ChangeLog revision 103423 
12002-09-16  Jacques Vidrine  <nectar@kth.se>
2
3	* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
4	to convert the newline to NUL in fgets results.
5
62002-09-13  Johan Danielsson  <joda@pdc.kth.se>
7
8	* kuser/kinit.1: remove unneeded Ns
9
10	* lib/krb5/krb5_appdefault.3: remove extra "application"
11
12	* fix-export: remove autom4ate.cache
13
142002-09-10  Johan Danielsson  <joda@pdc.kth.se>
15
16	* include/make_crypto.c: don't use function macros if possible
17
18	* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
19
20	* include/Makefile.am: use make_crypto to create crypto-headers.h
21
22	* include/make_crypto.c: crypto header generation tool
23
24	* configure.in: move crypto test to just after testing for krb4,
25	and move roken tests to after both, this speeds up various failure
26	cases with krb4
27
28	* lib/krb5/config_file.c: don't use NULL when we mean 0
29
30	* configure.in: we don't set package_libdir anymore, so no point
31	in testing for it
32
33	* tools/Makefile.am: subst INCLUDE_des
34
35	* tools/krb5-config.in: add INCLUDE_des to cflags
36
37	* configure.in: use AC_CONFIG_SRCDIR
38
39	* fix-export: remove some unneeded stuff
40
41	* kuser/kinit.c (do_524init): free principals
42
432002-09-09  Jacques Vidrine  <nectar@kth.se>
44
45	* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
46	kdc/kaserver.c (krb5_ret_xdr_data),
47	lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
48	counts: Check that they are non-negative, and that they are small
49	enough to avoid integer overflow when used in memory allocation
50	calculations.  Potential problem areas pointed out by 
51	Sebastian Krahmer <krahmer@suse.de>.
52
53	* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
54	creating a new keyfile.
55
562002-09-09  Johan Danielsson  <joda@pdc.kth.se>
57
58	* configure.in: don't try to build pam module
59
602002-09-05  Johan Danielsson  <joda@pdc.kth.se>
61
62	* appl/kf/kf.c: fix warning string
63
64	* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
65	know we need it
66
672002-09-04  Assar Westerlund  <assar@kth.se>
68
69	* kdc/kerberos5.c (encode_reply): correct error logging
70
712002-09-04  Johan Danielsson  <joda@pdc.kth.se>
72
73	* lib/krb5/sendauth.c: close ccache if we opened it
74
75	* appl/kf/kf.c: handle new protocol
76
77	* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
78	handle the new protocol, and bail out if an old client tries to
79	connect
80
81	* appl/kf/kf_locl.h: we need a protocol version string
82
83	* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
84
85	* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
86
87	* kdc/hprop.c: set AP_OPTS_USE_SUBKEY
88
89	* lib/hdb/common.c: use ASN1_MALLOC_ENCODE
90
91	* lib/asn1/gen.c: add convenience macro that allocates a buffer
92	and encoded into that
93
94	* lib/krb5/get_cred.c (init_tgs_req): use
95	in_creds->session.keytype literally instead of trying to convert
96	to a list of enctypes (it should already be an enctype)
97	
98	* lib/krb5/get_cred.c (init_tgs_req): init ret
99
1002002-09-03  Johan Danielsson  <joda@pdc.kth.se>
101
102	* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
103
104	* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
105
106	* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
107	zero ivec in DES3_CBC_encrypt if passed ivec is NULL
108
109	* lib/krb5/Makefile.am: back out 1.144, since it will re-create
110	krb5-protos.h at build-time, which requires perl, which is bad
111
112	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
113	blindly use the local subkey
114
115	* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
116	extracts the required blocksize from a crypto context
117
118	* lib/krb5/build_auth.c: just get the length of the encoded
119	authenticator instead of trying to grow a buffer
120
1212002-09-03  Assar Westerlund  <assar@kth.se>
122
123	* configure.in: add --disable-mmap option, and tests for
124	sys/mman.h and mmap
125
1262002-09-03  Jacques Vidrine  <nectar@kth.se>
127
128	* lib/krb5/changepw.c: verify lengths in response
129
