1 Mon Aug 11 05:34:43 1997 Assar Westerlund <assar@sics.se>
3 * lib/krb5/init_creds_pw.c: support changing of password when it
6 * lib/krb5/changepw.c: new file
8 * kuser/klist.c: use getarg
10 * admin/init.c (init): add `kadmin/changepw'
12 Mon Aug 11 04:30:47 1997 Johan Danielsson <joda@emma.pdc.kth.se>
14 * lib/krb5/get_cred.c: Make get_credentials handle cross-realm.
16 Mon Aug 11 00:03:24 1997 Assar Westerlund <assar@sics.se>
18 * lib/krb5/config_file.c: implement support for #-comments
20 Sat Aug 9 02:21:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
22 * kdc/hprop*.c: Add database propagation programs.
24 * kdc/connect.c: Max request size.
26 Sat Aug 9 00:47:28 1997 Assar Westerlund <assar@sics.se>
28 * lib/otp: resurrected from krb4
30 * appl/push: new program for fetching mail with POP.
32 * appl/popper/popper.h: new include files. new fields in `POP'
34 * appl/popper/pop_pass.c: Implement both v4 and v5.
36 * appl/popper/pop_init.c: Implement both v4 and v5.
38 * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5
40 * appl/popper: Popper from krb4.
42 * configure.in: check for inline and <netinet/tcp.h> generate
43 files in appl/popper, appl/push, and lib/otp
45 Fri Aug 8 05:51:02 1997 Assar Westerlund <assar@sics.se>
47 * lib/krb5/get_cred.c: clean-up and try to free memory even when
50 * lib/krb5/get_cred.c: adapt to new `extract_ticket'
52 * lib/krb5/get_in_tkt.c: reorganize. check everything and try to
53 return memory even if there are errors.
55 * kuser/kverify.c: new file
57 * lib/krb5/free_host_realm.c: new file
59 * lib/krb5/principal.c (krb5_sname_to_principal): implement
60 different nametypes. Also free memory.
62 * lib/krb5/verify_init.c: more functionality
64 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum
66 * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
67 principals in creds. Should also compare them with that received
70 * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
72 (krb5_cc_destroy): call krb5_cc_close
73 (krb5_cc_retrieve_cred): delete the unused creds
75 Fri Aug 8 02:30:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
77 * lib/krb5/log.c: Allow better control of destinations of logging
78 (like passing explicit destinations, and log-functions).
80 Fri Aug 8 01:20:39 1997 Assar Westerlund <assar@sics.se>
82 * lib/krb5/get_default_principal.c: new file
84 * kpasswd/kpasswdd.c: use krb5_log*
86 Fri Aug 8 00:37:47 1997 Johan Danielsson <joda@emma.pdc.kth.se>
88 * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.
90 Fri Aug 8 00:37:17 1997 Assar Westerlund <assar@sics.se>
92 * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
93 Print password expire information.
95 * kdc/config.c: new variable `kdc_warn_pwexpire'
97 * kpasswd/kpasswd.c: converted to getarg and get_init_creds
99 Thu Aug 7 22:17:09 1997 Assar Westerlund <assar@sics.se>
101 * lib/krb5/mcache.c: new file
103 * admin/gettime.c: new function puttime. Use it.
105 * lib/krb5/keyblock.c: Added krb5_free_keyblock and
108 * lib/krb5/init_creds_pw.c: more functionality
110 * lib/krb5/creds.c: Added krb5_free_creds_contents and
111 krb5_copy_creds. Changed callers.
113 * lib/krb5/config_file.c: new functions krb5_config_get and
116 * lib/krb5/cache.c: cleanup added mcache
118 * kdc/kerberos5.c: include last-req's of type 6 and 7, if
121 Wed Aug 6 20:38:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
123 * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.
125 Tue Aug 5 22:53:54 1997 Assar Westerlund <assar@sics.se>
127 * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
128 prompter_posix.c: the beginning of an implementation of the cygnus
131 * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global
133 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
134 almost krb5_get_in_tkt but doesn't write the creds to the ccache.
135 Small fixes in krb5_get_in_tkt
137 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
140 Mon Aug 4 20:20:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
142 * kdc: Make context global.
144 Fri Aug 1 17:23:56 1997 Assar Westerlund <assar@sics.se>
148 * lib/roken/flock.c: new file
150 * kuser/kinit.c: check for and print expiry information in the
153 * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL
155 * kdc/kerberos5.c: Check the valid times on client and server.
156 Check the password expiration.
157 Check the require_preauth flag.
158 Send an lr_type == 6 with pw_end.
159 Set key.expiration to min(valid_end, pw_end)
161 * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'
163 * admin/util.c, admin/load.c: handle the new flags.
165 Fri Aug 1 16:56:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
167 * lib/hdb: Add some simple locking.
169 Sun Jul 27 04:44:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
171 * lib/krb5/log.c: Add some general logging functions.
173 * kdc/kerberos4.c: Add version 4 protocol handler. The requrement
174 for this to work is that all involved principals has a des key in
175 the database, and that the client has a version 4 (un-)salted
176 key. Furthermore krb5_425_conv_principal has to do it's job, as
177 present it's not very clever.
179 * lib/krb5/principal.c: Quick patch to make 425_conv work
182 * lib/hdb/hdb.c: Add keytype->key and next key functions.
184 Fri Jul 25 17:32:12 1997 Assar Westerlund <assar@sics.se>
186 * lib/krb5/build_auth.c (krb5_build_authenticator): don't free
187 `cksum'. It's allocated and freed by the caller
189 * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.
191 * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
192 `client' to return as part of the KRB-ERROR
194 * appl/rsh/rshd.c: implement forwarding
196 * appl/rsh/rsh.c: Use getarg. Implement forwarding.
198 Thu Jul 24 08:13:59 1997 Johan Danielsson <joda@emma.pdc.kth.se>
200 * kdc/kerberos5.c: Unseal keys from database before use.
202 * kdc/misc.c: New functions set_master_key, unseal_key and
205 * lib/roken/getarg.c: Handle `-f arg' correctly.
207 Thu Jul 24 01:54:43 1997 Assar Westerlund <assar@sics.se>
209 * kuser/kinit.c: implement `-l' aka `--lifetime'
211 * lib/roken/parse_units.c, parse_time.c: new files
213 * admin/gettime.c (gettime): use `parse_time'
215 * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
216 KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.
218 * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
219 addresses in auth_context bind one socket per interface.
221 * kpasswd/kpasswd.c: use sequence numbers
223 * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
226 * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
229 * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
232 * lib/krb5/mk_error.c (krb5_mk_error): return an error number and
233 not a comerr'd number.
235 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
236 number in KRB-ERROR correctly.
238 * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
239 number in KRB-ERROR correctly.
241 * lib/asn1/k5.asn1: Add `METHOD-DATA'
243 * removed some memory leaks.
245 Wed Jul 23 07:53:18 1997 Assar Westerlund <assar@sics.se>
249 * lib/krb5/rd_cred.c, get_for_creds.c: new files
251 * lib/krb5/get_host_realm.c: try default realm as last chance
253 * kpasswd/kpasswdd.c: updated to hdb changes
255 * appl/telnet/libtelnet/kerberos5.c: Implement forwarding
257 * appl/telnet/libtelnet: removed totally unused files
259 * admin/ank.c: fix prompts and generation of random keys
261 Wed Jul 23 04:02:32 1997 Johan Danielsson <joda@emma.pdc.kth.se>
263 * admin/dump.c: Include salt in dump.
265 * admin: Mostly updated for new db-format.
267 * kdc/kerberos5.c: Update to use new db format. Better checking of
268 flags and such. More logging.
270 * lib/hdb/hdb.c: Use generated encode and decode functions.
272 * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.
274 * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
277 Sun Jul 20 16:22:30 1997 Assar Westerlund <assar@sics.se>
279 * kuser/kinit.c: break if des_read_pw_string() != 0
281 * kpasswd/kpasswdd.c: send a reply
283 * kpasswd/kpasswd.c: restructured code. better report on
284 krb-error break if des_read_pw_string() != 0
286 * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
287 starttime and renew_till
289 * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
290 keyblock to krb5_verify_chekcsum
292 Sun Jul 20 06:35:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
296 * kpasswd/kpasswd.c: Avoid using non-standard struct names.
298 Sat Jul 19 19:26:23 1997 Assar Westerlund <assar@sics.se>
300 * lib/krb5/keytab.c (krb5_kt_get_entry): check return from
301 `krb5_kt_start_seq_get'. From <map@stacken.kth.se>
303 Sat Jul 19 04:07:39 1997 Johan Danielsson <joda@emma.pdc.kth.se>
305 * lib/asn1/k5.asn1: Update with more pa-data types from
306 draft-ietf-cat-kerberos-revisions-00.txt
308 * admin/load.c: Update to match current db-format.
310 * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
311 up. Send back an empty pa-data if the client has the v4 flag set.
313 * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
314 pa-data. DTRT if there is any pa-data in the reply.
316 * lib/krb5/str2key.c: XOR with some sane value.
318 * lib/hdb/hdb.h: Add `version 4 salted key' flag.
320 * kuser/kinit.c: Ask for password before calling get_in_tkt. This
321 makes it possible to call key_proc more than once.
323 * kdc/string2key.c: Add flags to output version 5 (DES only),
324 version 4, and AFS string-to-key of a password.
326 * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
329 Fri Jul 18 02:54:58 1997 Assar Westerlund <assar@sics.se>
331 * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
334 * kdc/misc.c: check result of hdb_open
336 * admin/kdb_edit: updated to new sl
338 * lib/sl: sl_func now returns an int. != 0 means to exit.
340 * kpasswd/kpasswdd: A crude (but somewhat working) implementation
341 of `draft-ietf-cat-kerb-chg-password-00.txt'
343 Fri Jul 18 00:55:39 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
345 * kuser/krenew.c: Crude ticket renewing program.
347 * kdc/kerberos5.c: Rewritten flags parsing, it now might work to
348 get forwarded and renewed tickets.
350 * kuser/kinit.c: Add `-r' flag.
352 * lib/krb5/get_cred.c: Move most of contents of get_creds to new
353 function get_kdc_cred, that always contacts the kdc and doesn't
354 save in the cache. This is a hack.
356 * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
359 * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.
361 * lib/krb5/send_to_kdc.c: Get timeout from context.
363 * lib/krb5/context.c: Add kdc_timeout to context struct.
365 Thu Jul 17 20:35:45 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
367 * kuser/klist.c: Print start time of ticket if available.
369 * lib/krb5/get_host_realm.c: Return error if no realm was found.
371 Thu Jul 17 20:28:21 1997 Assar Westerlund <assar@sics.se>
373 * kpasswd: non-working kpasswd added
375 Thu Jul 17 00:21:22 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
379 * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.
381 Wed Jul 16 03:37:41 1997 Johan Danielsson <joda@emma.pdc.kth.se>
383 * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.
385 * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
388 * lib/krb5/principal.c (krb5_free_principal): Check for NULL.
390 * lib/krb5/send_to_kdc.c: Check for NULL return from
393 * lib/krb5/set_default_realm.c: Try to get realm of local host if
394 no default realm is available.
396 * Remove non ASN.1 principal code.
398 Wed Jul 16 03:17:30 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
400 * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
401 error handing. Do some logging.
403 * kdc/log.c: Some simple logging facilities.
405 * kdc/misc.c (db_fetch): Take a krb5_principal.
407 * kdc/connect.c: Pass address of request to as_rep and
408 tgs_rep. Send KRB-ERROR.
410 * lib/krb5/mk_error.c: Add more fields.
412 * lib/krb5/get_cred.c: Print normal error code if no e_text is
415 Wed Jul 16 03:07:50 1997 Assar Westerlund <assar@sics.se>
417 * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
418 Change encryption type of pa_enc_timestamp to DES-CBC-MD5
420 * lib/krb5/context.c: recognize all encryption types actually
423 * lib/krb5/auth_context.c (krb5_auth_con_init): Change default
424 encryption type to `DES_CBC_MD5'
426 * lib/krb5/read_message.c, write_message.c: new files
428 Tue Jul 15 17:14:21 1997 Assar Westerlund <assar@sics.se>
430 * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.
