ChangeLog revision 102644
12002-08-28 Assar Westerlund <assar@kth.se> 2 3 * kdc/config.c: add missing ifdef DAEMON 4 52002-08-28 Johan Danielsson <joda@pdc.kth.se> 6 7 * configure.in: use rk_SUNOS 8 9 * kdc/config.c: add detach options 10 11 * kdc/main.c: maybe detach from console? 12 13 * kdc/kdc.8: markup changes 14 15 * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE 16 17 * configure.in: use rk_TELNET, rename some other macros, and don't 18 add -ldes to krb4 link command 19 20 * kuser/kinit.1: whitespace fix (from NetBSD) 21 22 * include/bits.c: we may need unistd.h for ssize_t 23 242002-08-26 Assar Westerlund <assar@kth.se> 25 26 * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA 27 rrs before A ones when using the resolver to verify a mapping, 28 also use getaddrinfo when resolver is not available 29 30 * lib/hdb/keytab.c (find_db): const-correctness in parameters to 31 krb5_config_get_next 32 33 * lib/asn1/gen.c: include <string.h> in the generated files (for 34 memset) 35 362002-08-22 Assar Westerlund <assar@kth.se> 37 38 * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use 39 getarg so that it can handle --help and --version (and thus make 40 check can pass) 41 42 * lib/asn1/check-der.c: make this build again 43 442002-08-22 Assar Westerlund <assar@kth.se> 45 46 * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a 47 patch from Love <lha@stacken.kth.se> 48 492002-08-22 Johan Danielsson <joda@pdc.kth.se> 50 51 * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP 52 KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter 53 54 * kdc/kdc.8: add blurb about adding and removing addresses; update 55 kdc.conf section to match reality 56 57 * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so 58 don't define it 59 602002-08-21 Assar Westerlund <assar@kth.se> 61 62 * lib/asn1/asn1_print.c: print OIDs too, based on a patch from 63 Love <lha@stacken.kth.se> 64 652002-08-21 Johan Danielsson <joda@pdc.kth.se> 66 67 * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2 68 since it might not exist, and we don't actually care about the key 69 702002-08-20 Johan Danielsson <joda@pdc.kth.se> 71 72 * lib/krb5/krb5.conf.5: correct documentation for 73 verify_ap_req_nofail 74 75 * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from 76 Mattias Amnefelt) 77 78 * kuser/klist.c (display_tokens): increase token buffer size, and 79 add more checks of the kernel data (from Love) 80 812002-08-19 Johan Danielsson <joda@pdc.kth.se> 82 83 * fix-export: use make to parse Makefile.am instead of perl 84 85 * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it 86 groks AC_INIT with package name etc. 87 88 * kpasswd/kpasswdd.c: include <kadm5/private.h> 89 90 * lib/asn1/asn1_print.c: include com_right.h 91 92 * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t 93 94 * include/bits.c: define krb5_socklen_t type; this should really 95 go someplace else, but this was easy 96 97 * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file 98 fails, just warn about it 99 100 * kdc/log.c (kdc_openlog): no need for a config_file parameter 101 102 * kdc/config.c: just treat kdc.conf like any other config file 103 104 * lib/krb5/context.c (krb5_get_default_config_files): ignore 105 duplicate files 106 1072002-08-16 Johan Danielsson <joda@pdc.kth.se> 108 109 * lib/krb5/krb5.h: turn strings into pointers, so we can assign to 110 them 111 112 * lib/krb5/constants.c: turn strings into pointers, so we can 113 assign to them 114 115 * lib/krb5/get_addrs.c (get_addrs_int): initialise res if 116 SCAN_INTERFACES is not set 117 118 * lib/krb5/context.c: fix various borked stuff in previous commits 119 1202002-08-16 Jacques Vidrine <n@nectar.com> 121 122 * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using 123 the `admin_server' entry for kpasswd, override the `proto' result 124 to be UDP. 125 1262002-08-15 Johan Danielsson <joda@pdc.kth.se> 127 128 * lib/krb5/auth_context.c: check return value of 129 krb5_sockaddr2address 130 131 * lib/krb5/addr_families.c: check return value of 132 krb5_sockaddr2address 133 134 * lib/krb5/context.c: get the default keytab from KRB5_KTNAME 135 1362002-08-14 Johan Danielsson <joda@pdc.kth.se> 137 138 * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file 139 140 * lib/krb5/context.c: allow changing config files with the 141 function krb5_set_config_files, there are also related functions 142 krb5_get_default_config_files and krb5_free_config_files; these 143 should work similar to their MIT counterparts 144 145 * lib/krb5/config_file.c: allow the use of more than one config 146 file by using the new function krb5_config_parse_file_multi 147 1482002-08-12 Johan Danielsson <joda@pdc.kth.se> 149 150 * use sysconfdir instead of /etc 151 152 * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc 153 to appease automake; force sysconfdir and localstatedir to /etc 154 and /var/heimdal for now 155 156 * kdc/connect.c (addr_to_string): check return value of 157 sockaddr2address 