1102644Snectar2001-12-20 Johan Danielsson <joda@pdc.kth.se> 2102644Snectar 3102644Snectar * lib/krb5/crypto.c: use our own des string-to-key function, since 4102644Snectar the one from openssl sometimes generates wrong output 5102644Snectar 6102644Snectar2001-12-05 Jacques Vidrine <n@nectar.cc> 7102644Snectar 8102644Snectar * lib/hdb/mkey.c: fix a bug in which kstash would crash if 9102644Snectar there were no /etc/krb5.conf 10102644Snectar 11102644Snectar2001-11-09 Johan Danielsson <joda@pdc.kth.se> 12102644Snectar 13102644Snectar * lib/krb5/krb5_verify_user.3: sort references (from Thomas 14102644Snectar Klausner) 15102644Snectar 16102644Snectar * lib/krb5/krb5_principal_get_realm.3: add section to reference 17102644Snectar (from Thomas Klausner) 18102644Snectar 19102644Snectar * lib/krb5/krb5_krbhst_init.3: sort references (from Thomas 20102644Snectar Klausner) 21102644Snectar 22102644Snectar * lib/krb5/krb5_keytab.3: white space fixes (from Thomas Klausner) 23102644Snectar 24102644Snectar * lib/krb5/krb5_get_krbhst.3: remove extra white space (from 25102644Snectar Thomas Klausner) 26102644Snectar 27102644Snectar * lib/krb5/krb5_get_all_client_addrs.3: add section to reference 28102644Snectar (from Thomas Klausner) 29102644Snectar 30102644Snectar2001-10-29 Jacques Vidrine <n@nectar.com> 31102644Snectar 32102644Snectar * admin/get.c: fix a bug in which a reference to a data 33102644Snectar structure on the stack was being kept after the containing 34102644Snectar function's lifetime, resulting in a segfault during `ktutil 35102644Snectar get'. 36102644Snectar 37102644Snectar2001-10-22 Assar Westerlund <assar@sics.se> 38102644Snectar 39102644Snectar * lib/krb5/crypto.c: make all high-level encrypting and decrypting 40102644Snectar functions check the return value of the underlying function and 41102644Snectar handle errors more consistently. noted by Sam Hartman 42102644Snectar <hartmans@mit.edu> 43102644Snectar 44102644Snectar2001-10-21 Assar Westerlund <assar@sics.se> 45102644Snectar 46102644Snectar * lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a 47102644Snectar non-keyed checksum when it should be non-keyed 48102644Snectar 49102644Snectar2001-09-29 Assar Westerlund <assar@sics.se> 50102644Snectar 51102644Snectar * kuser/kinit.1: add the kauth alias 52102644Snectar * kuser/kinit.c: allow specification of afslog in krb5.conf, noted 53102644Snectar by jhutz@cs.cmu.edu 54102644Snectar 55102644Snectar2001-09-27 Assar Westerlund <assar@sics.se> 56102644Snectar 57102644Snectar * lib/asn1/gen.c: remove the need for libasn1.h, also make 58102644Snectar generated files include all files from IMPORTed modules 59102644Snectar 60102644Snectar * lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values 61102644Snectar * kpasswd/kpasswd.c: improve error message printing 62102644Snectar * lib/krb5/changepw.c (krb5_passwd_result_to_string): add change 63102644Snectar to use sequence numbers connect the udp socket so that we can 64102644Snectar figure out the local address 65102644Snectar 66102644Snectar2001-09-25 Assar Westerlund <assar@sics.se> 67102644Snectar 68102644Snectar * lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED 69102644Snectar 70102644Snectar2001-09-20 Johan Danielsson <joda@pdc.kth.se> 71102644Snectar 72102644Snectar * lib/krb5/principal.c (krb5_425_conv_principal_ext): try using 73102644Snectar lower case realm as domain, but only when given a verification 74102644Snectar function 75102644Snectar 76102644Snectar2001-09-20 Assar Westerlund <assar@sics.se> 77102644Snectar 78102644Snectar * lib/asn1/der_put.c (der_put_length): do not even try writing 79102644Snectar anything when len == 0 80102644Snectar 81102644Snectar2001-09-18 Johan Danielsson <joda@pdc.kth.se> 82102644Snectar 83102644Snectar * kdc/hpropd.c: add realm override option 84102644Snectar 85102644Snectar * lib/krb5/set_default_realm.c (krb5_set_default_realm): make 86102644Snectar realm parameter const 87102644Snectar 88102644Snectar * kdc/hprop.c: more free's 89102644Snectar 90102644Snectar * lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key 91102644Snectar proc data 92102644Snectar 93102644Snectar * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free 94102644Snectar addrinfo 95102644Snectar 96102644Snectar * lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when 97102644Snectar not returning error 98102644Snectar 99102644Snectar2001-09-16 Assar Westerlund <assar@sics.se> 100102644Snectar 101102644Snectar * lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time): 102102644Snectar make realm const 103102644Snectar 104102644Snectar * lib/krb5/crypto.c: use des functions to avoid generating 105102644Snectar warnings with openssl's prototypes 106102644Snectar 107102644Snectar2001-09-05 Johan Danielsson <joda@pdc.kth.se> 108102644Snectar 109102644Snectar * configure.in: check for termcap.h 110102644Snectar 111102644Snectar * lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy 112102644Snectar 113102644Snectar2001-09-03 Assar Westerlund <assar@sics.se> 114102644Snectar 115102644Snectar * lib/krb5/addr_families.c (krb5_print_address): handle snprintf 116102644Snectar returning < 0. noticed by hin@stacken.kth.se 117102644Snectar 118102644Snectar2001-09-03 Assar Westerlund <assar@sics.se> 119102644Snectar 120102644Snectar * Release 0.4e 121102644Snectar 122102644Snectar2001-09-02 Johan Danielsson <joda@pdc.kth.se> 123102644Snectar 124102644Snectar * kuser/Makefile.am: install kauth as a symlink to kinit 125102644Snectar 126102644Snectar * kuser/kinit.c: get v4_tickets by default 127102644Snectar 128102644Snectar * lib/asn1/Makefile.am: fix for broken automake 129102644Snectar 130102644Snectar2001-08-31 Johan Danielsson <joda@pdc.kth.se> 131102644Snectar 132102644Snectar * lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke 133102644Snectar Howard 134102644Snectar 135102644Snectar * kuser/kinit.1: remove references to kauth 136102644Snectar 137102644Snectar * kuser/Makefile.am: kauth is no more 138102644Snectar 139102644Snectar * kuser/kinit.c: use appdefaults for everything. defaults are now 140102644Snectar as in kauth. 