1 2000-09-20 Assar Westerlund <assar@juguete.sics.se>
5 2000-09-19 Assar Westerlund <assar@sics.se>
7 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
10 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 6:2:0
12 2000-09-17 Assar Westerlund <assar@sics.se>
14 * lib/krb5/rd_req.c (krb5_decrypt_ticket): plug some memory leak
15 (krb5_rd_req): try not to return an allocated auth_context on error
17 * lib/krb5/log.c (krb5_vlog_msg): fix const-ness
19 2000-09-10 Assar Westerlund <assar@sics.se>
21 * kdc/524.c: re-organize
22 * kdc/kerberos5.c (tgs_rep2): try to avoid leaking auth_context
23 * kdc/kerberos4.c (valid_princ): check return value of functions
24 (encode_v4_ticket): add some const
25 * kdc/misc.c (db_fetch): check malloc
26 (free_ent): new function
28 * lib/krb5/log.c (krb5_vlog_msg): log just the format string it we
29 fail to allocate the actual string to log, should at least provide
30 some hint as to where things went wrong
32 2000-09-10 Johan Danielsson <joda@pdc.kth.se>
34 * kdc/log.c: use DEFAULT_LOG_DEST
36 * kdc/config.c: use _PATH_KDC_CONF
38 * kdc/kdc_locl.h: add macro constants for kdc.conf, and kdc.log
40 2000-09-09 Assar Westerlund <assar@sics.se>
42 * lib/krb5/crypto.c (_key_schedule): re-use an existing schedule
44 2000-09-06 Johan Danielsson <joda@pdc.kth.se>
46 * configure.in: fix dpagaix test
48 2000-09-05 Assar Westerlund <assar@sics.se>
50 * configure.in: with_dce -> enable_dce. noticed by Ake Sandgren
53 2000-09-01 Johan Danielsson <joda@pdc.kth.se>
55 * kdc/kstash.8: update manual page
57 * kdc/kstash.c: fix typo, and remove unused option
59 * lib/krb5/kerberos.7: short kerberos intro page
61 2000-08-27 Assar Westerlund <assar@sics.se>
63 * include/bits.c: add __attribute__ for gcc's pleasure
64 * lib/hdb/keytab.c: re-write to delay the opening of the database
65 till it's known which principal is being sought, thereby allowing
66 the usage of multiple databases, however they need to be specified
67 in /etc/krb5.conf since all the programs using this keytab do not
70 * appl/test/test_locl.h (keytab): add
71 * appl/test/common.c: add --keytab
72 * lib/krb5/crypto.c: remove trailing commas
73 (KRB5_KU_USAGE_SEQ): renamed from KRB5_KU_USAGE_MIC
75 2000-08-26 Assar Westerlund <assar@sics.se>
77 * lib/krb5/send_to_kdc.c (send_via_proxy): handle `http://' at the
78 beginning of the proxy specification. use getaddrinfo correctly
79 (krb5_sendto): always return a return code
81 * lib/krb5/krb5.h (KRB5_KU_USAGE_MIC): rename to KRB5_KU_USAGE_SEQ
82 * lib/krb5/auth_context.c (krb5_auth_con_free): handle
85 2000-08-23 Assar Westerlund <assar@sics.se>
87 * kdc/kerberos5.c (find_type): make sure of always setting
88 `ret_etype' correctly. clean-up structure some
90 2000-08-23 Johan Danielsson <joda@pdc.kth.se>
92 * lib/krb5/mcache.c: implement resolve
94 2000-08-18 Assar Westerlund <assar@sics.se>
96 * kuser/kdecode_ticket.c: check return value from krb5_crypto_init
97 * kdc/kerberos5.c, kdc/524.c: check return value from krb5_crypto_init
98 * lib/krb5/*.c: check return value from krb5_crypto_init
100 2000-08-16 Assar Westerlund <assar@sics.se>
104 2000-08-16 Assar Westerlund <assar@sics.se>
106 * lib/krb5/Makefile.am: bump version to 13:0:0
108 * lib/hdb/Makefile.am: set version to 6:1:0
110 * configure.in: do getmsg testing the same way as in krb4
112 * lib/krb5/config_file.c (krb5_config_parse_file_debug): make sure
113 of closing the file on error
115 * lib/krb5/crypto.c (encrypt_internal_derived): free the checksum
118 * lib/krb5/warn.c (_warnerr): initialize args to make third,
121 2000-08-13 Assar Westerlund <assar@sics.se>
123 * kdc/kerberos5.c: re-write search for keys code. loop over all
124 supported enctypes in order, looping over all keys of each type,
125 and picking the one with the v5 default salt preferably
127 2000-08-10 Assar Westerlund <assar@sics.se>
129 * appl/test/gss_common.c (enet_read): add and use
130 * lib/krb5/krb5.h (heimdal_version, heimdal_long_version): make
133 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): add comment on
134 checksum type selection
136 * lib/krb5/context.c (krb5_init_context): do not leak memory on
138 (default_etypes): prefer arcfour-hmac-md5 to des-cbc-md5
140 * lib/krb5/principal.c: add fnmatch.h
142 2000-08-09 Assar Westerlund <assar@sics.se>
144 * configure.in: call AC_PROG_CC and AC_PROG_CPP to make sure later
145 checks that should require them don't fail
146 * acconfig.h: add HAVE_UINT17_T
148 2000-08-09 Johan Danielsson <joda@pdc.kth.se>
150 * kdc/mit_dump.c: handle all sorts of weird MIT salt types
152 2000-08-08 Johan Danielsson <joda@pdc.kth.se>
154 * doc/setup.texi: port 212 -> 2121
156 * lib/krb5/principal.c: krb5_principal_match
158 2000-08-04 Johan Danielsson <joda@pdc.kth.se>
160 * lib/asn1/der_get.c: add comment on *why* DCE sometimes used BER
163 * kpasswd/Makefile.am: link with pidfile library
165 * kpasswd/kpasswdd.c: write a pid file
167 * kpasswd/kpasswd_locl.h: util.h
169 * kdc/Makefile.am: link with pidfile library
171 * kdc/main.c: write a pid file
173 * kdc/headers.h: util.h
175 2000-08-04 Assar Westerlund <assar@sics.se>
177 * lib/krb5/principal.c (krb5_425_conv_principal_ext): always put
178 hostnames in lower case
179 (default_v4_name_convert): add imap
181 2000-08-03 Assar Westerlund <assar@sics.se>
183 * lib/krb5/crc.c (_krb5_crc_update): const-ize (finally)
185 2000-07-31 Johan Danielsson <joda@pdc.kth.se>
187 * configure.in: check for uint*_t
188 * include/bits.c: define uint*_t
190 2000-07-29 Assar Westerlund <assar@sics.se>
192 * kdc/kerberos5.c (check_tgs_flags): set endtime correctly when
193 renewing, From Derrick J Brashear <shadow@dementia.org>
195 2000-07-28 Assar Westerlund <assar@juguete.sics.se>
199 2000-07-27 Assar Westerlund <assar@sics.se>
201 * kdc/hprop.c (dump_database): write an empty message to signal
204 2000-07-26 Assar Westerlund <assar@sics.se>
206 * lib/krb5/changepw.c (krb5_change_password): try to be more
207 careful when not to resend
209 * lib/hdb/db3.c: always create a cursor with db3. From Derrick J
210 Brashear <shadow@dementia.org>
212 2000-07-25 Johan Danielsson <joda@pdc.kth.se>
214 * lib/hdb/Makefile.am: bump version to 6:0:0
216 * lib/asn1/Makefile.am: bump version to 3:0:1
218 * lib/krb5/Makefile.am: bump version to 12:0:1
220 * lib/krb5/krb5_config.3: manpage
222 * lib/krb5/krb5_appdefault.3: manpage
224 * lib/krb5/appdefault.c: implementation of the krb5_appdefault set
227 2000-07-23 Assar Westerlund <assar@sics.se>
229 * lib/krb5/init_creds_pw.c (change_password): reset forwardable
230 and proxiable. copy preauthentication list correctly from
233 * kdc/hpropd.c (main): check that the ticket was for `hprop/' for
236 * lib/krb5/sock_principal.c (krb5_sock_to_principal): look in
237 aliases for the real name
239 2000-07-22 Johan Danielsson <joda@pdc.kth.se>
241 * doc/setup.texi: say something about starting kadmind from the
244 2000-07-22 Assar Westerlund <assar@sics.se>
246 * kpasswd/kpasswdd.c: use kadm5_s_chpass_principal_cond instead of
249 * lib/krb5/changepw.c (krb5_change_password): make timeout 1 +
250 2^{0,1,...}. also keep track if we got an old packet back and
251 then just wait without sending a new packet
252 * lib/krb5/changepw.c: use a datagram socket and remove the
254 * lib/krb5/changepw.c (krb5_change_password): clarify an
255 expression, avoiding a warning
257 2000-07-22 Johan Danielsson <joda@pdc.kth.se>
259 * kuser/klist.c: make -a and -n aliases for -v
261 * lib/krb5/write_message.c: ws
263 * kdc/hprop-common.c: nuke extra definitions of
264 krb5_read_priv_message et.al
266 * lib/krb5/read_message.c (krb5_read_message): return error if EOF
268 2000-07-20 Assar Westerlund <assar@sics.se>
270 * kpasswd/kpasswd.c: print usage consistently
271 * kdc/hprop.h (HPROP_KEYTAB): use HDB for the keytab
272 * kdc/hpropd.c: add --keytab
273 * kdc/hpropd.c: don't care what principal we recvauth as
275 * lib/krb5/get_cred.c: be more careful of not returning creds at
276 all when an error is returned
277 * lib/krb5/fcache.c (fcc_gen_new): do mkstemp correctly
279 2000-07-19 Johan Danielsson <joda@pdc.kth.se>
281 * fix-export: use autoreconf
283 * configure.in: remove stuff that belong in roken, and remove some
286 2000-07-18 Johan Danielsson <joda@pdc.kth.se>
288 * configure.in: fix some typos
290 * appl/Makefile.am: dceutil*s*
292 * missing: update to missing from automake 1.4a
294 2000-07-17 Johan Danielsson <joda@pdc.kth.se>
296 * configure.in: try to get xlc flags from ibmcxx.cfg use
297 conditional for X use readline cf macro
299 * configure.in: subst AIX compiler flags
301 2000-07-15 Johan Danielsson <joda@pdc.kth.se>
303 * configure.in: pass sixth parameter to test-package; use some
304 newer autoconf constructs
306 * ltmain.sh: update to libtool 1.3c
308 * ltconfig: update to libtool 1.3c
310 * configure.in: update this to newer auto*/libtool
312 * appl/Makefile.am: use conditional for dce
314 * lib/Makefile.am: use conditional for dce
316 2000-07-11 Johan Danielsson <joda@pdc.kth.se>
318 * lib/krb5/write_message.c: krb5_write_{priv,save}_message
319 * lib/krb5/read_message.c: krb5_read_{priv,save}_message
320 * lib/krb5/convert_creds.c: try port kerberos/88 if no response on
323 * lib/krb5/convert_creds.c: use krb5_sendto
325 * lib/krb5/send_to_kdc.c: add more generic krb5_sendto that send
326 to a port at arbitrary list of hosts
328 2000-07-10 Johan Danielsson <joda@pdc.kth.se>
330 * doc/misc.texi: language; say something about kadmin del_enctype
332 2000-07-10 Assar Westerlund <assar@sics.se>
334 * appl/kf/Makefile.am: actually install
336 2000-07-08 Assar Westerlund <assar@sics.se>
338 * configure.in (AM_INIT_AUTOMAKE): bump to 0.3a-pre
339 (AC_ROKEN): roken is now at 10
341 * lib/krb5/string-to-key-test.c: add a arcfour-hmac-md5 test case
342 * kdc/Makefile.am (INCLUDES): add ../lib/krb5
343 * configure.in: update for standalone roken
344 * lib/Makefile.am (SUBDIRS): make roken conditional
345 * kdc/hprop.c: update to new hdb_seal_keys_mkey
346 * lib/hdb/mkey.c (_hdb_unseal_keys_int, _hdb_seal_keys_int):
347 rename and export them
349 * kdc/headers.h: add krb5_locl.h (since we just use some stuff
352 2000-07-08 Johan Danielsson <joda@pdc.kth.se>
354 * kuser/klist.1: update for -f and add some more text for -v
356 * kuser/klist.c: use rtbl to format cred listing, add -f and -s
358 * lib/krb5/crypto.c: fix type in des3-cbc-none
360 * lib/hdb/mkey.c: add key usage
362 * kdc/kstash.c: remove writing of old keyfile, and treat
363 --convert-file as just reading and writing the keyfile without
366 * lib/hdb/mkey.c (read_master_encryptionkey): handle old keytype
367 based files, and convert the key to cfb64
369 * lib/hdb/mkey.c (hdb_read_master_key): set mkey to NULL before
372 * lib/krb5/send_to_kdc.c: use krb5_eai_to_heim_errno
374 * lib/krb5/get_for_creds.c: use krb5_eai_to_heim_errno
376 * lib/krb5/changepw.c: use krb5_eai_to_heim_errno
378 * lib/krb5/addr_families.c: use krb5_eai_to_heim_errno
380 * lib/krb5/eai_to_heim_errno.c: convert getaddrinfo error codes to
381 something that can be passed to get_err_text
383 2000-07-07 Assar Westerlund <assar@sics.se>
385 * lib/hdb/hdb.c (hdb_next_enctype2key): make sure of skipping
388 * kdc/kerberos4.c (get_des_key): rewrite some, be more careful
390 2000-07-06 Assar Westerlund <assar@sics.se>
392 * kdc/kerberos5.c (as_rep): be careful as to now overflowing when
393 calculating the end of lifetime of a ticket.
395 * lib/krb5/context.c (default_etypes): add ETYPE_ARCFOUR_HMAC_MD5
397 * lib/hdb/db3.c: only use a cursor when needed, from Derrick J
398 Brashear <shadow@dementia.org>
400 * lib/krb5/crypto.c: introduce the `special' encryption methods
401 that are not like all other encryption methods and implement
404 2000-07-05 Johan Danielsson <joda@pdc.kth.se>
406 * kdc/mit_dump.c: set initial master key version number to 0
407 instead of 1; if we lated bump the mkvno we don't risk using the
410 * kdc/hprop.c: only get master key if we're actually going to use
411 it; enable reading of MIT krb5 dump files
413 * kdc/mit_dump.c: read MIT krb5 dump files
415 * lib/hdb/mkey.c (read_master_mit): fix this
417 * kdc/kstash.c: make this work with the new mkey code
419 * lib/hdb/Makefile.am: add mkey.c, and bump version number
421 * lib/hdb/hdb.h: rewrite master key handling
423 * lib/hdb/mkey.c: rewrite master key handling
425 * lib/krb5/crypto.c: add some more pseudo crypto types
427 * lib/krb5/krb5.h: change some funny etypes to use negative
428 numbers, and add some more
430 2000-07-04 Assar Westerlund <assar@sics.se>
432 * lib/krb5/krbhst.c (get_krbhst): only try SRV lookup if there are
433 none in the configuration file
435 2000-07-02 Assar Westerlund <assar@sics.se>
437 * lib/krb5/keytab_keyfile.c (akf_add_entry): remove unused
440 * kpasswd/kpasswd-generator.c: new test program
441 * kpasswd/Makefile.am: add kpasswd-generator
443 * include/Makefile.am (CLEANFILES): add rc4.h
445 * kuser/generate-requests.c: new test program
446 * kuser/Makefile.am (noinst_PROGRAMS): add generate-requests
448 2000-07-01 Assar Westerlund <assar@sics.se>
450 * configure.in: add --enable-dce and related stuff
451 * appl/Makefile.am (SUBDIRS): add $(APPL_dce)
453 2000-06-29 Assar Westerlund <assar@sics.se>
455 * kdc/kerberos4.c (get_des_key): fix thinkos/typos
457 2000-06-29 Johan Danielsson <joda@pdc.kth.se>
459 * admin/purge.c: use parse_time to parse age
461 * lib/krb5/log.c (krb5_vlog_msg): use krb5_format_time
463 * admin/list.c: add printing of timestamp and key data; some
466 * lib/krb5/time.c (krb5_format_time): new function to format time
468 * lib/krb5/context.c (init_context_from_config_file): init
469 date_fmt, also do some cleanup
471 * lib/krb5/krb5.h: add date_fmt to context
473 2000-06-28 Johan Danielsson <joda@pdc.kth.se>
475 * kdc/{kerberos4,kaserver,524}.c (get_des_key): change to return
476 v4 or afs keys if possible
478 2000-06-25 Johan Danielsson <joda@pdc.kth.se>
480 * kdc/hprop.c (ka_convert): allow using null salt, and treat 0
481 pw_expire as never (from Derrick Brashear)
483 2000-06-24 Johan Danielsson <joda@pdc.kth.se>
485 * kdc/connect.c (add_standard_ports): only listen to port 750 if
488 2000-06-22 Assar Westerlund <assar@sics.se>
490 * lib/asn1/lex.l: fix includes, and lex stuff
491 * lib/asn1/lex.h (error_message): update prototype
493 * lib/asn1/gen_length.c (length_type): fail on malloc error
494 * lib/asn1/gen_decode.c (decode_type): fail on malloc error
496 2000-06-21 Assar Westerlund <assar@sics.se>
498 * lib/krb5/get_for_creds.c: be more compatible with MIT code.
499 From Daniel Kouril <kouril@ics.muni.cz>
500 * lib/krb5/rd_cred.c: be more compatible with MIT code. From
501 Daniel Kouril <kouril@ics.muni.cz>
502 * kdc/kerberos5.c (get_pa_etype_info): do not set salttype if it's
503 vanilla pw-salt, that keeps win2k happy. also do the malloc check
504 correctly. From Daniel Kouril <kouril@ics.muni.cz>
506 2000-06-21 Johan Danielsson <joda@pdc.kth.se>
508 * kdc/hprop.c: add hdb keytabs
510 2000-06-20 Johan Danielsson <joda@pdc.kth.se>
512 * lib/krb5/principal.c: back out rev. 1.64
514 2000-06-19 Johan Danielsson <joda@pdc.kth.se>
516 * kdc/kerberos5.c: pa_* -> KRB5_PADATA_*
518 * kdc/hpropd.c: add realm override flag
520 * kdc/v4_dump.c: code for reading krb4 dump files
522 * kdc/hprop.c: generalize source database handing, add support for
523 non-standard local realms (from by Daniel Kouril
524 <kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>), and
525 support for using different ports (requested by the Czechs, but
526 implemented differently)
528 * lib/krb5/get_cred.c: pa_* -> KRB5_PADATA_*
530 * lib/krb5/get_in_tkt.c: pa_* -> KRB5_PADATA_*
532 * lib/krb5/krb5.h: use some definitions from asn1.h
534 * lib/hdb/hdb.asn1: use new import syntax
536 * lib/asn1/k5.asn1: use distinguished value integers
538 * lib/asn1/gen_length.c: support for distinguished value integers
540 * lib/asn1/gen_encode.c: support for distinguished value integers
542 * lib/asn1/gen_decode.c: support for distinguished value integers
544 * lib/asn1/gen.c: support for distinguished value integers
546 * lib/asn1/lex.l: add support for more standards like import
549 * lib/asn1/parse.y: add support for more standards like import
550 statements, and distinguished value integers
552 2000-06-11 Assar Westerlund <assar@sics.se>
554 * lib/krb5/get_for_creds.c (add_addrs): ignore addresses of
556 * lib/krb5/get_for_creds.c (add_addrs): zero memory before
557 starting to copy memory
559 2000-06-10 Assar Westerlund <assar@sics.se>
561 * lib/krb5/test_get_addrs.c: test program for get_addrs
562 * lib/krb5/get_addrs.c (find_all_addresses): remember to add in
563 the size of ifr->ifr_name when using SA_LEN. noticed by Ken
564 Raeburn <raeburn@MIT.EDU>
566 2000-06-07 Assar Westerlund <assar@sics.se>
568 * configure.in: add db3 detection stuff do not use streamsptys on
570 * lib/hdb/hdb.h (HDB): add dbc for db3
571 * kdc/connect.c (add_standard_ports): also listen on krb524 aka
573 * etc/services.append (krb524): add
574 * lib/hdb/db3.c: add berkeley db3 interface. contributed by
575 Derrick J Brashear <shadow@dementia.org>
576 * lib/hdb/hdb.h (struct HDB): add
578 2000-06-07 Johan Danielsson <joda@pdc.kth.se>
580 * kdc/524.c: if 524 is not enabled, just generate error reply and
583 * kdc/kerberos4.c: if v4 is not enabled, just generate error reply
586 * kdc/connect.c: only listen to port 4444 if 524 is enabled
588 * kdc/config.c: add options to enable/disable v4 and 524 requests
590 2000-06-06 Johan Danielsson <joda@pdc.kth.se>
592 * kdc/524.c: handle non-existant server principals (from Daniel
595 2000-06-03 Assar Westerlund <assar@sics.se>
597 * admin/ktutil.c: print name when failing to open keytab
599 * kuser/kinit.c: try also to fallback to v4 when no KDC is found
601 2000-05-28 Assar Westerlund <assar@sics.se>
603 * kuser/klist.c: continue even we have no v5 ccache. make showing
604 your krb4 tickets the default (if build with krb4 support)
605 * kuser/kinit.c: add a fallback that tries to get a v4 ticket if
606 built with krb4 support and we got back a version error from the
609 2000-05-23 Johan Danielsson <joda@pdc.kth.se>
611 * lib/krb5/keytab_keyfile.c: make this actually work
613 2000-05-19 Assar Westerlund <assar@sics.se>
615 * lib/krb5/store_emem.c (emem_store): make it write-compatible
616 * lib/krb5/store_fd.c (fd_store): make it write-compatible
617 * lib/krb5/store_mem.c (mem_store): make it write-compatible
618 * lib/krb5/krb5.h (krb5_storage): make store write-compatible
620 2000-05-18 Assar Westerlund <assar@sics.se>
622 * configure.in: add stdio.h in dbopen test
624 2000-05-16 Assar Westerlund <assar@assaris.sics.se>
628 2000-05-16 Assar Westerlund <assar@sics.se>
630 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:1:0
631 * lib/krb5/fcache.c: fix second lseek
632 * lib/krb5/principal.c (krb5_524_conv_principal): fix typo
634 2000-05-15 Assar Westerlund <assar@sics.se>
638 2000-05-15 Assar Westerlund <assar@sics.se>
640 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:0:0
641 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 4:2:1
642 * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump to 2:0:0
643 * lib/krb5/principal.c (krb5_524_conv_principal): comment-ize, and
644 simplify string copying
646 2000-05-12 Assar Westerlund <assar@sics.se>
648 * lib/krb5/fcache.c (scrub_file): new function
649 (erase_file): re-write, use scrub_file
650 * lib/krb5/krb5.h (KRB5_DEFAULT_CCFILE_ROOT): add
652 * configure.in (dbopen): add header files
654 * lib/krb5/krb5.h (krb5_key_usage): add some more
655 * lib/krb5/fcache.c (erase_file): try to detect symlink games.
657 * lib/krb5/changepw.c (krb5_change_password): remember to close
660 * kdc/main.c (main): also call sigterm on SIGTERM
662 2000-05-06 Assar Westerlund <assar@sics.se>
664 * lib/krb5/config_file.c (krb5_config_vget_string_default,
665 krb5_config_get_string_default): add
667 2000-04-25 Assar Westerlund <assar@sics.se>
669 * lib/krb5/fcache.c (fcc_initialize): just forget about
670 over-writing the old cred cache. it's too much of a hazzle trying
673 2000-04-11 Assar Westerlund <assar@sics.se>
675 * lib/krb5/crypto.c (krb5_get_wrapped_length): rewrite into
676 different parts for the derived and non-derived cases
677 * lib/krb5/crypto.c (krb5_get_wrapped_length): the padding should
678 be done after having added confounder and checksum
680 2000-04-09 Assar Westerlund <assar@sics.se>
682 * lib/krb5/get_addrs.c (find_all_addresses): apperently solaris
683 can return EINVAL when the buffer is too small. cope.
684 * lib/asn1/Makefile.am (gen_files): add asn1_UNSIGNED.x
685 * lib/asn1/gen_locl.h (filename): add prototype
686 (init_generate): const-ize
687 * lib/asn1/gen.c (filename): new function clean-up a little bit.
688 * lib/asn1/parse.y: be more tolerant in ranges
689 * lib/asn1/lex.l: count lines correctly.
690 (error_message): print filename in messages
692 2000-04-08 Assar Westerlund <assar@sics.se>
694 * lib/krb5/rd_safe.c (krb5_rd_safe): increment sequence number
696 * lib/krb5/rd_priv.c (krb5_rd_priv): increment sequence number
698 * lib/krb5/mk_safe.c (krb5_mk_safe): make `tmp_seq' unsigned
699 * lib/krb5/mk_priv.c (krb5_mk_priv): make `tmp_seq' unsigned
700 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): make
702 * lib/krb5/mk_safe.c (krb5_mk_safe): increment local sequence
703 number after the fact and only increment it if we were successful
704 * lib/krb5/mk_priv.c (krb5_mk_priv): increment local sequence
705 number after the fact and only increment it if we were successful
706 * lib/krb5/krb5.h (krb5_auth_context_data): make sequence number
709 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
710 `in_tkt_service' can be NULL
712 2000-04-06 Assar Westerlund <assar@sics.se>
714 * lib/asn1/parse.y: regonize INTEGER (0..UNIT_MAX).
716 * lib/asn1/lex.l (DOTDOT): add
717 * lib/asn1/k5.asn1 (UNSIGNED): add. use UNSIGNED for all sequence
719 * lib/asn1/gen_length.c (length_type): add TUInteger
720 * lib/asn1/gen_free.c (free_type): add TUInteger
721 * lib/asn1/gen_encode.c (encode_type, generate_type_encode): add
723 * lib/asn1/gen_decode.c (decode_type, generate_type_decode): add
725 * lib/asn1/gen_copy.c (copy_type): add TUInteger
726 * lib/asn1/gen.c (define_asn1): add TUInteger
727 * lib/asn1/der_put.c (encode_unsigned): add
728 * lib/asn1/der_length.c (length_unsigned): add
729 * lib/asn1/der_get.c (decode_unsigned): add
730 * lib/asn1/der.h (decode_unsigned, encode_unsigned,
731 length_unsigned): add prototypes
733 * lib/asn1/k5.asn1: update pre-authentication types
734 * lib/krb5/krb5_err.et: add some error codes from pkinit
736 2000-04-05 Assar Westerlund <assar@sics.se>
738 * lib/hdb/hdb.c: add support for hdb methods (aka back-ends).
740 * lib/hdb/hdb-ldap.c: tweak the ifdef to OPENLDAP
741 * lib/hdb/Makefile.am: add hdb-ldap.c and openldap
742 * kdc/Makefile.am, kpasswd/Makefile.am, kadmin/Makefile.am: add
743 * configure.in: bump version to 0.2s-pre add options and testing
746 2000-04-04 Assar Westerlund <assar@sics.se>
748 * configure.in (krb4): fix the krb_mk_req test
750 2000-04-03 Assar Westerlund <assar@sics.se>
752 * configure.in (krb4): add test for const arguments to krb_mk_req
753 * lib/45/mk_req.c (krb_mk_req): conditionalize const-ness of
756 2000-04-03 Assar Westerlund <assar@sics.se>
760 2000-04-03 Assar Westerlund <assar@sics.se>
762 * lib/krb5/Makefile.am: set version to 10:0:0
763 * lib/45/mk_req.c (krb_mk_req): const-ize the arguments
765 2000-03-30 Assar Westerlund <assar@sics.se>
767 * lib/krb5/principal.c (krb5_425_conv_principal_ext): add some
768 comments. add fall-back on adding the realm name in lower case.
770 2000-03-29 Assar Westerlund <assar@sics.se>
772 * kdc/connect.c: remember to repoint all descr->sa to _ss after
773 realloc as this might have moved the memory around. problem
774 discovered and diagnosed by Brandon S. Allbery
776 2000-03-27 Assar Westerlund <assar@sics.se>
778 * configure.in: recognize solaris 2.8
779 * config.guess, config.sub: update to current version from
780 :pserver:anoncvs@subversions.gnu.org:/home/cvs
782 * lib/krb5/init_creds_pw.c (print_expire): do not assume anything
783 about the size of time_t, i.e. make it 64-bit happy
785 2000-03-13 Assar Westerlund <assar@sics.se>
787 * kuser/klist.c: add support for display v4 tickets
789 2000-03-11 Assar Westerlund <assar@sics.se>
791 * kdc/kaserver.c (do_authenticate, do_getticket): call check_flags
792 * kdc/kerberos4.c (do_version4): call check_flags.
793 * kdc/kerberos5.c (check_flags): make global
795 2000-03-10 Assar Westerlund <assar@sics.se>
797 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): evil
798 hack to avoid recursion
800 2000-03-04 Assar Westerlund <assar@sics.se>
802 * kuser/kinit.c: add `krb4_get_tickets' per realm. add --anonymous
803 * lib/krb5/krb5.h (krb5_get_init_creds_opt): add `anonymous' and
804 KRB5_GET_INIT_CREDS_OPT_ANONYMOUS
805 * lib/krb5/init_creds_pw.c (get_init_creds_common): set
806 request_anonymous flag appropriatly
807 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_anonymous):
810 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): new parameter to
811 determine whetever to ignore client name of not. always copy
812 client name from kdc. fix callers.
814 * kdc: add support for anonymous tickets
816 * kdc/string2key.8: add man-page for string2key
818 2000-03-03 Assar Westerlund <assar@sics.se>
820 * kdc/hpropd.c (dump_krb4): get expiration date from `valid_end'
823 * kdc/kadb.h (ka_entry): fix name pw_end -> valid_end. add some
826 * kdc/hprop.c (v4_prop): set the `valid_end' from the v4
827 expiration date instead of the `pw_expire'
828 (ka_convert): set `valid_end' from ka expiration data and `pw_expire'
829 from pw_change + pw_expire
830 (main): add a default database for ka dumping
832 2000-02-28 Assar Westerlund <assar@sics.se>
834 * lib/krb5/context.c (init_context_from_config_file): change
835 rfc2052 default to no. 2782 says that underscore should be used.
837 2000-02-24 Assar Westerlund <assar@sics.se>
839 * lib/krb5/fcache.c (fcc_initialize, fcc_store_cred): verify that
840 stores and close succeed
841 * lib/krb5/store.c (krb5_store_creds): check to see that the
842 stores are succesful.
844 2000-02-23 Assar Westerlund <assar@sics.se>
848 2000-02-22 Assar Westerlund <assar@sics.se>
850 * lib/krb5/Makefile.am: set version to 9:2:0
852 * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): copy
855 * kdc/connect.c (add_new_tcp): use the correct entries in the
857 * kdc/connect.c: initialize `descr' uniformly and correctly
859 2000-02-20 Assar Westerlund <assar@sics.se>
863 2000-02-19 Assar Westerlund <assar@sics.se>
865 * lib/krb5/Makefile.am: set version to 9:1:0
867 * lib/krb5/expand_hostname.c (krb5_expand_hostname): make sure
868 that realms is filled in even when getaddrinfo fails or does not
869 return any canonical name
871 * kdc/connect.c (descr): add sockaddr and string representation
872 (*): re-write to use the above mentioned
874 2000-02-16 Assar Westerlund <assar@sics.se>
876 * lib/krb5/addr_families.c (krb5_parse_address): use
877 krb5_sockaddr2address to copy the result from getaddrinfo.
879 2000-02-14 Assar Westerlund <assar@sics.se>
883 2000-02-13 Assar Westerlund <assar@sics.se>
885 * lib/krb5/Makefile.am: set version to 9:0:0
887 * kdc/kaserver.c (do_authenticate): return the kvno of the server
888 and not the client. Thanks to Brandon S. Allbery KF8NH
889 <allbery@kf8nh.apk.net> and Chaskiel M Grundman
890 <cg2v@andrew.cmu.edu> for debugging.
892 * kdc/kerberos4.c (do_version4): if an tgs-req is received with an
893 old kvno, return an error reply and write a message in the log.
895 2000-02-12 Assar Westerlund <assar@sics.se>
897 * appl/test/gssapi_server.c (proto): with `--fork', create a child
898 and send over/receive creds with export/import_sec_context
899 * appl/test/gssapi_client.c (proto): with `--fork', create a child
900 and send over/receive creds with export/import_sec_context
901 * appl/test/common.c: add `--fork' / `-f' (only used by gssapi)
903 2000-02-11 Assar Westerlund <assar@sics.se>
905 * kdc/kdc_locl.h: remove keyfile add explicit_addresses
906 * kdc/connect.c (init_sockets): pay attention to
907 explicit_addresses some more comments. better error messages.
908 * kdc/config.c: add some comments.
912 * lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
915 2000-02-07 Johan Danielsson <joda@pdc.kth.se>
917 * lib/krb5/changepw.c: use roken_getaddrinfo_hostspec
919 2000-02-07 Assar Westerlund <assar@sics.se>
923 2000-02-07 Assar Westerlund <assar@sics.se>
925 * lib/krb5/Makefile.am: set version to 8:0:0
926 * lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy
927 (krb5_kt_add_entry): set timestamp
929 2000-02-06 Assar Westerlund <assar@sics.se>
931 * lib/krb5/krb5.h: add macros for accessing krb5_realm
932 * lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead
935 * lib/krb5/replay.c (checksum_authenticator): update to new API
938 * lib/krb5/krb5.h: remove des.h, it's not needed and applications
939 should not have to make sure to find it.
941 2000-02-03 Assar Westerlund <assar@sics.se>
943 * lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to
944 `out_key' to avoid conflicting with label. reported by Sean Doran
947 2000-02-02 Assar Westerlund <assar@sics.se>
949 * lib/krb5/expand_hostname.c: remember to lower-case host names.
950 bug reported by <amu@mit.edu>
952 * kdc/kerberos4.c (do_version4): look at check_ticket_addresses
953 and emulate that by setting krb_ignore_ip_address (not a great
954 interface but it doesn't seem like the time to go around fixing
957 2000-02-01 Johan Danielsson <joda@pdc.kth.se>
959 * kuser/kinit.c: change --noaddresses into --no-addresses
961 2000-01-28 Assar Westerlund <assar@sics.se>
963 * kpasswd/kpasswd.c (main): make sure the ticket is not
964 forwardable and not proxiable
966 2000-01-26 Assar Westerlund <assar@sics.se>
968 * lib/krb5/crypto.c: update to pseudo-standard APIs for
969 md4,md5,sha. some changes to libdes calls to make them more
972 2000-01-21 Assar Westerlund <assar@sics.se>
974 * lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to
975 clean up the correct creds.
977 2000-01-16 Assar Westerlund <assar@sics.se>
979 * lib/krb5/principal.c (append_component): change parameter to
980 `const char *'. check malloc
981 * lib/krb5/principal.c (append_component, va_ext_princ, va_princ):
983 * lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname'
985 * lib/krb5/principal.c (replace_chars): also add space here
986 * lib/krb5/principal.c: (quotable_chars): add space
988 2000-01-12 Assar Westerlund <assar@sics.se>
990 * kdc/kerberos4.c (do_version4): check if preauth was required and
991 bail-out if so since there's no way that could be done in v4.
992 Return NULL_KEY as an error to the client (which is non-obvious,
993 but what can you do?)
995 2000-01-09 Assar Westerlund <assar@sics.se>
997 * lib/krb5/principal.c (krb5_sname_to_principal): use
998 krb5_expand_hostname_realms
999 * lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms
1000 * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new
1001 variant of krb5_expand_hostname that tries until it expands into
1002 something that's digestable by krb5_get_host_realm, returning also
1003 the result from that function.
1005 2000-01-08 Assar Westerlund <assar@sics.se>
1009 2000-01-08 Assar Westerlund <assar@sics.se>
1011 * configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN
1013 * lib/krb5/Makefile.am: bump version to 7:1:0
1015 * lib/krb5/principal.c (krb5_sname_to_principal): use
1016 krb5_expand_hostname
1017 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
1018 ai_canonname being set in any of the addresses returnedby
1019 getaddrinfo. glibc apparently returns the reverse lookup of every
1020 address in ai_canonname.
1022 2000-01-06 Assar Westerlund <assar@sics.se>
1026 2000-01-06 Assar Westerlund <assar@sics.se>
1028 * lib/krb5/Makefile.am: set version to 7:0:0
1029 * lib/krb5/principal.c (krb5_sname_to_principal): remove `hp'
1031 * lib/hdb/Makefile.am: set version to 4:1:1
1033 * kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms'
1034 * lib/krb5/get_in_tkt.c (add_padata): change types to make
1036 (krb5_get_in_cred): remove const to make types match
1037 * lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature
1038 * lib/krb5/principal.c (krb5_sname_to_principal): handle not
1039 getting back a canonname
1041 2000-01-06 Assar Westerlund <assar@sics.se>
1045 2000-01-06 Assar Westerlund <assar@sics.se>
1047 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that
1048 we actually parse the port number. based on a patch from Leif
1049 Johansson <leifj@it.su.se>
1051 2000-01-02 Assar Westerlund <assar@sics.se>
1053 * admin/purge.c: remove all non-current and old entries from a
1056 * admin: break up ktutil.c into files
1058 * admin/ktutil.c (list): support --verbose (also listning time
1060 (kt_add, kt_get): set timestamp in newly created entries
1061 (kt_change): add `change' command
1063 * admin/srvconvert.c (srvconv): set timestamp in newly created
1065 * lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp,
1066 always go the a predicatble position on error
1067 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp
1068 * lib/krb5/keytab_file.c (fkt_add_entry): store timestamp
1069 (fkt_next_entry_int): return timestamp
1070 * lib/krb5/krb5.h (krb5_keytab_entry): add timestamp
1072 1999-12-30 Assar Westerlund <assar@sics.se>
1074 * configure.in (krb4): use `-ldes' in tests
1076 1999-12-26 Assar Westerlund <assar@sics.se>
1078 * lib/hdb/print.c (event2string): handle events without principal.
