Deleted Added
sdiff udiff text old ( 107207 ) new ( 120945 )
full compact
ChangeLog (107207) ChangeLog (120945)
12002-10-21 Johan Danielsson <joda@pdc.kth.se>
12003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se>
2
2
3 * lib/krb5/store_emem.c: pull up 1.13; limit how much we allocate
3 * Release 0.6
4
4
5 * lib/krb5/principal.c: pull up 1.82; don't allow trailing
6 backslashes in components
52003-05-08 Love H�rnquist �strand <lha@it.su.se>
7
6
8 * lib/krb5/keytab_keyfile.c: pull up 1.15; more strcspn
7 * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
8 support
9
9
10 * lib/krb5/keytab_any.c: pull up 1.7; properly close the open
11 keytabs
10 * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
11 v4 support
12
12
13 * kdc/connect.c: pull up 1.87; check that %-quotes are followed by
14 two hex digits
13 * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
14 support
15
15
16 * lib/krb5/prompter_posix.c: pull up 1.7; use strcspn to convert
17 the newline to NUL in fgets results.
162003-05-06 Johan Danielsson <joda@pdc.kth.se>
18
17
19 * lib/krb5/kuserok.c: pull up 1.6; use strcspn to convert the
20 newline to NUL in fgets results.
18 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
19 tests
21
20
22 * lib/krb5/keytab_file.c: pull up 1.12; check return value from
23 start_seq_get
21 * lib/asn1/check-gen.c: there is no \e escape sequence; replace
22 everything with hex-codes, and cast to unsigned char* to make some
23 compilers happy
24
24
25 * lib/krb5/context.c: pull up 1.82; return ENXIO instead of ENOENT
26 when "unconfigured"
