xref: /freebsd/crypto/heimdal/ChangeLog.1998 (revision 2e3507c25e42292b45a5482e116d278f5515d04d)
1Sat Dec  5 19:49:34 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
2
3	* lib/krb5/context.c: remove ktype_is_etype
4
5	* lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE
6
7	* configure.in: fix for AIX install; better tests for AIX dynamic
8 	AFS libs; `--enable-new-des3-code'
9
10Tue Dec  1 14:44:44 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
11
12	* appl/afsutil/Makefile.am: link with extra libs for aix
13
14	* kuser/Makefile.am: link with extra libs for aix
15
16Sun Nov 29 01:56:21 1998  Assar Westerlund  <assar@sics.se>
17
18	* lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add.  almost
19 	the same as krb5_get_all_client_addrs except that it includes
20 	loopback addresses
21
22	* kdc/connect.c (init_socket): bind to a particular address
23	(init_sockets): get all local addresses and bind to them all
24
25	* lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
26 	methods
27	(find_af, find_atype): new functions.  use them.
28
29	* configure.in: add hesiod
30
31Wed Nov 25 11:37:48 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
32
33	* lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03
34
35Mon Nov 23 12:53:48 1998  Assar Westerlund  <assar@sics.se>
36
37	* lib/kadm5/log.c: rename delete -> remove
38
39	* lib/kadm5/delete_s.c: rename delete -> remove
40
41	* lib/hdb/common.c: rename delete -> remove
42
43Sun Nov 22 12:26:26 1998  Assar Westerlund  <assar@sics.se>
44
45	* configure.in: check for environ and `struct spwd'
46
47Sun Nov 22 11:42:45 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
48
49	* kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
50 	ktype_is_etype
51
52	* lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
53 	etypes
54	(em): sort entries
55
56Sun Nov 22 06:54:48 1998  Assar Westerlund  <assar@sics.se>
57
58	* lib/krb5/init_creds_pw.c: more type correctness
59
60	* lib/krb5/get_cred.c: re-structure code.  remove limits on ASN1
61 	generated bits.
62
63Sun Nov 22 01:49:50 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
64
65	* kdc/hprop.c (v4_prop): fix bogus indexing
66
67Sat Nov 21 21:39:20 1998  Assar Westerlund  <assar@sics.se>
68
69	* lib/krb5/verify_init.c (fail_verify_is_ok): new function
70	(krb5_verify_init_creds): if we cannot get a ticket for
71	host/`hostname` and fail_verify_is_ok just return.  use
72 	krb5_rd_req
73
74Sat Nov 21 23:12:27 1998  Assar Westerlund  <assar@sics.se>
75
76	* lib/krb5/free.c (krb5_xfree): new function
77
78	* lib/krb5/creds.c (krb5_free_creds_contents): new function
79
80	* lib/krb5/context.c: more type correctness
81
82	* lib/krb5/checksum.c: more type correctness
83
84	* lib/krb5/auth_context.c (krb5_auth_con_init): more type
85 	correctness
86
87	* lib/asn1/der_get.c (der_get_length): fix test of len
88	(der_get_tag): more type correctness
89
90	* kuser/klist.c (usage): void-ize
91
92	* admin/ktutil.c (kt_remove): some more type correctness.
93
94Sat Nov 21 16:49:20 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
95
96	* kuser/klist.c: try to list enctypes as keytypes
97
98	* kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
99 	to set list of enctypes to use
100
101	* kadmin/load.c: load strings as hex
102
103	* kadmin/dump.c: dump hex as string is possible
104
105	* admin/ktutil.c: use print_version()
106
107	* configure.in, acconfig.h: test for hesiod
108
109Sun Nov 15 17:28:19 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
110
111	* lib/krb5/crypto.c: add some crypto debug code
112
113	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
114 	buffer when encoding ticket
115
116	* lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'
117
118	* kdc/kerberos5.c: allow mis-match of tgt session key, and service
119 	session key
120
121	* admin/ktutil.c: keytype -> enctype
122
123Fri Nov 13 05:35:48 1998  Assar Westerlund  <assar@sics.se>
124
125	* lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
126
127Sat Nov  7 19:56:31 1998  Assar Westerlund  <assar@sics.se>
128
129	* lib/krb5/get_cred.c (add_cred): add termination NULL pointer
130
131Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>
132
133	* lib/krb5/rd_req.c: adapt to new crypto api
134
135	* lib/krb5/rd_rep.c: adapt to new crypto api
136
137	* lib/krb5/rd_priv.c: adopt to new crypto api
138
139	* lib/krb5/rd_cred.c: adopt to new crypto api
140
141	* lib/krb5/principal.c: ENOMEM -> ERANGE
142
143	* lib/krb5/mk_safe.c: cleanup and adopt to new crypto api
144
145	* lib/krb5/mk_req_ext.c: adopt to new crypto api
146
147	* lib/krb5/mk_req.c: get enctype from auth_context keyblock
148
149	* lib/krb5/mk_rep.c: cleanup and adopt to new crypto api
150
151	* lib/krb5/mk_priv.c: adopt to new crypto api
152
153	* lib/krb5/keytab.c: adopt to new crypto api
154
155	* lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api
156
157	* lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api
158
159	* lib/krb5/get_in_tkt_pw.c: adopt to new crypto api
160
161	* lib/krb5/get_in_tkt.c: adopt to new crypto api
162
163	* lib/krb5/get_cred.c: adopt to new crypto api
164
165	* lib/krb5/generate_subkey.c: use new crypto api
166
167	* lib/krb5/context.c: rename etype functions to enctype ditto
168
169	* lib/krb5/build_auth.c: use new crypto api
170
171	* lib/krb5/auth_context.c: remove enctype and cksumtype from
172 	auth_context
173
174Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@sics.se>
175
176	* kdc/connect.c (handle_udp, handle_tcp): correct type of `n'
177
178Tue Sep 15 18:41:38 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
179
180	* admin/ktutil.c: fix printing of unrecognized keytypes
181
182Tue Sep 15 17:02:33 1998  Johan Danielsson  <joda@hella.pdc.kth.se>
183
184	* lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
185 	using AFS3 salt
186
187Tue Aug 25 23:30:52 1998  Assar Westerlund  <assar@sics.se>
188
189	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
190 	`use_admin_kdc'
191
192	* lib/krb5/changepw.c (get_kdc_address): use
193 	krb5_get_krb_admin_hst
194
195	* lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function
196
197	* lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'
198
199	* lib/krb5/context.c (krb5_get_use_admin_kdc,
200 	krb5_set_use_admin_kdc): new functions
201
202Tue Aug 18 22:24:12 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
203
204	* lib/krb5/crypto.c: remove all calls to abort(); check return
205 	value from _key_schedule;
206	(RSA_MD[45]_DES_verify): zero tmp and res;
207	(RSA_MD5_DES3_{verify,checksum}): implement
208
209Mon Aug 17 20:18:46 1998  Assar Westerlund  <assar@sics.se>
210
211	* kdc/kerberos4.c (swap32): conditionalize
212
213	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function
214
215	* lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
216 	returned from gethostby*() isn't a FQDN, try with the original
217 	hostname
218
219	* lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
220 	and correct key usage
221
222	* lib/krb5/crypto.c (verify_checksum): make static
223
224	* admin/ktutil.c (kt_list): use krb5_enctype_to_string
225
226Sun Aug 16 20:57:56 1998  Assar Westerlund  <assar@sics.se>
227
228	* kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt
229
230	* kadmin/ank.c (ank): print principal name in prompt
231
232	* lib/krb5/crypto.c (hmac): always allocate space for checksum.
233  	never trust c.checksum.length
234	(_get_derived_key): try to return the derived key
235
236Sun Aug 16 19:48:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
237
238	* lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
239	(get_checksum_key): assume usage is `formatted'
240	(create_checksum,verify_checksum): moved the guts of the krb5_*
241	functions here, both take `formatted' key-usages
242	(encrypt_internal_derived): fix various bogosities
243	(derive_key): drop key_type parameter (already given by the
244	encryption_type)
245
246	* kdc/kerberos5.c (check_flags): handle case where client is NULL
247
248	* kdc/connect.c (process_request): return zero after processing
249 	kerberos 4 request
250
251Sun Aug 16 18:38:15 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
252
253	* lib/krb5/crypto.c: merge x-*.[ch] into one file
254
255	* lib/krb5/cache.c: remove residual from krb5_ccache_data
256
257Fri Aug 14 16:28:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
258
259	* lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
260 	separate function (will eventually end up someplace else)
261
262	* lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key
263
264	* configure.in, acconfig.h: test for four valued krb_put_int
265
266Thu Aug 13 23:46:29 1998  Assar Westerlund  <assar@emma.pdc.kth.se>
267
268	* Release 0.0t
269
270Thu Aug 13 22:40:17 1998  Assar Westerlund  <assar@sics.se>
271
272	* lib/krb5/config_file.c (parse_binding): remove trailing
273 	whitespace
274
275Wed Aug 12 20:15:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
276
277	* lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
278 	to krb5_create_checksum
279
280	* lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
281 	few typos
282
283Wed Aug  5 12:39:54 1998  Assar Westerlund  <assar@emma.pdc.kth.se>
284
285	* Release 0.0s
286
287Thu Jul 30 23:12:17 1998  Assar Westerlund  <assar@sics.se>
288
289	* lib/krb5/mk_error.c (krb5_mk_error): realloc until you die
290
291Thu Jul 23 19:49:03 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
292
293	* kdc/kdc_locl.h: proto for `get_des_key'
294
295	* configure.in: test for four valued el_init
296
297	* kuser/klist.c: keytype -> enctype
298
299	* kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'
300
301	* kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys
302
303	* kdc/kaserver.c: use `get_des_key'
304
305	* kdc/524.c: use new crypto api
306
307	* kdc/kerberos4.c: use new crypto api
308
309	* kdc/kerberos5.c: always treat keytypes as enctypes; use new
310 	crypto api
311
312	* kdc/kstash.c: adapt to new crypto api
313
314	* kdc/string2key.c: adapt to new crypto api
315
316	* admin/srvconvert.c: add keys for all possible enctypes
317
318	* admin/ktutil.c: keytype -> enctype
319
320	* lib/gssapi/init_sec_context.c: get enctype from auth_context
321 	keyblock
322
323	* lib/hdb/hdb.c: remove hdb_*_keytype2key
324
325	* lib/kadm5/set_keys.c: adapt to new crypto api
326
327	* lib/kadm5/rename_s.c: adapt to new crypto api
328
329	* lib/kadm5/get_s.c: adapt to new crypto api
330
331	* lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
332 	des-cbc-md5, and des3-cbc-sha1
333
334	* lib/krb5/heim_err.et: error message for unsupported salt
335
336	* lib/krb5/codec.c: short-circuit these functions, since they are
337 	not needed any more
338
339	* lib/krb5/rd_safe.c: cleanup and adapt to new crypto api
340
341Mon Jul 13 23:00:59 1998  Assar Westerlund  <assar@sics.se>
342
343	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
344 	hostent->h_addr_list, use a copy instead
345
346Mon Jul 13 15:00:31 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
347
348	* lib/krb5/config_file.c (parse_binding, parse_section): make sure
349 	everything is ok before adding to linked list
350
351	* lib/krb5/config_file.c: skip ws before checking for comment
352
353Wed Jul  8 10:45:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
354
355	* lib/asn1/k5.asn1: hmac-sha1-des3 = 12
356
357Tue Jun 30 18:08:05 1998  Assar Westerlund  <assar@sics.se>
358
359	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
360 	unopened file
361
362	* lib/krb5/mk_priv.c: realloc correctly
363
364	* lib/krb5/get_addrs.c (find_all_addresses): init j
365
366	* lib/krb5/context.c (krb5_init_context): print error if parsing
367 	of config file produced an error.
368
369	* lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
370 	ignore more spaces
371
372	* lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
373 	krb5_encode_ETYPE_INFO): initialize `ret'
374
375	* lib/krb5/build_auth.c (krb5_build_authenticator): realloc
376 	correctly
377
378	* lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'
379
380	* lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
381 	with default_client
382
383	* kuser/kinit.c (main): initialize `ticket_life'
384
385	* kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
386	(tgs_rep2): initialize `krbtgt'
387
388	* kdc/connect.c (do_request): check for errors from `sendto'
389
390	* kdc/524.c (do_524): initialize `ret'
391
392	* kadmin/util.c (foreach_principal): don't clobber `ret'
393
394	* kadmin/del.c (del_entry): don't apply on zeroth argument
395
396	* kadmin/cpw.c (do_cpw_entry): initialize `ret'
397
398Sat Jun 13 04:14:01 1998  Assar Westerlund  <assar@juguete.sics.se>
399
400	* Release 0.0r
401
402Sun Jun  7 04:13:14 1998  Assar Westerlund  <assar@sics.se>
403
404	* lib/krb5/addr_families.c: fall-back definition of
405 	IN6_ADDR_V6_TO_V4
406
407	* configure.in: only set CFLAGS if it wasn't set look for
408 	dn_expand and res_search
409
410Mon Jun  1 21:28:07 1998  Assar Westerlund  <assar@sics.se>
411
412	* configure.in: remove duplicate seteuid
413
414Sat May 30 00:19:51 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
415
416	* lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
417 	runtime dependencies on libkrb with some shared library
418 	implementations
419
420Fri May 29 00:09:02 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
421
422	* kuser/kinit_options.c: Default options for kinit.
423
424	* kuser/kauth_options.c: Default options for kauth.
425
426	* kuser/kinit.c: Implement lots a new options.
427
428	* kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
429 	is not NULL; set endtime to min of new starttime + old_life, and
430 	requested endtime
431
432	* lib/krb5/init_creds_pw.c (get_init_creds_common): if the
433 	forwardable or proxiable flags are set in options, set the
434 	kdc-flags to the value specified, and not always to one
435
436Thu May 28 21:28:06 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
437
438	* kdc/kerberos5.c: Optionally compare client address to addresses
439 	in ticket.
440
441	* kdc/connect.c: Pass client address to as_rep() and tgs_rep().
442
443	* kdc/config.c: Add check_ticket_addresses, and
444 	allow_null_ticket_addresses variables.
445
446Tue May 26 14:03:42 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
447
448	* lib/kadm5/create_s.c: possibly make DES keys version 4 salted
449
450	* lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
451 	before zapping version 4 salts
452
453Sun May 24 05:22:17 1998  Assar Westerlund  <assar@sics.se>
454
455	* Release 0.0q
456
457	* lib/krb5/aname_to_localname.c: new file
458
459	* lib/gssapi/init_sec_context.c (repl_mutual): no output token
460
461	* lib/gssapi/display_name.c (gss_display_name): zero terminate
462 	output.
463
464Sat May 23 19:11:07 1998  Assar Westerlund  <assar@sics.se>
465
466	* lib/gssapi/display_status.c: new file
467
468	* Makefile.am: send -I to aclocal
469
470	* configure.in: remove duplicate setenv
471
472Sat May 23 04:55:19 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
473
474	* kadmin/util.c (foreach_principal): Check for expression before
475 	wading through the whole database.
476
477	* kadmin/kadmin.c: Pass NULL password to
478 	kadm5_*_init_with_password.
479
480	* lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
481 	of `password' parameter to init_with_password.
482
483	* lib/kadm5/init_s.c: implement init_with_{skey,creds}*
484
485	* lib/kadm5/server.c: Better arguments for
486 	kadm5_init_with_password.
487
488Sat May 16 07:10:36 1998  Assar Westerlund  <assar@sics.se>
489
490	* kdc/hprop.c: conditionalize ka-server reading support on
491 	KASERVER_DB
492
493	* configure.in: new option `--enable-kaserver-db'
494
495Fri May 15 19:39:18 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
496
497	* lib/krb5/get_cred.c: Better error if local tgt couldn't be
498 	found.
499
500Tue May 12 21:11:02 1998  Assar Westerlund  <assar@sics.se>
501
502	* Release 0.0p
503
504	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
505 	encryption type in auth_context if it's compatible with the type
506 	of the session key
507
508Mon May 11 21:11:14 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
509
510	* kdc/hprop.c: add support for ka-server databases
511
512	* appl/ftp/ftpd: link with -lcrypt, if needed
513
514Fri May  1 07:29:52 1998  Assar Westerlund  <assar@sics.se>
515
516	* configure.in: don't test for winsock.h
517
518Sat Apr 18 21:43:11 1998  Johan Danielsson  <joda@puffer.pdc.kth.se>
519
520	* Release 0.0o
521
522Sat Apr 18 00:31:11 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
523
524	* lib/krb5/sock_principal.c: Save hostname.
525
526Sun Apr  5 11:29:45 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
527
528	* lib/krb5/mk_req_ext.c: Use same enctype as in ticket.
529
530	* kdc/hprop.c (v4_prop): Check for null key.
531
532Fri Apr  3 03:54:54 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
533
534	* lib/krb5/str2key.c: Fix DES3 string-to-key.
535
536	* lib/krb5/keytab.c: Get default keytab name from context.
537
538	* lib/krb5/context.c: Get `default_keytab_name' value.
539
540	* kadmin/util.c (foreach_principal): Print error message if
541 	`kadm5_get_principals' fails.
542
543	* kadmin/kadmind.c: Use `kadmind_loop'.
544
545	* lib/kadm5/server.c: Replace several other functions with
546 	`kadmind_loop'.
547
548Sat Mar 28 09:49:18 1998  Assar Westerlund  <assar@sics.se>
549
550	* lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
551 	of O_APPEND
552
553	* configure.in: generate ftp Makefiles
554
555	* kuser/klist.c (print_cred_verbose): print IPv4-address in a
556 	portable way.
557
558	* admin/srvconvert.c (srvconv): return 0 if successful
559
560Tue Mar 24 00:40:33 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
561
562	* lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
563 	keytab entries, and change default keytab to `/etc/krb5.keytab'.
564
565Mon Mar 23 23:43:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
566
567	* lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.
568
569	* lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
570  	Fix bug in checking of pad.
571
572	* lib/gssapi/{un,}wrap.c: Add support for just integrity
573 	protecting data.
574
575	* lib/gssapi/accept_sec_context.c: Use
576 	`gssapi_krb5_verify_8003_checksum'.
577
578	* lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.
579
580	* lib/gssapi/init_sec_context.c: Zero cred, and store session key
581 	properly in auth-context.
582
583Sun Mar 22 00:47:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
584
585	* lib/kadm5/delete_s.c: Check immutable bit.
586
587	* kadmin/kadmin.c: Pass client name to kadm5_init.
588
589	* lib/kadm5/init_c.c: Get creds for client name passed in.
590
591	* kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.
592
593Sat Mar 21 22:57:13 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
594
595	* lib/krb5/mk_error.c: Verify that error_code is in the range
596 	[0,127].
597
598	* kdc/kerberos5.c: Move checking of principal flags to new
599 	function `check_flags'.
600
601Sat Mar 21 14:38:51 1998  Assar Westerlund  <assar@sics.se>
602
603	* lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt
604
605	* configure.in: define SunOS if running solaris
606
607Sat Mar 21 00:26:34 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
608
609	* lib/kadm5/server.c: Unifdef test for same principal when
610 	changing password.
611
612	* kadmin/util.c: If kadm5_get_principals failes, we might still be
613 	able to perform the requested opreration (for instance someone if
614 	trying to change his own password).
615
616	* lib/kadm5/init_c.c: Try to get ticket via initial request, if
617 	not possible via tgt.
618
619	* lib/kadm5/server.c: Check for principals changing their own
620 	passwords.
621
622	* kdc/kerberos5.c (tgs_rep2): check for interesting flags on
623 	involved principals.
624
625	* kadmin/util.c: Fix order of flags.
626
627Thu Mar 19 16:54:10 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
628
629	* kdc/kerberos4.c: Return sane error code if krb_rd_req fails.
630
631Wed Mar 18 17:11:47 1998  Assar Westerlund  <assar@sics.se>
632
633	* acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6
634
635Wed Mar 18 09:58:18 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
636
637	* lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
638 	free keyseed; use correct keytab
639
640Tue Mar 10 09:56:16 1998  Assar Westerlund  <assar@sics.se>
641
642	* acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives
643
644Mon Mar 16 23:58:23 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
645
646	* Release 0.0n
647
648Fri Mar  6 00:41:30 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
649
650	* lib/gssapi/{accept_sec_context,release_cred}.c: Use
651	krb5_kt_close/krb5_kt_resolve.
652
653	* lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
654 	to lookup hosts, so CNAMEs can be ignored.
655
656	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
657 	Add support for using proxy.
658
659	* lib/krb5/context.c: Initialize `http_proxy' from
660 	`libdefaults/http_proxy'.
661
662	* lib/krb5/krb5.h: Add `http_proxy' to context.
663
664	* lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
665 	specifications.
666
667Wed Mar  4 01:47:29 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
668
669	* admin/ktutil.c: Implement `add' and `remove' functions. Make
670 	`--keytab' a global option.
671
672	* lib/krb5/keytab.c: Implement remove with files. Add memory
673 	operations.
674
675Tue Mar  3 20:09:59 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
676
677	* lib/krb5/keytab.c: Use function pointers.
678
679	* admin: Remove kdb_edit.
680
681Sun Mar  1 03:28:42 1998  Assar Westerlund  <assar@sics.se>
682
683	* lib/kadm5/dump_log.c: print operation names
684
685Sun Mar  1 03:04:12 1998  Assar Westerlund  <assar@sics.se>
686
687	* configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}
688
689	* lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
690 	remove arbitrary limit
691
692	* kdc/hprop-common.c: use krb5_{read,write}_message
693
694	* lib/kadm5/ipropd_master.c (send_diffs): more careful use
695 	krb5_{write,read}_message
696
697	* lib/kadm5/ipropd_slave.c (get_creds): get credentials for
698 	`iprop/master' directly.
699	(main): use `krb5_read_message'
700
701Sun Mar  1 02:05:11 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
702
703	* kadmin/kadmin.c: Cleanup commands list, and add help strings.
704
705	* kadmin/get.c: Add long, short, and terse (equivalent to `list')
706 	output formats. Short is the default.
707
708	* kadmin/util.c: Add `include_time' flag to timeval2str.
709
710	* kadmin/init.c: Max-life and max-renew can, infact, be zero.
711
712	* kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.
713
714	* kadmin/util.c: Add function `foreach_principal', that loops over
715 	all principals matching an expression.
716
717	* kadmin/kadmin.c: Add usage string to `privileges'.
718
719	* lib/kadm5/get_princs_s.c: Also try to match aganist the
720 	expression appended with `@default-realm'.
721
722	* lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
723 	excludes the realm if it's the same as the default realm.
724
725Fri Feb 27 05:02:21 1998  Assar Westerlund  <assar@sics.se>
726
727	* configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
728 	headers and functions error -> com_err
729
730 	(krb5_get_init_creds_keytab): use krb5_keytab_key_proc
731
732	* lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
733 	global
734
735	* lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'
736
737	* lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.
738
739Fri Feb 27 04:49:24 1998  Assar Westerlund  <assar@sics.se>
740
741	* lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
742  	This should be fixed the correct way.
743
744	* lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
745	(send_diffs): compare versions correctly
746	(main): reorder handling of events
747
748	* lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion
749
750Thu Feb 26 02:22:35 1998  Assar Westerlund  <assar@sics.se>
751
752	* lib/kadm5/ipropd_{slave,master}.c: new files
753
754	* lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
755 	argument
756
757	* lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
758 	et_list *'
759
760	* aux/make-proto.pl: Should work with perl4
761
762Mon Feb 16 17:20:22 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
763
764	* lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
765 	{asn1,krb5}_err.h).
766
767Thu Feb 12 03:28:40 1998  Assar Westerlund  <assar@sics.se>
768
769	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
770 	is larger than max_skew, return KRB5KRB_AP_ERR_SKEW
771
772	* lib/kadm5/log.c (get_version): globalize
773
774	* lib/kadm5/kadm5_locl.h: include <sys/file.h>
775
776	* lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY
777
778	* kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
779 	initializing local struct in declaration.
780
781Sat Jan 31 17:28:58 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
782
783	* kdc/524.c: Use krb5_decode_EncTicketPart.
784
785	* kdc/kerberos5.c: Check at runtime whether to use enctypes
786 	instead of keytypes. If so use the same value to encrypt ticket,
787 	and kdc-rep as well as `keytype' for session key. Fix some obvious
788 	bugs with the handling of additional tickets.
789
790	* lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
791 	krb5_decode_Authenticator.
792
793	* lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.
794
795	* lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.
796
797	* lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
798 	type, and not a key type.  Use krb5_encode_EncAPRepPart.
799
800	* lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.
801
802	* lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.
803
804	* lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.
805
806	* lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.
807
808	* lib/krb5/build_auth.c: Use krb5_encode_Authenticator.
809
810	* lib/krb5/codec.c: Enctype conversion stuff.
811
812	* lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
813 	setuid. Get configuration for libdefaults ktype_is_etype, and
814 	default_etypes.
815
816	* lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
817 	krb5_convert_etype to krb5_decode_keytype, and add
818 	krb5_decode_keyblock.
819
820Fri Jan 23 00:32:09 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
821
822	* lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.
823
824	* lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
825 	from protocol keytypes (that really are enctypes) to internal
826 	representation.
827
828Thu Jan 22 21:24:36 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
829
830	* lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
831 	on keys in the database; and also a new `pa-key-info' padata-type.
832
833	* kdc/kerberos5.c: If pre-authentication fails, return a list of
834 	keytypes, salttypes, and salts.
835
836	* lib/krb5/init_creds_pw.c: Add better support for
837 	pre-authentication, by looking at hints from the KDC.
838
839	* lib/krb5/get_in_tkt.c: Add better support for specifying what
840 	pre-authentication to use.
841
842	* lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
843 	KEYTYPE_DES_AFS3.
844
845	* lib/krb5/krb5.h: Add pre-authentication structures.
846
847	* kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.
848
849Wed Jan 21 06:20:40 1998  Assar Westerlund  <assar@sics.se>
850
851	* lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
852 	`log_context.socket_name' and `log_context.socket_fd'
853
854	* lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
855 	to inform the possible running ipropd of an update.
856
857Wed Jan 21 01:34:09 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
858
859	* lib/krb5/get_in_tkt.c: Return error-packet to caller.
860
861	* lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.
862
863	* kdc/kerberos5.c: Add some support for using enctypes instead of
864 	keytypes.
865
866	* lib/krb5/get_cred.c: Fixes to send authorization-data to the
867 	KDC.
868
869	* lib/krb5/build_auth.c: Only generate local subkey if there is
870 	none.
871
872	* lib/krb5/krb5.h: Add krb5_authdata type.
873
874	* lib/krb5/auth_context.c: Add
875 	krb5_auth_con_set{,localsub,remotesub}key.
876
877	* lib/krb5/init_creds_pw.c: Return some error if prompter
878 	functions return failure.
879
880Wed Jan 21 01:16:13 1998  Assar Westerlund  <assar@sics.se>
881
882	* kpasswd/kpasswd.c: detect bad password.  use krb5_err.
883
884	* kadmin/util.c (edit_entry): remove unused variables
885
886Tue Jan 20 22:58:31 1998  Assar Westerlund  <assar@sics.se>
887
888	* kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.
889
890	* lib/kadm5/kadm5_locl.h: add kadm5_log_context and
891 	kadm5_log*-functions
892
893	* lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
894 	log
895
896	* lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
897 	log
898
899	* lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
900 	log_context
901
902	* lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
903 	log
904
905	* lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
906 	log
907
908	* lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
909 	log
910
911	* lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
912 	log
913
914	* lib/kadm5/Makefile.am: add log.c, dump_log and replay_log
915
916	* lib/kadm5/replay_log.c: new file
917
918	* lib/kadm5/dump_log.c: new file
919
920	* lib/kadm5/log.c: new file
921
922	* lib/krb5/str2key.c (get_str): initialize pad space to zero
923
924	* lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL
925
926	* kpasswd/kpasswdd.c: rewritten to use the kadm5 API
927
928	* kpasswd/Makefile.am: link with kadm5srv
929
930	* kdc/kerberos5.c (tgs_rep): initialize `i'
931
932	* kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp
933
934	* include/Makefile.am: added admin.h
935
936Sun Jan 18 01:41:34 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
937
938	* lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.
939
940	* lib/krb5/mcache.c (mcc_store_cred): restore linked list if
941 	copy_creds fails.
942
943Tue Jan  6 04:17:56 1998  Assar Westerlund  <assar@sics.se>
944
945	* lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}
946
947	* lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.
948
949	* lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
950 	krb5_getportbyname
951
952	* kadmin/kadmind.c (main): htons correctly.
953	moved kadm5_server_{recv,send}
954
955	* kadmin/kadmin.c (main): only set admin_server if explicitly
956 	given
957
958Mon Jan  5 23:34:44 1998  Johan Danielsson  <joda@emma.pdc.kth.se>
959
960	* lib/hdb/ndbm.c: Implement locking of database.
961
962	* kdc/kerberos5.c: Process AuthorizationData.
963
964Sat Jan  3 22:07:07 1998  Johan Danielsson  <joda@blubb.pdc.kth.se>
965
966	* kdc/string2key.c: Use AFS string-to-key from libkrb5.
967
968	* lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.
969
970	* lib/krb5/krb5.h: Add value for AFS salts.
971
972	* lib/krb5/str2key.c: Add support for AFS string-to-key.
973
974	* lib/kadm5/rename_s.c: Use correct salt.
975
976	* lib/kadm5/ent_setup.c: Always enable client. Only set max-life
977 	and max-renew if != 0.
978
979	* lib/krb5/config_file.c: Add context to all krb5_config_*get_*.
980
981Thu Dec 25 17:03:25 1997  Assar Westerlund  <assar@sics.se>
982
983	* kadmin/ank.c (ank): don't zero password if --random-key was
984 	given.
985
986Tue Dec 23 01:56:45 1997  Assar Westerlund  <assar@sics.se>
987
988	* Release 0.0m
989
990	* lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'
991
992	* kadmin/util.c (edit_time): only set mask if != 0
993	(edit_attributes): only set mask if != 0
994
995	* kadmin/init.c (init): create `default'
996
997Sun Dec 21 09:44:05 1997  Assar Westerlund  <assar@sics.se>
998
999	* kadmin/util.c (str2deltat, str2attr, get_deltat): return value
1000 	as pointer and have return value indicate success.
1001
1002	(get_response): check NULL from fgets
1003
1004	(edit_time, edit_attributes): new functions for reading values and
1005	offering list of answers on '?'
1006
1007	(edit_entry): use edit_time and edit_attributes
1008
1009	* kadmin/ank.c (add_new_key): test the return value of
1010 	`krb5_parse_name'
1011
1012	* kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
1013 	that the checksum has to be keyed, even though later drafts do.
1014  	Accept unkeyed checksums to be compatible with MIT.
1015
1016	* kadmin/kadmin_locl.h: add some prototypes.
1017
1018	* kadmin/util.c (edit_entry): return a value
1019
1020	* appl/afsutil/afslog.c (main): return a exit code.
1021
1022	* lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes
1023
1024	* lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.
1025
1026	* lib/krb5/build_auth.c (krb5_build_authenticator): use
1027 	krb5_{free,copy}_keyblock instead of the _contents versions
1028
1029Fri Dec 12 14:20:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1030
1031	* lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey
1032
1033Mon Dec  8 08:48:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1034
1035	* lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid
1036
1037Sat Dec  6 10:09:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1038
1039	* lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
1040	keyblock
1041
1042Sat Dec  6 08:26:10 1997  Assar Westerlund  <assar@sics.se>
1043
1044	* Release 0.0l
1045
1046Thu Dec  4 03:38:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1047
1048	* lib/krb5/send_to_kdc.c: Add TCP client support.
1049
1050	* lib/krb5/store.c: Add k_{put,get}_int.
1051
1052	* kadmin/ank.c: Set initial kvno to 1.
1053
1054	* kdc/connect.c: Send version 5 TCP-reply as length+data.
1055
1056Sat Nov 29 07:10:11 1997  Assar Westerlund  <assar@sics.se>
1057
1058	* lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug
1059
1060	* kdc/kaserver.c (create_reply_ticket): use a random nonce in the
1061 	reply packet.
1062
1063	* kdc/connect.c (init_sockets): less reallocing.
1064
1065	* **/*.c: changed `struct fd_set' to `fd_set'
1066
1067Sat Nov 29 05:12:01 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1068
1069	* lib/krb5/get_default_principal.c: More guessing.
1070
1071Thu Nov 20 02:55:09 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1072
1073	* lib/krb5/rd_req.c: Use principal from ticket if no server is
1074 	given.
1075
1076Tue Nov 18 02:58:02 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1077
1078	* kuser/klist.c: Use krb5_err*().
1079
1080Sun Nov 16 11:57:43 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1081
1082	* kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
1083 	commands.
1084
1085Sun Nov 16 02:52:20 1997  Assar Westerlund  <assar@sics.se>
1086
1087	* lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
1088 	`enctype'
1089
1090	* lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
1091 	if set.
1092
1093	* lib/krb5/get_cred.c: handle the case of a specific keytype
1094
1095	* lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
1096 	parameter instead of guessing it.
1097
1098	* lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
1099 	`enctype'
1100
1101	* appl/test/common.c (common_setup): don't use `optarg'
1102
1103	* lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
1104	(krb5_kt_get_entry): retrieve the latest version if kvno == 0
1105
1106	* lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE
1107
1108	* lib/krb5/creds.c (krb5_compare_creds): check for
1109 	KRB5_TC_MATCH_KEYTYPE
1110
1111	* lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
1112 	unused variable
1113
1114	* lib/krb5/creds.c (krb5_copy_creds_contents): only free the
1115 	contents if we fail.
1116
1117Sun Nov 16 00:32:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1118
1119	* kpasswd/kpasswdd.c: Get password expiration time from config
1120 	file.
1121
1122	* lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.
1123
1124Wed Nov 12 02:35:57 1997  Assar Westerlund  <assar@sics.se>
1125
1126	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
1127 	restructured and fixed.
1128
1129	* lib/krb5/addr_families.c (krb5_h_addr2addr): new function.
1130
1131Wed Nov 12 01:36:01 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1132
1133	* lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
1134 	methods fail.
1135
1136Tue Nov 11 22:22:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1137
1138	* kadmin/kadmin.c: Add `-l' flag to use local database.
1139
1140	* lib/kadm5/acl.c: Use KADM5_PRIV_ALL.
1141
1142	* lib/kadm5: Use function pointer trampoline for easier dual use
1143 	(without radiation-hardening capability).
1144
1145Tue Nov 11 05:15:22 1997  Assar Westerlund  <assar@sics.se>
1146
1147	* lib/krb5/encrypt.c (krb5_etype_valid): new function
1148
1149	* lib/krb5/creds.c (krb5_copy_creds_contents): zero target
1150
1151	* lib/krb5/context.c (valid_etype): remove
1152
1153	* lib/krb5/checksum.c: remove dead code
1154
1155	* lib/krb5/changepw.c (send_request): free memory on error.
1156
1157	* lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
1158 	from malloc.
1159
1160	* lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
1161 	failure correctly.
1162	(krb5_auth_con_setaddrs_from_fd): return error correctly.
1163
1164	* lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files
1165
1166Tue Nov 11 02:53:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1167
1168	* lib/krb5/auth_context.c: Implement auth_con_setuserkey.
1169
1170	* lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.
1171
1172	* lib/krb5/keyblock.c: Rename krb5_free_keyblock to
1173 	krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.
1174
1175	* lib/krb5/rd_req.c: Use auth_context->keyblock if
1176 	ap_options.use_session_key.
1177
1178Tue Nov 11 02:35:17 1997  Assar Westerlund  <assar@sics.se>
1179
1180	* lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
1181	fix callers.
1182
1183	* lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>
1184
1185	* include/Makefile.am: add xdbm.h
1186
1187Tue Nov 11 01:58:22 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1188
1189	* lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.
1190
1191Mon Nov 10 22:41:53 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1192
1193	* lib/krb5/ticket.c: Implement copy_ticket.
1194
1195	* lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.
1196
1197	* lib/krb5/data.c: Implement free_data and copy_data.
1198
1199Sun Nov  9 02:17:27 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1200
1201	* lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.
1202
1203	* kadmin/kadmin.c: Add get_privileges function.
1204
1205	* lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
1206 	specification.
1207
1208	* kdc/connect.c: Exit if no sockets could be bound.
1209
1210	* kadmin/kadmind.c: Check return value from krb5_net_read().
1211
1212	* lib/kadm5,kadmin: Fix memory leaks.
1213
1214Fri Nov  7 02:45:26 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1215
1216	* lib/kadm5/create_s.c: Get some default values from `default'
1217 	principal.
1218
1219	* lib/kadm5/ent_setup.c: Add optional default entry to get some
1220 	values from.
1221
1222Thu Nov  6 00:20:41 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1223
1224	* lib/error/compile_et.awk: Remove generated destroy_*_error_table
1225 	prototype
1226
1227	* kadmin/kadmind.c: Crude admin server.
1228
1229	* kadmin/kadmin.c: Update to use remote protocol.
1230
1231	* kadmin/get.c: Fix principal formatting.
1232
1233	* lib/kadm5: Add client support.
1234
1235	* lib/kadm5/error.c: Error code mapping.
1236
1237	* lib/kadm5/server.c: Kadmind support function.
1238
1239	* lib/kadm5/marshall.c: Kadm5 marshalling.
1240
1241	* lib/kadm5/acl.c: Simple acl system.
1242
1243	* lib/kadm5/kadm5_locl.h: Add client stuff.
1244
1245	* lib/kadm5/init_s.c: Initialize acl.
1246
1247	* lib/kadm5/*:  Return values.
1248
1249	* lib/kadm5/create_s.c: Correct kvno.
1250
1251Wed Nov  5 22:06:50 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1252
1253	* lib/krb5/log.c: Fix parsing of log destinations.
1254
1255Mon Nov  3 20:33:55 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1256
1257	* lib/krb5/principal.c: Reduce number of reallocs in unparse_name.
1258
1259Sat Nov  1 01:40:53 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1260
1261	* kadmin: Simple kadmin utility.
1262
1263	* admin/ktutil.c: Print keytype.
1264
1265	* lib/kadm5/get_s.c: Set correct n_key_data.
1266
1267	* lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
1268 	master key.
1269
1270	* lib/kadm5/destroy_s.c: Check for allocated context.
1271
1272	* lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().
1273
1274Sat Nov  1 00:21:00 1997  Assar Westerlund  <assar@sics.se>
1275
1276	* configure.in: test for readv, writev
1277
1278Wed Oct 29 23:41:26 1997  Assar Westerlund  <assar@sics.se>
1279
1280	* lib/krb5/warn.c (_warnerr): handle the case of an illegal error
1281 	code
1282
1283	* kdc/kerberos5.c (encode_reply): return success
1284
1285Wed Oct 29 18:01:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1286
1287	* kdc/kerberos5.c (find_etype) Return correct index of selected
1288 	etype.
1289
1290Wed Oct 29 04:07:06 1997  Assar Westerlund  <assar@sics.se>
1291
1292	* Release 0.0k
1293
1294	* lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
1295 	environment variable
1296
1297	* *: use the roken_get*-macros from roken.h for the benefit of
1298 	Crays.
1299
1300	* configure.in: add --{enable,disable}-otp.  check for compatible
1301 	prototypes for gethostbyname, gethostbyaddr, getservbyname, and
1302 	openlog (they have strange prototypes on Crays)
1303
1304	* acinclude.m4: new macro `AC_PROTO_COMPAT'
1305
1306Tue Oct 28 00:11:22 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1307
1308	* kdc/connect.c: Log bad requests.
1309
1310	* kdc/kerberos5.c: Move stuff that's in common between as_rep and
1311 	tgs_rep to separate functions.
1312
1313	* kdc/kerberos5.c: Fix user-to-user authentication.
1314
1315	* lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
1316 	  - add a kdc-options argument to krb5_get_credentials, and rename
1317	    it to krb5_get_credentials_with_flags
1318	  - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
1319	  - add some more user-to-user glue
1320
1321	* lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
1322 	function, krb5_decrypt_ticket, so it is easier to decrypt and
1323 	check a ticket without having an ap-req.
1324
1325	* lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
1326 	flags.
1327
1328	* lib/krb5/crc.c (crc_init_table): Check if table is already
1329 	inited.
1330
1331Sun Oct 26 04:51:02 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1332
1333	* lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
1334 	indefinite encoding.
1335
1336	* lib/asn1/gen_glue.c (generate_units): Check for empty
1337 	member-list.
1338
1339Sat Oct 25 07:24:57 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1340
1341	* lib/error/compile_et.awk: Allow specifying table-base.
1342
1343Tue Oct 21 20:21:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1344
1345	* kdc/kerberos5.c: Check version number of krbtgt.
1346
1347Mon Oct 20 01:14:53 1997  Assar Westerlund  <assar@sics.se>
1348
1349	* lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
1350 	case of unhidden prompts.
1351
1352	* lib/krb5/str2key.c (string_to_key_internal): return error
1353 	instead of aborting.  always free memory
1354
1355	* admin/ktutil.c: add `help' command
1356
1357	* admin/kdb_edit.c: implement new commands: add_random_key(ark),
1358 	change_password(cpw), change_random_key(crk)
1359
1360Thu Oct 16 05:16:36 1997  Assar Westerlund  <assar@sics.se>
1361
1362	* kpasswd/kpasswdd.c: change all the keys in the database
1363
1364	* kdc: removed all unsealing, now done by the hdb layer
1365
1366	* lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
1367 	and `hdb_clear_master_key'
1368
1369	* admin/misc.c: removed
1370
1371Wed Oct 15 22:47:31 1997  Assar Westerlund  <assar@sics.se>
1372
1373	* kuser/klist.c: print year as YYYY iff verbose
1374
1375Wed Oct 15 20:02:13 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1376
1377	* kuser/klist.c: print etype from ticket
1378
1379Mon Oct 13 17:18:57 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1380
1381	* Release 0.0j
1382
1383	* lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
1384 	used to decrypt the reply from DCE secds.
1385
1386	* lib/krb5/auth_context.c: Add {get,set}enctype.
1387
1388	* lib/krb5/get_cred.c: Fix for DCE secd.
1389
1390	* lib/krb5/store.c: Store keytype twice, as MIT does.
1391
1392	* lib/krb5/get_in_tkt.c: Use etype from reply.
1393
1394Fri Oct 10 00:39:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1395
1396	* kdc/connect.c: check for leading '/' in http request
1397
1398Tue Sep 30 21:50:18 1997  Assar Westerlund  <assar@assaris.pdc.kth.se>
1399
1400	* Release 0.0i
1401
1402Mon Sep 29 15:58:43 1997  Assar Westerlund  <assar@sics.se>
1403
1404	* lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
1405 	the kvno or keytype before receiving the AP-REQ
1406
1407	* lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
1408 	use from the keytype.
1409
1410	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
1411 	cksumtype to use from the keytype.
1412
1413	* lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
1414 	from the keytype.
1415
1416	* lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype
1417
1418	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
1419 	what etype to use from the keytype.
1420
1421	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
1422 	handle other key types than DES
1423
1424	* lib/krb5/encrypt.c (key_type): add `best_cksumtype'
1425	(krb5_keytype_to_cksumtype): new function
1426
1427	* lib/krb5/build_auth.c (krb5_build_authenticator): figure out
1428 	what etype to use from the keytype.
1429
1430	* lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
1431 	and `enctype' to 0
1432
1433	* admin/extkeytab.c (ext_keytab): extract all keys
1434
1435	* appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge
1436
1437	* configure.in: check for <netinet6/in6.h>. check for -linet6
1438
1439Tue Sep 23 03:00:53 1997  Assar Westerlund  <assar@sics.se>
1440
1441	* lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1
1442
1443	* lib/krb5/rd_safe.c: fix check for keyed and collision-proof
1444 	checksum
1445
1446	* lib/krb5/context.c (valid_etype): remove hard-coded constants
1447	(default_etypes): include DES3
1448
1449	* kdc/kerberos5.c: fix check for keyed and collision-proof
1450 	checksum
1451
1452	* admin/util.c (init_des_key, set_password): DES3 keys also
1453
1454 	* lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
1455 	no contact?
1456
1457	* lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'
1458
1459Mon Sep 22 11:44:27 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
1460
1461	* kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
1462 	the client is used to select wich key to encrypt the kdc rep with
1463 	(in case of as-req), and with the server info to select the
1464 	session key type. The server key the ticket is encrypted is based
1465 	purely on the keys in the database.
1466
1467	* kdc/string2key.c: Add keytype support. Default to version 5
1468 	keys.
1469
1470	* lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.
1471
1472	* lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
1473 	many *_to_* functions.
1474
1475	* lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
1476 	to krb5_string_to_key().
1477
1478	* lib/krb5/checksum.c: Some cleanup, and added:
1479	  - rsa-md5-des3
1480	  - hmac-sha1-des3
1481	  - keyed and collision proof flags to each checksum method
1482	  - checksum<->string functions.
1483
1484	* lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.
1485
1486Sun Sep 21 15:19:23 1997  Assar Westerlund  <assar@sics.se>
1487
1488	* kdc/connect.c: use new addr_families functions
1489
1490	* kpasswd/kpasswdd.c: use new addr_families functions.  Now works
1491 	over IPv6
1492
1493	* kuser/klist.c: use correct symbols for address families
1494
1495	* lib/krb5/sock_principal.c: use new addr_families functions
1496
1497	* lib/krb5/send_to_kdc.c: use new addr_families functions
1498
1499	* lib/krb5/krb5.h: add KRB5_ADDRESS_INET6
1500
1501	* lib/krb5/get_addrs.c: use new addr_families functions
1502
1503	* lib/krb5/changepw.c: use new addr_families functions.  Now works
1504 	over IPv6
1505
1506	* lib/krb5/auth_context.c: use new addr_families functions
1507
1508	* lib/krb5/addr_families.c: new file
1509
1510	* acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6.  Updated
1511 	uses.
1512
1513	* acinclude.m4: new macro `AC_KRB_IPV6'.  Use it.
1514
1515Sat Sep 13 23:04:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1516
1517	* kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
1518 	principals.
1519
1520Sat Sep 13 00:59:36 1997  Assar Westerlund  <assar@sics.se>
1521
1522	* Release 0.0h
1523
1524	* appl/telnet/telnet/commands.c: AF_INET6 support
1525
1526	* admin/misc.c: new file
1527
1528	* lib/krb5/context.c: new configuration variable `max_retries'
1529
1530	* lib/krb5/get_addrs.c: fixes and better #ifdef's
1531
1532	* lib/krb5/config_file.c: implement krb5_config_get_int
1533
1534	* lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
1535 	AF_INET6 support
1536
1537	* kuser/klist.c: support for printing IPv6-addresses
1538
1539	* kdc/connect.c: support AF_INET6
1540
1541	* configure.in: test for gethostbyname2 and struct sockaddr_in6
1542
1543Thu Sep 11 07:25:28 1997  Assar Westerlund  <assar@sics.se>
1544
1545	* lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
1546 	PA-DATA'
1547
1548Wed Sep 10 21:20:17 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1549
1550	* kdc/kerberos5.c: Fixes for cross-realm, including (but not
1551 	limited to):
1552	  - allow client to be non-existant (should probably check for
1553	    "local realm")
1554	  - if server isn't found and it is a request for a krbtgt, try to
1555 	    find a realm on the way to the requested realm
1556	  - update the transited encoding iff
1557	    client-realm != server-realm != tgt-realm
1558
1559	* lib/krb5/get_cred.c: Several fixes for cross-realm.
1560
1561Tue Sep  9 15:59:20 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1562
1563	* kdc/string2key.c: Fix password handling.
1564
1565	* lib/krb5/encrypt.c: krb5_key_to_string
1566
1567Tue Sep  9 07:46:05 1997  Assar Westerlund  <assar@sics.se>
1568
1569	* lib/krb5/get_addrs.c: rewrote.  Now should be able to handle
1570 	aliases and IPv6 addresses
1571
1572	* kuser/klist.c: try printing IPv6 addresses
1573
1574	* kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192
1575
1576	* configure.in: check for <netinet/in6_var.h>
1577
1578Mon Sep  8 02:57:14 1997  Assar Westerlund  <assar@sics.se>
1579
1580	* doc: fixes
1581
1582	* admin/util.c (init_des_key): increase kvno
1583	(set_password): return -1 if `des_read_pw_string' failed
1584
1585	* admin/mod.c (doit2): check the return value from `set_password'
1586
1587	* admin/ank.c (doit): don't add a new entry if `set_password'
1588 	failed
1589
1590Mon Sep  8 02:20:16 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
1591
1592	* lib/krb5/verify_init.c: fix ap_req_nofail semantics
1593
1594	* lib/krb5/transited.c: something that might resemble
1595 	domain-x500-compress
1596
1597Mon Sep  8 01:24:42 1997  Assar Westerlund  <assar@sics.se>
1598
1599	* kdc/hpropd.c (main): check number of arguments
1600
1601	* appl/popper/pop_init.c (pop_init): check number of arguments
1602
1603	* kpasswd/kpasswd.c (main): check number of arguments
1604
1605	* kdc/string2key.c (main): check number of arguments
1606
1607	* kuser/kdestroy.c (main): check number of arguments
1608
1609	* kuser/kinit.c (main): check number of arguments
1610
1611	* kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
1612 	break out of select when a signal arrives
1613
1614	* kdc/main.c (main): use sigaction without SA_RESTART to break out
1615 	of select when a signal arrives
1616
1617	* kdc/kstash.c: default to HDB_DB_DIR "/m-key"
1618
1619	* kdc/config.c (configure): add `--version'.  Check the number of
1620 	arguments. Handle the case of there being no specification of port
1621 	numbers.
1622
1623	* admin/util.c: seal and unseal key at appropriate places
1624
1625	* admin/kdb_edit.c (main): parse arguments, config file and read
1626 	master key iff there's one.
1627
1628	* admin/extkeytab.c (ext_keytab): unseal key while extracting
1629
1630Sun Sep  7 20:41:01 1997  Assar Westerlund  <assar@sics.se>
1631
1632	* lib/roken/roken.h: include <fcntl.h>
1633
1634	* kdc/kerberos5.c (set_salt_padata): new function
1635
1636	* appl/telnet/telnetd/telnetd.c: Rename some variables that
1637 	conflict with cpp symbols on HP-UX 10.20
1638
1639	* change all calls of `gethostbyaddr' to cast argument 1 to `const
1640 	char *'
1641
1642	* acconfig.h: only use SGTTY on nextstep
1643
1644Sun Sep  7 14:33:50 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1645
1646	* kdc/kerberos5.c: Check invalid flag.
1647
1648Fri Sep  5 14:19:38 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1649
1650	* lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.
1651
1652	* lib/kafs: Move functions common to krb/krb5 modules to new file,
1653 	and make things more modular.
1654
1655	* lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
1656 	-> krb5_config_list
1657
1658Thu Sep  4 23:39:43 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
1659
1660	* lib/krb5/get_addrs.c: Fix loopback test.
1661
1662Thu Sep  4 04:45:49 1997  Assar Westerlund  <assar@sics.se>
1663
1664	* lib/roken/roken.h: fallback definition of `O_ACCMODE'
1665
1666	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
1667 	checking for a v4 reply
1668
1669Wed Sep  3 18:20:14 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1670
1671	* kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.
1672
1673	* lib/hdb/hdb.c: new {seal,unseal}_keys functions
1674
1675	* kdc/{hprop,hpropd}.c: Add support to dump database to stdout.
1676
1677	* kdc/hprop.c: Don't use same master key as version 4.
1678
1679	* admin/util.c: Don't dump core if no `default' is found.
1680
1681Wed Sep  3 16:01:07 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
1682
1683	* kdc/connect.c: Allow run time port specification.
1684
1685	* kdc/config.c: Add flags for http support, and port
1686 	specifications.
1687
1688Tue Sep  2 02:00:03 1997  Assar Westerlund  <assar@sics.se>
1689
1690	* include/bits.c: Don't generate ifndef's in bits.h.  Instead, use
1691 	them when building the program.  This makes it possible to include
1692 	bits.h without having defined all HAVE_INT17_T symbols.
1693
1694	* configure.in: test for sigaction
1695
1696	* doc: updated documentation.
1697
1698Tue Sep  2 00:20:31 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1699
1700	* Release 0.0g
1701
1702Mon Sep  1 17:42:14 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1703
1704	* lib/krb5/data.c: don't return ENOMEM if len == 0
1705
1706Sun Aug 31 17:15:49 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1707
1708	* lib/hdb/hdb.asn1: Include salt type in salt.
1709
1710	* kdc/hprop.h: Change port to 754.
1711
1712	* kdc/hpropd.c: Verify who tries to transmit a database.
1713
1714	* appl/popper: Use getarg and krb5_log.
1715
1716	* lib/krb5/get_port.c: Add context parameter. Now takes port in
1717 	host byte order.
1718
1719Sat Aug 30 18:48:19 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1720
1721	* kdc/connect.c: Add timeout to select, and log about expired tcp
1722 	connections.
1723
1724	* kdc/config.c: Add `database' option.
1725
1726	* kdc/hpropd.c: Log about duplicate entries.
1727
1728	* lib/hdb/{db,ndbm}.c: Use common routines.
1729
1730	* lib/hdb/common.c: Implement more generic fetch/store/delete
1731 	functions.
1732
1733	* lib/hdb/hdb.h: Add `replace' parameter to store.
1734
1735	* kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
1736 	entries.
1737
1738Fri Aug 29 03:13:23 1997  Assar Westerlund  <assar@sics.se>
1739
1740	* lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket
1741
1742	* aux/make-proto.pl: fix __P for stone age mode
1743
1744Fri Aug 29 02:45:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1745
1746	* lib/45/mk_req.c: implementation of krb_mk_req that uses 524
1747 	protocol
1748
1749	* lib/krb5/init_creds_pw.c: make change_password and
1750 	get_init_creds_common static
1751
1752	* lib/krb5/krb5.h: Merge stuff from removed headerfiles.
1753
1754	* lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops
1755
1756	* lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops
1757
1758Fri Aug 29 01:45:25 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
1759
1760	* lib/krb5/krb5.h: Remove all prototypes.
1761
1762	* lib/krb5/convert_creds.c: Use `struct credentials' instead of
1763 	`CREDENTIALS'.
1764
1765Fri Aug 29 00:08:18 1997  Assar Westerlund  <assar@sics.se>
1766
1767	* lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
1768	and units for bit strings.
1769
1770	* admin/util.c: flags2int, int2flags, and flag_units are now
1771 	generated by asn1_compile
1772
1773	* lib/roken/parse_units.c: generalised `parse_units' and
1774 	`unparse_units' and added new functions `parse_flags' and
1775 	`unparse_flags' that use these
1776
1777	* lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h
1778
1779	* admin/util.c: Use {un,}parse_flags for printing and parsing
1780 	hdbflags.
1781
1782Thu Aug 28 03:26:12 1997  Assar Westerlund  <assar@sics.se>
1783
1784	* lib/krb5/get_addrs.c: restructured
1785
1786	* lib/krb5/warn.c (_warnerr): leak less memory
1787
1788	* lib/hdb/hdb.c (hdb_free_entry): zero keys
1789	(hdb_check_db_format): leak less memory
1790
1791	* lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
1792 	NDBM__get, NDBM__put
1793
1794	* lib/hdb/db.c (DB_seq): check for valid hdb_entries
1795
1796Thu Aug 28 02:06:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1797
1798	* lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.
1799
1800Thu Aug 28 01:13:17 1997  Assar Westerlund  <assar@sics.se>
1801
1802	* kuser/kinit.1, klist.1, kdestroy.1: new man pages
1803
1804	* kpasswd/kpasswd.1, kpasswdd.8: new man pages
1805
1806	* kdc/kstash.8, hprop.8, hpropd.8: new man pages
1807
1808	* admin/ktutil.8, admin/kdb_edit.8: new man pages
1809
1810	* admin/mod.c: new file
1811
1812	* admin/life.c: renamed gettime and puttime to getlife and putlife
1813	and moved them to life.c
1814
1815	* admin/util.c: add print_flags, parse_flags, init_entry,
1816 	set_created_by, set_modified_by, edit_entry, set_password.  Use
1817 	them.
1818
1819	* admin/get.c: use print_flags
1820
1821	* admin: removed unused stuff.  use krb5_{warn,err}*
1822
1823	* admin/ank.c: re-organized and abstracted.
1824
1825	* admin/gettime.c: removed
1826
1827Thu Aug 28 00:37:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1828
1829	* lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.
1830
1831	* lib/roken/base64.c: Add base64 functions.
1832
1833	* kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.
1834
1835Wed Aug 27 00:29:20 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1836
1837	* include/Makefile.am: Don't make links to built files.
1838
1839	* admin/kdb_edit.c: Add command to set the database path.
1840
1841	* lib/hdb: Include version number in database.
1842
1843Tue Aug 26 20:14:54 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1844
1845	* admin/ktutil: Merged v4 srvtab conversion.
1846
1847Mon Aug 25 23:02:18 1997  Assar Westerlund  <assar@sics.se>
1848
1849	* lib/roken/roken.h: add F_OK
1850
1851	* lib/gssapi/acquire_creds.c: fix typo
1852
1853	* configure.in: call AC_TYPE_MODE_T
1854
1855	* acinclude.m4: Add AC_TYPE_MODE_T
1856
1857Sun Aug 24 16:46:53 1997  Assar Westerlund  <assar@sics.se>
1858
1859	* Release 0.0f
1860
1861Sun Aug 24 08:06:54 1997  Assar Westerlund  <assar@sics.se>
1862
1863	* appl/popper/pop_pass.c: log poppers
1864
1865	* kdc/kaserver.c: some more checks
1866
1867	* kpasswd/kpasswd.c: removed `-p'
1868
1869	* kuser/kinit.c: removed `-p'
1870
1871	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
1872 	KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.
1873
1874	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
1875 	krb-error text
1876
1877	* lib/gssapi/import_name.c (input_name): more names types.
