ChangeLog revision 57419
12000-02-14 Assar Westerlund <assar@sics.se> 2 3 * Release 0.2o 4 52000-02-13 Assar Westerlund <assar@sics.se> 6 7 * lib/krb5/Makefile.am: set version to 9:0:0 8 9 * kdc/kaserver.c (do_authenticate): return the kvno of the server 10 and not the client. Thanks to Brandon S. Allbery KF8NH 11 <allbery@kf8nh.apk.net> and Chaskiel M Grundman 12 <cg2v@andrew.cmu.edu> for debugging. 13 14 * kdc/kerberos4.c (do_version4): if an tgs-req is received with an 15 old kvno, return an error reply and write a message in the log. 16 172000-02-12 Assar Westerlund <assar@sics.se> 18 19 * appl/test/gssapi_server.c (proto): with `--fork', create a child 20 and send over/receive creds with export/import_sec_context 21 * appl/test/gssapi_client.c (proto): with `--fork', create a child 22 and send over/receive creds with export/import_sec_context 23 * appl/test/common.c: add `--fork' / `-f' (only used by gssapi) 24 252000-02-11 Assar Westerlund <assar@sics.se> 26 27 * kdc/kdc_locl.h: remove keyfile add explicit_addresses 28 * kdc/connect.c (init_sockets): pay attention to 29 explicit_addresses some more comments. better error messages. 30 * kdc/config.c: add some comments. 31 remove --key-file. 32 add --addresses. 33 34 * lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use 35 proper abstraction 36 372000-02-07 Johan Danielsson <joda@pdc.kth.se> 38 39 * lib/krb5/changepw.c: use roken_getaddrinfo_hostspec 40 412000-02-07 Assar Westerlund <assar@sics.se> 42 43 * Release 0.2n 44 452000-02-07 Assar Westerlund <assar@sics.se> 46 47 * lib/krb5/Makefile.am: set version to 8:0:0 48 * lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy 49 (krb5_kt_add_entry): set timestamp 50 512000-02-06 Assar Westerlund <assar@sics.se> 52 53 * lib/krb5/krb5.h: add macros for accessing krb5_realm 54 * lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead 55 of `int32_t' 56 57 * lib/krb5/replay.c (checksum_authenticator): update to new API 58 for md5 59 60 * lib/krb5/krb5.h: remove des.h, it's not needed and applications 61 should not have to make sure to find it. 62 632000-02-03 Assar Westerlund <assar@sics.se> 64 65 * lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to 66 `out_key' to avoid conflicting with label. reported by Sean Doran 67 <smd@ebone.net> 68 692000-02-02 Assar Westerlund <assar@sics.se> 70 71 * lib/krb5/expand_hostname.c: remember to lower-case host names. 72 bug reported by <amu@mit.edu> 73 74 * kdc/kerberos4.c (do_version4): look at check_ticket_addresses 75 and emulate that by setting krb_ignore_ip_address (not a great 76 interface but it doesn't seem like the time to go around fixing 77 libkrb stuff now) 78 792000-02-01 Johan Danielsson <joda@pdc.kth.se> 80 81 * kuser/kinit.c: change --noaddresses into --no-addresses 82 832000-01-28 Assar Westerlund <assar@sics.se> 84 85 * kpasswd/kpasswd.c (main): make sure the ticket is not 86 forwardable and not proxiable 87 882000-01-26 Assar Westerlund <assar@sics.se> 89 90 * lib/krb5/crypto.c: update to pseudo-standard APIs for 91 md4,md5,sha. some changes to libdes calls to make them more 92 portable. 93 942000-01-21 Assar Westerlund <assar@sics.se> 95 96 * lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to 97 clean up the correct creds. 98 992000-01-16 Assar Westerlund <assar@sics.se> 100 101 * lib/krb5/principal.c (append_component): change parameter to 102 `const char *'. check malloc 103 * lib/krb5/principal.c (append_component, va_ext_princ, va_princ): 104 const-ize 105 * lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname' 106 const 107 * lib/krb5/principal.c (replace_chars): also add space here 108 * lib/krb5/principal.c: (quotable_chars): add space 109 1102000-01-12 Assar Westerlund <assar@sics.se> 111 112 * kdc/kerberos4.c (do_version4): check if preauth was required and 113 bail-out if so since there's no way that could be done in v4. 114 Return NULL_KEY as an error to the client (which is non-obvious, 115 but what can you do?) 116 1172000-01-09 Assar Westerlund <assar@sics.se> 118 119 * lib/krb5/principal.c (krb5_sname_to_principal): use 120 krb5_expand_hostname_realms 121 * lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms 122 * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new 123 variant of krb5_expand_hostname that tries until it expands into 124 something that's digestable by krb5_get_host_realm, returning also 125 the result from that function. 126 1272000-01-08 Assar Westerlund <assar@sics.se> 128 129 * Release 0.2m 130 1312000-01-08 Assar Westerlund <assar@sics.se> 132 133 * configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN 134 135 * lib/krb5/Makefile.am: bump version to 7:1:0 136 137 * lib/krb5/principal.c (krb5_sname_to_principal): use 138 krb5_expand_hostname 139 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle 140 ai_canonname being set in any of the addresses returnedby 141 getaddrinfo. glibc apparently returns the reverse lookup of every 142 address in ai_canonname. 143 1442000-01-06 Assar Westerlund <assar@sics.se> 145 146 * Release 0.2l 147 1482000-01-06 Assar Westerlund <assar@sics.se> 149 150 * lib/krb5/Makefile.am: set version to 7:0:0 151 * lib/krb5/principal.c (krb5_sname_to_principal): remove `hp' 152 153 * lib/hdb/Makefile.am: set version to 4:1:1 154 155 * kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms' 156 * lib/krb5/get_in_tkt.c (add_padata): change types to make 157 everything work out 158 (krb5_get_in_cred): remove const to make types match 159 * lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature 160 * lib/krb5/principal.c (krb5_sname_to_principal): handle not 161 getting back a canonname 162 1632000-01-06 Assar Westerlund <assar@sics.se> 164 165 * Release 0.2k 166 1672000-01-06 Assar Westerlund <assar@sics.se> 168 169 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that 170 we actually parse the port number. based on a patch from Leif 171 Johansson <leifj@it.su.se> 172 1732000-01-02 Assar Westerlund <assar@sics.se> 174 175 * admin/purge.c: remove all non-current and old entries from a 176 keytab 177 178 * admin: break up ktutil.c into files 179 180 * admin/ktutil.c (list): support --verbose (also listning time 181 stamps) 182 (kt_add, kt_get): set timestamp in newly created entries 183 (kt_change): add `change' command 184 185 * admin/srvconvert.c (srvconv): set timestamp in newly created 186 entries 187 * lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp, 188 always go the a predicatble position on error 189 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp 190 * lib/krb5/keytab_file.c (fkt_add_entry): store timestamp 191 (fkt_next_entry_int): return timestamp 192 * lib/krb5/krb5.h (krb5_keytab_entry): add timestamp 193 1941999-12-30 Assar Westerlund <assar@sics.se> 195 196 * configure.in (krb4): use `-ldes' in tests 197 1981999-12-26 Assar Westerlund <assar@sics.se> 199 200 * lib/hdb/print.c (event2string): handle events without principal. 201 From Luke Howard <lukeh@PADL.COM> 202 2031999-12-25 Assar Westerlund <assar@sics.se> 204 205 * Release 0.2j 206 207Tue Dec 21 18:03:17 1999 Assar Westerlund <assar@sics.se> 208 209 * lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and 210 related systems 211 212 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and 213 related systems 214 215 * include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and 216 related systems 217 2181999-12-20 Assar Westerlund <assar@sics.se> 219 220 * Release 0.2i 221 2221999-12-20 Assar Westerlund <assar@sics.se> 223 224 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1 225 226 * lib/krb5/send_to_kdc.c (send_via_proxy): free data 227 * lib/krb5/send_to_kdc.c (send_via_proxy): new function use 228 getaddrinfo instead of gethostbyname{,2} 229 * lib/krb5/get_for_creds.c: use getaddrinfo instead of 230 getnodebyname{,2} 231 2321999-12-17 Assar Westerlund <assar@sics.se> 233 234 * Release 0.2h 235 2361999-12-17 Assar Westerlund <assar@sics.se> 237 238 * Release 0.2g 239 2401999-12-16 Assar Westerlund <assar@sics.se> 241 242 * lib/krb5/Makefile.am: bump version to 6:2:1 243 244 * lib/krb5/principal.c (krb5_sname_to_principal): handle 245 ai_canonname not being set 246 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle 247 ai_canonname not being set 248 249 * appl/test/uu_server.c: print messages to stderr 250 * appl/test/tcp_server.c: print messages to stderr 251 * appl/test/nt_gss_server.c: print messages to stderr 252 * appl/test/gssapi_server.c: print messages to stderr 253 254 * appl/test/tcp_client.c (proto): remove shadowing `context' 255 * appl/test/common.c (client_doit): add forgotten ntohs 256 2571999-12-13 Assar Westerlund <assar@sics.se> 258 259 * configure.in (VERISON): bump to 0.2g-pre 260 2611999-12-12 Assar Westerlund <assar@sics.se> 262 263 * lib/krb5/principal.c (krb5_425_conv_principal_ext): be more 264 robust and handle extra dot at the beginning of default_domain 265 2661999-12-12 Assar Westerlund <assar@sics.se> 267 268 * Release 0.2f 269 2701999-12-12 Assar Westerlund <assar@sics.se> 271 272 * lib/krb5/Makefile.am: bump version to 6:1:1 273 274 * lib/krb5/changepw.c (get_kdc_address): use 275 `krb5_get_krb_changepw_hst' 276 277 * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add 278 279 * lib/krb5/get_host_realm.c: add support for _kerberos.domain 280 (according to draft-ietf-cat-krb-dns-locate-01.txt) 281 2821999-12-06 Assar Westerlund <assar@sics.se> 283 284 * Release 0.2e 285 2861999-12-06 Assar Westerlund <assar@sics.se> 287 288 * lib/krb5/changepw.c (krb5_change_password): use the correct 289 address 290 291 * lib/krb5/Makefile.am: bump version to 6:0:1 292 293 * lib/asn1/Makefile.am: bump version to 1:4:0 294 2951999-12-04 Assar Westerlund <assar@sics.se> 296 297 * configure.in: move AC_KRB_IPv6 to make sure it's performed 298 before AC_BROKEN 299 (el_init): use new feature of AC_FIND_FUNC_NO_LIBS 300 301 * appl/test/uu_client.c: use client_doit 302 * appl/test/test_locl.h (client_doit): add prototype 303 * appl/test/tcp_client.c: use client_doit 304 * appl/test/nt_gss_client.c: use client_doit 305 * appl/test/gssapi_client.c: use client_doit 306 * appl/test/common.c (client_doit): move identical code here and 307 start using getaddrinfo 308 309 * appl/kf/kf.c (doit): rewrite to use getaddrinfo 310 * kdc/hprop.c: re-write to use getaddrinfo 311 * lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo 312 * lib/krb5/expand_hostname.c (krb5_expand_hostname): use 313 getaddrinfo 314 * lib/krb5/changepw.c: re-write to use getaddrinfo 315 * lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo 316 3171999-12-03 Assar Westerlund <assar@sics.se> 318 319 * configure.in (BROKEN): check for freeaddrinfo, getaddrinfo, 320 getnameinfo, gai_strerror 321 (socklen_t): check for 322 3231999-12-02 Johan Danielsson <joda@pdc.kth.se> 324 325 * lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key 326 3271999-11-23 Assar Westerlund <assar@sics.se> 328 329 * lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes 330 within unicode characters. this should probably be done in some 331 arbitrarly complex way to do it properly and you would have to 332 know what character encoding was used for the password and salt 333 string. 334 335 * lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0 336 (INADDR_ANY) 337 (ipv6_uninteresting): remove unused macro 338 3391999-11-22 Johan Danielsson <joda@pdc.kth.se> 340 341 * lib/krb5/krb5.h: rc4->arcfour 342 343 * lib/krb5/crypto.c: rc4->arcfour 344 3451999-11-17 Assar Westerlund <assar@sics.se> 346 347 * lib/krb5/krb5_locl.h: add <rc4.h> 348 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4 349 * lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might 350 not be totally different from some small company up in the 351 north-west corner of the US 352 353 * lib/krb5/get_addrs.c (find_all_addresses): change code to 354 actually increment buf_size 355 3561999-11-14 Assar Westerlund <assar@sics.se> 357 358 * lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces' 359 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces 360 scanning optional 361 * lib/krb5/context.c (init_context_from_config_file): set 362 `scan_interfaces' 363 364 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c 365 * lib/krb5/add_et_list.c (krb5_add_et_list): new function 366 3671999-11-12 Assar Westerlund <assar@sics.se> 368 369 * lib/krb5/get_default_realm.c (krb5_get_default_realm, 370 krb5_get_default_realms): set realms if they were unset 371 * lib/krb5/context.c (init_context_from_config_file): don't 372 initialize default realms here. it's done lazily instead. 373 374 * lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned 375 * lib/asn1/gen_glue.c (generate_2int, generate_units): make sure 376 bit constants are unsigned 377 * lib/asn1/gen.c (define_type): make length in sequences be 378 unsigned. 379 380 * configure.in: remove duplicate test for setsockopt test for 381 struct tm.tm_isdst 382 383 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate 384 preauthentication information if we get back ERR_PREAUTH_REQUIRED 385 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove 386 preauthentication generation code. it's now in krb5_get_in_cred 387 388 * configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct 389 tm.tm_gmtoff and timezone 390 3911999-11-11 Johan Danielsson <joda@pdc.kth.se> 392 393 * kdc/main.c: make this work with multi-db 394 395 * kdc/kdc_locl.h: make this work with multi-db 396 397 * kdc/config.c: make this work with multi-db 398 3991999-11-09 Johan Danielsson <joda@pdc.kth.se> 400 401 * kdc/misc.c: update for multi-database code 402 403 * kdc/main.c: update for multi-database code 404 405 * kdc/kdc_locl.h: update 406 407 * kdc/config.c: allow us to have more than one database 408 4091999-11-04 Assar Westerlund <assar@sics.se> 410 411 * Release 0.2d 412 413 * lib/krb5/Makefile.am: bump version to 5:0:0 to be safe 414 (krb5_context_data has changed and some code do (might) access 415 fields directly) 416 417 * lib/krb5/krb5.h (krb5_context_data): add `etypes_des' 418 419 * lib/krb5/get_cred.c (init_tgs_req): use 420 krb5_keytype_to_enctypes_default 421 422 * lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new 423 function 424 425 * lib/krb5/context.c (set_etypes): new function 426 (init_context_from_config_file): set both `etypes' and `etypes_des' 427 4281999-11-02 Assar Westerlund <assar@sics.se> 429 430 * configure.in (VERSION): bump to 0.2d-pre 431 4321999-10-29 Assar Westerlund <assar@sics.se> 433 434 * lib/krb5/principal.c (krb5_parse_name): check memory allocations 435 4361999-10-28 Assar Westerlund <assar@sics.se> 437 438 * Release 0.2c 439 440 * lib/krb5/dump_config.c (print_tree): check for empty tree 441 442 * lib/krb5/string-to-key-test.c (tests): update the test cases 443 with empty principals so that they actually use an empty realm and 444 not the default. use the correct etype for 3DES 445 446 * lib/krb5/Makefile.am: bump version to 4:1:0 447 448 * kdc/config.c (configure): more careful with the port string 449 4501999-10-26 Assar Westerlund <assar@sics.se> 451 452 * Release 0.2b 453 4541999-10-20 Assar Westerlund <assar@sics.se> 455 456 * lib/krb5/Makefile.am: bump version to 4:0:0 457 (krb524_convert_creds_kdc and potentially some other functions 458 have changed prototypes) 459 460 * lib/hdb/Makefile.am: bump version to 4:0:1 461 462 * lib/asn1/Makefile.am: bump version to 1:3:0 463 464 * configure.in (LIB_roken): add dbopen. getcap in roken 465 references dbopen and with shared libraries we need to add this 466 dependency. 467 468 * lib/krb5/verify_krb5_conf.c (main): support speicifying the 469 configuration file to test on the command line 470 471 * lib/krb5/config_file.c (parse_binding): handle line with no 472 whitespace before = 473 (krb5_config_parse_file_debug): set lineno earlier so that we don't 474 use it unitialized 475 476 * configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need 477 more include files for these tests 478 479 * lib/krb5/set_default_realm.c (krb5_set_default_realm): use 480 krb5_config_get_strings, which means that your configuration file 481 should look like: 482 483 [libdefaults] 484 default_realm = realm1 realm2 realm3 485 486 * lib/krb5/set_default_realm.c (config_binding_to_list): fix 487 copy-o. From Michal Vocu <michal@karlin.mff.cuni.cz> 488 489 * kdc/config.c (configure): add a missing strdup. From Michal 490 Vocu <michal@karlin.mff.cuni.cz> 491 4921999-10-17 Assar Westerlund <assar@sics.se> 493 494 * Release 0.2a 495 496 * configure.in: only test for db.h with using berkeley_db. remember 497 to link with LIB_tgetent when checking for el_init. add xnlock 498 499 * appl/Makefile.am: add xnlock 500 501 * kdc/kerberos5.c (find_etype): support null keys 502 503 * kdc/kerberos4.c (get_des_key): support null keys 504 505 * lib/krb5/crypto.c (krb5_get_wrapped_length): more correct 506 calculation 507 5081999-10-16 Johan Danielsson <joda@pdc.kth.se> 509 510 * kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc 511 5121999-10-12 Johan Danielsson <joda@pdc.kth.se> 513 514 * lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning 515 5161999-10-10 Assar Westerlund <assar@sics.se> 517 518 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm 519 520 * lib/krb5/krb5.h (krb5_ccache_data): make `ops' const 521 522 * lib/krb5/crypto.c (krb5_string_to_salttype): new function 523 524 * **/*.[ch]: const-ize 525 5261999-10-06 Assar Westerlund <assar@sics.se> 527 528 * lib/krb5/creds.c (krb5_compare_creds): const-ify 529 530 * lib/krb5/cache.c: clean-up and comment-up 531 532 * lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the 533 strings 534 535 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the 536 correct realm part 537 538 * kdc/connect.c (handle_tcp): things work much better when ret is 539 initialized 540 5411999-10-03 Assar Westerlund <assar@sics.se> 542 543 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the 544 type of the session key 545 546 * lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell 547 correctly 548 549 * lib/krb5/creds.c (krb5_compare_creds): fix spelling of 550 krb5_enctypes_compatible_keys 551 552 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new 553 credentials from the KDC if the existing one doesn't have a DES 554 session key. 555 556 * lib/45/get_ad_tkt.c (get_ad_tkt): update to new 557 krb524_convert_creds_kdc 558 5591999-10-03 Johan Danielsson <joda@pdc.kth.se> 560 561 * lib/krb5/keytab_keyfile.c: make krb5_akf_ops const 562 563 * lib/krb5/keytab_memory.c: make krb5_mkt_ops const 564 565 * lib/krb5/keytab_file.c: make krb5_fkt_ops const 566 5671999-10-01 Assar Westerlund <assar@sics.se> 568 569 * lib/krb5/config_file.c: rewritten to allow error messages 570 571 * lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf 572 (libkrb5_la_SOURCES): add config_file_netinfo.c 573 574 * lib/krb5/verify_krb5_conf.c: new program for verifying that 575 krb5.conf is corret 576 577 * lib/krb5/config_file_netinfo.c: moved netinfo code here from 578 config_file.c 579 5801999-09-28 Assar Westerlund <assar@sics.se> 581 582 * kdc/hpropd.c (dump_krb4): kludge default_realm 583 584 * lib/asn1/check-der.c: add test cases for Generalized time and 585 make sure we return the correct value 586 587 * lib/asn1/der_put.c: simplify by using der_put_length_and_tag 588 589 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of 590 krb5_verify_user that tries in all the local realms 591 592 * lib/krb5/set_default_realm.c: add support for having several 593 default realms 594 595 * lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms' 596 597 * lib/krb5/get_default_realm.c (krb5_get_default_realms): add 598 599 * lib/krb5/krb5.h (krb5_context_data): change `default_realm' to 600 `default_realms' 601 602 * lib/krb5/context.c: change from `default_realm' to 603 `default_realms' 604 605 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use 606 krb5_get_default_realms 607 608 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c 609 610 * lib/krb5/copy_host_realm.c: new file 611 6121999-09-27 Johan Danielsson <joda@pdc.kth.se> 613 614 * lib/asn1/der_put.c (encode_generalized_time): encode length 615 616 * lib/krb5/recvauth.c: new function `krb5_recvauth_match_version' 617 that allows more intelligent matching of the application version 618 6191999-09-26 Assar Westerlund <assar@sics.se> 620 621 * lib/asn1/asn1_print.c: add err.h 622 623 * kdc/config.c (configure): use parse_bytes 624 625 * appl/test/nt_gss_common.c: use the correct header file 626 6271999-09-24 Johan Danielsson <joda@pdc.kth.se> 628 629 * kuser/klist.c: add a `--cache' flag 630 631 * kuser/kinit.c (main): only get default value for `get_v4_tgt' if 632 it's explicitly set in krb5.conf 633 6341999-09-23 Assar Westerlund <assar@sics.se> 635 636 * lib/asn1/asn1_print.c (tag_names); add another univeral tag 637 638 * lib/asn1/der.h: update universal tags 639 6401999-09-22 Assar Westerlund <assar@sics.se> 641 642 * lib/asn1/asn1_print.c (loop): print length of octet string 643 6441999-09-21 Johan Danielsson <joda@pdc.kth.se> 645 646 * admin/ktutil.c (kt_get): add `--help' 647 6481999-09-21 Assar Westerlund <assar@sics.se> 649 650 * kuser/Makefile.am: add kdecode_ticket 651 652 * kuser/kdecode_ticket.c: new debug program 653 654 * appl/test/nt_gss_server.c: new program to test against `Sample * 655 SSPI Code' in Windows 2000 RC1 SDK. 656 657 * appl/test/Makefile.am: add nt_gss_client and nt_gss_server 658 659 * lib/asn1/der_get.c (decode_general_string): remember to advance 660 ret over the length-len 661 662 * lib/asn1/Makefile.am: add asn1_print 663 664 * lib/asn1/asn1_print.c: new program for printing DER-structures 665 666 * lib/asn1/der_put.c: make functions more consistent 667 668 * lib/asn1/der_get.c: make functions more consistent 669 6701999-09-20 Johan Danielsson <joda@pdc.kth.se> 671 672 * kdc/kerberos5.c: be more informative in pa-data error messages 673 6741999-09-16 Assar Westerlund <assar@sics.se> 675 676 * configure.in: test for strlcpy, strlcat 677 6781999-09-14 Assar Westerlund <assar@sics.se> 679 680 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return 681 KRB5_LIBOS_PWDINTR when interrupted 682 683 * lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return 684 value from des_read_pw_string 685 686 * kuser/kinit.c (main): don't print any error if reading the 687 password was interrupted 688 689 * kpasswd/kpasswd.c (main): don't print any error if reading the 690 password was interrupted 691 692 * kdc/string2key.c (main): check the return value from fgets 693 694 * kdc/kstash.c (main): check return value from des_read_pw_string 695 696 * admin/ktutil.c (kt_add): check the return-value from fgets and 697 overwrite the password for paranoid reasons 698 699 * lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the 700 newline if it's there 701 7021999-09-13 Assar Westerlund <assar@sics.se> 703 704 * kdc/hpropd.c (main): remove bogus error with `--print'. remove 705 sysloging of number of principals transferred 706 707 * kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL 708 principals 709 (main): get rid of bogus opening of hdb database when propagating 710 ka-server database 711 7121999-09-12 Assar Westerlund <assar@sics.se> 713 714 * lib/krb5/krb5_locl.h (O_BINARY): add fallback definition 715 716 * lib/krb5/krb5.h (krb5_context_data): add keytab types 717 718 * configure.in: revert back awk test, not worked around in 719 roken.awk 720 721 * lib/krb5/keytab_krb4.c: remove O_BINARY 722 723 * lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's. From 724 Love <lha@e.kth.se> 725 726 * lib/krb5/keytab_file.c: remove O_BINARY 727 728 * lib/krb5/keytab.c: move the list of keytab types to the context 729 730 * lib/krb5/fcache.c: remove O_BINARY 731 732 * lib/krb5/context.c (init_context_from_config_file): register all 733 standard cache and keytab types 734 (krb5_free_context): free `kt_types' 735 736 * lib/krb5/cache.c (krb5_cc_resolve): move the registration of the 737 standard types of credential caches to context 738 739 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c 740 7411999-09-10 Assar Westerlund <assar@sics.se> 742 743 * lib/krb5/keytab.c: add comments and clean-up 744 745 * admin/ktutil.c: add `ktutil copy' 746 747 * lib/krb5/keytab_krb4.c: new file 748 749 * lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field 750 751 * lib/krb5/Makefile.am: add keytab_krb4.c 752 753 * lib/krb5/keytab.c: add krb4 and correct some if's 754 755 * admin/srvconvert.c (srvconv): move common code 756 757 * lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables 758 759 * lib/krb5/keytab.c: move out file and memory functions 760 761 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c, 762 keytab_memory.c 763 764 * lib/krb5/keytab_memory.c: new file 765 766 * lib/krb5/keytab_file.c: new file 767 768 * kpasswd/kpasswdd.c: move out password quality functions 769 7701999-09-07 Assar Westerlund <assar@sics.se> 771 772 * lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c. From 773 Love <lha@e.kth.se> 774 775 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check 776 return value from `krb5_sendto_kdc' 777 7781999-09-06 Assar Westerlund <assar@sics.se> 779 780 * lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and 781 remove the sending of data. add a parameter `limit'. let callers 782 send the date themselves (and preferably with net_write on tcp 783 sockets) 784 (send_and_recv_tcp): read first the length field and then only that 785 many bytes 786 7871999-09-05 Assar Westerlund <assar@sics.se> 788 789 * kdc/connect.c (handle_tcp): try to print warning `TCP data of 790 strange type' less often 791 792 * lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly. 793 return on EOF. always free data. check return value from 794 realloc. 