ChangeLog revision 127808
12004-04-01 Johan Danielsson <joda@pdc.kth.se> 2 3 * Release 0.6.1 4 52004-03-30 Love H�rnquist �strand <lha@it.su.se> 6 7 * kdc/kerberos4.c: 1.46: stop the client from renewing tickets 8 into the future From: Jeffrey Hutzelman <jhutz@cmu.edu> 9 102004-03-10 Love H�rnquist �strand <lha@it.su.se> 11 12 * lib/krb5/fcache.c: 1.43: (fcc_store_cred): NULL terminate 13 krb5_config_get_bool_default' arglist 14 152004-03-09 Love H�rnquist �strand <lha@it.su.se> 16 17 * lib/krb5/krb5.conf.5: 1.44: document 18 [libdefaults]fcc-mit-ticketflags=boolean 1.43: don't use path's in 19 first .Nm, it confuses some locate.updatedb, use FILES section to 20 describe where the file is instead. 21 22 * lib/krb5/fcache.c (fcc_store_cred): default to use old format 23 24 * lib/krb5/fcache.c: 1.42: (fcc_store_cred): use 25 [libdefaults]fcc-mit-ticketflags=boolean to decide what format to 26 write the fcc in. Default to mit format (aka heimdal 0.7 format) 27 1.41: (_krb5_xlock): handle that everything was ok, and don't put 28 an error in the error strings then 29 30 * lib/krb5/store.c: 1.43: add _krb5_store_creds_heimdal_0_7 and 31 _krb5_store_creds_heimdal_pre_0_7 that store the creds in just 32 that format make krb5_store_creds default to mit format 1.42: 33 (krb5_ret_creds): Runtime detect the what is the higher bits of 34 the bitfield 1.41: (krb5_store_creds): add disabled code that 35 store the ticket flags in reverse order (bitswap32): new function 36 1.40: (krb5_ret_creds): if the higher ticket flags are set, its a 37 mit cache, reverse the bits, bug pointed out by Sergio Gelato 38 <Sergio.Gelato@astro.su.se> 39 40 delta modfied to not change the behavior of krb5_store_creds 41 422004-03-07 Love H�rnquist �strand <lha@it.su.se> 43 44 * lib/krb5/mk_safe.c (krb5_mk_safe): fix assignment of usec2 45 462004-03-06 Love H�rnquist �strand <lha@it.su.se> 47 48 * lib/krb5/mcache.c: patch based on 1.17 and 1.18 but with 49 threading code pulled out; 50 51 1.18: (mcc_get_principal): also check for primary_principal == 52 NULL now that that isn't used as dead flag 1.17: don't overload 53 the primary_principal == NULL as dead since that doesn't always 54 work Based on patch from Jeffrey Hutzelman <jhutz@cmu.edu>, but 55 tweek by me 56 57 * lib/krb5/crypto.c: 1.94: (decrypt_internal_special): do not not 58 modify the original data test case from Ronnie Sahlberg 59 <ronnie_sahlberg@ozemail.com.au> 60 612004-02-13 Love H�rnquist �strand <lha@it.su.se> 62 63 * lib/krb5/verify_krb5_conf.c: 1.22->1.23: (check_host): don't 64 check for EAI_NODATA, because its depricated in RFC3493 Pointed 65 out by Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss 66 67 * lib/krb5/eai_to_heim_errno.c: 1.3->1.4: EAI_ADDRFAMILY and 68 EAI_NODATA is deprecated in RFC3493 69 702004-02-09 Love H�rnquist �strand <lha@it.su.se> 71 72 * lib/asn1/der_length.c: 1.16: Fix len_unsigned for certain 73 negative integers, it got the length wrong, fix from Panasas, Inc. 74 75 * lib/asn1/der_locl.h: 1.5: add _heim_len_unsigned, _heim_len_int 76 772004-01-26 Love H�rnquist �strand <lha@it.su.se> 78 79 * lib/asn1/gen_length.c: 1.14: (length_type): TSequenceOf: add up 80 the size of all the elements, don't use just the size of the last 81 element. 82 83 * lib/krb5/fcache.c: 1.40: (_krb5_xlock): catch EINVAL and assume 84 that it means that the filesystem doesn't support locking 1.39: 85 (_krb5_xlock): fix compile error in last commit 1.38: internally 86 export x{,un}lock and thus prefix them with _krb5_ 87 882004-01-13 Love H�rnquist �strand <lha@it.su.se> 89 90 * kuser/kinit.c: 1.106: (renew_validate): if renewable_flag and 91 not time specifed, use "1 month" 92 1.105: make -9 work again 93 942004-01-09 Love H�rnquist �strand <lha@it.su.se> 95 96 * lib/krb5/get_for_creds.c: 1.36: (add_addrs): don't increase 97 addr->len until in contains interesting data, use right iteration 98 counter when clearing the addresses 1.39: krb5_princ_realm -> 99 krb5_principal_get_realm 1.38: (krb5_get_forwarded_creds): use 100 KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded 101 krb-cred 1.39: (krb5_get_forwarded_creds): If tickets are 102 address-less, forward address-less tickets. 1.40: 103 (krb5_get_forwarded_creds): try to handle errors better for 104 previous commit 1.41: (add_addrs): don't add same address multiple 105 times 106 107 * lib/krb5/get_cred.c: 1.96->1.97: rename get_krbtgt to 108 _krb5_get_krbtgt and export it 109 1102003-12-14 Love H�rnquist �strand <lha@it.su.se> 111 112 * kdc/kerberos5.c: part of 1.146->1.147: handle NULL client/server 113 names 114 1152003-12-03 Love H�rnquist �strand <lha@it.su.se> 116 117 * lib/krb5/crypto.c: 1.90->1.91: require cipher-text to be padded 118 to padsize 1.91->1.92: (decrypt_internal_derived): move up padsize 119 check to avoid memory leak 120 1212003-12-01 Love H�rnquist �strand <lha@it.su.se> 122 123 * kuser/kinit.c: 1.103->1.104: (main): return the return value 124 from simple_execvp 125 1262003-10-22 Love H�rnquist �strand <lha@it.su.se> 127 128 * lib/krb5/transited.c: 1.13->1.14: (krb5_domain_x500_encode): 129 always zero out encoding to make sure it have a defined value on 130 failure 131 132 * lib/krb5/transited.c: 1.12->1.13: (krb5_domain_x500_encode): if 133 num_realms == 0, set encoding and return (avoids malloc(0)) check 134 return value from malloc 135 1362003-10-21 Love H�rnquist �strand <lha@it.su.se> 137 138 * doc/setup.texi: 1.35->1.36: spelling 139 140 * kdc/kdc_locl.h: 1.58->1.59: add flag to always check transited 141 policy 142 143 * doc/setup.texi: 1.27->1.35: many changes 144 145 * lib/krb5/get_cred.c: 1.95->1.96: get capath info from [capaths] 146 section 147 148 * lib/krb5/rd_req.c: 1.50->1.51: (krb5_decrypt_ticket): try to 149 verify transited realms, unless the transited-policy-checked flag 150 is set 151 152 * lib/krb5/transited.c: 153 1.12: (krb5_domain_x500_decode): set *num_realms to zero not num_realms 154 1.11: (krb5_domain_x500_decode): handle zero length tr data; 155 (krb5_check_transited): new function that does more useful stuff 156 157 * kdc/kdc.8: 1.23->1.24: document enforce-transited-policy 158 159 * kdc/config.c: 1.47->1.48: add flag to always check transited 160 policy 161 162 * kdc/kerberos5.c: 163 1.150: (fix_transited_encoding): also verify with policy, 164 unless asked not to 165 1.151: always check transited policy if flag set either globally 166 (on principal part of patch not pulled up) 167 1.152: (fix_transited_encoding): set transited type 168 1.153: (fix_transited_encoding): always print cross-realm information 169 1702003-10-06 Love H�rnquist �strand <lha@it.su.se> 171 172 * lib/krb5/config_file.c: 1.48->1.49: 173 (krb5_config_parse_file_debug): punt if there is binding before a 174 section declaration. 175 Bug found by Arkadiusz Miskiewicz <arekm@pld-linux.org> 176 177 * kdc/kaserver.c: 1.21->1.23: 178 (do_getticket): if times data is shorter then 8 bytes, request is 179 malformed. 180 (do_authenticate): if request length is less then 8 bytes, its a 181 bad request and fail. Pointed out by Marco Foglia <marco@foglia.org> 182 1832003-09-22 Love H�rnquist �strand <lha@it.su.se> 184 185 * lib/krb5/verify_krb5_conf.c: 1.17->1.18: add missing " within 186 #if 0 From: stefan sokoll <stefansokoll@yahoo.de> 187 1882003-09-19 Love H�rnquist �strand <lha@it.su.se> 189 190 * lib/krb5/rd_req.c: 191 1.47->1.48: (krb5_rd_req): allow caller to pass in a key 192 in the auth_context, they way processes that doesn't use the 193 keytab can still pass in the key of the service (matches behavior 194 of MIT Kerberos). 195 1962003-09-18 Love H�rnquist �strand <lha@it.su.se> 197 198 * lib/krb5/crypto.c: 199 1.87->1.88: (usage2arcfour): simplify, only 200 include special cases From: Luke Howard <lukeh@PADL.COM> 201 1.86->1.87: (arcfour_checksum_p): return true when is arcfour, 202 not when its not pointed out by Luke Howard 203 1.82->1.83: Do the arcfour checksum mapping for 204 krb5_create_checksum and krb5_verify_checksum, From: Luke Howard 205 <lukeh@PADL.COM> 206 1.81->1.82: (hmac): make it return an error 207 when out of memory, update callsites to either return error or use 208 krb5_abortx 209 (krb5_hmac): expose hmac 210 * lib/krb5/mk_req_ext.c: 1.26->1.27: (krb5_mk_req_internal): 211 when using arcfour-hmac-md5, use an unkeyed checksum 212 (rsa-md5), since Microsoft calculates the keyed checksum with 213 the subkey of the authenticator. 214 215 * lib/krb5/get_cred.c: 216 1.93->1.94 (init_tgs_req): make generation of subkey 217 optional on configuration parameter 218 [realms]realm={tgs_require_subkey=bool} 219 defaults to off. The RFC1510 weakly defines the correct behavior, 220 so old DCE secd apparently required the subkey to be there, and MS 221 will use it when its there. But the request isn't encrypted in the 222 subkey, so you get to choose if you want to talk to a MS mdc or a 223 old DCE secd. 224 225 partly 1.91->1.92: (init_tgs_req): in case of error, don't 226 free in the req_body addresses since they where pass in by caller 227 228 lib/krb5/get_in_tkt.c: 229 1.108->1.1.09: (krb5_get_in_tkt): for compatibility with with 230 the mit implemtation, don't free `creds' argument when done, its up 231 the the caller to do that, also allow a NULL ccache. 232 233 * doc/ack.texi 234 1.16->1.17: update Luke Howard email address 235 236 * lib/hdb/hdb-ldap.c: 237 1.13->1.14: code rewrite from Luke Howard <lukeh@PADL.COM> 238 1.12->1.13: (LDAP_store): log what principal/dn failed 239 1.11->1.12: use int2HDBFlags/HDBFlags2int 240 From: Alberto Patino <jalbertop@aranea.com.mx>, 241 Luke Howard <lukeh@PADL.COM> 242 Pointed out by Andrew Bartlett of Samba 243 1.10->1.11: (LDAP__connect): bind sasl "EXTERNAL" to ldap connection 244 (LDAP_store): remove superfluous argument to asprintf 245 From Alberto Patino <jalbertop@aranea.com.mx> 246 247 * lib/krb5/krb5.h: 248 1.214->1.2015: add KEYTYPE_ARCFOUR_56 249 2502003-09-12 Love H�rnquist �strand <lha@it.su.se> 251 252 * lib/krb5/config_file.c: fix prototypes Fredrik Ljungberg 253 <flag@pobox.se> 254 2552003-09-11 Love H�rnquist �strand <lha@it.su.se> 256 257 * lib/hdb/hdb_locl.h: 1.18->1.19: include <limits.h> for ULONG_MAX 258 noted by Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss 259 2602003-08-29 Love H�rnquist �strand <lha@it.su.se> 261 262 * lib/hdb/db3.c: 1.8->1.9: patch for working with DB4 on 263 heimdal-discuss From: Luke Howard <lukeh@PADL.COM> 1.9->1.10: try 264 to include more db headers 265 2662003-08-25 Love H�rnquist �strand <lha@it.su.se> 267 268 * kdc/connect.c: 1.92->1.93 (handle_tcp): handle recvfrom 269 returning 0 (connection closed) 1.91->1.92: (grow_descr): 270 increment the size after we succeed to allocate the space 271 2722003-08-15 Love H�rnquist �strand <lha@it.su.se> 273 274 * lib/krb5/principal.c: 1.83->1.85: (unparse_name): len can't be 275 zero, so, don't check for that 276 (unparse_name): make sure there are space for a NUL, set *name to NULL 277 when there is a failure (so caller can't get hold of a freed 278 pointer) 279 2802003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se> 281 282 * Release 0.6 283 2842003-05-08 Love H�rnquist �strand <lha@it.su.se> 285 286 * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4 287 support 288 289 * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't 290 v4 support 291 292 * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4 293 support 294 2952003-05-06 Johan Danielsson <joda@pdc.kth.se> 296 297 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some 298 tests 299 300 * lib/asn1/check-gen.c: there is no \e escape sequence; replace 301 everything with hex-codes, and cast to unsigned char* to make some 302 compilers happy 303 3042003-05-06 Love H�rnquist �strand <lha@it.su.se> 305 306 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first 307 argument to krb5_us_timeofday have correct type 308 3092003-05-05 Assar Westerlund <assar@kth.se> 310 311 * include/make_crypto.c (main): include aes.h if ENABLE_AES 312 3132003-05-05 Love H�rnquist �strand <lha@it.su.se> 314 315 * NEWS: 1.108->1.110: fix text about gssapi compat 316 3172003-04-28 Love H�rnquist �strand <lha@it.su.se> 318 319 * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length, 320 from openbsd 321 3222003-04-24 Love H�rnquist �strand <lha@it.su.se> 323 324 * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc 325 <jmc@prioris.mini.pw.edu.pl> 326 3272003-04-22 Love H�rnquist �strand <lha@it.su.se> 328 329 * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org 330 via openbsd 331 3322003-04-17 Love H�rnquist �strand <lha@it.su.se> 333 334 * lib/asn1/der_copy.c (copy_general_string): use strdup 335 * lib/asn1/der_put.c: remove sprintf 336 * lib/asn1/gen.c: remove strcpy/sprintf 337 338 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so 339 that other (me) have such hosts in the local domain and the tests 340 fails, to take hokkigai.pdc.kth.se instead 341 342 * lib/krb5/test_alname.c: add --version and --help 343 3442003-04-16 Love H�rnquist �strand <lha@it.su.se> 345 346 * lib/krb5/krb5_warn.3: add krb5_get_err_text 347 348 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd 349 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd 350 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use 351 strlcpy, from openbsd 352 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd 353 * appl/kf/kfd.c: use strlcpy, from openbsd 354 3552003-04-16 Johan Danielsson <joda@pdc.kth.se> 356 357 * configure.in: fix for large file support in AIX, _LARGE_FILES 358 needs to be defined on the command line, since lex likes to 359 include stdio.h before we get to config.h 360 3612003-04-16 Love H�rnquist �strand <lha@it.su.se> 362 363 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h, 364 from Thomas Klausner <wiz@netbsd.org> 365 366 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner 367 <wiz@netbsd.org> 368 3692003-04-15 Love H�rnquist �strand <lha@it.su.se> 370 371 * kdc/kerberos5.c: fix some more memory leaks 372 3732003-04-11 Love H�rnquist �strand <lha@it.su.se> 374 375 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 376 3772003-04-08 Love H�rnquist �strand <lha@it.su.se> 378 379 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl> 380 3812003-04-06 Love H�rnquist �strand <lha@it.su.se> 382 383 * lib/krb5/krb5.3: s/kerberos/Kerberos/ 384 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ 385 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ 386 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ 387 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ 388 * kuser/kinit.1: s/kerberos/Kerberos/ 389 * kdc/kdc.8: s/kerberos/Kerberos/ 390 3912003-04-01 Love H�rnquist �strand <lha@it.su.se> 392 393 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests 394 395 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when 396 converting too root, make sure user is ok according to 397 krb5_kuserok before allowing it. 398 399 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname 400 401 * lib/krb5/test_alname.c: add test for krb5_aname_to_localname 402 403 * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 404 instead of the "illegal" salt #~, same change as kth-krb did 405 1999. Problems occur with crypt() that behaves like AT&T crypt 406 (openssl does this). Pointed out by Marcus Watts. 407 408 * admin/change.c (kt_change): collect all principals we are going 409 to change, and pick the highest kvno and use that to guess what 410 kvno the resulting kvno is going to be. Now two ktutil change in a 411 row works. XXX fix the protocol to pass the kvno back. 412 4132003-03-31 Love H�rnquist �strand <lha@it.su.se> 414 415 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl> 416 4172003-03-30 Love H�rnquist �strand <lha@it.su.se> 418 419 * doc/setup.texi: add description on how to turn on v4, 524 and 420 kaserver support 421 4222003-03-29 Love H�rnquist �strand <lha@it.su.se> 423 424 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog 425 and afs-use-524 426 4272003-03-28 Love H�rnquist �strand <lha@it.su.se> 428 429 * kdc/kerberos5.c (as_rep): when the second enctype_to_string 430 failes, remember to free memory from the first enctype_to_string 431 432 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, 433 from Harald Joerg <harald.joerg@fujitsu-siemens.com> 434 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc 435 436 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key 437 length when key is longer then expected length, its probably 438 longer since the encrypted data was padded, reported by Aidan 439 Cully <aidan@kublai.com> 440 441 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of 442 encyption type, inspired by Aidan Cully <aidan@kublai.com> 443 4442003-03-27 Love H�rnquist �strand <lha@it.su.se> 445 446 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 447 (wildcard kvno) after principal when the keytab entry isn't found, 448 reported by Chris Chiappa <chris@chiappa.net> 449 4502003-03-26 Love H�rnquist �strand <lha@it.su.se> 451 452 * doc/misc.texi: update 2b example to match reality (from 453 mattiasa@e.kth.se) 454 455 * doc/misc.texi: spelling and add `Configuring AFS clients' 456 subsection 457 4582003-03-25 Love H�rnquist �strand <lha@it.su.se> 459 460 * lib/krb5/krb5.3: add krb5_free_data_contents.3 461 462 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT 463 API 464 465 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat 466 with MIT API 467 468 * lib/krb5/krb5_verify_user.3: write more about how the ccache 469 argument should be inited when used 470 4712003-03-25 Johan Danielsson <joda@pdc.kth.se> 472 473 * lib/krb5/addr_families.c (krb5_print_address): make sure 474 print_addr is defined for the given address type; make addrports 475 printable 476 477 * kdc/string2key.c: print the used enctype for kerberos 5 keys 478 4792003-03-25 Love H�rnquist �strand <lha@it.su.se> 480 481 * lib/krb5/aes-test.c: add another arcfour test 482 4832003-03-22 Love H�rnquist �strand <lha@it.su.se> 484 485 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 486 4872003-03-20 Love H�rnquist �strand <lha@it.su.se> 488 489 * lib/krb5/krb5_ccache.3: update .Dd 490 491 * lib/krb5/krb5.3: sort in krb5_data functions 492 493 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 494 495 * lib/krb5/krb5_data.3: document krb5_data 496 497 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if 498 prompter is NULL, don't try to ask for a password to 499 change. reported by Iain Moffat @ ufl.edu via Howard Chu 500 <hyc@highlandsun.com> 501 5022003-03-19 Love H�rnquist �strand <lha@it.su.se> 503 504 * lib/krb5/krb5_keytab.3: spelling, from 505 <jmc@prioris.mini.pw.edu.pl> 506 507 * lib/krb5/krb5.conf.5: . means new line 508 509 * lib/krb5/krb5.conf.5: spelling, from 510 <jmc@prioris.mini.pw.edu.pl> 511 512 * lib/krb5/krb5_auth_context.3: spelling, from 513 <jmc@prioris.mini.pw.edu.pl> 514 5152003-03-18 Love H�rnquist �strand <lha@it.su.se> 516 517 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 518 519 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time 520 521 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time 522 523 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out 524 #ifdef KRB4 from enable_v4_cross_realm since 524 needs it 525 526 * kdc/config.c: 524 is independent of kerberos 4, so move out 527 enable_v4_cross_realm from #ifdef KRB4 since 524 needs it 528 5292003-03-17 Assar Westerlund <assar@kth.se> 530 531 * kdc/kdc.8: document --kerberos4-cross-realm 532 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm 533 * kdc/kdc_locl.h (enable_v4_cross_realm): add 534 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm 535 flag before giving out v4 tickets for foreign v5 principals 536 * kdc/config.c: add --enable-kerberos4-cross-realm option (default 537 to off) 538 5392003-03-17 Love H�rnquist �strand <lha@it.su.se> 540 541 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 542 543 * lib/krb5/krb5_aname_to_localname.3: manpage for 544 krb5_aname_to_localname 545 546 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ 547 5482003-03-16 Love H�rnquist �strand <lha@it.su.se> 549 550 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 551 552 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 553 554 * lib/krb5/krb5_set_default_realm.3: Manpage for 555 krb5_free_host_realm, krb5_get_default_realm, 556 krb5_get_default_realms, krb5_get_host_realm, and 557 krb5_set_default_realm. 558 559 * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado 560 <sobrado@acm.org> via NetBSD 561 562 * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type 563 564 * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab 565 566 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix 567 568 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more 569 types, add krb5_fcc_ops and krb5_mcc_ops 570 571 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for 572 a id 573 5742003-03-15 Love H�rnquist �strand <lha@it.su.se> 575 576 * doc/intro.texi: add reference to source code, binaries and the 577 manual 578 579 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal 580 5812003-03-14 Love H�rnquist �strand <lha@it.su.se> 582 583 * kdc/kdc.8: better/difrent english 584 585 * kdc/kdc.8: . -> .\n, copyright/license 586 587 * kdc/kdc.8: changed configuration file -> restart kdc 588 589 * kdc/kerberos4.c: add krb4 into the most error messages written 590 to the logfile 591 592 * lib/krb5/krb5_ccache.3: add missing name of argument 593 (krb5_context) to most functions 594 5952003-03-13 Love H�rnquist �strand <lha@it.su.se> 596 597 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of 598 function and return FALSE when there isn't a local account for 599 `luser'. 600 601 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text 602 describing the function 603 6042003-03-12 Love H�rnquist �strand <lha@it.su.se> 605 606 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name 607 returned memory, don't return ENOMEM 608 6092003-03-11 Love H�rnquist �strand <lha@it.su.se> 610 611 * lib/krb5/krb5.3: add krb5_address stuff and sort 612 613 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description 614 615 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 616 617 * lib/krb5/krb5_address.3: document types krb5_address and 618 krb5_addresses and their helper functions 619 6202003-03-10 Love H�rnquist �strand <lha@it.su.se> 621 622 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 623 624 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se 625 626 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 627 628 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se 629 630 * lib/krb5/krb5.3: add more functions 631 632 * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc 633 functions 634 635 * lib/krb5/krb5_kuserok.3: document krb5_kuserok 636 637 * lib/krb5/krb5_verify_user.3: document 638 krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior 639 640 * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and 641 krb5_verify_user_opt 642 643 * lib/krb5/*.[0-9]: add copyright/licenses on more manpages 644 645 * kuser/kdestroy.c (main): handle that krb5_cc_default_name can 646 return NULL 647 648 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor 649 (TESTS): add test_cc 650 651 * lib/krb5/test_cc.c: test some 652 krb5_cc_default_name/krb5_cc_set_default_name combinations 653 654 * lib/krb5/context.c (init_context_from_config_file): set 655 default_cc_name to NULL 656 (krb5_free_context): free default_cc_name if set 657 658 * lib/krb5/cache.c (krb5_cc_set_default_name): new function 659 (krb5_cc_default_name): use krb5_cc_set_default_name 660 661 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name 662 6632003-02-25 Love H�rnquist �strand <lha@it.su.se> 664 665 * appl/kf/kf.1: s/securly/securely/ from NetBSD 666 6672003-02-18 Love H�rnquist �strand <lha@it.su.se> 668 669 * kdc/connect.c: s/intialize/initialize, from 670 <jmc@prioris.mini.pw.edu.pl> 671 6722003-02-17 Love H�rnquist �strand <lha@it.su.se> 673 674 * configure.in: add AM_MAINTAINER_MODE 675 6762003-02-16 Love H�rnquist �strand <lha@it.su.se> 677 678 * **/*.[0-9]: add copyright/licenses on all manpages 679 6802003-14-16 Jacques Vidrine <nectar@kth.se> 681 682 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single 683 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption 684 type specified by the KDC. 685 6862003-02-15 Love H�rnquist �strand <lha@it.su.se> 687 688 * fix-export: some autoconf put their version number in 689 autom4te.cache, so remove autom4te*.cache 690 691 * fix-export: make sure $1 is a directory 692 6932003-02-04 Love H�rnquist �strand <lha@it.su.se> 694 695 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 696 697 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 698 6992003-01-31 Love H�rnquist �strand <lha@it.su.se> 700 701 * kdc/hpropd.8: s/databases/a database/ s/Not/not/ 702 703 * kdc/hprop.8: add missing . 704 7052003-01-30 Love H�rnquist �strand <lha@it.su.se> 706 707 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, 708 address, write out encryption type in sentences, s/Host/host 709 7102003-01-26 Love H�rnquist �strand <lha@it.su.se> 711 712 * lib/asn1/check-gen.c: add checks for Authenticator too 713 7142003-01-25 Love H�rnquist �strand <lha@it.su.se> 715 716 * doc/setup.texi: in the hprop example, use hprop and the first 717 component, not host 718 719 * lib/krb5/get_addrs.c (find_all_addresses): address-less 720 point-to-point might not have an address, just ignore 721 those. Reported by Harald Barth. 722 7232003-01-23 Love H�rnquist �strand <lha@it.su.se> 724 725 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't 726 found, don't print out all known keys 727 728 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity 729 and facility start resp 730 (check_log): find_value() returns -1 when key isn't found 731 732 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a 733 'const void *' to avoid AES_KEY being exposed in krb5-private.h 734 735 * lib/krb5/krb5.conf.5: add [kdc]use_2b 736 737 * kdc/524.c (encode_524_response): its 2b not b2 738 739 * doc/misc.texi: quote @ where missing 740 741 * lib/asn1/Makefile.am: add check-gen 742 743 * lib/asn1/check-gen.c: add Principal check 744 745 * lib/asn1/check-common.h: move generic asn1/der functions from 746 check-der.c to here 747 748 * lib/asn1/check-common.c: move generic asn1/der functions from 749 check-der.c to here 750 751 * lib/asn1/check-der.c: move out the generic asn1/der functions to 752 a common file 753 7542003-01-22 Love H�rnquist �strand <lha@it.su.se> 755 756 * doc/misc.texi: more text about afs, how to get get your KeyFile, 757 and how to start use 2b tokens 758 759 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre 760 <jmc@cvs.openbsd.org> 761 7622003-01-21 Jacques Vidrine <nectar@kth.se> 763 764 * kuser/kuser_locl.h: include crypto-headers.h for 765 des_read_pw_string prototype 766 7672003-01-16 Love H�rnquist �strand <lha@it.su.se> 768 769 * admin/ktutil.8: document -v, --verbose 770 771 * admin/get.c (kt_get): make getarg usage consistent with other 772 other parts of ktutil 773 774 * admin/copy.c (kt_copy): remove adding verbose_flag to args 775 struct, since it will overrun the args array (from Sumit Bose) 776 7772003-01-15 Love H�rnquist �strand <lha@it.su.se> 778 779 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = 780 ... } 781 782 * lib/krb5/aes-test.c: test vectors in aes-draft 783 784 * lib/krb5/Makefile.am: add aes-test.c 785 786 * lib/krb5/crypto.c: Add support for AES 787 (draft-raeburn-krb-rijndael-krb-02), not enabled by default. 788 (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify 789 to support checksumtype that are have a shorter wireformat then 790 their output block size. 791 792 * lib/krb5/crypto.c (struct encryption_type): split the blocksize 793 into blocksize and padsize, padsize is the minimum padding 794 size. they are the same for now 795 (enctype_*): add padsize 796 (encrypt_internal): use padsize 797 (encrypt_internal_derived): use padsize 798 (wrapped_length): use padsize 799 (wrapped_length_dervied): use padsize 800 801 * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key 802 function for each enctype in preparation enctypes that uses 803 `Encryption and Checksum Specifications for Kerberos 5' draft 804 805 * lib/asn1/k5.asn1: add checksum and enctype for AES from 806 draft-raeburn-krb-rijndael-krb-02.txt 807 808 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, 809 KEYTYPE_AES256 810 8112003-01-14 Love H�rnquist �strand <lha@it.su.se> 812 813 * lib/hdb/common.c (_hdb_fetch): handle error code from 814 hdb_value2entry 815 816 * kdc/Makefile.am: always include kerberos4.c and 524.c in 817 kdc_SOURCES to support 524 818 819 * kdc/524.c: always compile in support for 524 820 821 * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 822 823 * kdc/config.c: always compile in support for 524 824 825 * kdc/connect.c: always compile in support for 524 826 827 * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() 828 even when we build without kerberos 4, 524 needs them 829 830 * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out 831 Kerberos 4 help functions/structures so other parts of the source 832 tree can use it (like the KDC) 833 834