432 * lib/error/compile_et.awk: generate a prototype for the
433 `destroy_foo_error_table' function.
435 Mon Jul 14 12:24:40 1997 Assar Westerlund <assar@sics.se>
437 * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
438 with `kerberos.REALM'
440 * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
443 * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
446 * lib/krb5/build_auth.c (krb5_build_authenticator): always
449 * lib/krb5/address.c: implement `krb5_address_order'
451 * lib/gssapi/import_name.c: Implement `gss_import_name'
453 * lib/gssapi/external.c: Use new OID
455 * lib/gssapi/encapsulate.c: New functions
456 `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed
459 * lib/gssapi/decapsulate.c: New function
460 `gssaspi_krb5_verify_header'. Changed callers.
462 * lib/asn1/gen*.c: Give tags to generated structs.
463 Use `err' and `asprintf'
465 * appl/test/gss_common.c: new file
467 * appl/test/gssapi_server.c: removed all krb5 calls
469 * appl/telnet/libtelnet/kerberos5.c: Add support for genering and
470 verifying checksums. Also start using session subkeys.
472 Mon Jul 14 12:08:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
474 * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.
476 Sun Jul 13 03:07:44 1997 Assar Westerlund <assar@sics.se>
478 * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT
480 * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
481 `DES_encrypt_key_ivec'
483 * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des
485 * kdc/kerberos5.c (tgs_rep): support keyed checksums
487 * lib/krb5/creds.c: new file
489 * lib/krb5/get_in_tkt.c: better freeing
491 * lib/krb5/context.c (krb5_free_context): more freeing
493 * lib/krb5/config_file.c: New function `krb5_config_file_free'
495 * lib/error/compile_et.awk: Generate a `destroy_' function.
497 * kuser/kinit.c, klist.c: Don't leak memory.
499 Sun Jul 13 02:46:27 1997 Johan Danielsson <joda@emma.pdc.kth.se>
501 * kdc/connect.c: Check filedescriptor in select.
503 * kdc/kerberos5.c: Remove most of the most common memory leaks.
505 * lib/krb5/rd_req.c: Free allocated data.
507 * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
510 Sun Jul 13 00:32:16 1997 Assar Westerlund <assar@sics.se>
512 * appl/telnet, appl/rsh: Conditionalize the krb4-support.
514 * configure.in: Test for krb4
516 Sat Jul 12 17:14:12 1997 Assar Westerlund <assar@sics.se>
518 * kdc/kerberos5.c: check if the pre-auth was decrypted properly.
519 set the `pre_authent' flag
521 * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.
523 * lib/krb5/encrypt.c: Made `generate_random_block' global.
525 * appl/test: Added gssapi_client and gssapi_server.
527 * lib/krb5/data.c: Add `krb5_data_zero'
529 * appl/test/tcp_client.c: try `mk_safe' and `mk_priv'
531 * appl/test/tcp_server.c: try `rd_safe' and `rd_priv'
533 Sat Jul 12 16:45:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
535 * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
536 returns zero length from SIOCGIFCONF.
538 Sat Jul 12 16:38:34 1997 Assar Westerlund <assar@sics.se>
540 * appl/test: new programs
542 * lib/krb5/rd_req.c: add address compare
544 * lib/krb5/mk_req_ext.c: allow no checksum
546 * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string
548 * lib/krb5/address.c: fix `krb5_address_compare'
550 Sat Jul 12 15:03:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
552 * lib/krb5/get_addrs.c: Fix ip4 address extraction.
554 * kuser/klist.c: Add verbose flag, and split main into smaller
557 * lib/krb5/fcache.c: Save ticket flags.
559 * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
562 * lib/krb5/krb5.h: Add ticket_flags to krb5_creds.
564 Sat Jul 12 13:12:48 1997 Assar Westerlund <assar@sics.se>
566 * configure.in: Call `AC_KRB_PROG_LN_S'
568 * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4
570 Sat Jul 12 00:57:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
572 * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
575 Fri Jul 11 15:04:22 1997 Assar Westerlund <assar@sics.se>
577 * appl/telnet: telnet & telnetd seems to be working.
579 * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
580 krb5_config_vget_next
582 * appl/telnet/libtelnet/kerberos5.c: update to current API
584 Thu Jul 10 14:54:39 1997 Assar Westerlund <assar@sics.se>
586 * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
589 * appl/telnet: Added.
591 Thu Jul 10 05:09:25 1997 Johan Danielsson <joda@emma.pdc.kth.se>
593 * lib/error/compile_et.awk: Remove usage of sub, gsub, and
594 functions for compatibility with awk.
596 * include/bits.c: Must use signed char.
598 * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
601 * lib/error/error.c: Replace krb5_get_err_text with new function
604 * lib/error/compile_et.awk: Avoid using static variables.
606 * lib/error/error.c: Don't use krb5_locl.h
608 * lib/error/error.h: Move definitions of error_table and
609 error_list from krb5.h.
611 * lib/error: Moved from lib/krb5.
613 Wed Jul 9 07:42:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
615 * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.
617 Wed Jul 9 06:58:00 1997 Assar Westerlund <assar@sics.se>
619 * appl/rsh/rsh.c: use the correct user for the checksum
621 * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
622 according to pseudocode from 1510
624 Wed Jul 9 06:06:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
626 * lib/hdb/hdb.c: Add hdb_etype2key.
628 * kdc/kerberos5.c: Check authenticator. Use more general etype
631 Wed Jul 9 03:51:12 1997 Assar Westerlund <assar@sics.se>
633 * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
634 draft-ietf-cat-kerberos-r-00.txt
636 * lib/krb5/principal.c (krb5_parse_name): default to local realm
639 * kuser/kinit.c: New option `-p' and prompt
641 Wed Jul 9 02:30:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
643 * lib/krb5/keyblock.c: Keyblock generation functions.
645 * lib/krb5/encrypt.c: Use functions from checksum.c.
647 * lib/krb5/checksum.c: Move checksum functions here. Add
648 krb5_cksumsize function.
650 Wed Jul 9 01:15:38 1997 Assar Westerlund <assar@sics.se>
652 * lib/krb5/get_host_realm.c: implemented
654 * lib/krb5/config_file.c: Redid part. New functions:
655 krb5_config_v?get_next
657 * kuser/kdestroy.c: new program
659 * kuser/kinit.c: new flag `-f'
661 * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress
663 * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN
665 * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all
668 * lib/krb5/get_addrs.c: figure out all local addresses, possibly
671 * lib/krb5/checksum.c: table-driven checksum
673 Mon Jul 7 21:13:28 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
675 * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
678 Mon Jul 7 11:15:51 1997 Assar Westerlund <assar@sics.se>
680 * lib/roken/vsyslog.c: new file
682 * lib/krb5/encrypt.c: add des-cbc-md4.
683 adjust krb5_encrypt and krb5_decrypt to reality
685 * appl/rsh/rshd.c: Now works. Also implementd encryption and
688 * appl/rsh/common.c: new file
690 Mon Jul 7 02:46:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
692 * lib/krb5/encrypt.c: Implement as a vector of function pointers.
694 * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
695 des-cbc-md5 in separate functions.
697 * lib/krb5/krb5.h: Add more checksum and encryption types.
699 * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.
701 Sun Jul 6 23:02:59 1997 Assar Westerlund <assar@sics.se>
703 * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files
705 * lib/krb5/config_file.[ch]: new c-based configuration reading
708 Wed Jul 2 23:12:56 1997 Assar Westerlund <assar@sics.se>
710 * configure.in: Set WFLAGS if using gcc
712 Wed Jul 2 17:47:03 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
714 * lib/asn1/der_put.c (der_put_int): Return size correctly.
716 * admin/ank.c: Be compatible with the asn1 principal format.
718 Wed Jul 1 23:52:20 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
720 * lib/asn1: Now all decode_* and encode_* functions now take a
721 final size_t* argument, that they return the size in. Return
722 values are zero for success, and anything else (such as some
723 ASN1_* constant) for error.
725 Mon Jun 30 06:08:14 1997 Assar Westerlund <assar@sics.se>
727 * appl/rsh: New program.
