/ ChangeLog.1998
ChangeLog.1998
1 Sat Dec 5 19:49:34 1998 Johan Danielsson <joda@hella.pdc.kth.se> 2 3 * lib/krb5/context.c: remove ktype_is_etype 4 5 * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE 6 7 * configure.in: fix for AIX install; better tests for AIX dynamic 8 AFS libs; `--enable-new-des3-code' 9 10 Tue Dec 1 14:44:44 1998 Johan Danielsson <joda@hella.pdc.kth.se> 11 12 * appl/afsutil/Makefile.am: link with extra libs for aix 13 14 * kuser/Makefile.am: link with extra libs for aix 15 16 Sun Nov 29 01:56:21 1998 Assar Westerlund <assar@sics.se> 17 18 * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add. almost 19 the same as krb5_get_all_client_addrs except that it includes 20 loopback addresses 21 22 * kdc/connect.c (init_socket): bind to a particular address 23 (init_sockets): get all local addresses and bind to them all 24 25 * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new 26 methods 27 (find_af, find_atype): new functions. use them. 28 29 * configure.in: add hesiod 30 31 Wed Nov 25 11:37:48 1998 Johan Danielsson <joda@hella.pdc.kth.se> 32 33 * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03 34 35 Mon Nov 23 12:53:48 1998 Assar Westerlund <assar@sics.se> 36 37 * lib/kadm5/log.c: rename delete -> remove 38 39 * lib/kadm5/delete_s.c: rename delete -> remove 40 41 * lib/hdb/common.c: rename delete -> remove 42 43 Sun Nov 22 12:26:26 1998 Assar Westerlund <assar@sics.se> 44 45 * configure.in: check for environ and `struct spwd' 46 47 Sun Nov 22 11:42:45 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 48 49 * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if 50 ktype_is_etype 51 52 * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate 53 etypes 54 (em): sort entries 55 56 Sun Nov 22 06:54:48 1998 Assar Westerlund <assar@sics.se> 57 58 * lib/krb5/init_creds_pw.c: more type correctness 59 60 * lib/krb5/get_cred.c: re-structure code. remove limits on ASN1 61 generated bits. 62 63 Sun Nov 22 01:49:50 1998 Johan Danielsson <joda@hella.pdc.kth.se> 64 65 * kdc/hprop.c (v4_prop): fix bogus indexing 66 67 Sat Nov 21 21:39:20 1998 Assar Westerlund <assar@sics.se> 68 69 * lib/krb5/verify_init.c (fail_verify_is_ok): new function 70 (krb5_verify_init_creds): if we cannot get a ticket for 71 host/`hostname` and fail_verify_is_ok just return. use 72 krb5_rd_req 73 74 Sat Nov 21 23:12:27 1998 Assar Westerlund <assar@sics.se> 75 76 * lib/krb5/free.c (krb5_xfree): new function 77 78 * lib/krb5/creds.c (krb5_free_creds_contents): new function 79 80 * lib/krb5/context.c: more type correctness 81 82 * lib/krb5/checksum.c: more type correctness 83 84 * lib/krb5/auth_context.c (krb5_auth_con_init): more type 85 correctness 86 87 * lib/asn1/der_get.c (der_get_length): fix test of len 88 (der_get_tag): more type correctness 89 90 * kuser/klist.c (usage): void-ize 91 92 * admin/ktutil.c (kt_remove): some more type correctness. 93 94 Sat Nov 21 16:49:20 1998 Johan Danielsson <joda@hella.pdc.kth.se> 95 96 * kuser/klist.c: try to list enctypes as keytypes 97 98 * kuser/kinit.c: remove extra `--cache' option, add `--enctypes' 99 to set list of enctypes to use 100 101 * kadmin/load.c: load strings as hex 102 103 * kadmin/dump.c: dump hex as string is possible 104 105 * admin/ktutil.c: use print_version() 106 107 * configure.in, acconfig.h: test for hesiod 108 109 Sun Nov 15 17:28:19 1998 Johan Danielsson <joda@hella.pdc.kth.se> 110 111 * lib/krb5/crypto.c: add some crypto debug code 112 113 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed 114 buffer when encoding ticket 115 116 * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype' 117 118 * kdc/kerberos5.c: allow mis-match of tgt session key, and service 119 session key 120 121 * admin/ktutil.c: keytype -> enctype 122 123 Fri Nov 13 05:35:48 1998 Assar Westerlund <assar@sics.se> 124 125 * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added 126 127 Sat Nov 7 19:56:31 1998 Assar Westerlund <assar@sics.se> 128 129 * lib/krb5/get_cred.c (add_cred): add termination NULL pointer 130 131 Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se> 132 133 * lib/krb5/rd_req.c: adapt to new crypto api 134 135 * lib/krb5/rd_rep.c: adapt to new crypto api 136 137 * lib/krb5/rd_priv.c: adopt to new crypto api 138 139 * lib/krb5/rd_cred.c: adopt to new crypto api 140 141 * lib/krb5/principal.c: ENOMEM -> ERANGE 142 143 * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api 144 145 * lib/krb5/mk_req_ext.c: adopt to new crypto api 146 147 * lib/krb5/mk_req.c: get enctype from auth_context keyblock 148 149 * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api 150 151 * lib/krb5/mk_priv.c: adopt to new crypto api 152 153 * lib/krb5/keytab.c: adopt to new crypto api 154 155 * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api 156 157 * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api 158 159 * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api 160 161 * lib/krb5/get_in_tkt.c: adopt to new crypto api 162 163 * lib/krb5/get_cred.c: adopt to new crypto api 164 165 * lib/krb5/generate_subkey.c: use new crypto api 166 167 * lib/krb5/context.c: rename etype functions to enctype ditto 168 169 * lib/krb5/build_auth.c: use new crypto api 170 171 * lib/krb5/auth_context.c: remove enctype and cksumtype from 172 auth_context 173 174 Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se> 175 176 * kdc/connect.c (handle_udp, handle_tcp): correct type of `n' 177 178 Tue Sep 15 18:41:38 1998 Johan Danielsson <joda@hella.pdc.kth.se> 179 180 * admin/ktutil.c: fix printing of unrecognized keytypes 181 182 Tue Sep 15 17:02:33 1998 Johan Danielsson <joda@hella.pdc.kth.se> 183 184 * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if 185 using AFS3 salt 186 187 Tue Aug 25 23:30:52 1998 Assar Westerlund <assar@sics.se> 188 189 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about 190 `use_admin_kdc' 191 192 * lib/krb5/changepw.c (get_kdc_address): use 193 krb5_get_krb_admin_hst 194 195 * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function 196 197 * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc' 198 199 * lib/krb5/context.c (krb5_get_use_admin_kdc, 200 krb5_set_use_admin_kdc): new functions 201 202 Tue Aug 18 22:24:12 1998 Johan Danielsson <joda@emma.pdc.kth.se> 203 204 * lib/krb5/crypto.c: remove all calls to abort(); check return 205 value from _key_schedule; 206 (RSA_MD[45]_DES_verify): zero tmp and res; 207 (RSA_MD5_DES3_{verify,checksum}): implement 208 209 Mon Aug 17 20:18:46 1998 Assar Westerlund <assar@sics.se> 210 211 * kdc/kerberos4.c (swap32): conditionalize 212 213 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function 214 215 * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname 216 returned from gethostby*() isn't a FQDN, try with the original 217 hostname 218 219 * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal 220 and correct key usage 221 222 * lib/krb5/crypto.c (verify_checksum): make static 223 224 * admin/ktutil.c (kt_list): use krb5_enctype_to_string 225 226 Sun Aug 16 20:57:56 1998 Assar Westerlund <assar@sics.se> 227 228 * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt 229 230 * kadmin/ank.c (ank): print principal name in prompt 231 232 * lib/krb5/crypto.c (hmac): always allocate space for checksum. 233 never trust c.checksum.length 234 (_get_derived_key): try to return the derived key 235 236 Sun Aug 16 19:48:42 1998 Johan Danielsson <joda@emma.pdc.kth.se> 237 238 * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs 239 (get_checksum_key): assume usage is `formatted' 240 (create_checksum,verify_checksum): moved the guts of the krb5_* 241 functions here, both take `formatted' key-usages 242 (encrypt_internal_derived): fix various bogosities 243 (derive_key): drop key_type parameter (already given by the 244 encryption_type) 245 246 * kdc/kerberos5.c (check_flags): handle case where client is NULL 247 248 * kdc/connect.c (process_request): return zero after processing 249 kerberos 4 request 250 251 Sun Aug 16 18:38:15 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 252 253 * lib/krb5/crypto.c: merge x-*.[ch] into one file 254 255 * lib/krb5/cache.c: remove residual from krb5_ccache_data 256 257 Fri Aug 14 16:28:23 1998 Johan Danielsson <joda@emma.pdc.kth.se> 258 259 * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to 260 separate function (will eventually end up someplace else) 261 262 * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key 263 264 * configure.in, acconfig.h: test for four valued krb_put_int 265 266 Thu Aug 13 23:46:29 1998 Assar Westerlund <assar@emma.pdc.kth.se> 267 268 * Release 0.0t 269 270 Thu Aug 13 22:40:17 1998 Assar Westerlund <assar@sics.se> 271 272 * lib/krb5/config_file.c (parse_binding): remove trailing 273 whitespace 274 275 Wed Aug 12 20:15:11 1998 Johan Danielsson <joda@emma.pdc.kth.se> 276 277 * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type 278 to krb5_create_checksum 279 280 * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a 281 few typos 282 283 Wed Aug 5 12:39:54 1998 Assar Westerlund <assar@emma.pdc.kth.se> 284 285 * Release 0.0s 286 287 Thu Jul 30 23:12:17 1998 Assar Westerlund <assar@sics.se> 288 289 * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die 290 291 Thu Jul 23 19:49:03 1998 Johan Danielsson <joda@emma.pdc.kth.se> 292 293 * kdc/kdc_locl.h: proto for `get_des_key' 294 295 * configure.in: test for four valued el_init 296 297 * kuser/klist.c: keytype -> enctype 298 299 * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*' 300 301 * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys 302 303 * kdc/kaserver.c: use `get_des_key' 304 305 * kdc/524.c: use new crypto api 306 307 * kdc/kerberos4.c: use new crypto api 308 309 * kdc/kerberos5.c: always treat keytypes as enctypes; use new 310 crypto api 311 312 * kdc/kstash.c: adapt to new crypto api 313 314 * kdc/string2key.c: adapt to new crypto api 315 316 * admin/srvconvert.c: add keys for all possible enctypes 317 318 * admin/ktutil.c: keytype -> enctype 319 320 * lib/gssapi/init_sec_context.c: get enctype from auth_context 321 keyblock 322 323 * lib/hdb/hdb.c: remove hdb_*_keytype2key 324 325 * lib/kadm5/set_keys.c: adapt to new crypto api 326 327 * lib/kadm5/rename_s.c: adapt to new crypto api 328 329 * lib/kadm5/get_s.c: adapt to new crypto api 330 331 * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4, 332 des-cbc-md5, and des3-cbc-sha1 333 334 * lib/krb5/heim_err.et: error message for unsupported salt 335 336 * lib/krb5/codec.c: short-circuit these functions, since they are 337 not needed any more 338 339 * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api 340 341 Mon Jul 13 23:00:59 1998 Assar Westerlund <assar@sics.se> 342 343 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance 344 hostent->h_addr_list, use a copy instead 345 346 Mon Jul 13 15:00:31 1998 Johan Danielsson <joda@emma.pdc.kth.se> 347 348 * lib/krb5/config_file.c (parse_binding, parse_section): make sure 349 everything is ok before adding to linked list 350 351 * lib/krb5/config_file.c: skip ws before checking for comment 352 353 Wed Jul 8 10:45:45 1998 Johan Danielsson <joda@emma.pdc.kth.se> 354 355 * lib/asn1/k5.asn1: hmac-sha1-des3 = 12 356 357 Tue Jun 30 18:08:05 1998 Assar Westerlund <assar@sics.se> 358 359 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the 360 unopened file 361 362 * lib/krb5/mk_priv.c: realloc correctly 363 364 * lib/krb5/get_addrs.c (find_all_addresses): init j 365 366 * lib/krb5/context.c (krb5_init_context): print error if parsing 367 of config file produced an error. 368 369 * lib/krb5/config_file.c (parse_list, krb5_config_parse_file): 370 ignore more spaces 371 372 * lib/krb5/codec.c (krb5_encode_EncKrbCredPart, 373 krb5_encode_ETYPE_INFO): initialize `ret' 374 375 * lib/krb5/build_auth.c (krb5_build_authenticator): realloc 376 correctly 377 378 * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret' 379 380 * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing 381 with default_client 382 383 * kuser/kinit.c (main): initialize `ticket_life' 384 385 * kdc/kerberos5.c (get_pa_etype_info): initialize `ret' 386 (tgs_rep2): initialize `krbtgt' 387 388 * kdc/connect.c (do_request): check for errors from `sendto' 389 390 * kdc/524.c (do_524): initialize `ret' 391 392 * kadmin/util.c (foreach_principal): don't clobber `ret' 393 394 * kadmin/del.c (del_entry): don't apply on zeroth argument 395 396 * kadmin/cpw.c (do_cpw_entry): initialize `ret' 397 398 Sat Jun 13 04:14:01 1998 Assar Westerlund <assar@juguete.sics.se> 399 400 * Release 0.0r 401 402 Sun Jun 7 04:13:14 1998 Assar Westerlund <assar@sics.se> 403 404 * lib/krb5/addr_families.c: fall-back definition of 405 IN6_ADDR_V6_TO_V4 406 407 * configure.in: only set CFLAGS if it wasn't set look for 408 dn_expand and res_search 409 410 Mon Jun 1 21:28:07 1998 Assar Westerlund <assar@sics.se> 411 412 * configure.in: remove duplicate seteuid 413 414 Sat May 30 00:19:51 1998 Johan Danielsson <joda@emma.pdc.kth.se> 415 416 * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid 417 runtime dependencies on libkrb with some shared library 418 implementations 419 420 Fri May 29 00:09:02 1998 Johan Danielsson <joda@emma.pdc.kth.se> 421 422 * kuser/kinit_options.c: Default options for kinit. 