ChangeLog revision 142403
12004-09-13 Johan Danielsson <joda@pdc.kth.se> 2 3 * Release 0.6.3 4 52004-09-05 Love H�rnquist �strand <lha@it.su.se> 6 7 * lib/asn1/der_get.c (decode_enumerated): check that the tag 8 length isn't longer the the length 9 102004-08-31 Love H�rnquist �strand <lha@it.su.se> 11 12 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): 13 kdc_reply can be set in case of failure too, clean on entry and 14 free the exit unconditionally to avoid memory leak 15 162004-08-20 Love H�rnquist �strand <lha@it.su.se> 17 18 * lib/krb5/context.c: 1.93: (krb5_get_err_text): if neither of 19 com_right nor strerror finds the error-code, return Unknown error. 20 212004-08-13 Love H�rnquist �strand <lha@it.su.se> 22 23 * kdc/kerberos5.c: based on 1.162: (get_pa_etype_info): check for 24 dup enctypes from the client and filter them out. 25 262004-06-21 Love H�rnquist �strand <lha@it.su.se> 27 28 * admin/get.c: 1.23: (kt_get): catch errors from krb5_parse_name 29 302004-06-21 Love H�rnquist �strand <lha@it.su.se> 31 32 * lib/krb5/Makefile.am: man_MANS += krb5_set_password.3 33 34 * lib/krb5/krb5_set_password.3: 1.1-1.3: change password manpage 35 36 * lib/krb5/changepw.c: 1.49: implement 37 krb5_set_password_using_ccache 1.47: add tcp support to the set 38 protocol, should be cleaned up to enable sharing code with 39 krb5_sendto 1.46: (process_reply): log into result_string if 40 something goes bad, return 0 (even on failure), not the KPASSWD 41 protocol error code 1.45: krb5_princ_realm -> 42 krb5_principal_get_realm 1.44: (setpw_send_request): free 43 ap_req_data on failure 1.41: ooops, remove cut and paste error 44 1.40: draft-ietf-cat-kerb-chg-password-02 and rfc3244 share the 45 response packet sure more constants now that they exists 1.39: 46 implement rfc3244, partly from shadow@dementia.org 47 48 * lib/krb5/krb5.h: 1.211: some defines for rfc3244 49 50 * lib/asn1/Makefile.am: 1.71: (gen_files): 51 asn1_ChangePasswdDataMS.x for RFC3244 52 53 * lib/asn1/k5.asn1: 1.30: add ChangePasswdDataMS, for RFC3244 54 55 * kuser/kinit.c: 1.114: move "setpag if (argc < 1)" to common path 56 572004-05-06 Johan Danielsson <joda@pdc.kth.se> 58 59 * Release 0.6.2 60 612004-04-02 Love H�rnquist �strand <lha@it.su.se> 62 63 * kdc/connect.c: case size_t to unsigned long for LP64 platforms 64 652004-04-01 Johan Danielsson <joda@pdc.kth.se> 66 67 * Release 0.6.1 68 692004-03-30 Love H�rnquist �strand <lha@it.su.se> 70 71 * kdc/kerberos4.c: 1.46: stop the client from renewing tickets 72 into the future From: Jeffrey Hutzelman <jhutz@cmu.edu> 73 742004-03-10 Love H�rnquist �strand <lha@it.su.se> 75 76 * lib/krb5/fcache.c: 1.43: (fcc_store_cred): NULL terminate 77 krb5_config_get_bool_default' arglist 78 792004-03-09 Love H�rnquist �strand <lha@it.su.se> 80 81 * lib/krb5/krb5.conf.5: 1.44: document 82 [libdefaults]fcc-mit-ticketflags=boolean 1.43: don't use path's in 83 first .Nm, it confuses some locate.updatedb, use FILES section to 84 describe where the file is instead. 85 86 * lib/krb5/fcache.c (fcc_store_cred): default to use old format 87 88 * lib/krb5/fcache.c: 1.42: (fcc_store_cred): use 89 [libdefaults]fcc-mit-ticketflags=boolean to decide what format to 90 write the fcc in. Default to mit format (aka heimdal 0.7 format) 91 1.41: (_krb5_xlock): handle that everything was ok, and don't put 92 an error in the error strings then 93 94 * lib/krb5/store.c: 1.43: add _krb5_store_creds_heimdal_0_7 and 95 _krb5_store_creds_heimdal_pre_0_7 that store the creds in just 96 that format make krb5_store_creds default to mit format 1.42: 97 (krb5_ret_creds): Runtime detect the what is the higher bits of 98 the bitfield 1.41: (krb5_store_creds): add disabled code that 99 store the ticket flags in reverse order (bitswap32): new function 100 1.40: (krb5_ret_creds): if the higher ticket flags are set, its a 101 mit cache, reverse the bits, bug pointed out by Sergio Gelato 102 <Sergio.Gelato@astro.su.se> 103 104 delta