ChangeLog revision 90926
190926Snectar2002-02-15 Johan Danielsson <joda@pdc.kth.se> 290926Snectar 390926Snectar * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file 490926Snectar before we need to write to it 590926Snectar (from �ke Sandgren) 690926Snectar 790926Snectar2002-02-14 Johan Danielsson <joda@pdc.kth.se> 890926Snectar 990926Snectar * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via 1090926Snectar rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES 1190926Snectar directly 1290926Snectar 1390926Snectar * lib/krb5/rd_safe.c: actually use the correct key (from Daniel 1490926Snectar Kouril) 1590926Snectar 1690926Snectar2002-02-12 Johan Danielsson <joda@pdc.kth.se> 1790926Snectar 1890926Snectar * lib/krb5/context.c (krb5_get_err_text): protect against NULL 1990926Snectar context 2090926Snectar 2190926Snectar2002-02-11 Johan Danielsson <joda@pdc.kth.se> 2290926Snectar 2390926Snectar * admin/ktutil.c: no need to use the "modify" keytab anymore 2490926Snectar 2590926Snectar * lib/krb5/keytab_any.c: implement add and remove 2690926Snectar 2790926Snectar * lib/krb5/keytab_krb4.c: implement add and remove 2890926Snectar 2990926Snectar * lib/krb5/store_emem.c (emem_free): clear memory before freeing 3090926Snectar (this should perhaps be selectable with a flag) 3190926Snectar 3290926Snectar2002-02-04 Johan Danielsson <joda@pdc.kth.se> 3390926Snectar 3490926Snectar * kdc/config.c (get_dbinfo): if there are database specifications 3590926Snectar in the config file, don't automatically try to use the default 3690926Snectar values (from Gombas Gabor) 3790926Snectar 3890926Snectar * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer 3990926Snectar (from Gombas Gabor) 4090926Snectar 4190926Snectar2002-01-30 Johan Danielsson <joda@pdc.kth.se> 4290926Snectar 4390926Snectar * admin/list.c: get the default keytab from krb5.conf, and list 4490926Snectar all parts of an ANY type keytab 4590926Snectar 4690926Snectar * lib/krb5/context.c: default default_keytab_modify to NULL 4790926Snectar 4890926Snectar * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify 4990926Snectar name is specified take it from the first component of the default 5090926Snectar keytab name 5190926Snectar 5290926Snectar2002-01-29 Johan Danielsson <joda@pdc.kth.se> 5390926Snectar 5490926Snectar * lib/krb5/keytab.c: compare keytab types case insensitively 5590926Snectar 5690926Snectar2002-01-07 Assar Westerlund <assar@sics.se> 5790926Snectar 5890926Snectar * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's 5990926Snectar not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org> 6090926Snectar * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben 6190926Snectar Harris <bjh21@netbsd.org> 6290926Snectar * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben 6390926Snectar Harris <bjh21@netbsd.org> 6490926Snectar * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris 6590926Snectar <bjh21@netbsd.org> 6690926Snectar 6790926Snectar2001-12-20 Johan Danielsson <joda@pdc.kth.se> 6890926Snectar 6990926Snectar * lib/krb5/crypto.c: use our own des string-to-key function, since 7090926Snectar the one from openssl sometimes generates wrong output 7190926Snectar 7290926Snectar2001-12-05 Jacques Vidrine <n@nectar.cc> 7390926Snectar 7490926Snectar * lib/hdb/mkey.c: fix a bug in which kstash would crash if 7590926Snectar there were no /etc/krb5.conf 7690926Snectar 7790926Snectar2001-10-29 Jacques Vidrine <n@nectar.com> 7890926Snectar 7990926Snectar * admin/get.c: fix a bug in which a reference to a data 8090926Snectar structure on the stack was being kept after the containing 8190926Snectar function's lifetime, resulting in a segfault during `ktutil 8290926Snectar get'. 8390926Snectar 8490926Snectar2001-10-22 Assar Westerlund <assar@sics.se> 8590926Snectar 8690926Snectar * lib/krb5/crypto.c: make all high-level encrypting and decrypting 8790926Snectar functions check the return value of the underlying function and 8890926Snectar handle errors more consistently. noted by Sam Hartman 8990926Snectar <hartmans@mit.edu> 9090926Snectar 9190926Snectar2001-10-21 Assar Westerlund <assar@sics.se> 9290926Snectar 9390926Snectar * lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a 9490926Snectar non-keyed checksum when it should be non-keyed 9590926Snectar 9690926Snectar2001-09-29 Assar Westerlund <assar@sics.se> 9790926Snectar 9890926Snectar * kuser/kinit.1: add the kauth alias 9990926Snectar * kuser/kinit.c: allow specification of afslog in krb5.conf, noted 10090926Snectar by jhutz@cs.cmu.edu 10190926Snectar 10290926Snectar2001-09-27 Assar Westerlund <assar@sics.se> 10390926Snectar 10490926Snectar * lib/asn1/gen.c: remove the need for libasn1.h, also make 10590926Snectar generated files include all files from IMPORTed modules 10690926Snectar 10790926Snectar * lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values 10890926Snectar * kpasswd/kpasswd.c: improve error message printing 10990926Snectar * lib/krb5/changepw.c (krb5_passwd_result_to_string): add change 11090926Snectar to use sequence numbers connect the udp socket so that we can 11190926Snectar figure out the local address 11290926Snectar 11390926Snectar2001-09-25 Assar Westerlund <assar@sics.se> 11490926Snectar 11590926Snectar * lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED 11690926Snectar 11790926Snectar2001-09-20 Johan Danielsson <joda@pdc.kth.se> 11890926Snectar 11990926Snectar * lib/krb5/principal.c (krb5_425_conv_principal_ext): try using 12090926Snectar lower case realm as domain, but only when given a verification 12190926Snectar function 12290926Snectar 12390926Snectar2001-09-20 Assar Westerlund <assar@sics.se> 12490926Snectar 12590926Snectar * lib/asn1/der_put.c (der_put_length): do not even try writing 12690926Snectar anything when len == 0 12790926Snectar 12890926Snectar2001-09-18 Johan Danielsson <joda@pdc.kth.se> 12990926Snectar 13090926Snectar * kdc/hpropd.c: add realm override option 13190926Snectar 13290926Snectar * lib/krb5/set_default_realm.c (krb5_set_default_realm): make 13390926Snectar realm parameter const 13490926Snectar 13590926Snectar * kdc/hprop.c: more free's 13690926Snectar 13790926Snectar * lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key 13890926Snectar proc data 13990926Snectar 14090926Snectar * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free 14190926Snectar addrinfo 14290926Snectar 14390926Snectar * lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when 14490926Snectar not returning error 14590926Snectar 14690926Snectar2001-09-16 Assar Westerlund <assar@sics.se> 14790926Snectar 14890926Snectar * lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time): 14990926Snectar make realm const 15090926Snectar 