ChangeLog revision 127808
1127808Snectar2004-04-01 Johan Danielsson <joda@pdc.kth.se> 2127808Snectar 3127808Snectar * Release 0.6.1 4127808Snectar 5127808Snectar2004-03-30 Love H�rnquist �strand <lha@it.su.se> 6127808Snectar 7127808Snectar * kdc/kerberos4.c: 1.46: stop the client from renewing tickets 8127808Snectar into the future From: Jeffrey Hutzelman <jhutz@cmu.edu> 9127808Snectar 10127808Snectar2004-03-10 Love H�rnquist �strand <lha@it.su.se> 11127808Snectar 12127808Snectar * lib/krb5/fcache.c: 1.43: (fcc_store_cred): NULL terminate 13127808Snectar krb5_config_get_bool_default' arglist 14127808Snectar 15127808Snectar2004-03-09 Love H�rnquist �strand <lha@it.su.se> 16127808Snectar 17127808Snectar * lib/krb5/krb5.conf.5: 1.44: document 18127808Snectar [libdefaults]fcc-mit-ticketflags=boolean 1.43: don't use path's in 19127808Snectar first .Nm, it confuses some locate.updatedb, use FILES section to 20127808Snectar describe where the file is instead. 21127808Snectar 22127808Snectar * lib/krb5/fcache.c (fcc_store_cred): default to use old format 23127808Snectar 24127808Snectar * lib/krb5/fcache.c: 1.42: (fcc_store_cred): use 25127808Snectar [libdefaults]fcc-mit-ticketflags=boolean to decide what format to 26127808Snectar write the fcc in. Default to mit format (aka heimdal 0.7 format) 27127808Snectar 1.41: (_krb5_xlock): handle that everything was ok, and don't put 28127808Snectar an error in the error strings then 29127808Snectar 30127808Snectar * lib/krb5/store.c: 1.43: add _krb5_store_creds_heimdal_0_7 and 31127808Snectar _krb5_store_creds_heimdal_pre_0_7 that store the creds in just 32127808Snectar that format make krb5_store_creds default to mit format 1.42: 33127808Snectar (krb5_ret_creds): Runtime detect the what is the higher bits of 34127808Snectar the bitfield 1.41: (krb5_store_creds): add disabled code that 35127808Snectar store the ticket flags in reverse order (bitswap32): new function 36127808Snectar 1.40: (krb5_ret_creds): if the higher ticket flags are set, its a 37127808Snectar mit cache, reverse the bits, bug pointed out by Sergio Gelato 38127808Snectar <Sergio.Gelato@astro.su.se> 39127808Snectar 40127808Snectar delta modfied to not change the behavior of krb5_store_creds 41127808Snectar 42127808Snectar2004-03-07 Love H�rnquist �strand <lha@it.su.se> 43127808Snectar 44127808Snectar * lib/krb5/mk_safe.c (krb5_mk_safe): fix assignment of usec2 45127808Snectar 46127808Snectar2004-03-06 Love H�rnquist �strand <lha@it.su.se> 47127808Snectar 48127808Snectar * lib/krb5/mcache.c: patch based on 1.17 and 1.18 but with 49127808Snectar threading code pulled out; 50127808Snectar 51127808Snectar 1.18: (mcc_get_principal): also check for primary_principal == 52127808Snectar NULL now that that isn't used as dead flag 1.17: don't overload 53127808Snectar the primary_principal == NULL as dead since that doesn't always 54127808Snectar work Based on patch from Jeffrey Hutzelman <jhutz@cmu.edu>, but 55127808Snectar tweek by me 56127808Snectar 57127808Snectar * lib/krb5/crypto.c: 1.94: (decrypt_internal_special): do not not 58127808Snectar modify the original data test case from Ronnie Sahlberg 59127808Snectar <ronnie_sahlberg@ozemail.com.au> 60127808Snectar 61127808Snectar2004-02-13 Love H�rnquist �strand <lha@it.su.se> 62127808Snectar 63127808Snectar * lib/krb5/verify_krb5_conf.c: 1.22->1.23: (check_host): don't 64127808Snectar check for EAI_NODATA, because its depricated in RFC3493 Pointed 65127808Snectar out by Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss 66127808Snectar 67127808Snectar * lib/krb5/eai_to_heim_errno.c: 1.3->1.4: EAI_ADDRFAMILY and 68127808Snectar EAI_NODATA is deprecated in RFC3493 69127808Snectar 70127808Snectar2004-02-09 Love H�rnquist �strand <lha@it.su.se> 71127808Snectar 72127808Snectar * lib/asn1/der_length.c: 1.16: Fix len_unsigned for certain 73127808Snectar negative integers, it got the length wrong, fix from Panasas, Inc. 74127808Snectar 75127808Snectar * lib/asn1/der_locl.h: 1.5: add _heim_len_unsigned, _heim_len_int 76127808Snectar 77127808Snectar2004-01-26 Love H�rnquist �strand <lha@it.su.se> 78127808Snectar 79127808Snectar * lib/asn1/gen_length.c: 1.14: (length_type): TSequenceOf: add up 80127808Snectar the size of all the elements, don't use just the size of the last 81127808Snectar element. 82127808Snectar 83127808Snectar * lib/krb5/fcache.c: 1.40: (_krb5_xlock): catch EINVAL and assume 84127808Snectar that it means that the filesystem doesn't support locking 1.39: 85127808Snectar (_krb5_xlock): fix compile error in last commit 1.38: internally 86127808Snectar export x{,un}lock and thus prefix them with _krb5_ 87127808Snectar 88127808Snectar2004-01-13 Love H�rnquist �strand <lha@it.su.se> 89127808Snectar 90127808Snectar * kuser/kinit.c: 1.106: (renew_validate): if renewable_flag and 91127808Snectar not time specifed, use "1 month" 92127808Snectar 1.105: make -9 work again 93127808Snectar 94127808Snectar2004-01-09 Love H�rnquist �strand <lha@it.su.se> 95127808Snectar 96127808Snectar * lib/krb5/get_for_creds.c: 1.36: (add_addrs): don't increase 97127808Snectar addr->len until in contains interesting data, use right iteration 98127808Snectar counter when clearing the addresses 1.39: krb5_princ_realm -> 99127808Snectar krb5_principal_get_realm 1.38: (krb5_get_forwarded_creds): use 100127808Snectar KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded 101127808Snectar krb-cred 1.39: (krb5_get_forwarded_creds): If tickets are 102127808Snectar address-less, forward address-less tickets. 