252003-05-06 Love H�rnquist �strand <lha@it.su.se>
27
26
28 * lib/krb5/changepw.c: pull up 1.38; fix reply length check
29 calculation
27 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
28 argument to krb5_us_timeofday have correct type
29
302003-05-05 Assar Westerlund <assar@kth.se>
30
31
31 * kuser/klist.c: pull up 1.68; allow tokens up to size of buffer
32 * include/make_crypto.c (main): include aes.h if ENABLE_AES
32
33
33 * kdc/kaserver.c: pull up 1.21; make sure life is positive
342003-05-05 Love H�rnquist �strand <lha@it.su.se>
34
35
35 * fix-export: pull up 1.28; remove autom4ate.cache
36 * NEWS: 1.108->1.110: fix text about gssapi compat
37
382003-04-28 Love H�rnquist �strand <lha@it.su.se>
36
39
372002-09-10 Johan Danielsson <joda@pdc.kth.se>
40 * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
41 from openbsd
38
42
39 * Release 0.5
432003-04-24 Love H�rnquist �strand <lha@it.su.se>
40
44
41 * include/make_crypto.c: don't use function macros if possible
45 * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
46 <jmc@prioris.mini.pw.edu.pl>
42
47
43 * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
482003-04-22 Love H�rnquist �strand <lha@it.su.se>
44
49
45 * include/Makefile.am: use make_crypto to create crypto-headers.h
50 * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
51 via openbsd
46
52
47 * include/make_crypto.c: crypto header generation tool
532003-04-17 Love H�rnquist �strand <lha@it.su.se>
48
54
49 * configure.in: move crypto test to just after testing for krb4,
50 and move roken tests to after both, this speeds up various failure
51 cases with krb4
55 * lib/asn1/der_copy.c (copy_general_string): use strdup
56 * lib/asn1/der_put.c: remove sprintf
57 * lib/asn1/gen.c: remove strcpy/sprintf
58
59 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
60 that other (me) have such hosts in the local domain and the tests
61 fails, to take hokkigai.pdc.kth.se instead
62
63 * lib/krb5/test_alname.c: add --version and --help
64
652003-04-16 Love H�rnquist �strand <lha@it.su.se>
52
66
53 * lib/krb5/config_file.c: don't use NULL when we mean 0
67 * lib/krb5/krb5_warn.3: add krb5_get_err_text
68
69 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
70 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
71 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
72 strlcpy, from openbsd
73 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
74 * appl/kf/kfd.c: use strlcpy, from openbsd
75
762003-04-16 Johan Danielsson <joda@pdc.kth.se>
54
77
55 * configure.in: we don't set package_libdir anymore, so no point
56 in testing for it
78 * configure.in: fix for large file support in AIX, _LARGE_FILES
79 needs to be defined on the command line, since lex likes to
80 include stdio.h before we get to config.h
57
81
58 * tools/Makefile.am: subst INCLUDE_des
822003-04-16 Love H�rnquist �strand <lha@it.su.se>
83
84 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
85 from Thomas Klausner <wiz@netbsd.org>
86
87 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
88 <wiz@netbsd.org>
59
89
60 * tools/krb5-config.in: add INCLUDE_des to cflags
902003-04-15 Love H�rnquist �strand <lha@it.su.se>
61
91
62 * configure.in: use AC_CONFIG_SRCDIR
92 * kdc/kerberos5.c: fix some more memory leaks
93
942003-04-11 Love H�rnquist �strand <lha@it.su.se>
63
95
64 * fix-export: remove some unneeded stuff
96 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
97
982003-04-08 Love H�rnquist �strand <lha@it.su.se>
65
99
66 * kuser/kinit.c (do_524init): free principals
100 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
101
1022003-04-06 Love H�rnquist �strand <lha@it.su.se>
67
103
682002-09-09 Jacques Vidrine <nectar@kth.se>
104 * lib/krb5/krb5.3: s/kerberos/Kerberos/
105 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
106 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
107 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
108 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
109 * kuser/kinit.1: s/kerberos/Kerberos/
110 * kdc/kdc.8: s/kerberos/Kerberos/
111
1122003-04-01 Love H�rnquist �strand <lha@it.su.se>
69
113
70 * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
71 kdc/kaserver.c (krb5_ret_xdr_data),
72 lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
73 counts: Check that they are non-negative, and that they are small
74 enough to avoid integer overflow when used in memory allocation
75 calculations. Potential problem areas pointed out by
76 Sebastian Krahmer <krahmer@suse.de>.
114 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
115
116 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
117 converting too root, make sure user is ok according to
118 krb5_kuserok before allowing it.
77
119
78 * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
79 creating a new keyfile.
120 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
121
122 * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
123
124 * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
125 instead of the "illegal" salt #~, same change as kth-krb did
126 1999. Problems occur with crypt() that behaves like AT&T crypt
127 (openssl does this). Pointed out by Marcus Watts.
80
128
812002-09-09 Johan Danielsson <joda@pdc.kth.se>
129 * admin/change.c (kt_change): collect all principals we are going
130 to change, and pick the highest kvno and use that to guess what
131 kvno the resulting kvno is going to be. Now two ktutil change in a
132 row works. XXX fix the protocol to pass the kvno back.
133
1342003-03-31 Love H�rnquist �strand <lha@it.su.se>
82
135
83 * configure.in: don't try to build pam module
136 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
137
1382003-03-30 Love H�rnquist �strand <lha@it.su.se>
84
139
852002-09-05 Johan Danielsson <joda@pdc.kth.se>
140 * doc/setup.texi: add description on how to turn on v4, 524 and
141 kaserver support
86
142
87 * appl/kf/kf.c: fix warning string
1432003-03-29 Love H�rnquist �strand <lha@it.su.se>
88
144
89 * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
90 know we need it
145 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
146 and afs-use-524
91
147
922002-09-04 Assar Westerlund <assar@kth.se>
1482003-03-28 Love H�rnquist �strand <lha@it.su.se>
93
149
94 * kdc/kerberos5.c (encode_reply): correct error logging
150 * kdc/kerberos5.c (as_rep): when the second enctype_to_string
151 failes, remember to free memory from the first enctype_to_string
95
152
962002-09-04 Johan Danielsson <joda@pdc.kth.se>
153 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
154 from Harald Joerg <harald.joerg@fujitsu-siemens.com>
155 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
97
156
98 * lib/krb5/sendauth.c: close ccache if we opened it
157 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
