1 1999-07-26 Assar Westerlund <assar@sics.se>
5 1999-07-26 Assar Westerlund <assar@sics.se>
7 * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t
9 * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t
11 * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t
13 * lib/krb5/store.c: lots of changes from size_t to ssize_t
14 (krb5_ret_stringz): check return value from realloc
16 * lib/krb5/mk_safe.c: some type correctness
18 * lib/krb5/mk_priv.c: some type correctness
20 * lib/krb5/krb5.h (krb5_storage): change return values of
21 functions from size_t to ssize_t
23 1999-07-24 Assar Westerlund <assar@sics.se>
27 * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
28 in lib/roken/roken.awk
30 * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
31 step over addresses if there's no `sa_lan' field
33 * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
34 using `struct sockaddr_storage'
36 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
37 `struct sockaddr_storage'
39 * lib/krb5/changepw.c (krb5_change_password): simplify by using
40 `struct sockaddr_storage'
42 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
43 simplify by using `struct sockaddr_storage'
45 * kpasswd/kpasswdd.c (*): simplify by using `struct
48 * kdc/connect.c (*): simplify by using `struct sockaddr_storage'
50 * configure.in (sa_family_t): just test for existence
51 (sockaddr_storage): also specify include file
53 * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
54 (sa_family_t): test for
55 (struct sockaddr_storage): test for
57 * kdc/hprop.c (propagate_database): typo, NULL should be
60 * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
63 * appl/kf/kf.c (main): use warnx
65 * appl/kf/kf.c (proto): remove shadowing context
67 * lib/krb5/get_addrs.c (find_all_addresses): try to handle the
68 case of getting back an `sockaddr_in6' address when sizeof(struct
69 sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
70 tell us how large the address is. This obviously doesn't work
71 with unknown protocol types.
73 1999-07-24 Assar Westerlund <assar@sics.se>
77 1999-07-23 Assar Westerlund <assar@sics.se>
79 * appl/kf/kfd.c: clean-up and more paranoia
81 * etc/services.append: add kf
83 * appl/kf/kf.c: rename tk_file to ccache for consistency. clean-up
85 1999-07-22 Assar Westerlund <assar@sics.se>
87 * lib/krb5/n-fold-test.c (main): print the correct data
89 * appl/Makefile.am (SUBDIRS): add kf
91 * appl/kf: new program. From Miroslav Ruda <ruda@ics.muni.cz>
93 * kdc/hprop.c: declare some variables unconditionally to simplify
96 * kpasswd/kpasswdd.c: initialize kadm5 connection for every change
97 (otherwise the modifier in the database doesn't get set)
99 * kdc/hpropd.c: clean-up and re-organize
101 * kdc/hprop.c: clean-up and re-organize
103 * configure.in (SunOS): define to xy for SunOS x.y
105 1999-07-19 Assar Westerlund <assar@sics.se>
107 * configure.in (AC_BROKEN): test for copyhostent, freehostent,
108 getipnodebyaddr, getipnodebyname
110 1999-07-15 Assar Westerlund <assar@sics.se>
112 * lib/asn1/check-der.c: more test cases for integers
114 * lib/asn1/der_length.c (length_int): handle the case of the
115 largest negative integer by not calling abs
117 1999-07-14 Assar Westerlund <assar@sics.se>
119 * lib/asn1/check-der.c (generic_test): check malloc return value
122 * lib/krb5/Makefile.am: add string_to_key_test
124 * lib/krb5/prog_setup.c (krb5_program_setup): always initialize
127 * lib/krb5/n-fold-test.c (main): return a relevant return value
129 * lib/krb5/krbhst.c: do SRV lookups for admin server as well.
132 1999-07-12 Assar Westerlund <assar@sics.se>
134 * configure.in: handle not building X programs
136 1999-07-06 Assar Westerlund <assar@sics.se>
138 * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
140 (ipv6_sockaddr2port): fix typo
142 * etc/services.append: beginning of a file with services
144 * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
145 there's no prefix. also clean-up a little bit.
147 * kdc/hprop.c (--kaspecials): new flag for handling special KA
148 server entries. From "Brandon S. Allbery KF8NH"
149 <allbery@kf8nh.apk.net>
151 1999-07-05 Assar Westerlund <assar@sics.se>
153 * kdc/connect.c (handle_tcp): make sure we have data before
154 starting to look for HTTP
156 * kdc/connect.c (handle_tcp): always do getpeername, we can't
157 trust recvfrom to return anything sensible
159 1999-07-04 Assar Westerlund <assar@sics.se>
161 * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
164 * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry
166 * admin/srvconvert.c (srvconv): better error messages
168 1999-07-03 Assar Westerlund <assar@sics.se>
170 * lib/krb5/principal.c (unparse_name): error check malloc properly
172 * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
175 * lib/krb5/crypto.c (*): do some malloc return-value checks
178 * lib/hdb/hdb.c (hdb_process_master_key): simplify by using
181 * lib/hdb/hdb.c (hdb_process_master_key): check return value from
184 * lib/asn1/gen_decode.c (decode_type): fix generation of decoding
185 information for TSequenceOf.
187 * kdc/kerberos5.c (get_pa_etype_info): check return value from
190 1999-07-02 Assar Westerlund <assar@sics.se>
192 * lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
193 0 and malloc returns NULL
195 1999-06-29 Assar Westerlund <assar@sics.se>
197 * lib/krb5/addr_families.c (ipv6_parse_addr): implement
199 1999-06-24 Assar Westerlund <assar@sics.se>
201 * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
204 * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
206 (krb5_auth_context): add local and remote port
208 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
209 local and remote address and add them to the krb-cred packet
211 * lib/krb5/auth_context.c: save the local and remove ports in the
214 * lib/krb5/address.c (krb5_make_addrport): create an address of
215 type KRB5_ADDRESS_ADDRPORT from (addr, port)
217 * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
218 grabbing the port number out of the sockaddr
220 1999-06-23 Assar Westerlund <assar@sics.se>
222 * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
223 increase possible verbosity.
225 * lib/krb5/config_file.c (parse_list): handle blank lines at
228 * kdc/connect.c (add_port_string): don't return a value
230 * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
231 cache if the principals are different. close and NULL the old one
232 so that we create a new one.
234 * configure.in: move around cgywin et al
235 (LIB_kdb): set at the end of krb4-block
236 (krb4): test for krb_enable_debug and krb_disable_debug
238 1999-06-16 Assar Westerlund <assar@sics.se>
240 * kuser/kdestroy.c (main): try to destroy v4 ticket even if the
241 destruction of the v5 one fails
243 * lib/krb5/crypto.c (DES3_postproc): new version that does the
245 (*): don't put and recover length in 3DES encoding
248 1999-06-15 Assar Westerlund <assar@sics.se>
250 * lib/krb5/get_default_principal.c: rewrite to use
253 * lib/krb5/Makefile.am: add n-fold-test
255 * kdc/connect.c: add fallbacks for all lookups by service name
256 (handle_tcp): break-up and clean-up
258 1999-06-09 Assar Westerlund <assar@sics.se>
260 * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
261 the loopback address as uninteresting
263 * lib/krb5/get_addrs.c: new magic flag to get loopback address if
264 there are no other addresses.
265 (krb5_get_all_client_addrs): use that flag
267 1999-06-04 Assar Westerlund <assar@sics.se>
269 * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
271 (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
272 (encrypt_internal_derived): don't include the length and don't
273 decrease by the checksum size twice
274 (_get_derived_key): the constant should be 5 bytes
276 1999-06-02 Johan Danielsson <joda@pdc.kth.se>
278 * configure.in: use KRB_CHECK_X
280 * configure.in: check for netinet/ip.h
282 1999-05-31 Assar Westerlund <assar@sics.se>
284 * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
287 1999-05-23 Assar Westerlund <assar@sics.se>
289 * appl/test/uu_server.c: removed unused stuff
291 * appl/test/uu_client.c: removed unused stuff
293 1999-05-21 Assar Westerlund <assar@sics.se>
295 * kuser/kgetcred.c (main): correct error message
297 * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
298 directly, avoiding redundant lookups and memory leaks
300 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
301 local and remote addresses
303 * lib/krb5/get_default_principal.c (get_logname): also try
306 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)
308 * lib/krb5/principal.c (USE_RESOLVER): try to define only if we
309 have a libresolv (currently by checking for res_search)
311 1999-05-18 Johan Danielsson <joda@pdc.kth.se>
313 * kdc/connect.c (handle_tcp): remove %-escapes in request
315 1999-05-14 Assar Westerlund <assar@sics.se>
319 * admin/ktutil.c (kt_remove): -t should be -e
321 * configure.in (CHECK_NETINET_IP_AND_TCP): use
323 * kdc/hpropd.c: support for dumping to krb4. From Miroslav Ruda
326 * admin/ktutil.c (kt_add): new option `--no-salt'. From Miroslav
327 Ruda <ruda@ics.muni.cz>
329 * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
330 and innetgr with roken versions
332 * kuser/kgetcred.c: new program
334 Tue May 11 14:09:33 1999 Johan Danielsson <joda@pdc.kth.se>
336 * lib/krb5/mcache.c: fix paste-o
338 1999-05-10 Johan Danielsson <joda@pdc.kth.se>
340 * configure.in: don't use uname
342 1999-05-10 Assar Westerlund <assar@sics.se>
344 * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
347 * appl/test/uu_server.c (setsockopt): cast to get rid of a warning
349 * appl/test/tcp_server.c (setsockopt): cast to get rid of a
352 * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
355 * appl/test/gssapi_server.c (setsockopt): cast to get rid of a
358 * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
359 setting the default ccache.
361 * configure.in (getsockopt, setsockopt): test for
362 (AM_INIT_AUTOMAKE): bump version to 0.1g
364 * appl/Makefile.am (SUBDIRS): add kx
366 * lib/hdb/convert_db.c (main): handle the case of no master key
368 1999-05-09 Assar Westerlund <assar@sics.se>
372 * kuser/kinit.c: add --noaddresses
374 * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
375 empty sit of list as to not ask for any addresses.
377 1999-05-08 Assar Westerlund <assar@sics.se>
379 * acconfig.h (_GNU_SOURCE): define this to enable (used)
380 extensions on glibc-based systems such as linux
382 1999-05-03 Assar Westerlund <assar@sics.se>
384 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
385 `*out_creds' properly
387 * lib/krb5/creds.c (krb5_compare_creds): just verify that the
388 keytypes/enctypes are compatible, not that they are the same
390 * kuser/kdestroy.c (cache): const-correctness
392 1999-05-03 Johan Danielsson <joda@pdc.kth.se>
394 * lib/hdb/hdb.c (hdb_set_master_key): initialise master key
397 * lib/hdb/convert_db.c: add support for upgrading database
400 * kdc/misc.c: add flags to fetch
402 * kdc/kstash.c: unlink keyfile on failure, chmod to 400
404 * kdc/hpropd.c: add --print option
406 * kdc/hprop.c: pass flags to hdb_foreach
408 * lib/hdb/convert_db.c: add some flags
410 * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
411 build prototype headers
413 * lib/hdb/hdb_locl.h: update prototypes
415 * lib/hdb/print.c: move printable version of entry from kadmin
417 * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
418 sealed or not; add flags to hdb_foreach
420 * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
423 * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey
425 * lib/hdb/common.c: add flags to _hdb_{fetch,store}
427 * lib/hdb/hdb.h: add master_key_version to struct hdb, update
430 * lib/hdb/hdb.asn1: make mkvno optional, update version to 2
432 * configure.in: --enable-netinfo
434 * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO
436 * config.sub: fix for crays
438 * config.guess: new version from automake 1.4
440 * config.sub: new version from automake 1.4
442 Wed Apr 28 00:21:17 1999 Assar Westerlund <assar@sics.se>
446 * lib/krb5/mcache.c (mcc_get_next): get the current cursor
449 * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
450 From Ake Sandgren <ake@cs.umu.se>
452 1999-04-27 Johan Danielsson <joda@pdc.kth.se>
454 * kdc/kerberos5.c: fix arguments to decrypt_ticket
456 1999-04-25 Assar Westerlund <assar@sics.se>
458 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
459 DCE secd's that are not able to handle MD5 checksums by defaulting
460 to MD4 if the keytype was DES-CBC-CRC
462 * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype
464 * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
467 * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
469 (init_tgs_req): add all supported enctypes for the keytype in
470 `in_creds->session.keytype' if it's set
472 * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
474 (do_checksum): new function
475 (verify_checksum): take the checksum to use from the checksum message
476 and not from the crypto struct
477 (etypes): add F_PSEUDO flags
478 (krb5_keytype_to_enctypes): new function
480 * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
482 (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
483 (krb5_auth_setkeytype, krb5_auth_getkeytype): implement
484 (krb5_auth_setenctype): comment out, it's rather bogus anyway
486 Sun Apr 25 16:55:50 1999 Johan Danielsson <joda@pdc.kth.se>
488 * lib/krb5/krb5_locl.h: fix for stupid aix warnings
490 * lib/krb5/fcache.c (erase_file): don't malloc
492 Sat Apr 24 18:35:21 1999 Johan Danielsson <joda@pdc.kth.se>
494 * kdc/config.c: pass context to krb5_config_file_free
496 * kuser/kinit.c: add `--fcache-version' to set cache version to
499 * kuser/klist.c: print cache version if verbose
501 * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort
503 * lib/krb5/principal.c: abort -> krb5_abortx
505 * lib/krb5/mk_rep.c: abort -> krb5_abortx
507 * lib/krb5/config_file.c: abort -> krb5_abortx
509 * lib/krb5/context.c (init_context_from_config_file): init
510 fcache_version; add krb5_{get,set}_fcache_version
512 * lib/krb5/keytab.c: add support for reading (and writing?) old
515 * lib/krb5/cache.c: add krb5_cc_get_version
517 * lib/krb5/fcache.c: add support for reading and writing old
520 * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags
522 * lib/krb5/store_emem.c (krb5_storage_emem): zero flags
524 * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags
526 * lib/krb5/store.c: add flags to change how various fields are
527 stored, used for old cache version support
529 * lib/krb5/krb5.h: add support for reading and writing old version
530 cache files, and keytabs
532 Wed Apr 21 00:09:26 1999 Assar Westerlund <assar@sics.se>
534 * configure.in: fix test for readline.h remember to link with
535 $LIB_tgetent when trying linking with readline
537 * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
538 is given, request a postdated ticket.
540 * lib/krb5/data.c (krb5_data_free): free data as long as it's not
543 Tue Apr 20 20:18:14 1999 Assar Westerlund <assar@sics.se>
545 * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen
547 * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add
549 * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
550 KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
553 Tue Apr 20 12:42:08 1999 Johan Danielsson <joda@hella.pdc.kth.se>
555 * kpasswd/kpasswdd.c: don't try to load library by default; get
556 library and function name from krb5.conf
558 * kpasswd/sample_passwd_check.c: sample password checking
561 Mon Apr 19 22:22:19 1999 Assar Westerlund <assar@sics.se>
563 * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
564 krb5_data_alloc and be careful with checking allocation and sizes.
566 * kuser/klist.c (--tokens): conditionalize on KRB4
568 * kuser/kinit.c (renew_validate): set all flags
569 (main): fix cut-n-paste error when setting start-time
571 * kdc/kerberos5.c (check_tgs_flags): starttime of a validate
572 ticket should be > than current time
573 (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket
575 * kuser/kinit.c (renew_validate): use the client realm instead of
576 the local realm when renewing tickets.