158 1592002-08-09 Johan Danielsson <joda@pdc.kth.se> 160 161 * lib/krb5/rd_cred.c: if the remote address isn't an addrport, 162 don't try comparing to one; this should make old clients work with 163 new servers 164 165 * lib/asn1/gen_decode.c: remove unused variable 166 1672002-07-31 Johan Danielsson <joda@pdc.kth.se> 168 169 * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick 170 Brashear) 171 172 * lib/krb5/principal.c: actually lower case the lower case 173 instance name (spotted by Derrick Brashear) 174 1752002-07-24 Johan Danielsson <joda@pdc.kth.se> 176 177 * fix-export: if DATEDVERSION is set, change the version to 178 current date 179 180 * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set 181 LTLIBOBJS 182 1832002-07-04 Johan Danielsson <joda@pdc.kth.se> 184 185 * kdc/connect.c: add some cache-control-foo to the http responses 186 (from Gombas Gabor) 187 188 * lib/krb5/addr_families.c (krb5_print_address): don't copy size 189 if ret_len == NULL 190 1912002-06-28 Johan Danielsson <joda@pdc.kth.se> 192 193 * kuser/klist.c (display_tokens): don't bail out before we get 194 EDOM (signaling the end of the tokens), the kernel can also return 195 ENOTCONN, meaning that the index does not exist anymore (for 196 example if the token has expired) 197 1982002-06-06 Johan Danielsson <joda@pdc.kth.se> 199 200 * lib/krb5/changepw.c: make sure we return an error if there are 201 no changepw hosts found; from Wynn Wilkes 202 2032002-05-29 Johan Danielsson <joda@pdc.kth.se> 204 205 * lib/krb5/cache.c (krb5_cc_register): break out of loop when the 206 same type is found; spotted by Wynn Wilkes 207 2082002-05-15 Johan Danielsson <joda@pdc.kth.se> 209 210 * kdc/kerberos5.c: don't free encrypted padata until we're really 211 done with it 212 2132002-05-07 Johan Danielsson <joda@pdc.kth.se> 214 215 * kdc/kerberos5.c: when decrypting pa-data, try all keys matching 216 enctype 217 218 * kuser/kinit.1: document -a 219 220 * kuser/kinit.c: add command line switch for extra addresses 221 2222002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se> 223 224 * configure.in: remove some duplicate tests 225 226 * configure.in: use AC_HELP_STRING 227 2282002-04-29 Johan Danielsson <joda@pdc.kth.se> 229 230 * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is 231 unknown 232 2332002-04-25 Johan Danielsson <joda@pdc.kth.se> 234 235 * configure.in: use rk_DESTDIRS 236 2372002-04-22 Johan Danielsson <joda@pdc.kth.se> 238 239 * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies 240 the principal 241 2422002-04-19 Johan Danielsson <joda@pdc.kth.se> 243 244 * lib/krb5/verify_init.c: fix typo in error string 245 2462002-04-18 Johan Danielsson <joda@pdc.kth.se> 247 248 * acconfig.h: remove some stuff that is defined elsewhere 249 250 * lib/krb5/krb5_locl.h: include <sys/file.h> 251 252 * lib/krb5/acl.c: rename acl_string parameter 253 254 * lib/krb5/Makefile.am: remove __P from protos, and put parameter 255 names in comments 256 257 * kuser/klist.c: better align some headers 258 259 * kdc/kerberos4.c: storage tweaks 260 261 * kdc/kaserver.c: storage tweaks 262 263 * kdc/524.c: storage tweaks 264 265 * lib/krb5/keytab_krb4.c: storage tweaks 266 267 * lib/krb5/keytab_keyfile.c: storage tweaks 268 269 * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero 270 sized keytab files 271 272 * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END 273 274 * lib/krb5/fcache.c: storage tweaks 275 276 * lib/krb5/store_mem.c: make the krb5_storage opaque, and add 277 function wrappers for store/fetch/seek, and also make the eof-code 278 configurable 279 280 * lib/krb5/store_fd.c: make the krb5_storage opaque, and add 281 function wrappers for store/fetch/seek, and also make the eof-code 282 configurable 283 284 * lib/krb5/store_emem.c: make the krb5_storage opaque, and add 285 function wrappers for store/fetch/seek, and also make the eof-code 286 configurable 287 288 * lib/krb5/store.c: make the krb5_storage opaque, and add function 289 wrappers for store/fetch/seek, and also make the eof-code 290 configurable 291 292 * lib/krb5/store-int.h: make the krb5_storage opaque, and add 293 function wrappers for store/fetch/seek, and also make the eof-code 294 configurable 295 296 * lib/krb5/krb5.h: make the krb5_storage opaque, and add function 297 wrappers for store/fetch/seek, and also make the eof-code 298 configurable 299 300 * include/bits.c: include <sys/socket.h> to get socklen_t 301 302 * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by 303 requested KDC-REQ etypes 304 305 * kdc/hpropd.c: constify 306 307 * kdc/hprop.c: constify 308 309 * kdc/string2key.c: constify 310 311 * kdc/kdc_locl.h: make port_str const 312 313 * kdc/config.c: constify 314 315 * lib/krb5/config_file.c: constify 316 317 * kdc/kstash.c: constify 318 319 * lib/krb5/verify_user.c: remove unnecessary cast 320 321 * lib/krb5/recvauth.c: constify 322 323 * lib/krb5/principal.c (krb5_parse_name): const qualify 324 325 * lib/krb5/mcache.c (mcc_get_name): constify