172445Sassar2000-12-31 Assar Westerlund <assar@sics.se> 272445Sassar 372445Sassar * lib/krb5/test_get_addrs.c (main): handle krb5_init_context 472445Sassar failure consistently 572445Sassar * lib/krb5/string-to-key-test.c (main): handle krb5_init_context 672445Sassar failure consistently 772445Sassar * lib/krb5/prog_setup.c (krb5_program_setup): handle 872445Sassar krb5_init_context failure consistently 972445Sassar * lib/hdb/convert_db.c (main): handle krb5_init_context failure 1072445Sassar consistently 1172445Sassar * kuser/kverify.c (main): handle krb5_init_context failure 1272445Sassar consistently 1372445Sassar * kuser/klist.c (main): handle krb5_init_context failure 1472445Sassar consistently 1572445Sassar * kuser/kinit.c (main): handle krb5_init_context failure 1672445Sassar consistently 1772445Sassar * kuser/kgetcred.c (main): handle krb5_init_context failure 1872445Sassar consistently 1972445Sassar * kuser/kdestroy.c (main): handle krb5_init_context failure 2072445Sassar consistently 2172445Sassar * kuser/kdecode_ticket.c (main): handle krb5_init_context failure 2272445Sassar consistently 2372445Sassar * kuser/generate-requests.c (generate_requests): handle 2472445Sassar krb5_init_context failure consistently 2572445Sassar * kpasswd/kpasswd.c (main): handle krb5_init_context failure 2672445Sassar consistently 2772445Sassar * kpasswd/kpasswd-generator.c (generate_requests): handle 2872445Sassar krb5_init_context failure consistently 2972445Sassar * kdc/main.c (main): handle krb5_init_context failure consistently 3072445Sassar * appl/test/uu_client.c (proto): handle krb5_init_context failure 3172445Sassar consistently 3272445Sassar * appl/kf/kf.c (main): handle krb5_init_context failure 3372445Sassar consistently 3472445Sassar * admin/ktutil.c (main): handle krb5_init_context failure 3572445Sassar consistently 3672445Sassar 3772445Sassar * admin/get.c (kt_get): more error checking 3872445Sassar 3972445Sassar2000-12-29 Assar Westerlund <assar@sics.se> 4072445Sassar 4172445Sassar * lib/asn1/asn1_print.c (loop): check for length longer than data. 4272445Sassar inspired by lha@stacken.kth.se 4372445Sassar 4472445Sassar2000-12-16 Johan Danielsson <joda@pdc.kth.se> 4572445Sassar 4672445Sassar * admin/ktutil.8: reflect recent changes 4772445Sassar 4872445Sassar * admin/copy.c: don't copy an entry that already exists in the 4972445Sassar keytab, and warn if the keyblock differs 5072445Sassar 5172445Sassar2000-12-15 Johan Danielsson <joda@pdc.kth.se> 5272445Sassar 5372445Sassar * admin/Makefile.am: merge srvconvert and srvcreate with copy 5472445Sassar 5572445Sassar * admin/copy.c: merge srvconvert and srvcreate with copy 5672445Sassar 5772445Sassar * lib/krb5/Makefile.am: always build keytab_krb4.c 5872445Sassar 5972445Sassar * lib/krb5/context.c: always register the krb4 keytab functions 6072445Sassar 6172445Sassar * lib/krb5/krb5.h: declare krb4_ftk_ops 6272445Sassar 6372445Sassar * lib/krb5/keytab_krb4.c: We don't really need to include krb.h 6472445Sassar here, since we only use the principal size macros, so define these 6572445Sassar here. Theoretically someone could have a krb4 system where these 6672445Sassar values are != 40, but this is unlikely, and 6772445Sassar krb5_524_conv_principal also assume they are 40. 6872445Sassar 6972445Sassar2000-12-13 Johan Danielsson <joda@pdc.kth.se> 7072445Sassar 7172445Sassar * lib/krb5/krb5.h: s/krb5_donot_reply/krb5_donot_replay/ 7272445Sassar 7372445Sassar * lib/krb5/replay.c: fix query-replace-o from MD5 API change, and 7472445Sassar the struct is called krb5_donot_replay 7572445Sassar 7672445Sassar2000-12-12 Assar Westerlund <assar@sics.se> 7772445Sassar 7872445Sassar * admin/srvconvert.c (srvconvert): do not use data after free:ing 7972445Sassar it 8072445Sassar 8172445Sassar2000-12-11 Assar Westerlund <assar@sics.se> 8272445Sassar 8372445Sassar * Release 0.3d 8472445Sassar 8572445Sassar2000-12-11 Assar Westerlund <assar@sics.se> 8672445Sassar 8772445Sassar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 14:0:0 8872445Sassar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 6:3:0 8972445Sassar * lib/krb5/Makefile.am (libkrb5_la_LIBADD): add library 9072445Sassar dependencies 9172445Sassar 9272445Sassar2000-12-10 Johan Danielsson <joda@pdc.kth.se> 9372445Sassar 9472445Sassar * lib/krb5/auth_context.c: implement krb5_auth_con_{get,set}rcache 9572445Sassar 9672445Sassar2000-12-08 Assar Westerlund <assar@sics.se> 9772445Sassar 9872445Sassar * lib/krb5/krb5.h (krb5_enctype): add ETYPE_DES3_CBC_NONE_IVEC as 9972445Sassar a new pseudo-type 10072445Sassar 10172445Sassar * lib/krb5/crypto.c (DES_AFS3_CMU_string_to_key): always treat 10272445Sassar cell names as lower case 10372445Sassar (krb5_encrypt_ivec, krb5_decrypt_ivec): new functions that allow an 10472445Sassar explicit ivec to be specified. fix all sub-functions. 10572445Sassar (DES3_CBC_encrypt_ivec): new function that takes an explicit ivec 10672445Sassar 10772445Sassar2000-12-06 Johan Danielsson <joda@pdc.kth.se> 10872445Sassar 10972445Sassar * lib/krb5/Makefile.am: actually build replay cache code 11072445Sassar 11172445Sassar * lib/krb5/replay.c: implement krb5_get_server_rcache 11272445Sassar 11372445Sassar * kpasswd/kpasswdd.c: de-pointerise auth_context parameter to 11472445Sassar krb5_mk_rep 11572445Sassar 11672445Sassar * lib/krb5/recvauth.c: de-pointerise auth_context parameter to 11772445Sassar krb5_mk_rep 11872445Sassar 11972445Sassar * lib/krb5/mk_rep.c: auth_context should not be a pointer 12072445Sassar 12172445Sassar * lib/krb5/auth_context.c: implement krb5_auth_con_genaddrs, and 12272445Sassar make setaddrs_from_fd use that 12372445Sassar 12472445Sassar * lib/krb5/krb5.h: add some more KRB5_AUTH_CONTEXT_* flags 12572445Sassar 12672445Sassar2000-12-05 Johan Danielsson <joda@pdc.kth.se> 12772445Sassar 12872445Sassar * lib/krb5/Makefile.am: add kerberos.8 manpage 12972445Sassar 13072445Sassar * lib/krb5/cache.c: check for NULL remove_cred function 13172445Sassar 13272445Sassar * lib/krb5/fcache.c: pretend that empty files are non-existant 13372445Sassar 13472445Sassar * lib/krb5/get_addrs.c (find_all_addresses): use getifaddrs, from 13572445Sassar Jason Thorpe <thorpej@netbsd.org> 13672445Sassar 13772445Sassar2000-12-01 Assar Westerlund <assar@sics.se> 13872445Sassar 13972445Sassar * configure.in: remove configure-time generation of krb5-config 14072445Sassar * tools/Makefile.am: add generation of krb5-config at make-time 14172445Sassar instead of configure-time 14272445Sassar 14372445Sassar * tools/krb5-config.in: add --prefix and --exec-prefix 14472445Sassar 14572445Sassar2000-11-30 Assar Westerlund <assar@sics.se> 14672445Sassar 14772445Sassar * tools/Makefile.am: add krb5-config.1 14872445Sassar * tools/krb5-config.in: add kadm-client and kadm5-server as 14972445Sassar libraries 15072445Sassar 15172445Sassar2000-11-29 Assar Westerlund <assar@sics.se> 15272445Sassar 15372445Sassar * tools/krb5-config.in: add --prefix, --exec-prefix and gssapi 15472445Sassar 15572445Sassar2000-11-29 Johan Danielsson <joda@pdc.kth.se> 15672445Sassar 15772445Sassar * configure.in: add roken/Makefile here, since it can't live in 15872445Sassar rk_ROKEN 15972445Sassar 16072445Sassar2000-11-16 Assar Westerlund <assar@sics.se> 16172445Sassar 16272445Sassar * configure.in: use the libtool -rpath, do not rely on ld 16372445Sassar understanding -rpath 16472445Sassar 16572445Sassar * configure.in: fix the -Wl stuff for krb4 linking add some 16672445Sassar gratuitous