ChangeLog revision 57416
12000-02-07 Assar Westerlund <assar@sics.se> 2 3 * Release 0.2n 4 52000-02-07 Assar Westerlund <assar@sics.se> 6 7 * lib/krb5/Makefile.am: set version to 8:0:0 8 * lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy 9 (krb5_kt_add_entry): set timestamp 10 112000-02-06 Assar Westerlund <assar@sics.se> 12 13 * lib/krb5/krb5.h: add macros for accessing krb5_realm 14 * lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead 15 of `int32_t' 16 17 * lib/krb5/replay.c (checksum_authenticator): update to new API 18 for md5 19 20 * lib/krb5/krb5.h: remove des.h, it's not needed and applications 21 should not have to make sure to find it. 22 232000-02-03 Assar Westerlund <assar@sics.se> 24 25 * lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to 26 `out_key' to avoid conflicting with label. reported by Sean Doran 27 <smd@ebone.net> 28 292000-02-02 Assar Westerlund <assar@sics.se> 30 31 * lib/krb5/expand_hostname.c: remember to lower-case host names. 32 bug reported by <amu@mit.edu> 33 34 * kdc/kerberos4.c (do_version4): look at check_ticket_addresses 35 and emulate that by setting krb_ignore_ip_address (not a great 36 interface but it doesn't seem like the time to go around fixing 37 libkrb stuff now) 38 392000-02-01 Johan Danielsson <joda@pdc.kth.se> 40 41 * kuser/kinit.c: change --noaddresses into --no-addresses 42 432000-01-28 Assar Westerlund <assar@sics.se> 44 45 * kpasswd/kpasswd.c (main): make sure the ticket is not 46 forwardable and not proxiable 47 482000-01-26 Assar Westerlund <assar@sics.se> 49 50 * lib/krb5/crypto.c: update to pseudo-standard APIs for 51 md4,md5,sha. some changes to libdes calls to make them more 52 portable. 53 542000-01-21 Assar Westerlund <assar@sics.se> 55 56 * lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to 57 clean up the correct creds. 58 592000-01-16 Assar Westerlund <assar@sics.se> 60 61 * lib/krb5/principal.c (append_component): change parameter to 62 `const char *'. check malloc 63 * lib/krb5/principal.c (append_component, va_ext_princ, va_princ): 64 const-ize 65 * lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname' 66 const 67 * lib/krb5/principal.c (replace_chars): also add space here 68 * lib/krb5/principal.c: (quotable_chars): add space 69 702000-01-12 Assar Westerlund <assar@sics.se> 71 72 * kdc/kerberos4.c (do_version4): check if preauth was required and 73 bail-out if so since there's no way that could be done in v4. 74 Return NULL_KEY as an error to the client (which is non-obvious, 75 but what can you do?) 76 772000-01-09 Assar Westerlund <assar@sics.se> 78 79 * lib/krb5/principal.c (krb5_sname_to_principal): use 80 krb5_expand_hostname_realms 81 * lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms 82 * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new 83 variant of krb5_expand_hostname that tries until it expands into 84 something that's digestable by krb5_get_host_realm, returning also 85 the result from that function. 86 872000-01-08 Assar Westerlund <assar@sics.se> 88 89 * Release 0.2m 90 912000-01-08 Assar Westerlund <assar@sics.se> 92 93 * configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN 94 95 * lib/krb5/Makefile.am: bump version to 7:1:0 96 97 * lib/krb5/principal.c (krb5_sname_to_principal): use 98 krb5_expand_hostname 99 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle 100 ai_canonname being set in any of the addresses returnedby 101 getaddrinfo. glibc apparently returns the reverse lookup of every 102 address in ai_canonname. 103 1042000-01-06 Assar Westerlund <assar@sics.se> 105 106 * Release 0.2l 107 1082000-01-06 Assar Westerlund <assar@sics.se> 109 110 * lib/krb5/Makefile.am: set version to 7:0:0 111 * lib/krb5/principal.c (krb5_sname_to_principal): remove `hp' 112 113 * lib/hdb/Makefile.am: set version to 4:1:1 114 115 * kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms' 116 * lib/krb5/get_in_tkt.c (add_padata): change types to make 117 everything work out 118 (krb5_get_in_cred): remove const to make types match 119 * lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature 120 * lib/krb5/principal.c (krb5_sname_to_principal): handle not 121 getting back a canonname 122 1232000-01-06 Assar Westerlund <assar@sics.se> 124 125 * Release 0.2k 126 1272000-01-06 Assar Westerlund <assar@sics.se> 128 129 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that 130 we actually parse the port number. based on a patch from Leif 131 Johansson <leifj@it.su.se> 132 1332000-01-02 Assar Westerlund <assar@sics.se> 134 135 * admin/purge.c: remove all non-current and old entries from a 136 keytab 137 138 * admin: break up ktutil.c into files 139 140 * admin/ktutil.c (list): support --verbose (also listning time 141 stamps) 142 (kt_add, kt_get): set timestamp in newly created entries 143 (kt_change): add `change' command 144 145 * admin/srvconvert.c (srvconv): set timestamp in newly created 146 entries 147 * lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp, 148 always go the a predicatble position on error 149 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp 150 * lib/krb5/keytab_file.c (fkt_add_entry): store timestamp 151 (fkt_next_entry_int): return timestamp 152 * lib/krb5/krb5.h (krb5_keytab_entry): add timestamp 153 1541999-12-30 Assar Westerlund <assar@sics.se> 155 156 * configure.in (krb4): use `-ldes' in tests 157 1581999-12-26 Assar Westerlund <assar@sics.se> 159 160 * lib/hdb/print.c (event2string): handle events without principal. 161 From Luke Howard <lukeh@PADL.COM> 162 1631999-12-25 Assar Westerlund <assar@sics.se> 164 165 * Release 0.2j 166 167Tue Dec 21 18:03:17 1999 Assar Westerlund <assar@sics.se> 168 169 * lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and 170 related systems 171 172 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and 173 related systems 174 175 * include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and 176 related systems 177 1781999-12-20 Assar Westerlund <assar@sics.se> 179 180 * Release 0.2i 181 1821999-12-20 Assar Westerlund <assar@sics.se> 183 184 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1 185 186 * lib/krb5/send_to_kdc.c (send_via_proxy): free data 187 * lib/krb5/send_to_kdc.c (send_via_proxy): new function use 188 getaddrinfo instead of gethostbyname{,2} 189 * lib/krb5/get_for_creds.c: use getaddrinfo instead of 190 getnodebyname{,2} 191 1921999-12-17 Assar Westerlund <assar@sics.se> 193 194 * Release 0.2h 195 1961999-12-17 Assar Westerlund <assar@sics.se> 197 198 * Release 0.2g 199 2001999-12-16 Assar Westerlund <assar@sics.se> 201 202 * lib/krb5/Makefile.am: bump version to 6:2:1 203 204 * lib/krb5/principal.c (krb5_sname_to_principal): handle 205 ai_canonname not being set 206 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle 207 ai_canonname not being set 208 209 * appl/test/uu_server.c: print messages to stderr 210 * appl/test/tcp_server.c: print messages to stderr 211 * appl/test/nt_gss_server.c: print messages to stderr 212 * appl/test/gssapi_server.c: print messages to stderr 213 214 * appl/test/tcp_client.c (proto): remove shadowing `context' 215 * appl/test/common.c (client_doit): add forgotten ntohs 216 2171999-12-13 Assar Westerlund <assar@sics.se> 218 219 * configure.in (VERISON): bump to 0.2g-pre 220 2211999-12-12 Assar Westerlund <assar@sics.se> 222 223 * lib/krb5/principal.c (krb5_425_conv_principal_ext): be more 224 robust and handle extra dot at the beginning of default_domain 225 2261999-12-12 Assar Westerlund <assar@sics.se> 227 228 * Release 0.2f 229 2301999-12-12 Assar Westerlund <assar@sics.se> 231 232 * lib/krb5/Makefile.am: bump version to 6:1:1 233 234 * lib/krb5/changepw.c (get_kdc_address): use 235 `krb5_get_krb_changepw_hst' 236 237 * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add 238 239 * lib/krb5/get_host_realm.c: add support for _kerberos.domain 240 (according to draft-ietf-cat-krb-dns-locate-01.txt) 241 2421999-12-06 Assar Westerlund <assar@sics.se> 243 244 * Release 0.2e 245 2461999-12-06 Assar Westerlund <assar@sics.se> 247 248 * lib/krb5/changepw.c (krb5_change_password): use the correct 249 address 250 251 * lib/krb5/Makefile.am: bump version to 6:0:1 252 253 * lib/asn1/Makefile.am: bump version to 1:4:0 254 2551999-12-04 Assar Westerlund <assar@sics.se> 256 257 * configure.in: move AC_KRB_IPv6 to make sure it's performed 258 before AC_BROKEN 259 (el_init): use new feature of AC_FIND_FUNC_NO_LIBS 260 261 * appl/test/uu_client.c: use client_doit 262 * appl/test/test_locl.h (client_doit): add prototype 263 * appl/test/tcp_client.c: use client_doit 264 * appl/test/nt_gss_client.c: use client_doit 265 * appl/test/gssapi_client.c: use client_doit 266 * appl/test/common.c (client_doit): move identical code here and 267 start using getaddrinfo 268 269 * appl/kf/kf.c (doit): rewrite to use getaddrinfo 270 * kdc/hprop.c: re-write to use getaddrinfo 271 * lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo 272 * lib/krb5/expand_hostname.c (krb5_expand_hostname): use 273 getaddrinfo 274 * lib/krb5/changepw.c: re-write to use getaddrinfo 275 * lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo 276 2771999-12-03 Assar Westerlund <assar@sics.se> 278 279 * configure.in (BROKEN): check for freeaddrinfo, getaddrinfo, 280 getnameinfo, gai_strerror 281 (socklen_t): check for 282 2831999-12-02 Johan Danielsson <joda@pdc.kth.se> 284 285 * lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key 286 2871999-11-23 Assar Westerlund <assar@sics.se> 288 289 * lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes 290 within unicode characters. this should probably be done in some 291 arbitrarly complex way to do it properly and you would have to 292 know what character encoding was used for the password and salt 293 string. 294 295 * lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0 296 (INADDR_ANY) 297 (ipv6_uninteresting): remove unused macro 298 2991999-11-22 Johan Danielsson <joda@pdc.kth.se> 300 301 * lib/krb5/krb5.h: rc4->arcfour 302 303 * lib/krb5/crypto.c: rc4->arcfour 304 3051999-11-17 Assar Westerlund <assar@sics.se> 306 307 * lib/krb5/krb5_locl.h: add <rc4.h> 308 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4 309 * lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might 310 not be totally different from some small company up in the 311 north-west corner of the US 312 313 * lib/krb5/get_addrs.c (find_all_addresses): change code to 314 actually increment buf_size 315 3161999-11-14 Assar Westerlund <assar@sics.se> 317 318 * lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces' 319 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces 320 scanning optional 321 * lib/krb5/context.c (init_context_from_config_file): set 322 `scan_interfaces' 323 324 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c 325 * lib/krb5/add_et_list.c (krb5_add_et_list): new function 326 3271999-11-12 Assar Westerlund <assar@sics.se> 328 329 * lib/krb5/get_default_realm.c (krb5_get_default_realm, 330 krb5_get_default_realms): set realms if they were unset 331 * lib/krb5/context.c (init_context_from_config_file): don't 332 initialize default realms here. it's done lazily instead. 333 334 * lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned 335 * lib/asn1/gen_glue.c (generate_2int, generate_units): make sure 336 bit constants are unsigned 337 * lib/asn1/gen.c (define_type): make length in sequences be 338 unsigned. 339 340 * configure.in: remove duplicate test for setsockopt test for 341 struct tm.tm_isdst 342 343 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate 344 preauthentication information if we get back ERR_PREAUTH_REQUIRED 345 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove 346 preauthentication generation code. it's now in krb5_get_in_cred 347 348 * configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct 349 tm.tm_gmtoff and timezone 350 3511999-11-11 Johan Danielsson <joda@pdc.kth.se> 352 353 * kdc/main.c: make this work with multi-db 354 355 * kdc/kdc_locl.h: make this work with multi-db 356 357 * kdc/config.c: make this work with multi-db 358 3591999-11-09 Johan Danielsson <joda@pdc.kth.se> 360 361 * kdc/misc.c: update for multi-database code 362 363 * kdc/main.c: update for multi-database code 364 365 * kdc/kdc_locl.h: update 366 367 * kdc/config.c: allow us to have more than one database 368 3691999-11-04 Assar Westerlund <assar@sics.se> 370 371 * Release 0.2d 372 373 * lib/krb5/Makefile.am: bump version to 5:0:0 to be safe 374 (krb5_context_data has changed and some code do (might) access 375 fields directly) 376 377 * lib/krb5/krb5.h (krb5_context_data): add `etypes_des' 378 379 * lib/krb5/get_cred.c (init_tgs_req): use 380 krb5_keytype_to_enctypes_default 381 382 * lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new 383 function 384 385 * lib/krb5/context.c (set_etypes): new function 386 (init_context_from_config_file): set both `etypes' and `etypes_des' 387 3881999-11-02 Assar Westerlund <assar@sics.se> 389 390 * configure.in (VERSION): bump to 0.2d-pre 391 3921999-10-29 Assar Westerlund <assar@sics.se> 393 394 * lib/krb5/principal.c (krb5_parse_name): check memory allocations 395 3961999-10-28 Assar Westerlund <assar@sics.se> 397 398 * Release 0.2c 399 400 * lib/krb5/dump_config.c (print_tree): check for empty tree 401 402 * lib/krb5/string-to-key-test.c (tests): update the test cases 403 with empty principals so that they actually use an empty realm and 404 not the default. use the correct etype for 3DES 405 406 * lib/krb5/Makefile.am: bump version to 4:1:0 407 408 * kdc/config.c (configure): more careful with the port string 409 4101999-10-26 Assar Westerlund <assar@sics.se> 411 412 * Release 0.2b 413 4141999-10-20 Assar Westerlund <assar@sics.se> 415 416 * lib/krb5/Makefile.am: bump version to 4:0:0 417 (krb524_convert_creds_kdc and potentially some other functions 418 have changed prototypes) 419 420 * lib/hdb/Makefile.am: bump version to 4:0:1 421 422 * lib/asn1/Makefile.am: bump version to 1:3:0 423 424 * configure.in (LIB_roken): add dbopen. getcap in roken 425 references dbopen and with shared libraries we need to add this 426 dependency. 427 428 * lib/krb5/verify_krb5_conf.c (main): support speicifying the 429 configuration file to test on the command line 430 431 * lib/krb5/config_file.c (parse_binding): handle line with no 432 whitespace before = 433 (krb5_config_parse_file_debug): set lineno earlier so that we don't 434 use it unitialized 435 436 * configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need 437 more include files for these tests 438 439 * lib/krb5/set_default_realm.c (krb5_set_default_realm): use 440 krb5_config_get_strings, which means that your configuration file 441 should look like: 442 443 [libdefaults] 444 default_realm = realm1 realm2 realm3 445 446 * lib/krb5/set_default_realm.c (config_binding_to_list): fix 447 copy-o. From Michal Vocu <michal@karlin.mff.cuni.cz> 448 449 * kdc/config.c (configure): add a missing strdup. From Michal 450 Vocu <michal@karlin.mff.cuni.cz> 451 4521999-10-17 Assar Westerlund <assar@sics.se> 453 454 * Release 0.2a 455 456 * configure.in: only test for db.h with using berkeley_db. remember 457 to link with LIB_tgetent when checking for el_init. add xnlock 458 459 * appl/Makefile.am: add xnlock 460 461 * kdc/kerberos5.c (find_etype): support null keys 462 463 * kdc/kerberos4.c (get_des_key): support null keys 464 465 * lib/krb5/crypto.c (krb5_get_wrapped_length): more correct 466 calculation 467 4681999-10-16 Johan Danielsson <joda@pdc.kth.se> 469 470 * kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc 471 4721999-10-12 Johan Danielsson <joda@pdc.kth.se> 473 474 * lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning 475 4761999-10-10 Assar Westerlund <assar@sics.se> 477 478 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm 479 480 * lib/krb5/krb5.h (krb5_ccache_data): make `ops' const 481 482 * lib/krb5/crypto.c (krb5_string_to_salttype): new function 483 484 * **/*.[ch]: const-ize 485 4861999-10-06 Assar Westerlund <assar@sics.se> 487 488 * lib/krb5/creds.c (krb5_compare_creds): const-ify 489 490 * lib/krb5/cache.c: clean-up and comment-up 491 492 * lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the 493 strings 494 495 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the 496 correct realm part 497 498 * kdc/connect.c (handle_tcp): things work much better when ret is 499 initialized 500 5011999-10-03 Assar Westerlund <assar@sics.se> 502 503 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the 504 type of the session key 505 506 * lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell 507 correctly 508 509 * lib/krb5/creds.c (krb5_compare_creds): fix spelling of 510 krb5_enctypes_compatible_keys 511 512 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new 513 credentials from the KDC if the existing one doesn't have a DES 514 session key. 515 516 * lib/45/get_ad_tkt.c (get_ad_tkt): update to new 517 krb524_convert_creds_kdc 518 5191999-10-03 Johan Danielsson <joda@pdc.kth.se> 520 521 * lib/krb5/keytab_keyfile.c: make krb5_akf_ops const 522 523 * lib/krb5/keytab_memory.c: make krb5_mkt_ops const 524 525 * lib/krb5/keytab_file.c: make krb5_fkt_ops const 526 5271999-10-01 Assar Westerlund <assar@sics.se> 528 529 * lib/krb5/config_file.c: rewritten to allow error messages 530 531 * lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf 532 (libkrb5_la_SOURCES): add config_file_netinfo.c 533 534 * lib/krb5/verify_krb5_conf.c: new program for verifying that 535 krb5.conf is corret 536 537 * lib/krb5/config_file_netinfo.c: moved netinfo code here from 538 config_file.c 539 5401999-09-28 Assar Westerlund <assar@sics.se> 541 542 * kdc/hpropd.c (dump_krb4): kludge default_realm 543 544 * lib/asn1/check-der.c: add test cases for Generalized time and 545 make sure we return the correct value 546 547 * lib/asn1/der_put.c: simplify by using der_put_length_and_tag 548 549 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of 550 krb5_verify_user that tries in all the local realms 551 552 * lib/krb5/set_default_realm.c: add support for having several 553 default realms 554 555 * lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms' 556 557 * lib/krb5/get_default_realm.c (krb5_get_default_realms): add 558 559 * lib/krb5/krb5.h (krb5_context_data): change `default_realm' to 560 `default_realms' 561 562 * lib/krb5/context.c: change from `default_realm' to 563 `default_realms' 564 565 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use 566 krb5_get_default_realms 567 568 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c 569 570 * lib/krb5/copy_host_realm.c: new file 571 5721999-09-27 Johan Danielsson <joda@pdc.kth.se> 573 574 * lib/asn1/der_put.c (encode_generalized_time): encode length 575 576 * lib/krb5/recvauth.c: new function `krb5_recvauth_match_version' 577 that allows more intelligent matching of the application version 578 5791999-09-26 Assar Westerlund <assar@sics.se> 580 581 * lib/asn1/asn1_print.c: add err.h 582 583 * kdc/config.c (configure): use parse_bytes 584 585 * appl/test/nt_gss_common.c: use the correct header file 586 5871999-09-24 Johan Danielsson <joda@pdc.kth.se> 588 589 * kuser/klist.c: add a `--cache' flag 590 591 * kuser/kinit.c (main): only get default value for `get_v4_tgt' if 592 it's explicitly set in krb5.conf 593 5941999-09-23 Assar Westerlund <assar@sics.se> 595 596 * lib/asn1/asn1_print.c (tag_names); add another univeral tag 597 598 * lib/asn1/der.h: update universal tags 599 6001999-09-22 Assar Westerlund <assar@sics.se> 601 602 * lib/asn1/asn1_print.c (loop): print length of octet string 603 6041999-09-21 Johan Danielsson <joda@pdc.kth.se> 605 606 * admin/ktutil.c (kt_get): add `--help' 607 6081999-09-21 Assar Westerlund <assar@sics.se> 609 610 * kuser/Makefile.am: add kdecode_ticket 611 612 * kuser/kdecode_ticket.c: new debug program 613 614 * appl/test/nt_gss_server.c: new program to test against `Sample * 615 SSPI Code' in Windows 2000 RC1 SDK. 616 617 * appl/test/Makefile.am: add nt_gss_client and nt_gss_server 618 619 * lib/asn1/der_get.c (decode_general_string): remember to advance 620 ret over the length-len 621 622 * lib/asn1/Makefile.am: add asn1_print 623 624 * lib/asn1/asn1_print.c: new program for printing DER-structures 625 626 * lib/asn1/der_put.c: make functions more consistent 627 628 * lib/asn1/der_get.c: make functions more consistent 629 6301999-09-20 Johan Danielsson <joda@pdc.kth.se> 631 632 * kdc/kerberos5.c: be more informative in pa-data error messages 633 6341999-09-16 Assar Westerlund <assar@sics.se> 635 636 * configure.in: test for strlcpy, strlcat 637 6381999-09-14 Assar Westerlund <assar@sics.se> 639 640 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return 641 KRB5_LIBOS_PWDINTR when interrupted 642 643 * lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return 644 value from des_read_pw_string 645 646 * kuser/kinit.c (main): don't print any error if reading the 647 password was interrupted 648 649 * kpasswd/kpasswd.c (main): don't print any error if reading the 650 password was interrupted 651 652 * kdc/string2key.c (main): check the return value from fgets 653 654 * kdc/kstash.c (main): check return value from des_read_pw_string 655 656 * admin/ktutil.c (kt_add): check the return-value from fgets and 657 overwrite the password for paranoid reasons 658 659 * lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the 660 newline if it's there 661 6621999-09-13 Assar Westerlund <assar@sics.se> 663 664 * kdc/hpropd.c (main): remove bogus error with `--print'. remove 665 sysloging of number of principals transferred 666 667 * kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL 668 principals 669 (main): get rid of bogus opening of hdb database when propagating 670 ka-server database 671 6721999-09-12 Assar Westerlund <assar@sics.se> 673 674 * lib/krb5/krb5_locl.h (O_BINARY): add fallback definition 675 676 * lib/krb5/krb5.h (krb5_context_data): add keytab types 677 678 * configure.in: revert back awk test, not worked around in 679 roken.awk 680 681 * lib/krb5/keytab_krb4.c: remove O_BINARY 682 683 * lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's. From 684 Love <lha@e.kth.se> 685 686 * lib/krb5/keytab_file.c: remove O_BINARY 687 688 * lib/krb5/keytab.c: move the list of keytab types to the context 689 690 * lib/krb5/fcache.c: remove O_BINARY 691 692 * lib/krb5/context.c (init_context_from_config_file): register all 693 standard cache and keytab types 694 (krb5_free_context): free `kt_types' 695 696 * lib/krb5/cache.c (krb5_cc_resolve): move the registration of the 697 standard types of credential caches to context 698 699 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c 700 7011999-09-10 Assar Westerlund <assar@sics.se> 702 703 * lib/krb5/keytab.c: add comments and clean-up 704 705 * admin/ktutil.c: add `ktutil copy' 706 707 * lib/krb5/keytab_krb4.c: new file 708 709 * lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field 710 711 * lib/krb5/Makefile.am: add keytab_krb4.c 712 713 * lib/krb5/keytab.c: add krb4 and correct some if's 714 715 * admin/srvconvert.c (srvconv): move common code 716 717 * lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables 718 719 * lib/krb5/keytab.c: move out file and memory functions 720 721 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c, 722 keytab_memory.c 723 724 * lib/krb5/keytab_memory.c: new file 725 726 * lib/krb5/keytab_file.c: new file 727 728 * kpasswd/kpasswdd.c: move out password quality functions 729 7301999-09-07 Assar Westerlund <assar@sics.se> 731 732 * lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c. From 733 Love <lha@e.kth.se> 734 735 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check 736 return value from `krb5_sendto_kdc' 737 7381999-09-06 Assar Westerlund <assar@sics.se> 739 740 * lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and 741 remove the sending of data. add a parameter `limit'. let callers 742 send the date themselves (and preferably with net_write on tcp 743 sockets) 744 (send_and_recv_tcp): read first the length field and then only that 745 many bytes 746 7471999-09-05 Assar Westerlund <assar@sics.se> 748 749 * kdc/connect.c (handle_tcp): try to print warning `TCP data of 750 strange type' less often 751 752 * lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly. 753 return on EOF. always free data. check return value from 754 realloc. 755 (send_and_recv_tcp, send_and_recv_http): check advertised length 756 against actual length 757 7581999-09-01 Johan Danielsson <joda@pdc.kth.se> 759 760 * configure.in: check for sgi capabilities 761 7621999-08-27 Johan Danielsson <joda@pdc.kth.se> 763 764 * lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return 765 extra addresses 766 767 * kpasswd/kpasswdd.c: use HDB keytabs; change some error messages; 768 add --realm flag 769 770 * lib/krb5/address.c (krb5_append_addresses): remove duplicates 771 7721999-08-26 Johan Danielsson <joda@pdc.kth.se> 773 774 * lib/hdb/keytab.c: HDB keytab backend 775 7761999-08-25 Johan Danielsson <joda@pdc.kth.se> 777 778 * lib/krb5/keytab.c 779 (krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL 780 pointer 781 7821999-08-24 Johan Danielsson <joda@pdc.kth.se> 783 784 * kpasswd/kpasswdd.c: add `--keytab' flag 785 7861999-08-23 Assar Westerlund <assar@sics.se> 787 788 * lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr' 789 instead of the non-standard `s6_addr32'. From Yoshinobu Inoue 790 <shin@kame.net> by way of the KAME repository 791 7921999-08-18 Assar Westerlund <assar@sics.se> 793 794 * configure.in (--enable-new-des3-code): remove check for `struct 795 addrinfo' 796 797 * lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable 798 des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards 799 compatability 800 801 * lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key 802 derivation) just got assigned etype 16 by <bcn@isi.edu>. keep the 803 old etype at 7. 804 8051999-08-16 Assar Westerlund <assar@sics.se> 806 807 * lib/krb5/sendauth.c (krb5_sendauth): only look at errno if 808 krb5_net_read actually returns -1 809 810 * lib/krb5/recvauth.c (krb5_recvauth): only look at errno if 811 krb5_net_read actually returns -1 812 813 * appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't 814 returned -1 815 816 * appl/test/tcp_server.c (proto): only trust errno if 817 krb5_net_read actually returns -1 818 819 * appl/kf/kfd.c (proto): be more careful with the return value 820 from krb5_net_read 821 8221999-08-13 Assar Westerlund <assar@sics.se> 823 824 * lib/krb5/get_addrs.c (get_addrs_int): try the different ways 825 sequentially instead of just one. this helps if your heimdal was 826 built with v6-support but your kernel doesn't have it, for 827 example. 828 8291999-08-12 Assar Westerlund <assar@sics.se> 830 831 * kdc/hpropd.c: add inetd flag. default means try to figure out 832 if stdin is a socket or not. 833 834 * Makefile.am (ACLOCAL): just use `cf', this variable is only used 835 when the current directory is $(top_srcdir) anyways and having 836 $(top_srcdir) there breaks if it's a relative path 837 8381999-08-09 Johan Danielsson <joda@pdc.kth.se> 839 840 * configure.in: check for setproctitle 841 8421999-08-05 Assar Westerlund <assar@sics.se> 843 844 * lib/krb5/principal.c (krb5_sname_to_principal): remember to call 845 freehostent 846 847 * appl/test/tcp_client.c: call freehostent 848 849 * appl/kf/kf.c (doit): call freehostent 850 851 * appl/kf/kf.c: make v6 friendly and simplify 852 853 * appl/kf/kfd.c: make v6 friendly and simplify 854 855 * appl/test/tcp_server.c: simplify by using krb5_err instead of 856 errx 857 858 * appl/test/tcp_client.c: simplify by using krb5_err instead of 859 errx 860 861 * appl/test/tcp_server.c: make v6 friendly and simplify 862 863 * appl/test/tcp_client.c: make v6 friendly and simplify 864 8651999-08-04 Assar Westerlund <assar@sics.se> 866 867 * Release 0.1m 868 8691999-08-04 Assar Westerlund <assar@sics.se> 870 871 * kuser/kinit.c (main): some more KRB4-conditionalizing 872 873 * lib/krb5/get_in_tkt.c: type correctness 874 875 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in 876 flags. From Miroslav Ruda <ruda@ics.muni.cz> 877 878 * kuser/kinit.c (main): add config file support for forwardable 879 and krb4 support. From Miroslav Ruda <ruda@ics.muni.cz> 880 881 * kdc/kerberos5.c (as_rep): add an empty X500-compress string as 882 transited. 883 (fix_transited_encoding): check length. 884 From Miroslav Ruda <ruda@ics.muni.cz> 885 886 * kdc/hpropd.c (dump_krb4): check the realm so that we don't dump 887 principals in some other realm. From Miroslav Ruda 888 <ruda@ics.muni.cz> 889 (main): rename sa_len -> sin_len, sa_lan is a define on some 890 platforms. 891 892 * appl/kf/kfd.c: add regpag support. From Miroslav Ruda 893 <ruda@ics.muni.cz> 894 895 * appl/kf/kf.c: add `-G' and forwardable option in krb5.conf. 896 From Miroslav Ruda <ruda@ics.muni.cz> 897 898 * lib/krb5/config_file.c (parse_list): don't run past end of line 899 900 * appl/test/gss_common.h: new prototypes 901 902 * appl/test/gssapi_client.c: use gss_err instead of abort 903 904 * appl/test/gss_common.c (gss_verr, gss_err): add 905 9061999-08-03 Assar Westerlund <assar@sics.se> 907 908 * lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this 909 otherwise it doesn't build with shared libraries 910 911 * kdc/hpropd.c: v6-ify 912 913 * kdc/hprop.c: v6-ify 914 9151999-08-01 Assar Westerlund <assar@sics.se> 916 917 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname 918 9191999-07-31 Assar Westerlund <assar@sics.se> 920 921 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new 922 function that takes a FQDN 923 924 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c 925 926 * lib/krb5/expand_hostname.c: new file 927 9281999-07-28 Assar Westerlund <assar@sics.se> 929 930 * Release 0.1l 931 9321999-07-28 Assar Westerlund <assar@sics.se> 933 934 * lib/asn1/Makefile.am: bump version to 1:2:0 935 936 * lib/krb5/Makefile.am: bump version to 3:1:0 937 938 * configure.in: more inet_pton to roken 939 940 * lib/krb5/principal.c (krb5_sname_to_principal): use 941 getipnodebyname 942 9431999-07-26 Assar Westerlund <assar@sics.se> 944 945 * Release 0.1k 946 9471999-07-26 Johan Danielsson <joda@pdc.kth.se> 948 949 * lib/krb5/Makefile.am: bump version number (changed function 950 signatures) 951 952 * lib/hdb/Makefile.am: bump version number (changes to some 953 function signatures) 954 9551999-07-26 Assar Westerlund <assar@sics.se> 956 957 * lib/krb5/Makefile.am: bump version to 3:0:2 958 959 * lib/hdb/Makefile.am: bump version to 2:1:0 960 961 * lib/asn1/Makefile.am: bump version to 1:1:0 962 9631999-07-26 Assar Westerlund <assar@sics.se> 964 965 * Release 0.1j 966 9671999-07-26 Assar Westerlund <assar@sics.se> 968 969 * configure.in: rokenize inet_ntop 970 971 * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t 972 973 * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t 974 975 * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t 976 977 * lib/krb5/store.c: lots of changes from size_t to ssize_t 978 (krb5_ret_stringz): check return value from realloc 979 980 * lib/krb5/mk_safe.c: some type correctness 981 982 * lib/krb5/mk_priv.c: some type correctness 983 984 * lib/krb5/krb5.h (krb5_storage): change return values of 985 functions from size_t to ssize_t 986 9871999-07-24 Assar Westerlund <assar@sics.se> 988 989 * Release 0.1i 990 991 * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \# 992 in lib/roken/roken.awk 993 994 * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to 995 step over addresses if there's no `sa_lan' field 996 997 * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by 998 using `struct sockaddr_storage' 999 1000 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using 1001 `struct sockaddr_storage' 1002 1003 * lib/krb5/changepw.c (krb5_change_password): simplify by using 1004 `struct sockaddr_storage' 1005 1006 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): 1007 simplify by using `struct sockaddr_storage' 1008 1009 * kpasswd/kpasswdd.c (*): simplify by using `struct 1010 sockaddr_storage' 1011 1012 * kdc/connect.c (*): simplify by using `struct sockaddr_storage' 1013 1014 * configure.in (sa_family_t): just test for existence 1015 (sockaddr_storage): also specify include file 1016 1017 * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i 1018 (sa_family_t): test for 1019 (struct sockaddr_storage): test for 1020 1021 * kdc/hprop.c (propagate_database): typo, NULL should be 1022 auth_context 1023 1024 * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of 1025 AF_INET6 1026 1027 * appl/kf/kf.c (main): use warnx 1028 1029 * appl/kf/kf.c (proto): remove shadowing context 1030 1031 * lib/krb5/get_addrs.c (find_all_addresses): try to handle the 1032 case of getting back an `sockaddr_in6' address when sizeof(struct 1033 sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to 1034 tell us how large the address is. This obviously doesn't work 1035 with unknown protocol types. 1036 10371999-07-24 Assar Westerlund <assar@sics.se> 1038 1039 * Release 0.1h 1040 10411999-07-23 Assar Westerlund <assar@sics.se> 1042 1043 * appl/kf/kfd.c: clean-up and more paranoia 1044 1045 * etc/services.append: add kf 1046 1047 * appl/kf/kf.c: rename tk_file to ccache for consistency. clean-up 1048 10491999-07-22 Assar Westerlund <assar@sics.se> 1050 1051 * lib/krb5/n-fold-test.c (main): print the correct data 1052 1053 * appl/Makefile.am (SUBDIRS): add kf 1054 1055 * appl/kf: new program. From Miroslav Ruda <ruda@ics.muni.cz> 1056 1057 * kdc/hprop.c: declare some variables unconditionally to simplify 1058 things 1059 1060 * kpasswd/kpasswdd.c: initialize kadm5 connection for every change 1061 (otherwise the modifier in the database doesn't get set) 1062 1063 * kdc/hpropd.c: clean-up and re-organize 1064 1065 * kdc/hprop.c: clean-up and re-organize 1066 1067 * configure.in (SunOS): define to xy for SunOS x.y 1068 10691999-07-19 Assar Westerlund <assar@sics.se> 1070 1071 * configure.in (AC_BROKEN): test for copyhostent, freehostent, 1072 getipnodebyaddr, getipnodebyname 1073 10741999-07-15 Assar Westerlund <assar@sics.se> 1075 1076 * lib/asn1/check-der.c: more test cases for integers 1077 1078 * lib/asn1/der_length.c (length_int): handle the case of the 1079 largest negative integer by not calling abs 1080 10811999-07-14 Assar Westerlund <assar@sics.se> 1082 1083 * lib/asn1/check-der.c (generic_test): check malloc return value 1084 properly 1085 1086 * lib/krb5/Makefile.am: add string_to_key_test 1087 1088 * lib/krb5/prog_setup.c (krb5_program_setup): always initialize 1089 the context 1090 1091 * lib/krb5/n-fold-test.c (main): return a relevant return value 1092 1093 * lib/krb5/krbhst.c: do SRV lookups for admin server as well. 1094 some clean-up. 1095 10961999-07-12 Assar Westerlund <assar@sics.se> 1097 1098 * configure.in: handle not building X programs 1099 11001999-07-06 Assar Westerlund <assar@sics.se> 1101 1102 * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate 1103 variable 1104 (ipv6_sockaddr2port): fix typo 1105 1106 * etc/services.append: beginning of a file with services 1107 1108 * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if 1109 there's no prefix. also clean-up a little bit. 1110 1111 * kdc/hprop.c (--kaspecials): new flag for handling special KA 1112 server entries. From "Brandon S. Allbery KF8NH" 1113 <allbery@kf8nh.apk.net> 1114 11151999-07-05 Assar Westerlund <assar@sics.se> 1116 1117 * kdc/connect.c (handle_tcp): make sure we have data before 1118 starting to look for HTTP 1119 1120 * kdc/connect.c (handle_tcp): always do getpeername, we can't 1121 trust recvfrom to return anything sensible 1122 11231999-07-04 Assar Westerlund <assar@sics.se> 1124 1125 * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with 1126 all enctypes 1127 1128 * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry 1129 1130 * admin/srvconvert.c (srvconv): better error messages 1131 11321999-07-03 Assar Westerlund <assar@sics.se> 1133 1134 * lib/krb5/principal.c (unparse_name): error check malloc properly 1135 1136 * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc 1137 properly 1138 1139 * lib/krb5/crypto.c (*): do some malloc return-value checks 1140 properly 1141 1142 * lib/hdb/hdb.c (hdb_process_master_key): simplify by using 1143 krb5_data_alloc 1144 1145 * lib/hdb/hdb.c (hdb_process_master_key): check return value from 1146 malloc 1147 1148 * lib/asn1/gen_decode.c (decode_type): fix generation of decoding 1149 information for TSequenceOf. 1150 1151 * kdc/kerberos5.c (get_pa_etype_info): check return value from 1152 malloc 1153 11541999-07-02 Assar Westerlund <assar@sics.se> 1155 1156 * lib/asn1/der_copy.c (copy_octet_string): don't fail if length == 1157 0 and malloc returns NULL 1158 11591999-06-29 Assar Westerlund <assar@sics.se> 1160 1161 * lib/krb5/addr_families.c (ipv6_parse_addr): implement 1162 11631999-06-24 Assar Westerlund <assar@sics.se> 1164 1165 * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address 1166 as an addrport one 1167 1168 * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT): 1169 add 1170 (krb5_auth_context): add local and remote port 1171 1172 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the 1173 local and remote address and add them to the krb-cred packet 1174 1175 * lib/krb5/auth_context.c: save the local and remove ports in the 1176 auth_context 1177 1178 * lib/krb5/address.c (krb5_make_addrport): create an address of 1179 type KRB5_ADDRESS_ADDRPORT from (addr, port) 1180 1181 * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for 1182 grabbing the port number out of the sockaddr 1183 11841999-06-23 Assar Westerlund <assar@sics.se> 1185 1186 * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key. 1187 increase possible verbosity. 1188 1189 * lib/krb5/config_file.c (parse_list): handle blank lines at 1190 another place 1191 1192 * kdc/connect.c (add_port_string): don't return a value 1193 1194 * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred 1195 cache if the principals are different. close and NULL the old one 1196 so that we create a new one. 1197 1198 * configure.in: move around cgywin et al 1199 (LIB_kdb): set at the end of krb4-block 1200 (krb4): test for krb_enable_debug and krb_disable_debug 1201 12021999-06-16 Assar Westerlund <assar@sics.se> 1203 1204 * kuser/kdestroy.c (main): try to destroy v4 ticket even if the 1205 destruction of the v5 one fails 1206 1207 * lib/krb5/crypto.c (DES3_postproc): new version that does the 1208 right thing 1209 (*): don't put and recover length in 3DES encoding 1210 other small fixes 1211 12121999-06-15 Assar Westerlund <assar@sics.se> 1213 1214 * lib/krb5/get_default_principal.c: rewrite to use 1215 get_default_username 1216 1217 * lib/krb5/Makefile.am: add n-fold-test 1218 1219 * kdc/connect.c: add fallbacks for all lookups by service name 1220 (handle_tcp): break-up and clean-up 1221 12221999-06-09 Assar Westerlund <assar@sics.se> 1223 1224 * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider 1225 the loopback address as uninteresting 1226 1227 * lib/krb5/get_addrs.c: new magic flag to get loopback address if 1228 there are no other addresses. 1229 (krb5_get_all_client_addrs): use that flag 1230 12311999-06-04 Assar Westerlund <assar@sics.se> 1232 1233 * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the 1234 length 1235 (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64 1236 (encrypt_internal_derived): don't include the length and don't 1237 decrease by the checksum size twice 1238 (_get_derived_key): the constant should be 5 bytes 1239 12401999-06-02 Johan Danielsson <joda@pdc.kth.se> 1241 1242 * configure.in: use KRB_CHECK_X 1243 1244 * configure.in: check for netinet/ip.h 1245 12461999-05-31 Assar Westerlund <assar@sics.se> 1247 1248 * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize 1249 on RTLD_NOW 1250 12511999-05-23 Assar Westerlund <assar@sics.se> 1252 1253 * appl/test/uu_server.c: removed unused stuff 1254 1255 * appl/test/uu_client.c: removed unused stuff 1256 12571999-05-21 Assar Westerlund <assar@sics.se> 1258 1259 * kuser/kgetcred.c (main): correct error message 1260 1261 * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum) 1262 directly, avoiding redundant lookups and memory leaks 1263 1264 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free 1265 local and remote addresses 1266 1267 * lib/krb5/get_default_principal.c (get_logname): also try 1268 $USERNAME 1269 1270 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) 1271 1272 * lib/krb5/principal.c (USE_RESOLVER): try to define only if we 1273 have a libresolv (currently by checking for res_search) 1274 12751999-05-18 Johan Danielsson <joda@pdc.kth.se> 1276 1277 * kdc/connect.c (handle_tcp): remove %-escapes in request 1278 12791999-05-14 Assar Westerlund <assar@sics.se> 1280 1281 * Release 0.1g 1282 1283 * admin/ktutil.c (kt_remove): -t should be -e 1284 1285 * configure.in (CHECK_NETINET_IP_AND_TCP): use 1286 1287 * kdc/hpropd.c: support for dumping to krb4. From Miroslav Ruda 1288 <ruda@ics.muni.cz> 1289 1290 * admin/ktutil.c (kt_add): new option `--no-salt'. From Miroslav 1291 Ruda <ruda@ics.muni.cz> 1292 1293 * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg, 1294 and innetgr with roken versions 1295 1296 * kuser/kgetcred.c: new program 1297 1298Tue May 11 14:09:33 1999 Johan Danielsson <joda@pdc.kth.se> 1299 1300 * lib/krb5/mcache.c: fix paste-o 1301 13021999-05-10 Johan Danielsson <joda@pdc.kth.se> 1303 1304 * configure.in: don't use uname 1305 13061999-05-10 Assar Westerlund <assar@sics.se> 1307 1308 * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four 1309 arguments :-) 1310 1311 * appl/test/uu_server.c (setsockopt): cast to get rid of a warning 1312 1313 * appl/test/tcp_server.c (setsockopt): cast to get rid of a 1314 warning 1315 1316 * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache 1317 == NULL 1318 1319 * appl/test/gssapi_server.c (setsockopt): cast to get rid of a 1320 warning 1321 1322 * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by 1323 setting the default ccache. 1324 1325 * configure.in (getsockopt, setsockopt): test for 1326 (AM_INIT_AUTOMAKE): bump version to 0.1g 1327 1328 * appl/Makefile.am (SUBDIRS): add kx 1329 1330 * lib/hdb/convert_db.c (main): handle the case of no master key 1331 13321999-05-09 Assar Westerlund <assar@sics.se> 1333 1334 * Release 0.1f 1335 1336 * kuser/kinit.c: add --noaddresses 1337 1338 * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an 1339 empty sit of list as to not ask for any addresses. 