1 2003-03-17 Assar Westerlund <assar@kth.se>
5 2003-03-17 Assar Westerlund <assar@kth.se>
7 * kdc/kdc.8: document --kerberos4-cross-realm
8 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
9 * kdc/kdc_locl.h (enable_v4_cross_realm): add
10 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
11 flag before giving out v4 tickets for foreign v5 principals
12 * kdc/config.c: add --enable-kerberos4-cross-realm option (default
15 2002-10-21 Johan Danielsson <joda@pdc.kth.se>
17 * lib/krb5/store_emem.c: pull up 1.13; limit how much we allocate
19 * lib/krb5/principal.c: pull up 1.82; don't allow trailing
20 backslashes in components
22 * lib/krb5/keytab_keyfile.c: pull up 1.15; more strcspn
24 * lib/krb5/keytab_any.c: pull up 1.7; properly close the open
27 * kdc/connect.c: pull up 1.87; check that %-quotes are followed by
30 * lib/krb5/prompter_posix.c: pull up 1.7; use strcspn to convert
31 the newline to NUL in fgets results.
33 * lib/krb5/kuserok.c: pull up 1.6; use strcspn to convert the
34 newline to NUL in fgets results.
36 * lib/krb5/keytab_file.c: pull up 1.12; check return value from
39 * lib/krb5/context.c: pull up 1.82; return ENXIO instead of ENOENT
42 * lib/krb5/changepw.c: pull up 1.38; fix reply length check
45 * kuser/klist.c: pull up 1.68; allow tokens up to size of buffer
47 * kdc/kaserver.c: pull up 1.21; make sure life is positive
49 * fix-export: pull up 1.28; remove autom4ate.cache
51 2002-09-10 Johan Danielsson <joda@pdc.kth.se>
55 * include/make_crypto.c: don't use function macros if possible
57 * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
59 * include/Makefile.am: use make_crypto to create crypto-headers.h
61 * include/make_crypto.c: crypto header generation tool
63 * configure.in: move crypto test to just after testing for krb4,
64 and move roken tests to after both, this speeds up various failure
67 * lib/krb5/config_file.c: don't use NULL when we mean 0
69 * configure.in: we don't set package_libdir anymore, so no point
72 * tools/Makefile.am: subst INCLUDE_des
74 * tools/krb5-config.in: add INCLUDE_des to cflags
76 * configure.in: use AC_CONFIG_SRCDIR
78 * fix-export: remove some unneeded stuff
80 * kuser/kinit.c (do_524init): free principals
82 2002-09-09 Jacques Vidrine <nectar@kth.se>
84 * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
85 kdc/kaserver.c (krb5_ret_xdr_data),
86 lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
87 counts: Check that they are non-negative, and that they are small
88 enough to avoid integer overflow when used in memory allocation
89 calculations. Potential problem areas pointed out by
90 Sebastian Krahmer <krahmer@suse.de>.
92 * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
93 creating a new keyfile.
95 2002-09-09 Johan Danielsson <joda@pdc.kth.se>
97 * configure.in: don't try to build pam module
99 2002-09-05 Johan Danielsson <joda@pdc.kth.se>
101 * appl/kf/kf.c: fix warning string
103 * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
106 2002-09-04 Assar Westerlund <assar@kth.se>
108 * kdc/kerberos5.c (encode_reply): correct error logging
110 2002-09-04 Johan Danielsson <joda@pdc.kth.se>
112 * lib/krb5/sendauth.c: close ccache if we opened it
114 * appl/kf/kf.c: handle new protocol
116 * appl/kf/kfd.c: use krb5_err instead of sysloging directly,
117 handle the new protocol, and bail out if an old client tries to
120 * appl/kf/kf_locl.h: we need a protocol version string
122 * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
124 * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
126 * kdc/hprop.c: set AP_OPTS_USE_SUBKEY
128 * lib/hdb/common.c: use ASN1_MALLOC_ENCODE
130 * lib/asn1/gen.c: add convenience macro that allocates a buffer
131 and encoded into that
133 * lib/krb5/get_cred.c (init_tgs_req): use
134 in_creds->session.keytype literally instead of trying to convert
135 to a list of enctypes (it should already be an enctype)
137 * lib/krb5/get_cred.c (init_tgs_req): init ret
139 2002-09-03 Johan Danielsson <joda@pdc.kth.se>
141 * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
143 * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
145 * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
146 zero ivec in DES3_CBC_encrypt if passed ivec is NULL
148 * lib/krb5/Makefile.am: back out 1.144, since it will re-create
149 krb5-protos.h at build-time, which requires perl, which is bad
151 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
152 blindly use the local subkey
154 * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
155 extracts the required blocksize from a crypto context
157 * lib/krb5/build_auth.c: just get the length of the encoded
158 authenticator instead of trying to grow a buffer
160 2002-09-03 Assar Westerlund <assar@kth.se>
162 * configure.in: add --disable-mmap option, and tests for
165 2002-09-03 Jacques Vidrine <nectar@kth.se>
167 * lib/krb5/changepw.c: verify lengths in response
169 * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
172 2002-09-02 Johan Danielsson <joda@pdc.kth.se>
174 * lib/krb5/mk_req_ext.c: generate a local subkey if
175 AP_OPTS_USE_SUBKEY is set
177 * lib/krb5/build_auth.c: we don't have enough information about
178 whether to generate a local subkey here, so don't try to
180 * lib/krb5/auth_context.c: new function
181 krb5_auth_con_generatelocalsubkey
183 * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
186 * lib/krb5/context.c (init_context_from_config_file): simplify
187 initialisation of srv_lookup
189 * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
191 * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
193 2002-08-30 Assar Westerlund <assar@kth.se>
195 * lib/krb5/name-45-test.c: also test krb5_524_conv_principal
196 * lib/krb5/Makefile.am (TESTS): add name-45-test
197 * lib/krb5/name-45-test.c: add testcases for
198 krb5_425_conv_principal
200 2002-08-29 Assar Westerlund <assar@kth.se>
202 * lib/krb5/parse-name-test.c: also test unparse_short functions
203 * lib/asn1/asn1_print.c: use com_err/error_message API
204 * lib/krb5/Makefile.am: add parse-name-test
205 * lib/krb5/parse-name-test.c: add a program for testing parsing
206 and unparsing principal names
208 2002-08-28 Assar Westerlund <assar@kth.se>
210 * kdc/config.c: add missing ifdef DAEMON
212 2002-08-28 Johan Danielsson <joda@pdc.kth.se>
214 * configure.in: use rk_SUNOS
216 * kdc/config.c: add detach options
218 * kdc/main.c: maybe detach from console?
220 * kdc/kdc.8: markup changes
222 * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
224 * configure.in: use rk_TELNET, rename some other macros, and don't
225 add -ldes to krb4 link command
227 * kuser/kinit.1: whitespace fix (from NetBSD)
229 * include/bits.c: we may need unistd.h for ssize_t
231 2002-08-26 Assar Westerlund <assar@kth.se>
233 * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
234 rrs before A ones when using the resolver to verify a mapping,
235 also use getaddrinfo when resolver is not available
237 * lib/hdb/keytab.c (find_db): const-correctness in parameters to
240 * lib/asn1/gen.c: include <string.h> in the generated files (for
243 2002-08-22 Assar Westerlund <assar@kth.se>
245 * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
246 getarg so that it can handle --help and --version (and thus make
249 * lib/asn1/check-der.c: make this build again
251 2002-08-22 Assar Westerlund <assar@kth.se>
253 * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a
254 patch from Love <lha@stacken.kth.se>
256 2002-08-22 Johan Danielsson <joda@pdc.kth.se>
258 * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
259 KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
261 * kdc/kdc.8: add blurb about adding and removing addresses; update
262 kdc.conf section to match reality
264 * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
267 2002-08-21 Assar Westerlund <assar@kth.se>
269 * lib/asn1/asn1_print.c: print OIDs too, based on a patch from
270 Love <lha@stacken.kth.se>
272 2002-08-21 Johan Danielsson <joda@pdc.kth.se>
274 * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
275 since it might not exist, and we don't actually care about the key
277 2002-08-20 Johan Danielsson <joda@pdc.kth.se>
279 * lib/krb5/krb5.conf.5: correct documentation for
282 * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
285 * kuser/klist.c (display_tokens): increase token buffer size, and
286 add more checks of the kernel data (from Love)
288 2002-08-19 Johan Danielsson <joda@pdc.kth.se>
290 * fix-export: use make to parse Makefile.am instead of perl
292 * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
293 groks AC_INIT with package name etc.
295 * kpasswd/kpasswdd.c: include <kadm5/private.h>
297 * lib/asn1/asn1_print.c: include com_right.h
299 * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
301 * include/bits.c: define krb5_socklen_t type; this should really
302 go someplace else, but this was easy
304 * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
305 fails, just warn about it
307 * kdc/log.c (kdc_openlog): no need for a config_file parameter
309 * kdc/config.c: just treat kdc.conf like any other config file
311 * lib/krb5/context.c (krb5_get_default_config_files): ignore
314 2002-08-16 Johan Danielsson <joda@pdc.kth.se>
316 * lib/krb5/krb5.h: turn strings into pointers, so we can assign to
319 * lib/krb5/constants.c: turn strings into pointers, so we can
322 * lib/krb5/get_addrs.c (get_addrs_int): initialise res if
323 SCAN_INTERFACES is not set
325 * lib/krb5/context.c: fix various borked stuff in previous commits
327 2002-08-16 Jacques Vidrine <n@nectar.com>
329 * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
330 the `admin_server' entry for kpasswd, override the `proto' result
333 2002-08-15 Johan Danielsson <joda@pdc.kth.se>
335 * lib/krb5/auth_context.c: check return value of
336 krb5_sockaddr2address
338 * lib/krb5/addr_families.c: check return value of
339 krb5_sockaddr2address
341 * lib/krb5/context.c: get the default keytab from KRB5_KTNAME
343 2002-08-14 Johan Danielsson <joda@pdc.kth.se>
345 * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
347 * lib/krb5/context.c: allow changing config files with the
348 function krb5_set_config_files, there are also related functions
349 krb5_get_default_config_files and krb5_free_config_files; these
350 should work similar to their MIT counterparts
352 * lib/krb5/config_file.c: allow the use of more than one config
353 file by using the new function krb5_config_parse_file_multi
355 2002-08-12 Johan Danielsson <joda@pdc.kth.se>
357 * use sysconfdir instead of /etc
359 * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
360 to appease automake; force sysconfdir and localstatedir to /etc
361 and /var/heimdal for now
363 * kdc/connect.c (addr_to_string): check return value of
366 2002-08-09 Johan Danielsson <joda@pdc.kth.se>
368 * lib/krb5/rd_cred.c: if the remote address isn't an addrport,
369 don't try comparing to one; this should make old clients work with
372 * lib/asn1/gen_decode.c: remove unused variable
374 2002-07-31 Johan Danielsson <joda@pdc.kth.se>
376 * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
379 * lib/krb5/principal.c: actually lower case the lower case
380 instance name (spotted by Derrick Brashear)
382 2002-07-24 Johan Danielsson <joda@pdc.kth.se>
384 * fix-export: if DATEDVERSION is set, change the version to
387 * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
390 2002-07-04 Johan Danielsson <joda@pdc.kth.se>
392 * kdc/connect.c: add some cache-control-foo to the http responses
395 * lib/krb5/addr_families.c (krb5_print_address): don't copy size
398 2002-06-28 Johan Danielsson <joda@pdc.kth.se>
400 * kuser/klist.c (display_tokens): don't bail out before we get
401 EDOM (signaling the end of the tokens), the kernel can also return
402 ENOTCONN, meaning that the index does not exist anymore (for
403 example if the token has expired)
405 2002-06-06 Johan Danielsson <joda@pdc.kth.se>
407 * lib/krb5/changepw.c: make sure we return an error if there are
408 no changepw hosts found; from Wynn Wilkes
410 2002-05-29 Johan Danielsson <joda@pdc.kth.se>
412 * lib/krb5/cache.c (krb5_cc_register): break out of loop when the
413 same type is found; spotted by Wynn Wilkes
415 2002-05-15 Johan Danielsson <joda@pdc.kth.se>
417 * kdc/kerberos5.c: don't free encrypted padata until we're really
420 2002-05-07 Johan Danielsson <joda@pdc.kth.se>
422 * kdc/kerberos5.c: when decrypting pa-data, try all keys matching
425 * kuser/kinit.1: document -a
427 * kuser/kinit.c: add command line switch for extra addresses
429 2002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se>
431 * configure.in: remove some duplicate tests
433 * configure.in: use AC_HELP_STRING
435 2002-04-29 Johan Danielsson <joda@pdc.kth.se>
437 * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
440 2002-04-25 Johan Danielsson <joda@pdc.kth.se>
442 * configure.in: use rk_DESTDIRS
444 2002-04-22 Johan Danielsson <joda@pdc.kth.se>
446 * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
449 2002-04-19 Johan Danielsson <joda@pdc.kth.se>
451 * lib/krb5/verify_init.c: fix typo in error string
453 2002-04-18 Johan Danielsson <joda@pdc.kth.se>
455 * acconfig.h: remove some stuff that is defined elsewhere
457 * lib/krb5/krb5_locl.h: include <sys/file.h>
459 * lib/krb5/acl.c: rename acl_string parameter
461 * lib/krb5/Makefile.am: remove __P from protos, and put parameter
464 * kuser/klist.c: better align some headers
466 * kdc/kerberos4.c: storage tweaks
468 * kdc/kaserver.c: storage tweaks
470 * kdc/524.c: storage tweaks
472 * lib/krb5/keytab_krb4.c: storage tweaks
474 * lib/krb5/keytab_keyfile.c: storage tweaks
476 * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
479 * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
481 * lib/krb5/fcache.c: storage tweaks
483 * lib/krb5/store_mem.c: make the krb5_storage opaque, and add
484 function wrappers for store/fetch/seek, and also make the eof-code
487 * lib/krb5/store_fd.c: make the krb5_storage opaque, and add
488 function wrappers for store/fetch/seek, and also make the eof-code
491 * lib/krb5/store_emem.c: make the krb5_storage opaque, and add
492 function wrappers for store/fetch/seek, and also make the eof-code
495 * lib/krb5/store.c: make the krb5_storage opaque, and add function
496 wrappers for store/fetch/seek, and also make the eof-code
499 * lib/krb5/store-int.h: make the krb5_storage opaque, and add
500 function wrappers for store/fetch/seek, and also make the eof-code
503 * lib/krb5/krb5.h: make the krb5_storage opaque, and add function
504 wrappers for store/fetch/seek, and also make the eof-code
507 * include/bits.c: include <sys/socket.h> to get socklen_t
509 * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
510 requested KDC-REQ etypes
512 * kdc/hpropd.c: constify
514 * kdc/hprop.c: constify
516 * kdc/string2key.c: constify
518 * kdc/kdc_locl.h: make port_str const
520 * kdc/config.c: constify
522 * lib/krb5/config_file.c: constify
524 * kdc/kstash.c: constify
526 * lib/krb5/verify_user.c: remove unnecessary cast
528 * lib/krb5/recvauth.c: constify
530 * lib/krb5/principal.c (krb5_parse_name): const qualify
532 * lib/krb5/mcache.c (mcc_get_name): constify return type
534 * lib/krb5/context.c (krb5_free_context): don't try to free the
537 * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
540 * lib/krb5/krb5.h: constify some struct members
542 * lib/krb5/log.c: constify
544 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
547 * lib/krb5/get_in_tkt.c (krb5_init_etype): constify
549 * lib/krb5/crypto.c: constify some
551 * lib/krb5/config_file.c: constify
553 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
554 constify local variable
556 * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
558 2002-04-17 Johan Danielsson <joda@pdc.kth.se>
560 * lib/krb5/verify_krb5_conf.c: add some log checking
562 * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
564 2002-04-16 Johan Danielsson <joda@pdc.kth.se>