1079 From Luke Howard <lukeh@PADL.COM>
1081 1999-12-25 Assar Westerlund <assar@sics.se>
1085 Tue Dec 21 18:03:17 1999 Assar Westerlund <assar@sics.se>
1087 * lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
1090 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
1093 * include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and
1096 1999-12-20 Assar Westerlund <assar@sics.se>
1100 1999-12-20 Assar Westerlund <assar@sics.se>
1102 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1
1104 * lib/krb5/send_to_kdc.c (send_via_proxy): free data
1105 * lib/krb5/send_to_kdc.c (send_via_proxy): new function use
1106 getaddrinfo instead of gethostbyname{,2}
1107 * lib/krb5/get_for_creds.c: use getaddrinfo instead of
1110 1999-12-17 Assar Westerlund <assar@sics.se>
1114 1999-12-17 Assar Westerlund <assar@sics.se>
1118 1999-12-16 Assar Westerlund <assar@sics.se>
1120 * lib/krb5/Makefile.am: bump version to 6:2:1
1122 * lib/krb5/principal.c (krb5_sname_to_principal): handle
1123 ai_canonname not being set
1124 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
1125 ai_canonname not being set
1127 * appl/test/uu_server.c: print messages to stderr
1128 * appl/test/tcp_server.c: print messages to stderr
1129 * appl/test/nt_gss_server.c: print messages to stderr
1130 * appl/test/gssapi_server.c: print messages to stderr
1132 * appl/test/tcp_client.c (proto): remove shadowing `context'
1133 * appl/test/common.c (client_doit): add forgotten ntohs
1135 1999-12-13 Assar Westerlund <assar@sics.se>
1137 * configure.in (VERISON): bump to 0.2g-pre
1139 1999-12-12 Assar Westerlund <assar@sics.se>
1141 * lib/krb5/principal.c (krb5_425_conv_principal_ext): be more
1142 robust and handle extra dot at the beginning of default_domain
1144 1999-12-12 Assar Westerlund <assar@sics.se>
1148 1999-12-12 Assar Westerlund <assar@sics.se>
1150 * lib/krb5/Makefile.am: bump version to 6:1:1
1152 * lib/krb5/changepw.c (get_kdc_address): use
1153 `krb5_get_krb_changepw_hst'
1155 * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add
1157 * lib/krb5/get_host_realm.c: add support for _kerberos.domain
1158 (according to draft-ietf-cat-krb-dns-locate-01.txt)
1160 1999-12-06 Assar Westerlund <assar@sics.se>
1164 1999-12-06 Assar Westerlund <assar@sics.se>
1166 * lib/krb5/changepw.c (krb5_change_password): use the correct
1169 * lib/krb5/Makefile.am: bump version to 6:0:1
1171 * lib/asn1/Makefile.am: bump version to 1:4:0
1173 1999-12-04 Assar Westerlund <assar@sics.se>
1175 * configure.in: move AC_KRB_IPv6 to make sure it's performed
1177 (el_init): use new feature of AC_FIND_FUNC_NO_LIBS
1179 * appl/test/uu_client.c: use client_doit
1180 * appl/test/test_locl.h (client_doit): add prototype
1181 * appl/test/tcp_client.c: use client_doit
1182 * appl/test/nt_gss_client.c: use client_doit
1183 * appl/test/gssapi_client.c: use client_doit
1184 * appl/test/common.c (client_doit): move identical code here and
1185 start using getaddrinfo
1187 * appl/kf/kf.c (doit): rewrite to use getaddrinfo
1188 * kdc/hprop.c: re-write to use getaddrinfo
1189 * lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo
1190 * lib/krb5/expand_hostname.c (krb5_expand_hostname): use
1192 * lib/krb5/changepw.c: re-write to use getaddrinfo
1193 * lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo
1195 1999-12-03 Assar Westerlund <assar@sics.se>
1197 * configure.in (BROKEN): check for freeaddrinfo, getaddrinfo,
1198 getnameinfo, gai_strerror
1199 (socklen_t): check for
1201 1999-12-02 Johan Danielsson <joda@pdc.kth.se>
1203 * lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key
1205 1999-11-23 Assar Westerlund <assar@sics.se>
1207 * lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes
1208 within unicode characters. this should probably be done in some
1209 arbitrarly complex way to do it properly and you would have to
1210 know what character encoding was used for the password and salt
1213 * lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0
1215 (ipv6_uninteresting): remove unused macro
1217 1999-11-22 Johan Danielsson <joda@pdc.kth.se>
1219 * lib/krb5/krb5.h: rc4->arcfour
1221 * lib/krb5/crypto.c: rc4->arcfour
1223 1999-11-17 Assar Westerlund <assar@sics.se>
1225 * lib/krb5/krb5_locl.h: add <rc4.h>
1226 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4
1227 * lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might
1228 not be totally different from some small company up in the
1229 north-west corner of the US
1231 * lib/krb5/get_addrs.c (find_all_addresses): change code to
1232 actually increment buf_size
1234 1999-11-14 Assar Westerlund <assar@sics.se>
1236 * lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces'
1237 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces
1239 * lib/krb5/context.c (init_context_from_config_file): set
1242 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c
1243 * lib/krb5/add_et_list.c (krb5_add_et_list): new function
1245 1999-11-12 Assar Westerlund <assar@sics.se>
1247 * lib/krb5/get_default_realm.c (krb5_get_default_realm,
1248 krb5_get_default_realms): set realms if they were unset
1249 * lib/krb5/context.c (init_context_from_config_file): don't
1250 initialize default realms here. it's done lazily instead.
1252 * lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned
1253 * lib/asn1/gen_glue.c (generate_2int, generate_units): make sure
1254 bit constants are unsigned
1255 * lib/asn1/gen.c (define_type): make length in sequences be
1258 * configure.in: remove duplicate test for setsockopt test for
1261 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate
1262 preauthentication information if we get back ERR_PREAUTH_REQUIRED
1263 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove
1264 preauthentication generation code. it's now in krb5_get_in_cred
1266 * configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct
1267 tm.tm_gmtoff and timezone
1269 1999-11-11 Johan Danielsson <joda@pdc.kth.se>
1271 * kdc/main.c: make this work with multi-db
1273 * kdc/kdc_locl.h: make this work with multi-db
1275 * kdc/config.c: make this work with multi-db
1277 1999-11-09 Johan Danielsson <joda@pdc.kth.se>
1279 * kdc/misc.c: update for multi-database code
1281 * kdc/main.c: update for multi-database code
1283 * kdc/kdc_locl.h: update
1285 * kdc/config.c: allow us to have more than one database
1287 1999-11-04 Assar Westerlund <assar@sics.se>
1291 * lib/krb5/Makefile.am: bump version to 5:0:0 to be safe
1292 (krb5_context_data has changed and some code do (might) access
1295 * lib/krb5/krb5.h (krb5_context_data): add `etypes_des'
1297 * lib/krb5/get_cred.c (init_tgs_req): use
1298 krb5_keytype_to_enctypes_default
1300 * lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new
1303 * lib/krb5/context.c (set_etypes): new function
1304 (init_context_from_config_file): set both `etypes' and `etypes_des'
1306 1999-11-02 Assar Westerlund <assar@sics.se>
1308 * configure.in (VERSION): bump to 0.2d-pre
1310 1999-10-29 Assar Westerlund <assar@sics.se>
1312 * lib/krb5/principal.c (krb5_parse_name): check memory allocations
1314 1999-10-28 Assar Westerlund <assar@sics.se>
1318 * lib/krb5/dump_config.c (print_tree): check for empty tree
1320 * lib/krb5/string-to-key-test.c (tests): update the test cases
1321 with empty principals so that they actually use an empty realm and
1322 not the default. use the correct etype for 3DES
1324 * lib/krb5/Makefile.am: bump version to 4:1:0
1326 * kdc/config.c (configure): more careful with the port string
1328 1999-10-26 Assar Westerlund <assar@sics.se>
1332 1999-10-20 Assar Westerlund <assar@sics.se>
1334 * lib/krb5/Makefile.am: bump version to 4:0:0
1335 (krb524_convert_creds_kdc and potentially some other functions
1336 have changed prototypes)
1338 * lib/hdb/Makefile.am: bump version to 4:0:1
1340 * lib/asn1/Makefile.am: bump version to 1:3:0
1342 * configure.in (LIB_roken): add dbopen. getcap in roken
1343 references dbopen and with shared libraries we need to add this
1346 * lib/krb5/verify_krb5_conf.c (main): support speicifying the
1347 configuration file to test on the command line
1349 * lib/krb5/config_file.c (parse_binding): handle line with no
1351 (krb5_config_parse_file_debug): set lineno earlier so that we don't
1354 * configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need
1355 more include files for these tests
1357 * lib/krb5/set_default_realm.c (krb5_set_default_realm): use
1358 krb5_config_get_strings, which means that your configuration file
1362 default_realm = realm1 realm2 realm3
1364 * lib/krb5/set_default_realm.c (config_binding_to_list): fix
1365 copy-o. From Michal Vocu <michal@karlin.mff.cuni.cz>
1367 * kdc/config.c (configure): add a missing strdup. From Michal
1368 Vocu <michal@karlin.mff.cuni.cz>
1370 1999-10-17 Assar Westerlund <assar@sics.se>
1374 * configure.in: only test for db.h with using berkeley_db. remember
1375 to link with LIB_tgetent when checking for el_init. add xnlock
1377 * appl/Makefile.am: add xnlock
1379 * kdc/kerberos5.c (find_etype): support null keys
1381 * kdc/kerberos4.c (get_des_key): support null keys
1383 * lib/krb5/crypto.c (krb5_get_wrapped_length): more correct
1386 1999-10-16 Johan Danielsson <joda@pdc.kth.se>
1388 * kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc
1390 1999-10-12 Johan Danielsson <joda@pdc.kth.se>
1392 * lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning
1394 1999-10-10 Assar Westerlund <assar@sics.se>
1396 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm
1398 * lib/krb5/krb5.h (krb5_ccache_data): make `ops' const
1400 * lib/krb5/crypto.c (krb5_string_to_salttype): new function
1402 * **/*.[ch]: const-ize
1404 1999-10-06 Assar Westerlund <assar@sics.se>
1406 * lib/krb5/creds.c (krb5_compare_creds): const-ify
1408 * lib/krb5/cache.c: clean-up and comment-up
1410 * lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the
1413 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the
1416 * kdc/connect.c (handle_tcp): things work much better when ret is
1419 1999-10-03 Assar Westerlund <assar@sics.se>
1421 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the
1422 type of the session key
1424 * lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell
1427 * lib/krb5/creds.c (krb5_compare_creds): fix spelling of
1428 krb5_enctypes_compatible_keys
1430 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new
1431 credentials from the KDC if the existing one doesn't have a DES
1434 * lib/45/get_ad_tkt.c (get_ad_tkt): update to new
1435 krb524_convert_creds_kdc
1437 1999-10-03 Johan Danielsson <joda@pdc.kth.se>
1439 * lib/krb5/keytab_keyfile.c: make krb5_akf_ops const
1441 * lib/krb5/keytab_memory.c: make krb5_mkt_ops const
1443 * lib/krb5/keytab_file.c: make krb5_fkt_ops const
1445 1999-10-01 Assar Westerlund <assar@sics.se>
1447 * lib/krb5/config_file.c: rewritten to allow error messages
1449 * lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf
1450 (libkrb5_la_SOURCES): add config_file_netinfo.c
1452 * lib/krb5/verify_krb5_conf.c: new program for verifying that
1455 * lib/krb5/config_file_netinfo.c: moved netinfo code here from
1458 1999-09-28 Assar Westerlund <assar@sics.se>
1460 * kdc/hpropd.c (dump_krb4): kludge default_realm
1462 * lib/asn1/check-der.c: add test cases for Generalized time and
1463 make sure we return the correct value
1465 * lib/asn1/der_put.c: simplify by using der_put_length_and_tag
1467 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of
1468 krb5_verify_user that tries in all the local realms
1470 * lib/krb5/set_default_realm.c: add support for having several
1473 * lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms'
1475 * lib/krb5/get_default_realm.c (krb5_get_default_realms): add
1477 * lib/krb5/krb5.h (krb5_context_data): change `default_realm' to
1480 * lib/krb5/context.c: change from `default_realm' to
1483 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
1484 krb5_get_default_realms
1486 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c
1488 * lib/krb5/copy_host_realm.c: new file
1490 1999-09-27 Johan Danielsson <joda@pdc.kth.se>
1492 * lib/asn1/der_put.c (encode_generalized_time): encode length
1494 * lib/krb5/recvauth.c: new function `krb5_recvauth_match_version'
1495 that allows more intelligent matching of the application version
1497 1999-09-26 Assar Westerlund <assar@sics.se>
1499 * lib/asn1/asn1_print.c: add err.h
1501 * kdc/config.c (configure): use parse_bytes
1503 * appl/test/nt_gss_common.c: use the correct header file
1505 1999-09-24 Johan Danielsson <joda@pdc.kth.se>
1507 * kuser/klist.c: add a `--cache' flag
1509 * kuser/kinit.c (main): only get default value for `get_v4_tgt' if
1510 it's explicitly set in krb5.conf
1512 1999-09-23 Assar Westerlund <assar@sics.se>
1514 * lib/asn1/asn1_print.c (tag_names); add another univeral tag
1516 * lib/asn1/der.h: update universal tags
1518 1999-09-22 Assar Westerlund <assar@sics.se>
1520 * lib/asn1/asn1_print.c (loop): print length of octet string
1522 1999-09-21 Johan Danielsson <joda@pdc.kth.se>
1524 * admin/ktutil.c (kt_get): add `--help'
1526 1999-09-21 Assar Westerlund <assar@sics.se>
1528 * kuser/Makefile.am: add kdecode_ticket
1530 * kuser/kdecode_ticket.c: new debug program
1532 * appl/test/nt_gss_server.c: new program to test against `Sample *
1533 SSPI Code' in Windows 2000 RC1 SDK.
1535 * appl/test/Makefile.am: add nt_gss_client and nt_gss_server
1537 * lib/asn1/der_get.c (decode_general_string): remember to advance
1538 ret over the length-len
1540 * lib/asn1/Makefile.am: add asn1_print
1542 * lib/asn1/asn1_print.c: new program for printing DER-structures
1544 * lib/asn1/der_put.c: make functions more consistent
1546 * lib/asn1/der_get.c: make functions more consistent
1548 1999-09-20 Johan Danielsson <joda@pdc.kth.se>
1550 * kdc/kerberos5.c: be more informative in pa-data error messages
1552 1999-09-16 Assar Westerlund <assar@sics.se>
1554 * configure.in: test for strlcpy, strlcat
1556 1999-09-14 Assar Westerlund <assar@sics.se>
1558 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return
1559 KRB5_LIBOS_PWDINTR when interrupted
1561 * lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return
1562 value from des_read_pw_string
1564 * kuser/kinit.c (main): don't print any error if reading the
1565 password was interrupted
1567 * kpasswd/kpasswd.c (main): don't print any error if reading the
1568 password was interrupted
1570 * kdc/string2key.c (main): check the return value from fgets
1572 * kdc/kstash.c (main): check return value from des_read_pw_string
1574 * admin/ktutil.c (kt_add): check the return-value from fgets and
1575 overwrite the password for paranoid reasons
1577 * lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the
1578 newline if it's there
1580 1999-09-13 Assar Westerlund <assar@sics.se>
1582 * kdc/hpropd.c (main): remove bogus error with `--print'. remove
1583 sysloging of number of principals transferred
1585 * kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL
1587 (main): get rid of bogus opening of hdb database when propagating
1590 1999-09-12 Assar Westerlund <assar@sics.se>
1592 * lib/krb5/krb5_locl.h (O_BINARY): add fallback definition
1594 * lib/krb5/krb5.h (krb5_context_data): add keytab types
1596 * configure.in: revert back awk test, not worked around in
1599 * lib/krb5/keytab_krb4.c: remove O_BINARY
1601 * lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's. From
1604 * lib/krb5/keytab_file.c: remove O_BINARY
1606 * lib/krb5/keytab.c: move the list of keytab types to the context
1608 * lib/krb5/fcache.c: remove O_BINARY
1610 * lib/krb5/context.c (init_context_from_config_file): register all
1611 standard cache and keytab types
1612 (krb5_free_context): free `kt_types'
1614 * lib/krb5/cache.c (krb5_cc_resolve): move the registration of the
1615 standard types of credential caches to context
1617 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c
1619 1999-09-10 Assar Westerlund <assar@sics.se>
1621 * lib/krb5/keytab.c: add comments and clean-up
1623 * admin/ktutil.c: add `ktutil copy'
1625 * lib/krb5/keytab_krb4.c: new file
1627 * lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field
1629 * lib/krb5/Makefile.am: add keytab_krb4.c
1631 * lib/krb5/keytab.c: add krb4 and correct some if's
1633 * admin/srvconvert.c (srvconv): move common code
1635 * lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables
1637 * lib/krb5/keytab.c: move out file and memory functions
1639 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c,
1642 * lib/krb5/keytab_memory.c: new file
1644 * lib/krb5/keytab_file.c: new file
1646 * kpasswd/kpasswdd.c: move out password quality functions
1648 1999-09-07 Assar Westerlund <assar@sics.se>
1650 * lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c. From
1653 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check
1654 return value from `krb5_sendto_kdc'
1656 1999-09-06 Assar Westerlund <assar@sics.se>
1658 * lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and
1659 remove the sending of data. add a parameter `limit'. let callers
1660 send the date themselves (and preferably with net_write on tcp
1662 (send_and_recv_tcp): read first the length field and then only that
1665 1999-09-05 Assar Westerlund <assar@sics.se>
1667 * kdc/connect.c (handle_tcp): try to print warning `TCP data of
1668 strange type' less often
1670 * lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly.
1671 return on EOF. always free data. check return value from
1673 (send_and_recv_tcp, send_and_recv_http): check advertised length
1674 against actual length
1676 1999-09-01 Johan Danielsson <joda@pdc.kth.se>
1678 * configure.in: check for sgi capabilities
1680 1999-08-27 Johan Danielsson <joda@pdc.kth.se>
1682 * lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return
1685 * kpasswd/kpasswdd.c: use HDB keytabs; change some error messages;
1688 * lib/krb5/address.c (krb5_append_addresses): remove duplicates
1690 1999-08-26 Johan Danielsson <joda@pdc.kth.se>
1692 * lib/hdb/keytab.c: HDB keytab backend
1694 1999-08-25 Johan Danielsson <joda@pdc.kth.se>
1697 (krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
1700 1999-08-24 Johan Danielsson <joda@pdc.kth.se>
1702 * kpasswd/kpasswdd.c: add `--keytab' flag
1704 1999-08-23 Assar Westerlund <assar@sics.se>
1706 * lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr'
1707 instead of the non-standard `s6_addr32'. From Yoshinobu Inoue
1708 <shin@kame.net> by way of the KAME repository
1710 1999-08-18 Assar Westerlund <assar@sics.se>
1712 * configure.in (--enable-new-des3-code): remove check for `struct
1715 * lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable
1716 des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards
1719 * lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key
1720 derivation) just got assigned etype 16 by <bcn@isi.edu>. keep the
1723 1999-08-16 Assar Westerlund <assar@sics.se>
1725 * lib/krb5/sendauth.c (krb5_sendauth): only look at errno if
1726 krb5_net_read actually returns -1
1728 * lib/krb5/recvauth.c (krb5_recvauth): only look at errno if
1729 krb5_net_read actually returns -1
1731 * appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't
1734 * appl/test/tcp_server.c (proto): only trust errno if
1735 krb5_net_read actually returns -1
1737 * appl/kf/kfd.c (proto): be more careful with the return value
1740 1999-08-13 Assar Westerlund <assar@sics.se>
1742 * lib/krb5/get_addrs.c (get_addrs_int): try the different ways
1743 sequentially instead of just one. this helps if your heimdal was
1744 built with v6-support but your kernel doesn't have it, for
1747 1999-08-12 Assar Westerlund <assar@sics.se>
1749 * kdc/hpropd.c: add inetd flag. default means try to figure out
1750 if stdin is a socket or not.
1752 * Makefile.am (ACLOCAL): just use `cf', this variable is only used
1753 when the current directory is $(top_srcdir) anyways and having
1754 $(top_srcdir) there breaks if it's a relative path
1756 1999-08-09 Johan Danielsson <joda@pdc.kth.se>
1758 * configure.in: check for setproctitle
1760 1999-08-05 Assar Westerlund <assar@sics.se>
1762 * lib/krb5/principal.c (krb5_sname_to_principal): remember to call
1765 * appl/test/tcp_client.c: call freehostent
1767 * appl/kf/kf.c (doit): call freehostent
1769 * appl/kf/kf.c: make v6 friendly and simplify
1771 * appl/kf/kfd.c: make v6 friendly and simplify
1773 * appl/test/tcp_server.c: simplify by using krb5_err instead of
1776 * appl/test/tcp_client.c: simplify by using krb5_err instead of
1779 * appl/test/tcp_server.c: make v6 friendly and simplify
1781 * appl/test/tcp_client.c: make v6 friendly and simplify
1783 1999-08-04 Assar Westerlund <assar@sics.se>
1787 1999-08-04 Assar Westerlund <assar@sics.se>
1789 * kuser/kinit.c (main): some more KRB4-conditionalizing
1791 * lib/krb5/get_in_tkt.c: type correctness
1793 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in
1794 flags. From Miroslav Ruda <ruda@ics.muni.cz>
1796 * kuser/kinit.c (main): add config file support for forwardable
1797 and krb4 support. From Miroslav Ruda <ruda@ics.muni.cz>
1799 * kdc/kerberos5.c (as_rep): add an empty X500-compress string as
1801 (fix_transited_encoding): check length.
1802 From Miroslav Ruda <ruda@ics.muni.cz>
1804 * kdc/hpropd.c (dump_krb4): check the realm so that we don't dump
1805 principals in some other realm. From Miroslav Ruda
1807 (main): rename sa_len -> sin_len, sa_lan is a define on some
1810 * appl/kf/kfd.c: add regpag support. From Miroslav Ruda
1813 * appl/kf/kf.c: add `-G' and forwardable option in krb5.conf.
1814 From Miroslav Ruda <ruda@ics.muni.cz>
1816 * lib/krb5/config_file.c (parse_list): don't run past end of line
1818 * appl/test/gss_common.h: new prototypes
1820 * appl/test/gssapi_client.c: use gss_err instead of abort
1822 * appl/test/gss_common.c (gss_verr, gss_err): add
1824 1999-08-03 Assar Westerlund <assar@sics.se>
1826 * lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this
1827 otherwise it doesn't build with shared libraries
1829 * kdc/hpropd.c: v6-ify
1831 * kdc/hprop.c: v6-ify
1833 1999-08-01 Assar Westerlund <assar@sics.se>
1835 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname
1837 1999-07-31 Assar Westerlund <assar@sics.se>
1839 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new
1840 function that takes a FQDN
1842 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c
1844 * lib/krb5/expand_hostname.c: new file
1846 1999-07-28 Assar Westerlund <assar@sics.se>
1850 1999-07-28 Assar Westerlund <assar@sics.se>
1852 * lib/asn1/Makefile.am: bump version to 1:2:0
1854 * lib/krb5/Makefile.am: bump version to 3:1:0
1856 * configure.in: more inet_pton to roken
1858 * lib/krb5/principal.c (krb5_sname_to_principal): use
1861 1999-07-26 Assar Westerlund <assar@sics.se>
1865 1999-07-26 Johan Danielsson <joda@pdc.kth.se>
1867 * lib/krb5/Makefile.am: bump version number (changed function
1870 * lib/hdb/Makefile.am: bump version number (changes to some
1871 function signatures)
1873 1999-07-26 Assar Westerlund <assar@sics.se>
1875 * lib/krb5/Makefile.am: bump version to 3:0:2
1877 * lib/hdb/Makefile.am: bump version to 2:1:0
1879 * lib/asn1/Makefile.am: bump version to 1:1:0
1881 1999-07-26 Assar Westerlund <assar@sics.se>
1885 1999-07-26 Assar Westerlund <assar@sics.se>
1887 * configure.in: rokenize inet_ntop
1889 * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t
1891 * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t
1893 * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t
1895 * lib/krb5/store.c: lots of changes from size_t to ssize_t
1896 (krb5_ret_stringz): check return value from realloc
1898 * lib/krb5/mk_safe.c: some type correctness
1900 * lib/krb5/mk_priv.c: some type correctness
1902 * lib/krb5/krb5.h (krb5_storage): change return values of
1903 functions from size_t to ssize_t
1905 1999-07-24 Assar Westerlund <assar@sics.se>
1909 * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
1910 in lib/roken/roken.awk
1912 * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
1913 step over addresses if there's no `sa_lan' field
1915 * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
1916 using `struct sockaddr_storage'
1918 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
1919 `struct sockaddr_storage'
1921 * lib/krb5/changepw.c (krb5_change_password): simplify by using
1922 `struct sockaddr_storage'
1924 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
1925 simplify by using `struct sockaddr_storage'
1927 * kpasswd/kpasswdd.c (*): simplify by using `struct
1930 * kdc/connect.c (*): simplify by using `struct sockaddr_storage'
1932 * configure.in (sa_family_t): just test for existence
1933 (sockaddr_storage): also specify include file
1935 * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
1936 (sa_family_t): test for
1937 (struct sockaddr_storage): test for
1939 * kdc/hprop.c (propagate_database): typo, NULL should be
1942 * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
1945 * appl/kf/kf.c (main): use warnx
1947 * appl/kf/kf.c (proto): remove shadowing context
1949 * lib/krb5/get_addrs.c (find_all_addresses): try to handle the
1950 case of getting back an `sockaddr_in6' address when sizeof(struct
1951 sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
1952 tell us how large the address is. This obviously doesn't work
1953 with unknown protocol types.