15190926Snectar * lib/krb5/crypto.c: use des functions to avoid generating 15290926Snectar warnings with openssl's prototypes 15390926Snectar 15490926Snectar2001-09-05 Johan Danielsson <joda@pdc.kth.se> 15590926Snectar 15690926Snectar * configure.in: check for termcap.h 15790926Snectar 15890926Snectar * lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy 15990926Snectar 16090926Snectar2001-09-03 Assar Westerlund <assar@sics.se> 16190926Snectar 16290926Snectar * lib/krb5/addr_families.c (krb5_print_address): handle snprintf 16390926Snectar returning < 0. noticed by hin@stacken.kth.se 16490926Snectar 16590926Snectar2001-09-03 Assar Westerlund <assar@sics.se> 16690926Snectar 16790926Snectar * Release 0.4e 16890926Snectar 16990926Snectar2001-09-02 Johan Danielsson <joda@pdc.kth.se> 17090926Snectar 17190926Snectar * kuser/Makefile.am: install kauth as a symlink to kinit 17290926Snectar 17390926Snectar * kuser/kinit.c: get v4_tickets by default 17490926Snectar 17590926Snectar * lib/asn1/Makefile.am: fix for broken automake 17690926Snectar 17790926Snectar2001-08-31 Johan Danielsson <joda@pdc.kth.se> 17890926Snectar 17990926Snectar * lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke 18090926Snectar Howard 18190926Snectar 18290926Snectar * kuser/kinit.1: remove references to kauth 18390926Snectar 18490926Snectar * kuser/Makefile.am: kauth is no more 18590926Snectar 18690926Snectar * kuser/kinit.c: use appdefaults for everything. defaults are now 18790926Snectar as in kauth. 18890926Snectar 18990926Snectar * lib/krb5/appdefault.c: also check libdefaults, and realms/realm 19090926Snectar 19190926Snectar * lib/krb5/context.c (krb5_free_context): free more stuff 19290926Snectar 19390926Snectar2001-08-30 Johan Danielsson <joda@pdc.kth.se> 19490926Snectar 19590926Snectar * lib/krb5/verify_krb5_conf.c: do some checks of the values in the 19690926Snectar file 19790926Snectar 19890926Snectar * lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling 19990926Snectar 20090926Snectar * lib/krb5/context.c: don't init srv_try_txt, since it isn't used 20190926Snectar anymore 20290926Snectar 20390926Snectar2001-08-29 Jacques Vidrine <n@nectar.com> 20490926Snectar 20590926Snectar * configure.in: Check for already-installed com_err. 20690926Snectar 20790926Snectar2001-08-28 Assar Westerlund <assar@sics.se> 20890926Snectar 20990926Snectar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1 21090926Snectar 21190926Snectar2001-08-24 Assar Westerlund <assar@sics.se> 21290926Snectar 21390926Snectar * kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require 21490926Snectar no special treatment now 21590926Snectar 21690926Snectar * kuser/generate-requests.c: parse arguments in a useful way 21790926Snectar * kuser/kverify.c: add --help/--verify 21890926Snectar 21990926Snectar2001-08-22 Assar Westerlund <assar@sics.se> 22090926Snectar 22190926Snectar * configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4 22290926Snectar 22390926Snectar * configure.in: re-write the handling of crypto libraries. try to 22490926Snectar use the one of openssl's libcrypto or krb4's libdes that has all 22590926Snectar the required functionality (md4, md5, sha1, des, rc4). if there 22690926Snectar is no such library, the included lib/des is built. 22790926Snectar 22890926Snectar * kdc/headers.h: include libutil.h if it exists 22990926Snectar * kpasswd/kpasswd_locl.h: include libutil.h if it exists 23090926Snectar * kdc/kerberos4.c (get_des_key): check for null keys even if 23190926Snectar is_server 23290926Snectar 23390926Snectar2001-08-21 Assar Westerlund <assar@sics.se> 23490926Snectar 23590926Snectar * lib/asn1/asn1_print.c: print some size_t correctly 23690926Snectar * configure.in: remove extra space after -L check for libutil.h 23790926Snectar 23890926Snectar2001-08-17 Johan Danielsson <joda@pdc.kth.se> 23990926Snectar 24090926Snectar * kdc/kdc_locl.h: fix prototype for get_des_key 24190926Snectar 24290926Snectar * kdc/kaserver.c: fix call to get_des_key 24390926Snectar 24490926Snectar * kdc/524.c: fix call to get_des_key 24590926Snectar 24690926Snectar * kdc/kerberos4.c (get_des_key): if getting a key for a server, 24790926Snectar return any des-key not just keys that can be string-to-keyed by 24890926Snectar the client 24990926Snectar 25090926Snectar2001-08-10 Assar Westerlund <assar@sics.se> 25190926Snectar 25290926Snectar * Release 0.4d 25390926Snectar 25490926Snectar2001-08-10 Assar Westerlund <assar@sics.se> 25590926Snectar 25690926Snectar * configure.in: check for openpty 25790926Snectar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0 25890926Snectar 25990926Snectar2001-08-08 Assar Westerlund <assar@sics.se> 26090926Snectar 26190926Snectar * configure.in: just add -L (if required) from krb4 when testing 26290926Snectar for libdes/libcrypto 26390926Snectar 26490926Snectar2001-08-04 Assar Westerlund <assar@sics.se> 26590926Snectar 26690926Snectar * lib/krb5/Makefile.am (man_MANS): add some missing man pages 26790926Snectar * fix-export: fix the sed expression for finding the man pages 26890926Snectar 26990926Snectar2001-07-31 Assar Westerlund <assar@sics.se> 27090926Snectar 27190926Snectar * kpasswd/kpasswd-generator.c (main): implement --version and 27290926Snectar --help 27390926Snectar 27490926Snectar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to 27590926Snectar 18:1:1 27690926Snectar 27790926Snectar2001-07-27 Assar Westerlund <assar@sics.se> 27890926Snectar 27990926Snectar * lib/krb5/context.c (init_context_from_config_file): check 28090926Snectar parsing of addresses 28190926Snectar 28290926Snectar2001-07-26 Assar Westerlund <assar@sics.se> 28390926Snectar 28490926Snectar * lib/krb5/sock_principal.c (krb5_sock_to_principal): rename 28590926Snectar sa_len -> salen to avoid the macro that's defined on irix. noted 28690926Snectar by "Jacques A. Vidrine" <n@nectar.com> 28790926Snectar 28890926Snectar2001-07-24 Johan Danielsson <joda@pdc.kth.se> 28990926Snectar 29090926Snectar * lib/krb5/addr_families.c: add support for type 29190926Snectar KRB5_ADDRESS_ADDRPORT 29290926Snectar 29390926Snectar * lib/krb5/addr_families.c (krb5_address_order): complain about 29490926Snectar unsuppored address types 29590926Snectar 29690926Snectar2001-07-23 Johan Danielsson <joda@pdc.kth.se> 29790926Snectar 29890926Snectar * admin/get.c: don't open connection to server until we loop over 29990926Snectar the principals, at that time we know the realm of the (first) 30090926Snectar principal and we can default to that admin server 30190926Snectar 30290926Snectar * admin: add a rename command 30390926Snectar 30490926Snectar2001-07-19 Assar Westerlund <assar@sics.se> 30590926Snectar 30690926Snectar * kdc/hprop.c (usage): clarify a tiny