1340 13411999-05-08 Assar Westerlund <assar@sics.se> 1342 1343 * acconfig.h (_GNU_SOURCE): define this to enable (used) 1344 extensions on glibc-based systems such as linux 1345 13461999-05-03 Assar Westerlund <assar@sics.se> 1347 1348 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free 1349 `*out_creds' properly 1350 1351 * lib/krb5/creds.c (krb5_compare_creds): just verify that the 1352 keytypes/enctypes are compatible, not that they are the same 1353 1354 * kuser/kdestroy.c (cache): const-correctness 1355 13561999-05-03 Johan Danielsson <joda@pdc.kth.se> 1357 1358 * lib/hdb/hdb.c (hdb_set_master_key): initialise master key 1359 version 1360 1361 * lib/hdb/convert_db.c: add support for upgrading database 1362 versions 1363 1364 * kdc/misc.c: add flags to fetch 1365 1366 * kdc/kstash.c: unlink keyfile on failure, chmod to 400 1367 1368 * kdc/hpropd.c: add --print option 1369 1370 * kdc/hprop.c: pass flags to hdb_foreach 1371 1372 * lib/hdb/convert_db.c: add some flags 1373 1374 * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2; 1375 build prototype headers 1376 1377 * lib/hdb/hdb_locl.h: update prototypes 1378 1379 * lib/hdb/print.c: move printable version of entry from kadmin 1380 1381 * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is 1382 sealed or not; add flags to hdb_foreach 1383 1384 * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and 1385 NDBM_nextkey 1386 1387 * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey 1388 1389 * lib/hdb/common.c: add flags to _hdb_{fetch,store} 1390 1391 * lib/hdb/hdb.h: add master_key_version to struct hdb, update 1392 prototypes 1393 1394 * lib/hdb/hdb.asn1: make mkvno optional, update version to 2 1395 1396 * configure.in: --enable-netinfo 1397 1398 * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO 1399 1400 * config.sub: fix for crays 1401 1402 * config.guess: new version from automake 1.4 1403 1404 * config.sub: new version from automake 1.4 1405 1406Wed Apr 28 00:21:17 1999 Assar Westerlund <assar@sics.se> 1407 1408 * Release 0.1e 1409 1410 * lib/krb5/mcache.c (mcc_get_next): get the current cursor 1411 correctly 1412 1413 * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code. 1414 From Ake Sandgren <ake@cs.umu.se> 1415 14161999-04-27 Johan Danielsson <joda@pdc.kth.se> 1417 1418 * kdc/kerberos5.c: fix arguments to decrypt_ticket 1419 14201999-04-25 Assar Westerlund <assar@sics.se> 1421 1422 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old 1423 DCE secd's that are not able to handle MD5 checksums by defaulting 1424 to MD4 if the keytype was DES-CBC-CRC 1425 1426 * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype 1427 1428 * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and 1429 `cksumtype' 1430 1431 * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for 1432 secd 1433 (init_tgs_req): add all supported enctypes for the keytype in 1434 `in_creds->session.keytype' if it's set 1435 1436 * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol 1437 encryption types 1438 (do_checksum): new function 1439 (verify_checksum): take the checksum to use from the checksum message 1440 and not from the crypto struct 1441 (etypes): add F_PSEUDO flags 1442 (krb5_keytype_to_enctypes): new function 1443 1444 * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype 1445 and cksumtype 1446 (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement 1447 (krb5_auth_setkeytype, krb5_auth_getkeytype): implement 1448 (krb5_auth_setenctype): comment out, it's rather bogus anyway 1449 1450Sun Apr 25 16:55:50 1999 Johan Danielsson <joda@pdc.kth.se> 1451 1452 * lib/krb5/krb5_locl.h: fix for stupid aix warnings 1453 1454 * lib/krb5/fcache.c (erase_file): don't malloc 1455 1456Sat Apr 24 18:35:21 1999 Johan Danielsson <joda@pdc.kth.se> 1457 1458 * kdc/config.c: pass context to krb5_config_file_free 1459 1460 * kuser/kinit.c: add `--fcache-version' to set cache version to 1461 create 1462 1463 * kuser/klist.c: print cache version if verbose 1464 1465 * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort 1466 1467 * lib/krb5/principal.c: abort -> krb5_abortx 1468 1469 * lib/krb5/mk_rep.c: abort -> krb5_abortx 1470 1471 * lib/krb5/config_file.c: abort -> krb5_abortx 1472 1473 * lib/krb5/context.c (init_context_from_config_file): init 1474 fcache_version; add krb5_{get,set}_fcache_version 1475 1476 * lib/krb5/keytab.c: add support for reading (and writing?) old 1477 version keytabs 1478 1479 * lib/krb5/cache.c: add krb5_cc_get_version 1480 1481 * lib/krb5/fcache.c: add support for reading and writing old 1482 version cache files 1483 1484 * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags 1485 1486 * lib/krb5/store_emem.c (krb5_storage_emem): zero flags 1487 1488 * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags 1489 1490 * lib/krb5/store.c: add flags to change how various fields are 1491 stored, used for old cache version support 1492 1493 * lib/krb5/krb5.h: add support for reading and writing old version 1494 cache files, and keytabs 1495 1496Wed Apr 21 00:09:26 1999 Assar Westerlund <assar@sics.se> 1497 1498 * configure.in: fix test for readline.h remember to link with 1499 $LIB_tgetent when trying linking with readline 1500 1501 * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time 1502 is given, request a postdated ticket. 1503 1504 * lib/krb5/data.c (krb5_data_free): free data as long as it's not 1505 NULL 1506 1507Tue Apr 20 20:18:14 1999 Assar Westerlund <assar@sics.se> 1508 1509 * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen 1510 1511 * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add 1512 1513 * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and 1514 KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is 1515 invalid 1516 1517Tue Apr 20 12:42:08 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1518 1519 * kpasswd/kpasswdd.c: don't try to load library by default; get 1520 library and function name from krb5.conf 1521 1522 * kpasswd/sample_passwd_check.c: sample password checking 1523 functions 1524 1525Mon Apr 19 22:22:19 1999 Assar Westerlund <assar@sics.se> 1526 1527 * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use 1528 krb5_data_alloc and be careful with checking allocation and sizes. 1529 1530 * kuser/klist.c (--tokens): conditionalize on KRB4 1531 1532 * kuser/kinit.c (renew_validate): set all flags 1533 (main): fix cut-n-paste error when setting start-time 1534 1535 * kdc/kerberos5.c (check_tgs_flags): starttime of a validate 1536 ticket should be > than current time 1537 (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket 1538 1539 * kuser/kinit.c (renew_validate): use the client realm instead of 1540 the local realm when renewing tickets. 1541 1542 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function 1543 (krb5_get_forwarded_creds): correct freeing of out_creds 1544 1545 * kuser/kinit.c (renew_validate): hopefully fix up freeing of 1546 memory 1547 1548 * configure.in: do all the krb4 tests with "$krb4" != "no" 1549 1550 * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero 1551 keyvalue if it's NULL. noticed by Ake Sandgren <ake@cs.umu.se> 1552 1553 * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes 1554 instead of just taking the first one. fix all callers. From 1555 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> 1556 1557 * kdc/kdc_locl.h (enable_kaserver): declaration 1558 1559 * kdc/hprop.c (ka_convert): print the failing principal. AFS 3.4a 1560 creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around. From 1561 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> 1562 1563 * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning 1564 1565 * kdc/connect.c (add_standard_ports, process_request): look at 1566 enable_kaserver. From "Brandon S. Allbery KF8NH" 1567 <allbery@kf8nh.apk.net> 1568 1569 * kdc/config.c: new flag --kaserver and config file option 1570 enable-kaserver. From "Brandon S. Allbery KF8NH" 1571 <allbery@kf8nh.apk.net> 1572 1573Mon Apr 19 12:32:04 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1574 1575 * configure.in: check for dlopen, and dlfcn.h 1576 1577 * kpasswd/kpasswdd.c: add support for dlopen:ing password quality 1578 check library 1579 1580 * configure.in: add appl/su 1581 1582Sun Apr 18 15:46:53 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 1583 1584 * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a 1585 cache 1586 1587Fri Apr 16 17:58:51 1999 Assar Westerlund <assar@sics.se> 1588 1589 * configure.in: LIB_kdb: -L should be before -lkdb 1590 test for prototype of strsep 1591 1592Thu Apr 15 11:34:38 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1593 1594 * lib/krb5/Makefile.am: update version 1595 1596 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use 1597 ALLOC_SEQ 1598 1599 * lib/krb5/fcache.c: add some support for reading and writing old 1600 cache formats; 1601 (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use 1602 krb5_ret_creds 1603 1604 * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc, 1605 initialize host_byteorder 1606 1607 * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize 1608 host_byteorder 1609 1610 * lib/krb5/store_emem.c (krb5_storage_emem): initialize 1611 host_byteorder 1612 1613 * lib/krb5/store.c (krb5_storage_set_host_byteorder): add; 1614 (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16): 1615 check host_byteorder flag; (krb5_store_creds): add; 1616 (krb5_ret_creds): add 1617 1618 * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for 1619 storage of numbers 1620 1621 * lib/krb5/heim_err.et: add `host not found' error 1622 1623 * kdc/connect.c: don't use data after clearing decriptor 1624 1625 * lib/krb5/auth_context.c: abort -> krb5_abortx 1626 1627 * lib/krb5/warn.c: add __attribute__; add *abort functions 1628 1629 * configure.in: check for __attribute__ 1630 1631 * kdc/connect.c: log bogus requests 1632 1633Tue Apr 13 18:38:05 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1634 1635 * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts 1636 for all DES keys 1637 16381999-04-12 Assar Westerlund <assar@sics.se> 1639 1640 * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit 1641 1642 * lib/krb5/get_cred.c (init_tgs_req): some more error checking 1643 1644 * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return 1645 value from malloc 1646 1647Sun Apr 11 03:47:23 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1648 1649 * lib/krb5/krb5.conf.5: update to reality 1650 1651 * lib/krb5/krb5_425_conv_principal.3: update to reality 1652 16531999-04-11 Assar Westerlund <assar@sics.se> 1654 1655 * lib/krb5/get_host_realm.c: handle more than one realm for a host 1656 1657 * kpasswd/kpasswd.c (main): use krb5_program_setup and 1658 print_version 1659 1660 * kdc/string2key.c (main): use krb5_program_setup and 1661 print_version 1662 1663Sun Apr 11 02:35:58 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1664 1665 * lib/krb5/principal.c (krb5_524_conv_principal): make it actually 1666 work, and check built-in list of host-type first-components 1667 1668 * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm 1669 1670 * lib/krb5/context.c: add srv_* flags to context 1671 1672 * lib/krb5/principal.c: add default v4_name_convert entries 1673 1674 * lib/krb5/krb5.h: add srv_* flags to context 1675 1676Sat Apr 10 22:52:28 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1677 1678 * kadmin/kadmin.c: complain about un-recognised commands 1679 1680 * admin/ktutil.c: complain about un-recognised commands 1681 1682Sat Apr 10 15:41:49 1999 Assar Westerlund <assar@sics.se> 1683 1684 * kadmin/load.c (doit): fix error message 1685 1686 * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths 1687 fail to match. 1688 (krb5_get_wrapped_length): new function 1689 1690 * configure.in: security/pam_modules.h: check for 1691 1692 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge 1693 around `ret_as_reply' semantics by only freeing it when ret == 0 1694 1695Fri Apr 9 20:24:04 1999 Assar Westerlund <assar@sics.se> 1696 1697 * kuser/klist.c (print_cred_verbose): handle the case of a bad 1698 enctype 1699 1700 * configure.in: test for more header files 1701 (LIB_roken): set 1702 1703Thu Apr 8 15:01:59 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1704 1705 * configure.in: fixes for building w/o krb4 1706 1707 * ltmain.sh: update to libtool 1.2d 1708 1709 * ltconfig: update to libtool 1.2d 1710 1711Wed Apr 7 23:37:26 1999 Assar Westerlund <assar@sics.se> 1712 1713 * kdc/hpropd.c: fix some error messages to be more understandable. 1714 1715 * kdc/hprop.c (ka_dump): remove unused variables 1716 1717 * appl/test/tcp_server.c: remove unused variables 1718 1719 * appl/test/gssapi_server.c: remove unused variables 1720 1721 * appl/test/gssapi_client.c: remove unused variables 1722 1723Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1724 1725 * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code 1726 1727 * kuser/klist.c: make it compile w/o krb4 1728 1729 * kuser/kdestroy.c: make it compile w/o krb4 1730 1731 * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help 1732 strings 1733 1734Mon Apr 5 16:13:46 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1735 1736 * configure.in: test for MIPS ABI; new test_package 1737 1738Thu Apr 1 11:00:40 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1739 1740 * include/Makefile.am: clean krb5-private.h 1741 1742 * Release 0.1d 1743 1744 * kpasswd/kpasswdd.c (doit): pass context to 1745 krb5_get_all_client_addrs 1746 1747 * kdc/connect.c (init_sockets): pass context to 1748 krb5_get_all_server_addrs 1749 1750 * lib/krb5/get_in_tkt.c (init_as_req): pass context to 1751 krb5_get_all_client_addrs 1752 1753 * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to 1754 krb5_get_all_client_addrs 1755 1756 * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses 1757 1758 * lib/krb5/krb5.h: add support for adding an extra set of 1759 addresses 1760 1761 * lib/krb5/context.c: add support for adding an extra set of 1762 addresses 1763 1764 * lib/krb5/addr_families.c: add krb5_parse_address 1765 1766 * lib/krb5/address.c: krb5_append_addresses 1767 1768 * lib/krb5/config_file.c (parse_binding): don't zap everything 1769 after first whitespace 1770 1771 * kuser/kinit.c (renew_validate): don't allocate out 1772 1773 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't 1774 allocate out_creds 1775 1776 * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make 1777 out_creds pointer; 1778 (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags): 1779 free more memory 1780 1781 * lib/krb5/crypto.c (encrypt_internal): free checksum 1782 1783 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply, 1784 and ticket 1785 1786 * kuser/Makefile.am: remove kfoo 1787 1788 * lib/Makefile.am: add auth 1789 1790 * lib/kadm5/iprop.h: getarg.h 1791 1792 * lib/kadm5/replay_log.c: use getarg 1793 1794 * lib/kadm5/ipropd_slave.c: use getarg 1795 1796 * lib/kadm5/ipropd_master.c: use getarg 1797 1798 * lib/kadm5/dump_log.c: use getarg 1799 1800 * kpasswd/kpasswdd.c: use getarg 1801 1802 * Makefile.am.common: make a more working check-local target 1803 1804 * lib/asn1/main.c: use getargs 1805 1806Mon Mar 29 20:19:57 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1807 1808 * kuser/klist.c (print_cred_verbose): use krb5_print_address 1809 1810 * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int 1811 1812 * lib/krb5/addr_families.c (krb5_print_address): handle unknown 1813 address types; (ipv6_print_addr): print in 16-bit groups (as it 1814 should) 1815 1816 * lib/krb5/crc.c: crc_{init_table,update} -> 1817 _krb5_crc_{init_table,update} 1818 1819 * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int 1820 crc_{init_table,update} -> _krb5_crc_{init_table,update} 1821 1822 * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int 1823 1824 * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int 1825 1826 * lib/krb5/krb5_locl.h: include krb5-private.h 1827 1828 * kdc/connect.c (addr_to_string): use krb5_print_address 1829 1830 * lib/krb5/addr_families.c (krb5_print_address): int -> size_t 1831 1832 * lib/krb5/addr_families.c: add support for printing ipv6 1833 addresses, either with inet_ntop, or ugly for-loop 1834 1835 * kdc/524.c: check that the ticket came from a valid address; use 1836 the address of the connection as the address to put in the v4 1837 ticket (if this address is AF_INET) 1838 1839 * kdc/connect.c: pass addr to do_524 1840 1841 * kdc/kdc_locl.h: prototype for do_524 1842 1843Sat Mar 27 17:48:31 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1844 1845 * configure.in: check for OSF C2; bind/bitypes.h, getudbnam, 1846 setlim; check for auth modules; siad.h, getpwnam_r; 1847 lib/auth/Makefile, lib/auth/sia/Makefile 1848 1849 * lib/krb5/crypto.c: n_fold -> _krb5_n_fold 1850 1851 * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold 1852 1853Thu Mar 25 04:35:21 1999 Assar Westerlund <assar@sics.se> 1854 1855 * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping 1856 it 1857 1858 * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data' 1859 1860 * lib/hdb/ndbm.c (NDBM_destroy): clear master key 1861 1862 * lib/hdb/db.c (DB_destroy): clear master key 1863 (DB_open): check malloc 1864 1865 * kdc/connect.c (init_sockets): free addresses 1866 1867 * kadmin/kadmin.c (main): make code more consistent. always free 1868 configuration information. 1869 1870 * kadmin/init.c (create_random_entry): free the entry 1871 1872Wed Mar 24 04:02:03 1999 Assar Westerlund <assar@sics.se> 1873 1874 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): 1875 re-organize the code to always free `kdc_reply' 1876 1877 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about 1878 freeing memory 1879 1880 * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close 1881 1882 * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto' 1883 1884 * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0 1885 header 1886 1887 * configure.in (db_185.h): check for 1888 1889 * admin/srvcreate.c: new file. contributed by Daniel Kouril 1890 <kouril@informatics.muni.cz> 1891 1892 * admin/ktutil.c: srvcreate: new command 1893 1894 * kuser/klist.c: add support for printing AFS tokens 1895 1896 * kuser/kdestroy.c: add support for destroying v4 tickets and AFS 1897 tokens. based on code by Love <lha@stacken.kth.se> 1898 1899 * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries 1900 1901 * configure.in: sys/ioccom.h: test for 1902 1903 * kuser/klist.c (main): don't print `no ticket file' with --test. 1904 From: Love <lha@e.kth.se> 1905 1906 * kpasswd/kpasswdd.c (doit): more braces to make gcc happy 1907 1908 * kdc/connect.c (init_socket): get rid of a stupid warning 1909 1910 * include/bits.c (my_strupr): cast away some stupid warnings 1911 1912Tue Mar 23 14:34:44 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1913 1914 * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite 1915 loops, please 1916 1917Tue Mar 23 00:00:45 1999 Assar Westerlund <assar@sics.se> 1918 1919 * lib/kadm5/Makefile.am (install_build_headers): recover from make 1920 rewriting the names of the headers kludge to help solaris make 1921 1922 * lib/krb5/Makefile.am: kludge to help solaris make 1923 1924 * lib/hdb/Makefile.am: kludge to help solaris make 1925 1926 * configure.in (LIB_kdb): make sure there's a -L option in here by 1927 adding $(LIB_krb4) 1928 1929 * lib/asn1/gen_glue.c (generate_2int, generate_int2): int -> 1930 unsigned 1931 1932 * configure.in (SunOS): set to a number KRB4, KRB5 conditionals: 1933 remove the `dnl' to work around an automake flaw 1934 1935Sun Mar 21 15:08:49 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 1936 1937 * lib/krb5/get_default_realm.c: char* -> krb5_realm 1938 1939Sun Mar 21 14:08:30 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1940 1941 * include/bits.c: <bind/bitypes.h> 1942 1943 * lib/krb5/Makefile.am: create krb5-private.h 1944 1945Sat Mar 20 00:08:59 1999 Assar Westerlund <assar@sics.se> 1946 1947 * configure.in (gethostname): remove duplicate 1948 1949Fri Mar 19 14:48:03 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1950 1951 * lib/hdb/Makefile.am: add version-info 1952 1953 * lib/gssapi/Makefile.am: add version-info 1954 1955 * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der 1956 to check_PROGRAMS 1957 1958 * lib/Makefile.am: add 45 1959 1960 * lib/kadm5/Makefile.am: split in client and server libraries 1961 (breaks shared libraries otherwise) 1962 1963Thu Mar 18 11:33:30 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1964 1965 * include/kadm5/Makefile.am: clean a lot of header files (since 1966 automake lacks a clean-hook) 1967 1968 * include/Makefile.am: clean a lot of header files (since automake 1969 lacks a clean-hook) 1970 1971 * lib/kadm5/Makefile.am: fix build-installation of headers 1972 1973 * lib/krb5/Makefile.am: remove include_dir hack 1974 1975 * lib/hdb/Makefile.am: remove include_dir hack 1976 1977 * lib/asn1/Makefile.am: remove include_dir hack 1978 1979 * include/Makefile.am: remove include_dir hack 1980 1981 * doc/whatis.texi: define sub for html 1982 1983 * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h 1984 1985 * lib/asn1/Makefile.am: der.h 1986 1987 * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h 1988 1989 * kdc/Makefile.am: remove junk 1990 1991 * kadmin/Makefile.am: sl.a -> sl.la 1992 1993 * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS 1994 1995 * admin/Makefile.am: sl.a -> sl.la 1996 1997 * configure.in: condition KRB5; AC_CHECK_XAU 1998 1999 * Makefile.am: include Makefile.am.common 2000 2001 * include/kadm5/Makefile.am: include Makefile.am.common; don't 2002 install headers from here 2003 2004 * include/Makefile.am: include Makefile.am.common; don't install 2005 headers from here 2006 2007 * doc/Makefile.am: include Makefile.am.common 2008 2009 * lib/krb5/Makefile.am: include Makefile.am.common 2010 2011 * lib/kadm5/Makefile.am: include Makefile.am.common 2012 2013 * lib/hdb/Makefile.am: include Makefile.am.common 2014 2015 * lib/gssapi/Makefile.am: include Makefile.am.common 2016 2017 * lib/asn1/Makefile.am: include Makefile.am.common 2018 2019 * lib/Makefile.am: include Makefile.am.common 2020 2021 * lib/45/Makefile.am: include Makefile.am.common 2022 2023 * kuser/Makefile.am: include Makefile.am.common 2024 2025 * kpasswd/Makefile.am: include Makefile.am.common 2026 2027 * kdc/Makefile.am: include Makefile.am.common 2028 2029 * kadmin/Makefile.am: include Makefile.am.common 2030 2031 * appl/test/Makefile.am: include Makefile.am.common 2032 2033 * appl/afsutil/Makefile.am: include Makefile.am.common 2034 2035 * appl/Makefile.am: include Makefile.am.common 2036 2037 * admin/Makefile.am: include Makefile.am.common 2038 2039Wed Mar 17 03:04:38 1999 Assar Westerlund <assar@sics.se> 2040 2041 * lib/krb5/store.c (krb5_store_stringz): braces fix 2042 2043 * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix 2044 2045 * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix 2046 2047 * kdc/connect.c (loop): braces fix 2048 2049 * lib/krb5/config_file.c: cast to unsigned char to make is* happy 2050 2051 * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy 2052 2053 * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to 2054 be consistent 2055 2056 * kadmin/util.c (timeval2str): more braces to make gcc happy 2057 2058 * kadmin/load.c: cast in is* to get rid of stupid warning 2059 2060 * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid 2061 warning 2062 2063 * kdc/kaserver.c: malloc checks and fixes 2064 2065 * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading 2066 dot (if any) when looking up realms. 