return type 326 327 * lib/krb5/context.c (krb5_free_context): don't try to free the 328 ccache prefix 329 330 * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the 331 prefix 332 333 * lib/krb5/krb5.h: constify some struct members 334 335 * lib/krb5/log.c: constify 336 337 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const 338 qualify 339 340 * lib/krb5/get_in_tkt.c (krb5_init_etype): constify 341 342 * lib/krb5/crypto.c: constify some 343 344 * lib/krb5/config_file.c: constify 345 346 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): 347 constify local variable 348 349 * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify 350 3512002-04-17 Johan Danielsson <joda@pdc.kth.se> 352 353 * lib/krb5/verify_krb5_conf.c: add some log checking 354 355 * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing 356 3572002-04-16 Johan Danielsson <joda@pdc.kth.se> 358 359 * lib/krb5/crypto.c (krb5_crypto_init): check that the key size 360 matches the expected length 361 3622002-03-27 Johan Danielsson <joda@pdc.kth.se> 363 364 * lib/krb5/send_to_kdc.c: rename send parameter to send_data 365 366 * lib/krb5/mk_error.c: rename ctime parameter to client_time 367 3682002-03-22 Johan Danielsson <joda@pdc.kth.se> 369 370 * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from 371 Reinoud Zandijk) 372 3732002-03-18 Johan Danielsson <joda@pdc.kth.se> 374 375 * lib/asn1/k5.asn1: add the GSS-API checksum type here 376 3772002-03-11 Assar Westerlund <assar@sics.se> 378 379 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 380 18:3:1 381 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0 382 * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0 383 3842002-03-10 Assar Westerlund <assar@sics.se> 385 386 * lib/krb5/rd_cred.c: handle addresses with port numbers 387 388 * lib/krb5/keytab_file.c, lib/krb5/keytab.c: 389 store the kvno % 256 as the byte and the complete 32 bit kvno after 390 the end of the current keytab entry 391 392 * lib/krb5/init_creds_pw.c: 393 handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way 394 395 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): 396 handle ports giving for the remote address 397 398 * lib/krb5/get_cred.c: 399 get a ticket with no addresses if no-addresses is set 400 401 * lib/krb5/crypto.c: 402 rename functions DES_* to krb5_* to avoid colliding with modern 403 openssl 404 405 * lib/krb5/addr_families.c: 406 make all functions taking 'struct sockaddr' actually take a socklen_t 407 instead of int and that acts as an in-out parameter (indicating the 408 maximum length of the sockaddr to be written) 409 410 * kdc/kerberos4.c: 411 make the kvno's in the krb4 universe by the real one % 256, since they 412 cannot only be 8 bit, and the v5 ones are actually 32 bits 413 4142002-02-15 Johan Danielsson <joda@pdc.kth.se> 415 416 * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file 417 before we need to write to it 418 (from �ke Sandgren) 419 4202002-02-14 Johan Danielsson <joda@pdc.kth.se> 421 422 * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via 423 rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES 424 directly 425 426 * lib/krb5/rd_safe.c: actually use the correct key (from Daniel 427 Kouril) 428 4292002-02-12 Johan Danielsson <joda@pdc.kth.se> 430 431 * lib/krb5/context.c (krb5_get_err_text): protect against NULL 432 context 433 4342002-02-11 Johan Danielsson <joda@pdc.kth.se> 435 436 * admin/ktutil.c: no need to use the "modify" keytab anymore 437 438 * lib/krb5/keytab_any.c: implement add and remove 439 440 * lib/krb5/keytab_krb4.c: implement add and remove 441 442 * lib/krb5/store_emem.c (emem_free): clear memory before freeing 443 (this should perhaps be selectable with a flag) 444 4452002-02-04 Johan Danielsson <joda@pdc.kth.se> 446 447 * kdc/config.c (get_dbinfo): if there are database specifications 448 in the config file, don't automatically try to use the default 449 values (from Gombas Gabor) 450 451 * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer 452 (from Gombas Gabor) 453 4542002-01-30 Johan Danielsson <joda@pdc.kth.se> 455 456 * admin/list.c: get the default keytab from krb5.conf, and list 457 all parts of an ANY type keytab 458 459 * lib/krb5/context.c: default default_keytab_modify to NULL 460 461 * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify 462 name is specified take it from the first component of the default 463 keytab name 464 4652002-01-29 Johan Danielsson <joda@pdc.kth.se> 466 467 * lib/krb5/keytab.c: compare keytab types case insensitively 468 4692002-01-07 Assar Westerlund <assar@sics.se> 470 471 * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's 472 not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org> 473 * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben 474 Harris <bjh21@netbsd.org> 475 * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben 476 Harris <bjh21@netbsd.org> 477 * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris 478 <bjh21@netbsd.org> 479