12003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se> |
2 |
3 * Release 0.6 |
4 |
52003-05-08 Love H�rnquist �strand <lha@it.su.se> |
6 |
7 * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4 8 support |
9 |
10 * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't 11 v4 support |
12 |
13 * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4 14 support |
15 |
162003-05-06 Johan Danielsson <joda@pdc.kth.se> |
17 |
18 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some 19 tests |
20 |
21 * lib/asn1/check-gen.c: there is no \e escape sequence; replace 22 everything with hex-codes, and cast to unsigned char* to make some 23 compilers happy |
24 |
252003-05-06 Love H�rnquist �strand <lha@it.su.se> |
26 |
27 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first 28 argument to krb5_us_timeofday have correct type 29 302003-05-05 Assar Westerlund <assar@kth.se> |
31 |
32 * include/make_crypto.c (main): include aes.h if ENABLE_AES |
33 |
342003-05-05 Love H�rnquist �strand <lha@it.su.se> |
35 |
36 * NEWS: 1.108->1.110: fix text about gssapi compat 37 382003-04-28 Love H�rnquist �strand <lha@it.su.se> |
39 |
40 * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length, 41 from openbsd |
42 |
432003-04-24 Love H�rnquist �strand <lha@it.su.se> |
44 |
45 * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc 46 <jmc@prioris.mini.pw.edu.pl> |
47 |
482003-04-22 Love H�rnquist �strand <lha@it.su.se> |
49 |
50 * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org 51 via openbsd |
52 |
532003-04-17 Love H�rnquist �strand <lha@it.su.se> |
54 |
55 * lib/asn1/der_copy.c (copy_general_string): use strdup 56 * lib/asn1/der_put.c: remove sprintf 57 * lib/asn1/gen.c: remove strcpy/sprintf 58 59 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so 60 that other (me) have such hosts in the local domain and the tests 61 fails, to take hokkigai.pdc.kth.se instead 62 63 * lib/krb5/test_alname.c: add --version and --help 64 652003-04-16 Love H�rnquist �strand <lha@it.su.se> |
66 |
67 * lib/krb5/krb5_warn.3: add krb5_get_err_text 68 69 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd 70 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd 71 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use 72 strlcpy, from openbsd 73 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd 74 * appl/kf/kfd.c: use strlcpy, from openbsd 75 762003-04-16 Johan Danielsson <joda@pdc.kth.se> |
77 |
78 * configure.in: fix for large file support in AIX, _LARGE_FILES 79 needs to be defined on the command line, since lex likes to 80 include stdio.h before we get to config.h |
81 |
822003-04-16 Love H�rnquist �strand <lha@it.su.se> 83 84 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h, 85 from Thomas Klausner <wiz@netbsd.org> 86 87 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner 88 <wiz@netbsd.org> |
89 |
902003-04-15 Love H�rnquist �strand <lha@it.su.se> |
91 |
92 * kdc/kerberos5.c: fix some more memory leaks 93 942003-04-11 Love H�rnquist �strand <lha@it.su.se> |
95 |
96 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 97 982003-04-08 Love H�rnquist �strand <lha@it.su.se> |
99 |
100 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl> 101 1022003-04-06 Love H�rnquist �strand <lha@it.su.se> |
103 |
104 * lib/krb5/krb5.3: s/kerberos/Kerberos/ 105 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ 106 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ 107 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ 108 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ 109 * kuser/kinit.1: s/kerberos/Kerberos/ 110 * kdc/kdc.8: s/kerberos/Kerberos/ 111 1122003-04-01 Love H�rnquist �strand <lha@it.su.se> |
113 |
114 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests 115 116 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when 117 converting too root, make sure user is ok according to 118 krb5_kuserok before allowing it. |
119 |
120 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname 121 122 * lib/krb5/test_alname.c: add test for krb5_aname_to_localname 123 124 * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 125 instead of the "illegal" salt #~, same change as kth-krb did 126 1999. Problems occur with crypt() that behaves like AT&T crypt 127 (openssl does this). Pointed out by Marcus Watts. |
128 |
129 * admin/change.c (kt_change): collect all principals we are going 130 to change, and pick the highest kvno and use that to guess what 131 kvno the resulting kvno is going to be. Now two ktutil change in a 132 row works. XXX fix the protocol to pass the kvno back. 133 1342003-03-31 Love H�rnquist �strand <lha@it.su.se> |
135 |
136 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl> 137 1382003-03-30 Love H�rnquist �strand <lha@it.su.se> |
139 |
140 * doc/setup.texi: add description on how to turn on v4, 524 and 141 kaserver support |
142 |
1432003-03-29 Love H�rnquist �strand <lha@it.su.se> |
144 |
145 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog 146 and afs-use-524 |
147 |
1482003-03-28 Love H�rnquist �strand <lha@it.su.se> |
149 |
150 * kdc/kerberos5.c (as_rep): when the second enctype_to_string 151 failes, remember to free memory from the first enctype_to_string |
152 |
153 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, 154 from Harald Joerg <harald.joerg@fujitsu-siemens.com> 155 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc |
156 |
157 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key 158 length when key is longer then expected length, its probably 159 longer since the encrypted data was padded, reported by Aidan 160 Cully <aidan@kublai.com> |
161 |
162 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of 163 encyption type, inspired by Aidan Cully <aidan@kublai.com> 164 1652003-03-27 Love H�rnquist �strand <lha@it.su.se> |
166 |
167 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 168 (wildcard kvno) after principal when the keytab entry isn't found, 169 reported by Chris Chiappa <chris@chiappa.net> 170 1712003-03-26 Love H�rnquist �strand <lha@it.su.se> |
172 |
173 * doc/misc.texi: update 2b example to match reality (from 174 mattiasa@e.kth.se) |
175 |
176 * doc/misc.texi: spelling and add `Configuring AFS clients' 177 subsection |
178 |
1792003-03-25 Love H�rnquist �strand <lha@it.su.se> |
180 |
181 * lib/krb5/krb5.3: add krb5_free_data_contents.3 182 183 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT 184 API |
185 |
186 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat 187 with MIT API |
188 |
189 * lib/krb5/krb5_verify_user.3: write more about how the ccache 190 argument should be inited when used 191 1922003-03-25 Johan Danielsson <joda@pdc.kth.se> |
193 |
194 * lib/krb5/addr_families.c (krb5_print_address): make sure 195 print_addr is defined for the given address type; make addrports 196 printable |
197 |
198 * kdc/string2key.c: print the used enctype for kerberos 5 keys |
199 |
2002003-03-25 Love H�rnquist �strand <lha@it.su.se> |
201 |
202 * lib/krb5/aes-test.c: add another arcfour test 203 2042003-03-22 Love H�rnquist �strand <lha@it.su.se> |
205 |
206 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 207 2082003-03-20 Love H�rnquist �strand <lha@it.su.se> 209 210 * lib/krb5/krb5_ccache.3: update .Dd |
211 |
212 * lib/krb5/krb5.3: sort in krb5_data functions |
213 |
214 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 |
215 |
216 * lib/krb5/krb5_data.3: document krb5_data |
217 |
218 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if 219 prompter is NULL, don't try to ask for a password to 220 change. reported by Iain Moffat @ ufl.edu via Howard Chu 221 <hyc@highlandsun.com> |
222 |
2232003-03-19 Love H�rnquist �strand <lha@it.su.se> |
224 |
225 * lib/krb5/krb5_keytab.3: spelling, from 226 <jmc@prioris.mini.pw.edu.pl> |
227 |
228 * lib/krb5/krb5.conf.5: . means new line 229 230 * lib/krb5/krb5.conf.5: spelling, from 231 <jmc@prioris.mini.pw.edu.pl> |
232 |
233 * lib/krb5/krb5_auth_context.3: spelling, from 234 <jmc@prioris.mini.pw.edu.pl> |
235 |
2362003-03-18 Love H�rnquist �strand <lha@it.su.se> |
237 |
238 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 239 240 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time 241 242 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time |
243 |
244 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out 245 #ifdef KRB4 from enable_v4_cross_realm since 524 needs it 246 247 * kdc/config.c: 524 is independent of kerberos 4, so move out 248 enable_v4_cross_realm from #ifdef KRB4 since 524 needs it 249 2502003-03-17 Assar Westerlund <assar@kth.se> |
251 |
252 * kdc/kdc.8: document --kerberos4-cross-realm 253 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm 254 * kdc/kdc_locl.h (enable_v4_cross_realm): add 255 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm 256 flag before giving out v4 tickets for foreign v5 principals 257 * kdc/config.c: add --enable-kerberos4-cross-realm option (default 258 to off) |
259 |
2602003-03-17 Love H�rnquist �strand <lha@it.su.se> |
261 |
262 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 263 264 * lib/krb5/krb5_aname_to_localname.3: manpage for 265 krb5_aname_to_localname |
266 |
267 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ 268 2692003-03-16 Love H�rnquist �strand <lha@it.su.se> |
270 |
271 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 |
272 |
273 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 |
274 |
275 * lib/krb5/krb5_set_default_realm.3: Manpage for 276 krb5_free_host_realm, krb5_get_default_realm, 277 krb5_get_default_realms, krb5_get_host_realm, and 278 krb5_set_default_realm. |
279 |
280 * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado 281 <sobrado@acm.org> via NetBSD |
282 |
283 * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type |
284 |
285 * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab |
286 |
287 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix |
288 |
289 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more 290 types, add krb5_fcc_ops and krb5_mcc_ops |
291 |
292 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for 293 a id |
294 |
2952003-03-15 Love H�rnquist �strand <lha@it.su.se> |
296 |
297 * doc/intro.texi: add reference to source code, binaries and the 298 manual |
299 |
300 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal 301 3022003-03-14 Love H�rnquist �strand <lha@it.su.se> |
303 |
304 * kdc/kdc.8: better/difrent english |
305 |
306 * kdc/kdc.8: . -> .\n, copyright/license 307 308 * kdc/kdc.8: changed configuration file -> restart kdc |
309 |
310 * kdc/kerberos4.c: add krb4 into the most error messages written 311 to the logfile |
312 |
313 * lib/krb5/krb5_ccache.3: add missing name of argument 314 (krb5_context) to most functions |
315 |
3162003-03-13 Love H�rnquist �strand <lha@it.su.se> |
317 |
318 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of 319 function and return FALSE when there isn't a local account for 320 `luser'. |
321 |
322 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text 323 describing the function |
324 |
3252003-03-12 Love H�rnquist �strand <lha@it.su.se> |
326 |
327 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name 328 returned memory, don't return ENOMEM |
329 |
3302003-03-11 Love H�rnquist �strand <lha@it.su.se> |
331 |
332 * lib/krb5/krb5.3: add krb5_address stuff and sort 333 334 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description 335 336 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 337 338 * lib/krb5/krb5_address.3: document types krb5_address and 339 krb5_addresses and their helper functions |
340 |
3412003-03-10 Love H�rnquist �strand <lha@it.su.se> |
342 |
343 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 |
344 |
345 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se |
346 |
347 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 |
348 |
349 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se 350 351 * lib/krb5/krb5.3: add more functions 352 353 * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc 354 functions |
355 |
356 * lib/krb5/krb5_kuserok.3: document krb5_kuserok 357 358 * lib/krb5/krb5_verify_user.3: document 359 krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior |
360 |
361 * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and 362 krb5_verify_user_opt |
363 |
364 * lib/krb5/*.[0-9]: add copyright/licenses on more manpages |
365 |
366 * kuser/kdestroy.c (main): handle that krb5_cc_default_name can 367 return NULL |
368 |
369 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor 370 (TESTS): add test_cc |
371 |
372 * lib/krb5/test_cc.c: test some 373 krb5_cc_default_name/krb5_cc_set_default_name combinations 374 375 * lib/krb5/context.c (init_context_from_config_file): set 376 default_cc_name to NULL 377 (krb5_free_context): free default_cc_name if set |
378 |
379 * lib/krb5/cache.c (krb5_cc_set_default_name): new function 380 (krb5_cc_default_name): use krb5_cc_set_default_name |
381 |
382 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name 383 3842003-02-25 Love H�rnquist �strand <lha@it.su.se> |
385 |
386 * appl/kf/kf.1: s/securly/securely/ from NetBSD 387 3882003-02-18 Love H�rnquist �strand <lha@it.su.se> |
389 |
390 * kdc/connect.c: s/intialize/initialize, from 391 <jmc@prioris.mini.pw.edu.pl> |
392 |
3932003-02-17 Love H�rnquist �strand <lha@it.su.se> |
394 |
395 * configure.in: add AM_MAINTAINER_MODE 396 3972003-02-16 Love H�rnquist �strand <lha@it.su.se> |
398 |
399 * **/*.[0-9]: add copyright/licenses on all manpages |
400 |
4012003-14-16 Jacques Vidrine <nectar@kth.se> |
402 |
403 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single 404 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption 405 type specified by the KDC. |
406 |
4072003-02-15 Love H�rnquist �strand <lha@it.su.se> |
408 |
409 * fix-export: some autoconf put their version number in 410 autom4te.cache, so remove autom4te*.cache 411 412 * fix-export: make sure $1 is a directory 413 4142003-02-04 Love H�rnquist �strand <lha@it.su.se> |
415 |
416 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> |
417 |
418 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 419 4202003-01-31 Love H�rnquist �strand <lha@it.su.se> |
421 |
422 * kdc/hpropd.8: s/databases/a database/ s/Not/not/ |
423 |
424 * kdc/hprop.8: add missing . 425 4262003-01-30 Love H�rnquist �strand <lha@it.su.se> |
427 |
428 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, 429 address, write out encryption type in sentences, s/Host/host 430 4312003-01-26 Love H�rnquist �strand <lha@it.su.se> |
432 |
433 * lib/asn1/check-gen.c: add checks for Authenticator too 434 4352003-01-25 Love H�rnquist �strand <lha@it.su.se> |
436 |
437 * doc/setup.texi: in the hprop example, use hprop and the first 438 component, not host |
439 |
440 * lib/krb5/get_addrs.c (find_all_addresses): address-less 441 point-to-point might not have an address, just ignore 442 those. Reported by Harald Barth. |
443 |
4442003-01-23 Love H�rnquist �strand <lha@it.su.se> |
445 |
446 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't 447 found, don't print out all known keys |
448 |
449 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity 450 and facility start resp 451 (check_log): find_value() returns -1 when key isn't found |
452 |
453 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a 454 'const void *' to avoid AES_KEY being exposed in krb5-private.h 455 456 * lib/krb5/krb5.conf.5: add [kdc]use_2b |
457 |
458 * kdc/524.c (encode_524_response): its 2b not b2 459 460 * doc/misc.texi: quote @ where missing 461 462 * lib/asn1/Makefile.am: add check-gen 463 464 * lib/asn1/check-gen.c: add Principal check 465 466 * lib/asn1/check-common.h: move generic asn1/der functions from 467 check-der.c to here |
468 |
469 * lib/asn1/check-common.c: move generic asn1/der functions from 470 check-der.c to here |
471 |
472 * lib/asn1/check-der.c: move out the generic asn1/der functions to 473 a common file |
474 |
4752003-01-22 Love H�rnquist �strand <lha@it.su.se> |
476 |
477 * doc/misc.texi: more text about afs, how to get get your KeyFile, 478 and how to start use 2b tokens |
479 |
480 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre 481 <jmc@cvs.openbsd.org> 482 4832003-01-21 Jacques Vidrine <nectar@kth.se> |
484 |
485 * kuser/kuser_locl.h: include crypto-headers.h for 486 des_read_pw_string prototype |
487 |
4882003-01-16 Love H�rnquist �strand <lha@it.su.se> |
489 |
490 * admin/ktutil.8: document -v, --verbose |
491 |
492 * admin/get.c (kt_get): make getarg usage consistent with other 493 other parts of ktutil |
494 |
495 * admin/copy.c (kt_copy): remove adding verbose_flag to args 496 struct, since it will overrun the args array (from Sumit Bose) 497 4982003-01-15 Love H�rnquist �strand <lha@it.su.se> |
499 |
500 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = 501 ... } |
502 |
503 * lib/krb5/aes-test.c: test vectors in aes-draft 504 505 * lib/krb5/Makefile.am: add aes-test.c |
506 |
507 * lib/krb5/crypto.c: Add support for AES 508 (draft-raeburn-krb-rijndael-krb-02), not enabled by default. 509 (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify 510 to support checksumtype that are have a shorter wireformat then 511 their output block size. 512 513 * lib/krb5/crypto.c (struct encryption_type): split the blocksize 514 into blocksize and padsize, padsize is the minimum padding 515 size. they are the same for now 516 (enctype_*): add padsize 517 (encrypt_internal): use padsize 518 (encrypt_internal_derived): use padsize 519 (wrapped_length): use padsize 520 (wrapped_length_dervied): use padsize |
521 |
522 * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key 523 function for each enctype in preparation enctypes that uses 524 `Encryption and Checksum Specifications for Kerberos 5' draft |
525 |
526 * lib/asn1/k5.asn1: add checksum and enctype for AES from 527 draft-raeburn-krb-rijndael-krb-02.txt |
528 |
529 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, 530 KEYTYPE_AES256 |
531 |
5322003-01-14 Love H�rnquist �strand <lha@it.su.se> |
533 |
534 * lib/hdb/common.c (_hdb_fetch): handle error code from 535 hdb_value2entry |
536 |
537 * kdc/Makefile.am: always include kerberos4.c and 524.c in 538 kdc_SOURCES to support 524 |
539 |
540 * kdc/524.c: always compile in support for 524 |
541 |
542 * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 543 544 * kdc/config.c: always compile in support for 524 545 546 * kdc/connect.c: always compile in support for 524 547 548 * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() 549 even when we build without kerberos 4, 524 needs them 550 551 * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out 552 Kerberos 4 help functions/structures so other parts of the source 553 tree can use it (like the KDC) |
554 |