2067 2068Fri Mar 12 13:57:56 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 2069 2070 * lib/krb5/get_host_realm.c: add dns support 2071 2072 * lib/krb5/set_default_realm.c: use krb5_free_host_realm 2073 2074 * lib/krb5/free_host_realm.c: check for NULL realmlist 2075 2076 * lib/krb5/context.c: don't print warning if there is no krb5.conf 2077 2078Wed Mar 10 19:29:46 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2079 2080 * configure.in: use AC_WFLAGS 2081 2082Mon Mar 8 11:49:43 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2083 2084 * Release 0.1c 2085 2086 * kuser/klist.c: use print_version 2087 2088 * kuser/kdestroy.c: use print_version 2089 2090 * kdc/hpropd.c: use print_version 2091 2092 * kdc/hprop.c: use print_version 2093 2094 * kdc/config.c: use print_version 2095 2096 * kadmin/kadmind.c: use print_version 2097 2098 * kadmin/kadmin.c: use print_version 2099 2100 * appl/test/common.c: use print_version 2101 2102 * appl/afsutil/afslog.c: use print_version 2103 2104Mon Mar 1 10:49:14 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2105 2106 * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN -> 2107 HAVE_STRUCT_SOCKADDR_SA_LEN 2108 2109 * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13 2110 2111Sun Feb 28 18:19:20 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2112 2113 * lib/asn1/gen.c: make `BIT STRING's unsigned 2114 2115 * lib/asn1/{symbol.h,gen.c}: add TUInteger type 2116 2117 * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to 2118 krb5_get_init_creds_password 2119 2120 * lib/krb5/fcache.c (fcc_gen_new): implement 2121 2122Sat Feb 27 22:41:23 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2123 2124 * doc/install.texi: krb4 is now automatically detected 2125 2126 * doc/misc.texi: update procedure to set supported encryption 2127 types 2128 2129 * doc/setup.texi: change some silly wordings 2130 2131Sat Feb 27 22:17:30 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 2132 2133 * lib/krb5/keytab.c (fkt_remove_entry): make this work 2134 2135 * admin/ktutil.c: add minimally working `get' command 2136 2137Sat Feb 27 19:44:49 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2138 2139 * lib/hdb/convert_db.c: more typos 2140 2141 * include/Makefile.am: remove EXTRA_DATA (as of autoconf 2142 2.13/automake 1.4) 2143 2144 * appl/Makefile.am: OTP_dir 2145 2146Fri Feb 26 17:37:00 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2147 2148 * doc/setup.texi: add kadmin section 2149 2150 * lib/asn1/check-der.c: fix printf warnings 2151 2152Thu Feb 25 11:16:49 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2153 2154 * configure.in: -O does not belong in WFLAGS 2155 2156Thu Feb 25 11:05:57 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 2157 2158 * lib/asn1/der_put.c: fix der_put_int 2159 2160Tue Feb 23 20:35:12 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2161 2162 * configure.in: use AC_BROKEN_GLOB 2163 2164Mon Feb 22 15:12:44 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 2165 2166 * configure.in: check for glob 2167 2168Mon Feb 22 11:32:42 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2169 2170 * Release 0.1b 2171 2172Sat Feb 20 15:48:06 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 2173 2174 * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and 2175 des3-cbc-md5 2176 2177 * lib/krb5/crypto.c (DES3_string_to_key): make this actually do 2178 what the draft said it should 2179 2180 * lib/hdb/convert_db.c: little program for database conversion 2181 2182 * lib/hdb/db.c (DB_open): try to open database w/o .db extension 2183 2184 * lib/hdb/ndbm.c (NDBM_open): add test for database format 2185 2186 * lib/hdb/db.c (DB_open): add test for database format 2187 2188 * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being 2189 unsigned 2190 2191 * lib/hdb/hdb.c: change `hdb_set_master_key' to take an 2192 EncryptionKey, and add a new function `hdb_set_master_keyfile' to 2193 do what `hdb_set_master_key' used to do 2194 2195 * kdc/kstash.c: add `--convert-file' option to change keytype of 2196 existing master key file 2197 2198Fri Feb 19 07:04:14 1999 Assar Westerlund <assar@squid.pdc.kth.se> 2199 2200 * Release 0.1a 2201 2202Sat Feb 13 17:12:53 1999 Assar Westerlund <assar@sics.se> 2203 2204 * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf 2205 is now a `u_char *' 2206 2207 * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int' 2208 2209 * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize 2210 orig_host 2211 2212 (krb5_salttype_to_string): new function (RSA_MD5_DES_verify, 2213 RSA_MD5_DES3_verify): initialize ret 2214 2215 * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary 2216 gssapi_krb5_init. ask for KEYTYPE_DES credentials 2217 2218 * kadmin/get.c (print_entry_long): print the keytypes and salts 2219 available for the principal 2220 2221 * configure.in (WFLAGS): add `-O' to catch unitialized variables 2222 and such 2223 (gethostname, mkstemp, getusershell, inet_aton): more tests 2224 2225 * lib/hdb/hdb.h: update prototypes 2226 2227 * configure.in: homogenize broken detection with krb4 2228 2229 * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused 2230 `error' 2231 2232 * lib/asn1/Makefile.am (check-der): add 2233 2234 * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead 2235 of `unsigned' 2236 2237 * lib/asn1/der_length.c (length_unsigned): new function 2238 (length_int): handle signed integers 2239 2240 * lib/asn1/der_put.c (der_put_unsigned): new function 2241 (der_put_int): handle signed integers 2242 2243 * lib/asn1/der_get.c (der_get_unsigned): new function 2244 (der_get_int): handle signed integers 2245 2246 * lib/asn1/der.h: all integer functions take `int' instead of 2247 `unsigned' 2248 2249 * lib/asn1/lex.l (filename): unused. remove. 2250 2251 * lib/asn1/check-der.c: new test program for der encoding and 2252 decoding. 2253 2254Mon Feb 1 04:09:06 1999 Assar Westerlund <assar@sics.se> 2255 2256 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call 2257 gethostbyname2 with AF_INET6 if we actually have IPv6. From 2258 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> 2259 2260 * lib/krb5/changepw.c (get_kdc_address): dito 2261 2262Sun Jan 31 06:26:36 1999 Assar Westerlund <assar@sics.se> 2263 2264 * kdc/connect.c (parse_prots): always bind to AF_INET, there are 2265 v6-implementations without support for `mapped V4 addresses'. 2266 From Jun-ichiro itojun Hagino <itojun@kame.net> 2267 2268Sat Jan 30 22:38:27 1999 Assar Westerlund <assar@juguete.sics.se> 2269 2270 * Release 0.0u 2271 2272Sat Jan 30 13:43:02 1999 Assar Westerlund <assar@sics.se> 2273 2274 * lib/krb5/Makefile.am: explicit rules for *.et files 2275 2276 * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if 2277 krb5_get_credentials was succesful. 2278 (get_new_cache): return better error codes and return earlier. 2279 (get_cred_cache): only delete default_client if it's different 2280 from client 2281 (kadm5_c_init_with_context): return a more descriptive error. 2282 2283 * kdc/kerberos5.c (check_flags): handle NULL client or server 2284 2285 * lib/krb5/sendauth.c (krb5_sendauth): return the error in 2286 `ret_error' iff != NULL 2287 2288 * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents): 2289 new functions 2290 2291 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more 2292 type-correctness 2293 2294 * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR 2295 2296 * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use 2297 2298 * lib/krb5/get_cred.c: KRB5_TGS_NAME: use 2299 2300 * lib/kafs/afskrb5.c (afslog_uid_int): update to changes 2301 2302 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove 2303 instead of rename, but shouldn't this just call rename? 2304 2305 * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an 2306 error if the principal wasn't found. 2307 2308 * lib/hdb/ndbm.c (NDBM_seq): unseal key 2309 2310 * lib/hdb/db.c (DB_seq): unseal key 2311 2312 * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch] 2313 2314 * kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when 2315 finding cross-realm tgts in the v4 database 2316 2317 * kadmin/mod.c (mod_entry): check the number of arguments. check 2318 that kadm5_get_principal worked. 2319 2320 * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if 2321 we weren't able to remove it. 2322 2323 * admin/ktutil.c: less drive-by-deleting. From Love 2324 <lha@e.kth.se> 2325 2326 * kdc/connect.c (parse_ports): copy the string before mishandling 2327 it with strtok_r 2328 2329 * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching 2330 kvnos 2331 2332 * kadmin/kadmind.c (main): convert `debug_port' to network byte 2333 order 2334 2335 * kadmin/kadmin.c: allow specification of port number. 2336 2337 * lib/kadm5/kadm5_locl.h (kadm5_client_context): add 2338 `kadmind_port'. 2339 2340 * lib/kadm5/init_c.c (_kadm5_c_init_context): move up 2341 initalize_kadm5_error_table_r. 2342 allow specification of port number. 2343 2344 From Love <lha@stacken.kth.se> 2345 2346 * kuser/klist.c: add option -t | --test 2347 2348Sat Dec 5 19:49:34 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2349 2350 * lib/krb5/context.c: remove ktype_is_etype 2351 2352 * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE 2353 2354 * configure.in: fix for AIX install; better tests for AIX dynamic 2355 AFS libs; `--enable-new-des3-code' 2356 2357Tue Dec 1 14:44:44 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2358 2359 * appl/afsutil/Makefile.am: link with extra libs for aix 2360 2361 * kuser/Makefile.am: link with extra libs for aix 2362 2363Sun Nov 29 01:56:21 1998 Assar Westerlund <assar@sics.se> 2364 2365 * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add. almost 2366 the same as krb5_get_all_client_addrs except that it includes 2367 loopback addresses 2368 2369 * kdc/connect.c (init_socket): bind to a particular address 2370 (init_sockets): get all local addresses and bind to them all 2371 2372 * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new 2373 methods 2374 (find_af, find_atype): new functions. use them. 2375 2376 * configure.in: add hesiod 2377 2378Wed Nov 25 11:37:48 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2379 2380 * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03 2381 2382Mon Nov 23 12:53:48 1998 Assar Westerlund <assar@sics.se> 2383 2384 * lib/kadm5/log.c: rename delete -> remove 2385 2386 * lib/kadm5/delete_s.c: rename delete -> remove 2387 2388 * lib/hdb/common.c: rename delete -> remove 2389 2390Sun Nov 22 12:26:26 1998 Assar Westerlund <assar@sics.se> 2391 2392 * configure.in: check for environ and `struct spwd' 2393 2394Sun Nov 22 11:42:45 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 2395 2396 * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if 2397 ktype_is_etype 2398 2399 * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate 2400 etypes 2401 (em): sort entries 2402 2403Sun Nov 22 06:54:48 1998 Assar Westerlund <assar@sics.se> 2404 2405 * lib/krb5/init_creds_pw.c: more type correctness 2406 2407 * lib/krb5/get_cred.c: re-structure code. remove limits on ASN1 2408 generated bits. 2409 2410Sun Nov 22 01:49:50 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2411 2412 * kdc/hprop.c (v4_prop): fix bogus indexing 2413 2414Sat Nov 21 21:39:20 1998 Assar Westerlund <assar@sics.se> 2415 2416 * lib/krb5/verify_init.c (fail_verify_is_ok): new function 2417 (krb5_verify_init_creds): if we cannot get a ticket for 2418 host/`hostname` and fail_verify_is_ok just return. use 2419 krb5_rd_req 2420 2421Sat Nov 21 23:12:27 1998 Assar Westerlund <assar@sics.se> 2422 2423 * lib/krb5/free.c (krb5_xfree): new function 2424 2425 * lib/krb5/creds.c (krb5_free_creds_contents): new function 2426 2427 * lib/krb5/context.c: more type correctness 2428 2429 * lib/krb5/checksum.c: more type correctness 2430 2431 * lib/krb5/auth_context.c (krb5_auth_con_init): more type 2432 correctness 2433 2434 * lib/asn1/der_get.c (der_get_length): fix test of len 2435 (der_get_tag): more type correctness 2436 2437 * kuser/klist.c (usage): void-ize 2438 2439 * admin/ktutil.c (kt_remove): some more type correctness. 2440 2441Sat Nov 21 16:49:20 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2442 2443 * kuser/klist.c: try to list enctypes as keytypes 2444 2445 * kuser/kinit.c: remove extra `--cache' option, add `--enctypes' 2446 to set list of enctypes to use 2447 2448 * kadmin/load.c: load strings as hex 2449 2450 * kadmin/dump.c: dump hex as string is possible 2451 2452 * admin/ktutil.c: use print_version() 2453 2454 * configure.in, acconfig.h: test for hesiod 2455 2456Sun Nov 15 17:28:19 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2457 2458 * lib/krb5/crypto.c: add some crypto debug code 2459 2460 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed 2461 buffer when encoding ticket 2462 2463 * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype' 2464 2465 * kdc/kerberos5.c: allow mis-match of tgt session key, and service 2466 session key 2467 2468 * admin/ktutil.c: keytype -> enctype 2469 2470Fri Nov 13 05:35:48 1998 Assar Westerlund <assar@sics.se> 2471 2472 * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added 2473 2474Sat Nov 7 19:56:31 1998 Assar Westerlund <assar@sics.se> 2475 2476 * lib/krb5/get_cred.c (add_cred): add termination NULL pointer 2477 2478Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se> 2479 2480 * lib/krb5/rd_req.c: adapt to new crypto api 2481 2482 * lib/krb5/rd_rep.c: adapt to new crypto api 2483 2484 * lib/krb5/rd_priv.c: adopt to new crypto api 2485 2486 * lib/krb5/rd_cred.c: adopt to new crypto api 2487 2488 * lib/krb5/principal.c: ENOMEM -> ERANGE 2489 2490 * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api 2491 2492 * lib/krb5/mk_req_ext.c: adopt to new crypto api 2493 2494 * lib/krb5/mk_req.c: get enctype from auth_context keyblock 2495 2496 * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api 2497 2498 * lib/krb5/mk_priv.c: adopt to new crypto api 2499 2500 * lib/krb5/keytab.c: adopt to new crypto api 2501 2502 * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api 2503 2504 * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api 2505 2506 * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api 2507 2508 * lib/krb5/get_in_tkt.c: adopt to new crypto api 2509 2510 * lib/krb5/get_cred.c: adopt to new crypto api 2511 2512 * lib/krb5/generate_subkey.c: use new crypto api 2513 2514 * lib/krb5/context.c: rename etype functions to enctype ditto 2515 2516 * lib/krb5/build_auth.c: use new crypto api 2517 2518 * lib/krb5/auth_context.c: remove enctype and cksumtype from 2519 auth_context 2520 2521Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se> 2522 2523 * kdc/connect.c (handle_udp, handle_tcp): correct type of `n' 2524 2525Tue Sep 15 18:41:38 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2526 2527 * admin/ktutil.c: fix printing of unrecognized keytypes 2528 2529Tue Sep 15 17:02:33 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2530 2531 * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if 2532 using AFS3 salt 2533 2534Tue Aug 25 23:30:52 1998 Assar Westerlund <assar@sics.se> 2535 2536 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about 2537 `use_admin_kdc' 2538 2539 * lib/krb5/changepw.c (get_kdc_address): use 2540 krb5_get_krb_admin_hst 2541 2542 * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function 2543 2544 * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc' 2545 2546 * lib/krb5/context.c (krb5_get_use_admin_kdc, 2547 krb5_set_use_admin_kdc): new functions 2548 2549Tue Aug 18 22:24:12 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2550 2551 * lib/krb5/crypto.c: remove all calls to abort(); check return 2552 value from _key_schedule; 2553 (RSA_MD[45]_DES_verify): zero tmp and res; 2554 (RSA_MD5_DES3_{verify,checksum}): implement 2555 2556Mon Aug 17 20:18:46 1998 Assar Westerlund <assar@sics.se> 2557 2558 * kdc/kerberos4.c (swap32): conditionalize 2559 2560 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function 2561 2562 * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname 2563 returned from gethostby*() isn't a FQDN, try with the original 2564 hostname 2565 2566 * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal 2567 and correct key usage 2568 2569 * lib/krb5/crypto.c (verify_checksum): make static 2570 2571 * admin/ktutil.c (kt_list): use krb5_enctype_to_string 2572 2573Sun Aug 16 20:57:56 1998 Assar Westerlund <assar@sics.se> 2574 2575 * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt 2576 2577 * kadmin/ank.c (ank): print principal name in prompt 2578 2579 * lib/krb5/crypto.c (hmac): always allocate space for checksum. 2580 never trust c.checksum.length 2581 (_get_derived_key): try to return the derived key 2582 2583Sun Aug 16 19:48:42 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2584 2585 * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs 2586 (get_checksum_key): assume usage is `formatted' 2587 (create_checksum,verify_checksum): moved the guts of the krb5_* 2588 functions here, both take `formatted' key-usages 2589 (encrypt_internal_derived): fix various bogosities 2590 (derive_key): drop key_type parameter (already given by the 2591 encryption_type) 2592 2593 * kdc/kerberos5.c (check_flags): handle case where client is NULL 2594 2595 * kdc/connect.c (process_request): return zero after processing 2596 kerberos 4 request 2597 2598Sun Aug 16 18:38:15 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 2599 2600 * lib/krb5/crypto.c: merge x-*.[ch] into one file 2601 2602 * lib/krb5/cache.c: remove residual from krb5_ccache_data 2603 2604Fri Aug 14 16:28:23 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2605 2606 * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to 2607 separate function (will eventually end up someplace else) 2608 2609 * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key 2610 2611 * configure.in, acconfig.h: test for four valued krb_put_int 2612 2613Thu Aug 13 23:46:29 1998 Assar Westerlund <assar@emma.pdc.kth.se> 2614 2615 * Release 0.0t 2616 2617Thu Aug 13 22:40:17 1998 Assar Westerlund <assar@sics.se> 2618 2619 * lib/krb5/config_file.c (parse_binding): remove trailing 2620 whitespace 2621 2622Wed Aug 12 20:15:11 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2623 2624 * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type 2625 to krb5_create_checksum 2626 2627 * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a 2628 few typos 2629 2630Wed Aug 5 12:39:54 1998 Assar Westerlund <assar@emma.pdc.kth.se> 2631 2632 * Release 0.0s 2633 2634Thu Jul 30 23:12:17 1998 Assar Westerlund <assar@sics.se> 2635 2636 * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die 2637 2638Thu Jul 23 19:49:03 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2639 2640 * kdc/kdc_locl.h: proto for `get_des_key' 2641 2642 * configure.in: test for four valued el_init 2643 2644 * kuser/klist.c: keytype -> enctype 2645 2646 * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*' 2647 2648 * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys 2649 2650 * kdc/kaserver.c: use `get_des_key' 2651 2652 * kdc/524.c: use new crypto api 2653 2654 * kdc/kerberos4.c: use new crypto api 2655 2656 * kdc/kerberos5.c: always treat keytypes as enctypes; use new 2657 crypto api 2658 2659 * kdc/kstash.c: adapt to new crypto api 2660 2661 * kdc/string2key.c: adapt to new crypto api 2662 2663 * admin/srvconvert.c: add keys for all possible enctypes 2664 2665 * admin/ktutil.c: keytype -> enctype 2666 2667 * lib/gssapi/init_sec_context.c: get enctype from auth_context 2668 keyblock 2669 2670 * lib/hdb/hdb.c: remove hdb_*_keytype2key 2671 2672 * lib/kadm5/set_keys.c: adapt to new crypto api 2673 2674 * lib/kadm5/rename_s.c: adapt to new crypto api 2675 2676 * lib/kadm5/get_s.c: adapt to new crypto api 2677 2678 * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4, 2679 des-cbc-md5, and des3-cbc-sha1 2680 2681 * lib/krb5/heim_err.et: error message for unsupported salt 2682 2683 * lib/krb5/codec.c: short-circuit these functions, since they are 2684 not needed any more 2685 2686 * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api 2687 2688Mon Jul 13 23:00:59 1998 Assar Westerlund <assar@sics.se> 2689 2690 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance 2691 hostent->h_addr_list, use a copy instead 2692 2693Mon Jul 13 15:00:31 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2694 2695 * lib/krb5/config_file.c (parse_binding, parse_section): make sure 2696 everything is ok before adding to linked list 2697 2698 * lib/krb5/config_file.c: skip ws before checking for comment 2699 2700Wed Jul 8 10:45:45 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2701 2702 * lib/asn1/k5.asn1: hmac-sha1-des3 = 12 2703 2704Tue Jun 30 18:08:05 1998 Assar Westerlund <assar@sics.se> 2705 2706 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the 2707 unopened file 2708 2709 * lib/krb5/mk_priv.c: realloc correctly 2710 2711 * lib/krb5/get_addrs.c (find_all_addresses): init j 2712 2713 * lib/krb5/context.c (krb5_init_context): print error if parsing 2714 of config file produced an error. 2715 2716 * lib/krb5/config_file.c (parse_list, krb5_config_parse_file): 2717 ignore more spaces 2718 2719 * lib/krb5/codec.c (krb5_encode_EncKrbCredPart, 2720 krb5_encode_ETYPE_INFO): initialize `ret' 2721 2722 * lib/krb5/build_auth.c (krb5_build_authenticator): realloc 2723 correctly 2724 2725 * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret' 2726 2727 * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing 2728 with default_client 2729 2730 * kuser/kinit.c (main): initialize `ticket_life' 2731 2732 * kdc/kerberos5.c (get_pa_etype_info): initialize `ret' 2733 (tgs_rep2): initialize `krbtgt' 2734 2735 * kdc/connect.c (do_request): check for errors from `sendto' 2736 2737 * kdc/524.c (do_524): initialize `ret' 2738 2739 * kadmin/util.c (foreach_principal): don't clobber `ret' 2740 2741 * kadmin/del.c (del_entry): don't apply on zeroth argument 2742 2743 * kadmin/cpw.c (do_cpw_entry): initialize `ret' 2744 2745Sat Jun 13 04:14:01 1998 Assar Westerlund <assar@juguete.sics.se> 2746 2747 * Release 0.0r 2748 2749Sun Jun 7 04:13:14 1998 Assar Westerlund <assar@sics.se> 2750 2751 * lib/krb5/addr_families.c: fall-back definition of 2752 IN6_ADDR_V6_TO_V4 2753 2754 * configure.in: only set CFLAGS if it wasn't set look for 2755 dn_expand and res_search 2756 2757Mon Jun 1 21:28:07 1998 Assar Westerlund <assar@sics.se> 2758 2759 * configure.in: remove duplicate seteuid 2760 2761Sat May 30 00:19:51 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2762 2763 * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid 2764 runtime dependencies on libkrb with some shared library 2765 implementations 2766 2767Fri May 29 00:09:02 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2768 2769 * kuser/kinit_options.c: Default options for kinit. 2770 2771 * kuser/kauth_options.c: Default options for kauth. 2772 2773 * kuser/kinit.c: Implement lots a new options. 2774 2775 * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime 2776 is not NULL; set endtime to min of new starttime + old_life, and 2777 requested endtime 2778 2779 * lib/krb5/init_creds_pw.c (get_init_creds_common): if the 2780 forwardable or proxiable flags are set in options, set the 2781 kdc-flags to the value specified, and not always to one 2782 2783Thu May 28 21:28:06 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2784 2785 * kdc/kerberos5.c: Optionally compare client address to addresses 2786 in ticket. 2787 2788 * kdc/connect.c: Pass client address to as_rep() and tgs_rep(). 2789 2790 * kdc/config.c: Add check_ticket_addresses, and 2791 allow_null_ticket_addresses variables. 2792 2793Tue May 26 14:03:42 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2794 2795 * lib/kadm5/create_s.c: possibly make DES keys version 4 salted 2796 2797 * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt 2798 before zapping version 4 salts 2799 2800Sun May 24 05:22:17 1998 Assar Westerlund <assar@sics.se> 2801 2802 * Release 0.0q 2803 2804 * lib/krb5/aname_to_localname.c: new file 2805 2806 * lib/gssapi/init_sec_context.c (repl_mutual): no output token 2807 2808 * lib/gssapi/display_name.c (gss_display_name): zero terminate 2809 output. 2810 2811Sat May 23 19:11:07 1998 Assar Westerlund <assar@sics.se> 2812 2813 * lib/gssapi/display_status.c: new file 2814 2815 * Makefile.am: send -I to aclocal 2816 2817 * configure.in: remove duplicate setenv 2818 2819Sat May 23 04:55:19 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2820 2821 * kadmin/util.c (foreach_principal): Check for expression before 2822 wading through the whole database. 2823 2824 * kadmin/kadmin.c: Pass NULL password to 2825 kadm5_*_init_with_password. 2826 2827 * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use 2828 of `password' parameter to init_with_password. 2829 2830 * lib/kadm5/init_s.c: implement init_with_{skey,creds}* 2831 2832 * lib/kadm5/server.c: Better arguments for 2833 kadm5_init_with_password. 2834 2835Sat May 16 07:10:36 1998 Assar Westerlund <assar@sics.se> 2836 2837 * kdc/hprop.c: conditionalize ka-server reading support on 2838 KASERVER_DB 2839 2840 * configure.in: new option `--enable-kaserver-db' 2841 2842Fri May 15 19:39:18 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 2843 2844 * lib/krb5/get_cred.c: Better error if local tgt couldn't be 2845 found. 2846 2847Tue May 12 21:11:02 1998 Assar Westerlund <assar@sics.se> 2848 2849 * Release 0.0p 2850 2851 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set 2852 encryption type in auth_context if it's compatible with the type 2853 of the session key 2854 2855Mon May 11 21:11:14 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2856 2857 * kdc/hprop.c: add support for ka-server databases 2858 2859 * appl/ftp/ftpd: link with -lcrypt, if needed 2860 2861Fri May 1 07:29:52 1998 Assar Westerlund <assar@sics.se> 2862 2863 * configure.in: don't test for winsock.h 2864 2865Sat Apr 18 21:43:11 1998 Johan Danielsson <joda@puffer.pdc.kth.se> 2866 2867 * Release 0.0o 2868 2869Sat Apr 18 00:31:11 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 2870 2871 * lib/krb5/sock_principal.c: Save hostname. 2872 2873Sun Apr 5 11:29:45 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2874 2875 * lib/krb5/mk_req_ext.c: Use same enctype as in ticket. 2876 2877 * kdc/hprop.c (v4_prop): Check for null key. 2878 2879Fri Apr 3 03:54:54 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 2880 2881 * lib/krb5/str2key.c: Fix DES3 string-to-key. 2882 2883 * lib/krb5/keytab.c: Get default keytab name from context. 2884 2885 * lib/krb5/context.c: Get `default_keytab_name' value. 2886 2887 * kadmin/util.c (foreach_principal): Print error message if 2888 `kadm5_get_principals' fails. 2889 2890 * kadmin/kadmind.c: Use `kadmind_loop'. 2891 2892 * lib/kadm5/server.c: Replace several other functions with 2893 `kadmind_loop'. 2894 2895Sat Mar 28 09:49:18 1998 Assar Westerlund <assar@sics.se> 2896 2897 * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead 2898 of O_APPEND 2899 2900 * configure.in: generate ftp Makefiles 2901 2902 * kuser/klist.c (print_cred_verbose): print IPv4-address in a 2903 portable way. 2904 2905 * admin/srvconvert.c (srvconv): return 0 if successful 2906 2907Tue Mar 24 00:40:33 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2908 2909 * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to 2910 keytab entries, and change default keytab to `/etc/krb5.keytab'. 2911 2912Mon Mar 23 23:43:59 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2913 2914 * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'. 2915 2916 * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'. 2917 Fix bug in checking of pad. 2918 2919 * lib/gssapi/{un,}wrap.c: Add support for just integrity 2920 protecting data. 2921 2922 * lib/gssapi/accept_sec_context.c: Use 2923 `gssapi_krb5_verify_8003_checksum'. 2924 2925 * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'. 2926 2927 * lib/gssapi/init_sec_context.c: Zero cred, and store session key 2928 properly in auth-context. 2929 2930Sun Mar 22 00:47:22 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2931 2932 * lib/kadm5/delete_s.c: Check immutable bit. 2933 2934 * kadmin/kadmin.c: Pass client name to kadm5_init. 2935 2936 * lib/kadm5/init_c.c: Get creds for client name passed in. 2937 2938 * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'. 2939 2940Sat Mar 21 22:57:13 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2941 2942 * lib/krb5/mk_error.c: Verify that error_code is in the range 2943 [0,127]. 2944 2945 * kdc/kerberos5.c: Move checking of principal flags to new 2946 function `check_flags'. 2947 2948Sat Mar 21 14:38:51 1998 Assar Westerlund <assar@sics.se> 2949 2950 * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt 2951 2952 * configure.in: define SunOS if running solaris 2953 2954Sat Mar 21 00:26:34 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2955 2956 * lib/kadm5/server.c: Unifdef test for same principal when 2957 changing password. 2958 2959 * kadmin/util.c: If kadm5_get_principals failes, we might still be 2960 able to perform the requested opreration (for instance someone if 2961 trying to change his own password). 2962 2963 * lib/kadm5/init_c.c: Try to get ticket via initial request, if 2964 not possible via tgt. 2965 2966 * lib/kadm5/server.c: Check for principals changing their own 2967 passwords. 2968 2969 * kdc/kerberos5.c (tgs_rep2): check for interesting flags on 2970 involved principals. 2971 2972 * kadmin/util.c: Fix order of flags. 2973 2974Thu Mar 19 16:54:10 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2975 2976 * kdc/kerberos4.c: Return sane error code if krb_rd_req fails. 2977 2978Wed Mar 18 17:11:47 1998 Assar Westerlund <assar@sics.se> 2979 2980 * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6 2981 2982Wed Mar 18 09:58:18 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2983 2984 * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't 2985 free keyseed; use correct keytab 2986 2987Tue Mar 10 09:56:16 1998 Assar Westerlund <assar@sics.se> 2988 2989 * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives 2990 2991Mon Mar 16 23:58:23 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2992 2993 * Release 0.0n 2994 2995Fri Mar 6 00:41:30 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2996 2997 * lib/gssapi/{accept_sec_context,release_cred}.c: Use 2998 krb5_kt_close/krb5_kt_resolve. 2999 3000 * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver 3001 to lookup hosts, so CNAMEs can be ignored. 3002 3003 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http): 3004 Add support for using proxy. 3005 3006 * lib/krb5/context.c: Initialize `http_proxy' from 3007 `libdefaults/http_proxy'. 3008 3009 * lib/krb5/krb5.h: Add `http_proxy' to context. 3010 3011 * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol 3012 specifications. 3013 3014Wed Mar 4 01:47:29 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3015 3016 * admin/ktutil.c: Implement `add' and `remove' functions. Make 3017 `--keytab' a global option. 3018 3019 * lib/krb5/keytab.c: Implement remove with files. Add memory 3020 operations. 3021 3022Tue Mar 3 20:09:59 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3023 3024 * lib/krb5/keytab.c: Use function pointers. 3025 3026 * admin: Remove kdb_edit. 3027 3028Sun Mar 1 03:28:42 1998 Assar Westerlund <assar@sics.se> 3029 3030 * lib/kadm5/dump_log.c: print operation names 3031 3032Sun Mar 1 03:04:12 1998 Assar Westerlund <assar@sics.se> 3033 3034 * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth} 3035 3036 * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c: 3037 remove arbitrary limit 3038 3039 * kdc/hprop-common.c: use krb5_{read,write}_message 3040 3041 * lib/kadm5/ipropd_master.c (send_diffs): more careful use 3042 krb5_{write,read}_message 3043 3044 * lib/kadm5/ipropd_slave.c (get_creds): get credentials for 3045 `iprop/master' directly. 3046 (main): use `krb5_read_message' 3047 3048Sun Mar 1 02:05:11 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3049 3050 * kadmin/kadmin.c: Cleanup commands list, and add help strings. 3051 3052 * kadmin/get.c: Add long, short, and terse (equivalent to `list') 3053 output formats. Short is the default. 3054 3055 * kadmin/util.c: Add `include_time' flag to timeval2str. 3056 3057 * kadmin/init.c: Max-life and max-renew can, infact, be zero. 3058 3059 * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'. 3060 3061 * kadmin/util.c: Add function `foreach_principal', that loops over 3062 all principals matching an expression. 3063 3064 * kadmin/kadmin.c: Add usage string to `privileges'. 3065 3066 * lib/kadm5/get_princs_s.c: Also try to match aganist the 3067 expression appended with `@default-realm'. 3068 3069 * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that 3070 excludes the realm if it's the same as the default realm. 3071 3072Fri Feb 27 05:02:21 1998 Assar Westerlund <assar@sics.se> 3073 3074 * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing 3075 headers and functions error -> com_err 3076 3077 (krb5_get_init_creds_keytab): use krb5_keytab_key_proc 3078 3079 * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc' 3080 global 3081 3082 * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data' 3083 3084 * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere. 3085 3086Fri Feb 27 04:49:24 1998 Assar Westerlund <assar@sics.se> 3087 3088 * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240. 3089 This should be fixed the correct way. 3090 3091 * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly 3092 (send_diffs): compare versions correctly 3093 (main): reorder handling of events 3094 3095 * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion 3096 3097Thu Feb 26 02:22:35 1998 Assar Westerlund <assar@sics.se> 3098 3099 * lib/kadm5/ipropd_{slave,master}.c: new files 3100 3101 * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as 3102 argument 3103 3104 * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct 3105 et_list *' 3106 3107 * aux/make-proto.pl: Should work with perl4 3108 3109Mon Feb 16 17:20:22 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3110 3111 * lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via 3112 {asn1,krb5}_err.h). 3113 3114Thu Feb 12 03:28:40 1998 Assar Westerlund <assar@sics.se> 3115 3116 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference 3117 is larger than max_skew, return KRB5KRB_AP_ERR_SKEW 3118 3119 * lib/kadm5/log.c (get_version): globalize 3120 3121 * lib/kadm5/kadm5_locl.h: include <sys/file.h> 3122 3123 * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY 3124 3125 * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of 3126 initializing local struct in declaration. 3127 3128Sat Jan 31 17:28:58 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3129 3130 * kdc/524.c: Use krb5_decode_EncTicketPart. 3131 3132 * kdc/kerberos5.c: Check at runtime whether to use enctypes 3133 instead of keytypes. If so use the same value to encrypt ticket, 3134 and kdc-rep as well as `keytype' for session key. Fix some obvious 3135 bugs with the handling of additional tickets. 3136 3137 * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and 3138 krb5_decode_Authenticator. 3139 3140 * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart. 3141 3142 * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart. 3143 3144 * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption 3145 type, and not a key type. Use krb5_encode_EncAPRepPart. 3146 3147 * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO. 3148 3149 * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart. 3150 3151 * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart. 3152 3153 * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart. 3154 3155 * lib/krb5/build_auth.c: Use krb5_encode_Authenticator. 3156 3157 * lib/krb5/codec.c: Enctype conversion stuff. 3158 3159 * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running 3160 setuid. Get configuration for libdefaults ktype_is_etype, and 3161 default_etypes. 3162 3163 * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename 3164 krb5_convert_etype to krb5_decode_keytype, and add 3165 krb5_decode_keyblock. 3166 3167Fri Jan 23 00:32:09 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3168 3169 * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype. 3170 3171 * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts 3172 from protocol keytypes (that really are enctypes) to internal 3173 representation. 3174 3175Thu Jan 22 21:24:36 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3176 3177 * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information 3178 on keys in the database; and also a new `pa-key-info' padata-type. 3179 3180 * kdc/kerberos5.c: If pre-authentication fails, return a list of 3181 keytypes, salttypes, and salts. 3182 3183 * lib/krb5/init_creds_pw.c: Add better support for 3184 pre-authentication, by looking at hints from the KDC. 3185 3186 * lib/krb5/get_in_tkt.c: Add better support for specifying what 3187 pre-authentication to use. 3188 3189 * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and 3190 KEYTYPE_DES_AFS3. 3191 3192 * lib/krb5/krb5.h: Add pre-authentication structures. 3193 3194 * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL. 3195 3196Wed Jan 21 06:20:40 1998 Assar Westerlund <assar@sics.se> 3197 3198 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize 3199 `log_context.socket_name' and `log_context.socket_fd' 3200 3201 * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram 3202 to inform the possible running ipropd of an update. 3203 3204Wed Jan 21 01:34:09 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3205 3206 * lib/krb5/get_in_tkt.c: Return error-packet to caller. 3207 3208 * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error. 3209 3210 * kdc/kerberos5.c: Add some support for using enctypes instead of 3211 keytypes. 3212 3213 * lib/krb5/get_cred.c: Fixes to send authorization-data to the 3214 KDC. 3215 3216 * lib/krb5/build_auth.c: Only generate local subkey if there is 3217 none. 3218 3219 * lib/krb5/krb5.h: Add krb5_authdata type. 3220 3221 * lib/krb5/auth_context.c: Add 3222 krb5_auth_con_set{,localsub,remotesub}key. 3223 3224 * lib/krb5/init_creds_pw.c: Return some error if prompter 3225 functions return failure. 3226 3227Wed Jan 21 01:16:13 1998 Assar Westerlund <assar@sics.se> 3228 3229 * kpasswd/kpasswd.c: detect bad password. use krb5_err. 3230 3231 * kadmin/util.c (edit_entry): remove unused variables 3232 3233Tue Jan 20 22:58:31 1998 Assar Westerlund <assar@sics.se> 3234 3235 * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible. 3236 3237 * lib/kadm5/kadm5_locl.h: add kadm5_log_context and 3238 kadm5_log*-functions 3239 3240 * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to 3241 log 3242 3243 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to 3244 log 3245 3246 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize 3247 log_context 3248 3249 * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to 3250 log 3251 3252 * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to 3253 log 3254 3255 * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to 3256 log 3257 3258 * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to 3259 log 3260 3261 * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log 3262 3263 * lib/kadm5/replay_log.c: new file 3264 3265 * lib/kadm5/dump_log.c: new file 3266 3267 * lib/kadm5/log.c: new file 3268 3269 * lib/krb5/str2key.c (get_str): initialize pad space to zero 3270 3271 * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL 3272 3273 * kpasswd/kpasswdd.c: rewritten to use the kadm5 API 3274 3275 * kpasswd/Makefile.am: link with kadm5srv 3276 3277 * kdc/kerberos5.c (tgs_rep): initialize `i' 3278 3279 * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp 3280 3281 * include/Makefile.am: added admin.h 3282 3283Sun Jan 18 01:41:34 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 3284 3285 * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes. 3286 3287 * lib/krb5/mcache.c (mcc_store_cred): restore linked list if 3288 copy_creds fails. 3289 3290Tue Jan 6 04:17:56 1998 Assar Westerlund <assar@sics.se> 3291 3292 * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp} 3293 3294 * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask. 3295 3296 * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use 3297 krb5_getportbyname 3298 3299 * kadmin/kadmind.c (main): htons correctly. 3300 moved kadm5_server_{recv,send} 3301 3302 * kadmin/kadmin.c (main): only set admin_server if explicitly 3303 given 3304 3305Mon Jan 5 23:34:44 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3306 3307 * lib/hdb/ndbm.c: Implement locking of database. 3308 3309 * kdc/kerberos5.c: Process AuthorizationData. 3310 3311Sat Jan 3 22:07:07 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 3312 3313 * kdc/string2key.c: Use AFS string-to-key from libkrb5. 3314 3315 * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case. 3316 3317 * lib/krb5/krb5.h: Add value for AFS salts. 3318 3319 * lib/krb5/str2key.c: Add support for AFS string-to-key. 3320 3321 * lib/kadm5/rename_s.c: Use correct salt. 3322 3323 * lib/kadm5/ent_setup.c: Always enable client. Only set max-life 3324 and max-renew if != 0. 3325 3326 * lib/krb5/config_file.c: Add context to all krb5_config_*get_*. 3327 3328Thu Dec 25 17:03:25 1997 Assar Westerlund <assar@sics.se> 3329 3330 * kadmin/ank.c (ank): don't zero password if --random-key was 3331 given. 3332 3333Tue Dec 23 01:56:45 1997 Assar Westerlund <assar@sics.se> 3334 3335 * Release 0.0m 3336 3337 * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client' 3338 3339 * kadmin/util.c (edit_time): only set mask if != 0 3340 (edit_attributes): only set mask if != 0 3341 3342 * kadmin/init.c (init): create `default' 3343 3344Sun Dec 21 09:44:05 1997 Assar Westerlund <assar@sics.se> 3345 3346 * kadmin/util.c (str2deltat, str2attr, get_deltat): return value 3347 as pointer and have return value indicate success. 3348 3349 (get_response): check NULL from fgets 3350 3351 (edit_time, edit_attributes): new functions for reading values and 3352 offering list of answers on '?' 3353 3354 (edit_entry): use edit_time and edit_attributes 3355 3356 * kadmin/ank.c (add_new_key): test the return value of 3357 `krb5_parse_name' 3358 3359 * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say 3360 that the checksum has to be keyed, even though later drafts do. 3361 Accept unkeyed checksums to be compatible with MIT. 3362 3363 * kadmin/kadmin_locl.h: add some prototypes. 3364 3365 * kadmin/util.c (edit_entry): return a value 3366 3367 * appl/afsutil/afslog.c (main): return a exit code. 3368 3369 * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes 3370 3371 * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function. 3372 3373 * lib/krb5/build_auth.c (krb5_build_authenticator): use 3374 krb5_{free,copy}_keyblock instead of the _contents versions 3375 3376Fri Dec 12 14:20:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3377 3378 * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey 3379 3380Mon Dec 8 08:48:09 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3381 3382 * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid 3383 3384Sat Dec 6 10:09:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3385 3386 * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL 3387 keyblock 3388 3389Sat Dec 6 08:26:10 1997 Assar Westerlund <assar@sics.se> 3390 3391 * Release 0.0l 3392 3393Thu Dec 4 03:38:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3394 3395 * lib/krb5/send_to_kdc.c: Add TCP client support. 3396 3397 * lib/krb5/store.c: Add k_{put,get}_int. 3398 3399 * kadmin/ank.c: Set initial kvno to 1. 3400 3401 * kdc/connect.c: Send version 5 TCP-reply as length+data. 3402 3403Sat Nov 29 07:10:11 1997 Assar Westerlund <assar@sics.se> 3404 3405 * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug 3406 3407 * kdc/kaserver.c (create_reply_ticket): use a random nonce in the 3408 reply packet. 3409 3410 * kdc/connect.c (init_sockets): less reallocing. 3411 3412 * **/*.c: changed `struct fd_set' to `fd_set' 3413 3414Sat Nov 29 05:12:01 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3415 3416 * lib/krb5/get_default_principal.c: More guessing. 3417 3418Thu Nov 20 02:55:09 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3419 3420 * lib/krb5/rd_req.c: Use principal from ticket if no server is 3421 given. 3422 3423Tue Nov 18 02:58:02 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3424 3425 * kuser/klist.c: Use krb5_err*(). 3426 3427Sun Nov 16 11:57:43 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3428 3429 * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge' 3430 commands. 3431 3432Sun Nov 16 02:52:20 1997 Assar Westerlund <assar@sics.se> 3433 3434 * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct 3435 `enctype' 3436 3437 * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype' 3438 if set. 3439 3440 * lib/krb5/get_cred.c: handle the case of a specific keytype 3441 3442 * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a 3443 parameter instead of guessing it. 3444 3445 * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter 3446 `enctype' 3447 3448 * appl/test/common.c (common_setup): don't use `optarg' 3449 3450 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function 3451 (krb5_kt_get_entry): retrieve the latest version if kvno == 0 3452 3453 * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE 3454 3455 * lib/krb5/creds.c (krb5_compare_creds): check for 3456 KRB5_TC_MATCH_KEYTYPE 3457 3458 * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove 3459 unused variable 3460 3461 * lib/krb5/creds.c (krb5_copy_creds_contents): only free the 3462 contents if we fail. 3463 3464Sun Nov 16 00:32:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3465 3466 * kpasswd/kpasswdd.c: Get password expiration time from config 3467 file. 3468 3469 * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size. 3470 3471Wed Nov 12 02:35:57 1997 Assar Westerlund <assar@sics.se> 3472 3473 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): 3474 restructured and fixed. 3475 3476 * lib/krb5/addr_families.c (krb5_h_addr2addr): new function. 3477 3478Wed Nov 12 01:36:01 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3479 3480 * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other 3481 methods fail. 3482 3483Tue Nov 11 22:22:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3484 3485 * kadmin/kadmin.c: Add `-l' flag to use local database. 3486 3487 * lib/kadm5/acl.c: Use KADM5_PRIV_ALL. 3488 3489 * lib/kadm5: Use function pointer trampoline for easier dual use 3490 (without radiation-hardening capability). 3491 3492Tue Nov 11 05:15:22 1997 Assar Westerlund <assar@sics.se> 3493 3494 * lib/krb5/encrypt.c (krb5_etype_valid): new function 3495 3496 * lib/krb5/creds.c (krb5_copy_creds_contents): zero target 3497 3498 * lib/krb5/context.c (valid_etype): remove 3499 3500 * lib/krb5/checksum.c: remove dead code 3501 3502 * lib/krb5/changepw.c (send_request): free memory on error. 3503 3504 * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value 3505 from malloc. 3506 3507 * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on 3508 failure correctly. 3509 (krb5_auth_con_setaddrs_from_fd): return error correctly. 3510 3511 * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files 3512 3513Tue Nov 11 02:53:19 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3514 3515 * lib/krb5/auth_context.c: Implement auth_con_setuserkey. 3516 3517 * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey. 3518 3519 * lib/krb5/keyblock.c: Rename krb5_free_keyblock to 3520 krb5_free_keyblock_contents, and reimplement krb5_free_keyblock. 3521 3522 * lib/krb5/rd_req.c: Use auth_context->keyblock if 3523 ap_options.use_session_key. 3524 3525Tue Nov 11 02:35:17 1997 Assar Westerlund <assar@sics.se> 3526 3527 * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'. 3528 fix callers. 3529 3530 * lib/krb5/krb5_locl.h: include <asn1.h> and <der.h> 3531 3532 * include/Makefile.am: add xdbm.h 3533 3534Tue Nov 11 01:58:22 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3535 3536 * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc. 3537 3538Mon Nov 10 22:41:53 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3539 3540 * lib/krb5/ticket.c: Implement copy_ticket. 3541 3542 * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible. 3543 3544 * lib/krb5/data.c: Implement free_data and copy_data. 3545 3546Sun Nov 9 02:17:27 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3547 3548 * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals. 3549 3550 * kadmin/kadmin.c: Add get_privileges function. 3551 3552 * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with 3553 specification. 3554 3555 * kdc/connect.c: Exit if no sockets could be bound. 3556 3557 * kadmin/kadmind.c: Check return value from krb5_net_read(). 3558 3559 * lib/kadm5,kadmin: Fix memory leaks. 3560 3561Fri Nov 7 02:45:26 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3562 3563 * lib/kadm5/create_s.c: Get some default values from `default' 3564 principal. 3565 3566 * lib/kadm5/ent_setup.c: Add optional default entry to get some 3567 values from. 3568 3569Thu Nov 6 00:20:41 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3570 3571 * lib/error/compile_et.awk: Remove generated destroy_*_error_table 3572 prototype 3573 3574 * kadmin/kadmind.c: Crude admin server. 3575 3576 * kadmin/kadmin.c: Update to use remote protocol. 3577 3578 * kadmin/get.c: Fix principal formatting. 3579 3580 * lib/kadm5: Add client support. 3581 3582 * lib/kadm5/error.c: Error code mapping. 3583 3584 * lib/kadm5/server.c: Kadmind support function. 3585 3586 * lib/kadm5/marshall.c: Kadm5 marshalling. 3587 3588 * lib/kadm5/acl.c: Simple acl system. 3589 3590 * lib/kadm5/kadm5_locl.h: Add client stuff. 3591 3592 * lib/kadm5/init_s.c: Initialize acl. 3593 3594 * lib/kadm5/*: Return values. 3595 3596 * lib/kadm5/create_s.c: Correct kvno. 3597 3598Wed Nov 5 22:06:50 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3599 3600 * lib/krb5/log.c: Fix parsing of log destinations. 3601 3602Mon Nov 3 20:33:55 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3603 3604 * lib/krb5/principal.c: Reduce number of reallocs in unparse_name. 3605 3606Sat Nov 1 01:40:53 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3607 3608 * kadmin: Simple kadmin utility. 3609 3610 * admin/ktutil.c: Print keytype. 3611 3612 * lib/kadm5/get_s.c: Set correct n_key_data. 3613 3614 * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use 3615 master key. 3616 3617 * lib/kadm5/destroy_s.c: Check for allocated context. 3618 3619 * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys(). 3620 3621Sat Nov 1 00:21:00 1997 Assar Westerlund <assar@sics.se> 3622 3623 * configure.in: test for readv, writev 3624 3625Wed Oct 29 23:41:26 1997 Assar Westerlund <assar@sics.se> 3626 3627 * lib/krb5/warn.c (_warnerr): handle the case of an illegal error 3628 code 3629 3630 * kdc/kerberos5.c (encode_reply): return success 3631 3632Wed Oct 29 18:01:59 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3633 3634 * kdc/kerberos5.c (find_etype) Return correct index of selected 3635 etype. 3636 3637Wed Oct 29 04:07:06 1997 Assar Westerlund <assar@sics.se> 3638 3639 * Release 0.0k 3640 3641 * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG' 3642 environment variable 3643 3644 * *: use the roken_get*-macros from roken.h for the benefit of 3645 Crays. 3646 3647 * configure.in: add --{enable,disable}-otp. check for compatible 3648 prototypes for gethostbyname, gethostbyaddr, getservbyname, and 3649 openlog (they have strange prototypes on Crays) 3650 3651 * acinclude.m4: new macro `AC_PROTO_COMPAT' 3652 3653Tue Oct 28 00:11:22 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3654 3655 * kdc/connect.c: Log bad requests. 3656 3657 * kdc/kerberos5.c: Move stuff that's in common between as_rep and 3658 tgs_rep to separate functions. 3659 3660 * kdc/kerberos5.c: Fix user-to-user authentication. 3661 3662 * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials: 3663 - add a kdc-options argument to krb5_get_credentials, and rename 3664 it to krb5_get_credentials_with_flags 3665 - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options 3666 - add some more user-to-user glue 3667 3668 * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new 3669 function, krb5_decrypt_ticket, so it is easier to decrypt and 3670 check a ticket without having an ap-req. 3671 3672 * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER 3673 flags. 3674 3675 * lib/krb5/crc.c (crc_init_table): Check if table is already 3676 inited. 3677 3678Sun Oct 26 04:51:02 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3679 3680 * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case 3681 indefinite encoding. 3682 3683 * lib/asn1/gen_glue.c (generate_units): Check for empty 3684 member-list. 3685 3686Sat Oct 25 07:24:57 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3687 3688 * lib/error/compile_et.awk: Allow specifying table-base. 3689 3690Tue Oct 21 20:21:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3691 3692 * kdc/kerberos5.c: Check version number of krbtgt. 3693 3694Mon Oct 20 01:14:53 1997 Assar Westerlund <assar@sics.se> 3695 3696 * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the 3697 case of unhidden prompts. 3698 3699 * lib/krb5/str2key.c (string_to_key_internal): return error 3700 instead of aborting. always free memory 3701 3702 * admin/ktutil.c: add `help' command 3703 3704 * admin/kdb_edit.c: implement new commands: add_random_key(ark), 3705 change_password(cpw), change_random_key(crk) 3706 3707Thu Oct 16 05:16:36 1997 Assar Westerlund <assar@sics.se> 3708 3709 * kpasswd/kpasswdd.c: change all the keys in the database 3710 3711 * kdc: removed all unsealing, now done by the hdb layer 3712 3713 * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key' 3714 and `hdb_clear_master_key' 3715 3716 * admin/misc.c: removed 3717 3718Wed Oct 15 22:47:31 1997 Assar Westerlund <assar@sics.se> 3719 3720 * kuser/klist.c: print year as YYYY iff verbose 3721 3722Wed Oct 15 20:02:13 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3723 3724 * kuser/klist.c: print etype from ticket 3725 3726Mon Oct 13 17:18:57 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3727 3728 * Release 0.0j 3729 3730 * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be 3731 used to decrypt the reply from DCE secds. 3732 3733 * lib/krb5/auth_context.c: Add {get,set}enctype. 3734 3735 * lib/krb5/get_cred.c: Fix for DCE secd. 3736 3737 * lib/krb5/store.c: Store keytype twice, as MIT does. 3738 3739 * lib/krb5/get_in_tkt.c: Use etype from reply. 3740 3741Fri Oct 10 00:39:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3742 3743 * kdc/connect.c: check for leading '/' in http request 3744 3745Tue Sep 30 21:50:18 1997 Assar Westerlund <assar@assaris.pdc.kth.se> 3746 3747 * Release 0.0i 3748 3749Mon Sep 29 15:58:43 1997 Assar Westerlund <assar@sics.se> 3750 3751 * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know 3752 the kvno or keytype before receiving the AP-REQ 3753 3754 * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to 3755 use from the keytype. 3756 3757 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what 3758 cksumtype to use from the keytype. 3759 3760 * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use 3761 from the keytype. 3762 3763 * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype 3764 3765 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out 3766 what etype to use from the keytype. 3767 3768 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): 3769 handle other key types than DES 3770 3771 * lib/krb5/encrypt.c (key_type): add `best_cksumtype' 3772 (krb5_keytype_to_cksumtype): new function 3773 3774 * lib/krb5/build_auth.c (krb5_build_authenticator): figure out 3775 what etype to use from the keytype. 3776 3777 * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype' 3778 and `enctype' to 0 3779 3780 * admin/extkeytab.c (ext_keytab): extract all keys 3781 3782 * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge 3783 3784 * configure.in: check for <netinet6/in6.h>. check for -linet6 3785 3786Tue Sep 23 03:00:53 1997 Assar Westerlund <assar@sics.se> 3787 3788 * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1 3789 3790 * lib/krb5/rd_safe.c: fix check for keyed and collision-proof 3791 checksum 3792 3793 * lib/krb5/context.c (valid_etype): remove hard-coded constants 3794 (default_etypes): include DES3 3795 3796 * kdc/kerberos5.c: fix check for keyed and collision-proof 3797 checksum 3798 3799 * admin/util.c (init_des_key, set_password): DES3 keys also 3800 3801 * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means 3802 no contact? 3803 3804 * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr' 3805 3806Mon Sep 22 11:44:27 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3807 3808 * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by 3809 the client is used to select wich key to encrypt the kdc rep with 3810 (in case of as-req), and with the server info to select the 3811 session key type. The server key the ticket is encrypted is based 3812 purely on the keys in the database. 3813 3814 * kdc/string2key.c: Add keytype support. Default to version 5 3815 keys. 3816 3817 * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse. 3818 3819 * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add 3820 many *_to_* functions. 3821 3822 * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument 3823 to krb5_string_to_key(). 3824 3825 * lib/krb5/checksum.c: Some cleanup, and added: 3826 - rsa-md5-des3 3827 - hmac-sha1-des3 3828 - keyed and collision proof flags to each checksum method 3829 - checksum<->string functions. 3830 3831 * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock. 3832 3833Sun Sep 21 15:19:23 1997 Assar Westerlund <assar@sics.se> 3834 3835 * kdc/connect.c: use new addr_families functions 3836 3837 * kpasswd/kpasswdd.c: use new addr_families functions. Now works 3838 over IPv6 3839 3840 * kuser/klist.c: use correct symbols for address families 3841 3842 * lib/krb5/sock_principal.c: use new addr_families functions 3843 3844 * lib/krb5/send_to_kdc.c: use new addr_families functions 3845 3846 * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6 3847 3848 * lib/krb5/get_addrs.c: use new addr_families functions 3849 3850 * lib/krb5/changepw.c: use new addr_families functions. Now works 3851 over IPv6 3852 3853 * lib/krb5/auth_context.c: use new addr_families functions 3854 3855 * lib/krb5/addr_families.c: new file 3856 3857 * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated 3858 uses. 3859 3860 * acinclude.m4: new macro `AC_KRB_IPV6'. Use it. 3861 3862Sat Sep 13 23:04:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3863 3864 * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable 3865 principals. 3866 3867Sat Sep 13 00:59:36 1997 Assar Westerlund <assar@sics.se> 3868 3869 * Release 0.0h 3870 3871 * appl/telnet/telnet/commands.c: AF_INET6 support 3872 3873 * admin/misc.c: new file 3874 3875 * lib/krb5/context.c: new configuration variable `max_retries' 3876 3877 * lib/krb5/get_addrs.c: fixes and better #ifdef's 3878 3879 * lib/krb5/config_file.c: implement krb5_config_get_int 3880 3881 * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c: 3882 AF_INET6 support 3883 3884 * kuser/klist.c: support for printing IPv6-addresses 3885 3886 * kdc/connect.c: support AF_INET6 3887 3888 * configure.in: test for gethostbyname2 and struct sockaddr_in6 3889 3890Thu Sep 11 07:25:28 1997 Assar Westerlund <assar@sics.se> 3891 3892 * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF 3893 PA-DATA' 3894 3895Wed Sep 10 21:20:17 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3896 3897 * kdc/kerberos5.c: Fixes for cross-realm, including (but not 3898 limited to): 3899 - allow client to be non-existant (should probably check for 3900 "local realm") 3901 - if server isn't found and it is a request for a krbtgt, try to 3902 find a realm on the way to the requested realm 3903 - update the transited encoding iff 3904 client-realm != server-realm != tgt-realm 3905 3906 * lib/krb5/get_cred.c: Several fixes for cross-realm. 3907 3908Tue Sep 9 15:59:20 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3909 3910 * kdc/string2key.c: Fix password handling. 3911 3912 * lib/krb5/encrypt.c: krb5_key_to_string 3913 3914Tue Sep 9 07:46:05 1997 Assar Westerlund <assar@sics.se> 3915 3916 * lib/krb5/get_addrs.c: rewrote. Now should be able to handle 3917 aliases and IPv6 addresses 3918 3919 * kuser/klist.c: try printing IPv6 addresses 3920 3921 * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192 3922 3923 * configure.in: check for <netinet/in6_var.h> 3924 3925Mon Sep 8 02:57:14 1997 Assar Westerlund <assar@sics.se> 3926 3927 * doc: fixes 3928 3929 * admin/util.c (init_des_key): increase kvno 3930 (set_password): return -1 if `des_read_pw_string' failed 3931 3932 * admin/mod.c (doit2): check the return value from `set_password' 3933 3934 * admin/ank.c (doit): don't add a new entry if `set_password' 3935 failed 3936 3937Mon Sep 8 02:20:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3938 3939 * lib/krb5/verify_init.c: fix ap_req_nofail semantics 3940 3941 * lib/krb5/transited.c: something that might resemble 3942 domain-x500-compress 3943 3944Mon Sep 8 01:24:42 1997 Assar Westerlund <assar@sics.se> 3945 3946 * kdc/hpropd.c (main): check number of arguments 3947 3948 * appl/popper/pop_init.c (pop_init): check number of arguments 3949 3950 * kpasswd/kpasswd.c (main): check number of arguments 3951 3952 * kdc/string2key.c (main): check number of arguments 3953 3954 * kuser/kdestroy.c (main): check number of arguments 3955 3956 * kuser/kinit.c (main): check number of arguments 3957 3958 * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to 3959 break out of select when a signal arrives 3960 3961 * kdc/main.c (main): use sigaction without SA_RESTART to break out 3962 of select when a signal arrives 3963 3964 * kdc/kstash.c: default to HDB_DB_DIR "/m-key" 3965 3966 * kdc/config.c (configure): add `--version'. Check the number of 3967 arguments. Handle the case of there being no specification of port 3968 numbers. 3969 3970 * admin/util.c: seal and unseal key at appropriate places 3971 3972 * admin/kdb_edit.c (main): parse arguments, config file and read 3973 master key iff there's one. 3974 3975 * admin/extkeytab.c (ext_keytab): unseal key while extracting 3976 3977Sun Sep 7 20:41:01 1997 Assar Westerlund <assar@sics.se> 3978 3979 * lib/roken/roken.h: include <fcntl.h> 3980 3981 * kdc/kerberos5.c (set_salt_padata): new function 3982 3983 * appl/telnet/telnetd/telnetd.c: Rename some variables that 3984 conflict with cpp symbols on HP-UX 10.20 3985 3986 * change all calls of `gethostbyaddr' to cast argument 1 to `const 3987 char *' 3988 3989 * acconfig.h: only use SGTTY on nextstep 3990 3991Sun Sep 7 14:33:50 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3992 3993 * kdc/kerberos5.c: Check invalid flag. 3994 3995Fri Sep 5 14:19:38 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3996 3997 * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds. 3998 3999 * lib/kafs: Move functions common to krb/krb5 modules to new file, 4000 and make things more modular. 4001 4002 * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST 4003 -> krb5_config_list 4004 4005Thu Sep 4 23:39:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4006 4007 * lib/krb5/get_addrs.c: Fix loopback test. 4008 4009Thu Sep 4 04:45:49 1997 Assar Westerlund <assar@sics.se> 4010 4011 * lib/roken/roken.h: fallback definition of `O_ACCMODE' 4012 4013 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when 4014 checking for a v4 reply 4015 4016Wed Sep 3 18:20:14 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4017 4018 * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags. 4019 4020 * lib/hdb/hdb.c: new {seal,unseal}_keys functions 4021 4022 * kdc/{hprop,hpropd}.c: Add support to dump database to stdout. 4023 4024 * kdc/hprop.c: Don't use same master key as version 4. 4025 4026 * admin/util.c: Don't dump core if no `default' is found. 4027 4028Wed Sep 3 16:01:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4029 4030 * kdc/connect.c: Allow run time port specification. 4031 4032 * kdc/config.c: Add flags for http support, and port 4033 specifications. 4034 4035Tue Sep 2 02:00:03 1997 Assar Westerlund <assar@sics.se> 4036 4037 * include/bits.c: Don't generate ifndef's in bits.h. Instead, use 4038 them when building the program. This makes it possible to include 4039 bits.h without having defined all HAVE_INT17_T symbols. 4040 4041 * configure.in: test for sigaction 4042 4043 * doc: updated documentation. 4044 4045Tue Sep 2 00:20:31 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4046 4047 * Release 0.0g 4048 4049Mon Sep 1 17:42:14 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4050 4051 * lib/krb5/data.c: don't return ENOMEM if len == 0 4052 4053Sun Aug 31 17:15:49 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4054 4055 * lib/hdb/hdb.asn1: Include salt type in salt. 4056 4057 * kdc/hprop.h: Change port to 754. 4058 4059 * kdc/hpropd.c: Verify who tries to transmit a database. 4060 4061 * appl/popper: Use getarg and krb5_log. 4062 4063 * lib/krb5/get_port.c: Add context parameter. Now takes port in 4064 host byte order. 4065 4066Sat Aug 30 18:48:19 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4067 4068 * kdc/connect.c: Add timeout to select, and log about expired tcp 4069 connections. 4070 4071 * kdc/config.c: Add `database' option. 4072 4073 * kdc/hpropd.c: Log about duplicate entries. 4074 4075 * lib/hdb/{db,ndbm}.c: Use common routines. 4076 4077 * lib/hdb/common.c: Implement more generic fetch/store/delete 4078 functions. 4079 4080 * lib/hdb/hdb.h: Add `replace' parameter to store. 4081 4082 * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor 4083 entries. 4084 4085Fri Aug 29 03:13:23 1997 Assar Westerlund <assar@sics.se> 4086 4087 * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket 4088 4089 * aux/make-proto.pl: fix __P for stone age mode 4090 4091Fri Aug 29 02:45:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4092 4093 * lib/45/mk_req.c: implementation of krb_mk_req that uses 524 4094 protocol 4095 4096 * lib/krb5/init_creds_pw.c: make change_password and 4097 get_init_creds_common static 4098 4099 * lib/krb5/krb5.h: Merge stuff from removed headerfiles. 4100 4101 * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops 4102 4103 * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops 4104 4105Fri Aug 29 01:45:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4106 4107 * lib/krb5/krb5.h: Remove all prototypes. 4108 4109 * lib/krb5/convert_creds.c: Use `struct credentials' instead of 4110 `CREDENTIALS'. 4111 4112Fri Aug 29 00:08:18 1997 Assar Westerlund <assar@sics.se> 4113 4114 * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions 4115 and units for bit strings. 4116 4117 * admin/util.c: flags2int, int2flags, and flag_units are now 4118 generated by asn1_compile 4119 4120 * lib/roken/parse_units.c: generalised `parse_units' and 4121 `unparse_units' and added new functions `parse_flags' and 4122 `unparse_flags' that use these 4123 4124 * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h 4125 4126 * admin/util.c: Use {un,}parse_flags for printing and parsing 4127 hdbflags. 4128 4129Thu Aug 28 03:26:12 1997 Assar Westerlund <assar@sics.se> 4130 4131 * lib/krb5/get_addrs.c: restructured 4132 4133 * lib/krb5/warn.c (_warnerr): leak less memory 4134 4135 * lib/hdb/hdb.c (hdb_free_entry): zero keys 4136 (hdb_check_db_format): leak less memory 4137 4138 * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement 4139 NDBM__get, NDBM__put 4140 4141 * lib/hdb/db.c (DB_seq): check for valid hdb_entries 4142 4143Thu Aug 28 02:06:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4144 4145 * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets. 4146 4147Thu Aug 28 01:13:17 1997 Assar Westerlund <assar@sics.se> 4148 4149 * kuser/kinit.1, klist.1, kdestroy.1: new man pages 4150 4151 * kpasswd/kpasswd.1, kpasswdd.8: new man pages 4152 4153 * kdc/kstash.8, hprop.8, hpropd.8: new man pages 4154 4155 * admin/ktutil.8, admin/kdb_edit.8: new man pages 4156 4157 * admin/mod.c: new file 4158 4159 * admin/life.c: renamed gettime and puttime to getlife and putlife 4160 and moved them to life.c 4161 4162 * admin/util.c: add print_flags, parse_flags, init_entry, 4163 set_created_by, set_modified_by, edit_entry, set_password. Use 4164 them. 4165 4166 * admin/get.c: use print_flags 4167 4168 * admin: removed unused stuff. use krb5_{warn,err}* 4169 4170 * admin/ank.c: re-organized and abstracted. 4171 4172 * admin/gettime.c: removed 4173 4174Thu Aug 28 00:37:39 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4175 4176 * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply. 4177 4178 * lib/roken/base64.c: Add base64 functions. 4179 4180 * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support. 4181 4182Wed Aug 27 00:29:20 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4183 4184 * include/Makefile.am: Don't make links to built files. 4185 4186 * admin/kdb_edit.c: Add command to set the database path. 4187 4188 * lib/hdb: Include version number in database. 4189 4190Tue Aug 26 20:14:54 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4191 4192 * admin/ktutil: Merged v4 srvtab conversion. 4193 4194Mon Aug 25 23:02:18 1997 Assar Westerlund <assar@sics.se> 4195 4196 * lib/roken/roken.h: add F_OK 4197 4198 * lib/gssapi/acquire_creds.c: fix typo 4199 4200 * configure.in: call AC_TYPE_MODE_T 4201 4202 * acinclude.m4: Add AC_TYPE_MODE_T 4203 4204Sun Aug 24 16:46:53 1997 Assar Westerlund <assar@sics.se> 4205 4206 * Release 0.0f 4207 4208Sun Aug 24 08:06:54 1997 Assar Westerlund <assar@sics.se> 4209 4210 * appl/popper/pop_pass.c: log poppers 4211 4212 * kdc/kaserver.c: some more checks 4213 4214 * kpasswd/kpasswd.c: removed `-p' 4215 4216 * kuser/kinit.c: removed `-p' 4217 4218 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If 4219 KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again. 4220 4221 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out 4222 krb-error text 4223 4224 * lib/gssapi/import_name.c (input_name): more names types. 4225 4226 * admin/load.c (parse_keys): handle the case of an empty salt 4227 4228 * kdc/kaserver.c: fix up memory deallocation 4229 4230 * kdc/kaserver.c: quick hack at talking kaserver protocol 4231 4232 * kdc/kerberos4.c: Make `db-fetch4' global 4233 4234 * configure.in: add --enable-kaserver 4235 4236 * kdc/rx.h, kdc/kerberos4.h: new header files 4237 4238 * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o 4239 4240Sun Aug 24 03:52:44 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4241 4242 * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific 4243 type conflicts. 4244 4245 * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits. 4246 4247 * lib/des/{md4,md5,sha}.c: Now works on Crays. 4248 4249Sat Aug 23 18:15:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4250 4251 * appl/afsutil/afslog.c: If no cells or files specified, get 4252 tokens for all local cells. Better test for files. 4253 4254Thu Aug 21 23:33:38 1997 Assar Westerlund <assar@sics.se> 4255 4256 * lib/gssapi/v1.c: new file with v1 compatibility functions. 4257 4258Thu Aug 21 20:36:13 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4259 4260 * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket. 4261 4262 * kdc/kerberos4.c: Check database when converting v4 principals. 4263 4264 * kdc/kerberos5.c: Include kvno in Ticket. 4265 4266 * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData. 4267 4268 * kuser/klist.c: Print version number of ticket, include more 4269 flags. 4270 4271Wed Aug 20 21:26:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4272 4273 * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for 4274 expiration. 4275 4276Wed Aug 20 17:40:31 1997 Assar Westerlund <assar@sics.se> 4277 4278 * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff 4279 there's an error. 4280 4281 * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol 4282 documentation and process KRB-ERROR's 4283 4284Tue Aug 19 20:41:30 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4285 4286 * kdc/kerberos4.c: Fix memory leak in v4 protocol handler. 4287 4288Mon Aug 18 05:15:09 1997 Assar Westerlund <assar@sics.se> 4289 4290 * lib/gssapi/accept_sec_context.c: Added 4291 `gsskrb5_register_acceptor_identity' 4292 4293Sun Aug 17 01:40:20 1997 Assar Westerlund <assar@sics.se> 4294 4295 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't 4296 always pass server == NULL to krb5_rd_req. 4297 4298 * lib/gssapi: new files: canonicalize_name.c export_name.c 4299 context_time.c compare_name.c release_cred.c acquire_cred.c 4300 inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au> 4301 4302 * lib/krb5/config_file.c: Add netinfo support from Luke Howard 4303 <lukeh@xedoc.com.au> 4304 4305 * lib/editline/sysunix.c: sgtty-support from Luke Howard 4306 <lukeh@xedoc.com.au> 4307 4308 * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke 4309 Howard <lukeh@xedoc.com.au> 4310 4311Sat Aug 16 00:44:47 1997 Assar Westerlund <assar@koi.pdc.kth.se> 4312 4313 * Release 0.0e 4314 4315Sat Aug 16 00:23:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4316 4317 * appl/afsutil/afslog.c: Use new libkafs. 4318 4319 * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol. 4320 4321 * lib/krb5/warn.c: Fix format string for *x type. 4322 4323Fri Aug 15 22:15:01 1997 Assar Westerlund <assar@sics.se> 4324 4325 * admin/get.c (get_entry): print more information about the entry 4326 4327 * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed 4328 4329 * lib/krb5/config_file.c: new functions `krb5_config_get_time' and 4330 `krb5_config_vget_time'. Use them. 4331 4332Fri Aug 15 00:09:37 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4333 4334 * admin/ktutil.c: Keytab manipulation program. 4335 4336 * lib/krb5/keytab.c: Return sane values from resolve and 4337 start_seq_get. 4338 4339 * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'. 4340 4341 * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using 4342 krb524_convert_creds_kdc. 4343 4344 * lib/krb5/convert_creds.c: Implementation of 4345 krb524_convert_creds_kdc. 4346 4347 * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL 4348 4349 * kdc/524.c: A somewhat working 524-protocol module. 4350 4351 * kdc/kerberos4.c: Add version 4 ticket encoding and encryption 4352 functions. 4353 4354 * lib/krb5/context.c: Fix kdc_timeout. 4355 4356 * lib/hdb/{ndbm,db}.c: Free name in close. 4357 4358 * kdc/kerberos5.c (tgs_check_autenticator): Return error code 4359 4360Thu Aug 14 21:29:03 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4361 4362 * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply. 4363 4364 * lib/krb5/store_emem.c: Fix reallocation bug. 4365 4366Tue Aug 12 01:29:46 1997 Assar Westerlund <assar@sics.se> 4367 4368 * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use 4369 `krb5_sock_to_principal'. Send server parameter to 4370 krb5_rd_req/krb5_recvauth. Set addresses in auth_context. 4371 4372 * lib/krb5/recvauth.c: Set addresses in auth_context if there 4373 aren't any 4374 4375 * lib/krb5/auth_context.c: New function 4376 `krb5_auth_con_setaddrs_from_fd' 4377 4378 * lib/krb5/sock_principal.c: new function 4379 `krb5_sock_to_principal' 4380 4381 * lib/krb5/time.c: new file with `krb5_timeofday' and 4382 `krb5_us_timeofday'. Use these functions. 4383 4384 * kuser/klist.c: print KDC offset iff verbose 4385 4386 * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if 4387 [libdefaults]kdc_timesync is set. 4388 4389 * lib/krb5/fcache.c: Implement version 4 of the ccache format. 4390 4391Mon Aug 11 05:34:43 1997 Assar Westerlund <assar@sics.se> 4392 4393 * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory 4394 4395 * lib/krb5/principal.c (krb5_unparse_name): allocate memory 4396 properly 4397 4398 * kpasswd/kpasswd.c: Use `krb5_change_password' 4399 4400 * lib/krb5/init_creds_pw.c (init_cred): set realm of server 4401 correctly. 4402 4403 * lib/krb5/init_creds_pw.c: support changing of password when it 4404 has expired 4405 4406 * lib/krb5/changepw.c: new file 4407 4408 * kuser/klist.c: use getarg 4409 4410 * admin/init.c (init): add `kadmin/changepw' 4411 4412Mon Aug 11 04:30:47 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4413 4414 * lib/krb5/get_cred.c: Make get_credentials handle cross-realm. 4415 4416Mon Aug 11 00:03:24 1997 Assar Westerlund <assar@sics.se> 4417 4418 * lib/krb5/config_file.c: implement support for #-comments 4419 4420Sat Aug 9 02:21:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4421 4422 * kdc/hprop*.c: Add database propagation programs. 4423 4424 * kdc/connect.c: Max request size. 4425 4426Sat Aug 9 00:47:28 1997 Assar Westerlund <assar@sics.se> 4427 4428 * lib/otp: resurrected from krb4 4429 4430 * appl/push: new program for fetching mail with POP. 4431 4432 * appl/popper/popper.h: new include files. new fields in `POP' 4433 4434 * appl/popper/pop_pass.c: Implement both v4 and v5. 4435 4436 * appl/popper/pop_init.c: Implement both v4 and v5. 4437 4438 * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5 4439 4440 * appl/popper: Popper from krb4. 4441 4442 * configure.in: check for inline and <netinet/tcp.h> generate 4443 files in appl/popper, appl/push, and lib/otp 4444 4445Fri Aug 8 05:51:02 1997 Assar Westerlund <assar@sics.se> 4446 4447 * lib/krb5/get_cred.c: clean-up and try to free memory even when 4448 there're errors 4449 4450 * lib/krb5/get_cred.c: adapt to new `extract_ticket' 4451 4452 * lib/krb5/get_in_tkt.c: reorganize. check everything and try to 4453 return memory even if there are errors. 4454 4455 * kuser/kverify.c: new file 4456 4457 * lib/krb5/free_host_realm.c: new file 4458 4459 * lib/krb5/principal.c (krb5_sname_to_principal): implement 4460 different nametypes. Also free memory. 4461 4462 * lib/krb5/verify_init.c: more functionality 4463 4464 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum 4465 4466 * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the 4467 principals in creds. Should also compare them with that received 4468 from the KDC 4469 4470 * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated 4471 krb5_ccache 4472 (krb5_cc_destroy): call krb5_cc_close 4473 (krb5_cc_retrieve_cred): delete the unused creds 4474 4475Fri Aug 8 02:30:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4476 4477 * lib/krb5/log.c: Allow better control of destinations of logging 4478 (like passing explicit destinations, and log-functions). 4479 4480Fri Aug 8 01:20:39 1997 Assar Westerlund <assar@sics.se> 4481 4482 * lib/krb5/get_default_principal.c: new file 4483 4484 * kpasswd/kpasswdd.c: use krb5_log* 4485 4486Fri Aug 8 00:37:47 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4487 4488 * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab. 4489 4490Fri Aug 8 00:37:17 1997 Assar Westerlund <assar@sics.se> 4491 4492 * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'. 4493 Print password expire information. 4494 4495 * kdc/config.c: new variable `kdc_warn_pwexpire' 4496 4497 * kpasswd/kpasswd.c: converted to getarg and get_init_creds 4498 4499Thu Aug 7 22:17:09 1997 Assar Westerlund <assar@sics.se> 4500 4501 * lib/krb5/mcache.c: new file 4502 4503 * admin/gettime.c: new function puttime. Use it. 4504 4505 * lib/krb5/keyblock.c: Added krb5_free_keyblock and 4506 krb5_copy_keyblock 4507 4508 * lib/krb5/init_creds_pw.c: more functionality 4509 4510 * lib/krb5/creds.c: Added krb5_free_creds_contents and 4511 krb5_copy_creds. Changed callers. 4512 4513 * lib/krb5/config_file.c: new functions krb5_config_get and 4514 krb5_config_vget 4515 4516 * lib/krb5/cache.c: cleanup added mcache 4517 4518 * kdc/kerberos5.c: include last-req's of type 6 and 7, if 4519 applicable 4520 4521Wed Aug 6 20:38:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4522 4523 * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'. 4524 4525Tue Aug 5 22:53:54 1997 Assar Westerlund <assar@sics.se> 4526 4527 * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c, 4528 prompter_posix.c: the beginning of an implementation of the cygnus 4529 initial-ticket API. 4530 4531 * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global 4532 4533 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is 4534 almost krb5_get_in_tkt but doesn't write the creds to the ccache. 4535 Small fixes in krb5_get_in_tkt 4536 4537 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include 4538 loopback. 4539 4540Mon Aug 4 20:20:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4541 4542 * kdc: Make context global. 4543 4544Fri Aug 1 17:23:56 1997 Assar Westerlund <assar@sics.se> 4545 4546 * Release 0.0d 4547 4548 * lib/roken/flock.c: new file 4549 4550 * kuser/kinit.c: check for and print expiry information in the 4551 `kdc_rep' 4552 4553 * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL 4554 4555 * kdc/kerberos5.c: Check the valid times on client and server. 4556 Check the password expiration. 4557 Check the require_preauth flag. 4558 Send an lr_type == 6 with pw_end. 4559 Set key.expiration to min(valid_end, pw_end) 4560 4561 * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw' 4562 4563 * admin/util.c, admin/load.c: handle the new flags. 4564 4565Fri Aug 1 16:56:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4566 4567 * lib/hdb: Add some simple locking. 4568 4569Sun Jul 27 04:44:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4570 4571 * lib/krb5/log.c: Add some general logging functions. 4572 4573 * kdc/kerberos4.c: Add version 4 protocol handler. The requrement 4574 for this to work is that all involved principals has a des key in 4575 the database, and that the client has a version 4 (un-)salted 4576 key. Furthermore krb5_425_conv_principal has to do it's job, as 4577 present it's not very clever. 4578 4579 * lib/krb5/principal.c: Quick patch to make 425_conv work 4580 somewhat. 4581 4582 * lib/hdb/hdb.c: Add keytype->key and next key functions. 4583 4584Fri Jul 25 17:32:12 1997 Assar Westerlund <assar@sics.se> 4585 4586 * lib/krb5/build_auth.c (krb5_build_authenticator): don't free 4587 `cksum'. It's allocated and freed by the caller 4588 4589 * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'. 4590 4591 * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined 4592 `client' to return as part of the KRB-ERROR 4593 4594Thu Jul 24 08:13:59 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4595 4596 * kdc/kerberos5.c: Unseal keys from database before use. 4597 4598 * kdc/misc.c: New functions set_master_key, unseal_key and 4599 free_key. 4600 4601 * lib/roken/getarg.c: Handle `-f arg' correctly. 4602 4603Thu Jul 24 01:54:43 1997 Assar Westerlund <assar@sics.se> 4604 4605 * kuser/kinit.c: implement `-l' aka `--lifetime' 4606 4607 * lib/roken/parse_units.c, parse_time.c: new files 4608 4609 * admin/gettime.c (gettime): use `parse_time' 4610 4611 * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending 4612 KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA. 4613 4614 * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set 4615 addresses in auth_context bind one socket per interface. 4616 4617 * kpasswd/kpasswd.c: use sequence numbers 4618 4619 * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying 4620 the timestamps 4621 4622 * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key 4623 from auth_context 4624 4625 * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key 4626 from auth_context 4627 4628 * lib/krb5/mk_error.c (krb5_mk_error): return an error number and 4629 not a comerr'd number. 4630 4631 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error 4632 number in KRB-ERROR correctly. 4633 4634 * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error 4635 number in KRB-ERROR correctly. 4636 4637 * lib/asn1/k5.asn1: Add `METHOD-DATA' 4638 4639 * removed some memory leaks. 4640 4641Wed Jul 23 07:53:18 1997 Assar Westerlund <assar@sics.se> 4642 4643 * Release 0.0c 4644 4645 * lib/krb5/rd_cred.c, get_for_creds.c: new files 4646 4647 * lib/krb5/get_host_realm.c: try default realm as last chance 4648 4649 * kpasswd/kpasswdd.c: updated to hdb changes 4650 4651 * appl/telnet/libtelnet/kerberos5.c: Implement forwarding 4652 4653 * appl/telnet/libtelnet: removed totally unused files 4654 4655 * admin/ank.c: fix prompts and generation of random keys 4656 4657Wed Jul 23 04:02:32 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4658 4659 * admin/dump.c: Include salt in dump. 4660 4661 * admin: Mostly updated for new db-format. 4662 4663 * kdc/kerberos5.c: Update to use new db format. Better checking of 4664 flags and such. More logging. 4665 4666 * lib/hdb/hdb.c: Use generated encode and decode functions. 4667 4668 * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code. 4669 4670 * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none 4671 in the reply. 4672 4673Sun Jul 20 16:22:30 1997 Assar Westerlund <assar@sics.se> 4674 4675 * kuser/kinit.c: break if des_read_pw_string() != 0 4676 4677 * kpasswd/kpasswdd.c: send a reply 4678 4679 * kpasswd/kpasswd.c: restructured code. better report on 4680 krb-error break if des_read_pw_string() != 0 4681 4682 * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for 4683 starttime and renew_till 4684 4685 * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a 4686 keyblock to krb5_verify_chekcsum 4687 4688Sun Jul 20 06:35:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4689 4690 * Release 0.0b 4691 4692 * kpasswd/kpasswd.c: Avoid using non-standard struct names. 4693 4694Sat Jul 19 19:26:23 1997 Assar Westerlund <assar@sics.se> 4695 4696 * lib/krb5/keytab.c (krb5_kt_get_entry): check return from 4697 `krb5_kt_start_seq_get'. From <map@stacken.kth.se> 4698 4699Sat Jul 19 04:07:39 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4700 4701 * lib/asn1/k5.asn1: Update with more pa-data types from 4702 draft-ietf-cat-kerberos-revisions-00.txt 4703 4704 * admin/load.c: Update to match current db-format. 4705 4706 * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving 4707 up. Send back an empty pa-data if the client has the v4 flag set. 4708 4709 * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted 4710 pa-data. DTRT if there is any pa-data in the reply. 4711 4712 * lib/krb5/str2key.c: XOR with some sane value. 4713 4714 * lib/hdb/hdb.h: Add `version 4 salted key' flag. 4715 4716 * kuser/kinit.c: Ask for password before calling get_in_tkt. This 4717 makes it possible to call key_proc more than once. 4718 4719 * kdc/string2key.c: Add flags to output version 5 (DES only), 4720 version 4, and AFS string-to-key of a password. 4721 4722 * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or 4723 ENOMEM). 4724 4725Fri Jul 18 02:54:58 1997 Assar Westerlund <assar@sics.se> 4726 4727 * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the 4728 name2name thing 4729 4730 * kdc/misc.c: check result of hdb_open 4731 4732 * admin/kdb_edit: updated to new sl 4733 4734 * lib/sl: sl_func now returns an int. != 0 means to exit. 4735 4736 * kpasswd/kpasswdd: A crude (but somewhat working) implementation 4737 of `draft-ietf-cat-kerb-chg-password-00.txt' 4738 4739Fri Jul 18 00:55:39 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4740 4741 * kuser/krenew.c: Crude ticket renewing program. 4742 4743 * kdc/kerberos5.c: Rewritten flags parsing, it now might work to 4744 get forwarded and renewed tickets. 4745 4746 * kuser/kinit.c: Add `-r' flag. 4747 4748 * lib/krb5/get_cred.c: Move most of contents of get_creds to new 4749 function get_kdc_cred, that always contacts the kdc and doesn't 4750 save in the cache. This is a hack. 4751 4752 * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request 4753 (a bit kludgy). 4754 4755 * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in. 4756 4757 * lib/krb5/send_to_kdc.c: Get timeout from context. 4758 4759 * lib/krb5/context.c: Add kdc_timeout to context struct. 4760 4761Thu Jul 17 20:35:45 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4762 4763 * kuser/klist.c: Print start time of ticket if available. 4764 4765 * lib/krb5/get_host_realm.c: Return error if no realm was found. 4766 4767Thu Jul 17 20:28:21 1997 Assar Westerlund <assar@sics.se> 4768 4769 * kpasswd: non-working kpasswd added 4770 4771Thu Jul 17 00:21:22 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4772 4773 * Release 0.0a 4774 4775 * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement. 4776 4777Wed Jul 16 03:37:41 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4778 4779 * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req. 4780 4781 * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote 4782 subkey. 4783 4784 * lib/krb5/principal.c (krb5_free_principal): Check for NULL. 4785 4786 * lib/krb5/send_to_kdc.c: Check for NULL return from 4787 gethostbyname. 4788 4789 * lib/krb5/set_default_realm.c: Try to get realm of local host if 4790 no default realm is available. 4791 4792 * Remove non ASN.1 principal code. 4793 4794Wed Jul 16 03:17:30 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4795 4796 * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better 4797 error handing. Do some logging. 4798 4799 * kdc/log.c: Some simple logging facilities. 4800 4801 * kdc/misc.c (db_fetch): Take a krb5_principal. 4802 4803 * kdc/connect.c: Pass address of request to as_rep and 4804 tgs_rep. Send KRB-ERROR. 4805 4806 * lib/krb5/mk_error.c: Add more fields. 4807 4808 * lib/krb5/get_cred.c: Print normal error code if no e_text is 4809 available. 4810 4811Wed Jul 16 03:07:50 1997 Assar Westerlund <assar@sics.se> 4812 4813 * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'. 4814 Change encryption type of pa_enc_timestamp to DES-CBC-MD5 4815 4816 * lib/krb5/context.c: recognize all encryption types actually 4817 implemented 4818 4819 * lib/krb5/auth_context.c (krb5_auth_con_init): Change default 4820 encryption type to `DES_CBC_MD5' 4821 4822 * lib/krb5/read_message.c, write_message.c: new files 4823 4824Tue Jul 15 17:14:21 1997 Assar Westerlund <assar@sics.se> 4825 4826 * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'. 4827 4828 * lib/error/compile_et.awk: generate a prototype for the 4829 `destroy_foo_error_table' function. 4830 4831Mon Jul 14 12:24:40 1997 Assar Westerlund <assar@sics.se> 4832 4833 * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also 4834 with `kerberos.REALM' 4835 4836 * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use 4837 `max_skew' 4838 4839 * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator 4840 subkey 4841 4842 * lib/krb5/build_auth.c (krb5_build_authenticator): always 4843 generate a subkey. 4844 4845 * lib/krb5/address.c: implement `krb5_address_order' 4846 4847 * lib/gssapi/import_name.c: Implement `gss_import_name' 4848 4849 * lib/gssapi/external.c: Use new OID 4850 4851 * lib/gssapi/encapsulate.c: New functions 4852 `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed 4853 callers. 4854 4855 * lib/gssapi/decapsulate.c: New function 4856 `gssaspi_krb5_verify_header'. Changed callers. 4857 4858 * lib/asn1/gen*.c: Give tags to generated structs. 4859 Use `err' and `asprintf' 4860 4861 * appl/test/gss_common.c: new file 4862 4863 * appl/test/gssapi_server.c: removed all krb5 calls 4864 4865 * appl/telnet/libtelnet/kerberos5.c: Add support for genering and 4866 verifying checksums. Also start using session subkeys. 4867 4868Mon Jul 14 12:08:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4869 4870 * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up. 4871 4872Sun Jul 13 03:07:44 1997 Assar Westerlund <assar@sics.se> 4873 4874 * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT 4875 4876 * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and 4877 `DES_encrypt_key_ivec' 4878 4879 * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des 4880 4881 * kdc/kerberos5.c (tgs_rep): support keyed checksums 4882 4883 * lib/krb5/creds.c: new file 4884 4885 * lib/krb5/get_in_tkt.c: better freeing 4886 4887 * lib/krb5/context.c (krb5_free_context): more freeing 4888 4889 * lib/krb5/config_file.c: New function `krb5_config_file_free' 4890 4891 * lib/error/compile_et.awk: Generate a `destroy_' function. 4892 4893 * kuser/kinit.c, klist.c: Don't leak memory. 4894 4895Sun Jul 13 02:46:27 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4896 4897 * kdc/connect.c: Check filedescriptor in select. 4898 4899 * kdc/kerberos5.c: Remove most of the most common memory leaks. 4900 4901 * lib/krb5/rd_req.c: Free allocated data. 4902 4903 * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of 4904 fields. 4905 4906Sun Jul 13 00:32:16 1997 Assar Westerlund <assar@sics.se> 4907 4908 * appl/telnet: Conditionalize the krb4-support. 4909 4910 * configure.in: Test for krb4 4911 4912Sat Jul 12 17:14:12 1997 Assar Westerlund <assar@sics.se> 4913 4914 * kdc/kerberos5.c: check if the pre-auth was decrypted properly. 4915 set the `pre_authent' flag 4916 4917 * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce. 4918 4919 * lib/krb5/encrypt.c: Made `generate_random_block' global. 4920 4921 * appl/test: Added gssapi_client and gssapi_server. 4922 4923 * lib/krb5/data.c: Add `krb5_data_zero' 4924 4925 * appl/test/tcp_client.c: try `mk_safe' and `mk_priv' 4926 4927 * appl/test/tcp_server.c: try `rd_safe' and `rd_priv' 4928 4929Sat Jul 12 16:45:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4930 4931 * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but 4932 returns zero length from SIOCGIFCONF. 4933 4934Sat Jul 12 16:38:34 1997 Assar Westerlund <assar@sics.se> 4935 4936 * appl/test: new programs 4937 4938 * lib/krb5/rd_req.c: add address compare 4939 4940 * lib/krb5/mk_req_ext.c: allow no checksum 4941 4942 * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string 4943 4944 * lib/krb5/address.c: fix `krb5_address_compare' 4945 4946Sat Jul 12 15:03:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4947 4948 * lib/krb5/get_addrs.c: Fix ip4 address extraction. 4949 4950 * kuser/klist.c: Add verbose flag, and split main into smaller 4951 pieces. 4952 4953 * lib/krb5/fcache.c: Save ticket flags. 4954 4955 * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and 4956 flags. 4957 4958 * lib/krb5/krb5.h: Add ticket_flags to krb5_creds. 4959 4960Sat Jul 12 13:12:48 1997 Assar Westerlund <assar@sics.se> 4961 4962 * configure.in: Call `AC_KRB_PROG_LN_S' 4963 4964 * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4 4965 4966Sat Jul 12 00:57:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4967 4968 * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to 4969 pass options. 4970 4971Fri Jul 11 15:04:22 1997 Assar Westerlund <assar@sics.se> 4972 4973 * appl/telnet: telnet & telnetd seems to be working. 4974 4975 * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed 4976 krb5_config_vget_next 4977 4978 * appl/telnet/libtelnet/kerberos5.c: update to current API 4979 4980Thu Jul 10 14:54:39 1997 Assar Westerlund <assar@sics.se> 4981 4982 * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call 4983 `krb5_kuserok' 4984 4985 * appl/telnet: Added. 4986 4987Thu Jul 10 05:09:25 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4988 4989 * lib/error/compile_et.awk: Remove usage of sub, gsub, and 4990 functions for compatibility with awk. 4991 4992 * include/bits.c: Must use signed char. 4993 4994 * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets 4995 here. 4996 4997 * lib/error/error.c: Replace krb5_get_err_text with new function 4998 com_right. 4999 5000 * lib/error/compile_et.awk: Avoid using static variables. 5001 5002 * lib/error/error.c: Don't use krb5_locl.h 5003 5004 * lib/error/error.h: Move definitions of error_table and 5005 error_list from krb5.h. 5006 5007 * lib/error: Moved from lib/krb5. 5008 5009Wed Jul 9 07:42:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5010 5011 * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data. 5012 5013Wed Jul 9 06:58:00 1997 Assar Westerlund <assar@sics.se> 5014 5015 * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff 5016 according to pseudocode from 1510 5017 5018Wed Jul 9 06:06:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5019 5020 * lib/hdb/hdb.c: Add hdb_etype2key. 5021 5022 * kdc/kerberos5.c: Check authenticator. Use more general etype 5023 functions. 5024 5025Wed Jul 9 03:51:12 1997 Assar Westerlund <assar@sics.se> 5026 5027 * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to 5028 draft-ietf-cat-kerberos-r-00.txt 5029 5030 * lib/krb5/principal.c (krb5_parse_name): default to local realm 5031 if none given 5032 5033 * kuser/kinit.c: New option `-p' and prompt 5034 5035Wed Jul 9 02:30:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5036 5037 * lib/krb5/keyblock.c: Keyblock generation functions. 5038 5039 * lib/krb5/encrypt.c: Use functions from checksum.c. 5040 5041 * lib/krb5/checksum.c: Move checksum functions here. Add 5042 krb5_cksumsize function. 5043 5044Wed Jul 9 01:15:38 1997 Assar Westerlund <assar@sics.se> 5045 5046 * lib/krb5/get_host_realm.c: implemented 5047 5048 * lib/krb5/config_file.c: Redid part. New functions: 5049 krb5_config_v?get_next 5050 5051 * kuser/kdestroy.c: new program 5052 5053 * kuser/kinit.c: new flag `-f' 5054 5055 * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress 5056 5057 * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN 5058 5059 * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all 5060 users. 5061 5062 * lib/krb5/get_addrs.c: figure out all local addresses, possibly 5063 even IPv6! 5064 5065 * lib/krb5/checksum.c: table-driven checksum 5066 5067Mon Jul 7 21:13:28 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5068 5069 * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as 5070 krb5_encrypt. 5071 5072Mon Jul 7 11:15:51 1997 Assar Westerlund <assar@sics.se> 5073 5074 * lib/roken/vsyslog.c: new file 5075 5076 * lib/krb5/encrypt.c: add des-cbc-md4. 5077 adjust krb5_encrypt and krb5_decrypt to reality 5078 5079Mon Jul 7 02:46:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5080 5081 * lib/krb5/encrypt.c: Implement as a vector of function pointers. 5082 5083 * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and 5084 des-cbc-md5 in separate functions. 5085 5086 * lib/krb5/krb5.h: Add more checksum and encryption types. 5087 5088 * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt. 5089 5090Sun Jul 6 23:02:59 1997 Assar Westerlund <assar@sics.se> 5091 5092 * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files 5093 5094 * lib/krb5/config_file.[ch]: new c-based configuration reading 5095 stuff 5096 5097Wed Jul 2 23:12:56 1997 Assar Westerlund <assar@sics.se> 5098 5099 * configure.in: Set WFLAGS if using gcc 5100 5101Wed Jul 2 17:47:03 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5102 5103 * lib/asn1/der_put.c (der_put_int): Return size correctly. 5104 5105 * admin/ank.c: Be compatible with the asn1 principal format. 5106 5107Wed Jul 1 23:52:20 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5108 5109 * lib/asn1: Now all decode_* and encode_* functions now take a 5110 final size_t* argument, that they return the size in. Return 5111 values are zero for success, and anything else (such as some 5112 ASN1_* constant) for error. 5113 5114Mon Jun 30 06:08:14 1997 Assar Westerlund <assar@sics.se> 5115 5116 * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to 5117 O_WRONLY | O_APPEND 5118 5119 * lib/krb5/get_cred.c: removed stale prototype for 5120 `extract_ticket' and corrected call. 5121 5122 * lib/asn1/gen_length.c (length_type): Make the length functions 5123 for SequenceOf non-destructive 5124 5125 * admin/ank.c (doit): Fix reading of `y/n'. 5126 5127Mon Jun 16 05:41:43 1997 Assar Westerlund <assar@sics.se> 5128 5129 * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number 5130 5131 * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number. 5132 5133 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set 5134 KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum. 5135 5136 * lib/gssapi/8003.c: New file. 5137 5138 * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1 5139 Authenticator. 5140 5141 * lib/krb5/auth_context.c: New functions 5142 `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber' 5143 5144Tue Jun 10 00:35:54 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5145 5146 * lib/krb5: Preapre for use of some asn1-types. 5147 5148 * lib/asn1/*.c (copy_*): Constness. 5149 5150 * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an 5151 octet_string. 5152 5153 * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * -> 5154 general_string 5155 5156 * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't 5157 have anything to do with asn1_compile. 5158 5159 * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes. 5160 5161Sun Jun 8 03:51:55 1997 Assar Westerlund <assar@sics.se> 5162 5163 * kdc/kerberos5.c: Fix PA-ENC-TS-ENC 5164 5165 * kdc/connect.c(process_request): Set `new' 5166 5167 * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way. 5168 5169 * lib: Added editline,sl,roken. 5170 5171Mon Jun 2 00:37:48 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5172 5173 * lib/krb5/fcache.c: Move file cache from cache.c. 5174 5175 * lib/krb5/cache.c: Allow more than one cache type. 5176 5177Sun Jun 1 23:45:33 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5178 5179 * admin/extkeytab.c: Merged with kdb_edit. 5180 5181Sun Jun 1 23:23:08 1997 Assar Westerlund <assar@sics.se> 5182 5183 * kdc/kdc.c: more support for ENC-TS-ENC 5184 5185 * lib/krb5/get_in_tkt.c: redone to enable pre-authentication 5186 5187Sun Jun 1 22:45:11 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5188 5189 * lib/hdb/db.c: Merge fetch and store. 5190 5191 * admin: Merge to one program. 5192 5193 * lib/krb5/str2key.c: Fill in keytype and length. 5194 5195Sun Jun 1 16:31:23 1997 Assar Westerlund <assar@sics.se> 5196 5197 * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c, 5198 lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for 5199 KRB5_AUTH_CONTEXT_DO_SEQUENCE 5200 5201 * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an 5202 KRB_ERROR. Some support for PA_ENC_TS_ENC. 5203 5204 * lib/krb5/auth_context.c: implemented seq_number functions 5205 5206 * lib/krb5/generate_subkey.c, generate_seq_number.c: new files 5207 5208 * lib/gssapi/gssapi.h: avoid including <krb5.h> 5209 5210 * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake 5211 happy 5212 5213 * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP 5214 5215 * configure.in: adapted to automake 1.1p 5216 5217Mon May 26 22:26:21 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5218 5219 * lib/krb5/principal.c: Add contexts to many functions. 5220 5221Thu May 15 20:25:37 1997 Johan Danielsson <joda@emma.pdc.kth.se> 5222 5223 * lib/krb5/verify_user.c: First stab at a verify user. 5224 5225 * lib/auth/sia/sia5.c: SIA module for Kerberos 5. 5226 5227Mon Apr 14 00:09:03 1997 Assar Westerlund <assar@sics.se> 5228 5229 * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be 5230 able to (mostly) run gss-client and gss-server. 5231 5232 * lib/krb5/keytab.c: implemented krb5_kt_add_entry, 5233 krb5_kt_store_principal, krb5_kt_store_keyblock 5234 5235 * lib/des/md5.[ch], sha.[ch]: new files 5236 5237 * lib/asn1/der_get.c (generalizedtime2time): use `timegm' 5238 5239 * lib/asn1/timegm.c: new file 5240 5241 * admin/extkeytab.c: new program 5242 5243 * admin/admin_locl.h: new file 5244 5245 * admin/Makefile.am: Added extkeytab 5246 5247 * configure.in: moved config to include 5248 removed timezone garbage 5249 added lib/gssapi and admin 5250 5251 * Makefile.am: Added admin 5252 5253Mon Mar 17 11:34:05 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5254 5255 * kdc/kdc.c: Use new copying functions, and free some data. 5256 5257 * lib/asn1/Makefile.am: Try to not always rebuild generated files. 5258 5259 * lib/asn1/der_put.c: Add fix_dce(). 5260 5261 * lib/asn1/der_{get,length,put}.c: Fix include files. 5262 5263 * lib/asn1/der_free.c: Remove unused functions. 5264 5265 * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free, 5266 gen_length, and gen_copy. 5267 5268Sun Mar 16 18:13:52 1997 Assar Westerlund <assar@sics.se> 5269 5270 * lib/krb5/sendauth.c: implemented functionality 5271 5272 * lib/krb5/rd_rep.c: Use `krb5_decrypt' 5273 5274 * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' == 5275 NULL 5276 5277 * lib/krb5/principal.c (krb5_free_principal): added `context' 5278 argument. Changed all callers. 5279 5280 (krb5_sname_to_principal): new function 5281 5282 * lib/krb5/auth_context.c (krb5_free_authenticator): add `context' 5283 argument. Changed all callers 5284 5285 * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files 5286 5287 * lib/asn1/gen.c: Fix encoding and decoding of BitStrings 5288 5289Fri Mar 14 11:29:00 1997 Assar Westerlund <assar@sics.se> 5290 5291 * configure.in: look for *dbm? 5292 5293 * lib/asn1/gen.c: Fix filename in generated files. Check fopens. 5294 Put trailing newline in asn1_files. 5295 5296Fri Mar 14 05:06:44 1997 Johan Danielsson <joda@emma.pdc.kth.se> 5297 5298 * lib/krb5/get_in_tkt.c: Fix some memory leaks. 5299 5300 * lib/krb5/krbhst.c: Properly free hostlist. 5301 5302 * lib/krb5/decrypt.c: CRCs are 32 bits. 5303 5304Fri Mar 14 04:39:15 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5305 5306 * lib/asn1/gen.c: Generate one file for each type. 5307 5308Fri Mar 14 04:13:47 1997 Assar Westerlund <assar@sics.se> 5309 5310 * lib/asn1/gen.c: Generate `length_FOO' functions 5311 5312 * lib/asn1/der_length.c: new file 5313 5314 * kuser/klist.c: renamed stime -> printable_time to avoid conflict 5315 on HP/UX 5316 5317Fri Mar 14 03:37:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> 5318 5319 * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free 5320 datums. Don't add .db to filename. 5321 5322Fri Mar 14 02:49:51 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5323 5324 * kdc/dump.c: Database dump program. 5325 5326 * kdc/ank.c: Trivial database editing program. 5327 5328 * kdc/{kdc.c, load.c}: Use libhdb. 5329 5330 * lib/hdb: New database routine library. 5331 5332 * lib/krb5/error/Makefile.am: Add hdb_err. 5333 5334Wed Mar 12 17:41:14 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5335 5336 * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support. 5337 5338 * lib/asn1/gen.c: Generate free functions. 5339 5340 * Some specific free functions. 5341 5342Wed Mar 12 12:30:13 1997 Assar Westerlund <assar@sics.se> 5343 5344 * lib/krb5/krb5_mk_req_ext.c: new file 5345 5346 * lib/asn1/gen.c: optimize the case with a simple type 5347 5348 * lib/krb5/get_cred.c (krb5_get_credentials): Use 5349 `mk_req_extended' and remove old code. 5350 5351 * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an 5352 EncASRepPart, then with an EncTGSRepPart. 5353 5354Wed Mar 12 08:26:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5355 5356 * lib/krb5/store_emem.c: New resizable memory storage. 5357 5358 * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c 5359 5360 * lib/krb5/krb5.h: Add free entry to krb5_storage. 5361 5362 * lib/krb5/decrypt.c: Make keyblock const. 5363 5364Tue Mar 11 20:22:17 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5365 5366 * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket. 5367 5368 * lib/krb5/rd_req.c: Return whole asn.1 ticket in 5369 krb5_ticket->tkt. 5370 5371 * lib/krb5/get_in_tkt.c: TGS -> AS 5372 5373 * kuser/kfoo.c: Print error string rather than number. 5374 5375 * kdc/kdc.c: Some kind of non-working TGS support. 5376 5377Mon Mar 10 01:43:22 1997 Assar Westerlund <assar@sics.se> 5378 5379 * lib/asn1/gen.c: reduced generated code by 1/5 5380 5381 * lib/asn1/der_put.c: (der_put_length_and_tag): new function 5382 5383 * lib/asn1/der_get.c (der_match_tag_and_length): new function 5384 5385 * lib/asn1/der.h: added prototypes 5386 5387Mon Mar 10 01:15:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5388 5389 * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for 5390 krb5_rd_req_with_keyblock. 5391 5392 * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that 5393 takes a precomputed keyblock. 5394 5395 * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code. 5396 5397 * lib/krb5/mk_req.c: Calculate checksum of in_data. 5398 5399Sun Mar 9 21:17:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5400 5401 * lib/krb5/error/compile_et.awk: Add a declaration of struct 5402 error_list, and multiple inclusion block to header files. 5403 5404Sun Mar 9 21:01:12 1997 Assar Westerlund <assar@sics.se> 5405 5406 * lib/krb5/rd_req.c: do some checks on times 5407 5408 * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c, 5409 address.c}: new files 5410 5411 * lib/krb5/auth_context.c: more code 5412 5413 * configure.in: try to figure out timezone 5414 5415Sat Mar 8 11:41:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5416 5417 * lib/krb5/error/error.c: Try strerror if error code wasn't found. 5418 5419 * lib/krb5/get_in_tkt.c: Remove realm parameter from 5420 krb5_get_salt. 5421 5422 * lib/krb5/context.c: Initialize error table. 5423 5424 * kdc: The beginnings of a kdc. 5425 5426Sat Mar 8 08:16:28 1997 Assar Westerlund <assar@sics.se> 5427 5428 * lib/krb5/rd_safe.c: new file 5429 5430 * lib/krb5/checksum.c (krb5_verify_checksum): New function 5431 5432 * lib/krb5/get_cred.c: use krb5_create_checksum 5433 5434 * lib/krb5/checksum.c: new file 5435 5436 * lib/krb5/store.c: no more arithmetic with void* 5437 5438 * lib/krb5/cache.c: now seems to work again 5439 5440Sat Mar 8 06:58:09 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5441 5442 * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5. 5443 5444 * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c. 5445 5446 * lib/krb5/asn1_glue.c: Moved some asn1-stuff here. 5447 5448 * lib/krb5/{cache,keytab}.c: Use new storage functions. 5449 5450 * lib/krb5/krb5.h: Protypes for new storage functions. 5451 5452 * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write 5453 data to more than file descriptors. 5454 5455Sat Mar 8 01:01:17 1997 Assar Westerlund <assar@sics.se> 5456 5457 * lib/krb5/encrypt.c: New file. 5458 5459 * lib/krb5/Makefile.am: More -I 5460 5461 * configure.in: Test for big endian, random, rand, setitimer 5462 5463 * lib/asn1/gen.c: perhaps even decodes bitstrings 5464 5465Thu Mar 6 19:05:29 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5466 5467 * lib/krb5/config_file.y: Better return values on error. 5468 5469Sat Feb 8 15:59:56 1997 Assar Westerlund <assar@pdc.kth.se> 5470 5471 * lib/asn1/parse.y: ifdef HAVE_STRDUP 5472 5473 * lib/asn1/lex.l: ifdef strdup 5474 brange-dead version of list of special characters to make stupid 5475 lex accept it. 5476 5477 * lib/asn1/gen.c: A DER integer should really be a `unsigned' 5478 5479 * lib/asn1/der_put.c: A DER integer should really be a `unsigned' 5480 5481 * lib/asn1/der_get.c: A DER integer should really be a `unsigned' 5482 5483 * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is 5484 needed. 5485 5486 * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c, 5487 lib/krb/store.h: new files. 5488 5489 * lib/krb5/keytab.c: now even with some functionality. 5490 5491 * lib/asn1/gen.c: changed paramater from void * to Foo * 5492 5493 * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty 5494 string. 5495 5496Sun Jan 19 06:17:39 1997 Assar Westerlund <assar@pdc.kth.se> 5497 5498 * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in 5499 cc before getting new ones. 5500 5501 * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype. 5502 5503 * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the 5504 CRC should be stored LSW first. (?) 5505 5506 * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and 5507 `krb5_free_keyblock' 5508 5509 * lib/**/Makefile.am: Rename foo libfoo.a 5510 5511 * include/Makefile.in: Use test instead of [ 5512 -e does not work with /bin/sh on psoriasis 5513 5514 * configure.in: Search for awk 5515 create lib/krb/error/compile_et 5516 5517Tue Jan 14 03:46:26 1997 Assar Westerlund <assar@pdc.kth.se> 5518 5519 * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c 5520 5521Wed Dec 18 00:53:55 1996 Johan Danielsson <joda@emma.pdc.kth.se> 5522 5523 * kuser/kinit.c: Guess principal. 5524 5525 * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some 5526 warnings. 5527 5528 * lib/krb5/error/asn1_err.et: Add ASN.1 error messages. 5529 5530 * lib/krb5/mk_req.c: Get client from cache. 5531 5532 * lib/krb5/cache.c: Add better error checking some useful return 5533 values. 5534 5535 * lib/krb5/krb5.h: Fix krb5_auth_context. 5536 5537 * lib/asn1/der.h: Make krb5_data compatible with krb5.h 5538 5539Tue Dec 17 01:32:36 1996 Johan Danielsson <joda@emma.pdc.kth.se> 5540 5541 * lib/krb5/error: Add primitive error library. 5542 5543Mon Dec 16 16:30:20 1996 Johan Danielsson <joda@emma.pdc.kth.se> 5544 5545 * lib/krb5/cache.c: Get correct address type from cache. 5546 5547 * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1. 5548 5549