729 * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
732 * lib/krb5/get_cred.c: removed stale prototype for
733 `extract_ticket' and corrected call.
735 * lib/asn1/gen_length.c (length_type): Make the length functions
736 for SequenceOf non-destructive
738 * admin/ank.c (doit): Fix reading of `y/n'.
740 Mon Jun 16 05:41:43 1997 Assar Westerlund <assar@sics.se>
742 * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number
744 * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.
746 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
747 KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum.
749 * lib/gssapi/8003.c: New file.
751 * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
754 * lib/krb5/auth_context.c: New functions
755 `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'
757 Tue Jun 10 00:35:54 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
759 * lib/krb5: Preapre for use of some asn1-types.
761 * lib/asn1/*.c (copy_*): Constness.
763 * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
766 * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
769 * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
770 have anything to do with asn1_compile.
772 * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.
774 Sun Jun 8 03:51:55 1997 Assar Westerlund <assar@sics.se>
776 * kdc/kerberos5.c: Fix PA-ENC-TS-ENC
778 * kdc/connect.c(process_request): Set `new'
780 * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.
782 * lib: Added editline,sl,roken.
784 Mon Jun 2 00:37:48 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
786 * lib/krb5/fcache.c: Move file cache from cache.c.
788 * lib/krb5/cache.c: Allow more than one cache type.
790 Sun Jun 1 23:45:33 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
792 * admin/extkeytab.c: Merged with kdb_edit.
794 Sun Jun 1 23:23:08 1997 Assar Westerlund <assar@sics.se>
796 * kdc/kdc.c: more support for ENC-TS-ENC
798 * lib/krb5/get_in_tkt.c: redone to enable pre-authentication
800 Sun Jun 1 22:45:11 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
802 * lib/hdb/db.c: Merge fetch and store.
804 * admin: Merge to one program.
806 * lib/krb5/str2key.c: Fill in keytype and length.
808 Sun Jun 1 16:31:23 1997 Assar Westerlund <assar@sics.se>
810 * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
811 lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
812 KRB5_AUTH_CONTEXT_DO_SEQUENCE
814 * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
815 KRB_ERROR. Some support for PA_ENC_TS_ENC.
817 * lib/krb5/auth_context.c: implemented seq_number functions
819 * lib/krb5/generate_subkey.c, generate_seq_number.c: new files
821 * lib/gssapi/gssapi.h: avoid including <krb5.h>
823 * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
826 * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP
828 * configure.in: adapted to automake 1.1p
830 Mon May 26 22:26:21 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
832 * lib/krb5/principal.c: Add contexts to many functions.
834 Thu May 15 20:25:37 1997 Johan Danielsson <joda@emma.pdc.kth.se>
836 * lib/krb5/verify_user.c: First stab at a verify user.
838 * lib/auth/sia/sia5.c: SIA module for Kerberos 5.
840 Mon Apr 14 00:09:03 1997 Assar Westerlund <assar@sics.se>
842 * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
843 able to (mostly) run gss-client and gss-server.
845 * lib/krb5/keytab.c: implemented krb5_kt_add_entry,
846 krb5_kt_store_principal, krb5_kt_store_keyblock
848 * lib/des/md5.[ch], sha.[ch]: new files
850 * lib/asn1/der_get.c (generalizedtime2time): use `timegm'
852 * lib/asn1/timegm.c: new file
854 * admin/extkeytab.c: new program
856 * admin/admin_locl.h: new file
858 * admin/Makefile.am: Added extkeytab
860 * configure.in: moved config to include
861 removed timezone garbage
862 added lib/gssapi and admin
864 * Makefile.am: Added admin
866 Mon Mar 17 11:34:05 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
868 * kdc/kdc.c: Use new copying functions, and free some data.
870 * lib/asn1/Makefile.am: Try to not always rebuild generated files.
872 * lib/asn1/der_put.c: Add fix_dce().
874 * lib/asn1/der_{get,length,put}.c: Fix include files.
876 * lib/asn1/der_free.c: Remove unused functions.
878 * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
879 gen_length, and gen_copy.
881 Sun Mar 16 18:13:52 1997 Assar Westerlund <assar@sics.se>
883 * lib/krb5/sendauth.c: implemented functionality
885 * lib/krb5/rd_rep.c: Use `krb5_decrypt'
887 * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
890 * lib/krb5/principal.c (krb5_free_principal): added `context'
891 argument. Changed all callers.
893 (krb5_sname_to_principal): new function
895 * lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
896 argument. Changed all callers
898 * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files
900 * lib/asn1/gen.c: Fix encoding and decoding of BitStrings
902 Fri Mar 14 11:29:00 1997 Assar Westerlund <assar@sics.se>
904 * configure.in: look for *dbm?
906 * lib/asn1/gen.c: Fix filename in generated files. Check fopens.
907 Put trailing newline in asn1_files.
909 Fri Mar 14 05:06:44 1997 Johan Danielsson <joda@emma.pdc.kth.se>
911 * lib/krb5/get_in_tkt.c: Fix some memory leaks.
913 * lib/krb5/krbhst.c: Properly free hostlist.
915 * lib/krb5/decrypt.c: CRCs are 32 bits.
917 Fri Mar 14 04:39:15 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
919 * lib/asn1/gen.c: Generate one file for each type.
921 Fri Mar 14 04:13:47 1997 Assar Westerlund <assar@sics.se>
923 * lib/asn1/gen.c: Generate `length_FOO' functions
925 * lib/asn1/der_length.c: new file
927 * kuser/klist.c: renamed stime -> printable_time to avoid conflict
930 Fri Mar 14 03:37:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
932 * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
933 datums. Don't add .db to filename.
935 Fri Mar 14 02:49:51 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
937 * kdc/dump.c: Database dump program.
939 * kdc/ank.c: Trivial database editing program.
941 * kdc/{kdc.c, load.c}: Use libhdb.
943 * lib/hdb: New database routine library.
945 * lib/krb5/error/Makefile.am: Add hdb_err.
947 Wed Mar 12 17:41:14 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
949 * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.
951 * lib/asn1/gen.c: Generate free functions.
953 * Some specific free functions.
955 Wed Mar 12 12:30:13 1997 Assar Westerlund <assar@sics.se>
957 * lib/krb5/krb5_mk_req_ext.c: new file
959 * lib/asn1/gen.c: optimize the case with a simple type
961 * lib/krb5/get_cred.c (krb5_get_credentials): Use
962 `mk_req_extended' and remove old code.
964 * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
965 EncASRepPart, then with an EncTGSRepPart.
967 Wed Mar 12 08:26:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
969 * lib/krb5/store_emem.c: New resizable memory storage.
971 * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c
973 * lib/krb5/krb5.h: Add free entry to krb5_storage.
975 * lib/krb5/decrypt.c: Make keyblock const.
977 Tue Mar 11 20:22:17 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
979 * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.
981 * lib/krb5/rd_req.c: Return whole asn.1 ticket in
984 * lib/krb5/get_in_tkt.c: TGS -> AS
986 * kuser/kfoo.c: Print error string rather than number.
988 * kdc/kdc.c: Some kind of non-working TGS support.
990 Mon Mar 10 01:43:22 1997 Assar Westerlund <assar@sics.se>
992 * lib/asn1/gen.c: reduced generated code by 1/5
994 * lib/asn1/der_put.c: (der_put_length_and_tag): new function
996 * lib/asn1/der_get.c (der_match_tag_and_length): new function
998 * lib/asn1/der.h: added prototypes
1000 Mon Mar 10 01:15:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
1002 * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
1003 krb5_rd_req_with_keyblock.
1005 * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
1006 takes a precomputed keyblock.
1008 * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.
1010 * lib/krb5/mk_req.c: Calculate checksum of in_data.
1012 Sun Mar 9 21:17:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
1014 * lib/krb5/error/compile_et.awk: Add a declaration of struct
1015 error_list, and multiple inclusion block to header files.
