| blob | 159cf48a4156c22464c61dc909add0ffbfb49a83 |
1 2004-09-13 Johan Danielsson <joda@pdc.kth.se>
3 * Release 0.6.3
5 2004-09-05 Love Hörnquist Åstrand <lha@it.su.se>
7 * lib/asn1/der_get.c (decode_enumerated): check that the tag
8 length isn't longer the the length
10 2004-08-31 Love Hörnquist Åstrand <lha@it.su.se>
12 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
13 kdc_reply can be set in case of failure too, clean on entry and
14 free the exit unconditionally to avoid memory leak
16 2004-08-20 Love Hörnquist Åstrand <lha@it.su.se>
18 * lib/krb5/context.c: 1.93: (krb5_get_err_text): if neither of
19 com_right nor strerror finds the error-code, return Unknown error.
21 2004-08-13 Love Hörnquist Åstrand <lha@it.su.se>
23 * kdc/kerberos5.c: based on 1.162: (get_pa_etype_info): check for
24 dup enctypes from the client and filter them out.
26 2004-06-21 Love Hörnquist Åstrand <lha@it.su.se>
28 * admin/get.c: 1.23: (kt_get): catch errors from krb5_parse_name
30 2004-06-21 Love Hörnquist Åstrand <lha@it.su.se>
32 * lib/krb5/Makefile.am: man_MANS += krb5_set_password.3
34 * lib/krb5/krb5_set_password.3: 1.1-1.3: change password manpage
36 * lib/krb5/changepw.c: 1.49: implement
37 krb5_set_password_using_ccache 1.47: add tcp support to the set
38 protocol, should be cleaned up to enable sharing code with
39 krb5_sendto 1.46: (process_reply): log into result_string if
40 something goes bad, return 0 (even on failure), not the KPASSWD
41 protocol error code 1.45: krb5_princ_realm ->
42 krb5_principal_get_realm 1.44: (setpw_send_request): free
43 ap_req_data on failure 1.41: ooops, remove cut and paste error
44 1.40: draft-ietf-cat-kerb-chg-password-02 and rfc3244 share the
45 response packet sure more constants now that they exists 1.39:
46 implement rfc3244, partly from shadow@dementia.org
48 * lib/krb5/krb5.h: 1.211: some defines for rfc3244
50 * lib/asn1/Makefile.am: 1.71: (gen_files):
51 asn1_ChangePasswdDataMS.x for RFC3244
53 * lib/asn1/k5.asn1: 1.30: add ChangePasswdDataMS, for RFC3244
55 * kuser/kinit.c: 1.114: move "setpag if (argc < 1)" to common path
57 2004-05-06 Johan Danielsson <joda@pdc.kth.se>
59 * Release 0.6.2
61 2004-04-02 Love Hörnquist Åstrand <lha@it.su.se>
63 * kdc/connect.c: case size_t to unsigned long for LP64 platforms
65 2004-04-01 Johan Danielsson <joda@pdc.kth.se>
67 * Release 0.6.1
69 2004-03-30 Love Hörnquist Åstrand <lha@it.su.se>
71 * kdc/kerberos4.c: 1.46: stop the client from renewing tickets
72 into the future From: Jeffrey Hutzelman <jhutz@cmu.edu>
74 2004-03-10 Love Hörnquist Åstrand <lha@it.su.se>
76 * lib/krb5/fcache.c: 1.43: (fcc_store_cred): NULL terminate
77 krb5_config_get_bool_default' arglist
79 2004-03-09 Love Hörnquist Åstrand <lha@it.su.se>
81 * lib/krb5/krb5.conf.5: 1.44: document
82 [libdefaults]fcc-mit-ticketflags=boolean 1.43: don't use path's in
83 first .Nm, it confuses some locate.updatedb, use FILES section to
84 describe where the file is instead.