141102644Snectar 142102644Snectar * lib/krb5/appdefault.c: also check libdefaults, and realms/realm 143102644Snectar 144102644Snectar * lib/krb5/context.c (krb5_free_context): free more stuff 145102644Snectar 146102644Snectar2001-08-30 Johan Danielsson <joda@pdc.kth.se> 147102644Snectar 148102644Snectar * lib/krb5/verify_krb5_conf.c: do some checks of the values in the 149102644Snectar file 150102644Snectar 151102644Snectar * lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling 152102644Snectar 153102644Snectar * lib/krb5/context.c: don't init srv_try_txt, since it isn't used 154102644Snectar anymore 155102644Snectar 156102644Snectar2001-08-29 Jacques Vidrine <n@nectar.com> 157102644Snectar 158102644Snectar * configure.in: Check for already-installed com_err. 159102644Snectar 160102644Snectar2001-08-28 Assar Westerlund <assar@sics.se> 161102644Snectar 162102644Snectar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1 163102644Snectar 164102644Snectar2001-08-24 Assar Westerlund <assar@sics.se> 165102644Snectar 166102644Snectar * kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require 167102644Snectar no special treatment now 168102644Snectar 169102644Snectar * kuser/generate-requests.c: parse arguments in a useful way 170102644Snectar * kuser/kverify.c: add --help/--verify 171102644Snectar 172102644Snectar2001-08-22 Assar Westerlund <assar@sics.se> 173102644Snectar 174102644Snectar * configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4 175102644Snectar 176102644Snectar * configure.in: re-write the handling of crypto libraries. try to 177102644Snectar use the one of openssl's libcrypto or krb4's libdes that has all 178102644Snectar the required functionality (md4, md5, sha1, des, rc4). if there 179102644Snectar is no such library, the included lib/des is built. 180102644Snectar 181102644Snectar * kdc/headers.h: include libutil.h if it exists 182102644Snectar * kpasswd/kpasswd_locl.h: include libutil.h if it exists 183102644Snectar * kdc/kerberos4.c (get_des_key): check for null keys even if 184102644Snectar is_server 185102644Snectar 186102644Snectar2001-08-21 Assar Westerlund <assar@sics.se> 187102644Snectar 188102644Snectar * lib/asn1/asn1_print.c: print some size_t correctly 189102644Snectar * configure.in: remove extra space after -L check for libutil.h 190102644Snectar 191102644Snectar2001-08-17 Johan Danielsson <joda@pdc.kth.se> 192102644Snectar 193102644Snectar * kdc/kdc_locl.h: fix prototype for get_des_key 194102644Snectar 195102644Snectar * kdc/kaserver.c: fix call to get_des_key 196102644Snectar 197102644Snectar * kdc/524.c: fix call to get_des_key 198102644Snectar 199102644Snectar * kdc/kerberos4.c (get_des_key): if getting a key for a server, 200102644Snectar return any des-key not just keys that can be string-to-keyed by 201102644Snectar the client 202102644Snectar 203102644Snectar2001-08-10 Assar Westerlund <assar@sics.se> 204102644Snectar 205102644Snectar * Release 0.4d 206102644Snectar 207102644Snectar2001-08-10 Assar Westerlund <assar@sics.se> 208102644Snectar 209102644Snectar * configure.in: check for openpty 210102644Snectar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0 211102644Snectar 212102644Snectar2001-08-08 Assar Westerlund <assar@sics.se> 213102644Snectar 214102644Snectar * configure.in: just add -L (if required) from krb4 when testing 215102644Snectar for libdes/libcrypto 216102644Snectar 217102644Snectar2001-08-04 Assar Westerlund <assar@sics.se> 218102644Snectar 219102644Snectar * lib/krb5/Makefile.am (man_MANS): add some missing man pages 220102644Snectar * fix-export: fix the sed expression for finding the man pages 221102644Snectar 222102644Snectar2001-07-31 Assar Westerlund <assar@sics.se> 223102644Snectar 224102644Snectar * kpasswd/kpasswd-generator.c (main): implement --version and 225102644Snectar --help 226102644Snectar 227102644Snectar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to 228102644Snectar 18:1:1 229102644Snectar 230102644Snectar2001-07-27 Assar Westerlund <assar@sics.se> 231102644Snectar 232102644Snectar * lib/krb5/context.c (init_context_from_config_file): check 233102644Snectar parsing of addresses 234102644Snectar 235102644Snectar2001-07-26 Assar Westerlund <assar@sics.se> 236102644Snectar 237102644Snectar * lib/krb5/sock_principal.c (krb5_sock_to_principal): rename 238102644Snectar sa_len -> salen to avoid the macro that's defined on irix. noted 239102644Snectar by "Jacques A. Vidrine" <n@nectar.com> 240102644Snectar 241102644Snectar2001-07-24 Johan Danielsson <joda@pdc.kth.se> 242102644Snectar 243102644Snectar * lib/krb5/addr_families.c: add support for type 244102644Snectar KRB5_ADDRESS_ADDRPORT 245102644Snectar 246102644Snectar * lib/krb5/addr_families.c (krb5_address_order): complain about 247102644Snectar unsuppored address types 248102644Snectar 249102644Snectar2001-07-23 Johan Danielsson <joda@pdc.kth.se> 250102644Snectar 251102644Snectar * admin/get.c: don't open connection to server until we loop over 252102644Snectar the principals, at that time we know the realm of the (first) 253102644Snectar principal and we can default to that admin server 254102644Snectar 255102644Snectar * admin: add a rename command 256102644Snectar 257102644Snectar2001-07-19 Assar Westerlund <assar@sics.se> 258102644Snectar 259102644Snectar * kdc/hprop.c (usage): clarify a tiny bit 260102644Snectar 261102644Snectar2001-07-19 Assar Westerlund <assar@sics.se> 262102644Snectar 263102644Snectar * Release 0.4c 264102644Snectar 265102644Snectar2001-07-19 Assar Westerlund <assar@sics.se> 266102644Snectar 267102644Snectar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 268102644Snectar 18:0:1 269102644Snectar 270102644Snectar * lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave 271102644Snectar the same way as the MIT function 272102644Snectar 273102644Snectar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0 274102644Snectar * lib/krb5/sock_principal.c (krb5_sock_to_principal): use 275102644Snectar getnameinfo 276102644Snectar 277102644Snectar * lib/krb5/krbhst.c (srv_find_realm): handle port numbers 278102644Snectar consistenly in local byte order 279102644Snectar 280102644Snectar * lib/krb5/get_default_realm.c (krb5_get_default_realm): set an 281102644Snectar error string 282102644Snectar 283102644Snectar * kuser/kinit.c (renew_validate): invert condition correctly. get 284102644Snectar v4 tickets if we succeed renewing 285102644Snectar * lib/krb5/principal.c (krb5_principal_get_type): add 286102644Snectar (default_v4_name_convert): add "smtp" 287102644Snectar 288102644Snectar2001-07-13 Assar Westerlund <assar@sics.se> 289102644Snectar 290102644Snectar * configure.in: remove make-print-version from LIBOBJS, it's no 291102644Snectar longer in lib/roken but always built in lib/vers 292102644Snectar 293102644Snectar2001-07-12 Johan Danielsson <joda@pdc.kth.se> 294102644Snectar 295102644Snectar * lib/hdb/mkey.c: more set_error_string 296102644Snectar 297102644Snectar2001-07-12 Assar Westerlund <assar@sics.se> 298102644Snectar 299102644Snectar * lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library 300102644Snectar dependencies 