158 length when key is longer then expected length, its probably
159 longer since the encrypted data was padded, reported by Aidan
160 Cully <aidan@kublai.com>
99
161
100 * appl/kf/kf.c: handle new protocol
162 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
163 encyption type, inspired by Aidan Cully <aidan@kublai.com>
164
1652003-03-27 Love H�rnquist �strand <lha@it.su.se>
101
166
102 * appl/kf/kfd.c: use krb5_err instead of sysloging directly,
103 handle the new protocol, and bail out if an old client tries to
104 connect
167 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
168 (wildcard kvno) after principal when the keytab entry isn't found,
169 reported by Chris Chiappa <chris@chiappa.net>
170
1712003-03-26 Love H�rnquist �strand <lha@it.su.se>
105
172
106 * appl/kf/kf_locl.h: we need a protocol version string
173 * doc/misc.texi: update 2b example to match reality (from
174 mattiasa@e.kth.se)
107
175
108 * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
176 * doc/misc.texi: spelling and add `Configuring AFS clients'
177 subsection
109
178
110 * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
1792003-03-25 Love H�rnquist �strand <lha@it.su.se>
111
180
112 * kdc/hprop.c: set AP_OPTS_USE_SUBKEY
181 * lib/krb5/krb5.3: add krb5_free_data_contents.3
182
183 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
184 API
113
185
114 * lib/hdb/common.c: use ASN1_MALLOC_ENCODE
115
116 * lib/asn1/gen.c: add convenience macro that allocates a buffer
117 and encoded into that
118
119 * lib/krb5/get_cred.c (init_tgs_req): use
120 in_creds->session.keytype literally instead of trying to convert
121 to a list of enctypes (it should already be an enctype)
186 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
187 with MIT API
122
188
123 * lib/krb5/get_cred.c (init_tgs_req): init ret
189 * lib/krb5/krb5_verify_user.3: write more about how the ccache
190 argument should be inited when used
191
1922003-03-25 Johan Danielsson <joda@pdc.kth.se>
124
193
1252002-09-03 Johan Danielsson <joda@pdc.kth.se>
194 * lib/krb5/addr_families.c (krb5_print_address): make sure
195 print_addr is defined for the given address type; make addrports
196 printable
126
197
127 * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
198 * kdc/string2key.c: print the used enctype for kerberos 5 keys
128
199
129 * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
2002003-03-25 Love H�rnquist �strand <lha@it.su.se>
130
201
131 * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
132 zero ivec in DES3_CBC_encrypt if passed ivec is NULL
202 * lib/krb5/aes-test.c: add another arcfour test
203
2042003-03-22 Love H�rnquist �strand <lha@it.su.se>
133
205
134 * lib/krb5/Makefile.am: back out 1.144, since it will re-create
135 krb5-protos.h at build-time, which requires perl, which is bad
206 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
207
2082003-03-20 Love H�rnquist �strand <lha@it.su.se>
209
210 * lib/krb5/krb5_ccache.3: update .Dd
136
211
137 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
138 blindly use the local subkey
212 * lib/krb5/krb5.3: sort in krb5_data functions
139
213
140 * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
141 extracts the required blocksize from a crypto context
214 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
142
215
143 * lib/krb5/build_auth.c: just get the length of the encoded
144 authenticator instead of trying to grow a buffer
216 * lib/krb5/krb5_data.3: document krb5_data
145
217
1462002-09-03 Assar Westerlund <assar@kth.se>
218 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
219 prompter is NULL, don't try to ask for a password to
220 change. reported by Iain Moffat @ ufl.edu via Howard Chu
221 <hyc@highlandsun.com>
147
222
148 * configure.in: add --disable-mmap option, and tests for
149 sys/mman.h and mmap
2232003-03-19 Love H�rnquist �strand <lha@it.su.se>
150
224
1512002-09-03 Jacques Vidrine <nectar@kth.se>
225 * lib/krb5/krb5_keytab.3: spelling, from
226 <jmc@prioris.mini.pw.edu.pl>
152
227
153 * lib/krb5/changepw.c: verify lengths in response
228 * lib/krb5/krb5.conf.5: . means new line
229
230 * lib/krb5/krb5.conf.5: spelling, from
231 <jmc@prioris.mini.pw.edu.pl>
154
232
155 * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
156 truncated integers
233 * lib/krb5/krb5_auth_context.3: spelling, from
234 <jmc@prioris.mini.pw.edu.pl>
157
235
1582002-09-02 Johan Danielsson <joda@pdc.kth.se>
2362003-03-18 Love H�rnquist �strand <lha@it.su.se>
159
237
160 * lib/krb5/mk_req_ext.c: generate a local subkey if
161 AP_OPTS_USE_SUBKEY is set
238 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
239
240 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
241
242 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
162
243
163 * lib/krb5/build_auth.c: we don't have enough information about
164 whether to generate a local subkey here, so don't try to
244 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
245 #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
246
247 * kdc/config.c: 524 is independent of kerberos 4, so move out
248 enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
249
2502003-03-17 Assar Westerlund <assar@kth.se>
165
251
166 * lib/krb5/auth_context.c: new function
167 krb5_auth_con_generatelocalsubkey
252 * kdc/kdc.8: document --kerberos4-cross-realm
253 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
254 * kdc/kdc_locl.h (enable_v4_cross_realm): add
255 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
256 flag before giving out v4 tickets for foreign v5 principals
257 * kdc/config.c: add --enable-kerberos4-cross-realm option (default
258 to off)
168
259
169 * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
170 initial ticket
2602003-03-17 Love H�rnquist �strand <lha@it.su.se>
171
261
172 * lib/krb5/context.c (init_context_from_config_file): simplify
173 initialisation of srv_lookup
262 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
263
264 * lib/krb5/krb5_aname_to_localname.3: manpage for
265 krb5_aname_to_localname
174
266
175 * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
267 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
268
2692003-03-16 Love H�rnquist �strand <lha@it.su.se>
176
270
177 * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
271 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
178
272
1792002-08-30 Assar Westerlund <assar@kth.se>
273 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
180
274
181 * lib/krb5/name-45-test.c: also test krb5_524_conv_principal
182 * lib/krb5/Makefile.am (TESTS): add name-45-test
183 * lib/krb5/name-45-test.c: add testcases for
184 krb5_425_conv_principal
275 * lib/krb5/krb5_set_default_realm.3: Manpage for
276 krb5_free_host_realm, krb5_get_default_realm,
277 krb5_get_default_realms, krb5_get_host_realm, and
278 krb5_set_default_realm.