86 * lib/krb5/fcache.c (fcc_store_cred): default to use old format
88 * lib/krb5/fcache.c: 1.42: (fcc_store_cred): use
89 [libdefaults]fcc-mit-ticketflags=boolean to decide what format to
90 write the fcc in. Default to mit format (aka heimdal 0.7 format)
91 1.41: (_krb5_xlock): handle that everything was ok, and don't put
92 an error in the error strings then
94 * lib/krb5/store.c: 1.43: add _krb5_store_creds_heimdal_0_7 and
95 _krb5_store_creds_heimdal_pre_0_7 that store the creds in just
96 that format make krb5_store_creds default to mit format 1.42:
97 (krb5_ret_creds): Runtime detect the what is the higher bits of
98 the bitfield 1.41: (krb5_store_creds): add disabled code that
99 store the ticket flags in reverse order (bitswap32): new function
100 1.40: (krb5_ret_creds): if the higher ticket flags are set, its a
101 mit cache, reverse the bits, bug pointed out by Sergio Gelato
102 <Sergio.Gelato@astro.su.se>
104 delta modfied to not change the behavior of krb5_store_creds
106 2004-03-07 Love Hörnquist Åstrand <lha@it.su.se>
108 * lib/krb5/mk_safe.c (krb5_mk_safe): fix assignment of usec2
110 2004-03-06 Love Hörnquist Åstrand <lha@it.su.se>
112 * lib/krb5/mcache.c: patch based on 1.17 and 1.18 but with
113 threading code pulled out;
115 1.18: (mcc_get_principal): also check for primary_principal ==
116 NULL now that that isn't used as dead flag 1.17: don't overload
117 the primary_principal == NULL as dead since that doesn't always
118 work Based on patch from Jeffrey Hutzelman <jhutz@cmu.edu>, but
119 tweek by me
121 * lib/krb5/crypto.c: 1.94: (decrypt_internal_special): do not not
122 modify the original data test case from Ronnie Sahlberg
123 <ronnie_sahlberg@ozemail.com.au>
125 2004-02-13 Love Hörnquist Åstrand <lha@it.su.se>
127 * lib/krb5/verify_krb5_conf.c: 1.22->1.23: (check_host): don't
128 check for EAI_NODATA, because its depricated in RFC3493 Pointed
129 out by Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss
131 * lib/krb5/eai_to_heim_errno.c: 1.3->1.4: EAI_ADDRFAMILY and
132 EAI_NODATA is deprecated in RFC3493
134 2004-02-09 Love Hörnquist Åstrand <lha@it.su.se>
136 * lib/asn1/der_length.c: 1.16: Fix len_unsigned for certain
137 negative integers, it got the length wrong, fix from Panasas, Inc.
139 * lib/asn1/der_locl.h: 1.5: add _heim_len_unsigned, _heim_len_int
141 2004-01-26 Love Hörnquist Åstrand <lha@it.su.se>
143 * lib/asn1/gen_length.c: 1.14: (length_type): TSequenceOf: add up
144 the size of all the elements, don't use just the size of the last
145 element.