extra options when linking with an existing libdes 16772445Sassar 16872445Sassar2000-11-15 Assar Westerlund <assar@sics.se> 16972445Sassar 17072445Sassar * lib/hdb/hdb.c (hdb_next_enctype2key): const-ize a little bit 17172445Sassar * lib/Makefile.am (SUBDIRS): try to only build des when needed 17272445Sassar * kuser/klist.c: print key versions numbers of v4 tickets in 17372445Sassar verbose mode 17472445Sassar 17572445Sassar * kdc/kerberos5.c (tgs_rep2): adapt to new krb5_verify_ap_req2 17672445Sassar * appl/test/gss_common.c (read_token): remove unused variable 17772445Sassar 17872445Sassar * configure.in (krb4): add -Wl 17972445Sassar (MD4Init et al): look for these in more libraries 18072445Sassar (getmsg): only run test if we have the function 18172445Sassar (AC_OUTPUT): create tools/krb5-config 18272445Sassar 18372445Sassar * tools/krb5-config.in: new script for storing flags to use 18472445Sassar * Makefile.am (SUBDIRS): add tools 18572445Sassar 18672445Sassar * lib/krb5/get_cred.c (make_pa_tgs_req): update to new 18772445Sassar krb5_mk_req_internal 18872445Sassar * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): allow different 18972445Sassar usages for the encryption. change callers 19072445Sassar * lib/krb5/rd_req.c (decrypt_authenticator): add an encryption 19172445Sassar `usage'. also try the old 19272445Sassar (and wrong) usage of KRB5_KU_AP_REQ_AUTH for backwards compatibility 19372445Sassar (krb5_verify_ap_req2): new function for specifying the usage different 19472445Sassar from the default (KRB5_KU_AP_REQ_AUTH) 19572445Sassar * lib/krb5/build_auth.c (krb5_build_authenticator): add a `usage' 19672445Sassar parameter to permit the generation of authenticators with 19772445Sassar different crypto usage 19872445Sassar 19972445Sassar * lib/krb5/mk_req.c (krb5_mk_req_exact): new function that takes a 20072445Sassar krb5_principal 20172445Sassar (krb5_mk_req): use krb5_mk_req_exact 20272445Sassar 20372445Sassar * lib/krb5/mcache.c (mcc_close): free data 20472445Sassar (mcc_destroy): don't free data 20572445Sassar 20672445Sassar2000-11-13 Assar Westerlund <assar@sics.se> 20772445Sassar 20872445Sassar * lib/hdb/ndbm.c: handle both ndbm.h and gdbm/ndbm.h 20972445Sassar * lib/hdb/hdb.c: handle both ndbm.h and gdbm/ndbm.h 21072445Sassar 21172445Sassar2000-11-12 Johan Danielsson <joda@pdc.kth.se> 21272445Sassar 21372445Sassar * kdc/hpropd.8: remove extra .Xc 21472445Sassar 21572445Sassar2000-10-27 Johan Danielsson <joda@pdc.kth.se> 21672445Sassar 21772445Sassar * kuser/kinit.c: fix v4 fallback lifetime calculation 21872445Sassar 21972445Sassar2000-10-10 Johan Danielsson <joda@pdc.kth.se> 22072445Sassar 22172445Sassar * kdc/524.c: fix log messge 22272445Sassar 22372445Sassar2000-10-08 Assar Westerlund <assar@sics.se> 22472445Sassar 22572445Sassar * lib/krb5/changepw.c (krb5_change_password): check for fd's being 22672445Sassar too large to select on 22772445Sassar * kpasswd/kpasswdd.c (add_new_tcp): check for the socket fd being 22872445Sassar too large to select on 22972445Sassar * kdc/connect.c (add_new_tcp): check for the socket fd being too 23072445Sassar large to selct on 23172445Sassar * kdc/connect.c (loop): check that the socket fd is not too large 23272445Sassar to select on 23372445Sassar * lib/krb5/send_to_kdc.c (recv_loop): check `fd' for being too 23472445Sassar large to be able to select on 23572445Sassar 23672445Sassar * kdc/kaserver.c (do_authenticate): check for time skew 23772445Sassar 23872445Sassar2000-10-01 Assar Westerlund <assar@sics.se> 23972445Sassar 24072445Sassar * kdc/524.c (set_address): allocate memory for storing addresses 24172445Sassar in if the original request had an empty set of addresses 24272445Sassar * kdc/524.c (set_address): fix bad return of pointer to automatic 24372445Sassar data 24472445Sassar 24572445Sassar * config.sub: update to version 2000-09-11 (aka 1.181) from 24672445Sassar subversions.gnu.org 24772445Sassar 24872445Sassar * config.guess: update to version 2000-09-05 (aka 1.156) from 24972445Sassar subversions.gnu.org plus some minor tweaks 25072445Sassar 25172445Sassar2000-09-20 Assar Westerlund <assar@juguete.sics.se> 25272445Sassar 25372445Sassar * Release 0.3c 25472445Sassar 25572445Sassar2000-09-19 Assar Westerlund <assar@sics.se> 25672445Sassar 25772445Sassar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 25872445Sassar 13:1:0 25972445Sassar 26072445Sassar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 6:2:0 26172445Sassar 26272445Sassar2000-09-17 Assar Westerlund <assar@sics.se> 26372445Sassar 26472445Sassar * lib/krb5/rd_req.c (krb5_decrypt_ticket): plug some memory leak 26572445Sassar (krb5_rd_req): try not to return an allocated auth_context on error 26672445Sassar 26772445Sassar * lib/krb5/log.c (krb5_vlog_msg): fix const-ness 26872445Sassar 26972445Sassar2000-09-10 Assar Westerlund <assar@sics.se> 27072445Sassar 27172445Sassar * kdc/524.c: re-organize 27272445Sassar * kdc/kerberos5.c (tgs_rep2): try to avoid leaking auth_context 27372445Sassar * kdc/kerberos4.c (valid_princ): check return value of functions 27472445Sassar (encode_v4_ticket): add some const 27572445Sassar * kdc/misc.c (db_fetch): check malloc 27672445Sassar (free_ent): new function 27772445Sassar 27872445Sassar * lib/krb5/log.c (krb5_vlog_msg): log just the format string it we 27972445Sassar fail to allocate the actual string to log, should at least provide 28072445Sassar some hint as to where things went wrong 28172445Sassar 28272445Sassar2000-09-10 Johan Danielsson <joda@pdc.kth.se> 28372445Sassar 28472445Sassar * kdc/log.c: use DEFAULT_LOG_DEST 28572445Sassar 28672445Sassar * kdc/config.c: use _PATH_KDC_CONF 28772445Sassar 28872445Sassar * kdc/kdc_locl.h: add macro constants for kdc.conf, and kdc.log 28972445Sassar 29072445Sassar2000-09-09 Assar Westerlund <assar@sics.se> 29172445Sassar 29272445Sassar * lib/krb5/crypto.c (_key_schedule): re-use an existing schedule 29372445Sassar 29472445Sassar2000-09-06 Johan Danielsson <joda@pdc.kth.se> 29572445Sassar 29672445Sassar * configure.in: fix dpagaix test 29772445Sassar 29872445Sassar2000-09-05 Assar Westerlund <assar@sics.se> 29972445Sassar 30072445Sassar * configure.in: with_dce -> enable_dce. noticed by Ake Sandgren 30172445Sassar <ake@cs.umu.se> 30272445Sassar 30372445Sassar2000-09-01 Johan Danielsson <joda@pdc.kth.se> 30472445Sassar 30572445Sassar * kdc/kstash.8: update manual page 30672445Sassar 30772445Sassar * kdc/kstash.c: fix typo, and remove unused option 30872445Sassar 30972445Sassar * lib/krb5/kerberos.7: short kerberos intro page 31072445Sassar 31172445Sassar2000-08-27 Assar Westerlund <assar@sics.se> 31272445Sassar 31372445Sassar * include/bits.c: add __attribute__ for gcc's pleasure 31472445Sassar * lib/hdb/keytab.c: re-write to delay the opening of the database 31572445Sassar till it's known which principal is being sought, thereby allowing 31672445Sassar the usage of multiple databases, however they need to be specified 31772445Sassar in /etc/krb5.conf since all the programs using this keytab do not 31872445Sassar read kdc.conf 31972445Sassar 32072445Sassar * appl/test/test_locl.h (keytab): add 32172445Sassar * appl/test/common.c: add --keytab 32272445Sassar * lib/krb5/crypto.c: remove trailing commas 32372445Sassar (KRB5_KU_USAGE_SEQ): renamed from KRB5_KU_USAGE_MIC 32472445Sassar 32572445Sassar2000-08-26 Assar Westerlund <assar@sics.se> 32672445Sassar 32772445Sassar * lib/krb5/send_to_kdc.c (send_via_proxy): handle `http://' at the 32872445Sassar beginning of the proxy specification. use getaddrinfo correctly 32972445Sassar (krb5_sendto): always return a return code 33072445Sassar 33172445Sassar * lib/krb5/krb5.h (KRB5_KU_USAGE_MIC): rename to KRB5_KU_USAGE_SEQ 33272445Sassar * lib/krb5/auth_context.c (krb5_auth_con_free): handle 33372445Sassar auth_context == NULL 33472445Sassar 33572445Sassar2000-08-23 Assar Westerlund <assar@sics.se> 33672445Sassar 33772445Sassar * kdc/kerberos5.c (find_type): make sure of always setting 33872445Sassar `ret_etype' correctly. clean-up structure some 33972445Sassar 34072445Sassar2000-08-23 Johan Danielsson <joda@pdc.kth.se> 34172445Sassar 34272445Sassar * lib/krb5/mcache.c: implement resolve 34372445Sassar 34472445Sassar2000-08-18 Assar Westerlund <assar@sics.se> 34572445Sassar 34672445Sassar * kuser/kdecode_ticket.c: check return value from krb5_crypto_init 34772445Sassar * kdc/kerberos5.c, kdc/524.c: check return value from krb5_crypto_init 34872445Sassar * lib/krb5/*.c: check return value from krb5_crypto_init 34972445Sassar 35072445Sassar2000-08-16 Assar Westerlund <assar@sics.se> 35172445Sassar 35272445Sassar * Release 0.3b 35372445Sassar 35472445Sassar2000-08-16 Assar Westerlund <assar@sics.se> 35572445Sassar 35672445Sassar * lib/krb5/Makefile.am: bump version to 13:0:0 35772445Sassar 35872445Sassar * lib/hdb/Makefile.am: set version to 6:1:0 35972445Sassar 36072445Sassar * configure.in: do getmsg testing the same way as in krb4 36172445Sassar 36272445Sassar * lib/krb5/config_file.c (krb5_config_parse_file_debug): make sure 36372445Sassar of closing the file on error 36472445Sassar 36572445Sassar * lib/krb5/crypto.c (encrypt_internal_derived): free the checksum 36672445Sassar after use 36772445Sassar 36872445Sassar * lib/krb5/warn.c (_warnerr): initialize args to make third, 36972445Sassar purify et al happy 37072445Sassar 37172445Sassar2000-08-13 Assar Westerlund <assar@sics.se> 37272445Sassar 37372445Sassar * kdc/kerberos5.c: re-write search for keys code. loop over all 37472445Sassar supported enctypes in order, looping over all keys of each type, 37572445Sassar and picking the one with the v5 default salt preferably 37672445Sassar 37772445Sassar2000-08-10 Assar Westerlund <assar@sics.se> 37872445Sassar 37972445Sassar * appl/test/gss_common.c (enet_read): add and use 38072445Sassar * lib/krb5/krb5.h (heimdal_version, heimdal_long_version): make 38172445Sassar const 38272445Sassar 38372445Sassar * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): add comment on 38472445Sassar checksum type selection 38572445Sassar 38672445Sassar * lib/krb5/context.c (krb5_init_context): do not leak memory on 38772445Sassar failure 38872445Sassar (default_etypes): prefer arcfour-hmac-md5 to des-cbc-md5 38972445Sassar 39072445Sassar * lib/krb5/principal.c: add fnmatch.h 39172445Sassar 39272445Sassar2000-08-09 Assar Westerlund <assar@sics.se> 39372445Sassar 39472445Sassar * configure.in: call AC_PROG_CC and AC_PROG_CPP to make sure later 39572445Sassar checks that should require them don't fail 39672445Sassar * acconfig.h: add HAVE_UINT17_T 39772445Sassar 39872445Sassar2000-08-09 Johan Danielsson <joda@pdc.kth.se> 39972445Sassar 40072445Sassar * kdc/mit_dump.c: handle all sorts of weird MIT salt types 40172445Sassar 40272445Sassar2000-08-08 Johan Danielsson <joda@pdc.kth.se> 40372445Sassar 40472445Sassar * doc/setup.texi: port 212 -> 2121 40572445Sassar 40672445Sassar * lib/krb5/principal.c: krb5_principal_match 40772445Sassar 40872445Sassar2000-08-04 Johan Danielsson <joda@pdc.kth.se> 40972445Sassar 41072445Sassar * lib/asn1/der_get.c: add comment on *why* DCE sometimes used BER 41172445Sassar encoding 41272445Sassar 41372445Sassar * kpasswd/Makefile.am: link with pidfile library 41472445Sassar 41572445Sassar * kpasswd/kpasswdd.c: write a pid file 41672445Sassar 41772445Sassar * kpasswd/kpasswd_locl.h: util.h 41872445Sassar 41972445Sassar * kdc/Makefile.am: link with pidfile library 42072445Sassar 42172445Sassar * kdc/main.c: write a pid file 42272445Sassar 42372445Sassar * kdc/headers.h: util.h 42472445Sassar 42572445Sassar2000-08-04 Assar Westerlund <assar@sics.se> 42672445Sassar 42772445Sassar * lib/krb5/principal.c (krb5_425_conv_principal_ext): always put 42872445Sassar hostnames in lower case 42972445Sassar (default_v4_name_convert): add imap 43072445Sassar 43172445Sassar2000-08-03 Assar Westerlund <assar@sics.se> 43272445Sassar 43372445Sassar * lib/krb5/crc.c (_krb5_crc_update): const-ize (finally) 43472445Sassar 43572445Sassar2000-07-31 Johan Danielsson <joda@pdc.kth.se> 43672445Sassar 43772445Sassar * configure.in: check for uint*_t 43872445Sassar * include/bits.c: define uint*_t 43972445Sassar 44072445Sassar2000-07-29 Assar Westerlund <assar@sics.se> 44172445Sassar 44272445Sassar * kdc/kerberos5.c (check_tgs_flags): set endtime correctly when 44372445Sassar renewing, From Derrick J Brashear <shadow@dementia.org> 44472445Sassar 44572445Sassar2000-07-28 Assar Westerlund <assar@juguete.sics.se> 44672445Sassar 44772445Sassar * Release 0.3a 44872445Sassar 44972445Sassar2000-07-27 Assar Westerlund <assar@sics.se> 45072445Sassar 45172445Sassar * kdc/hprop.c (dump_database): write an empty message to signal 45272445Sassar end of dump 45372445Sassar 45472445Sassar2000-07-26 Assar Westerlund <assar@sics.se> 45572445Sassar 45672445Sassar * lib/krb5/changepw.c (krb5_change_password): try to be more 45772445Sassar careful when not to resend 45872445Sassar 45972445Sassar * lib/hdb/db3.c: always create a cursor with db3. From Derrick J 46072445Sassar Brashear <shadow@dementia.org> 46172445Sassar 46272445Sassar2000-07-25 Johan Danielsson <joda@pdc.kth.se> 46372445Sassar 46472445Sassar * lib/hdb/Makefile.am: bump version to 6:0:0 46572445Sassar 46672445Sassar * lib/asn1/Makefile.am: bump version to 3:0:1 46772445Sassar 46872445Sassar * lib/krb5/Makefile.am: bump version to 12:0:1 46972445Sassar 47072445Sassar * lib/krb5/krb5_config.3: manpage 47172445Sassar 47272445Sassar * lib/krb5/krb5_appdefault.3: manpage 47372445Sassar 47472445Sassar * lib/krb5/appdefault.c: implementation of the krb5_appdefault set 47572445Sassar of functions 47672445Sassar 47772445Sassar2000-07-23 Assar Westerlund <assar@sics.se> 47872445Sassar 47972445Sassar * lib/krb5/init_creds_pw.c (change_password): reset forwardable 48072445Sassar and proxiable. copy preauthentication list correctly from 48172445Sassar supplied options 48272445Sassar 48372445Sassar * kdc/hpropd.c (main): check that the ticket was for `hprop/' for 48472445Sassar paranoid reasons 48572445Sassar 48672445Sassar * lib/krb5/sock_principal.c (krb5_sock_to_principal): look in 48772445Sassar aliases for the real name 48872445Sassar 48972445Sassar2000-07-22 Johan Danielsson <joda@pdc.kth.se> 49072445Sassar 49172445Sassar * doc/setup.texi: say something about starting kadmind from the 49272445Sassar command line 49372445Sassar 49472445Sassar2000-07-22 Assar Westerlund <assar@sics.se> 49572445Sassar 49672445Sassar * kpasswd/kpasswdd.c: use kadm5_s_chpass_principal_cond instead of 49772445Sassar mis-doing it here 49872445Sassar 49972445Sassar * lib/krb5/changepw.c (krb5_change_password): make timeout 1 + 50072445Sassar 2^{0,1,...}. also keep track if we got an old packet back and 50172445Sassar then just wait without sending a new packet 50272445Sassar * lib/krb5/changepw.c: use a datagram socket and remove the 50372445Sassar sequence numbers 50472445Sassar * lib/krb5/changepw.c (krb5_change_password): clarify an 50572445Sassar expression, avoiding a warning 50672445Sassar 50772445Sassar2000-07-22 Johan Danielsson <joda@pdc.kth.se> 50872445Sassar 50972445Sassar * kuser/klist.c: make -a and -n aliases for -v 51072445Sassar 51172445Sassar * lib/krb5/write_message.c: ws 51272445Sassar 51372445Sassar * kdc/hprop-common.c: nuke extra definitions of 51472445Sassar krb5_read_priv_message et.al 51572445Sassar 51672445Sassar * lib/krb5/read_message.c (krb5_read_message): return error if EOF 51772445Sassar 51872445Sassar2000-07-20 Assar Westerlund <assar@sics.se> 51972445Sassar 52072445Sassar * kpasswd/kpasswd.c: print usage consistently 52172445Sassar * kdc/hprop.h (HPROP_KEYTAB): use HDB for the keytab 52272445Sassar * kdc/hpropd.c: add --keytab 52372445Sassar * kdc/hpropd.c: don't care what principal we recvauth as 52472445Sassar 52572445Sassar * lib/krb5/get_cred.c: be more careful of not returning creds at 52672445Sassar all when an error is returned 52772445Sassar * lib/krb5/fcache.c (fcc_gen_new): do mkstemp correctly 52872445Sassar 52972445Sassar2000-07-19 Johan Danielsson <joda@pdc.kth.se> 53072445Sassar 53172445Sassar * fix-export: use autoreconf 53272445Sassar 53372445Sassar * configure.in: remove stuff that belong in roken, and remove some 53472445Sassar obsolete constructs 53572445Sassar 53672445Sassar2000-07-18 Johan Danielsson <joda@pdc.kth.se> 53772445Sassar 53872445Sassar * configure.in: fix some typos 53972445Sassar 54072445Sassar * appl/Makefile.am: dceutil*s* 54172445Sassar 54272445Sassar * missing: update to missing from automake 1.4a 54372445Sassar 54472445Sassar2000-07-17 Johan Danielsson <joda@pdc.kth.se> 54572445Sassar 54672445Sassar * configure.in: try to get xlc flags from ibmcxx.cfg use 54772445Sassar conditional for X use readline cf macro 54872445Sassar 54972445Sassar * configure.in: subst AIX compiler flags 55072445Sassar 55172445Sassar2000-07-15 Johan Danielsson <joda@pdc.kth.se> 55272445Sassar 55372445Sassar * configure.in: pass sixth parameter to test-package; use some 55472445Sassar newer autoconf constructs 55572445Sassar 55672445Sassar * ltmain.sh: update to libtool 1.3c 55772445Sassar 55872445Sassar * ltconfig: update to libtool 1.3c 55972445Sassar 56072445Sassar * configure.in: update this to newer auto*/libtool 56172445Sassar 56272445Sassar * appl/Makefile.am: use conditional for dce 56372445Sassar 56472445Sassar * lib/Makefile.am: use conditional for dce 56572445Sassar 56672445Sassar2000-07-11 Johan Danielsson <joda@pdc.kth.se> 56772445Sassar 56872445Sassar * lib/krb5/write_message.c: krb5_write_{priv,save}_message 56972445Sassar * lib/krb5/read_message.c: krb5_read_{priv,save}_message 57072445Sassar * lib/krb5/convert_creds.c: try port kerberos/88 if no response on 57172445Sassar krb524/4444 57272445Sassar 57372445Sassar * lib/krb5/convert_creds.c: use krb5_sendto 57472445Sassar 57572445Sassar * lib/krb5/send_to_kdc.c: add more generic krb5_sendto that send 57672445Sassar to a port at arbitrary list of hosts 57772445Sassar 57872445Sassar2000-07-10 Johan Danielsson <joda@pdc.kth.se> 57972445Sassar 58072445Sassar * doc/misc.texi: language; say something about kadmin del_enctype 58172445Sassar 58272445Sassar2000-07-10 Assar Westerlund <assar@sics.se> 58372445Sassar 58472445Sassar * appl/kf/Makefile.am: actually install 58572445Sassar 58672445Sassar2000-07-08 Assar Westerlund <assar@sics.se> 58772445Sassar 58872445Sassar * configure.in (AM_INIT_AUTOMAKE): bump to 0.3a-pre 58972445Sassar (AC_ROKEN): roken is now at 10 59072445Sassar 59172445Sassar * lib/krb5/string-to-key-test.c: add a arcfour-hmac-md5 test case 59272445Sassar * kdc/Makefile.am (INCLUDES): add ../lib/krb5 59372445Sassar * configure.in: update for standalone roken 59472445Sassar * lib/Makefile.am (SUBDIRS): make roken conditional 59572445Sassar * kdc/hprop.c: update to new hdb_seal_keys_mkey 59672445Sassar * lib/hdb/mkey.c (_hdb_unseal_keys_int, _hdb_seal_keys_int): 59772445Sassar rename and export them 59872445Sassar 59972445Sassar * kdc/headers.h: add krb5_locl.h (since we just use some stuff 60072445Sassar from there) 60172445Sassar 60272445Sassar2000-07-08 Johan Danielsson <joda@pdc.kth.se> 60372445Sassar 60472445Sassar * kuser/klist.1: update for -f and add some more text for -v 60572445Sassar 60672445Sassar * kuser/klist.c: use rtbl to format cred listing, add -f and -s 60772445Sassar 60872445Sassar * lib/krb5/crypto.c: fix type in des3-cbc-none 60972445Sassar 61072445Sassar * lib/hdb/mkey.c: add key usage 61172445Sassar 61272445Sassar * kdc/kstash.c: remove writing of old keyfile, and treat 61372445Sassar --convert-file as just reading and writing the keyfile without 61472445Sassar asking for a new key 61572445Sassar 61672445Sassar * lib/hdb/mkey.c (read_master_encryptionkey): handle old keytype 61772445Sassar based files, and convert the key to cfb64 61872445Sassar 61972445Sassar * lib/hdb/mkey.c (hdb_read_master_key): set mkey to NULL before 62072445Sassar doing anything else 62172445Sassar 62272445Sassar * lib/krb5/send_to_kdc.c: use krb5_eai_to_heim_errno 62372445Sassar 62472445Sassar * lib/krb5/get_for_creds.c: use krb5_eai_to_heim_errno 62572445Sassar 62672445Sassar * lib/krb5/changepw.c: use krb5_eai_to_heim_errno 62772445Sassar 62872445Sassar * lib/krb5/addr_families.c: use krb5_eai_to_heim_errno 62972445Sassar 63072445Sassar * lib/krb5/eai_to_heim_errno.c: convert getaddrinfo error codes to 63172445Sassar something that can be passed to get_err_text 63272445Sassar 63372445Sassar2000-07-07 Assar Westerlund <assar@sics.se> 63472445Sassar 63572445Sassar * lib/hdb/hdb.c (hdb_next_enctype2key): make sure of skipping 63672445Sassar `*key' 63772445Sassar 63872445Sassar * kdc/kerberos4.c (get_des_key): rewrite some, be more careful 63972445Sassar 64072445Sassar2000-07-06 Assar Westerlund <assar@sics.se> 64172445Sassar 64272445Sassar * kdc/kerberos5.c (as_rep): be careful as to now overflowing when 64372445Sassar calculating the end of lifetime of a ticket. 64472445Sassar 64572445Sassar * lib/krb5/context.c (default_etypes): add ETYPE_ARCFOUR_HMAC_MD5 64672445Sassar 64772445Sassar * lib/hdb/db3.c: only use a cursor when needed, from Derrick J 64872445Sassar Brashear <shadow@dementia.org> 64972445Sassar 65072445Sassar * lib/krb5/crypto.c: introduce the `special' encryption methods 65172445Sassar that are not like all other encryption methods and implement 65272445Sassar arcfour-hmac-md5 65372445Sassar 65472445Sassar2000-07-05 Johan Danielsson <joda@pdc.kth.se> 65572445Sassar 65672445Sassar * kdc/mit_dump.c: set initial master key version number to 0 65772445Sassar instead of 1; if we lated bump the mkvno we don't risk using the 65872445Sassar wrong key to decrypt 65972445Sassar 66072445Sassar * kdc/hprop.c: only get master key if we're actually going to use 66172445Sassar it; enable reading of MIT krb5 dump files 66272445Sassar 66372445Sassar * kdc/mit_dump.c: read MIT krb5 dump files 66472445Sassar 66572445Sassar * lib/hdb/mkey.c (read_master_mit): fix this 66672445Sassar 66772445Sassar * kdc/kstash.c: make this work with the new mkey code 66872445Sassar 66972445Sassar * lib/hdb/Makefile.am: add mkey.c, and bump version number 67072445Sassar 67172445Sassar * lib/hdb/hdb.h: rewrite master key handling 67272445Sassar 67372445Sassar * lib/hdb/mkey.c: rewrite master key handling 67472445Sassar 67572445Sassar * lib/krb5/crypto.c: add some more pseudo crypto types 67672445Sassar 67772445Sassar * lib/krb5/krb5.h: change some funny etypes to use negative 67872445Sassar numbers, and add some more 67972445Sassar 68072445Sassar2000-07-04 Assar Westerlund <assar@sics.se> 68172445Sassar 68272445Sassar * lib/krb5/krbhst.c (get_krbhst): only try SRV lookup if there are 68372445Sassar none in the configuration file 68472445Sassar 68572445Sassar2000-07-02 Assar Westerlund <assar@sics.se> 68672445Sassar 68772445Sassar * lib/krb5/keytab_keyfile.c (akf_add_entry): remove unused 68872445Sassar variable 68972445Sassar 69072445Sassar * kpasswd/kpasswd-generator.c: new test program 69172445Sassar * kpasswd/Makefile.am: add kpasswd-generator 69272445Sassar 69372445Sassar * include/Makefile.am (CLEANFILES): add rc4.h 69472445Sassar 69572445Sassar * kuser/generate-requests.c: new test program 69672445Sassar * kuser/Makefile.am (noinst_PROGRAMS): add generate-requests 69772445Sassar 69872445Sassar2000-07-01 Assar Westerlund <assar@sics.se> 69972445Sassar 70072445Sassar * configure.in: add --enable-dce and related stuff 70172445Sassar * appl/Makefile.am (SUBDIRS): add $(APPL_dce) 70272445Sassar 70372445Sassar2000-06-29 Assar Westerlund <assar@sics.se> 70472445Sassar 70572445Sassar * kdc/kerberos4.c (get_des_key): fix thinkos/typos 70672445Sassar 70772445Sassar2000-06-29 Johan Danielsson <joda@pdc.kth.se> 70872445Sassar 70972445Sassar * admin/purge.c: use parse_time to parse age 71072445Sassar 71172445Sassar * lib/krb5/log.c (krb5_vlog_msg): use krb5_format_time 71272445Sassar 71372445Sassar * admin/list.c: add printing of timestamp and key data; some 71472445Sassar cleanup 71572445Sassar 71672445Sassar * lib/krb5/time.c (krb5_format_time): new function to format time 71772445Sassar 71872445Sassar * lib/krb5/context.c (init_context_from_config_file): init 71972445Sassar date_fmt, also do some cleanup 72072445Sassar 72172445Sassar * lib/krb5/krb5.h: add date_fmt to context 72272445Sassar 72372445Sassar2000-06-28 Johan Danielsson <joda@pdc.kth.se> 72472445Sassar 72572445Sassar * kdc/{kerberos4,kaserver,524}.c (get_des_key): change to return 72672445Sassar v4 or afs keys if possible 72772445Sassar 72872445Sassar2000-06-25 Johan Danielsson <joda@pdc.kth.se> 72972445Sassar 73072445Sassar * kdc/hprop.c (ka_convert): allow using null salt, and treat 0 73172445Sassar pw_expire as never (from Derrick Brashear) 73272445Sassar 73372445Sassar2000-06-24 Johan Danielsson <joda@pdc.kth.se> 73472445Sassar 73572445Sassar * kdc/connect.c (add_standard_ports): only listen to port 750 if 73672445Sassar serving v4 requests 73772445Sassar 73872445Sassar2000-06-22 Assar Westerlund <assar@sics.se> 73972445Sassar 74072445Sassar * lib/asn1/lex.l: fix includes, and lex stuff 74172445Sassar * lib/asn1/lex.h (error_message): update prototype 74272445Sassar (yylex): add 74372445Sassar * lib/asn1/gen_length.c (length_type): fail on malloc error 74472445Sassar * lib/asn1/gen_decode.c (decode_type): fail on malloc error 74572445Sassar 74672445Sassar2000-06-21 Assar Westerlund <assar@sics.se> 74772445Sassar 74872445Sassar * lib/krb5/get_for_creds.c: be more compatible with MIT code. 74972445Sassar From Daniel Kouril <kouril@ics.muni.cz> 75072445Sassar * lib/krb5/rd_cred.c: be more compatible with MIT code. From 75172445Sassar Daniel Kouril <kouril@ics.muni.cz> 75272445Sassar * kdc/kerberos5.c (get_pa_etype_info): do not set salttype if it's 75372445Sassar vanilla pw-salt, that keeps win2k happy. also do the malloc check 75472445Sassar correctly. From Daniel Kouril <kouril@ics.muni.cz> 75572445Sassar 75672445Sassar2000-06-21 Johan Danielsson <joda@pdc.kth.se> 75772445Sassar 75872445Sassar * kdc/hprop.c: add hdb keytabs 75972445Sassar 76072445Sassar2000-06-20 Johan Danielsson <joda@pdc.kth.se> 76172445Sassar 76272445Sassar * lib/krb5/principal.c: back out rev. 1.64 76372445Sassar 76472445Sassar2000-06-19 Johan Danielsson <joda@pdc.kth.se> 76572445Sassar 76672445Sassar * kdc/kerberos5.c: pa_* -> KRB5_PADATA_* 76772445Sassar 76872445Sassar * kdc/hpropd.c: add realm override flag 76972445Sassar 77072445Sassar * kdc/v4_dump.c: code for reading krb4 dump files 77172445Sassar 77272445Sassar * kdc/hprop.c: generalize source database handing, add support for 77372445Sassar non-standard local realms (from by Daniel Kouril 77472445Sassar <kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>), and 77572445Sassar support for using different ports (requested by the Czechs, but 77672445Sassar implemented differently) 77772445Sassar 77872445Sassar * lib/krb5/get_cred.c: pa_* -> KRB5_PADATA_* 77972445Sassar 78072445Sassar * lib/krb5/get_in_tkt.c: pa_* -> KRB5_PADATA_* 78172445Sassar 78272445Sassar * lib/krb5/krb5.h: use some definitions from asn1.h 78372445Sassar 78472445Sassar * lib/hdb/hdb.asn1: use new import syntax 78572445Sassar 78672445Sassar * lib/asn1/k5.asn1: use distinguished value integers 78772445Sassar 78872445Sassar * lib/asn1/gen_length.c: support for distinguished value integers 78972445Sassar 79072445Sassar * lib/asn1/gen_encode.c: support for distinguished value integers 79172445Sassar 79272445Sassar * lib/asn1/gen_decode.c: support for distinguished value integers 79372445Sassar 79472445Sassar * lib/asn1/gen.c: support for distinguished value integers 79572445Sassar 79672445Sassar * lib/asn1/lex.l: add support for more standards like import 79772445Sassar statements 79872445Sassar 79972445Sassar * lib/asn1/parse.y: add support for more standards like import 80072445Sassar statements, and distinguished value integers 80172445Sassar 80272445Sassar2000-06-11 Assar Westerlund <assar@sics.se> 80372445Sassar 80472445Sassar * lib/krb5/get_for_creds.c (add_addrs): ignore addresses of 80572445Sassar unknown type 80672445Sassar * lib/krb5/get_for_creds.c (add_addrs): zero memory before 80772445Sassar starting to copy memory 80872445Sassar 80972445Sassar2000-06-10 Assar Westerlund <assar@sics.se> 81072445Sassar 81172445Sassar * lib/krb5/test_get_addrs.c: test program for get_addrs 81272445Sassar * lib/krb5/get_addrs.c (find_all_addresses): remember to add in 81372445Sassar the size of ifr->ifr_name when using SA_LEN. noticed by Ken 81472445Sassar Raeburn <raeburn@MIT.EDU> 81572445Sassar 81672445Sassar2000-06-07 Assar Westerlund <assar@sics.se> 81772445Sassar 81872445Sassar * configure.in: add db3 detection stuff do not use streamsptys on 81972445Sassar HP-UX 11 82072445Sassar * lib/hdb/hdb.h (HDB): add dbc for db3 82172445Sassar * kdc/connect.c (add_standard_ports): also listen on krb524 aka 82272445Sassar 4444 82372445Sassar * etc/services.append (krb524): add 82472445Sassar * lib/hdb/db3.c: add berkeley db3 interface. contributed by 82572445Sassar Derrick J Brashear <shadow@dementia.org> 82672445Sassar * lib/hdb/hdb.h (struct HDB): add 82772445Sassar 82872445Sassar2000-06-07 Johan Danielsson <joda@pdc.kth.se> 82972445Sassar 83072445Sassar * kdc/524.c: if 524 is not enabled, just generate error reply and 83172445Sassar exit 83272445Sassar 83372445Sassar * kdc/kerberos4.c: if v4 is not enabled, just generate error reply 83472445Sassar and exit 83572445Sassar 83672445Sassar * kdc/connect.c: only listen to port 4444 if 524 is enabled 83772445Sassar 83872445Sassar * kdc/config.c: add options to enable/disable v4 and 524 requests 83972445Sassar 84072445Sassar2000-06-06 Johan Danielsson <joda@pdc.kth.se> 84172445Sassar 84272445Sassar * kdc/524.c: handle non-existant server principals (from Daniel 84372445Sassar Kouril) 84472445Sassar 84572445Sassar2000-06-03 Assar Westerlund <assar@sics.se> 84672445Sassar 84772445Sassar * admin/ktutil.c: print name when failing to open keytab 84872445Sassar 84972445Sassar * kuser/kinit.c: try