795 (send_and_recv_tcp, send_and_recv_http): check advertised length 796 against actual length 797 7981999-09-01 Johan Danielsson <joda@pdc.kth.se> 799 800 * configure.in: check for sgi capabilities 801 8021999-08-27 Johan Danielsson <joda@pdc.kth.se> 803 804 * lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return 805 extra addresses 806 807 * kpasswd/kpasswdd.c: use HDB keytabs; change some error messages; 808 add --realm flag 809 810 * lib/krb5/address.c (krb5_append_addresses): remove duplicates 811 8121999-08-26 Johan Danielsson <joda@pdc.kth.se> 813 814 * lib/hdb/keytab.c: HDB keytab backend 815 8161999-08-25 Johan Danielsson <joda@pdc.kth.se> 817 818 * lib/krb5/keytab.c 819 (krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL 820 pointer 821 8221999-08-24 Johan Danielsson <joda@pdc.kth.se> 823 824 * kpasswd/kpasswdd.c: add `--keytab' flag 825 8261999-08-23 Assar Westerlund <assar@sics.se> 827 828 * lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr' 829 instead of the non-standard `s6_addr32'. From Yoshinobu Inoue 830 <shin@kame.net> by way of the KAME repository 831 8321999-08-18 Assar Westerlund <assar@sics.se> 833 834 * configure.in (--enable-new-des3-code): remove check for `struct 835 addrinfo' 836 837 * lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable 838 des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards 839 compatability 840 841 * lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key 842 derivation) just got assigned etype 16 by <bcn@isi.edu>. keep the 843 old etype at 7. 844 8451999-08-16 Assar Westerlund <assar@sics.se> 846 847 * lib/krb5/sendauth.c (krb5_sendauth): only look at errno if 848 krb5_net_read actually returns -1 849 850 * lib/krb5/recvauth.c (krb5_recvauth): only look at errno if 851 krb5_net_read actually returns -1 852 853 * appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't 854 returned -1 855 856 * appl/test/tcp_server.c (proto): only trust errno if 857 krb5_net_read actually returns -1 858 859 * appl/kf/kfd.c (proto): be more careful with the return value 860 from krb5_net_read 861 8621999-08-13 Assar Westerlund <assar@sics.se> 863 864 * lib/krb5/get_addrs.c (get_addrs_int): try the different ways 865 sequentially instead of just one. this helps if your heimdal was 866 built with v6-support but your kernel doesn't have it, for 867 example. 868 8691999-08-12 Assar Westerlund <assar@sics.se> 870 871 * kdc/hpropd.c: add inetd flag. default means try to figure out 872 if stdin is a socket or not. 873 874 * Makefile.am (ACLOCAL): just use `cf', this variable is only used 875 when the current directory is $(top_srcdir) anyways and having 876 $(top_srcdir) there breaks if it's a relative path 877 8781999-08-09 Johan Danielsson <joda@pdc.kth.se> 879 880 * configure.in: check for setproctitle 881 8821999-08-05 Assar Westerlund <assar@sics.se> 883 884 * lib/krb5/principal.c (krb5_sname_to_principal): remember to call 885 freehostent 886 887 * appl/test/tcp_client.c: call freehostent 888 889 * appl/kf/kf.c (doit): call freehostent 890 891 * appl/kf/kf.c: make v6 friendly and simplify 892 893 * appl/kf/kfd.c: make v6 friendly and simplify 894 895 * appl/test/tcp_server.c: simplify by using krb5_err instead of 896 errx 897 898 * appl/test/tcp_client.c: simplify by using krb5_err instead of 899 errx 900 901 * appl/test/tcp_server.c: make v6 friendly and simplify 902 903 * appl/test/tcp_client.c: make v6 friendly and simplify 904 9051999-08-04 Assar Westerlund <assar@sics.se> 906 907 * Release 0.1m 908 9091999-08-04 Assar Westerlund <assar@sics.se> 910 911 * kuser/kinit.c (main): some more KRB4-conditionalizing 912 913 * lib/krb5/get_in_tkt.c: type correctness 914 915 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in 916 flags. From Miroslav Ruda <ruda@ics.muni.cz> 917 918 * kuser/kinit.c (main): add config file support for forwardable 919 and krb4 support. From Miroslav Ruda <ruda@ics.muni.cz> 920 921 * kdc/kerberos5.c (as_rep): add an empty X500-compress string as 922 transited. 923 (fix_transited_encoding): check length. 924 From Miroslav Ruda <ruda@ics.muni.cz> 925 926 * kdc/hpropd.c (dump_krb4): check the realm so that we don't dump 927 principals in some other realm. From Miroslav Ruda 928 <ruda@ics.muni.cz> 929 (main): rename sa_len -> sin_len, sa_lan is a define on some 930 platforms. 931 932 * appl/kf/kfd.c: add regpag support. From Miroslav Ruda 933 <ruda@ics.muni.cz> 934 935 * appl/kf/kf.c: add `-G' and forwardable option in krb5.conf. 936 From Miroslav Ruda <ruda@ics.muni.cz> 937 938 * lib/krb5/config_file.c (parse_list): don't run past end of line 939 940 * appl/test/gss_common.h: new prototypes 941 942 * appl/test/gssapi_client.c: use gss_err instead of abort 943 944 * appl/test/gss_common.c (gss_verr, gss_err): add 945 9461999-08-03 Assar Westerlund <assar@sics.se> 947 948 * lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this 949 otherwise it doesn't build with shared libraries 950 951 * kdc/hpropd.c: v6-ify 952 953 * kdc/hprop.c: v6-ify 954 9551999-08-01 Assar Westerlund <assar@sics.se> 956 957 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname 958 9591999-07-31 Assar Westerlund <assar@sics.se> 960 961 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new 962 function that takes a FQDN 963 964 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c 965 966 * lib/krb5/expand_hostname.c: new file 967 9681999-07-28 Assar Westerlund <assar@sics.se> 969 970 * Release 0.1l 971 9721999-07-28 Assar Westerlund <assar@sics.se> 973 974 * lib/asn1/Makefile.am: bump version to 1:2:0 975 976 * lib/krb5/Makefile.am: bump version to 3:1:0 977 978 * configure.in: more inet_pton to roken 979 980 * lib/krb5/principal.c (krb5_sname_to_principal): use 981 getipnodebyname 982 9831999-07-26 Assar Westerlund <assar@sics.se> 984 985 * Release 0.1k 986 9871999-07-26 Johan Danielsson <joda@pdc.kth.se> 988 989 * lib/krb5/Makefile.am: bump version number (changed function 990 signatures) 991 992 * lib/hdb/Makefile.am: bump version number (changes to some 993 function signatures) 994 9951999-07-26 Assar Westerlund <assar@sics.se> 996 997 * lib/krb5/Makefile.am: bump version to 3:0:2 998 999 * lib/hdb/Makefile.am: bump version to 2:1:0 1000 1001 * lib/asn1/Makefile.am: bump version to 1:1:0 1002 10031999-07-26 Assar Westerlund <assar@sics.se> 1004 1005 * Release 0.1j 1006 10071999-07-26 Assar Westerlund <assar@sics.se> 1008 1009 * configure.in: rokenize inet_ntop 1010 1011 * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t 1012 1013 * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t 1014 1015 * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t 1016 1017 * lib/krb5/store.c: lots of changes from size_t to ssize_t 1018 (krb5_ret_stringz): check return value from realloc 1019 1020 * lib/krb5/mk_safe.c: some type correctness 1021 1022 * lib/krb5/mk_priv.c: some type correctness 1023 1024 * lib/krb5/krb5.h (krb5_storage): change return values of 1025 functions from size_t to ssize_t 1026 10271999-07-24 Assar Westerlund <assar@sics.se> 1028 1029 * Release 0.1i 1030 1031 * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \# 1032 in lib/roken/roken.awk 1033 1034 * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to 1035 step over addresses if there's no `sa_lan' field 1036 1037 * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by 1038 using `struct sockaddr_storage' 1039 1040 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using 1041 `struct sockaddr_storage' 1042 1043 * lib/krb5/changepw.c (krb5_change_password): simplify by using 1044 `struct sockaddr_storage' 1045 1046 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): 1047 simplify by using `struct sockaddr_storage' 1048 1049 * kpasswd/kpasswdd.c (*): simplify by using `struct 1050 sockaddr_storage' 1051 1052 * kdc/connect.c (*): simplify by using `struct sockaddr_storage' 1053 1054 * configure.in (sa_family_t): just test for existence 1055 (sockaddr_storage): also specify include file 1056 1057 * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i 1058 (sa_family_t): test for 1059 (struct sockaddr_storage): test for 1060 1061 * kdc/hprop.c (propagate_database): typo, NULL should be 1062 auth_context 1063 1064 * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of 1065 AF_INET6 1066 1067 * appl/kf/kf.c (main): use warnx 1068 1069 * appl/kf/kf.c (proto): remove shadowing context 1070 1071 * lib/krb5/get_addrs.c (find_all_addresses): try to handle the 1072 case of getting back an `sockaddr_in6' address when sizeof(struct 1073 sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to 1074 tell us how large the address is. This obviously doesn't work 1075 with unknown protocol types. 1076 10771999-07-24 Assar Westerlund <assar@sics.se> 1078 1079 * Release 0.1h 1080 10811999-07-23 Assar Westerlund <assar@sics.se> 1082 1083 * appl/kf/kfd.c: clean-up and more paranoia 1084 1085 * etc/services.append: add kf 1086 1087 * appl/kf/kf.c: rename tk_file to ccache for consistency. clean-up 1088 10891999-07-22 Assar Westerlund <assar@sics.se> 1090 1091 * lib/krb5/n-fold-test.c (main): print the correct data 1092 1093 * appl/Makefile.am (SUBDIRS): add kf 1094 1095 * appl/kf: new program. From Miroslav Ruda <ruda@ics.muni.cz> 1096 1097 * kdc/hprop.c: declare some variables unconditionally to simplify 1098 things 1099 1100 * kpasswd/kpasswdd.c: initialize kadm5 connection for every change 1101 (otherwise the modifier in the database doesn't get set) 1102 1103 * kdc/hpropd.c: clean-up and re-organize 1104 1105 * kdc/hprop.c: clean-up and re-organize 1106 1107 * configure.in (SunOS): define to xy for SunOS x.y 1108 11091999-07-19 Assar Westerlund <assar@sics.se> 1110 1111 * configure.in (AC_BROKEN): test for copyhostent, freehostent, 1112 getipnodebyaddr, getipnodebyname 1113 11141999-07-15 Assar Westerlund <assar@sics.se> 1115 1116 * lib/asn1/check-der.c: more test cases for integers 1117 1118 * lib/asn1/der_length.c (length_int): handle the case of the 1119 largest negative integer by not calling abs 1120 11211999-07-14 Assar Westerlund <assar@sics.se> 1122 1123 * lib/asn1/check-der.c (generic_test): check malloc return value 1124 properly 1125 1126 * lib/krb5/Makefile.am: add string_to_key_test 1127 1128 * lib/krb5/prog_setup.c (krb5_program_setup): always initialize 1129 the context 1130 1131 * lib/krb5/n-fold-test.c (main): return a relevant return value 1132 1133 * lib/krb5/krbhst.c: do SRV lookups for admin server as well. 1134 some clean-up. 1135 11361999-07-12 Assar Westerlund <assar@sics.se> 1137 1138 * configure.in: handle not building X programs 1139 11401999-07-06 Assar Westerlund <assar@sics.se> 1141 1142 * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate 1143 variable 1144 (ipv6_sockaddr2port): fix typo 1145 1146 * etc/services.append: beginning of a file with services 1147 1148 * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if 1149 there's no prefix. also clean-up a little bit. 1150 1151 * kdc/hprop.c (--kaspecials): new flag for handling special KA 1152 server entries. From "Brandon S. Allbery KF8NH" 1153 <allbery@kf8nh.apk.net> 1154 11551999-07-05 Assar Westerlund <assar@sics.se> 1156 1157 * kdc/connect.c (handle_tcp): make sure we have data before 1158 starting to look for HTTP 1159 1160 * kdc/connect.c (handle_tcp): always do getpeername, we can't 1161 trust recvfrom to return anything sensible 1162 11631999-07-04 Assar Westerlund <assar@sics.se> 1164 1165 * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with 1166 all enctypes 1167 1168 * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry 1169 1170 * admin/srvconvert.c (srvconv): better error messages 1171 11721999-07-03 Assar Westerlund <assar@sics.se> 1173 1174 * lib/krb5/principal.c (unparse_name): error check malloc properly 1175 1176 * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc 1177 properly 1178 1179 * lib/krb5/crypto.c (*): do some malloc return-value checks 1180 properly 1181 1182 * lib/hdb/hdb.c (hdb_process_master_key): simplify by using 1183 krb5_data_alloc 1184 1185 * lib/hdb/hdb.c (hdb_process_master_key): check return value from 1186 malloc 1187 1188 * lib/asn1/gen_decode.c (decode_type): fix generation of decoding 1189 information for TSequenceOf. 1190 1191 * kdc/kerberos5.c (get_pa_etype_info): check return value from 1192 malloc 1193 11941999-07-02 Assar Westerlund <assar@sics.se> 1195 1196 * lib/asn1/der_copy.c (copy_octet_string): don't fail if length == 1197 0 and malloc returns NULL 1198 11991999-06-29 Assar Westerlund <assar@sics.se> 1200 1201 * lib/krb5/addr_families.c (ipv6_parse_addr): implement 1202 12031999-06-24 Assar Westerlund <assar@sics.se> 1204 1205 * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address 1206 as an addrport one 1207 1208 * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT): 1209 add 1210 (krb5_auth_context): add local and remote port 1211 1212 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the 1213 local and remote address and add them to the krb-cred packet 1214 1215 * lib/krb5/auth_context.c: save the local and remove ports in the 1216 auth_context 1217 1218 * lib/krb5/address.c (krb5_make_addrport): create an address of 1219 type KRB5_ADDRESS_ADDRPORT from (addr, port) 1220 1221 * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for 1222 grabbing the port number out of the sockaddr 1223 12241999-06-23 Assar Westerlund <assar@sics.se> 1225 1226 * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key. 1227 increase possible verbosity. 1228 1229 * lib/krb5/config_file.c (parse_list): handle blank lines at 1230 another place 1231 1232 * kdc/connect.c (add_port_string): don't return a value 1233 1234 * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred 1235 cache if the principals are different. close and NULL the old one 1236 so that we create a new one. 1237 1238 * configure.in: move around cgywin et al 1239 (LIB_kdb): set at the end of krb4-block 1240 (krb4): test for krb_enable_debug and krb_disable_debug 1241 12421999-06-16 Assar Westerlund <assar@sics.se> 1243 1244 * kuser/kdestroy.c (main): try to destroy v4 ticket even if the 1245 destruction of the v5 one fails 1246 1247 * lib/krb5/crypto.c (DES3_postproc): new version that does the 1248 right thing 1249 (*): don't put and recover length in 3DES encoding 1250 other small fixes 1251 12521999-06-15 Assar Westerlund <assar@sics.se> 1253 1254 * lib/krb5/get_default_principal.c: rewrite to use 1255 get_default_username 1256 1257 * lib/krb5/Makefile.am: add n-fold-test 1258 1259 * kdc/connect.c: add fallbacks for all lookups by service name 1260 (handle_tcp): break-up and clean-up 1261 12621999-06-09 Assar Westerlund <assar@sics.se> 1263 1264 * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider 1265 the loopback address as uninteresting 1266 1267 * lib/krb5/get_addrs.c: new magic flag to get loopback address if 1268 there are no other addresses. 1269 (krb5_get_all_client_addrs): use that flag 1270 12711999-06-04 Assar Westerlund <assar@sics.se> 1272 1273 * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the 1274 length 1275 (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64 1276 (encrypt_internal_derived): don't include the length and don't 1277 decrease by the checksum size twice 1278 (_get_derived_key): the constant should be 5 bytes 1279 12801999-06-02 Johan Danielsson <joda@pdc.kth.se> 1281 1282 * configure.in: use KRB_CHECK_X 1283 1284 * configure.in: check for netinet/ip.h 1285 12861999-05-31 Assar Westerlund <assar@sics.se> 1287 1288 * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize 1289 on RTLD_NOW 1290 12911999-05-23 Assar Westerlund <assar@sics.se> 1292 1293 * appl/test/uu_server.c: removed unused stuff 1294 1295 * appl/test/uu_client.c: removed unused stuff 1296 12971999-05-21 Assar Westerlund <assar@sics.se> 1298 1299 * kuser/kgetcred.c (main): correct error message 1300 1301 * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum) 1302 directly, avoiding redundant lookups and memory leaks 1303 1304 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free 1305 local and remote addresses 1306 1307 * lib/krb5/get_default_principal.c (get_logname): also try 1308 $USERNAME 1309 1310 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) 1311 1312 * lib/krb5/principal.c (USE_RESOLVER): try to define only if we 1313 have a libresolv (currently by checking for res_search) 1314 13151999-05-18 Johan Danielsson <joda@pdc.kth.se> 1316 1317 * kdc/connect.c (handle_tcp): remove %-escapes in request 1318 13191999-05-14 Assar Westerlund <assar@sics.se> 1320 1321 * Release 0.1g 1322 1323 * admin/ktutil.c (kt_remove): -t should be -e 1324 1325 * configure.in (CHECK_NETINET_IP_AND_TCP): use 1326 1327 * kdc/hpropd.c: support for dumping to krb4. From Miroslav Ruda 1328 <ruda@ics.muni.cz> 1329 1330 * admin/ktutil.c (kt_add): new option `--no-salt'. From Miroslav 1331 Ruda <ruda@ics.muni.cz> 1332 1333 * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg, 1334 and innetgr with roken versions 1335 1336 * kuser/kgetcred.c: new program 1337 1338Tue May 11 14:09:33 1999 Johan Danielsson <joda@pdc.kth.se> 1339 1340 * lib/krb5/mcache.c: fix paste-o 1341 13421999-05-10 Johan Danielsson <joda@pdc.kth.se> 1343 1344 * configure.in: don't use uname 1345 13461999-05-10 Assar Westerlund <assar@sics.se> 1347 1348 * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four 1349 arguments :-) 1350 1351 * appl/test/uu_server.c (setsockopt): cast to get rid of a warning 1352 1353 * appl/test/tcp_server.c (setsockopt): cast to get rid of a 1354 warning 1355 1356 * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache 1357 == NULL 1358 1359 * appl/test/gssapi_server.c (setsockopt): cast to get rid of a 1360 warning 1361 1362 * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by 1363 setting the default ccache. 1364 1365 * configure.in (getsockopt, setsockopt): test for 1366 (AM_INIT_AUTOMAKE): bump version to 0.1g 1367 1368 * appl/Makefile.am (SUBDIRS): add kx 1369 1370 * lib/hdb/convert_db.c (main): handle the case of no master key 1371 13721999-05-09 Assar Westerlund <assar@sics.se> 1373 1374 * Release 0.1f 1375 1376 * kuser/kinit.c: add --noaddresses 1377 1378 * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an 1379 empty sit of list as to not ask for any addresses. 