1017 Sun Mar 9 21:01:12 1997 Assar Westerlund <assar@sics.se>
1019 * lib/krb5/rd_req.c: do some checks on times
1021 * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
1022 address.c}: new files
1024 * lib/krb5/auth_context.c: more code
1026 * configure.in: try to figure out timezone
1028 Sat Mar 8 11:41:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
1030 * lib/krb5/error/error.c: Try strerror if error code wasn't found.
1032 * lib/krb5/get_in_tkt.c: Remove realm parameter from
1035 * lib/krb5/context.c: Initialize error table.
1037 * kdc: The beginnings of a kdc.
1039 Sat Mar 8 08:16:28 1997 Assar Westerlund <assar@sics.se>
1041 * lib/krb5/rd_safe.c: new file
1043 * lib/krb5/checksum.c (krb5_verify_checksum): New function
1045 * lib/krb5/get_cred.c: use krb5_create_checksum
1047 * lib/krb5/checksum.c: new file
1049 * lib/krb5/store.c: no more arithmetic with void*
1051 * lib/krb5/cache.c: now seems to work again
1053 Sat Mar 8 06:58:09 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
1055 * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.
1057 * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.
1059 * lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
1061 * lib/krb5/{cache,keytab}.c: Use new storage functions.
1063 * lib/krb5/krb5.h: Protypes for new storage functions.
1065 * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
1066 data to more than file descriptors.
1068 Sat Mar 8 01:01:17 1997 Assar Westerlund <assar@sics.se>
1070 * lib/krb5/encrypt.c: New file.
1072 * lib/krb5/Makefile.am: More -I
1074 * configure.in: Test for big endian, random, rand, setitimer
1076 * lib/asn1/gen.c: perhaps even decodes bitstrings
1078 Thu Mar 6 19:05:29 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
1080 * lib/krb5/config_file.y: Better return values on error.
1082 Sat Feb 8 15:59:56 1997 Assar Westerlund <assar@pdc.kth.se>
1084 * lib/asn1/parse.y: ifdef HAVE_STRDUP
1086 * lib/asn1/lex.l: ifdef strdup
1087 brange-dead version of list of special characters to make stupid
1090 * lib/asn1/gen.c: A DER integer should really be a `unsigned'
1092 * lib/asn1/der_put.c: A DER integer should really be a `unsigned'
1094 * lib/asn1/der_get.c: A DER integer should really be a `unsigned'
1096 * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
1099 * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
1100 lib/krb/store.h: new files.
1102 * lib/krb5/keytab.c: now even with some functionality.
1104 * lib/asn1/gen.c: changed paramater from void * to Foo *
1106 * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
1109 Sun Jan 19 06:17:39 1997 Assar Westerlund <assar@pdc.kth.se>
1111 * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
1112 cc before getting new ones.
1114 * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.
1116 * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
1117 CRC should be stored LSW first. (?)
1119 * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
1120 `krb5_free_keyblock'
1122 * lib/**/Makefile.am: Rename foo libfoo.a
1124 * include/Makefile.in: Use test instead of [
1125 -e does not work with /bin/sh on psoriasis
1127 * configure.in: Search for awk
1128 create lib/krb/error/compile_et
1130 Tue Jan 14 03:46:26 1997 Assar Westerlund <assar@pdc.kth.se>
1132 * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c
1134 Wed Dec 18 00:53:55 1996 Johan Danielsson <joda@emma.pdc.kth.se>
1136 * kuser/kinit.c: Guess principal.
1138 * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
1141 * lib/krb5/error/asn1_err.et: Add ASN.1 error messages.
1143 * lib/krb5/mk_req.c: Get client from cache.
1145 * lib/krb5/cache.c: Add better error checking some useful return
1148 * lib/krb5/krb5.h: Fix krb5_auth_context.
1150 * lib/asn1/der.h: Make krb5_data compatible with krb5.h
1152 Tue Dec 17 01:32:36 1996 Johan Danielsson <joda@emma.pdc.kth.se>
1154 * lib/krb5/error: Add primitive error library.
1156 Mon Dec 16 16:30:20 1996 Johan Danielsson <joda@emma.pdc.kth.se>
1158 * lib/krb5/cache.c: Get correct address type from cache.
1160 * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.