also to fallback to v4 when no KDC is found 85072445Sassar 85172445Sassar2000-05-28 Assar Westerlund <assar@sics.se> 85272445Sassar 85372445Sassar * kuser/klist.c: continue even we have no v5 ccache. make showing 85472445Sassar your krb4 tickets the default (if build with krb4 support) 85572445Sassar * kuser/kinit.c: add a fallback that tries to get a v4 ticket if 85672445Sassar built with krb4 support and we got back a version error from the 85772445Sassar KDC 85872445Sassar 85972445Sassar2000-05-23 Johan Danielsson <joda@pdc.kth.se> 86072445Sassar 86172445Sassar * lib/krb5/keytab_keyfile.c: make this actually work 86272445Sassar 86372445Sassar2000-05-19 Assar Westerlund <assar@sics.se> 86472445Sassar 86572445Sassar * lib/krb5/store_emem.c (emem_store): make it write-compatible 86672445Sassar * lib/krb5/store_fd.c (fd_store): make it write-compatible 86772445Sassar * lib/krb5/store_mem.c (mem_store): make it write-compatible 86872445Sassar * lib/krb5/krb5.h (krb5_storage): make store write-compatible 86972445Sassar 87072445Sassar2000-05-18 Assar Westerlund <assar@sics.se> 87172445Sassar 87272445Sassar * configure.in: add stdio.h in dbopen test 87372445Sassar 87472445Sassar2000-05-16 Assar Westerlund <assar@assaris.sics.se> 87572445Sassar 87672445Sassar * Release 0.2t 87772445Sassar 87872445Sassar2000-05-16 Assar Westerlund <assar@sics.se> 87972445Sassar 88072445Sassar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:1:0 88172445Sassar * lib/krb5/fcache.c: fix second lseek 88272445Sassar * lib/krb5/principal.c (krb5_524_conv_principal): fix typo 88372445Sassar 88472445Sassar2000-05-15 Assar Westerlund <assar@sics.se> 88572445Sassar 88672445Sassar * Release 0.2s 88772445Sassar 88872445Sassar2000-05-15 Assar Westerlund <assar@sics.se> 88972445Sassar 89072445Sassar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:0:0 89172445Sassar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 4:2:1 89272445Sassar * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump to 2:0:0 89372445Sassar * lib/krb5/principal.c (krb5_524_conv_principal): comment-ize, and 89472445Sassar simplify string copying 89572445Sassar 89672445Sassar2000-05-12 Assar Westerlund <assar@sics.se> 89772445Sassar 89872445Sassar * lib/krb5/fcache.c (scrub_file): new function 89972445Sassar (erase_file): re-write, use scrub_file 90072445Sassar * lib/krb5/krb5.h (KRB5_DEFAULT_CCFILE_ROOT): add 90172445Sassar 90272445Sassar * configure.in (dbopen): add header files 90372445Sassar 90472445Sassar * lib/krb5/krb5.h (krb5_key_usage): add some more 90572445Sassar * lib/krb5/fcache.c (erase_file): try to detect symlink games. 90672445Sassar also call revoke. 90772445Sassar * lib/krb5/changepw.c (krb5_change_password): remember to close 90872445Sassar the socket on error 90972445Sassar 91072445Sassar * kdc/main.c (main): also call sigterm on SIGTERM 91172445Sassar 91272445Sassar2000-05-06 Assar Westerlund <assar@sics.se> 91372445Sassar 91472445Sassar * lib/krb5/config_file.c (krb5_config_vget_string_default, 91572445Sassar krb5_config_get_string_default): add 91672445Sassar 91772445Sassar2000-04-25 Assar Westerlund <assar@sics.se> 91872445Sassar 91972445Sassar * lib/krb5/fcache.c (fcc_initialize): just forget about 92072445Sassar over-writing the old cred cache. it's too much of a hazzle trying 92172445Sassar to do this safely. 92272445Sassar 92372445Sassar2000-04-11 Assar Westerlund <assar@sics.se> 92472445Sassar 92572445Sassar * lib/krb5/crypto.c (krb5_get_wrapped_length): rewrite into 92672445Sassar different parts for the derived and non-derived cases 92772445Sassar * lib/krb5/crypto.c (krb5_get_wrapped_length): the padding should 92872445Sassar be done after having added confounder and checksum 92972445Sassar 93072445Sassar2000-04-09 Assar Westerlund <assar@sics.se> 93172445Sassar 93272445Sassar * lib/krb5/get_addrs.c (find_all_addresses): apperently solaris 93372445Sassar can return EINVAL when the buffer is too small. cope. 93472445Sassar * lib/asn1/Makefile.am (gen_files): add asn1_UNSIGNED.x 93572445Sassar * lib/asn1/gen_locl.h (filename): add prototype 93672445Sassar (init_generate): const-ize 93772445Sassar * lib/asn1/gen.c (filename): new function clean-up a little bit. 93872445Sassar * lib/asn1/parse.y: be more tolerant in ranges 93972445Sassar * lib/asn1/lex.l: count lines correctly. 94072445Sassar (error_message): print filename in messages 94172445Sassar 94272445Sassar2000-04-08 Assar Westerlund <assar@sics.se> 94372445Sassar 94472445Sassar * lib/krb5/rd_safe.c (krb5_rd_safe): increment sequence number 94572445Sassar after comparing 94672445Sassar * lib/krb5/rd_priv.c (krb5_rd_priv): increment sequence number 94772445Sassar after comparing 94872445Sassar * lib/krb5/mk_safe.c (krb5_mk_safe): make `tmp_seq' unsigned 94972445Sassar * lib/krb5/mk_priv.c (krb5_mk_priv): make `tmp_seq' unsigned 95072445Sassar * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): make 95172445Sassar `seqno' be unsigned 95272445Sassar * lib/krb5/mk_safe.c (krb5_mk_safe): increment local sequence 95372445Sassar number after the fact and only increment it if we were successful 95472445Sassar * lib/krb5/mk_priv.c (krb5_mk_priv): increment local sequence 95572445Sassar number after the fact and only increment it if we were successful 95672445Sassar * lib/krb5/krb5.h (krb5_auth_context_data): make sequence number 95772445Sassar unsigned 95872445Sassar 95972445Sassar * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): 96072445Sassar `in_tkt_service' can be NULL 96172445Sassar 96272445Sassar2000-04-06 Assar Westerlund <assar@sics.se> 96372445Sassar 96472445Sassar * lib/asn1/parse.y: regonize INTEGER (0..UNIT_MAX). 96572445Sassar (DOTDOT): add 96672445Sassar * lib/asn1/lex.l (DOTDOT): add 96772445Sassar * lib/asn1/k5.asn1 (UNSIGNED): add. use UNSIGNED for all sequence 96872445Sassar numbers. 96972445Sassar * lib/asn1/gen_length.c (length_type): add TUInteger 97072445Sassar * lib/asn1/gen_free.c (free_type): add TUInteger 97172445Sassar * lib/asn1/gen_encode.c (encode_type, generate_type_encode): add 97272445Sassar TUInteger 97372445Sassar * lib/asn1/gen_decode.c (decode_type, generate_type_decode): add 97472445Sassar TUInteger 97572445Sassar * lib/asn1/gen_copy.c (copy_type): add TUInteger 97672445Sassar * lib/asn1/gen.c (define_asn1): add TUInteger 97772445Sassar * lib/asn1/der_put.c (encode_unsigned): add 97872445Sassar * lib/asn1/der_length.c (length_unsigned): add 97972445Sassar * lib/asn1/der_get.c (decode_unsigned): add 98072445Sassar * lib/asn1/der.h (decode_unsigned, encode_unsigned, 98172445Sassar length_unsigned): add prototypes 98272445Sassar 98372445Sassar * lib/asn1/k5.asn1: update pre-authentication types 98472445Sassar * lib/krb5/krb5_err.et: add some error codes from pkinit 98572445Sassar 98672445Sassar2000-04-05 Assar Westerlund <assar@sics.se> 98772445Sassar 98872445Sassar * lib/hdb/hdb.c: add support for hdb methods (aka back-ends). 98972445Sassar include ldap. 99072445Sassar * lib/hdb/hdb-ldap.c: tweak the ifdef to OPENLDAP 99172445Sassar * lib/hdb/Makefile.am: add hdb-ldap.c and openldap 99272445Sassar * kdc/Makefile.am, kpasswd/Makefile.am, kadmin/Makefile.am: add 99372445Sassar * configure.in: bump version to 0.2s-pre add options and testing 99472445Sassar for (open)ldap 99572445Sassar 99672445Sassar2000-04-04 Assar Westerlund <assar@sics.se> 99772445Sassar 99872445Sassar * configure.in (krb4): fix the krb_mk_req test 99972445Sassar 100072445Sassar2000-04-03 Assar Westerlund <assar@sics.se> 100172445Sassar 100272445Sassar * configure.in (krb4): add test for const arguments to krb_mk_req 100372445Sassar * lib/45/mk_req.c (krb_mk_req): conditionalize const-ness of 100472445Sassar arguments 100572445Sassar 100672445Sassar2000-04-03 Assar Westerlund <assar@sics.se> 100772445Sassar 100872445Sassar * Release 0.2r 100972445Sassar 101072445Sassar2000-04-03 Assar Westerlund <assar@sics.se> 101172445Sassar 101272445Sassar * lib/krb5/Makefile.am: set version to 10:0:0 101372445Sassar * lib/45/mk_req.c (krb_mk_req): const-ize the arguments 101472445Sassar 101572445Sassar2000-03-30 Assar Westerlund <assar@sics.se> 101672445Sassar 101772445Sassar * lib/krb5/principal.c (krb5_425_conv_principal_ext): add some 101872445Sassar comments. add fall-back on adding the realm name in lower case. 101972445Sassar 102072445Sassar2000-03-29 Assar Westerlund <assar@sics.se> 102172445Sassar 102272445Sassar * kdc/connect.c: remember to repoint all descr->sa to _ss after 102372445Sassar realloc as this might have moved the memory around. problem 102472445Sassar discovered and diagnosed by Brandon S. Allbery 102572445Sassar 102672445Sassar2000-03-27 Assar Westerlund <assar@sics.se> 102772445Sassar 102872445Sassar * configure.in: recognize solaris 2.8 102972445Sassar * config.guess, config.sub: update to current version from 103072445Sassar :pserver:anoncvs@subversions.gnu.org:/home/cvs 103172445Sassar 103272445Sassar * lib/krb5/init_creds_pw.c (print_expire): do not assume anything 103372445Sassar about the size of time_t, i.e. make it 64-bit happy 103472445Sassar 103572445Sassar2000-03-13 Assar Westerlund <assar@sics.se> 103672445Sassar 103772445Sassar * kuser/klist.c: add support for display v4 tickets 103872445Sassar 103972445Sassar2000-03-11 Assar Westerlund <assar@sics.se> 104072445Sassar 104172445Sassar * kdc/kaserver.c (do_authenticate, do_getticket): call check_flags 104272445Sassar * kdc/kerberos4.c (do_version4): call check_flags. 104372445Sassar * kdc/kerberos5.c (check_flags): make global 104472445Sassar 104572445Sassar2000-03-10 Assar Westerlund <assar@sics.se> 104672445Sassar 104772445Sassar * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): evil 104872445Sassar hack to avoid recursion 104972445Sassar 105072445Sassar2000-03-04 Assar Westerlund <assar@sics.se> 105172445Sassar 105272445Sassar * kuser/kinit.c: add `krb4_get_tickets' per realm. add --anonymous 105372445Sassar * lib/krb5/krb5.h (krb5_get_init_creds_opt): add `anonymous' and 105472445Sassar KRB5_GET_INIT_CREDS_OPT_ANONYMOUS 105572445Sassar * lib/krb5/init_creds_pw.c (get_init_creds_common): set 105672445Sassar request_anonymous flag appropriatly 105772445Sassar * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_anonymous): 105872445Sassar add 105972445Sassar 106072445Sassar * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): new parameter to 106172445Sassar determine whetever to ignore client name of not. always copy 106272445Sassar client name from kdc. fix callers. 106372445Sassar 106472445Sassar * kdc: add support for anonymous tickets 106572445Sassar 106672445Sassar * kdc/string2key.8: add man-page for string2key 106772445Sassar 106872445Sassar2000-03-03 Assar Westerlund <assar@sics.se> 106972445Sassar 107072445Sassar * kdc/hpropd.c (dump_krb4): get expiration date from `valid_end' 107172445Sassar and not `pw_end' 107272445Sassar 107372445Sassar * kdc/kadb.h (ka_entry): fix name pw_end -> valid_end. add some 107472445Sassar more fields 107572445Sassar 107672445Sassar * kdc/hprop.c (v4_prop): set the `valid_end' from the v4 107772445Sassar expiration date instead of the `pw_expire' 107872445Sassar (ka_convert): set `valid_end' from ka expiration data and `pw_expire' 107972445Sassar from pw_change + pw_expire 108072445Sassar (main): add a default database for ka dumping 108172445Sassar 108272445Sassar2000-02-28 Assar Westerlund <assar@sics.se> 108372445Sassar 108472445Sassar * lib/krb5/context.c (init_context_from_config_file): change 108572445Sassar rfc2052 default to no. 2782 says that underscore should be used. 108672445Sassar 108772445Sassar2000-02-24 Assar Westerlund <assar@sics.se> 108872445Sassar 108972445Sassar * lib/krb5/fcache.c (fcc_initialize, fcc_store_cred): verify that 109072445Sassar stores and close succeed 109172445Sassar * lib/krb5/store.c (krb5_store_creds): check to see that the 109272445Sassar stores are succesful. 109372445Sassar 109472445Sassar2000-02-23 Assar Westerlund <assar@sics.se> 109572445Sassar 109672445Sassar * Release 0.2q 109772445Sassar 109872445Sassar2000-02-22 Assar Westerlund <assar@sics.se> 109972445Sassar 110072445Sassar * lib/krb5/Makefile.am: set version to 9:2:0 110172445Sassar 110272445Sassar * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): copy 110372445Sassar the correct hostname 110472445Sassar 110572445Sassar * kdc/connect.c (add_new_tcp): use the correct entries in the 110672445Sassar descriptor table 110772445Sassar * kdc/connect.c: initialize `descr' uniformly and correctly 110872445Sassar 110972445Sassar2000-02-20 Assar Westerlund <assar@sics.se> 111072445Sassar 111172445Sassar * Release 0.2p 111272445Sassar 111372445Sassar2000-02-19 Assar Westerlund <assar@sics.se> 111472445Sassar 111572445Sassar * lib/krb5/Makefile.am: set version to 9:1:0 111672445Sassar 111772445Sassar * lib/krb5/expand_hostname.c (krb5_expand_hostname): make sure 111872445Sassar that realms is filled in even when getaddrinfo fails or does not 111972445Sassar return any canonical name 112072445Sassar 112172445Sassar * kdc/connect.c (descr): add sockaddr and string representation 112272445Sassar (*): re-write to use the above mentioned 112372445Sassar 112472445Sassar2000-02-16 Assar Westerlund <assar@sics.se> 112572445Sassar 112672445Sassar * lib/krb5/addr_families.c (krb5_parse_address): use 112772445Sassar krb5_sockaddr2address to copy the result from getaddrinfo. 112872445Sassar 112972445Sassar2000-02-14 Assar Westerlund <assar@sics.se> 113072445Sassar 113172445Sassar * Release 0.2o 113272445Sassar 113372445Sassar2000-02-13 Assar Westerlund <assar@sics.se> 113472445Sassar 113572445Sassar * lib/krb5/Makefile.am: set version to 9:0:0 113672445Sassar 113772445Sassar * kdc/kaserver.c (do_authenticate): return the kvno of the server 113872445Sassar and not the client. Thanks to Brandon S. Allbery KF8NH 113972445Sassar <allbery@kf8nh.apk.net> and Chaskiel M Grundman 114072445Sassar <cg2v@andrew.cmu.edu> for debugging. 114172445Sassar 114272445Sassar * kdc/kerberos4.c (do_version4): if an tgs-req is received with an 114372445Sassar old kvno, return an error reply and write a message in the log. 114472445Sassar 114572445Sassar2000-02-12 Assar Westerlund <assar@sics.se> 114672445Sassar 114772445Sassar * appl/test/gssapi_server.c (proto): with `--fork', create a child 114872445Sassar and send over/receive creds with export/import_sec_context 114972445Sassar * appl/test/gssapi_client.c (proto): with `--fork', create a child 115072445Sassar and send over/receive creds with export/import_sec_context 115172445Sassar * appl/test/common.c: add `--fork' / `-f' (only used by gssapi) 115272445Sassar 115372445Sassar2000-02-11 Assar Westerlund <assar@sics.se> 115472445Sassar 115572445Sassar * kdc/kdc_locl.h: remove keyfile add explicit_addresses 115672445Sassar * kdc/connect.c (init_sockets): pay attention to 115772445Sassar explicit_addresses some more comments. better error messages. 115872445Sassar * kdc/config.c: add some comments. 115972445Sassar remove --key-file. 116072445Sassar add --addresses. 