185
279
1862002-08-29 Assar Westerlund <assar@kth.se>
280 * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
281 <sobrado@acm.org> via NetBSD
187
282
188 * lib/krb5/parse-name-test.c: also test unparse_short functions
189 * lib/asn1/asn1_print.c: use com_err/error_message API
190 * lib/krb5/Makefile.am: add parse-name-test
191 * lib/krb5/parse-name-test.c: add a program for testing parsing
192 and unparsing principal names
193
1942002-08-28 Assar Westerlund <assar@kth.se>
195
196 * kdc/config.c: add missing ifdef DAEMON
197
1982002-08-28 Johan Danielsson <joda@pdc.kth.se>
199
200 * configure.in: use rk_SUNOS
201
202 * kdc/config.c: add detach options
203
204 * kdc/main.c: maybe detach from console?
205
206 * kdc/kdc.8: markup changes
207
208 * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
209
210 * configure.in: use rk_TELNET, rename some other macros, and don't
211 add -ldes to krb4 link command
212
213 * kuser/kinit.1: whitespace fix (from NetBSD)
214
215 * include/bits.c: we may need unistd.h for ssize_t
216
2172002-08-26 Assar Westerlund <assar@kth.se>
218
219 * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
220 rrs before A ones when using the resolver to verify a mapping,
221 also use getaddrinfo when resolver is not available
222
223 * lib/hdb/keytab.c (find_db): const-correctness in parameters to
224 krb5_config_get_next
225
226 * lib/asn1/gen.c: include <string.h> in the generated files (for
227 memset)
228
2292002-08-22 Assar Westerlund <assar@kth.se>
230
231 * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
232 getarg so that it can handle --help and --version (and thus make
233 check can pass)
234
235 * lib/asn1/check-der.c: make this build again
236
2372002-08-22 Assar Westerlund <assar@kth.se>
238
239 * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a
240 patch from Love <lha@stacken.kth.se>
241
2422002-08-22 Johan Danielsson <joda@pdc.kth.se>
243
244 * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
245 KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
283 * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
246
284
247 * kdc/kdc.8: add blurb about adding and removing addresses; update
248 kdc.conf section to match reality
249
250 * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
251 don't define it
285 * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
252
286
2532002-08-21 Assar Westerlund <assar@kth.se>
287 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
254
288
255 * lib/asn1/asn1_print.c: print OIDs too, based on a patch from
256 Love <lha@stacken.kth.se>
257
2582002-08-21 Johan Danielsson <joda@pdc.kth.se>
259
260 * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
261 since it might not exist, and we don't actually care about the key
289 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
290 types, add krb5_fcc_ops and krb5_mcc_ops
262
291
2632002-08-20 Johan Danielsson <joda@pdc.kth.se>
292 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
293 a id
264
294
265 * lib/krb5/krb5.conf.5: correct documentation for
266 verify_ap_req_nofail
2952003-03-15 Love H�rnquist �strand <lha@it.su.se>
267
296
268 * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
269 Mattias Amnefelt)
297 * doc/intro.texi: add reference to source code, binaries and the
298 manual
270
299
271 * kuser/klist.c (display_tokens): increase token buffer size, and
272 add more checks of the kernel data (from Love)
300 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
301
3022003-03-14 Love H�rnquist �strand <lha@it.su.se>
273
303
2742002-08-19 Johan Danielsson <joda@pdc.kth.se>
304 * kdc/kdc.8: better/difrent english
275
305
276 * fix-export: use make to parse Makefile.am instead of perl
306 * kdc/kdc.8: . -> .\n, copyright/license
307
308 * kdc/kdc.8: changed configuration file -> restart kdc
277
309
278 * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
279 groks AC_INIT with package name etc.
310 * kdc/kerberos4.c: add krb4 into the most error messages written
311 to the logfile
280
312
281 * kpasswd/kpasswdd.c: include <kadm5/private.h>
313 * lib/krb5/krb5_ccache.3: add missing name of argument
314 (krb5_context) to most functions
282
315
283 * lib/asn1/asn1_print.c: include com_right.h
3162003-03-13 Love H�rnquist �strand <lha@it.su.se>
284
317
285 * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
318 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
319 function and return FALSE when there isn't a local account for
320 `luser'.
286
321
287 * include/bits.c: define krb5_socklen_t type; this should really
288 go someplace else, but this was easy
322 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
323 describing the function
289
324
290 * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
291 fails, just warn about it
3252003-03-12 Love H�rnquist �strand <lha@it.su.se>
292
326
293 * kdc/log.c (kdc_openlog): no need for a config_file parameter
327 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
328 returned memory, don't return ENOMEM
294
329
295 * kdc/config.c: just treat kdc.conf like any other config file
3302003-03-11 Love H�rnquist �strand <lha@it.su.se>
296
331
297 * lib/krb5/context.c (krb5_get_default_config_files): ignore
298 duplicate files
332 * lib/krb5/krb5.3: add krb5_address stuff and sort
333
334 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
335
336 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
337
338 * lib/krb5/krb5_address.3: document types krb5_address and
339 krb5_addresses and their helper functions
299
340
3002002-08-16 Johan Danielsson <joda@pdc.kth.se>
3412003-03-10 Love H�rnquist �strand <lha@it.su.se>
301
342
302 * lib/krb5/krb5.h: turn strings into pointers, so we can assign to
303 them
343 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
304
344
305 * lib/krb5/constants.c: turn strings into pointers, so we can
306 assign to them
345 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
307
346
308 * lib/krb5/get_addrs.c (get_addrs_int): initialise res if
309 SCAN_INTERFACES is not set
347 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
310
348
311 * lib/krb5/context.c: fix various borked stuff in previous commits
349 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
350
351 * lib/krb5/krb5.3: add more functions
352
353 * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
354 functions
312
355
3132002-08-16 Jacques Vidrine <n@nectar.com>
356 * lib/krb5/krb5_kuserok.3: document krb5_kuserok
357
358 * lib/krb5/krb5_verify_user.3: document
359 krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
314
360
315 * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
316 the `admin_server' entry for kpasswd, override the `proto' result
317 to be UDP.
361 * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
362 krb5_verify_user_opt
318
363
3192002-08-15 Johan Danielsson <joda@pdc.kth.se>
364 * lib/krb5/*.[0-9]: add copyright/licenses on more manpages
320
365
321 * lib/krb5/auth_context.c: check return value of
322 krb5_sockaddr2address
366 * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
367 return NULL
323
368
324 * lib/krb5/addr_families.c: check return value of
325 krb5_sockaddr2address
369 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
370 (TESTS): add test_cc
326
371
327 * lib/krb5/context.c: get the default keytab from KRB5_KTNAME
372 * lib/krb5/test_cc.c: test some
373 krb5_cc_default_name/krb5_cc_set_default_name combinations
374
375 * lib/krb5/context.c (init_context_from_config_file): set
376 default_cc_name to NULL
377 (krb5_free_context): free default_cc_name if set
328
378
3292002-08-14 Johan Danielsson <joda@pdc.kth.se>
379 * lib/krb5/cache.c (krb5_cc_set_default_name): new function
380 (krb5_cc_default_name): use krb5_cc_set_default_name
330
381
331 * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
382 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
383
3842003-02-25 Love H�rnquist �strand <lha@it.su.se>
332
385
333 * lib/krb5/context.c: allow changing config files with the
334 function krb5_set_config_files, there are also related functions
335 krb5_get_default_config_files and krb5_free_config_files; these
336 should work similar to their MIT counterparts
386 * appl/kf/kf.1: s/securly/securely/ from NetBSD
387
3882003-02-18 Love H�rnquist �strand <lha@it.su.se>
337
389
338 * lib/krb5/config_file.c: allow the use of more than one config
339 file by using the new function krb5_config_parse_file_multi
390 * kdc/connect.c: s/intialize/initialize, from
391 <jmc@prioris.mini.pw.edu.pl>
340
392
3412002-08-12 Johan Danielsson <joda@pdc.kth.se>
3932003-02-17 Love H�rnquist �strand <lha@it.su.se>
342
394
343 * use sysconfdir instead of /etc
395 * configure.in: add AM_MAINTAINER_MODE
396
3972003-02-16 Love H�rnquist �strand <lha@it.su.se>
344
398
345 * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
346 to appease automake; force sysconfdir and localstatedir to /etc
347 and /var/heimdal for now
399 * **/*.[0-9]: add copyright/licenses on all manpages
348
400
349 * kdc/connect.c (addr_to_string): check return value of
350 sockaddr2address
4012003-14-16 Jacques Vidrine <nectar@kth.se>
351
402
3522002-08-09 Johan Danielsson <joda@pdc.kth.se>
403 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
404 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
405 type specified by the KDC.