1.40: 103127808Snectar (krb5_get_forwarded_creds): try to handle errors better for 104127808Snectar previous commit 1.41: (add_addrs): don't add same address multiple 105127808Snectar times 106127808Snectar 107127808Snectar * lib/krb5/get_cred.c: 1.96->1.97: rename get_krbtgt to 108127808Snectar _krb5_get_krbtgt and export it 109127808Snectar 110127808Snectar2003-12-14 Love H�rnquist �strand <lha@it.su.se> 111127808Snectar 112127808Snectar * kdc/kerberos5.c: part of 1.146->1.147: handle NULL client/server 113127808Snectar names 114127808Snectar 115127808Snectar2003-12-03 Love H�rnquist �strand <lha@it.su.se> 116127808Snectar 117127808Snectar * lib/krb5/crypto.c: 1.90->1.91: require cipher-text to be padded 118127808Snectar to padsize 1.91->1.92: (decrypt_internal_derived): move up padsize 119127808Snectar check to avoid memory leak 120127808Snectar 121127808Snectar2003-12-01 Love H�rnquist �strand <lha@it.su.se> 122127808Snectar 123127808Snectar * kuser/kinit.c: 1.103->1.104: (main): return the return value 124127808Snectar from simple_execvp 125127808Snectar 126127808Snectar2003-10-22 Love H�rnquist �strand <lha@it.su.se> 127127808Snectar 128127808Snectar * lib/krb5/transited.c: 1.13->1.14: (krb5_domain_x500_encode): 129127808Snectar always zero out encoding to make sure it have a defined value on 130127808Snectar failure 131127808Snectar 132127808Snectar * lib/krb5/transited.c: 1.12->1.13: (krb5_domain_x500_encode): if 133127808Snectar num_realms == 0, set encoding and return (avoids malloc(0)) check 134127808Snectar return value from malloc 135127808Snectar 136127808Snectar2003-10-21 Love H�rnquist �strand <lha@it.su.se> 137127808Snectar 138127808Snectar * doc/setup.texi: 1.35->1.36: spelling 139127808Snectar 140127808Snectar * kdc/kdc_locl.h: 1.58->1.59: add flag to always check transited 141127808Snectar policy 142127808Snectar 143127808Snectar * doc/setup.texi: 1.27->1.35: many changes 144127808Snectar 145127808Snectar * lib/krb5/get_cred.c: 1.95->1.96: get capath info from [capaths] 146127808Snectar section 147127808Snectar 148127808Snectar * lib/krb5/rd_req.c: 1.50->1.51: (krb5_decrypt_ticket): try to 149127808Snectar verify transited realms, unless the transited-policy-checked flag 150127808Snectar is set 151127808Snectar 152127808Snectar * lib/krb5/transited.c: 153127808Snectar 1.12: (krb5_domain_x500_decode): set *num_realms to zero not num_realms 154127808Snectar 1.11: (krb5_domain_x500_decode): handle zero length tr data; 155127808Snectar (krb5_check_transited): new function that does more useful stuff 156127808Snectar 157127808Snectar * kdc/kdc.8: 1.23->1.24: document enforce-transited-policy 158127808Snectar 159127808Snectar * kdc/config.c: 1.47->1.48: add flag to always check transited 160127808Snectar policy 161127808Snectar 162127808Snectar * kdc/kerberos5.c: 163127808Snectar 1.150: (fix_transited_encoding): also verify with policy, 164127808Snectar unless asked not to 165127808Snectar 1.151: always check transited policy if flag set either globally 166127808Snectar (on principal part of patch not pulled up) 167127808Snectar 1.152: (fix_transited_encoding): set transited type 168127808Snectar 1.153: (fix_transited_encoding): always print cross-realm information 169127808Snectar 170127808Snectar2003-10-06 Love H�rnquist �strand <lha@it.su.se> 171127808Snectar 172127808Snectar * lib/krb5/config_file.c: 1.48->1.49: 173127808Snectar (krb5_config_parse_file_debug): punt if there is binding before a 174127808Snectar section declaration. 175127808Snectar Bug found by Arkadiusz Miskiewicz <arekm@pld-linux.org> 176127808Snectar 177127808Snectar * kdc/kaserver.c: 1.21->1.23: 178127808Snectar (do_getticket): if times data is shorter then 8 bytes, request is 179127808Snectar malformed. 180127808Snectar (do_authenticate): if request length is less then 8 bytes, its a 181127808Snectar bad request and fail. Pointed out by Marco Foglia <marco@foglia.org> 182127808Snectar 183127808Snectar2003-09-22 Love H�rnquist �strand <lha@it.su.se> 184127808Snectar 185127808Snectar * lib/krb5/verify_krb5_conf.c: 1.17->1.18: add missing " within 186127808Snectar #if 0 From: stefan sokoll <stefansokoll@yahoo.de> 187127808Snectar 188127808Snectar2003-09-19 Love H�rnquist �strand <lha@it.su.se> 189127808Snectar 190127808Snectar * lib/krb5/rd_req.c: 191127808Snectar 1.47->1.48: (krb5_rd_req): allow caller to pass in a key 192127808Snectar in the auth_context, they way processes that doesn't use the 193127808Snectar keytab can still pass in the key of the service (matches behavior 194127808Snectar of MIT Kerberos). 