423 424 * kuser/kauth_options.c: Default options for kauth. 425 426 * kuser/kinit.c: Implement lots a new options. 427 428 * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime 429 is not NULL; set endtime to min of new starttime + old_life, and 430 requested endtime 431 432 * lib/krb5/init_creds_pw.c (get_init_creds_common): if the 433 forwardable or proxiable flags are set in options, set the 434 kdc-flags to the value specified, and not always to one 435 436 Thu May 28 21:28:06 1998 Johan Danielsson <joda@emma.pdc.kth.se> 437 438 * kdc/kerberos5.c: Optionally compare client address to addresses 439 in ticket. 440 441 * kdc/connect.c: Pass client address to as_rep() and tgs_rep(). 442 443 * kdc/config.c: Add check_ticket_addresses, and 444 allow_null_ticket_addresses variables. 445 446 Tue May 26 14:03:42 1998 Johan Danielsson <joda@emma.pdc.kth.se> 447 448 * lib/kadm5/create_s.c: possibly make DES keys version 4 salted 449 450 * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt 451 before zapping version 4 salts 452 453 Sun May 24 05:22:17 1998 Assar Westerlund <assar@sics.se> 454 455 * Release 0.0q 456 457 * lib/krb5/aname_to_localname.c: new file 458 459 * lib/gssapi/init_sec_context.c (repl_mutual): no output token 460 461 * lib/gssapi/display_name.c (gss_display_name): zero terminate 462 output. 463 464 Sat May 23 19:11:07 1998 Assar Westerlund <assar@sics.se> 465 466 * lib/gssapi/display_status.c: new file 467 468 * Makefile.am: send -I to aclocal 469 470 * configure.in: remove duplicate setenv 471 472 Sat May 23 04:55:19 1998 Johan Danielsson <joda@emma.pdc.kth.se> 473 474 * kadmin/util.c (foreach_principal): Check for expression before 475 wading through the whole database. 476 477 * kadmin/kadmin.c: Pass NULL password to 478 kadm5_*_init_with_password. 479 480 * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use 481 of `password' parameter to init_with_password. 482 483 * lib/kadm5/init_s.c: implement init_with_{skey,creds}* 484 485 * lib/kadm5/server.c: Better arguments for 486 kadm5_init_with_password. 487 488 Sat May 16 07:10:36 1998 Assar Westerlund <assar@sics.se> 489 490 * kdc/hprop.c: conditionalize ka-server reading support on 491 KASERVER_DB 492 493 * configure.in: new option `--enable-kaserver-db' 494 495 Fri May 15 19:39:18 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 496 497 * lib/krb5/get_cred.c: Better error if local tgt couldn't be 498 found. 499 500 Tue May 12 21:11:02 1998 Assar Westerlund <assar@sics.se> 501 502 * Release 0.0p 503 504 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set 505 encryption type in auth_context if it's compatible with the type 506 of the session key 507 508 Mon May 11 21:11:14 1998 Johan Danielsson <joda@emma.pdc.kth.se> 509 510 * kdc/hprop.c: add support for ka-server databases 511 512 * appl/ftp/ftpd: link with -lcrypt, if needed 513 514 Fri May 1 07:29:52 1998 Assar Westerlund <assar@sics.se> 515 516 * configure.in: don't test for winsock.h 517 518 Sat Apr 18 21:43:11 1998 Johan Danielsson <joda@puffer.pdc.kth.se> 519 520 * Release 0.0o 521 522 Sat Apr 18 00:31:11 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 523 524 * lib/krb5/sock_principal.c: Save hostname. 525 526 Sun Apr 5 11:29:45 1998 Johan Danielsson <joda@emma.pdc.kth.se> 527 528 * lib/krb5/mk_req_ext.c: Use same enctype as in ticket. 529 530 * kdc/hprop.c (v4_prop): Check for null key. 531 532 Fri Apr 3 03:54:54 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 533 534 * lib/krb5/str2key.c: Fix DES3 string-to-key. 535 536 * lib/krb5/keytab.c: Get default keytab name from context. 537 538 * lib/krb5/context.c: Get `default_keytab_name' value. 539 540 * kadmin/util.c (foreach_principal): Print error message if 541 `kadm5_get_principals' fails. 542 543 * kadmin/kadmind.c: Use `kadmind_loop'. 544 545 * lib/kadm5/server.c: Replace several other functions with 546 `kadmind_loop'. 547 548 Sat Mar 28 09:49:18 1998 Assar Westerlund <assar@sics.se> 549 550 * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead 551 of O_APPEND 552 553 * configure.in: generate ftp Makefiles 554 555 * kuser/klist.c (print_cred_verbose): print IPv4-address in a 556 portable way. 557 558 * admin/srvconvert.c (srvconv): return 0 if successful 559 560 Tue Mar 24 00:40:33 1998 Johan Danielsson <joda@emma.pdc.kth.se> 561 562 * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to 563 keytab entries, and change default keytab to `/etc/krb5.keytab'. 564 565 Mon Mar 23 23:43:59 1998 Johan Danielsson <joda@emma.pdc.kth.se> 566 567 * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'. 568 569 * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'. 570 Fix bug in checking of pad. 571 572 * lib/gssapi/{un,}wrap.c: Add support for just integrity 573 protecting data. 574 575 * lib/gssapi/accept_sec_context.c: Use 576 `gssapi_krb5_verify_8003_checksum'. 577 578 * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'. 579 580 * lib/gssapi/init_sec_context.c: Zero cred, and store session key 581 properly in auth-context. 582 583 Sun Mar 22 00:47:22 1998 Johan Danielsson <joda@emma.pdc.kth.se> 584 585 * lib/kadm5/delete_s.c: Check immutable bit. 586 587 * kadmin/kadmin.c: Pass client name to kadm5_init. 588 589 * lib/kadm5/init_c.c: Get creds for client name passed in. 590 591 * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'. 592 593 Sat Mar 21 22:57:13 1998 Johan Danielsson <joda@emma.pdc.kth.se> 594 595 * lib/krb5/mk_error.c: Verify that error_code is in the range 596 [0,127]. 597 598 * kdc/kerberos5.c: Move checking of principal flags to new 599 function `check_flags'. 600 601 Sat Mar 21 14:38:51 1998 Assar Westerlund <assar@sics.se> 602 603 * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt 604 605 * configure.in: define SunOS if running solaris 606 607 Sat Mar 21 00:26:34 1998 Johan Danielsson <joda@emma.pdc.kth.se> 608 609 * lib/kadm5/server.c: Unifdef test for same principal when 610 changing password. 611 612 * kadmin/util.c: If kadm5_get_principals failes, we might still be 613 able to perform the requested opreration (for instance someone if 614 trying to change his own password). 615 616 * lib/kadm5/init_c.c: Try to get ticket via initial request, if 617 not possible via tgt. 618 619 * lib/kadm5/server.c: Check for principals changing their own 620 passwords. 621 622 * kdc/kerberos5.c (tgs_rep2): check for interesting flags on 623 involved principals. 624 625 * kadmin/util.c: Fix order of flags. 626 627 Thu Mar 19 16:54:10 1998 Johan Danielsson <joda@emma.pdc.kth.se> 628 629 * kdc/kerberos4.c: Return sane error code if krb_rd_req fails. 630 631 Wed Mar 18 17:11:47 1998 Assar Westerlund <assar@sics.se> 632 633 * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6 634 635 Wed Mar 18 09:58:18 1998 Johan Danielsson <joda@emma.pdc.kth.se> 636 637 * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't 638 free keyseed; use correct keytab 639 640 Tue Mar 10 09:56:16 1998 Assar Westerlund <assar@sics.se> 641 642 * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives 643 644 Mon Mar 16 23:58:23 1998 Johan Danielsson <joda@emma.pdc.kth.se> 645 646 * Release 0.0n 647 648 Fri Mar 6 00:41:30 1998 Johan Danielsson <joda@emma.pdc.kth.se> 649 650 * lib/gssapi/{accept_sec_context,release_cred}.c: Use 651 krb5_kt_close/krb5_kt_resolve. 652 653 * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver 654 to lookup hosts, so CNAMEs can be ignored. 655 656 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http): 657 Add support for using proxy. 658 659 * lib/krb5/context.c: Initialize `http_proxy' from 660 `libdefaults/http_proxy'. 661 662 * lib/krb5/krb5.h: Add `http_proxy' to context. 663 664 * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol 665 specifications. 666 667 Wed Mar 4 01:47:29 1998 Johan Danielsson <joda@emma.pdc.kth.se> 668 669 * admin/ktutil.c: Implement `add' and `remove' functions. Make 670 `--keytab' a global option. 671 672 * lib/krb5/keytab.c: Implement remove with files. Add memory 673 operations. 674 675 Tue Mar 3 20:09:59 1998 Johan Danielsson <joda@emma.pdc.kth.se> 676 677 * lib/krb5/keytab.c: Use function pointers. 678 679 * admin: Remove kdb_edit. 680 681 Sun Mar 1 03:28:42 1998 Assar Westerlund <assar@sics.se> 682 683 * lib/kadm5/dump_log.c: print operation names 684 685 Sun Mar 1 03:04:12 1998 Assar Westerlund <assar@sics.se> 686 687 * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth} 688 689 * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c: 690 remove arbitrary limit 691 692 * kdc/hprop-common.c: use krb5_{read,write}_message 693 694 * lib/kadm5/ipropd_master.c (send_diffs): more careful use 695 krb5_{write,read}_message 696 697 * lib/kadm5/ipropd_slave.c (get_creds): get credentials for 698 `iprop/master' directly. 699 (main): use `krb5_read_message' 700 701 Sun Mar 1 02:05:11 1998 Johan Danielsson <joda@emma.pdc.kth.se> 702 703 * kadmin/kadmin.c: Cleanup commands list, and add help strings. 704 705 * kadmin/get.c: Add long, short, and terse (equivalent to `list') 706 output formats. Short is the default. 707 708 * kadmin/util.c: Add `include_time' flag to timeval2str. 709 710 * kadmin/init.c: Max-life and max-renew can, infact, be zero. 711 712 * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'. 713 714 * kadmin/util.c: Add function `foreach_principal', that loops over 715 all principals matching an expression. 716 717 * kadmin/kadmin.c: Add usage string to `privileges'. 718 719 * lib/kadm5/get_princs_s.c: Also try to match aganist the 720 expression appended with `@default-realm'. 721 722 * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that 723 excludes the realm if it's the same as the default realm. 724 725 Fri Feb 27 05:02:21 1998 Assar Westerlund <assar@sics.se> 726 727 * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing 728 headers and functions error -> com_err 729 730 (krb5_get_init_creds_keytab): use krb5_keytab_key_proc 731 732 * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc' 733 global 734 735 * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data' 736 737 * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere. 738 739 Fri Feb 27 04:49:24 1998 Assar Westerlund <assar@sics.se> 740 741 * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240. 742 This should be fixed the correct way. 743 744 * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly 745 (send_diffs): compare versions correctly 746 (main): reorder handling of events 747 748 * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion 749 750 Thu Feb 26 02:22:35 1998 Assar Westerlund <assar@sics.se> 751 752 * lib/kadm5/ipropd_{slave,master}.c: new files 753 754 * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as 755 argument 756 757 * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct 758 et_list *' 759 760 * aux/make-proto.pl: Should work with perl4 761 762 Mon Feb 16 17:20:22 1998 Johan Danielsson <joda@emma.pdc.kth.se> 763 764 * lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via 765 {asn1,krb5}_err.h). 766 767 Thu Feb 12 03:28:40 1998 Assar Westerlund <assar@sics.se> 768 769 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference 770 is larger than max_skew, return KRB5KRB_AP_ERR_SKEW 771 772 * lib/kadm5/log.c (get_version): globalize 773 774 * lib/kadm5/kadm5_locl.h: include <sys/file.h> 775 776 * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY 777 778 * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of 779 initializing local struct in declaration. 780 781 Sat Jan 31 17:28:58 1998 Johan Danielsson <joda@emma.pdc.kth.se> 782 783 * kdc/524.c: Use krb5_decode_EncTicketPart. 784 785 * kdc/kerberos5.c: Check at runtime whether to use enctypes 786 instead of keytypes. If so use the same value to encrypt ticket, 787 and kdc-rep as well as `keytype' for session key. Fix some obvious 788 bugs with the handling of additional tickets. 789 790 * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and 791 krb5_decode_Authenticator. 792 793 * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart. 794 795 * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart. 796 797 * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption 798 type, and not a key type. Use krb5_encode_EncAPRepPart. 799 800 * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO. 801 802 * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart. 803 804 * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart. 805 806 * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart. 807 808 * lib/krb5/build_auth.c: Use krb5_encode_Authenticator. 809 810 * lib/krb5/codec.c: Enctype conversion stuff. 811 812 * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running 813 setuid. Get configuration for libdefaults ktype_is_etype, and 814 default_etypes. 815 816 * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename 817 krb5_convert_etype to krb5_decode_keytype, and add 818 krb5_decode_keyblock. 819 820 Fri Jan 23 00:32:09 1998 Johan Danielsson <joda@emma.pdc.kth.se> 821 822 * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype. 823 824 * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts 825 from protocol keytypes (that really are enctypes) to internal 826 representation. 827 828 Thu Jan 22 21:24:36 1998 Johan Danielsson <joda@emma.pdc.kth.se> 829 830 * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information 831 on keys in the database; and also a new `pa-key-info' padata-type. 832 833 * kdc/kerberos5.c: If pre-authentication fails, return a list of 834 keytypes, salttypes, and salts. 835 836 * lib/krb5/init_creds_pw.c: Add better support for 837 pre-authentication, by looking at hints from the KDC. 838 839 * lib/krb5/get_in_tkt.c: Add better support for specifying what 840 pre-authentication to use. 841 842 * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and 843 KEYTYPE_DES_AFS3. 844 845 * lib/krb5/krb5.h: Add pre-authentication structures. 846 847 * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL. 848 849 Wed Jan 21 06:20:40 1998 Assar Westerlund <assar@sics.se> 850 851 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize 852 `log_context.socket_name' and `log_context.socket_fd' 853 854 * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram 855 to inform the possible running ipropd of an update. 856 857 Wed Jan 21 01:34:09 1998 Johan Danielsson <joda@emma.pdc.kth.se> 858 859 * lib/krb5/get_in_tkt.c: Return error-packet to caller. 860 861 * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error. 862 863 * kdc/kerberos5.c: Add some support for using enctypes instead of 864 keytypes. 865 866 * lib/krb5/get_cred.c: Fixes to send authorization-data to the 867 KDC. 868 869 * lib/krb5/build_auth.c: Only generate local subkey if there is 870 none. 871 872 * lib/krb5/krb5.h: Add krb5_authdata type. 873 874 * lib/krb5/auth_context.c: Add 875 krb5_auth_con_set{,localsub,remotesub}key. 876 877 * lib/krb5/init_creds_pw.c: Return some error if prompter 878 functions return failure. 879 880 Wed Jan 21 01:16:13 1998 Assar Westerlund <assar@sics.se> 881 882 * kpasswd/kpasswd.c: detect bad password. use krb5_err. 883 884 * kadmin/util.c (edit_entry): remove unused variables 885 886 Tue Jan 20 22:58:31 1998 Assar Westerlund <assar@sics.se> 887 888 * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible. 889 890 * lib/kadm5/kadm5_locl.h: add kadm5_log_context and 891 kadm5_log*-functions 892 893 * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to 894 log 895 896 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to 897 log 898 899 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize 900 log_context 901 902 * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to 903 log 904 905 * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to 906 log 907 908 * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to 909 log 910 911 * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to 912 log 913 914 * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log 915 916 * lib/kadm5/replay_log.c: new file 917 918 * lib/kadm5/dump_log.c: new file 919 920 * lib/kadm5/log.c: new file 921 922 * lib/krb5/str2key.c (get_str): initialize pad space to zero 923 924 * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL 925 926 * kpasswd/kpasswdd.c: rewritten to use the kadm5 API 927 928 * kpasswd/Makefile.am: link with kadm5srv 929 930 * kdc/kerberos5.c (tgs_rep): initialize `i' 931 932 * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp 933 934 * include/Makefile.am: added admin.h 935 936 Sun Jan 18 01:41:34 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 937 938 * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes. 939 940 * lib/krb5/mcache.c (mcc_store_cred): restore linked list if 941 copy_creds fails. 942 943 Tue Jan 6 04:17:56 1998 Assar Westerlund <assar@sics.se> 944 945 * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp} 946 947 * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask. 948 949 * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use 950 krb5_getportbyname 951 952 * kadmin/kadmind.c (main): htons correctly. 953 moved kadm5_server_{recv,send} 954 955 * kadmin/kadmin.c (main): only set admin_server if explicitly 956 given 957 958 Mon Jan 5 23:34:44 1998 Johan Danielsson <joda@emma.pdc.kth.se> 959 960 * lib/hdb/ndbm.c: Implement locking of database. 961 962 * kdc/kerberos5.c: Process AuthorizationData. 963 964 Sat Jan 3 22:07:07 1998 Johan Danielsson <joda@blubb.pdc.kth.se> 965 966 * kdc/string2key.c: Use AFS string-to-key from libkrb5. 967 968 * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case. 969 970 * lib/krb5/krb5.h: Add value for AFS salts. 971 972 * lib/krb5/str2key.c: Add support for AFS string-to-key. 973 974 * lib/kadm5/rename_s.c: Use correct salt. 975 976 * lib/kadm5/ent_setup.c: Always enable client. Only set max-life 977 and max-renew if != 0. 978 979 * lib/krb5/config_file.c: Add context to all krb5_config_*get_*. 980 981 Thu Dec 25 17:03:25 1997 Assar Westerlund <assar@sics.se> 982 983 * kadmin/ank.c (ank): don't zero password if --random-key was 984 given. 985 986 Tue Dec 23 01:56:45 1997 Assar Westerlund <assar@sics.se> 987 988 * Release 0.0m 989 990 * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client' 991 992 * kadmin/util.c (edit_time): only set mask if != 0 993 (edit_attributes): only set mask if != 0 994 995 * kadmin/init.c (init): create `default' 996 997 Sun Dec 21 09:44:05 1997 Assar Westerlund <assar@sics.se> 998 999 * kadmin/util.c (str2deltat, str2attr, get_deltat): return value 1000 as pointer and have return value indicate success. 1001 1002 (get_response): check NULL from fgets 1003 1004 (edit_time, edit_attributes): new functions for reading values and 1005 offering list of answers on '?' 1006 1007 (edit_entry): use edit_time and edit_attributes 1008 1009 * kadmin/ank.c (add_new_key): test the return value of 1010 `krb5_parse_name' 1011 1012 * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say 1013 that the checksum has to be keyed, even though later drafts do. 1014 Accept unkeyed checksums to be compatible with MIT. 1015 1016 * kadmin/kadmin_locl.h: add some prototypes. 1017 1018 * kadmin/util.c (edit_entry): return a value 1019 1020 * appl/afsutil/afslog.c (main): return a exit code. 1021 1022 * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes 1023 1024 * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function. 1025 1026 * lib/krb5/build_auth.c (krb5_build_authenticator): use 1027 krb5_{free,copy}_keyblock instead of the _contents versions 1028 1029 Fri Dec 12 14:20:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1030 1031 * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey 1032 1033 Mon Dec 8 08:48:09 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1034 1035 * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid 1036 1037 Sat Dec 6 10:09:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1038 1039 * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL 1040 keyblock 1041 1042 Sat Dec 6 08:26:10 1997 Assar Westerlund <assar@sics.se> 1043 1044 * Release 0.0l 1045 1046 Thu Dec 4 03:38:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1047 1048 * lib/krb5/send_to_kdc.c: Add TCP client support. 1049 1050 * lib/krb5/store.c: Add k_{put,get}_int. 1051 1052 * kadmin/ank.c: Set initial kvno to 1. 1053 1054 * kdc/connect.c: Send version 5 TCP-reply as length+data. 1055 1056 Sat Nov 29 07:10:11 1997 Assar Westerlund <assar@sics.se> 1057 1058 * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug 1059 1060 * kdc/kaserver.c (create_reply_ticket): use a random nonce in the 1061 reply packet. 1062 1063 * kdc/connect.c (init_sockets): less reallocing. 1064 1065 * **/*.c: changed `struct fd_set' to `fd_set' 1066 1067 Sat Nov 29 05:12:01 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1068 1069 * lib/krb5/get_default_principal.c: More guessing. 1070 1071 Thu Nov 20 02:55:09 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1072 1073 * lib/krb5/rd_req.c: Use principal from ticket if no server is 1074 given. 1075 1076 Tue Nov 18 02:58:02 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1077 1078 * kuser/klist.c: Use krb5_err*(). 1079 1080 Sun Nov 16 11:57:43 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1081 1082 * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge' 1083 commands. 1084 1085 Sun Nov 16 02:52:20 1997 Assar Westerlund <assar@sics.se> 1086 1087 * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct 1088 `enctype' 1089 1090 * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype' 1091 if set. 1092 1093 * lib/krb5/get_cred.c: handle the case of a specific keytype 1094 1095 * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a 1096 parameter instead of guessing it. 1097 1098 * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter 1099 `enctype' 1100 1101 * appl/test/common.c (common_setup): don't use `optarg' 1102 1103 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function 1104 (krb5_kt_get_entry): retrieve the latest version if kvno == 0 1105 1106 * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE 1107 1108 * lib/krb5/creds.c (krb5_compare_creds): check for 1109 KRB5_TC_MATCH_KEYTYPE 1110 1111 * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove 1112 unused variable 1113 1114 * lib/krb5/creds.c (krb5_copy_creds_contents): only free the 1115 contents if we fail. 1116 1117 Sun Nov 16 00:32:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1118 1119 * kpasswd/kpasswdd.c: Get password expiration time from config 1120 file. 1121 1122 * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size. 1123 1124 Wed Nov 12 02:35:57 1997 Assar Westerlund <assar@sics.se> 1125 1126 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): 1127 restructured and fixed. 1128 1129 * lib/krb5/addr_families.c (krb5_h_addr2addr): new function. 1130 1131 Wed Nov 12 01:36:01 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1132 1133 * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other 1134 methods fail. 1135 1136 Tue Nov 11 22:22:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1137 1138 * kadmin/kadmin.c: Add `-l' flag to use local database. 1139 1140 * lib/kadm5/acl.c: Use KADM5_PRIV_ALL. 1141 1142 * lib/kadm5: Use function pointer trampoline for easier dual use 1143 (without radiation-hardening capability). 1144 1145 Tue Nov 11 05:15:22 1997 Assar Westerlund <assar@sics.se> 1146 1147 * lib/krb5/encrypt.c (krb5_etype_valid): new function 1148 1149 * lib/krb5/creds.c (krb5_copy_creds_contents): zero target 1150 1151 * lib/krb5/context.c (valid_etype): remove 1152 1153 * lib/krb5/checksum.c: remove dead code 1154 1155 * lib/krb5/changepw.c (send_request): free memory on error. 1156 1157 * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value 1158 from malloc. 1159 1160 * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on 1161 failure correctly. 1162 (krb5_auth_con_setaddrs_from_fd): return error correctly. 1163 1164 * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files 1165 1166 Tue Nov 11 02:53:19 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1167 1168 * lib/krb5/auth_context.c: Implement auth_con_setuserkey. 1169 1170 * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey. 1171 1172 * lib/krb5/keyblock.c: Rename krb5_free_keyblock to 1173 krb5_free_keyblock_contents, and reimplement krb5_free_keyblock. 1174 1175 * lib/krb5/rd_req.c: Use auth_context->keyblock if 1176 ap_options.use_session_key. 1177 1178 Tue Nov 11 02:35:17 1997 Assar Westerlund <assar@sics.se> 1179 1180 * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'. 1181 fix callers. 1182 1183 * lib/krb5/krb5_locl.h: include <asn1.h> and <der.h> 1184 1185 * include/Makefile.am: add xdbm.h 1186 1187 Tue Nov 11 01:58:22 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1188 1189 * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc. 1190 1191 Mon Nov 10 22:41:53 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1192 1193 * lib/krb5/ticket.c: Implement copy_ticket. 1194 1195 * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible. 1196 1197 * lib/krb5/data.c: Implement free_data and copy_data. 1198 1199 Sun Nov 9 02:17:27 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1200 1201 * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals. 1202 1203 * kadmin/kadmin.c: Add get_privileges function. 1204 1205 * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with 1206 specification. 1207 1208 * kdc/connect.c: Exit if no sockets could be bound. 1209 1210 * kadmin/kadmind.c: Check return value from krb5_net_read(). 1211 1212 * lib/kadm5,kadmin: Fix memory leaks. 1213 1214 Fri Nov 7 02:45:26 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1215 1216 * lib/kadm5/create_s.c: Get some default values from `default' 1217 principal. 1218 1219 * lib/kadm5/ent_setup.c: Add optional default entry to get some 1220 values from. 1221 1222 Thu Nov 6 00:20:41 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1223 1224 * lib/error/compile_et.awk: Remove generated destroy_*_error_table 1225 prototype 1226 1227 * kadmin/kadmind.c: Crude admin server. 1228 1229 * kadmin/kadmin.c: Update to use remote protocol. 1230 1231 * kadmin/get.c: Fix principal formatting. 1232 1233 * lib/kadm5: Add client support. 1234 1235 * lib/kadm5/error.c: Error code mapping. 1236 1237 * lib/kadm5/server.c: Kadmind support function. 1238 1239 * lib/kadm5/marshall.c: Kadm5 marshalling. 1240 1241 * lib/kadm5/acl.c: Simple acl system. 1242 1243 * lib/kadm5/kadm5_locl.h: Add client stuff. 1244 1245 * lib/kadm5/init_s.c: Initialize acl. 1246 1247 * lib/kadm5/*: Return values. 1248 1249 * lib/kadm5/create_s.c: Correct kvno. 1250 1251 Wed Nov 5 22:06:50 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1252 1253 * lib/krb5/log.c: Fix parsing of log destinations. 1254 1255 Mon Nov 3 20:33:55 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1256 1257 * lib/krb5/principal.c: Reduce number of reallocs in unparse_name. 1258 1259 Sat Nov 1 01:40:53 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1260 1261 * kadmin: Simple kadmin utility. 1262 1263 * admin/ktutil.c: Print keytype. 1264 1265 * lib/kadm5/get_s.c: Set correct n_key_data. 1266 1267 * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use 1268 master key. 1269 1270 * lib/kadm5/destroy_s.c: Check for allocated context. 1271 1272 * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys(). 1273 1274 Sat Nov 1 00:21:00 1997 Assar Westerlund <assar@sics.se> 1275 1276 * configure.in: test for readv, writev 1277 1278 Wed Oct 29 23:41:26 1997 Assar Westerlund <assar@sics.se> 1279 1280 * lib/krb5/warn.c (_warnerr): handle the case of an illegal error 1281 code 1282 1283 * kdc/kerberos5.c (encode_reply): return success 1284 1285 Wed Oct 29 18:01:59 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1286 1287 * kdc/kerberos5.c (find_etype) Return correct index of selected 1288 etype. 1289 1290 Wed Oct 29 04:07:06 1997 Assar Westerlund <assar@sics.se> 1291 1292 * Release 0.0k 1293 1294 * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG' 1295 environment variable 1296 1297 * *: use the roken_get*-macros from roken.h for the benefit of 1298 Crays. 1299 1300 * configure.in: add --{enable,disable}-otp. check for compatible 1301 prototypes for gethostbyname, gethostbyaddr, getservbyname, and 1302 openlog (they have strange prototypes on Crays) 1303 1304 * acinclude.m4: new macro `AC_PROTO_COMPAT' 1305 1306 Tue Oct 28 00:11:22 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1307 1308 * kdc/connect.c: Log bad requests. 1309 1310 * kdc/kerberos5.c: Move stuff that's in common between as_rep and 1311 tgs_rep to separate functions. 1312 1313 * kdc/kerberos5.c: Fix user-to-user authentication. 1314 1315 * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials: 1316 - add a kdc-options argument to krb5_get_credentials, and rename 1317 it to krb5_get_credentials_with_flags 1318 - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options 1319 - add some more user-to-user glue 1320 1321 * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new 1322 function, krb5_decrypt_ticket, so it is easier to decrypt and 1323 check a ticket without having an ap-req. 1324 1325 * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER 1326 flags. 1327 1328 * lib/krb5/crc.c (crc_init_table): Check if table is already 1329 inited. 1330 1331 Sun Oct 26 04:51:02 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1332 1333 * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case 1334 indefinite encoding. 1335 1336 * lib/asn1/gen_glue.c (generate_units): Check for empty 1337 member-list. 1338 1339 Sat Oct 25 07:24:57 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1340 1341 * lib/error/compile_et.awk: Allow specifying table-base. 1342 1343 Tue Oct 21 20:21:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1344 1345 * kdc/kerberos5.c: Check version number of krbtgt. 1346 1347 Mon Oct 20 01:14:53 1997 Assar Westerlund <assar@sics.se> 1348 1349 * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the 1350 case of unhidden prompts. 1351 1352 * lib/krb5/str2key.c (string_to_key_internal): return error 1353 instead of aborting. always free memory 1354 1355 * admin/ktutil.c: add `help' command 1356 1357 * admin/kdb_edit.c: implement new commands: add_random_key(ark), 1358 change_password(cpw), change_random_key(crk) 1359 1360 Thu Oct 16 05:16:36 1997 Assar Westerlund <assar@sics.se> 1361 1362 * kpasswd/kpasswdd.c: change all the keys in the database 1363 1364 * kdc: removed all unsealing, now done by the hdb layer 1365 1366 * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key' 1367 and `hdb_clear_master_key' 1368 1369 * admin/misc.c: removed 1370 1371 Wed Oct 15 22:47:31 1997 Assar Westerlund <assar@sics.se> 1372 1373 * kuser/klist.c: print year as YYYY iff verbose 1374 1375 Wed Oct 15 20:02:13 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1376 1377 * kuser/klist.c: print etype from ticket 1378 1379 Mon Oct 13 17:18:57 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1380 1381 * Release 0.0j 1382 1383 * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be 1384 used to decrypt the reply from DCE secds. 1385 1386 * lib/krb5/auth_context.c: Add {get,set}enctype. 1387 1388 * lib/krb5/get_cred.c: Fix for DCE secd. 1389 1390 * lib/krb5/store.c: Store keytype twice, as MIT does. 1391 1392 * lib/krb5/get_in_tkt.c: Use etype from reply. 1393 1394 Fri Oct 10 00:39:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1395 1396 * kdc/connect.c: check for leading '/' in http request 1397 1398 Tue Sep 30 21:50:18 1997 Assar Westerlund <assar@assaris.pdc.kth.se> 1399 1400 * Release 0.0i 1401 1402 Mon Sep 29 15:58:43 1997 Assar Westerlund <assar@sics.se> 1403 1404 * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know 1405 the kvno or keytype before receiving the AP-REQ 1406 1407 * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to 1408 use from the keytype. 1409 1410 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what 1411 cksumtype to use from the keytype. 1412 1413 * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use 1414 from the keytype. 1415 1416 * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype 1417 1418 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out 1419 what etype to use from the keytype. 1420 1421 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): 1422 handle other key types than DES 1423 1424 * lib/krb5/encrypt.c (key_type): add `best_cksumtype' 1425 (krb5_keytype_to_cksumtype): new function 1426 1427 * lib/krb5/build_auth.c (krb5_build_authenticator): figure out 1428 what etype to use from the keytype. 1429 1430 * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype' 1431 and `enctype' to 0 1432 1433 * admin/extkeytab.c (ext_keytab): extract all keys 1434 1435 * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge 1436 1437 * configure.in: check for <netinet6/in6.h>. check for -linet6 1438 1439 Tue Sep 23 03:00:53 1997 Assar Westerlund <assar@sics.se> 1440 1441 * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1 1442 1443 * lib/krb5/rd_safe.c: fix check for keyed and collision-proof 1444 checksum 1445 1446 * lib/krb5/context.c (valid_etype): remove hard-coded constants 1447 (default_etypes): include DES3 1448 1449 * kdc/kerberos5.c: fix check for keyed and collision-proof 1450 checksum 1451 1452 * admin/util.c (init_des_key, set_password): DES3 keys also 1453 1454 * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means 1455 no contact? 1456 1457 * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr' 1458 1459 Mon Sep 22 11:44:27 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 1460 1461 * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by 1462 the client is used to select wich key to encrypt the kdc rep with 1463 (in case of as-req), and with the server info to select the 1464 session key type. The server key the ticket is encrypted is based 1465 purely on the keys in the database. 1466 1467 * kdc/string2key.c: Add keytype support. Default to version 5 1468 keys. 1469 1470 * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse. 1471 1472 * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add 1473 many *_to_* functions. 1474 1475 * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument 1476 to krb5_string_to_key(). 1477 1478 * lib/krb5/checksum.c: Some cleanup, and added: 1479 - rsa-md5-des3 1480 - hmac-sha1-des3 1481 - keyed and collision proof flags to each checksum method 1482 - checksum<->string functions. 1483 1484 * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock. 1485 1486 Sun Sep 21 15:19:23 1997 Assar Westerlund <assar@sics.se> 1487 1488 * kdc/connect.c: use new addr_families functions 1489 1490 * kpasswd/kpasswdd.c: use new addr_families functions. Now works 1491 over IPv6 1492 1493 * kuser/klist.c: use correct symbols for address families 1494 1495 * lib/krb5/sock_principal.c: use new addr_families functions 1496 1497 * lib/krb5/send_to_kdc.c: use new addr_families functions 1498 1499 * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6 1500 1501 * lib/krb5/get_addrs.c: use new addr_families functions 1502 1503 * lib/krb5/changepw.c: use new addr_families functions. Now works 1504 over IPv6 1505 1506 * lib/krb5/auth_context.c: use new addr_families functions 1507 1508 * lib/krb5/addr_families.c: new file 1509 1510 * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated 1511 uses. 1512 1513 * acinclude.m4: new macro `AC_KRB_IPV6'. Use it. 1514 1515 Sat Sep 13 23:04:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1516 1517 * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable 1518 principals. 1519 1520 Sat Sep 13 00:59:36 1997 Assar Westerlund <assar@sics.se> 1521 1522 * Release 0.0h 1523 1524 * appl/telnet/telnet/commands.c: AF_INET6 support 1525 1526 * admin/misc.c: new file 1527 1528 * lib/krb5/context.c: new configuration variable `max_retries' 1529 1530 * lib/krb5/get_addrs.c: fixes and better #ifdef's 1531 1532 * lib/krb5/config_file.c: implement krb5_config_get_int 1533 1534 * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c: 1535 AF_INET6 support 1536 1537 * kuser/klist.c: support for printing IPv6-addresses 1538 1539 * kdc/connect.c: support AF_INET6 1540 1541 * configure.in: test for gethostbyname2 and struct sockaddr_in6 1542 1543 Thu Sep 11 07:25:28 1997 Assar Westerlund <assar@sics.se> 1544 1545 * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF 1546 PA-DATA' 1547 1548 Wed Sep 10 21:20:17 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1549 1550 * kdc/kerberos5.c: Fixes for cross-realm, including (but not 1551 limited to): 1552 - allow client to be non-existant (should probably check for 1553 "local realm") 1554 - if server isn't found and it is a request for a krbtgt, try to 1555 find a realm on the way to the requested realm 1556 - update the transited encoding iff 1557 client-realm != server-realm != tgt-realm 1558 1559 * lib/krb5/get_cred.c: Several fixes for cross-realm. 1560 1561 Tue Sep 9 15:59:20 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1562 1563 * kdc/string2key.c: Fix password handling. 1564 1565 * lib/krb5/encrypt.c: krb5_key_to_string 1566 1567 Tue Sep 9 07:46:05 1997 Assar Westerlund <assar@sics.se> 1568 1569 * lib/krb5/get_addrs.c: rewrote. Now should be able to handle 1570 aliases and IPv6 addresses 1571 1572 * kuser/klist.c: try printing IPv6 addresses 1573 1574 * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192 1575 1576 * configure.in: check for <netinet/in6_var.h> 1577 1578 Mon Sep 8 02:57:14 1997 Assar Westerlund <assar@sics.se> 1579 1580 * doc: fixes 1581 1582 * admin/util.c (init_des_key): increase kvno 1583 (set_password): return -1 if `des_read_pw_string' failed 1584 1585 * admin/mod.c (doit2): check the return value from `set_password' 1586 1587 * admin/ank.c (doit): don't add a new entry if `set_password' 1588 failed 1589 1590 Mon Sep 8 02:20:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 1591 1592 * lib/krb5/verify_init.c: fix ap_req_nofail semantics 1593 1594 * lib/krb5/transited.c: something that might resemble 1595 domain-x500-compress 1596 1597 Mon Sep 8 01:24:42 1997 Assar Westerlund <assar@sics.se> 1598 1599 * kdc/hpropd.c (main): check number of arguments 1600 1601 * appl/popper/pop_init.c (pop_init): check number of arguments 1602 1603 * kpasswd/kpasswd.c (main): check number of arguments 1604 1605 * kdc/string2key.c (main): check number of arguments 1606 1607 * kuser/kdestroy.c (main): check number of arguments 1608 1609 * kuser/kinit.c (main): check number of arguments 1610 1611 * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to 1612 break out of select when a signal arrives 1613 1614 * kdc/main.c (main): use sigaction without SA_RESTART to break out 1615 of select when a signal arrives 1616 1617 * kdc/kstash.c: default to HDB_DB_DIR "/m-key" 1618 1619 * kdc/config.c (configure): add `--version'. Check the number of 1620 arguments. Handle the case of there being no specification of port 1621 numbers. 