147 * lib/krb5/fcache.c: 1.40: (_krb5_xlock): catch EINVAL and assume
148 that it means that the filesystem doesn't support locking 1.39:
149 (_krb5_xlock): fix compile error in last commit 1.38: internally
150 export x{,un}lock and thus prefix them with _krb5_
152 2004-01-13 Love Hörnquist Åstrand <lha@it.su.se>
154 * kuser/kinit.c: 1.106: (renew_validate): if renewable_flag and
155 not time specifed, use "1 month"
156 1.105: make -9 work again
158 2004-01-09 Love Hörnquist Åstrand <lha@it.su.se>
160 * lib/krb5/get_for_creds.c: 1.36: (add_addrs): don't increase
161 addr->len until in contains interesting data, use right iteration
162 counter when clearing the addresses 1.39: krb5_princ_realm ->
163 krb5_principal_get_realm 1.38: (krb5_get_forwarded_creds): use
164 KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded
165 krb-cred 1.39: (krb5_get_forwarded_creds): If tickets are
166 address-less, forward address-less tickets. 1.40:
167 (krb5_get_forwarded_creds): try to handle errors better for
168 previous commit 1.41: (add_addrs): don't add same address multiple
169 times
171 * lib/krb5/get_cred.c: 1.96->1.97: rename get_krbtgt to
172 _krb5_get_krbtgt and export it
174 2003-12-14 Love Hörnquist Åstrand <lha@it.su.se>
176 * kdc/kerberos5.c: part of 1.146->1.147: handle NULL client/server
177 names
179 2003-12-03 Love Hörnquist Åstrand <lha@it.su.se>
181 * lib/krb5/crypto.c: 1.90->1.91: require cipher-text to be padded
182 to padsize 1.91->1.92: (decrypt_internal_derived): move up padsize
183 check to avoid memory leak
185 2003-12-01 Love Hörnquist Åstrand <lha@it.su.se>
187 * kuser/kinit.c: 1.103->1.104: (main): return the return value
188 from simple_execvp
190 2003-10-22 Love Hörnquist Åstrand <lha@it.su.se>
192 * lib/krb5/transited.c: 1.13->1.14: (krb5_domain_x500_encode):
193 always zero out encoding to make sure it have a defined value on
194 failure
196 * lib/krb5/transited.c: 1.12->1.13: (krb5_domain_x500_encode): if
197 num_realms == 0, set encoding and return (avoids malloc(0)) check
198 return value from malloc
200 2003-10-21 Love Hörnquist Åstrand <lha@it.su.se>
202 * doc/setup.texi: 1.35->1.36: spelling
204 * kdc/kdc_locl.h: 1.58->1.59: add flag to always check transited
205 policy
207 * doc/setup.texi: 1.27->1.35: many changes
209 * lib/krb5/get_cred.c: 1.95->1.96: get capath info from [capaths]
210 section
212 * lib/krb5/rd_req.c: 1.50->1.51: (krb5_decrypt_ticket): try to
213 verify transited realms, unless the transited-policy-checked flag
214 is set
216 * lib/krb5/transited.c:
217 1.12: (krb5_domain_x500_decode): set *num_realms to zero not num_realms
218 1.11: (krb5_domain_x500_decode): handle zero length tr data;
219 (krb5_check_transited): new function that does more useful stuff
221 * kdc/kdc.8: 1.23->1.24: document enforce-transited-policy
223 * kdc/config.c: 1.47->1.48: add flag to always check transited
224 policy
226 * kdc/kerberos5.c:
227 1.150: (fix_transited_encoding): also verify with policy,
228 unless asked not to
229 1.151: always check transited policy if flag set either globally
230 (on principal part of patch not pulled up)
231 1.152: (fix_transited_encoding): set transited type
232 1.153: (fix_transited_encoding): always print cross-realm information
234 2003-10-06 Love Hörnquist Åstrand <lha@it.su.se>
236 * lib/krb5/config_file.c: 1.48->1.49:
237 (krb5_config_parse_file_debug): punt if there is binding before a
238 section declaration.
239 Bug found by Arkadiusz Miskiewicz <arekm@pld-linux.org>
241 * kdc/kaserver.c: 1.21->1.23:
242 (do_getticket): if times data is shorter then 8 bytes, request is
243 malformed.
244 (do_authenticate): if request length is less then 8 bytes, its a
245 bad request and fail. Pointed out by Marco Foglia <marco@foglia.org>
247 2003-09-22 Love Hörnquist Åstrand <lha@it.su.se>
249 * lib/krb5/verify_krb5_conf.c: 1.17->1.18: add missing " within
250 #if 0 From: stefan sokoll <stefansokoll@yahoo.de>
252 2003-09-19 Love Hörnquist Åstrand <lha@it.su.se>
254 * lib/krb5/rd_req.c:
255 1.47->1.48: (krb5_rd_req): allow caller to pass in a key
256 in the auth_context, they way processes that doesn't use the
257 keytab can still pass in the key of the service (matches behavior
258 of MIT Kerberos).
