2001-12-20 Johan Danielsson <[email protected]> * lib/krb5/crypto.c: use our own des string-to-key function, since the one from openssl sometimes generates wrong output 2001-12-05 Jacques Vidrine <[email protected]> * lib/hdb/mkey.c: fix a bug in which kstash would crash if there were no /etc/krb5.conf 2001-11-09 Johan Danielsson <[email protected]> * lib/krb5/krb5_verify_user.3: sort references (from Thomas Klausner) * lib/krb5/krb5_principal_get_realm.3: add section to reference (from Thomas Klausner) * lib/krb5/krb5_krbhst_init.3: sort references (from Thomas Klausner) * lib/krb5/krb5_keytab.3: white space fixes (from Thomas Klausner) * lib/krb5/krb5_get_krbhst.3: remove extra white space (from Thomas Klausner) * lib/krb5/krb5_get_all_client_addrs.3: add section to reference (from Thomas Klausner) 2001-10-29 Jacques Vidrine <[email protected]> * admin/get.c: fix a bug in which a reference to a data structure on the stack was being kept after the containing function's lifetime, resulting in a segfault during `ktutil get'. 2001-10-22 Assar Westerlund <[email protected]> * lib/krb5/crypto.c: make all high-level encrypting and decrypting functions check the return value of the underlying function and handle errors more consistently. noted by Sam Hartman <[email protected]> 2001-10-21 Assar Westerlund <[email protected]> * lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a non-keyed checksum when it should be non-keyed 2001-09-29 Assar Westerlund <[email protected]> * kuser/kinit.1: add the kauth alias * kuser/kinit.c: allow specification of afslog in krb5.conf, noted by [email protected] 2001-09-27 Assar Westerlund <[email protected]> * lib/asn1/gen.c: remove the need for libasn1.h, also make generated files include all files from IMPORTed modules * lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values * kpasswd/kpasswd.c: improve error message printing * lib/krb5/changepw.c (krb5_passwd_result_to_string): add change to use sequence numbers connect the udp socket so that we can figure out the local address 2001-09-25 Assar Westerlund <[email protected]> * lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED 2001-09-20 Johan Danielsson <[email protected]> * lib/krb5/principal.c (krb5_425_conv_principal_ext): try using lower case realm as domain, but only when given a verification function 2001-09-20 Assar Westerlund <[email protected]> * lib/asn1/der_put.c (der_put_length): do not even try writing anything when len == 0 2001-09-18 Johan Danielsson <[email protected]> * kdc/hpropd.c: add realm override option * lib/krb5/set_default_realm.c (krb5_set_default_realm): make realm parameter const * kdc/hprop.c: more free's * lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key proc data * lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free addrinfo * lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when not returning error 2001-09-16 Assar Westerlund <[email protected]> * lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time): make realm const * lib/krb5/crypto.c: use des functions to avoid generating warnings with openssl's prototypes 2001-09-05 Johan Danielsson <[email protected]> * configure.in: check for termcap.h * lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy 2001-09-03 Assar Westerlund <[email protected]> * lib/krb5/addr_families.c (krb5_print_address): handle snprintf returning < 0. noticed by [email protected] 2001-09-03 Assar Westerlund <[email protected]> * Release 0.4e 2001-09-02 Johan Danielsson <[email protected]> * kuser/Makefile.am: install kauth as a symlink to kinit * kuser/kinit.c: get v4_tickets by default * lib/asn1/Makefile.am: fix for broken automake 2001-08-31 Johan Danielsson <[email protected]> * lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke Howard * kuser/kinit.1: remove references to kauth * kuser/Makefile.am: kauth is no more * kuser/kinit.c: use appdefaults for everything. defaults are now as in kauth. * lib/krb5/appdefault.c: also check libdefaults, and realms/realm * lib/krb5/context.c (krb5_free_context): free more stuff 2001-08-30 Johan Danielsson <[email protected]> * lib/krb5/verify_krb5_conf.c: do some checks of the values in the file * lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling * lib/krb5/context.c: don't init srv_try_txt, since it isn't used anymore 2001-08-29 Jacques Vidrine <[email protected]> * configure.in: Check for already-installed com_err. 2001-08-28 Assar Westerlund <[email protected]> * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1 2001-08-24 Assar Westerlund <[email protected]> * kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require no special treatment now * kuser/generate-requests.c: parse arguments in a useful way * kuser/kverify.c: add --help/--verify 2001-08-22 Assar Westerlund <[email protected]> * configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4 * configure.in: re-write the handling of crypto libraries. try to use the one of openssl's libcrypto or krb4's libdes that has all the required functionality (md4, md5, sha1, des, rc4). if there is no such library, the included lib/des is built. * kdc/headers.h: include libutil.h if it exists * kpasswd/kpasswd_locl.h: include libutil.h if it exists * kdc/kerberos4.c (get_des_key): check for null keys even if is_server 2001-08-21 Assar Westerlund <[email protected]> * lib/asn1/asn1_print.c: print some size_t correctly * configure.in: remove extra space after -L check for libutil.h 2001-08-17 Johan Danielsson <[email protected]> * kdc/kdc_locl.h: fix prototype for get_des_key * kdc/kaserver.c: fix call to get_des_key * kdc/524.c: fix call to get_des_key * kdc/kerberos4.c (get_des_key): if getting a key for a server, return any des-key not just keys that can be string-to-keyed by the client 2001-08-10 Assar Westerlund <[email protected]> * Release 0.4d 2001-08-10 Assar Westerlund <[email protected]> * configure.in: check for openpty * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0 2001-08-08 Assar Westerlund <[email protected]> * configure.in: just add -L (if required) from krb4 when testing for libdes/libcrypto 2001-08-04 Assar Westerlund <[email protected]> * lib/krb5/Makefile.am (man_MANS): add some missing man pages * fix-export: fix the sed expression for finding the man pages 2001-07-31 Assar Westerlund <[email protected]> * kpasswd/kpasswd-generator.c (main): implement --version and --help * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to 18:1:1 2001-07-27 Assar Westerlund <[email protected]> * lib/krb5/context.c (init_context_from_config_file): check parsing of addresses 2001-07-26 Assar Westerlund <[email protected]> * lib/krb5/sock_principal.c (krb5_sock_to_principal): rename sa_len -> salen to avoid the macro that's defined on irix. noted by "Jacques A. Vidrine" <[email protected]> 2001-07-24 Johan Danielsson <[email protected]> * lib/krb5/addr_families.c: add support for type KRB5_ADDRESS_ADDRPORT * lib/krb5/addr_families.c (krb5_address_order): complain about unsuppored address types 2001-07-23 Johan Danielsson <[email protected]> * admin/get.c: don't open connection to server until we loop over the principals, at that time we know the realm of the (first) principal and we can default to that admin server * admin: add a rename command 2001-07-19 Assar Westerlund <[email protected]> * kdc/hprop.c (usage): clarify a tiny bit 2001-07-19 Assar Westerlund <[email protected]> * Release 0.4c 2001-07-19 Assar Westerlund <[email protected]> * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 18:0:1 * lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave the same way as the MIT function * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0 * lib/krb5/sock_principal.c (krb5_sock_to_principal): use getnameinfo * lib/krb5/krbhst.c (srv_find_realm): handle port numbers consistenly in local byte order * lib/krb5/get_default_realm.c (krb5_get_default_realm): set an error string * kuser/kinit.c (renew_validate): invert condition correctly. get v4 tickets if we succeed renewing * lib/krb5/principal.c (krb5_principal_get_type): add (default_v4_name_convert): add "smtp" 2001-07-13 Assar Westerlund <[email protected]> * configure.in: remove make-print-version from LIBOBJS, it's no longer in lib/roken but always built in lib/vers 2001-07-12 Johan Danielsson <[email protected]> * lib/hdb/mkey.c: more set_error_string 2001-07-12 Assar Westerlund <[email protected]> * lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library dependencies * lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library dependencies 2001-07-11 Johan Danielsson <[email protected]> * kdc/hprop.c: remove v4 master key handling; remove old v4-db and ka-db flags; add defaults for v4_realm and afs_cell 2001-07-09 Assar Westerlund <[email protected]> * lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname before calling krb5_sname_to_principal. from "Jacques A. Vidrine" <[email protected]> 2001-07-08 Johan Danielsson <[email protected]> * lib/krb5/context.c: use krb5_copy_addresses instead of copy_HostAddresses 2001-07-06 Assar Westerlund <[email protected]> * configure.in (LIB_des_a, LIB_des_so): add these so that they can be used by lib/auth/sia * kuser/kinit.c: re-do some of the v4 fallbacks: look at get-tokens flag do not print extra errors do not try to do 524 if we got tickets from a v4 server 2001-07-03 Assar Westerlund <[email protected]> * lib/krb5/replay.c (krb5_get_server_rcache): cast argument to printf * lib/krb5/get_addrs.c (find_all_addresses): call free_addresses on ignore_addresses correctly * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): change to take a const realm * lib/krb5/principal.c (krb5_425_conv_principal_ext): if the instance is the first component of the local hostname, the converted host should be the long hostname. from <[email protected]> 2001-07-02 Johan Danielsson <[email protected]> * lib/krb5/Makefile.am: address.c is no more; add a couple of manpages * lib/krb5/krb5_timeofday.3: new manpage * lib/krb5/krb5_get_all_client_addrs.3: new manpage * lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as wildcard * lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as wildcard * lib/krb5/get_addrs.c: don't include client addresses that match ignore_addresses * lib/krb5/context.c: initialise ignore_addresses * lib/krb5/addr_families.c: add new `arange' fake address type, that matches more than one address; this required some internal changes to many functions, so all of address.c got moved here (wasn't much left there) * lib/krb5/krb5.h: add list of ignored addresses to context 2001-07-03 Assar Westerlund <[email protected]> * Release 0.4b 2001-07-03 Assar Westerlund <[email protected]> * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0 2001-07-03 Assar Westerlund <[email protected]> * Release 0.4a 2001-07-02 Johan Danielsson <[email protected]> * kuser/kinit.c: make this compile without krb4 support * lib/krb5/write_message.c: remove priv parameter from write_safe_message; don't know why it was there in the first place * doc/install.texi: remove kaserver switches, it's always compiled in now * kdc/hprop.c: always include kadb support * kdc/kaserver.c: always include kaserver support 2001-07-02 Assar Westerlund <[email protected]> * kpasswd/kpasswdd.c (doit): make failing to bind a socket a non-fatal error, and abort if no sockets were bound 2001-07-01 Assar Westerlund <[email protected]> * lib/krb5/krbhst.c: remember the real port number when falling back from kpasswd -> kadmin, and krb524 -> kdc 2001-06-29 Assar Westerlund <[email protected]> * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if no_addresses is set, do not add any local addresses to KRB_CRED * kuser/kinit.c: remove extra clearing of password and some redundant code 2001-06-29 Johan Danielsson <[email protected]> * kuser/kinit.c: move ticket conversion code to separate function, and call that from a couple of places, like when renewing a ticket; also add a flag for just converting a ticket * lib/krb5/init_creds_pw.c: set renew-life to some sane value * kdc/524.c: don't send more data than required 2001-06-24 Assar Westerlund <[email protected]> * lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns * lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY: (any_start_seq_get): remove a double free (any_next_entry): iterate over all (sub) keytabs and avoid leave data around to be freed again * kdc/kdc_locl.h: add a define for des_new_random_key when using openssl's libcrypto * configure.in: move v6 tests down * lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052 * update to libtool 1.4 and autoconf 2.50 2001-06-22 Johan Danielsson <[email protected]> * lib/hdb/hdb.c: use krb5_add_et_list 2001-06-21 Johan Danielsson <[email protected]> * lib/hdb/Makefile.am: add generation number * lib/hdb/common.c: add generation number code * lib/hdb/hdb.asn1: add generation number * lib/hdb/print.c: use krb5_storage to make it more dynamic 2001-06-21 Assar Westerlund <[email protected]> * lib/krb5/krb5.conf.5: update to changed names used by krb5_get_init_creds_opt_set_default_flags * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): make the appdefault keywords have the same names * configure.in: only add -L and -R to the krb4 libdir if we are actually using it * lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing dot of hostname add some comments * lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when testing for kerberos.REALM. this allows reusing that information when actually contacting the server and thus avoids one DNS lookup 2001-06-20 Johan Danielsson <[email protected]> * lib/krb5/krb5.h: include k524_err.h * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test for keytype, the server will do this for us if it has anything to complain about * lib/krb5/context.c: add protocol compatible krb524 error codes * lib/krb5/Makefile.am: add protocol compatible krb524 error codes * lib/krb5/k524_err.et: add protocol compatible krb524 error codes * lib/krb5/krb5_principal_get_realm.3: manpage * lib/krb5/principal.c: add functions `krb5_principal_get_realm' and `krb5_principal_get_comp_string' that returns parts of a principal; this is a replacement for the internal `krb5_princ_realm' and `krb5_princ_component' macros that everyone seem to use 2001-06-19 Assar Westerlund <[email protected]> * kuser/kinit.c (main): dereference result from krb5_princ_realm. from Thomas Nystrom <[email protected]> 2001-06-18 Johan Danielsson <[email protected]> * lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done * lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak * lib/krb5/krbhst.c (config_get_hosts): free hostlist * kuser/kinit.c: free principal 2001-06-18 Assar Westerlund <[email protected]> * lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra freeaddrinfo * lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache): remove some unused variables * lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly * kdc/kerberos5.c: update to new krb5_auth_con* names * kdc/hpropd.c: update to new krb5_auth_con* names * lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions and remove some comments * lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right order: remote - local - session * lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the auth_context * lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct order: remote - local - session * lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order, local - remote - session 2001-06-18 Johan Danielsson <[email protected]> * lib/krb5/convert_creds.c: use starttime instead of authtime, from Chris Chiappa * lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match the MIT function by the same name; add krb524_convert_creds_kdc_ccache that does what the old version did * admin/list.c (do_list): make sure list of keys is NULL terminated; similar to patch sent by Chris Chiappa 2001-06-18 Assar Westerlund <[email protected]> * lib/krb5/mcache.c (mcc_remove_cred): use krb5_free_creds_contents * lib/krb5/auth_context.c: name function krb5_auth_con more consistenly * lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use renamed krb5_auth_con_getauthenticator * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to use krb5_krbhst API * lib/krb5/changepw.c (krb5_change_password): update to use krb5_krbhst API * lib/krb5/send_to_kdc.c: update to use krb5_krbhst API * lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port in krb5_krbhst_info (krb5_krbhst_free): free everything * lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add (krb5_krbhst_info): add def_port (default port for this service) * lib/krb5/krbhst-test.c: make it more verbose and useful * lib/krb5/krbhst.c: remove some more memory leaks do not try any dns operations if there is local configuration admin: fallback to kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin add some comments * configure.in: remove initstate and setstate, they should be in cf/roken-frag.m4 * lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test * lib/krb5/krbhst-test.c: new program for testing krbhst * lib/krb5/krbhst.c (common_init): remove memory leak (main): move test program into krbhst-test 2001-06-17 Johan Danielsson <[email protected]> * lib/krb5/krb5_krbhst_init.3: manpage * lib/krb5/krb5_get_krbhst.3: manpage 2001-06-16 Johan Danielsson <[email protected]> * lib/krb5/krb5.h: add opaque krb5_krbhst_handle type * lib/krb5/krbhst.c: change void* to krb5_krbhst_handle * lib/krb5/krb5.h: types for new krbhst api * lib/krb5/krbhst.c: implement a new api that looks up one host at a time, instead of making a list of hosts 2001-06-09 Johan Danielsson <[email protected]> * configure.in: test for initstate and setstate * lib/krb5/krbhst.c: remove rfc2052 support 2001-06-08 Johan Danielsson <[email protected]> * fix some manpages for broken mdoc.old grog test 2001-05-28 Assar Westerlund <[email protected]> * lib/krb5/krb5.conf.5: add [appdefaults] * lib/krb5/init_creds_pw.c: remove configuration reading that is now done in krb5_get_init_creds_opt_set_default_flags * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_default_flags): add reading of libdefaults versions of these and add no_addresses * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string when preauth was required and we retry 2001-05-25 Assar Westerlund <[email protected]> * lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call krb5_get_krb524hst * lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the support functions 2001-05-22 Assar Westerlund <[email protected]> * kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec properly 2001-05-17 Assar Westerlund <[email protected]> * Release 0.3f 2001-05-17 Assar Westerlund <[email protected]> * lib/krb5/Makefile.am: bump version to 16:0:0 * lib/hdb/Makefile.am: bump version to 7:1:0 * lib/asn1/Makefile.am: bump version to 5:0:0 * lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4 * lib/krb5/codec.c: remove dead code 2001-05-17 Johan Danielsson <[email protected]> * kdc/config.c: actually check the ticket addresses 2001-05-15 Assar Westerlund <[email protected]> * lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct parenthesis * lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add `errno' (called system_error) to allow callers to make sure they pass the current and relevant value. update callers 2001-05-14 Johan Danielsson <[email protected]> * lib/krb5/verify_user.c: krb5_verify_user_opt * lib/krb5/krb5.h: verify_opt * kdc/kerberos5.c: pass context to krb5_domain_x500_decode 2001-05-14 Assar Westerlund <[email protected]> * kpasswd/kpasswdd.c: adapt to new address functions * kdc/kerberos5.c: adapt to changing address functions use LR_TYPE * kdc/connect.c: adapt to changing address functions * kdc/config.c: new krb5_config_parse_file * kdc/524.c: new krb5_sockaddr2address * lib/krb5/*: add some krb5_{set,clear}_error_string * lib/asn1/k5.asn1 (LR_TYPE): add * lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x 2001-05-11 Assar Westerlund <[email protected]> * kdc/kerberos5.c (tsg_rep): fix typo in variable name * kpasswd/kpasswd-generator.c (nop_prompter): update prototype * lib/krb5/init_creds_pw.c: update to new prompter, use prompter types and send two prompts at once when changning password * lib/krb5/prompter_posix.c (krb5_prompter_posix): add name * lib/krb5/krb5.h (krb5_prompt): add type (krb5_prompter_fct): add anem * lib/krb5/cache.c (krb5_cc_next_cred): transpose last two paramaters to krb5_cc_next_cred (as MIT does, and not as they document). From "Jacques A. Vidrine" <[email protected]> 2001-05-11 Johan Danielsson <[email protected]> * lib/krb5/Makefile.am: store-test * lib/krb5/store-test.c: simple bit storage test * lib/krb5/store.c: add more byteorder storage flags * lib/krb5/krb5.h: add more byteorder storage flags * kdc/kerberos5.c: don't use NULL where we mean 0 * kdc/kerberos5.c: put referral test code in separate function, and test for KRB5_NT_SRV_INST 2001-05-10 Assar Westerlund <[email protected]> * admin/list.c (do_list): do not close the keytab if opening it failed * admin/list.c (do_list): always print complete names. print everything to stdout. * admin/list.c: print both v5 and v4 list by default * admin/remove.c (kt_remove): reorganize some. open the keytab (defaulting to the modify one). * admin/purge.c (kt_purge): reorganize some. open the keytab (defaulting to the modify one). correct usage strings * admin/list.c (kt_list): reorganize some. open the keytab * admin/get.c (kt_get): reorganize some. open the keytab (defaulting to the modify one) * admin/copy.c (kt_copy): default to modify key name. re-organise * admin/change.c (kt_change): reorganize some. open the keytab (defaulting to the modify one) * admin/add.c (kt_add): reorganize some. open the keytab (defaulting to the modify one) * admin/ktutil.c (main): do not open the keytab, let every sub-function handle it * kdc/config.c (configure): call free_getarg_strings * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for a few more errors * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make `use_dns' parameter boolean * lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify * lib/krb5/context.c (init_context_from_config_file): set default_keytab_modify * lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab (KEYTAB_DEFAULT_MODIFY): add * lib/krb5/keytab.c (krb5_kt_default_modify_name): add (krb5_kt_resolve): set error string for failed keytab type 2001-05-08 Assar Westerlund <[email protected]> * lib/krb5/crypto.c (encryption_type): make field names more consistent (create_checksum): separate usage and type (krb5_create_checksum): add a separate type parameter (encrypt_internal): only free once on mismatched checksum length * lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what realm we didn't manage to reach any KDC for in the error string * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free the entire subkey. from <[email protected]> 2001-05-07 Johan Danielsson <[email protected]> * lib/krb5/keytab_keyfile.c (akf_start_seq_get): return KT_NOTFOUND if the file is empty 2001-05-07 Assar Westerlund <[email protected]> * lib/krb5/fcache.c: call krb5_set_error_string when open fails fatally * lib/krb5/keytab_file.c: call krb5_set_error_string when open fails fatally * lib/krb5/warn.c (_warnerr): print error_string in context in preference to error string derived from error code * kuser/kinit.c (main): try to print the error string * lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible error strings for errors * lib/krb5/krb5.h (krb5_context_data): add error_string and error_buf * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c * lib/krb5/error_string.c: new file 2001-05-02 Johan Danielsson <[email protected]> * lib/krb5/time.c: krb5_string_to_deltat * lib/krb5/sock_principal.c: one less data copy * lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's * lib/krb5/get_default_principal.c: change this slightly * lib/krb5/crypto.c: make checksum_types into an array of pointers * lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc ticket 2001-04-29 Assar Westerlund <[email protected]> * kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for the right realm if we fail to find a non-krbtgt service in the database and the second component does a succesful non-dns lookup to get the real realm (which has to be different from the originally-supplied realm). this should help windows 2000 clients that always start their lookups in `their' realm and do not have any idea of how to map hostnames into realms * kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm 2001-04-27 Johan Danielsson <[email protected]> * lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra parameter to request use of dns or not 2001-04-25 Assar Westerlund <[email protected]> * admin/get.c (kt_get): allow specification of encryption types * lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to close an unopened ccache, noted by <[email protected]> * lib/krb5/krb5.h (krb5_any_ops): add declaration * lib/krb5/context.c (init_context_from_config_file): register krb5_any_ops * lib/krb5/keytab_any.c: new file, implementing union of keytabs * lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c * lib/krb5/init_creds_pw.c (get_init_creds_common): handle options == NULL. noted by <[email protected]> 2001-04-19 Johan Danielsson <[email protected]> * lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything else, from Jacques Vidrine 2001-04-18 Johan Danielsson <[email protected]> * lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h * lib/asn1/Makefile.am: add asn1_ENCTYPE.x * lib/krb5/krb5.h: adapt to asn1 changes * lib/asn1/k5.asn1: move enctypes here * lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid conflicts * lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid conflicts * lib/asn1/lex.l: use strtol to parse constants 2001-04-06 Johan Danielsson <[email protected]> * kuser/kinit.c: add simple support for running commands 2001-03-26 Assar Westerlund <[email protected]> * lib/hdb/hdb-ldap.c: change order of includes to allow it to work with more versions of openldap * kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error replies (*): update callers of krb5_km_error (check_tgs_flags): handle renews requesting non-renewable tickets * lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime and cusec * lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add compatibility names * lib/krb5/crypto.c (create_checksum): change so that `type == 0' means pick from the `crypto' (context) and otherwise use that type. this is not a large change in practice and allows callers to specify the exact checksum algorithm to use 2001-03-13 Assar Westerlund <[email protected]> * lib/krb5/get_cred.c (get_cred_kdc): add support for falling back to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad integrity'. this helps for talking to old (pre 0.3d) KDCs 2001-03-12 Assar Westerlund <[email protected]> * lib/krb5/crypto.c (krb5_derive_key): new function, used by derived-key-test.c * lib/krb5/string-to-key-test.c: add new test vectors posted by Ken Raeburn <[email protected]> in <[email protected]> to [email protected] * lib/krb5/n-fold-test.c: more test vectors from same source * lib/krb5/derived-key-test.c: more tests from same source 2001-03-06 Assar Westerlund <[email protected]> * acconfig.h: include roken_rename.h when appropriate 2001-03-06 Assar Westerlund <[email protected]> * lib/krb5/krb5.h (krb5_enctype): remove trailing comma 2001-03-04 Assar Westerlund <[email protected]> * lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for compatibility with MIT krb5 2001-03-02 Assar Westerlund <[email protected]> * kuser/kinit.c (main): only request a renewable ticket when explicitly requested. it still gets a renewable one if the renew life is specified * kuser/kinit.c (renew_validate): treat -1 as flags not being set 2001-02-28 Johan Danielsson <[email protected]> * lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list 2001-02-27 Johan Danielsson <[email protected]> * lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt 2001-02-25 Assar Westerlund <[email protected]> * configure.in: do not use -R when testing for des functions 2001-02-14 Assar Westerlund <[email protected]> * configure.in: test for lber.h when trying to link against openldap to handle openldap v1, from Sumit Bose <[email protected]> 2001-02-19 Assar Westerlund <[email protected]> * lib/asn1/libasn1.h: add string.h (for memset) 2001-02-15 Assar Westerlund <[email protected]> * lib/krb5/warn.c (_warnerr): add printf attributes * lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address returned by getaddrinfo before trying the next kdc. from [email protected] * lib/krb5/krb5.conf.5: fix default_realm in example * kdc/connect.c: fix a few kdc_log format types * configure.in: try to handle libdes/libcrypto ont requiring -L 2001-02-10 Assar Westerlund <[email protected]> * lib/asn1/gen_decode.c (generate_type_decode): zero the data at the beginning of the generated function, and add a label `fail' that the code jumps to in case of errors that frees all allocated data 2001-02-07 Assar Westerlund <[email protected]> * configure.in: aix dce: fix misquotes, from Ake Sandgren <[email protected]> * configure.in (dpagaix_LDFLAGS): try to add export file 2001-02-05 Assar Westerlund <[email protected]> * lib/krb5/krb5_keytab.3: new man page, contributed by <[email protected]> * kdc/kaserver.c: update to new db_fetch4 2001-02-05 Assar Westerlund <[email protected]> * Release 0.3e 2001-01-30 Assar Westerlund <[email protected]> * kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key properly (kdb_prop): decrypt key properly * kdc/hprop.c: handle building with KRB4 always try to decrypt v4 data with the master key leave it up to the v5 how to encrypt with that master key * kdc/kstash.c: include file name in error messages * kdc/hprop.c: fix a typo and check some more return values * lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s correctly. From Jacques Vidrine <[email protected]> * kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than ENOENT * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 15:0:0 * lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0 * lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2 * kdc/misc.c (db_fetch): return an error code. change callers to look at this and try to print it in log messages * lib/krb5/crypto.c (decrypt_internal_derived): check that there's enough data 2001-01-29 Assar Westerlund <[email protected]> * kdc/hprop.c (realm_buf): move it so it becomes properly conditional on KRB4 * lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey, hdb_unseal_keys, hdb_seal_keys): check that we have the correct master key and that we manage to decrypt the key properly, returning an error code. fix all callers to check return value. * tools/krb5-config.in: use @LIB_des_appl@ * tools/Makefile.am (krb5-config): add LIB_des_appl * configure.in (LIB_des): set correctly (LIB_des_appl): add for the use by krb5-config.in * lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write} to make sure of not dropping data when doing it over a socket. (this might break when used with ordinary files on win32) * lib/hdb/hdb_err.et (NO_MKEY): add * kdc/kerberos5.c (as_rep): be paranoid and check krb5_enctype_to_string for failure, noted by <[email protected]> * lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3, lib/krb5/krb5_auth_context.3: add new man pages, contributed by <[email protected]> * use the openssl api for md4/md5/sha and handle openssl/*.h * kdc/kaserver.c (do_getticket): check length of ticket. noted by <[email protected]> 2001-01-28 Assar Westerlund <[email protected]> * configure.in: send -R instead of -rpath to libtool to set runtime library paths * lib/krb5/Makefile.am: remove all dependencies on libkrb 2001-01-27 Assar Westerlund <[email protected]> * appl/rcp: add port of bsd rcp changed to use existing rsh, contributed by Richard Nyberg <[email protected]> 2001-01-27 Johan Danielsson <[email protected]> * lib/krb5/get_port.c: don't warn if the port name can't be found, nobody cares anyway 2001-01-26 Johan Danielsson <[email protected]> * kdc/hprop.c: make it possible to convert a v4 dump file without having any v4 libraries; the kdb backend still require them * kdc/v4_dump.c: include shadow definition of kdb Principal, so we don't have to depend on any v4 libraries * kdc/hprop.h: include shadow definition of kdb Principal, so we don't have to depend on any v4 libraries * lib/hdb/print.c: reduce number of memory allocations * lib/hdb/mkey.c: add support for reading krb4 /.k files 2001-01-19 Assar Westerlund <[email protected]> * lib/krb5/krb5.conf.5: document admin_server and kpasswd_server for realms document capath better * lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look at kpasswd_server before admin_server * lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in [libdefaults]capath for better hint of realm to send request to. this allows the client to specify `realm routing information' in case it cannot be done at the server (which is preferred) * lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as zero when we were expecting a sequence number. MIT krb5 cannot generate a sequence number of zero, instead generating no sequence number * lib/krb5/rd_safe.c (krb5_rd_safe): dito 2001-01-11 Assar Westerlund <[email protected]> * kpasswd/kpasswdd.c: add --port option 2001-01-10 Assar Westerlund <[email protected]> * lib/krb5/appdefault.c (krb5_appdefault_string): fix condition just before returning 2001-01-09 Assar Westerlund <[email protected]> * appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred 2001-01-05 Johan Danielsson <[email protected]> * kuser/kinit.c: call a time `time', and not `seconds' * lib/krb5/init_creds.c: not much point in setting the anonymous flag here * lib/krb5/krb5_appdefault.3: document appdefault_time 2001-01-04 Johan Danielsson <[email protected]> * lib/krb5/verify_user.c: use krb5_get_init_creds_opt_set_default_flags * kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags * lib/krb5/init_creds.c: new function krb5_get_init_creds_opt_set_default_flags to set options from krb5.conf * lib/krb5/rd_cred.c: make this match the MIT function * lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL def_val (krb5_appdefault_time): new function 2001-01-03 Assar Westerlund <[email protected]> * kdc/hpropd.c (main): handle EOF when reading from stdin