1380 13811999-05-08 Assar Westerlund <assar@sics.se> 1382 1383 * acconfig.h (_GNU_SOURCE): define this to enable (used) 1384 extensions on glibc-based systems such as linux 1385 13861999-05-03 Assar Westerlund <assar@sics.se> 1387 1388 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free 1389 `*out_creds' properly 1390 1391 * lib/krb5/creds.c (krb5_compare_creds): just verify that the 1392 keytypes/enctypes are compatible, not that they are the same 1393 1394 * kuser/kdestroy.c (cache): const-correctness 1395 13961999-05-03 Johan Danielsson <joda@pdc.kth.se> 1397 1398 * lib/hdb/hdb.c (hdb_set_master_key): initialise master key 1399 version 1400 1401 * lib/hdb/convert_db.c: add support for upgrading database 1402 versions 1403 1404 * kdc/misc.c: add flags to fetch 1405 1406 * kdc/kstash.c: unlink keyfile on failure, chmod to 400 1407 1408 * kdc/hpropd.c: add --print option 1409 1410 * kdc/hprop.c: pass flags to hdb_foreach 1411 1412 * lib/hdb/convert_db.c: add some flags 1413 1414 * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2; 1415 build prototype headers 1416 1417 * lib/hdb/hdb_locl.h: update prototypes 1418 1419 * lib/hdb/print.c: move printable version of entry from kadmin 1420 1421 * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is 1422 sealed or not; add flags to hdb_foreach 1423 1424 * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and 1425 NDBM_nextkey 1426 1427 * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey 1428 1429 * lib/hdb/common.c: add flags to _hdb_{fetch,store} 1430 1431 * lib/hdb/hdb.h: add master_key_version to struct hdb, update 1432 prototypes 1433 1434 * lib/hdb/hdb.asn1: make mkvno optional, update version to 2 1435 1436 * configure.in: --enable-netinfo 1437 1438 * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO 1439 1440 * config.sub: fix for crays 1441 1442 * config.guess: new version from automake 1.4 1443 1444 * config.sub: new version from automake 1.4 1445 1446Wed Apr 28 00:21:17 1999 Assar Westerlund <assar@sics.se> 1447 1448 * Release 0.1e 1449 1450 * lib/krb5/mcache.c (mcc_get_next): get the current cursor 1451 correctly 1452 1453 * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code. 1454 From Ake Sandgren <ake@cs.umu.se> 1455 14561999-04-27 Johan Danielsson <joda@pdc.kth.se> 1457 1458 * kdc/kerberos5.c: fix arguments to decrypt_ticket 1459 14601999-04-25 Assar Westerlund <assar@sics.se> 1461 1462 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old 1463 DCE secd's that are not able to handle MD5 checksums by defaulting 1464 to MD4 if the keytype was DES-CBC-CRC 1465 1466 * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype 1467 1468 * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and 1469 `cksumtype' 1470 1471 * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for 1472 secd 1473 (init_tgs_req): add all supported enctypes for the keytype in 1474 `in_creds->session.keytype' if it's set 1475 1476 * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol 1477 encryption types 1478 (do_checksum): new function 1479 (verify_checksum): take the checksum to use from the checksum message 1480 and not from the crypto struct 1481 (etypes): add F_PSEUDO flags 1482 (krb5_keytype_to_enctypes): new function 1483 1484 * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype 1485 and cksumtype 1486 (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement 1487 (krb5_auth_setkeytype, krb5_auth_getkeytype): implement 1488 (krb5_auth_setenctype): comment out, it's rather bogus anyway 1489 1490Sun Apr 25 16:55:50 1999 Johan Danielsson <joda@pdc.kth.se> 1491 1492 * lib/krb5/krb5_locl.h: fix for stupid aix warnings 1493 1494 * lib/krb5/fcache.c (erase_file): don't malloc 1495 1496Sat Apr 24 18:35:21 1999 Johan Danielsson <joda@pdc.kth.se> 1497 1498 * kdc/config.c: pass context to krb5_config_file_free 1499 1500 * kuser/kinit.c: add `--fcache-version' to set cache version to 1501 create 1502 1503 * kuser/klist.c: print cache version if verbose 1504 1505 * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort 1506 1507 * lib/krb5/principal.c: abort -> krb5_abortx 1508 1509 * lib/krb5/mk_rep.c: abort -> krb5_abortx 1510 1511 * lib/krb5/config_file.c: abort -> krb5_abortx 1512 1513 * lib/krb5/context.c (init_context_from_config_file): init 1514 fcache_version; add krb5_{get,set}_fcache_version 1515 1516 * lib/krb5/keytab.c: add support for reading (and writing?) old 1517 version keytabs 1518 1519 * lib/krb5/cache.c: add krb5_cc_get_version 1520 1521 * lib/krb5/fcache.c: add support for reading and writing old 1522 version cache files 1523 1524 * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags 1525 1526 * lib/krb5/store_emem.c (krb5_storage_emem): zero flags 1527 1528 * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags 1529 1530 * lib/krb5/store.c: add flags to change how various fields are 1531 stored, used for old cache version support 1532 1533 * lib/krb5/krb5.h: add support for reading and writing old version 1534 cache files, and keytabs 1535 1536Wed Apr 21 00:09:26 1999 Assar Westerlund <assar@sics.se> 1537 1538 * configure.in: fix test for readline.h remember to link with 1539 $LIB_tgetent when trying linking with readline 1540 1541 * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time 1542 is given, request a postdated ticket. 1543 1544 * lib/krb5/data.c (krb5_data_free): free data as long as it's not 1545 NULL 1546 1547Tue Apr 20 20:18:14 1999 Assar Westerlund <assar@sics.se> 1548 1549 * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen 1550 1551 * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add 1552 1553 * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and 1554 KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is 1555 invalid 1556 1557Tue Apr 20 12:42:08 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1558 1559 * kpasswd/kpasswdd.c: don't try to load library by default; get 1560 library and function name from krb5.conf 1561 1562 * kpasswd/sample_passwd_check.c: sample password checking 1563 functions 1564 1565Mon Apr 19 22:22:19 1999 Assar Westerlund <assar@sics.se> 1566 1567 * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use 1568 krb5_data_alloc and be careful with checking allocation and sizes. 1569 1570 * kuser/klist.c (--tokens): conditionalize on KRB4 1571 1572 * kuser/kinit.c (renew_validate): set all flags 1573 (main): fix cut-n-paste error when setting start-time 1574 1575 * kdc/kerberos5.c (check_tgs_flags): starttime of a validate 1576 ticket should be > than current time 1577 (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket 1578 1579 * kuser/kinit.c (renew_validate): use the client realm instead of 1580 the local realm when renewing tickets. 1581 1582 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function 1583 (krb5_get_forwarded_creds): correct freeing of out_creds 1584 1585 * kuser/kinit.c (renew_validate): hopefully fix up freeing of 1586 memory 1587 1588 * configure.in: do all the krb4 tests with "$krb4" != "no" 1589 1590 * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero 1591 keyvalue if it's NULL. noticed by Ake Sandgren <ake@cs.umu.se> 1592 1593 * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes 1594 instead of just taking the first one. fix all callers. From 1595 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> 1596 1597 * kdc/kdc_locl.h (enable_kaserver): declaration 1598 1599 * kdc/hprop.c (ka_convert): print the failing principal. AFS 3.4a 1600 creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around. From 1601 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> 1602 1603 * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning 1604 1605 * kdc/connect.c (add_standard_ports, process_request): look at 1606 enable_kaserver. From "Brandon S. Allbery KF8NH" 1607 <allbery@kf8nh.apk.net> 1608 1609 * kdc/config.c: new flag --kaserver and config file option 1610 enable-kaserver. From "Brandon S. Allbery KF8NH" 1611 <allbery@kf8nh.apk.net> 1612 1613Mon Apr 19 12:32:04 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1614 1615 * configure.in: check for dlopen, and dlfcn.h 1616 1617 * kpasswd/kpasswdd.c: add support for dlopen:ing password quality 1618 check library 1619 1620 * configure.in: add appl/su 1621 1622Sun Apr 18 15:46:53 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 1623 1624 * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a 1625 cache 1626 1627Fri Apr 16 17:58:51 1999 Assar Westerlund <assar@sics.se> 1628 1629 * configure.in: LIB_kdb: -L should be before -lkdb 1630 test for prototype of strsep 1631 1632Thu Apr 15 11:34:38 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1633 1634 * lib/krb5/Makefile.am: update version 1635 1636 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use 1637 ALLOC_SEQ 1638 1639 * lib/krb5/fcache.c: add some support for reading and writing old 1640 cache formats; 1641 (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use 1642 krb5_ret_creds 1643 1644 * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc, 1645 initialize host_byteorder 1646 1647 * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize 1648 host_byteorder 1649 1650 * lib/krb5/store_emem.c (krb5_storage_emem): initialize 1651 host_byteorder 1652 1653 * lib/krb5/store.c (krb5_storage_set_host_byteorder): add; 1654 (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16): 1655 check host_byteorder flag; (krb5_store_creds): add; 1656 (krb5_ret_creds): add 1657 1658 * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for 1659 storage of numbers 1660 1661 * lib/krb5/heim_err.et: add `host not found' error 1662 1663 * kdc/connect.c: don't use data after clearing decriptor 1664 1665 * lib/krb5/auth_context.c: abort -> krb5_abortx 1666 1667 * lib/krb5/warn.c: add __attribute__; add *abort functions 1668 1669 * configure.in: check for __attribute__ 1670 1671 * kdc/connect.c: log bogus requests 1672 1673Tue Apr 13 18:38:05 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1674 1675 * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts 1676 for all DES keys 1677 16781999-04-12 Assar Westerlund <assar@sics.se> 1679 1680 * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit 1681 1682 * lib/krb5/get_cred.c (init_tgs_req): some more error checking 1683 1684 * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return 1685 value from malloc 1686 1687Sun Apr 11 03:47:23 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1688 1689 * lib/krb5/krb5.conf.5: update to reality 1690 1691 * lib/krb5/krb5_425_conv_principal.3: update to reality 1692 16931999-04-11 Assar Westerlund <assar@sics.se> 1694 1695 * lib/krb5/get_host_realm.c: handle more than one realm for a host 1696 1697 * kpasswd/kpasswd.c (main): use krb5_program_setup and 1698 print_version 1699 1700 * kdc/string2key.c (main): use krb5_program_setup and 1701 print_version 1702 1703Sun Apr 11 02:35:58 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1704 1705 * lib/krb5/principal.c (krb5_524_conv_principal): make it actually 1706 work, and check built-in list of host-type first-components 1707 1708 * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm 1709 1710 * lib/krb5/context.c: add srv_* flags to context 1711 1712 * lib/krb5/principal.c: add default v4_name_convert entries 1713 1714 * lib/krb5/krb5.h: add srv_* flags to context 1715 1716Sat Apr 10 22:52:28 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1717 1718 * kadmin/kadmin.c: complain about un-recognised commands 1719 1720 * admin/ktutil.c: complain about un-recognised commands 1721 1722Sat Apr 10 15:41:49 1999 Assar Westerlund <assar@sics.se> 1723 1724 * kadmin/load.c (doit): fix error message 1725 1726 * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths 1727 fail to match. 1728 (krb5_get_wrapped_length): new function 1729 1730 * configure.in: security/pam_modules.h: check for 1731 1732 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge 1733 around `ret_as_reply' semantics by only freeing it when ret == 0 1734 1735Fri Apr 9 20:24:04 1999 Assar Westerlund <assar@sics.se> 1736 1737 * kuser/klist.c (print_cred_verbose): handle the case of a bad 1738 enctype 1739 1740 * configure.in: test for more header files 1741 (LIB_roken): set 1742 1743Thu Apr 8 15:01:59 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1744 1745 * configure.in: fixes for building w/o krb4 1746 1747 * ltmain.sh: update to libtool 1.2d 1748 1749 * ltconfig: update to libtool 1.2d 1750 1751Wed Apr 7 23:37:26 1999 Assar Westerlund <assar@sics.se> 1752 1753 * kdc/hpropd.c: fix some error messages to be more understandable. 1754 1755 * kdc/hprop.c (ka_dump): remove unused variables 1756 1757 * appl/test/tcp_server.c: remove unused variables 1758 1759 * appl/test/gssapi_server.c: remove unused variables 1760 1761 * appl/test/gssapi_client.c: remove unused variables 1762 1763Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1764 1765 * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code 1766 1767 * kuser/klist.c: make it compile w/o krb4 1768 1769 * kuser/kdestroy.c: make it compile w/o krb4 1770 1771 * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help 1772 strings 1773 1774Mon Apr 5 16:13:46 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1775 1776 * configure.in: test for MIPS ABI; new test_package 1777 1778Thu Apr 1 11:00:40 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1779 1780 * include/Makefile.am: clean krb5-private.h 1781 1782 * Release 0.1d 1783 1784 * kpasswd/kpasswdd.c (doit): pass context to 1785 krb5_get_all_client_addrs 1786 1787 * kdc/connect.c (init_sockets): pass context to 1788 krb5_get_all_server_addrs 1789 1790 * lib/krb5/get_in_tkt.c (init_as_req): pass context to 1791 krb5_get_all_client_addrs 1792 1793 * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to 1794 krb5_get_all_client_addrs 1795 1796 * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses 1797 1798 * lib/krb5/krb5.h: add support for adding an extra set of 1799 addresses 1800 1801 * lib/krb5/context.c: add support for adding an extra set of 1802 addresses 1803 1804 * lib/krb5/addr_families.c: add krb5_parse_address 1805 1806 * lib/krb5/address.c: krb5_append_addresses 1807 1808 * lib/krb5/config_file.c (parse_binding): don't zap everything 1809 after first whitespace 1810 1811 * kuser/kinit.c (renew_validate): don't allocate out 1812 1813 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't 1814 allocate out_creds 1815 1816 * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make 1817 out_creds pointer; 1818 (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags): 1819 free more memory 1820 1821 * lib/krb5/crypto.c (encrypt_internal): free checksum 1822 1823 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply, 1824 and ticket 1825 1826 * kuser/Makefile.am: remove kfoo 1827 1828 * lib/Makefile.am: add auth 1829 1830 * lib/kadm5/iprop.h: getarg.h 1831 1832 * lib/kadm5/replay_log.c: use getarg 1833 1834 * lib/kadm5/ipropd_slave.c: use getarg 1835 1836 * lib/kadm5/ipropd_master.c: use getarg 1837 1838 * lib/kadm5/dump_log.c: use getarg 1839 1840 * kpasswd/kpasswdd.c: use getarg 1841 1842 * Makefile.am.common: make a more working check-local target 1843 1844 * lib/asn1/main.c: use getargs 1845 1846Mon Mar 29 20:19:57 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1847 1848 * kuser/klist.c (print_cred_verbose): use krb5_print_address 1849 1850 * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int 1851 1852 * lib/krb5/addr_families.c (krb5_print_address): handle unknown 1853 address types; (ipv6_print_addr): print in 16-bit groups (as it 1854 should) 1855 1856 * lib/krb5/crc.c: crc_{init_table,update} -> 1857 _krb5_crc_{init_table,update} 1858 1859 * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int 1860 crc_{init_table,update} -> _krb5_crc_{init_table,update} 1861 1862 * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int 1863 1864 * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int 1865 1866 * lib/krb5/krb5_locl.h: include krb5-private.h 1867 1868 * kdc/connect.c (addr_to_string): use krb5_print_address 1869 1870 * lib/krb5/addr_families.c (krb5_print_address): int -> size_t 1871 1872 * lib/krb5/addr_families.c: add support for printing ipv6 1873 addresses, either with inet_ntop, or ugly for-loop 1874 1875 * kdc/524.c: check that the ticket came from a valid address; use 1876 the address of the connection as the address to put in the v4 1877 ticket (if this address is AF_INET) 1878 1879 * kdc/connect.c: pass addr to do_524 1880 1881 * kdc/kdc_locl.h: prototype for do_524 1882 1883Sat Mar 27 17:48:31 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1884 1885 * configure.in: check for OSF C2; bind/bitypes.h, getudbnam, 1886 setlim; check for auth modules; siad.h, getpwnam_r; 1887 lib/auth/Makefile, lib/auth/sia/Makefile 1888 1889 * lib/krb5/crypto.c: n_fold -> _krb5_n_fold 1890 1891 * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold 1892 1893Thu Mar 25 04:35:21 1999 Assar Westerlund <assar@sics.se> 1894 1895 * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping 1896 it 1897 1898 * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data' 1899 1900 * lib/hdb/ndbm.c (NDBM_destroy): clear master key 1901 1902 * lib/hdb/db.c (DB_destroy): clear master key 1903 (DB_open): check malloc 1904 1905 * kdc/connect.c (init_sockets): free addresses 1906 1907 * kadmin/kadmin.c (main): make code more consistent. always free 1908 configuration information. 1909 1910 * kadmin/init.c (create_random_entry): free the entry 1911 1912Wed Mar 24 04:02:03 1999 Assar Westerlund <assar@sics.se> 1913 1914 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): 1915 re-organize the code to always free `kdc_reply' 1916 1917 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about 1918 freeing memory 1919 1920 * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close 1921 1922 * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto' 1923 1924 * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0 1925 header 1926 1927 * configure.in (db_185.h): check for 1928 1929 * admin/srvcreate.c: new file. contributed by Daniel Kouril 1930 <kouril@informatics.muni.cz> 1931 1932 * admin/ktutil.c: srvcreate: new command 1933 1934 * kuser/klist.c: add support for printing AFS tokens 1935 1936 * kuser/kdestroy.c: add support for destroying v4 tickets and AFS 1937 tokens. based on code by Love <lha@stacken.kth.se> 1938 1939 * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries 1940 1941 * configure.in: sys/ioccom.h: test for 1942 1943 * kuser/klist.c (main): don't print `no ticket file' with --test. 1944 From: Love <lha@e.kth.se> 1945 1946 * kpasswd/kpasswdd.c (doit): more braces to make gcc happy 1947 1948 * kdc/connect.c (init_socket): get rid of a stupid warning 1949 1950 * include/bits.c (my_strupr): cast away some stupid warnings 1951 1952Tue Mar 23 14:34:44 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1953 1954 * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite 1955 loops, please 1956 1957Tue Mar 23 00:00:45 1999 Assar Westerlund <assar@sics.se> 1958 1959 * lib/kadm5/Makefile.am (install_build_headers): recover from make 1960 rewriting the names of the headers kludge to help solaris make 1961 1962 * lib/krb5/Makefile.am: kludge to help solaris make 1963 1964 * lib/hdb/Makefile.am: kludge to help solaris make 1965 1966 * configure.in (LIB_kdb): make sure there's a -L option in here by 1967 adding $(LIB_krb4) 1968 1969 * lib/asn1/gen_glue.c (generate_2int, generate_int2): int -> 1970 unsigned 1971 1972 * configure.in (SunOS): set to a number KRB4, KRB5 conditionals: 1973 remove the `dnl' to work around an automake flaw 1974 1975Sun Mar 21 15:08:49 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 1976 1977 * lib/krb5/get_default_realm.c: char* -> krb5_realm 1978 1979Sun Mar 21 14:08:30 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1980 1981 * include/bits.c: <bind/bitypes.h> 1982 1983 * lib/krb5/Makefile.am: create krb5-private.h 1984 1985Sat Mar 20 00:08:59 1999 Assar Westerlund <assar@sics.se> 1986 1987 * configure.in (gethostname): remove duplicate 1988 1989Fri Mar 19 14:48:03 1999 Johan Danielsson <joda@hella.pdc.kth.se> 1990 1991 * lib/hdb/Makefile.am: add version-info 1992 1993 * lib/gssapi/Makefile.am: add version-info 1994 1995 * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der 1996 to check_PROGRAMS 1997 1998 * lib/Makefile.am: add 45 1999 2000 * lib/kadm5/Makefile.am: split in client and server libraries 2001 (breaks shared libraries otherwise) 2002 2003Thu Mar 18 11:33:30 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2004 2005 * include/kadm5/Makefile.am: clean a lot of header files (since 2006 automake lacks a clean-hook) 2007 2008 * include/Makefile.am: clean a lot of header files (since automake 2009 lacks a clean-hook) 2010 2011 * lib/kadm5/Makefile.am: fix build-installation of headers 2012 2013 * lib/krb5/Makefile.am: remove include_dir hack 2014 2015 * lib/hdb/Makefile.am: remove include_dir hack 2016 2017 * lib/asn1/Makefile.am: remove include_dir hack 2018 2019 * include/Makefile.am: remove include_dir hack 2020 2021 * doc/whatis.texi: define sub for html 2022 2023 * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h 2024 2025 * lib/asn1/Makefile.am: der.h 2026 2027 * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h 2028 2029 * kdc/Makefile.am: remove junk 2030 2031 * kadmin/Makefile.am: sl.a -> sl.la 2032 2033 * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS 2034 2035 * admin/Makefile.am: sl.a -> sl.la 2036 2037 * configure.in: condition KRB5; AC_CHECK_XAU 2038 2039 * Makefile.am: include Makefile.am.common 2040 2041 * include/kadm5/Makefile.am: include Makefile.am.common; don't 2042 install headers from here 2043 2044 * include/Makefile.am: include Makefile.am.common; don't install 2045 headers from here 2046 2047 * doc/Makefile.am: include Makefile.am.common 2048 2049 * lib/krb5/Makefile.am: include Makefile.am.common 2050 2051 * lib/kadm5/Makefile.am: include Makefile.am.common 2052 2053 * lib/hdb/Makefile.am: include Makefile.am.common 2054 2055 * lib/gssapi/Makefile.am: include Makefile.am.common 2056 2057 * lib/asn1/Makefile.am: include Makefile.am.common 2058 2059 * lib/Makefile.am: include Makefile.am.common 2060 2061 * lib/45/Makefile.am: include Makefile.am.common 2062 2063 * kuser/Makefile.am: include Makefile.am.common 2064 2065 * kpasswd/Makefile.am: include Makefile.am.common 2066 2067 * kdc/Makefile.am: include Makefile.am.common 2068 2069 * kadmin/Makefile.am: include Makefile.am.common 2070 2071 * appl/test/Makefile.am: include Makefile.am.common 2072 2073 * appl/afsutil/Makefile.am: include Makefile.am.common 2074 2075 * appl/Makefile.am: include Makefile.am.common 2076 2077 * admin/Makefile.am: include Makefile.am.common 2078 2079Wed Mar 17 03:04:38 1999 Assar Westerlund <assar@sics.se> 2080 2081 * lib/krb5/store.c (krb5_store_stringz): braces fix 2082 2083 * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix 2084 2085 * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix 2086 2087 * kdc/connect.c (loop): braces fix 2088 2089 * lib/krb5/config_file.c: cast to unsigned char to make is* happy 2090 2091 * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy 2092 2093 * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to 2094 be consistent 2095 2096 * kadmin/util.c (timeval2str): more braces to make gcc happy 2097 2098 * kadmin/load.c: cast in is* to get rid of stupid warning 2099 2100 * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid 2101 warning 2102 2103 * kdc/kaserver.c: malloc checks and fixes 2104 2105 * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading 2106 dot (if any) when looking up realms. 