578 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
579 (krb5_get_forwarded_creds): correct freeing of out_creds
581 * kuser/kinit.c (renew_validate): hopefully fix up freeing of
584 * configure.in: do all the krb4 tests with "$krb4" != "no"
586 * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
587 keyvalue if it's NULL. noticed by Ake Sandgren <ake@cs.umu.se>
589 * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
590 instead of just taking the first one. fix all callers. From
591 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
593 * kdc/kdc_locl.h (enable_kaserver): declaration
595 * kdc/hprop.c (ka_convert): print the failing principal. AFS 3.4a
596 creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around. From
597 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
599 * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning
601 * kdc/connect.c (add_standard_ports, process_request): look at
602 enable_kaserver. From "Brandon S. Allbery KF8NH"
603 <allbery@kf8nh.apk.net>
605 * kdc/config.c: new flag --kaserver and config file option
606 enable-kaserver. From "Brandon S. Allbery KF8NH"
607 <allbery@kf8nh.apk.net>
609 Mon Apr 19 12:32:04 1999 Johan Danielsson <joda@hella.pdc.kth.se>
611 * configure.in: check for dlopen, and dlfcn.h
613 * kpasswd/kpasswdd.c: add support for dlopen:ing password quality
616 * configure.in: add appl/su
618 Sun Apr 18 15:46:53 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
620 * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
623 Fri Apr 16 17:58:51 1999 Assar Westerlund <assar@sics.se>
625 * configure.in: LIB_kdb: -L should be before -lkdb
626 test for prototype of strsep
628 Thu Apr 15 11:34:38 1999 Johan Danielsson <joda@hella.pdc.kth.se>
630 * lib/krb5/Makefile.am: update version
632 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
635 * lib/krb5/fcache.c: add some support for reading and writing old
637 (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
640 * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
641 initialize host_byteorder
643 * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
646 * lib/krb5/store_emem.c (krb5_storage_emem): initialize
649 * lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
650 (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
651 check host_byteorder flag; (krb5_store_creds): add;
652 (krb5_ret_creds): add
654 * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
657 * lib/krb5/heim_err.et: add `host not found' error
659 * kdc/connect.c: don't use data after clearing decriptor
661 * lib/krb5/auth_context.c: abort -> krb5_abortx
663 * lib/krb5/warn.c: add __attribute__; add *abort functions
665 * configure.in: check for __attribute__
667 * kdc/connect.c: log bogus requests
669 Tue Apr 13 18:38:05 1999 Johan Danielsson <joda@hella.pdc.kth.se>
671 * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
674 1999-04-12 Assar Westerlund <assar@sics.se>
676 * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit
678 * lib/krb5/get_cred.c (init_tgs_req): some more error checking
680 * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
683 Sun Apr 11 03:47:23 1999 Johan Danielsson <joda@hella.pdc.kth.se>
685 * lib/krb5/krb5.conf.5: update to reality
687 * lib/krb5/krb5_425_conv_principal.3: update to reality
689 1999-04-11 Assar Westerlund <assar@sics.se>
691 * lib/krb5/get_host_realm.c: handle more than one realm for a host
693 * kpasswd/kpasswd.c (main): use krb5_program_setup and
696 * kdc/string2key.c (main): use krb5_program_setup and
699 Sun Apr 11 02:35:58 1999 Johan Danielsson <joda@hella.pdc.kth.se>
701 * lib/krb5/principal.c (krb5_524_conv_principal): make it actually
702 work, and check built-in list of host-type first-components
704 * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm
706 * lib/krb5/context.c: add srv_* flags to context
708 * lib/krb5/principal.c: add default v4_name_convert entries
710 * lib/krb5/krb5.h: add srv_* flags to context
712 Sat Apr 10 22:52:28 1999 Johan Danielsson <joda@hella.pdc.kth.se>
714 * kadmin/kadmin.c: complain about un-recognised commands
716 * admin/ktutil.c: complain about un-recognised commands
718 Sat Apr 10 15:41:49 1999 Assar Westerlund <assar@sics.se>
720 * kadmin/load.c (doit): fix error message
722 * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
724 (krb5_get_wrapped_length): new function
726 * configure.in: security/pam_modules.h: check for
728 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
729 around `ret_as_reply' semantics by only freeing it when ret == 0
731 Fri Apr 9 20:24:04 1999 Assar Westerlund <assar@sics.se>
733 * kuser/klist.c (print_cred_verbose): handle the case of a bad
736 * configure.in: test for more header files
739 Thu Apr 8 15:01:59 1999 Johan Danielsson <joda@hella.pdc.kth.se>
741 * configure.in: fixes for building w/o krb4
743 * ltmain.sh: update to libtool 1.2d
745 * ltconfig: update to libtool 1.2d
747 Wed Apr 7 23:37:26 1999 Assar Westerlund <assar@sics.se>
749 * kdc/hpropd.c: fix some error messages to be more understandable.
751 * kdc/hprop.c (ka_dump): remove unused variables
753 * appl/test/tcp_server.c: remove unused variables
755 * appl/test/gssapi_server.c: remove unused variables
757 * appl/test/gssapi_client.c: remove unused variables
759 Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se>
761 * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code
763 * kuser/klist.c: make it compile w/o krb4
765 * kuser/kdestroy.c: make it compile w/o krb4
767 * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
770 Mon Apr 5 16:13:46 1999 Johan Danielsson <joda@hella.pdc.kth.se>
772 * configure.in: test for MIPS ABI; new test_package
774 Thu Apr 1 11:00:40 1999 Johan Danielsson <joda@hella.pdc.kth.se>
776 * include/Makefile.am: clean krb5-private.h
780 * kpasswd/kpasswdd.c (doit): pass context to
781 krb5_get_all_client_addrs
783 * kdc/connect.c (init_sockets): pass context to
784 krb5_get_all_server_addrs
786 * lib/krb5/get_in_tkt.c (init_as_req): pass context to
787 krb5_get_all_client_addrs
789 * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
790 krb5_get_all_client_addrs
792 * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses
794 * lib/krb5/krb5.h: add support for adding an extra set of
797 * lib/krb5/context.c: add support for adding an extra set of
800 * lib/krb5/addr_families.c: add krb5_parse_address
802 * lib/krb5/address.c: krb5_append_addresses
804 * lib/krb5/config_file.c (parse_binding): don't zap everything
805 after first whitespace
807 * kuser/kinit.c (renew_validate): don't allocate out
809 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
812 * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
814 (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
817 * lib/krb5/crypto.c (encrypt_internal): free checksum
819 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
822 * kuser/Makefile.am: remove kfoo
824 * lib/Makefile.am: add auth
826 * lib/kadm5/iprop.h: getarg.h
828 * lib/kadm5/replay_log.c: use getarg
830 * lib/kadm5/ipropd_slave.c: use getarg
832 * lib/kadm5/ipropd_master.c: use getarg
834 * lib/kadm5/dump_log.c: use getarg
836 * kpasswd/kpasswdd.c: use getarg
838 * Makefile.am.common: make a more working check-local target
840 * lib/asn1/main.c: use getargs
842 Mon Mar 29 20:19:57 1999 Johan Danielsson <joda@hella.pdc.kth.se>
844 * kuser/klist.c (print_cred_verbose): use krb5_print_address
846 * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int
848 * lib/krb5/addr_families.c (krb5_print_address): handle unknown
849 address types; (ipv6_print_addr): print in 16-bit groups (as it
852 * lib/krb5/crc.c: crc_{init_table,update} ->
853 _krb5_crc_{init_table,update}
855 * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
856 crc_{init_table,update} -> _krb5_crc_{init_table,update}
858 * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int
860 * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int
862 * lib/krb5/krb5_locl.h: include krb5-private.h
864 * kdc/connect.c (addr_to_string): use krb5_print_address
866 * lib/krb5/addr_families.c (krb5_print_address): int -> size_t
868 * lib/krb5/addr_families.c: add support for printing ipv6
869 addresses, either with inet_ntop, or ugly for-loop
871 * kdc/524.c: check that the ticket came from a valid address; use
872 the address of the connection as the address to put in the v4
873 ticket (if this address is AF_INET)
875 * kdc/connect.c: pass addr to do_524
877 * kdc/kdc_locl.h: prototype for do_524
879 Sat Mar 27 17:48:31 1999 Johan Danielsson <joda@hella.pdc.kth.se>
881 * configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
882 setlim; check for auth modules; siad.h, getpwnam_r;
883 lib/auth/Makefile, lib/auth/sia/Makefile
885 * lib/krb5/crypto.c: n_fold -> _krb5_n_fold
887 * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold
889 Thu Mar 25 04:35:21 1999 Assar Westerlund <assar@sics.se>
891 * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
894 * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'
896 * lib/hdb/ndbm.c (NDBM_destroy): clear master key
898 * lib/hdb/db.c (DB_destroy): clear master key
899 (DB_open): check malloc
901 * kdc/connect.c (init_sockets): free addresses
903 * kadmin/kadmin.c (main): make code more consistent. always free
904 configuration information.
906 * kadmin/init.c (create_random_entry): free the entry
908 Wed Mar 24 04:02:03 1999 Assar Westerlund <assar@sics.se>
910 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
911 re-organize the code to always free `kdc_reply'
913 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
916 * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close
918 * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'
920 * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
923 * configure.in (db_185.h): check for
925 * admin/srvcreate.c: new file. contributed by Daniel Kouril
926 <kouril@informatics.muni.cz>
928 * admin/ktutil.c: srvcreate: new command
930 * kuser/klist.c: add support for printing AFS tokens
932 * kuser/kdestroy.c: add support for destroying v4 tickets and AFS
933 tokens. based on code by Love <lha@stacken.kth.se>
935 * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries
937 * configure.in: sys/ioccom.h: test for
939 * kuser/klist.c (main): don't print `no ticket file' with --test.
940 From: Love <lha@e.kth.se>
942 * kpasswd/kpasswdd.c (doit): more braces to make gcc happy
944 * kdc/connect.c (init_socket): get rid of a stupid warning
946 * include/bits.c (my_strupr): cast away some stupid warnings
948 Tue Mar 23 14:34:44 1999 Johan Danielsson <joda@hella.pdc.kth.se>
950 * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
953 Tue Mar 23 00:00:45 1999 Assar Westerlund <assar@sics.se>
955 * lib/kadm5/Makefile.am (install_build_headers): recover from make
956 rewriting the names of the headers kludge to help solaris make
958 * lib/krb5/Makefile.am: kludge to help solaris make
960 * lib/hdb/Makefile.am: kludge to help solaris make
962 * configure.in (LIB_kdb): make sure there's a -L option in here by
965 * lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
968 * configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
969 remove the `dnl' to work around an automake flaw
971 Sun Mar 21 15:08:49 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
973 * lib/krb5/get_default_realm.c: char* -> krb5_realm
975 Sun Mar 21 14:08:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
977 * include/bits.c: <bind/bitypes.h>
979 * lib/krb5/Makefile.am: create krb5-private.h
981 Sat Mar 20 00:08:59 1999 Assar Westerlund <assar@sics.se>
983 * configure.in (gethostname): remove duplicate
985 Fri Mar 19 14:48:03 1999 Johan Danielsson <joda@hella.pdc.kth.se>
987 * lib/hdb/Makefile.am: add version-info
989 * lib/gssapi/Makefile.am: add version-info
991 * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
994 * lib/Makefile.am: add 45
996 * lib/kadm5/Makefile.am: split in client and server libraries
997 (breaks shared libraries otherwise)
999 Thu Mar 18 11:33:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1001 * include/kadm5/Makefile.am: clean a lot of header files (since
1002 automake lacks a clean-hook)
1004 * include/Makefile.am: clean a lot of header files (since automake
1007 * lib/kadm5/Makefile.am: fix build-installation of headers
1009 * lib/krb5/Makefile.am: remove include_dir hack
1011 * lib/hdb/Makefile.am: remove include_dir hack
1013 * lib/asn1/Makefile.am: remove include_dir hack
1015 * include/Makefile.am: remove include_dir hack
1017 * doc/whatis.texi: define sub for html
1019 * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h
1021 * lib/asn1/Makefile.am: der.h
1023 * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h
1025 * kdc/Makefile.am: remove junk
1027 * kadmin/Makefile.am: sl.a -> sl.la
1029 * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS
1031 * admin/Makefile.am: sl.a -> sl.la
1033 * configure.in: condition KRB5; AC_CHECK_XAU
1035 * Makefile.am: include Makefile.am.common
1037 * include/kadm5/Makefile.am: include Makefile.am.common; don't
1038 install headers from here
1040 * include/Makefile.am: include Makefile.am.common; don't install
1043 * doc/Makefile.am: include Makefile.am.common
1045 * lib/krb5/Makefile.am: include Makefile.am.common
1047 * lib/kadm5/Makefile.am: include Makefile.am.common
1049 * lib/hdb/Makefile.am: include Makefile.am.common
1051 * lib/gssapi/Makefile.am: include Makefile.am.common
1053 * lib/asn1/Makefile.am: include Makefile.am.common
1055 * lib/Makefile.am: include Makefile.am.common
1057 * lib/45/Makefile.am: include Makefile.am.common
1059 * kuser/Makefile.am: include Makefile.am.common
1061 * kpasswd/Makefile.am: include Makefile.am.common
1063 * kdc/Makefile.am: include Makefile.am.common
1065 * kadmin/Makefile.am: include Makefile.am.common
1067 * appl/test/Makefile.am: include Makefile.am.common
1069 * appl/afsutil/Makefile.am: include Makefile.am.common
1071 * appl/Makefile.am: include Makefile.am.common
1073 * admin/Makefile.am: include Makefile.am.common
1075 Wed Mar 17 03:04:38 1999 Assar Westerlund <assar@sics.se>
1077 * lib/krb5/store.c (krb5_store_stringz): braces fix
1079 * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix
1081 * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix
1083 * kdc/connect.c (loop): braces fix
1085 * lib/krb5/config_file.c: cast to unsigned char to make is* happy
1087 * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy
1089 * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
1092 * kadmin/util.c (timeval2str): more braces to make gcc happy
1094 * kadmin/load.c: cast in is* to get rid of stupid warning
1096 * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
1099 * kdc/kaserver.c: malloc checks and fixes
1101 * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
1102 dot (if any) when looking up realms.