130	* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
131	truncated integers
132
1332002-09-02  Johan Danielsson  <joda@pdc.kth.se>
134
135	* lib/krb5/mk_req_ext.c: generate a local subkey if
136	AP_OPTS_USE_SUBKEY is set
137
138	* lib/krb5/build_auth.c: we don't have enough information about
139	whether to generate a local subkey here, so don't try to
140
141	* lib/krb5/auth_context.c: new function
142	krb5_auth_con_generatelocalsubkey
143
144	* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
145	initial ticket
146
147	* lib/krb5/context.c (init_context_from_config_file): simplify
148	initialisation of srv_lookup
149
150	* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
151
152	* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
153
1542002-08-30  Assar Westerlund  <assar@kth.se>
155
156	* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
157	* lib/krb5/Makefile.am (TESTS): add name-45-test
158	* lib/krb5/name-45-test.c: add testcases for
159	krb5_425_conv_principal
160
1612002-08-29  Assar Westerlund  <assar@kth.se>
162
163	* lib/krb5/parse-name-test.c: also test unparse_short functions
164	* lib/asn1/asn1_print.c: use com_err/error_message API
165	* lib/krb5/Makefile.am: add parse-name-test
166	* lib/krb5/parse-name-test.c: add a program for testing parsing
167	and unparsing principal names
168
1692002-08-28  Assar Westerlund  <assar@kth.se>
170
171	* kdc/config.c: add missing ifdef DAEMON
172
1732002-08-28  Johan Danielsson  <joda@pdc.kth.se>
174
175	* configure.in: use rk_SUNOS
176
177	* kdc/config.c: add detach options
178
179	* kdc/main.c: maybe detach from console?
180
181	* kdc/kdc.8: markup changes
182
183	* configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
184
185	* configure.in: use rk_TELNET, rename some other macros, and don't
186	add -ldes to krb4 link command
187
188	* kuser/kinit.1: whitespace fix (from NetBSD)
189
190	* include/bits.c: we may need unistd.h for ssize_t
191
1922002-08-26  Assar Westerlund  <assar@kth.se>
193
194	* lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
195	rrs before A ones when using the resolver to verify a mapping,
196	also use getaddrinfo when resolver is not available
197
198	* lib/hdb/keytab.c (find_db): const-correctness in parameters to
199	krb5_config_get_next
200
201	* lib/asn1/gen.c: include <string.h> in the generated files (for
202	memset)
203
2042002-08-22  Assar Westerlund  <assar@kth.se>
205
206	* lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
207	getarg so that it can handle --help and --version (and thus make
208	check can pass)
209
210	* lib/asn1/check-der.c: make this build again
211
2122002-08-22  Assar Westerlund <assar@kth.se>
213
214	* lib/asn1/der_get.c (der_get_int): handle len == 0.  based on a
215	patch from Love <lha@stacken.kth.se>
216
2172002-08-22  Johan Danielsson  <joda@pdc.kth.se>
218
219	* lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
220	KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
221	
222	* kdc/kdc.8: add blurb about adding and removing addresses; update
223	kdc.conf section to match reality
224
225	* configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
226	don't define it
227	
2282002-08-21  Assar Westerlund  <assar@kth.se>
229	
230	* lib/asn1/asn1_print.c: print OIDs too, based on a patch from
231	Love <lha@stacken.kth.se>
232
2332002-08-21  Johan Danielsson  <joda@pdc.kth.se>
234
235	* kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
236	since it might not exist, and we don't actually care about the key
237	
2382002-08-20  Johan Danielsson  <joda@pdc.kth.se>
239
240	* lib/krb5/krb5.conf.5: correct documentation for
241	verify_ap_req_nofail
242
243	* lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
244	Mattias Amnefelt)
245
246	* kuser/klist.c (display_tokens): increase token buffer size, and
247	add more checks of the kernel data (from Love)
248
2492002-08-19  Johan Danielsson  <joda@pdc.kth.se>
250
251	* fix-export: use make to parse Makefile.am instead of perl
252
253	* configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
254	groks AC_INIT with package name etc.