260 2003-09-18 Love Hörnquist Åstrand <lha@it.su.se>
262 * lib/krb5/crypto.c:
263 1.87->1.88: (usage2arcfour): simplify, only
264 include special cases From: Luke Howard <lukeh@PADL.COM>
265 1.86->1.87: (arcfour_checksum_p): return true when is arcfour,
266 not when its not pointed out by Luke Howard
267 1.82->1.83: Do the arcfour checksum mapping for
268 krb5_create_checksum and krb5_verify_checksum, From: Luke Howard
269 <lukeh@PADL.COM>
270 1.81->1.82: (hmac): make it return an error
271 when out of memory, update callsites to either return error or use
272 krb5_abortx
273 (krb5_hmac): expose hmac
274 * lib/krb5/mk_req_ext.c: 1.26->1.27: (krb5_mk_req_internal):
275 when using arcfour-hmac-md5, use an unkeyed checksum
276 (rsa-md5), since Microsoft calculates the keyed checksum with
277 the subkey of the authenticator.
279 * lib/krb5/get_cred.c:
280 1.93->1.94 (init_tgs_req): make generation of subkey
281 optional on configuration parameter
282 [realms]realm={tgs_require_subkey=bool}
283 defaults to off. The RFC1510 weakly defines the correct behavior,
284 so old DCE secd apparently required the subkey to be there, and MS
285 will use it when its there. But the request isn't encrypted in the
286 subkey, so you get to choose if you want to talk to a MS mdc or a
287 old DCE secd.
289 partly 1.91->1.92: (init_tgs_req): in case of error, don't
290 free in the req_body addresses since they where pass in by caller
292 lib/krb5/get_in_tkt.c:
293 1.108->1.1.09: (krb5_get_in_tkt): for compatibility with with
294 the mit implemtation, don't free `creds' argument when done, its up
295 the the caller to do that, also allow a NULL ccache.
297 * doc/ack.texi
298 1.16->1.17: update Luke Howard email address
300 * lib/hdb/hdb-ldap.c:
301 1.13->1.14: code rewrite from Luke Howard <lukeh@PADL.COM>
302 1.12->1.13: (LDAP_store): log what principal/dn failed
303 1.11->1.12: use int2HDBFlags/HDBFlags2int
304 From: Alberto Patino <jalbertop@aranea.com.mx>,
305 Luke Howard <lukeh@PADL.COM>
306 Pointed out by Andrew Bartlett of Samba
307 1.10->1.11: (LDAP__connect): bind sasl "EXTERNAL" to ldap connection
308 (LDAP_store): remove superfluous argument to asprintf
309 From Alberto Patino <jalbertop@aranea.com.mx>
311 * lib/krb5/krb5.h:
312 1.214->1.2015: add KEYTYPE_ARCFOUR_56
314 2003-09-12 Love Hörnquist Åstrand <lha@it.su.se>
316 * lib/krb5/config_file.c: fix prototypes Fredrik Ljungberg
317 <flag@pobox.se>
319 2003-09-11 Love Hörnquist Åstrand <lha@it.su.se>
321 * lib/hdb/hdb_locl.h: 1.18->1.19: include <limits.h> for ULONG_MAX
322 noted by Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss
324 2003-08-29 Love Hörnquist Åstrand <lha@it.su.se>
326 * lib/hdb/db3.c: 1.8->1.9: patch for working with DB4 on
327 heimdal-discuss From: Luke Howard <lukeh@PADL.COM> 1.9->1.10: try
328 to include more db headers
330 2003-08-25 Love Hörnquist Åstrand <lha@it.su.se>
332 * kdc/connect.c: 1.92->1.93 (handle_tcp): handle recvfrom
333 returning 0 (connection closed) 1.91->1.92: (grow_descr):
334 increment the size after we succeed to allocate the space
336 2003-08-15 Love Hörnquist Åstrand <lha@it.su.se>
338 * lib/krb5/principal.c: 1.83->1.85: (unparse_name): len can't be
339 zero, so, don't check for that
340 (unparse_name): make sure there are space for a NUL, set *name to NULL
341 when there is a failure (so caller can't get hold of a freed
342 pointer)
344 2003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se>
346 * Release 0.6
348 2003-05-08 Love Hörnquist Åstrand <lha@it.su.se>
350 * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
351 support
353 * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
354 v4 support
356 * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
357 support
359 2003-05-06 Johan Danielsson <joda@pdc.kth.se>
361 * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
362 tests
364 * lib/asn1/check-gen.c: there is no \e escape sequence; replace
365 everything with hex-codes, and cast to unsigned char* to make some
366 compilers happy
368 2003-05-06 Love Hörnquist Åstrand <lha@it.su.se>
370 * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
371 argument to krb5_us_timeofday have correct type
373 2003-05-05 Assar Westerlund <assar@kth.se>
375 * include/make_crypto.c (main): include aes.h if ENABLE_AES
377 2003-05-05 Love Hörnquist Åstrand <lha@it.su.se>
379 * NEWS: 1.108->1.110: fix text about gssapi compat
381 2003-04-28 Love Hörnquist Åstrand <lha@it.su.se>
383 * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
384 from openbsd
386 2003-04-24 Love Hörnquist Åstrand <lha@it.su.se>
388 * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
389 <jmc@prioris.mini.pw.edu.pl>
391 2003-04-22 Love Hörnquist Åstrand <lha@it.su.se>
393 * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
394 via openbsd
396 2003-04-17 Love Hörnquist Åstrand <lha@it.su.se>
398 * lib/asn1/der_copy.c (copy_general_string): use strdup
399 * lib/asn1/der_put.c: remove sprintf
400 * lib/asn1/gen.c: remove strcpy/sprintf
402 * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
403 that other (me) have such hosts in the local domain and the tests
404 fails, to take hokkigai.pdc.kth.se instead
406 * lib/krb5/test_alname.c: add --version and --help
408 2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
410 * lib/krb5/krb5_warn.3: add krb5_get_err_text
412 * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
413 * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
414 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
415 strlcpy, from openbsd
416 * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
417 * appl/kf/kfd.c: use strlcpy, from openbsd
419 2003-04-16 Johan Danielsson <joda@pdc.kth.se>
421 * configure.in: fix for large file support in AIX, _LARGE_FILES
422 needs to be defined on the command line, since lex likes to
423 include stdio.h before we get to config.h
425 2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
427 * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
428 from Thomas Klausner <wiz@netbsd.org>
430 * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
431 <wiz@netbsd.org>
433 2003-04-15 Love Hörnquist Åstrand <lha@it.su.se>
435 * kdc/kerberos5.c: fix some more memory leaks
437 2003-04-11 Love Hörnquist Åstrand <lha@it.su.se>
439 * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
441 2003-04-08 Love Hörnquist Åstrand <lha@it.su.se>
443 * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
445 2003-04-06 Love Hörnquist Åstrand <lha@it.su.se>
447 * lib/krb5/krb5.3: s/kerberos/Kerberos/
448 * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
449 * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
450 * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
451 * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
452 * kuser/kinit.1: s/kerberos/Kerberos/
453 * kdc/kdc.8: s/kerberos/Kerberos/
455 2003-04-01 Love Hörnquist Åstrand <lha@it.su.se>
457 * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
459 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
460 converting too root, make sure user is ok according to
461 krb5_kuserok before allowing it.
463 * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
465 * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
467 * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
468 instead of the "illegal" salt #~, same change as kth-krb did
469 1999. Problems occur with crypt() that behaves like AT&T crypt
470 (openssl does this). Pointed out by Marcus Watts.
472 * admin/change.c (kt_change): collect all principals we are going
473 to change, and pick the highest kvno and use that to guess what
474 kvno the resulting kvno is going to be. Now two ktutil change in a
475 row works. XXX fix the protocol to pass the kvno back.
477 2003-03-31 Love Hörnquist Åstrand <lha@it.su.se>
479 * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
481 2003-03-30 Love Hörnquist Åstrand <lha@it.su.se>
483 * doc/setup.texi: add description on how to turn on v4, 524 and
484 kaserver support
486 2003-03-29 Love Hörnquist Åstrand <lha@it.su.se>
488 * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
489 and afs-use-524
491 2003-03-28 Love Hörnquist Åstrand <lha@it.su.se>
493 * kdc/kerberos5.c (as_rep): when the second enctype_to_string
494 failes, remember to free memory from the first enctype_to_string
496 * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
497 from Harald Joerg <harald.joerg@fujitsu-siemens.com>
498 (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
500 * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
501 length when key is longer then expected length, its probably
502 longer since the encrypted data was padded, reported by Aidan
503 Cully <aidan@kublai.com>
505 * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
506 encyption type, inspired by Aidan Cully <aidan@kublai.com>
508 2003-03-27 Love Hörnquist Åstrand <lha@it.su.se>
510 * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
511 (wildcard kvno) after principal when the keytab entry isn't found,
512 reported by Chris Chiappa <chris@chiappa.net>
514 2003-03-26 Love Hörnquist Åstrand <lha@it.su.se>
516 * doc/misc.texi: update 2b example to match reality (from
517 mattiasa@e.kth.se)
519 * doc/misc.texi: spelling and add `Configuring AFS clients'
520 subsection
522 2003-03-25 Love Hörnquist Åstrand <lha@it.su.se>
524 * lib/krb5/krb5.3: add krb5_free_data_contents.3
526 * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
527 API
529 * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
530 with MIT API
532 * lib/krb5/krb5_verify_user.3: write more about how the ccache
533 argument should be inited when used
535 2003-03-25 Johan Danielsson <joda@pdc.kth.se>
537 * lib/krb5/addr_families.c (krb5_print_address): make sure
538 print_addr is defined for the given address type; make addrports
539 printable
541 * kdc/string2key.c: print the used enctype for kerberos 5 keys
543 2003-03-25 Love Hörnquist Åstrand <lha@it.su.se>
545 * lib/krb5/aes-test.c: add another arcfour test
547 2003-03-22 Love Hörnquist Åstrand <lha@it.su.se>
549 * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
551 2003-03-20 Love Hörnquist Åstrand <lha@it.su.se>
553 * lib/krb5/krb5_ccache.3: update .Dd
555 * lib/krb5/krb5.3: sort in krb5_data functions
557 * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
559 * lib/krb5/krb5_data.3: document krb5_data
561 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
562 prompter is NULL, don't try to ask for a password to
563 change. reported by Iain Moffat @ ufl.edu via Howard Chu
564 <hyc@highlandsun.com>
566 2003-03-19 Love Hörnquist Åstrand <lha@it.su.se>
568 * lib/krb5/krb5_keytab.3: spelling, from
569 <jmc@prioris.mini.pw.edu.pl>
571 * lib/krb5/krb5.conf.5: . means new line
573 * lib/krb5/krb5.conf.5: spelling, from
574 <jmc@prioris.mini.pw.edu.pl>
576 * lib/krb5/krb5_auth_context.3: spelling, from
577 <jmc@prioris.mini.pw.edu.pl>
579 2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
581 * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
583 * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
585 * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
587 * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
588 #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
590 * kdc/config.c: 524 is independent of kerberos 4, so move out
591 enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
593 2003-03-17 Assar Westerlund <assar@kth.se>
595 * kdc/kdc.8: document --kerberos4-cross-realm
596 * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
597 * kdc/kdc_locl.h (enable_v4_cross_realm): add
598 * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
599 flag before giving out v4 tickets for foreign v5 principals
600 * kdc/config.c: add --enable-kerberos4-cross-realm option (default
601 to off)
603 2003-03-17 Love Hörnquist Åstrand <lha@it.su.se>
605 * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
607 * lib/krb5/krb5_aname_to_localname.3: manpage for
608 krb5_aname_to_localname
610 * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
612 2003-03-16 Love Hörnquist Åstrand <lha@it.su.se>
614 * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
616 * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
618 * lib/krb5/krb5_set_default_realm.3: Manpage for
619 krb5_free_host_realm, krb5_get_default_realm,
620 krb5_get_default_realms, krb5_get_host_realm, and
621 krb5_set_default_realm.
623 * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
624 <sobrado@acm.org> via NetBSD
626 * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
628 * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
630 * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
632 * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
633 types, add krb5_fcc_ops and krb5_mcc_ops
635 * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
636 a id
638 2003-03-15 Love Hörnquist Åstrand <lha@it.su.se>
640 * doc/intro.texi: add reference to source code, binaries and the
641 manual
643 * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
645 2003-03-14 Love Hörnquist Åstrand <lha@it.su.se>
647 * kdc/kdc.8: better/difrent english
649 * kdc/kdc.8: . -> .\n, copyright/license
651 * kdc/kdc.8: changed configuration file -> restart kdc
653 * kdc/kerberos4.c: add krb4 into the most error messages written
654 to the logfile
656 * lib/krb5/krb5_ccache.3: add missing name of argument
657 (krb5_context) to most functions
659 2003-03-13 Love Hörnquist Åstrand <lha@it.su.se>
661 * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
662 function and return FALSE when there isn't a local account for
663 `luser'.
665 * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
666 describing the function
668 2003-03-12 Love Hörnquist Åstrand <lha@it.su.se>
670 * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
671 returned memory, don't return ENOMEM
673 2003-03-11 Love Hörnquist Åstrand <lha@it.su.se>
675 * lib/krb5/krb5.3: add krb5_address stuff and sort
677 * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
679 * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
681 * lib/krb5/krb5_address.3: document types krb5_address and
682 krb5_addresses and their helper functions
684 2003-03-10 Love Hörnquist Åstrand <lha@it.su.se>
686 * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
688 * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
690 * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
692 * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
694 * lib/krb5/krb5.3: add more functions
696 * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
697 functions
699 * lib/krb5/krb5_kuserok.3: document krb5_kuserok
701 * lib/krb5/krb5_verify_user.3: document
702 krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
704 * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
705 krb5_verify_user_opt
707 * lib/krb5/*.[0-9]: add copyright/licenses on more manpages
709 * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
710 return NULL
712 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
713 (TESTS): add test_cc
715 * lib/krb5/test_cc.c: test some
716 krb5_cc_default_name/krb5_cc_set_default_name combinations
718 * lib/krb5/context.c (init_context_from_config_file): set
719 default_cc_name to NULL
720 (krb5_free_context): free default_cc_name if set
722 * lib/krb5/cache.c (krb5_cc_set_default_name): new function
723 (krb5_cc_default_name): use krb5_cc_set_default_name
725 * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
727 2003-02-25 Love Hörnquist Åstrand <lha@it.su.se>
729 * appl/kf/kf.1: s/securly/securely/ from NetBSD
731 2003-02-18 Love Hörnquist Åstrand <lha@it.su.se>
733 * kdc/connect.c: s/intialize/initialize, from
734 <jmc@prioris.mini.pw.edu.pl>
736 2003-02-17 Love Hörnquist Åstrand <lha@it.su.se>
738 * configure.in: add AM_MAINTAINER_MODE
740 2003-02-16 Love Hörnquist Åstrand <lha@it.su.se>
742 * **/*.[0-9]: add copyright/licenses on all manpages
744 2003-14-16 Jacques Vidrine <nectar@kth.se>
746 * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
747 PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
748 type specified by the KDC.
750 2003-02-15 Love Hörnquist Åstrand <lha@it.su.se>
752 * fix-export: some autoconf put their version number in
753 autom4te.cache, so remove autom4te*.cache
755 * fix-export: make sure $1 is a directory
757 2003-02-04 Love Hörnquist Åstrand <lha@it.su.se>
759 * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
761 * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
763 2003-01-31 Love Hörnquist Åstrand <lha@it.su.se>
765 * kdc/hpropd.8: s/databases/a database/ s/Not/not/
767 * kdc/hprop.8: add missing .
769 2003-01-30 Love Hörnquist Åstrand <lha@it.su.se>
771 * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
772 address, write out encryption type in sentences, s/Host/host
774 2003-01-26 Love Hörnquist Åstrand <lha@it.su.se>
776 * lib/asn1/check-gen.c: add checks for Authenticator too
778 2003-01-25 Love Hörnquist Åstrand <lha@it.su.se>
780 * doc/setup.texi: in the hprop example, use hprop and the first
781 component, not host
783 * lib/krb5/get_addrs.c (find_all_addresses): address-less
784 point-to-point might not have an address, just ignore
785 those. Reported by Harald Barth.
787 2003-01-23 Love Hörnquist Åstrand <lha@it.su.se>
789 * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
790 found, don't print out all known keys
792 * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
793 and facility start resp
794 (check_log): find_value() returns -1 when key isn't found
796 * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
797 'const void *' to avoid AES_KEY being exposed in krb5-private.h
799 * lib/krb5/krb5.conf.5: add [kdc]use_2b
801 * kdc/524.c (encode_524_response): its 2b not b2
803 * doc/misc.texi: quote @ where missing
805 * lib/asn1/Makefile.am: add check-gen
807 * lib/asn1/check-gen.c: add Principal check
809 * lib/asn1/check-common.h: move generic asn1/der functions from
810 check-der.c to here
812 * lib/asn1/check-common.c: move generic asn1/der functions from
813 check-der.c to here
815 * lib/asn1/check-der.c: move out the generic asn1/der functions to
816 a common file
818 2003-01-22 Love Hörnquist Åstrand <lha@it.su.se>
820 * doc/misc.texi: more text about afs, how to get get your KeyFile,
821 and how to start use 2b tokens
823 * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
824 <jmc@cvs.openbsd.org>
826 2003-01-21 Jacques Vidrine <nectar@kth.se>
828 * kuser/kuser_locl.h: include crypto-headers.h for
829 des_read_pw_string prototype
831 2003-01-16 Love Hörnquist Åstrand <lha@it.su.se>
833 * admin/ktutil.8: document -v, --verbose
835 * admin/get.c (kt_get): make getarg usage consistent with other
836 other parts of ktutil
838 * admin/copy.c (kt_copy): remove adding verbose_flag to args
839 struct, since it will overrun the args array (from Sumit Bose)
841 2003-01-15 Love Hörnquist Åstrand <lha@it.su.se>
843 * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
844 ... }
846 * lib/krb5/aes-test.c: test vectors in aes-draft
848 * lib/krb5/Makefile.am: add aes-test.c
850 * lib/krb5/crypto.c: Add support for AES
851 (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
852 (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
853 to support checksumtype that are have a shorter wireformat then
854 their output block size.
856 * lib/krb5/crypto.c (struct encryption_type): split the blocksize
857 into blocksize and padsize, padsize is the minimum padding
858 size. they are the same for now
859 (enctype_*): add padsize
860 (encrypt_internal): use padsize
861 (encrypt_internal_derived): use padsize
862 (wrapped_length): use padsize
863 (wrapped_length_dervied): use padsize
865 * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
866 function for each enctype in preparation enctypes that uses
867 `Encryption and Checksum Specifications for Kerberos 5' draft
869 * lib/asn1/k5.asn1: add checksum and enctype for AES from
870 draft-raeburn-krb-rijndael-krb-02.txt
872 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
873 KEYTYPE_AES256
875 2003-01-14 Love Hörnquist Åstrand <lha@it.su.se>
877 * lib/hdb/common.c (_hdb_fetch): handle error code from
878 hdb_value2entry
880 * kdc/Makefile.am: always include kerberos4.c and 524.c in
881 kdc_SOURCES to support 524
883 * kdc/524.c: always compile in support for 524
885 * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
887 * kdc/config.c: always compile in support for 524
889 * kdc/connect.c: always compile in support for 524
891 * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
892 even when we build without kerberos 4, 524 needs them
894 * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
895 Kerberos 4 help functions/structures so other parts of the source
896 tree can use it (like the KDC)