diff options
Diffstat (limited to 'third_party/heimdal/ChangeLog.2003')
-rw-r--r-- | third_party/heimdal/ChangeLog.2003 | 1795 |
1 files changed, 1795 insertions, 0 deletions
diff --git a/third_party/heimdal/ChangeLog.2003 b/third_party/heimdal/ChangeLog.2003 new file mode 100644 index 0000000..1ffd9de --- /dev/null +++ b/third_party/heimdal/ChangeLog.2003 @@ -0,0 +1,1795 @@ +2003-12-19 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/error_string.c: protect error_string with mutex + + * lib/krb5/context.c: allocate and destroy mutex in krb5_context + + * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string + +2003-12-18 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kinit.c: make -9 work again + +2003-12-17 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/init_creds_pw.c: try handle ts preauth better, still + not good, but at least it work with older heimdal releases that + doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was + sent + +2003-12-16 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer + used + +2003-12-11 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as + parameters, required by CMS + +2003-12-07 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab): + avoid memory leak that snuck in when krb5_keytab_key_proc was + exported, pointed out by Panases Inc + + * lib/krb5/keytab_file.c: do locking, found to be a problem for + Panasas Inc + + * lib/krb5/fcache.c: internally export x{,un}lock and thus prefix + them with _krb5_ + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use + KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded + krb-cred + + * lib/krb5/krb5_auth_context.3: some text about + krb5_auth_con_{add,remove}flags + + * lib/krb5/auth_context.c: add krb5_auth_con_addflags and + krb5_auth_con_removeflags + +2003-12-03 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to + avoid memory leak + +2003-12-02 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/crypto.c: require cipher-text to be padded to padsize + + * lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is + deprecated in RFC3493 + + * lib/krb5/verify_krb5_conf.c (check_host): don't check for + EAI_NODATA, because its depricated in RFC3493 Pointed out by + Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss + +2003-12-01 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS + + * lib/krb5/test_crypto.c: add --version,--help + + * kuser/kinit.c (main): return the return value from simple_execvp + +2003-11-26 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kinit.c: don't use PKINIT DH per default since its too + slow + + * lib/krb5/pkinit.c: tweek to make pkinit work with the fact the + asn1_compile can't generate code for context tagless optionals + + * kdc/pkinit.c: add support for KDC side of DH PKINIT + + * lib/krb5/pkinit.c: clean up error handling, make enc-type work + again + +2003-11-25 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kinit.c: add flag to make it work with pkinit dh + + * lib/krb5/pkinit.c: make PKINIT DH support work + +2003-11-24 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen + + * kdc/pkinit.c: clean up + + * lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field + + * lib/krb5/pkinit.c: remove most compile depencies clean up + + * kdc/pkinit.c: print an error and turn of pkinit if openssl + failed to load + + * kdc/config.c: read pkinit (pki-mumble) configuration options + + * kdc/kerberos5.c: add pkinit support + + * kdc/kdc_locl.h: add prototypes for pkinit + + * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I + removed the dependency on valicert asn1 parser, remove smartcard + and globus support (for now). Work to be done on this: DH support, + Globus support, Smartcard support, windows support (MS implements + -09 of the draft), make it conform to the new draft + + * lib/krb5/pkinit.c: fix bugs, improve error reporting + +2003-11-23 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kinit.c: add some "struct foo;" glue for pkinit + structures that isn't used + + * lib/krb5/pkinit.c: clean up, make remove depenency on openssl's + api + + * lib/krb5/krb5_locl.h: add some glue for pkinit add reference + counter to _krb5_get_init_creds_opt_private + + * lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt + private component to avoid copy all the data in it + + * lib/krb5/crypto.c (AES_string_to_key): fix memory leak + + * lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak + + * lib/krb5/heim_threads.h: include pthread.h in the pthread case + +2003-11-18 Love Hörnquist Åstrand <lha@it.su.se> + + * kpasswd/kpasswdd.c (main): parse kdc.conf + From: Jeffrey Hutzelman <jhutz@cmu.edu> + +2003-11-15 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am (TESTS): add test_crypto + + * lib/krb5/test_crypto.c: time crypto operations + +2003-11-14 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/init-creds: spelling, Bruno Rohee <bruno@rohee.com> + +2003-11-09 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free + the ticket now, rewrite error handling to handle that + + * kpasswd/kpasswdd.c (process): don't free ticket, + krb5_free_ticket does that now + + * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket + does that now + + * lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to + match mit behavior, pointed out by Derrick Brashear + + * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket + +2003-11-08 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/padata.c: add krb5_padata_add + + * lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible + + * lib/krb5/Makefile.am: add pkinit.c + + * kuser/kinit.c: add pkinit support + + * lib/krb5/init_creds_pw.c: add support for pkinit + + * lib/krb5/krb5_locl.h: add the opaque krb5_pk_init_ctx to + _krb5_get_init_creds_opt_private + + * lib/krb5/pkinit.c: rename krb5_pk_init_openssl_ctx to + krb5_pk_init_ctx fix win2k error handling + + * lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr + Holub, I removed the dependency on valicert asn1 parser, remove + smartcard and globus support (for now). Work to be done on this: + DH support, Globus support, Smartcard support, windows support (MS + implements -09 of the draft), verify that it conforms the new + draft + +2003-11-07 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/der_copy.c (copy_oid): copy all components + +2003-10-27 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/krb5.conf.5: document capaths section + +2003-10-22 Johan Danielsson <joda@pdc.kth.se> + + * kdc/kerberos5.c: make sure that the server realm and the krbtgt + second component are identical; get rpath from the capaths section + + * kdc/kerberos5.c: change logic for when to check transited policy + to a tri-state model involving per principal flags (to be + implemented) + + * kdc/kdc_locl.h: change enforce_transited_policy to a tri-state + variable + + * kdc/config.c: change enforce_transited_policy to a tri-state + variable + +2003-10-22 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out + encoding to make sure it have a defined value on failure + + * lib/krb5/transited.c (krb5_domain_x500_encode): + if num_realms ==0, set encoding and return (avoids malloc(0)), + check return value for malloc + +2003-10-21 Johan Danielsson <joda@pdc.kth.se> + + * kdc/kerberos5.c (fix_transited_encoding): always print + cross-realm information + +2003-10-21 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/setup.texi: spelling, From: Tracy Di Marco White + + * kdc/kerberos5.c (fix_transited_encoding): set transited type + +2003-10-21 Johan Danielsson <joda@pdc.kth.se> + + * kdc/kdc.8: document enforce-transited-policy + + * kdc/kerberos5.c: always check transited policy if flag set + either globally or on principal + + * kdc/config.c: add flag to always check transited policy + + * lib/hdb/hdb.asn1: add flag to enforce transited policy + +2003-10-21 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms + to zero not num_realms + + * kuser/kgetcred.1: add --no-transit-check + + * kuser/kgetcred.c: add --no-transit-check + + * doc/setup.texi: describe Transit policy + +2003-10-20 Johan Danielsson <joda@pdc.kth.se> + + * kdc/kerberos5.c (fix_transited_encoding): also verify with + policy, unless asked not to + + * lib/krb5/rd_req.c (krb5_decrypt_ticket): try to verify transited + realms, unless the transited-policy-checked flag is set + + * lib/krb5/transited.c (krb5_domain_x500_decode): handle zero + length tr data; + (krb5_check_transited): new function that does more useful stuff + + * lib/krb5/get_cred.c: get capath info from [capaths] section + +2003-10-16 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/fcache.c: Sleep forever waiting for lock. Previous + method doesn't work well with a large number of clients accessing + the cache at the same time, and there is no simple way to add a + timeout to the lock. + +2003-10-13 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/verify_krb5_conf.c: print the error value + krb5_init_context failed with + + * lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if + there is binding before a section declaration. Bug found by + Arkadiusz Miskiewicz <arekm@pld-linux.org> + +2003-10-13 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/fcache.c (erase_file): revert a change in previous; if + the ccache is a symlink, kdestroy should remove it + + * lib/krb5/fcache.c: implement locking + +2003-10-12 Johan Danielsson <joda@pdc.kth.se> + + * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred + returns error other than KRB5_CC_END + +2003-10-07 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/init_creds_pw.c: add some help function that is common + between ENC_TS and SAM2, free the etype{,2}-infos on failure, move + the pa counter into krb5_get_init_creds_ctx + +2003-10-06 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/kaserver.c (do_getticket): if times data is shorter then 8 + byte, request is malformed. + + * kdc/kaserver.c (do_authenticate): if request length is less then + 8 byte, its a bad request and fail. Pointed out by Marco Foglia + <marco@foglia.org> + + * lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that + warns for mit syntax is used and just ignore the mit syntax when + its used + + * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi] + +2003-10-04 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/lex.l: add BOOLEAN + + * lib/asn1/parse.y: add BOOLEAN + +2003-10-03 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kinit.c: When running kinit in "fork mode" do pagsh + independent of krb4, also always do krb4 setup of cc. Always try + to destroy the v4 cc. + - add boolean --{,no-}request-pac that will request pac or not + + * kuser/klist.c (check_for_tgt): set client as part of the + pattern/match cred + + * lib/krb5/convert_creds.c (_krb5_krb_dest_tkt): unlink v4 token + (get_krb4_cc_name): move out from _krb5_krb_tf_setup + (_krb5_krb_tf_setup): adapt to allocated filename instead of + static filename + + * lib/krb5/krb5-v4compat.h: add _krb5_krb_dest_tkt and TKT_ROOT + + * lib/krb5/init_creds_pw.c (*) send PA_PAC_REQUEST when the user + have requested either use PAC or not use PAC, if the option not + set from the user, leave it up to the kdc to decide. + (init_creds_loop): clear error string on success + + * lib/krb5/init_creds.c: add + krb5_get_init_creds_opt_set_paq_request break out common part of + extended opt functions to require_ext_opt + + * lib/krb5/krb5_locl.h: add enum krb5_get_init_creds_req_pac and + use it in struct _krb5_get_init_creds_opt_private + + * tools/kdc-log-analyze.pl: handle some more failure lines + + * doc/programming.texi: some diffrences between Heimdal and MIT + Kerberos in the API + + * doc/setup.texi: add Setting up DNS + + * lib/krb5/rd_req.c (krb5_rd_req): always free keyblock since its + alway used + + * lib/asn1/Makefile.am: add SAM types and PAC_REQUEST + + * lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST + + * lib/asn1: add boolean support + +2003-10-02 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on + failure + +2003-09-30 Love Hörnquist Åstrand <lha@it.su.se> + + * appl/test/http_client.c (do_connect): use ai_protocol 0 + + * lib/krb5/init_creds_pw.c (init_cred_loop): handle + KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting + LARGE_MSG from send to kdc, and if this is the second time bail + out; try to free memory + + * lib/krb5/send_to_kdc.c (krb5_sendto_kdc_flags): new function, + and then implement the order krb5_sendto_kdc* function with this + function. + + * lib/krb5/krbhst.c (krb5_krbhst_init_flags): new function, use it + and adapt callers + (krbhst_get_default_proto): new function, returns udp, or in case + large_msg was requested for the krb5_krbhst_data, use tcp. + (*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid + using udp, use krbhst_get_default_proto + + * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and + krb5_send_to_kdc_flags) + +2003-09-23 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth + context, use that + + * appl/test/uu_client.c: print authorization data if there are any + + * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String + +2003-09-21 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy + * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy + + * lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen + + * kuser/kinit.c: don't get v4 tickets by default + +2003-09-20 Love Hörnquist Åstrand <lha@it.su.se> + + * kpasswd/kpasswdd.c (process): remove a abort() + + * doc/win2k.texi: add some text about netdom.exe and trusts + + * TODO-1.0: gssapi rc4 done + + * kpasswd/kpasswdd.c: add support for Set password protocol as + defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change + Password and Set Password Protocols + +2003-09-19 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/db3.c: improve readability of ->open ifdef, check if + version >= 4.1 + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add + + * lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key + in the auth_context, they way processes that doesn't use the + keytab can still pass in the key of the service (matches behavior + of MIT Kerberos). + +2003-09-18 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/init_creds_pw.c: collect all init_creds context into a + structure so it can easier be passed around, also, while here, + change nonce for every request + + * lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before + the loop, add_padata() will handle that itself + + * lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len + until in contains interesting data, use right iteration counter + when clearing the addresses + + * lib/krb5/log.c (log_realloc): increase len after realloc returns + sucessfully + +2003-09-12 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/config_file.c: fix prototypes + From: Fredrik Ljungberg <flag@pobox.se> + +2003-09-10 Love Hörnquist Åstrand <lha@it.su.se> + + * appl/test/http_client.c: close socket when we are done, don't + allow the server to restart gssapi negotiation + + * lib/hdb/hdb_locl.h: include <limits.h> for ULONG_MAX noted by + Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss + + * appl/test/gssapi_client.c (proto): use select_mech + + * appl/test/http_client.c: use getarg + + * appl/test/gss_common.h: prototype for select_mech + + * appl/test/gss_common.c (select_mech): return the gss_OID from a + mech name + + * appl/test/http_client.c: print both source and target + + * appl/test/Makefile.am: build http_client + +2003-09-09 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/asn1_print.c: add support for printing Enumerated + + * appl/test/gssapi_client.c: allow user to select mech; krb5, + spnego, and no-oid + + * appl/test/test_locl.h: add mech + + * appl/test/common.c: add --mech,-m argument + + * appl/test/gssapi_server.c: print the mech that was used + + * kdc/kerberos5.c (only_older_enctype_p): check request if the + client only supports old enctypes, before it used the database + +2003-09-08 Love Hörnquist Åstrand <lha@it.su.se> + + * **/*.c: add context argument to krb5_get_init_creds_opt_alloc + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add + context argument + + * lib/krb5/krb5_get_init_creds.3: spelling + +2003-09-04 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/context.c (add_file): make len argument an pointer to + an integer + + * lib/asn1/k5.asn1: add SAM types + + * lib/krb5/init_creds_pw.c: break out the encrypt timestamp + preauth to its function break out the pa_data_to_key_plain to its + own function make more variables const + +2003-09-04 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt} + +2003-09-03 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.h: Add key usage for encryption of the + SAM-NONCE-OR-SAD field. + + * include/make_crypto.c: include <openssl/ui.h> in the openssl + case + + * kdc/hprop.h: use new DES_ api + + * lib/krb5/krb5-v4compat.h: assume session key is a char array of + length 8 + + * lib/krb5/prompter_posix.c: + s/des_read_pw_string/UI_UTIL_read_pw_string/ + + * kuser/kinit.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ + + * kdc/string2key.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ + + * kdc/kstash.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ + + * admin/add.c: s/des_read_pw_string/UI_UTIL_read_pw_string/ + + * lib/krb5/crypto.c: switch from the des_ to the DES_ api + + * kdc/hprop.c: use DES_KEY_SZ instead of sizeof(des_block) + + * kuser/kverify.c: use + krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free + + * kpasswd/kpasswd-generator.c: use + krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free + + * kdc/hprop.c: use + krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free compare + a uint32_t with 0xffffffff instead of -1 + + * lib/krb5/krb5_425_conv_principal.3: fix [Gt] + + * kuser/kinit.c: use + krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): handle + password passed in though context + + * lib/krb5/Makefile.am (TESTS): += test_config + + * lib/krb5/aes-test.c: move variable thats used within a #ifdef to + be defined within that #ifdef + + * lib/krb5/data.c (krb5_data_free): reset whole krb5_data when + freeing it + + * lib/krb5/keyblock.c (krb5_keyblock_zero): new function, zeros + out a keyblock + + * lib/krb5/init_creds_pw.c: rewrite/implement + krb5_get_init_creds_password with new preauth handing, still it + can only work with krb5-pa-enc-timestamp for preauth, but now it + can handle etype-info2 + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): allocate + a opt structure + (krb5_get_init_creds_opt_free): free a opt structure + (krb5_get_init_creds_opt_set_pa_password): set preauth info for + enc-timestamp + + * lib/krb5/krb5_locl.h: add struct + _krb5_get_init_creds_opt_private + +2003-09-02 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef, + add a pointer to a private part of krb5_get_init_creds_opt + + * kdc/string2key.c (main): avoid const warning by using a extra + variable + +2003-08-31 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): + reindent + + * lib/krb5/ticket.c (krb5_copy_ticket): free all data when + failing, copy data to right memory, the later pointed out by Luke + Howard. + +2003-08-30 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers + +2003-08-29 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/db3.c: try to include more db headers + + * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss + From: Luke Howard <lukeh@PADL.COM> + +2003-08-28 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56 + + * appl/test/gssapi_client.c: send both INT and CONF wrapped token + + * appl/test/gssapi_server.c: recv both INT and CONF wrapped token + + * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE + +2003-08-27 Love Hörnquist Åstrand <lha@it.su.se> + + * appl/test/uu_client.c (proto): fill in client in the match cred + +2003-08-26 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers + + * lib/krb5/crypto.c (usage2arcfour): simplify, only include + special cases From: Luke Howard <lukeh@PADL.COM> + +2003-08-25 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard + <lukeh@PADL.COM> + + * lib/krb5/crypto.c (arcfour_checksum_p): return true when is + arcfour, not when its not pointed out by Luke Howard + + * doc/ack.texi: update Luke Howard email address + +2003-08-24 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_encrypt.3: document: + krb5_crypto_getconfoundersize, krb5_crypto_getblocksize + krb5_crypto_getenctype, krb5_crypto_getpadsize + + * lib/krb5/crypto.c (krb5_crypto_getpadsize, + krb5_crypto_getconfoundersize): added From: Luke Howard + <lukeh@PADL.COM> + +2003-08-23 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/connect.c (handle_tcp): handle recvfrom returning 0 + (connection closed) + + * kdc/connect.c (grow_descr): increment the size after we succeed + to allocate the space + + * lib/krb5/krb5_create_checksum.3: text about when + krb5_crypto_get_checksum_type is useful + + * lib/krb5/crypto.c (krb5_crypto_get_checksum_type): fix format + string + + * lib/krb5/krb5_create_checksum.3: document + krb5_crypto_get_checksum_type + + * lib/krb5/crypto.c: add krb5_crypto_get_checksum_type + From: Luke Howard <lukeh@PADL.COM> + + * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code + From: Luke Howard <lukeh@PADL.COM> + +2003-08-21 Love Hörnquist Åstrand <lha@it.su.se> + + * include/make_crypto.c: include aes.h inc in the local libdes + case too + +2003-08-20 Johan Danielsson <joda@pdc.kth.se> + + * lib/asn1/der_free.c: set free'd poiners to NULL + + * lib/asn1/gen_free.c: set free'd poiners to NULL + +2003-08-20 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support + on netbsd + + * lib/krb5/crypto.c: Do the arcfour checksum mapping for + krb5_create_checksum and krb5_verify_checksum, From: Luke Howard + <lukeh@PADL.COM> + +2003-08-18 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/test_config.c: check krb5_prepend_config_files_default + and krb5_prepend_config_files + + * lib/krb5/context.c: add krb5_prepend_config_files and + krb5_prepend_config_files_default + +2003-08-17 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t + as argument + + * lib/krb5/parse-name-test.c: please lint (and me) + + * kdc/config.c (configure): remove only set variable 'e' + + * kdc/connect.c (init_socket): sockaddr size argument to + krb5_addr2sockaddr is a krb5_addr2sockaddr * + + * kdc/kerberos5.c (as_rep): remove usused variable + (tgs_rep2): don't use a temporary ret-variable, ret is reset later + + * lib/krb5/krb5_get_in_cred.3: these function will be deprecated + + * lib/krb5/Makefile.am: man_MANS += krb5_get_init_creds.3 + + * lib/krb5/krb5_get_init_creds.3: begining of documentation of + krb5_get_init_creds + + * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with + with the mit implemtation, don't free `creds' argument when done, + its up the the caller to do that, also allow a NULL ccache. + +2003-08-16 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.conf.5: document tgs_require_subkey + + * lib/asn1/Makefile.am: remove trance of generate tests files, its + not really for consumption yet + + * lib/hdb/Makefile.am: split generated source from non generated + source we make-proto.pl can generate prototypes for non + generate-source only (make-proto.pl dies on asn1compile's .c + files) + + * lib/krb5/get_cred.c (init_tgs_req): make generation of subkey + optional on configuration parameter + [realms]realm={tgs_require_subkey=bool} + defaults to off. The RFC1510 weakly defines the correct behavior, + so old DCE secd apparently required the subkey to be there, and MS + will use it when its there. But the request isn't encrypted in the + subkey, so you get to choose if you want to talk to a MS mdc or a + old DCE secd. + + * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero + +2003-08-15 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/principal.c (unparse_name): len can't be zero, so, + don't check for that + +2003-08-13 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/principal.c (unparse_name): make sure there are space + for a NUL, set *name to NULL when there is a failure (so caller + can't get hold of a freed pointer) + +2003-07-26 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/kerberos.8: remove duplicate manual, from + cjep@netbsd.org + +2003-07-25 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/cache.c: indent + + * lib/krb5/cache.c (krb5_cc_set_default_name): only read + KRB5CCNAME when not suid + +2003-07-24 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes, + use a char array instead of des_cblock + +2003-07-23 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2 + + * lib/krb5/crypto.c (hmac): make it return an error when out of + memory, update callsites to either return error or use krb5_abortx + (krb5_hmac): expose hmac + +2003-07-22 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype + of keyblock + + * lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3 + + * lib/krb5/krb5_keyblock.3: some information about krb5_keyblock + and related functions + + * lib/krb5/heim_threads.h: make the non-debug version of the mutex + macros "use" the "mutex" integer so the compile wont complain + about defined unused variables + + * lib/krb5/heim_threads.h: make thread local storage macros take a + "return" argument so no functions need to be created for the + no-pthread case + + * lib/krb5/heim_threads.h: adding RWLOCKS and [sg]etspecific + + * configure.in: use KRB_PTHREADS + + * lib/asn1/Makefile.am (gen_files): add asn1_KerberosString and + sort + + * lib/asn1/k5.asn1 (ETYPE-INFO2-ENTRY): salt is a KerberosString + + * lib/krb5/krb5.3: add ticket access functions + * lib/krb5/krb5_ticket.3: ditto + * lib/krb5/ticket.c: ditto + * lib/krb5/Makefile.am: ditto + + * lib/krb5/mit_glue.c: add some more krb5_c functions + + * lib/krb5/krb5_c_make_checksum.3: add some more krb5_c functions + + * lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type + is a valid one + + * lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented + error string when there is a context + (krb5_checksum_is_collision_proof): ditto + +2003-07-21 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data + argument optional + (krb5_c_{encrypt,decrypt}): return "better" error codes for + invalid ivec length + + * lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum + usage + + * lib/krb5/crypto.c (krb5_crypto_getenctype): new function + + * include/make_crypto.c: avoid redefining + OPENSSL_DES_LIBDES_COMPATIBILITY + + * lib/krb5/krb5.h: add krb5_enc_data + +2003-07-19 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.3: add krb5_c_ functions + + * lib/krb5/mit_glue.c: support passing in NULL as the + cipher_state/ivec + + * lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and + krb5_c_decrypt + + * lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue + + * lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when + calculating the length of the encrypted data, use the keyed + checksum length if the enctype supports a keyed checksum. This + only matter for aes, for all other enctypes the key and unkeyed + checksum have the same length. + +2003-07-18 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/mit_glue.c: first version of krb5_c encryption glue + + * doc/install.texi: update pointer to luke ldap documentation + + * lib/hdb/hdb.c (hdb_create): check for dynamic backend after + static to avoid warning from dynamic backend when using a known + static backend + +2003-07-16 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/cache.c: don't return value in void function + +2003-07-15 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/creds.c (krb5_compare_creds): if client is specified in + the mcreds, check that too + + * lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}: + prefix libasn1 types with heim_ + + * lib/asn1: prefix typedefs and structs with heim_ + +2003-07-13 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb.c: avoid unnecessary setting of variable + +2003-07-07 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred + + * appl/test/uu_client.c (proto): use krb5_cc_clear_mcred + + * lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free + in the req_body addresses since they where pass in by caller + (find_cred): use krb5_cc_clear_mcred + + * lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred + + * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a + krb5_creds to use with krb5_cc_retrieve_cred + +2003-06-30 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix, + don't load anything + +2003-06-29 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke + Howard <lukeh@PADL.COM> + + * lib/hdb/hdb.h: add struct hdb_so_method and + HDB_INTERFACE_VERSION + +2003-06-28 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using + arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since + Microsoft calculates the keyed checksum with the subkey of the + authenticator. + + * kuser/kinit.c: write out v4 credential caches with + _krb5_krb_tf_setup + + * lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup + + * lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4 + credential to a new krb4 ticket file + +2003-06-27 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since + it contains more than 9 words; from wiz + +2003-06-25 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from + stefan sokoll <stefansokoll@yahoo.de> + +2003-06-24 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text + + * lib/krb5/time.c: improve comment for krb5_set_real_time + +2003-06-23 Johan Danielsson <joda@pdc.kth.se> + + * kuser/kinit.1: document -A + + * kuser/kinit.c: add -A as an alias for --no-addresses + +2003-06-22 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a + krb5_timestamp to krb5_us_timeofday + + * lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to + krb5_us_timeofday + + * lib/krb5/time.c (krb5_set_real_time): fix comment and make it + work + + * lib/krb5/time.c, lib/krb5/krb5_timeofday.3, + lib/krb5/Makefile.am lib/krb5/test_time.c: + + implement krb5_set_real_time, used by SAMBA, requested by Luke + Howard <lukeh@PADL.COM> + + * lib/asn1/k5.asn1: make the aes and sha1 checksum types match + draft-ietf-krb-wg-crypto-05 + +2003-06-21 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data + + * lib/krb5/crypto.c: clean up AES code to use a structure instead + of a key array + (_krb5_AES_string_to_default_iterator): set to 4096 as described in + aes draft -04 + (derive_key): always remove the key->schedule since its + will contain the wrong (parent key) info + +2003-06-18 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn + * doc/setup.texi: add more kdc's to the example + +2003-06-17 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto + Patino <jalbertop@aranea.com.mx>, Luke Howard <lukeh@PADL.COM> + Pointed out by Andrew Bartlett of Samba + + * lib/krb5/heim_threads.h: remove freebsd comment, don't use debug + pthread stubs by default + + * lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3 + + * lib/krb5/krb5_free_addresses.3: removed file, functions are + documented in krb5_address.3 + + * lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2 + + * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add + krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256 + +2003-06-06 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/setup.texi: Point out that slave needs /var/heimdal + directory and masterkey From: Mans Nilsson <mansaxel@sunet.se>, + Fix spelling while here + +2003-06-02 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3: + add manpage for: krb5_get_in_cred, krb5_get_in_tkt, + krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password, + krb5_get_in_tkt_with_skey + +2003-05-28 Assar Westerlund <assar@kth.se> + + * lib/krb5/heim_threads.h: Fix unlock/destroy macros for the + non-threaded cases to work. Fix typo. + +2003-05-27 Johan Danielsson <joda@pdc.kth.se> + + * lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of + "unsigned" integers. If MSB is set, we need to pad with a zero + byte. + +2003-05-27 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes + + * lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap + connection + (LDAP_store): remove superfluous argument to asprintf + + From Alberto Patino <jalbertop@aranea.com.mx> + +2003-05-26 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/*.[0-9]: pacify mdoclink + + * lib/krb5/krb5_ccache.3: document diffrences between mit and + heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$// + +2003-05-21 Love Hörnquist Åstrand <lha@it.su.se> + + * appl/test/gssapi_server.c (proto): start to use + gss_krb5_copy_ccache + + * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t + groveling for now + +2003-05-20 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1: + - add parser/generate glue for UTF8String and NULL + (DER primitive encode/decode functions missing) + - handle parsing of DEFAULT and, ... + +2003-05-16 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/heim_threads.h: add missing argument to mutex_init + + * lib/krb5/crypto.c: protect the random initiator with a mutex + + * lib/krb5/mcache.c: protect the mcc_head with a mutex + + * lib/krb5/krb5_locl.h: include heim_threads.h + + * lib/krb5/heim_threads.h: wrapper macros for thread + synchronization primitives + +2003-05-15 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_principal.3 + lib/krb5/Makefile.am: + Add all Kerberos principal function to one manpage, add a few more + principal function to it, remove old now dup manpages + + * lib/krb5/krb5_build_principal.3: remove file + * lib/krb5/krb5_free_principal.3: remove file + * lib/krb5/krb5_sname_to_principal.3: remove file + * lib/krb5/krb5_principal_get_realm.3: remove file + +2003-05-14 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd + + * lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from + netbsd + + * lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort + sections, from netbsd + + * lib/krb5/krb5_keytab.3: .Sh EXAMPLE -> .Sh EXAMPLES, mdoc fixes, + from netbsd + + * lib/krb5/krb5_get_krbhst.3: .Sh EXAMPLE -> .Sh EXAMPLES, from + netbsd + + * lib/krb5/krb5_get_all_client_addrs.3: add .Os, from NetBSD + + * lib/krb5/krb5_build_principal.3: sort sections, from NetBSD + + * lib/krb5/krb5.conf.5: .Sh EXAMPLE -> .Sh EXAMPLES, from netbsd + + * lib/krb5/get_default_realm.c: compatability -> compatibility, + from netbsd + + * lib/krb5/krb5_warn.3: add copyright/license + + * lib/krb5/krb5_context.3: add SYNOPSIS and LIBRARY + + * lib/krb5/krb5.3: add RCSID + + * kdc/hprop.8: fix mdoc problem, from netbsd + + * lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner + <wiz@netbsd.org> + + * kuser/kinit.1: setup -> set up, new sentence, new line from + Thomas Klausner <wiz@netbsd.org> + +2003-05-13 Love Hörnquist Åstrand <lha@it.su.se> + + * kpasswd/kpasswd.1: handle setting passwords for multiple + principals at the same time + + * kpasswd/kpasswd.c: handle setting passwords for multiple + principals at the same time + + * lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and + rfc3244 share the response packet sure more constants now that + they exists + +2003-05-12 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.h: some define for rfc3244 + + * lib/krb5/krb5.3: add krb5_change_password and krb5_set_password + + * kpasswd/kpasswd.1: document --admin-principal + + * kpasswd/kpasswd.c: use krb5_set_password + + * lib/krb5/krb5_set_password.3: document krb5_change_password and + krb5_set_password + + * lib/krb5/changepw.c: implement rfc3244, partly from + shadow@dementia.org + + * lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for + RFC3244 + + * lib/asn1/k5.asn1: add ChangePasswdDataMS, for + RFC3244 + +2003-05-08 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kdestroy.c: destroy tokens even if there isn't v4 support + + * kuser/kinit.c: get token even if there isn't v4 support + + * kuser/klist.c: print tokens even if there isn't v4 support + +2003-05-06 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/name-45-test.c: need to use empty krb5.conf for some + tests + + * lib/asn1/check-gen.c: there is no \e escape sequence; replace + everything with hex-codes, and cast to unsigned char* to make some + compilers happy + +2003-05-06 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first + argument to krb5_us_timeofday have correct type + +2003-05-05 Assar Westerlund <assar@kth.se> + + * include/make_crypto.c (main): include aes.h if ENABLE_AES + +2003-05-05 Love Hörnquist Åstrand <lha@it.su.se> + + * make-release: when fixing a valid cvs tag from release name + replace all number. to number- for all non-overlapping matches + +2003-05-04 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and + asn1_ETYPE_INFO2_ENTRY.x + (libasn1_la_LDFLAGS): set version to 6:1:1 + + * doc/Makefile.am: add apps.texi + + * doc/setup.texi: add move forward link to applications + + * doc/heimdal.texi: add applications + + * doc/misc.texi: move afs stuff to applications add link to + applications + + * doc/apps.texi: text about applications using kerberos + move afs text here + +2003-05-03 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/setup.texi: add cross realm text + +2003-04-29 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and + krb5_string_to_enctype + +2003-04-28 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd + +2003-04-26 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2 + * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2 + +2003-04-25 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/build_auth.c (krb5_build_authenticator): if the local + sequence number is non-zero, don't generate a new one + + * lib/krb5/mk_rep.c (krb5_mk_rep): if the local sequence number is + non-zero, don't generate a new one + + * lib/krb5/time.c (krb5_us_timeofday): make the sec parameter a + krb5_timestamp + + * lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c + lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and + RET_TIME + + * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching + asn1) + +2003-04-24 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/programming.texi: s/managment/management/, from jmc + <jmc@prioris.mini.pw.edu.pl> + +2003-04-23 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/context.c (default_etypes): also advertise that we + handle aes encryption types + + * lib/krb5/Makefile.am: add krb5_c_ checksum related functions + + * lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum + related functions + + * lib/krb5/mit_glue.c: add compat mit krb5_c checksum related + functions + + * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY + +2003-04-22 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd + +2003-04-17 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/der_copy.c (copy_general_string): use strdup + * lib/asn1/der_put.c: remove sprintf + * lib/asn1/gen.c: remove strcpy/sprintf + + * lib/krb5/name-45-test.c: use a more unique name then ratatosk so + that other (me) have such hosts in the local domain and the tests + fails, to take hokkigai.pdc.kth.se instead + + * lib/krb5/test_alname.c: add --version and --help + +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_warn.3: add krb5_get_err_text + + * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd + * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd + * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use + strlcpy, from openbsd + * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd + * appl/kf/kfd.c: use strlcpy, from openbsd + +2003-04-16 Johan Danielsson <joda@pdc.kth.se> + + * configure.in: fix for large file support in AIX, _LARGE_FILES + needs to be defined on the command line, since lex likes to + include stdio.h before we get to config.h + +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h, + from Thomas Klausner <wiz@netbsd.org> + + * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner + <wiz@netbsd.org> + +2003-04-15 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/kerberos5.c: fix some more memory leaks + +2003-04-11 Love Hörnquist Åstrand <lha@it.su.se> + + * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> + +2003-04-08 Love Hörnquist Åstrand <lha@it.su.se> + + * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl> + +2003-04-06 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.3: s/kerberos/Kerberos/ + * lib/krb5/krb5_data.3: s/kerberos/Kerberos/ + * lib/krb5/krb5_address.3: s/kerberos/Kerberos/ + * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/ + * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/ + * kuser/kinit.1: s/kerberos/Kerberos/ + * kdc/kdc.8: s/kerberos/Kerberos/ + +2003-04-01 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/test_alname.c: more krb5_aname_to_localname tests + + * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when + converting too root, make sure user is ok according to + krb5_kuserok before allowing it. + + * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname + + * lib/krb5/test_alname.c: add test for krb5_aname_to_localname + + * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1 + instead of the "illegal" salt #~, same change as kth-krb did + 1999. Problems occur with crypt() that behaves like AT&T crypt + (openssl does this). Pointed out by Marcus Watts. + + * admin/change.c (kt_change): collect all principals we are going + to change, and pick the highest kvno and use that to guess what + kvno the resulting kvno is going to be. Now two ktutil change in a + row works. XXX fix the protocol to pass the kvno back. + +2003-03-31 Love Hörnquist Åstrand <lha@it.su.se> + + * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl> + +2003-03-30 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/setup.texi: add description on how to turn on v4, 524 and + kaserver support + +2003-03-29 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog + and afs-use-524 + +2003-03-28 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/kerberos5.c (as_rep): when the second enctype_to_string + failes, remember to free memory from the first enctype_to_string + + * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2, + from Harald Joerg <harald.joerg@fujitsu-siemens.com> + (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc + + * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key + length when key is longer then expected length, its probably + longer since the encrypted data was padded, reported by Aidan + Cully <aidan@kublai.com> + + * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of + encyption type, inspired by Aidan Cully <aidan@kublai.com> + +2003-03-27 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0 + (wildcard kvno) after principal when the keytab entry isn't found, + reported by Chris Chiappa <chris@chiappa.net> + +2003-03-26 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/misc.texi: update 2b example to match reality (from + mattiasa@e.kth.se) + + * doc/misc.texi: spelling and add `Configuring AFS clients' + subsection + +2003-03-25 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.3: add krb5_free_data_contents.3 + + * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT + API + + * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat + with MIT API + + * lib/krb5/krb5_verify_user.3: write more about how the ccache + argument should be inited when used + +2003-03-25 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/addr_families.c (krb5_print_address): make sure + print_addr is defined for the given address type; make addrports + printable + + * kdc/string2key.c: print the used enctype for kerberos 5 keys + +2003-03-25 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/aes-test.c: add another arcfour test + +2003-03-22 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5 + +2003-03-20 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_ccache.3: update .Dd + + * lib/krb5/krb5.3: sort in krb5_data functions + + * lib/krb5/Makefile.am (man_MANS): += krb5_data.3 + + * lib/krb5/krb5_data.3: document krb5_data + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if + prompter is NULL, don't try to ask for a password to + change. reported by Iain Moffat @ ufl.edu via Howard Chu + <hyc@highlandsun.com> + +2003-03-19 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_keytab.3: spelling, from + <jmc@prioris.mini.pw.edu.pl> + + * lib/krb5/krb5.conf.5: . means new line + + * lib/krb5/krb5.conf.5: spelling, from + <jmc@prioris.mini.pw.edu.pl> + + * lib/krb5/krb5_auth_context.3: spelling, from + <jmc@prioris.mini.pw.edu.pl> + +2003-03-18 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5 + + * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time + + * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time + + * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out + #ifdef KRB4 from enable_v4_cross_realm since 524 needs it + + * kdc/config.c: 524 is independent of kerberos 4, so move out + enable_v4_cross_realm from #ifdef KRB4 since 524 needs it + +2003-03-17 Assar Westerlund <assar@kth.se> + + * kdc/kdc.8: document --kerberos4-cross-realm + * kdc/kerberos4.c: pay attention to enable_v4_cross_realm + * kdc/kdc_locl.h (enable_v4_cross_realm): add + * kdc/524.c (encode_524_response): check the enable_v4_cross_realm + flag before giving out v4 tickets for foreign v5 principals + * kdc/config.c: add --enable-kerberos4-cross-realm option (default + to off) + +2003-03-17 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3 + + * lib/krb5/krb5_aname_to_localname.3: manpage for + krb5_aname_to_localname + + * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/ + +2003-03-16 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3 + + * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3 + + * lib/krb5/krb5_set_default_realm.3: Manpage for + krb5_free_host_realm, krb5_get_default_realm, + krb5_get_default_realms, krb5_get_host_realm, and + krb5_set_default_realm. + + * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado + <sobrado@acm.org> via NetBSD + + * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type + + * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab + + * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix + + * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more + types, add krb5_fcc_ops and krb5_mcc_ops + + * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for + a id + +2003-03-15 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/intro.texi: add reference to source code, binaries and the + manual + + * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal + +2003-03-14 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/kdc.8: better/difrent english + + * kdc/kdc.8: . -> .\n, copyright/license + + * kdc/kdc.8: changed configuration file -> restart kdc + + * kdc/kerberos4.c: add krb4 into the most error messages written + to the logfile + + * lib/krb5/krb5_ccache.3: add missing name of argument + (krb5_context) to most functions + +2003-03-13 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of + function and return FALSE when there isn't a local account for + `luser'. + + * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text + describing the function + +2003-03-12 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name + returned memory, don't return ENOMEM + +2003-03-11 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.3: add krb5_address stuff and sort + + * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description + + * lib/krb5/Makefile.am (man_MANS): += krb5_address.3 + + * lib/krb5/krb5_address.3: document types krb5_address and + krb5_addresses and their helper functions + +2003-03-10 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3 + + * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se + + * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3 + + * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se + + * lib/krb5/krb5.3: add more functions + + * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc + functions + + * lib/krb5/krb5_kuserok.3: document krb5_kuserok + + * lib/krb5/krb5_verify_user.3: document + krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior + + * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and + krb5_verify_user_opt + + * lib/krb5/*.[0-9]: add copyright/licenses on more manpages + + * kuser/kdestroy.c (main): handle that krb5_cc_default_name can + return NULL + + * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor + (TESTS): add test_cc + + * lib/krb5/test_cc.c: test some + krb5_cc_default_name/krb5_cc_set_default_name combinations + + * lib/krb5/context.c (init_context_from_config_file): set + default_cc_name to NULL + (krb5_free_context): free default_cc_name if set + + * lib/krb5/cache.c (krb5_cc_set_default_name): new function + (krb5_cc_default_name): use krb5_cc_set_default_name + + * lib/krb5/krb5.h (krb5_context_data): add default_cc_name + +2003-02-25 Love Hörnquist Åstrand <lha@it.su.se> + + * appl/kf/kf.1: s/securly/securely/ from NetBSD + +2003-02-18 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/connect.c: s/intialize/initialize, from + <jmc@prioris.mini.pw.edu.pl> + +2003-02-17 Love Hörnquist Åstrand <lha@it.su.se> + + * configure.in: add AM_MAINTAINER_MODE + +2003-02-16 Love Hörnquist Åstrand <lha@it.su.se> + + * **/*.[0-9]: add copyright/licenses on all manpages + +2003-14-16 Jacques Vidrine <nectar@kth.se> + + * lib/krb5/get_in_tkt.c (init_as_req): Send only a single + PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption + type specified by the KDC. + +2003-02-15 Love Hörnquist Åstrand <lha@it.su.se> + + * fix-export: some autoconf put their version number in + autom4te.cache, so remove autom4te*.cache + + * fix-export: make sure $1 is a directory + +2003-02-04 Love Hörnquist Åstrand <lha@it.su.se> + + * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> + + * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl> + +2003-01-31 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/hpropd.8: s/databases/a database/ s/Not/not/ + + * kdc/hprop.8: add missing . + +2003-01-30 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.conf.5: documentation for of boolean, etypes, + address, write out encryption type in sentences, s/Host/host + +2003-01-26 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/check-gen.c: add checks for Authenticator too + +2003-01-25 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/setup.texi: in the hprop example, use hprop and the first + component, not host + + * lib/krb5/get_addrs.c (find_all_addresses): address-less + point-to-point might not have an address, just ignore + those. Reported by Harald Barth. + +2003-01-23 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/verify_krb5_conf.c (check_section): when key isn't + found, don't print out all known keys + + * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity + and facility start resp + (check_log): find_value() returns -1 when key isn't found + + * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a + 'const void *' to avoid AES_KEY being exposed in krb5-private.h + + * lib/krb5/krb5.conf.5: add [kdc]use_2b + + * kdc/524.c (encode_524_response): its 2b not b2 + + * doc/misc.texi: quote @ where missing + + * lib/asn1/Makefile.am: add check-gen + + * lib/asn1/check-gen.c: add Principal check + + * lib/asn1/check-common.h: move generic asn1/der functions from + check-der.c to here + + * lib/asn1/check-common.c: move generic asn1/der functions from + check-der.c to here + + * lib/asn1/check-der.c: move out the generic asn1/der functions to + a common file + +2003-01-22 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/misc.texi: more text about afs, how to get get your KeyFile, + and how to start use 2b tokens + + * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre + <jmc@cvs.openbsd.org> + +2003-01-21 Jacques Vidrine <nectar@kth.se> + + * kuser/kuser_locl.h: include crypto-headers.h for + des_read_pw_string prototype + +2003-01-16 Love Hörnquist Åstrand <lha@it.su.se> + + * admin/ktutil.8: document -v, --verbose + + * admin/get.c (kt_get): make getarg usage consistent with other + other parts of ktutil + + * admin/copy.c (kt_copy): remove adding verbose_flag to args + struct, since it will overrun the args array (from Sumit Bose) + +2003-01-15 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc = + ... } + + * lib/krb5/aes-test.c: test vectors in aes-draft + + * lib/krb5/Makefile.am: add aes-test.c + + * lib/krb5/crypto.c: Add support for AES + (draft-raeburn-krb-rijndael-krb-02), not enabled by default. + (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify + to support checksumtype that are have a shorter wireformat then + their output block size. + + * lib/krb5/crypto.c (struct encryption_type): split the blocksize + into blocksize and padsize, padsize is the minimum padding + size. they are the same for now + (enctype_*): add padsize + (encrypt_internal): use padsize + (encrypt_internal_derived): use padsize + (wrapped_length): use padsize + (wrapped_length_dervied): use padsize + + * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key + function for each enctype in preparation enctypes that uses + `Encryption and Checksum Specifications for Kerberos 5' draft + + * lib/asn1/k5.asn1: add checksum and enctype for AES from + draft-raeburn-krb-rijndael-krb-02.txt + + * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128, + KEYTYPE_AES256 + +2003-01-14 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/common.c (_hdb_fetch): handle error code from + hdb_value2entry + + * kdc/Makefile.am: always include kerberos4.c and 524.c in + kdc_SOURCES to support 524 + + * kdc/524.c: always compile in support for 524 + + * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4 + + * kdc/config.c: always compile in support for 524 + + * kdc/connect.c: always compile in support for 524 + + * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key() + even when we build without kerberos 4, 524 needs them + + * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out + Kerberos 4 help functions/structures so other parts of the source + tree can use it (like the KDC) + |