bit 30790926Snectar 30890926Snectar2001-07-19 Assar Westerlund <assar@sics.se> 30990926Snectar 31090926Snectar * Release 0.4c 31190926Snectar 31290926Snectar2001-07-19 Assar Westerlund <assar@sics.se> 31390926Snectar 31490926Snectar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 31590926Snectar 18:0:1 31690926Snectar 31790926Snectar * lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave 31890926Snectar the same way as the MIT function 31990926Snectar 32090926Snectar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0 32190926Snectar * lib/krb5/sock_principal.c (krb5_sock_to_principal): use 32290926Snectar getnameinfo 32390926Snectar 32490926Snectar * lib/krb5/krbhst.c (srv_find_realm): handle port numbers 32590926Snectar consistenly in local byte order 32690926Snectar 32790926Snectar * lib/krb5/get_default_realm.c (krb5_get_default_realm): set an 32890926Snectar error string 32990926Snectar 33090926Snectar * kuser/kinit.c (renew_validate): invert condition correctly. get 33190926Snectar v4 tickets if we succeed renewing 33290926Snectar * lib/krb5/principal.c (krb5_principal_get_type): add 33390926Snectar (default_v4_name_convert): add "smtp" 33490926Snectar 33590926Snectar2001-07-13 Assar Westerlund <assar@sics.se> 33690926Snectar 33790926Snectar * configure.in: remove make-print-version from LIBOBJS, it's no 33890926Snectar longer in lib/roken but always built in lib/vers 33990926Snectar 34090926Snectar2001-07-12 Johan Danielsson <joda@pdc.kth.se> 34190926Snectar 34290926Snectar * lib/hdb/mkey.c: more set_error_string 34390926Snectar 34490926Snectar2001-07-12 Assar Westerlund <assar@sics.se> 34590926Snectar 34690926Snectar * lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library 34790926Snectar dependencies 34890926Snectar 34990926Snectar * lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library 35090926Snectar dependencies 35190926Snectar 35290926Snectar2001-07-11 Johan Danielsson <joda@pdc.kth.se> 35390926Snectar 35490926Snectar * kdc/hprop.c: remove v4 master key handling; remove old v4-db and 35590926Snectar ka-db flags; add defaults for v4_realm and afs_cell 35690926Snectar 35790926Snectar2001-07-09 Assar Westerlund <assar@sics.se> 35890926Snectar 35990926Snectar * lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname 36090926Snectar before calling krb5_sname_to_principal. from "Jacques A. Vidrine" 36190926Snectar <n@nectar.com> 36290926Snectar 36390926Snectar2001-07-08 Johan Danielsson <joda@pdc.kth.se> 36490926Snectar 36590926Snectar * lib/krb5/context.c: use krb5_copy_addresses instead of 36690926Snectar copy_HostAddresses 36790926Snectar 36890926Snectar2001-07-06 Assar Westerlund <assar@sics.se> 36990926Snectar 37090926Snectar * configure.in (LIB_des_a, LIB_des_so): add these so that they can 37190926Snectar be used by lib/auth/sia 37290926Snectar 37390926Snectar * kuser/kinit.c: re-do some of the v4 fallbacks: look at 37490926Snectar get-tokens flag do not print extra errors do not try to do 524 if 37590926Snectar we got tickets from a v4 server 37690926Snectar 37790926Snectar2001-07-03 Assar Westerlund <assar@sics.se> 37890926Snectar 37990926Snectar * lib/krb5/replay.c (krb5_get_server_rcache): cast argument to 38090926Snectar printf 38190926Snectar 38290926Snectar * lib/krb5/get_addrs.c (find_all_addresses): call free_addresses 38390926Snectar on ignore_addresses correctly 38490926Snectar * lib/krb5/init_creds.c 38590926Snectar (krb5_get_init_creds_opt_set_default_flags): change to take a 38690926Snectar const realm 38790926Snectar 38890926Snectar * lib/krb5/principal.c (krb5_425_conv_principal_ext): if the 38990926Snectar instance is the first component of the local hostname, the 39090926Snectar converted host should be the long hostname. from 39190926Snectar <shadow@dementia.org> 39290926Snectar 39390926Snectar2001-07-02 Johan Danielsson <joda@pdc.kth.se> 39490926Snectar 39590926Snectar * lib/krb5/Makefile.am: address.c is no more; add a couple of 39690926Snectar manpages 39790926Snectar 39890926Snectar * lib/krb5/krb5_timeofday.3: new manpage 39990926Snectar 40090926Snectar * lib/krb5/krb5_get_all_client_addrs.3: new manpage 40190926Snectar 40290926Snectar * lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as 40390926Snectar wildcard 40490926Snectar 40590926Snectar * lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as 40690926Snectar wildcard 40790926Snectar 40890926Snectar * lib/krb5/get_addrs.c: don't include client addresses that match 40990926Snectar ignore_addresses 41090926Snectar 41190926Snectar * lib/krb5/context.c: initialise ignore_addresses 41290926Snectar 41390926Snectar * lib/krb5/addr_families.c: add new `arange' fake address type, 41490926Snectar that matches more than one address; this required some internal 41590926Snectar changes to many functions, so all of address.c got moved here 41690926Snectar (wasn't much left there) 41790926Snectar 41890926Snectar * lib/krb5/krb5.h: add list of ignored addresses to context 41990926Snectar 42090926Snectar2001-07-03 Assar Westerlund <assar@sics.se> 42190926Snectar 42290926Snectar * Release 0.4b 42390926Snectar 42490926Snectar2001-07-03 Assar Westerlund <assar@sics.se> 42590926Snectar 42690926Snectar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0 42790926Snectar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0 42890926Snectar 42990926Snectar2001-07-03 Assar Westerlund <assar@sics.se> 43090926Snectar 43190926Snectar * Release 0.4a 43290926Snectar 43390926Snectar2001-07-02 Johan Danielsson <joda@pdc.kth.se> 43490926Snectar 43590926Snectar * kuser/kinit.c: make this compile without krb4 support 43690926Snectar 43790926Snectar * lib/krb5/write_message.c: remove priv parameter from 43890926Snectar write_safe_message; don't know why it was there in the first place 43990926Snectar 44090926Snectar * doc/install.texi: remove kaserver switches, it's always compiled 44190926Snectar in now 44290926Snectar 44390926Snectar * kdc/hprop.c: always include kadb support 44490926Snectar 44590926Snectar * kdc/kaserver.c: always include kaserver support 44690926Snectar 44790926Snectar2001-07-02 Assar Westerlund <assar@sics.se> 44890926Snectar 44990926Snectar * kpasswd/kpasswdd.c (doit): make failing to bind a socket a 45090926Snectar non-fatal error, and abort if no sockets were bound 45190926Snectar 45290926Snectar2001-07-01 Assar Westerlund <assar@sics.se> 45390926Snectar 45490926Snectar * lib/krb5/krbhst.c: remember the real port number when falling 45590926Snectar back from kpasswd -> kadmin, and krb524 -> kdc 45690926Snectar 45790926Snectar2001-06-29 Assar Westerlund <assar@sics.se> 45890926Snectar 45990926Snectar * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if 46090926Snectar no_addresses is set, do not add any local addresses to KRB_CRED 46190926Snectar 46290926Snectar * kuser/kinit.c: remove extra clearing of password and some 46390926Snectar redundant code 46490926Snectar 46590926Snectar2001-06-29 Johan Danielsson <joda@pdc.kth.se> 46690926Snectar 46790926Snectar * kuser/kinit.c: move ticket conversion code to separate function, 46890926Snectar and call that from a couple of places, like when renewing a 46990926Snectar ticket; also add a flag for just converting a ticket 47090926Snectar 47190926Snectar * lib/krb5/init_creds_pw.c: set renew-life to some sane value 47290926Snectar 47390926Snectar * kdc/524.c: don't send more data than required 47490926Snectar 47590926Snectar2001-06-24 Assar Westerlund <assar@sics.se> 47690926Snectar 47790926Snectar * lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns 47890926Snectar 47990926Snectar * lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY: 48090926Snectar (any_start_seq_get): remove a double free 48190926Snectar (any_next_entry): iterate over all (sub) keytabs and avoid leave data 48290926Snectar around to be freed again 48390926Snectar 48490926Snectar * kdc/kdc_locl.h: add a define for des_new_random_key when using 48590926Snectar openssl's libcrypto 48690926Snectar 48790926Snectar * configure.in: move v6 tests down 48890926Snectar 48990926Snectar * lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052 49090926Snectar 49190926Snectar * update to libtool 1.4 and autoconf 2.50 49290926Snectar 49390926Snectar2001-06-22 Johan Danielsson <joda@pdc.kth.se> 49490926Snectar 49590926Snectar * lib/hdb/hdb.c: use krb5_add_et_list 49690926Snectar 49790926Snectar2001-06-21 Johan Danielsson <joda@pdc.kth.se> 49890926Snectar 49990926Snectar * lib/hdb/Makefile.am: add generation number 50090926Snectar * lib/hdb/common.c: add generation number code 50190926Snectar * lib/hdb/hdb.asn1: add generation number 50290926Snectar * lib/hdb/print.c: use krb5_storage to make it more dynamic 50390926Snectar 50490926Snectar2001-06-21 Assar Westerlund <assar@sics.se> 50590926Snectar 50690926Snectar * lib/krb5/krb5.conf.5: update to changed names used by 50790926Snectar krb5_get_init_creds_opt_set_default_flags 50890926Snectar * lib/krb5/init_creds.c 50990926Snectar (krb5_get_init_creds_opt_set_default_flags): make the appdefault 51090926Snectar keywords have the same names 51190926Snectar 51290926Snectar * configure.in: only add -L and -R to the krb4 libdir if we are 51390926Snectar actually using it 51490926Snectar 51590926Snectar * lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing 51690926Snectar dot of hostname add some comments 51790926Snectar * lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when 51890926Snectar testing for kerberos.REALM. this allows reusing that information 51990926Snectar when actually contacting the server and thus avoids one DNS lookup 52090926Snectar 52190926Snectar2001-06-20 Johan Danielsson <joda@pdc.kth.se> 52290926Snectar 52390926Snectar * lib/krb5/krb5.h: include k524_err.h 52490926Snectar 52590926Snectar * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test 52690926Snectar for keytype, the server will do this for us if it has anything to 52790926Snectar complain about 52890926Snectar 52990926Snectar * lib/krb5/context.c: add protocol compatible krb524 error codes 53090926Snectar 53190926Snectar * lib/krb5/Makefile.am: add protocol compatible krb524 error codes 53290926Snectar 53390926Snectar * lib/krb5/k524_err.et: add protocol compatible krb524 error codes 53490926Snectar 53590926Snectar * lib/krb5/krb5_principal_get_realm.3: manpage 53690926Snectar 53790926Snectar * lib/krb5/principal.c: add functions `krb5_principal_get_realm' 53890926Snectar and `krb5_principal_get_comp_string' that returns parts of a 53990926Snectar principal; this is a replacement for the internal 54090926Snectar `krb5_princ_realm' and `krb5_princ_component' macros that everyone 54190926Snectar seem to use 54290926Snectar 54390926Snectar2001-06-19 Assar Westerlund <assar@sics.se> 54490926Snectar 54590926Snectar * kuser/kinit.c (main): dereference result from krb5_princ_realm. 54690926Snectar from Thomas Nystrom <thn@saeab.se> 54790926Snectar 54890926Snectar2001-06-18 Johan Danielsson <joda@pdc.kth.se> 54990926Snectar 55090926Snectar * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done 55190926Snectar * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak 55290926Snectar * lib/krb5/krbhst.c (config_get_hosts): free hostlist 55390926Snectar * kuser/kinit.c: free principal 55490926Snectar 55590926Snectar2001-06-18 Assar Westerlund <assar@sics.se> 55690926Snectar 55790926Snectar * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra 55890926Snectar freeaddrinfo 55990926Snectar 56090926Snectar * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache): 56190926Snectar remove some unused variables 56290926Snectar 56390926Snectar * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly 56490926Snectar * kdc/kerberos5.c: update to new krb5_auth_con* names 56590926Snectar * kdc/hpropd.c: update to new krb5_auth_con* names 56690926Snectar * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions 56790926Snectar and remove some comments 56890926Snectar * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right 56990926Snectar order: remote - local - session 57090926Snectar * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the 57190926Snectar auth_context 57290926Snectar * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct 57390926Snectar order: remote - local - session 57490926Snectar * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order, 57590926Snectar local - remote - session 57690926Snectar 57790926Snectar2001-06-18 Johan Danielsson <joda@pdc.kth.se> 57890926Snectar 57990926Snectar * lib/krb5/convert_creds.c: use starttime instead of authtime, 58090926Snectar from Chris Chiappa 58190926Snectar 58290926Snectar * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match 58390926Snectar the MIT function by the same name; add 58490926Snectar krb524_convert_creds_kdc_ccache that does what the old version did 58590926Snectar 58690926Snectar * admin/list.c (do_list): make sure list of keys is NULL 58790926Snectar terminated; similar to patch sent by Chris Chiappa 58890926Snectar 58990926Snectar2001-06-18 Assar Westerlund <assar@sics.se> 59090926Snectar 59190926Snectar * lib/krb5/mcache.c (mcc_remove_cred): use 59290926Snectar krb5_free_creds_contents 59390926Snectar 59490926Snectar * lib/krb5/auth_context.c: name function krb5_auth_con more 59590926Snectar consistenly 59690926Snectar * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use 59790926Snectar renamed krb5_auth_con_getauthenticator 59890926Snectar 59990926Snectar * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to 60090926Snectar use krb5_krbhst API 60190926Snectar * lib/krb5/changepw.c (krb5_change_password): update to use 60290926Snectar krb5_krbhst API 60390926Snectar * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API 60490926Snectar * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port 60590926Snectar in krb5_krbhst_info 60690926Snectar (krb5_krbhst_free): free everything 60790926Snectar 60890926Snectar * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add 60990926Snectar (krb5_krbhst_info): add def_port (default port for this service) 61090926Snectar 61190926Snectar * lib/krb5/krbhst-test.c: make it more verbose and useful 61290926Snectar * lib/krb5/krbhst.c: remove some more memory leaks do not try any 61390926Snectar dns operations if there is local configuration admin: fallback to 61490926Snectar kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin 61590926Snectar add some comments 61690926Snectar 61790926Snectar * configure.in: remove initstate and setstate, they should be in 61890926Snectar cf/roken-frag.m4 61990926Snectar 62090926Snectar * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test 62190926Snectar * lib/krb5/krbhst-test.c: new program for testing krbhst 62290926Snectar * lib/krb5/krbhst.c (common_init): remove memory leak 62390926Snectar (main): move test program into krbhst-test 62490926Snectar 62590926Snectar2001-06-17 Johan Danielsson <joda@pdc.kth.se> 62690926Snectar 62790926Snectar * lib/krb5/krb5_krbhst_init.3: manpage 62890926Snectar 62990926Snectar * lib/krb5/krb5_get_krbhst.3: manpage 63090926Snectar 63190926Snectar2001-06-16 Johan Danielsson <joda@pdc.kth.se> 63290926Snectar 63390926Snectar * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type 63490926Snectar 63590926Snectar * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle 63690926Snectar 63790926Snectar * lib/krb5/krb5.h: types for new krbhst api 63890926Snectar 63990926Snectar * lib/krb5/krbhst.c: implement a new api that looks up one host at 64090926Snectar a time, instead of making a list of hosts 64190926Snectar 64290926Snectar2001-06-09 Johan Danielsson <joda@pdc.kth.se> 64390926Snectar 64490926Snectar * configure.in: test for initstate and setstate 64590926Snectar 64690926Snectar * lib/krb5/krbhst.c: remove rfc2052 support 64790926Snectar 64890926Snectar2001-06-08 Johan Danielsson <joda@pdc.kth.se> 64990926Snectar 65090926Snectar * fix some manpages for broken mdoc.old grog test 65190926Snectar 65290926Snectar2001-05-28 Assar Westerlund <assar@sics.se> 65390926Snectar 65490926Snectar * lib/krb5/krb5.conf.5: add [appdefaults] 65590926Snectar * lib/krb5/init_creds_pw.c: remove configuration reading that is 65690926Snectar now done in krb5_get_init_creds_opt_set_default_flags 65790926Snectar * lib/krb5/init_creds.c 65890926Snectar (krb5_get_init_creds_opt_set_default_flags): add reading of 65990926Snectar libdefaults versions of these and add no_addresses 66090926Snectar 66190926Snectar * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string 66290926Snectar when preauth was required and we retry 66390926Snectar 66490926Snectar2001-05-25 Assar Westerlund <assar@sics.se> 66590926Snectar 66690926Snectar * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call 66790926Snectar krb5_get_krb524hst 66890926Snectar * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the 66990926Snectar support functions 67090926Snectar 67190926Snectar2001-05-22 Assar Westerlund <assar@sics.se> 67290926Snectar 67390926Snectar * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec 67490926Snectar properly 67590926Snectar 67678527Sassar2001-05-17 Assar Westerlund <assar@sics.se> 67778527Sassar 67878527Sassar * Release 0.3f 67978527Sassar 68078527Sassar2001-05-17 Assar Westerlund <assar@sics.se> 68178527Sassar 68278527Sassar * lib/krb5/Makefile.am: bump version to 16:0:0 68378527Sassar * lib/hdb/Makefile.am: bump version to 7:1:0 68478527Sassar * lib/asn1/Makefile.am: bump version to 5:0:0 68578527Sassar * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4 68678527Sassar * lib/krb5/codec.c: remove dead code 68778527Sassar 68890926Snectar2001-05-17 Johan Danielsson <joda@pdc.kth.se> 68990926Snectar 69090926Snectar * kdc/config.c: actually check the ticket addresses 69190926Snectar 69278527Sassar2001-05-15 Assar Westerlund <assar@sics.se> 69378527Sassar 69478527Sassar * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct 69578527Sassar parenthesis 69678527Sassar 69778527Sassar * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add 69878527Sassar `errno' (called system_error) to allow callers to make sure they 69978527Sassar pass the current and relevant value. update callers 70078527Sassar 70178527Sassar2001-05-14 Johan Danielsson <joda@pdc.kth.se> 70278527Sassar 70390926Snectar * lib/krb5/verify_user.c: krb5_verify_user_opt 70490926Snectar 70590926Snectar * lib/krb5/krb5.h: verify_opt 70690926Snectar 70778527Sassar * kdc/kerberos5.c: pass context to krb5_domain_x500_decode 70878527Sassar 70978527Sassar2001-05-14 Assar Westerlund <assar@sics.se> 71078527Sassar 71178527Sassar * kpasswd/kpasswdd.c: adapt to new address functions 71278527Sassar * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE 71378527Sassar * kdc/connect.c: adapt to changing address functions 71478527Sassar * kdc/config.c: new krb5_config_parse_file 71578527Sassar * kdc/524.c: new krb5_sockaddr2address 71678527Sassar * lib/krb5/*: add some krb5_{set,clear}_error_string 71778527Sassar 71878527Sassar * lib/asn1/k5.asn1 (LR_TYPE): add 71978527Sassar * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x 72078527Sassar 72178527Sassar2001-05-11 Assar Westerlund <assar@sics.se> 72278527Sassar 72378527Sassar * kdc/kerberos5.c (tsg_rep): fix typo in variable name 72478527Sassar 72578527Sassar * kpasswd/kpasswd-generator.c (nop_prompter): update prototype 72678527Sassar * lib/krb5/init_creds_pw.c: update to new prompter, use prompter 72778527Sassar types and send two prompts at once when changning password 72878527Sassar * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name 72978527Sassar * lib/krb5/krb5.h (krb5_prompt): add type 73078527Sassar (krb5_prompter_fct): add anem 73178527Sassar 73278527Sassar * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two 73378527Sassar paramaters to krb5_cc_next_cred (as MIT does, and not as they 73478527Sassar document). From "Jacques A. Vidrine" <n@nectar.com> 73578527Sassar 73678527Sassar2001-05-11 Johan Danielsson <joda@pdc.kth.se> 73778527Sassar 73878527Sassar * lib/krb5/Makefile.am: store-test 73978527Sassar 74078527Sassar * lib/krb5/store-test.c: simple bit storage test 74178527Sassar 74278527Sassar * lib/krb5/store.c: add more byteorder storage flags 74378527Sassar 74478527Sassar * lib/krb5/krb5.h: add more byteorder storage flags 74578527Sassar 74678527Sassar * kdc/kerberos5.c: don't use NULL where we mean 0 74778527Sassar 74878527Sassar * kdc/kerberos5.c: put referral test code in separate function, 74978527Sassar and test for KRB5_NT_SRV_INST 75078527Sassar 75178527Sassar2001-05-10 Assar Westerlund <assar@sics.se> 75278527Sassar 75378527Sassar * admin/list.c (do_list): do not close the keytab if opening it 75478527Sassar failed 75578527Sassar * admin/list.c (do_list): always print complete names. print 75678527Sassar everything to stdout. 