modfied to not change the behavior of krb5_store_creds 105 1062004-03-07 Love H�rnquist �strand <lha@it.su.se> 107 108 * lib/krb5/mk_safe.c (krb5_mk_safe): fix assignment of usec2 109 1102004-03-06 Love H�rnquist �strand <lha@it.su.se> 111 112 * lib/krb5/mcache.c: patch based on 1.17 and 1.18 but with 113 threading code pulled out; 114 115 1.18: (mcc_get_principal): also check for primary_principal == 116 NULL now that that isn't used as dead flag 1.17: don't overload 117 the primary_principal == NULL as dead since that doesn't always 118 work Based on patch from Jeffrey Hutzelman <jhutz@cmu.edu>, but 119 tweek by me 120 121 * lib/krb5/crypto.c: 1.94: (decrypt_internal_special): do not not 122 modify the original data test case from Ronnie Sahlberg 123 <ronnie_sahlberg@ozemail.com.au> 124 1252004-02-13 Love H�rnquist �strand <lha@it.su.se> 126 127 * lib/krb5/verify_krb5_conf.c: 1.22->1.23: (check_host): don't 128 check for EAI_NODATA, because its depricated in RFC3493 Pointed 129 out by Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss 130 131 * lib/krb5/eai_to_heim_errno.c: 1.3->1.4: EAI_ADDRFAMILY and 132 EAI_NODATA is deprecated in RFC3493 133 1342004-02-09 Love H�rnquist �strand <lha@it.su.se> 135 136 * lib/asn1/der_length.c: 1.16: Fix len_unsigned for certain 137 negative integers, it got the length wrong, fix from Panasas, Inc. 138 139 * lib/asn1/der_locl.h: 1.5: add _heim_len_unsigned, _heim_len_int 140 1412004-01-26 Love H�rnquist �strand <lha@it.su.se> 142 143 * lib/asn1/gen_length.c: 1.14: (length_type): TSequenceOf: add up 144 the size of all the elements, don't use just the size of the last 145 element. 146 147 * lib/krb5/fcache.c: 1.40: (_krb5_xlock): catch EINVAL and assume 148 that it means that the filesystem doesn't support locking 1.39: 149 (_krb5_xlock): fix compile error in last commit 1.38: internally 150 export x{,un}lock and thus prefix them with _krb5_ 151 1522004-01-13 Love H�rnquist �strand <lha@it.su.se> 153 154 * kuser/kinit.c: 1.106: (renew_validate): if renewable_flag and 155 not time specifed, use "1 month" 156 1.105: make -9 work again 157 1582004-01-09 Love H�rnquist �strand <lha@it.su.se> 159 160 * lib/krb5/get_for_creds.c: 1.36: (add_addrs): don't increase 161 addr->len until in contains interesting data, use right iteration 162 counter when clearing the addresses 1.39: krb5_princ_realm -> 163 krb5_principal_get_realm 1.38: (krb5_get_forwarded_creds): use 164 KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded 165 krb-cred 1.39: (krb5_get_forwarded_creds): If tickets are 166 address-less, forward address-less tickets. 1.40: 167 (krb5_get_forwarded_creds): try to handle errors better for 168 previous commit 1.41: (add_addrs): don't add same address multiple 169 times 170 171 * lib/krb5/get_cred.c: 1.96->1.97: rename get_krbtgt to 172 _krb5_get_krbtgt and export it 173 1742003-12-14 Love H�rnquist �strand <lha@it.su.se> 175 176 * kdc/kerberos5.c: part of 1.146->1.147: handle NULL client/server 177 names 178 1792003-12-03 Love H�rnquist �strand <lha@it.su.se> 180 181 * lib/krb5/crypto.c: 1.90->1.91: require cipher-text to be padded 182 to padsize 1.91->1.92: (decrypt_internal_derived): move up padsize 183 check to avoid memory leak 184 1852003-12-01 Love H�rnquist �strand <lha@it.su.se> 186 187 * kuser/kinit.c: 1.103->1.104: (main): return the return value 188 from simple_execvp 189 1902003-10-22 Love H�rnquist �strand <lha@it.su.se> 191 192 * lib/krb5/transited.c: 1.13->1.14: (krb5_domain_x500_encode): 193 always zero out encoding to make sure it have a defined value on 194 failure 195 196 * lib/krb5/transited.c: 1.12->1.13: (krb5_domain_x500_encode): if 197 num_realms == 0, set encoding and return (avoids malloc(0)) check 198 return value from malloc 199 2002003-10-21 Love H�rnquist �strand <lha@it.su.se> 201 202 * doc/setup.texi: 1.35->1.36: spelling 203 204 * kdc/kdc_locl.h: 1.58->1.59: add flag to always check transited 205 policy 206 207 * doc/setup.texi: 1.27->1.35: many changes 208 209 * lib/krb5/get_cred.c: 1.95->1.96: get capath info from [capaths] 210 section 211 212 * lib/krb5/rd_req.c: 1.50->1.51: (krb5_decrypt_ticket): try to 213 verify transited realms, unless the transited-policy-checked flag 214 is set 215 216 * lib/krb5/transited.c: 217 1.12: (krb5_domain_x500_decode): set *num_realms to zero not num_realms 218 1.11: (krb5_domain_x500_decode): handle zero length tr data; 219 (krb5_check_transited): new function that does more useful stuff 220 221 * kdc/kdc.8: 1.23->1.24: document enforce-transited-policy 222 223 * kdc/config.c: 1.47->1.48: add flag to always check transited 224 policy 225 226 * kdc/kerberos5.c: 227 1.150: (fix_transited_encoding): also verify with policy, 228 unless asked not to 229 1.151: always check transited policy if flag set either globally 230 (on principal part of patch not pulled up) 231 1.152: (fix_transited_encoding): set transited type 232 1.153: (fix_transited_encoding): always print cross-realm information 233 2342003-10-06 Love H�rnquist �strand <lha@it.su.se> 235 236 * lib/krb5/config_file.c: 1.48->1.49: 237 (krb5_config_parse_file_debug): punt if there is binding before a 238 section declaration. 239 Bug found by Arkadiusz Miskiewicz <arekm@pld-linux.org> 240 241 * kdc/kaserver.c: 1.21->1.23: 242 (do_getticket): if times data is shorter then 8 bytes, request is 243 malformed. 244 (do_authenticate): if request length is less then 8 bytes, its a 245 bad request and fail. Pointed out by Marco Foglia <marco@foglia.org> 246 2472003-09-22 Love H�rnquist �strand <lha@it.su.se> 248 249 * lib/krb5/verify_krb5_conf.c: 1.17->1.18: add missing " within 250 #if 0 From: stefan sokoll <stefansokoll@yahoo.de> 251 2522003-09-19 Love H�rnquist �strand <lha@it.su.se> 253 254 * lib/krb5/rd_req.c: 255 1.47->1.48: (krb5_rd_req): allow caller to pass in a key 256 in the auth_context, they way processes that doesn't use the 257 keytab can still pass in the key of the service (matches behavior 258 of MIT Kerberos). 259 2602003-09-18 Love H�rnquist �strand <lha@it.su.se> 261 262 * lib/krb5/crypto.c: 263 1.87->1.88: (usage2arcfour): simplify, only 264 include special cases From: Luke Howard <lukeh@PADL.COM> 265 1.86->1.87: (arcfour_checksum_p): return true when is arcfour, 266 not when its not pointed out by Luke Howard 267 1.82->1.83: Do the arcfour checksum mapping for 268 krb5_create_checksum and krb5_verify_checksum, From: Luke Howard 269 <lukeh@PADL.COM> 270 1.81->1.82: (hmac): make it return an error 271 when out of memory, update callsites to either return error or use 272 krb5_abortx 273 (krb5_hmac): expose hmac 274 * lib/krb5/mk_req_ext.c: 1.26->1.27: (krb5_mk_req_internal): 275 when using arcfour-hmac-md5, use an unkeyed checksum 276 (rsa-md5), since Microsoft calculates the keyed checksum with 277 the subkey of the authenticator. 278 279 * lib/krb5/get_cred.c: 280 1.93->1.94 (init_tgs_req): make generation of subkey 281 optional on configuration parameter 282 [realms]realm={tgs_require_subkey=bool} 283 defaults to off. The RFC1510 weakly defines the correct behavior, 284 so old DCE secd apparently required the subkey to be there, and MS 285 will use it when its there. But the request isn't encrypted in the 286 subkey, so you get to choose if you want to talk to a MS mdc or a 287 old DCE secd. 288 289 partly 1.91->1.92: (init_tgs_req): in case of error, don't 290 free in the req_body addresses since they where pass in by caller 291 292 lib/krb5/get_in_tkt.c: 293 1.108->1.1.09: (krb5_get_in_tkt): for compatibility with with 294 the mit implemtation, don't free `creds' argument when done, its up 295 the the caller to do that, also allow a NULL ccache. 296 297 * doc/ack.texi 298 1.16->1.17: update Luke Howard email address 299 300 * lib/hdb/hdb-ldap.c: 301 1.13->1.14: code rewrite from Luke Howard <lukeh@PADL.COM> 302 1.12->1.13: (LDAP_store): log what principal/dn failed 303 1.11->1.12: use int2HDBFlags/HDBFlags2int 304 From: Alberto Patino <jalbertop@aranea.com.mx>, 305 Luke Howard <lukeh@PADL.COM> 306 Pointed out by Andrew Bartlett of Samba 307 1.10->1.11: (LDAP__connect): bind sasl "EXTERNAL" to ldap connection 308 (LDAP_store): remove superfluous argument to asprintf 309 From Alberto Patino <jalbertop@aranea.com.mx> 310 311 * lib/krb5/krb5.h: 312 1.214->1.2015: add KEYTYPE_ARCFOUR_56 313 3142003-09-12 Love H�rnquist �strand <lha@it.su.se> 315 316 * lib/krb5/config_file.c: fix prototypes Fredrik Ljungberg 317 <flag@pobox.se> 318 3192003-09-11 Love H�rnquist �strand <lha@it.su.se> 320 321 * lib/hdb/hdb_locl.h: 1.18->1.19: include <limits.h> for ULONG_MAX 322 noted by Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss 323 3242003-08-29 Love H�rnquist �strand <lha@it.su.se> 325 326 * lib/hdb/db3.c: 1.8->1.9: patch for working with DB4 on 327 heimdal-discuss From: Luke Howard <lukeh@PADL.COM> 1.9->1.10: try 328 to include more db headers 329 3302003-08-25 Love H�rnquist �strand <lha@it.su.se> 331 332 * kdc/connect.c: 1.92->1.93 (handle_tcp): handle recvfrom 333 returning 0 (connection closed) 1.91->1.92: (grow_descr): 334 increment the size after we succeed to allocate the space 335 3362003-08-15 Love H�rnquist �strand <lha@it.su.se> 337 338 * lib/krb5/principal.c: 1.83->1.85: (unparse_name): len can't be 339 zero, so, don't check for that 340 (unparse_name): make sure there are space for a NUL, set *name to NULL 341 when there is a failure (so caller can't get hold of a freed 342 pointer) 343 3442003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se> 345 346 * Release 0.6 347 3482003-05-08 Love H�rnquist �strand <lha@it.su.se> 349 350 * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4 351 support 352 353 * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't 354 v4 support 355 356 * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4 357 support 358 3592003-05-06 Johan Danielsson <joda@pdc.kth.se> 360 361 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some 362 tests 363 364 * lib/asn1/check-gen.c: there is no \e escape sequence; replace 365 everything with hex-codes, and cast to unsigned char* to make some 366 compilers happy 367 3682003-05-06 Love H�rnquist �strand <lha@it.su.se> 369 370 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first 371 argument to krb5_us_timeofday have correct type 372 3732003-05-05 Assar Westerlund <assar@kth.se> 374 375 * include/make_crypto.c (main): include aes.h if ENABLE_AES 376 3772003-05-05 Love H�rnquist �strand <lha@it.su.se> 378 379 * NEWS: 1.108->1.110: fix text about gssapi compat 380 3812003-04-28 Love H�rnquist �strand <lha@it.su.se> 382 383 * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length, 384 from openbsd 385 3862003-04-24 Love H�rnquist �strand <lha@it.su.se> 387 388 * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc 389 <jmc@prioris.mini.pw.edu.pl> 390 3912003-04-22 Love H�rnquist �strand <lha@it.su.se> 392 393 * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org 394 via openbsd 395 3962003-04-17 Love H�rnquist �strand <lha@it.su.se> 397 398 * lib/asn1/der_copy.c (copy_general_string): use strdup 399 * lib/asn1/der_put.c: remove sprintf 400 * lib/asn1/gen.c: remove strcpy/sprintf 401 402 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so 403 that other (me) have such hosts in the local domain and the tests 404 fails, to take hokkigai.pdc.kth.se instead 405 406 * lib/krb5/test_alname.c: add --version and --help 407 4082003-04-16 Love H�rnquist �strand <lha@it.su.se> 409 410 * lib/krb5/krb5_warn.3: add krb5_get_err_text 411 412 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd 413 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd 414 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use 415 strlcpy, from openbsd 416 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd 417 * appl/kf/kfd.c: use strlcpy, from openbsd 418 4192003-04-16 Johan Danielsson <joda@pdc.kth.se> 420 421 * configure.in: fix for large file support in AIX, _LARGE_FILES 422 needs to be defined on the command line, since lex likes to 423 include stdio.h before we get to config.h 424 4252003-04-16 Love H�rnquist �strand <lha@it.su.se> 426 427 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h, 428 from Thomas Klausner <wiz@netbsd.org> 429 430 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner 431 <wiz@netbsd.org> 432 4332003-04-15 Love H�rnquist �strand <lha@it.su.se> 434 435 * kdc/kerberos5.c: fix some more memory leaks 436 4372003-04-11 Love H�rnquist �strand <lha@it.su.se> 438 439 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 440 4412003-04-08 Love H�rnquist �strand <lha@it.su.se> 442 443 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl> 444 4452003-04-06 Love H�rnquist �strand <lha@it.su.se> 446 447 * lib/krb5/krb5.3: s/kerberos/Kerberos/ 448 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ 449 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ 450 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ 451 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ 452 * kuser/kinit.1: s/kerberos/Kerberos/ 453 * kdc/kdc.8: s/kerberos/Kerberos/ 454 4552003-04-01 Love H�rnquist �strand <lha@it.su.se> 456 457 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests 458 459 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when 460 converting too root, make sure user is ok according to 461 krb5_kuserok before allowing it. 462 463 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname 464 465 * lib/krb5/test_alname.c: add test for krb5_aname_to_localname 466 467 * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 468 instead of the "illegal" salt #~, same change as kth-krb did 469 1999. Problems occur with crypt() that behaves like AT&T crypt 470 (openssl does this). Pointed out by Marcus Watts. 471 472 * admin/change.c (kt_change): collect all principals we are going 473 to change, and pick the highest kvno and use that to guess what 474 kvno the resulting kvno is going to be. Now two ktutil change in a 475 row works. XXX fix the protocol to pass the kvno back. 476 4772003-03-31 Love H�rnquist �strand <lha@it.su.se> 478 479 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl> 480 4812003-03-30 Love H�rnquist �strand <lha@it.su.se> 482 483 * doc/setup.texi: add description on how to turn on v4, 524 and 484 kaserver support 485 4862003-03-29 Love H�rnquist �strand <lha@it.su.se> 487 488 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog 489 and afs-use-524 490 4912003-03-28 Love H�rnquist �strand <lha@it.su.se> 492 493 * kdc/kerberos5.c (as_rep): when the second enctype_to_string 494 failes, remember to free memory from the first enctype_to_string 495 496 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, 497 from Harald Joerg <harald.joerg@fujitsu-siemens.com> 498 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc 499 500 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key 501 length when key is longer then expected length, its probably 502 longer since the encrypted data was padded, reported by Aidan 503 Cully <aidan@kublai.com> 504 505 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of 506 encyption type, inspired by Aidan Cully <aidan@kublai.com> 507 5082003-03-27 Love H�rnquist �strand <lha@it.su.se> 509 510 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 511 (wildcard kvno) after principal when the keytab entry isn't found, 512 reported by Chris Chiappa <chris@chiappa.net> 513 5142003-03-26 Love H�rnquist �strand <lha@it.su.se> 515 516 * doc/misc.texi: update 2b example to match reality (from 517 mattiasa@e.kth.se) 518 519 * doc/misc.texi: spelling and add `Configuring AFS clients' 520 subsection 521 5222003-03-25 Love H�rnquist �strand <lha@it.su.se> 523 524 * lib/krb5/krb5.3: add krb5_free_data_contents.3 525 526 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT 527 API 528 529 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat 530 with MIT API 531 532 * lib/krb5/krb5_verify_user.3: write more about how the ccache 533 argument should be inited when used 534 5352003-03-25 Johan Danielsson <joda@pdc.kth.se> 536 537 * lib/krb5/addr_families.c (krb5_print_address): make sure 538 print_addr is defined for the given address type; make addrports 539 printable 540 541 * kdc/string2key.c: print the used enctype for kerberos 5 keys 542 5432003-03-25 Love H�rnquist �strand <lha@it.su.se> 544 545 * lib/krb5/aes-test.c: add another arcfour test 546 5472003-03-22 Love H�rnquist �strand <lha@it.su.se> 548 549 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 550 5512003-03-20 Love H�rnquist �strand <lha@it.su.se> 552 553 * lib/krb5/krb5_ccache.3: update .Dd 554 555 * lib/krb5/krb5.3: sort in krb5_data functions 556 557 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 558 559 * lib/krb5/krb5_data.3: document krb5_data 560 561 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if 562 prompter is NULL, don't try to ask for a password to 563 change. reported by Iain Moffat @ ufl.edu via Howard Chu 564 <hyc@highlandsun.com> 565 5662003-03-19 Love H�rnquist �strand <lha@it.su.se> 567 568 * lib/krb5/krb5_keytab.3: spelling, from 569 <jmc@prioris.mini.pw.edu.pl> 570 571 * lib/krb5/krb5.conf.5: . means new line 572 573 * lib/krb5/krb5.conf.5: spelling, from 574 <jmc@prioris.mini.pw.edu.pl> 575 576 * lib/krb5/krb5_auth_context.3: spelling, from 577 <jmc@prioris.mini.pw.edu.pl> 578 5792003-03-18 Love H�rnquist �strand <lha@it.su.se> 580 581 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 582 583 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time 584 585 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time 586 587 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out 588 #ifdef KRB4 from enable_v4_cross_realm since 524 needs it 589 590 * kdc/config.c: 524 is independent of kerberos 4, so move out 591 enable_v4_cross_realm from #ifdef KRB4 since 524 needs it 592 5932003-03-17 Assar Westerlund <assar@kth.se> 594 595 * kdc/kdc.8: document --kerberos4-cross-realm 596 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm 597 * kdc/kdc_locl.h (enable_v4_cross_realm): add 598 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm 599 flag before giving out v4 tickets for foreign v5 principals 600 * kdc/config.c: add --enable-kerberos4-cross-realm option (default 601 to off) 602 6032003-03-17 Love H�rnquist �strand <lha@it.su.se> 604 605 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 606 607 * lib/krb5/krb5_aname_to_localname.3: manpage for 608 krb5_aname_to_localname 609 610 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ 611 6122003-03-16 Love H�rnquist �strand <lha@it.su.se> 613 614 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 615 616 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 617 618 * lib/krb5/krb5_set_default_realm.3: Manpage for 619 krb5_free_host_realm, krb5_get_default_realm, 620 krb5_get_default_realms, krb5_get_host_realm, and 621 krb5_set_default_realm. 622 623 * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado 624 <sobrado@acm.org> via NetBSD 625 626 * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type 627 628 * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab 629 630 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix 631 632 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more 633 types, add krb5_fcc_ops and krb5_mcc_ops 634 635 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for 636 a id 637 6382003-03-15 Love H�rnquist �strand <lha@it.su.se> 639 640 * doc/intro.texi: add reference to source code, binaries and the 641 manual 642 643 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal 644 6452003-03-14 Love H�rnquist �strand <lha@it.su.se> 646 647 * kdc/kdc.8: better/difrent english 648 649 * kdc/kdc.8: . -> .\n, copyright/license 650 651 * kdc/kdc.8: changed configuration file -> restart kdc 652 653 * kdc/kerberos4.c: add krb4 into the most error messages written 654 to the logfile 655 656 * lib/krb5/krb5_ccache.3: add missing name of argument 657 (krb5_context) to most functions 658 6592003-03-13 Love H�rnquist �strand <lha@it.su.se> 660 661 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of 662 function and return FALSE when there isn't a local account for 663 `luser'. 664 665 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text 666 describing the function 667 6682003-03-12 Love H�rnquist �strand <lha@it.su.se> 669 670 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name 671 returned memory, don't return ENOMEM 672 6732003-03-11 Love H�rnquist �strand <lha@it.su.se> 674 675 * lib/krb5/krb5.3: add krb5_address stuff and sort 676 677 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description 678 679 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 680 681 * lib/krb5/krb5_address.3: document types krb5_address and 682 krb5_addresses and their helper functions 683 6842003-03-10 Love H�rnquist �strand <lha@it.su.se> 685 686 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 687 688 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se 689 690 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 691 692 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se 693 694 * lib/krb5/krb5.3: add more functions 695 696 * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc 697 functions 698 699 * lib/krb5/krb5_kuserok.3: document krb5_kuserok 700 701 * lib/krb5/krb5_verify_user.3: document 702 krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior 703 704 * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and 705 krb5_verify_user_opt 706 707 * lib/krb5/*.[0-9]: add copyright/licenses on more manpages 708 709 * kuser/kdestroy.c (main): handle that krb5_cc_default_name can 710 return NULL 711 712 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor 713 (TESTS): add test_cc 714 715 * lib/krb5/test_cc.c: test some 716 krb5_cc_default_name/krb5_cc_set_default_name combinations 717 718 * lib/krb5/context.c (init_context_from_config_file): set 719 default_cc_name to NULL 720 (krb5_free_context): free default_cc_name if set 721 722 * lib/krb5/cache.c (krb5_cc_set_default_name): new function 723 (krb5_cc_default_name): use krb5_cc_set_default_name 724 725 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name 726 7272003-02-25 Love H�rnquist �strand <lha@it.su.se> 728 729 * appl/kf/kf.1: s/securly/securely/ from NetBSD 730 7312003-02-18 Love H�rnquist �strand <lha@it.su.se> 732 733 * kdc/connect.c: s/intialize/initialize, from 734 <jmc@prioris.mini.pw.edu.pl> 735 7362003-02-17 Love H�rnquist �strand <lha@it.su.se> 737 738 * configure.in: add AM_MAINTAINER_MODE 739 7402003-02-16 Love H�rnquist �strand <lha@it.su.se> 741 742 * **/*.[0-9]: add copyright/licenses on all manpages 743 7442003-14-16 Jacques Vidrine <nectar@kth.se> 745 746 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single 747 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption 748 type specified by the KDC. 749 7502003-02-15 Love H�rnquist �strand <lha@it.su.se> 751 752 * fix-export: some autoconf put their version number in 753 autom4te.cache, so remove autom4te*.cache 754 755 * fix-export: make sure $1 is a directory 756 7572003-02-04 Love H�rnquist �strand <lha@it.su.se> 758 759 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 760 761 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> 762 7632003-01-31 Love H�rnquist �strand <lha@it.su.se> 764 765 * kdc/hpropd.8: s/databases/a database/ s/Not/not/ 766 767 * kdc/hprop.8: add missing . 768 7692003-01-30 Love H�rnquist �strand <lha@it.su.se> 770 771 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, 772 address, write out encryption type in sentences, s/Host/host 773 7742003-01-26 Love H�rnquist �strand <lha@it.su.se> 775 776 * lib/asn1/check-gen.c: add checks for Authenticator too 777 7782003-01-25 Love H�rnquist �strand <lha@it.su.se> 779 780 * doc/setup.texi: in the hprop example, use hprop and the first 781 component, not host 782 783 * lib/krb5/get_addrs.c (find_all_addresses): address-less 784 point-to-point might not have an address, just ignore 785 those. Reported by Harald Barth. 786 7872003-01-23 Love H�rnquist �strand <lha@it.su.se> 788 789 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't 790 found, don't print out all known keys 791 792 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity 793 and facility start resp 794 (check_log): find_value() returns -1 when key isn't found 795 796 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a 797 'const void *' to avoid AES_KEY being exposed in krb5-private.h 798 799 * lib/krb5/krb5.conf.5: add [kdc]use_2b 800 801 * kdc/524.c (encode_524_response): its 2b not b2 802 803 * doc/misc.texi: quote @ where missing 804 805 * lib/asn1/Makefile.am: add check-gen 806 807 * lib/asn1/check-gen.c: add Principal check 808 809 * lib/asn1/check-common.h: move generic asn1/der functions from 810 check-der.c to here 811 812 * lib/asn1/check-common.c: move generic asn1/der functions from 813 check-der.c to here 814 815 * lib/asn1/check-der.c: move out the generic asn1/der functions to 816 a common file 817 8182003-01-22 Love H�rnquist �strand <lha@it.su.se> 819 820 * doc/misc.texi: more text about afs, how to get get your KeyFile, 821 and how to start use 2b tokens 822 823 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre 824 <jmc@cvs.openbsd.org> 825 8262003-01-21 Jacques Vidrine <nectar@kth.se> 827 828 * kuser/kuser_locl.h: include crypto-headers.h for 829 des_read_pw_string prototype 830 8312003-01-16 Love H�rnquist �strand <lha@it.su.se> 832 833 * admin/ktutil.8: document -v, --verbose 834 835 * admin/get.c (kt_get): make getarg usage consistent with other 836 other parts of ktutil 837 838 * admin/copy.c (kt_copy): remove adding verbose_flag to args 839 struct, since it will overrun the args array (from Sumit Bose) 840 8412003-01-15 Love H�rnquist �strand <lha@it.su.se> 842 843 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = 844 ... } 845 846 * lib/krb5/aes-test.c: test vectors in aes-draft 847 848 * lib/krb5/Makefile.am: add aes-test.c 849 850 * lib/krb5/crypto.c: Add support for AES 851 (draft-raeburn-krb-rijndael-krb-02), not enabled by default. 852 (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify 853 to support checksumtype that are have a shorter wireformat then 854 their output block size. 855 856 * lib/krb5/crypto.c (struct encryption_type): split the blocksize 857 into blocksize and padsize, padsize is the minimum padding 858 size. they are the same for now 859 (enctype_*): add padsize 860 (encrypt_internal): use padsize 861 (encrypt_internal_derived): use padsize 862 (wrapped_length): use padsize 863 (wrapped_length_dervied): use padsize 864 865 * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key 866 function for each enctype in preparation enctypes that uses 867 `Encryption and Checksum Specifications for Kerberos 5' draft 868 869 * lib/asn1/k5.asn1: add checksum and enctype for AES from 870 draft-raeburn-krb-rijndael-krb-02.txt 871 872 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, 873 KEYTYPE_AES256 874 8752003-01-14 Love H�rnquist �strand <lha@it.su.se> 876 877 * lib/hdb/common.c (_hdb_fetch): handle error code from 878 hdb_value2entry 879 880 * kdc/Makefile.am: always include kerberos4.c and 524.c in 881 kdc_SOURCES to support 524 882 883 * kdc/524.c: always compile in support for 524 884 885 * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 886 887 * kdc/config.c: always compile in support for 524 888 889 * kdc/connect.c: always compile in support for 524 890 891 * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() 892 even when we build without kerberos 4, 524 needs them 893 894 * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out 895 Kerberos 4 help functions/structures so other parts of the source 896 tree can use it (like the KDC) 897 898