1104 Fri Mar 12 13:57:56 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1106 * lib/krb5/get_host_realm.c: add dns support
1108 * lib/krb5/set_default_realm.c: use krb5_free_host_realm
1110 * lib/krb5/free_host_realm.c: check for NULL realmlist
1112 * lib/krb5/context.c: don't print warning if there is no krb5.conf
1114 Wed Mar 10 19:29:46 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1116 * configure.in: use AC_WFLAGS
1118 Mon Mar 8 11:49:43 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1122 * kuser/klist.c: use print_version
1124 * kuser/kdestroy.c: use print_version
1126 * kdc/hpropd.c: use print_version
1128 * kdc/hprop.c: use print_version
1130 * kdc/config.c: use print_version
1132 * kadmin/kadmind.c: use print_version
1134 * kadmin/kadmin.c: use print_version
1136 * appl/test/common.c: use print_version
1138 * appl/afsutil/afslog.c: use print_version
1140 Mon Mar 1 10:49:14 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1142 * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
1143 HAVE_STRUCT_SOCKADDR_SA_LEN
1145 * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13
1147 Sun Feb 28 18:19:20 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1149 * lib/asn1/gen.c: make `BIT STRING's unsigned
1151 * lib/asn1/{symbol.h,gen.c}: add TUInteger type
1153 * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
1154 krb5_get_init_creds_password
1156 * lib/krb5/fcache.c (fcc_gen_new): implement
1158 Sat Feb 27 22:41:23 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1160 * doc/install.texi: krb4 is now automatically detected
1162 * doc/misc.texi: update procedure to set supported encryption
1165 * doc/setup.texi: change some silly wordings
1167 Sat Feb 27 22:17:30 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1169 * lib/krb5/keytab.c (fkt_remove_entry): make this work
1171 * admin/ktutil.c: add minimally working `get' command
1173 Sat Feb 27 19:44:49 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1175 * lib/hdb/convert_db.c: more typos
1177 * include/Makefile.am: remove EXTRA_DATA (as of autoconf
1180 * appl/Makefile.am: OTP_dir
1182 Fri Feb 26 17:37:00 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1184 * doc/setup.texi: add kadmin section
1186 * lib/asn1/check-der.c: fix printf warnings
1188 Thu Feb 25 11:16:49 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1190 * configure.in: -O does not belong in WFLAGS
1192 Thu Feb 25 11:05:57 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1194 * lib/asn1/der_put.c: fix der_put_int
1196 Tue Feb 23 20:35:12 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1198 * configure.in: use AC_BROKEN_GLOB
1200 Mon Feb 22 15:12:44 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1202 * configure.in: check for glob
1204 Mon Feb 22 11:32:42 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1208 Sat Feb 20 15:48:06 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1210 * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
1213 * lib/krb5/crypto.c (DES3_string_to_key): make this actually do
1214 what the draft said it should
1216 * lib/hdb/convert_db.c: little program for database conversion
1218 * lib/hdb/db.c (DB_open): try to open database w/o .db extension
1220 * lib/hdb/ndbm.c (NDBM_open): add test for database format
1222 * lib/hdb/db.c (DB_open): add test for database format
1224 * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
1227 * lib/hdb/hdb.c: change `hdb_set_master_key' to take an
1228 EncryptionKey, and add a new function `hdb_set_master_keyfile' to
1229 do what `hdb_set_master_key' used to do
1231 * kdc/kstash.c: add `--convert-file' option to change keytype of
1232 existing master key file
1234 Fri Feb 19 07:04:14 1999 Assar Westerlund <assar@squid.pdc.kth.se>
1238 Sat Feb 13 17:12:53 1999 Assar Westerlund <assar@sics.se>
1240 * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
1243 * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'
1245 * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
1248 (krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
1249 RSA_MD5_DES3_verify): initialize ret
1251 * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
1252 gssapi_krb5_init. ask for KEYTYPE_DES credentials
1254 * kadmin/get.c (print_entry_long): print the keytypes and salts
1255 available for the principal
1257 * configure.in (WFLAGS): add `-O' to catch unitialized variables
1259 (gethostname, mkstemp, getusershell, inet_aton): more tests
1261 * lib/hdb/hdb.h: update prototypes
1263 * configure.in: homogenize broken detection with krb4
1265 * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
1268 * lib/asn1/Makefile.am (check-der): add
1270 * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
1273 * lib/asn1/der_length.c (length_unsigned): new function
1274 (length_int): handle signed integers
1276 * lib/asn1/der_put.c (der_put_unsigned): new function
1277 (der_put_int): handle signed integers
1279 * lib/asn1/der_get.c (der_get_unsigned): new function
1280 (der_get_int): handle signed integers
1282 * lib/asn1/der.h: all integer functions take `int' instead of
1285 * lib/asn1/lex.l (filename): unused. remove.
1287 * lib/asn1/check-der.c: new test program for der encoding and
1290 Mon Feb 1 04:09:06 1999 Assar Westerlund <assar@sics.se>
1292 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
1293 gethostbyname2 with AF_INET6 if we actually have IPv6. From
1294 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
1296 * lib/krb5/changepw.c (get_kdc_address): dito
1298 Sun Jan 31 06:26:36 1999 Assar Westerlund <assar@sics.se>
1300 * kdc/connect.c (parse_prots): always bind to AF_INET, there are
1301 v6-implementations without support for `mapped V4 addresses'.
1302 From Jun-ichiro itojun Hagino <itojun@kame.net>
1304 Sat Jan 30 22:38:27 1999 Assar Westerlund <assar@juguete.sics.se>
1308 Sat Jan 30 13:43:02 1999 Assar Westerlund <assar@sics.se>
1310 * lib/krb5/Makefile.am: explicit rules for *.et files
1312 * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
1313 krb5_get_credentials was succesful.
1314 (get_new_cache): return better error codes and return earlier.
1315 (get_cred_cache): only delete default_client if it's different
1317 (kadm5_c_init_with_context): return a more descriptive error.
1319 * kdc/kerberos5.c (check_flags): handle NULL client or server
1321 * lib/krb5/sendauth.c (krb5_sendauth): return the error in
1322 `ret_error' iff != NULL
1324 * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
1327 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
1330 * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR
1332 * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use
1334 * lib/krb5/get_cred.c: KRB5_TGS_NAME: use
1336 * lib/kafs/afskrb5.c (afslog_uid_int): update to changes
1338 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
1339 instead of rename, but shouldn't this just call rename?
1341 * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
1342 error if the principal wasn't found.
1344 * lib/hdb/ndbm.c (NDBM_seq): unseal key
1346 * lib/hdb/db.c (DB_seq): unseal key
1348 * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]
1350 * kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when
1351 finding cross-realm tgts in the v4 database
1353 * kadmin/mod.c (mod_entry): check the number of arguments. check
1354 that kadm5_get_principal worked.
1356 * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
1357 we weren't able to remove it.
1359 * admin/ktutil.c: less drive-by-deleting. From Love
1362 * kdc/connect.c (parse_ports): copy the string before mishandling
1365 * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
1368 * kadmin/kadmind.c (main): convert `debug_port' to network byte
1371 * kadmin/kadmin.c: allow specification of port number.
1373 * lib/kadm5/kadm5_locl.h (kadm5_client_context): add
1376 * lib/kadm5/init_c.c (_kadm5_c_init_context): move up
1377 initalize_kadm5_error_table_r.
1378 allow specification of port number.
1380 From Love <lha@stacken.kth.se>
1382 * kuser/klist.c: add option -t | --test
1384 Sat Dec 5 19:49:34 1998 Johan Danielsson <joda@hella.pdc.kth.se>
1386 * lib/krb5/context.c: remove ktype_is_etype
1388 * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE
1390 * configure.in: fix for AIX install; better tests for AIX dynamic
1391 AFS libs; `--enable-new-des3-code'
1393 Tue Dec 1 14:44:44 1998 Johan Danielsson <joda@hella.pdc.kth.se>
1395 * appl/afsutil/Makefile.am: link with extra libs for aix
1397 * kuser/Makefile.am: link with extra libs for aix
1399 Sun Nov 29 01:56:21 1998 Assar Westerlund <assar@sics.se>
1401 * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add. almost
1402 the same as krb5_get_all_client_addrs except that it includes
1405 * kdc/connect.c (init_socket): bind to a particular address
1406 (init_sockets): get all local addresses and bind to them all
1408 * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
1410 (find_af, find_atype): new functions. use them.
1412 * configure.in: add hesiod
1414 Wed Nov 25 11:37:48 1998 Johan Danielsson <joda@hella.pdc.kth.se>
1416 * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03
1418 Mon Nov 23 12:53:48 1998 Assar Westerlund <assar@sics.se>
1420 * lib/kadm5/log.c: rename delete -> remove
1422 * lib/kadm5/delete_s.c: rename delete -> remove
1424 * lib/hdb/common.c: rename delete -> remove
1426 Sun Nov 22 12:26:26 1998 Assar Westerlund <assar@sics.se>
1428 * configure.in: check for environ and `struct spwd'
1430 Sun Nov 22 11:42:45 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
1432 * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
1435 * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
1439 Sun Nov 22 06:54:48 1998 Assar Westerlund <assar@sics.se>
1441 * lib/krb5/init_creds_pw.c: more type correctness
1443 * lib/krb5/get_cred.c: re-structure code. remove limits on ASN1
1446 Sun Nov 22 01:49:50 1998 Johan Danielsson <joda@hella.pdc.kth.se>
1448 * kdc/hprop.c (v4_prop): fix bogus indexing
1450 Sat Nov 21 21:39:20 1998 Assar Westerlund <assar@sics.se>
1452 * lib/krb5/verify_init.c (fail_verify_is_ok): new function
1453 (krb5_verify_init_creds): if we cannot get a ticket for
1454 host/`hostname` and fail_verify_is_ok just return. use
1457 Sat Nov 21 23:12:27 1998 Assar Westerlund <assar@sics.se>
1459 * lib/krb5/free.c (krb5_xfree): new function
1461 * lib/krb5/creds.c (krb5_free_creds_contents): new function
1463 * lib/krb5/context.c: more type correctness
1465 * lib/krb5/checksum.c: more type correctness
1467 * lib/krb5/auth_context.c (krb5_auth_con_init): more type
1470 * lib/asn1/der_get.c (der_get_length): fix test of len
1471 (der_get_tag): more type correctness
1473 * kuser/klist.c (usage): void-ize
1475 * admin/ktutil.c (kt_remove): some more type correctness.
1477 Sat Nov 21 16:49:20 1998 Johan Danielsson <joda@hella.pdc.kth.se>
1479 * kuser/klist.c: try to list enctypes as keytypes
1481 * kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
1482 to set list of enctypes to use
1484 * kadmin/load.c: load strings as hex
1486 * kadmin/dump.c: dump hex as string is possible
1488 * admin/ktutil.c: use print_version()
1490 * configure.in, acconfig.h: test for hesiod
1492 Sun Nov 15 17:28:19 1998 Johan Danielsson <joda@hella.pdc.kth.se>
1494 * lib/krb5/crypto.c: add some crypto debug code
1496 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
1497 buffer when encoding ticket
1499 * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'
1501 * kdc/kerberos5.c: allow mis-match of tgt session key, and service
1504 * admin/ktutil.c: keytype -> enctype
1506 Fri Nov 13 05:35:48 1998 Assar Westerlund <assar@sics.se>
1508 * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
1510 Sat Nov 7 19:56:31 1998 Assar Westerlund <assar@sics.se>
1512 * lib/krb5/get_cred.c (add_cred): add termination NULL pointer
1514 Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se>
1516 * lib/krb5/rd_req.c: adapt to new crypto api
1518 * lib/krb5/rd_rep.c: adapt to new crypto api
1520 * lib/krb5/rd_priv.c: adopt to new crypto api
1522 * lib/krb5/rd_cred.c: adopt to new crypto api
1524 * lib/krb5/principal.c: ENOMEM -> ERANGE
1526 * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api
1528 * lib/krb5/mk_req_ext.c: adopt to new crypto api
1530 * lib/krb5/mk_req.c: get enctype from auth_context keyblock
1532 * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api
1534 * lib/krb5/mk_priv.c: adopt to new crypto api
1536 * lib/krb5/keytab.c: adopt to new crypto api
1538 * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api
1540 * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api
1542 * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api
1544 * lib/krb5/get_in_tkt.c: adopt to new crypto api
1546 * lib/krb5/get_cred.c: adopt to new crypto api
1548 * lib/krb5/generate_subkey.c: use new crypto api
1550 * lib/krb5/context.c: rename etype functions to enctype ditto
1552 * lib/krb5/build_auth.c: use new crypto api
1554 * lib/krb5/auth_context.c: remove enctype and cksumtype from
1557 Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se>
1559 * kdc/connect.c (handle_udp, handle_tcp): correct type of `n'
1561 Tue Sep 15 18:41:38 1998 Johan Danielsson <joda@hella.pdc.kth.se>
1563 * admin/ktutil.c: fix printing of unrecognized keytypes
1565 Tue Sep 15 17:02:33 1998 Johan Danielsson <joda@hella.pdc.kth.se>
1567 * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
1570 Tue Aug 25 23:30:52 1998 Assar Westerlund <assar@sics.se>
1572 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
1575 * lib/krb5/changepw.c (get_kdc_address): use
1576 krb5_get_krb_admin_hst
1578 * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function
1580 * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'
1582 * lib/krb5/context.c (krb5_get_use_admin_kdc,
1583 krb5_set_use_admin_kdc): new functions
1585 Tue Aug 18 22:24:12 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1587 * lib/krb5/crypto.c: remove all calls to abort(); check return
1588 value from _key_schedule;
1589 (RSA_MD[45]_DES_verify): zero tmp and res;
1590 (RSA_MD5_DES3_{verify,checksum}): implement
1592 Mon Aug 17 20:18:46 1998 Assar Westerlund <assar@sics.se>
1594 * kdc/kerberos4.c (swap32): conditionalize
1596 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function
1598 * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
1599 returned from gethostby*() isn't a FQDN, try with the original
1602 * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
1603 and correct key usage
1605 * lib/krb5/crypto.c (verify_checksum): make static
1607 * admin/ktutil.c (kt_list): use krb5_enctype_to_string
1609 Sun Aug 16 20:57:56 1998 Assar Westerlund <assar@sics.se>
1611 * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt
1613 * kadmin/ank.c (ank): print principal name in prompt
1615 * lib/krb5/crypto.c (hmac): always allocate space for checksum.
1616 never trust c.checksum.length
1617 (_get_derived_key): try to return the derived key
1619 Sun Aug 16 19:48:42 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1621 * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
1622 (get_checksum_key): assume usage is `formatted'
1623 (create_checksum,verify_checksum): moved the guts of the krb5_*
1624 functions here, both take `formatted' key-usages
1625 (encrypt_internal_derived): fix various bogosities
1626 (derive_key): drop key_type parameter (already given by the
1629 * kdc/kerberos5.c (check_flags): handle case where client is NULL
1631 * kdc/connect.c (process_request): return zero after processing
1634 Sun Aug 16 18:38:15 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
1636 * lib/krb5/crypto.c: merge x-*.[ch] into one file
1638 * lib/krb5/cache.c: remove residual from krb5_ccache_data
1640 Fri Aug 14 16:28:23 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1642 * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
1643 separate function (will eventually end up someplace else)
1645 * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key
1647 * configure.in, acconfig.h: test for four valued krb_put_int
1649 Thu Aug 13 23:46:29 1998 Assar Westerlund <assar@emma.pdc.kth.se>
1653 Thu Aug 13 22:40:17 1998 Assar Westerlund <assar@sics.se>
1655 * lib/krb5/config_file.c (parse_binding): remove trailing
1658 Wed Aug 12 20:15:11 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1660 * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
1661 to krb5_create_checksum
1663 * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
1666 Wed Aug 5 12:39:54 1998 Assar Westerlund <assar@emma.pdc.kth.se>
1670 Thu Jul 30 23:12:17 1998 Assar Westerlund <assar@sics.se>
1672 * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die
1674 Thu Jul 23 19:49:03 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1676 * kdc/kdc_locl.h: proto for `get_des_key'
1678 * configure.in: test for four valued el_init
1680 * kuser/klist.c: keytype -> enctype
1682 * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'
1684 * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys
1686 * kdc/kaserver.c: use `get_des_key'
1688 * kdc/524.c: use new crypto api
1690 * kdc/kerberos4.c: use new crypto api
1692 * kdc/kerberos5.c: always treat keytypes as enctypes; use new
1695 * kdc/kstash.c: adapt to new crypto api
1697 * kdc/string2key.c: adapt to new crypto api
1699 * admin/srvconvert.c: add keys for all possible enctypes
1701 * admin/ktutil.c: keytype -> enctype
1703 * lib/gssapi/init_sec_context.c: get enctype from auth_context
1706 * lib/hdb/hdb.c: remove hdb_*_keytype2key
1708 * lib/kadm5/set_keys.c: adapt to new crypto api
1710 * lib/kadm5/rename_s.c: adapt to new crypto api
1712 * lib/kadm5/get_s.c: adapt to new crypto api
1714 * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
1715 des-cbc-md5, and des3-cbc-sha1
1717 * lib/krb5/heim_err.et: error message for unsupported salt
1719 * lib/krb5/codec.c: short-circuit these functions, since they are
1722 * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api
1724 Mon Jul 13 23:00:59 1998 Assar Westerlund <assar@sics.se>
1726 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
1727 hostent->h_addr_list, use a copy instead
1729 Mon Jul 13 15:00:31 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1731 * lib/krb5/config_file.c (parse_binding, parse_section): make sure
1732 everything is ok before adding to linked list
1734 * lib/krb5/config_file.c: skip ws before checking for comment
1736 Wed Jul 8 10:45:45 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1738 * lib/asn1/k5.asn1: hmac-sha1-des3 = 12
1740 Tue Jun 30 18:08:05 1998 Assar Westerlund <assar@sics.se>
1742 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
1745 * lib/krb5/mk_priv.c: realloc correctly
1747 * lib/krb5/get_addrs.c (find_all_addresses): init j
1749 * lib/krb5/context.c (krb5_init_context): print error if parsing
1750 of config file produced an error.
1752 * lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
1755 * lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
1756 krb5_encode_ETYPE_INFO): initialize `ret'
1758 * lib/krb5/build_auth.c (krb5_build_authenticator): realloc
1761 * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'
1763 * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
1766 * kuser/kinit.c (main): initialize `ticket_life'
1768 * kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
1769 (tgs_rep2): initialize `krbtgt'
1771 * kdc/connect.c (do_request): check for errors from `sendto'
1773 * kdc/524.c (do_524): initialize `ret'
1775 * kadmin/util.c (foreach_principal): don't clobber `ret'
1777 * kadmin/del.c (del_entry): don't apply on zeroth argument
1779 * kadmin/cpw.c (do_cpw_entry): initialize `ret'
1781 Sat Jun 13 04:14:01 1998 Assar Westerlund <assar@juguete.sics.se>
1785 Sun Jun 7 04:13:14 1998 Assar Westerlund <assar@sics.se>
1787 * lib/krb5/addr_families.c: fall-back definition of
1790 * configure.in: only set CFLAGS if it wasn't set look for
1791 dn_expand and res_search
1793 Mon Jun 1 21:28:07 1998 Assar Westerlund <assar@sics.se>
1795 * configure.in: remove duplicate seteuid
1797 Sat May 30 00:19:51 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1799 * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
1800 runtime dependencies on libkrb with some shared library
1803 Fri May 29 00:09:02 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1805 * kuser/kinit_options.c: Default options for kinit.
1807 * kuser/kauth_options.c: Default options for kauth.
1809 * kuser/kinit.c: Implement lots a new options.
1811 * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
1812 is not NULL; set endtime to min of new starttime + old_life, and
1815 * lib/krb5/init_creds_pw.c (get_init_creds_common): if the
1816 forwardable or proxiable flags are set in options, set the
1817 kdc-flags to the value specified, and not always to one
1819 Thu May 28 21:28:06 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1821 * kdc/kerberos5.c: Optionally compare client address to addresses
1824 * kdc/connect.c: Pass client address to as_rep() and tgs_rep().
1826 * kdc/config.c: Add check_ticket_addresses, and
1827 allow_null_ticket_addresses variables.
1829 Tue May 26 14:03:42 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1831 * lib/kadm5/create_s.c: possibly make DES keys version 4 salted
1833 * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
1834 before zapping version 4 salts
1836 Sun May 24 05:22:17 1998 Assar Westerlund <assar@sics.se>
1840 * lib/krb5/aname_to_localname.c: new file
1842 * lib/gssapi/init_sec_context.c (repl_mutual): no output token
1844 * lib/gssapi/display_name.c (gss_display_name): zero terminate
1847 Sat May 23 19:11:07 1998 Assar Westerlund <assar@sics.se>
1849 * lib/gssapi/display_status.c: new file
1851 * Makefile.am: send -I to aclocal
1853 * configure.in: remove duplicate setenv
1855 Sat May 23 04:55:19 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1857 * kadmin/util.c (foreach_principal): Check for expression before
1858 wading through the whole database.
1860 * kadmin/kadmin.c: Pass NULL password to
1861 kadm5_*_init_with_password.
1863 * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
1864 of `password' parameter to init_with_password.
1866 * lib/kadm5/init_s.c: implement init_with_{skey,creds}*
1868 * lib/kadm5/server.c: Better arguments for
1869 kadm5_init_with_password.
1871 Sat May 16 07:10:36 1998 Assar Westerlund <assar@sics.se>
1873 * kdc/hprop.c: conditionalize ka-server reading support on
1876 * configure.in: new option `--enable-kaserver-db'
1878 Fri May 15 19:39:18 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
1880 * lib/krb5/get_cred.c: Better error if local tgt couldn't be
1883 Tue May 12 21:11:02 1998 Assar Westerlund <assar@sics.se>
1887 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
1888 encryption type in auth_context if it's compatible with the type
1891 Mon May 11 21:11:14 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1893 * kdc/hprop.c: add support for ka-server databases
1895 * appl/ftp/ftpd: link with -lcrypt, if needed
1897 Fri May 1 07:29:52 1998 Assar Westerlund <assar@sics.se>
1899 * configure.in: don't test for winsock.h
1901 Sat Apr 18 21:43:11 1998 Johan Danielsson <joda@puffer.pdc.kth.se>
1905 Sat Apr 18 00:31:11 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
1907 * lib/krb5/sock_principal.c: Save hostname.
1909 Sun Apr 5 11:29:45 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1911 * lib/krb5/mk_req_ext.c: Use same enctype as in ticket.
1913 * kdc/hprop.c (v4_prop): Check for null key.
1915 Fri Apr 3 03:54:54 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
1917 * lib/krb5/str2key.c: Fix DES3 string-to-key.
1919 * lib/krb5/keytab.c: Get default keytab name from context.
1921 * lib/krb5/context.c: Get `default_keytab_name' value.
1923 * kadmin/util.c (foreach_principal): Print error message if
1924 `kadm5_get_principals' fails.
1926 * kadmin/kadmind.c: Use `kadmind_loop'.
1928 * lib/kadm5/server.c: Replace several other functions with
1931 Sat Mar 28 09:49:18 1998 Assar Westerlund <assar@sics.se>
1933 * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
1936 * configure.in: generate ftp Makefiles
1938 * kuser/klist.c (print_cred_verbose): print IPv4-address in a
1941 * admin/srvconvert.c (srvconv): return 0 if successful
1943 Tue Mar 24 00:40:33 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1945 * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
1946 keytab entries, and change default keytab to `/etc/krb5.keytab'.
1948 Mon Mar 23 23:43:59 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1950 * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.
1952 * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
1953 Fix bug in checking of pad.
1955 * lib/gssapi/{un,}wrap.c: Add support for just integrity
1958 * lib/gssapi/accept_sec_context.c: Use
1959 `gssapi_krb5_verify_8003_checksum'.
1961 * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.
1963 * lib/gssapi/init_sec_context.c: Zero cred, and store session key
1964 properly in auth-context.
1966 Sun Mar 22 00:47:22 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1968 * lib/kadm5/delete_s.c: Check immutable bit.
1970 * kadmin/kadmin.c: Pass client name to kadm5_init.
1972 * lib/kadm5/init_c.c: Get creds for client name passed in.
1974 * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.
1976 Sat Mar 21 22:57:13 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1978 * lib/krb5/mk_error.c: Verify that error_code is in the range
1981 * kdc/kerberos5.c: Move checking of principal flags to new
1982 function `check_flags'.
1984 Sat Mar 21 14:38:51 1998 Assar Westerlund <assar@sics.se>
1986 * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt
1988 * configure.in: define SunOS if running solaris
1990 Sat Mar 21 00:26:34 1998 Johan Danielsson <joda@emma.pdc.kth.se>
1992 * lib/kadm5/server.c: Unifdef test for same principal when
1995 * kadmin/util.c: If kadm5_get_principals failes, we might still be
1996 able to perform the requested opreration (for instance someone if
1997 trying to change his own password).
1999 * lib/kadm5/init_c.c: Try to get ticket via initial request, if
2000 not possible via tgt.
2002 * lib/kadm5/server.c: Check for principals changing their own
2005 * kdc/kerberos5.c (tgs_rep2): check for interesting flags on
2006 involved principals.
2008 * kadmin/util.c: Fix order of flags.
2010 Thu Mar 19 16:54:10 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2012 * kdc/kerberos4.c: Return sane error code if krb_rd_req fails.
2014 Wed Mar 18 17:11:47 1998 Assar Westerlund <assar@sics.se>
2016 * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
2018 Wed Mar 18 09:58:18 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2020 * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
2021 free keyseed; use correct keytab
2023 Tue Mar 10 09:56:16 1998 Assar Westerlund <assar@sics.se>
2025 * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives
2027 Mon Mar 16 23:58:23 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2031 Fri Mar 6 00:41:30 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2033 * lib/gssapi/{accept_sec_context,release_cred}.c: Use
2034 krb5_kt_close/krb5_kt_resolve.
2036 * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
2037 to lookup hosts, so CNAMEs can be ignored.
2039 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
2040 Add support for using proxy.
2042 * lib/krb5/context.c: Initialize `http_proxy' from
2043 `libdefaults/http_proxy'.
2045 * lib/krb5/krb5.h: Add `http_proxy' to context.
2047 * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
2050 Wed Mar 4 01:47:29 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2052 * admin/ktutil.c: Implement `add' and `remove' functions. Make
2053 `--keytab' a global option.
2055 * lib/krb5/keytab.c: Implement remove with files. Add memory
2058 Tue Mar 3 20:09:59 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2060 * lib/krb5/keytab.c: Use function pointers.
2062 * admin: Remove kdb_edit.
2064 Sun Mar 1 03:28:42 1998 Assar Westerlund <assar@sics.se>
2066 * lib/kadm5/dump_log.c: print operation names
2068 Sun Mar 1 03:04:12 1998 Assar Westerlund <assar@sics.se>
2070 * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}
2072 * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
2073 remove arbitrary limit
2075 * kdc/hprop-common.c: use krb5_{read,write}_message
2077 * lib/kadm5/ipropd_master.c (send_diffs): more careful use
2078 krb5_{write,read}_message
2080 * lib/kadm5/ipropd_slave.c (get_creds): get credentials for
2081 `iprop/master' directly.
2082 (main): use `krb5_read_message'
2084 Sun Mar 1 02:05:11 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2086 * kadmin/kadmin.c: Cleanup commands list, and add help strings.
2088 * kadmin/get.c: Add long, short, and terse (equivalent to `list')
2089 output formats. Short is the default.
2091 * kadmin/util.c: Add `include_time' flag to timeval2str.
2093 * kadmin/init.c: Max-life and max-renew can, infact, be zero.
2095 * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.
2097 * kadmin/util.c: Add function `foreach_principal', that loops over
2098 all principals matching an expression.
2100 * kadmin/kadmin.c: Add usage string to `privileges'.
2102 * lib/kadm5/get_princs_s.c: Also try to match aganist the
2103 expression appended with `@default-realm'.
2105 * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
2106 excludes the realm if it's the same as the default realm.
2108 Fri Feb 27 05:02:21 1998 Assar Westerlund <assar@sics.se>
2110 * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
2111 headers and functions error -> com_err
2113 (krb5_get_init_creds_keytab): use krb5_keytab_key_proc
2115 * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
2118 * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'
2120 * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.
2122 Fri Feb 27 04:49:24 1998 Assar Westerlund <assar@sics.se>
2124 * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
2125 This should be fixed the correct way.
2127 * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
2128 (send_diffs): compare versions correctly
2129 (main): reorder handling of events
2131 * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion
2133 Thu Feb 26 02:22:35 1998 Assar Westerlund <assar@sics.se>
2135 * lib/kadm5/ipropd_{slave,master}.c: new files
2137 * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
2140 * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
2143 * aux/make-proto.pl: Should work with perl4
2145 Mon Feb 16 17:20:22 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2147 * lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
2150 Thu Feb 12 03:28:40 1998 Assar Westerlund <assar@sics.se>
2152 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
2153 is larger than max_skew, return KRB5KRB_AP_ERR_SKEW
2155 * lib/kadm5/log.c (get_version): globalize
2157 * lib/kadm5/kadm5_locl.h: include <sys/file.h>
2159 * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY
2161 * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
2162 initializing local struct in declaration.
2164 Sat Jan 31 17:28:58 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2166 * kdc/524.c: Use krb5_decode_EncTicketPart.
2168 * kdc/kerberos5.c: Check at runtime whether to use enctypes
2169 instead of keytypes. If so use the same value to encrypt ticket,
2170 and kdc-rep as well as `keytype' for session key. Fix some obvious
2171 bugs with the handling of additional tickets.
2173 * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
2174 krb5_decode_Authenticator.
2176 * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.
2178 * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.
2180 * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
2181 type, and not a key type. Use krb5_encode_EncAPRepPart.
2183 * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.
2185 * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.
2187 * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.
2189 * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.
2191 * lib/krb5/build_auth.c: Use krb5_encode_Authenticator.
2193 * lib/krb5/codec.c: Enctype conversion stuff.
2195 * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
2196 setuid. Get configuration for libdefaults ktype_is_etype, and
2199 * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
2200 krb5_convert_etype to krb5_decode_keytype, and add
2201 krb5_decode_keyblock.
2203 Fri Jan 23 00:32:09 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2205 * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.
2207 * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
2208 from protocol keytypes (that really are enctypes) to internal
2211 Thu Jan 22 21:24:36 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2213 * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
2214 on keys in the database; and also a new `pa-key-info' padata-type.
2216 * kdc/kerberos5.c: If pre-authentication fails, return a list of
2217 keytypes, salttypes, and salts.
2219 * lib/krb5/init_creds_pw.c: Add better support for
2220 pre-authentication, by looking at hints from the KDC.
2222 * lib/krb5/get_in_tkt.c: Add better support for specifying what
2223 pre-authentication to use.
2225 * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
2228 * lib/krb5/krb5.h: Add pre-authentication structures.
2230 * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.
2232 Wed Jan 21 06:20:40 1998 Assar Westerlund <assar@sics.se>
2234 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
2235 `log_context.socket_name' and `log_context.socket_fd'
2237 * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
2238 to inform the possible running ipropd of an update.
2240 Wed Jan 21 01:34:09 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2242 * lib/krb5/get_in_tkt.c: Return error-packet to caller.
2244 * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.
2246 * kdc/kerberos5.c: Add some support for using enctypes instead of
2249 * lib/krb5/get_cred.c: Fixes to send authorization-data to the
2252 * lib/krb5/build_auth.c: Only generate local subkey if there is
2255 * lib/krb5/krb5.h: Add krb5_authdata type.
2257 * lib/krb5/auth_context.c: Add
2258 krb5_auth_con_set{,localsub,remotesub}key.
2260 * lib/krb5/init_creds_pw.c: Return some error if prompter
2261 functions return failure.
2263 Wed Jan 21 01:16:13 1998 Assar Westerlund <assar@sics.se>
2265 * kpasswd/kpasswd.c: detect bad password. use krb5_err.
2267 * kadmin/util.c (edit_entry): remove unused variables
2269 Tue Jan 20 22:58:31 1998 Assar Westerlund <assar@sics.se>
2271 * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.
2273 * lib/kadm5/kadm5_locl.h: add kadm5_log_context and
2274 kadm5_log*-functions
2276 * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
2279 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
2282 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
2285 * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
2288 * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
2291 * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
2294 * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
2297 * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log
2299 * lib/kadm5/replay_log.c: new file
2301 * lib/kadm5/dump_log.c: new file
2303 * lib/kadm5/log.c: new file
2305 * lib/krb5/str2key.c (get_str): initialize pad space to zero
2307 * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL
2309 * kpasswd/kpasswdd.c: rewritten to use the kadm5 API
2311 * kpasswd/Makefile.am: link with kadm5srv
2313 * kdc/kerberos5.c (tgs_rep): initialize `i'
2315 * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp
2317 * include/Makefile.am: added admin.h
2319 Sun Jan 18 01:41:34 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2321 * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.
2323 * lib/krb5/mcache.c (mcc_store_cred): restore linked list if
2326 Tue Jan 6 04:17:56 1998 Assar Westerlund <assar@sics.se>
2328 * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}
2330 * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.
2332 * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
2335 * kadmin/kadmind.c (main): htons correctly.
2336 moved kadm5_server_{recv,send}
2338 * kadmin/kadmin.c (main): only set admin_server if explicitly
2341 Mon Jan 5 23:34:44 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2343 * lib/hdb/ndbm.c: Implement locking of database.
2345 * kdc/kerberos5.c: Process AuthorizationData.
2347 Sat Jan 3 22:07:07 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2349 * kdc/string2key.c: Use AFS string-to-key from libkrb5.
2351 * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.
2353 * lib/krb5/krb5.h: Add value for AFS salts.
2355 * lib/krb5/str2key.c: Add support for AFS string-to-key.
2357 * lib/kadm5/rename_s.c: Use correct salt.
2359 * lib/kadm5/ent_setup.c: Always enable client. Only set max-life
2360 and max-renew if != 0.
2362 * lib/krb5/config_file.c: Add context to all krb5_config_*get_*.
2364 Thu Dec 25 17:03:25 1997 Assar Westerlund <assar@sics.se>
2366 * kadmin/ank.c (ank): don't zero password if --random-key was
2369 Tue Dec 23 01:56:45 1997 Assar Westerlund <assar@sics.se>
2373 * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'
2375 * kadmin/util.c (edit_time): only set mask if != 0
2376 (edit_attributes): only set mask if != 0
2378 * kadmin/init.c (init): create `default'
2380 Sun Dec 21 09:44:05 1997 Assar Westerlund <assar@sics.se>
2382 * kadmin/util.c (str2deltat, str2attr, get_deltat): return value
2383 as pointer and have return value indicate success.
2385 (get_response): check NULL from fgets
2387 (edit_time, edit_attributes): new functions for reading values and
2388 offering list of answers on '?'
2390 (edit_entry): use edit_time and edit_attributes
2392 * kadmin/ank.c (add_new_key): test the return value of
2395 * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
2396 that the checksum has to be keyed, even though later drafts do.
2397 Accept unkeyed checksums to be compatible with MIT.
2399 * kadmin/kadmin_locl.h: add some prototypes.
2401 * kadmin/util.c (edit_entry): return a value
2403 * appl/afsutil/afslog.c (main): return a exit code.
2405 * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes
2407 * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.
2409 * lib/krb5/build_auth.c (krb5_build_authenticator): use
2410 krb5_{free,copy}_keyblock instead of the _contents versions
2412 Fri Dec 12 14:20:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2414 * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey
2416 Mon Dec 8 08:48:09 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2418 * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid
2420 Sat Dec 6 10:09:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2422 * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
2425 Sat Dec 6 08:26:10 1997 Assar Westerlund <assar@sics.se>
2429 Thu Dec 4 03:38:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2431 * lib/krb5/send_to_kdc.c: Add TCP client support.
2433 * lib/krb5/store.c: Add k_{put,get}_int.
2435 * kadmin/ank.c: Set initial kvno to 1.
2437 * kdc/connect.c: Send version 5 TCP-reply as length+data.
2439 Sat Nov 29 07:10:11 1997 Assar Westerlund <assar@sics.se>
2441 * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug
2443 * kdc/kaserver.c (create_reply_ticket): use a random nonce in the
2446 * kdc/connect.c (init_sockets): less reallocing.
2448 * **/*.c: changed `struct fd_set' to `fd_set'
2450 Sat Nov 29 05:12:01 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2452 * lib/krb5/get_default_principal.c: More guessing.
2454 Thu Nov 20 02:55:09 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2456 * lib/krb5/rd_req.c: Use principal from ticket if no server is
2459 Tue Nov 18 02:58:02 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2461 * kuser/klist.c: Use krb5_err*().
2463 Sun Nov 16 11:57:43 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2465 * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
2468 Sun Nov 16 02:52:20 1997 Assar Westerlund <assar@sics.se>
2470 * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
2473 * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
2476 * lib/krb5/get_cred.c: handle the case of a specific keytype
2478 * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
2479 parameter instead of guessing it.
2481 * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
2484 * appl/test/common.c (common_setup): don't use `optarg'
2486 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
2487 (krb5_kt_get_entry): retrieve the latest version if kvno == 0
2489 * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE
2491 * lib/krb5/creds.c (krb5_compare_creds): check for
2492 KRB5_TC_MATCH_KEYTYPE
2494 * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
2497 * lib/krb5/creds.c (krb5_copy_creds_contents): only free the
2498 contents if we fail.
2500 Sun Nov 16 00:32:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2502 * kpasswd/kpasswdd.c: Get password expiration time from config
2505 * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.
2507 Wed Nov 12 02:35:57 1997 Assar Westerlund <assar@sics.se>
2509 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
2510 restructured and fixed.
2512 * lib/krb5/addr_families.c (krb5_h_addr2addr): new function.
2514 Wed Nov 12 01:36:01 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2516 * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
2519 Tue Nov 11 22:22:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2521 * kadmin/kadmin.c: Add `-l' flag to use local database.
2523 * lib/kadm5/acl.c: Use KADM5_PRIV_ALL.
2525 * lib/kadm5: Use function pointer trampoline for easier dual use
2526 (without radiation-hardening capability).
2528 Tue Nov 11 05:15:22 1997 Assar Westerlund <assar@sics.se>
2530 * lib/krb5/encrypt.c (krb5_etype_valid): new function
2532 * lib/krb5/creds.c (krb5_copy_creds_contents): zero target
2534 * lib/krb5/context.c (valid_etype): remove
2536 * lib/krb5/checksum.c: remove dead code
2538 * lib/krb5/changepw.c (send_request): free memory on error.
2540 * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
2543 * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
2545 (krb5_auth_con_setaddrs_from_fd): return error correctly.
2547 * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files
2549 Tue Nov 11 02:53:19 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2551 * lib/krb5/auth_context.c: Implement auth_con_setuserkey.
2553 * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.
2555 * lib/krb5/keyblock.c: Rename krb5_free_keyblock to
2556 krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.
2558 * lib/krb5/rd_req.c: Use auth_context->keyblock if
2559 ap_options.use_session_key.
2561 Tue Nov 11 02:35:17 1997 Assar Westerlund <assar@sics.se>
2563 * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
2566 * lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>
2568 * include/Makefile.am: add xdbm.h
2570 Tue Nov 11 01:58:22 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2572 * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.
2574 Mon Nov 10 22:41:53 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2576 * lib/krb5/ticket.c: Implement copy_ticket.
2578 * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.
2580 * lib/krb5/data.c: Implement free_data and copy_data.
2582 Sun Nov 9 02:17:27 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2584 * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.
2586 * kadmin/kadmin.c: Add get_privileges function.
2588 * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
2591 * kdc/connect.c: Exit if no sockets could be bound.
2593 * kadmin/kadmind.c: Check return value from krb5_net_read().
2595 * lib/kadm5,kadmin: Fix memory leaks.
2597 Fri Nov 7 02:45:26 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2599 * lib/kadm5/create_s.c: Get some default values from `default'
2602 * lib/kadm5/ent_setup.c: Add optional default entry to get some
2605 Thu Nov 6 00:20:41 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2607 * lib/error/compile_et.awk: Remove generated destroy_*_error_table
2610 * kadmin/kadmind.c: Crude admin server.
2612 * kadmin/kadmin.c: Update to use remote protocol.
2614 * kadmin/get.c: Fix principal formatting.
2616 * lib/kadm5: Add client support.
2618 * lib/kadm5/error.c: Error code mapping.
2620 * lib/kadm5/server.c: Kadmind support function.
2622 * lib/kadm5/marshall.c: Kadm5 marshalling.
2624 * lib/kadm5/acl.c: Simple acl system.
2626 * lib/kadm5/kadm5_locl.h: Add client stuff.
2628 * lib/kadm5/init_s.c: Initialize acl.
2630 * lib/kadm5/*: Return values.
2632 * lib/kadm5/create_s.c: Correct kvno.
2634 Wed Nov 5 22:06:50 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2636 * lib/krb5/log.c: Fix parsing of log destinations.
2638 Mon Nov 3 20:33:55 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2640 * lib/krb5/principal.c: Reduce number of reallocs in unparse_name.
2642 Sat Nov 1 01:40:53 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2644 * kadmin: Simple kadmin utility.
2646 * admin/ktutil.c: Print keytype.
2648 * lib/kadm5/get_s.c: Set correct n_key_data.
2650 * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
2653 * lib/kadm5/destroy_s.c: Check for allocated context.
2655 * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().
2657 Sat Nov 1 00:21:00 1997 Assar Westerlund <assar@sics.se>
2659 * configure.in: test for readv, writev
2661 Wed Oct 29 23:41:26 1997 Assar Westerlund <assar@sics.se>
2663 * lib/krb5/warn.c (_warnerr): handle the case of an illegal error
2666 * kdc/kerberos5.c (encode_reply): return success
2668 Wed Oct 29 18:01:59 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2670 * kdc/kerberos5.c (find_etype) Return correct index of selected
2673 Wed Oct 29 04:07:06 1997 Assar Westerlund <assar@sics.se>
2677 * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
2678 environment variable
2680 * *: use the roken_get*-macros from roken.h for the benefit of
2683 * configure.in: add --{enable,disable}-otp. check for compatible
2684 prototypes for gethostbyname, gethostbyaddr, getservbyname, and
2685 openlog (they have strange prototypes on Crays)
2687 * acinclude.m4: new macro `AC_PROTO_COMPAT'
2689 Tue Oct 28 00:11:22 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2691 * kdc/connect.c: Log bad requests.
2693 * kdc/kerberos5.c: Move stuff that's in common between as_rep and
2694 tgs_rep to separate functions.
2696 * kdc/kerberos5.c: Fix user-to-user authentication.
2698 * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
2699 - add a kdc-options argument to krb5_get_credentials, and rename
2700 it to krb5_get_credentials_with_flags
2701 - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
2702 - add some more user-to-user glue
2704 * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
2705 function, krb5_decrypt_ticket, so it is easier to decrypt and
2706 check a ticket without having an ap-req.
2708 * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
2711 * lib/krb5/crc.c (crc_init_table): Check if table is already
2714 Sun Oct 26 04:51:02 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2716 * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
2717 indefinite encoding.
2719 * lib/asn1/gen_glue.c (generate_units): Check for empty
2722 Sat Oct 25 07:24:57 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2724 * lib/error/compile_et.awk: Allow specifying table-base.
2726 Tue Oct 21 20:21:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2728 * kdc/kerberos5.c: Check version number of krbtgt.
2730 Mon Oct 20 01:14:53 1997 Assar Westerlund <assar@sics.se>
2732 * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
2733 case of unhidden prompts.
2735 * lib/krb5/str2key.c (string_to_key_internal): return error
2736 instead of aborting. always free memory
2738 * admin/ktutil.c: add `help' command
2740 * admin/kdb_edit.c: implement new commands: add_random_key(ark),
2741 change_password(cpw), change_random_key(crk)
2743 Thu Oct 16 05:16:36 1997 Assar Westerlund <assar@sics.se>
2745 * kpasswd/kpasswdd.c: change all the keys in the database
2747 * kdc: removed all unsealing, now done by the hdb layer
2749 * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
2750 and `hdb_clear_master_key'
2752 * admin/misc.c: removed
2754 Wed Oct 15 22:47:31 1997 Assar Westerlund <assar@sics.se>
2756 * kuser/klist.c: print year as YYYY iff verbose
2758 Wed Oct 15 20:02:13 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2760 * kuser/klist.c: print etype from ticket
2762 Mon Oct 13 17:18:57 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2766 * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
2767 used to decrypt the reply from DCE secds.
2769 * lib/krb5/auth_context.c: Add {get,set}enctype.
2771 * lib/krb5/get_cred.c: Fix for DCE secd.
2773 * lib/krb5/store.c: Store keytype twice, as MIT does.
2775 * lib/krb5/get_in_tkt.c: Use etype from reply.
2777 Fri Oct 10 00:39:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2779 * kdc/connect.c: check for leading '/' in http request
2781 Tue Sep 30 21:50:18 1997 Assar Westerlund <assar@assaris.pdc.kth.se>
2785 Mon Sep 29 15:58:43 1997 Assar Westerlund <assar@sics.se>
2787 * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
2788 the kvno or keytype before receiving the AP-REQ
2790 * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
2791 use from the keytype.
2793 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
2794 cksumtype to use from the keytype.
2796 * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
2799 * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype
2801 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
2802 what etype to use from the keytype.
2804 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
2805 handle other key types than DES
2807 * lib/krb5/encrypt.c (key_type): add `best_cksumtype'
2808 (krb5_keytype_to_cksumtype): new function
2810 * lib/krb5/build_auth.c (krb5_build_authenticator): figure out
2811 what etype to use from the keytype.
2813 * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
2816 * admin/extkeytab.c (ext_keytab): extract all keys
2818 * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge
2820 * configure.in: check for <netinet6/in6.h>. check for -linet6
2822 Tue Sep 23 03:00:53 1997 Assar Westerlund <assar@sics.se>
2824 * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1
2826 * lib/krb5/rd_safe.c: fix check for keyed and collision-proof
2829 * lib/krb5/context.c (valid_etype): remove hard-coded constants
2830 (default_etypes): include DES3
2832 * kdc/kerberos5.c: fix check for keyed and collision-proof
2835 * admin/util.c (init_des_key, set_password): DES3 keys also
2837 * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
2840 * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'
2842 Mon Sep 22 11:44:27 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
2844 * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
2845 the client is used to select wich key to encrypt the kdc rep with
2846 (in case of as-req), and with the server info to select the
2847 session key type. The server key the ticket is encrypted is based
2848 purely on the keys in the database.
2850 * kdc/string2key.c: Add keytype support. Default to version 5
2853 * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.
2855 * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
2856 many *_to_* functions.
2858 * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
2859 to krb5_string_to_key().
2861 * lib/krb5/checksum.c: Some cleanup, and added:
2864 - keyed and collision proof flags to each checksum method
2865 - checksum<->string functions.
2867 * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.
2869 Sun Sep 21 15:19:23 1997 Assar Westerlund <assar@sics.se>
2871 * kdc/connect.c: use new addr_families functions
2873 * kpasswd/kpasswdd.c: use new addr_families functions. Now works
2876 * kuser/klist.c: use correct symbols for address families
2878 * lib/krb5/sock_principal.c: use new addr_families functions
2880 * lib/krb5/send_to_kdc.c: use new addr_families functions
2882 * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6
2884 * lib/krb5/get_addrs.c: use new addr_families functions
2886 * lib/krb5/changepw.c: use new addr_families functions. Now works
2889 * lib/krb5/auth_context.c: use new addr_families functions
2891 * lib/krb5/addr_families.c: new file
2893 * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated
2896 * acinclude.m4: new macro `AC_KRB_IPV6'. Use it.
2898 Sat Sep 13 23:04:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2900 * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
2903 Sat Sep 13 00:59:36 1997 Assar Westerlund <assar@sics.se>
2907 * appl/telnet/telnet/commands.c: AF_INET6 support
2909 * admin/misc.c: new file
2911 * lib/krb5/context.c: new configuration variable `max_retries'
2913 * lib/krb5/get_addrs.c: fixes and better #ifdef's
2915 * lib/krb5/config_file.c: implement krb5_config_get_int
2917 * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
2920 * kuser/klist.c: support for printing IPv6-addresses
2922 * kdc/connect.c: support AF_INET6
2924 * configure.in: test for gethostbyname2 and struct sockaddr_in6
2926 Thu Sep 11 07:25:28 1997 Assar Westerlund <assar@sics.se>
2928 * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
2931 Wed Sep 10 21:20:17 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2933 * kdc/kerberos5.c: Fixes for cross-realm, including (but not
2935 - allow client to be non-existant (should probably check for
2937 - if server isn't found and it is a request for a krbtgt, try to
2938 find a realm on the way to the requested realm
2939 - update the transited encoding iff
2940 client-realm != server-realm != tgt-realm
2942 * lib/krb5/get_cred.c: Several fixes for cross-realm.
2944 Tue Sep 9 15:59:20 1997 Johan Danielsson <joda@emma.pdc.kth.se>
2946 * kdc/string2key.c: Fix password handling.
2948 * lib/krb5/encrypt.c: krb5_key_to_string
2950 Tue Sep 9 07:46:05 1997 Assar Westerlund <assar@sics.se>
2952 * lib/krb5/get_addrs.c: rewrote. Now should be able to handle
2953 aliases and IPv6 addresses
2955 * kuser/klist.c: try printing IPv6 addresses
2957 * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192
2959 * configure.in: check for <netinet/in6_var.h>
2961 Mon Sep 8 02:57:14 1997 Assar Westerlund <assar@sics.se>
2965 * admin/util.c (init_des_key): increase kvno
2966 (set_password): return -1 if `des_read_pw_string' failed
2968 * admin/mod.c (doit2): check the return value from `set_password'
2970 * admin/ank.c (doit): don't add a new entry if `set_password'
2973 Mon Sep 8 02:20:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
2975 * lib/krb5/verify_init.c: fix ap_req_nofail semantics
2977 * lib/krb5/transited.c: something that might resemble
2978 domain-x500-compress
2980 Mon Sep 8 01:24:42 1997 Assar Westerlund <assar@sics.se>
2982 * kdc/hpropd.c (main): check number of arguments
2984 * appl/popper/pop_init.c (pop_init): check number of arguments
2986 * kpasswd/kpasswd.c (main): check number of arguments
2988 * kdc/string2key.c (main): check number of arguments
2990 * kuser/kdestroy.c (main): check number of arguments
2992 * kuser/kinit.c (main): check number of arguments
2994 * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
2995 break out of select when a signal arrives
2997 * kdc/main.c (main): use sigaction without SA_RESTART to break out
2998 of select when a signal arrives
3000 * kdc/kstash.c: default to HDB_DB_DIR "/m-key"
3002 * kdc/config.c (configure): add `--version'. Check the number of
3003 arguments. Handle the case of there being no specification of port
3006 * admin/util.c: seal and unseal key at appropriate places
3008 * admin/kdb_edit.c (main): parse arguments, config file and read
3009 master key iff there's one.
3011 * admin/extkeytab.c (ext_keytab): unseal key while extracting
3013 Sun Sep 7 20:41:01 1997 Assar Westerlund <assar@sics.se>
3015 * lib/roken/roken.h: include <fcntl.h>
3017 * kdc/kerberos5.c (set_salt_padata): new function
3019 * appl/telnet/telnetd/telnetd.c: Rename some variables that
3020 conflict with cpp symbols on HP-UX 10.20
3022 * change all calls of `gethostbyaddr' to cast argument 1 to `const
3025 * acconfig.h: only use SGTTY on nextstep
3027 Sun Sep 7 14:33:50 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3029 * kdc/kerberos5.c: Check invalid flag.
3031 Fri Sep 5 14:19:38 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3033 * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.
3035 * lib/kafs: Move functions common to krb/krb5 modules to new file,
3036 and make things more modular.
3038 * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
3041 Thu Sep 4 23:39:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3043 * lib/krb5/get_addrs.c: Fix loopback test.
3045 Thu Sep 4 04:45:49 1997 Assar Westerlund <assar@sics.se>
3047 * lib/roken/roken.h: fallback definition of `O_ACCMODE'
3049 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
3050 checking for a v4 reply
3052 Wed Sep 3 18:20:14 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3054 * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.
3056 * lib/hdb/hdb.c: new {seal,unseal}_keys functions
3058 * kdc/{hprop,hpropd}.c: Add support to dump database to stdout.
3060 * kdc/hprop.c: Don't use same master key as version 4.
3062 * admin/util.c: Don't dump core if no `default' is found.
3064 Wed Sep 3 16:01:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3066 * kdc/connect.c: Allow run time port specification.
3068 * kdc/config.c: Add flags for http support, and port
3071 Tue Sep 2 02:00:03 1997 Assar Westerlund <assar@sics.se>
3073 * include/bits.c: Don't generate ifndef's in bits.h. Instead, use
3074 them when building the program. This makes it possible to include
3075 bits.h without having defined all HAVE_INT17_T symbols.
3077 * configure.in: test for sigaction
3079 * doc: updated documentation.
3081 Tue Sep 2 00:20:31 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3085 Mon Sep 1 17:42:14 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3087 * lib/krb5/data.c: don't return ENOMEM if len == 0
3089 Sun Aug 31 17:15:49 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3091 * lib/hdb/hdb.asn1: Include salt type in salt.
3093 * kdc/hprop.h: Change port to 754.
3095 * kdc/hpropd.c: Verify who tries to transmit a database.
3097 * appl/popper: Use getarg and krb5_log.
3099 * lib/krb5/get_port.c: Add context parameter. Now takes port in
3102 Sat Aug 30 18:48:19 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3104 * kdc/connect.c: Add timeout to select, and log about expired tcp
3107 * kdc/config.c: Add `database' option.
3109 * kdc/hpropd.c: Log about duplicate entries.
3111 * lib/hdb/{db,ndbm}.c: Use common routines.
3113 * lib/hdb/common.c: Implement more generic fetch/store/delete
3116 * lib/hdb/hdb.h: Add `replace' parameter to store.
3118 * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
3121 Fri Aug 29 03:13:23 1997 Assar Westerlund <assar@sics.se>
3123 * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket
3125 * aux/make-proto.pl: fix __P for stone age mode
3127 Fri Aug 29 02:45:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3129 * lib/45/mk_req.c: implementation of krb_mk_req that uses 524
3132 * lib/krb5/init_creds_pw.c: make change_password and
3133 get_init_creds_common static
3135 * lib/krb5/krb5.h: Merge stuff from removed headerfiles.
3137 * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops
3139 * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops
3141 Fri Aug 29 01:45:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3143 * lib/krb5/krb5.h: Remove all prototypes.
3145 * lib/krb5/convert_creds.c: Use `struct credentials' instead of
3148 Fri Aug 29 00:08:18 1997 Assar Westerlund <assar@sics.se>
3150 * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
3151 and units for bit strings.
3153 * admin/util.c: flags2int, int2flags, and flag_units are now
3154 generated by asn1_compile
3156 * lib/roken/parse_units.c: generalised `parse_units' and
3157 `unparse_units' and added new functions `parse_flags' and
3158 `unparse_flags' that use these
3160 * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h
3162 * admin/util.c: Use {un,}parse_flags for printing and parsing
3165 Thu Aug 28 03:26:12 1997 Assar Westerlund <assar@sics.se>
3167 * lib/krb5/get_addrs.c: restructured
3169 * lib/krb5/warn.c (_warnerr): leak less memory
3171 * lib/hdb/hdb.c (hdb_free_entry): zero keys
3172 (hdb_check_db_format): leak less memory
3174 * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
3175 NDBM__get, NDBM__put
3177 * lib/hdb/db.c (DB_seq): check for valid hdb_entries
3179 Thu Aug 28 02:06:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3181 * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.
3183 Thu Aug 28 01:13:17 1997 Assar Westerlund <assar@sics.se>
3185 * kuser/kinit.1, klist.1, kdestroy.1: new man pages
3187 * kpasswd/kpasswd.1, kpasswdd.8: new man pages
3189 * kdc/kstash.8, hprop.8, hpropd.8: new man pages
3191 * admin/ktutil.8, admin/kdb_edit.8: new man pages
3193 * admin/mod.c: new file
3195 * admin/life.c: renamed gettime and puttime to getlife and putlife
3196 and moved them to life.c
3198 * admin/util.c: add print_flags, parse_flags, init_entry,
3199 set_created_by, set_modified_by, edit_entry, set_password. Use
3202 * admin/get.c: use print_flags
3204 * admin: removed unused stuff. use krb5_{warn,err}*
3206 * admin/ank.c: re-organized and abstracted.
3208 * admin/gettime.c: removed
3210 Thu Aug 28 00:37:39 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3212 * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.
3214 * lib/roken/base64.c: Add base64 functions.
3216 * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.
3218 Wed Aug 27 00:29:20 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3220 * include/Makefile.am: Don't make links to built files.
3222 * admin/kdb_edit.c: Add command to set the database path.
3224 * lib/hdb: Include version number in database.
3226 Tue Aug 26 20:14:54 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3228 * admin/ktutil: Merged v4 srvtab conversion.
3230 Mon Aug 25 23:02:18 1997 Assar Westerlund <assar@sics.se>
3232 * lib/roken/roken.h: add F_OK
3234 * lib/gssapi/acquire_creds.c: fix typo
3236 * configure.in: call AC_TYPE_MODE_T
3238 * acinclude.m4: Add AC_TYPE_MODE_T
3240 Sun Aug 24 16:46:53 1997 Assar Westerlund <assar@sics.se>
3244 Sun Aug 24 08:06:54 1997 Assar Westerlund <assar@sics.se>
3246 * appl/popper/pop_pass.c: log poppers
3248 * kdc/kaserver.c: some more checks
3250 * kpasswd/kpasswd.c: removed `-p'
3252 * kuser/kinit.c: removed `-p'
3254 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
3255 KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.
3257 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
3260 * lib/gssapi/import_name.c (input_name): more names types.
3262 * admin/load.c (parse_keys): handle the case of an empty salt
3264 * kdc/kaserver.c: fix up memory deallocation
3266 * kdc/kaserver.c: quick hack at talking kaserver protocol
3268 * kdc/kerberos4.c: Make `db-fetch4' global
3270 * configure.in: add --enable-kaserver
3272 * kdc/rx.h, kdc/kerberos4.h: new header files
3274 * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o
3276 Sun Aug 24 03:52:44 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3278 * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
3281 * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.
3283 * lib/des/{md4,md5,sha}.c: Now works on Crays.
3285 Sat Aug 23 18:15:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3287 * appl/afsutil/afslog.c: If no cells or files specified, get
3288 tokens for all local cells. Better test for files.
3290 Thu Aug 21 23:33:38 1997 Assar Westerlund <assar@sics.se>
3292 * lib/gssapi/v1.c: new file with v1 compatibility functions.
3294 Thu Aug 21 20:36:13 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3296 * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.
3298 * kdc/kerberos4.c: Check database when converting v4 principals.
3300 * kdc/kerberos5.c: Include kvno in Ticket.
3302 * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.
3304 * kuser/klist.c: Print version number of ticket, include more
3307 Wed Aug 20 21:26:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3309 * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
3312 Wed Aug 20 17:40:31 1997 Assar Westerlund <assar@sics.se>
3314 * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
3317 * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
3318 documentation and process KRB-ERROR's
3320 Tue Aug 19 20:41:30 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3322 * kdc/kerberos4.c: Fix memory leak in v4 protocol handler.
3324 Mon Aug 18 05:15:09 1997 Assar Westerlund <assar@sics.se>
3326 * lib/gssapi/accept_sec_context.c: Added
3327 `gsskrb5_register_acceptor_identity'
3329 Sun Aug 17 01:40:20 1997 Assar Westerlund <assar@sics.se>
3331 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
3332 always pass server == NULL to krb5_rd_req.
3334 * lib/gssapi: new files: canonicalize_name.c export_name.c
3335 context_time.c compare_name.c release_cred.c acquire_cred.c
3336 inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au>
3338 * lib/krb5/config_file.c: Add netinfo support from Luke Howard
3339 <lukeh@xedoc.com.au>
3341 * lib/editline/sysunix.c: sgtty-support from Luke Howard
3342 <lukeh@xedoc.com.au>
3344 * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
3345 Howard <lukeh@xedoc.com.au>
3347 Sat Aug 16 00:44:47 1997 Assar Westerlund <assar@koi.pdc.kth.se>
3351 Sat Aug 16 00:23:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3353 * appl/afsutil/afslog.c: Use new libkafs.
3355 * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.
3357 * lib/krb5/warn.c: Fix format string for *x type.
3359 Fri Aug 15 22:15:01 1997 Assar Westerlund <assar@sics.se>
3361 * admin/get.c (get_entry): print more information about the entry
3363 * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed
3365 * lib/krb5/config_file.c: new functions `krb5_config_get_time' and
3366 `krb5_config_vget_time'. Use them.
3368 Fri Aug 15 00:09:37 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3370 * admin/ktutil.c: Keytab manipulation program.
3372 * lib/krb5/keytab.c: Return sane values from resolve and
3375 * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.
3377 * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
3378 krb524_convert_creds_kdc.
3380 * lib/krb5/convert_creds.c: Implementation of
3381 krb524_convert_creds_kdc.
3383 * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL
3385 * kdc/524.c: A somewhat working 524-protocol module.
3387 * kdc/kerberos4.c: Add version 4 ticket encoding and encryption
3390 * lib/krb5/context.c: Fix kdc_timeout.
3392 * lib/hdb/{ndbm,db}.c: Free name in close.
3394 * kdc/kerberos5.c (tgs_check_autenticator): Return error code
3396 Thu Aug 14 21:29:03 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3398 * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.
3400 * lib/krb5/store_emem.c: Fix reallocation bug.
3402 Tue Aug 12 01:29:46 1997 Assar Westerlund <assar@sics.se>
3404 * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
3405 `krb5_sock_to_principal'. Send server parameter to
3406 krb5_rd_req/krb5_recvauth. Set addresses in auth_context.
3408 * lib/krb5/recvauth.c: Set addresses in auth_context if there
3411 * lib/krb5/auth_context.c: New function
3412 `krb5_auth_con_setaddrs_from_fd'
3414 * lib/krb5/sock_principal.c: new function
3415 `krb5_sock_to_principal'
3417 * lib/krb5/time.c: new file with `krb5_timeofday' and
3418 `krb5_us_timeofday'. Use these functions.
3420 * kuser/klist.c: print KDC offset iff verbose
3422 * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
3423 [libdefaults]kdc_timesync is set.
3425 * lib/krb5/fcache.c: Implement version 4 of the ccache format.
3427 Mon Aug 11 05:34:43 1997 Assar Westerlund <assar@sics.se>
3429 * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory
3431 * lib/krb5/principal.c (krb5_unparse_name): allocate memory
3434 * kpasswd/kpasswd.c: Use `krb5_change_password'
3436 * lib/krb5/init_creds_pw.c (init_cred): set realm of server
3439 * lib/krb5/init_creds_pw.c: support changing of password when it
3442 * lib/krb5/changepw.c: new file
3444 * kuser/klist.c: use getarg
3446 * admin/init.c (init): add `kadmin/changepw'
3448 Mon Aug 11 04:30:47 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3450 * lib/krb5/get_cred.c: Make get_credentials handle cross-realm.
3452 Mon Aug 11 00:03:24 1997 Assar Westerlund <assar@sics.se>
3454 * lib/krb5/config_file.c: implement support for #-comments
3456 Sat Aug 9 02:21:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3458 * kdc/hprop*.c: Add database propagation programs.
3460 * kdc/connect.c: Max request size.