301102644Snectar 302102644Snectar * lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library 303102644Snectar dependencies 304102644Snectar 305102644Snectar2001-07-11 Johan Danielsson <joda@pdc.kth.se> 306102644Snectar 307102644Snectar * kdc/hprop.c: remove v4 master key handling; remove old v4-db and 308102644Snectar ka-db flags; add defaults for v4_realm and afs_cell 309102644Snectar 310102644Snectar2001-07-09 Assar Westerlund <assar@sics.se> 311102644Snectar 312102644Snectar * lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname 313102644Snectar before calling krb5_sname_to_principal. from "Jacques A. Vidrine" 314102644Snectar <n@nectar.com> 315102644Snectar 316102644Snectar2001-07-08 Johan Danielsson <joda@pdc.kth.se> 317102644Snectar 318102644Snectar * lib/krb5/context.c: use krb5_copy_addresses instead of 319102644Snectar copy_HostAddresses 320102644Snectar 321102644Snectar2001-07-06 Assar Westerlund <assar@sics.se> 322102644Snectar 323102644Snectar * configure.in (LIB_des_a, LIB_des_so): add these so that they can 324102644Snectar be used by lib/auth/sia 325102644Snectar 326102644Snectar * kuser/kinit.c: re-do some of the v4 fallbacks: look at 327102644Snectar get-tokens flag do not print extra errors do not try to do 524 if 328102644Snectar we got tickets from a v4 server 329102644Snectar 330102644Snectar2001-07-03 Assar Westerlund <assar@sics.se> 331102644Snectar 332102644Snectar * lib/krb5/replay.c (krb5_get_server_rcache): cast argument to 333102644Snectar printf 334102644Snectar 335102644Snectar * lib/krb5/get_addrs.c (find_all_addresses): call free_addresses 336102644Snectar on ignore_addresses correctly 337102644Snectar * lib/krb5/init_creds.c 338102644Snectar (krb5_get_init_creds_opt_set_default_flags): change to take a 339102644Snectar const realm 340102644Snectar 341102644Snectar * lib/krb5/principal.c (krb5_425_conv_principal_ext): if the 342102644Snectar instance is the first component of the local hostname, the 343102644Snectar converted host should be the long hostname. from 344102644Snectar <shadow@dementia.org> 345102644Snectar 346102644Snectar2001-07-02 Johan Danielsson <joda@pdc.kth.se> 347102644Snectar 348102644Snectar * lib/krb5/Makefile.am: address.c is no more; add a couple of 349102644Snectar manpages 350102644Snectar 351102644Snectar * lib/krb5/krb5_timeofday.3: new manpage 352102644Snectar 353102644Snectar * lib/krb5/krb5_get_all_client_addrs.3: new manpage 354102644Snectar 355102644Snectar * lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as 356102644Snectar wildcard 357102644Snectar 358102644Snectar * lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as 359102644Snectar wildcard 360102644Snectar 361102644Snectar * lib/krb5/get_addrs.c: don't include client addresses that match 362102644Snectar ignore_addresses 363102644Snectar 364102644Snectar * lib/krb5/context.c: initialise ignore_addresses 365102644Snectar 366102644Snectar * lib/krb5/addr_families.c: add new `arange' fake address type, 367102644Snectar that matches more than one address; this required some internal 368102644Snectar changes to many functions, so all of address.c got moved here 369102644Snectar (wasn't much left there) 370102644Snectar 371102644Snectar * lib/krb5/krb5.h: add list of ignored addresses to context 372102644Snectar 373102644Snectar2001-07-03 Assar Westerlund <assar@sics.se> 374102644Snectar 375102644Snectar * Release 0.4b 376102644Snectar 377102644Snectar2001-07-03 Assar Westerlund <assar@sics.se> 378102644Snectar 379102644Snectar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0 380102644Snectar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0 381102644Snectar 382102644Snectar2001-07-03 Assar Westerlund <assar@sics.se> 383102644Snectar 384102644Snectar * Release 0.4a 385102644Snectar 386102644Snectar2001-07-02 Johan Danielsson <joda@pdc.kth.se> 387102644Snectar 388102644Snectar * kuser/kinit.c: make this compile without krb4 support 389102644Snectar 390102644Snectar * lib/krb5/write_message.c: remove priv parameter from 391102644Snectar write_safe_message; don't know why it was there in the first place 392102644Snectar 393102644Snectar * doc/install.texi: remove kaserver switches, it's always compiled 394102644Snectar in now 395102644Snectar 396102644Snectar * kdc/hprop.c: always include kadb support 397102644Snectar 398102644Snectar * kdc/kaserver.c: always include kaserver support 399102644Snectar 400102644Snectar2001-07-02 Assar Westerlund <assar@sics.se> 401102644Snectar 402102644Snectar * kpasswd/kpasswdd.c (doit): make failing to bind a socket a 403102644Snectar non-fatal error, and abort if no sockets were bound 404102644Snectar 405102644Snectar2001-07-01 Assar Westerlund <assar@sics.se> 406102644Snectar 407102644Snectar * lib/krb5/krbhst.c: remember the real port number when falling 408102644Snectar back from kpasswd -> kadmin, and krb524 -> kdc 409102644Snectar 410102644Snectar2001-06-29 Assar Westerlund <assar@sics.se> 411102644Snectar 412102644Snectar * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if 413102644Snectar no_addresses is set, do not add any local addresses to KRB_CRED 414102644Snectar 415102644Snectar * kuser/kinit.c: remove extra clearing of password and some 416102644Snectar redundant code 417102644Snectar 418102644Snectar2001-06-29 Johan Danielsson <joda@pdc.kth.se> 419102644Snectar 420102644Snectar * kuser/kinit.c: move ticket conversion code to separate function, 421102644Snectar and call that from a couple of places, like when renewing a 422102644Snectar ticket; also add a flag for just converting a ticket 423102644Snectar 424102644Snectar * lib/krb5/init_creds_pw.c: set renew-life to some sane value 425102644Snectar 426102644Snectar * kdc/524.c: don't send more data than required 427102644Snectar 428102644Snectar2001-06-24 Assar Westerlund <assar@sics.se> 429102644Snectar 430102644Snectar * lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns 431102644Snectar 432102644Snectar * lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY: 433102644Snectar (any_start_seq_get): remove a double free 434102644Snectar (any_next_entry): iterate over all (sub) keytabs and avoid leave data 435102644Snectar around to be freed again 436102644Snectar 437102644Snectar * kdc/kdc_locl.h: add a define for des_new_random_key when using 438102644Snectar openssl's libcrypto 439102644Snectar 440102644Snectar * configure.in: move v6 tests down 441102644Snectar 442102644Snectar * lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052 443102644Snectar 444102644Snectar * update to libtool 1.4 and autoconf 2.50 445102644Snectar 446102644Snectar2001-06-22 Johan Danielsson <joda@pdc.kth.se> 447102644Snectar 448102644Snectar * lib/hdb/hdb.c: use krb5_add_et_list 449102644Snectar 450102644Snectar2001-06-21 Johan Danielsson <joda@pdc.kth.se> 451102644Snectar 452102644Snectar * lib/hdb/Makefile.am: add generation number 453102644Snectar * lib/hdb/common.c: add generation number code 454102644Snectar * lib/hdb/hdb.asn1: add generation number 455102644Snectar * lib/hdb/print.c: use krb5_storage to make it more dynamic 456102644Snectar 457102644Snectar2001-06-21 Assar Westerlund <assar@sics.se> 458102644Snectar 459102644Snectar * lib/krb5/krb5.conf.5: update to changed names used by 460102644Snectar krb5_get_init_creds_opt_set_default_flags 461102644Snectar * lib/krb5/init_creds.c 462102644Snectar (krb5_get_init_creds_opt_set_default_flags): make the appdefault 463102644Snectar keywords have the same names 464102644Snectar 465102644Snectar * configure.in: only add -L and -R to the krb4 libdir if we are 466102644Snectar actually using it 467102644Snectar 468102644Snectar * lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing 469102644Snectar dot of hostname add some comments 470102644Snectar * lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when 471102644Snectar testing for kerberos.REALM. this allows reusing that information 472102644Snectar when actually contacting the server and thus avoids one DNS lookup 473102644Snectar 474102644Snectar2001-06-20 Johan Danielsson <joda@pdc.kth.se> 475102644Snectar 476102644Snectar * lib/krb5/krb5.h: include k524_err.h 477102644Snectar 478102644Snectar * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test 479102644Snectar for keytype, the server will do this for us if it has anything to 480102644Snectar complain about 481102644Snectar 482102644Snectar * lib/krb5/context.c: add protocol compatible krb524 error codes 483102644Snectar 484102644Snectar * lib/krb5/Makefile.am: add protocol compatible krb524 error codes 485102644Snectar 486102644Snectar * lib/krb5/k524_err.et: add protocol compatible krb524 error codes 487102644Snectar 488102644Snectar * lib/krb5/krb5_principal_get_realm.3: manpage 489102644Snectar 490102644Snectar * lib/krb5/principal.c: add functions `krb5_principal_get_realm' 491102644Snectar and `krb5_principal_get_comp_string' that returns parts of a 492102644Snectar principal; this is a replacement for the internal 493102644Snectar `krb5_princ_realm' and `krb5_princ_component' macros that everyone 494102644Snectar seem to use 495102644Snectar 496102644Snectar2001-06-19 Assar Westerlund <assar@sics.se> 497102644Snectar 498102644Snectar * kuser/kinit.c (main): dereference result from krb5_princ_realm. 499102644Snectar from Thomas Nystrom <thn@saeab.se> 500102644Snectar 501102644Snectar2001-06-18 Johan Danielsson <joda@pdc.kth.se> 502102644Snectar 503102644Snectar * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done 504102644Snectar * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak 505102644Snectar * lib/krb5/krbhst.c (config_get_hosts): free hostlist 506102644Snectar * kuser/kinit.c: free principal 507102644Snectar 508102644Snectar2001-06-18 Assar Westerlund <assar@sics.se> 509102644Snectar 510102644Snectar * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra 511102644Snectar freeaddrinfo 512102644Snectar 513102644Snectar * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache): 514102644Snectar remove some unused variables 515102644Snectar 516102644Snectar * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly 517102644Snectar * kdc/kerberos5.c: update to new krb5_auth_con* names 518102644Snectar * kdc/hpropd.c: update to new krb5_auth_con* names 519102644Snectar * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions 520102644Snectar and remove some comments 521102644Snectar * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right 522102644Snectar order: remote - local - session 523102644Snectar * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the 524102644Snectar auth_context 525102644Snectar * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct 526102644Snectar order: remote - local - session 527102644Snectar * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order, 528102644Snectar local - remote - session 529102644Snectar 530102644Snectar2001-06-18 Johan Danielsson <joda@pdc.kth.se> 531102644Snectar 532102644Snectar * lib/krb5/convert_creds.c: use starttime instead of authtime, 533102644Snectar from Chris Chiappa 534102644Snectar 535102644Snectar * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match 536102644Snectar the MIT function by the same name; add 537102644Snectar krb524_convert_creds_kdc_ccache that does what the old version did 538102644Snectar 539102644Snectar * admin/list.c (do_list): make sure list of keys is NULL 540102644Snectar terminated; similar to patch sent by Chris Chiappa 541102644Snectar 542102644Snectar2001-06-18 Assar Westerlund <assar@sics.se> 543102644Snectar 544102644Snectar * lib/krb5/mcache.c (mcc_remove_cred): use 545102644Snectar krb5_free_creds_contents 546102644Snectar 547102644Snectar * lib/krb5/auth_context.c: name function krb5_auth_con more 548102644Snectar consistenly 549102644Snectar * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use 550102644Snectar renamed krb5_auth_con_getauthenticator 551102644Snectar 552102644Snectar * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to 553102644Snectar use krb5_krbhst API 554102644Snectar * lib/krb5/changepw.c (krb5_change_password): update to use 555102644Snectar krb5_krbhst API 556102644Snectar * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API 557102644Snectar * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port 558102644Snectar in krb5_krbhst_info 559102644Snectar (krb5_krbhst_free): free everything 560102644Snectar 561102644Snectar * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add 562102644Snectar (krb5_krbhst_info): add def_port (default port for this service) 563102644Snectar 564102644Snectar * lib/krb5/krbhst-test.c: make it more verbose and useful 565102644Snectar * lib/krb5/krbhst.c: remove some more memory leaks do not try any 566102644Snectar dns operations if there is local configuration admin: fallback to 567102644Snectar kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin 568102644Snectar add some comments 569102644Snectar 570102644Snectar * configure.in: remove initstate and setstate, they should be in 571102644Snectar cf/roken-frag.m4 572102644Snectar 573102644Snectar * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test 574102644Snectar * lib/krb5/krbhst-test.c: new program for testing krbhst 575102644Snectar * lib/krb5/krbhst.c (common_init): remove