195127808Snectar 196127808Snectar2003-09-18 Love H�rnquist �strand <lha@it.su.se> 197127808Snectar 198127808Snectar * lib/krb5/crypto.c: 199127808Snectar 1.87->1.88: (usage2arcfour): simplify, only 200127808Snectar include special cases From: Luke Howard <lukeh@PADL.COM> 201127808Snectar 1.86->1.87: (arcfour_checksum_p): return true when is arcfour, 202127808Snectar not when its not pointed out by Luke Howard 203127808Snectar 1.82->1.83: Do the arcfour checksum mapping for 204127808Snectar krb5_create_checksum and krb5_verify_checksum, From: Luke Howard 205127808Snectar <lukeh@PADL.COM> 206127808Snectar 1.81->1.82: (hmac): make it return an error 207127808Snectar when out of memory, update callsites to either return error or use 208127808Snectar krb5_abortx 209127808Snectar (krb5_hmac): expose hmac 210127808Snectar * lib/krb5/mk_req_ext.c: 1.26->1.27: (krb5_mk_req_internal): 211127808Snectar when using arcfour-hmac-md5, use an unkeyed checksum 212127808Snectar (rsa-md5), since Microsoft calculates the keyed checksum with 213127808Snectar the subkey of the authenticator. 214127808Snectar 215127808Snectar * lib/krb5/get_cred.c: 216127808Snectar 1.93->1.94 (init_tgs_req): make generation of subkey 217127808Snectar optional on configuration parameter 218127808Snectar [realms]realm={tgs_require_subkey=bool} 219127808Snectar defaults to off. The RFC1510 weakly defines the correct behavior, 220127808Snectar so old DCE secd apparently required the subkey to be there, and MS 221127808Snectar will use it when its there. But the request isn't encrypted in the 222127808Snectar subkey, so you get to choose if you want to talk to a MS mdc or a 223127808Snectar old DCE secd. 224127808Snectar 225127808Snectar partly 1.91->1.92: (init_tgs_req): in case of error, don't 226127808Snectar free in the req_body addresses since they where pass in by caller 227127808Snectar 228127808Snectar lib/krb5/get_in_tkt.c: 229127808Snectar 1.108->1.1.09: (krb5_get_in_tkt): for compatibility with with 230127808Snectar the mit implemtation, don't free `creds' argument when done, its up 231127808Snectar the the caller to do that, also allow a NULL ccache. 232127808Snectar 233127808Snectar * doc/ack.texi 234127808Snectar 1.16->1.17: update Luke Howard email address 235127808Snectar 236127808Snectar * lib/hdb/hdb-ldap.c: 237127808Snectar 1.13->1.14: code rewrite from Luke Howard <lukeh@PADL.COM> 238127808Snectar 1.12->1.13: (LDAP_store): log what principal/dn failed 239127808Snectar 1.11->1.12: use int2HDBFlags/HDBFlags2int 240127808Snectar From: Alberto Patino <jalbertop@aranea.com.mx>, 241127808Snectar Luke Howard <lukeh@PADL.COM> 242127808Snectar Pointed out by Andrew Bartlett of Samba 243127808Snectar 1.10->1.11: (LDAP__connect): bind sasl "EXTERNAL" to ldap connection 244127808Snectar (LDAP_store): remove superfluous argument to asprintf 245127808Snectar From Alberto Patino <jalbertop@aranea.com.mx> 246127808Snectar 247127808Snectar * lib/krb5/krb5.h: 248127808Snectar 1.214->1.2015: add KEYTYPE_ARCFOUR_56 249127808Snectar 250127808Snectar2003-09-12 Love H�rnquist �strand <lha@it.su.se> 251127808Snectar 252127808Snectar * lib/krb5/config_file.c: fix prototypes Fredrik Ljungberg 253127808Snectar <flag@pobox.se> 254127808Snectar 255127808Snectar2003-09-11 Love H�rnquist �strand <lha@it.su.se> 256127808Snectar 257127808Snectar * lib/hdb/hdb_locl.h: 1.18->1.19: include <limits.h> for ULONG_MAX 258127808Snectar noted by Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss 259127808Snectar 260127808Snectar2003-08-29 Love H�rnquist �strand <lha@it.su.se> 261127808Snectar 262127808Snectar * lib/hdb/db3.c: 1.8->1.9: patch for working with DB4 on 263127808Snectar heimdal-discuss From: Luke Howard <lukeh@PADL.COM> 1.9->1.10: try 264127808Snectar to include more db headers 265127808Snectar 266127808Snectar2003-08-25 Love H�rnquist �strand <lha@it.su.se> 267127808Snectar 268127808Snectar * kdc/connect.c: 1.92->1.93 (handle_tcp): handle recvfrom 269127808Snectar returning 0 (connection closed) 1.91->1.92: (grow_descr): 270127808Snectar increment the size after we succeed to allocate the space 271127808Snectar 272127808Snectar2003-08-15 Love H�rnquist �strand <lha@it.su.se> 273127808Snectar 274127808Snectar * lib/krb5/principal.c: 1.83->1.85: (unparse_name): len can't be 275127808Snectar zero, so, don't check for that 276127808Snectar (unparse_name): make sure there are space for a NUL, set *name to NULL 277127808Snectar when there is a failure (so caller can't get hold of a freed 278127808Snectar pointer) 279127808Snectar 280120945Snectar2003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se> 281103423Snectar 282120945Snectar * Release 0.6 283103423Snectar 284120945Snectar2003-05-08 Love H�rnquist �strand <lha@it.su.se> 285103423Snectar 286120945Snectar * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4 287120945Snectar support 288103423Snectar 289120945Snectar * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't 