1 2001-06-19 Assar Westerlund <assar@sics.se>
3 * kuser/kinit.c (main): dereference result from krb5_princ_realm.
4 from Thomas Nystrom <thn@saeab.se>
6 2001-06-18 Johan Danielsson <joda@pdc.kth.se>
8 * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done
9 * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak
10 * lib/krb5/krbhst.c (config_get_hosts): free hostlist
11 * kuser/kinit.c: free principal
13 2001-06-18 Assar Westerlund <assar@sics.se>
15 * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra
18 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache):
19 remove some unused variables
21 * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly
22 * kdc/kerberos5.c: update to new krb5_auth_con* names
23 * kdc/hpropd.c: update to new krb5_auth_con* names
24 * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions
25 and remove some comments
26 * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right
27 order: remote - local - session
28 * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the
30 * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct
31 order: remote - local - session
32 * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order,
33 local - remote - session
35 2001-06-18 Johan Danielsson <joda@pdc.kth.se>
37 * lib/krb5/convert_creds.c: use starttime instead of authtime,
40 * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match
41 the MIT function by the same name; add
42 krb524_convert_creds_kdc_ccache that does what the old version did
44 * admin/list.c (do_list): make sure list of keys is NULL
45 terminated; similar to patch sent by Chris Chiappa
47 2001-06-18 Assar Westerlund <assar@sics.se>
49 * lib/krb5/mcache.c (mcc_remove_cred): use
50 krb5_free_creds_contents
52 * lib/krb5/auth_context.c: name function krb5_auth_con more
54 * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use
55 renamed krb5_auth_con_getauthenticator
57 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to
59 * lib/krb5/changepw.c (krb5_change_password): update to use
61 * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API
62 * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port
64 (krb5_krbhst_free): free everything
66 * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add
67 (krb5_krbhst_info): add def_port (default port for this service)
69 * lib/krb5/krbhst-test.c: make it more verbose and useful
70 * lib/krb5/krbhst.c: remove some more memory leaks do not try any
71 dns operations if there is local configuration admin: fallback to
72 kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin
75 * configure.in: remove initstate and setstate, they should be in
78 * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test
79 * lib/krb5/krbhst-test.c: new program for testing krbhst
80 * lib/krb5/krbhst.c (common_init): remove memory leak
81 (main): move test program into krbhst-test
83 2001-06-17 Johan Danielsson <joda@pdc.kth.se>
85 * lib/krb5/krb5_krbhst_init.3: manpage
87 * lib/krb5/krb5_get_krbhst.3: manpage
89 2001-06-16 Johan Danielsson <joda@pdc.kth.se>
91 * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type
93 * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle
95 * lib/krb5/krb5.h: types for new krbhst api
97 * lib/krb5/krbhst.c: implement a new api that looks up one host at
98 a time, instead of making a list of hosts
100 2001-06-09 Johan Danielsson <joda@pdc.kth.se>
102 * configure.in: test for initstate and setstate
104 * lib/krb5/krbhst.c: remove rfc2052 support
106 2001-06-08 Johan Danielsson <joda@pdc.kth.se>
108 * fix some manpages for broken mdoc.old grog test
110 2001-05-28 Assar Westerlund <assar@sics.se>
112 * lib/krb5/krb5.conf.5: add [appdefaults]
113 * lib/krb5/init_creds_pw.c: remove configuration reading that is
114 now done in krb5_get_init_creds_opt_set_default_flags
115 * lib/krb5/init_creds.c
116 (krb5_get_init_creds_opt_set_default_flags): add reading of
117 libdefaults versions of these and add no_addresses
119 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string
120 when preauth was required and we retry
122 2001-05-25 Assar Westerlund <assar@sics.se>
124 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call
126 * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the
129 2001-05-22 Assar Westerlund <assar@sics.se>
131 * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec
134 2001-05-17 Assar Westerlund <assar@sics.se>
138 2001-05-17 Assar Westerlund <assar@sics.se>
140 * lib/krb5/Makefile.am: bump version to 16:0:0
141 * lib/hdb/Makefile.am: bump version to 7:1:0
142 * lib/asn1/Makefile.am: bump version to 5:0:0
143 * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
144 * lib/krb5/codec.c: remove dead code
146 2001-05-17 Johan Danielsson <joda@pdc.kth.se>
148 * kdc/config.c: actually check the ticket addresses
150 2001-05-15 Assar Westerlund <assar@sics.se>
152 * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
155 * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
156 `errno' (called system_error) to allow callers to make sure they
157 pass the current and relevant value. update callers
159 2001-05-14 Johan Danielsson <joda@pdc.kth.se>
161 * lib/krb5/verify_user.c: krb5_verify_user_opt
163 * lib/krb5/krb5.h: verify_opt
165 * kdc/kerberos5.c: pass context to krb5_domain_x500_decode
167 2001-05-14 Assar Westerlund <assar@sics.se>
169 * kpasswd/kpasswdd.c: adapt to new address functions
170 * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
171 * kdc/connect.c: adapt to changing address functions
172 * kdc/config.c: new krb5_config_parse_file
173 * kdc/524.c: new krb5_sockaddr2address
174 * lib/krb5/*: add some krb5_{set,clear}_error_string
176 * lib/asn1/k5.asn1 (LR_TYPE): add
177 * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
179 2001-05-11 Assar Westerlund <assar@sics.se>
181 * kdc/kerberos5.c (tsg_rep): fix typo in variable name
183 * kpasswd/kpasswd-generator.c (nop_prompter): update prototype
184 * lib/krb5/init_creds_pw.c: update to new prompter, use prompter
185 types and send two prompts at once when changning password
186 * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
187 * lib/krb5/krb5.h (krb5_prompt): add type
188 (krb5_prompter_fct): add anem
190 * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
191 paramaters to krb5_cc_next_cred (as MIT does, and not as they
192 document). From "Jacques A. Vidrine" <n@nectar.com>
194 2001-05-11 Johan Danielsson <joda@pdc.kth.se>
196 * lib/krb5/Makefile.am: store-test
198 * lib/krb5/store-test.c: simple bit storage test
200 * lib/krb5/store.c: add more byteorder storage flags
202 * lib/krb5/krb5.h: add more byteorder storage flags
204 * kdc/kerberos5.c: don't use NULL where we mean 0
206 * kdc/kerberos5.c: put referral test code in separate function,
207 and test for KRB5_NT_SRV_INST
209 2001-05-10 Assar Westerlund <assar@sics.se>
211 * admin/list.c (do_list): do not close the keytab if opening it
213 * admin/list.c (do_list): always print complete names. print
214 everything to stdout.
215 * admin/list.c: print both v5 and v4 list by default
216 * admin/remove.c (kt_remove): reorganize some. open the keytab
217 (defaulting to the modify one).
218 * admin/purge.c (kt_purge): reorganize some. open the keytab
219 (defaulting to the modify one). correct usage strings
220 * admin/list.c (kt_list): reorganize some. open the keytab
221 * admin/get.c (kt_get): reorganize some. open the keytab
222 (defaulting to the modify one)
223 * admin/copy.c (kt_copy): default to modify key name. re-organise
224 * admin/change.c (kt_change): reorganize some. open the keytab
225 (defaulting to the modify one)
226 * admin/add.c (kt_add): reorganize some. open the keytab
227 (defaulting to the modify one)
228 * admin/ktutil.c (main): do not open the keytab, let every
229 sub-function handle it
231 * kdc/config.c (configure): call free_getarg_strings
233 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
236 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
237 `use_dns' parameter boolean
239 * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
240 * lib/krb5/context.c (init_context_from_config_file): set
241 default_keytab_modify
242 * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
243 ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
244 (KEYTAB_DEFAULT_MODIFY): add
245 * lib/krb5/keytab.c (krb5_kt_default_modify_name): add
246 (krb5_kt_resolve): set error string for failed keytab type
248 2001-05-08 Assar Westerlund <assar@sics.se>
250 * lib/krb5/crypto.c (encryption_type): make field names more
252 (create_checksum): separate usage and type
253 (krb5_create_checksum): add a separate type parameter
254 (encrypt_internal): only free once on mismatched checksum length
256 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
257 realm we didn't manage to reach any KDC for in the error string
259 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
260 the entire subkey. from <tmartin@mirapoint.com>
262 2001-05-07 Johan Danielsson <joda@pdc.kth.se>
264 * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
265 KT_NOTFOUND if the file is empty
267 2001-05-07 Assar Westerlund <assar@sics.se>
269 * lib/krb5/fcache.c: call krb5_set_error_string when open fails
271 * lib/krb5/keytab_file.c: call krb5_set_error_string when open
274 * lib/krb5/warn.c (_warnerr): print error_string in context in
275 preference to error string derived from error code
276 * kuser/kinit.c (main): try to print the error string
277 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
278 error strings for errors
280 * lib/krb5/krb5.h (krb5_context_data): add error_string and
282 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
283 * lib/krb5/error_string.c: new file
285 2001-05-02 Johan Danielsson <joda@pdc.kth.se>
287 * lib/krb5/time.c: krb5_string_to_deltat
289 * lib/krb5/sock_principal.c: one less data copy
291 * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
293 * lib/krb5/get_default_principal.c: change this slightly
295 * lib/krb5/crypto.c: make checksum_types into an array of pointers
297 * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
300 2001-04-29 Assar Westerlund <assar@sics.se>
302 * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
303 the right realm if we fail to find a non-krbtgt service in the
304 database and the second component does a succesful non-dns lookup
305 to get the real realm (which has to be different from the
306 originally-supplied realm). this should help windows 2000 clients
307 that always start their lookups in `their' realm and do not have
308 any idea of how to map hostnames into realms
309 * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
311 2001-04-27 Johan Danielsson <joda@pdc.kth.se>
313 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
314 parameter to request use of dns or not
316 2001-04-25 Assar Westerlund <assar@sics.se>
318 * admin/get.c (kt_get): allow specification of encryption types
319 * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
320 close an unopened ccache, noted by <marc@mit.edu>
322 * lib/krb5/krb5.h (krb5_any_ops): add declaration
323 * lib/krb5/context.c (init_context_from_config_file): register
326 * lib/krb5/keytab_any.c: new file, implementing union of keytabs
327 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
329 * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
330 == NULL. noted by <marc@mit.edu>
332 2001-04-19 Johan Danielsson <joda@pdc.kth.se>
334 * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
335 else, from Jacques Vidrine
337 2001-04-18 Johan Danielsson <joda@pdc.kth.se>
339 * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
341 * lib/asn1/Makefile.am: add asn1_ENCTYPE.x
343 * lib/krb5/krb5.h: adapt to asn1 changes
345 * lib/asn1/k5.asn1: move enctypes here
347 * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
350 * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
353 * lib/asn1/lex.l: use strtol to parse constants
355 2001-04-06 Johan Danielsson <joda@pdc.kth.se>
357 * kuser/kinit.c: add simple support for running commands
359 2001-03-26 Assar Westerlund <assar@sics.se>
361 * lib/hdb/hdb-ldap.c: change order of includes to allow it to work
362 with more versions of openldap
364 * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
366 (*): update callers of krb5_km_error
367 (check_tgs_flags): handle renews requesting non-renewable tickets
369 * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
372 * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
375 * lib/krb5/crypto.c (create_checksum): change so that `type == 0'
376 means pick from the `crypto' (context) and otherwise use that
377 type. this is not a large change in practice and allows callers
378 to specify the exact checksum algorithm to use
380 2001-03-13 Assar Westerlund <assar@sics.se>
382 * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
383 to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
384 integrity'. this helps for talking to old (pre 0.3d) KDCs
386 2001-03-12 Assar Westerlund <assar@pdc.kth.se>
388 * lib/krb5/crypto.c (krb5_derive_key): new function, used by
390 * lib/krb5/string-to-key-test.c: add new test vectors posted by
391 Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
393 * lib/krb5/n-fold-test.c: more test vectors from same source
394 * lib/krb5/derived-key-test.c: more tests from same source
396 2001-03-06 Assar Westerlund <assar@sics.se>
398 * acconfig.h: include roken_rename.h when appropriate
400 2001-03-06 Assar Westerlund <assar@sics.se>
402 * lib/krb5/krb5.h (krb5_enctype): remove trailing comma
404 2001-03-04 Assar Westerlund <assar@sics.se>
406 * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
407 compatibility with MIT krb5
409 2001-03-02 Assar Westerlund <assar@sics.se>
411 * kuser/kinit.c (main): only request a renewable ticket when
412 explicitly requested. it still gets a renewable one if the renew
414 * kuser/kinit.c (renew_validate): treat -1 as flags not being set
416 2001-02-28 Johan Danielsson <joda@pdc.kth.se>
418 * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
420 2001-02-27 Johan Danielsson <joda@pdc.kth.se>
422 * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
424 2001-02-25 Assar Westerlund <assar@sics.se>
426 * configure.in: do not use -R when testing for des functions
428 2001-02-14 Assar Westerlund <assar@sics.se>
430 * configure.in: test for lber.h when trying to link against
431 openldap to handle openldap v1, from Sumit Bose
434 2001-02-19 Assar Westerlund <assar@sics.se>
436 * lib/asn1/libasn1.h: add string.h (for memset)
438 2001-02-15 Assar Westerlund <assar@sics.se>
440 * lib/krb5/warn.c (_warnerr): add printf attributes
441 * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
442 returned by getaddrinfo before trying the next kdc. from
445 * lib/krb5/krb5.conf.5: fix default_realm in example
447 * kdc/connect.c: fix a few kdc_log format types
449 * configure.in: try to handle libdes/libcrypto ont requiring -L
451 2001-02-10 Assar Westerlund <assar@sics.se>
453 * lib/asn1/gen_decode.c (generate_type_decode): zero the data at
454 the beginning of the generated function, and add a label `fail'
455 that the code jumps to in case of errors that frees all allocated
458 2001-02-07 Assar Westerlund <assar@sics.se>
460 * configure.in: aix dce: fix misquotes, from Ake Sandgren
463 * configure.in (dpagaix_LDFLAGS): try to add export file
465 2001-02-05 Assar Westerlund <assar@sics.se>
467 * lib/krb5/krb5_keytab.3: new man page, contributed by
470 * kdc/kaserver.c: update to new db_fetch4
472 2001-02-05 Assar Westerlund <assar@assaris.sics.se>
476 2001-01-30 Assar Westerlund <assar@sics.se>
478 * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
480 (kdb_prop): decrypt key properly
481 * kdc/hprop.c: handle building with KRB4 always try to decrypt v4
482 data with the master key leave it up to the v5 how to encrypt with
485 * kdc/kstash.c: include file name in error messages
486 * kdc/hprop.c: fix a typo and check some more return values
487 * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
488 correctly. From Jacques Vidrine <n@nectar.com>
489 * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
492 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
494 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
495 * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
496 * kdc/misc.c (db_fetch): return an error code. change callers to
497 look at this and try to print it in log messages
499 * lib/krb5/crypto.c (decrypt_internal_derived): check that there's
502 2001-01-29 Assar Westerlund <assar@sics.se>
504 * kdc/hprop.c (realm_buf): move it so it becomes properly
507 * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
508 hdb_unseal_keys, hdb_seal_keys): check that we have the correct
509 master key and that we manage to decrypt the key properly,
510 returning an error code. fix all callers to check return value.