116172445Sassar 116272445Sassar * lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use 116372445Sassar proper abstraction 116472445Sassar 116572445Sassar2000-02-07 Johan Danielsson <joda@pdc.kth.se> 116672445Sassar 116772445Sassar * lib/krb5/changepw.c: use roken_getaddrinfo_hostspec 116872445Sassar 116972445Sassar2000-02-07 Assar Westerlund <assar@sics.se> 117072445Sassar 117172445Sassar * Release 0.2n 117272445Sassar 117372445Sassar2000-02-07 Assar Westerlund <assar@sics.se> 117472445Sassar 117572445Sassar * lib/krb5/Makefile.am: set version to 8:0:0 117672445Sassar * lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy 117772445Sassar (krb5_kt_add_entry): set timestamp 117872445Sassar 117972445Sassar2000-02-06 Assar Westerlund <assar@sics.se> 118072445Sassar 118172445Sassar * lib/krb5/krb5.h: add macros for accessing krb5_realm 118272445Sassar * lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead 118372445Sassar of `int32_t' 118472445Sassar 118572445Sassar * lib/krb5/replay.c (checksum_authenticator): update to new API 118672445Sassar for md5 118772445Sassar 118872445Sassar * lib/krb5/krb5.h: remove des.h, it's not needed and applications 118972445Sassar should not have to make sure to find it. 119072445Sassar 119172445Sassar2000-02-03 Assar Westerlund <assar@sics.se> 119272445Sassar 119372445Sassar * lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to 119472445Sassar `out_key' to avoid conflicting with label. reported by Sean Doran 119572445Sassar <smd@ebone.net> 119672445Sassar 119772445Sassar2000-02-02 Assar Westerlund <assar@sics.se> 119872445Sassar 119972445Sassar * lib/krb5/expand_hostname.c: remember to lower-case host names. 120072445Sassar bug reported by <amu@mit.edu> 120172445Sassar 120272445Sassar * kdc/kerberos4.c (do_version4): look at check_ticket_addresses 120372445Sassar and emulate that by setting krb_ignore_ip_address (not a great 120472445Sassar interface but it doesn't seem like the time to go around fixing 120572445Sassar libkrb stuff now) 120672445Sassar 120772445Sassar2000-02-01 Johan Danielsson <joda@pdc.kth.se> 120872445Sassar 120972445Sassar * kuser/kinit.c: change --noaddresses into --no-addresses 121072445Sassar 121172445Sassar2000-01-28 Assar Westerlund <assar@sics.se> 121272445Sassar 121372445Sassar * kpasswd/kpasswd.c (main): make sure the ticket is not 121472445Sassar forwardable and not proxiable 121572445Sassar 121672445Sassar2000-01-26 Assar Westerlund <assar@sics.se> 121772445Sassar 121872445Sassar * lib/krb5/crypto.c: update to pseudo-standard APIs for 121972445Sassar md4,md5,sha. some changes to libdes calls to make them more 122072445Sassar portable. 122172445Sassar 122272445Sassar2000-01-21 Assar Westerlund <assar@sics.se> 122372445Sassar 122472445Sassar * lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to 122572445Sassar clean up the correct creds. 122672445Sassar 122772445Sassar2000-01-16 Assar Westerlund <assar@sics.se> 122872445Sassar 122972445Sassar * lib/krb5/principal.c (append_component): change parameter to 123072445Sassar `const char *'. check malloc 123172445Sassar * lib/krb5/principal.c (append_component, va_ext_princ, va_princ): 123272445Sassar const-ize 123372445Sassar * lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname' 123472445Sassar const 123572445Sassar * lib/krb5/principal.c (replace_chars): also add space here 123672445Sassar * lib/krb5/principal.c: (quotable_chars): add space 123772445Sassar 123872445Sassar2000-01-12 Assar Westerlund <assar@sics.se> 123972445Sassar 124072445Sassar * kdc/kerberos4.c (do_version4): check if preauth was required and 124172445Sassar bail-out if so since there's no way that could be done in v4. 124272445Sassar Return NULL_KEY as an error to the client (which is non-obvious, 124372445Sassar but what can you do?) 124472445Sassar 124572445Sassar2000-01-09 Assar Westerlund <assar@sics.se> 124672445Sassar 124772445Sassar * lib/krb5/principal.c (krb5_sname_to_principal): use 124872445Sassar krb5_expand_hostname_realms 124972445Sassar * lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms 125072445Sassar * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new 125172445Sassar variant of krb5_expand_hostname that tries until it expands into 125272445Sassar something that's digestable by krb5_get_host_realm, returning also 125372445Sassar the result from that function. 125472445Sassar 125572445Sassar2000-01-08 Assar Westerlund <assar@sics.se> 125672445Sassar 125772445Sassar * Release 0.2m 125872445Sassar 125972445Sassar2000-01-08 Assar Westerlund <assar@sics.se> 126072445Sassar 126172445Sassar * configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN 126272445Sassar 126372445Sassar * lib/krb5/Makefile.am: bump version to 7:1:0 126472445Sassar 126572445Sassar * lib/krb5/principal.c (krb5_sname_to_principal): use 126672445Sassar krb5_expand_hostname 126772445Sassar * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle 126872445Sassar ai_canonname being set in any of the addresses returnedby 126972445Sassar getaddrinfo. glibc apparently returns the reverse lookup of every 127072445Sassar address in ai_canonname. 127172445Sassar 127272445Sassar2000-01-06 Assar Westerlund <assar@sics.se> 127372445Sassar 127472445Sassar * Release 0.2l 127572445Sassar 127672445Sassar2000-01-06 Assar Westerlund <assar@sics.se> 127772445Sassar 127872445Sassar * lib/krb5/Makefile.am: set version to 7:0:0 127972445Sassar * lib/krb5/principal.c (krb5_sname_to_principal): remove `hp' 128072445Sassar 128172445Sassar * lib/hdb/Makefile.am: set version to 4:1:1 128272445Sassar 128372445Sassar * kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms' 128472445Sassar * lib/krb5/get_in_tkt.c (add_padata): change types to make 128572445Sassar everything work out 128672445Sassar (krb5_get_in_cred): remove const to make types match 128772445Sassar * lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature 128872445Sassar * lib/krb5/principal.c (krb5_sname_to_principal): handle not 128972445Sassar getting back a canonname 129072445Sassar 129172445Sassar2000-01-06 Assar Westerlund <assar@sics.se> 129272445Sassar 129372445Sassar * Release 0.2k 129472445Sassar 129572445Sassar2000-01-06 Assar Westerlund <assar@sics.se> 129672445Sassar 129772445Sassar * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that 129872445Sassar we actually parse the port number. based on a patch from Leif 129972445Sassar Johansson <leifj@it.su.se> 130072445Sassar 130172445Sassar2000-01-02 Assar Westerlund <assar@sics.se> 130272445Sassar 130372445Sassar * admin/purge.c: remove all non-current and old entries from a 130472445Sassar keytab 130572445Sassar 130672445Sassar * admin: break up ktutil.c into files 130772445Sassar 130872445Sassar * admin/ktutil.c (list): support --verbose (also listning time 130972445Sassar stamps) 131072445Sassar (kt_add, kt_get): set timestamp in newly created entries 131172445Sassar (kt_change): add `change' command 131272445Sassar 131372445Sassar * admin/srvconvert.c (srvconv): set timestamp in newly created 131472445Sassar entries 131572445Sassar * lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp, 131672445Sassar always go the a predicatble position on error 131772445Sassar * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp 131872445Sassar * lib/krb5/keytab_file.c (fkt_add_entry): store timestamp 131972445Sassar (fkt_next_entry_int): return timestamp 132072445Sassar * lib/krb5/krb5.h (krb5_keytab_entry): add timestamp 1321