1 2002-10-21 Johan Danielsson <joda@pdc.kth.se>
3 * lib/krb5/store_emem.c: pull up 1.13; limit how much we allocate
5 * lib/krb5/principal.c: pull up 1.82; don't allow trailing
6 backslashes in components
8 * lib/krb5/keytab_keyfile.c: pull up 1.15; more strcspn
10 * lib/krb5/keytab_any.c: pull up 1.7; properly close the open
13 * kdc/connect.c: pull up 1.87; check that %-quotes are followed by
16 * lib/krb5/prompter_posix.c: pull up 1.7; use strcspn to convert
17 the newline to NUL in fgets results.
19 * lib/krb5/kuserok.c: pull up 1.6; use strcspn to convert the
20 newline to NUL in fgets results.
22 * lib/krb5/keytab_file.c: pull up 1.12; check return value from
25 * lib/krb5/context.c: pull up 1.82; return ENXIO instead of ENOENT
28 * lib/krb5/changepw.c: pull up 1.38; fix reply length check
31 * kuser/klist.c: pull up 1.68; allow tokens up to size of buffer
33 * kdc/kaserver.c: pull up 1.21; make sure life is positive
35 * fix-export: pull up 1.28; remove autom4ate.cache
37 2002-09-10 Johan Danielsson <joda@pdc.kth.se>
41 * include/make_crypto.c: don't use function macros if possible
43 * lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
45 * include/Makefile.am: use make_crypto to create crypto-headers.h
47 * include/make_crypto.c: crypto header generation tool
49 * configure.in: move crypto test to just after testing for krb4,
50 and move roken tests to after both, this speeds up various failure
53 * lib/krb5/config_file.c: don't use NULL when we mean 0
55 * configure.in: we don't set package_libdir anymore, so no point
58 * tools/Makefile.am: subst INCLUDE_des
60 * tools/krb5-config.in: add INCLUDE_des to cflags
62 * configure.in: use AC_CONFIG_SRCDIR
64 * fix-export: remove some unneeded stuff
66 * kuser/kinit.c (do_524init): free principals
68 2002-09-09 Jacques Vidrine <nectar@kth.se>
70 * kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
71 kdc/kaserver.c (krb5_ret_xdr_data),
72 lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
73 counts: Check that they are non-negative, and that they are small
74 enough to avoid integer overflow when used in memory allocation
75 calculations. Potential problem areas pointed out by
76 Sebastian Krahmer <krahmer@suse.de>.
78 * lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
79 creating a new keyfile.
81 2002-09-09 Johan Danielsson <joda@pdc.kth.se>
83 * configure.in: don't try to build pam module
85 2002-09-05 Johan Danielsson <joda@pdc.kth.se>
87 * appl/kf/kf.c: fix warning string
89 * lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
92 2002-09-04 Assar Westerlund <assar@kth.se>
94 * kdc/kerberos5.c (encode_reply): correct error logging
96 2002-09-04 Johan Danielsson <joda@pdc.kth.se>
98 * lib/krb5/sendauth.c: close ccache if we opened it
100 * appl/kf/kf.c: handle new protocol
102 * appl/kf/kfd.c: use krb5_err instead of sysloging directly,
103 handle the new protocol, and bail out if an old client tries to
106 * appl/kf/kf_locl.h: we need a protocol version string
108 * lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
110 * kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
112 * kdc/hprop.c: set AP_OPTS_USE_SUBKEY
114 * lib/hdb/common.c: use ASN1_MALLOC_ENCODE
116 * lib/asn1/gen.c: add convenience macro that allocates a buffer
117 and encoded into that
119 * lib/krb5/get_cred.c (init_tgs_req): use
120 in_creds->session.keytype literally instead of trying to convert
121 to a list of enctypes (it should already be an enctype)
123 * lib/krb5/get_cred.c (init_tgs_req): init ret
125 2002-09-03 Johan Danielsson <joda@pdc.kth.se>
127 * lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
129 * lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
131 * lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
132 zero ivec in DES3_CBC_encrypt if passed ivec is NULL
134 * lib/krb5/Makefile.am: back out 1.144, since it will re-create
135 krb5-protos.h at build-time, which requires perl, which is bad
137 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
138 blindly use the local subkey
140 * lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
141 extracts the required blocksize from a crypto context
143 * lib/krb5/build_auth.c: just get the length of the encoded
144 authenticator instead of trying to grow a buffer
146 2002-09-03 Assar Westerlund <assar@kth.se>
148 * configure.in: add --disable-mmap option, and tests for
151 2002-09-03 Jacques Vidrine <nectar@kth.se>
153 * lib/krb5/changepw.c: verify lengths in response
155 * lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
158 2002-09-02 Johan Danielsson <joda@pdc.kth.se>
160 * lib/krb5/mk_req_ext.c: generate a local subkey if
161 AP_OPTS_USE_SUBKEY is set
163 * lib/krb5/build_auth.c: we don't have enough information about
164 whether to generate a local subkey here, so don't try to
166 * lib/krb5/auth_context.c: new function
167 krb5_auth_con_generatelocalsubkey
169 * lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
172 * lib/krb5/context.c (init_context_from_config_file): simplify
173 initialisation of srv_lookup
175 * lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
177 * lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
179 2002-08-30 Assar Westerlund <assar@kth.se>
181 * lib/krb5/name-45-test.c: also test krb5_524_conv_principal
182 * lib/krb5/Makefile.am (TESTS): add name-45-test
183 * lib/krb5/name-45-test.c: add testcases for
184 krb5_425_conv_principal
186 2002-08-29 Assar Westerlund <assar@kth.se>
188 * lib/krb5/parse-name-test.c: also test unparse_short functions
189 * lib/asn1/asn1_print.c: use com_err/error_message API
190 * lib/krb5/Makefile.am: add parse-name-test
191 * lib/krb5/parse-name-test.c: add a program for testing parsing
192 and unparsing principal names
194 2002-08-28 Assar Westerlund <assar@kth.se>
196 * kdc/config.c: add missing ifdef DAEMON
198 2002-08-28 Johan Danielsson <joda@pdc.kth.se>
200 * configure.in: use rk_SUNOS
202 * kdc/config.c: add detach options
204 * kdc/main.c: maybe detach from console?
206 * kdc/kdc.8: markup changes
208 * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
210 * configure.in: use rk_TELNET, rename some other macros, and don't
211 add -ldes to krb4 link command
213 * kuser/kinit.1: whitespace fix (from NetBSD)
215 * include/bits.c: we may need unistd.h for ssize_t
217 2002-08-26 Assar Westerlund <assar@kth.se>
219 * lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
220 rrs before A ones when using the resolver to verify a mapping,
221 also use getaddrinfo when resolver is not available
223 * lib/hdb/keytab.c (find_db): const-correctness in parameters to
226 * lib/asn1/gen.c: include <string.h> in the generated files (for
229 2002-08-22 Assar Westerlund <assar@kth.se>
231 * lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
232 getarg so that it can handle --help and --version (and thus make
235 * lib/asn1/check-der.c: make this build again
237 2002-08-22 Assar Westerlund <assar@kth.se>
239 * lib/asn1/der_get.c (der_get_int): handle len == 0. based on a
240 patch from Love <lha@stacken.kth.se>
242 2002-08-22 Johan Danielsson <joda@pdc.kth.se>
244 * lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
245 KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
247 * kdc/kdc.8: add blurb about adding and removing addresses; update
248 kdc.conf section to match reality
250 * configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
253 2002-08-21 Assar Westerlund <assar@kth.se>
255 * lib/asn1/asn1_print.c: print OIDs too, based on a patch from
256 Love <lha@stacken.kth.se>
258 2002-08-21 Johan Danielsson <joda@pdc.kth.se>
260 * kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
261 since it might not exist, and we don't actually care about the key
263 2002-08-20 Johan Danielsson <joda@pdc.kth.se>
265 * lib/krb5/krb5.conf.5: correct documentation for
268 * lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
271 * kuser/klist.c (display_tokens): increase token buffer size, and
272 add more checks of the kernel data (from Love)
274 2002-08-19 Johan Danielsson <joda@pdc.kth.se>
276 * fix-export: use make to parse Makefile.am instead of perl
278 * configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
279 groks AC_INIT with package name etc.
281 * kpasswd/kpasswdd.c: include <kadm5/private.h>
283 * lib/asn1/asn1_print.c: include com_right.h
285 * lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
287 * include/bits.c: define krb5_socklen_t type; this should really
288 go someplace else, but this was easy
290 * lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
291 fails, just warn about it
293 * kdc/log.c (kdc_openlog): no need for a config_file parameter
295 * kdc/config.c: just treat kdc.conf like any other config file
297 * lib/krb5/context.c (krb5_get_default_config_files): ignore
300 2002-08-16 Johan Danielsson <joda@pdc.kth.se>
302 * lib/krb5/krb5.h: turn strings into pointers, so we can assign to
305 * lib/krb5/constants.c: turn strings into pointers, so we can
308 * lib/krb5/get_addrs.c (get_addrs_int): initialise res if
309 SCAN_INTERFACES is not set
311 * lib/krb5/context.c: fix various borked stuff in previous commits
313 2002-08-16 Jacques Vidrine <n@nectar.com>
315 * lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
316 the `admin_server' entry for kpasswd, override the `proto' result
319 2002-08-15 Johan Danielsson <joda@pdc.kth.se>
321 * lib/krb5/auth_context.c: check return value of
322 krb5_sockaddr2address
324 * lib/krb5/addr_families.c: check return value of
325 krb5_sockaddr2address
327 * lib/krb5/context.c: get the default keytab from KRB5_KTNAME
329 2002-08-14 Johan Danielsson <joda@pdc.kth.se>
331 * lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
333 * lib/krb5/context.c: allow changing config files with the
334 function krb5_set_config_files, there are also related functions
335 krb5_get_default_config_files and krb5_free_config_files; these
336 should work similar to their MIT counterparts
338 * lib/krb5/config_file.c: allow the use of more than one config
339 file by using the new function krb5_config_parse_file_multi
341 2002-08-12 Johan Danielsson <joda@pdc.kth.se>
343 * use sysconfdir instead of /etc
345 * configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
346 to appease automake; force sysconfdir and localstatedir to /etc
347 and /var/heimdal for now
349 * kdc/connect.c (addr_to_string): check return value of
352 2002-08-09 Johan Danielsson <joda@pdc.kth.se>
354 * lib/krb5/rd_cred.c: if the remote address isn't an addrport,
355 don't try comparing to one; this should make old clients work with
358 * lib/asn1/gen_decode.c: remove unused variable
360 2002-07-31 Johan Danielsson <joda@pdc.kth.se>
362 * kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
365 * lib/krb5/principal.c: actually lower case the lower case
366 instance name (spotted by Derrick Brashear)
368 2002-07-24 Johan Danielsson <joda@pdc.kth.se>
370 * fix-export: if DATEDVERSION is set, change the version to
373 * configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
376 2002-07-04 Johan Danielsson <joda@pdc.kth.se>
378 * kdc/connect.c: add some cache-control-foo to the http responses
381 * lib/krb5/addr_families.c (krb5_print_address): don't copy size
384 2002-06-28 Johan Danielsson <joda@pdc.kth.se>
386 * kuser/klist.c (display_tokens): don't bail out before we get
387 EDOM (signaling the end of the tokens), the kernel can also return
388 ENOTCONN, meaning that the index does not exist anymore (for
389 example if the token has expired)
391 2002-06-06 Johan Danielsson <joda@pdc.kth.se>
393 * lib/krb5/changepw.c: make sure we return an error if there are
394 no changepw hosts found; from Wynn Wilkes
396 2002-05-29 Johan Danielsson <joda@pdc.kth.se>
398 * lib/krb5/cache.c (krb5_cc_register): break out of loop when the
399 same type is found; spotted by Wynn Wilkes
401 2002-05-15 Johan Danielsson <joda@pdc.kth.se>
403 * kdc/kerberos5.c: don't free encrypted padata until we're really
