xref: /freebsd-11.0-release/crypto/heimdal/ChangeLog

2003-05-08  Johan Danielsson  <joda@ratatosk.pdc.kth.se>

	* Release 0.6

2003-05-08  Love H�rnquist �strand  <lha@it.su.se>

	* kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
	support

	* kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
	v4 support

	* kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
	support

2003-05-06  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/name-45-test.c: need to use empty krb5.conf for some
	tests

	* lib/asn1/check-gen.c: there is no \e escape sequence; replace
	everything with hex-codes, and cast to unsigned char* to make some
	compilers happy

2003-05-06  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
	argument to krb5_us_timeofday have correct type
	
2003-05-05  Assar Westerlund  <assar@kth.se>

	* include/make_crypto.c (main): include aes.h if ENABLE_AES

2003-05-05  Love H�rnquist �strand  <lha@it.su.se>

	* NEWS: 1.108->1.110: fix text about gssapi compat
	
2003-04-28  Love H�rnquist �strand  <lha@it.su.se>

	* kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
	from openbsd

2003-04-24  Love H�rnquist �strand  <lha@it.su.se>

	* doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
	<jmc@prioris.mini.pw.edu.pl>

2003-04-22  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
	via openbsd

2003-04-17  Love H�rnquist �strand  <lha@it.su.se>

	* lib/asn1/der_copy.c (copy_general_string): use strdup
	* lib/asn1/der_put.c: remove sprintf
	* lib/asn1/gen.c: remove strcpy/sprintf
	
	* lib/krb5/name-45-test.c: use a more unique name then ratatosk so
	that other (me) have such hosts in the local domain and the tests
	fails, to take hokkigai.pdc.kth.se instead
	
	* lib/krb5/test_alname.c: add --version and --help
	
2003-04-16  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/krb5_warn.3: add krb5_get_err_text
	
	* lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
	* lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
	strlcpy, from openbsd
	* kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
	* appl/kf/kfd.c: use strlcpy, from openbsd
	
2003-04-16  Johan Danielsson  <joda@pdc.kth.se>

	* configure.in: fix for large file support in AIX, _LARGE_FILES
	needs to be defined on the command line, since lex likes to
	include stdio.h before we get to config.h

2003-04-16  Love H�rnquist �strand  <lha@it.su.se>
	
	* lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
	from Thomas Klausner <wiz@netbsd.org>
	
	* lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
	<wiz@netbsd.org>

2003-04-15  Love H�rnquist �strand  <lha@it.su.se>

	* kdc/kerberos5.c: fix some more memory leaks
	
2003-04-11  Love H�rnquist �strand  <lha@it.su.se>

	* appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
	
2003-04-08  Love H�rnquist �strand  <lha@it.su.se>

	* admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
	
2003-04-06  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/krb5.3: s/kerberos/Kerberos/
	* lib/krb5/krb5_data.3: s/kerberos/Kerberos/
	* lib/krb5/krb5_address.3: s/kerberos/Kerberos/
	* lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
	* lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
	* kuser/kinit.1: s/kerberos/Kerberos/
	* kdc/kdc.8: s/kerberos/Kerberos/
	
2003-04-01  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/test_alname.c: more krb5_aname_to_localname tests
	
	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
	converting too root, make sure user is ok according to
	krb5_kuserok before allowing it.

	* lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
	
	* lib/krb5/test_alname.c: add test for krb5_aname_to_localname
	
	* lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
	instead of the "illegal" salt #~, same change as kth-krb did
	1999. Problems occur with crypt() that behaves like AT&T crypt
	(openssl does this). Pointed out by Marcus Watts.

	* admin/change.c (kt_change): collect all principals we are going
	to change, and pick the highest kvno and use that to guess what
	kvno the resulting kvno is going to be. Now two ktutil change in a
	row works. XXX fix the protocol to pass the kvno back.
	
2003-03-31  Love H�rnquist �strand  <lha@it.su.se>

	* appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
	
2003-03-30  Love H�rnquist �strand  <lha@it.su.se>

	* doc/setup.texi: add description on how to turn on v4, 524 and
	kaserver support

2003-03-29  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
	and afs-use-524

2003-03-28  Love H�rnquist �strand  <lha@it.su.se>

	* kdc/kerberos5.c (as_rep): when the second enctype_to_string
	failes, remember to free memory from the first enctype_to_string

	* lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
	from Harald Joerg <harald.joerg@fujitsu-siemens.com>
	(enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc

	* lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
	length when key is longer then expected length, its probably
	longer since the encrypted data was padded, reported by Aidan
	Cully <aidan@kublai.com>

	* lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
	encyption type, inspired by Aidan Cully <aidan@kublai.com>
	
2003-03-27  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
	(wildcard kvno) after principal when the keytab entry isn't found,
	reported by Chris Chiappa <chris@chiappa.net>
	
2003-03-26  Love H�rnquist �strand  <lha@it.su.se>

	* doc/misc.texi: update 2b example to match reality (from
	mattiasa@e.kth.se)

	* doc/misc.texi: spelling and add `Configuring AFS clients'
	subsection

2003-03-25  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/krb5.3: add krb5_free_data_contents.3
	
	* lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
	API

	* lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
	with MIT API
	
	* lib/krb5/krb5_verify_user.3: write more about how the ccache
	argument should be inited when used
	
2003-03-25  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/addr_families.c (krb5_print_address): make sure
	print_addr is defined for the given address type; make addrports
	printable

	* kdc/string2key.c: print the used enctype for kerberos 5 keys

2003-03-25  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/aes-test.c: add another arcfour test
	
2003-03-22  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
	
2003-03-20  Love H�rnquist �strand  <lha@it.su.se>
	
	* lib/krb5/krb5_ccache.3: update .Dd

	* lib/krb5/krb5.3: sort in krb5_data functions

	* lib/krb5/Makefile.am (man_MANS): += krb5_data.3

	* lib/krb5/krb5_data.3: document krb5_data

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
	prompter is NULL, don't try to ask for a password to
	change. reported by Iain Moffat @ ufl.edu via Howard Chu
	<hyc@highlandsun.com>

2003-03-19  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/krb5_keytab.3: spelling, from
	<jmc@prioris.mini.pw.edu.pl>

	* lib/krb5/krb5.conf.5: . means new line
	
	* lib/krb5/krb5.conf.5: spelling, from
	<jmc@prioris.mini.pw.edu.pl>

	* lib/krb5/krb5_auth_context.3: spelling, from
	<jmc@prioris.mini.pw.edu.pl>

2003-03-18  Love H�rnquist �strand  <lha@it.su.se>

	* kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
	
	* lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
	
	* lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time

	* kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
	#ifdef KRB4 from enable_v4_cross_realm since 524 needs it
	
	* kdc/config.c: 524 is independent of kerberos 4, so move out
	enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
	
2003-03-17  Assar Westerlund  <assar@kth.se>

	* kdc/kdc.8: document --kerberos4-cross-realm
	* kdc/kerberos4.c: pay attention to enable_v4_cross_realm
	* kdc/kdc_locl.h (enable_v4_cross_realm): add
	* kdc/524.c (encode_524_response): check the enable_v4_cross_realm
	flag before giving out v4 tickets for foreign v5 principals
	* kdc/config.c: add --enable-kerberos4-cross-realm option (default
	to off)

2003-03-17  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
	
	* lib/krb5/krb5_aname_to_localname.3: manpage for
	krb5_aname_to_localname

	* lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
	
2003-03-16  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3

	* lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3

	* lib/krb5/krb5_set_default_realm.3: Manpage for
	krb5_free_host_realm, krb5_get_default_realm,
	krb5_get_default_realms, krb5_get_host_realm, and
	krb5_set_default_realm.

	* admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
	<sobrado@acm.org> via NetBSD

	* lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
	
	* lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
	
	* lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
	
	* lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
	types, add krb5_fcc_ops and krb5_mcc_ops
	
	* lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
	a id

2003-03-15  Love H�rnquist �strand  <lha@it.su.se>

	* doc/intro.texi: add reference to source code, binaries and the
	manual

	* lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
	
2003-03-14  Love H�rnquist �strand  <lha@it.su.se>

	* kdc/kdc.8: better/difrent english

	* kdc/kdc.8: . -> .\n, copyright/license
	
	* kdc/kdc.8: changed configuration file -> restart kdc

	* kdc/kerberos4.c: add krb4 into the most error messages written
	to the logfile

	* lib/krb5/krb5_ccache.3: add missing name of argument
	(krb5_context) to most functions

2003-03-13  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
	function and return FALSE when there isn't a local account for
	`luser'.

	* lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
	describing the function

2003-03-12  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
	returned memory, don't return ENOMEM

2003-03-11  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/krb5.3: add krb5_address stuff and sort
	
	* lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
	
	* lib/krb5/Makefile.am (man_MANS): += krb5_address.3
	
	* lib/krb5/krb5_address.3: document types krb5_address and
	krb5_addresses and their helper functions

2003-03-10  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3

	* lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se

	* lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3

	* lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
	
	* lib/krb5/krb5.3: add more functions
	
	* lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
	functions

	* lib/krb5/krb5_kuserok.3: document krb5_kuserok
	
	* lib/krb5/krb5_verify_user.3: document
	krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior

	* lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
	krb5_verify_user_opt

	* lib/krb5/*.[0-9]: add copyright/licenses on more manpages

	* kuser/kdestroy.c (main): handle that krb5_cc_default_name can
	return NULL

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
	(TESTS): add test_cc

	* lib/krb5/test_cc.c: test some
	krb5_cc_default_name/krb5_cc_set_default_name combinations
	
	* lib/krb5/context.c (init_context_from_config_file): set
	default_cc_name to NULL
	(krb5_free_context): free default_cc_name if set

	* lib/krb5/cache.c (krb5_cc_set_default_name): new function
	(krb5_cc_default_name): use krb5_cc_set_default_name

	* lib/krb5/krb5.h (krb5_context_data): add default_cc_name
	
2003-02-25  Love H�rnquist �strand  <lha@it.su.se>

	* appl/kf/kf.1: s/securly/securely/ from NetBSD
	
2003-02-18  Love H�rnquist �strand  <lha@it.su.se>

	* kdc/connect.c: s/intialize/initialize, from
	<jmc@prioris.mini.pw.edu.pl>

2003-02-17  Love H�rnquist �strand  <lha@it.su.se>

	* configure.in: add AM_MAINTAINER_MODE
	
2003-02-16  Love H�rnquist �strand  <lha@it.su.se>

	* **/*.[0-9]: add copyright/licenses on all manpages

2003-14-16  Jacques Vidrine  <nectar@kth.se>

	* lib/krb5/get_in_tkt.c (init_as_req): Send only a single
	PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
	type specified by the KDC.

2003-02-15  Love H�rnquist �strand  <lha@it.su.se>

	* fix-export: some autoconf put their version number in
	autom4te.cache, so remove autom4te*.cache
	
	* fix-export: make sure $1 is a directory
	
2003-02-04  Love H�rnquist �strand  <lha@it.su.se>

	* kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>

	* kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
	
2003-01-31  Love H�rnquist �strand  <lha@it.su.se>

	* kdc/hpropd.8: s/databases/a database/ s/Not/not/

	* kdc/hprop.8: add missing .
	
2003-01-30  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
	address, write out encryption type in sentences, s/Host/host
	
2003-01-26  Love H�rnquist �strand  <lha@it.su.se>

	* lib/asn1/check-gen.c: add checks for Authenticator too
	
2003-01-25  Love H�rnquist �strand  <lha@it.su.se>

	* doc/setup.texi: in the hprop example, use hprop and the first
	component, not host

	* lib/krb5/get_addrs.c (find_all_addresses): address-less
	point-to-point might not have an address, just ignore
	those. Reported by Harald Barth.

2003-01-23  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/verify_krb5_conf.c (check_section): when key isn't
	found, don't print out all known keys

	* lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
	and facility start resp
	(check_log): find_value() returns -1 when key isn't found

	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
	'const void *' to avoid AES_KEY being exposed in krb5-private.h
	
	* lib/krb5/krb5.conf.5: add [kdc]use_2b

	* kdc/524.c (encode_524_response): its 2b not b2
	
	* doc/misc.texi: quote @ where missing
	
	* lib/asn1/Makefile.am: add check-gen
	
	* lib/asn1/check-gen.c: add Principal check
	
	* lib/asn1/check-common.h: move generic asn1/der functions from
	check-der.c to here

	* lib/asn1/check-common.c: move generic asn1/der functions from
	check-der.c to here

	* lib/asn1/check-der.c: move out the generic asn1/der functions to
	a common file

2003-01-22  Love H�rnquist �strand  <lha@it.su.se>

	* doc/misc.texi: more text about afs, how to get get your KeyFile,
	and how to start use 2b tokens

	* lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
	<jmc@cvs.openbsd.org>
	
2003-01-21  Jacques Vidrine  <nectar@kth.se>

	* kuser/kuser_locl.h: include crypto-headers.h for
	des_read_pw_string prototype

2003-01-16  Love H�rnquist �strand  <lha@it.su.se>

	* admin/ktutil.8: document -v, --verbose

	* admin/get.c (kt_get): make getarg usage consistent with other
	other parts of ktutil

	* admin/copy.c (kt_copy): remove adding verbose_flag to args
	struct, since it will overrun the args array (from Sumit Bose)
	
2003-01-15  Love H�rnquist �strand  <lha@it.su.se>

	* lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
	... }

	* lib/krb5/aes-test.c: test vectors in aes-draft
	
	* lib/krb5/Makefile.am: add aes-test.c

	* lib/krb5/crypto.c: Add support for AES
	(draft-raeburn-krb-rijndael-krb-02), not enabled by default.
	(HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
	to support checksumtype that are have a shorter wireformat then
	their output block size.
	
	* lib/krb5/crypto.c (struct encryption_type): split the blocksize
	into blocksize and padsize, padsize is the minimum padding
	size. they are the same for now
	(enctype_*): add padsize
	(encrypt_internal): use padsize
	(encrypt_internal_derived): use padsize
	(wrapped_length): use padsize
	(wrapped_length_dervied): use padsize

	* lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
	function for each enctype in preparation enctypes that uses
	`Encryption and Checksum Specifications for Kerberos 5' draft
	
	* lib/asn1/k5.asn1: add checksum and enctype for AES from
	draft-raeburn-krb-rijndael-krb-02.txt

	* lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
	KEYTYPE_AES256

2003-01-14  Love H�rnquist �strand  <lha@it.su.se>

	* lib/hdb/common.c (_hdb_fetch): handle error code from
	hdb_value2entry

	* kdc/Makefile.am: always include kerberos4.c and 524.c in
	kdc_SOURCES to support 524

	* kdc/524.c: always compile in support for 524
	
	* kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
	
	* kdc/config.c: always compile in support for 524
	
	* kdc/connect.c: always compile in support for 524
	
	* kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
	even when we build without kerberos 4, 524 needs them
	
	* lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
	Kerberos 4 help functions/structures so other parts of the source
	tree can use it (like the KDC)