290120945Snectar v4 support 291103423Snectar 292120945Snectar * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4 293120945Snectar support 294103423Snectar 295120945Snectar2003-05-06 Johan Danielsson <joda@pdc.kth.se> 296107207Snectar 297120945Snectar * lib/krb5/name-45-test.c: need to use empty krb5.conf for some 298120945Snectar tests 299107207Snectar 300120945Snectar * lib/asn1/check-gen.c: there is no \e escape sequence; replace 301120945Snectar everything with hex-codes, and cast to unsigned char* to make some 302120945Snectar compilers happy 303107207Snectar 304120945Snectar2003-05-06 Love H�rnquist �strand <lha@it.su.se> 305107207Snectar 306120945Snectar * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first 307120945Snectar argument to krb5_us_timeofday have correct type 308120945Snectar 309120945Snectar2003-05-05 Assar Westerlund <assar@kth.se> 310107207Snectar 311120945Snectar * include/make_crypto.c (main): include aes.h if ENABLE_AES 312107207Snectar 313120945Snectar2003-05-05 Love H�rnquist �strand <lha@it.su.se> 314107207Snectar 315120945Snectar * NEWS: 1.108->1.110: fix text about gssapi compat 316120945Snectar 317120945Snectar2003-04-28 Love H�rnquist �strand <lha@it.su.se> 318107207Snectar 319120945Snectar * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length, 320120945Snectar from openbsd 321103423Snectar 322120945Snectar2003-04-24 Love H�rnquist �strand <lha@it.su.se> 323107207Snectar 324120945Snectar * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc 325120945Snectar <jmc@prioris.mini.pw.edu.pl> 326103423Snectar 327120945Snectar2003-04-22 Love H�rnquist �strand <lha@it.su.se> 328103423Snectar 329120945Snectar * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org 330120945Snectar via openbsd 331103423Snectar 332120945Snectar2003-04-17 Love H�rnquist �strand <lha@it.su.se> 333103423Snectar 334120945Snectar * lib/asn1/der_copy.c (copy_general_string): use strdup 335120945Snectar * lib/asn1/der_put.c: remove sprintf 336120945Snectar * lib/asn1/gen.c: remove strcpy/sprintf 337120945Snectar 338120945Snectar * lib/krb5/name-45-test.c: use a more unique name then ratatosk so 339120945Snectar that other (me) have such hosts in the local domain and the tests 340120945Snectar fails, to take hokkigai.pdc.kth.se instead 341120945Snectar 342120945Snectar * lib/krb5/test_alname.c: add --version and --help 343120945Snectar 344120945Snectar2003-04-16 Love H�rnquist �strand <lha@it.su.se> 345103423Snectar 346120945Snectar * lib/krb5/krb5_warn.3: add krb5_get_err_text 347120945Snectar 348120945Snectar * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd 349120945Snectar * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd 350120945Snectar * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use 351120945Snectar strlcpy, from openbsd 352120945Snectar * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd 353120945Snectar * appl/kf/kfd.c: use strlcpy, from openbsd 354120945Snectar 355120945Snectar2003-04-16 Johan Danielsson <joda@pdc.kth.se> 356103423Snectar 357120945Snectar * configure.in: fix for large file support in AIX, _LARGE_FILES 358120945Snectar needs to be defined on the command line, since lex likes to 359120945Snectar include stdio.h before we get to config.h 360103423Snectar 361120945Snectar2003-04-16 Love H�rnquist �strand <lha@it.su.se> 362120945Snectar 363120945Snectar * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h, 364120945Snectar from Thomas Klausner <wiz@netbsd.org> 365120945Snectar 366120945Snectar * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner 367120945Snectar <wiz@netbsd.org> 368103423Snectar 369120945Snectar2003-04-15 Love H�rnquist �strand <lha@it.su.se> 370103423Snectar 371120945Snectar * kdc/kerberos5.c: fix some more memory leaks 372120945Snectar 373120945Snectar2003-04-11 Love H�rnquist �strand <lha@it.su.se> 374103423Snectar 375120945Snectar * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 376120945Snectar 377120945Snectar2003-04-08 Love H�rnquist �strand <lha@it.su.se> 378103423Snectar 379120945Snectar * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl> 380120945Snectar 381120945Snectar2003-04-06 Love H�rnquist �strand <lha@it.su.se> 382103423Snectar 383120945Snectar * lib/krb5/krb5.3: s/kerberos/Kerberos/ 384120945Snectar * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ 385120945Snectar * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ 386120945Snectar * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ 387120945Snectar * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ 388120945Snectar * kuser/kinit.1: s/kerberos/Kerberos/ 389120945Snectar * kdc/kdc.8: s/kerberos/Kerberos/ 390120945Snectar 391120945Snectar2003-04-01 Love H�rnquist �strand <lha@it.su.se> 392103423Snectar 393120945Snectar * lib/krb5/test_alname.c: more krb5_aname_to_localname tests 394120945Snectar 395120945Snectar * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when 396120945Snectar converting too root, make sure user is ok according to 397120945Snectar krb5_kuserok before allowing it. 398103423Snectar 399120945Snectar * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname 400120945Snectar 401120945Snectar * lib/krb5/test_alname.c: add test for krb5_aname_to_localname 402120945Snectar 403120945Snectar * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 404120945Snectar instead of the "illegal" salt #~, same change as kth-krb did 405120945Snectar 1999. Problems occur with crypt() that behaves like AT&T crypt 406120945Snectar (openssl does this). Pointed out by Marcus Watts. 407103423Snectar 408120945Snectar * admin/change.c (kt_change): collect all principals we are going 409120945Snectar to change, and pick the highest kvno and use that to guess what 410120945Snectar kvno the resulting kvno is going to be. Now two ktutil change in a 411120945Snectar row works. XXX fix the protocol to pass the kvno back. 412120945Snectar 413120945Snectar2003-03-31 Love H�rnquist �strand <lha@it.su.se> 414103423Snectar 415120945Snectar * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl> 416120945Snectar 417120945Snectar2003-03-30 Love H�rnquist �strand <lha@it.su.se> 418103423Snectar 419120945Snectar * doc/setup.texi: add description on how to turn on v4, 524 and 420120945Snectar kaserver support 421103423Snectar 422120945Snectar2003-03-29 Love H�rnquist �strand <lha@it.su.se> 423103423Snectar 424120945Snectar * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog 425120945Snectar and afs-use-524 426103423Snectar 427120945Snectar2003-03-28 Love H�rnquist �strand <lha@it.su.se> 428103423Snectar 429120945Snectar * kdc/kerberos5.c (as_rep): when the second enctype_to_string 430120945Snectar failes, remember to free memory from the first enctype_to_string 431103423Snectar 432120945Snectar * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, 433120945Snectar from Harald Joerg <harald.joerg@fujitsu-siemens.com> 434120945Snectar (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc 435103423Snectar 436120945Snectar * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key 437120945Snectar length when key is longer then expected length, its probably 438120945Snectar longer since the encrypted data was padded, reported by Aidan 439120945Snectar Cully <aidan@kublai.com> 440103423Snectar 441120945Snectar * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of 442120945Snectar encyption type, inspired by Aidan Cully <aidan@kublai.com> 443120945Snectar 444120945Snectar2003-03-27 Love H�rnquist �strand <lha@it.su.se> 445103423Snectar 446120945Snectar * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 447120945Snectar (wildcard kvno) after principal when the keytab entry isn't found, 448120945Snectar reported by Chris Chiappa <chris@chiappa.net> 449120945Snectar 450120945Snectar2003-03-26 Love H�rnquist �strand <lha@it.su.se> 451103423Snectar 452120945Snectar * doc/misc.texi: update 2b example to match reality (from 453120945Snectar mattiasa@e.kth.se) 454103423Snectar 455120945Snectar * doc/misc.texi: spelling and add `Configuring AFS clients' 456120945Snectar subsection 457103423Snectar 458120945Snectar2003-03-25 Love H�rnquist �strand <lha@it.su.se> 459103423Snectar 460120945Snectar * lib/krb5/krb5.3: add krb5_free_data_contents.3 461120945Snectar 462120945Snectar * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT 463120945Snectar API 464103423Snectar 465120945Snectar * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat 466120945Snectar with MIT API 467103423Snectar 468120945Snectar * lib/krb5/krb5_verify_user.3: write more about how the ccache 469120945Snectar argument should be inited when used 470120945Snectar 471120945Snectar2003-03-25 Johan Danielsson <joda@pdc.kth.se> 472103423Snectar 473120945Snectar * lib/krb5/addr_families.c (krb5_print_address): make sure 474120945Snectar print_addr is defined for the given address type; make addrports 475120945Snectar printable 476103423Snectar 477120945Snectar * kdc/string2key.c: print the used enctype for kerberos 5 keys 478103423Snectar 479120945Snectar2003-03-25 Love H�rnquist �strand <lha@it.su.se> 480103423Snectar 481120945Snectar * lib/krb5/aes-test.c: add another arcfour test 482120945Snectar 483120945Snectar2003-03-22 Love H�rnquist �strand <lha@it.su.se> 484103423Snectar 485120945Snectar * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 486120945Snectar 487120945Snectar2003-03-20 Love H�rnquist �strand <lha@it.su.se> 488120945Snectar 489120945Snectar * lib/krb5/krb5_ccache.3: update .Dd 490103423Snectar 491120945Snectar * lib/krb5/krb5.3: sort in krb5_data functions 492103423Snectar 493120945Snectar * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 494103423Snectar 495120945Snectar * lib/krb5/krb5_data.3: document krb5_data 496103423Snectar 497120945Snectar * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if 498120945Snectar prompter is NULL, don't try to ask for a password to 499120945Snectar change. reported by Iain Moffat @ ufl.edu via Howard Chu 500120945Snectar <hyc@highlandsun.com> 501103423Snectar 502120945Snectar2003-03-19 Love H�rnquist �strand <lha@it.su.se> 503103423Snectar 504120945Snectar * lib/krb5/krb5_keytab.3: spelling, from 505120945Snectar <jmc@prioris.mini.pw.edu.pl> 506103423Snectar 507120945Snectar * lib/krb5/krb5.conf.5: . means new line 508120945Snectar 509120945Snectar * lib/krb5/krb5.conf.5: spelling, from 510120945Snectar <jmc@prioris.mini.pw.edu.pl> 511103423Snectar 512120945Snectar * lib/krb5/krb5_auth_context.3: spelling, from 513120945Snectar <jmc@prioris.mini.pw.edu.pl> 514103423Snectar 515120945Snectar2003-03-18 Love H�rnquist �strand <lha@it.su.se> 516103423Snectar 517120945Snectar * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 518120945Snectar 519120945Snectar * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time 520120945Snectar 521120945Snectar * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time 522103423Snectar 523120945Snectar * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out 524120945Snectar #ifdef KRB4 from enable_v4_cross_realm since 524 needs it 525120945Snectar 526120945Snectar * kdc/config.c: 524 is independent of kerberos 4, so move out 527120945Snectar enable_v4_cross_realm from #ifdef KRB4 since 524 needs it 528120945Snectar 529120945Snectar2003-03-17 Assar Westerlund <assar@kth.se> 530103423Snectar 531120945Snectar * kdc/kdc.8: document --kerberos4-cross-realm 532120945Snectar * kdc/kerberos4.c: pay attention to enable_v4_cross_realm 533120945Snectar * kdc/kdc_locl.h (enable_v4_cross_realm): add 534120945Snectar * kdc/524.c (encode_524_response): check the enable_v4_cross_realm 535120945Snectar flag before giving out v4 tickets for foreign v5 principals 536120945Snectar * kdc/config.c: add --enable-kerberos4-cross-realm option (default 537120945Snectar to off) 538103423Snectar 539120945Snectar2003-03-17 Love H�rnquist �strand <lha@it.su.se> 540103423Snectar 541120945Snectar * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 542120945Snectar 543120945Snectar * lib/krb5/krb5_aname_to_localname.3: manpage for 544120945Snectar krb5_aname_to_localname 545103423Snectar 546120945Snectar * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ 547120945Snectar 548120945Snectar2003-03-16 Love H�rnquist �strand <lha@it.su.se> 549103423Snectar 550120945Snectar * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 551103423Snectar 552120945Snectar * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 553103423Snectar 554120945Snectar * lib/krb5/krb5_set_default_realm.3: Manpage for 555120945Snectar krb5_free_host_realm, krb5_get_default_realm, 556120945Snectar krb5_get_default_realms, krb5_get_host_realm, and 557120945Snectar krb5_set_default_realm. 558103423Snectar 559120945Snectar * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado 560120945Snectar <sobrado@acm.org> via NetBSD 561103423Snectar 562120945Snectar * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type 563102644Snectar 564120945Snectar * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab 565102644Snectar 566120945Snectar * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix 567102644Snectar 568120945Snectar * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more 569120945Snectar types, add krb5_fcc_ops and krb5_mcc_ops 570102644Snectar 571120945Snectar * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for 572120945Snectar a id 57390926Snectar 574120945Snectar2003-03-15 Love H�rnquist �strand <lha@it.su.se> 57590926Snectar 576120945Snectar * doc/intro.texi: add reference to source code, binaries and the 577120945Snectar manual 57890926Snectar 579120945Snectar * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal 580120945Snectar 581120945Snectar2003-03-14 Love H�rnquist �strand <lha@it.su.se> 58290926Snectar 583120945Snectar * kdc/kdc.8: better/difrent english 58490926Snectar 585120945Snectar * kdc/kdc.8: . -> .\n, copyright/license 586120945Snectar 587120945Snectar * kdc/kdc.8: changed configuration file -> restart kdc 58890926Snectar 589120945Snectar * kdc/kerberos4.c: add krb4 into the most error messages written 590120945Snectar to the logfile 59190926Snectar 592120945Snectar * lib/krb5/krb5_ccache.3: add missing name of argument 593120945Snectar (krb5_context) to most functions 59490926Snectar 595120945Snectar2003-03-13 Love H�rnquist �strand <lha@it.su.se> 59690926Snectar 597120945Snectar * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of 598120945Snectar function and return FALSE when there isn't a local account for 599120945Snectar `luser'. 60090926Snectar 601120945Snectar * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text 602120945Snectar describing the function 60390926Snectar 604120945Snectar2003-03-12 Love H�rnquist �strand <lha@it.su.se> 60590926Snectar 606120945Snectar * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name 607120945Snectar returned memory, don't return ENOMEM 60890926Snectar 609120945Snectar2003-03-11 Love H�rnquist �strand <lha@it.su.se> 61090926Snectar 611120945Snectar * lib/krb5/krb5.3: add krb5_address stuff and sort 612120945Snectar 613120945Snectar * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description 614120945Snectar 615120945Snectar * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 616120945Snectar 617120945Snectar * lib/krb5/krb5_address.3: document types krb5_address and 618120945Snectar krb5_addresses and their helper functions 61990926Snectar 620120945Snectar2003-03-10 Love H�rnquist �strand <lha@it.su.se> 62190926Snectar 622120945Snectar * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 62390926Snectar 624120945Snectar * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se 62590926Snectar 626120945Snectar * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 62790926Snectar 628120945Snectar * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se 629120945Snectar 630120945Snectar * lib/krb5/krb5.3: add more functions 631120945Snectar 632120945Snectar * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc 633120945Snectar functions 63490926Snectar 635120945Snectar * lib/krb5/krb5_kuserok.3: document krb5_kuserok 636120945Snectar 637120945Snectar * lib/krb5/krb5_verify_user.3: document 638120945Snectar krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior 63990926Snectar 640120945Snectar * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and 641120945Snectar krb5_verify_user_opt 64290926Snectar 643120945Snectar * lib/krb5/*.[0-9]: add copyright/licenses on more manpages 64490926Snectar 645120945Snectar * kuser/kdestroy.c (main): handle that krb5_cc_default_name can 646120945Snectar return NULL 64790926Snectar 648120945Snectar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor 649120945Snectar (TESTS): add test_cc 65090926Snectar 651120945Snectar * lib/krb5/test_cc.c: test some 652120945Snectar krb5_cc_default_name/krb5_cc_set_default_name combinations 653120945Snectar 654120945Snectar * lib/krb5/context.c (init_context_from_config_file): set 655120945Snectar default_cc_name to NULL 656120945Snectar (krb5_free_context): free default_cc_name if set 65790926Snectar 658120945Snectar * lib/krb5/cache.c (krb5_cc_set_default_name): new function 659120945Snectar (krb5_cc_default_name): use krb5_cc_set_default_name 66090926Snectar 661120945Snectar * lib/krb5/krb5.h (krb5_context_data): add default_cc_name 662120945Snectar 663120945Snectar2003-02-25 Love H�rnquist �strand <lha@it.su.se> 66490926Snectar 665120945Snectar * appl/kf/kf.1: s/securly/securely/ from NetBSD 666120945Snectar 667120945Snectar2003-02-18 Love H�rnquist �strand <lha@it.su.se> 66890926Snectar 669120945Snectar * kdc/connect.c: s/intialize/initialize, from 670120945Snectar <jmc@prioris.mini.pw.edu.pl> 67190926Snectar 672120945Snectar2003-02-17 Love H�rnquist �strand <lha@it.su.se> 67390926Snectar 674120945Snectar * configure.in: add AM_MAINTAINER_MODE 675120945Snectar 676120945Snectar2003-02-16 Love H�rnquist �strand <lha@it.su.se> 67790926Snectar 678120945Snectar * **/*.[0-9]: add copyright/licenses on all manpages 67990926Snectar 680120945Snectar2003-14-16 Jacques Vidrine <nectar@kth.se> 68190926Snectar 682120945Snectar * lib/krb5/get_in_tkt.c (init_as_req): Send only a single 683120945Snectar PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption 684120945Snectar type specified by the KDC. 68590926Snectar 686120945Snectar2003-02-15 Love H�rnquist �strand <lha@it.su.se> 68790926Snectar 688120945Snectar * fix-export: some autoconf put their version number in 689120945Snectar autom4te.cache, so remove autom4te*.cache 690120945Snectar 691120945Snectar * fix-export: make sure $1 is a directory 692120945Snectar 693120945Snectar2003-02-04 Love H�rnquist �strand <lha@it.su.se> 69490926Snectar 695120945Snectar * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 69690926Snectar 697120945Snectar * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 698120945Snectar 699120945Snectar2003-01-31 Love H�rnquist �strand <lha@it.su.se> 70090926Snectar 701120945Snectar * kdc/hpropd.8: s/databases/a database/ s/Not/not/ 70290926Snectar 703120945Snectar * kdc/hprop.8: add missing . 704120945Snectar 705120945Snectar2003-01-30 Love H�rnquist �strand <lha@it.su.se> 70690926Snectar 707120945Snectar * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, 708120945Snectar address, write out encryption type in sentences, s/Host/host 709120945Snectar 710120945Snectar2003-01-26 Love H�rnquist �strand <lha@it.su.se> 71190926Snectar 712120945Snectar * lib/asn1/check-gen.c: add checks for Authenticator too 713120945Snectar 714120945Snectar2003-01-25 Love H�rnquist �strand <lha@it.su.se> 71590926Snectar 716120945Snectar * doc/setup.texi: in the hprop example, use hprop and the first 717120945Snectar component, not host 71890926Snectar 719120945Snectar * lib/krb5/get_addrs.c (find_all_addresses): address-less 720120945Snectar point-to-point might not have an address, just ignore 721120945Snectar those. Reported by Harald Barth. 72290926Snectar 723120945Snectar2003-01-23 Love H�rnquist �strand <lha@it.su.se> 72490926Snectar 725120945Snectar * lib/krb5/verify_krb5_conf.c (check_section): when key isn't 726120945Snectar found, don't print out all known keys 72790926Snectar 728120945Snectar * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity 729120945Snectar and facility start resp 730120945Snectar (check_log): find_value() returns -1 when key isn't found 73190926Snectar 732120945Snectar * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a 733120945Snectar 'const void *' to avoid AES_KEY being exposed in krb5-private.h 734120945Snectar 735120945Snectar * lib/krb5/krb5.conf.5: add [kdc]use_2b 73690926Snectar 737120945Snectar * kdc/524.c (encode_524_response): its 2b not b2 738120945Snectar 739120945Snectar * doc/misc.texi: quote @ where missing 740120945Snectar 741120945Snectar * lib/asn1/Makefile.am: add check-gen 742120945Snectar 743120945Snectar * lib/asn1/check-gen.c: add Principal check 744120945Snectar 745120945Snectar * lib/asn1/check-common.h: move generic asn1/der functions from 746120945Snectar check-der.c to here 74790926Snectar 748120945Snectar * lib/asn1/check-common.c: move generic asn1/der functions from 749120945Snectar check-der.c to here 75090926Snectar 751120945Snectar * lib/asn1/check-der.c: move out the generic asn1/der functions to 752120945Snectar a common file 75390926Snectar 754120945Snectar2003-01-22 Love H�rnquist �strand <lha@it.su.se> 75590926Snectar 756120945Snectar * doc/misc.texi: more text about afs, how to get get your KeyFile, 757120945Snectar and how to start use 2b tokens 75890926Snectar 759120945Snectar * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre 760120945Snectar <jmc@cvs.openbsd.org> 761120945Snectar 762120945Snectar2003-01-21 Jacques Vidrine <nectar@kth.se> 76390926Snectar 764120945Snectar * kuser/kuser_locl.h: include crypto-headers.h for 765120945Snectar des_read_pw_string prototype 76690926Snectar 767120945Snectar2003-01-16 Love H�rnquist �strand <lha@it.su.se> 76890926Snectar 769120945Snectar * admin/ktutil.8: document -v, --verbose 77090926Snectar 771120945Snectar * admin/get.c (kt_get): make getarg usage consistent with other 772120945Snectar other parts of ktutil 77390926Snectar 774120945Snectar * admin/copy.c (kt_copy): remove adding verbose_flag to args 775120945Snectar struct, since it will overrun the args array (from Sumit Bose) 776120945Snectar 777120945Snectar2003-01-15 Love H�rnquist �strand <lha@it.su.se> 77890926Snectar 779120945Snectar * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = 780120945Snectar ... } 78190926Snectar 782120945Snectar * lib/krb5/aes-test.c: test vectors in aes-draft 783120945Snectar 784120945Snectar * lib/krb5/Makefile.am: add aes-test.c 78590926Snectar 786120945Snectar * lib/krb5/crypto.c: Add support for AES 787120945Snectar (draft-raeburn-krb-rijndael-krb-02), not enabled by default. 788120945Snectar (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify 789120945Snectar to support checksumtype that are have a shorter wireformat then 790120945Snectar their output block size. 791120945Snectar 792120945Snectar * lib/krb5/crypto.c (struct encryption_type): split the blocksize 793120945Snectar into blocksize and padsize, padsize is the minimum padding 794120945Snectar size. they are the same for now 795120945Snectar (enctype_*): add padsize 796120945Snectar (encrypt_internal): use padsize 797120945Snectar (encrypt_internal_derived): use padsize 798120945Snectar (wrapped_length): use padsize 799120945Snectar (wrapped_length_dervied): use padsize 80090926Snectar 801120945Snectar * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key 802120945Snectar function for each enctype in preparation enctypes that uses 803120945Snectar `Encryption and Checksum Specifications for Kerberos 5' draft 80478527Sassar 805120945Snectar * lib/asn1/k5.asn1: add checksum and enctype for AES from 806120945Snectar draft-raeburn-krb-rijndael-krb-02.txt 80778527Sassar 808120945Snectar * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, 809120945Snectar KEYTYPE_AES256 81078527Sassar 811120945Snectar2003-01-14 Love H�rnquist �strand <lha@it.su.se> 81278527Sassar 813120945Snectar * lib/hdb/common.c (_hdb_fetch): handle error code from 814120945Snectar hdb_value2entry 81578527Sassar 816120945Snectar * kdc/Makefile.am: always include kerberos4.c and 524.c in 817120945Snectar kdc_SOURCES to support 524 81878527Sassar 819120945Snectar * kdc/524.c: always compile in support for 524 82078527Sassar 821120945Snectar * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 822120945Snectar 823120945Snectar * kdc/config.c: always compile in support for 524 824120945Snectar 825120945Snectar * kdc/connect.c: always compile in support for 524 826120945Snectar 827120945Snectar * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() 828120945Snectar even when we build without kerberos 4, 524 needs them 829120945Snectar 830120945Snectar * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out 831120945Snectar Kerberos 4 help functions/structures so other parts of the source 832120945Snectar tree can use it (like the KDC) 83378527Sassar 834