3462 Sat Aug 9 00:47:28 1997 Assar Westerlund <assar@sics.se>
3464 * lib/otp: resurrected from krb4
3466 * appl/push: new program for fetching mail with POP.
3468 * appl/popper/popper.h: new include files. new fields in `POP'
3470 * appl/popper/pop_pass.c: Implement both v4 and v5.
3472 * appl/popper/pop_init.c: Implement both v4 and v5.
3474 * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5
3476 * appl/popper: Popper from krb4.
3478 * configure.in: check for inline and <netinet/tcp.h> generate
3479 files in appl/popper, appl/push, and lib/otp
3481 Fri Aug 8 05:51:02 1997 Assar Westerlund <assar@sics.se>
3483 * lib/krb5/get_cred.c: clean-up and try to free memory even when
3486 * lib/krb5/get_cred.c: adapt to new `extract_ticket'
3488 * lib/krb5/get_in_tkt.c: reorganize. check everything and try to
3489 return memory even if there are errors.
3491 * kuser/kverify.c: new file
3493 * lib/krb5/free_host_realm.c: new file
3495 * lib/krb5/principal.c (krb5_sname_to_principal): implement
3496 different nametypes. Also free memory.
3498 * lib/krb5/verify_init.c: more functionality
3500 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum
3502 * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
3503 principals in creds. Should also compare them with that received
3506 * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
3508 (krb5_cc_destroy): call krb5_cc_close
3509 (krb5_cc_retrieve_cred): delete the unused creds
3511 Fri Aug 8 02:30:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3513 * lib/krb5/log.c: Allow better control of destinations of logging
3514 (like passing explicit destinations, and log-functions).
3516 Fri Aug 8 01:20:39 1997 Assar Westerlund <assar@sics.se>
3518 * lib/krb5/get_default_principal.c: new file
3520 * kpasswd/kpasswdd.c: use krb5_log*
3522 Fri Aug 8 00:37:47 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3524 * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.
3526 Fri Aug 8 00:37:17 1997 Assar Westerlund <assar@sics.se>
3528 * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
3529 Print password expire information.
3531 * kdc/config.c: new variable `kdc_warn_pwexpire'
3533 * kpasswd/kpasswd.c: converted to getarg and get_init_creds
3535 Thu Aug 7 22:17:09 1997 Assar Westerlund <assar@sics.se>
3537 * lib/krb5/mcache.c: new file
3539 * admin/gettime.c: new function puttime. Use it.
3541 * lib/krb5/keyblock.c: Added krb5_free_keyblock and
3544 * lib/krb5/init_creds_pw.c: more functionality
3546 * lib/krb5/creds.c: Added krb5_free_creds_contents and
3547 krb5_copy_creds. Changed callers.
3549 * lib/krb5/config_file.c: new functions krb5_config_get and
3552 * lib/krb5/cache.c: cleanup added mcache
3554 * kdc/kerberos5.c: include last-req's of type 6 and 7, if
3557 Wed Aug 6 20:38:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3559 * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.
3561 Tue Aug 5 22:53:54 1997 Assar Westerlund <assar@sics.se>
3563 * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
3564 prompter_posix.c: the beginning of an implementation of the cygnus
3567 * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global
3569 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
3570 almost krb5_get_in_tkt but doesn't write the creds to the ccache.
3571 Small fixes in krb5_get_in_tkt
3573 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
3576 Mon Aug 4 20:20:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3578 * kdc: Make context global.
3580 Fri Aug 1 17:23:56 1997 Assar Westerlund <assar@sics.se>
3584 * lib/roken/flock.c: new file
3586 * kuser/kinit.c: check for and print expiry information in the
3589 * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL
3591 * kdc/kerberos5.c: Check the valid times on client and server.
3592 Check the password expiration.
3593 Check the require_preauth flag.
3594 Send an lr_type == 6 with pw_end.
3595 Set key.expiration to min(valid_end, pw_end)
3597 * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'
3599 * admin/util.c, admin/load.c: handle the new flags.
3601 Fri Aug 1 16:56:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3603 * lib/hdb: Add some simple locking.
3605 Sun Jul 27 04:44:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3607 * lib/krb5/log.c: Add some general logging functions.
3609 * kdc/kerberos4.c: Add version 4 protocol handler. The requrement
3610 for this to work is that all involved principals has a des key in
3611 the database, and that the client has a version 4 (un-)salted
3612 key. Furthermore krb5_425_conv_principal has to do it's job, as
3613 present it's not very clever.
3615 * lib/krb5/principal.c: Quick patch to make 425_conv work
3618 * lib/hdb/hdb.c: Add keytype->key and next key functions.
3620 Fri Jul 25 17:32:12 1997 Assar Westerlund <assar@sics.se>
3622 * lib/krb5/build_auth.c (krb5_build_authenticator): don't free
3623 `cksum'. It's allocated and freed by the caller
3625 * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.
3627 * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
3628 `client' to return as part of the KRB-ERROR
3630 Thu Jul 24 08:13:59 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3632 * kdc/kerberos5.c: Unseal keys from database before use.
3634 * kdc/misc.c: New functions set_master_key, unseal_key and
3637 * lib/roken/getarg.c: Handle `-f arg' correctly.
3639 Thu Jul 24 01:54:43 1997 Assar Westerlund <assar@sics.se>
3641 * kuser/kinit.c: implement `-l' aka `--lifetime'
3643 * lib/roken/parse_units.c, parse_time.c: new files
3645 * admin/gettime.c (gettime): use `parse_time'
3647 * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
3648 KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.
3650 * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
3651 addresses in auth_context bind one socket per interface.
3653 * kpasswd/kpasswd.c: use sequence numbers
3655 * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
3658 * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
3661 * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
3664 * lib/krb5/mk_error.c (krb5_mk_error): return an error number and
3665 not a comerr'd number.
3667 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
3668 number in KRB-ERROR correctly.
3670 * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
3671 number in KRB-ERROR correctly.
3673 * lib/asn1/k5.asn1: Add `METHOD-DATA'
3675 * removed some memory leaks.
3677 Wed Jul 23 07:53:18 1997 Assar Westerlund <assar@sics.se>
3681 * lib/krb5/rd_cred.c, get_for_creds.c: new files
3683 * lib/krb5/get_host_realm.c: try default realm as last chance
3685 * kpasswd/kpasswdd.c: updated to hdb changes
3687 * appl/telnet/libtelnet/kerberos5.c: Implement forwarding
3689 * appl/telnet/libtelnet: removed totally unused files
3691 * admin/ank.c: fix prompts and generation of random keys
3693 Wed Jul 23 04:02:32 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3695 * admin/dump.c: Include salt in dump.
3697 * admin: Mostly updated for new db-format.
3699 * kdc/kerberos5.c: Update to use new db format. Better checking of
3700 flags and such. More logging.
3702 * lib/hdb/hdb.c: Use generated encode and decode functions.
3704 * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.
3706 * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
3709 Sun Jul 20 16:22:30 1997 Assar Westerlund <assar@sics.se>
3711 * kuser/kinit.c: break if des_read_pw_string() != 0
3713 * kpasswd/kpasswdd.c: send a reply
3715 * kpasswd/kpasswd.c: restructured code. better report on
3716 krb-error break if des_read_pw_string() != 0
3718 * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
3719 starttime and renew_till
3721 * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
3722 keyblock to krb5_verify_chekcsum
3724 Sun Jul 20 06:35:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3728 * kpasswd/kpasswd.c: Avoid using non-standard struct names.
3730 Sat Jul 19 19:26:23 1997 Assar Westerlund <assar@sics.se>
3732 * lib/krb5/keytab.c (krb5_kt_get_entry): check return from
3733 `krb5_kt_start_seq_get'. From <map@stacken.kth.se>
3735 Sat Jul 19 04:07:39 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3737 * lib/asn1/k5.asn1: Update with more pa-data types from
3738 draft-ietf-cat-kerberos-revisions-00.txt
3740 * admin/load.c: Update to match current db-format.
3742 * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
3743 up. Send back an empty pa-data if the client has the v4 flag set.
3745 * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
3746 pa-data. DTRT if there is any pa-data in the reply.
3748 * lib/krb5/str2key.c: XOR with some sane value.
3750 * lib/hdb/hdb.h: Add `version 4 salted key' flag.
3752 * kuser/kinit.c: Ask for password before calling get_in_tkt. This
3753 makes it possible to call key_proc more than once.
3755 * kdc/string2key.c: Add flags to output version 5 (DES only),
3756 version 4, and AFS string-to-key of a password.
3758 * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
3761 Fri Jul 18 02:54:58 1997 Assar Westerlund <assar@sics.se>
3763 * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
3766 * kdc/misc.c: check result of hdb_open
3768 * admin/kdb_edit: updated to new sl
3770 * lib/sl: sl_func now returns an int. != 0 means to exit.
3772 * kpasswd/kpasswdd: A crude (but somewhat working) implementation
3773 of `draft-ietf-cat-kerb-chg-password-00.txt'
3775 Fri Jul 18 00:55:39 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3777 * kuser/krenew.c: Crude ticket renewing program.
3779 * kdc/kerberos5.c: Rewritten flags parsing, it now might work to
3780 get forwarded and renewed tickets.
3782 * kuser/kinit.c: Add `-r' flag.
3784 * lib/krb5/get_cred.c: Move most of contents of get_creds to new
3785 function get_kdc_cred, that always contacts the kdc and doesn't
3786 save in the cache. This is a hack.
3788 * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
3791 * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.
3793 * lib/krb5/send_to_kdc.c: Get timeout from context.
3795 * lib/krb5/context.c: Add kdc_timeout to context struct.
3797 Thu Jul 17 20:35:45 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3799 * kuser/klist.c: Print start time of ticket if available.
3801 * lib/krb5/get_host_realm.c: Return error if no realm was found.
3803 Thu Jul 17 20:28:21 1997 Assar Westerlund <assar@sics.se>
3805 * kpasswd: non-working kpasswd added
3807 Thu Jul 17 00:21:22 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3811 * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.
3813 Wed Jul 16 03:37:41 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3815 * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.
3817 * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
3820 * lib/krb5/principal.c (krb5_free_principal): Check for NULL.
3822 * lib/krb5/send_to_kdc.c: Check for NULL return from
3825 * lib/krb5/set_default_realm.c: Try to get realm of local host if
3826 no default realm is available.
3828 * Remove non ASN.1 principal code.
3830 Wed Jul 16 03:17:30 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3832 * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
3833 error handing. Do some logging.
3835 * kdc/log.c: Some simple logging facilities.
3837 * kdc/misc.c (db_fetch): Take a krb5_principal.
3839 * kdc/connect.c: Pass address of request to as_rep and
3840 tgs_rep. Send KRB-ERROR.
3842 * lib/krb5/mk_error.c: Add more fields.
3844 * lib/krb5/get_cred.c: Print normal error code if no e_text is
3847 Wed Jul 16 03:07:50 1997 Assar Westerlund <assar@sics.se>
3849 * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
3850 Change encryption type of pa_enc_timestamp to DES-CBC-MD5
3852 * lib/krb5/context.c: recognize all encryption types actually
3855 * lib/krb5/auth_context.c (krb5_auth_con_init): Change default
3856 encryption type to `DES_CBC_MD5'
3858 * lib/krb5/read_message.c, write_message.c: new files
3860 Tue Jul 15 17:14:21 1997 Assar Westerlund <assar@sics.se>
3862 * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.
3864 * lib/error/compile_et.awk: generate a prototype for the
3865 `destroy_foo_error_table' function.
3867 Mon Jul 14 12:24:40 1997 Assar Westerlund <assar@sics.se>
3869 * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
3870 with `kerberos.REALM'
3872 * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
3875 * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
3878 * lib/krb5/build_auth.c (krb5_build_authenticator): always
3881 * lib/krb5/address.c: implement `krb5_address_order'
3883 * lib/gssapi/import_name.c: Implement `gss_import_name'
3885 * lib/gssapi/external.c: Use new OID
3887 * lib/gssapi/encapsulate.c: New functions
3888 `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed
3891 * lib/gssapi/decapsulate.c: New function
3892 `gssaspi_krb5_verify_header'. Changed callers.
3894 * lib/asn1/gen*.c: Give tags to generated structs.
3895 Use `err' and `asprintf'
3897 * appl/test/gss_common.c: new file
3899 * appl/test/gssapi_server.c: removed all krb5 calls
3901 * appl/telnet/libtelnet/kerberos5.c: Add support for genering and
3902 verifying checksums. Also start using session subkeys.
3904 Mon Jul 14 12:08:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3906 * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.
3908 Sun Jul 13 03:07:44 1997 Assar Westerlund <assar@sics.se>
3910 * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT
3912 * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
3913 `DES_encrypt_key_ivec'
3915 * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des
3917 * kdc/kerberos5.c (tgs_rep): support keyed checksums
3919 * lib/krb5/creds.c: new file
3921 * lib/krb5/get_in_tkt.c: better freeing
3923 * lib/krb5/context.c (krb5_free_context): more freeing
3925 * lib/krb5/config_file.c: New function `krb5_config_file_free'
3927 * lib/error/compile_et.awk: Generate a `destroy_' function.
3929 * kuser/kinit.c, klist.c: Don't leak memory.
3931 Sun Jul 13 02:46:27 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3933 * kdc/connect.c: Check filedescriptor in select.
3935 * kdc/kerberos5.c: Remove most of the most common memory leaks.
3937 * lib/krb5/rd_req.c: Free allocated data.
3939 * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
3942 Sun Jul 13 00:32:16 1997 Assar Westerlund <assar@sics.se>
3944 * appl/telnet: Conditionalize the krb4-support.
3946 * configure.in: Test for krb4
3948 Sat Jul 12 17:14:12 1997 Assar Westerlund <assar@sics.se>
3950 * kdc/kerberos5.c: check if the pre-auth was decrypted properly.
3951 set the `pre_authent' flag
3953 * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.
3955 * lib/krb5/encrypt.c: Made `generate_random_block' global.
3957 * appl/test: Added gssapi_client and gssapi_server.
3959 * lib/krb5/data.c: Add `krb5_data_zero'
3961 * appl/test/tcp_client.c: try `mk_safe' and `mk_priv'
3963 * appl/test/tcp_server.c: try `rd_safe' and `rd_priv'
3965 Sat Jul 12 16:45:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3967 * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
3968 returns zero length from SIOCGIFCONF.
3970 Sat Jul 12 16:38:34 1997 Assar Westerlund <assar@sics.se>
3972 * appl/test: new programs
3974 * lib/krb5/rd_req.c: add address compare
3976 * lib/krb5/mk_req_ext.c: allow no checksum
3978 * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string
3980 * lib/krb5/address.c: fix `krb5_address_compare'
3982 Sat Jul 12 15:03:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3984 * lib/krb5/get_addrs.c: Fix ip4 address extraction.
3986 * kuser/klist.c: Add verbose flag, and split main into smaller
3989 * lib/krb5/fcache.c: Save ticket flags.
3991 * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
3994 * lib/krb5/krb5.h: Add ticket_flags to krb5_creds.
3996 Sat Jul 12 13:12:48 1997 Assar Westerlund <assar@sics.se>
3998 * configure.in: Call `AC_KRB_PROG_LN_S'
4000 * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4
4002 Sat Jul 12 00:57:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4004 * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
4007 Fri Jul 11 15:04:22 1997 Assar Westerlund <assar@sics.se>
4009 * appl/telnet: telnet & telnetd seems to be working.
4011 * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
4012 krb5_config_vget_next
4014 * appl/telnet/libtelnet/kerberos5.c: update to current API
4016 Thu Jul 10 14:54:39 1997 Assar Westerlund <assar@sics.se>
4018 * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
4021 * appl/telnet: Added.