2107 2108Fri Mar 12 13:57:56 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 2109 2110 * lib/krb5/get_host_realm.c: add dns support 2111 2112 * lib/krb5/set_default_realm.c: use krb5_free_host_realm 2113 2114 * lib/krb5/free_host_realm.c: check for NULL realmlist 2115 2116 * lib/krb5/context.c: don't print warning if there is no krb5.conf 2117 2118Wed Mar 10 19:29:46 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2119 2120 * configure.in: use AC_WFLAGS 2121 2122Mon Mar 8 11:49:43 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2123 2124 * Release 0.1c 2125 2126 * kuser/klist.c: use print_version 2127 2128 * kuser/kdestroy.c: use print_version 2129 2130 * kdc/hpropd.c: use print_version 2131 2132 * kdc/hprop.c: use print_version 2133 2134 * kdc/config.c: use print_version 2135 2136 * kadmin/kadmind.c: use print_version 2137 2138 * kadmin/kadmin.c: use print_version 2139 2140 * appl/test/common.c: use print_version 2141 2142 * appl/afsutil/afslog.c: use print_version 2143 2144Mon Mar 1 10:49:14 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2145 2146 * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN -> 2147 HAVE_STRUCT_SOCKADDR_SA_LEN 2148 2149 * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13 2150 2151Sun Feb 28 18:19:20 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2152 2153 * lib/asn1/gen.c: make `BIT STRING's unsigned 2154 2155 * lib/asn1/{symbol.h,gen.c}: add TUInteger type 2156 2157 * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to 2158 krb5_get_init_creds_password 2159 2160 * lib/krb5/fcache.c (fcc_gen_new): implement 2161 2162Sat Feb 27 22:41:23 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2163 2164 * doc/install.texi: krb4 is now automatically detected 2165 2166 * doc/misc.texi: update procedure to set supported encryption 2167 types 2168 2169 * doc/setup.texi: change some silly wordings 2170 2171Sat Feb 27 22:17:30 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 2172 2173 * lib/krb5/keytab.c (fkt_remove_entry): make this work 2174 2175 * admin/ktutil.c: add minimally working `get' command 2176 2177Sat Feb 27 19:44:49 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2178 2179 * lib/hdb/convert_db.c: more typos 2180 2181 * include/Makefile.am: remove EXTRA_DATA (as of autoconf 2182 2.13/automake 1.4) 2183 2184 * appl/Makefile.am: OTP_dir 2185 2186Fri Feb 26 17:37:00 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2187 2188 * doc/setup.texi: add kadmin section 2189 2190 * lib/asn1/check-der.c: fix printf warnings 2191 2192Thu Feb 25 11:16:49 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2193 2194 * configure.in: -O does not belong in WFLAGS 2195 2196Thu Feb 25 11:05:57 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 2197 2198 * lib/asn1/der_put.c: fix der_put_int 2199 2200Tue Feb 23 20:35:12 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2201 2202 * configure.in: use AC_BROKEN_GLOB 2203 2204Mon Feb 22 15:12:44 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 2205 2206 * configure.in: check for glob 2207 2208Mon Feb 22 11:32:42 1999 Johan Danielsson <joda@hella.pdc.kth.se> 2209 2210 * Release 0.1b 2211 2212Sat Feb 20 15:48:06 1999 Johan Danielsson <joda@blubb.pdc.kth.se> 2213 2214 * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and 2215 des3-cbc-md5 2216 2217 * lib/krb5/crypto.c (DES3_string_to_key): make this actually do 2218 what the draft said it should 2219 2220 * lib/hdb/convert_db.c: little program for database conversion 2221 2222 * lib/hdb/db.c (DB_open): try to open database w/o .db extension 2223 2224 * lib/hdb/ndbm.c (NDBM_open): add test for database format 2225 2226 * lib/hdb/db.c (DB_open): add test for database format 2227 2228 * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being 2229 unsigned 2230 2231 * lib/hdb/hdb.c: change `hdb_set_master_key' to take an 2232 EncryptionKey, and add a new function `hdb_set_master_keyfile' to 2233 do what `hdb_set_master_key' used to do 2234 2235 * kdc/kstash.c: add `--convert-file' option to change keytype of 2236 existing master key file 2237 2238Fri Feb 19 07:04:14 1999 Assar Westerlund <assar@squid.pdc.kth.se> 2239 2240 * Release 0.1a 2241 2242Sat Feb 13 17:12:53 1999 Assar Westerlund <assar@sics.se> 2243 2244 * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf 2245 is now a `u_char *' 2246 2247 * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int' 2248 2249 * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize 2250 orig_host 2251 2252 (krb5_salttype_to_string): new function (RSA_MD5_DES_verify, 2253 RSA_MD5_DES3_verify): initialize ret 2254 2255 * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary 2256 gssapi_krb5_init. ask for KEYTYPE_DES credentials 2257 2258 * kadmin/get.c (print_entry_long): print the keytypes and salts 2259 available for the principal 2260 2261 * configure.in (WFLAGS): add `-O' to catch unitialized variables 2262 and such 2263 (gethostname, mkstemp, getusershell, inet_aton): more tests 2264 2265 * lib/hdb/hdb.h: update prototypes 2266 2267 * configure.in: homogenize broken detection with krb4 2268 2269 * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused 2270 `error' 2271 2272 * lib/asn1/Makefile.am (check-der): add 2273 2274 * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead 2275 of `unsigned' 2276 2277 * lib/asn1/der_length.c (length_unsigned): new function 2278 (length_int): handle signed integers 2279 2280 * lib/asn1/der_put.c (der_put_unsigned): new function 2281 (der_put_int): handle signed integers 2282 2283 * lib/asn1/der_get.c (der_get_unsigned): new function 2284 (der_get_int): handle signed integers 2285 2286 * lib/asn1/der.h: all integer functions take `int' instead of 2287 `unsigned' 2288 2289 * lib/asn1/lex.l (filename): unused. remove. 2290 2291 * lib/asn1/check-der.c: new test program for der encoding and 2292 decoding. 2293 2294Mon Feb 1 04:09:06 1999 Assar Westerlund <assar@sics.se> 2295 2296 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call 2297 gethostbyname2 with AF_INET6 if we actually have IPv6. From 2298 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net> 2299 2300 * lib/krb5/changepw.c (get_kdc_address): dito 2301 2302Sun Jan 31 06:26:36 1999 Assar Westerlund <assar@sics.se> 2303 2304 * kdc/connect.c (parse_prots): always bind to AF_INET, there are 2305 v6-implementations without support for `mapped V4 addresses'. 2306 From Jun-ichiro itojun Hagino <itojun@kame.net> 2307 2308Sat Jan 30 22:38:27 1999 Assar Westerlund <assar@juguete.sics.se> 2309 2310 * Release 0.0u 2311 2312Sat Jan 30 13:43:02 1999 Assar Westerlund <assar@sics.se> 2313 2314 * lib/krb5/Makefile.am: explicit rules for *.et files 2315 2316 * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if 2317 krb5_get_credentials was succesful. 2318 (get_new_cache): return better error codes and return earlier. 2319 (get_cred_cache): only delete default_client if it's different 2320 from client 2321 (kadm5_c_init_with_context): return a more descriptive error. 2322 2323 * kdc/kerberos5.c (check_flags): handle NULL client or server 2324 2325 * lib/krb5/sendauth.c (krb5_sendauth): return the error in 2326 `ret_error' iff != NULL 2327 2328 * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents): 2329 new functions 2330 2331 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more 2332 type-correctness 2333 2334 * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR 2335 2336 * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use 2337 2338 * lib/krb5/get_cred.c: KRB5_TGS_NAME: use 2339 2340 * lib/kafs/afskrb5.c (afslog_uid_int): update to changes 2341 2342 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove 2343 instead of rename, but shouldn't this just call rename? 2344 2345 * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an 2346 error if the principal wasn't found. 2347 2348 * lib/hdb/ndbm.c (NDBM_seq): unseal key 2349 2350 * lib/hdb/db.c (DB_seq): unseal key 2351 2352 * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch] 2353 2354 * kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when 2355 finding cross-realm tgts in the v4 database 2356 2357 * kadmin/mod.c (mod_entry): check the number of arguments. check 2358 that kadm5_get_principal worked. 2359 2360 * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if 2361 we weren't able to remove it. 2362 2363 * admin/ktutil.c: less drive-by-deleting. From Love 2364 <lha@e.kth.se> 2365 2366 * kdc/connect.c (parse_ports): copy the string before mishandling 2367 it with strtok_r 2368 2369 * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching 2370 kvnos 2371 2372 * kadmin/kadmind.c (main): convert `debug_port' to network byte 2373 order 2374 2375 * kadmin/kadmin.c: allow specification of port number. 2376 2377 * lib/kadm5/kadm5_locl.h (kadm5_client_context): add 2378 `kadmind_port'. 2379 2380 * lib/kadm5/init_c.c (_kadm5_c_init_context): move up 2381 initalize_kadm5_error_table_r. 2382 allow specification of port number. 2383 2384 From Love <lha@stacken.kth.se> 2385 2386 * kuser/klist.c: add option -t | --test 2387 2388Sat Dec 5 19:49:34 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2389 2390 * lib/krb5/context.c: remove ktype_is_etype 2391 2392 * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE 2393 2394 * configure.in: fix for AIX install; better tests for AIX dynamic 2395 AFS libs; `--enable-new-des3-code' 2396 2397Tue Dec 1 14:44:44 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2398 2399 * appl/afsutil/Makefile.am: link with extra libs for aix 2400 2401 * kuser/Makefile.am: link with extra libs for aix 2402 2403Sun Nov 29 01:56:21 1998 Assar Westerlund <assar@sics.se> 2404 2405 * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add. almost 2406 the same as krb5_get_all_client_addrs except that it includes 2407 loopback addresses 2408 2409 * kdc/connect.c (init_socket): bind to a particular address 2410 (init_sockets): get all local addresses and bind to them all 2411 2412 * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new 2413 methods 2414 (find_af, find_atype): new functions. use them. 2415 2416 * configure.in: add hesiod 2417 2418Wed Nov 25 11:37:48 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2419 2420 * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03 2421 2422Mon Nov 23 12:53:48 1998 Assar Westerlund <assar@sics.se> 2423 2424 * lib/kadm5/log.c: rename delete -> remove 2425 2426 * lib/kadm5/delete_s.c: rename delete -> remove 2427 2428 * lib/hdb/common.c: rename delete -> remove 2429 2430Sun Nov 22 12:26:26 1998 Assar Westerlund <assar@sics.se> 2431 2432 * configure.in: check for environ and `struct spwd' 2433 2434Sun Nov 22 11:42:45 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 2435 2436 * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if 2437 ktype_is_etype 2438 2439 * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate 2440 etypes 2441 (em): sort entries 2442 2443Sun Nov 22 06:54:48 1998 Assar Westerlund <assar@sics.se> 2444 2445 * lib/krb5/init_creds_pw.c: more type correctness 2446 2447 * lib/krb5/get_cred.c: re-structure code. remove limits on ASN1 2448 generated bits. 2449 2450Sun Nov 22 01:49:50 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2451 2452 * kdc/hprop.c (v4_prop): fix bogus indexing 2453 2454Sat Nov 21 21:39:20 1998 Assar Westerlund <assar@sics.se> 2455 2456 * lib/krb5/verify_init.c (fail_verify_is_ok): new function 2457 (krb5_verify_init_creds): if we cannot get a ticket for 2458 host/`hostname` and fail_verify_is_ok just return. use 2459 krb5_rd_req 2460 2461Sat Nov 21 23:12:27 1998 Assar Westerlund <assar@sics.se> 2462 2463 * lib/krb5/free.c (krb5_xfree): new function 2464 2465 * lib/krb5/creds.c (krb5_free_creds_contents): new function 2466 2467 * lib/krb5/context.c: more type correctness 2468 2469 * lib/krb5/checksum.c: more type correctness 2470 2471 * lib/krb5/auth_context.c (krb5_auth_con_init): more type 2472 correctness 2473 2474 * lib/asn1/der_get.c (der_get_length): fix test of len 2475 (der_get_tag): more type correctness 2476 2477 * kuser/klist.c (usage): void-ize 2478 2479 * admin/ktutil.c (kt_remove): some more type correctness. 2480 2481Sat Nov 21 16:49:20 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2482 2483 * kuser/klist.c: try to list enctypes as keytypes 2484 2485 * kuser/kinit.c: remove extra `--cache' option, add `--enctypes' 2486 to set list of enctypes to use 2487 2488 * kadmin/load.c: load strings as hex 2489 2490 * kadmin/dump.c: dump hex as string is possible 2491 2492 * admin/ktutil.c: use print_version() 2493 2494 * configure.in, acconfig.h: test for hesiod 2495 2496Sun Nov 15 17:28:19 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2497 2498 * lib/krb5/crypto.c: add some crypto debug code 2499 2500 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed 2501 buffer when encoding ticket 2502 2503 * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype' 2504 2505 * kdc/kerberos5.c: allow mis-match of tgt session key, and service 2506 session key 2507 2508 * admin/ktutil.c: keytype -> enctype 2509 2510Fri Nov 13 05:35:48 1998 Assar Westerlund <assar@sics.se> 2511 2512 * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added 2513 2514Sat Nov 7 19:56:31 1998 Assar Westerlund <assar@sics.se> 2515 2516 * lib/krb5/get_cred.c (add_cred): add termination NULL pointer 2517 2518Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se> 2519 2520 * lib/krb5/rd_req.c: adapt to new crypto api 2521 2522 * lib/krb5/rd_rep.c: adapt to new crypto api 2523 2524 * lib/krb5/rd_priv.c: adopt to new crypto api 2525 2526 * lib/krb5/rd_cred.c: adopt to new crypto api 2527 2528 * lib/krb5/principal.c: ENOMEM -> ERANGE 2529 2530 * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api 2531 2532 * lib/krb5/mk_req_ext.c: adopt to new crypto api 2533 2534 * lib/krb5/mk_req.c: get enctype from auth_context keyblock 2535 2536 * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api 2537 2538 * lib/krb5/mk_priv.c: adopt to new crypto api 2539 2540 * lib/krb5/keytab.c: adopt to new crypto api 2541 2542 * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api 2543 2544 * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api 2545 2546 * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api 2547 2548 * lib/krb5/get_in_tkt.c: adopt to new crypto api 2549 2550 * lib/krb5/get_cred.c: adopt to new crypto api 2551 2552 * lib/krb5/generate_subkey.c: use new crypto api 2553 2554 * lib/krb5/context.c: rename etype functions to enctype ditto 2555 2556 * lib/krb5/build_auth.c: use new crypto api 2557 2558 * lib/krb5/auth_context.c: remove enctype and cksumtype from 2559 auth_context 2560 2561Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se> 2562 2563 * kdc/connect.c (handle_udp, handle_tcp): correct type of `n' 2564 2565Tue Sep 15 18:41:38 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2566 2567 * admin/ktutil.c: fix printing of unrecognized keytypes 2568 2569Tue Sep 15 17:02:33 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2570 2571 * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if 2572 using AFS3 salt 2573 2574Tue Aug 25 23:30:52 1998 Assar Westerlund <assar@sics.se> 2575 2576 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about 2577 `use_admin_kdc' 2578 2579 * lib/krb5/changepw.c (get_kdc_address): use 2580 krb5_get_krb_admin_hst 2581 2582 * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function 2583 2584 * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc' 2585 2586 * lib/krb5/context.c (krb5_get_use_admin_kdc, 2587 krb5_set_use_admin_kdc): new functions 2588 2589Tue Aug 18 22:24:12 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2590 2591 * lib/krb5/crypto.c: remove all calls to abort(); check return 2592 value from _key_schedule; 2593 (RSA_MD[45]_DES_verify): zero tmp and res; 2594 (RSA_MD5_DES3_{verify,checksum}): implement 2595 2596Mon Aug 17 20:18:46 1998 Assar Westerlund <assar@sics.se> 2597 2598 * kdc/kerberos4.c (swap32): conditionalize 2599 2600 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function 2601 2602 * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname 2603 returned from gethostby*() isn't a FQDN, try with the original 2604 hostname 2605 2606 * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal 2607 and correct key usage 2608 2609 * lib/krb5/crypto.c (verify_checksum): make static 2610 2611 * admin/ktutil.c (kt_list): use krb5_enctype_to_string 2612 2613Sun Aug 16 20:57:56 1998 Assar Westerlund <assar@sics.se> 2614 2615 * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt 2616 2617 * kadmin/ank.c (ank): print principal name in prompt 2618 2619 * lib/krb5/crypto.c (hmac): always allocate space for checksum. 2620 never trust c.checksum.length 2621 (_get_derived_key): try to return the derived key 2622 2623Sun Aug 16 19:48:42 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2624 2625 * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs 2626 (get_checksum_key): assume usage is `formatted' 2627 (create_checksum,verify_checksum): moved the guts of the krb5_* 2628 functions here, both take `formatted' key-usages 2629 (encrypt_internal_derived): fix various bogosities 2630 (derive_key): drop key_type parameter (already given by the 2631 encryption_type) 2632 2633 * kdc/kerberos5.c (check_flags): handle case where client is NULL 2634 2635 * kdc/connect.c (process_request): return zero after processing 2636 kerberos 4 request 2637 2638Sun Aug 16 18:38:15 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 2639 2640 * lib/krb5/crypto.c: merge x-*.[ch] into one file 2641 2642 * lib/krb5/cache.c: remove residual from krb5_ccache_data 2643 2644Fri Aug 14 16:28:23 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2645 2646 * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to 2647 separate function (will eventually end up someplace else) 2648 2649 * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key 2650 2651 * configure.in, acconfig.h: test for four valued krb_put_int 2652 2653Thu Aug 13 23:46:29 1998 Assar Westerlund <assar@emma.pdc.kth.se> 2654 2655 * Release 0.0t 2656 2657Thu Aug 13 22:40:17 1998 Assar Westerlund <assar@sics.se> 2658 2659 * lib/krb5/config_file.c (parse_binding): remove trailing 2660 whitespace 2661 2662Wed Aug 12 20:15:11 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2663 2664 * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type 2665 to krb5_create_checksum 2666 2667 * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a 2668 few typos 2669 2670Wed Aug 5 12:39:54 1998 Assar Westerlund <assar@emma.pdc.kth.se> 2671 2672 * Release 0.0s 2673 2674Thu Jul 30 23:12:17 1998 Assar Westerlund <assar@sics.se> 2675 2676 * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die 2677 2678Thu Jul 23 19:49:03 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2679 2680 * kdc/kdc_locl.h: proto for `get_des_key' 2681 2682 * configure.in: test for four valued el_init 2683 2684 * kuser/klist.c: keytype -> enctype 2685 2686 * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*' 2687 2688 * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys 2689 2690 * kdc/kaserver.c: use `get_des_key' 2691 2692 * kdc/524.c: use new crypto api 2693 2694 * kdc/kerberos4.c: use new crypto api 2695 2696 * kdc/kerberos5.c: always treat keytypes as enctypes; use new 2697 crypto api 2698 2699 * kdc/kstash.c: adapt to new crypto api 2700 2701 * kdc/string2key.c: adapt to new crypto api 2702 2703 * admin/srvconvert.c: add keys for all possible enctypes 2704 2705 * admin/ktutil.c: keytype -> enctype 2706 2707 * lib/gssapi/init_sec_context.c: get enctype from auth_context 2708 keyblock 2709 2710 * lib/hdb/hdb.c: remove hdb_*_keytype2key 2711 2712 * lib/kadm5/set_keys.c: adapt to new crypto api 2713 2714 * lib/kadm5/rename_s.c: adapt to new crypto api 2715 2716 * lib/kadm5/get_s.c: adapt to new crypto api 2717 2718 * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4, 2719 des-cbc-md5, and des3-cbc-sha1 2720 2721 * lib/krb5/heim_err.et: error message for unsupported salt 2722 2723 * lib/krb5/codec.c: short-circuit these functions, since they are 2724 not needed any more 2725 2726 * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api 2727 2728Mon Jul 13 23:00:59 1998 Assar Westerlund <assar@sics.se> 2729 2730 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance 2731 hostent->h_addr_list, use a copy instead 2732 2733Mon Jul 13 15:00:31 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2734 2735 * lib/krb5/config_file.c (parse_binding, parse_section): make sure 2736 everything is ok before adding to linked list 2737 2738 * lib/krb5/config_file.c: skip ws before checking for comment 2739 2740Wed Jul 8 10:45:45 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2741 2742 * lib/asn1/k5.asn1: hmac-sha1-des3 = 12 2743 2744Tue Jun 30 18:08:05 1998 Assar Westerlund <assar@sics.se> 2745 2746 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the 2747 unopened file 2748 2749 * lib/krb5/mk_priv.c: realloc correctly 2750 2751 * lib/krb5/get_addrs.c (find_all_addresses): init j 2752 2753 * lib/krb5/context.c (krb5_init_context): print error if parsing 2754 of config file produced an error. 2755 2756 * lib/krb5/config_file.c (parse_list, krb5_config_parse_file): 2757 ignore more spaces 2758 2759 * lib/krb5/codec.c (krb5_encode_EncKrbCredPart, 2760 krb5_encode_ETYPE_INFO): initialize `ret' 2761 2762 * lib/krb5/build_auth.c (krb5_build_authenticator): realloc 2763 correctly 2764 2765 * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret' 2766 2767 * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing 2768 with default_client 2769 2770 * kuser/kinit.c (main): initialize `ticket_life' 2771 2772 * kdc/kerberos5.c (get_pa_etype_info): initialize `ret' 2773 (tgs_rep2): initialize `krbtgt' 2774 2775 * kdc/connect.c (do_request): check for errors from `sendto' 2776 2777 * kdc/524.c (do_524): initialize `ret' 2778 2779 * kadmin/util.c (foreach_principal): don't clobber `ret' 2780 2781 * kadmin/del.c (del_entry): don't apply on zeroth argument 2782 2783 * kadmin/cpw.c (do_cpw_entry): initialize `ret' 2784 2785Sat Jun 13 04:14:01 1998 Assar Westerlund <assar@juguete.sics.se> 2786 2787 * Release 0.0r 2788 2789Sun Jun 7 04:13:14 1998 Assar Westerlund <assar@sics.se> 2790 2791 * lib/krb5/addr_families.c: fall-back definition of 2792 IN6_ADDR_V6_TO_V4 2793 2794 * configure.in: only set CFLAGS if it wasn't set look for 2795 dn_expand and res_search 2796 2797Mon Jun 1 21:28:07 1998 Assar Westerlund <assar@sics.se> 2798 2799 * configure.in: remove duplicate seteuid 2800 2801Sat May 30 00:19:51 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2802 2803 * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid 2804 runtime dependencies on libkrb with some shared library 2805 implementations 2806 2807Fri May 29 00:09:02 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2808 2809 * kuser/kinit_options.c: Default options for kinit. 2810 2811 * kuser/kauth_options.c: Default options for kauth. 2812 2813 * kuser/kinit.c: Implement lots a new options. 2814 2815 * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime 2816 is not NULL; set endtime to min of new starttime + old_life, and 2817 requested endtime 2818 2819 * lib/krb5/init_creds_pw.c (get_init_creds_common): if the 2820 forwardable or proxiable flags are set in options, set the 2821 kdc-flags to the value specified, and not always to one 2822 2823Thu May 28 21:28:06 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2824 2825 * kdc/kerberos5.c: Optionally compare client address to addresses 2826 in ticket. 2827 2828 * kdc/connect.c: Pass client address to as_rep() and tgs_rep(). 2829 2830 * kdc/config.c: Add check_ticket_addresses, and 2831 allow_null_ticket_addresses variables. 2832 2833Tue May 26 14:03:42 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2834 2835 * lib/kadm5/create_s.c: possibly make DES keys version 4 salted 2836 2837 * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt 2838 before zapping version 4 salts 2839 2840Sun May 24 05:22:17 1998 Assar Westerlund <assar@sics.se> 2841 2842 * Release 0.0q 2843 2844 * lib/krb5/aname_to_localname.c: new file 2845 2846 * lib/gssapi/init_sec_context.c (repl_mutual): no output token 2847 2848 * lib/gssapi/display_name.c (gss_display_name): zero terminate 2849 output. 2850 2851Sat May 23 19:11:07 1998 Assar Westerlund <assar@sics.se> 2852 2853 * lib/gssapi/display_status.c: new file 2854 2855 * Makefile.am: send -I to aclocal 2856 2857 * configure.in: remove duplicate setenv 2858 2859Sat May 23 04:55:19 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2860 2861 * kadmin/util.c (foreach_principal): Check for expression before 2862 wading through the whole database. 2863 2864 * kadmin/kadmin.c: Pass NULL password to 2865 kadm5_*_init_with_password. 2866 2867 * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use 2868 of `password' parameter to init_with_password. 2869 2870 * lib/kadm5/init_s.c: implement init_with_{skey,creds}* 2871 2872 * lib/kadm5/server.c: Better arguments for 2873 kadm5_init_with_password. 2874 2875Sat May 16 07:10:36 1998 Assar Westerlund <assar@sics.se> 2876 2877 * kdc/hprop.c: conditionalize ka-server reading support on 2878 KASERVER_DB 2879 2880 * configure.in: new option `--enable-kaserver-db' 2881 2882Fri May 15 19:39:18 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 2883 2884 * lib/krb5/get_cred.c: Better error if local tgt couldn't be 2885 found. 2886 2887Tue May 12 21:11:02 1998 Assar Westerlund <assar@sics.se> 2888 2889 * Release 0.0p 2890 2891 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set 2892 encryption type in auth_context if it's compatible with the type 2893 of the session key 2894 2895Mon May 11 21:11:14 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2896 2897 * kdc/hprop.c: add support for ka-server databases 2898 2899 * appl/ftp/ftpd: link with -lcrypt, if needed 2900 2901Fri May 1 07:29:52 1998 Assar Westerlund <assar@sics.se> 2902 2903 * configure.in: don't test for winsock.h 2904 2905Sat Apr 18 21:43:11 1998 Johan Danielsson <joda@puffer.pdc.kth.se> 2906 2907 * Release 0.0o 2908 2909Sat Apr 18 00:31:11 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 2910 2911 * lib/krb5/sock_principal.c: Save hostname. 2912 2913Sun Apr 5 11:29:45 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2914 2915 * lib/krb5/mk_req_ext.c: Use same enctype as in ticket. 2916 2917 * kdc/hprop.c (v4_prop): Check for null key. 2918 2919Fri Apr 3 03:54:54 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 2920 2921 * lib/krb5/str2key.c: Fix DES3 string-to-key. 2922 2923 * lib/krb5/keytab.c: Get default keytab name from context. 2924 2925 * lib/krb5/context.c: Get `default_keytab_name' value. 2926 2927 * kadmin/util.c (foreach_principal): Print error message if 2928 `kadm5_get_principals' fails. 2929 2930 * kadmin/kadmind.c: Use `kadmind_loop'. 2931 2932 * lib/kadm5/server.c: Replace several other functions with 2933 `kadmind_loop'. 2934 2935Sat Mar 28 09:49:18 1998 Assar Westerlund <assar@sics.se> 2936 2937 * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead 2938 of O_APPEND 2939 2940 * configure.in: generate ftp Makefiles 2941 2942 * kuser/klist.c (print_cred_verbose): print IPv4-address in a 2943 portable way. 2944 2945 * admin/srvconvert.c (srvconv): return 0 if successful 2946 2947Tue Mar 24 00:40:33 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2948 2949 * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to 2950 keytab entries, and change default keytab to `/etc/krb5.keytab'. 2951 2952Mon Mar 23 23:43:59 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2953 2954 * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'. 2955 2956 * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'. 2957 Fix bug in checking of pad. 2958 2959 * lib/gssapi/{un,}wrap.c: Add support for just integrity 2960 protecting data. 2961 2962 * lib/gssapi/accept_sec_context.c: Use 2963 `gssapi_krb5_verify_8003_checksum'. 2964 2965 * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'. 2966 2967 * lib/gssapi/init_sec_context.c: Zero cred, and store session key 2968 properly in auth-context. 2969 2970Sun Mar 22 00:47:22 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2971 2972 * lib/kadm5/delete_s.c: Check immutable bit. 2973 2974 * kadmin/kadmin.c: Pass client name to kadm5_init. 2975 2976 * lib/kadm5/init_c.c: Get creds for client name passed in. 2977 2978 * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'. 2979 2980Sat Mar 21 22:57:13 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2981 2982 * lib/krb5/mk_error.c: Verify that error_code is in the range 2983 [0,127]. 2984 2985 * kdc/kerberos5.c: Move checking of principal flags to new 2986 function `check_flags'. 2987 2988Sat Mar 21 14:38:51 1998 Assar Westerlund <assar@sics.se> 2989 2990 * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt 2991 2992 * configure.in: define SunOS if running solaris 2993 2994Sat Mar 21 00:26:34 1998 Johan Danielsson <joda@emma.pdc.kth.se> 2995 2996 * lib/kadm5/server.c: Unifdef test for same principal when 2997 changing password. 2998 2999 * kadmin/util.c: If kadm5_get_principals failes, we might still be 3000 able to perform the requested opreration (for instance someone if 3001 trying to change his own password). 3002 3003 * lib/kadm5/init_c.c: Try to get ticket via initial request, if 3004 not possible via tgt. 3005 3006 * lib/kadm5/server.c: Check for principals changing their own 3007 passwords. 3008 3009 * kdc/kerberos5.c (tgs_rep2): check for interesting flags on 3010 involved principals. 3011 3012 * kadmin/util.c: Fix order of flags. 3013 3014Thu Mar 19 16:54:10 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3015 3016 * kdc/kerberos4.c: Return sane error code if krb_rd_req fails. 3017 3018Wed Mar 18 17:11:47 1998 Assar Westerlund <assar@sics.se> 3019 3020 * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6 3021 3022Wed Mar 18 09:58:18 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3023 3024 * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't 3025 free keyseed; use correct keytab 3026 3027Tue Mar 10 09:56:16 1998 Assar Westerlund <assar@sics.se> 3028 3029 * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives 3030 3031Mon Mar 16 23:58:23 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3032 3033 * Release 0.0n 3034 3035Fri Mar 6 00:41:30 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3036 3037 * lib/gssapi/{accept_sec_context,release_cred}.c: Use 3038 krb5_kt_close/krb5_kt_resolve. 3039 3040 * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver 3041 to lookup hosts, so CNAMEs can be ignored. 3042 3043 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http): 3044 Add support for using proxy. 3045 3046 * lib/krb5/context.c: Initialize `http_proxy' from 3047 `libdefaults/http_proxy'. 3048 3049 * lib/krb5/krb5.h: Add `http_proxy' to context. 3050 3051 * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol 3052 specifications. 3053 3054Wed Mar 4 01:47:29 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3055 3056 * admin/ktutil.c: Implement `add' and `remove' functions. Make 3057 `--keytab' a global option. 3058 3059 * lib/krb5/keytab.c: Implement remove with files. Add memory 3060 operations. 3061 3062Tue Mar 3 20:09:59 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3063 3064 * lib/krb5/keytab.c: Use function pointers. 3065 3066 * admin: Remove kdb_edit. 3067 3068Sun Mar 1 03:28:42 1998 Assar Westerlund <assar@sics.se> 3069 3070 * lib/kadm5/dump_log.c: print operation names 3071 3072Sun Mar 1 03:04:12 1998 Assar Westerlund <assar@sics.se> 3073 3074 * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth} 3075 3076 * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c: 3077 remove arbitrary limit 3078 3079 * kdc/hprop-common.c: use krb5_{read,write}_message 3080 3081 * lib/kadm5/ipropd_master.c (send_diffs): more careful use 3082 krb5_{write,read}_message 3083 3084 * lib/kadm5/ipropd_slave.c (get_creds): get credentials for 3085 `iprop/master' directly. 3086 (main): use `krb5_read_message' 3087 3088Sun Mar 1 02:05:11 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3089 3090 * kadmin/kadmin.c: Cleanup commands list, and add help strings. 3091 3092 * kadmin/get.c: Add long, short, and terse (equivalent to `list') 3093 output formats. Short is the default. 3094 3095 * kadmin/util.c: Add `include_time' flag to timeval2str. 3096 3097 * kadmin/init.c: Max-life and max-renew can, infact, be zero. 3098 3099 * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'. 3100 3101 * kadmin/util.c: Add function `foreach_principal', that loops over 3102 all principals matching an expression. 3103 3104 * kadmin/kadmin.c: Add usage string to `privileges'. 3105 3106 * lib/kadm5/get_princs_s.c: Also try to match aganist the 3107 expression appended with `@default-realm'. 3108 3109 * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that 3110 excludes the realm if it's the same as the default realm. 3111 3112Fri Feb 27 05:02:21 1998 Assar Westerlund <assar@sics.se> 3113 3114 * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing 3115 headers and functions error -> com_err 3116 3117 (krb5_get_init_creds_keytab): use krb5_keytab_key_proc 3118 3119 * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc' 3120 global 3121 3122 * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data' 3123 3124 * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere. 3125 3126Fri Feb 27 04:49:24 1998 Assar Westerlund <assar@sics.se> 3127 3128 * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240. 3129 This should be fixed the correct way. 3130 3131 * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly 3132 (send_diffs): compare versions correctly 3133 (main): reorder handling of events 3134 3135 * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion 3136 3137Thu Feb 26 02:22:35 1998 Assar Westerlund <assar@sics.se> 3138 3139 * lib/kadm5/ipropd_{slave,master}.c: new files 3140 3141 * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as 3142 argument 3143 3144 * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct 3145 et_list *' 3146 3147 * aux/make-proto.pl: Should work with perl4 3148 3149Mon Feb 16 17:20:22 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3150 3151 * lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via 3152 {asn1,krb5}_err.h). 3153 3154Thu Feb 12 03:28:40 1998 Assar Westerlund <assar@sics.se> 3155 3156 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference 3157 is larger than max_skew, return KRB5KRB_AP_ERR_SKEW 3158 3159 * lib/kadm5/log.c (get_version): globalize 3160 3161 * lib/kadm5/kadm5_locl.h: include <sys/file.h> 3162 3163 * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY 3164 3165 * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of 3166 initializing local struct in declaration. 3167 3168Sat Jan 31 17:28:58 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3169 3170 * kdc/524.c: Use krb5_decode_EncTicketPart. 3171 3172 * kdc/kerberos5.c: Check at runtime whether to use enctypes 3173 instead of keytypes. If so use the same value to encrypt ticket, 3174 and kdc-rep as well as `keytype' for session key. Fix some obvious 3175 bugs with the handling of additional tickets. 3176 3177 * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and 3178 krb5_decode_Authenticator. 3179 3180 * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart. 3181 3182 * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart. 3183 3184 * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption 3185 type, and not a key type. Use krb5_encode_EncAPRepPart. 3186 3187 * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO. 3188 3189 * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart. 3190 3191 * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart. 3192 3193 * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart. 3194 3195 * lib/krb5/build_auth.c: Use krb5_encode_Authenticator. 3196 3197 * lib/krb5/codec.c: Enctype conversion stuff. 3198 3199 * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running 3200 setuid. Get configuration for libdefaults ktype_is_etype, and 3201 default_etypes. 3202 3203 * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename 3204 krb5_convert_etype to krb5_decode_keytype, and add 3205 krb5_decode_keyblock. 3206 3207Fri Jan 23 00:32:09 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3208 3209 * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype. 3210 3211 * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts 3212 from protocol keytypes (that really are enctypes) to internal 3213 representation. 3214 3215Thu Jan 22 21:24:36 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3216 3217 * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information 3218 on keys in the database; and also a new `pa-key-info' padata-type. 3219 3220 * kdc/kerberos5.c: If pre-authentication fails, return a list of 3221 keytypes, salttypes, and salts. 3222 3223 * lib/krb5/init_creds_pw.c: Add better support for 3224 pre-authentication, by looking at hints from the KDC. 3225 3226 * lib/krb5/get_in_tkt.c: Add better support for specifying what 3227 pre-authentication to use. 3228 3229 * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and 3230 KEYTYPE_DES_AFS3. 3231 3232 * lib/krb5/krb5.h: Add pre-authentication structures. 3233 3234 * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL. 3235 3236Wed Jan 21 06:20:40 1998 Assar Westerlund <assar@sics.se> 3237 3238 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize 3239 `log_context.socket_name' and `log_context.socket_fd' 3240 3241 * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram 3242 to inform the possible running ipropd of an update. 3243 3244Wed Jan 21 01:34:09 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3245 3246 * lib/krb5/get_in_tkt.c: Return error-packet to caller. 3247 3248 * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error. 3249 3250 * kdc/kerberos5.c: Add some support for using enctypes instead of 3251 keytypes. 3252 3253 * lib/krb5/get_cred.c: Fixes to send authorization-data to the 3254 KDC. 3255 3256 * lib/krb5/build_auth.c: Only generate local subkey if there is 3257 none. 3258 3259 * lib/krb5/krb5.h: Add krb5_authdata type. 3260 3261 * lib/krb5/auth_context.c: Add 3262 krb5_auth_con_set{,localsub,remotesub}key. 3263 3264 * lib/krb5/init_creds_pw.c: Return some error if prompter 3265 functions return failure. 3266 3267Wed Jan 21 01:16:13 1998 Assar Westerlund <assar@sics.se> 3268 3269 * kpasswd/kpasswd.c: detect bad password. use krb5_err. 3270 3271 * kadmin/util.c (edit_entry): remove unused variables 3272 3273Tue Jan 20 22:58:31 1998 Assar Westerlund <assar@sics.se> 3274 3275 * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible. 3276 3277 * lib/kadm5/kadm5_locl.h: add kadm5_log_context and 3278 kadm5_log*-functions 3279 3280 * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to 3281 log 3282 3283 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to 3284 log 3285 3286 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize 3287 log_context 3288 3289 * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to 3290 log 3291 3292 * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to 3293 log 3294 3295 * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to 3296 log 3297 3298 * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to 3299 log 3300 3301 * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log 3302 3303 * lib/kadm5/replay_log.c: new file 3304 3305 * lib/kadm5/dump_log.c: new file 3306 3307 * lib/kadm5/log.c: new file 3308 3309 * lib/krb5/str2key.c (get_str): initialize pad space to zero 3310 3311 * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL 3312 3313 * kpasswd/kpasswdd.c: rewritten to use the kadm5 API 3314 3315 * kpasswd/Makefile.am: link with kadm5srv 3316 3317 * kdc/kerberos5.c (tgs_rep): initialize `i' 3318 3319 * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp 3320 3321 * include/Makefile.am: added admin.h 3322 3323Sun Jan 18 01:41:34 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 3324 3325 * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes. 3326 3327 * lib/krb5/mcache.c (mcc_store_cred): restore linked list if 3328 copy_creds fails. 3329 3330Tue Jan 6 04:17:56 1998 Assar Westerlund <assar@sics.se> 3331 3332 * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp} 3333 3334 * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask. 3335 3336 * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use 3337 krb5_getportbyname 3338 3339 * kadmin/kadmind.c (main): htons correctly. 3340 moved kadm5_server_{recv,send} 3341 3342 * kadmin/kadmin.c (main): only set admin_server if explicitly 3343 given 3344 3345Mon Jan 5 23:34:44 1998 Johan Danielsson <joda@emma.pdc.kth.se> 3346 3347 * lib/hdb/ndbm.c: Implement locking of database. 3348 3349 * kdc/kerberos5.c: Process AuthorizationData. 3350 3351Sat Jan 3 22:07:07 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 3352 3353 * kdc/string2key.c: Use AFS string-to-key from libkrb5. 3354 3355 * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case. 3356 3357 * lib/krb5/krb5.h: Add value for AFS salts. 3358 3359 * lib/krb5/str2key.c: Add support for AFS string-to-key. 3360 3361 * lib/kadm5/rename_s.c: Use correct salt. 3362 3363 * lib/kadm5/ent_setup.c: Always enable client. Only set max-life 3364 and max-renew if != 0. 3365 3366 * lib/krb5/config_file.c: Add context to all krb5_config_*get_*. 3367 3368Thu Dec 25 17:03:25 1997 Assar Westerlund <assar@sics.se> 3369 3370 * kadmin/ank.c (ank): don't zero password if --random-key was 3371 given. 3372 3373Tue Dec 23 01:56:45 1997 Assar Westerlund <assar@sics.se> 3374 3375 * Release 0.0m 3376 3377 * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client' 3378 3379 * kadmin/util.c (edit_time): only set mask if != 0 3380 (edit_attributes): only set mask if != 0 3381 3382 * kadmin/init.c (init): create `default' 3383 3384Sun Dec 21 09:44:05 1997 Assar Westerlund <assar@sics.se> 3385 3386 * kadmin/util.c (str2deltat, str2attr, get_deltat): return value 3387 as pointer and have return value indicate success. 3388 3389 (get_response): check NULL from fgets 3390 3391 (edit_time, edit_attributes): new functions for reading values and 3392 offering list of answers on '?' 3393 3394 (edit_entry): use edit_time and edit_attributes 3395 3396 * kadmin/ank.c (add_new_key): test the return value of 3397 `krb5_parse_name' 3398 3399 * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say 3400 that the checksum has to be keyed, even though later drafts do. 3401 Accept unkeyed checksums to be compatible with MIT. 3402 3403 * kadmin/kadmin_locl.h: add some prototypes. 3404 3405 * kadmin/util.c (edit_entry): return a value 3406 3407 * appl/afsutil/afslog.c (main): return a exit code. 3408 3409 * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes 3410 3411 * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function. 3412 3413 * lib/krb5/build_auth.c (krb5_build_authenticator): use 3414 krb5_{free,copy}_keyblock instead of the _contents versions 3415 3416Fri Dec 12 14:20:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3417 3418 * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey 3419 3420Mon Dec 8 08:48:09 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3421 3422 * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid 3423 3424Sat Dec 6 10:09:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3425 3426 * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL 3427 keyblock 3428 3429Sat Dec 6 08:26:10 1997 Assar Westerlund <assar@sics.se> 3430 3431 * Release 0.0l 3432 3433Thu Dec 4 03:38:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3434 3435 * lib/krb5/send_to_kdc.c: Add TCP client support. 3436 3437 * lib/krb5/store.c: Add k_{put,get}_int. 3438 3439 * kadmin/ank.c: Set initial kvno to 1. 3440 3441 * kdc/connect.c: Send version 5 TCP-reply as length+data. 3442 3443Sat Nov 29 07:10:11 1997 Assar Westerlund <assar@sics.se> 3444 3445 * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug 3446 3447 * kdc/kaserver.c (create_reply_ticket): use a random nonce in the 3448 reply packet. 3449 3450 * kdc/connect.c (init_sockets): less reallocing. 3451 3452 * **/*.c: changed `struct fd_set' to `fd_set' 3453 3454Sat Nov 29 05:12:01 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3455 3456 * lib/krb5/get_default_principal.c: More guessing. 3457 3458Thu Nov 20 02:55:09 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3459 3460 * lib/krb5/rd_req.c: Use principal from ticket if no server is 3461 given. 3462 3463Tue Nov 18 02:58:02 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3464 3465 * kuser/klist.c: Use krb5_err*(). 3466 3467Sun Nov 16 11:57:43 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3468 3469 * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge' 3470 commands. 3471 3472Sun Nov 16 02:52:20 1997 Assar Westerlund <assar@sics.se> 3473 3474 * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct 3475 `enctype' 3476 3477 * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype' 3478 if set. 3479 3480 * lib/krb5/get_cred.c: handle the case of a specific keytype 3481 3482 * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a 3483 parameter instead of guessing it. 3484 3485 * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter 3486 `enctype' 3487 3488 * appl/test/common.c (common_setup): don't use `optarg' 3489 3490 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function 3491 (krb5_kt_get_entry): retrieve the latest version if kvno == 0 3492 3493 * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE 3494 3495 * lib/krb5/creds.c (krb5_compare_creds): check for 3496 KRB5_TC_MATCH_KEYTYPE 3497 3498 * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove 3499 unused variable 3500 3501 * lib/krb5/creds.c (krb5_copy_creds_contents): only free the 3502 contents if we fail. 3503 3504Sun Nov 16 00:32:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3505 3506 * kpasswd/kpasswdd.c: Get password expiration time from config 3507 file. 3508 3509 * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size. 3510 3511Wed Nov 12 02:35:57 1997 Assar Westerlund <assar@sics.se> 3512 3513 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): 3514 restructured and fixed. 3515 3516 * lib/krb5/addr_families.c (krb5_h_addr2addr): new function. 3517 3518Wed Nov 12 01:36:01 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3519 3520 * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other 3521 methods fail. 3522 3523Tue Nov 11 22:22:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3524 3525 * kadmin/kadmin.c: Add `-l' flag to use local database. 3526 3527 * lib/kadm5/acl.c: Use KADM5_PRIV_ALL. 3528 3529 * lib/kadm5: Use function pointer trampoline for easier dual use 3530 (without radiation-hardening capability). 3531 3532Tue Nov 11 05:15:22 1997 Assar Westerlund <assar@sics.se> 3533 3534 * lib/krb5/encrypt.c (krb5_etype_valid): new function 3535 3536 * lib/krb5/creds.c (krb5_copy_creds_contents): zero target 3537 3538 * lib/krb5/context.c (valid_etype): remove 3539 3540 * lib/krb5/checksum.c: remove dead code 3541 3542 * lib/krb5/changepw.c (send_request): free memory on error. 3543 3544 * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value 3545 from malloc. 3546 3547 * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on 3548 failure correctly. 3549 (krb5_auth_con_setaddrs_from_fd): return error correctly. 3550 3551 * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files 3552 3553Tue Nov 11 02:53:19 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3554 3555 * lib/krb5/auth_context.c: Implement auth_con_setuserkey. 3556 3557 * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey. 3558 3559 * lib/krb5/keyblock.c: Rename krb5_free_keyblock to 3560 krb5_free_keyblock_contents, and reimplement krb5_free_keyblock. 3561 3562 * lib/krb5/rd_req.c: Use auth_context->keyblock if 3563 ap_options.use_session_key. 3564 3565Tue Nov 11 02:35:17 1997 Assar Westerlund <assar@sics.se> 3566 3567 * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'. 3568 fix callers. 3569 3570 * lib/krb5/krb5_locl.h: include <asn1.h> and <der.h> 3571 3572 * include/Makefile.am: add xdbm.h 3573 3574Tue Nov 11 01:58:22 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3575 3576 * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc. 3577 3578Mon Nov 10 22:41:53 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3579 3580 * lib/krb5/ticket.c: Implement copy_ticket. 3581 3582 * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible. 3583 3584 * lib/krb5/data.c: Implement free_data and copy_data. 3585 3586Sun Nov 9 02:17:27 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3587 3588 * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals. 3589 3590 * kadmin/kadmin.c: Add get_privileges function. 3591 3592 * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with 3593 specification. 3594 3595 * kdc/connect.c: Exit if no sockets could be bound. 3596 3597 * kadmin/kadmind.c: Check return value from krb5_net_read(). 3598 3599 * lib/kadm5,kadmin: Fix memory leaks. 3600 3601Fri Nov 7 02:45:26 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3602 3603 * lib/kadm5/create_s.c: Get some default values from `default' 3604 principal. 3605 3606 * lib/kadm5/ent_setup.c: Add optional default entry to get some 3607 values from. 3608 3609Thu Nov 6 00:20:41 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3610 3611 * lib/error/compile_et.awk: Remove generated destroy_*_error_table 3612 prototype 3613 3614 * kadmin/kadmind.c: Crude admin server. 3615 3616 * kadmin/kadmin.c: Update to use remote protocol. 3617 3618 * kadmin/get.c: Fix principal formatting. 3619 3620 * lib/kadm5: Add client support. 3621 3622 * lib/kadm5/error.c: Error code mapping. 3623 3624 * lib/kadm5/server.c: Kadmind support function. 3625 3626 * lib/kadm5/marshall.c: Kadm5 marshalling. 3627 3628 * lib/kadm5/acl.c: Simple acl system. 3629 3630 * lib/kadm5/kadm5_locl.h: Add client stuff. 3631 3632 * lib/kadm5/init_s.c: Initialize acl. 3633 3634 * lib/kadm5/*: Return values. 3635 3636 * lib/kadm5/create_s.c: Correct kvno. 3637 3638Wed Nov 5 22:06:50 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3639 3640 * lib/krb5/log.c: Fix parsing of log destinations. 3641 3642Mon Nov 3 20:33:55 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3643 3644 * lib/krb5/principal.c: Reduce number of reallocs in unparse_name. 3645 3646Sat Nov 1 01:40:53 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3647 3648 * kadmin: Simple kadmin utility. 3649 3650 * admin/ktutil.c: Print keytype. 3651 3652 * lib/kadm5/get_s.c: Set correct n_key_data. 3653 3654 * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use 3655 master key. 3656 3657 * lib/kadm5/destroy_s.c: Check for allocated context. 3658 3659 * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys(). 3660 3661Sat Nov 1 00:21:00 1997 Assar Westerlund <assar@sics.se> 3662 3663 * configure.in: test for readv, writev 3664 3665Wed Oct 29 23:41:26 1997 Assar Westerlund <assar@sics.se> 3666 3667 * lib/krb5/warn.c (_warnerr): handle the case of an illegal error 3668 code 3669 3670 * kdc/kerberos5.c (encode_reply): return success 3671 3672Wed Oct 29 18:01:59 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3673 3674 * kdc/kerberos5.c (find_etype) Return correct index of selected 3675 etype. 3676 3677Wed Oct 29 04:07:06 1997 Assar Westerlund <assar@sics.se> 3678 3679 * Release 0.0k 3680 3681 * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG' 3682 environment variable 3683 3684 * *: use the roken_get*-macros from roken.h for the benefit of 3685 Crays. 3686 3687 * configure.in: add --{enable,disable}-otp. check for compatible 3688 prototypes for gethostbyname, gethostbyaddr, getservbyname, and 3689 openlog (they have strange prototypes on Crays) 3690 3691 * acinclude.m4: new macro `AC_PROTO_COMPAT' 3692 3693Tue Oct 28 00:11:22 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3694 3695 * kdc/connect.c: Log bad requests. 3696 3697 * kdc/kerberos5.c: Move stuff that's in common between as_rep and 3698 tgs_rep to separate functions. 3699 3700 * kdc/kerberos5.c: Fix user-to-user authentication. 3701 3702 * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials: 3703 - add a kdc-options argument to krb5_get_credentials, and rename 3704 it to krb5_get_credentials_with_flags 3705 - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options 3706 - add some more user-to-user glue 3707 3708 * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new 3709 function, krb5_decrypt_ticket, so it is easier to decrypt and 3710 check a ticket without having an ap-req. 3711 3712 * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER 3713 flags. 3714 3715 * lib/krb5/crc.c (crc_init_table): Check if table is already 3716 inited. 3717 3718Sun Oct 26 04:51:02 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3719 3720 * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case 3721 indefinite encoding. 3722 3723 * lib/asn1/gen_glue.c (generate_units): Check for empty 3724 member-list. 3725 3726Sat Oct 25 07:24:57 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3727 3728 * lib/error/compile_et.awk: Allow specifying table-base. 3729 3730Tue Oct 21 20:21:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3731 3732 * kdc/kerberos5.c: Check version number of krbtgt. 3733 3734Mon Oct 20 01:14:53 1997 Assar Westerlund <assar@sics.se> 3735 3736 * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the 3737 case of unhidden prompts. 3738 3739 * lib/krb5/str2key.c (string_to_key_internal): return error 3740 instead of aborting. always free memory 3741 3742 * admin/ktutil.c: add `help' command 3743 3744 * admin/kdb_edit.c: implement new commands: add_random_key(ark), 3745 change_password(cpw), change_random_key(crk) 3746 3747Thu Oct 16 05:16:36 1997 Assar Westerlund <assar@sics.se> 3748 3749 * kpasswd/kpasswdd.c: change all the keys in the database 3750 3751 * kdc: removed all unsealing, now done by the hdb layer 3752 3753 * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key' 3754 and `hdb_clear_master_key' 3755 3756 * admin/misc.c: removed 3757 3758Wed Oct 15 22:47:31 1997 Assar Westerlund <assar@sics.se> 3759 3760 * kuser/klist.c: print year as YYYY iff verbose 3761 3762Wed Oct 15 20:02:13 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3763 3764 * kuser/klist.c: print etype from ticket 3765 3766Mon Oct 13 17:18:57 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3767 3768 * Release 0.0j 3769 3770 * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be 3771 used to decrypt the reply from DCE secds. 3772 3773 * lib/krb5/auth_context.c: Add {get,set}enctype. 3774 3775 * lib/krb5/get_cred.c: Fix for DCE secd. 3776 3777 * lib/krb5/store.c: Store keytype twice, as MIT does. 3778 3779 * lib/krb5/get_in_tkt.c: Use etype from reply. 3780 3781Fri Oct 10 00:39:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3782 3783 * kdc/connect.c: check for leading '/' in http request 3784 3785Tue Sep 30 21:50:18 1997 Assar Westerlund <assar@assaris.pdc.kth.se> 3786 3787 * Release 0.0i 3788 3789Mon Sep 29 15:58:43 1997 Assar Westerlund <assar@sics.se> 3790 3791 * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know 3792 the kvno or keytype before receiving the AP-REQ 3793 3794 * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to 3795 use from the keytype. 3796 3797 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what 3798 cksumtype to use from the keytype. 3799 3800 * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use 3801 from the keytype. 3802 3803 * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype 3804 3805 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out 3806 what etype to use from the keytype. 3807 3808 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): 3809 handle other key types than DES 3810 3811 * lib/krb5/encrypt.c (key_type): add `best_cksumtype' 3812 (krb5_keytype_to_cksumtype): new function 3813 3814 * lib/krb5/build_auth.c (krb5_build_authenticator): figure out 3815 what etype to use from the keytype. 3816 3817 * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype' 3818 and `enctype' to 0 3819 3820 * admin/extkeytab.c (ext_keytab): extract all keys 3821 3822 * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge 3823 3824 * configure.in: check for <netinet6/in6.h>. check for -linet6 3825 3826Tue Sep 23 03:00:53 1997 Assar Westerlund <assar@sics.se> 3827 3828 * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1 3829 3830 * lib/krb5/rd_safe.c: fix check for keyed and collision-proof 3831 checksum 3832 3833 * lib/krb5/context.c (valid_etype): remove hard-coded constants 3834 (default_etypes): include DES3 3835 3836 * kdc/kerberos5.c: fix check for keyed and collision-proof 3837 checksum 3838 3839 * admin/util.c (init_des_key, set_password): DES3 keys also 3840 3841 * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means 3842 no contact? 3843 3844 * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr' 3845 3846Mon Sep 22 11:44:27 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3847 3848 * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by 3849 the client is used to select wich key to encrypt the kdc rep with 3850 (in case of as-req), and with the server info to select the 3851 session key type. The server key the ticket is encrypted is based 3852 purely on the keys in the database. 3853 3854 * kdc/string2key.c: Add keytype support. Default to version 5 3855 keys. 3856 3857 * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse. 3858 3859 * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add 3860 many *_to_* functions. 3861 3862 * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument 3863 to krb5_string_to_key(). 3864 3865 * lib/krb5/checksum.c: Some cleanup, and added: 3866 - rsa-md5-des3 3867 - hmac-sha1-des3 3868 - keyed and collision proof flags to each checksum method 3869 - checksum<->string functions. 3870 3871 * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock. 3872 3873Sun Sep 21 15:19:23 1997 Assar Westerlund <assar@sics.se> 3874 3875 * kdc/connect.c: use new addr_families functions 3876 3877 * kpasswd/kpasswdd.c: use new addr_families functions. Now works 3878 over IPv6 3879 3880 * kuser/klist.c: use correct symbols for address families 3881 3882 * lib/krb5/sock_principal.c: use new addr_families functions 3883 3884 * lib/krb5/send_to_kdc.c: use new addr_families functions 3885 3886 * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6 3887 3888 * lib/krb5/get_addrs.c: use new addr_families functions 3889 3890 * lib/krb5/changepw.c: use new addr_families functions. Now works 3891 over IPv6 3892 3893 * lib/krb5/auth_context.c: use new addr_families functions 3894 3895 * lib/krb5/addr_families.c: new file 3896 3897 * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated 3898 uses. 3899 3900 * acinclude.m4: new macro `AC_KRB_IPV6'. Use it. 3901 3902Sat Sep 13 23:04:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3903 3904 * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable 3905 principals. 3906 3907Sat Sep 13 00:59:36 1997 Assar Westerlund <assar@sics.se> 3908 3909 * Release 0.0h 3910 3911 * appl/telnet/telnet/commands.c: AF_INET6 support 3912 3913 * admin/misc.c: new file 3914 3915 * lib/krb5/context.c: new configuration variable `max_retries' 3916 3917 * lib/krb5/get_addrs.c: fixes and better #ifdef's 3918 3919 * lib/krb5/config_file.c: implement krb5_config_get_int 3920 3921 * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c: 3922 AF_INET6 support 3923 3924 * kuser/klist.c: support for printing IPv6-addresses 3925 3926 * kdc/connect.c: support AF_INET6 3927 3928 * configure.in: test for gethostbyname2 and struct sockaddr_in6 3929 3930Thu Sep 11 07:25:28 1997 Assar Westerlund <assar@sics.se> 3931 3932 * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF 3933 PA-DATA' 3934 3935Wed Sep 10 21:20:17 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3936 3937 * kdc/kerberos5.c: Fixes for cross-realm, including (but not 3938 limited to): 3939 - allow client to be non-existant (should probably check for 3940 "local realm") 3941 - if server isn't found and it is a request for a krbtgt, try to 3942 find a realm on the way to the requested realm 3943 - update the transited encoding iff 3944 client-realm != server-realm != tgt-realm 3945 3946 * lib/krb5/get_cred.c: Several fixes for cross-realm. 3947 3948Tue Sep 9 15:59:20 1997 Johan Danielsson <joda@emma.pdc.kth.se> 3949 3950 * kdc/string2key.c: Fix password handling. 3951 3952 * lib/krb5/encrypt.c: krb5_key_to_string 3953 3954Tue Sep 9 07:46:05 1997 Assar Westerlund <assar@sics.se> 3955 3956 * lib/krb5/get_addrs.c: rewrote. Now should be able to handle 3957 aliases and IPv6 addresses 3958 3959 * kuser/klist.c: try printing IPv6 addresses 3960 3961 * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192 3962 3963 * configure.in: check for <netinet/in6_var.h> 3964 3965Mon Sep 8 02:57:14 1997 Assar Westerlund <assar@sics.se> 3966 3967 * doc: fixes 3968 3969 * admin/util.c (init_des_key): increase kvno 3970 (set_password): return -1 if `des_read_pw_string' failed 3971 3972 * admin/mod.c (doit2): check the return value from `set_password' 3973 3974 * admin/ank.c (doit): don't add a new entry if `set_password' 3975 failed 3976 3977Mon Sep 8 02:20:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3978 3979 * lib/krb5/verify_init.c: fix ap_req_nofail semantics 3980 3981 * lib/krb5/transited.c: something that might resemble 3982 domain-x500-compress 3983 3984Mon Sep 8 01:24:42 1997 Assar Westerlund <assar@sics.se> 3985 3986 * kdc/hpropd.c (main): check number of arguments 3987 3988 * appl/popper/pop_init.c (pop_init): check number of arguments 3989 3990 * kpasswd/kpasswd.c (main): check number of arguments 3991 3992 * kdc/string2key.c (main): check number of arguments 3993 3994 * kuser/kdestroy.c (main): check number of arguments 3995 3996 * kuser/kinit.c (main): check number of arguments 3997 3998 * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to 3999 break out of select when a signal arrives 4000 4001 * kdc/main.c (main): use sigaction without SA_RESTART to break out 4002 of select when a signal arrives 4003 4004 * kdc/kstash.c: default to HDB_DB_DIR "/m-key" 4005 4006 * kdc/config.c (configure): add `--version'. Check the number of 4007 arguments. Handle the case of there being no specification of port 4008 numbers. 4009 4010 * admin/util.c: seal and unseal key at appropriate places 4011 4012 * admin/kdb_edit.c (main): parse arguments, config file and read 4013 master key iff there's one. 4014 4015 * admin/extkeytab.c (ext_keytab): unseal key while extracting 4016 4017Sun Sep 7 20:41:01 1997 Assar Westerlund <assar@sics.se> 4018 4019 * lib/roken/roken.h: include <fcntl.h> 4020 4021 * kdc/kerberos5.c (set_salt_padata): new function 4022 4023 * appl/telnet/telnetd/telnetd.c: Rename some variables that 4024 conflict with cpp symbols on HP-UX 10.20 4025 4026 * change all calls of `gethostbyaddr' to cast argument 1 to `const 4027 char *' 4028 4029 * acconfig.h: only use SGTTY on nextstep 4030 4031Sun Sep 7 14:33:50 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4032 4033 * kdc/kerberos5.c: Check invalid flag. 4034 4035Fri Sep 5 14:19:38 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4036 4037 * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds. 4038 4039 * lib/kafs: Move functions common to krb/krb5 modules to new file, 4040 and make things more modular. 4041 4042 * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST 4043 -> krb5_config_list 4044 4045Thu Sep 4 23:39:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4046 4047 * lib/krb5/get_addrs.c: Fix loopback test. 4048 4049Thu Sep 4 04:45:49 1997 Assar Westerlund <assar@sics.se> 4050 4051 * lib/roken/roken.h: fallback definition of `O_ACCMODE' 4052 4053 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when 4054 checking for a v4 reply 4055 4056Wed Sep 3 18:20:14 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4057 4058 * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags. 4059 4060 * lib/hdb/hdb.c: new {seal,unseal}_keys functions 4061 4062 * kdc/{hprop,hpropd}.c: Add support to dump database to stdout. 4063 4064 * kdc/hprop.c: Don't use same master key as version 4. 4065 4066 * admin/util.c: Don't dump core if no `default' is found. 4067 4068Wed Sep 3 16:01:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4069 4070 * kdc/connect.c: Allow run time port specification. 4071 4072 * kdc/config.c: Add flags for http support, and port 4073 specifications. 4074 4075Tue Sep 2 02:00:03 1997 Assar Westerlund <assar@sics.se> 4076 4077 * include/bits.c: Don't generate ifndef's in bits.h. Instead, use 4078 them when building the program. This makes it possible to include 4079 bits.h without having defined all HAVE_INT17_T symbols. 4080 4081 * configure.in: test for sigaction 4082 4083 * doc: updated documentation. 4084 4085Tue Sep 2 00:20:31 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4086 4087 * Release 0.0g 4088 4089Mon Sep 1 17:42:14 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4090 4091 * lib/krb5/data.c: don't return ENOMEM if len == 0 4092 4093Sun Aug 31 17:15:49 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4094 4095 * lib/hdb/hdb.asn1: Include salt type in salt. 4096 4097 * kdc/hprop.h: Change port to 754. 4098 4099 * kdc/hpropd.c: Verify who tries to transmit a database. 4100 4101 * appl/popper: Use getarg and krb5_log. 4102 4103 * lib/krb5/get_port.c: Add context parameter. Now takes port in 4104 host byte order. 4105 4106Sat Aug 30 18:48:19 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4107 4108 * kdc/connect.c: Add timeout to select, and log about expired tcp 4109 connections. 4110 4111 * kdc/config.c: Add `database' option. 4112 4113 * kdc/hpropd.c: Log about duplicate entries. 4114 4115 * lib/hdb/{db,ndbm}.c: Use common routines. 4116 4117 * lib/hdb/common.c: Implement more generic fetch/store/delete 4118 functions. 4119 4120 * lib/hdb/hdb.h: Add `replace' parameter to store. 4121 4122 * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor 4123 entries. 4124 4125Fri Aug 29 03:13:23 1997 Assar Westerlund <assar@sics.se> 4126 4127 * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket 4128 4129 * aux/make-proto.pl: fix __P for stone age mode 4130 4131Fri Aug 29 02:45:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4132 4133 * lib/45/mk_req.c: implementation of krb_mk_req that uses 524 4134 protocol 4135 4136 * lib/krb5/init_creds_pw.c: make change_password and 4137 get_init_creds_common static 4138 4139 * lib/krb5/krb5.h: Merge stuff from removed headerfiles. 4140 4141 * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops 4142 4143 * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops 4144 4145Fri Aug 29 01:45:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4146 4147 * lib/krb5/krb5.h: Remove all prototypes. 4148 4149 * lib/krb5/convert_creds.c: Use `struct credentials' instead of 4150 `CREDENTIALS'. 4151 4152Fri Aug 29 00:08:18 1997 Assar Westerlund <assar@sics.se> 4153 4154 * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions 4155 and units for bit strings. 4156 4157 * admin/util.c: flags2int, int2flags, and flag_units are now 4158 generated by asn1_compile 4159 4160 * lib/roken/parse_units.c: generalised `parse_units' and 4161 `unparse_units' and added new functions `parse_flags' and 4162 `unparse_flags' that use these 4163 4164 * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h 4165 4166 * admin/util.c: Use {un,}parse_flags for printing and parsing 4167 hdbflags. 4168 4169Thu Aug 28 03:26:12 1997 Assar Westerlund <assar@sics.se> 4170 4171 * lib/krb5/get_addrs.c: restructured 4172 4173 * lib/krb5/warn.c (_warnerr): leak less memory 4174 4175 * lib/hdb/hdb.c (hdb_free_entry): zero keys 4176 (hdb_check_db_format): leak less memory 4177 4178 * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement 4179 NDBM__get, NDBM__put 4180 4181 * lib/hdb/db.c (DB_seq): check for valid hdb_entries 4182 4183Thu Aug 28 02:06:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4184 4185 * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets. 4186 4187Thu Aug 28 01:13:17 1997 Assar Westerlund <assar@sics.se> 4188 4189 * kuser/kinit.1, klist.1, kdestroy.1: new man pages 4190 4191 * kpasswd/kpasswd.1, kpasswdd.8: new man pages 4192 4193 * kdc/kstash.8, hprop.8, hpropd.8: new man pages 4194 4195 * admin/ktutil.8, admin/kdb_edit.8: new man pages 4196 4197 * admin/mod.c: new file 4198 4199 * admin/life.c: renamed gettime and puttime to getlife and putlife 4200 and moved them to life.c 4201 4202 * admin/util.c: add print_flags, parse_flags, init_entry, 4203 set_created_by, set_modified_by, edit_entry, set_password. Use 4204 them. 4205 4206 * admin/get.c: use print_flags 4207 4208 * admin: removed unused stuff. use krb5_{warn,err}* 4209 4210 * admin/ank.c: re-organized and abstracted. 4211 4212 * admin/gettime.c: removed 4213 4214Thu Aug 28 00:37:39 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4215 4216 * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply. 4217 4218 * lib/roken/base64.c: Add base64 functions. 4219 4220 * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support. 4221 4222Wed Aug 27 00:29:20 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4223 4224 * include/Makefile.am: Don't make links to built files. 4225 4226 * admin/kdb_edit.c: Add command to set the database path. 4227 4228 * lib/hdb: Include version number in database. 4229 4230Tue Aug 26 20:14:54 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4231 4232 * admin/ktutil: Merged v4 srvtab conversion. 4233 4234Mon Aug 25 23:02:18 1997 Assar Westerlund <assar@sics.se> 4235 4236 * lib/roken/roken.h: add F_OK 4237 4238 * lib/gssapi/acquire_creds.c: fix typo 4239 4240 * configure.in: call AC_TYPE_MODE_T 4241 4242 * acinclude.m4: Add AC_TYPE_MODE_T 4243 4244Sun Aug 24 16:46:53 1997 Assar Westerlund <assar@sics.se> 4245 4246 * Release 0.0f 4247 4248Sun Aug 24 08:06:54 1997 Assar Westerlund <assar@sics.se> 4249 4250 * appl/popper/pop_pass.c: log poppers 4251 4252 * kdc/kaserver.c: some more checks 4253 4254 * kpasswd/kpasswd.c: removed `-p' 4255 4256 * kuser/kinit.c: removed `-p' 4257 4258 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If 4259 KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again. 4260 4261 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out 4262 krb-error text 4263 4264 * lib/gssapi/import_name.c (input_name): more names types. 4265 4266 * admin/load.c (parse_keys): handle the case of an empty salt 4267 4268 * kdc/kaserver.c: fix up memory deallocation 4269 4270 * kdc/kaserver.c: quick hack at talking kaserver protocol 4271 4272 * kdc/kerberos4.c: Make `db-fetch4' global 4273 4274 * configure.in: add --enable-kaserver 4275 4276 * kdc/rx.h, kdc/kerberos4.h: new header files 4277 4278 * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o 4279 4280Sun Aug 24 03:52:44 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4281 4282 * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific 4283 type conflicts. 4284 4285 * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits. 4286 4287 * lib/des/{md4,md5,sha}.c: Now works on Crays. 4288 4289Sat Aug 23 18:15:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4290 4291 * appl/afsutil/afslog.c: If no cells or files specified, get 4292 tokens for all local cells. Better test for files. 4293 4294Thu Aug 21 23:33:38 1997 Assar Westerlund <assar@sics.se> 4295 4296 * lib/gssapi/v1.c: new file with v1 compatibility functions. 4297 4298Thu Aug 21 20:36:13 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4299 4300 * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket. 4301 4302 * kdc/kerberos4.c: Check database when converting v4 principals. 4303 4304 * kdc/kerberos5.c: Include kvno in Ticket. 4305 4306 * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData. 4307 4308 * kuser/klist.c: Print version number of ticket, include more 4309 flags. 4310 4311Wed Aug 20 21:26:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4312 4313 * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for 4314 expiration. 4315 4316Wed Aug 20 17:40:31 1997 Assar Westerlund <assar@sics.se> 4317 4318 * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff 4319 there's an error. 4320 4321 * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol 4322 documentation and process KRB-ERROR's 4323 4324Tue Aug 19 20:41:30 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4325 4326 * kdc/kerberos4.c: Fix memory leak in v4 protocol handler. 4327 4328Mon Aug 18 05:15:09 1997 Assar Westerlund <assar@sics.se> 4329 4330 * lib/gssapi/accept_sec_context.c: Added 4331 `gsskrb5_register_acceptor_identity' 4332 4333Sun Aug 17 01:40:20 1997 Assar Westerlund <assar@sics.se> 4334 4335 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't 4336 always pass server == NULL to krb5_rd_req. 4337 4338 * lib/gssapi: new files: canonicalize_name.c export_name.c 4339 context_time.c compare_name.c release_cred.c acquire_cred.c 4340 inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au> 4341 4342 * lib/krb5/config_file.c: Add netinfo support from Luke Howard 4343 <lukeh@xedoc.com.au> 4344 4345 * lib/editline/sysunix.c: sgtty-support from Luke Howard 4346 <lukeh@xedoc.com.au> 4347 4348 * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke 4349 Howard <lukeh@xedoc.com.au> 4350 4351Sat Aug 16 00:44:47 1997 Assar Westerlund <assar@koi.pdc.kth.se> 4352 4353 * Release 0.0e 4354 4355Sat Aug 16 00:23:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4356 4357 * appl/afsutil/afslog.c: Use new libkafs. 4358 4359 * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol. 4360 4361 * lib/krb5/warn.c: Fix format string for *x type. 4362 4363Fri Aug 15 22:15:01 1997 Assar Westerlund <assar@sics.se> 4364 4365 * admin/get.c (get_entry): print more information about the entry 4366 4367 * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed 4368 4369 * lib/krb5/config_file.c: new functions `krb5_config_get_time' and 4370 `krb5_config_vget_time'. Use them. 4371 4372Fri Aug 15 00:09:37 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4373 4374 * admin/ktutil.c: Keytab manipulation program. 4375 4376 * lib/krb5/keytab.c: Return sane values from resolve and 4377 start_seq_get. 4378 4379 * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'. 4380 4381 * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using 4382 krb524_convert_creds_kdc. 4383 4384 * lib/krb5/convert_creds.c: Implementation of 4385 krb524_convert_creds_kdc. 4386 4387 * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL 4388 4389 * kdc/524.c: A somewhat working 524-protocol module. 4390 4391 * kdc/kerberos4.c: Add version 4 ticket encoding and encryption 4392 functions. 4393 4394 * lib/krb5/context.c: Fix kdc_timeout. 4395 4396 * lib/hdb/{ndbm,db}.c: Free name in close. 4397 4398 * kdc/kerberos5.c (tgs_check_autenticator): Return error code 4399 4400Thu Aug 14 21:29:03 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4401 4402 * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply. 4403 4404 * lib/krb5/store_emem.c: Fix reallocation bug. 4405 4406Tue Aug 12 01:29:46 1997 Assar Westerlund <assar@sics.se> 4407 4408 * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use 4409 `krb5_sock_to_principal'. Send server parameter to 4410 krb5_rd_req/krb5_recvauth. Set addresses in auth_context. 4411 4412 * lib/krb5/recvauth.c: Set addresses in auth_context if there 4413 aren't any 4414 4415 * lib/krb5/auth_context.c: New function 4416 `krb5_auth_con_setaddrs_from_fd' 4417 4418 * lib/krb5/sock_principal.c: new function 4419 `krb5_sock_to_principal' 4420 4421 * lib/krb5/time.c: new file with `krb5_timeofday' and 4422 `krb5_us_timeofday'. Use these functions. 4423 4424 * kuser/klist.c: print KDC offset iff verbose 4425 4426 * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if 4427 [libdefaults]kdc_timesync is set. 4428 4429 * lib/krb5/fcache.c: Implement version 4 of the ccache format. 4430 4431Mon Aug 11 05:34:43 1997 Assar Westerlund <assar@sics.se> 4432 4433 * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory 4434 4435 * lib/krb5/principal.c (krb5_unparse_name): allocate memory 4436 properly 4437 4438 * kpasswd/kpasswd.c: Use `krb5_change_password' 4439 4440 * lib/krb5/init_creds_pw.c (init_cred): set realm of server 4441 correctly. 4442 4443 * lib/krb5/init_creds_pw.c: support changing of password when it 4444 has expired 4445 4446 * lib/krb5/changepw.c: new file 4447 4448 * kuser/klist.c: use getarg 4449 4450 * admin/init.c (init): add `kadmin/changepw' 4451 4452Mon Aug 11 04:30:47 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4453 4454 * lib/krb5/get_cred.c: Make get_credentials handle cross-realm. 4455 4456Mon Aug 11 00:03:24 1997 Assar Westerlund <assar@sics.se> 4457 4458 * lib/krb5/config_file.c: implement support for #-comments 4459 4460Sat Aug 9 02:21:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4461 4462 * kdc/hprop*.c: Add database propagation programs. 4463 4464 * kdc/connect.c: Max request size. 4465 4466Sat Aug 9 00:47:28 1997 Assar Westerlund <assar@sics.se> 4467 4468 * lib/otp: resurrected from krb4 4469 4470 * appl/push: new program for fetching mail with POP. 4471 4472 * appl/popper/popper.h: new include files. new fields in `POP' 4473 4474 * appl/popper/pop_pass.c: Implement both v4 and v5. 4475 4476 * appl/popper/pop_init.c: Implement both v4 and v5. 4477 4478 * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5 4479 4480 * appl/popper: Popper from krb4. 4481 4482 * configure.in: check for inline and <netinet/tcp.h> generate 4483 files in appl/popper, appl/push, and lib/otp 4484 4485Fri Aug 8 05:51:02 1997 Assar Westerlund <assar@sics.se> 4486 4487 * lib/krb5/get_cred.c: clean-up and try to free memory even when 4488 there're errors 4489 4490 * lib/krb5/get_cred.c: adapt to new `extract_ticket' 4491 4492 * lib/krb5/get_in_tkt.c: reorganize. check everything and try to 4493 return memory even if there are errors. 4494 4495 * kuser/kverify.c: new file 4496 4497 * lib/krb5/free_host_realm.c: new file 4498 4499 * lib/krb5/principal.c (krb5_sname_to_principal): implement 4500 different nametypes. Also free memory. 4501 4502 * lib/krb5/verify_init.c: more functionality 4503 4504 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum 4505 4506 * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the 4507 principals in creds. Should also compare them with that received 4508 from the KDC 4509 4510 * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated 4511 krb5_ccache 4512 (krb5_cc_destroy): call krb5_cc_close 4513 (krb5_cc_retrieve_cred): delete the unused creds 4514 4515Fri Aug 8 02:30:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4516 4517 * lib/krb5/log.c: Allow better control of destinations of logging 4518 (like passing explicit destinations, and log-functions). 4519 4520Fri Aug 8 01:20:39 1997 Assar Westerlund <assar@sics.se> 4521 4522 * lib/krb5/get_default_principal.c: new file 4523 4524 * kpasswd/kpasswdd.c: use krb5_log* 4525 4526Fri Aug 8 00:37:47 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4527 4528 * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab. 4529 4530Fri Aug 8 00:37:17 1997 Assar Westerlund <assar@sics.se> 4531 4532 * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'. 4533 Print password expire information. 4534 4535 * kdc/config.c: new variable `kdc_warn_pwexpire' 4536 4537 * kpasswd/kpasswd.c: converted to getarg and get_init_creds 4538 4539Thu Aug 7 22:17:09 1997 Assar Westerlund <assar@sics.se> 4540 4541 * lib/krb5/mcache.c: new file 4542 4543 * admin/gettime.c: new function puttime. Use it. 4544 4545 * lib/krb5/keyblock.c: Added krb5_free_keyblock and 4546 krb5_copy_keyblock 4547 4548 * lib/krb5/init_creds_pw.c: more functionality 4549 4550 * lib/krb5/creds.c: Added krb5_free_creds_contents and 4551 krb5_copy_creds. Changed callers. 4552 4553 * lib/krb5/config_file.c: new functions krb5_config_get and 4554 krb5_config_vget 4555 4556 * lib/krb5/cache.c: cleanup added mcache 4557 4558 * kdc/kerberos5.c: include last-req's of type 6 and 7, if 4559 applicable 4560 4561Wed Aug 6 20:38:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4562 4563 * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'. 4564 4565Tue Aug 5 22:53:54 1997 Assar Westerlund <assar@sics.se> 4566 4567 * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c, 4568 prompter_posix.c: the beginning of an implementation of the cygnus 4569 initial-ticket API. 4570 4571 * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global 4572 4573 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is 4574 almost krb5_get_in_tkt but doesn't write the creds to the ccache. 4575 Small fixes in krb5_get_in_tkt 4576 4577 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include 4578 loopback. 4579 4580Mon Aug 4 20:20:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4581 4582 * kdc: Make context global. 4583 4584Fri Aug 1 17:23:56 1997 Assar Westerlund <assar@sics.se> 4585 4586 * Release 0.0d 4587 4588 * lib/roken/flock.c: new file 4589 4590 * kuser/kinit.c: check for and print expiry information in the 4591 `kdc_rep' 4592 4593 * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL 4594 4595 * kdc/kerberos5.c: Check the valid times on client and server. 4596 Check the password expiration. 4597 Check the require_preauth flag. 4598 Send an lr_type == 6 with pw_end. 4599 Set key.expiration to min(valid_end, pw_end) 4600 4601 * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw' 4602 4603 * admin/util.c, admin/load.c: handle the new flags. 4604 4605Fri Aug 1 16:56:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4606 4607 * lib/hdb: Add some simple locking. 4608 4609Sun Jul 27 04:44:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4610 4611 * lib/krb5/log.c: Add some general logging functions. 4612 4613 * kdc/kerberos4.c: Add version 4 protocol handler. The requrement 4614 for this to work is that all involved principals has a des key in 4615 the database, and that the client has a version 4 (un-)salted 4616 key. Furthermore krb5_425_conv_principal has to do it's job, as 4617 present it's not very clever. 4618 4619 * lib/krb5/principal.c: Quick patch to make 425_conv work 4620 somewhat. 4621 4622 * lib/hdb/hdb.c: Add keytype->key and next key functions. 4623 4624Fri Jul 25 17:32:12 1997 Assar Westerlund <assar@sics.se> 4625 4626 * lib/krb5/build_auth.c (krb5_build_authenticator): don't free 4627 `cksum'. It's allocated and freed by the caller 4628 4629 * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'. 4630 4631 * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined 4632 `client' to return as part of the KRB-ERROR 4633 4634Thu Jul 24 08:13:59 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4635 4636 * kdc/kerberos5.c: Unseal keys from database before use. 4637 4638 * kdc/misc.c: New functions set_master_key, unseal_key and 4639 free_key. 4640 4641 * lib/roken/getarg.c: Handle `-f arg' correctly. 4642 4643Thu Jul 24 01:54:43 1997 Assar Westerlund <assar@sics.se> 4644 4645 * kuser/kinit.c: implement `-l' aka `--lifetime' 4646 4647 * lib/roken/parse_units.c, parse_time.c: new files 4648 4649 * admin/gettime.c (gettime): use `parse_time' 4650 4651 * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending 4652 KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA. 4653 4654 * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set 4655 addresses in auth_context bind one socket per interface. 4656 4657 * kpasswd/kpasswd.c: use sequence numbers 4658 4659 * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying 4660 the timestamps 4661 4662 * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key 4663 from auth_context 4664 4665 * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key 4666 from auth_context 4667 4668 * lib/krb5/mk_error.c (krb5_mk_error): return an error number and 4669 not a comerr'd number. 4670 4671 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error 4672 number in KRB-ERROR correctly. 4673 4674 * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error 4675 number in KRB-ERROR correctly. 4676 4677 * lib/asn1/k5.asn1: Add `METHOD-DATA' 4678 4679 * removed some memory leaks. 4680 4681Wed Jul 23 07:53:18 1997 Assar Westerlund <assar@sics.se> 4682 4683 * Release 0.0c 4684 4685 * lib/krb5/rd_cred.c, get_for_creds.c: new files 4686 4687 * lib/krb5/get_host_realm.c: try default realm as last chance 4688 4689 * kpasswd/kpasswdd.c: updated to hdb changes 4690 4691 * appl/telnet/libtelnet/kerberos5.c: Implement forwarding 4692 4693 * appl/telnet/libtelnet: removed totally unused files 4694 4695 * admin/ank.c: fix prompts and generation of random keys 4696 4697Wed Jul 23 04:02:32 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4698 4699 * admin/dump.c: Include salt in dump. 4700 4701 * admin: Mostly updated for new db-format. 4702 4703 * kdc/kerberos5.c: Update to use new db format. Better checking of 4704 flags and such. More logging. 4705 4706 * lib/hdb/hdb.c: Use generated encode and decode functions. 4707 4708 * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code. 4709 4710 * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none 4711 in the reply. 4712 4713Sun Jul 20 16:22:30 1997 Assar Westerlund <assar@sics.se> 4714 4715 * kuser/kinit.c: break if des_read_pw_string() != 0 4716 4717 * kpasswd/kpasswdd.c: send a reply 4718 4719 * kpasswd/kpasswd.c: restructured code. better report on 4720 krb-error break if des_read_pw_string() != 0 4721 4722 * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for 4723 starttime and renew_till 4724 4725 * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a 4726 keyblock to krb5_verify_chekcsum 4727 4728Sun Jul 20 06:35:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4729 4730 * Release 0.0b 4731 4732 * kpasswd/kpasswd.c: Avoid using non-standard struct names. 4733 4734Sat Jul 19 19:26:23 1997 Assar Westerlund <assar@sics.se> 4735 4736 * lib/krb5/keytab.c (krb5_kt_get_entry): check return from 4737 `krb5_kt_start_seq_get'. From <map@stacken.kth.se> 4738 4739Sat Jul 19 04:07:39 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4740 4741 * lib/asn1/k5.asn1: Update with more pa-data types from 4742 draft-ietf-cat-kerberos-revisions-00.txt 4743 4744 * admin/load.c: Update to match current db-format. 4745 4746 * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving 4747 up. Send back an empty pa-data if the client has the v4 flag set. 4748 4749 * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted 4750 pa-data. DTRT if there is any pa-data in the reply. 4751 4752 * lib/krb5/str2key.c: XOR with some sane value. 4753 4754 * lib/hdb/hdb.h: Add `version 4 salted key' flag. 4755 4756 * kuser/kinit.c: Ask for password before calling get_in_tkt. This 4757 makes it possible to call key_proc more than once. 4758 4759 * kdc/string2key.c: Add flags to output version 5 (DES only), 4760 version 4, and AFS string-to-key of a password. 4761 4762 * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or 4763 ENOMEM). 4764 4765Fri Jul 18 02:54:58 1997 Assar Westerlund <assar@sics.se> 4766 4767 * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the 4768 name2name thing 4769 4770 * kdc/misc.c: check result of hdb_open 4771 4772 * admin/kdb_edit: updated to new sl 4773 4774 * lib/sl: sl_func now returns an int. != 0 means to exit. 4775 4776 * kpasswd/kpasswdd: A crude (but somewhat working) implementation 4777 of `draft-ietf-cat-kerb-chg-password-00.txt' 4778 4779Fri Jul 18 00:55:39 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4780 4781 * kuser/krenew.c: Crude ticket renewing program. 4782 4783 * kdc/kerberos5.c: Rewritten flags parsing, it now might work to 4784 get forwarded and renewed tickets. 4785 4786 * kuser/kinit.c: Add `-r' flag. 4787 4788 * lib/krb5/get_cred.c: Move most of contents of get_creds to new 4789 function get_kdc_cred, that always contacts the kdc and doesn't 4790 save in the cache. This is a hack. 4791 4792 * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request 4793 (a bit kludgy). 4794 4795 * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in. 4796 4797 * lib/krb5/send_to_kdc.c: Get timeout from context. 4798 4799 * lib/krb5/context.c: Add kdc_timeout to context struct. 4800 4801Thu Jul 17 20:35:45 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4802 4803 * kuser/klist.c: Print start time of ticket if available. 4804 4805 * lib/krb5/get_host_realm.c: Return error if no realm was found. 4806 4807Thu Jul 17 20:28:21 1997 Assar Westerlund <assar@sics.se> 4808 4809 * kpasswd: non-working kpasswd added 4810 4811Thu Jul 17 00:21:22 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4812 4813 * Release 0.0a 4814 4815 * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement. 4816 4817Wed Jul 16 03:37:41 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4818 4819 * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req. 4820 4821 * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote 4822 subkey. 4823 4824 * lib/krb5/principal.c (krb5_free_principal): Check for NULL. 4825 4826 * lib/krb5/send_to_kdc.c: Check for NULL return from 4827 gethostbyname. 4828 4829 * lib/krb5/set_default_realm.c: Try to get realm of local host if 4830 no default realm is available. 4831 4832 * Remove non ASN.1 principal code. 4833 4834Wed Jul 16 03:17:30 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4835 4836 * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better 4837 error handing. Do some logging. 4838 4839 * kdc/log.c: Some simple logging facilities. 4840 4841 * kdc/misc.c (db_fetch): Take a krb5_principal. 4842 4843 * kdc/connect.c: Pass address of request to as_rep and 4844 tgs_rep. Send KRB-ERROR. 4845 4846 * lib/krb5/mk_error.c: Add more fields. 4847 4848 * lib/krb5/get_cred.c: Print normal error code if no e_text is 4849 available. 4850 4851Wed Jul 16 03:07:50 1997 Assar Westerlund <assar@sics.se> 4852 4853 * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'. 4854 Change encryption type of pa_enc_timestamp to DES-CBC-MD5 4855 4856 * lib/krb5/context.c: recognize all encryption types actually 4857 implemented 4858 4859 * lib/krb5/auth_context.c (krb5_auth_con_init): Change default 4860 encryption type to `DES_CBC_MD5' 4861 4862 * lib/krb5/read_message.c, write_message.c: new files 4863 4864Tue Jul 15 17:14:21 1997 Assar Westerlund <assar@sics.se> 4865 4866 * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'. 4867 4868 * lib/error/compile_et.awk: generate a prototype for the 4869 `destroy_foo_error_table' function. 4870 4871Mon Jul 14 12:24:40 1997 Assar Westerlund <assar@sics.se> 4872 4873 * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also 4874 with `kerberos.REALM' 4875 4876 * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use 4877 `max_skew' 4878 4879 * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator 4880 subkey 4881 4882 * lib/krb5/build_auth.c (krb5_build_authenticator): always 4883 generate a subkey. 4884 4885 * lib/krb5/address.c: implement `krb5_address_order' 4886 4887 * lib/gssapi/import_name.c: Implement `gss_import_name' 4888 4889 * lib/gssapi/external.c: Use new OID 4890 4891 * lib/gssapi/encapsulate.c: New functions 4892 `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed 4893 callers. 4894 4895 * lib/gssapi/decapsulate.c: New function 4896 `gssaspi_krb5_verify_header'. Changed callers. 4897 4898 * lib/asn1/gen*.c: Give tags to generated structs. 4899 Use `err' and `asprintf' 4900 4901 * appl/test/gss_common.c: new file 4902 4903 * appl/test/gssapi_server.c: removed all krb5 calls 4904 4905 * appl/telnet/libtelnet/kerberos5.c: Add support for genering and 4906 verifying checksums. Also start using session subkeys. 4907 4908Mon Jul 14 12:08:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4909 4910 * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up. 4911 4912Sun Jul 13 03:07:44 1997 Assar Westerlund <assar@sics.se> 4913 4914 * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT 4915 4916 * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and 4917 `DES_encrypt_key_ivec' 4918 4919 * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des 4920 4921 * kdc/kerberos5.c (tgs_rep): support keyed checksums 4922 4923 * lib/krb5/creds.c: new file 4924 4925 * lib/krb5/get_in_tkt.c: better freeing 4926 4927 * lib/krb5/context.c (krb5_free_context): more freeing 4928 4929 * lib/krb5/config_file.c: New function `krb5_config_file_free' 4930 4931 * lib/error/compile_et.awk: Generate a `destroy_' function. 4932 4933 * kuser/kinit.c, klist.c: Don't leak memory. 4934 4935Sun Jul 13 02:46:27 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4936 4937 * kdc/connect.c: Check filedescriptor in select. 4938 4939 * kdc/kerberos5.c: Remove most of the most common memory leaks. 4940 4941 * lib/krb5/rd_req.c: Free allocated data. 4942 4943 * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of 4944 fields. 4945 4946Sun Jul 13 00:32:16 1997 Assar Westerlund <assar@sics.se> 4947 4948 * appl/telnet: Conditionalize the krb4-support. 4949 4950 * configure.in: Test for krb4 4951 4952Sat Jul 12 17:14:12 1997 Assar Westerlund <assar@sics.se> 4953 4954 * kdc/kerberos5.c: check if the pre-auth was decrypted properly. 4955 set the `pre_authent' flag 4956 4957 * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce. 4958 4959 * lib/krb5/encrypt.c: Made `generate_random_block' global. 4960 4961 * appl/test: Added gssapi_client and gssapi_server. 4962 4963 * lib/krb5/data.c: Add `krb5_data_zero' 4964 4965 * appl/test/tcp_client.c: try `mk_safe' and `mk_priv' 4966 4967 * appl/test/tcp_server.c: try `rd_safe' and `rd_priv' 4968 4969Sat Jul 12 16:45:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> 4970 4971 * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but 4972 returns zero length from SIOCGIFCONF. 4973 4974Sat Jul 12 16:38:34 1997 Assar Westerlund <assar@sics.se> 4975 4976 * appl/test: new programs 4977 4978 * lib/krb5/rd_req.c: add address compare 4979 4980 * lib/krb5/mk_req_ext.c: allow no checksum 4981 4982 * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string 4983 4984 * lib/krb5/address.c: fix `krb5_address_compare' 4985 4986Sat Jul 12 15:03:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 4987 4988 * lib/krb5/get_addrs.c: Fix ip4 address extraction. 4989 4990 * kuser/klist.c: Add verbose flag, and split main into smaller 4991 pieces. 4992 4993 * lib/krb5/fcache.c: Save ticket flags. 4994 4995 * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and 4996 flags. 4997 4998 * lib/krb5/krb5.h: Add ticket_flags to krb5_creds. 4999 5000Sat Jul 12 13:12:48 1997 Assar Westerlund <assar@sics.se> 5001 5002 * configure.in: Call `AC_KRB_PROG_LN_S' 5003 5004 * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4 5005 5006Sat Jul 12 00:57:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5007 5008 * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to 5009 pass options. 5010 5011Fri Jul 11 15:04:22 1997 Assar Westerlund <assar@sics.se> 5012 5013 * appl/telnet: telnet & telnetd seems to be working. 5014 5015 * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed 5016 krb5_config_vget_next 5017 5018 * appl/telnet/libtelnet/kerberos5.c: update to current API 5019 5020Thu Jul 10 14:54:39 1997 Assar Westerlund <assar@sics.se> 5021 5022 * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call 5023 `krb5_kuserok' 5024 5025 * appl/telnet: Added. 5026 5027Thu Jul 10 05:09:25 1997 Johan Danielsson <joda@emma.pdc.kth.se> 5028 5029 * lib/error/compile_et.awk: Remove usage of sub, gsub, and 5030 functions for compatibility with awk. 5031 5032 * include/bits.c: Must use signed char. 5033 5034 * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets 5035 here. 5036 5037 * lib/error/error.c: Replace krb5_get_err_text with new function 5038 com_right. 5039 5040 * lib/error/compile_et.awk: Avoid using static variables. 5041 5042 * lib/error/error.c: Don't use krb5_locl.h 5043 5044 * lib/error/error.h: Move definitions of error_table and 5045 error_list from krb5.h. 5046 5047 * lib/error: Moved from lib/krb5. 5048 5049Wed Jul 9 07:42:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5050 5051 * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data. 5052 5053Wed Jul 9 06:58:00 1997 Assar Westerlund <assar@sics.se> 5054 5055 * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff 5056 according to pseudocode from 1510 5057 5058Wed Jul 9 06:06:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5059 5060 * lib/hdb/hdb.c: Add hdb_etype2key. 5061 5062 * kdc/kerberos5.c: Check authenticator. Use more general etype 5063 functions. 5064 5065Wed Jul 9 03:51:12 1997 Assar Westerlund <assar@sics.se> 5066 5067 * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to 5068 draft-ietf-cat-kerberos-r-00.txt 5069 5070 * lib/krb5/principal.c (krb5_parse_name): default to local realm 5071 if none given 5072 5073 * kuser/kinit.c: New option `-p' and prompt 5074 5075Wed Jul 9 02:30:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5076 5077 * lib/krb5/keyblock.c: Keyblock generation functions. 5078 5079 * lib/krb5/encrypt.c: Use functions from checksum.c. 5080 5081 * lib/krb5/checksum.c: Move checksum functions here. Add 5082 krb5_cksumsize function. 5083 5084Wed Jul 9 01:15:38 1997 Assar Westerlund <assar@sics.se> 5085 5086 * lib/krb5/get_host_realm.c: implemented 5087 5088 * lib/krb5/config_file.c: Redid part. New functions: 5089 krb5_config_v?get_next 5090 5091 * kuser/kdestroy.c: new program 5092 5093 * kuser/kinit.c: new flag `-f' 5094 5095 * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress 5096 5097 * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN 5098 5099 * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all 5100 users. 5101 5102 * lib/krb5/get_addrs.c: figure out all local addresses, possibly 5103 even IPv6! 5104 5105 * lib/krb5/checksum.c: table-driven checksum 5106 5107Mon Jul 7 21:13:28 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5108 5109 * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as 5110 krb5_encrypt. 5111 5112Mon Jul 7 11:15:51 1997 Assar Westerlund <assar@sics.se> 5113 5114 * lib/roken/vsyslog.c: new file 5115 5116 * lib/krb5/encrypt.c: add des-cbc-md4. 5117 adjust krb5_encrypt and krb5_decrypt to reality 5118 5119Mon Jul 7 02:46:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5120 5121 * lib/krb5/encrypt.c: Implement as a vector of function pointers. 5122 5123 * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and 5124 des-cbc-md5 in separate functions. 5125 5126 * lib/krb5/krb5.h: Add more checksum and encryption types. 5127 5128 * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt. 5129 5130Sun Jul 6 23:02:59 1997 Assar Westerlund <assar@sics.se> 5131 5132 * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files 5133 5134 * lib/krb5/config_file.[ch]: new c-based configuration reading 5135 stuff 5136 5137Wed Jul 2 23:12:56 1997 Assar Westerlund <assar@sics.se> 5138 5139 * configure.in: Set WFLAGS if using gcc 5140 5141Wed Jul 2 17:47:03 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5142 5143 * lib/asn1/der_put.c (der_put_int): Return size correctly. 5144 5145 * admin/ank.c: Be compatible with the asn1 principal format. 5146 5147Wed Jul 1 23:52:20 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5148 5149 * lib/asn1: Now all decode_* and encode_* functions now take a 5150 final size_t* argument, that they return the size in. Return 5151 values are zero for success, and anything else (such as some 5152 ASN1_* constant) for error. 5153 5154Mon Jun 30 06:08:14 1997 Assar Westerlund <assar@sics.se> 5155 5156 * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to 5157 O_WRONLY | O_APPEND 5158 5159 * lib/krb5/get_cred.c: removed stale prototype for 5160 `extract_ticket' and corrected call. 5161 5162 * lib/asn1/gen_length.c (length_type): Make the length functions 5163 for SequenceOf non-destructive 5164 5165 * admin/ank.c (doit): Fix reading of `y/n'. 5166 5167Mon Jun 16 05:41:43 1997 Assar Westerlund <assar@sics.se> 5168 5169 * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number 5170 5171 * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number. 5172 5173 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set 5174 KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum. 5175 5176 * lib/gssapi/8003.c: New file. 5177 5178 * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1 5179 Authenticator. 5180 5181 * lib/krb5/auth_context.c: New functions 5182 `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber' 5183 5184Tue Jun 10 00:35:54 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5185 5186 * lib/krb5: Preapre for use of some asn1-types. 5187 5188 * lib/asn1/*.c (copy_*): Constness. 5189 5190 * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an 5191 octet_string. 5192 5193 * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * -> 5194 general_string 5195 5196 * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't 5197 have anything to do with asn1_compile. 5198 5199 * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes. 5200 5201Sun Jun 8 03:51:55 1997 Assar Westerlund <assar@sics.se> 5202 5203 * kdc/kerberos5.c: Fix PA-ENC-TS-ENC 5204 5205 * kdc/connect.c(process_request): Set `new' 5206 5207 * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way. 5208 5209 * lib: Added editline,sl,roken. 5210 5211Mon Jun 2 00:37:48 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5212 5213 * lib/krb5/fcache.c: Move file cache from cache.c. 5214 5215 * lib/krb5/cache.c: Allow more than one cache type. 5216 5217Sun Jun 1 23:45:33 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5218 5219 * admin/extkeytab.c: Merged with kdb_edit. 5220 5221Sun Jun 1 23:23:08 1997 Assar Westerlund <assar@sics.se> 5222 5223 * kdc/kdc.c: more support for ENC-TS-ENC 5224 5225 * lib/krb5/get_in_tkt.c: redone to enable pre-authentication 5226 5227Sun Jun 1 22:45:11 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5228 5229 * lib/hdb/db.c: Merge fetch and store. 5230 5231 * admin: Merge to one program. 5232 5233 * lib/krb5/str2key.c: Fill in keytype and length. 5234 5235Sun Jun 1 16:31:23 1997 Assar Westerlund <assar@sics.se> 5236 5237 * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c, 5238 lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for 5239 KRB5_AUTH_CONTEXT_DO_SEQUENCE 5240 5241 * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an 5242 KRB_ERROR. Some support for PA_ENC_TS_ENC. 5243 5244 * lib/krb5/auth_context.c: implemented seq_number functions 5245 5246 * lib/krb5/generate_subkey.c, generate_seq_number.c: new files 5247 5248 * lib/gssapi/gssapi.h: avoid including <krb5.h> 5249 5250 * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake 5251 happy 5252 5253 * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP 5254 5255 * configure.in: adapted to automake 1.1p 5256 5257Mon May 26 22:26:21 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5258 5259 * lib/krb5/principal.c: Add contexts to many functions. 5260 5261Thu May 15 20:25:37 1997 Johan Danielsson <joda@emma.pdc.kth.se> 5262 5263 * lib/krb5/verify_user.c: First stab at a verify user. 5264 5265 * lib/auth/sia/sia5.c: SIA module for Kerberos 5. 5266 5267Mon Apr 14 00:09:03 1997 Assar Westerlund <assar@sics.se> 5268 5269 * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be 5270 able to (mostly) run gss-client and gss-server. 5271 5272 * lib/krb5/keytab.c: implemented krb5_kt_add_entry, 5273 krb5_kt_store_principal, krb5_kt_store_keyblock 5274 5275 * lib/des/md5.[ch], sha.[ch]: new files 5276 5277 * lib/asn1/der_get.c (generalizedtime2time): use `timegm' 5278 5279 * lib/asn1/timegm.c: new file 5280 5281 * admin/extkeytab.c: new program 5282 5283 * admin/admin_locl.h: new file 5284 5285 * admin/Makefile.am: Added extkeytab 5286 5287 * configure.in: moved config to include 5288 removed timezone garbage 5289 added lib/gssapi and admin 5290 5291 * Makefile.am: Added admin 5292 5293Mon Mar 17 11:34:05 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5294 5295 * kdc/kdc.c: Use new copying functions, and free some data. 5296 5297 * lib/asn1/Makefile.am: Try to not always rebuild generated files. 5298 5299 * lib/asn1/der_put.c: Add fix_dce(). 5300 5301 * lib/asn1/der_{get,length,put}.c: Fix include files. 5302 5303 * lib/asn1/der_free.c: Remove unused functions. 5304 5305 * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free, 5306 gen_length, and gen_copy. 5307 5308Sun Mar 16 18:13:52 1997 Assar Westerlund <assar@sics.se> 5309 5310 * lib/krb5/sendauth.c: implemented functionality 5311 5312 * lib/krb5/rd_rep.c: Use `krb5_decrypt' 5313 5314 * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' == 5315 NULL 5316 5317 * lib/krb5/principal.c (krb5_free_principal): added `context' 5318 argument. Changed all callers. 5319 5320 (krb5_sname_to_principal): new function 5321 5322 * lib/krb5/auth_context.c (krb5_free_authenticator): add `context' 5323 argument. Changed all callers 5324 5325 * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files 5326 5327 * lib/asn1/gen.c: Fix encoding and decoding of BitStrings 5328 5329Fri Mar 14 11:29:00 1997 Assar Westerlund <assar@sics.se> 5330 5331 * configure.in: look for *dbm? 5332 5333 * lib/asn1/gen.c: Fix filename in generated files. Check fopens. 5334 Put trailing newline in asn1_files. 5335 5336Fri Mar 14 05:06:44 1997 Johan Danielsson <joda@emma.pdc.kth.se> 5337 5338 * lib/krb5/get_in_tkt.c: Fix some memory leaks. 5339 5340 * lib/krb5/krbhst.c: Properly free hostlist. 5341 5342 * lib/krb5/decrypt.c: CRCs are 32 bits. 5343 5344Fri Mar 14 04:39:15 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5345 5346 * lib/asn1/gen.c: Generate one file for each type. 5347 5348Fri Mar 14 04:13:47 1997 Assar Westerlund <assar@sics.se> 5349 5350 * lib/asn1/gen.c: Generate `length_FOO' functions 5351 5352 * lib/asn1/der_length.c: new file 5353 5354 * kuser/klist.c: renamed stime -> printable_time to avoid conflict 5355 on HP/UX 5356 5357Fri Mar 14 03:37:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> 5358 5359 * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free 5360 datums. Don't add .db to filename. 5361 5362Fri Mar 14 02:49:51 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5363 5364 * kdc/dump.c: Database dump program. 5365 5366 * kdc/ank.c: Trivial database editing program. 5367 5368 * kdc/{kdc.c, load.c}: Use libhdb. 5369 5370 * lib/hdb: New database routine library. 5371 5372 * lib/krb5/error/Makefile.am: Add hdb_err. 5373 5374Wed Mar 12 17:41:14 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5375 5376 * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support. 5377 5378 * lib/asn1/gen.c: Generate free functions. 5379 5380 * Some specific free functions. 5381 5382Wed Mar 12 12:30:13 1997 Assar Westerlund <assar@sics.se> 5383 5384 * lib/krb5/krb5_mk_req_ext.c: new file 5385 5386 * lib/asn1/gen.c: optimize the case with a simple type 5387 5388 * lib/krb5/get_cred.c (krb5_get_credentials): Use 5389 `mk_req_extended' and remove old code. 5390 5391 * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an 5392 EncASRepPart, then with an EncTGSRepPart. 5393 5394Wed Mar 12 08:26:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5395 5396 * lib/krb5/store_emem.c: New resizable memory storage. 5397 5398 * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c 5399 5400 * lib/krb5/krb5.h: Add free entry to krb5_storage. 5401 5402 * lib/krb5/decrypt.c: Make keyblock const. 5403 5404Tue Mar 11 20:22:17 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5405 5406 * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket. 5407 5408 * lib/krb5/rd_req.c: Return whole asn.1 ticket in 5409 krb5_ticket->tkt. 5410 5411 * lib/krb5/get_in_tkt.c: TGS -> AS 5412 5413 * kuser/kfoo.c: Print error string rather than number. 5414 5415 * kdc/kdc.c: Some kind of non-working TGS support. 5416 5417Mon Mar 10 01:43:22 1997 Assar Westerlund <assar@sics.se> 5418 5419 * lib/asn1/gen.c: reduced generated code by 1/5 5420 5421 * lib/asn1/der_put.c: (der_put_length_and_tag): new function 5422 5423 * lib/asn1/der_get.c (der_match_tag_and_length): new function 5424 5425 * lib/asn1/der.h: added prototypes 5426 5427Mon Mar 10 01:15:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5428 5429 * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for 5430 krb5_rd_req_with_keyblock. 5431 5432 * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that 5433 takes a precomputed keyblock. 5434 5435 * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code. 5436 5437 * lib/krb5/mk_req.c: Calculate checksum of in_data. 5438 5439Sun Mar 9 21:17:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5440 5441 * lib/krb5/error/compile_et.awk: Add a declaration of struct 5442 error_list, and multiple inclusion block to header files. 5443 5444Sun Mar 9 21:01:12 1997 Assar Westerlund <assar@sics.se> 5445 5446 * lib/krb5/rd_req.c: do some checks on times 5447 5448 * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c, 5449 address.c}: new files 5450 5451 * lib/krb5/auth_context.c: more code 5452 5453 * configure.in: try to figure out timezone 5454 5455Sat Mar 8 11:41:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5456 5457 * lib/krb5/error/error.c: Try strerror if error code wasn't found. 5458 5459 * lib/krb5/get_in_tkt.c: Remove realm parameter from 5460 krb5_get_salt. 5461 5462 * lib/krb5/context.c: Initialize error table. 5463 5464 * kdc: The beginnings of a kdc. 5465 5466Sat Mar 8 08:16:28 1997 Assar Westerlund <assar@sics.se> 5467 5468 * lib/krb5/rd_safe.c: new file 5469 5470 * lib/krb5/checksum.c (krb5_verify_checksum): New function 5471 5472 * lib/krb5/get_cred.c: use krb5_create_checksum 5473 5474 * lib/krb5/checksum.c: new file 5475 5476 * lib/krb5/store.c: no more arithmetic with void* 5477 5478 * lib/krb5/cache.c: now seems to work again 5479 5480Sat Mar 8 06:58:09 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5481 5482 * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5. 5483 5484 * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c. 5485 5486 * lib/krb5/asn1_glue.c: Moved some asn1-stuff here. 5487 5488 * lib/krb5/{cache,keytab}.c: Use new storage functions. 5489 5490 * lib/krb5/krb5.h: Protypes for new storage functions. 5491 5492 * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write 5493 data to more than file descriptors. 5494 5495Sat Mar 8 01:01:17 1997 Assar Westerlund <assar@sics.se> 5496 5497 * lib/krb5/encrypt.c: New file. 5498 5499 * lib/krb5/Makefile.am: More -I 5500 5501 * configure.in: Test for big endian, random, rand, setitimer 5502 5503 * lib/asn1/gen.c: perhaps even decodes bitstrings 5504 5505Thu Mar 6 19:05:29 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 5506 5507 * lib/krb5/config_file.y: Better return values on error. 5508 5509Sat Feb 8 15:59:56 1997 Assar Westerlund <assar@pdc.kth.se> 5510 5511 * lib/asn1/parse.y: ifdef HAVE_STRDUP 5512 5513 * lib/asn1/lex.l: ifdef strdup 5514 brange-dead version of list of special characters to make stupid 5515 lex accept it. 5516 5517 * lib/asn1/gen.c: A DER integer should really be a `unsigned' 5518 5519 * lib/asn1/der_put.c: A DER integer should really be a `unsigned' 5520 5521 * lib/asn1/der_get.c: A DER integer should really be a `unsigned' 5522 5523 * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is 5524 needed. 5525 5526 * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c, 5527 lib/krb/store.h: new files. 5528 5529 * lib/krb5/keytab.c: now even with some functionality. 5530 5531 * lib/asn1/gen.c: changed paramater from void * to Foo * 5532 5533 * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty 5534 string. 5535 5536Sun Jan 19 06:17:39 1997 Assar Westerlund <assar@pdc.kth.se> 5537 5538 * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in 5539 cc before getting new ones. 5540 5541 * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype. 5542 5543 * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the 5544 CRC should be stored LSW first. (?) 5545 5546 * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and 5547 `krb5_free_keyblock' 5548 5549 * lib/**/Makefile.am: Rename foo libfoo.a 5550 5551 * include/Makefile.in: Use test instead of [ 5552 -e does not work with /bin/sh on psoriasis 5553 5554 * configure.in: Search for awk 5555 create lib/krb/error/compile_et 5556 5557Tue Jan 14 03:46:26 1997 Assar Westerlund <assar@pdc.kth.se> 5558 5559 * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c 5560 5561Wed Dec 18 00:53:55 1996 Johan Danielsson <joda@emma.pdc.kth.se> 5562 5563 * kuser/kinit.c: Guess principal. 5564 5565 * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some 5566 warnings. 5567 5568 * lib/krb5/error/asn1_err.et: Add ASN.1 error messages. 5569 5570 * lib/krb5/mk_req.c: Get client from cache. 5571 5572 * lib/krb5/cache.c: Add better error checking some useful return 5573 values. 5574 5575 * lib/krb5/krb5.h: Fix krb5_auth_context. 5576 5577 * lib/asn1/der.h: Make krb5_data compatible with krb5.h 5578 5579Tue Dec 17 01:32:36 1996 Johan Danielsson <joda@emma.pdc.kth.se> 5580 5581 * lib/krb5/error: Add primitive error library. 5582 5583Mon Dec 16 16:30:20 1996 Johan Danielsson <joda@emma.pdc.kth.se> 5584 5585 * lib/krb5/cache.c: Get correct address type from cache. 5586 5587 * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1. 5588 5589