1 Fri Dec 17 11:04:26 1999 Assar Westerlund <assar@juguete.sics.se>
5 1999-12-17 Assar Westerlund <assar@sics.se>
9 1999-12-16 Assar Westerlund <assar@sics.se>
11 * lib/krb5/Makefile.am: bump version to 6:2:1
13 * lib/krb5/principal.c (krb5_sname_to_principal): handle
14 ai_canonname not being set
15 * lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
16 ai_canonname not being set
18 * appl/test/uu_server.c: print messages to stderr
19 * appl/test/tcp_server.c: print messages to stderr
20 * appl/test/nt_gss_server.c: print messages to stderr
21 * appl/test/gssapi_server.c: print messages to stderr
23 * appl/test/tcp_client.c (proto): remove shadowing `context'
24 * appl/test/common.c (client_doit): add forgotten ntohs
26 1999-12-13 Assar Westerlund <assar@sics.se>
28 * configure.in (VERISON): bump to 0.2g-pre
30 1999-12-12 Assar Westerlund <assar@sics.se>
32 * lib/krb5/principal.c (krb5_425_conv_principal_ext): be more
33 robust and handle extra dot at the beginning of default_domain
35 1999-12-12 Assar Westerlund <assar@sics.se>
39 1999-12-12 Assar Westerlund <assar@sics.se>
41 * lib/krb5/Makefile.am: bump version to 6:1:1
43 * lib/krb5/changepw.c (get_kdc_address): use
44 `krb5_get_krb_changepw_hst'
46 * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add
48 * lib/krb5/get_host_realm.c: add support for _kerberos.domain
49 (according to draft-ietf-cat-krb-dns-locate-01.txt)
51 1999-12-06 Assar Westerlund <assar@sics.se>
55 1999-12-06 Assar Westerlund <assar@sics.se>
57 * lib/krb5/changepw.c (krb5_change_password): use the correct
60 * lib/krb5/Makefile.am: bump version to 6:0:1
62 * lib/asn1/Makefile.am: bump version to 1:4:0
64 1999-12-04 Assar Westerlund <assar@sics.se>
66 * configure.in: move AC_KRB_IPv6 to make sure it's performed
68 (el_init): use new feature of AC_FIND_FUNC_NO_LIBS
70 * appl/test/uu_client.c: use client_doit
71 * appl/test/test_locl.h (client_doit): add prototype
72 * appl/test/tcp_client.c: use client_doit
73 * appl/test/nt_gss_client.c: use client_doit
74 * appl/test/gssapi_client.c: use client_doit
75 * appl/test/common.c (client_doit): move identical code here and
76 start using getaddrinfo
78 * appl/kf/kf.c (doit): rewrite to use getaddrinfo
79 * kdc/hprop.c: re-write to use getaddrinfo
80 * lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo
81 * lib/krb5/expand_hostname.c (krb5_expand_hostname): use
83 * lib/krb5/changepw.c: re-write to use getaddrinfo
84 * lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo
86 1999-12-03 Assar Westerlund <assar@sics.se>
88 * configure.in (BROKEN): check for freeaddrinfo, getaddrinfo,
89 getnameinfo, gai_strerror
90 (socklen_t): check for
92 1999-11-23 Assar Westerlund <assar@sics.se>
94 * lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes
95 within unicode characters. this should probably be done in some
96 arbitrarly complex way to do it properly and you would have to
97 know what character encoding was used for the password and salt
100 * lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0
102 (ipv6_uninteresting): remove unused macro
104 1999-11-22 Johan Danielsson <joda@pdc.kth.se>
106 * lib/krb5/krb5.h: rc4->arcfour
108 * lib/krb5/crypto.c: rc4->arcfour
110 1999-11-17 Assar Westerlund <assar@sics.se>
112 * lib/krb5/krb5_locl.h: add <rc4.h>
113 * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4
114 * lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might
115 not be totally different from some small company up in the
116 north-west corner of the US
118 * lib/krb5/get_addrs.c (find_all_addresses): change code to
119 actually increment buf_size
121 1999-11-14 Assar Westerlund <assar@sics.se>
123 * lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces'
124 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces
126 * lib/krb5/context.c (init_context_from_config_file): set
129 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c
130 * lib/krb5/add_et_list.c (krb5_add_et_list): new function
132 1999-11-12 Assar Westerlund <assar@sics.se>
134 * lib/krb5/get_default_realm.c (krb5_get_default_realm,
135 krb5_get_default_realms): set realms if they were unset
136 * lib/krb5/context.c (init_context_from_config_file): don't
137 initialize default realms here. it's done lazily instead.
139 * lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned
140 * lib/asn1/gen_glue.c (generate_2int, generate_units): make sure
141 bit constants are unsigned
142 * lib/asn1/gen.c (define_type): make length in sequences be
145 * configure.in: remove duplicate test for setsockopt test for
148 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate
149 preauthentication information if we get back ERR_PREAUTH_REQUIRED
150 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove
151 preauthentication generation code. it's now in krb5_get_in_cred
153 * configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct
154 tm.tm_gmtoff and timezone
156 1999-11-11 Johan Danielsson <joda@pdc.kth.se>
158 * kdc/main.c: make this work with multi-db
160 * kdc/kdc_locl.h: make this work with multi-db
162 * kdc/config.c: make this work with multi-db
164 1999-11-09 Johan Danielsson <joda@pdc.kth.se>
166 * kdc/misc.c: update for multi-database code
168 * kdc/main.c: update for multi-database code
170 * kdc/kdc_locl.h: update
172 * kdc/config.c: allow us to have more than one database
174 1999-11-04 Assar Westerlund <assar@sics.se>
178 * lib/krb5/Makefile.am: bump version to 5:0:0 to be safe
179 (krb5_context_data has changed and some code do (might) access
182 * lib/krb5/krb5.h (krb5_context_data): add `etypes_des'
184 * lib/krb5/get_cred.c (init_tgs_req): use
185 krb5_keytype_to_enctypes_default
187 * lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new
190 * lib/krb5/context.c (set_etypes): new function
191 (init_context_from_config_file): set both `etypes' and `etypes_des'
193 1999-11-02 Assar Westerlund <assar@sics.se>
195 * configure.in (VERSION): bump to 0.2d-pre
197 1999-10-29 Assar Westerlund <assar@sics.se>
199 * lib/krb5/principal.c (krb5_parse_name): check memory allocations
201 1999-10-28 Assar Westerlund <assar@sics.se>
205 * lib/krb5/dump_config.c (print_tree): check for empty tree
207 * lib/krb5/string-to-key-test.c (tests): update the test cases
208 with empty principals so that they actually use an empty realm and
209 not the default. use the correct etype for 3DES
211 * lib/krb5/Makefile.am: bump version to 4:1:0
213 * kdc/config.c (configure): more careful with the port string
215 1999-10-26 Assar Westerlund <assar@sics.se>
219 1999-10-20 Assar Westerlund <assar@sics.se>
221 * lib/krb5/Makefile.am: bump version to 4:0:0
222 (krb524_convert_creds_kdc and potentially some other functions
223 have changed prototypes)
225 * lib/hdb/Makefile.am: bump version to 4:0:1
227 * lib/asn1/Makefile.am: bump version to 1:3:0
229 * configure.in (LIB_roken): add dbopen. getcap in roken
230 references dbopen and with shared libraries we need to add this
233 * lib/krb5/verify_krb5_conf.c (main): support speicifying the
234 configuration file to test on the command line
236 * lib/krb5/config_file.c (parse_binding): handle line with no
238 (krb5_config_parse_file_debug): set lineno earlier so that we don't
241 * configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need
242 more include files for these tests
244 * lib/krb5/set_default_realm.c (krb5_set_default_realm): use
245 krb5_config_get_strings, which means that your configuration file
249 default_realm = realm1 realm2 realm3
251 * lib/krb5/set_default_realm.c (config_binding_to_list): fix
252 copy-o. From Michal Vocu <michal@karlin.mff.cuni.cz>
254 * kdc/config.c (configure): add a missing strdup. From Michal
255 Vocu <michal@karlin.mff.cuni.cz>
257 1999-10-17 Assar Westerlund <assar@sics.se>
261 * configure.in: only test for db.h with using berkeley_db. remember
262 to link with LIB_tgetent when checking for el_init. add xnlock
264 * appl/Makefile.am: add xnlock
266 * kdc/kerberos5.c (find_etype): support null keys
268 * kdc/kerberos4.c (get_des_key): support null keys
270 * lib/krb5/crypto.c (krb5_get_wrapped_length): more correct
273 1999-10-16 Johan Danielsson <joda@pdc.kth.se>
275 * kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc
277 1999-10-12 Johan Danielsson <joda@pdc.kth.se>
279 * lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning
281 1999-10-10 Assar Westerlund <assar@sics.se>
283 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm
285 * lib/krb5/krb5.h (krb5_ccache_data): make `ops' const
287 * lib/krb5/crypto.c (krb5_string_to_salttype): new function
289 * **/*.[ch]: const-ize
291 1999-10-06 Assar Westerlund <assar@sics.se>
293 * lib/krb5/creds.c (krb5_compare_creds): const-ify
295 * lib/krb5/cache.c: clean-up and comment-up
297 * lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the
300 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the
303 * kdc/connect.c (handle_tcp): things work much better when ret is
306 1999-10-03 Assar Westerlund <assar@sics.se>
308 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the
309 type of the session key
311 * lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell
314 * lib/krb5/creds.c (krb5_compare_creds): fix spelling of
315 krb5_enctypes_compatible_keys
317 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new
318 credentials from the KDC if the existing one doesn't have a DES
321 * lib/45/get_ad_tkt.c (get_ad_tkt): update to new
322 krb524_convert_creds_kdc
324 1999-10-03 Johan Danielsson <joda@pdc.kth.se>
326 * lib/krb5/keytab_keyfile.c: make krb5_akf_ops const
328 * lib/krb5/keytab_memory.c: make krb5_mkt_ops const
330 * lib/krb5/keytab_file.c: make krb5_fkt_ops const
332 1999-10-01 Assar Westerlund <assar@sics.se>
334 * lib/krb5/config_file.c: rewritten to allow error messages
336 * lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf
337 (libkrb5_la_SOURCES): add config_file_netinfo.c
339 * lib/krb5/verify_krb5_conf.c: new program for verifying that
342 * lib/krb5/config_file_netinfo.c: moved netinfo code here from
345 1999-09-28 Assar Westerlund <assar@sics.se>
347 * kdc/hpropd.c (dump_krb4): kludge default_realm
349 * lib/asn1/check-der.c: add test cases for Generalized time and
350 make sure we return the correct value
352 * lib/asn1/der_put.c: simplify by using der_put_length_and_tag
354 * lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of
355 krb5_verify_user that tries in all the local realms
357 * lib/krb5/set_default_realm.c: add support for having several
360 * lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms'
362 * lib/krb5/get_default_realm.c (krb5_get_default_realms): add
364 * lib/krb5/krb5.h (krb5_context_data): change `default_realm' to
367 * lib/krb5/context.c: change from `default_realm' to
370 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
371 krb5_get_default_realms
373 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c
375 * lib/krb5/copy_host_realm.c: new file
377 1999-09-27 Johan Danielsson <joda@pdc.kth.se>
379 * lib/asn1/der_put.c (encode_generalized_time): encode length
381 * lib/krb5/recvauth.c: new function `krb5_recvauth_match_version'
382 that allows more intelligent matching of the application version
384 1999-09-26 Assar Westerlund <assar@sics.se>
386 * lib/asn1/asn1_print.c: add err.h
388 * kdc/config.c (configure): use parse_bytes
390 * appl/test/nt_gss_common.c: use the correct header file
392 1999-09-24 Johan Danielsson <joda@pdc.kth.se>
394 * kuser/klist.c: add a `--cache' flag
396 * kuser/kinit.c (main): only get default value for `get_v4_tgt' if
397 it's explicitly set in krb5.conf
399 1999-09-23 Assar Westerlund <assar@sics.se>
401 * lib/asn1/asn1_print.c (tag_names); add another univeral tag
403 * lib/asn1/der.h: update universal tags
405 1999-09-22 Assar Westerlund <assar@sics.se>
407 * lib/asn1/asn1_print.c (loop): print length of octet string
409 1999-09-21 Johan Danielsson <joda@pdc.kth.se>
411 * admin/ktutil.c (kt_get): add `--help'
413 1999-09-21 Assar Westerlund <assar@sics.se>
415 * kuser/Makefile.am: add kdecode_ticket
417 * kuser/kdecode_ticket.c: new debug program
419 * appl/test/nt_gss_server.c: new program to test against `Sample *
420 SSPI Code' in Windows 2000 RC1 SDK.
422 * appl/test/Makefile.am: add nt_gss_client and nt_gss_server
424 * lib/asn1/der_get.c (decode_general_string): remember to advance
425 ret over the length-len
427 * lib/asn1/Makefile.am: add asn1_print
429 * lib/asn1/asn1_print.c: new program for printing DER-structures
431 * lib/asn1/der_put.c: make functions more consistent
433 * lib/asn1/der_get.c: make functions more consistent
435 1999-09-20 Johan Danielsson <joda@pdc.kth.se>
437 * kdc/kerberos5.c: be more informative in pa-data error messages
439 1999-09-16 Assar Westerlund <assar@sics.se>
441 * configure.in: test for strlcpy, strlcat
443 1999-09-14 Assar Westerlund <assar@sics.se>
445 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return
446 KRB5_LIBOS_PWDINTR when interrupted
448 * lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return
449 value from des_read_pw_string
451 * kuser/kinit.c (main): don't print any error if reading the
452 password was interrupted
454 * kpasswd/kpasswd.c (main): don't print any error if reading the
455 password was interrupted
457 * kdc/string2key.c (main): check the return value from fgets
459 * kdc/kstash.c (main): check return value from des_read_pw_string
461 * admin/ktutil.c (kt_add): check the return-value from fgets and
462 overwrite the password for paranoid reasons
464 * lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the
465 newline if it's there
467 1999-09-13 Assar Westerlund <assar@sics.se>
469 * kdc/hpropd.c (main): remove bogus error with `--print'. remove
470 sysloging of number of principals transferred
472 * kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL
474 (main): get rid of bogus opening of hdb database when propagating
477 1999-09-12 Assar Westerlund <assar@sics.se>
479 * lib/krb5/krb5_locl.h (O_BINARY): add fallback definition
481 * lib/krb5/krb5.h (krb5_context_data): add keytab types
483 * configure.in: revert back awk test, not worked around in
486 * lib/krb5/keytab_krb4.c: remove O_BINARY
488 * lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's. From
491 * lib/krb5/keytab_file.c: remove O_BINARY
493 * lib/krb5/keytab.c: move the list of keytab types to the context
495 * lib/krb5/fcache.c: remove O_BINARY
497 * lib/krb5/context.c (init_context_from_config_file): register all
498 standard cache and keytab types
499 (krb5_free_context): free `kt_types'
501 * lib/krb5/cache.c (krb5_cc_resolve): move the registration of the
502 standard types of credential caches to context
504 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c
506 1999-09-10 Assar Westerlund <assar@sics.se>
508 * lib/krb5/keytab.c: add comments and clean-up
510 * admin/ktutil.c: add `ktutil copy'
512 * lib/krb5/keytab_krb4.c: new file
514 * lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field
516 * lib/krb5/Makefile.am: add keytab_krb4.c
518 * lib/krb5/keytab.c: add krb4 and correct some if's
520 * admin/srvconvert.c (srvconv): move common code
522 * lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables
524 * lib/krb5/keytab.c: move out file and memory functions
526 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c,
529 * lib/krb5/keytab_memory.c: new file
531 * lib/krb5/keytab_file.c: new file
533 * kpasswd/kpasswdd.c: move out password quality functions
535 1999-09-07 Assar Westerlund <assar@sics.se>
537 * lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c. From
540 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check
541 return value from `krb5_sendto_kdc'
543 1999-09-06 Assar Westerlund <assar@sics.se>
545 * lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and
546 remove the sending of data. add a parameter `limit'. let callers
547 send the date themselves (and preferably with net_write on tcp
549 (send_and_recv_tcp): read first the length field and then only that
552 1999-09-05 Assar Westerlund <assar@sics.se>
554 * kdc/connect.c (handle_tcp): try to print warning `TCP data of
555 strange type' less often
557 * lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly.
558 return on EOF. always free data. check return value from
560 (send_and_recv_tcp, send_and_recv_http): check advertised length
561 against actual length
563 1999-09-01 Johan Danielsson <joda@pdc.kth.se>
565 * configure.in: check for sgi capabilities
567 1999-08-27 Johan Danielsson <joda@pdc.kth.se>
569 * lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return
572 * kpasswd/kpasswdd.c: use HDB keytabs; change some error messages;
575 * lib/krb5/address.c (krb5_append_addresses): remove duplicates
577 1999-08-26 Johan Danielsson <joda@pdc.kth.se>
579 * lib/hdb/keytab.c: HDB keytab backend
581 1999-08-25 Johan Danielsson <joda@pdc.kth.se>
584 (krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
587 1999-08-24 Johan Danielsson <joda@pdc.kth.se>
589 * kpasswd/kpasswdd.c: add `--keytab' flag
591 1999-08-23 Assar Westerlund <assar@sics.se>
593 * lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr'
594 instead of the non-standard `s6_addr32'. From Yoshinobu Inoue
595 <shin@kame.net> by way of the KAME repository
597 1999-08-18 Assar Westerlund <assar@sics.se>
599 * configure.in (--enable-new-des3-code): remove check for `struct
602 * lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable
603 des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards
606 * lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key
607 derivation) just got assigned etype 16 by <bcn@isi.edu>. keep the
610 1999-08-16 Assar Westerlund <assar@sics.se>
612 * lib/krb5/sendauth.c (krb5_sendauth): only look at errno if
613 krb5_net_read actually returns -1
615 * lib/krb5/recvauth.c (krb5_recvauth): only look at errno if
616 krb5_net_read actually returns -1
618 * appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't
621 * appl/test/tcp_server.c (proto): only trust errno if
622 krb5_net_read actually returns -1
624 * appl/kf/kfd.c (proto): be more careful with the return value
627 1999-08-13 Assar Westerlund <assar@sics.se>
629 * lib/krb5/get_addrs.c (get_addrs_int): try the different ways
630 sequentially instead of just one. this helps if your heimdal was
631 built with v6-support but your kernel doesn't have it, for
634 1999-08-12 Assar Westerlund <assar@sics.se>
636 * kdc/hpropd.c: add inetd flag. default means try to figure out
637 if stdin is a socket or not.
639 * Makefile.am (ACLOCAL): just use `cf', this variable is only used
640 when the current directory is $(top_srcdir) anyways and having
641 $(top_srcdir) there breaks if it's a relative path
643 1999-08-09 Johan Danielsson <joda@pdc.kth.se>
645 * configure.in: check for setproctitle
647 1999-08-05 Assar Westerlund <assar@sics.se>
649 * lib/krb5/principal.c (krb5_sname_to_principal): remember to call
652 * appl/test/tcp_client.c: call freehostent
654 * appl/kf/kf.c (doit): call freehostent
656 * appl/kf/kf.c: make v6 friendly and simplify
658 * appl/kf/kfd.c: make v6 friendly and simplify
660 * appl/test/tcp_server.c: simplify by using krb5_err instead of
663 * appl/test/tcp_client.c: simplify by using krb5_err instead of
666 * appl/test/tcp_server.c: make v6 friendly and simplify
668 * appl/test/tcp_client.c: make v6 friendly and simplify
670 1999-08-04 Assar Westerlund <assar@sics.se>
674 1999-08-04 Assar Westerlund <assar@sics.se>
676 * kuser/kinit.c (main): some more KRB4-conditionalizing
678 * lib/krb5/get_in_tkt.c: type correctness
680 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in
681 flags. From Miroslav Ruda <ruda@ics.muni.cz>
683 * kuser/kinit.c (main): add config file support for forwardable
684 and krb4 support. From Miroslav Ruda <ruda@ics.muni.cz>
686 * kdc/kerberos5.c (as_rep): add an empty X500-compress string as
688 (fix_transited_encoding): check length.
689 From Miroslav Ruda <ruda@ics.muni.cz>
691 * kdc/hpropd.c (dump_krb4): check the realm so that we don't dump
692 principals in some other realm. From Miroslav Ruda
694 (main): rename sa_len -> sin_len, sa_lan is a define on some
697 * appl/kf/kfd.c: add regpag support. From Miroslav Ruda
700 * appl/kf/kf.c: add `-G' and forwardable option in krb5.conf.
701 From Miroslav Ruda <ruda@ics.muni.cz>
703 * lib/krb5/config_file.c (parse_list): don't run past end of line
705 * appl/test/gss_common.h: new prototypes
707 * appl/test/gssapi_client.c: use gss_err instead of abort
709 * appl/test/gss_common.c (gss_verr, gss_err): add
711 1999-08-03 Assar Westerlund <assar@sics.se>
713 * lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this
714 otherwise it doesn't build with shared libraries
716 * kdc/hpropd.c: v6-ify
718 * kdc/hprop.c: v6-ify
720 1999-08-01 Assar Westerlund <assar@sics.se>
722 * lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname
724 1999-07-31 Assar Westerlund <assar@sics.se>
726 * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new
727 function that takes a FQDN
729 * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c
731 * lib/krb5/expand_hostname.c: new file
733 1999-07-28 Assar Westerlund <assar@sics.se>
737 1999-07-28 Assar Westerlund <assar@sics.se>
739 * lib/asn1/Makefile.am: bump version to 1:2:0
741 * lib/krb5/Makefile.am: bump version to 3:1:0
743 * configure.in: more inet_pton to roken
745 * lib/krb5/principal.c (krb5_sname_to_principal): use
748 1999-07-26 Assar Westerlund <assar@sics.se>
752 1999-07-26 Johan Danielsson <joda@pdc.kth.se>
754 * lib/krb5/Makefile.am: bump version number (changed function
757 * lib/hdb/Makefile.am: bump version number (changes to some
760 1999-07-26 Assar Westerlund <assar@sics.se>
762 * lib/krb5/Makefile.am: bump version to 3:0:2
764 * lib/hdb/Makefile.am: bump version to 2:1:0
766 * lib/asn1/Makefile.am: bump version to 1:1:0
768 1999-07-26 Assar Westerlund <assar@sics.se>
772 1999-07-26 Assar Westerlund <assar@sics.se>
774 * configure.in: rokenize inet_ntop
776 * lib/krb5/store_fd.c: lots of changes from size_t to ssize_t
778 * lib/krb5/store_mem.c: lots of changes from size_t to ssize_t
780 * lib/krb5/store_emem.c: lots of changes from size_t to ssize_t
782 * lib/krb5/store.c: lots of changes from size_t to ssize_t
783 (krb5_ret_stringz): check return value from realloc
785 * lib/krb5/mk_safe.c: some type correctness
787 * lib/krb5/mk_priv.c: some type correctness
789 * lib/krb5/krb5.h (krb5_storage): change return values of
790 functions from size_t to ssize_t
792 1999-07-24 Assar Westerlund <assar@sics.se>
796 * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
797 in lib/roken/roken.awk
799 * lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
800 step over addresses if there's no `sa_lan' field
802 * lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
803 using `struct sockaddr_storage'
805 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
806 `struct sockaddr_storage'
808 * lib/krb5/changepw.c (krb5_change_password): simplify by using
809 `struct sockaddr_storage'
811 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
812 simplify by using `struct sockaddr_storage'
814 * kpasswd/kpasswdd.c (*): simplify by using `struct
817 * kdc/connect.c (*): simplify by using `struct sockaddr_storage'
819 * configure.in (sa_family_t): just test for existence
820 (sockaddr_storage): also specify include file
822 * configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
823 (sa_family_t): test for
824 (struct sockaddr_storage): test for
826 * kdc/hprop.c (propagate_database): typo, NULL should be
829 * lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
832 * appl/kf/kf.c (main): use warnx
834 * appl/kf/kf.c (proto): remove shadowing context
836 * lib/krb5/get_addrs.c (find_all_addresses): try to handle the
837 case of getting back an `sockaddr_in6' address when sizeof(struct
838 sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
839 tell us how large the address is. This obviously doesn't work
840 with unknown protocol types.
842 1999-07-24 Assar Westerlund <assar@sics.se>
846 1999-07-23 Assar Westerlund <assar@sics.se>
848 * appl/kf/kfd.c: clean-up and more paranoia
850 * etc/services.append: add kf
852 * appl/kf/kf.c: rename tk_file to ccache for consistency. clean-up
854 1999-07-22 Assar Westerlund <assar@sics.se>
856 * lib/krb5/n-fold-test.c (main): print the correct data
858 * appl/Makefile.am (SUBDIRS): add kf
860 * appl/kf: new program. From Miroslav Ruda <ruda@ics.muni.cz>
862 * kdc/hprop.c: declare some variables unconditionally to simplify
865 * kpasswd/kpasswdd.c: initialize kadm5 connection for every change
866 (otherwise the modifier in the database doesn't get set)
868 * kdc/hpropd.c: clean-up and re-organize
870 * kdc/hprop.c: clean-up and re-organize
872 * configure.in (SunOS): define to xy for SunOS x.y
874 1999-07-19 Assar Westerlund <assar@sics.se>
876 * configure.in (AC_BROKEN): test for copyhostent, freehostent,
877 getipnodebyaddr, getipnodebyname
879 1999-07-15 Assar Westerlund <assar@sics.se>
881 * lib/asn1/check-der.c: more test cases for integers
883 * lib/asn1/der_length.c (length_int): handle the case of the
884 largest negative integer by not calling abs
886 1999-07-14 Assar Westerlund <assar@sics.se>
888 * lib/asn1/check-der.c (generic_test): check malloc return value
891 * lib/krb5/Makefile.am: add string_to_key_test
893 * lib/krb5/prog_setup.c (krb5_program_setup): always initialize
896 * lib/krb5/n-fold-test.c (main): return a relevant return value
898 * lib/krb5/krbhst.c: do SRV lookups for admin server as well.
901 1999-07-12 Assar Westerlund <assar@sics.se>
903 * configure.in: handle not building X programs
905 1999-07-06 Assar Westerlund <assar@sics.se>
907 * lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
909 (ipv6_sockaddr2port): fix typo
911 * etc/services.append: beginning of a file with services
913 * lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
914 there's no prefix. also clean-up a little bit.
916 * kdc/hprop.c (--kaspecials): new flag for handling special KA
917 server entries. From "Brandon S. Allbery KF8NH"
918 <allbery@kf8nh.apk.net>
920 1999-07-05 Assar Westerlund <assar@sics.se>
922 * kdc/connect.c (handle_tcp): make sure we have data before
923 starting to look for HTTP
925 * kdc/connect.c (handle_tcp): always do getpeername, we can't
926 trust recvfrom to return anything sensible
928 1999-07-04 Assar Westerlund <assar@sics.se>
930 * lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
933 * kpasswd/kpasswdd.c (change): fetch the salt-type from the entry
935 * admin/srvconvert.c (srvconv): better error messages
937 1999-07-03 Assar Westerlund <assar@sics.se>
939 * lib/krb5/principal.c (unparse_name): error check malloc properly
941 * lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
944 * lib/krb5/crypto.c (*): do some malloc return-value checks
947 * lib/hdb/hdb.c (hdb_process_master_key): simplify by using
950 * lib/hdb/hdb.c (hdb_process_master_key): check return value from
953 * lib/asn1/gen_decode.c (decode_type): fix generation of decoding
954 information for TSequenceOf.
956 * kdc/kerberos5.c (get_pa_etype_info): check return value from
959 1999-07-02 Assar Westerlund <assar@sics.se>
961 * lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
962 0 and malloc returns NULL
964 1999-06-29 Assar Westerlund <assar@sics.se>
966 * lib/krb5/addr_families.c (ipv6_parse_addr): implement
968 1999-06-24 Assar Westerlund <assar@sics.se>
970 * lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
973 * lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
975 (krb5_auth_context): add local and remote port
977 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
978 local and remote address and add them to the krb-cred packet
980 * lib/krb5/auth_context.c: save the local and remove ports in the
983 * lib/krb5/address.c (krb5_make_addrport): create an address of
984 type KRB5_ADDRESS_ADDRPORT from (addr, port)
986 * lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
987 grabbing the port number out of the sockaddr
989 1999-06-23 Assar Westerlund <assar@sics.se>
991 * admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
992 increase possible verbosity.
994 * lib/krb5/config_file.c (parse_list): handle blank lines at
997 * kdc/connect.c (add_port_string): don't return a value
999 * lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
1000 cache if the principals are different. close and NULL the old one
1001 so that we create a new one.
1003 * configure.in: move around cgywin et al
1004 (LIB_kdb): set at the end of krb4-block
1005 (krb4): test for krb_enable_debug and krb_disable_debug
1007 1999-06-16 Assar Westerlund <assar@sics.se>
1009 * kuser/kdestroy.c (main): try to destroy v4 ticket even if the
1010 destruction of the v5 one fails
1012 * lib/krb5/crypto.c (DES3_postproc): new version that does the
1014 (*): don't put and recover length in 3DES encoding
1017 1999-06-15 Assar Westerlund <assar@sics.se>
1019 * lib/krb5/get_default_principal.c: rewrite to use
1020 get_default_username
1022 * lib/krb5/Makefile.am: add n-fold-test
1024 * kdc/connect.c: add fallbacks for all lookups by service name
1025 (handle_tcp): break-up and clean-up
1027 1999-06-09 Assar Westerlund <assar@sics.se>
1029 * lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
1030 the loopback address as uninteresting
1032 * lib/krb5/get_addrs.c: new magic flag to get loopback address if
1033 there are no other addresses.
1034 (krb5_get_all_client_addrs): use that flag
1036 1999-06-04 Assar Westerlund <assar@sics.se>
1038 * lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
1040 (checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
1041 (encrypt_internal_derived): don't include the length and don't
1042 decrease by the checksum size twice
1043 (_get_derived_key): the constant should be 5 bytes
1045 1999-06-02 Johan Danielsson <joda@pdc.kth.se>
1047 * configure.in: use KRB_CHECK_X
1049 * configure.in: check for netinet/ip.h
1051 1999-05-31 Assar Westerlund <assar@sics.se>
1053 * kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
1056 1999-05-23 Assar Westerlund <assar@sics.se>
1058 * appl/test/uu_server.c: removed unused stuff
1060 * appl/test/uu_client.c: removed unused stuff
1062 1999-05-21 Assar Westerlund <assar@sics.se>
1064 * kuser/kgetcred.c (main): correct error message
1066 * lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
1067 directly, avoiding redundant lookups and memory leaks
1069 * lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
1070 local and remote addresses
1072 * lib/krb5/get_default_principal.c (get_logname): also try
1075 * lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)
1077 * lib/krb5/principal.c (USE_RESOLVER): try to define only if we
1078 have a libresolv (currently by checking for res_search)
1080 1999-05-18 Johan Danielsson <joda@pdc.kth.se>
1082 * kdc/connect.c (handle_tcp): remove %-escapes in request
1084 1999-05-14 Assar Westerlund <assar@sics.se>
1088 * admin/ktutil.c (kt_remove): -t should be -e
1090 * configure.in (CHECK_NETINET_IP_AND_TCP): use
1092 * kdc/hpropd.c: support for dumping to krb4. From Miroslav Ruda
1095 * admin/ktutil.c (kt_add): new option `--no-salt'. From Miroslav
1096 Ruda <ruda@ics.muni.cz>
1098 * configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
1099 and innetgr with roken versions
1101 * kuser/kgetcred.c: new program
1103 Tue May 11 14:09:33 1999 Johan Danielsson <joda@pdc.kth.se>
1105 * lib/krb5/mcache.c: fix paste-o
1107 1999-05-10 Johan Danielsson <joda@pdc.kth.se>
1109 * configure.in: don't use uname
1111 1999-05-10 Assar Westerlund <assar@sics.se>
1113 * acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
1116 * appl/test/uu_server.c (setsockopt): cast to get rid of a warning
1118 * appl/test/tcp_server.c (setsockopt): cast to get rid of a
1121 * appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
1124 * appl/test/gssapi_server.c (setsockopt): cast to get rid of a
1127 * lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
1128 setting the default ccache.
1130 * configure.in (getsockopt, setsockopt): test for
1131 (AM_INIT_AUTOMAKE): bump version to 0.1g
1133 * appl/Makefile.am (SUBDIRS): add kx
1135 * lib/hdb/convert_db.c (main): handle the case of no master key
1137 1999-05-09 Assar Westerlund <assar@sics.se>
1141 * kuser/kinit.c: add --noaddresses
1143 * lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
1144 empty sit of list as to not ask for any addresses.
1146 1999-05-08 Assar Westerlund <assar@sics.se>
1148 * acconfig.h (_GNU_SOURCE): define this to enable (used)
1149 extensions on glibc-based systems such as linux
1151 1999-05-03 Assar Westerlund <assar@sics.se>
1153 * lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
1154 `*out_creds' properly
1156 * lib/krb5/creds.c (krb5_compare_creds): just verify that the
1157 keytypes/enctypes are compatible, not that they are the same
1159 * kuser/kdestroy.c (cache): const-correctness
1161 1999-05-03 Johan Danielsson <joda@pdc.kth.se>
1163 * lib/hdb/hdb.c (hdb_set_master_key): initialise master key
1166 * lib/hdb/convert_db.c: add support for upgrading database
1169 * kdc/misc.c: add flags to fetch
1171 * kdc/kstash.c: unlink keyfile on failure, chmod to 400
1173 * kdc/hpropd.c: add --print option
1175 * kdc/hprop.c: pass flags to hdb_foreach
1177 * lib/hdb/convert_db.c: add some flags
1179 * lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
1180 build prototype headers
1182 * lib/hdb/hdb_locl.h: update prototypes
1184 * lib/hdb/print.c: move printable version of entry from kadmin
1186 * lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
1187 sealed or not; add flags to hdb_foreach
1189 * lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
1192 * lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey
1194 * lib/hdb/common.c: add flags to _hdb_{fetch,store}
1196 * lib/hdb/hdb.h: add master_key_version to struct hdb, update
1199 * lib/hdb/hdb.asn1: make mkvno optional, update version to 2
1201 * configure.in: --enable-netinfo
1203 * lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO
1205 * config.sub: fix for crays
1207 * config.guess: new version from automake 1.4
1209 * config.sub: new version from automake 1.4
1211 Wed Apr 28 00:21:17 1999 Assar Westerlund <assar@sics.se>
1215 * lib/krb5/mcache.c (mcc_get_next): get the current cursor
1218 * acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
1219 From Ake Sandgren <ake@cs.umu.se>
1221 1999-04-27 Johan Danielsson <joda@pdc.kth.se>
1223 * kdc/kerberos5.c: fix arguments to decrypt_ticket
1225 1999-04-25 Assar Westerlund <assar@sics.se>
1227 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
1228 DCE secd's that are not able to handle MD5 checksums by defaulting
1229 to MD4 if the keytype was DES-CBC-CRC
1231 * lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype
1233 * lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
1236 * lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
1238 (init_tgs_req): add all supported enctypes for the keytype in
1239 `in_creds->session.keytype' if it's set
1241 * lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
1243 (do_checksum): new function
1244 (verify_checksum): take the checksum to use from the checksum message
1245 and not from the crypto struct
1246 (etypes): add F_PSEUDO flags
1247 (krb5_keytype_to_enctypes): new function
1249 * lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
1251 (krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
1252 (krb5_auth_setkeytype, krb5_auth_getkeytype): implement
1253 (krb5_auth_setenctype): comment out, it's rather bogus anyway
1255 Sun Apr 25 16:55:50 1999 Johan Danielsson <joda@pdc.kth.se>
1257 * lib/krb5/krb5_locl.h: fix for stupid aix warnings
1259 * lib/krb5/fcache.c (erase_file): don't malloc
1261 Sat Apr 24 18:35:21 1999 Johan Danielsson <joda@pdc.kth.se>
1263 * kdc/config.c: pass context to krb5_config_file_free
1265 * kuser/kinit.c: add `--fcache-version' to set cache version to
1268 * kuser/klist.c: print cache version if verbose
1270 * lib/krb5/transited.c (krb5_domain_x500_decode): don't abort
1272 * lib/krb5/principal.c: abort -> krb5_abortx
1274 * lib/krb5/mk_rep.c: abort -> krb5_abortx
1276 * lib/krb5/config_file.c: abort -> krb5_abortx
1278 * lib/krb5/context.c (init_context_from_config_file): init
1279 fcache_version; add krb5_{get,set}_fcache_version
1281 * lib/krb5/keytab.c: add support for reading (and writing?) old
1284 * lib/krb5/cache.c: add krb5_cc_get_version
1286 * lib/krb5/fcache.c: add support for reading and writing old
1289 * lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags
1291 * lib/krb5/store_emem.c (krb5_storage_emem): zero flags
1293 * lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags
1295 * lib/krb5/store.c: add flags to change how various fields are
1296 stored, used for old cache version support
1298 * lib/krb5/krb5.h: add support for reading and writing old version
1299 cache files, and keytabs
1301 Wed Apr 21 00:09:26 1999 Assar Westerlund <assar@sics.se>
1303 * configure.in: fix test for readline.h remember to link with
1304 $LIB_tgetent when trying linking with readline
1306 * lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
1307 is given, request a postdated ticket.
1309 * lib/krb5/data.c (krb5_data_free): free data as long as it's not
1312 Tue Apr 20 20:18:14 1999 Assar Westerlund <assar@sics.se>
1314 * kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen
1316 * lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add
1318 * lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
1319 KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
1322 Tue Apr 20 12:42:08 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1324 * kpasswd/kpasswdd.c: don't try to load library by default; get
1325 library and function name from krb5.conf
1327 * kpasswd/sample_passwd_check.c: sample password checking
1330 Mon Apr 19 22:22:19 1999 Assar Westerlund <assar@sics.se>
1332 * lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
1333 krb5_data_alloc and be careful with checking allocation and sizes.
1335 * kuser/klist.c (--tokens): conditionalize on KRB4
1337 * kuser/kinit.c (renew_validate): set all flags
1338 (main): fix cut-n-paste error when setting start-time
1340 * kdc/kerberos5.c (check_tgs_flags): starttime of a validate
1341 ticket should be > than current time
1342 (*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket
1344 * kuser/kinit.c (renew_validate): use the client realm instead of
1345 the local realm when renewing tickets.
1347 * lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
1348 (krb5_get_forwarded_creds): correct freeing of out_creds
1350 * kuser/kinit.c (renew_validate): hopefully fix up freeing of
1353 * configure.in: do all the krb4 tests with "$krb4" != "no"
1355 * lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
1356 keyvalue if it's NULL. noticed by Ake Sandgren <ake@cs.umu.se>
1358 * lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
1359 instead of just taking the first one. fix all callers. From
1360 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
1362 * kdc/kdc_locl.h (enable_kaserver): declaration
1364 * kdc/hprop.c (ka_convert): print the failing principal. AFS 3.4a
1365 creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around. From
1366 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
1368 * kdc/hpropd.c (open_socket): stupid cast to get rid of a warning
1370 * kdc/connect.c (add_standard_ports, process_request): look at
1371 enable_kaserver. From "Brandon S. Allbery KF8NH"
1372 <allbery@kf8nh.apk.net>
1374 * kdc/config.c: new flag --kaserver and config file option
1375 enable-kaserver. From "Brandon S. Allbery KF8NH"
1376 <allbery@kf8nh.apk.net>
1378 Mon Apr 19 12:32:04 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1380 * configure.in: check for dlopen, and dlfcn.h
1382 * kpasswd/kpasswdd.c: add support for dlopen:ing password quality
1385 * configure.in: add appl/su
1387 Sun Apr 18 15:46:53 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1389 * lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
1392 Fri Apr 16 17:58:51 1999 Assar Westerlund <assar@sics.se>
1394 * configure.in: LIB_kdb: -L should be before -lkdb
1395 test for prototype of strsep
1397 Thu Apr 15 11:34:38 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1399 * lib/krb5/Makefile.am: update version
1401 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
1404 * lib/krb5/fcache.c: add some support for reading and writing old
1406 (fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
1409 * lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
1410 initialize host_byteorder
1412 * lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
1415 * lib/krb5/store_emem.c (krb5_storage_emem): initialize
1418 * lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
1419 (krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
1420 check host_byteorder flag; (krb5_store_creds): add;
1421 (krb5_ret_creds): add
1423 * lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
1426 * lib/krb5/heim_err.et: add `host not found' error
1428 * kdc/connect.c: don't use data after clearing decriptor
1430 * lib/krb5/auth_context.c: abort -> krb5_abortx
1432 * lib/krb5/warn.c: add __attribute__; add *abort functions
1434 * configure.in: check for __attribute__
1436 * kdc/connect.c: log bogus requests
1438 Tue Apr 13 18:38:05 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1440 * lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
1443 1999-04-12 Assar Westerlund <assar@sics.se>
1445 * lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit
1447 * lib/krb5/get_cred.c (init_tgs_req): some more error checking
1449 * lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
1452 Sun Apr 11 03:47:23 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1454 * lib/krb5/krb5.conf.5: update to reality
1456 * lib/krb5/krb5_425_conv_principal.3: update to reality
1458 1999-04-11 Assar Westerlund <assar@sics.se>
1460 * lib/krb5/get_host_realm.c: handle more than one realm for a host
1462 * kpasswd/kpasswd.c (main): use krb5_program_setup and
1465 * kdc/string2key.c (main): use krb5_program_setup and
1468 Sun Apr 11 02:35:58 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1470 * lib/krb5/principal.c (krb5_524_conv_principal): make it actually
1471 work, and check built-in list of host-type first-components
1473 * lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm
1475 * lib/krb5/context.c: add srv_* flags to context
1477 * lib/krb5/principal.c: add default v4_name_convert entries
1479 * lib/krb5/krb5.h: add srv_* flags to context
1481 Sat Apr 10 22:52:28 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1483 * kadmin/kadmin.c: complain about un-recognised commands
1485 * admin/ktutil.c: complain about un-recognised commands
1487 Sat Apr 10 15:41:49 1999 Assar Westerlund <assar@sics.se>
1489 * kadmin/load.c (doit): fix error message
1491 * lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
1493 (krb5_get_wrapped_length): new function
1495 * configure.in: security/pam_modules.h: check for
1497 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
1498 around `ret_as_reply' semantics by only freeing it when ret == 0
1500 Fri Apr 9 20:24:04 1999 Assar Westerlund <assar@sics.se>
1502 * kuser/klist.c (print_cred_verbose): handle the case of a bad
1505 * configure.in: test for more header files
1508 Thu Apr 8 15:01:59 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1510 * configure.in: fixes for building w/o krb4
1512 * ltmain.sh: update to libtool 1.2d
1514 * ltconfig: update to libtool 1.2d
1516 Wed Apr 7 23:37:26 1999 Assar Westerlund <assar@sics.se>
1518 * kdc/hpropd.c: fix some error messages to be more understandable.
1520 * kdc/hprop.c (ka_dump): remove unused variables
1522 * appl/test/tcp_server.c: remove unused variables
1524 * appl/test/gssapi_server.c: remove unused variables
1526 * appl/test/gssapi_client.c: remove unused variables
1528 Wed Apr 7 14:05:15 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1530 * lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code
1532 * kuser/klist.c: make it compile w/o krb4
1534 * kuser/kdestroy.c: make it compile w/o krb4
1536 * admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
1539 Mon Apr 5 16:13:46 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1541 * configure.in: test for MIPS ABI; new test_package
1543 Thu Apr 1 11:00:40 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1545 * include/Makefile.am: clean krb5-private.h
1549 * kpasswd/kpasswdd.c (doit): pass context to
1550 krb5_get_all_client_addrs
1552 * kdc/connect.c (init_sockets): pass context to
1553 krb5_get_all_server_addrs
1555 * lib/krb5/get_in_tkt.c (init_as_req): pass context to
1556 krb5_get_all_client_addrs
1558 * lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
1559 krb5_get_all_client_addrs
1561 * lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses
1563 * lib/krb5/krb5.h: add support for adding an extra set of
1566 * lib/krb5/context.c: add support for adding an extra set of
1569 * lib/krb5/addr_families.c: add krb5_parse_address
1571 * lib/krb5/address.c: krb5_append_addresses
1573 * lib/krb5/config_file.c (parse_binding): don't zap everything
1574 after first whitespace
1576 * kuser/kinit.c (renew_validate): don't allocate out
1578 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
1581 * lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
1583 (krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
1586 * lib/krb5/crypto.c (encrypt_internal): free checksum
1588 * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
1591 * kuser/Makefile.am: remove kfoo
1593 * lib/Makefile.am: add auth
1595 * lib/kadm5/iprop.h: getarg.h
1597 * lib/kadm5/replay_log.c: use getarg
1599 * lib/kadm5/ipropd_slave.c: use getarg
1601 * lib/kadm5/ipropd_master.c: use getarg
1603 * lib/kadm5/dump_log.c: use getarg
1605 * kpasswd/kpasswdd.c: use getarg
1607 * Makefile.am.common: make a more working check-local target
1609 * lib/asn1/main.c: use getargs
1611 Mon Mar 29 20:19:57 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1613 * kuser/klist.c (print_cred_verbose): use krb5_print_address
1615 * lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int
1617 * lib/krb5/addr_families.c (krb5_print_address): handle unknown
1618 address types; (ipv6_print_addr): print in 16-bit groups (as it
1621 * lib/krb5/crc.c: crc_{init_table,update} ->
1622 _krb5_crc_{init_table,update}
1624 * lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
1625 crc_{init_table,update} -> _krb5_crc_{init_table,update}
1627 * lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int
1629 * lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int
1631 * lib/krb5/krb5_locl.h: include krb5-private.h
1633 * kdc/connect.c (addr_to_string): use krb5_print_address
1635 * lib/krb5/addr_families.c (krb5_print_address): int -> size_t
1637 * lib/krb5/addr_families.c: add support for printing ipv6
1638 addresses, either with inet_ntop, or ugly for-loop
1640 * kdc/524.c: check that the ticket came from a valid address; use
1641 the address of the connection as the address to put in the v4
1642 ticket (if this address is AF_INET)
1644 * kdc/connect.c: pass addr to do_524
1646 * kdc/kdc_locl.h: prototype for do_524
1648 Sat Mar 27 17:48:31 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1650 * configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
1651 setlim; check for auth modules; siad.h, getpwnam_r;
1652 lib/auth/Makefile, lib/auth/sia/Makefile
1654 * lib/krb5/crypto.c: n_fold -> _krb5_n_fold
1656 * lib/krb5/n-fold.c: n_fold -> _krb5_n_fold
1658 Thu Mar 25 04:35:21 1999 Assar Westerlund <assar@sics.se>
1660 * lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
1663 * lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'
1665 * lib/hdb/ndbm.c (NDBM_destroy): clear master key
1667 * lib/hdb/db.c (DB_destroy): clear master key
1668 (DB_open): check malloc
1670 * kdc/connect.c (init_sockets): free addresses
1672 * kadmin/kadmin.c (main): make code more consistent. always free
1673 configuration information.
1675 * kadmin/init.c (create_random_entry): free the entry
1677 Wed Mar 24 04:02:03 1999 Assar Westerlund <assar@sics.se>
1679 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
1680 re-organize the code to always free `kdc_reply'
1682 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
1685 * lib/krb5/fcache.c (fcc_destroy): don't call fcc_close
1687 * lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'
1689 * lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
1692 * configure.in (db_185.h): check for
1694 * admin/srvcreate.c: new file. contributed by Daniel Kouril
1695 <kouril@informatics.muni.cz>
1697 * admin/ktutil.c: srvcreate: new command
1699 * kuser/klist.c: add support for printing AFS tokens
1701 * kuser/kdestroy.c: add support for destroying v4 tickets and AFS
1702 tokens. based on code by Love <lha@stacken.kth.se>
1704 * kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries
1706 * configure.in: sys/ioccom.h: test for
1708 * kuser/klist.c (main): don't print `no ticket file' with --test.
1709 From: Love <lha@e.kth.se>
1711 * kpasswd/kpasswdd.c (doit): more braces to make gcc happy
1713 * kdc/connect.c (init_socket): get rid of a stupid warning
1715 * include/bits.c (my_strupr): cast away some stupid warnings
1717 Tue Mar 23 14:34:44 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1719 * lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
1722 Tue Mar 23 00:00:45 1999 Assar Westerlund <assar@sics.se>
1724 * lib/kadm5/Makefile.am (install_build_headers): recover from make
1725 rewriting the names of the headers kludge to help solaris make
1727 * lib/krb5/Makefile.am: kludge to help solaris make
1729 * lib/hdb/Makefile.am: kludge to help solaris make
1731 * configure.in (LIB_kdb): make sure there's a -L option in here by
1734 * lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
1737 * configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
1738 remove the `dnl' to work around an automake flaw
1740 Sun Mar 21 15:08:49 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1742 * lib/krb5/get_default_realm.c: char* -> krb5_realm
1744 Sun Mar 21 14:08:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1746 * include/bits.c: <bind/bitypes.h>
1748 * lib/krb5/Makefile.am: create krb5-private.h
1750 Sat Mar 20 00:08:59 1999 Assar Westerlund <assar@sics.se>
1752 * configure.in (gethostname): remove duplicate
1754 Fri Mar 19 14:48:03 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1756 * lib/hdb/Makefile.am: add version-info
1758 * lib/gssapi/Makefile.am: add version-info
1760 * lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
1763 * lib/Makefile.am: add 45
1765 * lib/kadm5/Makefile.am: split in client and server libraries
1766 (breaks shared libraries otherwise)
1768 Thu Mar 18 11:33:30 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1770 * include/kadm5/Makefile.am: clean a lot of header files (since
1771 automake lacks a clean-hook)
1773 * include/Makefile.am: clean a lot of header files (since automake
1776 * lib/kadm5/Makefile.am: fix build-installation of headers
1778 * lib/krb5/Makefile.am: remove include_dir hack
1780 * lib/hdb/Makefile.am: remove include_dir hack
1782 * lib/asn1/Makefile.am: remove include_dir hack
1784 * include/Makefile.am: remove include_dir hack
1786 * doc/whatis.texi: define sub for html
1788 * configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h
1790 * lib/asn1/Makefile.am: der.h
1792 * kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h
1794 * kdc/Makefile.am: remove junk
1796 * kadmin/Makefile.am: sl.a -> sl.la
1798 * appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS
1800 * admin/Makefile.am: sl.a -> sl.la
1802 * configure.in: condition KRB5; AC_CHECK_XAU
1804 * Makefile.am: include Makefile.am.common
1806 * include/kadm5/Makefile.am: include Makefile.am.common; don't
1807 install headers from here
1809 * include/Makefile.am: include Makefile.am.common; don't install
1812 * doc/Makefile.am: include Makefile.am.common
1814 * lib/krb5/Makefile.am: include Makefile.am.common
1816 * lib/kadm5/Makefile.am: include Makefile.am.common
1818 * lib/hdb/Makefile.am: include Makefile.am.common
1820 * lib/gssapi/Makefile.am: include Makefile.am.common
1822 * lib/asn1/Makefile.am: include Makefile.am.common
1824 * lib/Makefile.am: include Makefile.am.common
1826 * lib/45/Makefile.am: include Makefile.am.common
1828 * kuser/Makefile.am: include Makefile.am.common
1830 * kpasswd/Makefile.am: include Makefile.am.common
1832 * kdc/Makefile.am: include Makefile.am.common
1834 * kadmin/Makefile.am: include Makefile.am.common
1836 * appl/test/Makefile.am: include Makefile.am.common
1838 * appl/afsutil/Makefile.am: include Makefile.am.common
1840 * appl/Makefile.am: include Makefile.am.common
1842 * admin/Makefile.am: include Makefile.am.common
1844 Wed Mar 17 03:04:38 1999 Assar Westerlund <assar@sics.se>
1846 * lib/krb5/store.c (krb5_store_stringz): braces fix
1848 * lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix
1850 * lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix
1852 * kdc/connect.c (loop): braces fix
1854 * lib/krb5/config_file.c: cast to unsigned char to make is* happy
1856 * lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy
1858 * lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
1861 * kadmin/util.c (timeval2str): more braces to make gcc happy
1863 * kadmin/load.c: cast in is* to get rid of stupid warning
1865 * kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
1868 * kdc/kaserver.c: malloc checks and fixes
1870 * lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
1871 dot (if any) when looking up realms.
1873 Fri Mar 12 13:57:56 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1875 * lib/krb5/get_host_realm.c: add dns support
1877 * lib/krb5/set_default_realm.c: use krb5_free_host_realm
1879 * lib/krb5/free_host_realm.c: check for NULL realmlist
1881 * lib/krb5/context.c: don't print warning if there is no krb5.conf
1883 Wed Mar 10 19:29:46 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1885 * configure.in: use AC_WFLAGS
1887 Mon Mar 8 11:49:43 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1891 * kuser/klist.c: use print_version
1893 * kuser/kdestroy.c: use print_version
1895 * kdc/hpropd.c: use print_version
1897 * kdc/hprop.c: use print_version
1899 * kdc/config.c: use print_version
1901 * kadmin/kadmind.c: use print_version
1903 * kadmin/kadmin.c: use print_version
1905 * appl/test/common.c: use print_version
1907 * appl/afsutil/afslog.c: use print_version
1909 Mon Mar 1 10:49:14 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1911 * lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
1912 HAVE_STRUCT_SOCKADDR_SA_LEN
1914 * configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13
1916 Sun Feb 28 18:19:20 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1918 * lib/asn1/gen.c: make `BIT STRING's unsigned
1920 * lib/asn1/{symbol.h,gen.c}: add TUInteger type
1922 * lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
1923 krb5_get_init_creds_password
1925 * lib/krb5/fcache.c (fcc_gen_new): implement
1927 Sat Feb 27 22:41:23 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1929 * doc/install.texi: krb4 is now automatically detected
1931 * doc/misc.texi: update procedure to set supported encryption
1934 * doc/setup.texi: change some silly wordings
1936 Sat Feb 27 22:17:30 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1938 * lib/krb5/keytab.c (fkt_remove_entry): make this work
1940 * admin/ktutil.c: add minimally working `get' command
1942 Sat Feb 27 19:44:49 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1944 * lib/hdb/convert_db.c: more typos
1946 * include/Makefile.am: remove EXTRA_DATA (as of autoconf
1949 * appl/Makefile.am: OTP_dir
1951 Fri Feb 26 17:37:00 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1953 * doc/setup.texi: add kadmin section
1955 * lib/asn1/check-der.c: fix printf warnings
1957 Thu Feb 25 11:16:49 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1959 * configure.in: -O does not belong in WFLAGS
1961 Thu Feb 25 11:05:57 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1963 * lib/asn1/der_put.c: fix der_put_int
1965 Tue Feb 23 20:35:12 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1967 * configure.in: use AC_BROKEN_GLOB
1969 Mon Feb 22 15:12:44 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1971 * configure.in: check for glob
1973 Mon Feb 22 11:32:42 1999 Johan Danielsson <joda@hella.pdc.kth.se>
1977 Sat Feb 20 15:48:06 1999 Johan Danielsson <joda@blubb.pdc.kth.se>
1979 * lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
1982 * lib/krb5/crypto.c (DES3_string_to_key): make this actually do
1983 what the draft said it should
1985 * lib/hdb/convert_db.c: little program for database conversion
1987 * lib/hdb/db.c (DB_open): try to open database w/o .db extension
1989 * lib/hdb/ndbm.c (NDBM_open): add test for database format
1991 * lib/hdb/db.c (DB_open): add test for database format
1993 * lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
1996 * lib/hdb/hdb.c: change `hdb_set_master_key' to take an
1997 EncryptionKey, and add a new function `hdb_set_master_keyfile' to
1998 do what `hdb_set_master_key' used to do
2000 * kdc/kstash.c: add `--convert-file' option to change keytype of
2001 existing master key file
2003 Fri Feb 19 07:04:14 1999 Assar Westerlund <assar@squid.pdc.kth.se>
2007 Sat Feb 13 17:12:53 1999 Assar Westerlund <assar@sics.se>
2009 * lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
2012 * lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'
2014 * lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
2017 (krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
2018 RSA_MD5_DES3_verify): initialize ret
2020 * lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
2021 gssapi_krb5_init. ask for KEYTYPE_DES credentials
2023 * kadmin/get.c (print_entry_long): print the keytypes and salts
2024 available for the principal
2026 * configure.in (WFLAGS): add `-O' to catch unitialized variables
2028 (gethostname, mkstemp, getusershell, inet_aton): more tests
2030 * lib/hdb/hdb.h: update prototypes
2032 * configure.in: homogenize broken detection with krb4
2034 * lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
2037 * lib/asn1/Makefile.am (check-der): add
2039 * lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
2042 * lib/asn1/der_length.c (length_unsigned): new function
2043 (length_int): handle signed integers
2045 * lib/asn1/der_put.c (der_put_unsigned): new function
2046 (der_put_int): handle signed integers
2048 * lib/asn1/der_get.c (der_get_unsigned): new function
2049 (der_get_int): handle signed integers
2051 * lib/asn1/der.h: all integer functions take `int' instead of
2054 * lib/asn1/lex.l (filename): unused. remove.
2056 * lib/asn1/check-der.c: new test program for der encoding and
2059 Mon Feb 1 04:09:06 1999 Assar Westerlund <assar@sics.se>
2061 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
2062 gethostbyname2 with AF_INET6 if we actually have IPv6. From
2063 "Brandon S. Allbery KF8NH" <allbery@kf8nh.apk.net>
2065 * lib/krb5/changepw.c (get_kdc_address): dito
2067 Sun Jan 31 06:26:36 1999 Assar Westerlund <assar@sics.se>
2069 * kdc/connect.c (parse_prots): always bind to AF_INET, there are
2070 v6-implementations without support for `mapped V4 addresses'.
2071 From Jun-ichiro itojun Hagino <itojun@kame.net>
2073 Sat Jan 30 22:38:27 1999 Assar Westerlund <assar@juguete.sics.se>
2077 Sat Jan 30 13:43:02 1999 Assar Westerlund <assar@sics.se>
2079 * lib/krb5/Makefile.am: explicit rules for *.et files
2081 * lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
2082 krb5_get_credentials was succesful.
2083 (get_new_cache): return better error codes and return earlier.
2084 (get_cred_cache): only delete default_client if it's different
2086 (kadm5_c_init_with_context): return a more descriptive error.
2088 * kdc/kerberos5.c (check_flags): handle NULL client or server
2090 * lib/krb5/sendauth.c (krb5_sendauth): return the error in
2091 `ret_error' iff != NULL
2093 * lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
2096 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
2099 * lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR
2101 * lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use
2103 * lib/krb5/get_cred.c: KRB5_TGS_NAME: use
2105 * lib/kafs/afskrb5.c (afslog_uid_int): update to changes
2107 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
2108 instead of rename, but shouldn't this just call rename?
2110 * lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
2111 error if the principal wasn't found.
2113 * lib/hdb/ndbm.c (NDBM_seq): unseal key
2115 * lib/hdb/db.c (DB_seq): unseal key
2117 * lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]
2119 * kdc/hprop.c (v4_prop): add krbtgt/THISREALM@OTHERREALM when
2120 finding cross-realm tgts in the v4 database
2122 * kadmin/mod.c (mod_entry): check the number of arguments. check
2123 that kadm5_get_principal worked.
2125 * lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
2126 we weren't able to remove it.
2128 * admin/ktutil.c: less drive-by-deleting. From Love
2131 * kdc/connect.c (parse_ports): copy the string before mishandling
2134 * kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
2137 * kadmin/kadmind.c (main): convert `debug_port' to network byte
2140 * kadmin/kadmin.c: allow specification of port number.
2142 * lib/kadm5/kadm5_locl.h (kadm5_client_context): add
2145 * lib/kadm5/init_c.c (_kadm5_c_init_context): move up
2146 initalize_kadm5_error_table_r.
2147 allow specification of port number.
2149 From Love <lha@stacken.kth.se>
2151 * kuser/klist.c: add option -t | --test
2153 Sat Dec 5 19:49:34 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2155 * lib/krb5/context.c: remove ktype_is_etype
2157 * lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE
2159 * configure.in: fix for AIX install; better tests for AIX dynamic
2160 AFS libs; `--enable-new-des3-code'
2162 Tue Dec 1 14:44:44 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2164 * appl/afsutil/Makefile.am: link with extra libs for aix
2166 * kuser/Makefile.am: link with extra libs for aix
2168 Sun Nov 29 01:56:21 1998 Assar Westerlund <assar@sics.se>
2170 * lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add. almost
2171 the same as krb5_get_all_client_addrs except that it includes
2174 * kdc/connect.c (init_socket): bind to a particular address
2175 (init_sockets): get all local addresses and bind to them all
2177 * lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
2179 (find_af, find_atype): new functions. use them.
2181 * configure.in: add hesiod
2183 Wed Nov 25 11:37:48 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2185 * lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03
2187 Mon Nov 23 12:53:48 1998 Assar Westerlund <assar@sics.se>
2189 * lib/kadm5/log.c: rename delete -> remove
2191 * lib/kadm5/delete_s.c: rename delete -> remove
2193 * lib/hdb/common.c: rename delete -> remove
2195 Sun Nov 22 12:26:26 1998 Assar Westerlund <assar@sics.se>
2197 * configure.in: check for environ and `struct spwd'
2199 Sun Nov 22 11:42:45 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2201 * kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
2204 * lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
2208 Sun Nov 22 06:54:48 1998 Assar Westerlund <assar@sics.se>
2210 * lib/krb5/init_creds_pw.c: more type correctness
2212 * lib/krb5/get_cred.c: re-structure code. remove limits on ASN1
2215 Sun Nov 22 01:49:50 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2217 * kdc/hprop.c (v4_prop): fix bogus indexing
2219 Sat Nov 21 21:39:20 1998 Assar Westerlund <assar@sics.se>
2221 * lib/krb5/verify_init.c (fail_verify_is_ok): new function
2222 (krb5_verify_init_creds): if we cannot get a ticket for
2223 host/`hostname` and fail_verify_is_ok just return. use
2226 Sat Nov 21 23:12:27 1998 Assar Westerlund <assar@sics.se>
2228 * lib/krb5/free.c (krb5_xfree): new function
2230 * lib/krb5/creds.c (krb5_free_creds_contents): new function
2232 * lib/krb5/context.c: more type correctness
2234 * lib/krb5/checksum.c: more type correctness
2236 * lib/krb5/auth_context.c (krb5_auth_con_init): more type
2239 * lib/asn1/der_get.c (der_get_length): fix test of len
2240 (der_get_tag): more type correctness
2242 * kuser/klist.c (usage): void-ize
2244 * admin/ktutil.c (kt_remove): some more type correctness.
2246 Sat Nov 21 16:49:20 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2248 * kuser/klist.c: try to list enctypes as keytypes
2250 * kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
2251 to set list of enctypes to use
2253 * kadmin/load.c: load strings as hex
2255 * kadmin/dump.c: dump hex as string is possible
2257 * admin/ktutil.c: use print_version()
2259 * configure.in, acconfig.h: test for hesiod
2261 Sun Nov 15 17:28:19 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2263 * lib/krb5/crypto.c: add some crypto debug code
2265 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
2266 buffer when encoding ticket
2268 * lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'
2270 * kdc/kerberos5.c: allow mis-match of tgt session key, and service
2273 * admin/ktutil.c: keytype -> enctype
2275 Fri Nov 13 05:35:48 1998 Assar Westerlund <assar@sics.se>
2277 * lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
2279 Sat Nov 7 19:56:31 1998 Assar Westerlund <assar@sics.se>
2281 * lib/krb5/get_cred.c (add_cred): add termination NULL pointer
2283 Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se>
2285 * lib/krb5/rd_req.c: adapt to new crypto api
2287 * lib/krb5/rd_rep.c: adapt to new crypto api
2289 * lib/krb5/rd_priv.c: adopt to new crypto api
2291 * lib/krb5/rd_cred.c: adopt to new crypto api
2293 * lib/krb5/principal.c: ENOMEM -> ERANGE
2295 * lib/krb5/mk_safe.c: cleanup and adopt to new crypto api
2297 * lib/krb5/mk_req_ext.c: adopt to new crypto api
2299 * lib/krb5/mk_req.c: get enctype from auth_context keyblock
2301 * lib/krb5/mk_rep.c: cleanup and adopt to new crypto api
2303 * lib/krb5/mk_priv.c: adopt to new crypto api
2305 * lib/krb5/keytab.c: adopt to new crypto api
2307 * lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api
2309 * lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api
2311 * lib/krb5/get_in_tkt_pw.c: adopt to new crypto api
2313 * lib/krb5/get_in_tkt.c: adopt to new crypto api
2315 * lib/krb5/get_cred.c: adopt to new crypto api
2317 * lib/krb5/generate_subkey.c: use new crypto api
2319 * lib/krb5/context.c: rename etype functions to enctype ditto
2321 * lib/krb5/build_auth.c: use new crypto api
2323 * lib/krb5/auth_context.c: remove enctype and cksumtype from
2326 Mon Nov 2 01:15:06 1998 Assar Westerlund <assar@sics.se>
2328 * kdc/connect.c (handle_udp, handle_tcp): correct type of `n'
2330 Tue Sep 15 18:41:38 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2332 * admin/ktutil.c: fix printing of unrecognized keytypes
2334 Tue Sep 15 17:02:33 1998 Johan Danielsson <joda@hella.pdc.kth.se>
2336 * lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
2339 Tue Aug 25 23:30:52 1998 Assar Westerlund <assar@sics.se>
2341 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
2344 * lib/krb5/changepw.c (get_kdc_address): use
2345 krb5_get_krb_admin_hst
2347 * lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function
2349 * lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'
2351 * lib/krb5/context.c (krb5_get_use_admin_kdc,
2352 krb5_set_use_admin_kdc): new functions
2354 Tue Aug 18 22:24:12 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2356 * lib/krb5/crypto.c: remove all calls to abort(); check return
2357 value from _key_schedule;
2358 (RSA_MD[45]_DES_verify): zero tmp and res;
2359 (RSA_MD5_DES3_{verify,checksum}): implement
2361 Mon Aug 17 20:18:46 1998 Assar Westerlund <assar@sics.se>
2363 * kdc/kerberos4.c (swap32): conditionalize
2365 * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function
2367 * lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
2368 returned from gethostby*() isn't a FQDN, try with the original
2371 * lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
2372 and correct key usage
2374 * lib/krb5/crypto.c (verify_checksum): make static
2376 * admin/ktutil.c (kt_list): use krb5_enctype_to_string
2378 Sun Aug 16 20:57:56 1998 Assar Westerlund <assar@sics.se>
2380 * kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt
2382 * kadmin/ank.c (ank): print principal name in prompt
2384 * lib/krb5/crypto.c (hmac): always allocate space for checksum.
2385 never trust c.checksum.length
2386 (_get_derived_key): try to return the derived key
2388 Sun Aug 16 19:48:42 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2390 * lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
2391 (get_checksum_key): assume usage is `formatted'
2392 (create_checksum,verify_checksum): moved the guts of the krb5_*
2393 functions here, both take `formatted' key-usages
2394 (encrypt_internal_derived): fix various bogosities
2395 (derive_key): drop key_type parameter (already given by the
2398 * kdc/kerberos5.c (check_flags): handle case where client is NULL
2400 * kdc/connect.c (process_request): return zero after processing
2403 Sun Aug 16 18:38:15 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2405 * lib/krb5/crypto.c: merge x-*.[ch] into one file
2407 * lib/krb5/cache.c: remove residual from krb5_ccache_data
2409 Fri Aug 14 16:28:23 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2411 * lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
2412 separate function (will eventually end up someplace else)
2414 * lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key
2416 * configure.in, acconfig.h: test for four valued krb_put_int
2418 Thu Aug 13 23:46:29 1998 Assar Westerlund <assar@emma.pdc.kth.se>
2422 Thu Aug 13 22:40:17 1998 Assar Westerlund <assar@sics.se>
2424 * lib/krb5/config_file.c (parse_binding): remove trailing
2427 Wed Aug 12 20:15:11 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2429 * lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
2430 to krb5_create_checksum
2432 * lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
2435 Wed Aug 5 12:39:54 1998 Assar Westerlund <assar@emma.pdc.kth.se>
2439 Thu Jul 30 23:12:17 1998 Assar Westerlund <assar@sics.se>
2441 * lib/krb5/mk_error.c (krb5_mk_error): realloc until you die
2443 Thu Jul 23 19:49:03 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2445 * kdc/kdc_locl.h: proto for `get_des_key'
2447 * configure.in: test for four valued el_init
2449 * kuser/klist.c: keytype -> enctype
2451 * kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'
2453 * kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys
2455 * kdc/kaserver.c: use `get_des_key'
2457 * kdc/524.c: use new crypto api
2459 * kdc/kerberos4.c: use new crypto api
2461 * kdc/kerberos5.c: always treat keytypes as enctypes; use new
2464 * kdc/kstash.c: adapt to new crypto api
2466 * kdc/string2key.c: adapt to new crypto api
2468 * admin/srvconvert.c: add keys for all possible enctypes
2470 * admin/ktutil.c: keytype -> enctype
2472 * lib/gssapi/init_sec_context.c: get enctype from auth_context
2475 * lib/hdb/hdb.c: remove hdb_*_keytype2key
2477 * lib/kadm5/set_keys.c: adapt to new crypto api
2479 * lib/kadm5/rename_s.c: adapt to new crypto api
2481 * lib/kadm5/get_s.c: adapt to new crypto api
2483 * lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
2484 des-cbc-md5, and des3-cbc-sha1
2486 * lib/krb5/heim_err.et: error message for unsupported salt
2488 * lib/krb5/codec.c: short-circuit these functions, since they are
2491 * lib/krb5/rd_safe.c: cleanup and adapt to new crypto api
2493 Mon Jul 13 23:00:59 1998 Assar Westerlund <assar@sics.se>
2495 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
2496 hostent->h_addr_list, use a copy instead
2498 Mon Jul 13 15:00:31 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2500 * lib/krb5/config_file.c (parse_binding, parse_section): make sure
2501 everything is ok before adding to linked list
2503 * lib/krb5/config_file.c: skip ws before checking for comment
2505 Wed Jul 8 10:45:45 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2507 * lib/asn1/k5.asn1: hmac-sha1-des3 = 12
2509 Tue Jun 30 18:08:05 1998 Assar Westerlund <assar@sics.se>
2511 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
2514 * lib/krb5/mk_priv.c: realloc correctly
2516 * lib/krb5/get_addrs.c (find_all_addresses): init j
2518 * lib/krb5/context.c (krb5_init_context): print error if parsing
2519 of config file produced an error.
2521 * lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
2524 * lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
2525 krb5_encode_ETYPE_INFO): initialize `ret'
2527 * lib/krb5/build_auth.c (krb5_build_authenticator): realloc
2530 * lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'
2532 * lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
2535 * kuser/kinit.c (main): initialize `ticket_life'
2537 * kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
2538 (tgs_rep2): initialize `krbtgt'
2540 * kdc/connect.c (do_request): check for errors from `sendto'
2542 * kdc/524.c (do_524): initialize `ret'
2544 * kadmin/util.c (foreach_principal): don't clobber `ret'
2546 * kadmin/del.c (del_entry): don't apply on zeroth argument
2548 * kadmin/cpw.c (do_cpw_entry): initialize `ret'
2550 Sat Jun 13 04:14:01 1998 Assar Westerlund <assar@juguete.sics.se>
2554 Sun Jun 7 04:13:14 1998 Assar Westerlund <assar@sics.se>
2556 * lib/krb5/addr_families.c: fall-back definition of
2559 * configure.in: only set CFLAGS if it wasn't set look for
2560 dn_expand and res_search
2562 Mon Jun 1 21:28:07 1998 Assar Westerlund <assar@sics.se>
2564 * configure.in: remove duplicate seteuid
2566 Sat May 30 00:19:51 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2568 * lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
2569 runtime dependencies on libkrb with some shared library
2572 Fri May 29 00:09:02 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2574 * kuser/kinit_options.c: Default options for kinit.
2576 * kuser/kauth_options.c: Default options for kauth.
2578 * kuser/kinit.c: Implement lots a new options.
2580 * kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
2581 is not NULL; set endtime to min of new starttime + old_life, and
2584 * lib/krb5/init_creds_pw.c (get_init_creds_common): if the
2585 forwardable or proxiable flags are set in options, set the
2586 kdc-flags to the value specified, and not always to one
2588 Thu May 28 21:28:06 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2590 * kdc/kerberos5.c: Optionally compare client address to addresses
2593 * kdc/connect.c: Pass client address to as_rep() and tgs_rep().
2595 * kdc/config.c: Add check_ticket_addresses, and
2596 allow_null_ticket_addresses variables.
2598 Tue May 26 14:03:42 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2600 * lib/kadm5/create_s.c: possibly make DES keys version 4 salted
2602 * lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
2603 before zapping version 4 salts
2605 Sun May 24 05:22:17 1998 Assar Westerlund <assar@sics.se>
2609 * lib/krb5/aname_to_localname.c: new file
2611 * lib/gssapi/init_sec_context.c (repl_mutual): no output token
2613 * lib/gssapi/display_name.c (gss_display_name): zero terminate
2616 Sat May 23 19:11:07 1998 Assar Westerlund <assar@sics.se>
2618 * lib/gssapi/display_status.c: new file
2620 * Makefile.am: send -I to aclocal
2622 * configure.in: remove duplicate setenv
2624 Sat May 23 04:55:19 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2626 * kadmin/util.c (foreach_principal): Check for expression before
2627 wading through the whole database.
2629 * kadmin/kadmin.c: Pass NULL password to
2630 kadm5_*_init_with_password.
2632 * lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
2633 of `password' parameter to init_with_password.
2635 * lib/kadm5/init_s.c: implement init_with_{skey,creds}*
2637 * lib/kadm5/server.c: Better arguments for
2638 kadm5_init_with_password.
2640 Sat May 16 07:10:36 1998 Assar Westerlund <assar@sics.se>
2642 * kdc/hprop.c: conditionalize ka-server reading support on
2645 * configure.in: new option `--enable-kaserver-db'
2647 Fri May 15 19:39:18 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2649 * lib/krb5/get_cred.c: Better error if local tgt couldn't be
2652 Tue May 12 21:11:02 1998 Assar Westerlund <assar@sics.se>
2656 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
2657 encryption type in auth_context if it's compatible with the type
2660 Mon May 11 21:11:14 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2662 * kdc/hprop.c: add support for ka-server databases
2664 * appl/ftp/ftpd: link with -lcrypt, if needed
2666 Fri May 1 07:29:52 1998 Assar Westerlund <assar@sics.se>
2668 * configure.in: don't test for winsock.h
2670 Sat Apr 18 21:43:11 1998 Johan Danielsson <joda@puffer.pdc.kth.se>
2674 Sat Apr 18 00:31:11 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2676 * lib/krb5/sock_principal.c: Save hostname.
2678 Sun Apr 5 11:29:45 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2680 * lib/krb5/mk_req_ext.c: Use same enctype as in ticket.
2682 * kdc/hprop.c (v4_prop): Check for null key.
2684 Fri Apr 3 03:54:54 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
2686 * lib/krb5/str2key.c: Fix DES3 string-to-key.
2688 * lib/krb5/keytab.c: Get default keytab name from context.
2690 * lib/krb5/context.c: Get `default_keytab_name' value.
2692 * kadmin/util.c (foreach_principal): Print error message if
2693 `kadm5_get_principals' fails.
2695 * kadmin/kadmind.c: Use `kadmind_loop'.
2697 * lib/kadm5/server.c: Replace several other functions with
2700 Sat Mar 28 09:49:18 1998 Assar Westerlund <assar@sics.se>
2702 * lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
2705 * configure.in: generate ftp Makefiles
2707 * kuser/klist.c (print_cred_verbose): print IPv4-address in a
2710 * admin/srvconvert.c (srvconv): return 0 if successful
2712 Tue Mar 24 00:40:33 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2714 * lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
2715 keytab entries, and change default keytab to `/etc/krb5.keytab'.
2717 Mon Mar 23 23:43:59 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2719 * lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.
2721 * lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
2722 Fix bug in checking of pad.
2724 * lib/gssapi/{un,}wrap.c: Add support for just integrity
2727 * lib/gssapi/accept_sec_context.c: Use
2728 `gssapi_krb5_verify_8003_checksum'.
2730 * lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.
2732 * lib/gssapi/init_sec_context.c: Zero cred, and store session key
2733 properly in auth-context.
2735 Sun Mar 22 00:47:22 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2737 * lib/kadm5/delete_s.c: Check immutable bit.
2739 * kadmin/kadmin.c: Pass client name to kadm5_init.
2741 * lib/kadm5/init_c.c: Get creds for client name passed in.
2743 * kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.
2745 Sat Mar 21 22:57:13 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2747 * lib/krb5/mk_error.c: Verify that error_code is in the range
2750 * kdc/kerberos5.c: Move checking of principal flags to new
2751 function `check_flags'.
2753 Sat Mar 21 14:38:51 1998 Assar Westerlund <assar@sics.se>
2755 * lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt
2757 * configure.in: define SunOS if running solaris
2759 Sat Mar 21 00:26:34 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2761 * lib/kadm5/server.c: Unifdef test for same principal when
2764 * kadmin/util.c: If kadm5_get_principals failes, we might still be
2765 able to perform the requested opreration (for instance someone if
2766 trying to change his own password).
2768 * lib/kadm5/init_c.c: Try to get ticket via initial request, if
2769 not possible via tgt.
2771 * lib/kadm5/server.c: Check for principals changing their own
2774 * kdc/kerberos5.c (tgs_rep2): check for interesting flags on
2775 involved principals.
2777 * kadmin/util.c: Fix order of flags.
2779 Thu Mar 19 16:54:10 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2781 * kdc/kerberos4.c: Return sane error code if krb_rd_req fails.
2783 Wed Mar 18 17:11:47 1998 Assar Westerlund <assar@sics.se>
2785 * acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
2787 Wed Mar 18 09:58:18 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2789 * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
2790 free keyseed; use correct keytab
2792 Tue Mar 10 09:56:16 1998 Assar Westerlund <assar@sics.se>
2794 * acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives
2796 Mon Mar 16 23:58:23 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2800 Fri Mar 6 00:41:30 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2802 * lib/gssapi/{accept_sec_context,release_cred}.c: Use
2803 krb5_kt_close/krb5_kt_resolve.
2805 * lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
2806 to lookup hosts, so CNAMEs can be ignored.
2808 * lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
2809 Add support for using proxy.
2811 * lib/krb5/context.c: Initialize `http_proxy' from
2812 `libdefaults/http_proxy'.
2814 * lib/krb5/krb5.h: Add `http_proxy' to context.
2816 * lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
2819 Wed Mar 4 01:47:29 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2821 * admin/ktutil.c: Implement `add' and `remove' functions. Make
2822 `--keytab' a global option.
2824 * lib/krb5/keytab.c: Implement remove with files. Add memory
2827 Tue Mar 3 20:09:59 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2829 * lib/krb5/keytab.c: Use function pointers.
2831 * admin: Remove kdb_edit.
2833 Sun Mar 1 03:28:42 1998 Assar Westerlund <assar@sics.se>
2835 * lib/kadm5/dump_log.c: print operation names
2837 Sun Mar 1 03:04:12 1998 Assar Westerlund <assar@sics.se>
2839 * configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}
2841 * lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
2842 remove arbitrary limit
2844 * kdc/hprop-common.c: use krb5_{read,write}_message
2846 * lib/kadm5/ipropd_master.c (send_diffs): more careful use
2847 krb5_{write,read}_message
2849 * lib/kadm5/ipropd_slave.c (get_creds): get credentials for
2850 `iprop/master' directly.
2851 (main): use `krb5_read_message'
2853 Sun Mar 1 02:05:11 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2855 * kadmin/kadmin.c: Cleanup commands list, and add help strings.
2857 * kadmin/get.c: Add long, short, and terse (equivalent to `list')
2858 output formats. Short is the default.
2860 * kadmin/util.c: Add `include_time' flag to timeval2str.
2862 * kadmin/init.c: Max-life and max-renew can, infact, be zero.
2864 * kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.
2866 * kadmin/util.c: Add function `foreach_principal', that loops over
2867 all principals matching an expression.
2869 * kadmin/kadmin.c: Add usage string to `privileges'.
2871 * lib/kadm5/get_princs_s.c: Also try to match aganist the
2872 expression appended with `@default-realm'.
2874 * lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
2875 excludes the realm if it's the same as the default realm.
2877 Fri Feb 27 05:02:21 1998 Assar Westerlund <assar@sics.se>
2879 * configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
2880 headers and functions error -> com_err
2882 (krb5_get_init_creds_keytab): use krb5_keytab_key_proc
2884 * lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
2887 * lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'
2889 * lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.
2891 Fri Feb 27 04:49:24 1998 Assar Westerlund <assar@sics.se>
2893 * lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
2894 This should be fixed the correct way.
2896 * lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
2897 (send_diffs): compare versions correctly
2898 (main): reorder handling of events
2900 * lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion
2902 Thu Feb 26 02:22:35 1998 Assar Westerlund <assar@sics.se>
2904 * lib/kadm5/ipropd_{slave,master}.c: new files
2906 * lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
2909 * lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
2912 * aux/make-proto.pl: Should work with perl4
2914 Mon Feb 16 17:20:22 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2916 * lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
2919 Thu Feb 12 03:28:40 1998 Assar Westerlund <assar@sics.se>
2921 * lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
2922 is larger than max_skew, return KRB5KRB_AP_ERR_SKEW
2924 * lib/kadm5/log.c (get_version): globalize
2926 * lib/kadm5/kadm5_locl.h: include <sys/file.h>
2928 * lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY
2930 * kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
2931 initializing local struct in declaration.
2933 Sat Jan 31 17:28:58 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2935 * kdc/524.c: Use krb5_decode_EncTicketPart.
2937 * kdc/kerberos5.c: Check at runtime whether to use enctypes
2938 instead of keytypes. If so use the same value to encrypt ticket,
2939 and kdc-rep as well as `keytype' for session key. Fix some obvious
2940 bugs with the handling of additional tickets.
2942 * lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
2943 krb5_decode_Authenticator.
2945 * lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.
2947 * lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.
2949 * lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
2950 type, and not a key type. Use krb5_encode_EncAPRepPart.
2952 * lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.
2954 * lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.
2956 * lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.
2958 * lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.
2960 * lib/krb5/build_auth.c: Use krb5_encode_Authenticator.
2962 * lib/krb5/codec.c: Enctype conversion stuff.
2964 * lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
2965 setuid. Get configuration for libdefaults ktype_is_etype, and
2968 * lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
2969 krb5_convert_etype to krb5_decode_keytype, and add
2970 krb5_decode_keyblock.
2972 Fri Jan 23 00:32:09 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2974 * lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.
2976 * lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
2977 from protocol keytypes (that really are enctypes) to internal
2980 Thu Jan 22 21:24:36 1998 Johan Danielsson <joda@emma.pdc.kth.se>
2982 * lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
2983 on keys in the database; and also a new `pa-key-info' padata-type.
2985 * kdc/kerberos5.c: If pre-authentication fails, return a list of
2986 keytypes, salttypes, and salts.
2988 * lib/krb5/init_creds_pw.c: Add better support for
2989 pre-authentication, by looking at hints from the KDC.
2991 * lib/krb5/get_in_tkt.c: Add better support for specifying what
2992 pre-authentication to use.
2994 * lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
2997 * lib/krb5/krb5.h: Add pre-authentication structures.
2999 * kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.
3001 Wed Jan 21 06:20:40 1998 Assar Westerlund <assar@sics.se>
3003 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
3004 `log_context.socket_name' and `log_context.socket_fd'
3006 * lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
3007 to inform the possible running ipropd of an update.
3009 Wed Jan 21 01:34:09 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3011 * lib/krb5/get_in_tkt.c: Return error-packet to caller.
3013 * lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.
3015 * kdc/kerberos5.c: Add some support for using enctypes instead of
3018 * lib/krb5/get_cred.c: Fixes to send authorization-data to the
3021 * lib/krb5/build_auth.c: Only generate local subkey if there is
3024 * lib/krb5/krb5.h: Add krb5_authdata type.
3026 * lib/krb5/auth_context.c: Add
3027 krb5_auth_con_set{,localsub,remotesub}key.
3029 * lib/krb5/init_creds_pw.c: Return some error if prompter
3030 functions return failure.
3032 Wed Jan 21 01:16:13 1998 Assar Westerlund <assar@sics.se>
3034 * kpasswd/kpasswd.c: detect bad password. use krb5_err.
3036 * kadmin/util.c (edit_entry): remove unused variables
3038 Tue Jan 20 22:58:31 1998 Assar Westerlund <assar@sics.se>
3040 * kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.
3042 * lib/kadm5/kadm5_locl.h: add kadm5_log_context and
3043 kadm5_log*-functions
3045 * lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
3048 * lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
3051 * lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
3054 * lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
3057 * lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
3060 * lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
3063 * lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
3066 * lib/kadm5/Makefile.am: add log.c, dump_log and replay_log
3068 * lib/kadm5/replay_log.c: new file
3070 * lib/kadm5/dump_log.c: new file
3072 * lib/kadm5/log.c: new file
3074 * lib/krb5/str2key.c (get_str): initialize pad space to zero
3076 * lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL
3078 * kpasswd/kpasswdd.c: rewritten to use the kadm5 API
3080 * kpasswd/Makefile.am: link with kadm5srv
3082 * kdc/kerberos5.c (tgs_rep): initialize `i'
3084 * kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp
3086 * include/Makefile.am: added admin.h
3088 Sun Jan 18 01:41:34 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
3090 * lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.
3092 * lib/krb5/mcache.c (mcc_store_cred): restore linked list if
3095 Tue Jan 6 04:17:56 1998 Assar Westerlund <assar@sics.se>
3097 * lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}
3099 * lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.
3101 * lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
3104 * kadmin/kadmind.c (main): htons correctly.
3105 moved kadm5_server_{recv,send}
3107 * kadmin/kadmin.c (main): only set admin_server if explicitly
3110 Mon Jan 5 23:34:44 1998 Johan Danielsson <joda@emma.pdc.kth.se>
3112 * lib/hdb/ndbm.c: Implement locking of database.
3114 * kdc/kerberos5.c: Process AuthorizationData.
3116 Sat Jan 3 22:07:07 1998 Johan Danielsson <joda@blubb.pdc.kth.se>
3118 * kdc/string2key.c: Use AFS string-to-key from libkrb5.
3120 * lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.
3122 * lib/krb5/krb5.h: Add value for AFS salts.
3124 * lib/krb5/str2key.c: Add support for AFS string-to-key.
3126 * lib/kadm5/rename_s.c: Use correct salt.
3128 * lib/kadm5/ent_setup.c: Always enable client. Only set max-life
3129 and max-renew if != 0.
3131 * lib/krb5/config_file.c: Add context to all krb5_config_*get_*.
3133 Thu Dec 25 17:03:25 1997 Assar Westerlund <assar@sics.se>
3135 * kadmin/ank.c (ank): don't zero password if --random-key was
3138 Tue Dec 23 01:56:45 1997 Assar Westerlund <assar@sics.se>
3142 * lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'
3144 * kadmin/util.c (edit_time): only set mask if != 0
3145 (edit_attributes): only set mask if != 0
3147 * kadmin/init.c (init): create `default'
3149 Sun Dec 21 09:44:05 1997 Assar Westerlund <assar@sics.se>
3151 * kadmin/util.c (str2deltat, str2attr, get_deltat): return value
3152 as pointer and have return value indicate success.
3154 (get_response): check NULL from fgets
3156 (edit_time, edit_attributes): new functions for reading values and
3157 offering list of answers on '?'
3159 (edit_entry): use edit_time and edit_attributes
3161 * kadmin/ank.c (add_new_key): test the return value of
3164 * kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
3165 that the checksum has to be keyed, even though later drafts do.
3166 Accept unkeyed checksums to be compatible with MIT.
3168 * kadmin/kadmin_locl.h: add some prototypes.
3170 * kadmin/util.c (edit_entry): return a value
3172 * appl/afsutil/afslog.c (main): return a exit code.
3174 * lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes
3176 * lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.
3178 * lib/krb5/build_auth.c (krb5_build_authenticator): use
3179 krb5_{free,copy}_keyblock instead of the _contents versions
3181 Fri Dec 12 14:20:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3183 * lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey
3185 Mon Dec 8 08:48:09 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3187 * lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid
3189 Sat Dec 6 10:09:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3191 * lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
3194 Sat Dec 6 08:26:10 1997 Assar Westerlund <assar@sics.se>
3198 Thu Dec 4 03:38:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3200 * lib/krb5/send_to_kdc.c: Add TCP client support.
3202 * lib/krb5/store.c: Add k_{put,get}_int.
3204 * kadmin/ank.c: Set initial kvno to 1.
3206 * kdc/connect.c: Send version 5 TCP-reply as length+data.
3208 Sat Nov 29 07:10:11 1997 Assar Westerlund <assar@sics.se>
3210 * lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug
3212 * kdc/kaserver.c (create_reply_ticket): use a random nonce in the
3215 * kdc/connect.c (init_sockets): less reallocing.
3217 * **/*.c: changed `struct fd_set' to `fd_set'
3219 Sat Nov 29 05:12:01 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3221 * lib/krb5/get_default_principal.c: More guessing.
3223 Thu Nov 20 02:55:09 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3225 * lib/krb5/rd_req.c: Use principal from ticket if no server is
3228 Tue Nov 18 02:58:02 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3230 * kuser/klist.c: Use krb5_err*().
3232 Sun Nov 16 11:57:43 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3234 * kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
3237 Sun Nov 16 02:52:20 1997 Assar Westerlund <assar@sics.se>
3239 * lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
3242 * lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
3245 * lib/krb5/get_cred.c: handle the case of a specific keytype
3247 * lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
3248 parameter instead of guessing it.
3250 * lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
3253 * appl/test/common.c (common_setup): don't use `optarg'
3255 * lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
3256 (krb5_kt_get_entry): retrieve the latest version if kvno == 0
3258 * lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE
3260 * lib/krb5/creds.c (krb5_compare_creds): check for
3261 KRB5_TC_MATCH_KEYTYPE
3263 * lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
3266 * lib/krb5/creds.c (krb5_copy_creds_contents): only free the
3267 contents if we fail.
3269 Sun Nov 16 00:32:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3271 * kpasswd/kpasswdd.c: Get password expiration time from config
3274 * lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.
3276 Wed Nov 12 02:35:57 1997 Assar Westerlund <assar@sics.se>
3278 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
3279 restructured and fixed.
3281 * lib/krb5/addr_families.c (krb5_h_addr2addr): new function.
3283 Wed Nov 12 01:36:01 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3285 * lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
3288 Tue Nov 11 22:22:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3290 * kadmin/kadmin.c: Add `-l' flag to use local database.
3292 * lib/kadm5/acl.c: Use KADM5_PRIV_ALL.
3294 * lib/kadm5: Use function pointer trampoline for easier dual use
3295 (without radiation-hardening capability).
3297 Tue Nov 11 05:15:22 1997 Assar Westerlund <assar@sics.se>
3299 * lib/krb5/encrypt.c (krb5_etype_valid): new function
3301 * lib/krb5/creds.c (krb5_copy_creds_contents): zero target
3303 * lib/krb5/context.c (valid_etype): remove
3305 * lib/krb5/checksum.c: remove dead code
3307 * lib/krb5/changepw.c (send_request): free memory on error.
3309 * lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
3312 * lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
3314 (krb5_auth_con_setaddrs_from_fd): return error correctly.
3316 * lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files
3318 Tue Nov 11 02:53:19 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3320 * lib/krb5/auth_context.c: Implement auth_con_setuserkey.
3322 * lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.
3324 * lib/krb5/keyblock.c: Rename krb5_free_keyblock to
3325 krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.
3327 * lib/krb5/rd_req.c: Use auth_context->keyblock if
3328 ap_options.use_session_key.
3330 Tue Nov 11 02:35:17 1997 Assar Westerlund <assar@sics.se>
3332 * lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
3335 * lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>
3337 * include/Makefile.am: add xdbm.h
3339 Tue Nov 11 01:58:22 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3341 * lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.
3343 Mon Nov 10 22:41:53 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3345 * lib/krb5/ticket.c: Implement copy_ticket.
3347 * lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.
3349 * lib/krb5/data.c: Implement free_data and copy_data.
3351 Sun Nov 9 02:17:27 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3353 * lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.
3355 * kadmin/kadmin.c: Add get_privileges function.
3357 * lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
3360 * kdc/connect.c: Exit if no sockets could be bound.
3362 * kadmin/kadmind.c: Check return value from krb5_net_read().
3364 * lib/kadm5,kadmin: Fix memory leaks.
3366 Fri Nov 7 02:45:26 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3368 * lib/kadm5/create_s.c: Get some default values from `default'
3371 * lib/kadm5/ent_setup.c: Add optional default entry to get some
3374 Thu Nov 6 00:20:41 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3376 * lib/error/compile_et.awk: Remove generated destroy_*_error_table
3379 * kadmin/kadmind.c: Crude admin server.
3381 * kadmin/kadmin.c: Update to use remote protocol.
3383 * kadmin/get.c: Fix principal formatting.
3385 * lib/kadm5: Add client support.
3387 * lib/kadm5/error.c: Error code mapping.
3389 * lib/kadm5/server.c: Kadmind support function.
3391 * lib/kadm5/marshall.c: Kadm5 marshalling.
3393 * lib/kadm5/acl.c: Simple acl system.
3395 * lib/kadm5/kadm5_locl.h: Add client stuff.
3397 * lib/kadm5/init_s.c: Initialize acl.
3399 * lib/kadm5/*: Return values.
3401 * lib/kadm5/create_s.c: Correct kvno.
3403 Wed Nov 5 22:06:50 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3405 * lib/krb5/log.c: Fix parsing of log destinations.
3407 Mon Nov 3 20:33:55 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3409 * lib/krb5/principal.c: Reduce number of reallocs in unparse_name.
3411 Sat Nov 1 01:40:53 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3413 * kadmin: Simple kadmin utility.
3415 * admin/ktutil.c: Print keytype.
3417 * lib/kadm5/get_s.c: Set correct n_key_data.
3419 * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
3422 * lib/kadm5/destroy_s.c: Check for allocated context.
3424 * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().
3426 Sat Nov 1 00:21:00 1997 Assar Westerlund <assar@sics.se>
3428 * configure.in: test for readv, writev
3430 Wed Oct 29 23:41:26 1997 Assar Westerlund <assar@sics.se>
3432 * lib/krb5/warn.c (_warnerr): handle the case of an illegal error
3435 * kdc/kerberos5.c (encode_reply): return success
3437 Wed Oct 29 18:01:59 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3439 * kdc/kerberos5.c (find_etype) Return correct index of selected
3442 Wed Oct 29 04:07:06 1997 Assar Westerlund <assar@sics.se>
3446 * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
3447 environment variable
3449 * *: use the roken_get*-macros from roken.h for the benefit of
3452 * configure.in: add --{enable,disable}-otp. check for compatible
3453 prototypes for gethostbyname, gethostbyaddr, getservbyname, and
3454 openlog (they have strange prototypes on Crays)
3456 * acinclude.m4: new macro `AC_PROTO_COMPAT'
3458 Tue Oct 28 00:11:22 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3460 * kdc/connect.c: Log bad requests.
3462 * kdc/kerberos5.c: Move stuff that's in common between as_rep and
3463 tgs_rep to separate functions.
3465 * kdc/kerberos5.c: Fix user-to-user authentication.
3467 * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
3468 - add a kdc-options argument to krb5_get_credentials, and rename
3469 it to krb5_get_credentials_with_flags
3470 - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
3471 - add some more user-to-user glue
3473 * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
3474 function, krb5_decrypt_ticket, so it is easier to decrypt and
3475 check a ticket without having an ap-req.
3477 * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
3480 * lib/krb5/crc.c (crc_init_table): Check if table is already
3483 Sun Oct 26 04:51:02 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3485 * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
3486 indefinite encoding.
3488 * lib/asn1/gen_glue.c (generate_units): Check for empty
3491 Sat Oct 25 07:24:57 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3493 * lib/error/compile_et.awk: Allow specifying table-base.
3495 Tue Oct 21 20:21:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3497 * kdc/kerberos5.c: Check version number of krbtgt.
3499 Mon Oct 20 01:14:53 1997 Assar Westerlund <assar@sics.se>
3501 * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
3502 case of unhidden prompts.
3504 * lib/krb5/str2key.c (string_to_key_internal): return error
3505 instead of aborting. always free memory
3507 * admin/ktutil.c: add `help' command
3509 * admin/kdb_edit.c: implement new commands: add_random_key(ark),
3510 change_password(cpw), change_random_key(crk)
3512 Thu Oct 16 05:16:36 1997 Assar Westerlund <assar@sics.se>
3514 * kpasswd/kpasswdd.c: change all the keys in the database
3516 * kdc: removed all unsealing, now done by the hdb layer
3518 * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
3519 and `hdb_clear_master_key'
3521 * admin/misc.c: removed
3523 Wed Oct 15 22:47:31 1997 Assar Westerlund <assar@sics.se>
3525 * kuser/klist.c: print year as YYYY iff verbose
3527 Wed Oct 15 20:02:13 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3529 * kuser/klist.c: print etype from ticket
3531 Mon Oct 13 17:18:57 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3535 * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
3536 used to decrypt the reply from DCE secds.
3538 * lib/krb5/auth_context.c: Add {get,set}enctype.
3540 * lib/krb5/get_cred.c: Fix for DCE secd.
3542 * lib/krb5/store.c: Store keytype twice, as MIT does.
3544 * lib/krb5/get_in_tkt.c: Use etype from reply.
3546 Fri Oct 10 00:39:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3548 * kdc/connect.c: check for leading '/' in http request
3550 Tue Sep 30 21:50:18 1997 Assar Westerlund <assar@assaris.pdc.kth.se>
3554 Mon Sep 29 15:58:43 1997 Assar Westerlund <assar@sics.se>
3556 * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
3557 the kvno or keytype before receiving the AP-REQ
3559 * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
3560 use from the keytype.
3562 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
3563 cksumtype to use from the keytype.
3565 * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
3568 * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype
3570 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
3571 what etype to use from the keytype.
3573 * lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
3574 handle other key types than DES
3576 * lib/krb5/encrypt.c (key_type): add `best_cksumtype'
3577 (krb5_keytype_to_cksumtype): new function
3579 * lib/krb5/build_auth.c (krb5_build_authenticator): figure out
3580 what etype to use from the keytype.
3582 * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
3585 * admin/extkeytab.c (ext_keytab): extract all keys
3587 * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge
3589 * configure.in: check for <netinet6/in6.h>. check for -linet6
3591 Tue Sep 23 03:00:53 1997 Assar Westerlund <assar@sics.se>
3593 * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1
3595 * lib/krb5/rd_safe.c: fix check for keyed and collision-proof
3598 * lib/krb5/context.c (valid_etype): remove hard-coded constants
3599 (default_etypes): include DES3
3601 * kdc/kerberos5.c: fix check for keyed and collision-proof
3604 * admin/util.c (init_des_key, set_password): DES3 keys also
3606 * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
3609 * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'
3611 Mon Sep 22 11:44:27 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3613 * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
3614 the client is used to select wich key to encrypt the kdc rep with
3615 (in case of as-req), and with the server info to select the
3616 session key type. The server key the ticket is encrypted is based
3617 purely on the keys in the database.
3619 * kdc/string2key.c: Add keytype support. Default to version 5
3622 * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.
3624 * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
3625 many *_to_* functions.
3627 * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
3628 to krb5_string_to_key().
3630 * lib/krb5/checksum.c: Some cleanup, and added:
3633 - keyed and collision proof flags to each checksum method
3634 - checksum<->string functions.
3636 * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.
3638 Sun Sep 21 15:19:23 1997 Assar Westerlund <assar@sics.se>
3640 * kdc/connect.c: use new addr_families functions
3642 * kpasswd/kpasswdd.c: use new addr_families functions. Now works
3645 * kuser/klist.c: use correct symbols for address families
3647 * lib/krb5/sock_principal.c: use new addr_families functions
3649 * lib/krb5/send_to_kdc.c: use new addr_families functions
3651 * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6
3653 * lib/krb5/get_addrs.c: use new addr_families functions
3655 * lib/krb5/changepw.c: use new addr_families functions. Now works
3658 * lib/krb5/auth_context.c: use new addr_families functions
3660 * lib/krb5/addr_families.c: new file
3662 * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated
3665 * acinclude.m4: new macro `AC_KRB_IPV6'. Use it.
3667 Sat Sep 13 23:04:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3669 * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
3672 Sat Sep 13 00:59:36 1997 Assar Westerlund <assar@sics.se>
3676 * appl/telnet/telnet/commands.c: AF_INET6 support
3678 * admin/misc.c: new file
3680 * lib/krb5/context.c: new configuration variable `max_retries'
3682 * lib/krb5/get_addrs.c: fixes and better #ifdef's
3684 * lib/krb5/config_file.c: implement krb5_config_get_int
3686 * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
3689 * kuser/klist.c: support for printing IPv6-addresses
3691 * kdc/connect.c: support AF_INET6
3693 * configure.in: test for gethostbyname2 and struct sockaddr_in6
3695 Thu Sep 11 07:25:28 1997 Assar Westerlund <assar@sics.se>
3697 * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
3700 Wed Sep 10 21:20:17 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3702 * kdc/kerberos5.c: Fixes for cross-realm, including (but not
3704 - allow client to be non-existant (should probably check for
3706 - if server isn't found and it is a request for a krbtgt, try to
3707 find a realm on the way to the requested realm
3708 - update the transited encoding iff
3709 client-realm != server-realm != tgt-realm
3711 * lib/krb5/get_cred.c: Several fixes for cross-realm.
3713 Tue Sep 9 15:59:20 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3715 * kdc/string2key.c: Fix password handling.
3717 * lib/krb5/encrypt.c: krb5_key_to_string
3719 Tue Sep 9 07:46:05 1997 Assar Westerlund <assar@sics.se>
3721 * lib/krb5/get_addrs.c: rewrote. Now should be able to handle
3722 aliases and IPv6 addresses
3724 * kuser/klist.c: try printing IPv6 addresses
3726 * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192
3728 * configure.in: check for <netinet/in6_var.h>
3730 Mon Sep 8 02:57:14 1997 Assar Westerlund <assar@sics.se>
3734 * admin/util.c (init_des_key): increase kvno
3735 (set_password): return -1 if `des_read_pw_string' failed
3737 * admin/mod.c (doit2): check the return value from `set_password'
3739 * admin/ank.c (doit): don't add a new entry if `set_password'
3742 Mon Sep 8 02:20:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3744 * lib/krb5/verify_init.c: fix ap_req_nofail semantics
3746 * lib/krb5/transited.c: something that might resemble
3747 domain-x500-compress
3749 Mon Sep 8 01:24:42 1997 Assar Westerlund <assar@sics.se>
3751 * kdc/hpropd.c (main): check number of arguments
3753 * appl/popper/pop_init.c (pop_init): check number of arguments
3755 * kpasswd/kpasswd.c (main): check number of arguments
3757 * kdc/string2key.c (main): check number of arguments
3759 * kuser/kdestroy.c (main): check number of arguments
3761 * kuser/kinit.c (main): check number of arguments
3763 * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
3764 break out of select when a signal arrives
3766 * kdc/main.c (main): use sigaction without SA_RESTART to break out
3767 of select when a signal arrives
3769 * kdc/kstash.c: default to HDB_DB_DIR "/m-key"
3771 * kdc/config.c (configure): add `--version'. Check the number of
3772 arguments. Handle the case of there being no specification of port
3775 * admin/util.c: seal and unseal key at appropriate places
3777 * admin/kdb_edit.c (main): parse arguments, config file and read
3778 master key iff there's one.
3780 * admin/extkeytab.c (ext_keytab): unseal key while extracting
3782 Sun Sep 7 20:41:01 1997 Assar Westerlund <assar@sics.se>
3784 * lib/roken/roken.h: include <fcntl.h>
3786 * kdc/kerberos5.c (set_salt_padata): new function
3788 * appl/telnet/telnetd/telnetd.c: Rename some variables that
3789 conflict with cpp symbols on HP-UX 10.20
3791 * change all calls of `gethostbyaddr' to cast argument 1 to `const
3794 * acconfig.h: only use SGTTY on nextstep
3796 Sun Sep 7 14:33:50 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3798 * kdc/kerberos5.c: Check invalid flag.
3800 Fri Sep 5 14:19:38 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3802 * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.
3804 * lib/kafs: Move functions common to krb/krb5 modules to new file,
3805 and make things more modular.
3807 * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
3810 Thu Sep 4 23:39:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3812 * lib/krb5/get_addrs.c: Fix loopback test.
3814 Thu Sep 4 04:45:49 1997 Assar Westerlund <assar@sics.se>
3816 * lib/roken/roken.h: fallback definition of `O_ACCMODE'
3818 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
3819 checking for a v4 reply
3821 Wed Sep 3 18:20:14 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3823 * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.
3825 * lib/hdb/hdb.c: new {seal,unseal}_keys functions
3827 * kdc/{hprop,hpropd}.c: Add support to dump database to stdout.
3829 * kdc/hprop.c: Don't use same master key as version 4.
3831 * admin/util.c: Don't dump core if no `default' is found.
3833 Wed Sep 3 16:01:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3835 * kdc/connect.c: Allow run time port specification.
3837 * kdc/config.c: Add flags for http support, and port
3840 Tue Sep 2 02:00:03 1997 Assar Westerlund <assar@sics.se>
3842 * include/bits.c: Don't generate ifndef's in bits.h. Instead, use
3843 them when building the program. This makes it possible to include
3844 bits.h without having defined all HAVE_INT17_T symbols.
3846 * configure.in: test for sigaction
3848 * doc: updated documentation.
3850 Tue Sep 2 00:20:31 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3854 Mon Sep 1 17:42:14 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3856 * lib/krb5/data.c: don't return ENOMEM if len == 0
3858 Sun Aug 31 17:15:49 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3860 * lib/hdb/hdb.asn1: Include salt type in salt.
3862 * kdc/hprop.h: Change port to 754.
3864 * kdc/hpropd.c: Verify who tries to transmit a database.
3866 * appl/popper: Use getarg and krb5_log.
3868 * lib/krb5/get_port.c: Add context parameter. Now takes port in
3871 Sat Aug 30 18:48:19 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3873 * kdc/connect.c: Add timeout to select, and log about expired tcp
3876 * kdc/config.c: Add `database' option.
3878 * kdc/hpropd.c: Log about duplicate entries.
3880 * lib/hdb/{db,ndbm}.c: Use common routines.
3882 * lib/hdb/common.c: Implement more generic fetch/store/delete
3885 * lib/hdb/hdb.h: Add `replace' parameter to store.
3887 * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
3890 Fri Aug 29 03:13:23 1997 Assar Westerlund <assar@sics.se>
3892 * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket
3894 * aux/make-proto.pl: fix __P for stone age mode
3896 Fri Aug 29 02:45:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3898 * lib/45/mk_req.c: implementation of krb_mk_req that uses 524
3901 * lib/krb5/init_creds_pw.c: make change_password and
3902 get_init_creds_common static
3904 * lib/krb5/krb5.h: Merge stuff from removed headerfiles.
3906 * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops
3908 * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops
3910 Fri Aug 29 01:45:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
3912 * lib/krb5/krb5.h: Remove all prototypes.
3914 * lib/krb5/convert_creds.c: Use `struct credentials' instead of
3917 Fri Aug 29 00:08:18 1997 Assar Westerlund <assar@sics.se>
3919 * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
3920 and units for bit strings.
3922 * admin/util.c: flags2int, int2flags, and flag_units are now
3923 generated by asn1_compile
3925 * lib/roken/parse_units.c: generalised `parse_units' and
3926 `unparse_units' and added new functions `parse_flags' and
3927 `unparse_flags' that use these
3929 * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h
3931 * admin/util.c: Use {un,}parse_flags for printing and parsing
3934 Thu Aug 28 03:26:12 1997 Assar Westerlund <assar@sics.se>
3936 * lib/krb5/get_addrs.c: restructured
3938 * lib/krb5/warn.c (_warnerr): leak less memory
3940 * lib/hdb/hdb.c (hdb_free_entry): zero keys
3941 (hdb_check_db_format): leak less memory
3943 * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
3944 NDBM__get, NDBM__put
3946 * lib/hdb/db.c (DB_seq): check for valid hdb_entries
3948 Thu Aug 28 02:06:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3950 * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.
3952 Thu Aug 28 01:13:17 1997 Assar Westerlund <assar@sics.se>
3954 * kuser/kinit.1, klist.1, kdestroy.1: new man pages
3956 * kpasswd/kpasswd.1, kpasswdd.8: new man pages
3958 * kdc/kstash.8, hprop.8, hpropd.8: new man pages
3960 * admin/ktutil.8, admin/kdb_edit.8: new man pages
3962 * admin/mod.c: new file
3964 * admin/life.c: renamed gettime and puttime to getlife and putlife
3965 and moved them to life.c
3967 * admin/util.c: add print_flags, parse_flags, init_entry,
3968 set_created_by, set_modified_by, edit_entry, set_password. Use
3971 * admin/get.c: use print_flags
3973 * admin: removed unused stuff. use krb5_{warn,err}*
3975 * admin/ank.c: re-organized and abstracted.
3977 * admin/gettime.c: removed
3979 Thu Aug 28 00:37:39 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3981 * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.
3983 * lib/roken/base64.c: Add base64 functions.
3985 * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.
3987 Wed Aug 27 00:29:20 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3989 * include/Makefile.am: Don't make links to built files.
3991 * admin/kdb_edit.c: Add command to set the database path.
3993 * lib/hdb: Include version number in database.
3995 Tue Aug 26 20:14:54 1997 Johan Danielsson <joda@emma.pdc.kth.se>
3997 * admin/ktutil: Merged v4 srvtab conversion.
3999 Mon Aug 25 23:02:18 1997 Assar Westerlund <assar@sics.se>
4001 * lib/roken/roken.h: add F_OK
4003 * lib/gssapi/acquire_creds.c: fix typo
4005 * configure.in: call AC_TYPE_MODE_T
4007 * acinclude.m4: Add AC_TYPE_MODE_T
4009 Sun Aug 24 16:46:53 1997 Assar Westerlund <assar@sics.se>
4013 Sun Aug 24 08:06:54 1997 Assar Westerlund <assar@sics.se>
4015 * appl/popper/pop_pass.c: log poppers
4017 * kdc/kaserver.c: some more checks
4019 * kpasswd/kpasswd.c: removed `-p'
4021 * kuser/kinit.c: removed `-p'
4023 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
4024 KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.
4026 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
4029 * lib/gssapi/import_name.c (input_name): more names types.
4031 * admin/load.c (parse_keys): handle the case of an empty salt
4033 * kdc/kaserver.c: fix up memory deallocation
4035 * kdc/kaserver.c: quick hack at talking kaserver protocol
4037 * kdc/kerberos4.c: Make `db-fetch4' global
4039 * configure.in: add --enable-kaserver
4041 * kdc/rx.h, kdc/kerberos4.h: new header files
4043 * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o
4045 Sun Aug 24 03:52:44 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4047 * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
4050 * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.
4052 * lib/des/{md4,md5,sha}.c: Now works on Crays.
4054 Sat Aug 23 18:15:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4056 * appl/afsutil/afslog.c: If no cells or files specified, get
4057 tokens for all local cells. Better test for files.
4059 Thu Aug 21 23:33:38 1997 Assar Westerlund <assar@sics.se>
4061 * lib/gssapi/v1.c: new file with v1 compatibility functions.
4063 Thu Aug 21 20:36:13 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4065 * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.
4067 * kdc/kerberos4.c: Check database when converting v4 principals.
4069 * kdc/kerberos5.c: Include kvno in Ticket.
4071 * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.
4073 * kuser/klist.c: Print version number of ticket, include more
4076 Wed Aug 20 21:26:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4078 * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
4081 Wed Aug 20 17:40:31 1997 Assar Westerlund <assar@sics.se>
4083 * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
4086 * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
4087 documentation and process KRB-ERROR's
4089 Tue Aug 19 20:41:30 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4091 * kdc/kerberos4.c: Fix memory leak in v4 protocol handler.
4093 Mon Aug 18 05:15:09 1997 Assar Westerlund <assar@sics.se>
4095 * lib/gssapi/accept_sec_context.c: Added
4096 `gsskrb5_register_acceptor_identity'
4098 Sun Aug 17 01:40:20 1997 Assar Westerlund <assar@sics.se>
4100 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
4101 always pass server == NULL to krb5_rd_req.
4103 * lib/gssapi: new files: canonicalize_name.c export_name.c
4104 context_time.c compare_name.c release_cred.c acquire_cred.c
4105 inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au>
4107 * lib/krb5/config_file.c: Add netinfo support from Luke Howard
4108 <lukeh@xedoc.com.au>
4110 * lib/editline/sysunix.c: sgtty-support from Luke Howard
4111 <lukeh@xedoc.com.au>
4113 * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
4114 Howard <lukeh@xedoc.com.au>
4116 Sat Aug 16 00:44:47 1997 Assar Westerlund <assar@koi.pdc.kth.se>
4120 Sat Aug 16 00:23:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4122 * appl/afsutil/afslog.c: Use new libkafs.
4124 * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.
4126 * lib/krb5/warn.c: Fix format string for *x type.
4128 Fri Aug 15 22:15:01 1997 Assar Westerlund <assar@sics.se>
4130 * admin/get.c (get_entry): print more information about the entry
4132 * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed
4134 * lib/krb5/config_file.c: new functions `krb5_config_get_time' and
4135 `krb5_config_vget_time'. Use them.
4137 Fri Aug 15 00:09:37 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4139 * admin/ktutil.c: Keytab manipulation program.
4141 * lib/krb5/keytab.c: Return sane values from resolve and
4144 * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.
4146 * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
4147 krb524_convert_creds_kdc.
4149 * lib/krb5/convert_creds.c: Implementation of
4150 krb524_convert_creds_kdc.
4152 * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL
4154 * kdc/524.c: A somewhat working 524-protocol module.
4156 * kdc/kerberos4.c: Add version 4 ticket encoding and encryption
4159 * lib/krb5/context.c: Fix kdc_timeout.
4161 * lib/hdb/{ndbm,db}.c: Free name in close.
4163 * kdc/kerberos5.c (tgs_check_autenticator): Return error code
4165 Thu Aug 14 21:29:03 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4167 * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.
4169 * lib/krb5/store_emem.c: Fix reallocation bug.
4171 Tue Aug 12 01:29:46 1997 Assar Westerlund <assar@sics.se>
4173 * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
4174 `krb5_sock_to_principal'. Send server parameter to
4175 krb5_rd_req/krb5_recvauth. Set addresses in auth_context.
4177 * lib/krb5/recvauth.c: Set addresses in auth_context if there
4180 * lib/krb5/auth_context.c: New function
4181 `krb5_auth_con_setaddrs_from_fd'
4183 * lib/krb5/sock_principal.c: new function
4184 `krb5_sock_to_principal'
4186 * lib/krb5/time.c: new file with `krb5_timeofday' and
4187 `krb5_us_timeofday'. Use these functions.
4189 * kuser/klist.c: print KDC offset iff verbose
4191 * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
4192 [libdefaults]kdc_timesync is set.
4194 * lib/krb5/fcache.c: Implement version 4 of the ccache format.
4196 Mon Aug 11 05:34:43 1997 Assar Westerlund <assar@sics.se>
4198 * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory
4200 * lib/krb5/principal.c (krb5_unparse_name): allocate memory
4203 * kpasswd/kpasswd.c: Use `krb5_change_password'
4205 * lib/krb5/init_creds_pw.c (init_cred): set realm of server
4208 * lib/krb5/init_creds_pw.c: support changing of password when it
4211 * lib/krb5/changepw.c: new file
4213 * kuser/klist.c: use getarg
4215 * admin/init.c (init): add `kadmin/changepw'
4217 Mon Aug 11 04:30:47 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4219 * lib/krb5/get_cred.c: Make get_credentials handle cross-realm.
4221 Mon Aug 11 00:03:24 1997 Assar Westerlund <assar@sics.se>
4223 * lib/krb5/config_file.c: implement support for #-comments
4225 Sat Aug 9 02:21:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4227 * kdc/hprop*.c: Add database propagation programs.
4229 * kdc/connect.c: Max request size.
4231 Sat Aug 9 00:47:28 1997 Assar Westerlund <assar@sics.se>
4233 * lib/otp: resurrected from krb4
4235 * appl/push: new program for fetching mail with POP.
4237 * appl/popper/popper.h: new include files. new fields in `POP'
4239 * appl/popper/pop_pass.c: Implement both v4 and v5.
4241 * appl/popper/pop_init.c: Implement both v4 and v5.
4243 * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5
4245 * appl/popper: Popper from krb4.
4247 * configure.in: check for inline and <netinet/tcp.h> generate
4248 files in appl/popper, appl/push, and lib/otp
4250 Fri Aug 8 05:51:02 1997 Assar Westerlund <assar@sics.se>
4252 * lib/krb5/get_cred.c: clean-up and try to free memory even when
4255 * lib/krb5/get_cred.c: adapt to new `extract_ticket'
4257 * lib/krb5/get_in_tkt.c: reorganize. check everything and try to
4258 return memory even if there are errors.
4260 * kuser/kverify.c: new file
4262 * lib/krb5/free_host_realm.c: new file
4264 * lib/krb5/principal.c (krb5_sname_to_principal): implement
4265 different nametypes. Also free memory.
4267 * lib/krb5/verify_init.c: more functionality
4269 * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum
4271 * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
4272 principals in creds. Should also compare them with that received
4275 * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
4277 (krb5_cc_destroy): call krb5_cc_close
4278 (krb5_cc_retrieve_cred): delete the unused creds
4280 Fri Aug 8 02:30:40 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4282 * lib/krb5/log.c: Allow better control of destinations of logging
4283 (like passing explicit destinations, and log-functions).
4285 Fri Aug 8 01:20:39 1997 Assar Westerlund <assar@sics.se>
4287 * lib/krb5/get_default_principal.c: new file
4289 * kpasswd/kpasswdd.c: use krb5_log*
4291 Fri Aug 8 00:37:47 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4293 * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.
4295 Fri Aug 8 00:37:17 1997 Assar Westerlund <assar@sics.se>
4297 * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
4298 Print password expire information.
4300 * kdc/config.c: new variable `kdc_warn_pwexpire'
4302 * kpasswd/kpasswd.c: converted to getarg and get_init_creds
4304 Thu Aug 7 22:17:09 1997 Assar Westerlund <assar@sics.se>
4306 * lib/krb5/mcache.c: new file
4308 * admin/gettime.c: new function puttime. Use it.
4310 * lib/krb5/keyblock.c: Added krb5_free_keyblock and
4313 * lib/krb5/init_creds_pw.c: more functionality
4315 * lib/krb5/creds.c: Added krb5_free_creds_contents and
4316 krb5_copy_creds. Changed callers.
4318 * lib/krb5/config_file.c: new functions krb5_config_get and
4321 * lib/krb5/cache.c: cleanup added mcache
4323 * kdc/kerberos5.c: include last-req's of type 6 and 7, if
4326 Wed Aug 6 20:38:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4328 * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.
4330 Tue Aug 5 22:53:54 1997 Assar Westerlund <assar@sics.se>
4332 * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
4333 prompter_posix.c: the beginning of an implementation of the cygnus
4336 * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global
4338 * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
4339 almost krb5_get_in_tkt but doesn't write the creds to the ccache.
4340 Small fixes in krb5_get_in_tkt
4342 * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
4345 Mon Aug 4 20:20:48 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4347 * kdc: Make context global.
4349 Fri Aug 1 17:23:56 1997 Assar Westerlund <assar@sics.se>
4353 * lib/roken/flock.c: new file
4355 * kuser/kinit.c: check for and print expiry information in the
4358 * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL
4360 * kdc/kerberos5.c: Check the valid times on client and server.
4361 Check the password expiration.
4362 Check the require_preauth flag.
4363 Send an lr_type == 6 with pw_end.
4364 Set key.expiration to min(valid_end, pw_end)
4366 * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'
4368 * admin/util.c, admin/load.c: handle the new flags.
4370 Fri Aug 1 16:56:12 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4372 * lib/hdb: Add some simple locking.
4374 Sun Jul 27 04:44:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4376 * lib/krb5/log.c: Add some general logging functions.
4378 * kdc/kerberos4.c: Add version 4 protocol handler. The requrement
4379 for this to work is that all involved principals has a des key in
4380 the database, and that the client has a version 4 (un-)salted
4381 key. Furthermore krb5_425_conv_principal has to do it's job, as
4382 present it's not very clever.
4384 * lib/krb5/principal.c: Quick patch to make 425_conv work
4387 * lib/hdb/hdb.c: Add keytype->key and next key functions.
4389 Fri Jul 25 17:32:12 1997 Assar Westerlund <assar@sics.se>
4391 * lib/krb5/build_auth.c (krb5_build_authenticator): don't free
4392 `cksum'. It's allocated and freed by the caller
4394 * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.
4396 * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
4397 `client' to return as part of the KRB-ERROR
4399 Thu Jul 24 08:13:59 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4401 * kdc/kerberos5.c: Unseal keys from database before use.
4403 * kdc/misc.c: New functions set_master_key, unseal_key and
4406 * lib/roken/getarg.c: Handle `-f arg' correctly.
4408 Thu Jul 24 01:54:43 1997 Assar Westerlund <assar@sics.se>
4410 * kuser/kinit.c: implement `-l' aka `--lifetime'
4412 * lib/roken/parse_units.c, parse_time.c: new files
4414 * admin/gettime.c (gettime): use `parse_time'
4416 * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
4417 KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.
4419 * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
4420 addresses in auth_context bind one socket per interface.
4422 * kpasswd/kpasswd.c: use sequence numbers
4424 * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
4427 * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
4430 * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
4433 * lib/krb5/mk_error.c (krb5_mk_error): return an error number and
4434 not a comerr'd number.
4436 * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
4437 number in KRB-ERROR correctly.
4439 * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
4440 number in KRB-ERROR correctly.
4442 * lib/asn1/k5.asn1: Add `METHOD-DATA'
4444 * removed some memory leaks.
4446 Wed Jul 23 07:53:18 1997 Assar Westerlund <assar@sics.se>
4450 * lib/krb5/rd_cred.c, get_for_creds.c: new files
4452 * lib/krb5/get_host_realm.c: try default realm as last chance
4454 * kpasswd/kpasswdd.c: updated to hdb changes
4456 * appl/telnet/libtelnet/kerberos5.c: Implement forwarding
4458 * appl/telnet/libtelnet: removed totally unused files
4460 * admin/ank.c: fix prompts and generation of random keys
4462 Wed Jul 23 04:02:32 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4464 * admin/dump.c: Include salt in dump.
4466 * admin: Mostly updated for new db-format.
4468 * kdc/kerberos5.c: Update to use new db format. Better checking of
4469 flags and such. More logging.
4471 * lib/hdb/hdb.c: Use generated encode and decode functions.
4473 * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.
4475 * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
4478 Sun Jul 20 16:22:30 1997 Assar Westerlund <assar@sics.se>
4480 * kuser/kinit.c: break if des_read_pw_string() != 0
4482 * kpasswd/kpasswdd.c: send a reply
4484 * kpasswd/kpasswd.c: restructured code. better report on
4485 krb-error break if des_read_pw_string() != 0
4487 * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
4488 starttime and renew_till
4490 * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
4491 keyblock to krb5_verify_chekcsum
4493 Sun Jul 20 06:35:46 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4497 * kpasswd/kpasswd.c: Avoid using non-standard struct names.
4499 Sat Jul 19 19:26:23 1997 Assar Westerlund <assar@sics.se>
4501 * lib/krb5/keytab.c (krb5_kt_get_entry): check return from
4502 `krb5_kt_start_seq_get'. From <map@stacken.kth.se>
4504 Sat Jul 19 04:07:39 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4506 * lib/asn1/k5.asn1: Update with more pa-data types from
4507 draft-ietf-cat-kerberos-revisions-00.txt
4509 * admin/load.c: Update to match current db-format.
4511 * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
4512 up. Send back an empty pa-data if the client has the v4 flag set.
4514 * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
4515 pa-data. DTRT if there is any pa-data in the reply.
4517 * lib/krb5/str2key.c: XOR with some sane value.
4519 * lib/hdb/hdb.h: Add `version 4 salted key' flag.
4521 * kuser/kinit.c: Ask for password before calling get_in_tkt. This
4522 makes it possible to call key_proc more than once.
4524 * kdc/string2key.c: Add flags to output version 5 (DES only),
4525 version 4, and AFS string-to-key of a password.
4527 * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
4530 Fri Jul 18 02:54:58 1997 Assar Westerlund <assar@sics.se>
4532 * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
4535 * kdc/misc.c: check result of hdb_open
4537 * admin/kdb_edit: updated to new sl
4539 * lib/sl: sl_func now returns an int. != 0 means to exit.
4541 * kpasswd/kpasswdd: A crude (but somewhat working) implementation
4542 of `draft-ietf-cat-kerb-chg-password-00.txt'
4544 Fri Jul 18 00:55:39 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4546 * kuser/krenew.c: Crude ticket renewing program.
4548 * kdc/kerberos5.c: Rewritten flags parsing, it now might work to
4549 get forwarded and renewed tickets.
4551 * kuser/kinit.c: Add `-r' flag.
4553 * lib/krb5/get_cred.c: Move most of contents of get_creds to new
4554 function get_kdc_cred, that always contacts the kdc and doesn't
4555 save in the cache. This is a hack.
4557 * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
4560 * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.
4562 * lib/krb5/send_to_kdc.c: Get timeout from context.
4564 * lib/krb5/context.c: Add kdc_timeout to context struct.
4566 Thu Jul 17 20:35:45 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4568 * kuser/klist.c: Print start time of ticket if available.
4570 * lib/krb5/get_host_realm.c: Return error if no realm was found.
4572 Thu Jul 17 20:28:21 1997 Assar Westerlund <assar@sics.se>
4574 * kpasswd: non-working kpasswd added
4576 Thu Jul 17 00:21:22 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4580 * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.
4582 Wed Jul 16 03:37:41 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4584 * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.
4586 * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
4589 * lib/krb5/principal.c (krb5_free_principal): Check for NULL.
4591 * lib/krb5/send_to_kdc.c: Check for NULL return from
4594 * lib/krb5/set_default_realm.c: Try to get realm of local host if
4595 no default realm is available.
4597 * Remove non ASN.1 principal code.
4599 Wed Jul 16 03:17:30 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4601 * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
4602 error handing. Do some logging.
4604 * kdc/log.c: Some simple logging facilities.
4606 * kdc/misc.c (db_fetch): Take a krb5_principal.
4608 * kdc/connect.c: Pass address of request to as_rep and
4609 tgs_rep. Send KRB-ERROR.
4611 * lib/krb5/mk_error.c: Add more fields.
4613 * lib/krb5/get_cred.c: Print normal error code if no e_text is
4616 Wed Jul 16 03:07:50 1997 Assar Westerlund <assar@sics.se>
4618 * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
4619 Change encryption type of pa_enc_timestamp to DES-CBC-MD5
4621 * lib/krb5/context.c: recognize all encryption types actually
4624 * lib/krb5/auth_context.c (krb5_auth_con_init): Change default
4625 encryption type to `DES_CBC_MD5'
4627 * lib/krb5/read_message.c, write_message.c: new files
4629 Tue Jul 15 17:14:21 1997 Assar Westerlund <assar@sics.se>
4631 * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.
4633 * lib/error/compile_et.awk: generate a prototype for the
4634 `destroy_foo_error_table' function.
4636 Mon Jul 14 12:24:40 1997 Assar Westerlund <assar@sics.se>
4638 * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
4639 with `kerberos.REALM'
4641 * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
4644 * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
4647 * lib/krb5/build_auth.c (krb5_build_authenticator): always
4650 * lib/krb5/address.c: implement `krb5_address_order'
4652 * lib/gssapi/import_name.c: Implement `gss_import_name'
4654 * lib/gssapi/external.c: Use new OID
4656 * lib/gssapi/encapsulate.c: New functions
4657 `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed
4660 * lib/gssapi/decapsulate.c: New function
4661 `gssaspi_krb5_verify_header'. Changed callers.
4663 * lib/asn1/gen*.c: Give tags to generated structs.
4664 Use `err' and `asprintf'
4666 * appl/test/gss_common.c: new file
4668 * appl/test/gssapi_server.c: removed all krb5 calls
4670 * appl/telnet/libtelnet/kerberos5.c: Add support for genering and
4671 verifying checksums. Also start using session subkeys.
4673 Mon Jul 14 12:08:25 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4675 * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.
4677 Sun Jul 13 03:07:44 1997 Assar Westerlund <assar@sics.se>
4679 * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT
4681 * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
4682 `DES_encrypt_key_ivec'
4684 * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des
4686 * kdc/kerberos5.c (tgs_rep): support keyed checksums
4688 * lib/krb5/creds.c: new file
4690 * lib/krb5/get_in_tkt.c: better freeing
4692 * lib/krb5/context.c (krb5_free_context): more freeing
4694 * lib/krb5/config_file.c: New function `krb5_config_file_free'
4696 * lib/error/compile_et.awk: Generate a `destroy_' function.
4698 * kuser/kinit.c, klist.c: Don't leak memory.
4700 Sun Jul 13 02:46:27 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4702 * kdc/connect.c: Check filedescriptor in select.
4704 * kdc/kerberos5.c: Remove most of the most common memory leaks.
4706 * lib/krb5/rd_req.c: Free allocated data.
4708 * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
4711 Sun Jul 13 00:32:16 1997 Assar Westerlund <assar@sics.se>
4713 * appl/telnet: Conditionalize the krb4-support.
4715 * configure.in: Test for krb4
4717 Sat Jul 12 17:14:12 1997 Assar Westerlund <assar@sics.se>
4719 * kdc/kerberos5.c: check if the pre-auth was decrypted properly.
4720 set the `pre_authent' flag
4722 * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.
4724 * lib/krb5/encrypt.c: Made `generate_random_block' global.
4726 * appl/test: Added gssapi_client and gssapi_server.
4728 * lib/krb5/data.c: Add `krb5_data_zero'
4730 * appl/test/tcp_client.c: try `mk_safe' and `mk_priv'
4732 * appl/test/tcp_server.c: try `rd_safe' and `rd_priv'
4734 Sat Jul 12 16:45:58 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4736 * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
4737 returns zero length from SIOCGIFCONF.
4739 Sat Jul 12 16:38:34 1997 Assar Westerlund <assar@sics.se>
4741 * appl/test: new programs
4743 * lib/krb5/rd_req.c: add address compare
4745 * lib/krb5/mk_req_ext.c: allow no checksum
4747 * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string
4749 * lib/krb5/address.c: fix `krb5_address_compare'
4751 Sat Jul 12 15:03:16 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4753 * lib/krb5/get_addrs.c: Fix ip4 address extraction.
4755 * kuser/klist.c: Add verbose flag, and split main into smaller
4758 * lib/krb5/fcache.c: Save ticket flags.
4760 * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
4763 * lib/krb5/krb5.h: Add ticket_flags to krb5_creds.
4765 Sat Jul 12 13:12:48 1997 Assar Westerlund <assar@sics.se>
4767 * configure.in: Call `AC_KRB_PROG_LN_S'
4769 * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4
4771 Sat Jul 12 00:57:01 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4773 * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
4776 Fri Jul 11 15:04:22 1997 Assar Westerlund <assar@sics.se>
4778 * appl/telnet: telnet & telnetd seems to be working.
4780 * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
4781 krb5_config_vget_next
4783 * appl/telnet/libtelnet/kerberos5.c: update to current API
4785 Thu Jul 10 14:54:39 1997 Assar Westerlund <assar@sics.se>
4787 * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
4790 * appl/telnet: Added.
4792 Thu Jul 10 05:09:25 1997 Johan Danielsson <joda@emma.pdc.kth.se>
4794 * lib/error/compile_et.awk: Remove usage of sub, gsub, and
4795 functions for compatibility with awk.
4797 * include/bits.c: Must use signed char.
4799 * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
4802 * lib/error/error.c: Replace krb5_get_err_text with new function
4805 * lib/error/compile_et.awk: Avoid using static variables.
4807 * lib/error/error.c: Don't use krb5_locl.h
4809 * lib/error/error.h: Move definitions of error_table and
4810 error_list from krb5.h.
4812 * lib/error: Moved from lib/krb5.
4814 Wed Jul 9 07:42:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4816 * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.
4818 Wed Jul 9 06:58:00 1997 Assar Westerlund <assar@sics.se>
4820 * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
4821 according to pseudocode from 1510
4823 Wed Jul 9 06:06:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4825 * lib/hdb/hdb.c: Add hdb_etype2key.
4827 * kdc/kerberos5.c: Check authenticator. Use more general etype
4830 Wed Jul 9 03:51:12 1997 Assar Westerlund <assar@sics.se>
4832 * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
4833 draft-ietf-cat-kerberos-r-00.txt
4835 * lib/krb5/principal.c (krb5_parse_name): default to local realm
4838 * kuser/kinit.c: New option `-p' and prompt
4840 Wed Jul 9 02:30:06 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4842 * lib/krb5/keyblock.c: Keyblock generation functions.
4844 * lib/krb5/encrypt.c: Use functions from checksum.c.
4846 * lib/krb5/checksum.c: Move checksum functions here. Add
4847 krb5_cksumsize function.
4849 Wed Jul 9 01:15:38 1997 Assar Westerlund <assar@sics.se>
4851 * lib/krb5/get_host_realm.c: implemented
4853 * lib/krb5/config_file.c: Redid part. New functions:
4854 krb5_config_v?get_next
4856 * kuser/kdestroy.c: new program
4858 * kuser/kinit.c: new flag `-f'
4860 * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress
4862 * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN
4864 * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all
4867 * lib/krb5/get_addrs.c: figure out all local addresses, possibly
4870 * lib/krb5/checksum.c: table-driven checksum
4872 Mon Jul 7 21:13:28 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4874 * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
4877 Mon Jul 7 11:15:51 1997 Assar Westerlund <assar@sics.se>
4879 * lib/roken/vsyslog.c: new file
4881 * lib/krb5/encrypt.c: add des-cbc-md4.
4882 adjust krb5_encrypt and krb5_decrypt to reality
4884 Mon Jul 7 02:46:31 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4886 * lib/krb5/encrypt.c: Implement as a vector of function pointers.
4888 * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
4889 des-cbc-md5 in separate functions.
4891 * lib/krb5/krb5.h: Add more checksum and encryption types.
4893 * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.
4895 Sun Jul 6 23:02:59 1997 Assar Westerlund <assar@sics.se>
4897 * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files
4899 * lib/krb5/config_file.[ch]: new c-based configuration reading
4902 Wed Jul 2 23:12:56 1997 Assar Westerlund <assar@sics.se>
4904 * configure.in: Set WFLAGS if using gcc
4906 Wed Jul 2 17:47:03 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4908 * lib/asn1/der_put.c (der_put_int): Return size correctly.
4910 * admin/ank.c: Be compatible with the asn1 principal format.
4912 Wed Jul 1 23:52:20 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4914 * lib/asn1: Now all decode_* and encode_* functions now take a
4915 final size_t* argument, that they return the size in. Return
4916 values are zero for success, and anything else (such as some
4917 ASN1_* constant) for error.
4919 Mon Jun 30 06:08:14 1997 Assar Westerlund <assar@sics.se>
4921 * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
4924 * lib/krb5/get_cred.c: removed stale prototype for
4925 `extract_ticket' and corrected call.
4927 * lib/asn1/gen_length.c (length_type): Make the length functions
4928 for SequenceOf non-destructive
4930 * admin/ank.c (doit): Fix reading of `y/n'.
4932 Mon Jun 16 05:41:43 1997 Assar Westerlund <assar@sics.se>
4934 * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number
4936 * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.
4938 * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
4939 KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum.
4941 * lib/gssapi/8003.c: New file.
4943 * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
4946 * lib/krb5/auth_context.c: New functions
4947 `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'
4949 Tue Jun 10 00:35:54 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4951 * lib/krb5: Preapre for use of some asn1-types.
4953 * lib/asn1/*.c (copy_*): Constness.
4955 * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
4958 * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
4961 * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
4962 have anything to do with asn1_compile.
4964 * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.
4966 Sun Jun 8 03:51:55 1997 Assar Westerlund <assar@sics.se>
4968 * kdc/kerberos5.c: Fix PA-ENC-TS-ENC
4970 * kdc/connect.c(process_request): Set `new'
4972 * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.
4974 * lib: Added editline,sl,roken.
4976 Mon Jun 2 00:37:48 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4978 * lib/krb5/fcache.c: Move file cache from cache.c.
4980 * lib/krb5/cache.c: Allow more than one cache type.
4982 Sun Jun 1 23:45:33 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4984 * admin/extkeytab.c: Merged with kdb_edit.
4986 Sun Jun 1 23:23:08 1997 Assar Westerlund <assar@sics.se>
4988 * kdc/kdc.c: more support for ENC-TS-ENC
4990 * lib/krb5/get_in_tkt.c: redone to enable pre-authentication
4992 Sun Jun 1 22:45:11 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
4994 * lib/hdb/db.c: Merge fetch and store.
4996 * admin: Merge to one program.
4998 * lib/krb5/str2key.c: Fill in keytype and length.
5000 Sun Jun 1 16:31:23 1997 Assar Westerlund <assar@sics.se>
5002 * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
5003 lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
5004 KRB5_AUTH_CONTEXT_DO_SEQUENCE
5006 * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
5007 KRB_ERROR. Some support for PA_ENC_TS_ENC.
5009 * lib/krb5/auth_context.c: implemented seq_number functions
5011 * lib/krb5/generate_subkey.c, generate_seq_number.c: new files
5013 * lib/gssapi/gssapi.h: avoid including <krb5.h>
5015 * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
5018 * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP
5020 * configure.in: adapted to automake 1.1p
5022 Mon May 26 22:26:21 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5024 * lib/krb5/principal.c: Add contexts to many functions.
5026 Thu May 15 20:25:37 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5028 * lib/krb5/verify_user.c: First stab at a verify user.
5030 * lib/auth/sia/sia5.c: SIA module for Kerberos 5.
5032 Mon Apr 14 00:09:03 1997 Assar Westerlund <assar@sics.se>
5034 * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
5035 able to (mostly) run gss-client and gss-server.
5037 * lib/krb5/keytab.c: implemented krb5_kt_add_entry,
5038 krb5_kt_store_principal, krb5_kt_store_keyblock
5040 * lib/des/md5.[ch], sha.[ch]: new files
5042 * lib/asn1/der_get.c (generalizedtime2time): use `timegm'
5044 * lib/asn1/timegm.c: new file
5046 * admin/extkeytab.c: new program
5048 * admin/admin_locl.h: new file
5050 * admin/Makefile.am: Added extkeytab
5052 * configure.in: moved config to include
5053 removed timezone garbage
5054 added lib/gssapi and admin
5056 * Makefile.am: Added admin
5058 Mon Mar 17 11:34:05 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5060 * kdc/kdc.c: Use new copying functions, and free some data.
5062 * lib/asn1/Makefile.am: Try to not always rebuild generated files.
5064 * lib/asn1/der_put.c: Add fix_dce().
5066 * lib/asn1/der_{get,length,put}.c: Fix include files.
5068 * lib/asn1/der_free.c: Remove unused functions.
5070 * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
5071 gen_length, and gen_copy.
5073 Sun Mar 16 18:13:52 1997 Assar Westerlund <assar@sics.se>
5075 * lib/krb5/sendauth.c: implemented functionality
5077 * lib/krb5/rd_rep.c: Use `krb5_decrypt'
5079 * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
5082 * lib/krb5/principal.c (krb5_free_principal): added `context'
5083 argument. Changed all callers.
5085 (krb5_sname_to_principal): new function
5087 * lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
5088 argument. Changed all callers
5090 * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files
5092 * lib/asn1/gen.c: Fix encoding and decoding of BitStrings
5094 Fri Mar 14 11:29:00 1997 Assar Westerlund <assar@sics.se>
5096 * configure.in: look for *dbm?
5098 * lib/asn1/gen.c: Fix filename in generated files. Check fopens.
5099 Put trailing newline in asn1_files.
5101 Fri Mar 14 05:06:44 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5103 * lib/krb5/get_in_tkt.c: Fix some memory leaks.
5105 * lib/krb5/krbhst.c: Properly free hostlist.
5107 * lib/krb5/decrypt.c: CRCs are 32 bits.
5109 Fri Mar 14 04:39:15 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5111 * lib/asn1/gen.c: Generate one file for each type.
5113 Fri Mar 14 04:13:47 1997 Assar Westerlund <assar@sics.se>
5115 * lib/asn1/gen.c: Generate `length_FOO' functions
5117 * lib/asn1/der_length.c: new file
5119 * kuser/klist.c: renamed stime -> printable_time to avoid conflict
5122 Fri Mar 14 03:37:23 1997 Johan Danielsson <joda@emma.pdc.kth.se>
5124 * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
5125 datums. Don't add .db to filename.
5127 Fri Mar 14 02:49:51 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5129 * kdc/dump.c: Database dump program.
5131 * kdc/ank.c: Trivial database editing program.
5133 * kdc/{kdc.c, load.c}: Use libhdb.
5135 * lib/hdb: New database routine library.
5137 * lib/krb5/error/Makefile.am: Add hdb_err.
5139 Wed Mar 12 17:41:14 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5141 * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.
5143 * lib/asn1/gen.c: Generate free functions.
5145 * Some specific free functions.
5147 Wed Mar 12 12:30:13 1997 Assar Westerlund <assar@sics.se>
5149 * lib/krb5/krb5_mk_req_ext.c: new file
5151 * lib/asn1/gen.c: optimize the case with a simple type
5153 * lib/krb5/get_cred.c (krb5_get_credentials): Use
5154 `mk_req_extended' and remove old code.
5156 * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
5157 EncASRepPart, then with an EncTGSRepPart.
5159 Wed Mar 12 08:26:04 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5161 * lib/krb5/store_emem.c: New resizable memory storage.
5163 * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c
5165 * lib/krb5/krb5.h: Add free entry to krb5_storage.
5167 * lib/krb5/decrypt.c: Make keyblock const.
5169 Tue Mar 11 20:22:17 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5171 * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.
5173 * lib/krb5/rd_req.c: Return whole asn.1 ticket in
5176 * lib/krb5/get_in_tkt.c: TGS -> AS
5178 * kuser/kfoo.c: Print error string rather than number.
5180 * kdc/kdc.c: Some kind of non-working TGS support.
5182 Mon Mar 10 01:43:22 1997 Assar Westerlund <assar@sics.se>
5184 * lib/asn1/gen.c: reduced generated code by 1/5
5186 * lib/asn1/der_put.c: (der_put_length_and_tag): new function
5188 * lib/asn1/der_get.c (der_match_tag_and_length): new function
5190 * lib/asn1/der.h: added prototypes
5192 Mon Mar 10 01:15:43 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5194 * lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
5195 krb5_rd_req_with_keyblock.
5197 * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
5198 takes a precomputed keyblock.
5200 * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.
5202 * lib/krb5/mk_req.c: Calculate checksum of in_data.
5204 Sun Mar 9 21:17:58 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5206 * lib/krb5/error/compile_et.awk: Add a declaration of struct
5207 error_list, and multiple inclusion block to header files.
5209 Sun Mar 9 21:01:12 1997 Assar Westerlund <assar@sics.se>
5211 * lib/krb5/rd_req.c: do some checks on times
5213 * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
5214 address.c}: new files
5216 * lib/krb5/auth_context.c: more code
5218 * configure.in: try to figure out timezone
5220 Sat Mar 8 11:41:07 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5222 * lib/krb5/error/error.c: Try strerror if error code wasn't found.
5224 * lib/krb5/get_in_tkt.c: Remove realm parameter from
5227 * lib/krb5/context.c: Initialize error table.
5229 * kdc: The beginnings of a kdc.
5231 Sat Mar 8 08:16:28 1997 Assar Westerlund <assar@sics.se>
5233 * lib/krb5/rd_safe.c: new file
5235 * lib/krb5/checksum.c (krb5_verify_checksum): New function
5237 * lib/krb5/get_cred.c: use krb5_create_checksum
5239 * lib/krb5/checksum.c: new file
5241 * lib/krb5/store.c: no more arithmetic with void*
5243 * lib/krb5/cache.c: now seems to work again
5245 Sat Mar 8 06:58:09 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5247 * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.
5249 * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.
5251 * lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
5253 * lib/krb5/{cache,keytab}.c: Use new storage functions.
5255 * lib/krb5/krb5.h: Protypes for new storage functions.
5257 * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
5258 data to more than file descriptors.
5260 Sat Mar 8 01:01:17 1997 Assar Westerlund <assar@sics.se>
5262 * lib/krb5/encrypt.c: New file.
5264 * lib/krb5/Makefile.am: More -I
5266 * configure.in: Test for big endian, random, rand, setitimer
5268 * lib/asn1/gen.c: perhaps even decodes bitstrings
5270 Thu Mar 6 19:05:29 1997 Johan Danielsson <joda@blubb.pdc.kth.se>
5272 * lib/krb5/config_file.y: Better return values on error.
5274 Sat Feb 8 15:59:56 1997 Assar Westerlund <assar@pdc.kth.se>
5276 * lib/asn1/parse.y: ifdef HAVE_STRDUP
5278 * lib/asn1/lex.l: ifdef strdup
5279 brange-dead version of list of special characters to make stupid
5282 * lib/asn1/gen.c: A DER integer should really be a `unsigned'
5284 * lib/asn1/der_put.c: A DER integer should really be a `unsigned'
5286 * lib/asn1/der_get.c: A DER integer should really be a `unsigned'
5288 * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
5291 * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
5292 lib/krb/store.h: new files.
5294 * lib/krb5/keytab.c: now even with some functionality.
5296 * lib/asn1/gen.c: changed paramater from void * to Foo *
5298 * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
5301 Sun Jan 19 06:17:39 1997 Assar Westerlund <assar@pdc.kth.se>
5303 * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
5304 cc before getting new ones.
5306 * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.
5308 * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
5309 CRC should be stored LSW first. (?)
5311 * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
5312 `krb5_free_keyblock'
5314 * lib/**/Makefile.am: Rename foo libfoo.a
5316 * include/Makefile.in: Use test instead of [
5317 -e does not work with /bin/sh on psoriasis
5319 * configure.in: Search for awk
5320 create lib/krb/error/compile_et
5322 Tue Jan 14 03:46:26 1997 Assar Westerlund <assar@pdc.kth.se>
5324 * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c
5326 Wed Dec 18 00:53:55 1996 Johan Danielsson <joda@emma.pdc.kth.se>
5328 * kuser/kinit.c: Guess principal.
5330 * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
5333 * lib/krb5/error/asn1_err.et: Add ASN.1 error messages.
5335 * lib/krb5/mk_req.c: Get client from cache.
5337 * lib/krb5/cache.c: Add better error checking some useful return
5340 * lib/krb5/krb5.h: Fix krb5_auth_context.
5342 * lib/asn1/der.h: Make krb5_data compatible with krb5.h
5344 Tue Dec 17 01:32:36 1996 Johan Danielsson <joda@emma.pdc.kth.se>
5346 * lib/krb5/error: Add primitive error library.
5348 Mon Dec 16 16:30:20 1996 Johan Danielsson <joda@emma.pdc.kth.se>
5350 * lib/krb5/cache.c: Get correct address type from cache.
5352 * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.