255
256	* kpasswd/kpasswdd.c: include <kadm5/private.h>
257
258	* lib/asn1/asn1_print.c: include com_right.h
259
260	* lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
261
262	* include/bits.c: define krb5_socklen_t type; this should really
263	go someplace else, but this was easy
264
265	* lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
266	fails, just warn about it
267
268	* kdc/log.c (kdc_openlog): no need for a config_file parameter
269
270	* kdc/config.c: just treat kdc.conf like any other config file
271
272	* lib/krb5/context.c (krb5_get_default_config_files): ignore
273	duplicate files
274
2752002-08-16  Johan Danielsson  <joda@pdc.kth.se>
276
277	* lib/krb5/krb5.h: turn strings into pointers, so we can assign to
278	them
279
280	* lib/krb5/constants.c: turn strings into pointers, so we can
281	assign to them
282
283	* lib/krb5/get_addrs.c (get_addrs_int): initialise res if
284	SCAN_INTERFACES is not set
285
286	* lib/krb5/context.c: fix various borked stuff in previous commits
287
2882002-08-16  Jacques Vidrine <n@nectar.com>
289
290	* lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
291	the `admin_server' entry for kpasswd, override the `proto' result
292	to be UDP.
293
2942002-08-15  Johan Danielsson  <joda@pdc.kth.se>
295
296	* lib/krb5/auth_context.c: check return value of
297	krb5_sockaddr2address
298
299	* lib/krb5/addr_families.c: check return value of
300	krb5_sockaddr2address
301
302	* lib/krb5/context.c: get the default keytab from KRB5_KTNAME
303
3042002-08-14  Johan Danielsson  <joda@pdc.kth.se>
305
306	* lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
307
308	* lib/krb5/context.c: allow changing config files with the
309	function krb5_set_config_files, there are also related functions
310	krb5_get_default_config_files and krb5_free_config_files; these
311	should work similar to their MIT counterparts
312
313	* lib/krb5/config_file.c: allow the use of more than one config
314	file by using the new function krb5_config_parse_file_multi
315
3162002-08-12  Johan Danielsson  <joda@pdc.kth.se>
317
318	* use sysconfdir instead of /etc
319
320	* configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
321	to appease automake; force sysconfdir and localstatedir to /etc
322	and /var/heimdal for now
323
324	* kdc/connect.c (addr_to_string): check return value of
325	sockaddr2address
326
3272002-08-09  Johan Danielsson  <joda@pdc.kth.se>
328
329	* lib/krb5/rd_cred.c: if the remote address isn't an addrport,
330	don't try comparing to one; this should make old clients work with
331	new servers
332
333	* lib/asn1/gen_decode.c: remove unused variable
334
3352002-07-31  Johan Danielsson  <joda@pdc.kth.se>
336
337	* kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
338	Brashear)
339
340	* lib/krb5/principal.c: actually lower case the lower case
341	instance name (spotted by Derrick Brashear)
342
3432002-07-24  Johan Danielsson  <joda@pdc.kth.se>
344
345	* fix-export: if DATEDVERSION is set, change the version to
346	current date
347
348	* configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
349	LTLIBOBJS
350
3512002-07-04  Johan Danielsson  <joda@pdc.kth.se>
352
353	* kdc/connect.c: add some cache-control-foo to the http responses
354	(from Gombas Gabor)
355
356	* lib/krb5/addr_families.c (krb5_print_address): don't copy size
357	if ret_len == NULL
358
3592002-06-28  Johan Danielsson  <joda@pdc.kth.se>
360
361	* kuser/klist.c (display_tokens): don't bail out before we get
362	EDOM (signaling the end of the tokens), the kernel can also return
363	ENOTCONN, meaning that the index does not exist anymore (for
364	example if the token has expired)
365
3662002-06-06  Johan Danielsson  <joda@pdc.kth.se>
367
368	* lib/krb5/changepw.c: make sure we return an error if there are
369	no changepw hosts found; from Wynn Wilkes
370
3712002-05-29  Johan Danielsson  <joda@pdc.kth.se>
372
373	* lib/krb5/cache.c (krb5_cc_register): break out of loop when the
374	same type is found; spotted by Wynn Wilkes
375
3762002-05-15  Johan Danielsson  <joda@pdc.kth.se>
377
378	* kdc/kerberos5.c: don't free encrypted padata until we're really