566 * lib/krb5/crypto.c (krb5_crypto_init): check that the key size
567 matches the expected length
569 2002-03-27 Johan Danielsson <joda@pdc.kth.se>
571 * lib/krb5/send_to_kdc.c: rename send parameter to send_data
573 * lib/krb5/mk_error.c: rename ctime parameter to client_time
575 2002-03-22 Johan Danielsson <joda@pdc.kth.se>
577 * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
580 2002-03-18 Johan Danielsson <joda@pdc.kth.se>
582 * lib/asn1/k5.asn1: add the GSS-API checksum type here
584 2002-03-11 Assar Westerlund <assar@sics.se>
586 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
588 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
589 * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
591 2002-03-10 Assar Westerlund <assar@sics.se>
593 * lib/krb5/rd_cred.c: handle addresses with port numbers
595 * lib/krb5/keytab_file.c, lib/krb5/keytab.c:
596 store the kvno % 256 as the byte and the complete 32 bit kvno after
597 the end of the current keytab entry
599 * lib/krb5/init_creds_pw.c:
600 handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
602 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
603 handle ports giving for the remote address
605 * lib/krb5/get_cred.c:
606 get a ticket with no addresses if no-addresses is set
609 rename functions DES_* to krb5_* to avoid colliding with modern
612 * lib/krb5/addr_families.c:
613 make all functions taking 'struct sockaddr' actually take a socklen_t
614 instead of int and that acts as an in-out parameter (indicating the
615 maximum length of the sockaddr to be written)
618 make the kvno's in the krb4 universe by the real one % 256, since they
619 cannot only be 8 bit, and the v5 ones are actually 32 bits
621 2002-02-15 Johan Danielsson <joda@pdc.kth.se>
623 * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
624 before we need to write to it
627 2002-02-14 Johan Danielsson <joda@pdc.kth.se>
629 * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
630 rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
633 * lib/krb5/rd_safe.c: actually use the correct key (from Daniel
636 2002-02-12 Johan Danielsson <joda@pdc.kth.se>
638 * lib/krb5/context.c (krb5_get_err_text): protect against NULL
641 2002-02-11 Johan Danielsson <joda@pdc.kth.se>
643 * admin/ktutil.c: no need to use the "modify" keytab anymore
645 * lib/krb5/keytab_any.c: implement add and remove
647 * lib/krb5/keytab_krb4.c: implement add and remove
649 * lib/krb5/store_emem.c (emem_free): clear memory before freeing
650 (this should perhaps be selectable with a flag)
652 2002-02-04 Johan Danielsson <joda@pdc.kth.se>
654 * kdc/config.c (get_dbinfo): if there are database specifications
655 in the config file, don't automatically try to use the default
656 values (from Gombas Gabor)
658 * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
661 2002-01-30 Johan Danielsson <joda@pdc.kth.se>
663 * admin/list.c: get the default keytab from krb5.conf, and list
664 all parts of an ANY type keytab
666 * lib/krb5/context.c: default default_keytab_modify to NULL
668 * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
669 name is specified take it from the first component of the default
672 2002-01-29 Johan Danielsson <joda@pdc.kth.se>
674 * lib/krb5/keytab.c: compare keytab types case insensitively
676 2002-01-07 Assar Westerlund <assar@sics.se>
678 * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
679 not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org>
680 * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben
681 Harris <bjh21@netbsd.org>
682 * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben
683 Harris <bjh21@netbsd.org>
684 * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris