:36 1998 Assar Westerlund <assar@sics.se>
2896
2897 * kdc/hprop.c: conditionalize ka-server reading support on
2898 KASERVER_DB
2899
2900 * configure.in: new option `--enable-kaserver-db'
2901
2902Fri May 15 19:39:18 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2903
2904 * lib/krb5/get_cred.c: Better error if local tgt couldn't be
2905 found.
2906
2907Tue May 12 21:11:02 1998 Assar Westerlund <assar@sics.se>
2908
2909 * Release 0.0p
2910
2911 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
2912 encryption type in auth_context if it's compatible with the type
2913 of the session key
2914
2915Mon May 11 21:11:14 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2916
2917 * kdc/hprop.c: add support for ka-server databases
2918
2919 * appl/ftp/ftpd: link with -lcrypt, if needed
2920
2921Fri May 1 07:29:52 1998 Assar Westerlund <assar@sics.se>
2922
2923 * configure.in: don't test for winsock.h
2924
2925Sat Apr 18 21:43:11 1998 Johan Danielsson <joda@puffer.pdc.kth.se>
2926
2927 * Release 0.0o
2928
2929Sat Apr 18 00:31:11 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2930
2931 * lib/krb5/sock_principal.c: Save hostname.
2932
2933Sun Apr 5 11:29:45 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2934
2935 * lib/krb5/mk_req_ext.c: Use same enctype as in ticket.
2936
2937 * kdc/hprop.c (v4_prop): Check for null key.
2938
2939Fri Apr 3 03:54:54 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2940
2941 * lib/krb5/str2key.c: Fix DES3 string-to-key.
2942
2943 * lib/krb5/keytab.c: Get default keytab name from context.
2944
2945 * lib/krb5/context.c: Get `default_keytab_name' value.
2946
2947 * kadmin/util.c (foreach_principal): Print error message if
2948 `kadm5_get_principals' fails.
2949
2950 * kadmin/kadmind.c: Use `kadmind_loop'.
2951
2952 * lib/kadm5/server.c: Replace several other functions with
2953 `kadmind_loop'.
2954
2955Sat Mar 28 09:49:18 1998 Assar Westerlund <assar@sics.se>
2956
2957 * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
2958 of O_APPEND
2959
2960 * configure.in: generate ftp Makefiles
2961
2962 * kuser/klist.c (print_cred_verbose): print IPv4-address in a
2963 portable way.
2964
2965 * admin/srvconvert.c (srvconv): return 0 if successful
2966
2967Tue Mar 24 00:40:33 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2968
2969 * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
2970 keytab entries, and change default keytab to `/etc/krb5.keytab'.
2971
2972Mon Mar 23 23:43:59 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2973
2974 * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.
2975
2976 * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
2977 Fix bug in checking of pad.
2978
2979 * lib/gssapi/{un,}wrap.c: Add support for just integrity
2980 protecting data.
2981
2982 * lib/gssapi/accept_sec_context.c: Use
2983 `gssapi_krb5_verify_8003_checksum'.
2984
2985 * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.
2986
2987 * lib/gssapi/init_sec_context.c: Zero cred, and store session key
2988 properly in auth-context.
2989
2990Sun Mar 22 00:47:22 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2991
2992 * lib/kadm5/delete_s.c: Check immutable bit.
2993
2994 * kadmin/kadmin.c: Pass client name to kadm5_init.
2995
2996 * lib/kadm5/init_c.c: Get creds for client name passed in.
2997
2998 * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.
2999
3000Sat Mar 21 22:57:13 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3001
3002 * lib/krb5/mk_error.c: Verify that error_code is in the range
3003 [0,127].
3004
3005 * kdc/kerberos5.c: Move checking of principal flags to new
3006 function `check_flags'.
3007
3008Sat Mar 21 14:38:51 1998 Assar Westerlund <assar@sics.se>
3009
3010 * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt
3011
3012 * configure.in: define SunOS if running solaris
3013
3014Sat Mar 21 00:26:34 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3015
3016 * lib/kadm5/server.c: Unifdef test for same principal when
3017 changing password.
3018
3019 * kadmin/util.c: If kadm5_get_principals failes, we might still be
3020 able to perform the requested opreration (for instance someone if
3021 trying to change his own password).
3022
3023 * lib/kadm5/init_c.c: Try to get ticket via initial request, if
3024 not possible via tgt.
3025
3026 * lib/kadm5/server.c: Check for principals changing their own
3027 passwords.
3028
3029 * kdc/kerberos5.c (tgs_rep2): check for interesting flags on
3030 involved principals.
3031
3032 * kadmin/util.c: Fix order of flags.
3033
3034Thu Mar 19 16:54:10 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3035
3036 * kdc/kerberos4.c: Return sane error code if krb_rd_req fails.
3037
3038Wed Mar 18 17:11:47 1998 Assar Westerlund <assar@sics.se>
3039
3040 * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
3041
3042Wed Mar 18 09:58:18 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3043
3044 * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
3045 free keyseed; use correct keytab
3046
3047Tue Mar 10 09:56:16 1998 Assar Westerlund <assar@sics.se>
3048
3049 * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives
3050
3051Mon Mar 16 23:58:23 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3052
3053 * Release 0.0n
3054
3055Fri Mar 6 00:41:30 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3056
3057 * lib/gssapi/{accept_sec_context,release_cred}.c: Use
3058 krb5_kt_close/krb5_kt_resolve.
3059
3060 * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
3061 to lookup hosts, so CNAMEs can be ignored.
3062
3063 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
3064 Add support for using proxy.
3065
3066 * lib/krb5/context.c: Initialize `http_proxy' from
3067 `libdefaults/http_proxy'.
3068
3069 * lib/krb5/krb5.h: Add `http_proxy' to context.
3070
3071 * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
3072 specifications.
3073
3074Wed Mar 4 01:47:29 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3075
3076 * admin/ktutil.c: Implement `add' and `remove' functions. Make
3077 `--keytab' a global option.
3078
3079 * lib/krb5/keytab.c: Implement remove with files. Add memory
3080 operations.
3081
3082Tue Mar 3 20:09:59 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3083
3084 * lib/krb5/keytab.c: Use function pointers.
3085
3086 * admin: Remove kdb_edit.
3087
3088Sun Mar 1 03:28:42 1998 Assar Westerlund <assar@sics.se>
3089
3090 * lib/kadm5/dump_log.c: print operation names
3091
3092Sun Mar 1 03:04:12 1998 Assar Westerlund <assar@sics.se>
3093
3094 * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}
3095
3096 * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
3097 remove arbitrary limit
3098
3099 * kdc/hprop-common.c: use krb5_{read,write}_message
3100
3101 * lib/kadm5/ipropd_master.c (send_diffs): more careful use
3102 krb5_{write,read}_message
3103
3104 * lib/kadm5/ipropd_slave.c (get_creds): get credentials for
3105 `iprop/master' directly.
3106 (main): use `krb5_read_message'
3107
3108Sun Mar 1 02:05:11 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3109
3110 * kadmin/kadmin.c: Cleanup commands list, and add help strings.
3111
3112 * kadmin/get.c: Add long, short, and terse (equivalent to `list')
3113 output formats. Short is the default.
3114
3115 * kadmin/util.c: Add `include_time' flag to timeval2str.
3116
3117 * kadmin/init.c: Max-life and max-renew can, infact, be zero.
3118
3119 * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.
3120
3121 * kadmin/util.c: Add function `foreach_principal', that loops over
3122 all principals matching an expression.
3123
3124 * kadmin/kadmin.c: Add usage string to `privileges'.
3125
3126 * lib/kadm5/get_princs_s.c: Also try to match aganist the
3127 expression appended with `@default-realm'.
3128
3129 * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
3130 excludes the realm if it's the same as the default realm.
3131
3132Fri Feb 27 05:02:21 1998 Assar Westerlund <assar@sics.se>
3133
3134 * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
3135 headers and functions error -> com_err
3136
3137 (krb5_get_init_creds_keytab): use krb5_keytab_key_proc
3138
3139 * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
3140 global
3141
3142 * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'
3143
3144 * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.
3145
3146Fri Feb 27 04:49:24 1998 Assar Westerlund <assar@sics.se>
3147
3148 * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
3149 This should be fixed the correct way.
3150
3151 * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
3152 (send_diffs): compare versions correctly
3153 (main): reorder handling of events
3154
3155 * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion
3156
3157Thu Feb 26 02:22:35 1998 Assar Westerlund <assar@sics.se>
3158
3159 * lib/kadm5/ipropd_{slave,master}.c: new files
3160
3161 * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
3162 argument
3163
3164 * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
3165 et_list *'
3166
3167 * aux/make-proto.pl: Should work with perl4
3168
3169Mon Feb 16 17:20:22 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3170
3171 * lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
3172 {asn1,krb5}_err.h).
3173
3174Thu Feb 12 03:28:40 1998 Assar Westerlund <assar@sics.se>
3175
3176 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
3177 is larger than max_skew, return KRB5KRB_AP_ERR_SKEW
3178
3179 * lib/kadm5/log.c (get_version): globalize
3180
3181 * lib/kadm5/kadm5_locl.h: include <sys/file.h>
3182
3183 * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY
3184
3185 * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
3186 initializing local struct in declaration.
3187
3188Sat Jan 31 17:28:58 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3189
3190 * kdc/524.c: Use krb5_decode_EncTicketPart.
3191
3192 * kdc/kerberos5.c: Check at runtime whether to use enctypes
3193 instead of keytypes. If so use the same value to encrypt ticket,
3194 and kdc-rep as well as `keytype' for session key. Fix some obvious
3195 bugs with the handling of additional tickets.
3196
3197 * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
3198 krb5_decode_Authenticator.
3199
3200 * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.
3201
3202 * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.
3203
3204 * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
3205 type, and not a key type. Use krb5_encode_EncAPRepPart.
3206
3207 * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.
3208
3209 * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.
3210
3211 * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.
3212
3213 * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.
3214
3215 * lib/krb5/build_auth.c: Use krb5_encode_Authenticator.
3216
3217 * lib/krb5/codec.c: Enctype conversion stuff.
3218
3219 * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
3220 setuid. Get configuration for libdefaults ktype_is_etype, and
3221 default_etypes.
3222
3223 * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
3224 krb5_convert_etype to krb5_decode_keytype, and add
3225 krb5_decode_keyblock.
3226
3227Fri Jan 23 00:32:09 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3228
3229 * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.
3230
3231 * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
3232 from protocol keytypes (that really are enctypes) to internal
3233 representation.
3234
3235Thu Jan 22 21:24:36 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3236
3237 * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
3238 on keys in the database; and also a new `pa-key-info' padata-type.
3239
3240 * kdc/kerberos5.c: If pre-authentication fails, return a list of
3241 keytypes, salttypes, and salts.
3242
3243 * lib/krb5/init_creds_pw.c: Add better support for
3244 pre-authentication, by looking at hints from the KDC.
3245
3246 * lib/krb5/get_in_tkt.c: Add better support for specifying what
3247 pre-authentication to use.
3248
3249 * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
3250 KEYTYPE_DES_AFS3.
3251
3252 * lib/krb5/krb5.h: Add pre-authentication structures.
3253
3254 * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.
3255
3256Wed Jan 21 06:20:40 1998 Assar Westerlund <assar@sics.se>
3257
3258 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
3259 `log_context.socket_name' and `log_context.socket_fd'
3260
3261 * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
3262 to inform the possible running ipropd of an update.
3263
3264Wed Jan 21 01:34:09 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3265
3266 * lib/krb5/get_in_tkt.c: Return error-packet to caller.
3267
3268 * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.
3269
3270 * kdc/kerberos5.c: Add some support for using enctypes instead of
3271 keytypes.
3272
3273 * lib/krb5/get_cred.c: Fixes to send authorization-data to the
3274 KDC.
3275
3276 * lib/krb5/build_auth.c: Only generate local subkey if there is
3277 none.
3278
3279 * lib/krb5/krb5.h: Add krb5_authdata type.
3280
3281 * lib/krb5/auth_context.c: Add
3282 krb5_auth_con_set{,localsub,remotesub}key.
3283
3284 * lib/krb5/init_creds_pw.c: Return some error if prompter
3285 functions return failure.
3286
3287Wed Jan 21 01:16:13 1998 Assar Westerlund <assar@sics.se>
3288
3289 * kpasswd/kpasswd.c: detect bad password. use krb5_err.
3290
3291 * kadmin/util.c (edit_entry): remove unused variables
3292
3293Tue Jan 20 22:58:31 1998 Assar Westerlund <assar@sics.se>
3294
3295 * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.
3296
3297 * lib/kadm5/kadm5_locl.h: add kadm5_log_context and
3298 kadm5_log*-functions
3299
3300 * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
3301 log
3302
3303 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
3304 log
3305
3306 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
3307 log_context
3308
3309 * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
3310 log
3311
3312 * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
3313 log
3314
3315 * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
3316 log
3317
3318 * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
3319 log
3320
3321 * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log
3322
3323 * lib/kadm5/replay_log.c: new file
3324
3325 * lib/kadm5/dump_log.c: new file
3326
3327 * lib/kadm5/log.c: new file
3328
3329 * lib/krb5/str2key.c (get_str): initialize pad space to zero
3330
3331 * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL
3332
3333 * kpasswd/kpasswdd.c: rewritten to use the kadm5 API
3334
3335 * kpasswd/Makefile.am: link with kadm5srv
3336
3337 * kdc/kerberos5.c (tgs_rep): initialize `i'
3338
3339 * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp
3340
3341 * include/Makefile.am: added admin.h
3342
3343Sun Jan 18 01:41:34 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
3344
3345 * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.
3346
3347 * lib/krb5/mcache.c (mcc_store_cred): restore linked list if
3348 copy_creds fails.
3349
3350Tue Jan 6 04:17:56 1998 Assar Westerlund <assar@sics.se>
3351
3352 * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}
3353
3354 * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.
3355
3356 * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
3357 krb5_getportbyname
3358
3359 * kadmin/kadmind.c (main): htons correctly.
3360 moved kadm5_server_{recv,send}
3361
3362 * kadmin/kadmin.c (main): only set admin_server if explicitly
3363 given
3364
3365Mon Jan 5 23:34:44 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3366
3367 * lib/hdb/ndbm.c: Implement locking of database.
3368
3369 * kdc/kerberos5.c: Process AuthorizationData.
3370
3371Sat Jan 3 22:07:07 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
3372
3373 * kdc/string2key.c: Use AFS string-to-key from libkrb5.
3374
3375 * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.
3376
3377 * lib/krb5/krb5.h: Add value for AFS salts.
3378
3379 * lib/krb5/str2key.c: Add support for AFS string-to-key.
3380
3381 * lib/kadm5/rename_s.c: Use correct salt.
3382
3383 * lib/kadm5/ent_setup.c: Always enable client. Only set max-life
3384 and max-renew if != 0.
3385
3386 * lib/krb5/config_file.c: Add context to all krb5_config_*get_*.
3387
3388Thu Dec 25 17:03:25 1997 Assar Westerlund <assar@sics.se>
3389
3390 * kadmin/ank.c (ank): don't zero password if --random-key was
3391 given.
3392
3393Tue Dec 23 01:56:45 1997 Assar Westerlund <assar@sics.se>
3394
3395 * Release 0.0m
3396
3397 * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'
3398
3399 * kadmin/util.c (edit_time): only set mask if != 0
3400 (edit_attributes): only set mask if != 0
3401
3402 * kadmin/init.c (init): create `default'
3403
3404Sun Dec 21 09:44:05 1997 Assar Westerlund <assar@sics.se>
3405
3406 * kadmin/util.c (str2deltat, str2attr, get_deltat): return value
3407 as pointer and have return value indicate success.
3408
3409 (get_response): check NULL from fgets
3410
3411 (edit_time, edit_attributes): new functions for reading values and
3412 offering list of answers on '?'
3413
3414 (edit_entry): use edit_time and edit_attributes
3415
3416 * kadmin/ank.c (add_new_key): test the return value of
3417 `krb5_parse_name'
3418
3419 * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
3420 that the checksum has to be keyed, even though later drafts do.
3421 Accept unkeyed checksums to be compatible with MIT.
3422
3423 * kadmin/kadmin_locl.h: add some prototypes.
3424
3425 * kadmin/util.c (edit_entry): return a value
3426
3427 * appl/afsutil/afslog.c (main): return a exit code.
3428
3429 * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes
3430
3431 * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.
3432
3433 * lib/krb5/build_auth.c (krb5_build_authenticator): use
3434 krb5_{free,copy}_keyblock instead of the _contents versions
3435
3436Fri Dec 12 14:20:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3437
3438 * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey
3439
3440Mon Dec 8 08:48:09 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3441
3442 * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid
3443
3444Sat Dec 6 10:09:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3445
3446 * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
3447 keyblock
3448
3449Sat Dec 6 08:26:10 1997 Assar Westerlund <assar@sics.se>
3450
3451 * Release 0.0l
3452
3453Thu Dec 4 03:38:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3454
3455 * lib/krb5/send_to_kdc.c: Add TCP client support.
3456
3457 * lib/krb5/store.c: Add k_{put,get}_int.
3458
3459 * kadmin/ank.c: Set initial kvno to 1.
3460
3461 * kdc/connect.c: Send version 5 TCP-reply as length+data.
3462
3463Sat Nov 29 07:10:11 1997 Assar Westerlund <assar@sics.se>
3464
3465 * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug
3466
3467 * kdc/kaserver.c (create_reply_ticket): use a random nonce in the
3468 reply packet.
3469
3470 * kdc/connect.c (init_sockets): less reallocing.
3471
3472 * **/*.c: changed `struct fd_set' to `fd_set'
3473
3474Sat Nov 29 05:12:01 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3475
3476 * lib/krb5/get_default_principal.c: More guessing.
3477
3478Thu Nov 20 02:55:09 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3479
3480 * lib/krb5/rd_req.c: Use principal from ticket if no server is
3481 given.
3482
3483Tue Nov 18 02:58:02 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3484
3485 * kuser/klist.c: Use krb5_err*().
3486
3487Sun Nov 16 11:57:43 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3488
3489 * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
3490 commands.
3491
3492Sun Nov 16 02:52:20 1997 Assar Westerlund <assar@sics.se>
3493
3494 * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
3495 `enctype'
3496
3497 * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
3498 if set.
3499
3500 * lib/krb5/get_cred.c: handle the case of a specific keytype
3501
3502 * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
3503 parameter instead of guessing it.
3504
3505 * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
3506 `enctype'
3507
3508 * appl/test/common.c (common_setup): don't use `optarg'
3509
3510 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
3511 (krb5_kt_get_entry): retrieve the latest version if kvno == 0
3512
3513 * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE
3514
3515 * lib/krb5/creds.c (krb5_compare_creds): check for
3516 KRB5_TC_MATCH_KEYTYPE
3517
3518 * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
3519 unused variable
3520
3521 * lib/krb5/creds.c (krb5_copy_creds_contents): only free the
3522 contents if we fail.
3523
3524Sun Nov 16 00:32:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3525
3526 * kpasswd/kpasswdd.c: Get password expiration time from config
3527 file.
3528
3529 * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.
3530
3531Wed Nov 12 02:35:57 1997 Assar Westerlund <assar@sics.se>
3532
3533 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
3534 restructured and fixed.
3535
3536 * lib/krb5/addr_families.c (krb5_h_addr2addr): new function.
3537
3538Wed Nov 12 01:36:01 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3539
3540 * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
3541 methods fail.
3542
3543Tue Nov 11 22:22:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3544
3545 * kadmin/kadmin.c: Add `-l' flag to use local database.
3546
3547 * lib/kadm5/acl.c: Use KADM5_PRIV_ALL.
3548
3549 * lib/kadm5: Use function pointer trampoline for easier dual use
3550 (without radiation-hardening capability).
3551
3552Tue Nov 11 05:15:22 1997 Assar Westerlund <assar@sics.se>
3553
3554 * lib/krb5/encrypt.c (krb5_etype_valid): new function
3555
3556 * lib/krb5/creds.c (krb5_copy_creds_contents): zero target
3557
3558 * lib/krb5/context.c (valid_etype): remove
3559
3560 * lib/krb5/checksum.c: remove dead code
3561
3562 * lib/krb5/changepw.c (send_request): free memory on error.
3563
3564 * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
3565 from malloc.
3566
3567 * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
3568 failure correctly.
3569 (krb5_auth_con_setaddrs_from_fd): return error correctly.
3570
3571 * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files
3572
3573Tue Nov 11 02:53:19 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3574
3575 * lib/krb5/auth_context.c: Implement auth_con_setuserkey.
3576
3577 * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.
3578
3579 * lib/krb5/keyblock.c: Rename krb5_free_keyblock to
3580 krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.
3581
3582 * lib/krb5/rd_req.c: Use auth_context->keyblock if
3583 ap_options.use_session_key.
3584
3585Tue Nov 11 02:35:17 1997 Assar Westerlund <assar@sics.se>
3586
3587 * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
3588 fix callers.
3589
3590 * lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>
3591
3592 * include/Makefile.am: add xdbm.h
3593
3594Tue Nov 11 01:58:22 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3595
3596 * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.
3597
3598Mon Nov 10 22:41:53 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3599
3600 * lib/krb5/ticket.c: Implement copy_ticket.
3601
3602 * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.
3603
3604 * lib/krb5/data.c: Implement free_data and copy_data.
3605
3606Sun Nov 9 02:17:27 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3607
3608 * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.
3609
3610 * kadmin/kadmin.c: Add get_privileges function.
3611
3612 * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
3613 specification.
3614
3615 * kdc/connect.c: Exit if no sockets could be bound.
3616
3617 * kadmin/kadmind.c: Check return value from krb5_net_read().
3618
3619 * lib/kadm5,kadmin: Fix memory leaks.
3620
3621Fri Nov 7 02:45:26 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3622
3623 * lib/kadm5/create_s.c: Get some default values from `default'
3624 principal.
3625
3626 * lib/kadm5/ent_setup.c: Add optional default entry to get some
3627 values from.
3628
3629Thu Nov 6 00:20:41 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3630
3631 * lib/error/compile_et.awk: Remove generated destroy_*_error_table
3632 prototype
3633
3634 * kadmin/kadmind.c: Crude admin server.
3635
3636 * kadmin/kadmin.c: Update to use remote protocol.
3637
3638 * kadmin/get.c: Fix principal formatting.
3639
3640 * lib/kadm5: Add client support.
3641
3642 * lib/kadm5/error.c: Error code mapping.
3643
3644 * lib/kadm5/server.c: Kadmind support function.
3645
3646 * lib/kadm5/marshall.c: Kadm5 marshalling.
3647
3648 * lib/kadm5/acl.c: Simple acl system.
3649
3650 * lib/kadm5/kadm5_locl.h: Add client stuff.
3651
3652 * lib/kadm5/init_s.c: Initialize acl.
3653
3654 * lib/kadm5/*: Return values.
3655
3656 * lib/kadm5/create_s.c: Correct kvno.
3657
3658Wed Nov 5 22:06:50 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3659
3660 * lib/krb5/log.c: Fix parsing of log destinations.
3661
3662Mon Nov 3 20:33:55 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3663
3664 * lib/krb5/principal.c: Reduce number of reallocs in unparse_name.
3665
3666Sat Nov 1 01:40:53 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3667
3668 * kadmin: Simple kadmin utility.
3669
3670 * admin/ktutil.c: Print keytype.
3671
3672 * lib/kadm5/get_s.c: Set correct n_key_data.
3673
3674 * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
3675 master key.
3676
3677 * lib/kadm5/destroy_s.c: Check for allocated context.
3678
3679 * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().
3680
3681Sat Nov 1 00:21:00 1997 Assar Westerlund <assar@sics.se>
3682
3683 * configure.in: test for readv, writev
3684
3685Wed Oct 29 23:41:26 1997 Assar Westerlund <assar@sics.se>
3686
3687 * lib/krb5/warn.c (_warnerr): handle the case of an illegal error
3688 code
3689
3690 * kdc/kerberos5.c (encode_reply): return success
3691
3692Wed Oct 29 18:01:59 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3693
3694 * kdc/kerberos5.c (find_etype) Return correct index of selected
3695 etype.
3696
3697Wed Oct 29 04:07:06 1997 Assar Westerlund <assar@sics.se>
3698
3699 * Release 0.0k
3700
3701 * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
3702 environment variable
3703
3704 * *: use the roken_get*-macros from roken.h for the benefit of
3705 Crays.
3706
3707 * configure.in: add --{enable,disable}-otp. check for compatible
3708 prototypes for gethostbyname, gethostbyaddr, getservbyname, and
3709 openlog (they have strange prototypes on Crays)
3710
3711 * acinclude.m4: new macro `AC_PROTO_COMPAT'
3712
3713Tue Oct 28 00:11:22 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3714
3715 * kdc/connect.c: Log bad requests.
3716
3717 * kdc/kerberos5.c: Move stuff that's in common between as_rep and
3718 tgs_rep to separate functions.
3719
3720 * kdc/kerberos5.c: Fix user-to-user authentication.
3721
3722 * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
3723 - add a kdc-options argument to krb5_get_credentials, and rename
3724 it to krb5_get_credentials_with_flags
3725 - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
3726 - add some more user-to-user glue
3727
3728 * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
3729 function, krb5_decrypt_ticket, so it is easier to decrypt and
3730 check a ticket without having an ap-req.
3731
3732 * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
3733 flags.
3734
3735 * lib/krb5/crc.c (crc_init_table): Check if table is already
3736 inited.
3737
3738Sun Oct 26 04:51:02 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3739
3740 * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
3741 indefinite encoding.
3742
3743 * lib/asn1/gen_glue.c (generate_units): Check for empty
3744 member-list.
3745
3746Sat Oct 25 07:24:57 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3747
3748 * lib/error/compile_et.awk: Allow specifying table-base.
3749
3750Tue Oct 21 20:21:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3751
3752 * kdc/kerberos5.c: Check version number of krbtgt.
3753
3754Mon Oct 20 01:14:53 1997 Assar Westerlund <assar@sics.se>
3755
3756 * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
3757 case of unhidden prompts.
3758
3759 * lib/krb5/str2key.c (string_to_key_internal): return error
3760 instead of aborting. always free memory
3761
3762 * admin/ktutil.c: add `help' command
3763
3764 * admin/kdb_edit.c: implement new commands: add_random_key(ark),
3765 change_password(cpw), change_random_key(crk)
3766
3767Thu Oct 16 05:16:36 1997 Assar Westerlund <assar@sics.se>
3768
3769 * kpasswd/kpasswdd.c: change all the keys in the database
3770
3771 * kdc: removed all unsealing, now done by the hdb layer
3772
3773 * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
3774 and `hdb_clear_master_key'
3775
3776 * admin/misc.c: removed
3777
3778Wed Oct 15 22:47:31 1997 Assar Westerlund <assar@sics.se>
3779
3780 * kuser/klist.c: print year as YYYY iff verbose
3781
3782Wed Oct 15 20:02:13 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3783
3784 * kuser/klist.c: print etype from ticket
3785
3786Mon Oct 13 17:18:57 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3787
3788 * Release 0.0j
3789
3790 * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
3791 used to decrypt the reply from DCE secds.
3792
3793 * lib/krb5/auth_context.c: Add {get,set}enctype.
3794
3795 * lib/krb5/get_cred.c: Fix for DCE secd.
3796
3797 * lib/krb5/store.c: Store keytype twice, as MIT does.
3798
3799 * lib/krb5/get_in_tkt.c: Use etype from reply.
3800
3801Fri Oct 10 00:39:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3802
3803 * kdc/connect.c: check for leading '/' in http request
3804
3805Tue Sep 30 21:50:18 1997 Assar Westerlund <assar@assaris.pdc.kth.se>
3806
3807 * Release 0.0i
3808
3809Mon Sep 29 15:58:43 1997 Assar Westerlund <assar@sics.se>
3810
3811 * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
3812 the kvno or keytype before receiving the AP-REQ
3813
3814 * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
3815 use from the keytype.
3816
3817 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
3818 cksumtype to use from the keytype.
3819
3820 * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
3821 from the keytype.
3822
3823 * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype
3824
3825 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
3826 what etype to use from the keytype.
3827
3828 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
3829 handle other key types than DES
3830
3831 * lib/krb5/encrypt.c (key_type): add `best_cksumtype'
3832 (krb5_keytype_to_cksumtype): new function
3833
3834 * lib/krb5/build_auth.c (krb5_build_authenticator): figure out
3835 what etype to use from the keytype.
3836
3837 * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
3838 and `enctype' to 0
3839
3840 * admin/extkeytab.c (ext_keytab): extract all keys
3841
3842 * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge
3843
3844 * configure.in: check for <netinet6/in6.h>. check for -linet6
3845
3846Tue Sep 23 03:00:53 1997 Assar Westerlund <assar@sics.se>
3847
3848 * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1
3849
3850 * lib/krb5/rd_safe.c: fix check for keyed and collision-proof
3851 checksum
3852
3853 * lib/krb5/context.c (valid_etype): remove hard-coded constants
3854 (default_etypes): include DES3
3855
3856 * kdc/kerberos5.c: fix check for keyed and collision-proof
3857 checksum
3858
3859 * admin/util.c (init_des_key, set_password): DES3 keys also
3860
3861 * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
3862 no contact?
3863
3864 * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'
3865
3866Mon Sep 22 11:44:27 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3867
3868 * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
3869 the client is used to select wich key to encrypt the kdc rep with
3870 (in case of as-req), and with the server info to select the
3871 session key type. The server key the ticket is encrypted is based
3872 purely on the keys in the database.
3873
3874 * kdc/string2key.c: Add keytype support. Default to version 5
3875 keys.
3876
3877 * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.
3878
3879 * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
3880 many *_to_* functions.
3881
3882 * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
3883 to krb5_string_to_key().
3884
3885 * lib/krb5/checksum.c: Some cleanup, and added:
3886 - rsa-md5-des3
3887 - hmac-sha1-des3
3888 - keyed and collision proof flags to each checksum method
3889 - checksum<->string functions.
3890
3891 * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.
3892
3893Sun Sep 21 15:19:23 1997 Assar Westerlund <assar@sics.se>
3894
3895 * kdc/connect.c: use new addr_families functions
3896
3897 * kpasswd/kpasswdd.c: use new addr_families functions. Now works
3898 over IPv6
3899
3900 * kuser/klist.c: use correct symbols for address families
3901
3902 * lib/krb5/sock_principal.c: use new addr_families functions
3903
3904 * lib/krb5/send_to_kdc.c: use new addr_families functions
3905
3906 * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6
3907
3908 * lib/krb5/get_addrs.c: use new addr_families functions
3909
3910 * lib/krb5/changepw.c: use new addr_families functions. Now works
3911 over IPv6
3912
3913 * lib/krb5/auth_context.c: use new addr_families functions
3914
3915 * lib/krb5/addr_families.c: new file
3916
3917 * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated
3918 uses.
3919
3920 * acinclude.m4: new macro `AC_KRB_IPV6'. Use it.
3921
3922Sat Sep 13 23:04:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3923
3924 * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
3925 principals.
3926
3927Sat Sep 13 00:59:36 1997 Assar Westerlund <assar@sics.se>
3928
3929 * Release 0.0h
3930
3931 * appl/telnet/telnet/commands.c: AF_INET6 support
3932
3933 * admin/misc.c: new file
3934
3935 * lib/krb5/context.c: new configuration variable `max_retries'
3936
3937 * lib/krb5/get_addrs.c: fixes and better #ifdef's
3938
3939 * lib/krb5/config_file.c: implement krb5_config_get_int
3940
3941 * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
3942 AF_INET6 support
3943
3944 * kuser/klist.c: support for printing IPv6-addresses
3945
3946 * kdc/connect.c: support AF_INET6
3947
3948 * configure.in: test for gethostbyname2 and struct sockaddr_in6
3949
3950Thu Sep 11 07:25:28 1997 Assar Westerlund <assar@sics.se>
3951
3952 * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
3953 PA-DATA'
3954
3955Wed Sep 10 21:20:17 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3956
3957 * kdc/kerberos5.c: Fixes for cross-realm, including (but not
3958 limited to):
3959 - allow client to be non-existant (should probably check for
3960 "local realm")
3961 - if server isn't found and it is a request for a krbtgt, try to
3962 find a realm on the way to the requested realm
3963 - update the transited encoding iff
3964 client-realm != server-realm != tgt-realm
3965
3966 * lib/krb5/get_cred.c: Several fixes for cross-realm.
3967
3968Tue Sep 9 15:59:20 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3969
3970 * kdc/string2key.c: Fix password handling.
3971
3972 * lib/krb5/encrypt.c: krb5_key_to_string
3973
3974Tue Sep 9 07:46:05 1997 Assar Westerlund <assar@sics.se>
3975
3976 * lib/krb5/get_addrs.c: rewrote. Now should be able to handle
3977 aliases and IPv6 addresses
3978
3979 * kuser/klist.c: try printing IPv6 addresses
3980
3981 * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192
3982
3983 * configure.in: check for <netinet/in6_var.h>
3984
3985Mon Sep 8 02:57:14 1997 Assar Westerlund <assar@sics.se>
3986
3987 * doc: fixes
3988
3989 * admin/util.c (init_des_key): increase kvno
3990 (set_password): return -1 if `des_read_pw_string' failed
3991
3992 * admin/mod.c (doit2): check the return value from `set_password'
3993
3994 * admin/ank.c (doit): don't add a new entry if `set_password'
3995 failed
3996
3997Mon Sep 8 02:20:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3998
3999 * lib/krb5/verify_init.c: fix ap_req_nofail semantics
4000
4001 * lib/krb5/transited.c: something that might resemble
4002 domain-x500-compress
4003
4004Mon Sep 8 01:24:42 1997 Assar Westerlund <assar@sics.se>
4005
4006 * kdc/hpropd.c (main): check number of arguments
4007
4008 * appl/popper/pop_init.c (pop_init): check number of arguments
4009
4010 * kpasswd/kpasswd.c (main): check number of arguments
4011
4012 * kdc/string2key.c (main): check number of arguments
4013
4014 * kuser/kdestroy.c (main): check number of arguments
4015
4016 * kuser/kinit.c (main): check number of arguments
4017
4018 * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
4019 break out of select when a signal arrives
4020
4021 * kdc/main.c (main): use sigaction without SA_RESTART to break out
4022 of select when a signal arrives
4023
4024 * kdc/kstash.c: default to HDB_DB_DIR "/m-key"
4025
4026 * kdc/config.c (configure): add `--version'. Check the number of
4027 arguments. Handle the case of there being no specification of port
4028 numbers.
4029
4030 * admin/util.c: seal and unseal key at appropriate places
4031
4032 * admin/kdb_edit.c (main): parse arguments, config file and read
4033 master key iff there's one.
4034
4035 * admin/extkeytab.c (ext_keytab): unseal key while extracting
4036
4037Sun Sep 7 20:41:01 1997 Assar Westerlund <assar@sics.se>
4038
4039 * lib/roken/roken.h: include <fcntl.h>
4040
4041 * kdc/kerberos5.c (set_salt_padata): new function
4042
4043 * appl/telnet/telnetd/telnetd.c: Rename some variables that
4044 conflict with cpp symbols on HP-UX 10.20
4045
4046 * change all calls of `gethostbyaddr' to cast argument 1 to `const
4047 char *'
4048
4049 * acconfig.h: only use SGTTY on nextstep
4050
4051Sun Sep 7 14:33:50 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4052
4053 * kdc/kerberos5.c: Check invalid flag.
4054
4055Fri Sep 5 14:19:38 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4056
4057 * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.
4058
4059 * lib/kafs: Move functions common to krb/krb5 modules to new file,
4060 and make things more modular.
4061
4062 * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
4063 -> krb5_config_list
4064
4065Thu Sep 4 23:39:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4066
4067 * lib/krb5/get_addrs.c: Fix loopback test.
4068
4069Thu Sep 4 04:45:49 1997 Assar Westerlund <assar@sics.se>
4070
4071 * lib/roken/roken.h: fallback definition of `O_ACCMODE'
4072
4073 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
4074 checking for a v4 reply
4075
4076Wed Sep 3 18:20:14 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4077
4078 * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.
4079
4080 * lib/hdb/hdb.c: new {seal,unseal}_keys functions
4081
4082 * kdc/{hprop,hpropd}.c: Add support to dump database to stdout.
4083
4084 * kdc/hprop.c: Don't use same master key as version 4.
4085
4086 * admin/util.c: Don't dump core if no `default' is found.
4087
4088Wed Sep 3 16:01:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4089
4090 * kdc/connect.c: Allow run time port specification.
4091
4092 * kdc/config.c: Add flags for http support, and port
4093 specifications.
4094
4095Tue Sep 2 02:00:03 1997 Assar Westerlund <assar@sics.se>
4096
4097 * include/bits.c: Don't generate ifndef's in bits.h. Instead, use
4098 them when building the program. This makes it possible to include
4099 bits.h without having defined all HAVE_INT17_T symbols.
4100
4101 * configure.in: test for sigaction
4102
4103 * doc: updated documentation.
4104
4105Tue Sep 2 00:20:31 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4106
4107 * Release 0.0g
4108
4109Mon Sep 1 17:42:14 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4110
4111 * lib/krb5/data.c: don't return ENOMEM if len == 0
4112
4113Sun Aug 31 17:15:49 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4114
4115 * lib/hdb/hdb.asn1: Include salt type in salt.
4116
4117 * kdc/hprop.h: Change port to 754.
4118
4119 * kdc/hpropd.c: Verify who tries to transmit a database.
4120
4121 * appl/popper: Use getarg and krb5_log.
4122
4123 * lib/krb5/get_port.c: Add context parameter. Now takes port in
4124 host byte order.
4125
4126Sat Aug 30 18:48:19 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4127
4128 * kdc/connect.c: Add timeout to select, and log about expired tcp
4129 connections.
4130
4131 * kdc/config.c: Add `database' option.
4132
4133 * kdc/hpropd.c: Log about duplicate entries.
4134
4135 * lib/hdb/{db,ndbm}.c: Use common routines.
4136
4137 * lib/hdb/common.c: Implement more generic fetch/store/delete
4138 functions.
4139
4140 * lib/hdb/hdb.h: Add `replace' parameter to store.
4141
4142 * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
4143 entries.
4144
4145Fri Aug 29 03:13:23 1997 Assar Westerlund <assar@sics.se>
4146
4147 * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket
4148
4149 * aux/make-proto.pl: fix __P for stone age mode
4150
4151Fri Aug 29 02:45:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4152
4153 * lib/45/mk_req.c: implementation of krb_mk_req that uses 524
4154 protocol
4155
4156 * lib/krb5/init_creds_pw.c: make change_password and
4157 get_init_creds_common static
4158
4159 * lib/krb5/krb5.h: Merge stuff from removed headerfiles.
4160
4161 * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops
4162
4163 * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops
4164
4165Fri Aug 29 01:45:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4166
4167 * lib/krb5/krb5.h: Remove all prototypes.
4168
4169 * lib/krb5/convert_creds.c: Use `struct credentials' instead of
4170 `CREDENTIALS'.
4171
4172Fri Aug 29 00:08:18 1997 Assar Westerlund <assar@sics.se>
4173
4174 * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
4175 and units for bit strings.
4176
4177 * admin/util.c: flags2int, int2flags, and flag_units are now
4178 generated by asn1_compile
4179
4180 * lib/roken/parse_units.c: generalised `parse_units' and
4181 `unparse_units' and added new functions `parse_flags' and
4182 `unparse_flags' that use these
4183
4184 * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h
4185
4186 * admin/util.c: Use {un,}parse_flags for printing and parsing
4187 hdbflags.
4188
4189Thu Aug 28 03:26:12 1997 Assar Westerlund <assar@sics.se>
4190
4191 * lib/krb5/get_addrs.c: restructured
4192
4193 * lib/krb5/warn.c (_warnerr): leak less memory
4194
4195 * lib/hdb/hdb.c (hdb_free_entry): zero keys
4196 (hdb_check_db_format): leak less memory
4197
4198 * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
4199 NDBM__get, NDBM__put
4200
4201 * lib/hdb/db.c (DB_seq): check for valid hdb_entries
4202
4203Thu Aug 28 02:06:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4204
4205 * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.
4206
4207Thu Aug 28 01:13:17 1997 Assar Westerlund <assar@sics.se>
4208
4209 * kuser/kinit.1, klist.1, kdestroy.1: new man pages
4210
4211 * kpasswd/kpasswd.1, kpasswdd.8: new man pages
4212
4213 * kdc/kstash.8, hprop.8, hpropd.8: new man pages
4214
4215 * admin/ktutil.8, admin/kdb_edit.8: new man pages
4216
4217 * admin/mod.c: new file
4218
4219 * admin/life.c: renamed gettime and puttime to getlife and putlife
4220 and moved them to life.c
4221
4222 * admin/util.c: add print_flags, parse_flags, init_entry,
4223 set_created_by, set_modified_by, edit_entry, set_password. Use
4224 them.
4225
4226 * admin/get.c: use print_flags
4227
4228 * admin: removed unused stuff. use krb5_{warn,err}*
4229
4230 * admin/ank.c: re-organized and abstracted.
4231
4232 * admin/gettime.c: removed
4233
4234Thu Aug 28 00:37:39 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4235
4236 * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.
4237
4238 * lib/roken/base64.c: Add base64 functions.
4239
4240 * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.
4241
4242Wed Aug 27 00:29:20 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4243
4244 * include/Makefile.am: Don't make links to built files.
4245
4246 * admin/kdb_edit.c: Add command to set the database path.
4247
4248 * lib/hdb: Include version number in database.
4249
4250Tue Aug 26 20:14:54 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4251
4252 * admin/ktutil: Merged v4 srvtab conversion.
4253
4254Mon Aug 25 23:02:18 1997 Assar Westerlund <assar@sics.se>
4255
4256 * lib/roken/roken.h: add F_OK
4257
4258 * lib/gssapi/acquire_creds.c: fix typo
4259
4260 * configure.in: call AC_TYPE_MODE_T
4261
4262 * acinclude.m4: Add AC_TYPE_MODE_T
4263
4264Sun Aug 24 16:46:53 1997 Assar Westerlund <assar@sics.se>
4265
4266 * Release 0.0f
4267
4268Sun Aug 24 08:06:54 1997 Assar Westerlund <assar@sics.se>
4269
4270 * appl/popper/pop_pass.c: log poppers
4271
4272 * kdc/kaserver.c: some more checks
4273
4274 * kpasswd/kpasswd.c: removed `-p'
4275
4276 * kuser/kinit.c: removed `-p'
4277
4278 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
4279 KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.
4280
4281 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
4282 krb-error text
4283
4284 * lib/gssapi/import_name.c (input_name): more names types.
4285
4286 * admin/load.c (parse_keys): handle the case of an empty salt
4287
4288 * kdc/kaserver.c: fix up memory deallocation
4289
4290 * kdc/kaserver.c: quick hack at talking kaserver protocol
4291
4292 * kdc/kerberos4.c: Make `db-fetch4' global
4293
4294 * configure.in: add --enable-kaserver
4295
4296 * kdc/rx.h, kdc/kerberos4.h: new header files
4297
4298 * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o
4299
4300Sun Aug 24 03:52:44 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4301
4302 * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
4303 type conflicts.
4304
4305 * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.
4306
4307 * lib/des/{md4,md5,sha}.c: Now works on Crays.
4308
4309Sat Aug 23 18:15:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4310
4311 * appl/afsutil/afslog.c: If no cells or files specified, get
4312 tokens for all local cells. Better test for files.
4313
4314Thu Aug 21 23:33:38 1997 Assar Westerlund <assar@sics.se>
4315
4316 * lib/gssapi/v1.c: new file with v1 compatibility functions.
4317
4318Thu Aug 21 20:36:13 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4319
4320 * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.
4321
4322 * kdc/kerberos4.c: Check database when converting v4 principals.
4323
4324 * kdc/kerberos5.c: Include kvno in Ticket.
4325
4326 * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.
4327
4328 * kuser/klist.c: Print version number of ticket, include more
4329 flags.
4330
4331Wed Aug 20 21:26:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4332
4333 * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
4334 expiration.
4335
4336Wed Aug 20 17:40:31 1997 Assar Westerlund <assar@sics.se>
4337
4338 * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
4339 there's an error.
4340
4341 * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
4342 documentation and process KRB-ERROR's
4343
4344Tue Aug 19 20:41:30 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4345
4346 * kdc/kerberos4.c: Fix memory leak in v4 protocol handler.
4347
4348Mon Aug 18 05:15:09 1997 Assar Westerlund <assar@sics.se>
4349
4350 * lib/gssapi/accept_sec_context.c: Added
4351 `gsskrb5_register_acceptor_identity'
4352
4353Sun Aug 17 01:40:20 1997 Assar Westerlund <assar@sics.se>
4354
4355 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
4356 always pass server == NULL to krb5_rd_req.
4357
4358 * lib/gssapi: new files: canonicalize_name.c export_name.c
4359 context_time.c compare_name.c release_cred.c acquire_cred.c
4360 inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au>
4361
4362 * lib/krb5/config_file.c: Add netinfo support from Luke Howard
4363 <lukeh@xedoc.com.au>
4364
4365 * lib/editline/sysunix.c: sgtty-support from Luke Howard
4366 <lukeh@xedoc.com.au>
4367
4368 * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
4369 Howard <lukeh@xedoc.com.au>
4370
4371Sat Aug 16 00:44:47 1997 Assar Westerlund <assar@koi.pdc.kth.se>
4372
4373 * Release 0.0e
4374
4375Sat Aug 16 00:23:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4376
4377 * appl/afsutil/afslog.c: Use new libkafs.
4378
4379 * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.
4380
4381 * lib/krb5/warn.c: Fix format string for *x type.
4382
4383Fri Aug 15 22:15:01 1997 Assar Westerlund <assar@sics.se>
4384
4385 * admin/get.c (get_entry): print more information about the entry
4386
4387 * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed
4388
4389 * lib/krb5/config_file.c: new functions `krb5_config_get_time' and
4390 `krb5_config_vget_time'. Use them.
4391
4392Fri Aug 15 00:09:37 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4393
4394 * admin/ktutil.c: Keytab manipulation program.
4395
4396 * lib/krb5/keytab.c: Return sane values from resolve and
4397 start_seq_get.
4398
4399 * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.
4400
4401 * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
4402 krb524_convert_creds_kdc.
4403
4404 * lib/krb5/convert_creds.c: Implementation of
4405 krb524_convert_creds_kdc.
4406
4407 * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL
4408
4409 * kdc/524.c: A somewhat working 524-protocol module.
4410
4411 * kdc/kerberos4.c: Add version 4 ticket encoding and encryption
4412 functions.
4413
4414 * lib/krb5/context.c: Fix kdc_timeout.
4415
4416 * lib/hdb/{ndbm,db}.c: Free name in close.
4417
4418 * kdc/kerberos5.c (tgs_check_autenticator): Return error code
4419
4420Thu Aug 14 21:29:03 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4421
4422 * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.
4423
4424 * lib/krb5/store_emem.c: Fix reallocation bug.
4425
4426Tue Aug 12 01:29:46 1997 Assar Westerlund <assar@sics.se>
4427
4428 * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
4429 `krb5_sock_to_principal'. Send server parameter to
4430 krb5_rd_req/krb5_recvauth. Set addresses in auth_context.
4431
4432 * lib/krb5/recvauth.c: Set addresses in auth_context if there
4433 aren't any
4434
4435 * lib/krb5/auth_context.c: New function
4436 `krb5_auth_con_setaddrs_from_fd'
4437
4438 * lib/krb5/sock_principal.c: new function
4439 `krb5_sock_to_principal'
4440
4441 * lib/krb5/time.c: new file with `krb5_timeofday' and
4442 `krb5_us_timeofday'. Use these functions.
4443
4444 * kuser/klist.c: print KDC offset iff verbose
4445
4446 * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
4447 [libdefaults]kdc_timesync is set.
4448
4449 * lib/krb5/fcache.c: Implement version 4 of the ccache format.
4450
4451Mon Aug 11 05:34:43 1997 Assar Westerlund <assar@sics.se>
4452
4453 * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory
4454
4455 * lib/krb5/principal.c (krb5_unparse_name): allocate memory
4456 properly
4457
4458 * kpasswd/kpasswd.c: Use `krb5_change_password'
4459
4460 * lib/krb5/init_creds_pw.c (init_cred): set realm of server
4461 correctly.
4462
4463 * lib/krb5/init_creds_pw.c: support changing of password when it
4464 has expired
4465
4466 * lib/krb5/changepw.c: new file
4467
4468 * kuser/klist.c: use getarg
4469
4470 * admin/init.c (init): add `kadmin/changepw'
4471
4472Mon Aug 11 04:30:47 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4473
4474 * lib/krb5/get_cred.c: Make get_credentials handle cross-realm.
4475
4476Mon Aug 11 00:03:24 1997 Assar Westerlund <assar@sics.se>
4477
4478 * lib/krb5/config_file.c: implement support for #-comments
4479
4480Sat Aug 9 02:21:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4481
4482 * kdc/hprop*.c: Add database propagation programs.
4483
4484 * kdc/connect.c: Max request size.
4485
4486Sat Aug 9 00:47:28 1997 Assar Westerlund <assar@sics.se>
4487
4488 * lib/otp: resurrected from krb4
4489
4490 * appl/push: new program for fetching mail with POP.
4491
4492 * appl/popper/popper.h: new include files. new fields in `POP'
4493
4494 * appl/popper/pop_pass.c: Implement both v4 and v5.
4495
4496 * appl/popper/pop_init.c: Implement both v4 and v5.
4497
4498 * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5
4499
4500 * appl/popper: Popper from krb4.
4501
4502 * configure.in: check for inline and <netinet/tcp.h> generate
4503 files in appl/popper, appl/push, and lib/otp
4504
4505Fri Aug 8 05:51:02 1997 Assar Westerlund <assar@sics.se>
4506
4507 * lib/krb5/get_cred.c: clean-up and try to free memory even when
4508 there're errors
4509
4510 * lib/krb5/get_cred.c: adapt to new `extract_ticket'
4511
4512 * lib/krb5/get_in_tkt.c: reorganize. check everything and try to
4513 return memory even if there are errors.
4514
4515 * kuser/kverify.c: new file
4516
4517 * lib/krb5/free_host_realm.c: new file
4518
4519 * lib/krb5/principal.c (krb5_sname_to_principal): implement
4520 different nametypes. Also free memory.
4521
4522 * lib/krb5/verify_init.c: more functionality
4523
4524 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum
4525
4526 * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
4527 principals in creds. Should also compare them with that received
4528 from the KDC
4529
4530 * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
4531 krb5_ccache
4532 (krb5_cc_destroy): call krb5_cc_close
4533 (krb5_cc_retrieve_cred): delete the unused creds
4534
4535Fri Aug 8 02:30:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4536
4537 * lib/krb5/log.c: Allow better control of destinations of logging
4538 (like passing explicit destinations, and log-functions).
4539
4540Fri Aug 8 01:20:39 1997 Assar Westerlund <assar@sics.se>
4541
4542 * lib/krb5/get_default_principal.c: new file
4543
4544 * kpasswd/kpasswdd.c: use krb5_log*
4545
4546Fri Aug 8 00:37:47 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4547
4548 * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.
4549
4550Fri Aug 8 00:37:17 1997 Assar Westerlund <assar@sics.se>
4551
4552 * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
4553 Print password expire information.
4554
4555 * kdc/config.c: new variable `kdc_warn_pwexpire'
4556
4557 * kpasswd/kpasswd.c: converted to getarg and get_init_creds
4558
4559Thu Aug 7 22:17:09 1997 Assar Westerlund <assar@sics.se>
4560
4561 * lib/krb5/mcache.c: new file
4562
4563 * admin/gettime.c: new function puttime. Use it.
4564
4565 * lib/krb5/keyblock.c: Added krb5_free_keyblock and
4566 krb5_copy_keyblock
4567
4568 * lib/krb5/init_creds_pw.c: more functionality
4569
4570 * lib/krb5/creds.c: Added krb5_free_creds_contents and
4571 krb5_copy_creds. Changed callers.
4572
4573 * lib/krb5/config_file.c: new functions krb5_config_get and
4574 krb5_config_vget
4575
4576 * lib/krb5/cache.c: cleanup added mcache
4577
4578 * kdc/kerberos5.c: include last-req's of type 6 and 7, if
4579 applicable
4580
4581Wed Aug 6 20:38:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4582
4583 * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.
4584
4585Tue Aug 5 22:53:54 1997 Assar Westerlund <assar@sics.se>
4586
4587 * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
4588 prompter_posix.c: the beginning of an implementation of the cygnus
4589 initial-ticket API.
4590
4591 * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global
4592
4593 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
4594 almost krb5_get_in_tkt but doesn't write the creds to the ccache.
4595 Small fixes in krb5_get_in_tkt
4596
4597 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
4598 loopback.
4599
4600Mon Aug 4 20:20:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4601
4602 * kdc: Make context global.
4603
4604Fri Aug 1 17:23:56 1997 Assar Westerlund <assar@sics.se>
4605
4606 * Release 0.0d
4607
4608 * lib/roken/flock.c: new file
4609
4610 * kuser/kinit.c: check for and print expiry information in the
4611 `kdc_rep'
4612
4613 * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL
4614
4615 * kdc/kerberos5.c: Check the valid times on client and server.
4616 Check the password expiration.
4617 Check the require_preauth flag.
4618 Send an lr_type == 6 with pw_end.
4619 Set key.expiration to min(valid_end, pw_end)
4620
4621 * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'
4622
4623 * admin/util.c, admin/load.c: handle the new flags.
4624
4625Fri Aug 1 16:56:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4626
4627 * lib/hdb: Add some simple locking.
4628
4629Sun Jul 27 04:44:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4630
4631 * lib/krb5/log.c: Add some general logging functions.
4632
4633 * kdc/kerberos4.c: Add version 4 protocol handler. The requrement
4634 for this to work is that all involved principals has a des key in
4635 the database, and that the client has a version 4 (un-)salted
4636 key. Furthermore krb5_425_conv_principal has to do it's job, as
4637 present it's not very clever.
4638
4639 * lib/krb5/principal.c: Quick patch to make 425_conv work
4640 somewhat.
4641
4642 * lib/hdb/hdb.c: Add keytype->key and next key functions.
4643
4644Fri Jul 25 17:32:12 1997 Assar Westerlund <assar@sics.se>
4645
4646 * lib/krb5/build_auth.c (krb5_build_authenticator): don't free
4647 `cksum'. It's allocated and freed by the caller
4648
4649 * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.
4650
4651 * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
4652 `client' to return as part of the KRB-ERROR
4653
4654Thu Jul 24 08:13:59 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4655
4656 * kdc/kerberos5.c: Unseal keys from database before use.
4657
4658 * kdc/misc.c: New functions set_master_key, unseal_key and
4659 free_key.
4660
4661 * lib/roken/getarg.c: Handle `-f arg' correctly.
4662
4663Thu Jul 24 01:54:43 1997 Assar Westerlund <assar@sics.se>
4664
4665 * kuser/kinit.c: implement `-l' aka `--lifetime'
4666
4667 * lib/roken/parse_units.c, parse_time.c: new files
4668
4669 * admin/gettime.c (gettime): use `parse_time'
4670
4671 * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
4672 KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.
4673
4674 * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
4675 addresses in auth_context bind one socket per interface.
4676
4677 * kpasswd/kpasswd.c: use sequence numbers
4678
4679 * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
4680 the timestamps
4681
4682 * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
4683 from auth_context
4684
4685 * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
4686 from auth_context
4687
4688 * lib/krb5/mk_error.c (krb5_mk_error): return an error number and
4689 not a comerr'd number.
4690
4691 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
4692 number in KRB-ERROR correctly.
4693
4694 * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
4695 number in KRB-ERROR correctly.
4696
4697 * lib/asn1/k5.asn1: Add `METHOD-DATA'
4698
4699 * removed some memory leaks.
4700
4701Wed Jul 23 07:53:18 1997 Assar Westerlund <assar@sics.se>
4702
4703 * Release 0.0c
4704
4705 * lib/krb5/rd_cred.c, get_for_creds.c: new files
4706
4707 * lib/krb5/get_host_realm.c: try default realm as last chance
4708
4709 * kpasswd/kpasswdd.c: updated to hdb changes
4710
4711 * appl/telnet/libtelnet/kerberos5.c: Implement forwarding
4712
4713 * appl/telnet/libtelnet: removed totally unused files
4714
4715 * admin/ank.c: fix prompts and generation of random keys
4716
4717Wed Jul 23 04:02:32 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4718
4719 * admin/dump.c: Include salt in dump.
4720
4721 * admin: Mostly updated for new db-format.
4722
4723 * kdc/kerberos5.c: Update to use new db format. Better checking of
4724 flags and such. More logging.
4725
4726 * lib/hdb/hdb.c: Use generated encode and decode functions.
4727
4728 * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.
4729
4730 * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
4731 in the reply.
4732
4733Sun Jul 20 16:22:30 1997 Assar Westerlund <assar@sics.se>
4734
4735 * kuser/kinit.c: break if des_read_pw_string() != 0
4736
4737 * kpasswd/kpasswdd.c: send a reply
4738
4739 * kpasswd/kpasswd.c: restructured code. better report on
4740 krb-error break if des_read_pw_string() != 0
4741
4742 * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
4743 starttime and renew_till
4744
4745 * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
4746 keyblock to krb5_verify_chekcsum
4747
4748Sun Jul 20 06:35:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4749
4750 * Release 0.0b
4751
4752 * kpasswd/kpasswd.c: Avoid using non-standard struct names.
4753
4754Sat Jul 19 19:26:23 1997 Assar Westerlund <assar@sics.se>
4755
4756 * lib/krb5/keytab.c (krb5_kt_get_entry): check return from
4757 `krb5_kt_start_seq_get'. From <map@stacken.kth.se>
4758
4759Sat Jul 19 04:07:39 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4760
4761 * lib/asn1/k5.asn1: Update with more pa-data types from
4762 draft-ietf-cat-kerberos-revisions-00.txt
4763
4764 * admin/load.c: Update to match current db-format.
4765
4766 * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
4767 up. Send back an empty pa-data if the client has the v4 flag set.
4768
4769 * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
4770 pa-data. DTRT if there is any pa-data in the reply.
4771
4772 * lib/krb5/str2key.c: XOR with some sane value.
4773
4774 * lib/hdb/hdb.h: Add `version 4 salted key' flag.
4775
4776 * kuser/kinit.c: Ask for password before calling get_in_tkt. This
4777 makes it possible to call key_proc more than once.
4778
4779 * kdc/string2key.c: Add flags to output version 5 (DES only),
4780 version 4, and AFS string-to-key of a password.
4781
4782 * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
4783 ENOMEM).
4784
4785Fri Jul 18 02:54:58 1997 Assar Westerlund <assar@sics.se>
4786
4787 * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
4788 name2name thing
4789
4790 * kdc/misc.c: check result of hdb_open
4791
4792 * admin/kdb_edit: updated to new sl
4793
4794 * lib/sl: sl_func now returns an int. != 0 means to exit.
4795
4796 * kpasswd/kpasswdd: A crude (but somewhat working) implementation
4797 of `draft-ietf-cat-kerb-chg-password-00.txt'
4798
4799Fri Jul 18 00:55:39 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4800
4801 * kuser/krenew.c: Crude ticket renewing program.
4802
4803 * kdc/kerberos5.c: Rewritten flags parsing, it now might work to
4804 get forwarded and renewed tickets.
4805
4806 * kuser/kinit.c: Add `-r' flag.
4807
4808 * lib/krb5/get_cred.c: Move most of contents of get_creds to new
4809 function get_kdc_cred, that always contacts the kdc and doesn't
4810 save in the cache. This is a hack.
4811
4812 * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
4813 (a bit kludgy).
4814
4815 * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.
4816
4817 * lib/krb5/send_to_kdc.c: Get timeout from context.
4818
4819 * lib/krb5/context.c: Add kdc_timeout to context struct.
4820
4821Thu Jul 17 20:35:45 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4822
4823 * kuser/klist.c: Print start time of ticket if available.
4824
4825 * lib/krb5/get_host_realm.c: Return error if no realm was found.
4826
4827Thu Jul 17 20:28:21 1997 Assar Westerlund <assar@sics.se>
4828
4829 * kpasswd: non-working kpasswd added
4830
4831Thu Jul 17 00:21:22 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4832
4833 * Release 0.0a
4834
4835 * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.
4836
4837Wed Jul 16 03:37:41 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4838
4839 * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.
4840
4841 * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
4842 subkey.
4843
4844 * lib/krb5/principal.c (krb5_free_principal): Check for NULL.
4845
4846 * lib/krb5/send_to_kdc.c: Check for NULL return from
4847 gethostbyname.
4848
4849 * lib/krb5/set_default_realm.c: Try to get realm of local host if
4850 no default realm is available.
4851
4852 * Remove non ASN.1 principal code.
4853
4854Wed Jul 16 03:17:30 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4855
4856 * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
4857 error handing. Do some logging.
4858
4859 * kdc/log.c: Some simple logging facilities.
4860
4861 * kdc/misc.c (db_fetch): Take a krb5_principal.
4862
4863 * kdc/connect.c: Pass address of request to as_rep and
4864 tgs_rep. Send KRB-ERROR.
4865
4866 * lib/krb5/mk_error.c: Add more fields.
4867
4868 * lib/krb5/get_cred.c: Print normal error code if no e_text is
4869 available.
4870
4871Wed Jul 16 03:07:50 1997 Assar Westerlund <assar@sics.se>
4872
4873 * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
4874 Change encryption type of pa_enc_timestamp to DES-CBC-MD5
4875
4876 * lib/krb5/context.c: recognize all encryption types actually
4877 implemented
4878
4879 * lib/krb5/auth_context.c (krb5_auth_con_init): Change default
4880 encryption type to `DES_CBC_MD5'
4881
4882 * lib/krb5/read_message.c, write_message.c: new files
4883
4884Tue Jul 15 17:14:21 1997 Assar Westerlund <assar@sics.se>
4885
4886 * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.
4887
4888 * lib/error/compile_et.awk: generate a prototype for the
4889 `destroy_foo_error_table' function.
4890
4891Mon Jul 14 12:24:40 1997 Assar Westerlund <assar@sics.se>
4892
4893 * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
4894 with `kerberos.REALM'
4895
4896 * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
4897 `max_skew'
4898
4899 * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
4900 subkey
4901
4902 * lib/krb5/build_auth.c (krb5_build_authenticator): always
4903 generate a subkey.
4904
4905 * lib/krb5/address.c: implement `krb5_address_order'
4906
4907 * lib/gssapi/import_name.c: Implement `gss_import_name'
4908
4909 * lib/gssapi/external.c: Use new OID
4910
4911 * lib/gssapi/encapsulate.c: New functions
4912 `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed
4913 callers.
4914
4915 * lib/gssapi/decapsulate.c: New function
4916 `gssaspi_krb5_verify_header'. Changed callers.
4917
4918 * lib/asn1/gen*.c: Give tags to generated structs.
4919 Use `err' and `asprintf'
4920
4921 * appl/test/gss_common.c: new file
4922
4923 * appl/test/gssapi_server.c: removed all krb5 calls
4924
4925 * appl/telnet/libtelnet/kerberos5.c: Add support for genering and
4926 verifying checksums. Also start using session subkeys.
4927
4928Mon Jul 14 12:08:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4929
4930 * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.
4931
4932Sun Jul 13 03:07:44 1997 Assar Westerlund <assar@sics.se>
4933
4934 * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT
4935
4936 * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
4937 `DES_encrypt_key_ivec'
4938
4939 * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des
4940
4941 * kdc/kerberos5.c (tgs_rep): support keyed checksums
4942
4943 * lib/krb5/creds.c: new file
4944
4945 * lib/krb5/get_in_tkt.c: better freeing
4946
4947 * lib/krb5/context.c (krb5_free_context): more freeing
4948
4949 * lib/krb5/config_file.c: New function `krb5_config_file_free'
4950
4951 * lib/error/compile_et.awk: Generate a `destroy_' function.
4952
4953 * kuser/kinit.c, klist.c: Don't leak memory.
4954
4955Sun Jul 13 02:46:27 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4956
4957 * kdc/connect.c: Check filedescriptor in select.
4958
4959 * kdc/kerberos5.c: Remove most of the most common memory leaks.
4960
4961 * lib/krb5/rd_req.c: Free allocated data.
4962
4963 * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
4964 fields.
4965
4966Sun Jul 13 00:32:16 1997 Assar Westerlund <assar@sics.se>
4967
4968 * appl/telnet: Conditionalize the krb4-support.
4969
4970 * configure.in: Test for krb4
4971
4972Sat Jul 12 17:14:12 1997 Assar Westerlund <assar@sics.se>
4973
4974 * kdc/kerberos5.c: check if the pre-auth was decrypted properly.
4975 set the `pre_authent' flag
4976
4977 * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.
4978
4979 * lib/krb5/encrypt.c: Made `generate_random_block' global.
4980
4981 * appl/test: Added gssapi_client and gssapi_server.
4982
4983 * lib/krb5/data.c: Add `krb5_data_zero'
4984
4985 * appl/test/tcp_client.c: try `mk_safe' and `mk_priv'
4986
4987 * appl/test/tcp_server.c: try `rd_safe' and `rd_priv'
4988
4989Sat Jul 12 16:45:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4990
4991 * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
4992 returns zero length from SIOCGIFCONF.
4993
4994Sat Jul 12 16:38:34 1997 Assar Westerlund <assar@sics.se>
4995
4996 * appl/test: new programs
4997
4998 * lib/krb5/rd_req.c: add address compare
4999
5000 * lib/krb5/mk_req_ext.c: allow no checksum
5001
5002 * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string
5003
5004 * lib/krb5/address.c: fix `krb5_address_compare'
5005
5006Sat Jul 12 15:03:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5007
5008 * lib/krb5/get_addrs.c: Fix ip4 address extraction.
5009
5010 * kuser/klist.c: Add verbose flag, and split main into smaller
5011 pieces.
5012
5013 * lib/krb5/fcache.c: Save ticket flags.
5014
5015 * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
5016 flags.
5017
5018 * lib/krb5/krb5.h: Add ticket_flags to krb5_creds.
5019
5020Sat Jul 12 13:12:48 1997 Assar Westerlund <assar@sics.se>
5021
5022 * configure.in: Call `AC_KRB_PROG_LN_S'
5023
5024 * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4
5025
5026Sat Jul 12 00:57:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5027
5028 * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
5029 pass options.
5030
5031Fri Jul 11 15:04:22 1997 Assar Westerlund <assar@sics.se>
5032
5033 * appl/telnet: telnet & telnetd seems to be working.
5034
5035 * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
5036 krb5_config_vget_next
5037
5038 * appl/telnet/libtelnet/kerberos5.c: update to current API
5039
5040Thu Jul 10 14:54:39 1997 Assar Westerlund <assar@sics.se>
5041
5042 * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
5043 `krb5_kuserok'
5044
5045 * appl/telnet: Added.
5046
5047Thu Jul 10 05:09:25 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5048
5049 * lib/error/compile_et.awk: Remove usage of sub, gsub, and
5050 functions for compatibility with awk.
5051
5052 * include/bits.c: Must use signed char.
5053
5054 * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
5055 here.
5056
5057 * lib/error/error.c: Replace krb5_get_err_text with new function
5058 com_right.
5059
5060 * lib/error/compile_et.awk: Avoid using static variables.
5061
5062 * lib/error/error.c: Don't use krb5_locl.h
5063
5064 * lib/error/error.h: Move definitions of error_table and
5065 error_list from krb5.h.
5066
5067 * lib/error: Moved from lib/krb5.
5068
5069Wed Jul 9 07:42:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5070
5071 * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.
5072
5073Wed Jul 9 06:58:00 1997 Assar Westerlund <assar@sics.se>
5074
5075 * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
5076 according to pseudocode from 1510
5077
5078Wed Jul 9 06:06:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5079
5080 * lib/hdb/hdb.c: Add hdb_etype2key.
5081
5082 * kdc/kerberos5.c: Check authenticator. Use more general etype
5083 functions.
5084
5085Wed Jul 9 03:51:12 1997 Assar Westerlund <assar@sics.se>
5086
5087 * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
5088 draft-ietf-cat-kerberos-r-00.txt
5089
5090 * lib/krb5/principal.c (krb5_parse_name): default to local realm
5091 if none given
5092
5093 * kuser/kinit.c: New option `-p' and prompt
5094
5095Wed Jul 9 02:30:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5096
5097 * lib/krb5/keyblock.c: Keyblock generation functions.
5098
5099 * lib/krb5/encrypt.c: Use functions from checksum.c.
5100
5101 * lib/krb5/checksum.c: Move checksum functions here. Add
5102 krb5_cksumsize function.
5103
5104Wed Jul 9 01:15:38 1997 Assar Westerlund <assar@sics.se>
5105
5106 * lib/krb5/get_host_realm.c: implemented
5107
5108 * lib/krb5/config_file.c: Redid part. New functions:
5109 krb5_config_v?get_next
5110
5111 * kuser/kdestroy.c: new program
5112
5113 * kuser/kinit.c: new flag `-f'
5114
5115 * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress
5116
5117 * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN
5118
5119 * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all
5120 users.
5121
5122 * lib/krb5/get_addrs.c: figure out all local addresses, possibly
5123 even IPv6!
5124
5125 * lib/krb5/checksum.c: table-driven checksum
5126
5127Mon Jul 7 21:13:28 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5128
5129 * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
5130 krb5_encrypt.
5131
5132Mon Jul 7 11:15:51 1997 Assar Westerlund <assar@sics.se>
5133
5134 * lib/roken/vsyslog.c: new file
5135
5136 * lib/krb5/encrypt.c: add des-cbc-md4.
5137 adjust krb5_encrypt and krb5_decrypt to reality
5138
5139Mon Jul 7 02:46:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5140
5141 * lib/krb5/encrypt.c: Implement as a vector of function pointers.
5142
5143 * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
5144 des-cbc-md5 in separate functions.
5145
5146 * lib/krb5/krb5.h: Add more checksum and encryption types.
5147
5148 * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.
5149
5150Sun Jul 6 23:02:59 1997 Assar Westerlund <assar@sics.se>
5151
5152 * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files
5153
5154 * lib/krb5/config_file.[ch]: new c-based configuration reading
5155 stuff
5156
5157Wed Jul 2 23:12:56 1997 Assar Westerlund <assar@sics.se>
5158
5159 * configure.in: Set WFLAGS if using gcc
5160
5161Wed Jul 2 17:47:03 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5162
5163 * lib/asn1/der_put.c (der_put_int): Return size correctly.
5164
5165 * admin/ank.c: Be compatible with the asn1 principal format.
5166
5167Wed Jul 1 23:52:20 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5168
5169 * lib/asn1: Now all decode_* and encode_* functions now take a
5170 final size_t* argument, that they return the size in. Return
5171 values are zero for success, and anything else (such as some
5172 ASN1_* constant) for error.
5173
5174Mon Jun 30 06:08:14 1997 Assar Westerlund <assar@sics.se>
5175
5176 * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
5177 O_WRONLY | O_APPEND
5178
5179 * lib/krb5/get_cred.c: removed stale prototype for
5180 `extract_ticket' and corrected call.
5181
5182 * lib/asn1/gen_length.c (length_type): Make the length functions
5183 for SequenceOf non-destructive
5184
5185 * admin/ank.c (doit): Fix reading of `y/n'.
5186
5187Mon Jun 16 05:41:43 1997 Assar Westerlund <assar@sics.se>
5188
5189 * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number
5190
5191 * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.
5192
5193 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
5194 KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum.
5195
5196 * lib/gssapi/8003.c: New file.
5197
5198 * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
5199 Authenticator.
5200
5201 * lib/krb5/auth_context.c: New functions
5202 `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'
5203
5204Tue Jun 10 00:35:54 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5205
5206 * lib/krb5: Preapre for use of some asn1-types.
5207
5208 * lib/asn1/*.c (copy_*): Constness.
5209
5210 * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
5211 octet_string.
5212
5213 * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
5214 general_string
5215
5216 * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
5217 have anything to do with asn1_compile.
5218
5219 * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.
5220
5221Sun Jun 8 03:51:55 1997 Assar Westerlund <assar@sics.se>
5222
5223 * kdc/kerberos5.c: Fix PA-ENC-TS-ENC
5224
5225 * kdc/connect.c(process_request): Set `new'
5226
5227 * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.
5228
5229 * lib: Added editline,sl,roken.
5230
5231Mon Jun 2 00:37:48 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5232
5233 * lib/krb5/fcache.c: Move file cache from cache.c.
5234
5235 * lib/krb5/cache.c: Allow more than one cache type.
5236
5237Sun Jun 1 23:45:33 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5238
5239 * admin/extkeytab.c: Merged with kdb_edit.
5240
5241Sun Jun 1 23:23:08 1997 Assar Westerlund <assar@sics.se>
5242
5243 * kdc/kdc.c: more support for ENC-TS-ENC
5244
5245 * lib/krb5/get_in_tkt.c: redone to enable pre-authentication
5246
5247Sun Jun 1 22:45:11 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5248
5249 * lib/hdb/db.c: Merge fetch and store.
5250
5251 * admin: Merge to one program.
5252
5253 * lib/krb5/str2key.c: Fill in keytype and length.
5254
5255Sun Jun 1 16:31:23 1997 Assar Westerlund <assar@sics.se>
5256
5257 * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
5258 lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
5259 KRB5_AUTH_CONTEXT_DO_SEQUENCE
5260
5261 * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
5262 KRB_ERROR. Some support for PA_ENC_TS_ENC.
5263
5264 * lib/krb5/auth_context.c: implemented seq_number functions
5265
5266 * lib/krb5/generate_subkey.c, generate_seq_number.c: new files
5267
5268 * lib/gssapi/gssapi.h: avoid including <krb5.h>
5269
5270 * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
5271 happy
5272
5273 * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP
5274
5275 * configure.in: adapted to automake 1.1p
5276
5277Mon May 26 22:26:21 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5278
5279 * lib/krb5/principal.c: Add contexts to many functions.
5280
5281Thu May 15 20:25:37 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5282
5283 * lib/krb5/verify_user.c: First stab at a verify user.
5284
5285 * lib/auth/sia/sia5.c: SIA module for Kerberos 5.
5286
5287Mon Apr 14 00:09:03 1997 Assar Westerlund <assar@sics.se>
5288
5289 * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
5290 able to (mostly) run gss-client and gss-server.
5291
5292 * lib/krb5/keytab.c: implemented krb5_kt_add_entry,
5293 krb5_kt_store_principal, krb5_kt_store_keyblock
5294
5295 * lib/des/md5.[ch], sha.[ch]: new files
5296
5297 * lib/asn1/der_get.c (generalizedtime2time): use `timegm'
5298
5299 * lib/asn1/timegm.c: new file
5300
5301 * admin/extkeytab.c: new program
5302
5303 * admin/admin_locl.h: new file
5304
5305 * admin/Makefile.am: Added extkeytab
5306
5307 * configure.in: moved config to include
5308 removed timezone garbage
5309 added lib/gssapi and admin
5310
5311 * Makefile.am: Added admin
5312
5313Mon Mar 17 11:34:05 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5314
5315 * kdc/kdc.c: Use new copying functions, and free some data.
5316
5317 * lib/asn1/Makefile.am: Try to not always rebuild generated files.
5318
5319 * lib/asn1/der_put.c: Add fix_dce().
5320
5321 * lib/asn1/der_{get,length,put}.c: Fix include files.
5322
5323 * lib/asn1/der_free.c: Remove unused functions.
5324
5325 * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
5326 gen_length, and gen_copy.
5327
5328Sun Mar 16 18:13:52 1997 Assar Westerlund <assar@sics.se>
5329
5330 * lib/krb5/sendauth.c: implemented functionality
5331
5332 * lib/krb5/rd_rep.c: Use `krb5_decrypt'
5333
5334 * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
5335 NULL
5336
5337 * lib/krb5/principal.c (krb5_free_principal): added `context'
5338 argument. Changed all callers.
5339
5340 (krb5_sname_to_principal): new function
5341
5342 * lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
5343 argument. Changed all callers
5344
5345 * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files
5346
5347 * lib/asn1/gen.c: Fix encoding and decoding of BitStrings
5348
5349Fri Mar 14 11:29:00 1997 Assar Westerlund <assar@sics.se>
5350
5351 * configure.in: look for *dbm?
5352
5353 * lib/asn1/gen.c: Fix filename in generated files. Check fopens.
5354 Put trailing newline in asn1_files.
5355
5356Fri Mar 14 05:06:44 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5357
5358 * lib/krb5/get_in_tkt.c: Fix some memory leaks.
5359
5360 * lib/krb5/krbhst.c: Properly free hostlist.
5361
5362 * lib/krb5/decrypt.c: CRCs are 32 bits.
5363
5364Fri Mar 14 04:39:15 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5365
5366 * lib/asn1/gen.c: Generate one file for each type.
5367
5368Fri Mar 14 04:13:47 1997 Assar Westerlund <assar@sics.se>
5369
5370 * lib/asn1/gen.c: Generate `length_FOO' functions
5371
5372 * lib/asn1/der_length.c: new file
5373
5374 * kuser/klist.c: renamed stime -> printable_time to avoid conflict
5375 on HP/UX
5376
5377Fri Mar 14 03:37:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5378
5379 * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
5380 datums. Don't add .db to filename.
5381
5382Fri Mar 14 02:49:51 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5383
5384 * kdc/dump.c: Database dump program.
5385
5386 * kdc/ank.c: Trivial database editing program.
5387
5388 * kdc/{kdc.c, load.c}: Use libhdb.
5389
5390 * lib/hdb: New database routine library.
5391
5392 * lib/krb5/error/Makefile.am: Add hdb_err.
5393
5394Wed Mar 12 17:41:14 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5395
5396 * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.
5397
5398 * lib/asn1/gen.c: Generate free functions.
5399
5400 * Some specific free functions.
5401
5402Wed Mar 12 12:30:13 1997 Assar Westerlund <assar@sics.se>
5403
5404 * lib/krb5/krb5_mk_req_ext.c: new file
5405
5406 * lib/asn1/gen.c: optimize the case with a simple type
5407
5408 * lib/krb5/get_cred.c (krb5_get_credentials): Use
5409 `mk_req_extended' and remove old code.
5410
5411 * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
5412 EncASRepPart, then with an EncTGSRepPart.
5413
5414Wed Mar 12 08:26:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5415
5416 * lib/krb5/store_emem.c: New resizable memory storage.
5417
5418 * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c
5419
5420 * lib/krb5/krb5.h: Add free entry to krb5_storage.
5421
5422 * lib/krb5/decrypt.c: Make keyblock const.
5423
5424Tue Mar 11 20:22:17 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5425
5426 * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.
5427
5428 * lib/krb5/rd_req.c: Return whole asn.1 ticket in
5429 krb5_ticket->tkt.
5430
5431 * lib/krb5/get_in_tkt.c: TGS -> AS
5432
5433 * kuser/kfoo.c: Print error string rather than number.
5434
5435 * kdc/kdc.c: Some kind of non-working TGS support.
5436
5437Mon Mar 10 01:43:22 1997 Assar Westerlund <assar@sics.se>
5438
5439 * lib/asn1/gen.c: reduced generated code by 1/5
5440
5441 * lib/asn1/der_put.c: (der_put_length_and_tag): new function
5442
5443 * lib/asn1/der_get.c (der_match_tag_and_length): new function
5444
5445 * lib/asn1/der.h: added prototypes
5446
5447Mon Mar 10 01:15:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5448
5449 * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
5450 krb5_rd_req_with_keyblock.
5451
5452 * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
5453 takes a precomputed keyblock.
5454
5455 * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.
5456
5457 * lib/krb5/mk_req.c: Calculate checksum of in_data.
5458
5459Sun Mar 9 21:17:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5460
5461 * lib/krb5/error/compile_et.awk: Add a declaration of struct
5462 error_list, and multiple inclusion block to header files.
5463
5464Sun Mar 9 21:01:12 1997 Assar Westerlund <assar@sics.se>
5465
5466 * lib/krb5/rd_req.c: do some checks on times
5467
5468 * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
5469 address.c}: new files
5470
5471 * lib/krb5/auth_context.c: more code
5472
5473 * configure.in: try to figure out timezone
5474
5475Sat Mar 8 11:41:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5476
5477 * lib/krb5/error/error.c: Try strerror if error code wasn't found.
5478
5479 * lib/krb5/get_in_tkt.c: Remove realm parameter from
5480 krb5_get_salt.
5481
5482 * lib/krb5/context.c: Initialize error table.
5483
5484 * kdc: The beginnings of a kdc.
5485
5486Sat Mar 8 08:16:28 1997 Assar Westerlund <assar@sics.se>
5487
5488 * lib/krb5/rd_safe.c: new file
5489
5490 * lib/krb5/checksum.c (krb5_verify_checksum): New function
5491
5492 * lib/krb5/get_cred.c: use krb5_create_checksum
5493
5494 * lib/krb5/checksum.c: new file
5495
5496 * lib/krb5/store.c: no more arithmetic with void*
5497
5498 * lib/krb5/cache.c: now seems to work again
5499
5500Sat Mar 8 06:58:09 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5501
5502 * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.
5503
5504 * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.
5505
5506 * lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
5507
5508 * lib/krb5/{cache,keytab}.c: Use new storage functions.
5509
5510 * lib/krb5/krb5.h: Protypes for new storage functions.
5511
5512 * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
5513 data to more than file descriptors.
5514
5515Sat Mar 8 01:01:17 1997 Assar Westerlund <assar@sics.se>
5516
5517 * lib/krb5/encrypt.c: New file.
5518
5519 * lib/krb5/Makefile.am: More -I
5520
5521 * configure.in: Test for big endian, random, rand, setitimer
5522
5523 * lib/asn1/gen.c: perhaps even decodes bitstrings
5524
5525Thu Mar 6 19:05:29 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5526
5527 * lib/krb5/config_file.y: Better return values on error.
5528
5529Sat Feb 8 15:59:56 1997 Assar Westerlund <assar@pdc.kth.se>
5530
5531 * lib/asn1/parse.y: ifdef HAVE_STRDUP
5532
5533 * lib/asn1/lex.l: ifdef strdup
5534 brange-dead version of list of special characters to make stupid
5535 lex accept it.
5536
5537 * lib/asn1/gen.c: A DER integer should really be a `unsigned'
5538
5539 * lib/asn1/der_put.c: A DER integer should really be a `unsigned'
5540
5541 * lib/asn1/der_get.c: A DER integer should really be a `unsigned'
5542
5543 * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
5544 needed.
5545
5546 * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
5547 lib/krb/store.h: new files.
5548
5549 * lib/krb5/keytab.c: now even with some functionality.
5550
5551 * lib/asn1/gen.c: changed paramater from void * to Foo *
5552
5553 * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
5554 string.
5555
5556Sun Jan 19 06:17:39 1997 Assar Westerlund <assar@pdc.kth.se>
5557
5558 * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
5559 cc before getting new ones.
5560
5561 * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.
5562
5563 * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
5564 CRC should be stored LSW first. (?)
5565
5566 * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
5567 `krb5_free_keyblock'
5568
5569 * lib/**/Makefile.am: Rename foo libfoo.a
5570
5571 * include/Makefile.in: Use test instead of [
5572 -e does not work with /bin/sh on psoriasis
5573
5574 * configure.in: Search for awk
5575 create lib/krb/error/compile_et
5576
5577Tue Jan 14 03:46:26 1997 Assar Westerlund <assar@pdc.kth.se>
5578
5579 * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c
5580
5581Wed Dec 18 00:53:55 1996 Johan Danielsson <joda@emma.pdc.kth.se>
5582
5583 * kuser/kinit.c: Guess principal.
5584
5585 * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
5586 warnings.
5587
5588 * lib/krb5/error/asn1_err.et: Add ASN.1 error messages.
5589
5590 * lib/krb5/mk_req.c: Get client from cache.
5591
5592 * lib/krb5/cache.c: Add better error checking some useful return
5593 values.
5594
5595 * lib/krb5/krb5.h: Fix krb5_auth_context.
5596
5597 * lib/asn1/der.h: Make krb5_data compatible with krb5.h
5598
5599Tue Dec 17 01:32:36 1996 Johan Danielsson <joda@emma.pdc.kth.se>
5600
5601 * lib/krb5/error: Add primitive error library.
5602
5603Mon Dec 16 16:30:20 1996 Johan Danielsson <joda@emma.pdc.kth.se>
5604
5605 * lib/krb5/cache.c: Get correct address type from cache.
5606
5607 * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.
5608
|