379	done with it
380
3812002-05-07  Johan Danielsson  <joda@pdc.kth.se>
382
383	* kdc/kerberos5.c: when decrypting pa-data, try all keys matching
384	enctype
385
386	* kuser/kinit.1: document -a
387
388	* kuser/kinit.c: add command line switch for extra addresses
389
3902002-04-30  Johan Danielsson  <joda@blubb.pdc.kth.se>
391
392	* configure.in: remove some duplicate tests
393
394	* configure.in: use AC_HELP_STRING
395
3962002-04-29  Johan Danielsson  <joda@pdc.kth.se>
397
398	* lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
399	unknown
400
4012002-04-25  Johan Danielsson  <joda@pdc.kth.se>
402
403	* configure.in: use rk_DESTDIRS
404
4052002-04-22  Johan Danielsson  <joda@pdc.kth.se>
406
407	* lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
408	the principal
409
4102002-04-19  Johan Danielsson  <joda@pdc.kth.se>
411
412	* lib/krb5/verify_init.c: fix typo in error string
413
4142002-04-18  Johan Danielsson  <joda@pdc.kth.se>
415
416	* acconfig.h: remove some stuff that is defined elsewhere
417
418	* lib/krb5/krb5_locl.h: include <sys/file.h>
419
420	* lib/krb5/acl.c: rename acl_string parameter
421
422	* lib/krb5/Makefile.am: remove __P from protos, and put parameter
423	names in comments
424
425	* kuser/klist.c: better align some headers
426
427	* kdc/kerberos4.c: storage tweaks
428
429	* kdc/kaserver.c: storage tweaks
430
431	* kdc/524.c: storage tweaks
432
433	* lib/krb5/keytab_krb4.c: storage tweaks
434
435	* lib/krb5/keytab_keyfile.c: storage tweaks
436
437	* lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
438	sized keytab files
439
440	* lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
441
442	* lib/krb5/fcache.c: storage tweaks
443
444	* lib/krb5/store_mem.c: make the krb5_storage opaque, and add
445	function wrappers for store/fetch/seek, and also make the eof-code
446	configurable
447
448	* lib/krb5/store_fd.c: make the krb5_storage opaque, and add
449	function wrappers for store/fetch/seek, and also make the eof-code
450	configurable
451
452	* lib/krb5/store_emem.c: make the krb5_storage opaque, and add
453	function wrappers for store/fetch/seek, and also make the eof-code
454	configurable
455
456	* lib/krb5/store.c: make the krb5_storage opaque, and add function
457	wrappers for store/fetch/seek, and also make the eof-code
458	configurable
459
460	* lib/krb5/store-int.h: make the krb5_storage opaque, and add
461	function wrappers for store/fetch/seek, and also make the eof-code
462	configurable
463
464	* lib/krb5/krb5.h: make the krb5_storage opaque, and add function
465	wrappers for store/fetch/seek, and also make the eof-code
466	configurable
467
468	* include/bits.c: include <sys/socket.h> to get socklen_t
469
470	* kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
471	requested KDC-REQ etypes
472
473	* kdc/hpropd.c: constify
474
475	* kdc/hprop.c: constify
476
477	* kdc/string2key.c: constify
478
479	* kdc/kdc_locl.h: make port_str const
480
481	* kdc/config.c: constify
482
483	* lib/krb5/config_file.c: constify
484
485	* kdc/kstash.c: constify
486
487	* lib/krb5/verify_user.c: remove unnecessary cast
488
489	* lib/krb5/recvauth.c: constify
490
491	* lib/krb5/principal.c (krb5_parse_name): const qualify
492
493	* lib/krb5/mcache.c (mcc_get_name): constify return type
494
495	* lib/krb5/context.c (krb5_free_context): don't try to free the
496	ccache prefix
497
498	* lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
499	prefix
500
501	* lib/krb5/krb5.h: constify some struct members
502
503	* lib/krb5/log.c: constify
504
505	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
506	qualify
507
508	* lib/krb5/get_in_tkt.c (krb5_init_etype): constify
509
510	* lib/krb5/crypto.c: constify some
511
512	* lib/krb5/config_file.c: constify
513
514	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
515	constify local variable
516
517	* lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
518
5192002-04-17  Johan Danielsson  <joda@pdc.kth.se>
520
521	* lib/krb5/verify_krb5_conf.c: add some log checking
522	
523	* lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
524
5252002-04-16  Johan Danielsson  <joda@pdc.kth.se>
526
527	* lib/krb5/crypto.c (krb5_crypto_init): check that the key size
528	matches the expected length
529
5302002-03-27  Johan Danielsson  <joda@pdc.kth.se>
531
532	* lib/krb5/send_to_kdc.c: rename send parameter to send_data
533
534	* lib/krb5/mk_error.c: rename ctime parameter to client_time
535
5362002-03-22  Johan Danielsson  <joda@pdc.kth.se>
537
538	* kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
539	Reinoud Zandijk)
540
5412002-03-18  Johan Danielsson  <joda@pdc.kth.se>
542
543	* lib/asn1/k5.asn1: add the GSS-API checksum type here
544
5452002-03-11  Assar Westerlund  <assar@sics.se>
546
547	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
548	18:3:1
549	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
550	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
551	
5522002-03-10  Assar Westerlund  <assar@sics.se>
553
554	* lib/krb5/rd_cred.c: handle addresses with port numbers
555
556	* lib/krb5/keytab_file.c, lib/krb5/keytab.c:
557	store the kvno % 256 as the byte and the complete 32 bit kvno after
558	the end of the current keytab entry
559
560	* lib/krb5/init_creds_pw.c:
561	handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
562
563	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
564	handle ports giving for the remote address
565
566	* lib/krb5/get_cred.c:
567	get a ticket with no addresses if no-addresses is set
568
569	* lib/krb5/crypto.c:
570	rename functions DES_* to krb5_* to avoid colliding with modern
571	openssl
572
573	* lib/krb5/addr_families.c:
574	make all functions taking 'struct sockaddr' actually take a socklen_t
575	instead of int and that acts as an in-out parameter (indicating the
576	maximum length of the sockaddr to be written)
577
578	* kdc/kerberos4.c:
579	make the kvno's in the krb4 universe by the real one % 256, since they
580	cannot only be 8 bit, and the v5 ones are actually 32 bits
581
5822002-02-15  Johan Danielsson  <joda@pdc.kth.se>
583
584	* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
585	before we need to write to it
586	(from �ke Sandgren)
587
5882002-02-14  Johan Danielsson  <joda@pdc.kth.se>
589
590	* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
591	rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
592	directly
593
594	* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
595	Kouril)
596
5972002-02-12  Johan Danielsson  <joda@pdc.kth.se>
598
599	* lib/krb5/context.c (krb5_get_err_text): protect against NULL
600	context
601
6022002-02-11  Johan Danielsson  <joda@pdc.kth.se>
603
604	* admin/ktutil.c: no need to use the "modify" keytab anymore
605
606	* lib/krb5/keytab_any.c: implement add and remove
607
608	* lib/krb5/keytab_krb4.c: implement add and remove
609
610	* lib/krb5/store_emem.c (emem_free): clear memory before freeing
611	(this should perhaps be selectable with a flag)
612
6132002-02-04  Johan Danielsson  <joda@pdc.kth.se>
614
615	* kdc/config.c (get_dbinfo): if there are database specifications
616	in the config file, don't automatically try to use the default
617	values (from Gombas Gabor)
618
619	* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
620	(from Gombas Gabor)
621
6222002-01-30  Johan Danielsson  <joda@pdc.kth.se>
623
624	* admin/list.c: get the default keytab from krb5.conf, and list
625	all parts of an ANY type keytab
626
627	* lib/krb5/context.c: default default_keytab_modify to NULL
628
629	* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
630	name is specified take it from the first component of the default
631	keytab name
632
6332002-01-29  Johan Danielsson  <joda@pdc.kth.se>
634
635	* lib/krb5/keytab.c: compare keytab types case insensitively
636
6372002-01-07  Assar Westerlund  <assar@sics.se>
638
639	* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
640	not really a krb5_key_usage).  From Ben Harris <bjh21@netbsd.org>
641	* lib/krb5/get_in_tkt.c: use krb5_enctype consistently.  From Ben
642	Harris <bjh21@netbsd.org>
643	* lib/krb5/crypto.c: use krb5_enctype consistently.  From Ben
644	Harris <bjh21@netbsd.org>
645	* kdc/kerberos5.c: use krb5_enctype consistently.  From Ben Harris
646	<bjh21@netbsd.org>
647