1955 1999-07-24 Assar Westerlund <assar@sics.se>
1959 1999-07-23 Assar Westerlund <assar@sics.se>
1961 * appl/kf/kfd.c: clean-up and more paranoia
1963 * etc/services.append: add kf
1965 * appl/kf/kf.c: rename tk_file to ccache for consistency. clean-up
1967 1999-07-22 Assar Westerlund <assar@sics.se>
1969 * lib/krb5/n-fold-test.c (main): print the correct data
1971 * appl/Makefile.am (SUBDIRS): add kf
1973 * appl/kf: new program. From Miroslav Ruda <ruda@ics.muni.cz>
1975 * kdc/hprop.c: declare some variables unconditionally to simplify
1978 * kpasswd/kpasswdd.c: initialize kadm5 connection for every change
1979 (otherwise the modifier in the database doesn't get set)
1981 * kdc/hpropd.c: clean-up and re-organize
1983 * kdc/hprop.c: clean-up and re-organize
1985 * configure.in (SunOS): define to xy for SunOS x.y
1987 1999-07-19 Assar Westerlund <assar@sics.se>
1989 * configure.in (AC_BROKEN): test for copyhostent, freehostent,
1990 getipnodebyaddr, getipnodebyname
1992 1999-07-15 Assar Westerlund <assar@sics.se>
1994 * lib/asn1/check-der.c: more test cases for integers
1996 * lib/asn1/der_length.c (length_int): handle the case of the
1997 largest negative integer by not calling abs
1999 1999-07-14 Assar Westerlund <assar@sics.se>
2001 * lib/asn1/check-der.c (generic_test): check malloc return value
2004 * lib/krb5/Makefile.am: add string_to_key_test
2006 * lib/krb5/prog_setup.c (krb5_program_setup): always initialize
2009 * lib/krb5/n-fold-test.c (main): return a relevant return value
2011 * lib/krb5/krbhst.c: do SRV lookups for admin server as well.
2014 1999-07-12 Assar Westerlund <assar@sics.se>
2016 * configure.in: handle not building X programs
2018 1999-07-06 Assar Westerlund <assar@sics.se>
2020 * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
2022 (ipv6_sockaddr2port): fix typo
2024 * etc/services.append: beginning of a file with services
2026 * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
2027 there's no prefix. also clean-up a little bit.
2029 * kdc/hprop.c (--kaspecials): new flag for handling special KA
2030 server entries. From "Brandon S. Allbery KF8NH"
2031 <allbery@kf8nh.apk.net>
2033 1999-07-05 Assar Westerlund <assar@sics.se>
2035 * kdc/connect.c (handle_tcp): make sure we have data before
2036 starting to look for HTTP
2038 * kdc/connect.c (handle_tcp): always do getpeername, we can't
2039 trust recvfrom to return anything sensible
2041 1999-07-04 Assar Westerlund <assar@sics.se>
2043 * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
2046 * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry
2048 * admin/srvconvert.c (srvconv): better error messages
2050 1999-07-03 Assar Westerlund <assar@sics.se>
2052 * lib/krb5/principal.c (unparse_name): error check malloc properly
2054 * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
2057 * lib/krb5/crypto.c (*): do some malloc return-value checks
2060 * lib/hdb/hdb.c (hdb_process_master_key): simplify by using
2063 * lib/hdb/hdb.c (hdb_process_master_key): check return value from
2066 * lib/asn1/gen_decode.c (decode_type): fix generation of decoding
2067 information for TSequenceOf.
2069 * kdc/kerberos5.c (get_pa_etype_info): check return value from
2072 1999-07-02 Assar Westerlund <assar@sics.se>
2074 * lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
2075 0 and malloc returns NULL
2077 1999-06-29 Assar Westerlund <assar@sics.se>
2079 * lib/krb5/addr_families.c (ipv6_parse_addr): implement
2081 1999-06-24 Assar Westerlund <assar@sics.se>
2083 * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
2086 * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
2088 (krb5_auth_context): add local and remote port
2090 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
2091 local and remote address and add them to the krb-cred packet
2093 * lib/krb5/auth_context.c: save the local and remove ports in the
2096 * lib/krb5/address.c (krb5_make_addrport): create an address of
2097 type KRB5_ADDRESS_ADDRPORT from (addr, port)
2099 * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
2100 grabbing the port number out of the sockaddr
2102 1999-06-23 Assar Westerlund <assar@sics.se>
2104 * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
2105 increase possible verbosity.
2107 * lib/krb5/config_file.c (parse_list): handle blank lines at
2110 * kdc/connect.c (add_port_string): don't return a value
2112 * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
2113 cache if the principals are different. close and NULL the old one
2114 so that we create a new one.
2116 * configure.in: move around cgywin et al
2117 (LIB_kdb): set at the end of krb4-block
2118 (krb4): test for krb_enable_debug and krb_disable_debug
2120 1999-06-16 Assar Westerlund <assar@sics.se>
2122 * kuser/kdestroy.c (main): try to destroy v4 ticket even if the
2123 destruction of the v5 one fails
2125 * lib/krb5/crypto.c (DES3_postproc): new version that does the
2127 (*): don't put and recover length in 3DES encoding
2130 1999-06-15 Assar Westerlund <assar@sics.se>
2132 * lib/krb5/get_default_principal.c: rewrite to use
2133 get_default_username
2135 * lib/krb5/Makefile.am: add n-fold-test
2137 * kdc/connect.c: add fallbacks for all lookups by service name
2138 (handle_tcp): break-up and clean-up
2140 1999-06-09 Assar Westerlund <assar@sics.se>
2142 * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
2143 the loopback address as uninteresting
2145 * lib/krb5/get_addrs.c: new magic flag to get loopback address if
2146 there are no other addresses.
2147 (krb5_get_all_client_addrs): use that flag
2149 1999-06-04 Assar Westerlund <assar@sics.se>
2151 * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
2153 (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
2154 (encrypt_internal_derived): don't include the length and don't
2155 decrease by the checksum size twice
2156 (_get_derived_key): the constant should be 5 bytes
2158 1999-06-02 Johan Danielsson <joda@pdc.kth.se>
2160 * configure.in: use KRB_CHECK_X
2162 * configure.in: check for netinet/ip.h
2164 1999-05-31 Assar Westerlund <assar@sics.se>
2166 * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
2169 1999-05-23 Assar Westerlund <assar@sics.se>
2171 * appl/test/uu_server.c: removed unused stuff
2173 * appl/test/uu_client.c: removed unused stuff
2175 1999-05-21 Assar Westerlund <assar@sics.se>
2177 * kuser/kgetcred.c (main): correct error message
2179 * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
2180 directly, avoiding redundant lookups and memory leaks
2182 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
2183 local and remote addresses
2185 * lib/krb5/get_default_principal.c (get_logname): also try
2188 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)
2190 * lib/krb5/principal.c (USE_RESOLVER): try to define only if we
2191 have a libresolv (currently by checking for res_search)
2193 1999-05-18 Johan Danielsson <joda@pdc.kth.se>
2195 * kdc/connect.c (handle_tcp): remove %-escapes in request
2197 1999-05-14 Assar Westerlund <assar@sics.se>
2201 * admin/ktutil.c (kt_remove): -t should be -e
2203 * configure.in (CHECK_NETINET_IP_AND_TCP): use
2205 * kdc/hpropd.c: support for dumping to krb4. From Miroslav Ruda
2208 * admin/ktutil.c (kt_add): new option `--no-salt'. From Miroslav
2209 Ruda <ruda@ics.muni.cz>
2211 * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
2212 and innetgr with roken versions
2214 * kuser/kgetcred.c: new program
2216 Tue May 11 14:09:33 1999 Johan Danielsson <joda@pdc.kth.se>
2218 * lib/krb5/mcache.c: fix paste-o
2220 1999-05-10 Johan Danielsson <joda@pdc.kth.se>
2222 * configure.in: don't use uname
2224 1999-05-10 Assar Westerlund <assar@sics.se>
2226 * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
2229 * appl/test/uu_server.c (setsockopt): cast to get rid of a warning
2231 * appl/test/tcp_server.c (setsockopt): cast to get rid of a
2234 * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
2237 * appl/test/gssapi_server.c (setsockopt): cast to get rid of a
2240 * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
2241 setting the default ccache.
2243 * configure.in (getsockopt, setsockopt): test for
2244 (AM_INIT_AUTOMAKE): bump version to 0.1g
2246 * appl/Makefile.am (SUBDIRS): add kx
2248 * lib/hdb/convert_db.c (main): handle the case of no master key
2250 1999-05-09 Assar Westerlund <assar@sics.se>
2254 * kuser/kinit.c: add --noaddresses
2256 * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
2257 empty sit of list as to not ask for any addresses.
2259 1999-05-08 Assar Westerlund <assar@sics.se>
2261 * acconfig.h (_GNU_SOURCE): define this to enable (used)
2262 extensions on glibc-based systems such as linux
2264 1999-05-03 Assar Westerlund <assar@sics.se>
2266 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
2267 `*out_creds' properly
2269 * lib/krb5/creds.c (krb5_compare_creds): just verify that the
2270 keytypes/enctypes are compatible, not that they are the same
2272 * kuser/kdestroy.c (cache): const-correctness
2274 1999-05-03 Johan Danielsson <joda@pdc.kth.se>
2276 * lib/hdb/hdb.c (hdb_set_master_key): initialise master key
2279 * lib/hdb/convert_db.c: add support for upgrading database
2282 * kdc/misc.c: add flags to fetch
2284 * kdc/kstash.c: unlink keyfile on failure, chmod to 400
2286 * kdc/hpropd.c: add --print option
2288 * kdc/hprop.c: pass flags to hdb_foreach
2290 * lib/hdb/convert_db.c: add some flags
2292 * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
2293 build prototype headers
2295 * lib/hdb/hdb_locl.h: update prototypes
2297 * lib/hdb/print.c: move printable version of entry from kadmin
2299 * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
2300 sealed or not; add flags to hdb_foreach
2302 * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
2305 * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey
2307 * lib/hdb/common.c: add flags to _hdb_{fetch,store}
2309 * lib/hdb/hdb.h: add master_key_version to struct hdb, update
2312 * lib/hdb/hdb.asn1: make mkvno optional, update version to 2
2314 * configure.in: --enable-netinfo
2316 * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO
2318 * config.sub: fix for crays
2320 * config.guess: new version from automake 1.4
2322 * config.sub: new version from automake 1.4
2324 Wed Apr 28 00:21:17 1999 Assar Westerlund <assar@sics.se>
2328 * lib/krb5/mcache.c (mcc_get_next): get the current cursor
2331 * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
2332 From Ake Sandgren <ake@cs.umu.se>
2334 1999-04-27 Johan Danielsson <joda@pdc.kth.se>
2336 * kdc/kerberos5.c: fix arguments to decrypt_ticket
2338 1999-04-25 Assar Westerlund <assar@sics.se>
2340 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
2341 DCE secd's that are not able to handle MD5 checksums by defaulting
2342 to MD4 if the keytype was DES-CBC-CRC
2344 * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype
2346 * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
2349 * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
2351 (init_tgs_req): add all supported enctypes for the keytype in
2352 `in_creds->session.keytype' if it's set
2354 * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
2356 (do_checksum): new function
2357 (verify_checksum): take the checksum to use from the checksum message
2358 and not from the crypto struct
2359 (etypes): add F_PSEUDO flags
2360 (krb5_keytype_to_enctypes): new function
2362 * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
2364 (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
2365 (krb5_auth_setkeytype, krb5_auth_getkeytype): implement
2366 (krb5_auth_setenctype): comment out, it's rather bogus anyway
2368 Sun Apr 25 16:55:50 1999 Johan Danielsson <joda@pdc.kth.se>
2370 * lib/krb5/krb5_locl.h: fix for stupid aix warnings
2372 * lib/krb5/fcache.c (erase_file): don't malloc
2374 Sat Apr 24 18:35:21 1999 Johan Danielsson <joda@pdc.kth.se>
2376 * kdc/config.c: pass context to krb5_config_file_free
2378 * kuser/kinit.c: add `--fcache-version' to set cache version to
2381 * kuser/klist.c: print cache version if verbose
2383 * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort
2385 * lib/krb5/principal.c: abort -> krb5_abortx
2387 * lib/krb5/mk_rep.c: abort -> krb5_abortx
2389 * lib/krb5/config_file.c: abort -> krb5_abortx
2391 * lib/krb5/context.c (init_context_from_config_file): init
2392 fcache_version; add krb5_{get,set}_fcache_version
2394 * lib/krb5/keytab.c: add support for reading (and writing?) old
2397 * lib/krb5/cache.c: add krb5_cc_get_version
2399 * lib/krb5/fcache.c: add support for reading and writing old
2402 * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags
2404 * lib/krb5/store_emem.c (krb5_storage_emem): zero flags
2406 * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags
2408 * lib/krb5/store.c: add flags to change how various fields are
2409 stored, used for old cache version support
2411 * lib/krb5/krb5.h: add support for reading and writing old version
2412 cache files, and keytabs
2414 Wed Apr 21 00:09:26 1999 Assar Westerlund <assar@sics.se>
2416 * configure.in: fix test for readline.h remember to link with
2417 $LIB_tgetent when trying linking with readline
2419 * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
2420 is given, request a postdated ticket.