75778527Sassar * admin/list.c: print both v5 and v4 list by default 75878527Sassar * admin/remove.c (kt_remove): reorganize some. open the keytab 75978527Sassar (defaulting to the modify one). 76078527Sassar * admin/purge.c (kt_purge): reorganize some. open the keytab 76178527Sassar (defaulting to the modify one). correct usage strings 76278527Sassar * admin/list.c (kt_list): reorganize some. open the keytab 76378527Sassar * admin/get.c (kt_get): reorganize some. open the keytab 76478527Sassar (defaulting to the modify one) 76578527Sassar * admin/copy.c (kt_copy): default to modify key name. re-organise 76678527Sassar * admin/change.c (kt_change): reorganize some. open the keytab 76778527Sassar (defaulting to the modify one) 76878527Sassar * admin/add.c (kt_add): reorganize some. open the keytab 76978527Sassar (defaulting to the modify one) 77078527Sassar * admin/ktutil.c (main): do not open the keytab, let every 77178527Sassar sub-function handle it 77278527Sassar 77378527Sassar * kdc/config.c (configure): call free_getarg_strings 77478527Sassar 77578527Sassar * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for 77678527Sassar a few more errors 77778527Sassar 77878527Sassar * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make 77978527Sassar `use_dns' parameter boolean 78078527Sassar 78178527Sassar * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify 78278527Sassar * lib/krb5/context.c (init_context_from_config_file): set 78378527Sassar default_keytab_modify 78478527Sassar * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to 78578527Sassar ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab 78678527Sassar (KEYTAB_DEFAULT_MODIFY): add 78778527Sassar * lib/krb5/keytab.c (krb5_kt_default_modify_name): add 78878527Sassar (krb5_kt_resolve): set error string for failed keytab type 78978527Sassar 79078527Sassar2001-05-08 Assar Westerlund <assar@sics.se> 79178527Sassar 79278527Sassar * lib/krb5/crypto.c (encryption_type): make field names more 79378527Sassar consistent 79478527Sassar (create_checksum): separate usage and type 79578527Sassar (krb5_create_checksum): add a separate type parameter 79678527Sassar (encrypt_internal): only free once on mismatched checksum length 79778527Sassar 79878527Sassar * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what 79978527Sassar realm we didn't manage to reach any KDC for in the error string 80078527Sassar 80178527Sassar * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free 80278527Sassar the entire subkey. from <tmartin@mirapoint.com> 80378527Sassar 80478527Sassar2001-05-07 Johan Danielsson <joda@pdc.kth.se> 80578527Sassar 80678527Sassar * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return 80778527Sassar KT_NOTFOUND if the file is empty 80878527Sassar 80978527Sassar2001-05-07 Assar Westerlund <assar@sics.se> 81078527Sassar 81178527Sassar * lib/krb5/fcache.c: call krb5_set_error_string when open fails 81278527Sassar fatally 81378527Sassar * lib/krb5/keytab_file.c: call krb5_set_error_string when open 81478527Sassar fails fatally 81578527Sassar 81678527Sassar * lib/krb5/warn.c (_warnerr): print error_string in context in 81778527Sassar preference to error string derived from error code 81878527Sassar * kuser/kinit.c (main): try to print the error string 81978527Sassar * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible 82078527Sassar error strings for errors 82178527Sassar 82278527Sassar * lib/krb5/krb5.h (krb5_context_data): add error_string and 82378527Sassar error_buf 82478527Sassar * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c 82578527Sassar * lib/krb5/error_string.c: new file 82678527Sassar 82778527Sassar2001-05-02 Johan Danielsson <joda@pdc.kth.se> 82878527Sassar 82978527Sassar * lib/krb5/time.c: krb5_string_to_deltat 83078527Sassar 83178527Sassar * lib/krb5/sock_principal.c: one less data copy 83278527Sassar 83378527Sassar * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's 83478527Sassar 83578527Sassar * lib/krb5/get_default_principal.c: change this slightly 83678527Sassar 83778527Sassar * lib/krb5/crypto.c: make checksum_types into an array of pointers 83878527Sassar 83978527Sassar * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc 84078527Sassar ticket 84178527Sassar 84278527Sassar2001-04-29 Assar Westerlund <assar@sics.se> 84378527Sassar 84478527Sassar * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for 84578527Sassar the right realm if we fail to find a non-krbtgt service in the 84678527Sassar database and the second component does a succesful non-dns lookup 84778527Sassar to get the real realm (which has to be different from the 84878527Sassar originally-supplied realm). this should help windows 2000 clients 84978527Sassar that always start their lookups in `their' realm and do not have 85078527Sassar any idea of how to map hostnames into realms 85178527Sassar * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm 85278527Sassar 85378527Sassar2001-04-27 Johan Danielsson <joda@pdc.kth.se> 85478527Sassar 85578527Sassar * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra 85678527Sassar parameter to request use of dns or not 85778527Sassar 85878527Sassar2001-04-25 Assar Westerlund <assar@sics.se> 85978527Sassar 86078527Sassar * admin/get.c (kt_get): allow specification of encryption types 86178527Sassar * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to 86278527Sassar close an unopened ccache, noted by <marc@mit.edu> 86378527Sassar 86478527Sassar * lib/krb5/krb5.h (krb5_any_ops): add declaration 86578527Sassar * lib/krb5/context.c (init_context_from_config_file): register 86678527Sassar krb5_any_ops 86778527Sassar 86878527Sassar * lib/krb5/keytab_any.c: new file, implementing union of keytabs 86978527Sassar * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c 87078527Sassar 87178527Sassar * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options 87278527Sassar == NULL. noted by <marc@mit.edu> 87378527Sassar 87478527Sassar2001-04-19 Johan Danielsson <joda@pdc.kth.se> 87578527Sassar 87678527Sassar * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything 87778527Sassar