1622 1623 * admin/util.c: seal and unseal key at appropriate places 1624 1625 * admin/kdb_edit.c (main): parse arguments, config file and read 1626 master key iff there's one. 1627 1628 * admin/extkeytab.c (ext_keytab): unseal key while extracting 1629 1630 Sun Sep 7 20:41:01 1997 Assar Westerlund <assar@sics.se> 1631 1632 * lib/roken/roken.h: include <fcntl.h> 1633 1634 * kdc/kerberos5.c (set_salt_padata): new function 1635 1636 * appl/telnet/telnetd/telnetd.c: Rename some variables that 1637 conflict with cpp symbols on HP-UX 10.20 1638 1639 * change all calls of `gethostbyaddr' to cast argument 1 to `const 1640 char *' 1641 1642 * acconfig.h: only use SGTTY on nextstep 1643 1644 Sun Sep 7 14:33:50 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1645 1646 * kdc/kerberos5.c: Check invalid flag. 1647 1648 Fri Sep 5 14:19:38 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1649 1650 * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds. 1651 1652 * lib/kafs: Move functions common to krb/krb5 modules to new file, 1653 and make things more modular. 1654 1655 * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST 1656 -> krb5_config_list 1657 1658 Thu Sep 4 23:39:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 1659 1660 * lib/krb5/get_addrs.c: Fix loopback test. 1661 1662 Thu Sep 4 04:45:49 1997 Assar Westerlund <assar@sics.se> 1663 1664 * lib/roken/roken.h: fallback definition of `O_ACCMODE' 1665 1666 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when 1667 checking for a v4 reply 1668 1669 Wed Sep 3 18:20:14 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1670 1671 * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags. 1672 1673 * lib/hdb/hdb.c: new {seal,unseal}_keys functions 1674 1675 * kdc/{hprop,hpropd}.c: Add support to dump database to stdout. 1676 1677 * kdc/hprop.c: Don't use same master key as version 4. 1678 1679 * admin/util.c: Don't dump core if no `default' is found. 1680 1681 Wed Sep 3 16:01:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 1682 1683 * kdc/connect.c: Allow run time port specification. 1684 1685 * kdc/config.c: Add flags for http support, and port 1686 specifications. 1687 1688 Tue Sep 2 02:00:03 1997 Assar Westerlund <assar@sics.se> 1689 1690 * include/bits.c: Don't generate ifndef's in bits.h. Instead, use 1691 them when building the program. This makes it possible to include 1692 bits.h without having defined all HAVE_INT17_T symbols. 1693 1694 * configure.in: test for sigaction 1695 1696 * doc: updated documentation. 1697 1698 Tue Sep 2 00:20:31 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1699 1700 * Release 0.0g 1701 1702 Mon Sep 1 17:42:14 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1703 1704 * lib/krb5/data.c: don't return ENOMEM if len == 0 1705 1706 Sun Aug 31 17:15:49 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1707 1708 * lib/hdb/hdb.asn1: Include salt type in salt. 1709 1710 * kdc/hprop.h: Change port to 754. 1711 1712 * kdc/hpropd.c: Verify who tries to transmit a database. 1713 1714 * appl/popper: Use getarg and krb5_log. 1715 1716 * lib/krb5/get_port.c: Add context parameter. Now takes port in 1717 host byte order. 1718 1719 Sat Aug 30 18:48:19 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1720 1721 * kdc/connect.c: Add timeout to select, and log about expired tcp 1722 connections. 1723 1724 * kdc/config.c: Add `database' option. 1725 1726 * kdc/hpropd.c: Log about duplicate entries. 1727 1728 * lib/hdb/{db,ndbm}.c: Use common routines. 1729 1730 * lib/hdb/common.c: Implement more generic fetch/store/delete 1731 functions. 1732 1733 * lib/hdb/hdb.h: Add `replace' parameter to store. 1734 1735 * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor 1736 entries. 1737 1738 Fri Aug 29 03:13:23 1997 Assar Westerlund <assar@sics.se> 1739 1740 * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket 1741 1742 * aux/make-proto.pl: fix __P for stone age mode 1743 1744 Fri Aug 29 02:45:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1745 1746 * lib/45/mk_req.c: implementation of krb_mk_req that uses 524 1747 protocol 1748 1749 * lib/krb5/init_creds_pw.c: make change_password and 1750 get_init_creds_common static 1751 1752 * lib/krb5/krb5.h: Merge stuff from removed headerfiles. 1753 1754 * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops 1755 1756 * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops 1757 1758 Fri Aug 29 01:45:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 1759 1760 * lib/krb5/krb5.h: Remove all prototypes. 1761 1762 * lib/krb5/convert_creds.c: Use `struct credentials' instead of 1763 `CREDENTIALS'. 1764 1765 Fri Aug 29 00:08:18 1997 Assar Westerlund <assar@sics.se> 1766 1767 * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions 1768 and units for bit strings. 1769 1770 * admin/util.c: flags2int, int2flags, and flag_units are now 1771 generated by asn1_compile 1772 1773 * lib/roken/parse_units.c: generalised `parse_units' and 1774 `unparse_units' and added new functions `parse_flags' and 1775 `unparse_flags' that use these 1776 1777 * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h 1778 1779 * admin/util.c: Use {un,}parse_flags for printing and parsing 1780 hdbflags. 1781 1782 Thu Aug 28 03:26:12 1997 Assar Westerlund <assar@sics.se> 1783 1784 * lib/krb5/get_addrs.c: restructured 1785 1786 * lib/krb5/warn.c (_warnerr): leak less memory 1787 1788 * lib/hdb/hdb.c (hdb_free_entry): zero keys 1789 (hdb_check_db_format): leak less memory 1790 1791 * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement 1792 NDBM__get, NDBM__put 1793 1794 * lib/hdb/db.c (DB_seq): check for valid hdb_entries 1795 1796 Thu Aug 28 02:06:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1797 1798 * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets. 1799 1800 Thu Aug 28 01:13:17 1997 Assar Westerlund <assar@sics.se> 1801 1802 * kuser/kinit.1, klist.1, kdestroy.1: new man pages 1803 1804 * kpasswd/kpasswd.1, kpasswdd.8: new man pages 1805 1806 * kdc/kstash.8, hprop.8, hpropd.8: new man pages 1807 1808 * admin/ktutil.8, admin/kdb_edit.8: new man pages 1809 1810 * admin/mod.c: new file 1811 1812 * admin/life.c: renamed gettime and puttime to getlife and putlife 1813 and moved them to life.c 1814 1815 * admin/util.c: add print_flags, parse_flags, init_entry, 1816 set_created_by, set_modified_by, edit_entry, set_password. Use 1817 them. 1818 1819 * admin/get.c: use print_flags 1820 1821 * admin: removed unused stuff. use krb5_{warn,err}* 1822 1823 * admin/ank.c: re-organized and abstracted. 1824 1825 * admin/gettime.c: removed 1826 1827 Thu Aug 28 00:37:39 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1828 1829 * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply. 1830 1831 * lib/roken/base64.c: Add base64 functions. 1832 1833 * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support. 1834 1835 Wed Aug 27 00:29:20 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1836 1837 * include/Makefile.am: Don't make links to built files. 1838 1839 * admin/kdb_edit.c: Add command to set the database path. 1840 1841 * lib/hdb: Include version number in database. 1842 1843 Tue Aug 26 20:14:54 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1844 1845 * admin/ktutil: Merged v4 srvtab conversion. 1846 1847 Mon Aug 25 23:02:18 1997 Assar Westerlund <assar@sics.se> 1848 1849 * lib/roken/roken.h: add F_OK 1850 1851 * lib/gssapi/acquire_creds.c: fix typo 1852 1853 * configure.in: call AC_TYPE_MODE_T 1854 1855 * acinclude.m4: Add AC_TYPE_MODE_T 1856 1857 Sun Aug 24 16:46:53 1997 Assar Westerlund <assar@sics.se> 1858 1859 * Release 0.0f 1860 1861 Sun Aug 24 08:06:54 1997 Assar Westerlund <assar@sics.se> 1862 1863 * appl/popper/pop_pass.c: log poppers 1864 1865 * kdc/kaserver.c: some more checks 1866 1867 * kpasswd/kpasswd.c: removed `-p' 1868 1869 * kuser/kinit.c: removed `-p' 1870 1871 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If 1872 KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again. 1873 1874 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out 1875 krb-error text 1876 1877 * lib/gssapi/import_name.c (input_name): more names types. 1878 1879 * admin/load.c (parse_keys): handle the case of an empty salt 1880 1881 * kdc/kaserver.c: fix up memory deallocation 1882 1883 * kdc/kaserver.c: quick hack at talking kaserver protocol 1884 1885 * kdc/kerberos4.c: Make `db-fetch4' global 1886 1887 * configure.in: add --enable-kaserver 1888 1889 * kdc/rx.h, kdc/kerberos4.h: new header files 1890 1891 * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o 1892 1893 Sun Aug 24 03:52:44 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1894 1895 * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific 1896 type conflicts. 1897 1898 * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits. 1899 1900 * lib/des/{md4,md5,sha}.c: Now works on Crays. 1901 1902 Sat Aug 23 18:15:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 1903 1904 * appl/afsutil/afslog.c: If no cells or files specified, get 1905 tokens for all local cells. Better test for files. 1906 1907 Thu Aug 21 23:33:38 1997 Assar Westerlund <assar@sics.se> 1908 1909 * lib/gssapi/v1.c: new file with v1 compatibility functions. 1910 1911 Thu Aug 21 20:36:13 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 1912 1913 * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket. 1914 1915 * kdc/kerberos4.c: Check database when converting v4 principals. 1916 1917 * kdc/kerberos5.c: Include kvno in Ticket. 1918 1919 * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData. 1920 1921 * kuser/klist.c: Print version number of ticket, include more 1922 flags. 1923 1924 Wed Aug 20 21:26:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 1925 1926 * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for 1927 expiration. 1928 1929 Wed Aug 20 17:40:31 1997 Assar Westerlund <assar@sics.se> 1930 1931 * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff 1932 there's an error. 1933 1934 * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol 1935 documentation and process KRB-ERROR's 1936 1937 Tue Aug 19 20:41:30 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1938 1939 * kdc/kerberos4.c: Fix memory leak in v4 protocol handler. 1940 1941 Mon Aug 18 05:15:09 1997 Assar Westerlund <assar@sics.se> 1942 1943 * lib/gssapi/accept_sec_context.c: Added 1944 `gsskrb5_register_acceptor_identity' 1945 1946 Sun Aug 17 01:40:20 1997 Assar Westerlund <assar@sics.se> 1947 1948 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't 1949 always pass server == NULL to krb5_rd_req. 1950 1951 * lib/gssapi: new files: canonicalize_name.c export_name.c 1952 context_time.c compare_name.c release_cred.c acquire_cred.c 1953 inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au> 1954 1955 * lib/krb5/config_file.c: Add netinfo support from Luke Howard 1956 <lukeh@xedoc.com.au> 1957 1958 * lib/editline/sysunix.c: sgtty-support from Luke Howard 1959 <lukeh@xedoc.com.au> 1960 1961 * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke 1962 Howard <lukeh@xedoc.com.au> 1963 1964 Sat Aug 16 00:44:47 1997 Assar Westerlund <assar@koi.pdc.kth.se> 1965 1966 * Release 0.0e 1967 1968 Sat Aug 16 00:23:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1969 1970 * appl/afsutil/afslog.c: Use new libkafs. 1971 1972 * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol. 1973 1974 * lib/krb5/warn.c: Fix format string for *x type. 1975 1976 Fri Aug 15 22:15:01 1997 Assar Westerlund <assar@sics.se> 1977 1978 * admin/get.c (get_entry): print more information about the entry 1979 1980 * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed 1981 1982 * lib/krb5/config_file.c: new functions `krb5_config_get_time' and 1983 `krb5_config_vget_time'. Use them. 1984 1985 Fri Aug 15 00:09:37 1997 Johan Danielsson <joda@emma.pdc.kth.se> 1986 1987 * admin/ktutil.c: Keytab manipulation program. 1988 1989 * lib/krb5/keytab.c: Return sane values from resolve and 1990 start_seq_get. 1991 1992 * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'. 1993 1994 * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using 1995 krb524_convert_creds_kdc. 1996 1997 * lib/krb5/convert_creds.c: Implementation of 1998 krb524_convert_creds_kdc. 1999 2000 * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL 2001 2002 * kdc/524.c: A somewhat working 524-protocol module. 2003 2004 * kdc/kerberos4.c: Add version 4 ticket encoding and encryption 2005 functions. 2006 2007 * lib/krb5/context.c: Fix kdc_timeout. 2008 2009 * lib/hdb/{ndbm,db}.c: Free name in close. 2010 2011 * kdc/kerberos5.c (tgs_check_autenticator): Return error code 2012 2013 Thu Aug 14 21:29:03 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2014 2015 * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply. 2016 2017 * lib/krb5/store_emem.c: Fix reallocation bug. 2018 2019 Tue Aug 12 01:29:46 1997 Assar Westerlund <assar@sics.se> 2020 2021 * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use 2022 `krb5_sock_to_principal'. Send server parameter to 2023 krb5_rd_req/krb5_recvauth. Set addresses in auth_context. 2024 2025 * lib/krb5/recvauth.c: Set addresses in auth_context if there 2026 aren't any 2027 2028 * lib/krb5/auth_context.c: New function 2029 `krb5_auth_con_setaddrs_from_fd' 2030 2031 * lib/krb5/sock_principal.c: new function 2032 `krb5_sock_to_principal' 2033 2034 * lib/krb5/time.c: new file with `krb5_timeofday' and 2035 `krb5_us_timeofday'. Use these functions. 2036 2037 * kuser/klist.c: print KDC offset iff verbose 2038 2039 * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if 2040 [libdefaults]kdc_timesync is set. 2041 2042 * lib/krb5/fcache.c: Implement version 4 of the ccache format. 2043 2044 Mon Aug 11 05:34:43 1997 Assar Westerlund <assar@sics.se> 2045 2046 * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory 2047 2048 * lib/krb5/principal.c (krb5_unparse_name): allocate memory 2049 properly 2050 2051 * kpasswd/kpasswd.c: Use `krb5_change_password' 2052 2053 * lib/krb5/init_creds_pw.c (init_cred): set realm of server 2054 correctly. 2055 2056 * lib/krb5/init_creds_pw.c: support changing of password when it 2057 has expired 2058 2059 * lib/krb5/changepw.c: new file 2060 2061 * kuser/klist.c: use getarg 2062 2063 * admin/init.c (init): add `kadmin/changepw' 2064 2065 Mon Aug 11 04:30:47 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2066 2067 * lib/krb5/get_cred.c: Make get_credentials handle cross-realm. 2068 2069 Mon Aug 11 00:03:24 1997 Assar Westerlund <assar@sics.se> 2070 2071 * lib/krb5/config_file.c: implement support for #-comments 2072 2073 Sat Aug 9 02:21:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2074 2075 * kdc/hprop*.c: Add database propagation programs. 2076 2077 * kdc/connect.c: Max request size. 2078 2079 Sat Aug 9 00:47:28 1997 Assar Westerlund <assar@sics.se> 2080 2081 * lib/otp: resurrected from krb4 2082 2083 * appl/push: new program for fetching mail with POP. 2084 2085 * appl/popper/popper.h: new include files. new fields in `POP' 2086 2087 * appl/popper/pop_pass.c: Implement both v4 and v5. 2088 2089 * appl/popper/pop_init.c: Implement both v4 and v5. 2090 2091 * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5 2092 2093 * appl/popper: Popper from krb4. 2094 2095 * configure.in: check for inline and <netinet/tcp.h> generate 2096 files in appl/popper, appl/push, and lib/otp 2097 2098 Fri Aug 8 05:51:02 1997 Assar Westerlund <assar@sics.se> 2099 2100 * lib/krb5/get_cred.c: clean-up and try to free memory even when 2101 there're errors 2102 2103 * lib/krb5/get_cred.c: adapt to new `extract_ticket' 2104 2105 * lib/krb5/get_in_tkt.c: reorganize. check everything and try to 2106 return memory even if there are errors. 2107 2108 * kuser/kverify.c: new file 2109 2110 * lib/krb5/free_host_realm.c: new file 2111 2112 * lib/krb5/principal.c (krb5_sname_to_principal): implement 2113 different nametypes. Also free memory. 2114 2115 * lib/krb5/verify_init.c: more functionality 2116 2117 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum 2118 2119 * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the 2120 principals in creds. Should also compare them with that received 2121 from the KDC 2122 2123 * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated 2124 krb5_ccache 2125 (krb5_cc_destroy): call krb5_cc_close 2126 (krb5_cc_retrieve_cred): delete the unused creds 2127 2128 Fri Aug 8 02:30:40 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2129 2130 * lib/krb5/log.c: Allow better control of destinations of logging 2131 (like passing explicit destinations, and log-functions). 2132 2133 Fri Aug 8 01:20:39 1997 Assar Westerlund <assar@sics.se> 2134 2135 * lib/krb5/get_default_principal.c: new file 2136 2137 * kpasswd/kpasswdd.c: use krb5_log* 2138 2139 Fri Aug 8 00:37:47 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2140 2141 * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab. 2142 2143 Fri Aug 8 00:37:17 1997 Assar Westerlund <assar@sics.se> 2144 2145 * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'. 2146 Print password expire information. 2147 2148 * kdc/config.c: new variable `kdc_warn_pwexpire' 2149 2150 * kpasswd/kpasswd.c: converted to getarg and get_init_creds 2151 2152 Thu Aug 7 22:17:09 1997 Assar Westerlund <assar@sics.se> 2153 2154 * lib/krb5/mcache.c: new file 2155 2156 * admin/gettime.c: new function puttime. Use it. 2157 2158 * lib/krb5/keyblock.c: Added krb5_free_keyblock and 2159 krb5_copy_keyblock 2160 2161 * lib/krb5/init_creds_pw.c: more functionality 2162 2163 * lib/krb5/creds.c: Added krb5_free_creds_contents and 2164 krb5_copy_creds. Changed callers. 2165 2166 * lib/krb5/config_file.c: new functions krb5_config_get and 2167 krb5_config_vget 2168 2169 * lib/krb5/cache.c: cleanup added mcache 2170 2171 * kdc/kerberos5.c: include last-req's of type 6 and 7, if 2172 applicable 2173 2174 Wed Aug 6 20:38:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2175 2176 * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'. 2177 2178 Tue Aug 5 22:53:54 1997 Assar Westerlund <assar@sics.se> 2179 2180 * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c, 2181 prompter_posix.c: the beginning of an implementation of the cygnus 2182 initial-ticket API. 2183 2184 * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global 2185 2186 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is 2187 almost krb5_get_in_tkt but doesn't write the creds to the ccache. 2188 Small fixes in krb5_get_in_tkt 2189 2190 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include 2191 loopback. 2192 2193 Mon Aug 4 20:20:48 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2194 2195 * kdc: Make context global. 2196 2197 Fri Aug 1 17:23:56 1997 Assar Westerlund <assar@sics.se> 2198 2199 * Release 0.0d 2200 2201 * lib/roken/flock.c: new file 2202 2203 * kuser/kinit.c: check for and print expiry information in the 2204 `kdc_rep' 2205 2206 * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL 2207 2208 * kdc/kerberos5.c: Check the valid times on client and server. 2209 Check the password expiration. 2210 Check the require_preauth flag. 2211 Send an lr_type == 6 with pw_end. 2212 Set key.expiration to min(valid_end, pw_end) 2213 2214 * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw' 2215 2216 * admin/util.c, admin/load.c: handle the new flags. 2217 2218 Fri Aug 1 16:56:12 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2219 2220 * lib/hdb: Add some simple locking. 2221 2222 Sun Jul 27 04:44:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2223 2224 * lib/krb5/log.c: Add some general logging functions. 2225 2226 * kdc/kerberos4.c: Add version 4 protocol handler. The requrement 2227 for this to work is that all involved principals has a des key in 2228 the database, and that the client has a version 4 (un-)salted 2229 key. Furthermore krb5_425_conv_principal has to do it's job, as 2230 present it's not very clever. 2231 2232 * lib/krb5/principal.c: Quick patch to make 425_conv work 2233 somewhat. 2234 2235 * lib/hdb/hdb.c: Add keytype->key and next key functions. 2236 2237 Fri Jul 25 17:32:12 1997 Assar Westerlund <assar@sics.se> 2238 2239 * lib/krb5/build_auth.c (krb5_build_authenticator): don't free 2240 `cksum'. It's allocated and freed by the caller 2241 2242 * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'. 2243 2244 * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined 2245 `client' to return as part of the KRB-ERROR 2246 2247 Thu Jul 24 08:13:59 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2248 2249 * kdc/kerberos5.c: Unseal keys from database before use. 2250 2251 * kdc/misc.c: New functions set_master_key, unseal_key and 2252 free_key. 2253 2254 * lib/roken/getarg.c: Handle `-f arg' correctly. 2255 2256 Thu Jul 24 01:54:43 1997 Assar Westerlund <assar@sics.se> 2257 2258 * kuser/kinit.c: implement `-l' aka `--lifetime' 2259 2260 * lib/roken/parse_units.c, parse_time.c: new files 2261 2262 * admin/gettime.c (gettime): use `parse_time' 2263 2264 * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending 2265 KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA. 2266 2267 * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set 2268 addresses in auth_context bind one socket per interface. 2269 2270 * kpasswd/kpasswd.c: use sequence numbers 2271 2272 * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying 2273 the timestamps 2274 2275 * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key 2276 from auth_context 2277 2278 * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key 2279 from auth_context 2280 2281 * lib/krb5/mk_error.c (krb5_mk_error): return an error number and 2282 not a comerr'd number. 2283 2284 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error 2285 number in KRB-ERROR correctly. 2286 2287 * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error 2288 number in KRB-ERROR correctly. 2289 2290 * lib/asn1/k5.asn1: Add `METHOD-DATA' 2291 2292 * removed some memory leaks. 2293 2294 Wed Jul 23 07:53:18 1997 Assar Westerlund <assar@sics.se> 2295 2296 * Release 0.0c 2297 2298 * lib/krb5/rd_cred.c, get_for_creds.c: new files 2299 2300 * lib/krb5/get_host_realm.c: try default realm as last chance 2301 2302 * kpasswd/kpasswdd.c: updated to hdb changes 2303 2304 * appl/telnet/libtelnet/kerberos5.c: Implement forwarding 2305 2306 * appl/telnet/libtelnet: removed totally unused files 2307 2308 * admin/ank.c: fix prompts and generation of random keys 2309 2310 Wed Jul 23 04:02:32 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2311 2312 * admin/dump.c: Include salt in dump. 2313 2314 * admin: Mostly updated for new db-format. 2315 2316 * kdc/kerberos5.c: Update to use new db format. Better checking of 2317 flags and such. More logging. 2318 2319 * lib/hdb/hdb.c: Use generated encode and decode functions. 2320 2321 * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code. 2322 2323 * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none 2324 in the reply. 2325 2326 Sun Jul 20 16:22:30 1997 Assar Westerlund <assar@sics.se> 2327 2328 * kuser/kinit.c: break if des_read_pw_string() != 0 2329 2330 * kpasswd/kpasswdd.c: send a reply 2331 2332 * kpasswd/kpasswd.c: restructured code. better report on 2333 krb-error break if des_read_pw_string() != 0 2334 2335 * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for 2336 starttime and renew_till 2337 2338 * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a 2339 keyblock to krb5_verify_chekcsum 2340 2341 Sun Jul 20 06:35:46 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2342 2343 * Release 0.0b 2344 2345 * kpasswd/kpasswd.c: Avoid using non-standard struct names. 2346 2347 Sat Jul 19 19:26:23 1997 Assar Westerlund <assar@sics.se> 2348 2349 * lib/krb5/keytab.c (krb5_kt_get_entry): check return from 2350 `krb5_kt_start_seq_get'. From <map@stacken.kth.se> 2351 2352 Sat Jul 19 04:07:39 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2353 2354 * lib/asn1/k5.asn1: Update with more pa-data types from 2355 draft-ietf-cat-kerberos-revisions-00.txt 2356 2357 * admin/load.c: Update to match current db-format. 2358 2359 * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving 2360 up. Send back an empty pa-data if the client has the v4 flag set. 2361 2362 * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted 2363 pa-data. DTRT if there is any pa-data in the reply. 2364 2365 * lib/krb5/str2key.c: XOR with some sane value. 2366 2367 * lib/hdb/hdb.h: Add `version 4 salted key' flag. 2368 2369 * kuser/kinit.c: Ask for password before calling get_in_tkt. This 2370 makes it possible to call key_proc more than once. 2371 2372 * kdc/string2key.c: Add flags to output version 5 (DES only), 2373 version 4, and AFS string-to-key of a password. 2374 2375 * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or 2376 ENOMEM). 2377 2378 Fri Jul 18 02:54:58 1997 Assar Westerlund <assar@sics.se> 2379 2380 * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the 2381 name2name thing 2382 2383 * kdc/misc.c: check result of hdb_open 2384 2385 * admin/kdb_edit: updated to new sl 2386 2387 * lib/sl: sl_func now returns an int. != 0 means to exit. 2388 2389 * kpasswd/kpasswdd: A crude (but somewhat working) implementation 2390 of `draft-ietf-cat-kerb-chg-password-00.txt' 2391 2392 Fri Jul 18 00:55:39 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2393 2394 * kuser/krenew.c: Crude ticket renewing program. 2395 2396 * kdc/kerberos5.c: Rewritten flags parsing, it now might work to 2397 get forwarded and renewed tickets. 2398 2399 * kuser/kinit.c: Add `-r' flag. 2400 2401 * lib/krb5/get_cred.c: Move most of contents of get_creds to new 2402 function get_kdc_cred, that always contacts the kdc and doesn't 2403 save in the cache. This is a hack. 2404 2405 * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request 2406 (a bit kludgy). 2407 2408 * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in. 2409 2410 * lib/krb5/send_to_kdc.c: Get timeout from context. 2411 2412 * lib/krb5/context.c: Add kdc_timeout to context struct. 2413 2414 Thu Jul 17 20:35:45 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2415 2416 * kuser/klist.c: Print start time of ticket if available. 2417 2418 * lib/krb5/get_host_realm.c: Return error if no realm was found. 2419 2420 Thu Jul 17 20:28:21 1997 Assar Westerlund <assar@sics.se> 2421 2422 * kpasswd: non-working kpasswd added 2423 2424 Thu Jul 17 00:21:22 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2425 2426 * Release 0.0a 2427 2428 * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement. 2429 2430 Wed Jul 16 03:37:41 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2431 2432 * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req. 2433 2434 * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote 2435 subkey. 2436 2437 * lib/krb5/principal.c (krb5_free_principal): Check for NULL. 2438 2439 * lib/krb5/send_to_kdc.c: Check for NULL return from 2440 gethostbyname. 2441 2442 * lib/krb5/set_default_realm.c: Try to get realm of local host if 2443 no default realm is available. 2444 2445 * Remove non ASN.1 principal code. 2446 2447 Wed Jul 16 03:17:30 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2448 2449 * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better 2450 error handing. Do some logging. 2451 2452 * kdc/log.c: Some simple logging facilities. 2453 2454 * kdc/misc.c (db_fetch): Take a krb5_principal. 2455 2456 * kdc/connect.c: Pass address of request to as_rep and 2457 tgs_rep. Send KRB-ERROR. 2458 2459 * lib/krb5/mk_error.c: Add more fields. 2460 2461 * lib/krb5/get_cred.c: Print normal error code if no e_text is 2462 available. 2463 2464 Wed Jul 16 03:07:50 1997 Assar Westerlund <assar@sics.se> 2465 2466 * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'. 2467 Change encryption type of pa_enc_timestamp to DES-CBC-MD5 2468 2469 * lib/krb5/context.c: recognize all encryption types actually 2470 implemented 2471 2472 * lib/krb5/auth_context.c (krb5_auth_con_init): Change default 2473 encryption type to `DES_CBC_MD5' 2474 2475 * lib/krb5/read_message.c, write_message.c: new files 2476 2477 Tue Jul 15 17:14:21 1997 Assar Westerlund <assar@sics.se> 2478 2479 * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'. 2480 2481 * lib/error/compile_et.awk: generate a prototype for the 2482 `destroy_foo_error_table' function. 2483 2484 Mon Jul 14 12:24:40 1997 Assar Westerlund <assar@sics.se> 2485 2486 * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also 2487 with `kerberos.REALM' 2488 2489 * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use 2490 `max_skew' 2491 2492 * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator 2493 subkey 2494 2495 * lib/krb5/build_auth.c (krb5_build_authenticator): always 2496 generate a subkey. 2497 2498 * lib/krb5/address.c: implement `krb5_address_order' 2499 2500 * lib/gssapi/import_name.c: Implement `gss_import_name' 2501 2502 * lib/gssapi/external.c: Use new OID 2503 2504 * lib/gssapi/encapsulate.c: New functions 2505 `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed 2506 callers. 2507 2508 * lib/gssapi/decapsulate.c: New function 2509 `gssaspi_krb5_verify_header'. Changed callers. 2510 2511 * lib/asn1/gen*.c: Give tags to generated structs. 2512 Use `err' and `asprintf' 2513 2514 * appl/test/gss_common.c: new file 2515 2516 * appl/test/gssapi_server.c: removed all krb5 calls 2517 2518 * appl/telnet/libtelnet/kerberos5.c: Add support for genering and 2519 verifying checksums. Also start using session subkeys. 2520 2521 Mon Jul 14 12:08:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2522 2523 * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up. 2524 2525 Sun Jul 13 03:07:44 1997 Assar Westerlund <assar@sics.se> 2526 2527 * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT 2528 2529 * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and 2530 `DES_encrypt_key_ivec' 2531 2532 * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des 2533 2534 * kdc/kerberos5.c (tgs_rep): support keyed checksums 2535 2536 * lib/krb5/creds.c: new file 2537 2538 * lib/krb5/get_in_tkt.c: better freeing 2539 2540 * lib/krb5/context.c (krb5_free_context): more freeing 2541 2542 * lib/krb5/config_file.c: New function `krb5_config_file_free' 2543 2544 * lib/error/compile_et.awk: Generate a `destroy_' function. 2545 2546 * kuser/kinit.c, klist.c: Don't leak memory. 2547 2548 Sun Jul 13 02:46:27 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2549 2550 * kdc/connect.c: Check filedescriptor in select. 2551 2552 * kdc/kerberos5.c: Remove most of the most common memory leaks. 2553 2554 * lib/krb5/rd_req.c: Free allocated data. 2555 2556 * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of 2557 fields. 2558 2559 Sun Jul 13 00:32:16 1997 Assar Westerlund <assar@sics.se> 2560 2561 * appl/telnet: Conditionalize the krb4-support. 2562 2563 * configure.in: Test for krb4 2564 2565 Sat Jul 12 17:14:12 1997 Assar Westerlund <assar@sics.se> 2566 2567 * kdc/kerberos5.c: check if the pre-auth was decrypted properly. 2568 set the `pre_authent' flag 2569 2570 * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce. 2571 2572 * lib/krb5/encrypt.c: Made `generate_random_block' global. 2573 2574 * appl/test: Added gssapi_client and gssapi_server. 2575 2576 * lib/krb5/data.c: Add `krb5_data_zero' 2577 2578 * appl/test/tcp_client.c: try `mk_safe' and `mk_priv' 2579 2580 * appl/test/tcp_server.c: try `rd_safe' and `rd_priv' 2581 2582 Sat Jul 12 16:45:58 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2583 2584 * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but 2585 returns zero length from SIOCGIFCONF. 2586 2587 Sat Jul 12 16:38:34 1997 Assar Westerlund <assar@sics.se> 2588 2589 * appl/test: new programs 2590 2591 * lib/krb5/rd_req.c: add address compare 2592 2593 * lib/krb5/mk_req_ext.c: allow no checksum 2594 2595 * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string 2596 2597 * lib/krb5/address.c: fix `krb5_address_compare' 2598 2599 Sat Jul 12 15:03:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2600 2601 * lib/krb5/get_addrs.c: Fix ip4 address extraction. 2602 2603 * kuser/klist.c: Add verbose flag, and split main into smaller 2604 pieces. 2605 2606 * lib/krb5/fcache.c: Save ticket flags. 2607 2608 * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and 2609 flags. 2610 2611 * lib/krb5/krb5.h: Add ticket_flags to krb5_creds. 2612 2613 Sat Jul 12 13:12:48 1997 Assar Westerlund <assar@sics.se> 2614 2615 * configure.in: Call `AC_KRB_PROG_LN_S' 2616 2617 * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4 2618 2619 Sat Jul 12 00:57:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2620 2621 * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to 2622 pass options. 2623 2624 Fri Jul 11 15:04:22 1997 Assar Westerlund <assar@sics.se> 2625 2626 * appl/telnet: telnet & telnetd seems to be working. 2627 2628 * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed 2629 krb5_config_vget_next 2630 2631 * appl/telnet/libtelnet/kerberos5.c: update to current API 2632 2633 Thu Jul 10 14:54:39 1997 Assar Westerlund <assar@sics.se> 2634 2635 * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call 2636 `krb5_kuserok' 2637 2638 * appl/telnet: Added. 2639 2640 Thu Jul 10 05:09:25 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2641 2642 * lib/error/compile_et.awk: Remove usage of sub, gsub, and 2643 functions for compatibility with awk. 2644 2645 * include/bits.c: Must use signed char. 2646 2647 * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets 2648 here. 2649 2650 * lib/error/error.c: Replace krb5_get_err_text with new function 2651 com_right. 2652 2653 * lib/error/compile_et.awk: Avoid using static variables. 2654 2655 * lib/error/error.c: Don't use krb5_locl.h 2656 2657 * lib/error/error.h: Move definitions of error_table and 2658 error_list from krb5.h. 2659 2660 * lib/error: Moved from lib/krb5. 2661 2662 Wed Jul 9 07:42:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2663 2664 * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data. 2665 2666 Wed Jul 9 06:58:00 1997 Assar Westerlund <assar@sics.se> 2667 2668 * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff 2669 according to pseudocode from 1510 2670 2671 Wed Jul 9 06:06:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2672 2673 * lib/hdb/hdb.c: Add hdb_etype2key. 2674 2675 * kdc/kerberos5.c: Check authenticator. Use more general etype 2676 functions. 2677 2678 Wed Jul 9 03:51:12 1997 Assar Westerlund <assar@sics.se> 2679 2680 * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to 2681 draft-ietf-cat-kerberos-r-00.txt 2682 2683 * lib/krb5/principal.c (krb5_parse_name): default to local realm 2684 if none given 2685 2686 * kuser/kinit.c: New option `-p' and prompt 2687 2688 Wed Jul 9 02:30:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2689 2690 * lib/krb5/keyblock.c: Keyblock generation functions. 2691 2692 * lib/krb5/encrypt.c: Use functions from checksum.c. 2693 2694 * lib/krb5/checksum.c: Move checksum functions here. Add 2695 krb5_cksumsize function. 2696 2697 Wed Jul 9 01:15:38 1997 Assar Westerlund <assar@sics.se> 2698 2699 * lib/krb5/get_host_realm.c: implemented 2700 2701 * lib/krb5/config_file.c: Redid part. New functions: 2702 krb5_config_v?get_next 2703 2704 * kuser/kdestroy.c: new program 2705 2706 * kuser/kinit.c: new flag `-f' 2707 2708 * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress 2709 2710 * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN 2711 2712 * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all 2713 users. 2714 2715 * lib/krb5/get_addrs.c: figure out all local addresses, possibly 2716 even IPv6! 2717 2718 * lib/krb5/checksum.c: table-driven checksum 2719 2720 Mon Jul 7 21:13:28 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2721 2722 * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as 2723 krb5_encrypt. 2724 2725 Mon Jul 7 11:15:51 1997 Assar Westerlund <assar@sics.se> 2726 2727 * lib/roken/vsyslog.c: new file 2728 2729 * lib/krb5/encrypt.c: add des-cbc-md4. 2730 adjust krb5_encrypt and krb5_decrypt to reality 2731 2732 Mon Jul 7 02:46:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2733 2734 * lib/krb5/encrypt.c: Implement as a vector of function pointers. 2735 2736 * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and 2737 des-cbc-md5 in separate functions. 2738 2739 * lib/krb5/krb5.h: Add more checksum and encryption types. 2740 2741 * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt. 2742 2743 Sun Jul 6 23:02:59 1997 Assar Westerlund <assar@sics.se> 2744 2745 * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files 2746 2747 * lib/krb5/config_file.[ch]: new c-based configuration reading 2748 stuff 2749 2750 Wed Jul 2 23:12:56 1997 Assar Westerlund <assar@sics.se> 2751 2752 * configure.in: Set WFLAGS if using gcc 2753 2754 Wed Jul 2 17:47:03 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2755 2756 * lib/asn1/der_put.c (der_put_int): Return size correctly. 2757 2758 * admin/ank.c: Be compatible with the asn1 principal format. 2759 2760 Wed Jul 1 23:52:20 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2761 2762 * lib/asn1: Now all decode_* and encode_* functions now take a 2763 final size_t* argument, that they return the size in. Return 2764 values are zero for success, and anything else (such as some 2765 ASN1_* constant) for error. 2766 2767 Mon Jun 30 06:08:14 1997 Assar Westerlund <assar@sics.se> 2768 2769 * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to 2770 O_WRONLY | O_APPEND 2771 2772 * lib/krb5/get_cred.c: removed stale prototype for 2773 `extract_ticket' and corrected call. 2774 2775 * lib/asn1/gen_length.c (length_type): Make the length functions 2776 for SequenceOf non-destructive 2777 2778 * admin/ank.c (doit): Fix reading of `y/n'. 2779 2780 Mon Jun 16 05:41:43 1997 Assar Westerlund <assar@sics.se> 2781 2782 * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number 2783 2784 * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number. 2785 2786 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set 2787 KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum. 2788 2789 * lib/gssapi/8003.c: New file. 2790 2791 * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1 2792 Authenticator. 2793 2794 * lib/krb5/auth_context.c: New functions 2795 `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber' 2796 2797 Tue Jun 10 00:35:54 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2798 2799 * lib/krb5: Preapre for use of some asn1-types. 2800 2801 * lib/asn1/*.c (copy_*): Constness. 2802 2803 * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an 2804 octet_string. 2805 2806 * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * -> 2807 general_string 2808 2809 * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't 2810 have anything to do with asn1_compile. 2811 2812 * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes. 2813 2814 Sun Jun 8 03:51:55 1997 Assar Westerlund <assar@sics.se> 2815 2816 * kdc/kerberos5.c: Fix PA-ENC-TS-ENC 2817 2818 * kdc/connect.c(process_request): Set `new' 2819 2820 * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way. 2821 2822 * lib: Added editline,sl,roken. 2823 2824 Mon Jun 2 00:37:48 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2825 2826 * lib/krb5/fcache.c: Move file cache from cache.c. 2827 2828 * lib/krb5/cache.c: Allow more than one cache type. 2829 2830 Sun Jun 1 23:45:33 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2831 2832 * admin/extkeytab.c: Merged with kdb_edit. 2833 2834 Sun Jun 1 23:23:08 1997 Assar Westerlund <assar@sics.se> 2835 2836 * kdc/kdc.c: more support for ENC-TS-ENC 2837 2838 * lib/krb5/get_in_tkt.c: redone to enable pre-authentication 2839 2840 Sun Jun 1 22:45:11 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2841 2842 * lib/hdb/db.c: Merge fetch and store. 2843 2844 * admin: Merge to one program. 2845 2846 * lib/krb5/str2key.c: Fill in keytype and length. 2847 2848 Sun Jun 1 16:31:23 1997 Assar Westerlund <assar@sics.se> 2849 2850 * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c, 2851 lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for 2852 KRB5_AUTH_CONTEXT_DO_SEQUENCE 2853 2854 * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an 2855 KRB_ERROR. Some support for PA_ENC_TS_ENC. 2856 2857 * lib/krb5/auth_context.c: implemented seq_number functions 2858 2859 * lib/krb5/generate_subkey.c, generate_seq_number.c: new files 2860 2861 * lib/gssapi/gssapi.h: avoid including <krb5.h> 2862 2863 * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake 2864 happy 2865 2866 * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP 2867 2868 * configure.in: adapted to automake 1.1p 2869 2870 Mon May 26 22:26:21 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2871 2872 * lib/krb5/principal.c: Add contexts to many functions. 2873 2874 Thu May 15 20:25:37 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2875 2876 * lib/krb5/verify_user.c: First stab at a verify user. 2877 2878 * lib/auth/sia/sia5.c: SIA module for Kerberos 5. 2879 2880 Mon Apr 14 00:09:03 1997 Assar Westerlund <assar@sics.se> 2881 2882 * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be 2883 able to (mostly) run gss-client and gss-server. 2884 2885 * lib/krb5/keytab.c: implemented krb5_kt_add_entry, 2886 krb5_kt_store_principal, krb5_kt_store_keyblock 2887 2888 * lib/des/md5.[ch], sha.[ch]: new files 2889 2890 * lib/asn1/der_get.c (generalizedtime2time): use `timegm' 2891 2892 * lib/asn1/timegm.c: new file 2893 2894 * admin/extkeytab.c: new program 2895 2896 * admin/admin_locl.h: new file 2897 2898 * admin/Makefile.am: Added extkeytab 2899 2900 * configure.in: moved config to include 2901 removed timezone garbage 2902 added lib/gssapi and admin 2903 2904 * Makefile.am: Added admin 2905 2906 Mon Mar 17 11:34:05 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2907 2908 * kdc/kdc.c: Use new copying functions, and free some data. 2909 2910 * lib/asn1/Makefile.am: Try to not always rebuild generated files. 2911 2912 * lib/asn1/der_put.c: Add fix_dce(). 2913 2914 * lib/asn1/der_{get,length,put}.c: Fix include files. 2915 2916 * lib/asn1/der_free.c: Remove unused functions. 2917 2918 * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free, 2919 gen_length, and gen_copy. 2920 2921 Sun Mar 16 18:13:52 1997 Assar Westerlund <assar@sics.se> 2922 2923 * lib/krb5/sendauth.c: implemented functionality 2924 2925 * lib/krb5/rd_rep.c: Use `krb5_decrypt' 2926 2927 * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' == 2928 NULL 2929 2930 * lib/krb5/principal.c (krb5_free_principal): added `context' 2931 argument. Changed all callers. 2932 2933 (krb5_sname_to_principal): new function 2934 2935 * lib/krb5/auth_context.c (krb5_free_authenticator): add `context' 2936 argument. Changed all callers 2937 2938 * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files 2939 2940 * lib/asn1/gen.c: Fix encoding and decoding of BitStrings 2941 2942 Fri Mar 14 11:29:00 1997 Assar Westerlund <assar@sics.se> 2943 2944 * configure.in: look for *dbm? 2945 2946 * lib/asn1/gen.c: Fix filename in generated files. Check fopens. 2947 Put trailing newline in asn1_files. 2948 2949 Fri Mar 14 05:06:44 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2950 2951 * lib/krb5/get_in_tkt.c: Fix some memory leaks. 2952 2953 * lib/krb5/krbhst.c: Properly free hostlist. 2954 2955 * lib/krb5/decrypt.c: CRCs are 32 bits. 2956 2957 Fri Mar 14 04:39:15 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2958 2959 * lib/asn1/gen.c: Generate one file for each type. 2960 2961 Fri Mar 14 04:13:47 1997 Assar Westerlund <assar@sics.se> 2962 2963 * lib/asn1/gen.c: Generate `length_FOO' functions 2964 2965 * lib/asn1/der_length.c: new file 2966 2967 * kuser/klist.c: renamed stime -> printable_time to avoid conflict 2968 on HP/UX 2969 2970 Fri Mar 14 03:37:23 1997 Johan Danielsson <joda@emma.pdc.kth.se> 2971 2972 * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free 2973 datums. Don't add .db to filename. 2974 2975 Fri Mar 14 02:49:51 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2976 2977 * kdc/dump.c: Database dump program. 2978 2979 * kdc/ank.c: Trivial database editing program. 2980 2981 * kdc/{kdc.c, load.c}: Use libhdb. 2982 2983 * lib/hdb: New database routine library. 2984 2985 * lib/krb5/error/Makefile.am: Add hdb_err. 2986 2987 Wed Mar 12 17:41:14 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 2988 2989 * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support. 2990 2991 * lib/asn1/gen.c: Generate free functions. 2992 2993 * Some specific free functions. 2994 2995 Wed Mar 12 12:30:13 1997 Assar Westerlund <assar@sics.se> 2996 2997 * lib/krb5/krb5_mk_req_ext.c: new file 2998 2999 * lib/asn1/gen.c: optimize the case with a simple type 3000 3001 * lib/krb5/get_cred.c (krb5_get_credentials): Use 3002 `mk_req_extended' and remove old code. 3003 3004 * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an 3005 EncASRepPart, then with an EncTGSRepPart. 3006 3007 Wed Mar 12 08:26:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3008 3009 * lib/krb5/store_emem.c: New resizable memory storage. 3010 3011 * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c 3012 3013 * lib/krb5/krb5.h: Add free entry to krb5_storage. 3014 3015 * lib/krb5/decrypt.c: Make keyblock const. 3016 3017 Tue Mar 11 20:22:17 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3018 3019 * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket. 3020 3021 * lib/krb5/rd_req.c: Return whole asn.1 ticket in 3022 krb5_ticket->tkt. 3023 3024 * lib/krb5/get_in_tkt.c: TGS -> AS 3025 3026 * kuser/kfoo.c: Print error string rather than number. 3027 3028 * kdc/kdc.c: Some kind of non-working TGS support. 3029 3030 Mon Mar 10 01:43:22 1997 Assar Westerlund <assar@sics.se> 3031 3032 * lib/asn1/gen.c: reduced generated code by 1/5 3033 3034 * lib/asn1/der_put.c: (der_put_length_and_tag): new function 3035 3036 * lib/asn1/der_get.c (der_match_tag_and_length): new function 3037 3038 * lib/asn1/der.h: added prototypes 3039 3040 Mon Mar 10 01:15:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3041 3042 * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for 3043 krb5_rd_req_with_keyblock. 3044 3045 * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that 3046 takes a precomputed keyblock. 3047 3048 * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code. 3049 3050 * lib/krb5/mk_req.c: Calculate checksum of in_data. 3051 3052 Sun Mar 9 21:17:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3053 3054 * lib/krb5/error/compile_et.awk: Add a declaration of struct 3055 error_list, and multiple inclusion block to header files. 3056 3057 Sun Mar 9 21:01:12 1997 Assar Westerlund <assar@sics.se> 3058 3059 * lib/krb5/rd_req.c: do some checks on times 3060 3061 * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c, 3062 address.c}: new files 3063 3064 * lib/krb5/auth_context.c: more code 3065 3066 * configure.in: try to figure out timezone 3067 3068 Sat Mar 8 11:41:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3069 3070 * lib/krb5/error/error.c: Try strerror if error code wasn't found. 3071 3072 * lib/krb5/get_in_tkt.c: Remove realm parameter from 3073 krb5_get_salt. 3074 3075 * lib/krb5/context.c: Initialize error table. 3076 3077 * kdc: The beginnings of a kdc. 3078 3079 Sat Mar 8 08:16:28 1997 Assar Westerlund <assar@sics.se> 3080 3081 * lib/krb5/rd_safe.c: new file 3082 3083 * lib/krb5/checksum.c (krb5_verify_checksum): New function 3084 3085 * lib/krb5/get_cred.c: use krb5_create_checksum 3086 3087 * lib/krb5/checksum.c: new file 3088 3089 * lib/krb5/store.c: no more arithmetic with void* 3090 3091 * lib/krb5/cache.c: now seems to work again 3092 3093 Sat Mar 8 06:58:09 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3094 3095 * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5. 3096 3097 * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c. 3098 3099 * lib/krb5/asn1_glue.c: Moved some asn1-stuff here. 3100 3101 * lib/krb5/{cache,keytab}.c: Use new storage functions. 3102 3103 * lib/krb5/krb5.h: Protypes for new storage functions. 3104 3105 * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write 3106 data to more than file descriptors. 3107 3108 Sat Mar 8 01:01:17 1997 Assar Westerlund <assar@sics.se> 3109 3110 * lib/krb5/encrypt.c: New file. 3111 3112 * lib/krb5/Makefile.am: More -I 3113 3114 * configure.in: Test for big endian, random, rand, setitimer 3115 3116 * lib/asn1/gen.c: perhaps even decodes bitstrings 3117 3118 Thu Mar 6 19:05:29 1997 Johan Danielsson <joda@blubb.pdc.kth.se> 3119 3120 * lib/krb5/config_file.y: Better return values on error. 3121 3122 Sat Feb 8 15:59:56 1997 Assar Westerlund <assar@pdc.kth.se> 3123 3124 * lib/asn1/parse.y: ifdef HAVE_STRDUP 3125 3126 * lib/asn1/lex.l: ifdef strdup 3127 brange-dead version of list of special characters to make stupid 3128 lex accept it. 3129 3130 * lib/asn1/gen.c: A DER integer should really be a `unsigned' 3131 3132 * lib/asn1/der_put.c: A DER integer should really be a `unsigned' 3133 3134 * lib/asn1/der_get.c: A DER integer should really be a `unsigned' 3135 3136 * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is 3137 needed. 3138 3139 * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c, 3140 lib/krb/store.h: new files. 3141 3142 * lib/krb5/keytab.c: now even with some functionality. 3143 3144 * lib/asn1/gen.c: changed paramater from void * to Foo * 3145 3146 * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty 3147 string. 3148 3149 Sun Jan 19 06:17:39 1997 Assar Westerlund <assar@pdc.kth.se> 3150 3151 * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in 3152 cc before getting new ones. 3153 3154 * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype. 3155 3156 * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the 3157 CRC should be stored LSW first. (?) 3158 3159 * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and 3160 `krb5_free_keyblock' 3161 3162 * lib/**/Makefile.am: Rename foo libfoo.a 3163 3164 * include/Makefile.in: Use test instead of [ 3165 -e does not work with /bin/sh on psoriasis 3166 3167 * configure.in: Search for awk 3168 create lib/krb/error/compile_et 3169 3170 Tue Jan 14 03:46:26 1997 Assar Westerlund <assar@pdc.kth.se> 3171 3172 * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c 3173 3174 Wed Dec 18 00:53:55 1996 Johan Danielsson <joda@emma.pdc.kth.se> 3175 3176 * kuser/kinit.c: Guess principal. 3177 3178 * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some 3179 warnings. 3180 3181 * lib/krb5/error/asn1_err.et: Add ASN.1 error messages. 3182 3183 * lib/krb5/mk_req.c: Get client from cache. 3184 3185 * lib/krb5/cache.c: Add better error checking some useful return 3186 values. 3187 3188 * lib/krb5/krb5.h: Fix krb5_auth_context. 3189 3190 * lib/asn1/der.h: Make krb5_data compatible with krb5.h 3191 3192 Tue Dec 17 01:32:36 1996 Johan Danielsson <joda@emma.pdc.kth.se> 3193 3194 * lib/krb5/error: Add primitive error library. 3195 3196 Mon Dec 16 16:30:20 1996 Johan Danielsson <joda@emma.pdc.kth.se> 3197 3198 * lib/krb5/cache.c: Get correct address type from cache. 3199 3200 * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1. 3201