2422 * lib/krb5/data.c (krb5_data_free): free data as long as it's not
2425 Tue Apr 20 20:18:14 1999 Assar Westerlund <assar@sics.se>
2427 * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen
2429 * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add
2431 * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
2432 KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
2435 Tue Apr 20 12:42:08 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2437 * kpasswd/kpasswdd.c: don't try to load library by default; get
2438 library and function name from krb5.conf
2440 * kpasswd/sample_passwd_check.c: sample password checking
2443 Mon Apr 19 22:22:19 1999 Assar Westerlund <assar@sics.se>
2445 * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
2446 krb5_data_alloc and be careful with checking allocation and sizes.
2448 * kuser/klist.c (--tokens): conditionalize on KRB4
2450 * kuser/kinit.c (renew_validate): set all flags
2451 (main): fix cut-n-paste error when setting start-time
2453 * kdc/kerberos5.c (check_tgs_flags): starttime of a validate
2454 ticket should be > than current time
2455 (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket
2457 * kuser/kinit.c (renew_validate): use the client realm instead of
2458 the local realm when renewing tickets.
2460 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
2461 (krb5_get_forwarded_creds): correct freeing of out_creds
2463 * kuser/kinit.c (renew_validate): hopefully fix up freeing of
2466 * configure.in: do all the krb4 tests with "$krb4" != "no"
2468 * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
2469 keyvalue if it's NULL. noticed by Ake Sandgren <ake@cs.umu.se>
2471 * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
2472 instead of just taking the first one. fix all callers. From
2473 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
2475 * kdc/kdc_locl.h (enable_kaserver): declaration
2477 * kdc/hprop.c (ka_convert): print the failing principal. AFS 3.4a
2478 creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around. From
2479 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
2481 * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning
2483 * kdc/connect.c (add_standard_ports, process_request): look at
2484 enable_kaserver. From "Brandon S. Allbery KF8NH"
2485 <allbery@kf8nh.apk.net>
2487 * kdc/config.c: new flag --kaserver and config file option
2488 enable-kaserver. From "Brandon S. Allbery KF8NH"
2489 <allbery@kf8nh.apk.net>
2491 Mon Apr 19 12:32:04 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2493 * configure.in: check for dlopen, and dlfcn.h
2495 * kpasswd/kpasswdd.c: add support for dlopen:ing password quality
2498 * configure.in: add appl/su
2500 Sun Apr 18 15:46:53 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2502 * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
2505 Fri Apr 16 17:58:51 1999 Assar Westerlund <assar@sics.se>
2507 * configure.in: LIB_kdb: -L should be before -lkdb
2508 test for prototype of strsep
2510 Thu Apr 15 11:34:38 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2512 * lib/krb5/Makefile.am: update version
2514 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
2517 * lib/krb5/fcache.c: add some support for reading and writing old
2519 (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
2522 * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
2523 initialize host_byteorder
2525 * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
2528 * lib/krb5/store_emem.c (krb5_storage_emem): initialize
2531 * lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
2532 (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
2533 check host_byteorder flag; (krb5_store_creds): add;
2534 (krb5_ret_creds): add
2536 * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
2539 * lib/krb5/heim_err.et: add `host not found' error
2541 * kdc/connect.c: don't use data after clearing decriptor
2543 * lib/krb5/auth_context.c: abort -> krb5_abortx
2545 * lib/krb5/warn.c: add __attribute__; add *abort functions
2547 * configure.in: check for __attribute__
2549 * kdc/connect.c: log bogus requests
2551 Tue Apr 13 18:38:05 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2553 * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
2556 1999-04-12 Assar Westerlund <assar@sics.se>
2558 * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit
2560 * lib/krb5/get_cred.c (init_tgs_req): some more error checking
2562 * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
2565 Sun Apr 11 03:47:23 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2567 * lib/krb5/krb5.conf.5: update to reality
2569 * lib/krb5/krb5_425_conv_principal.3: update to reality
2571 1999-04-11 Assar Westerlund <assar@sics.se>
2573 * lib/krb5/get_host_realm.c: handle more than one realm for a host
2575 * kpasswd/kpasswd.c (main): use krb5_program_setup and
2578 * kdc/string2key.c (main): use krb5_program_setup and
2581 Sun Apr 11 02:35:58 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2583 * lib/krb5/principal.c (krb5_524_conv_principal): make it actually
2584 work, and check built-in list of host-type first-components
2586 * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm
2588 * lib/krb5/context.c: add srv_* flags to context
2590 * lib/krb5/principal.c: add default v4_name_convert entries
2592 * lib/krb5/krb5.h: add srv_* flags to context
2594 Sat Apr 10 22:52:28 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2596 * kadmin/kadmin.c: complain about un-recognised commands
2598 * admin/ktutil.c: complain about un-recognised commands
2600 Sat Apr 10 15:41:49 1999 Assar Westerlund <assar@sics.se>
2602 * kadmin/load.c (doit): fix error message
2604 * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
2606 (krb5_get_wrapped_length): new function
2608 * configure.in: security/pam_modules.h: check for
2610 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
2611 around `ret_as_reply' semantics by only freeing it when ret == 0
2613 Fri Apr 9 20:24:04 1999 Assar Westerlund <assar@sics.se>
2615 * kuser/klist.c (print_cred_verbose): handle the case of a bad
2618 * configure.in: test for more header files
2621 Thu Apr 8 15:01:59 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2623 * configure.in: fixes for building w/o krb4
2625 * ltmain.sh: update to libtool 1.2d
2627 * ltconfig: update to libtool 1.2d
2629 Wed Apr 7 23:37:26 1999 Assar Westerlund <assar@sics.se>
2631 * kdc/hpropd.c: fix some error messages to be more understandable.
2633 * kdc/hprop.c (ka_dump): remove unused variables
2635 * appl/test/tcp_server.c: remove unused variables
2637 * appl/test/gssapi_server.c: remove unused variables
2639 * appl/test/gssapi_client.c: remove unused variables
2641 Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2643 * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code
2645 * kuser/klist.c: make it compile w/o krb4
2647 * kuser/kdestroy.c: make it compile w/o krb4
2649 * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
2652 Mon Apr 5 16:13:46 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2654 * configure.in: test for MIPS ABI; new test_package
2656 Thu Apr 1 11:00:40 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2658 * include/Makefile.am: clean krb5-private.h
2662 * kpasswd/kpasswdd.c (doit): pass context to
2663 krb5_get_all_client_addrs
2665 * kdc/connect.c (init_sockets): pass context to
2666 krb5_get_all_server_addrs
2668 * lib/krb5/get_in_tkt.c (init_as_req): pass context to
2669 krb5_get_all_client_addrs
2671 * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
2672 krb5_get_all_client_addrs
2674 * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses
2676 * lib/krb5/krb5.h: add support for adding an extra set of
2679 * lib/krb5/context.c: add support for adding an extra set of
2682 * lib/krb5/addr_families.c: add krb5_parse_address
2684 * lib/krb5/address.c: krb5_append_addresses
2686 * lib/krb5/config_file.c (parse_binding): don't zap everything
2687 after first whitespace
2689 * kuser/kinit.c (renew_validate): don't allocate out
2691 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
2694 * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
2696 (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
2699 * lib/krb5/crypto.c (encrypt_internal): free checksum
2701 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
2704 * kuser/Makefile.am: remove kfoo
2706 * lib/Makefile.am: add auth
2708 * lib/kadm5/iprop.h: getarg.h
2710 * lib/kadm5/replay_log.c: use getarg
2712 * lib/kadm5/ipropd_slave.c: use getarg
2714 * lib/kadm5/ipropd_master.c: use getarg
2716 * lib/kadm5/dump_log.c: use getarg
2718 * kpasswd/kpasswdd.c: use getarg
2720 * Makefile.am.common: make a more working check-local target
2722 * lib/asn1/main.c: use getargs
2724 Mon Mar 29 20:19:57 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2726 * kuser/klist.c (print_cred_verbose): use krb5_print_address
2728 * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int
2730 * lib/krb5/addr_families.c (krb5_print_address): handle unknown
2731 address types; (ipv6_print_addr): print in 16-bit groups (as it
2734 * lib/krb5/crc.c: crc_{init_table,update} ->
2735 _krb5_crc_{init_table,update}
2737 * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
2738 crc_{init_table,update} -> _krb5_crc_{init_table,update}
2740 * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int
2742 * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int
2744 * lib/krb5/krb5_locl.h: include krb5-private.h
2746 * kdc/connect.c (addr_to_string): use krb5_print_address
2748 * lib/krb5/addr_families.c (krb5_print_address): int -> size_t
2750 * lib/krb5/addr_families.c: add support for printing ipv6
2751 addresses, either with inet_ntop, or ugly for-loop
2753 * kdc/524.c: check that the ticket came from a valid address; use
2754 the address of the connection as the address to put in the v4
2755 ticket (if this address is AF_INET)
2757 * kdc/connect.c: pass addr to do_524
2759 * kdc/kdc_locl.h: prototype for do_524
2761 Sat Mar 27 17:48:31 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2763 * configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
2764 setlim; check for auth modules; siad.h, getpwnam_r;
2765 lib/auth/Makefile, lib/auth/sia/Makefile
2767 * lib/krb5/crypto.c: n_fold -> _krb5_n_fold
2769 * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold
2771 Thu Mar 25 04:35:21 1999 Assar Westerlund <assar@sics.se>
2773 * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
2776 * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'
2778 * lib/hdb/ndbm.c (NDBM_destroy): clear master key
2780 * lib/hdb/db.c (DB_destroy): clear master key
2781 (DB_open): check malloc
2783 * kdc/connect.c (init_sockets): free addresses
2785 * kadmin/kadmin.c (main): make code more consistent. always free
2786 configuration information.
2788 * kadmin/init.c (create_random_entry): free the entry
2790 Wed Mar 24 04:02:03 1999 Assar Westerlund <assar@sics.se>
2792 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
2793 re-organize the code to always free `kdc_reply'
2795 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
2798 * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close
2800 * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'
2802 * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
2805 * configure.in (db_185.h): check for
2807 * admin/srvcreate.c: new file. contributed by Daniel Kouril
2808 <kouril@informatics.muni.cz>
2810 * admin/ktutil.c: srvcreate: new command
2812 * kuser/klist.c: add support for printing AFS tokens
2814 * kuser/kdestroy.c: add support for destroying v4 tickets and AFS
2815 tokens. based on code by Love <lha@stacken.kth.se>
2817 * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries
2819 * configure.in: sys/ioccom.h: test for
2821 * kuser/klist.c (main): don't print `no ticket file' with --test.
2822 From: Love <lha@e.kth.se>
2824 * kpasswd/kpasswdd.c (doit): more braces to make gcc happy
2826 * kdc/connect.c (init_socket): get rid of a stupid warning
2828 * include/bits.c (my_strupr): cast away some stupid warnings
2830 Tue Mar 23 14:34:44 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2832 * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
2835 Tue Mar 23 00:00:45 1999 Assar Westerlund <assar@sics.se>
2837 * lib/kadm5/Makefile.am (install_build_headers): recover from make
2838 rewriting the names of the headers kludge to help solaris make
2840 * lib/krb5/Makefile.am: kludge to help solaris make
2842 * lib/hdb/Makefile.am: kludge to help solaris make
2844 * configure.in (LIB_kdb): make sure there's a -L option in here by
2847 * lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
2850 * configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
2851 remove the `dnl' to work around an automake flaw
2853 Sun Mar 21 15:08:49 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2855 * lib/krb5/get_default_realm.c: char* -> krb5_realm
2857 Sun Mar 21 14:08:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2859 * include/bits.c: <bind/bitypes.h>
2861 * lib/krb5/Makefile.am: create krb5-private.h
2863 Sat Mar 20 00:08:59 1999 Assar Westerlund <assar@sics.se>
2865 * configure.in (gethostname): remove duplicate
2867 Fri Mar 19 14:48:03 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2869 * lib/hdb/Makefile.am: add version-info
2871 * lib/gssapi/Makefile.am: add version-info
2873 * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
2876 * lib/Makefile.am: add 45
2878 * lib/kadm5/Makefile.am: split in client and server libraries
2879 (breaks shared libraries otherwise)
2881 Thu Mar 18 11:33:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2883 * include/kadm5/Makefile.am: clean a lot of header files (since
2884 automake lacks a clean-hook)
2886 * include/Makefile.am: clean a lot of header files (since automake
2889 * lib/kadm5/Makefile.am: fix build-installation of headers
2891 * lib/krb5/Makefile.am: remove include_dir hack
2893 * lib/hdb/Makefile.am: remove include_dir hack
2895 * lib/asn1/Makefile.am: remove include_dir hack
2897 * include/Makefile.am: remove include_dir hack
2899 * doc/whatis.texi: define sub for html
2901 * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h
2903 * lib/asn1/Makefile.am: der.h
2905 * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h
2907 * kdc/Makefile.am: remove junk
2909 * kadmin/Makefile.am: sl.a -> sl.la
2911 * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS
2913 * admin/Makefile.am: sl.a -> sl.la
2915 * configure.in: condition KRB5; AC_CHECK_XAU
2917 * Makefile.am: include Makefile.am.common
2919 * include/kadm5/Makefile.am: include Makefile.am.common; don't
2920 install headers from here
2922 * include/Makefile.am: include Makefile.am.common; don't install
2925 * doc/Makefile.am: include Makefile.am.common
2927 * lib/krb5/Makefile.am: include Makefile.am.common
2929 * lib/kadm5/Makefile.am: include Makefile.am.common
2931 * lib/hdb/Makefile.am: include Makefile.am.common
2933 * lib/gssapi/Makefile.am: include Makefile.am.common
2935 * lib/asn1/Makefile.am: include Makefile.am.common
2937 * lib/Makefile.am: include Makefile.am.common
2939 * lib/45/Makefile.am: include Makefile.am.common
2941 * kuser/Makefile.am: include Makefile.am.common
2943 * kpasswd/Makefile.am: include Makefile.am.common
2945 * kdc/Makefile.am: include Makefile.am.common
2947 * kadmin/Makefile.am: include Makefile.am.common
2949 * appl/test/Makefile.am: include Makefile.am.common
2951 * appl/afsutil/Makefile.am: include Makefile.am.common
2953 * appl/Makefile.am: include Makefile.am.common
2955 * admin/Makefile.am: include Makefile.am.common
2957 Wed Mar 17 03:04:38 1999 Assar Westerlund <assar@sics.se>
2959 * lib/krb5/store.c (krb5_store_stringz): braces fix
2961 * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix
2963 * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix
2965 * kdc/connect.c (loop): braces fix
2967 * lib/krb5/config_file.c: cast to unsigned char to make is* happy
2969 * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy
2971 * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
2974 * kadmin/util.c (timeval2str): more braces to make gcc happy
2976 * kadmin/load.c: cast in is* to get rid of stupid warning
2978 * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
2981 * kdc/kaserver.c: malloc checks and fixes
2983 * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
2984 dot (if any) when looking up realms.
2986 Fri Mar 12 13:57:56 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
2988 * lib/krb5/get_host_realm.c: add dns support
2990 * lib/krb5/set_default_realm.c: use krb5_free_host_realm
2992 * lib/krb5/free_host_realm.c: check for NULL realmlist
2994 * lib/krb5/context.c: don't print warning if there is no krb5.conf
2996 Wed Mar 10 19:29:46 1999 Johan Danielsson <joda@hella.pdc.kth.se>
2998 * configure.in: use AC_WFLAGS
3000 Mon Mar 8 11:49:43 1999 Johan Danielsson <joda@hella.pdc.kth.se>
3004 * kuser/klist.c: use print_version
3006 * kuser/kdestroy.c: use print_version
3008 * kdc/hpropd.c: use print_version
3010 * kdc/hprop.c: use print_version
3012 * kdc/config.c: use print_version
3014 * kadmin/kadmind.c: use print_version
3016 * kadmin/kadmin.c: use print_version
3018 * appl/test/common.c: use print_version
3020 * appl/afsutil/afslog.c: use print_version
3022 Mon Mar 1 10:49:14 1999 Johan Danielsson <joda@hella.pdc.kth.se>
3024 * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
3025 HAVE_STRUCT_SOCKADDR_SA_LEN
3027 * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13
3029 Sun Feb 28 18:19:20 1999 Johan Danielsson <joda@hella.pdc.kth.se>
3031 * lib/asn1/gen.c: make `BIT STRING's unsigned
3033 * lib/asn1/{symbol.h,gen.c}: add TUInteger type
3035 * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
3036 krb5_get_init_creds_password
3038 * lib/krb5/fcache.c (fcc_gen_new): implement
3040 Sat Feb 27 22:41:23 1999 Johan Danielsson <joda@hella.pdc.kth.se>
3042 * doc/install.texi: krb4 is now automatically detected
3044 * doc/misc.texi: update procedure to set supported encryption
3047 * doc/setup.texi: change some silly wordings
3049 Sat Feb 27 22:17:30 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
3051 * lib/krb5/keytab.c (fkt_remove_entry): make this work
3053 * admin/ktutil.c: add minimally working `get' command
3055 Sat Feb 27 19:44:49 1999 Johan Danielsson <joda@hella.pdc.kth.se>
3057 * lib/hdb/convert_db.c: more typos
3059 * include/Makefile.am: remove EXTRA_DATA (as of autoconf
3062 * appl/Makefile.am: OTP_dir
3064 Fri Feb 26 17:37:00 1999 Johan Danielsson <joda@hella.pdc.kth.se>
3066 * doc/setup.texi: add kadmin section
3068 * lib/asn1/check-der.c: fix printf warnings
3070 Thu Feb 25 11:16:49 1999 Johan Danielsson <joda@hella.pdc.kth.se>
3072 * configure.in: -O does not belong in WFLAGS
3074 Thu Feb 25 11:05:57 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
3076 * lib/asn1/der_put.c: fix der_put_int
3078 Tue Feb 23 20:35:12 1999 Johan Danielsson <joda@hella.pdc.kth.se>
3080 * configure.in: use AC_BROKEN_GLOB
3082 Mon Feb 22 15:12:44 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
3084 * configure.in: check for glob
3086 Mon Feb 22 11:32:42 1999 Johan Danielsson <joda@hella.pdc.kth.se>
3090 Sat Feb 20 15:48:06 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
3092 * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
3095 * lib/krb5/crypto.c (DES3_string_to_key): make this actually do
3096 what the draft said it should
3098 * lib/hdb/convert_db.c: little program for database conversion
3100 * lib/hdb/db.c (DB_open): try to open database w/o .db extension
3102 * lib/hdb/ndbm.c (NDBM_open): add test for database format
3104 * lib/hdb/db.c (DB_open): add test for database format
3106 * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
3109 * lib/hdb/hdb.c: change `hdb_set_master_key' to take an
3110 EncryptionKey, and add a new function `hdb_set_master_keyfile' to
3111 do what `hdb_set_master_key' used to do
3113 * kdc/kstash.c: add `--convert-file' option to change keytype of
3114 existing master key file
3116 Fri Feb 19 07:04:14 1999 Assar Westerlund <assar@squid.pdc.kth.se>
3120 Sat Feb 13 17:12:53 1999 Assar Westerlund <assar@sics.se>
3122 * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
3125 * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'
3127 * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
3130 (krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
3131 RSA_MD5_DES3_verify): initialize ret
3133 * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
3134 gssapi_krb5_init. ask for KEYTYPE_DES credentials
3136 * kadmin/get.c (print_entry_long): print the keytypes and salts
3137 available for the principal
3139 * configure.in (WFLAGS): add `-O' to catch unitialized variables
3141 (gethostname, mkstemp, getusershell, inet_aton): more tests
3143 * lib/hdb/hdb.h: update prototypes
3145 * configure.in: homogenize broken detection with krb4
3147 * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
3150 * lib/asn1/Makefile.am (check-der): add
3152 * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
3155 * lib/asn1/der_length.c (length_unsigned): new function
3156 (length_int): handle signed integers
3158 * lib/asn1/der_put.c (der_put_unsigned): new function
3159 (der_put_int): handle signed integers
3161 * lib/asn1/der_get.c (der_get_unsigned): new function
3162 (der_get_int): handle signed integers
3164 * lib/asn1/der.h: all integer functions take `int' instead of
3167 * lib/asn1/lex.l (filename): unused. remove.
3169 * lib/asn1/check-der.c: new test program for der encoding and
3172 Mon Feb 1 04:09:06 1999 Assar Westerlund <assar@sics.se>
3174 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
3175 gethostbyname2 with AF_INET6 if we actually have IPv6. From
3176 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
3178 * lib/krb5/changepw.c (get_kdc_address): dito
3180 Sun Jan 31 06:26:36 1999 Assar Westerlund <assar@sics.se>
3182 * kdc/connect.c (parse_prots): always bind to AF_INET, there are
3183 v6-implementations without support for `mapped V4 addresses'.
3184 From Jun-ichiro itojun Hagino <itojun@kame.net>
3186 Sat Jan 30 22:38:27 1999 Assar Westerlund <assar@juguete.sics.se>
3190 Sat Jan 30 13:43:02 1999 Assar Westerlund <assar@sics.se>
3192 * lib/krb5/Makefile.am: explicit rules for *.et files
3194 * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
3195 krb5_get_credentials was succesful.
3196 (get_new_cache): return better error codes and return earlier.
3197 (get_cred_cache): only delete default_client if it's different
3199 (kadm5_c_init_with_context): return a more descriptive error.
3201 * kdc/kerberos5.c (check_flags): handle NULL client or server
3203 * lib/krb5/sendauth.c (krb5_sendauth): return the error in
3204 `ret_error' iff != NULL
3206 * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
3209 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
3212 * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR
3214 * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use
3216 * lib/krb5/get_cred.c: KRB5_TGS_NAME: use
3218 * lib/kafs/afskrb5.c (afslog_uid_int): update to changes
3220 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
3221 instead of rename, but shouldn't this just call rename?
3223 * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
3224 error if the principal wasn't found.
3226 * lib/hdb/ndbm.c (NDBM_seq): unseal key
3228 * lib/hdb/db.c (DB_seq): unseal key
3230 * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]
3232 * kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when
3233 finding cross-realm tgts in the v4 database
3235 * kadmin/mod.c (mod_entry): check the number of arguments. check
3236 that kadm5_get_principal worked.
3238 * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
3239 we weren't able to remove it.
3241 * admin/ktutil.c: less drive-by-deleting. From Love
3244 * kdc/connect.c (parse_ports): copy the string before mishandling
3247 * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
3250 * kadmin/kadmind.c (main): convert `debug_port' to network byte
3253 * kadmin/kadmin.c: allow specification of port number.
3255 * lib/kadm5/kadm5_locl.h (kadm5_client_context): add
3258 * lib/kadm5/init_c.c (_kadm5_c_init_context): move up
3259 initalize_kadm5_error_table_r.
3260 allow specification of port number.
3262 From Love <lha@stacken.kth.se>
3264 * kuser/klist.c: add option -t | --test