353
406
354 * lib/krb5/rd_cred.c: if the remote address isn't an addrport,
355 don't try comparing to one; this should make old clients work with
356 new servers
4072003-02-15 Love H�rnquist �strand <lha@it.su.se>
357
408
358 * lib/asn1/gen_decode.c: remove unused variable
409 * fix-export: some autoconf put their version number in
410 autom4te.cache, so remove autom4te*.cache
411
412 * fix-export: make sure $1 is a directory
413
4142003-02-04 Love H�rnquist �strand <lha@it.su.se>
359
415
3602002-07-31 Johan Danielsson <joda@pdc.kth.se>
416 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
361
417
362 * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
363 Brashear)
418 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
419
4202003-01-31 Love H�rnquist �strand <lha@it.su.se>
364
421
365 * lib/krb5/principal.c: actually lower case the lower case
366 instance name (spotted by Derrick Brashear)
422 * kdc/hpropd.8: s/databases/a database/ s/Not/not/
367
423
3682002-07-24 Johan Danielsson <joda@pdc.kth.se>
424 * kdc/hprop.8: add missing .
425
4262003-01-30 Love H�rnquist �strand <lha@it.su.se>
369
427
370 * fix-export: if DATEDVERSION is set, change the version to
371 current date
428 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
429 address, write out encryption type in sentences, s/Host/host
430
4312003-01-26 Love H�rnquist �strand <lha@it.su.se>
372
432
373 * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
374 LTLIBOBJS
433 * lib/asn1/check-gen.c: add checks for Authenticator too
434
4352003-01-25 Love H�rnquist �strand <lha@it.su.se>
375
436
3762002-07-04 Johan Danielsson <joda@pdc.kth.se>
437 * doc/setup.texi: in the hprop example, use hprop and the first
438 component, not host
377
439
378 * kdc/connect.c: add some cache-control-foo to the http responses
379 (from Gombas Gabor)
440 * lib/krb5/get_addrs.c (find_all_addresses): address-less
441 point-to-point might not have an address, just ignore
442 those. Reported by Harald Barth.
380
443
381 * lib/krb5/addr_families.c (krb5_print_address): don't copy size
382 if ret_len == NULL
4442003-01-23 Love H�rnquist �strand <lha@it.su.se>
383
445
3842002-06-28 Johan Danielsson <joda@pdc.kth.se>
446 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
447 found, don't print out all known keys
385
448
386 * kuser/klist.c (display_tokens): don't bail out before we get
387 EDOM (signaling the end of the tokens), the kernel can also return
388 ENOTCONN, meaning that the index does not exist anymore (for
389 example if the token has expired)
449 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
450 and facility start resp
451 (check_log): find_value() returns -1 when key isn't found
390
452
3912002-06-06 Johan Danielsson <joda@pdc.kth.se>
453 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
454 'const void *' to avoid AES_KEY being exposed in krb5-private.h
455
456 * lib/krb5/krb5.conf.5: add [kdc]use_2b
392
457
393 * lib/krb5/changepw.c: make sure we return an error if there are
394 no changepw hosts found; from Wynn Wilkes
458 * kdc/524.c (encode_524_response): its 2b not b2
459
460 * doc/misc.texi: quote @ where missing
461
462 * lib/asn1/Makefile.am: add check-gen
463
464 * lib/asn1/check-gen.c: add Principal check
465
466 * lib/asn1/check-common.h: move generic asn1/der functions from
467 check-der.c to here
395
468
3962002-05-29 Johan Danielsson <joda@pdc.kth.se>
469 * lib/asn1/check-common.c: move generic asn1/der functions from
470 check-der.c to here
397
471
398 * lib/krb5/cache.c (krb5_cc_register): break out of loop when the
399 same type is found; spotted by Wynn Wilkes
472 * lib/asn1/check-der.c: move out the generic asn1/der functions to
473 a common file
400
474
4012002-05-15 Johan Danielsson <joda@pdc.kth.se>
4752003-01-22 Love H�rnquist �strand <lha@it.su.se>
402
476
403 * kdc/kerberos5.c: don't free encrypted padata until we're really
404 done with it
477 * doc/misc.texi: more text about afs, how to get get your KeyFile,
478 and how to start use 2b tokens
405
479
4062002-05-07 Johan Danielsson <joda@pdc.kth.se>
480 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
481 <jmc@cvs.openbsd.org>
482
4832003-01-21 Jacques Vidrine <nectar@kth.se>
407
484
408 * kdc/kerberos5.c: when decrypting pa-data, try all keys matching
409 enctype
485 * kuser/kuser_locl.h: include crypto-headers.h for
486 des_read_pw_string prototype
410
487
411 * kuser/kinit.1: document -a
4882003-01-16 Love H�rnquist �strand <lha@it.su.se>
412
489
413 * kuser/kinit.c: add command line switch for extra addresses
490 * admin/ktutil.8: document -v, --verbose
414
491
4152002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se>
492 * admin/get.c (kt_get): make getarg usage consistent with other
493 other parts of ktutil
416
494
417 * configure.in: remove some duplicate tests
495 * admin/copy.c (kt_copy): remove adding verbose_flag to args
496 struct, since it will overrun the args array (from Sumit Bose)
497
4982003-01-15 Love H�rnquist �strand <lha@it.su.se>
418
499
419 * configure.in: use AC_HELP_STRING
500 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
501 ... }
420
502
4212002-04-29 Johan Danielsson <joda@pdc.kth.se>
503 * lib/krb5/aes-test.c: test vectors in aes-draft
504
505 * lib/krb5/Makefile.am: add aes-test.c
422
506
423 * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
424 unknown
507 * lib/krb5/crypto.c: Add support for AES
508 (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
509 (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
510 to support checksumtype that are have a shorter wireformat then
511 their output block size.
512
513 * lib/krb5/crypto.c (struct encryption_type): split the blocksize
514 into blocksize and padsize, padsize is the minimum padding
515 size. they are the same for now
516 (enctype_*): add padsize
517 (encrypt_internal): use padsize
518 (encrypt_internal_derived): use padsize
519 (wrapped_length): use padsize
520 (wrapped_length_dervied): use padsize
425
521
4262002-04-25 Johan Danielsson <joda@pdc.kth.se>
427
428 * configure.in: use rk_DESTDIRS
429
4302002-04-22 Johan Danielsson <joda@pdc.kth.se>
431
432 * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
433 the principal
434
4352002-04-19 Johan Danielsson <joda@pdc.kth.se>
436
437 * lib/krb5/verify_init.c: fix typo in error string
438
4392002-04-18 Johan Danielsson <joda@pdc.kth.se>
440
441 * acconfig.h: remove some stuff that is defined elsewhere
442
443 * lib/krb5/krb5_locl.h: include <sys/file.h>
444
445 * lib/krb5/acl.c: rename acl_string parameter
446
447 * lib/krb5/Makefile.am: remove __P from protos, and put parameter
448 names in comments
449
450 * kuser/klist.c: better align some headers
451
452 * kdc/kerberos4.c: storage tweaks
453
454 * kdc/kaserver.c: storage tweaks
455
456 * kdc/524.c: storage tweaks
457
458 * lib/krb5/keytab_krb4.c: storage tweaks
459
460 * lib/krb5/keytab_keyfile.c: storage tweaks
461
462 * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
463 sized keytab files
464
465 * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
466
467 * lib/krb5/fcache.c: storage tweaks
468
469 * lib/krb5/store_mem.c: make the krb5_storage opaque, and add
470 function wrappers for store/fetch/seek, and also make the eof-code
471 configurable
472
473 * lib/krb5/store_fd.c: make the krb5_storage opaque, and add
474 function wrappers for store/fetch/seek, and also make the eof-code
475 configurable
476
477 * lib/krb5/store_emem.c: make the krb5_storage opaque, and add
478 function wrappers for store/fetch/seek, and also make the eof-code
479 configurable
480
481 * lib/krb5/store.c: make the krb5_storage opaque, and add function
482 wrappers for store/fetch/seek, and also make the eof-code
483 configurable
484
485 * lib/krb5/store-int.h: make the krb5_storage opaque, and add
486 function wrappers for store/fetch/seek, and also make the eof-code
487 configurable
488
489 * lib/krb5/krb5.h: make the krb5_storage opaque, and add function
490 wrappers for store/fetch/seek, and also make the eof-code
491 configurable
492
493 * include/bits.c: include <sys/socket.h> to get socklen_t
494
495 * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
496 requested KDC-REQ etypes
497
498 * kdc/hpropd.c: constify
499
500 * kdc/hprop.c: constify
501
502 * kdc/string2key.c: constify
503
504 * kdc/kdc_locl.h: make port_str const
505
506 * kdc/config.c: constify
507
508 * lib/krb5/config_file.c: constify
509
510 * kdc/kstash.c: constify
511
512 * lib/krb5/verify_user.c: remove unnecessary cast
513
514 * lib/krb5/recvauth.c: constify
515
516 * lib/krb5/principal.c (krb5_parse_name): const qualify
517
518 * lib/krb5/mcache.c (mcc_get_name): constify return type
519
520 * lib/krb5/context.c (krb5_free_context): don't try to free the
521 ccache prefix
522
523 * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
524 prefix
525
526 * lib/krb5/krb5.h: constify some struct members
527
528 * lib/krb5/log.c: constify
529
530 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
531 qualify
532
533 * lib/krb5/get_in_tkt.c (krb5_init_etype): constify
534
535 * lib/krb5/crypto.c: constify some
536
537 * lib/krb5/config_file.c: constify
538
539 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
540 constify local variable
541
542 * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
543
5442002-04-17 Johan Danielsson <joda@pdc.kth.se>
545
546 * lib/krb5/verify_krb5_conf.c: add some log checking
522 * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
523 function for each enctype in preparation enctypes that uses
524 `Encryption and Checksum Specifications for Kerberos 5' draft
547
525
548 * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
526 * lib/asn1/k5.asn1: add checksum and enctype for AES from
527 draft-raeburn-krb-rijndael-krb-02.txt
549
528
5502002-04-16 Johan Danielsson <joda@pdc.kth.se>
529 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
530 KEYTYPE_AES256
551
531
552 * lib/krb5/crypto.c (krb5_crypto_init): check that the key size
553 matches the expected length
5322003-01-14 Love H�rnquist �strand <lha@it.su.se>
554
533
5552002-03-27 Johan Danielsson <joda@pdc.kth.se>
534 * lib/hdb/common.c (_hdb_fetch): handle error code from