512 * tools/krb5-config.in: use @LIB_des_appl@
513 * tools/Makefile.am (krb5-config): add LIB_des_appl
514 * configure.in (LIB_des): set correctly
515 (LIB_des_appl): add for the use by krb5-config.in
517 * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
518 to make sure of not dropping data when doing it over a socket.
519 (this might break when used with ordinary files on win32)
521 * lib/hdb/hdb_err.et (NO_MKEY): add
523 * kdc/kerberos5.c (as_rep): be paranoid and check
524 krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>
526 * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
527 lib/krb5/krb5_auth_context.3: add new man pages, contributed by
530 * use the openssl api for md4/md5/sha and handle openssl/*.h
532 * kdc/kaserver.c (do_getticket): check length of ticket. noted by
535 2001-01-28 Assar Westerlund <assar@sics.se>
537 * configure.in: send -R instead of -rpath to libtool to set
538 runtime library paths
540 * lib/krb5/Makefile.am: remove all dependencies on libkrb
542 2001-01-27 Assar Westerlund <assar@sics.se>
544 * appl/rcp: add port of bsd rcp changed to use existing rsh,
545 contributed by Richard Nyberg <rnyberg@it.su.se>
547 2001-01-27 Johan Danielsson <joda@pdc.kth.se>
549 * lib/krb5/get_port.c: don't warn if the port name can't be found,
552 2001-01-26 Johan Danielsson <joda@pdc.kth.se>
554 * kdc/hprop.c: make it possible to convert a v4 dump file without
555 having any v4 libraries; the kdb backend still require them
557 * kdc/v4_dump.c: include shadow definition of kdb Principal, so we
558 don't have to depend on any v4 libraries
560 * kdc/hprop.h: include shadow definition of kdb Principal, so we
561 don't have to depend on any v4 libraries
563 * lib/hdb/print.c: reduce number of memory allocations
565 * lib/hdb/mkey.c: add support for reading krb4 /.k files
567 2001-01-19 Assar Westerlund <assar@sics.se>
569 * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
570 for realms document capath better
572 * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
573 at kpasswd_server before admin_server
575 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
576 [libdefaults]capath for better hint of realm to send request to.
577 this allows the client to specify `realm routing information' in
578 case it cannot be done at the server (which is preferred)
580 * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
581 zero when we were expecting a sequence number. MIT krb5 cannot
582 generate a sequence number of zero, instead generating no sequence
584 * lib/krb5/rd_safe.c (krb5_rd_safe): dito
586 2001-01-11 Assar Westerlund <assar@sics.se>
588 * kpasswd/kpasswdd.c: add --port option
590 2001-01-10 Assar Westerlund <assar@sics.se>
592 * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
593 just before returning
595 2001-01-09 Assar Westerlund <assar@sics.se>
597 * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
599 2001-01-05 Johan Danielsson <joda@pdc.kth.se>
601 * kuser/kinit.c: call a time `time', and not `seconds'
603 * lib/krb5/init_creds.c: not much point in setting the anonymous
606 * lib/krb5/krb5_appdefault.3: document appdefault_time
608 2001-01-04 Johan Danielsson <joda@pdc.kth.se>
610 * lib/krb5/verify_user.c: use
611 krb5_get_init_creds_opt_set_default_flags
613 * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
615 * lib/krb5/init_creds.c: new function
616 krb5_get_init_creds_opt_set_default_flags to set options from
619 * lib/krb5/rd_cred.c: make this match the MIT function
621 * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
623 (krb5_appdefault_time): new function
625 2001-01-03 Assar Westerlund <assar@sics.se>
627 * kdc/hpropd.c (main): handle EOF when reading from stdin