memory leak 576102644Snectar (main): move test program into krbhst-test 577102644Snectar 578102644Snectar2001-06-17 Johan Danielsson <joda@pdc.kth.se> 579102644Snectar 580102644Snectar * lib/krb5/krb5_krbhst_init.3: manpage 581102644Snectar 582102644Snectar * lib/krb5/krb5_get_krbhst.3: manpage 583102644Snectar 584102644Snectar2001-06-16 Johan Danielsson <joda@pdc.kth.se> 585102644Snectar 586102644Snectar * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type 587102644Snectar 588102644Snectar * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle 589102644Snectar 590102644Snectar * lib/krb5/krb5.h: types for new krbhst api 591102644Snectar 592102644Snectar * lib/krb5/krbhst.c: implement a new api that looks up one host at 593102644Snectar a time, instead of making a list of hosts 594102644Snectar 595102644Snectar2001-06-09 Johan Danielsson <joda@pdc.kth.se> 596102644Snectar 597102644Snectar * configure.in: test for initstate and setstate 598102644Snectar 599102644Snectar * lib/krb5/krbhst.c: remove rfc2052 support 600102644Snectar 601102644Snectar2001-06-08 Johan Danielsson <joda@pdc.kth.se> 602102644Snectar 603102644Snectar * fix some manpages for broken mdoc.old grog test 604102644Snectar 605102644Snectar2001-05-28 Assar Westerlund <assar@sics.se> 606102644Snectar 607102644Snectar * lib/krb5/krb5.conf.5: add [appdefaults] 608102644Snectar * lib/krb5/init_creds_pw.c: remove configuration reading that is 609102644Snectar now done in krb5_get_init_creds_opt_set_default_flags 610102644Snectar * lib/krb5/init_creds.c 611102644Snectar (krb5_get_init_creds_opt_set_default_flags): add reading of 612102644Snectar libdefaults versions of these and add no_addresses 613102644Snectar 614102644Snectar * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string 615102644Snectar when preauth was required and we retry 616102644Snectar 617102644Snectar2001-05-25 Assar Westerlund <assar@sics.se> 618102644Snectar 619102644Snectar * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call 620102644Snectar krb5_get_krb524hst 621102644Snectar * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the 622102644Snectar support functions 623102644Snectar 624102644Snectar2001-05-22 Assar Westerlund <assar@sics.se> 625102644Snectar 626102644Snectar * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec 627102644Snectar properly 628102644Snectar 629102644Snectar2001-05-17 Assar Westerlund <assar@sics.se> 630102644Snectar 631102644Snectar * Release 0.3f 632102644Snectar 633102644Snectar2001-05-17 Assar Westerlund <assar@sics.se> 634102644Snectar 635102644Snectar * lib/krb5/Makefile.am: bump version to 16:0:0 636102644Snectar * lib/hdb/Makefile.am: bump version to 7:1:0 637102644Snectar * lib/asn1/Makefile.am: bump version to 5:0:0 638102644Snectar * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4 639102644Snectar * lib/krb5/codec.c: remove dead code 640102644Snectar 641102644Snectar2001-05-17 Johan Danielsson <joda@pdc.kth.se> 642102644Snectar 643102644Snectar * kdc/config.c: actually check the ticket addresses 644102644Snectar 645102644Snectar2001-05-15 Assar Westerlund <assar@sics.se> 646102644Snectar 647102644Snectar * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct 648102644Snectar parenthesis 649102644Snectar 650102644Snectar * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add 651102644Snectar `errno' (called system_error) to allow callers to make sure they 652102644Snectar pass the current and relevant value. update callers 653102644Snectar 654102644Snectar2001-05-14 Johan Danielsson <joda@pdc.kth.se> 655102644Snectar 656102644Snectar * lib/krb5/verify_user.c: krb5_verify_user_opt 657102644Snectar 658102644Snectar * lib/krb5/krb5.h: verify_opt 659102644Snectar 660102644Snectar * kdc/kerberos5.c: pass context to krb5_domain_x500_decode 661102644Snectar 662102644Snectar2001-05-14 Assar Westerlund <assar@sics.se> 663102644Snectar 664102644Snectar * kpasswd/kpasswdd.c: adapt to new address functions 665102644Snectar * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE 666102644Snectar * kdc/connect.c: adapt to changing address functions 667102644Snectar * kdc/config.c: new krb5_config_parse_file 668102644Snectar * kdc/524.c: new krb5_sockaddr2address 669102644Snectar * lib/krb5/*: add some krb5_{set,clear}_error_string 670102644Snectar 671102644Snectar * lib/asn1/k5.asn1 (LR_TYPE): add 672102644Snectar * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x 673102644Snectar 674102644Snectar2001-05-11 Assar Westerlund <assar@sics.se> 675102644Snectar 676102644Snectar * kdc/kerberos5.c (tsg_rep): fix typo in variable name 677102644Snectar 678102644Snectar * kpasswd/kpasswd-generator.c (nop_prompter): update prototype 679102644Snectar * lib/krb5/init_creds_pw.c: update to new prompter, use prompter 680102644Snectar types and send two prompts at once when changning password 681102644Snectar * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name 682102644Snectar * lib/krb5/krb5.h (krb5_prompt): add type 683102644Snectar (krb5_prompter_fct): add anem 684102644Snectar 685102644Snectar * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two 686102644Snectar paramaters to krb5_cc_next_cred (as MIT does, and not as they 687102644Snectar document). From "Jacques A. Vidrine" <n@nectar.com> 688102644Snectar 689102644Snectar2001-05-11 Johan Danielsson <joda@pdc.kth.se> 690102644Snectar 691102644Snectar * lib/krb5/Makefile.am: store-test 692102644Snectar 693102644Snectar * lib/krb5/store-test.c: simple bit storage test 694102644Snectar 695102644Snectar * lib/krb5/store.c: add more byteorder storage flags 696102644Snectar 697102644Snectar * lib/krb5/krb5.h: add more byteorder storage flags 698102644Snectar 699102644Snectar * kdc/kerberos5.c: don't use NULL where we mean 0 700102644Snectar 701102644Snectar * kdc/kerberos5.c: put referral test code in separate function, 702102644Snectar and test for KRB5_NT_SRV_INST 703102644Snectar 704102644Snectar2001-05-10 Assar Westerlund <assar@sics.se> 705102644Snectar 706102644Snectar * admin/list.c (do_list): do not close the keytab if opening it 707102644Snectar failed 708102644Snectar * admin/list.c (do_list): always print complete names. print 709102644Snectar everything to stdout. 710102644Snectar * admin/list.c: print both v5 and v4 list by default 711102644Snectar * admin/remove.c (kt_remove): reorganize some. open the keytab 712102644Snectar (defaulting to the modify one). 713102644Snectar * admin/purge.c (kt_purge): reorganize some. open the keytab 714102644Snectar (defaulting to the modify one). correct usage strings 715102644Snectar * admin/list.c (kt_list): reorganize some. open the keytab 716102644Snectar * admin/get.c (kt_get): reorganize some. open the keytab 717102644Snectar (defaulting to the modify one) 718102644Snectar * admin/copy.c (kt_copy): default to modify key name. re-organise 719102644Snectar * admin/change.c (kt_change): reorganize some. open the keytab 720102644Snectar (defaulting to the modify one) 721102644Snectar * admin/add.c (kt_add): reorganize some. open the keytab 722102644Snectar (defaulting to the modify one) 723102644Snectar * admin/ktutil.c (main): do not open the keytab, let every 724102644Snectar sub-function handle it 725102644Snectar 726102644Snectar * kdc/config.c (configure): call free_getarg_strings 727102644Snectar 728102644Snectar * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for 729102644Snectar a few more errors 730102644Snectar 731102644Snectar * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make 732102644Snectar `use_dns' parameter boolean 733102644Snectar 734102644Snectar * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify 735102644Snectar * lib/krb5/context.c (init_context_from_config_file): set 736102644Snectar default_keytab_modify 737102644Snectar * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to 738102644Snectar ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab 739102644Snectar (KEYTAB_DEFAULT_MODIFY): add 740102644Snectar * lib/krb5/keytab.c (krb5_kt_default_modify_name): add 741102644Snectar (krb5_kt_resolve): set error string for failed keytab type 742102644Snectar 743102644Snectar2001-05-08 Assar Westerlund <assar@sics.se> 744102644Snectar 745102644Snectar * lib/krb5/crypto.c (encryption_type): make field names more 746102644Snectar consistent 747102644Snectar (create_checksum): separate usage and type 748102644Snectar (krb5_create_checksum): add a separate type parameter 749102644Snectar (encrypt_internal): only free once on mismatched checksum length 750102644Snectar 751102644Snectar * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what 752102644Snectar realm we didn't manage to reach any KDC for in the error string 753102644Snectar 754102644Snectar * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free 755102644Snectar the entire subkey. from <tmartin@mirapoint.com> 756102644Snectar 757102644Snectar2001-05-07 Johan Danielsson <joda@pdc.kth.se> 758102644Snectar 759102644Snectar * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return 760102644Snectar KT_NOTFOUND if the file is empty 761102644Snectar 762102644Snectar2001-05-07 Assar Westerlund <assar@sics.se> 763102644Snectar 764102644Snectar * lib/krb5/fcache.c: call krb5_set_error_string when open fails 765102644Snectar fatally 766102644Snectar * lib/krb5/keytab_file.c: call krb5_set_error_string when open 767102644Snectar fails fatally 768102644Snectar 769102644Snectar * lib/krb5/warn.c (_warnerr): print error_string in context in 770102644Snectar preference to error string derived from error code 771102644Snectar * kuser/kinit.c (main): try to print the error string 772102644Snectar * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible 773102644Snectar error strings for errors 774102644Snectar 775102644Snectar * lib/krb5/krb5.h (krb5_context_data): add error_string and 776102644Snectar error_buf 777102644Snectar * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c 778102644Snectar * lib/krb5/error_string.c: new file 779102644Snectar 780102644Snectar2001-05-02 Johan Danielsson <joda@pdc.kth.se> 781102644Snectar 782102644Snectar * lib/krb5/time.c: krb5_string_to_deltat 783102644Snectar 784102644Snectar * lib/krb5/sock_principal.c: one less data copy 785102644Snectar 786102644Snectar * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's 787102644Snectar 788102644Snectar * lib/krb5/get_default_principal.c: change this slightly 789102644Snectar 790102644Snectar * lib/krb5/crypto.c: make checksum_types into an array of pointers 791102644Snectar 792102644Snectar * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc 793102644Snectar ticket 794102644Snectar 795102644Snectar2001-04-29 Assar Westerlund <assar@sics.se> 796102644Snectar 797102644Snectar * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for 798102644Snectar the right realm if we fail to find a non-krbtgt service in the 799102644Snectar database and the second component does a succesful non-dns lookup 800102644Snectar to get the real realm (which has to be different from the 801102644Snectar originally-supplied realm). this should help windows 2000 clients 802102644Snectar that always start their lookups in `their' realm and do not have 803102644Snectar any idea of how to map hostnames into realms 804102644Snectar * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm 805102644Snectar 806102644Snectar2001-04-27 Johan Danielsson <joda@pdc.kth.se> 807102644Snectar 808102644Snectar * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra 809102644Snectar parameter to request use of dns or not 810102644Snectar 811102644Snectar2001-04-25 Assar Westerlund <assar@sics.se> 812102644Snectar 813102644Snectar * admin/get.c (kt_get): allow specification of encryption types 814102644Snectar * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to 815102644Snectar close an unopened ccache, noted by <marc@mit.edu> 816102644Snectar 817102644Snectar * lib/krb5/krb5.h (krb5_any_ops): add declaration 818102644Snectar * lib/krb5/context.c (init_context_from_config_file): register 819102644Snectar krb5_any_ops 820102644Snectar 821102644Snectar * lib/krb5/keytab_any.c: new file, implementing union of keytabs 822102644Snectar * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c 823102644Snectar 824102644Snectar * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options 825102644Snectar == NULL. noted by <marc@mit.edu> 826102644Snectar 827102644Snectar2001-04-19 Johan Danielsson <joda@pdc.kth.se> 828102644Snectar 829102644Snectar * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything 830102644Snectar else, from Jacques Vidrine 831102644Snectar 832102644Snectar2001-04-18 Johan Danielsson <joda@pdc.kth.se> 833102644Snectar 834102644Snectar * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h 835102644Snectar 836102644Snectar * lib/asn1/Makefile.am: add asn1_ENCTYPE.x 837102644Snectar 838102644Snectar * lib/krb5/krb5.h: adapt to asn1 changes 839102644Snectar 840102644Snectar * lib/asn1/k5.asn1: move enctypes here 841102644Snectar 842102644Snectar * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid 843102644Snectar conflicts 844102644Snectar 845102644Snectar * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid 846102644Snectar conflicts 847102644Snectar 848102644Snectar * lib/asn1/lex.l: use strtol to parse constants 849102644Snectar 850102644Snectar2001-04-06 Johan Danielsson <joda@pdc.kth.se> 851102644Snectar 852102644Snectar * kuser/kinit.c: add simple support for running commands 853102644Snectar 854102644Snectar2001-03-26 Assar Westerlund <assar@sics.se> 855102644Snectar 856102644Snectar * lib/hdb/hdb-ldap.c: change order of includes to allow it to work 857102644Snectar with more versions of openldap 858102644Snectar 859102644Snectar * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error 860102644Snectar replies 861102644Snectar (*): update callers of krb5_km_error 862102644Snectar (check_tgs_flags): handle renews requesting non-renewable tickets 863102644Snectar 864102644Snectar * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime 865102644Snectar and cusec 866102644Snectar 867102644Snectar * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add 868102644Snectar compatibility names 869102644Snectar 870102644Snectar * lib/krb5/crypto.c (create_checksum): change so that `type == 0' 871102644Snectar means pick from the `crypto' (context) and otherwise use that 872102644Snectar type. this is not a large change in practice and allows callers 873102644Snectar to specify the exact checksum algorithm to use 874102644Snectar 875102644Snectar2001-03-13 Assar Westerlund <assar@sics.se> 876102644Snectar 877102644Snectar * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back 878102644Snectar to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad 879102644Snectar integrity'. this helps for talking to old (pre 0.3d) KDCs 880102644Snectar 881102644Snectar2001-03-12 Assar Westerlund <assar@pdc.kth.se> 882102644Snectar 883102644Snectar * lib/krb5/crypto.c (krb5_derive_key): new function, used by 884102644Snectar derived-key-test.c 885102644Snectar * lib/krb5/string-to-key-test.c: add new test vectors posted by 886102644Snectar Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to 887102644Snectar ietf-krb-wg@anl.gov 888102644Snectar * lib/krb5/n-fold-test.c: more test vectors from same source 889102644Snectar * lib/krb5/derived-key-test.c: more tests from same source 890102644Snectar 891102644Snectar2001-03-06 Assar Westerlund <assar@sics.se> 892102644Snectar 893102644Snectar * acconfig.h: include roken_rename.h when appropriate 894102644Snectar 895102644Snectar2001-03-06 Assar Westerlund <assar@sics.se> 896102644Snectar 897102644Snectar * lib/krb5/krb5.h (krb5_enctype): remove trailing comma 898102644Snectar 899102644Snectar2001-03-04 Assar Westerlund <assar@sics.se> 900102644Snectar 901102644Snectar * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for 902102644Snectar compatibility with MIT krb5 903102644Snectar 904102644Snectar2001-03-02 Assar Westerlund <assar@sics.se> 905102644Snectar 906102644Snectar * kuser/kinit.c (main): only request a renewable ticket when 907102644Snectar explicitly requested. it still gets a renewable one if the renew 908102644Snectar life is specified 909102644Snectar * kuser/kinit.c (renew_validate): treat -1 as flags not being set 910102644Snectar 911102644Snectar2001-02-28 Johan Danielsson <joda@pdc.kth.se> 912102644Snectar 913102644Snectar * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list 914102644Snectar 915102644Snectar2001-02-27 Johan Danielsson <joda@pdc.kth.se> 916102644Snectar 917102644Snectar * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt 918102644Snectar 919102644Snectar2001-02-25 Assar Westerlund <assar@sics.se> 920102644Snectar 921102644Snectar * configure.in: do not use -R when testing for des functions 922102644Snectar 923102644Snectar2001-02-14 Assar Westerlund <assar@sics.se> 924102644Snectar 925102644Snectar * configure.in: test for lber.h when trying to link against 926102644Snectar openldap to handle openldap v1, from Sumit Bose 927102644Snectar <sumit.bose@suse.de> 928102644Snectar 929102644Snectar2001-02-19 Assar Westerlund <assar@sics.se> 930102644Snectar 931102644Snectar * lib/asn1/libasn1.h: add string.h (for memset) 932102644Snectar 933102644Snectar2001-02-15 Assar Westerlund <assar@sics.se> 934102644Snectar 935102644Snectar * lib/krb5/warn.c (_warnerr): add printf attributes 936102644Snectar * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address 937102644Snectar returned by getaddrinfo before trying the next kdc. from 938102644Snectar thorpej@netbsd.org 939102644Snectar 940102644Snectar * lib/krb5/krb5.conf.5: fix default_realm in example 941102644Snectar 942102644Snectar * kdc/connect.c: fix a few kdc_log format types 943102644Snectar 944102644Snectar * configure.in: try to handle libdes/libcrypto ont requiring -L 945102644Snectar 946102644Snectar2001-02-10 Assar Westerlund <assar@sics.se> 947102644Snectar 948102644Snectar * lib/asn1/gen_decode.c (generate_type_decode): zero the data at 949102644Snectar the beginning of the generated function, and add a label `fail' 950102644Snectar that the code jumps to in case of errors that frees all allocated 951102644Snectar data 952102644Snectar 953102644Snectar2001-02-07 Assar Westerlund <assar@sics.se> 954102644Snectar 955102644Snectar * configure.in: aix dce: fix misquotes, from Ake Sandgren 956102644Snectar <ake@cs.umu.se> 957102644Snectar 958102644Snectar * configure.in (dpagaix_LDFLAGS): try to add export file 959102644Snectar 960102644Snectar2001-02-05 Assar Westerlund <assar@sics.se> 961102644Snectar 962102644Snectar * lib/krb5/krb5_keytab.3: new man page, contributed by 963102644Snectar <lha@stacken.kth.se> 964102644Snectar 965102644Snectar * kdc/kaserver.c: update to new db_fetch4 966102644Snectar 967102644Snectar2001-02-05 Assar Westerlund <assar@assaris.sics.se> 968102644Snectar 969102644Snectar * Release 0.3e 970102644Snectar 971102644Snectar2001-01-30 Assar Westerlund <assar@sics.se> 972102644Snectar 973102644Snectar * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key 974102644Snectar properly 975102644Snectar (kdb_prop): decrypt key properly 976102644Snectar * kdc/hprop.c: handle building with KRB4 always try to decrypt v4 977102644Snectar data with the master key leave it up to the v5 how to encrypt with 978102644Snectar that master key 979102644Snectar 980102644Snectar * kdc/kstash.c: include file name in error messages 981102644Snectar * kdc/hprop.c: fix a typo and check some more return values 982102644Snectar * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s 983102644Snectar correctly. From Jacques Vidrine <n@nectar.com> 984102644Snectar * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than 985102644Snectar ENOENT 986102644Snectar 987102644Snectar * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 988102644Snectar 15:0:0 989102644Snectar * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0 990102644Snectar * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2 991102644Snectar * kdc/misc.c (db_fetch): return an error code. change callers to 992102644Snectar look at this and try to print it in log messages 993102644Snectar 994102644Snectar * lib/krb5/crypto.c (decrypt_internal_derived): check that there's 995102644Snectar enough data 996102644Snectar 997102644Snectar2001-01-29 Assar Westerlund <assar@sics.se> 998102644Snectar 999102644Snectar * kdc/hprop.c (realm_buf): move it so it becomes properly 1000102644Snectar conditional on KRB4 1001102644Snectar 1002102644Snectar * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey, 1003102644Snectar hdb_unseal_keys, hdb_seal_keys): check that we have the correct 1004102644Snectar master key and that we manage to decrypt the key properly, 1005102644Snectar returning an error code. fix all callers to check return value. 1006102644Snectar 1007102644Snectar * tools/krb5-config.in: use @LIB_des_appl@ 1008102644Snectar * tools/Makefile.am (krb5-config): add LIB_des_appl 1009102644Snectar * configure.in (LIB_des): set correctly 1010102644Snectar (LIB_des_appl): add for the use by krb5-config.in 1011102644Snectar 1012102644Snectar * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write} 1013102644Snectar to make sure of not dropping data when doing it over a socket. 1014102644Snectar (this might break when used with ordinary files on win32) 1015102644Snectar 1016102644Snectar * lib/hdb/hdb_err.et (NO_MKEY): add 1017102644Snectar 1018102644Snectar * kdc/kerberos5.c (as_rep): be paranoid and check 1019102644Snectar krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se> 1020102644Snectar 1021102644Snectar * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3, 1022102644Snectar lib/krb5/krb5_auth_context.3: add new man pages, contributed by 1023102644Snectar <lha@stacken.kth.se> 1024102644Snectar 1025102644Snectar * use the openssl api for md4/md5/sha and handle openssl/*.h 1026102644Snectar 1027102644Snectar * kdc/kaserver.c (do_getticket): check length of ticket. noted by 1028102644Snectar <lha@stacken.kth.se> 1029102644Snectar 1030102644Snectar2001-01-28 Assar Westerlund <assar@sics.se> 1031102644Snectar 1032102644Snectar * configure.in: send -R instead of -rpath to libtool to set 1033102644Snectar runtime library paths 1034102644Snectar 1035102644Snectar * lib/krb5/Makefile.am: remove all dependencies on libkrb 1036102644Snectar 1037102644Snectar2001-01-27 Assar Westerlund <assar@sics.se> 1038102644Snectar 1039102644Snectar * appl/rcp: add port of bsd rcp changed to use existing rsh, 1040102644Snectar contributed by Richard Nyberg <rnyberg@it.su.se> 1041102644Snectar 1042102644Snectar2001-01-27 Johan Danielsson <joda@pdc.kth.se> 1043102644Snectar 1044102644Snectar * lib/krb5/get_port.c: don't warn if the port name can't be found, 1045102644Snectar nobody cares anyway 1046102644Snectar 1047102644Snectar2001-01-26 Johan Danielsson <joda@pdc.kth.se> 1048102644Snectar 1049102644Snectar * kdc/hprop.c: make it possible to convert a v4 dump file without 1050102644Snectar having any v4 libraries; the kdb backend still require them 1051102644Snectar 1052102644Snectar * kdc/v4_dump.c: include shadow definition of kdb Principal, so we 1053102644Snectar don't have to depend on any v4 libraries 1054102644Snectar 1055102644Snectar * kdc/hprop.h: include shadow definition of kdb Principal, so we 1056102644Snectar don't have to depend on any v4 libraries 1057102644Snectar 1058102644Snectar * lib/hdb/print.c: reduce number of memory allocations 1059102644Snectar 1060102644Snectar * lib/hdb/mkey.c: add support for reading krb4 /.k files 1061102644Snectar 1062102644Snectar2001-01-19 Assar Westerlund <assar@sics.se> 1063102644Snectar 1064102644Snectar * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server 1065102644Snectar for realms document capath better 1066102644Snectar 1067102644Snectar * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look 1068102644Snectar at kpasswd_server before admin_server 1069102644Snectar 1070102644Snectar * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in 1071102644Snectar [libdefaults]capath for better hint of realm to send request to. 1072102644Snectar this allows the client to specify `realm routing information' in 1073102644Snectar case it cannot be done at the server (which is preferred) 1074102644Snectar 1075102644Snectar * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as 1076102644Snectar zero when we were expecting a sequence number. MIT krb5 cannot 1077102644Snectar generate a sequence number of zero, instead generating no sequence 1078102644Snectar number 1079102644Snectar * lib/krb5/rd_safe.c (krb5_rd_safe): dito 1080102644Snectar 1081102644Snectar2001-01-11 Assar Westerlund <assar@sics.se> 1082102644Snectar 1083102644Snectar * kpasswd/kpasswdd.c: add --port option 1084102644Snectar 1085102644Snectar2001-01-10 Assar Westerlund <assar@sics.se> 1086102644Snectar 1087102644Snectar * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition 1088102644Snectar just before returning 1089102644Snectar 1090102644Snectar2001-01-09 Assar Westerlund <assar@sics.se> 1091102644Snectar 1092102644Snectar * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred 1093102644Snectar 1094102644Snectar2001-01-05 Johan Danielsson <joda@pdc.kth.se> 1095102644Snectar 1096102644Snectar * kuser/kinit.c: call a time `time', and not `seconds' 1097102644Snectar 1098102644Snectar * lib/krb5/init_creds.c: not much point in setting the anonymous 1099102644Snectar flag here 1100102644Snectar 1101102644Snectar * lib/krb5/krb5_appdefault.3: document appdefault_time 1102102644Snectar 1103102644Snectar2001-01-04 Johan Danielsson <joda@pdc.kth.se> 1104102644Snectar 1105102644Snectar * lib/krb5/verify_user.c: use 1106102644Snectar krb5_get_init_creds_opt_set_default_flags 1107102644Snectar 1108102644Snectar * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags 1109102644Snectar 1110102644Snectar * lib/krb5/init_creds.c: new function 1111102644Snectar krb5_get_init_creds_opt_set_default_flags to set options from 1112102644Snectar krb5.conf 1113102644Snectar 1114102644Snectar * lib/krb5/rd_cred.c: make this match the MIT function 1115102644Snectar 1116102644Snectar * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL 1117102644Snectar def_val 1118102644Snectar (krb5_appdefault_time): new function 1119102644Snectar 1120102644Snectar2001-01-03 Assar Westerlund <assar@sics.se> 1121102644Snectar 1122102644Snectar * kdc/hpropd.c (main): handle EOF when reading from stdin 1123