535 hdb_value2entry
556
536
557 * lib/krb5/send_to_kdc.c: rename send parameter to send_data
537 * kdc/Makefile.am: always include kerberos4.c and 524.c in
538 kdc_SOURCES to support 524
558
539
559 * lib/krb5/mk_error.c: rename ctime parameter to client_time
560
5612002-03-22 Johan Danielsson <joda@pdc.kth.se>
562
563 * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
564 Reinoud Zandijk)
565
5662002-03-18 Johan Danielsson <joda@pdc.kth.se>
567
568 * lib/asn1/k5.asn1: add the GSS-API checksum type here
569
5702002-03-11 Assar Westerlund <assar@sics.se>
571
572 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
573 18:3:1
574 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
575 * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
540 * kdc/524.c: always compile in support for 524
576
541
5772002-03-10 Assar Westerlund <assar@sics.se>
542 * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
543
544 * kdc/config.c: always compile in support for 524
545
546 * kdc/connect.c: always compile in support for 524
547
548 * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
549 even when we build without kerberos 4, 524 needs them
550
551 * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
552 Kerberos 4 help functions/structures so other parts of the source
553 tree can use it (like the KDC)
578
554
579 * lib/krb5/rd_cred.c: handle addresses with port numbers
580
581 * lib/krb5/keytab_file.c, lib/krb5/keytab.c:
582 store the kvno % 256 as the byte and the complete 32 bit kvno after
583 the end of the current keytab entry
584
585 * lib/krb5/init_creds_pw.c:
586 handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
587
588 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
589 handle ports giving for the remote address
590
591 * lib/krb5/get_cred.c:
592 get a ticket with no addresses if no-addresses is set
593
594 * lib/krb5/crypto.c:
595 rename functions DES_* to krb5_* to avoid colliding with modern
596 openssl
597
598 * lib/krb5/addr_families.c:
599 make all functions taking 'struct sockaddr' actually take a socklen_t
600 instead of int and that acts as an in-out parameter (indicating the
601 maximum length of the sockaddr to be written)
602
603 * kdc/kerberos4.c:
604 make the kvno's in the krb4 universe by the real one % 256, since they
605 cannot only be 8 bit, and the v5 ones are actually 32 bits
606
6072002-02-15 Johan Danielsson <joda@pdc.kth.se>
608
609 * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
610 before we need to write to it
611 (from �ke Sandgren)
612
6132002-02-14 Johan Danielsson <joda@pdc.kth.se>
614
615 * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
616 rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
617 directly
618
619 * lib/krb5/rd_safe.c: actually use the correct key (from Daniel
620 Kouril)
621
6222002-02-12 Johan Danielsson <joda@pdc.kth.se>
623
624 * lib/krb5/context.c (krb5_get_err_text): protect against NULL
625 context
626
6272002-02-11 Johan Danielsson <joda@pdc.kth.se>
628
629 * admin/ktutil.c: no need to use the "modify" keytab anymore
630
631 * lib/krb5/keytab_any.c: implement add and remove
632
633 * lib/krb5/keytab_krb4.c: implement add and remove
634
635 * lib/krb5/store_emem.c (emem_free): clear memory before freeing
636 (this should perhaps be selectable with a flag)
637
6382002-02-04 Johan Danielsson <joda@pdc.kth.se>
639
640 * kdc/config.c (get_dbinfo): if there are database specifications
641 in the config file, don't automatically try to use the default
642 values (from Gombas Gabor)
643
644 * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
645 (from Gombas Gabor)
646
6472002-01-30 Johan Danielsson <joda@pdc.kth.se>
648
649 * admin/list.c: get the default keytab from krb5.conf, and list
650 all parts of an ANY type keytab
651
652 * lib/krb5/context.c: default default_keytab_modify to NULL
653
654 * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
655 name is specified take it from the first component of the default
656 keytab name
657
6582002-01-29 Johan Danielsson <joda@pdc.kth.se>
659
660 * lib/krb5/keytab.c: compare keytab types case insensitively
661
6622002-01-07 Assar Westerlund <assar@sics.se>
663
664 * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
665 not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org>
666 * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben
667 Harris <bjh21@netbsd.org>
668 * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben
669 Harris <bjh21@netbsd.org>
670 * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris
671 <bjh21@netbsd.org>