406 2002-05-07 Johan Danielsson <joda@pdc.kth.se>
408 * kdc/kerberos5.c: when decrypting pa-data, try all keys matching
411 * kuser/kinit.1: document -a
413 * kuser/kinit.c: add command line switch for extra addresses
415 2002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se>
417 * configure.in: remove some duplicate tests
419 * configure.in: use AC_HELP_STRING
421 2002-04-29 Johan Danielsson <joda@pdc.kth.se>
423 * lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
426 2002-04-25 Johan Danielsson <joda@pdc.kth.se>
428 * configure.in: use rk_DESTDIRS
430 2002-04-22 Johan Danielsson <joda@pdc.kth.se>
432 * lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
435 2002-04-19 Johan Danielsson <joda@pdc.kth.se>
437 * lib/krb5/verify_init.c: fix typo in error string
439 2002-04-18 Johan Danielsson <joda@pdc.kth.se>
441 * acconfig.h: remove some stuff that is defined elsewhere
443 * lib/krb5/krb5_locl.h: include <sys/file.h>
445 * lib/krb5/acl.c: rename acl_string parameter
447 * lib/krb5/Makefile.am: remove __P from protos, and put parameter
450 * kuser/klist.c: better align some headers
452 * kdc/kerberos4.c: storage tweaks
454 * kdc/kaserver.c: storage tweaks
456 * kdc/524.c: storage tweaks
458 * lib/krb5/keytab_krb4.c: storage tweaks
460 * lib/krb5/keytab_keyfile.c: storage tweaks
462 * lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
465 * lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
467 * lib/krb5/fcache.c: storage tweaks
469 * lib/krb5/store_mem.c: make the krb5_storage opaque, and add
470 function wrappers for store/fetch/seek, and also make the eof-code
473 * lib/krb5/store_fd.c: make the krb5_storage opaque, and add
474 function wrappers for store/fetch/seek, and also make the eof-code
477 * lib/krb5/store_emem.c: make the krb5_storage opaque, and add
478 function wrappers for store/fetch/seek, and also make the eof-code
481 * lib/krb5/store.c: make the krb5_storage opaque, and add function
482 wrappers for store/fetch/seek, and also make the eof-code
485 * lib/krb5/store-int.h: make the krb5_storage opaque, and add
486 function wrappers for store/fetch/seek, and also make the eof-code
489 * lib/krb5/krb5.h: make the krb5_storage opaque, and add function
490 wrappers for store/fetch/seek, and also make the eof-code
493 * include/bits.c: include <sys/socket.h> to get socklen_t
495 * kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
496 requested KDC-REQ etypes
498 * kdc/hpropd.c: constify
500 * kdc/hprop.c: constify
502 * kdc/string2key.c: constify
504 * kdc/kdc_locl.h: make port_str const
506 * kdc/config.c: constify
508 * lib/krb5/config_file.c: constify
510 * kdc/kstash.c: constify
512 * lib/krb5/verify_user.c: remove unnecessary cast
514 * lib/krb5/recvauth.c: constify
516 * lib/krb5/principal.c (krb5_parse_name): const qualify
518 * lib/krb5/mcache.c (mcc_get_name): constify return type
520 * lib/krb5/context.c (krb5_free_context): don't try to free the
523 * lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
526 * lib/krb5/krb5.h: constify some struct members
528 * lib/krb5/log.c: constify
530 * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
533 * lib/krb5/get_in_tkt.c (krb5_init_etype): constify
535 * lib/krb5/crypto.c: constify some
537 * lib/krb5/config_file.c: constify
539 * lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
540 constify local variable
542 * lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
544 2002-04-17 Johan Danielsson <joda@pdc.kth.se>
546 * lib/krb5/verify_krb5_conf.c: add some log checking
548 * lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
550 2002-04-16 Johan Danielsson <joda@pdc.kth.se>
552 * lib/krb5/crypto.c (krb5_crypto_init): check that the key size
553 matches the expected length
555 2002-03-27 Johan Danielsson <joda@pdc.kth.se>
557 * lib/krb5/send_to_kdc.c: rename send parameter to send_data
559 * lib/krb5/mk_error.c: rename ctime parameter to client_time
561 2002-03-22 Johan Danielsson <joda@pdc.kth.se>
563 * kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
566 2002-03-18 Johan Danielsson <joda@pdc.kth.se>
568 * lib/asn1/k5.asn1: add the GSS-API checksum type here
570 2002-03-11 Assar Westerlund <assar@sics.se>
572 * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
574 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
575 * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
577 2002-03-10 Assar Westerlund <assar@sics.se>
579 * lib/krb5/rd_cred.c: handle addresses with port numbers
581 * lib/krb5/keytab_file.c, lib/krb5/keytab.c:
582 store the kvno % 256 as the byte and the complete 32 bit kvno after
583 the end of the current keytab entry
585 * lib/krb5/init_creds_pw.c:
586 handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
588 * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
589 handle ports giving for the remote address
591 * lib/krb5/get_cred.c:
592 get a ticket with no addresses if no-addresses is set
595 rename functions DES_* to krb5_* to avoid colliding with modern
598 * lib/krb5/addr_families.c:
599 make all functions taking 'struct sockaddr' actually take a socklen_t
600 instead of int and that acts as an in-out parameter (indicating the
601 maximum length of the sockaddr to be written)
604 make the kvno's in the krb4 universe by the real one % 256, since they
605 cannot only be 8 bit, and the v5 ones are actually 32 bits
607 2002-02-15 Johan Danielsson <joda@pdc.kth.se>
609 * lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
610 before we need to write to it
613 2002-02-14 Johan Danielsson <joda@pdc.kth.se>
615 * configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
616 rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
619 * lib/krb5/rd_safe.c: actually use the correct key (from Daniel
622 2002-02-12 Johan Danielsson <joda@pdc.kth.se>
624 * lib/krb5/context.c (krb5_get_err_text): protect against NULL
627 2002-02-11 Johan Danielsson <joda@pdc.kth.se>
629 * admin/ktutil.c: no need to use the "modify" keytab anymore
631 * lib/krb5/keytab_any.c: implement add and remove
633 * lib/krb5/keytab_krb4.c: implement add and remove
635 * lib/krb5/store_emem.c (emem_free): clear memory before freeing
636 (this should perhaps be selectable with a flag)
638 2002-02-04 Johan Danielsson <joda@pdc.kth.se>
640 * kdc/config.c (get_dbinfo): if there are database specifications
641 in the config file, don't automatically try to use the default
642 values (from Gombas Gabor)
644 * lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
647 2002-01-30 Johan Danielsson <joda@pdc.kth.se>
649 * admin/list.c: get the default keytab from krb5.conf, and list
650 all parts of an ANY type keytab
652 * lib/krb5/context.c: default default_keytab_modify to NULL
654 * lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
655 name is specified take it from the first component of the default
658 2002-01-29 Johan Danielsson <joda@pdc.kth.se>
660 * lib/krb5/keytab.c: compare keytab types case insensitively
662 2002-01-07 Assar Westerlund <assar@sics.se>
664 * lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
665 not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org>
666 * lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben
667 Harris <bjh21@netbsd.org>
668 * lib/krb5/crypto.c: use krb5_enctype consistently. From Ben
669 Harris <bjh21@netbsd.org>
670 * kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris