488 lines
16 KiB
Plaintext
488 lines
16 KiB
Plaintext
2001-05-17 Assar Westerlund <assar@sics.se>
|
|
|
|
* Release 0.3f
|
|
|
|
2001-05-17 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/Makefile.am: bump version to 16:0:0
|
|
* lib/hdb/Makefile.am: bump version to 7:1:0
|
|
* lib/asn1/Makefile.am: bump version to 5:0:0
|
|
* lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
|
|
* lib/krb5/codec.c: remove dead code
|
|
|
|
2001-05-15 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
|
|
parenthesis
|
|
|
|
* lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
|
|
`errno' (called system_error) to allow callers to make sure they
|
|
pass the current and relevant value. update callers
|
|
|
|
2001-05-14 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/kerberos5.c: pass context to krb5_domain_x500_decode
|
|
|
|
2001-05-14 Assar Westerlund <assar@sics.se>
|
|
|
|
* kpasswd/kpasswdd.c: adapt to new address functions
|
|
* kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
|
|
* kdc/connect.c: adapt to changing address functions
|
|
* kdc/config.c: new krb5_config_parse_file
|
|
* kdc/524.c: new krb5_sockaddr2address
|
|
* lib/krb5/*: add some krb5_{set,clear}_error_string
|
|
|
|
* lib/asn1/k5.asn1 (LR_TYPE): add
|
|
* lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
|
|
|
|
2001-05-11 Assar Westerlund <assar@sics.se>
|
|
|
|
* kdc/kerberos5.c (tsg_rep): fix typo in variable name
|
|
|
|
* kpasswd/kpasswd-generator.c (nop_prompter): update prototype
|
|
* lib/krb5/init_creds_pw.c: update to new prompter, use prompter
|
|
types and send two prompts at once when changning password
|
|
* lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
|
|
* lib/krb5/krb5.h (krb5_prompt): add type
|
|
(krb5_prompter_fct): add anem
|
|
|
|
* lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
|
|
paramaters to krb5_cc_next_cred (as MIT does, and not as they
|
|
document). From "Jacques A. Vidrine" <n@nectar.com>
|
|
|
|
2001-05-11 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/Makefile.am: store-test
|
|
|
|
* lib/krb5/store-test.c: simple bit storage test
|
|
|
|
* lib/krb5/store.c: add more byteorder storage flags
|
|
|
|
* lib/krb5/krb5.h: add more byteorder storage flags
|
|
|
|
* kdc/kerberos5.c: don't use NULL where we mean 0
|
|
|
|
* kdc/kerberos5.c: put referral test code in separate function,
|
|
and test for KRB5_NT_SRV_INST
|
|
|
|
2001-05-10 Assar Westerlund <assar@sics.se>
|
|
|
|
* admin/list.c (do_list): do not close the keytab if opening it
|
|
failed
|
|
* admin/list.c (do_list): always print complete names. print
|
|
everything to stdout.
|
|
* admin/list.c: print both v5 and v4 list by default
|
|
* admin/remove.c (kt_remove): reorganize some. open the keytab
|
|
(defaulting to the modify one).
|
|
* admin/purge.c (kt_purge): reorganize some. open the keytab
|
|
(defaulting to the modify one). correct usage strings
|
|
* admin/list.c (kt_list): reorganize some. open the keytab
|
|
* admin/get.c (kt_get): reorganize some. open the keytab
|
|
(defaulting to the modify one)
|
|
* admin/copy.c (kt_copy): default to modify key name. re-organise
|
|
* admin/change.c (kt_change): reorganize some. open the keytab
|
|
(defaulting to the modify one)
|
|
* admin/add.c (kt_add): reorganize some. open the keytab
|
|
(defaulting to the modify one)
|
|
* admin/ktutil.c (main): do not open the keytab, let every
|
|
sub-function handle it
|
|
|
|
* kdc/config.c (configure): call free_getarg_strings
|
|
|
|
* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
|
|
a few more errors
|
|
|
|
* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
|
|
`use_dns' parameter boolean
|
|
|
|
* lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
|
|
* lib/krb5/context.c (init_context_from_config_file): set
|
|
default_keytab_modify
|
|
* lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
|
|
ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
|
|
(KEYTAB_DEFAULT_MODIFY): add
|
|
* lib/krb5/keytab.c (krb5_kt_default_modify_name): add
|
|
(krb5_kt_resolve): set error string for failed keytab type
|
|
|
|
2001-05-08 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/crypto.c (encryption_type): make field names more
|
|
consistent
|
|
(create_checksum): separate usage and type
|
|
(krb5_create_checksum): add a separate type parameter
|
|
(encrypt_internal): only free once on mismatched checksum length
|
|
|
|
* lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
|
|
realm we didn't manage to reach any KDC for in the error string
|
|
|
|
* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
|
|
the entire subkey. from <tmartin@mirapoint.com>
|
|
|
|
2001-05-07 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
|
|
KT_NOTFOUND if the file is empty
|
|
|
|
2001-05-07 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/fcache.c: call krb5_set_error_string when open fails
|
|
fatally
|
|
* lib/krb5/keytab_file.c: call krb5_set_error_string when open
|
|
fails fatally
|
|
|
|
* lib/krb5/warn.c (_warnerr): print error_string in context in
|
|
preference to error string derived from error code
|
|
* kuser/kinit.c (main): try to print the error string
|
|
* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
|
|
error strings for errors
|
|
|
|
* lib/krb5/krb5.h (krb5_context_data): add error_string and
|
|
error_buf
|
|
* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
|
|
* lib/krb5/error_string.c: new file
|
|
|
|
2001-05-02 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/time.c: krb5_string_to_deltat
|
|
|
|
* lib/krb5/sock_principal.c: one less data copy
|
|
|
|
* lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
|
|
|
|
* lib/krb5/get_default_principal.c: change this slightly
|
|
|
|
* lib/krb5/crypto.c: make checksum_types into an array of pointers
|
|
|
|
* lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
|
|
ticket
|
|
|
|
2001-04-29 Assar Westerlund <assar@sics.se>
|
|
|
|
* kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
|
|
the right realm if we fail to find a non-krbtgt service in the
|
|
database and the second component does a succesful non-dns lookup
|
|
to get the real realm (which has to be different from the
|
|
originally-supplied realm). this should help windows 2000 clients
|
|
that always start their lookups in `their' realm and do not have
|
|
any idea of how to map hostnames into realms
|
|
* kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
|
|
|
|
2001-04-27 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
|
|
parameter to request use of dns or not
|
|
|
|
2001-04-25 Assar Westerlund <assar@sics.se>
|
|
|
|
* admin/get.c (kt_get): allow specification of encryption types
|
|
* lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
|
|
close an unopened ccache, noted by <marc@mit.edu>
|
|
|
|
* lib/krb5/krb5.h (krb5_any_ops): add declaration
|
|
* lib/krb5/context.c (init_context_from_config_file): register
|
|
krb5_any_ops
|
|
|
|
* lib/krb5/keytab_any.c: new file, implementing union of keytabs
|
|
* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
|
|
|
|
* lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
|
|
== NULL. noted by <marc@mit.edu>
|
|
|
|
2001-04-19 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
|
|
else, from Jacques Vidrine
|
|
|
|
2001-04-18 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
|
|
|
|
* lib/asn1/Makefile.am: add asn1_ENCTYPE.x
|
|
|
|
* lib/krb5/krb5.h: adapt to asn1 changes
|
|
|
|
* lib/asn1/k5.asn1: move enctypes here
|
|
|
|
* lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
|
|
conflicts
|
|
|
|
* lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
|
|
conflicts
|
|
|
|
* lib/asn1/lex.l: use strtol to parse constants
|
|
|
|
2001-04-06 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kuser/kinit.c: add simple support for running commands
|
|
|
|
2001-03-26 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/hdb/hdb-ldap.c: change order of includes to allow it to work
|
|
with more versions of openldap
|
|
|
|
* kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
|
|
replies
|
|
(*): update callers of krb5_km_error
|
|
(check_tgs_flags): handle renews requesting non-renewable tickets
|
|
|
|
* lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
|
|
and cusec
|
|
|
|
* lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
|
|
compatibility names
|
|
|
|
* lib/krb5/crypto.c (create_checksum): change so that `type == 0'
|
|
means pick from the `crypto' (context) and otherwise use that
|
|
type. this is not a large change in practice and allows callers
|
|
to specify the exact checksum algorithm to use
|
|
|
|
2001-03-13 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
|
|
to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
|
|
integrity'. this helps for talking to old (pre 0.3d) KDCs
|
|
|
|
2001-03-12 Assar Westerlund <assar@pdc.kth.se>
|
|
|
|
* lib/krb5/crypto.c (krb5_derive_key): new function, used by
|
|
derived-key-test.c
|
|
* lib/krb5/string-to-key-test.c: add new test vectors posted by
|
|
Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
|
|
ietf-krb-wg@anl.gov
|
|
* lib/krb5/n-fold-test.c: more test vectors from same source
|
|
* lib/krb5/derived-key-test.c: more tests from same source
|
|
|
|
2001-03-06 Assar Westerlund <assar@sics.se>
|
|
|
|
* acconfig.h: include roken_rename.h when appropriate
|
|
|
|
2001-03-06 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/krb5.h (krb5_enctype): remove trailing comma
|
|
|
|
2001-03-04 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
|
|
compatibility with MIT krb5
|
|
|
|
2001-03-02 Assar Westerlund <assar@sics.se>
|
|
|
|
* kuser/kinit.c (main): only request a renewable ticket when
|
|
explicitly requested. it still gets a renewable one if the renew
|
|
life is specified
|
|
* kuser/kinit.c (renew_validate): treat -1 as flags not being set
|
|
|
|
2001-02-28 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
|
|
|
|
2001-02-27 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
|
|
|
|
2001-02-25 Assar Westerlund <assar@sics.se>
|
|
|
|
* configure.in: do not use -R when testing for des functions
|
|
|
|
2001-02-14 Assar Westerlund <assar@sics.se>
|
|
|
|
* configure.in: test for lber.h when trying to link against
|
|
openldap to handle openldap v1, from Sumit Bose
|
|
<sumit.bose@suse.de>
|
|
|
|
2001-02-19 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/asn1/libasn1.h: add string.h (for memset)
|
|
|
|
2001-02-15 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/warn.c (_warnerr): add printf attributes
|
|
* lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
|
|
returned by getaddrinfo before trying the next kdc. from
|
|
thorpej@netbsd.org
|
|
|
|
* lib/krb5/krb5.conf.5: fix default_realm in example
|
|
|
|
* kdc/connect.c: fix a few kdc_log format types
|
|
|
|
* configure.in: try to handle libdes/libcrypto ont requiring -L
|
|
|
|
2001-02-10 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/asn1/gen_decode.c (generate_type_decode): zero the data at
|
|
the beginning of the generated function, and add a label `fail'
|
|
that the code jumps to in case of errors that frees all allocated
|
|
data
|
|
|
|
2001-02-07 Assar Westerlund <assar@sics.se>
|
|
|
|
* configure.in: aix dce: fix misquotes, from Ake Sandgren
|
|
<ake@cs.umu.se>
|
|
|
|
* configure.in (dpagaix_LDFLAGS): try to add export file
|
|
|
|
2001-02-05 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/krb5_keytab.3: new man page, contributed by
|
|
<lha@stacken.kth.se>
|
|
|
|
* kdc/kaserver.c: update to new db_fetch4
|
|
|
|
2001-02-05 Assar Westerlund <assar@assaris.sics.se>
|
|
|
|
* Release 0.3e
|
|
|
|
2001-01-30 Assar Westerlund <assar@sics.se>
|
|
|
|
* kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
|
|
properly
|
|
(kdb_prop): decrypt key properly
|
|
* kdc/hprop.c: handle building with KRB4 always try to decrypt v4
|
|
data with the master key leave it up to the v5 how to encrypt with
|
|
that master key
|
|
|
|
* kdc/kstash.c: include file name in error messages
|
|
* kdc/hprop.c: fix a typo and check some more return values
|
|
* lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
|
|
correctly. From Jacques Vidrine <n@nectar.com>
|
|
* kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
|
|
ENOENT
|
|
|
|
* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
|
|
15:0:0
|
|
* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
|
|
* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
|
|
* kdc/misc.c (db_fetch): return an error code. change callers to
|
|
look at this and try to print it in log messages
|
|
|
|
* lib/krb5/crypto.c (decrypt_internal_derived): check that there's
|
|
enough data
|
|
|
|
2001-01-29 Assar Westerlund <assar@sics.se>
|
|
|
|
* kdc/hprop.c (realm_buf): move it so it becomes properly
|
|
conditional on KRB4
|
|
|
|
* lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
|
|
hdb_unseal_keys, hdb_seal_keys): check that we have the correct
|
|
master key and that we manage to decrypt the key properly,
|
|
returning an error code. fix all callers to check return value.
|
|
|
|
* tools/krb5-config.in: use @LIB_des_appl@
|
|
* tools/Makefile.am (krb5-config): add LIB_des_appl
|
|
* configure.in (LIB_des): set correctly
|
|
(LIB_des_appl): add for the use by krb5-config.in
|
|
|
|
* lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
|
|
to make sure of not dropping data when doing it over a socket.
|
|
(this might break when used with ordinary files on win32)
|
|
|
|
* lib/hdb/hdb_err.et (NO_MKEY): add
|
|
|
|
* kdc/kerberos5.c (as_rep): be paranoid and check
|
|
krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>
|
|
|
|
* lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
|
|
lib/krb5/krb5_auth_context.3: add new man pages, contributed by
|
|
<lha@stacken.kth.se>
|
|
|
|
* use the openssl api for md4/md5/sha and handle openssl/*.h
|
|
|
|
* kdc/kaserver.c (do_getticket): check length of ticket. noted by
|
|
<lha@stacken.kth.se>
|
|
|
|
2001-01-28 Assar Westerlund <assar@sics.se>
|
|
|
|
* configure.in: send -R instead of -rpath to libtool to set
|
|
runtime library paths
|
|
|
|
* lib/krb5/Makefile.am: remove all dependencies on libkrb
|
|
|
|
2001-01-27 Assar Westerlund <assar@sics.se>
|
|
|
|
* appl/rcp: add port of bsd rcp changed to use existing rsh,
|
|
contributed by Richard Nyberg <rnyberg@it.su.se>
|
|
|
|
2001-01-27 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/get_port.c: don't warn if the port name can't be found,
|
|
nobody cares anyway
|
|
|
|
2001-01-26 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/hprop.c: make it possible to convert a v4 dump file without
|
|
having any v4 libraries; the kdb backend still require them
|
|
|
|
* kdc/v4_dump.c: include shadow definition of kdb Principal, so we
|
|
don't have to depend on any v4 libraries
|
|
|
|
* kdc/hprop.h: include shadow definition of kdb Principal, so we
|
|
don't have to depend on any v4 libraries
|
|
|
|
* lib/hdb/print.c: reduce number of memory allocations
|
|
|
|
* lib/hdb/mkey.c: add support for reading krb4 /.k files
|
|
|
|
2001-01-19 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
|
|
for realms document capath better
|
|
|
|
* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
|
|
at kpasswd_server before admin_server
|
|
|
|
* lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
|
|
[libdefaults]capath for better hint of realm to send request to.
|
|
this allows the client to specify `realm routing information' in
|
|
case it cannot be done at the server (which is preferred)
|
|
|
|
* lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
|
|
zero when we were expecting a sequence number. MIT krb5 cannot
|
|
generate a sequence number of zero, instead generating no sequence
|
|
number
|
|
* lib/krb5/rd_safe.c (krb5_rd_safe): dito
|
|
|
|
2001-01-11 Assar Westerlund <assar@sics.se>
|
|
|
|
* kpasswd/kpasswdd.c: add --port option
|
|
|
|
2001-01-10 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
|
|
just before returning
|
|
|
|
2001-01-09 Assar Westerlund <assar@sics.se>
|
|
|
|
* appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
|
|
|
|
2001-01-05 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kuser/kinit.c: call a time `time', and not `seconds'
|
|
|
|
* lib/krb5/init_creds.c: not much point in setting the anonymous
|
|
flag here
|
|
|
|
* lib/krb5/krb5_appdefault.3: document appdefault_time
|
|
|
|
2001-01-04 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/verify_user.c: use
|
|
krb5_get_init_creds_opt_set_default_flags
|
|
|
|
* kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
|
|
|
|
* lib/krb5/init_creds.c: new function
|
|
krb5_get_init_creds_opt_set_default_flags to set options from
|
|
krb5.conf
|
|
|
|
* lib/krb5/rd_cred.c: make this match the MIT function
|
|
|
|
* lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
|
|
def_val
|
|
(krb5_appdefault_time): new function
|
|
|
|
2001-01-03 Assar Westerlund <assar@sics.se>
|
|
|
|
* kdc/hpropd.c (main): handle EOF when reading from stdin
|
|
|