else, from Jacques Vidrine 87878527Sassar 87978527Sassar2001-04-18 Johan Danielsson <joda@pdc.kth.se> 88078527Sassar 88178527Sassar * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h 88278527Sassar 88378527Sassar * lib/asn1/Makefile.am: add asn1_ENCTYPE.x 88478527Sassar 88578527Sassar * lib/krb5/krb5.h: adapt to asn1 changes 88678527Sassar 88778527Sassar * lib/asn1/k5.asn1: move enctypes here 88878527Sassar 88978527Sassar * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid 89078527Sassar conflicts 89178527Sassar 89278527Sassar * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid 89378527Sassar conflicts 89478527Sassar 89578527Sassar * lib/asn1/lex.l: use strtol to parse constants 89678527Sassar 89778527Sassar2001-04-06 Johan Danielsson <joda@pdc.kth.se> 89878527Sassar 89978527Sassar * kuser/kinit.c: add simple support for running commands 90078527Sassar 90178527Sassar2001-03-26 Assar Westerlund <assar@sics.se> 90278527Sassar 90378527Sassar * lib/hdb/hdb-ldap.c: change order of includes to allow it to work 90478527Sassar with more versions of openldap 90578527Sassar 90678527Sassar * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error 90778527Sassar replies 90878527Sassar (*): update callers of krb5_km_error 90978527Sassar (check_tgs_flags): handle renews requesting non-renewable tickets 91078527Sassar 91178527Sassar * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime 91278527Sassar and cusec 91378527Sassar 91478527Sassar * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add 91578527Sassar compatibility names 91678527Sassar 91778527Sassar * lib/krb5/crypto.c (create_checksum): change so that `type == 0' 91878527Sassar means pick from the `crypto' (context) and otherwise use that 91978527Sassar type. this is not a large change in practice and allows callers 92078527Sassar to specify the exact checksum algorithm to use 92178527Sassar 92278527Sassar2001-03-13 Assar Westerlund <assar@sics.se> 92378527Sassar 92478527Sassar * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back 92578527Sassar to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad 92678527Sassar integrity'. this helps for talking to old (pre 0.3d) KDCs 92778527Sassar 92878527Sassar2001-03-12 Assar Westerlund <assar@pdc.kth.se> 92978527Sassar 93078527Sassar * lib/krb5/crypto.c (krb5_derive_key): new function, used by 93178527Sassar derived-key-test.c 93278527Sassar * lib/krb5/string-to-key-test.c: add new test vectors posted by 93378527Sassar Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to 93478527Sassar ietf-krb-wg@anl.gov 93578527Sassar * lib/krb5/n-fold-test.c: more test vectors from same source 93678527Sassar * lib/krb5/derived-key-test.c: more tests from same source 93778527Sassar 93878527Sassar2001-03-06 Assar Westerlund <assar@sics.se> 93978527Sassar 94078527Sassar * acconfig.h: include roken_rename.h when appropriate 94178527Sassar 94278527Sassar2001-03-06 Assar Westerlund <assar@sics.se> 94378527Sassar 94478527Sassar * lib/krb5/krb5.h (krb5_enctype): remove trailing comma 94578527Sassar 94678527Sassar2001-03-04 Assar Westerlund <assar@sics.se> 94778527Sassar 94878527Sassar * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for 94978527Sassar compatibility with MIT krb5 95078527Sassar 95178527Sassar2001-03-02 Assar Westerlund <assar@sics.se> 95278527Sassar 95378527Sassar * kuser/kinit.c (main): only request a renewable ticket when 95478527Sassar explicitly requested. it still gets a renewable one if the renew 95578527Sassar life is specified 95678527Sassar * kuser/kinit.c (renew_validate): treat -1 as flags not being set 95778527Sassar 95878527Sassar2001-02-28 Johan Danielsson <joda@pdc.kth.se> 95978527Sassar 96078527Sassar * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list 96178527Sassar 96278527Sassar2001-02-27 Johan Danielsson <joda@pdc.kth.se> 96378527Sassar 96478527Sassar * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt 96578527Sassar 96678527Sassar2001-02-25 Assar Westerlund <assar@sics.se> 96778527Sassar 96878527Sassar * configure.in: do not use -R when testing for des functions 96978527Sassar 97078527Sassar2001-02-14 Assar Westerlund <assar@sics.se> 97178527Sassar 97278527Sassar * configure.in: test for lber.h when trying to link against 97378527Sassar openldap to handle openldap v1, from Sumit Bose 97478527Sassar <sumit.bose@suse.de> 97578527Sassar 97678527Sassar2001-02-19 Assar Westerlund <assar@sics.se> 97778527Sassar 97878527Sassar * lib/asn1/libasn1.h: add string.h (for memset) 97978527Sassar 98078527Sassar2001-02-15 Assar Westerlund <assar@sics.se> 98178527Sassar 98278527Sassar * lib/krb5/warn.c (_warnerr): add printf attributes 98378527Sassar * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address 98478527Sassar returned by getaddrinfo before trying the next kdc. from 98578527Sassar thorpej@netbsd.org 98678527Sassar 98778527Sassar * lib/krb5/krb5.conf.5: fix default_realm in example 98878527Sassar 98978527Sassar * kdc/connect.c: fix a few kdc_log format types 99078527Sassar 99178527Sassar * configure.in: try to handle libdes/libcrypto ont requiring -L 99278527Sassar 99378527Sassar2001-02-10 Assar Westerlund <assar@sics.se> 99478527Sassar 99578527Sassar * lib/asn1/gen_decode.c (generate_type_decode): zero the data at 99678527Sassar the beginning of the generated function, and add a label `fail' 99778527Sassar that the code jumps to in case of errors that frees all allocated 99878527Sassar data 99978527Sassar 100078527Sassar2001-02-07 Assar Westerlund <assar@sics.se> 100178527Sassar 100278527Sassar * configure.in: aix dce: fix misquotes, from Ake Sandgren 100378527Sassar <ake@cs.umu.se> 100478527Sassar 100578527Sassar * configure.in (dpagaix_LDFLAGS): try to add export file 100678527Sassar 100778527Sassar2001-02-05 Assar Westerlund <assar@sics.se> 100878527Sassar 100978527Sassar * lib/krb5/krb5_keytab.3: new man page, contributed by 101078527Sassar <lha@stacken.kth.se> 101178527Sassar 101278527Sassar * kdc/kaserver.c: update to new db_fetch4 101378527Sassar 101472445Sassar2001-02-05 Assar Westerlund <assar@assaris.sics.se> 101557422Smarkm 101672445Sassar * Release 0.3e 101757422Smarkm 101872445Sassar2001-01-30 Assar Westerlund <assar@sics.se> 101957422Smarkm 102072445Sassar * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key 102172445Sassar properly 102272445Sassar (kdb_prop): decrypt key properly 102372445Sassar * kdc/hprop.c: handle building with KRB4 always try to decrypt v4 102472445Sassar data with the master key leave it up to the v5 how to encrypt with 102572445Sassar that master key 102657422Smarkm 102772445Sassar * kdc/kstash.c: include file name in error messages 102872445Sassar * kdc/hprop.c: fix a typo and check some more return values 102972445Sassar * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s 103072445Sassar correctly. From Jacques Vidrine <n@nectar.com> 103172445Sassar * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than 103272445Sassar ENOENT 103357422Smarkm 103472445Sassar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 103572445Sassar 15:0:0 103672445Sassar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0 103772445Sassar * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2 103872445Sassar * kdc/misc.c (db_fetch): return an error code. change callers to 103972445Sassar look at this and try to print it in log messages 104057422Smarkm 104172445Sassar * lib/krb5/crypto.c (decrypt_internal_derived): check that there's 104272445Sassar enough data 104357422Smarkm 104472445Sassar2001-01-29 Assar Westerlund <assar@sics.se> 104557419Smarkm 104672445Sassar * kdc/hprop.c (realm_buf): move it so it becomes properly 104772445Sassar conditional on KRB4 104857419Smarkm 104972445Sassar * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey, 105072445Sassar hdb_unseal_keys, hdb_seal_keys): check that we have the correct 105172445Sassar master key and that we manage to decrypt the key properly, 105272445Sassar returning an error code. fix all callers to check return value. 105357419Smarkm 105472445Sassar * tools/krb5-config.in: use @LIB_des_appl@ 105572445Sassar * tools/Makefile.am (krb5-config): add LIB_des_appl 105672445Sassar * configure.in (LIB_des): set correctly 105772445Sassar (LIB_des_appl): add for the use by krb5-config.in 105857419Smarkm 105972445Sassar * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write} 106072445Sassar to make sure of not dropping data when doing it over a socket. 106172445Sassar (this might break when used with ordinary files on win32) 106257419Smarkm 106372445Sassar * lib/hdb/hdb_err.et (NO_MKEY): add 106457419Smarkm 106572445Sassar * kdc/kerberos5.c (as_rep): be paranoid and check 106672445Sassar krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se> 106757419Smarkm 106872445Sassar * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3, 106972445Sassar lib/krb5/krb5_auth_context.3: add new man pages, contributed by 107072445Sassar <lha@stacken.kth.se> 107157419Smarkm 107272445Sassar * use the openssl api for md4/md5/sha and handle openssl/*.h 107357419Smarkm 107472445Sassar * kdc/kaserver.c (do_getticket): check length of ticket. noted by 107572445Sassar <lha@stacken.kth.se> 107657419Smarkm 107772445Sassar2001-01-28 Assar Westerlund <assar@sics.se> 107857419Smarkm 107972445Sassar * configure.in: send -R instead of -rpath to libtool to set 108072445Sassar runtime library paths 108157419Smarkm 108272445Sassar * lib/krb5/Makefile.am: remove all dependencies on libkrb 108357416Smarkm 108472445Sassar2001-01-27 Assar Westerlund <assar@sics.se> 108557416Smarkm 108672445Sassar * appl/rcp: add port of bsd rcp changed to use existing rsh, 108772445Sassar contributed by Richard Nyberg <rnyberg@it.su.se> 108857416Smarkm 108972445Sassar2001-01-27 Johan Danielsson <joda@pdc.kth.se> 109057416Smarkm 109172445Sassar * lib/krb5/get_port.c: don't warn if the port name can't be found, 109272445Sassar nobody cares anyway 109357416Smarkm 109472445Sassar2001-01-26 Johan Danielsson <joda@pdc.kth.se> 109557416Smarkm 109672445Sassar * kdc/hprop.c: make it possible to convert a v4 dump file without 109772445Sassar having any v4 libraries; the kdb backend still require them 109857416Smarkm 109972445Sassar * kdc/v4_dump.c: include shadow definition of kdb Principal, so we 110072445Sassar don't have to depend on any v4 libraries 110157416Smarkm 110272445Sassar * kdc/hprop.h: include shadow definition of kdb Principal, so we 110372445Sassar don't have to depend on any v4 libraries 110457416Smarkm 110572445Sassar * lib/hdb/print.c: reduce number of memory allocations 110657416Smarkm 110772445Sassar * lib/hdb/mkey.c: add support for reading krb4 /.k files 110857416Smarkm 110972445Sassar2001-01-19 Assar Westerlund <assar@sics.se> 111057416Smarkm 111172445Sassar * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server 111272445Sassar for realms document capath better 111357416Smarkm 111472445Sassar * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look 111572445Sassar at kpasswd_server before admin_server 111657416Smarkm 111772445Sassar * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in 111872445Sassar [libdefaults]capath for better hint of realm to send request to. 111972445Sassar this allows the client to specify `realm routing information' in 112072445Sassar case it cannot be done at the server (which is preferred) 112157416Smarkm 112272445Sassar * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as 112372445Sassar zero when we were expecting a sequence number. MIT krb5 cannot 112472445Sassar generate a sequence number of zero, instead generating no sequence 112572445Sassar number 112672445Sassar * lib/krb5/rd_safe.c (krb5_rd_safe): dito 112757416Smarkm 112872445Sassar2001-01-11 Assar Westerlund <assar@sics.se> 112957416Smarkm 113072445Sassar * kpasswd/kpasswdd.c: add --port option 113157416Smarkm 113272445Sassar2001-01-10 Assar Westerlund <assar@sics.se> 113357416Smarkm 113472445Sassar * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition 113572445Sassar just before returning 113657416Smarkm 113772445Sassar2001-01-09 Assar Westerlund <assar@sics.se> 113857416Smarkm 113972445Sassar * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred 114057416Smarkm 114172445Sassar2001-01-05 Johan Danielsson <joda@pdc.kth.se> 114257416Smarkm 114372445Sassar * kuser/kinit.c: call a time `time', and not `seconds' 114457416Smarkm 114572445Sassar * lib/krb5/init_creds.c: not much point in setting the anonymous 114672445Sassar flag here 114757416Smarkm 114872445Sassar * lib/krb5/krb5_appdefault.3: document appdefault_time 114957416Smarkm 115072445Sassar2001-01-04 Johan Danielsson <joda@pdc.kth.se> 115157416Smarkm 115272445Sassar * lib/krb5/verify_user.c: use 115372445Sassar krb5_get_init_creds_opt_set_default_flags 115455682Smarkm 115572445Sassar * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags 115655682Smarkm 115772445Sassar * lib/krb5/init_creds.c: new function 115872445Sassar krb5_get_init_creds_opt_set_default_flags to set options from 115972445Sassar krb5.conf 116055682Smarkm 116172445Sassar * lib/krb5/rd_cred.c: make this match the MIT function 116255682Smarkm 116372445Sassar * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL 116472445Sassar def_val 116572445Sassar (krb5_appdefault_time): new function 116655682Smarkm 116772445Sassar2001-01-03 Assar Westerlund <assar@sics.se> 116855682Smarkm 116972445Sassar * kdc/hpropd.c (main): handle EOF when reading from stdin 117055682Smarkm 1171