4023 Thu Jul 10 05:09:25 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4025 * lib/error/compile_et.awk: Remove usage of sub, gsub, and
4026 functions for compatibility with awk.
4028 * include/bits.c: Must use signed char.
4030 * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
4033 * lib/error/error.c: Replace krb5_get_err_text with new function
4036 * lib/error/compile_et.awk: Avoid using static variables.
4038 * lib/error/error.c: Don't use krb5_locl.h
4040 * lib/error/error.h: Move definitions of error_table and
4041 error_list from krb5.h.
4043 * lib/error: Moved from lib/krb5.
4045 Wed Jul 9 07:42:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4047 * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.
4049 Wed Jul 9 06:58:00 1997 Assar Westerlund <assar@sics.se>
4051 * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
4052 according to pseudocode from 1510
4054 Wed Jul 9 06:06:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4056 * lib/hdb/hdb.c: Add hdb_etype2key.
4058 * kdc/kerberos5.c: Check authenticator. Use more general etype
4061 Wed Jul 9 03:51:12 1997 Assar Westerlund <assar@sics.se>
4063 * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
4064 draft-ietf-cat-kerberos-r-00.txt
4066 * lib/krb5/principal.c (krb5_parse_name): default to local realm
4069 * kuser/kinit.c: New option `-p' and prompt
4071 Wed Jul 9 02:30:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4073 * lib/krb5/keyblock.c: Keyblock generation functions.
4075 * lib/krb5/encrypt.c: Use functions from checksum.c.
4077 * lib/krb5/checksum.c: Move checksum functions here. Add
4078 krb5_cksumsize function.
4080 Wed Jul 9 01:15:38 1997 Assar Westerlund <assar@sics.se>
4082 * lib/krb5/get_host_realm.c: implemented
4084 * lib/krb5/config_file.c: Redid part. New functions:
4085 krb5_config_v?get_next
4087 * kuser/kdestroy.c: new program
4089 * kuser/kinit.c: new flag `-f'
4091 * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress
4093 * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN
4095 * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all
4098 * lib/krb5/get_addrs.c: figure out all local addresses, possibly
4101 * lib/krb5/checksum.c: table-driven checksum
4103 Mon Jul 7 21:13:28 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4105 * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
4108 Mon Jul 7 11:15:51 1997 Assar Westerlund <assar@sics.se>
4110 * lib/roken/vsyslog.c: new file
4112 * lib/krb5/encrypt.c: add des-cbc-md4.
4113 adjust krb5_encrypt and krb5_decrypt to reality
4115 Mon Jul 7 02:46:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4117 * lib/krb5/encrypt.c: Implement as a vector of function pointers.
4119 * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
4120 des-cbc-md5 in separate functions.
4122 * lib/krb5/krb5.h: Add more checksum and encryption types.
4124 * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.
4126 Sun Jul 6 23:02:59 1997 Assar Westerlund <assar@sics.se>
4128 * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files
4130 * lib/krb5/config_file.[ch]: new c-based configuration reading
4133 Wed Jul 2 23:12:56 1997 Assar Westerlund <assar@sics.se>
4135 * configure.in: Set WFLAGS if using gcc
4137 Wed Jul 2 17:47:03 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4139 * lib/asn1/der_put.c (der_put_int): Return size correctly.
4141 * admin/ank.c: Be compatible with the asn1 principal format.
4143 Wed Jul 1 23:52:20 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4145 * lib/asn1: Now all decode_* and encode_* functions now take a
4146 final size_t* argument, that they return the size in. Return
4147 values are zero for success, and anything else (such as some
4148 ASN1_* constant) for error.
4150 Mon Jun 30 06:08:14 1997 Assar Westerlund <assar@sics.se>
4152 * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
4155 * lib/krb5/get_cred.c: removed stale prototype for
4156 `extract_ticket' and corrected call.
4158 * lib/asn1/gen_length.c (length_type): Make the length functions
4159 for SequenceOf non-destructive
4161 * admin/ank.c (doit): Fix reading of `y/n'.
4163 Mon Jun 16 05:41:43 1997 Assar Westerlund <assar@sics.se>
4165 * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number
4167 * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.
4169 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
4170 KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum.
4172 * lib/gssapi/8003.c: New file.
4174 * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
4177 * lib/krb5/auth_context.c: New functions
4178 `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'
4180 Tue Jun 10 00:35:54 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4182 * lib/krb5: Preapre for use of some asn1-types.
4184 * lib/asn1/*.c (copy_*): Constness.
4186 * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
4189 * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
4192 * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
4193 have anything to do with asn1_compile.
4195 * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.
4197 Sun Jun 8 03:51:55 1997 Assar Westerlund <assar@sics.se>
4199 * kdc/kerberos5.c: Fix PA-ENC-TS-ENC
4201 * kdc/connect.c(process_request): Set `new'
4203 * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.
4205 * lib: Added editline,sl,roken.
4207 Mon Jun 2 00:37:48 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4209 * lib/krb5/fcache.c: Move file cache from cache.c.
4211 * lib/krb5/cache.c: Allow more than one cache type.
4213 Sun Jun 1 23:45:33 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4215 * admin/extkeytab.c: Merged with kdb_edit.
4217 Sun Jun 1 23:23:08 1997 Assar Westerlund <assar@sics.se>
4219 * kdc/kdc.c: more support for ENC-TS-ENC
4221 * lib/krb5/get_in_tkt.c: redone to enable pre-authentication
4223 Sun Jun 1 22:45:11 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4225 * lib/hdb/db.c: Merge fetch and store.
4227 * admin: Merge to one program.
4229 * lib/krb5/str2key.c: Fill in keytype and length.
4231 Sun Jun 1 16:31:23 1997 Assar Westerlund <assar@sics.se>
4233 * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
4234 lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
4235 KRB5_AUTH_CONTEXT_DO_SEQUENCE
4237 * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
4238 KRB_ERROR. Some support for PA_ENC_TS_ENC.
4240 * lib/krb5/auth_context.c: implemented seq_number functions
4242 * lib/krb5/generate_subkey.c, generate_seq_number.c: new files
4244 * lib/gssapi/gssapi.h: avoid including <krb5.h>
4246 * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
4249 * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP
4251 * configure.in: adapted to automake 1.1p
4253 Mon May 26 22:26:21 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4255 * lib/krb5/principal.c: Add contexts to many functions.
4257 Thu May 15 20:25:37 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4259 * lib/krb5/verify_user.c: First stab at a verify user.
4261 * lib/auth/sia/sia5.c: SIA module for Kerberos 5.
4263 Mon Apr 14 00:09:03 1997 Assar Westerlund <assar@sics.se>
4265 * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
4266 able to (mostly) run gss-client and gss-server.
4268 * lib/krb5/keytab.c: implemented krb5_kt_add_entry,
4269 krb5_kt_store_principal, krb5_kt_store_keyblock
4271 * lib/des/md5.[ch], sha.[ch]: new files
4273 * lib/asn1/der_get.c (generalizedtime2time): use `timegm'
4275 * lib/asn1/timegm.c: new file
4277 * admin/extkeytab.c: new program
4279 * admin/admin_locl.h: new file
4281 * admin/Makefile.am: Added extkeytab
4283 * configure.in: moved config to include
4284 removed timezone garbage
4285 added lib/gssapi and admin
4287 * Makefile.am: Added admin
4289 Mon Mar 17 11:34:05 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4291 * kdc/kdc.c: Use new copying functions, and free some data.
4293 * lib/asn1/Makefile.am: Try to not always rebuild generated files.
4295 * lib/asn1/der_put.c: Add fix_dce().
4297 * lib/asn1/der_{get,length,put}.c: Fix include files.
4299 * lib/asn1/der_free.c: Remove unused functions.
4301 * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
4302 gen_length, and gen_copy.
4304 Sun Mar 16 18:13:52 1997 Assar Westerlund <assar@sics.se>
4306 * lib/krb5/sendauth.c: implemented functionality
4308 * lib/krb5/rd_rep.c: Use `krb5_decrypt'
4310 * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
4313 * lib/krb5/principal.c (krb5_free_principal): added `context'
4314 argument. Changed all callers.
4316 (krb5_sname_to_principal): new function
4318 * lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
4319 argument. Changed all callers
4321 * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files
4323 * lib/asn1/gen.c: Fix encoding and decoding of BitStrings
4325 Fri Mar 14 11:29:00 1997 Assar Westerlund <assar@sics.se>
4327 * configure.in: look for *dbm?
4329 * lib/asn1/gen.c: Fix filename in generated files. Check fopens.
4330 Put trailing newline in asn1_files.
4332 Fri Mar 14 05:06:44 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4334 * lib/krb5/get_in_tkt.c: Fix some memory leaks.
4336 * lib/krb5/krbhst.c: Properly free hostlist.
4338 * lib/krb5/decrypt.c: CRCs are 32 bits.
4340 Fri Mar 14 04:39:15 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4342 * lib/asn1/gen.c: Generate one file for each type.
4344 Fri Mar 14 04:13:47 1997 Assar Westerlund <assar@sics.se>
4346 * lib/asn1/gen.c: Generate `length_FOO' functions
4348 * lib/asn1/der_length.c: new file
4350 * kuser/klist.c: renamed stime -> printable_time to avoid conflict
4353 Fri Mar 14 03:37:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4355 * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
4356 datums. Don't add .db to filename.
4358 Fri Mar 14 02:49:51 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4360 * kdc/dump.c: Database dump program.
4362 * kdc/ank.c: Trivial database editing program.
4364 * kdc/{kdc.c, load.c}: Use libhdb.
4366 * lib/hdb: New database routine library.
4368 * lib/krb5/error/Makefile.am: Add hdb_err.
4370 Wed Mar 12 17:41:14 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4372 * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.
4374 * lib/asn1/gen.c: Generate free functions.
4376 * Some specific free functions.
4378 Wed Mar 12 12:30:13 1997 Assar Westerlund <assar@sics.se>
4380 * lib/krb5/krb5_mk_req_ext.c: new file
4382 * lib/asn1/gen.c: optimize the case with a simple type
4384 * lib/krb5/get_cred.c (krb5_get_credentials): Use
4385 `mk_req_extended' and remove old code.
4387 * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
4388 EncASRepPart, then with an EncTGSRepPart.
4390 Wed Mar 12 08:26:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4392 * lib/krb5/store_emem.c: New resizable memory storage.
4394 * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c
4396 * lib/krb5/krb5.h: Add free entry to krb5_storage.
4398 * lib/krb5/decrypt.c: Make keyblock const.
4400 Tue Mar 11 20:22:17 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4402 * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.
4404 * lib/krb5/rd_req.c: Return whole asn.1 ticket in
4407 * lib/krb5/get_in_tkt.c: TGS -> AS
4409 * kuser/kfoo.c: Print error string rather than number.
4411 * kdc/kdc.c: Some kind of non-working TGS support.
4413 Mon Mar 10 01:43:22 1997 Assar Westerlund <assar@sics.se>
4415 * lib/asn1/gen.c: reduced generated code by 1/5
4417 * lib/asn1/der_put.c: (der_put_length_and_tag): new function
4419 * lib/asn1/der_get.c (der_match_tag_and_length): new function
4421 * lib/asn1/der.h: added prototypes
4423 Mon Mar 10 01:15:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4425 * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
4426 krb5_rd_req_with_keyblock.
4428 * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
4429 takes a precomputed keyblock.
4431 * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.
4433 * lib/krb5/mk_req.c: Calculate checksum of in_data.
4435 Sun Mar 9 21:17:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4437 * lib/krb5/error/compile_et.awk: Add a declaration of struct
4438 error_list, and multiple inclusion block to header files.
4440 Sun Mar 9 21:01:12 1997 Assar Westerlund <assar@sics.se>
4442 * lib/krb5/rd_req.c: do some checks on times
4444 * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
4445 address.c}: new files
4447 * lib/krb5/auth_context.c: more code
4449 * configure.in: try to figure out timezone
4451 Sat Mar 8 11:41:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4453 * lib/krb5/error/error.c: Try strerror if error code wasn't found.
4455 * lib/krb5/get_in_tkt.c: Remove realm parameter from
4458 * lib/krb5/context.c: Initialize error table.
4460 * kdc: The beginnings of a kdc.
4462 Sat Mar 8 08:16:28 1997 Assar Westerlund <assar@sics.se>
4464 * lib/krb5/rd_safe.c: new file
4466 * lib/krb5/checksum.c (krb5_verify_checksum): New function
4468 * lib/krb5/get_cred.c: use krb5_create_checksum
4470 * lib/krb5/checksum.c: new file
4472 * lib/krb5/store.c: no more arithmetic with void*
4474 * lib/krb5/cache.c: now seems to work again
4476 Sat Mar 8 06:58:09 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4478 * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.
4480 * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.
4482 * lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
4484 * lib/krb5/{cache,keytab}.c: Use new storage functions.
4486 * lib/krb5/krb5.h: Protypes for new storage functions.
4488 * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
4489 data to more than file descriptors.
4491 Sat Mar 8 01:01:17 1997 Assar Westerlund <assar@sics.se>
4493 * lib/krb5/encrypt.c: New file.
4495 * lib/krb5/Makefile.am: More -I
4497 * configure.in: Test for big endian, random, rand, setitimer
4499 * lib/asn1/gen.c: perhaps even decodes bitstrings
4501 Thu Mar 6 19:05:29 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4503 * lib/krb5/config_file.y: Better return values on error.
4505 Sat Feb 8 15:59:56 1997 Assar Westerlund <assar@pdc.kth.se>
4507 * lib/asn1/parse.y: ifdef HAVE_STRDUP
4509 * lib/asn1/lex.l: ifdef strdup
4510 brange-dead version of list of special characters to make stupid
4513 * lib/asn1/gen.c: A DER integer should really be a `unsigned'
4515 * lib/asn1/der_put.c: A DER integer should really be a `unsigned'
4517 * lib/asn1/der_get.c: A DER integer should really be a `unsigned'
4519 * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
4522 * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
4523 lib/krb/store.h: new files.
4525 * lib/krb5/keytab.c: now even with some functionality.
4527 * lib/asn1/gen.c: changed paramater from void * to Foo *
4529 * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
4532 Sun Jan 19 06:17:39 1997 Assar Westerlund <assar@pdc.kth.se>
4534 * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
4535 cc before getting new ones.
4537 * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.
4539 * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
4540 CRC should be stored LSW first. (?)
4542 * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
4543 `krb5_free_keyblock'
4545 * lib/**/Makefile.am: Rename foo libfoo.a
4547 * include/Makefile.in: Use test instead of [
4548 -e does not work with /bin/sh on psoriasis
4550 * configure.in: Search for awk
4551 create lib/krb/error/compile_et
4553 Tue Jan 14 03:46:26 1997 Assar Westerlund <assar@pdc.kth.se>
4555 * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c
4557 Wed Dec 18 00:53:55 1996 Johan Danielsson <joda@emma.pdc.kth.se>
4559 * kuser/kinit.c: Guess principal.
4561 * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
4564 * lib/krb5/error/asn1_err.et: Add ASN.1 error messages.
4566 * lib/krb5/mk_req.c: Get client from cache.
4568 * lib/krb5/cache.c: Add better error checking some useful return
4571 * lib/krb5/krb5.h: Fix krb5_auth_context.
4573 * lib/asn1/der.h: Make krb5_data compatible with krb5.h
4575 Tue Dec 17 01:32:36 1996 Johan Danielsson <joda@emma.pdc.kth.se>
4577 * lib/krb5/error: Add primitive error library.
4579 Mon Dec 16 16:30:20 1996 Johan Danielsson <joda@emma.pdc.kth.se>
4581 * lib/krb5/cache.c: Get correct address type from cache.
4583 * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.