ChangeLog revision 120945 
12003-05-08  Johan Danielsson  <joda@ratatosk.pdc.kth.se>
2
3	* Release 0.6
4
52003-05-08  Love H�rnquist �strand  <lha@it.su.se>
6
7	* kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
8	support
9
10	* kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
11	v4 support
12
13	* kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
14	support
15
162003-05-06  Johan Danielsson  <joda@pdc.kth.se>
17
18	* lib/krb5/name-45-test.c: need to use empty krb5.conf for some
19	tests
20
21	* lib/asn1/check-gen.c: there is no \e escape sequence; replace
22	everything with hex-codes, and cast to unsigned char* to make some
23	compilers happy
24
252003-05-06  Love H�rnquist �strand  <lha@it.su.se>
26
27	* lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
28	argument to krb5_us_timeofday have correct type
29	
302003-05-05  Assar Westerlund  <assar@kth.se>
31
32	* include/make_crypto.c (main): include aes.h if ENABLE_AES
33
342003-05-05  Love H�rnquist �strand  <lha@it.su.se>
35
36	* NEWS: 1.108->1.110: fix text about gssapi compat
37	
382003-04-28  Love H�rnquist �strand  <lha@it.su.se>
39
40	* kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
41	from openbsd
42
432003-04-24  Love H�rnquist �strand  <lha@it.su.se>
44
45	* doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
46	<jmc@prioris.mini.pw.edu.pl>
47
482003-04-22  Love H�rnquist �strand  <lha@it.su.se>
49
50	* lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
51	via openbsd
52
532003-04-17  Love H�rnquist �strand  <lha@it.su.se>
54
55	* lib/asn1/der_copy.c (copy_general_string): use strdup
56	* lib/asn1/der_put.c: remove sprintf
57	* lib/asn1/gen.c: remove strcpy/sprintf
58	
59	* lib/krb5/name-45-test.c: use a more unique name then ratatosk so
60	that other (me) have such hosts in the local domain and the tests
61	fails, to take hokkigai.pdc.kth.se instead
62	
63	* lib/krb5/test_alname.c: add --version and --help
64	
652003-04-16  Love H�rnquist �strand  <lha@it.su.se>
66
67	* lib/krb5/krb5_warn.3: add krb5_get_err_text
68	
69	* lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
70	* lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
71	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
72	strlcpy, from openbsd
73	* kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
74	* appl/kf/kfd.c: use strlcpy, from openbsd
75	
762003-04-16  Johan Danielsson  <joda@pdc.kth.se>
77
78	* configure.in: fix for large file support in AIX, _LARGE_FILES
79	needs to be defined on the command line, since lex likes to
80	include stdio.h before we get to config.h
81
822003-04-16  Love H�rnquist �strand  <lha@it.su.se>
83	
84	* lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
85	from Thomas Klausner <wiz@netbsd.org>
86	
87	* lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
88	<wiz@netbsd.org>
89
902003-04-15  Love H�rnquist �strand  <lha@it.su.se>
91
92	* kdc/kerberos5.c: fix some more memory leaks
93	
942003-04-11  Love H�rnquist �strand  <lha@it.su.se>
95
96	* appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
97	
982003-04-08  Love H�rnquist �strand  <lha@it.su.se>
99
100	* admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
101	
1022003-04-06  Love H�rnquist �strand  <lha@it.su.se>
103
104	* lib/krb5/krb5.3: s/kerberos/Kerberos/
105	* lib/krb5/krb5_data.3: s/kerberos/Kerberos/
106	* lib/krb5/krb5_address.3: s/kerberos/Kerberos/
107	* lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
108	* lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
109	* kuser/kinit.1: s/kerberos/Kerberos/
110	* kdc/kdc.8: s/kerberos/Kerberos/
111	
1122003-04-01  Love H�rnquist �strand  <lha@it.su.se>
113
114	* lib/krb5/test_alname.c: more krb5_aname_to_localname tests
115	
116	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
117	converting too root, make sure user is ok according to
118	krb5_kuserok before allowing it.
119
120	* lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
121	
122	* lib/krb5/test_alname.c: add test for krb5_aname_to_localname
123	
124	* lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
125	instead of the "illegal" salt #~, same change as kth-krb did
126	1999. Problems occur with crypt() that behaves like AT&T crypt
127	(openssl does this). Pointed out by Marcus Watts.
128
129	* admin/change.c (kt_change): collect all principals we are going
130	to change, and pick the highest kvno and use that to guess what
131	kvno the resulting kvno is going to be. Now two ktutil change in a
132	row works. XXX fix the protocol to pass the kvno back.
133	
1342003-03-31  Love H�rnquist �strand  <lha@it.su.se>
135
136	* appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
137	
1382003-03-30  Love H�rnquist �strand  <lha@it.su.se>
139
140	* doc/setup.texi: add description on how to turn on v4, 524 and
141	kaserver support
142
1432003-03-29  Love H�rnquist �strand  <lha@it.su.se>
144
145	* lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
146	and afs-use-524
147
1482003-03-28  Love H�rnquist �strand  <lha@it.su.se>
149
150	* kdc/kerberos5.c (as_rep): when the second enctype_to_string
151	failes, remember to free memory from the first enctype_to_string
152
153	* lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
154	from Harald Joerg <harald.joerg@fujitsu-siemens.com>
155	(enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
156
157	* lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
158	length when key is longer then expected length, its probably
159	longer since the encrypted data was padded, reported by Aidan
160	Cully <aidan@kublai.com>
161
162	* lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
163	encyption type, inspired by Aidan Cully <aidan@kublai.com>
164	
1652003-03-27  Love H�rnquist �strand  <lha@it.su.se>
166
167	* lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
168	(wildcard kvno) after principal when the keytab entry isn't found,
169	reported by Chris Chiappa <chris@chiappa.net>
170	
1712003-03-26  Love H�rnquist �strand  <lha@it.su.se>
172
173	* doc/misc.texi: update 2b example to match reality (from
174	mattiasa@e.kth.se)
175
176	* doc/misc.texi: spelling and add `Configuring AFS clients'
177	subsection
178
1792003-03-25  Love H�rnquist �strand  <lha@it.su.se>
180
181	* lib/krb5/krb5.3: add krb5_free_data_contents.3
182	
183	* lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
184	API
185
186	* lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
187	with MIT API
188	
189	* lib/krb5/krb5_verify_user.3: write more about how the ccache
190	argument should be inited when used
191	
1922003-03-25  Johan Danielsson  <joda@pdc.kth.se>
193
194	* lib/krb5/addr_families.c (krb5_print_address): make sure
195	print_addr is defined for the given address type; make addrports
196	printable
197
198	* kdc/string2key.c: print the used enctype for kerberos 5 keys
199
2002003-03-25  Love H�rnquist �strand  <lha@it.su.se>
201
202	* lib/krb5/aes-test.c: add another arcfour test
203	
2042003-03-22  Love H�rnquist �strand  <lha@it.su.se>
205
206	* lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
207	
2082003-03-20  Love H�rnquist �strand  <lha@it.su.se>
209	
210	* lib/krb5/krb5_ccache.3: update .Dd
211
212	* lib/krb5/krb5.3: sort in krb5_data functions
213
214	* lib/krb5/Makefile.am (man_MANS): += krb5_data.3
215
216	* lib/krb5/krb5_data.3: document krb5_data
217
218	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
219	prompter is NULL, don't try to ask for a password to
220	change. reported by Iain Moffat @ ufl.edu via Howard Chu
221	<hyc@highlandsun.com>
222
2232003-03-19  Love H�rnquist �strand  <lha@it.su.se>
224
225	* lib/krb5/krb5_keytab.3: spelling, from
226	<jmc@prioris.mini.pw.edu.pl>
227
228	* lib/krb5/krb5.conf.5: . means new line
229	
230	* lib/krb5/krb5.conf.5: spelling, from
231	<jmc@prioris.mini.pw.edu.pl>
232
233	* lib/krb5/krb5_auth_context.3: spelling, from
234	<jmc@prioris.mini.pw.edu.pl>
235
2362003-03-18  Love H�rnquist �strand  <lha@it.su.se>
237
238	* kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
239	
240	* lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
241	
242	* lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
243
244	* kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
245	#ifdef KRB4 from enable_v4_cross_realm since 524 needs it
246	
247	* kdc/config.c: 524 is independent of kerberos 4, so move out
248	enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
249	
2502003-03-17  Assar Westerlund  <assar@kth.se>
251
252	* kdc/kdc.8: document --kerberos4-cross-realm
253	* kdc/kerberos4.c: pay attention to enable_v4_cross_realm
254	* kdc/kdc_locl.h (enable_v4_cross_realm): add
255	* kdc/524.c (encode_524_response): check the enable_v4_cross_realm
256	flag before giving out v4 tickets for foreign v5 principals
257	* kdc/config.c: add --enable-kerberos4-cross-realm option (default
258	to off)
259
2602003-03-17  Love H�rnquist �strand  <lha@it.su.se>
261
262	* lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
263	
264	* lib/krb5/krb5_aname_to_localname.3: manpage for
265	krb5_aname_to_localname
266
267	* lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
268	
2692003-03-16  Love H�rnquist �strand  <lha@it.su.se>
270
271	* lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
272
273	* lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
274
275	* lib/krb5/krb5_set_default_realm.3: Manpage for
276	krb5_free_host_realm, krb5_get_default_realm,
277	krb5_get_default_realms, krb5_get_host_realm, and
278	krb5_set_default_realm.
279
280	* admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
281	<sobrado@acm.org> via NetBSD
282
283	* lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
284	
285	* lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
286	
287	* lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
288	
289	* lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
290	types, add krb5_fcc_ops and krb5_mcc_ops
291	
292	* lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
293	a id
294
2952003-03-15  Love H�rnquist �strand  <lha@it.su.se>
296
297	* doc/intro.texi: add reference to source code, binaries and the
298	manual
299
300	* lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
301	
3022003-03-14  Love H�rnquist �strand  <lha@it.su.se>
303
304	* kdc/kdc.8: better/difrent english
305
306	* kdc/kdc.8: . -> .\n, copyright/license
307	
308	* kdc/kdc.8: changed configuration file -> restart kdc
309
310	* kdc/kerberos4.c: add krb4 into the most error messages written
311	to the logfile
312
313	* lib/krb5/krb5_ccache.3: add missing name of argument
314	(krb5_context) to most functions
315
3162003-03-13  Love H�rnquist �strand  <lha@it.su.se>
317
318	* lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
319	function and return FALSE when there isn't a local account for
320	`luser'.
321
322	* lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
323	describing the function
324
3252003-03-12  Love H�rnquist �strand  <lha@it.su.se>
326
327	* lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
328	returned memory, don't return ENOMEM
329
3302003-03-11  Love H�rnquist �strand  <lha@it.su.se>
331
332	* lib/krb5/krb5.3: add krb5_address stuff and sort
333	
334	* lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
335	
336	* lib/krb5/Makefile.am (man_MANS): += krb5_address.3
337	
338	* lib/krb5/krb5_address.3: document types krb5_address and
339	krb5_addresses and their helper functions
340
3412003-03-10  Love H�rnquist �strand  <lha@it.su.se>
342
343	* lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
344
345	* lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
346
347	* lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
348
349	* lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
350	
351	* lib/krb5/krb5.3: add more functions
352	
353	* lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
354	functions
355
356	* lib/krb5/krb5_kuserok.3: document krb5_kuserok
357	
358	* lib/krb5/krb5_verify_user.3: document
359	krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
360
361	* lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
362	krb5_verify_user_opt
363
364	* lib/krb5/*.[0-9]: add copyright/licenses on more manpages
365
366	* kuser/kdestroy.c (main): handle that krb5_cc_default_name can
367	return NULL
368
369	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
370	(TESTS): add test_cc
371
372	* lib/krb5/test_cc.c: test some
373	krb5_cc_default_name/krb5_cc_set_default_name combinations
374	
375	* lib/krb5/context.c (init_context_from_config_file): set
376	default_cc_name to NULL
377	(krb5_free_context): free default_cc_name if set
378
379	* lib/krb5/cache.c (krb5_cc_set_default_name): new function
380	(krb5_cc_default_name): use krb5_cc_set_default_name
381
382	* lib/krb5/krb5.h (krb5_context_data): add default_cc_name
383	
3842003-02-25  Love H�rnquist �strand  <lha@it.su.se>
385
386	* appl/kf/kf.1: s/securly/securely/ from NetBSD
387	
3882003-02-18  Love H�rnquist �strand  <lha@it.su.se>
389
390	* kdc/connect.c: s/intialize/initialize, from
391	<jmc@prioris.mini.pw.edu.pl>
392
3932003-02-17  Love H�rnquist �strand  <lha@it.su.se>
394
395	* configure.in: add AM_MAINTAINER_MODE
396	
3972003-02-16  Love H�rnquist �strand  <lha@it.su.se>
398
399	* **/*.[0-9]: add copyright/licenses on all manpages
400
4012003-14-16  Jacques Vidrine  <nectar@kth.se>
402
403	* lib/krb5/get_in_tkt.c (init_as_req): Send only a single
404	PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
405	type specified by the KDC.
406
4072003-02-15  Love H�rnquist �strand  <lha@it.su.se>
408
409	* fix-export: some autoconf put their version number in
410	autom4te.cache, so remove autom4te*.cache
411	
412	* fix-export: make sure $1 is a directory
413	
4142003-02-04  Love H�rnquist �strand  <lha@it.su.se>
415
416	* kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
417
418	* kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
419	
4202003-01-31  Love H�rnquist �strand  <lha@it.su.se>
421
422	* kdc/hpropd.8: s/databases/a database/ s/Not/not/
423
424	* kdc/hprop.8: add missing .
425	
4262003-01-30  Love H�rnquist �strand  <lha@it.su.se>
427
428	* lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
429	address, write out encryption type in sentences, s/Host/host
430	
4312003-01-26  Love H�rnquist �strand  <lha@it.su.se>
432
433	* lib/asn1/check-gen.c: add checks for Authenticator too
434	
4352003-01-25  Love H�rnquist �strand  <lha@it.su.se>
436
437	* doc/setup.texi: in the hprop example, use hprop and the first
438	component, not host
439
440	* lib/krb5/get_addrs.c (find_all_addresses): address-less
441	point-to-point might not have an address, just ignore
442	those. Reported by Harald Barth.
443
4442003-01-23  Love H�rnquist �strand  <lha@it.su.se>
445
446	* lib/krb5/verify_krb5_conf.c (check_section): when key isn't
447	found, don't print out all known keys
448
449	* lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
450	and facility start resp
451	(check_log): find_value() returns -1 when key isn't found
452
453	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
454	'const void *' to avoid AES_KEY being exposed in krb5-private.h
455	
456	* lib/krb5/krb5.conf.5: add [kdc]use_2b
457
458	* kdc/524.c (encode_524_response): its 2b not b2
459	
460	* doc/misc.texi: quote @ where missing
461	
462	* lib/asn1/Makefile.am: add check-gen
463	
464	* lib/asn1/check-gen.c: add Principal check
465	
466	* lib/asn1/check-common.h: move generic asn1/der functions from
467	check-der.c to here
468
469	* lib/asn1/check-common.c: move generic asn1/der functions from
470	check-der.c to here
471
472	* lib/asn1/check-der.c: move out the generic asn1/der functions to
473	a common file
474
4752003-01-22  Love H�rnquist �strand  <lha@it.su.se>
476
477	* doc/misc.texi: more text about afs, how to get get your KeyFile,
478	and how to start use 2b tokens
479
480	* lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
481	<jmc@cvs.openbsd.org>
482	
4832003-01-21  Jacques Vidrine  <nectar@kth.se>
484
485	* kuser/kuser_locl.h: include crypto-headers.h for
486	des_read_pw_string prototype
487
4882003-01-16  Love H�rnquist �strand  <lha@it.su.se>
489
490	* admin/ktutil.8: document -v, --verbose
491
492	* admin/get.c (kt_get): make getarg usage consistent with other
493	other parts of ktutil
494
495	* admin/copy.c (kt_copy): remove adding verbose_flag to args
496	struct, since it will overrun the args array (from Sumit Bose)
497	
4982003-01-15  Love H�rnquist �strand  <lha@it.su.se>
499
500	* lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
501	... }
502
503	* lib/krb5/aes-test.c: test vectors in aes-draft
504	
505	* lib/krb5/Makefile.am: add aes-test.c
506
507	* lib/krb5/crypto.c: Add support for AES
508	(draft-raeburn-krb-rijndael-krb-02), not enabled by default.
509	(HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
510	to support checksumtype that are have a shorter wireformat then
511	their output block size.
512	
513	* lib/krb5/crypto.c (struct encryption_type): split the blocksize
514	into blocksize and padsize, padsize is the minimum padding
515	size. they are the same for now
516	(enctype_*): add padsize
517	(encrypt_internal): use padsize
518	(encrypt_internal_derived): use padsize
519	(wrapped_length): use padsize
520	(wrapped_length_dervied): use padsize
521
522	* lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
523	function for each enctype in preparation enctypes that uses
524	`Encryption and Checksum Specifications for Kerberos 5' draft
525	
526	* lib/asn1/k5.asn1: add checksum and enctype for AES from
527	draft-raeburn-krb-rijndael-krb-02.txt
528
529	* lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
530	KEYTYPE_AES256
531
5322003-01-14  Love H�rnquist �strand  <lha@it.su.se>
533
534	* lib/hdb/common.c (_hdb_fetch): handle error code from
535	hdb_value2entry
536
537	* kdc/Makefile.am: always include kerberos4.c and 524.c in
538	kdc_SOURCES to support 524
539
540	* kdc/524.c: always compile in support for 524
541	
542	* kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
543	
544	* kdc/config.c: always compile in support for 524
545	
546	* kdc/connect.c: always compile in support for 524
547	
548	* kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
549	even when we build without kerberos 4, 524 needs them
550	
551	* lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
552	Kerberos 4 help functions/structures so other parts of the source
553	tree can use it (like the KDC)
554
555