1878
1879	* admin/load.c (parse_keys): handle the case of an empty salt
1880
1881	* kdc/kaserver.c: fix up memory deallocation
1882
1883	* kdc/kaserver.c: quick hack at talking kaserver protocol
1884
1885	* kdc/kerberos4.c: Make `db-fetch4' global
1886
1887	* configure.in: add --enable-kaserver
1888
1889	* kdc/rx.h, kdc/kerberos4.h: new header files
1890
1891	* lib/krb5/principal.c: fix krb5_build_principal_ext & c:o
1892
1893Sun Aug 24 03:52:44 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1894
1895	* lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
1896 	type conflicts.
1897
1898	* lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.
1899
1900	* lib/des/{md4,md5,sha}.c: Now works on Crays.
1901
1902Sat Aug 23 18:15:01 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
1903
1904	* appl/afsutil/afslog.c: If no cells or files specified, get
1905 	tokens for all local cells. Better test for files.
1906
1907Thu Aug 21 23:33:38 1997  Assar Westerlund  <assar@sics.se>
1908
1909	* lib/gssapi/v1.c: new file with v1 compatibility functions.
1910
1911Thu Aug 21 20:36:13 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
1912
1913	* lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.
1914
1915	* kdc/kerberos4.c: Check database when converting v4 principals.
1916
1917	* kdc/kerberos5.c: Include kvno in Ticket.
1918
1919	* lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.
1920
1921	* kuser/klist.c: Print version number of ticket, include more
1922 	flags.
1923
1924Wed Aug 20 21:26:58 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
1925
1926	* lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
1927 	expiration.
1928
1929Wed Aug 20 17:40:31 1997  Assar Westerlund  <assar@sics.se>
1930
1931	* lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
1932 	there's an error.
1933
1934	* lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
1935 	documentation and process KRB-ERROR's
1936
1937Tue Aug 19 20:41:30 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1938
1939	* kdc/kerberos4.c: Fix memory leak in v4 protocol handler.
1940
1941Mon Aug 18 05:15:09 1997  Assar Westerlund  <assar@sics.se>
1942
1943	* lib/gssapi/accept_sec_context.c: Added
1944 	`gsskrb5_register_acceptor_identity'
1945
1946Sun Aug 17 01:40:20 1997  Assar Westerlund  <assar@sics.se>
1947
1948	* lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
1949 	always pass server == NULL to krb5_rd_req.
1950
1951	* lib/gssapi: new files: canonicalize_name.c export_name.c
1952 	context_time.c compare_name.c release_cred.c acquire_cred.c
1953 	inquire_cred.c, from Luke Howard <lukeh@xedoc.com.au>
1954
1955	* lib/krb5/config_file.c: Add netinfo support from Luke Howard
1956 	<lukeh@xedoc.com.au>
1957
1958	* lib/editline/sysunix.c: sgtty-support from Luke Howard
1959 	<lukeh@xedoc.com.au>
1960
1961	* lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
1962 	Howard <lukeh@xedoc.com.au>
1963
1964Sat Aug 16 00:44:47 1997  Assar Westerlund  <assar@koi.pdc.kth.se>
1965
1966	* Release 0.0e
1967
1968Sat Aug 16 00:23:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1969
1970	* appl/afsutil/afslog.c: Use new libkafs.
1971
1972	* lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.
1973
1974	* lib/krb5/warn.c: Fix format string for *x type.
1975
1976Fri Aug 15 22:15:01 1997  Assar Westerlund  <assar@sics.se>
1977
1978	* admin/get.c (get_entry): print more information about the entry
1979
1980	* lib/des/Makefile.am: build destest, mdtest, des, rpw, speed
1981
1982	* lib/krb5/config_file.c: new functions `krb5_config_get_time' and
1983 	`krb5_config_vget_time'.  Use them.
1984
1985Fri Aug 15 00:09:37 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
1986
1987	* admin/ktutil.c: Keytab manipulation program.
1988
1989	* lib/krb5/keytab.c: Return sane values from resolve and
1990 	start_seq_get.
1991
1992	* kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.
1993
1994	* lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
1995 	krb524_convert_creds_kdc.
1996
1997	* lib/krb5/convert_creds.c: Implementation of
1998 	krb524_convert_creds_kdc.
1999
2000	* lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL
2001
2002	* kdc/524.c: A somewhat working 524-protocol module.
2003
2004	* kdc/kerberos4.c: Add version 4 ticket encoding and encryption
2005 	functions.
2006
2007	* lib/krb5/context.c: Fix kdc_timeout.
2008
2009	* lib/hdb/{ndbm,db}.c: Free name in close.
2010
2011	* kdc/kerberos5.c (tgs_check_autenticator): Return error code
2012
2013Thu Aug 14 21:29:03 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2014
2015	* kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.
2016
2017	* lib/krb5/store_emem.c: Fix reallocation bug.
2018
2019Tue Aug 12 01:29:46 1997  Assar Westerlund  <assar@sics.se>
2020
2021	* appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
2022 	`krb5_sock_to_principal'.  Send server parameter to
2023 	krb5_rd_req/krb5_recvauth.  Set addresses in auth_context.
2024
2025	* lib/krb5/recvauth.c: Set addresses in auth_context if there
2026 	aren't any
2027
2028	* lib/krb5/auth_context.c: New function
2029 	`krb5_auth_con_setaddrs_from_fd'
2030
2031	* lib/krb5/sock_principal.c: new function
2032	`krb5_sock_to_principal'
2033
2034	* lib/krb5/time.c: new file with `krb5_timeofday' and
2035 	`krb5_us_timeofday'.  Use these functions.
2036
2037	* kuser/klist.c: print KDC offset iff verbose
2038
2039	* lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
2040 	[libdefaults]kdc_timesync is set.
2041
2042	* lib/krb5/fcache.c: Implement version 4 of the ccache format.
2043
2044Mon Aug 11 05:34:43 1997  Assar Westerlund  <assar@sics.se>
2045
2046	* lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory
2047
2048	* lib/krb5/principal.c (krb5_unparse_name): allocate memory
2049 	properly
2050
2051	* kpasswd/kpasswd.c: Use `krb5_change_password'
2052
2053	* lib/krb5/init_creds_pw.c (init_cred): set realm of server
2054 	correctly.
2055
2056	* lib/krb5/init_creds_pw.c: support changing of password when it
2057 	has expired
2058
2059	* lib/krb5/changepw.c: new file
2060
2061	* kuser/klist.c: use getarg
2062
2063	* admin/init.c (init): add `kadmin/changepw'
2064
2065Mon Aug 11 04:30:47 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2066
2067	* lib/krb5/get_cred.c: Make get_credentials handle cross-realm.
2068
2069Mon Aug 11 00:03:24 1997  Assar Westerlund  <assar@sics.se>
2070
2071	* lib/krb5/config_file.c: implement support for #-comments
2072
2073Sat Aug  9 02:21:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2074
2075	* kdc/hprop*.c: Add database propagation programs.
2076
2077	* kdc/connect.c: Max request size.
2078
2079Sat Aug  9 00:47:28 1997  Assar Westerlund  <assar@sics.se>
2080
2081	* lib/otp: resurrected from krb4
2082
2083	* appl/push: new program for fetching mail with POP.
2084
2085	* appl/popper/popper.h: new include files.  new fields in `POP'
2086
2087	* appl/popper/pop_pass.c: Implement both v4 and v5.
2088
2089	* appl/popper/pop_init.c: Implement both v4 and v5.
2090
2091	* appl/popper/pop_debug.c: use getarg.  Talk both v4 and v5
2092
2093	* appl/popper: Popper from krb4.
2094
2095	* configure.in: check for inline and <netinet/tcp.h> generate
2096 	files in appl/popper, appl/push, and lib/otp
2097
2098Fri Aug  8 05:51:02 1997  Assar Westerlund  <assar@sics.se>
2099
2100	* lib/krb5/get_cred.c: clean-up and try to free memory even when
2101 	there're errors
2102
2103	* lib/krb5/get_cred.c: adapt to new `extract_ticket'
2104
2105	* lib/krb5/get_in_tkt.c: reorganize.  check everything and try to
2106 	return memory even if there are errors.
2107
2108	* kuser/kverify.c: new file
2109
2110	* lib/krb5/free_host_realm.c: new file
2111
2112	* lib/krb5/principal.c (krb5_sname_to_principal): implement
2113 	different nametypes.  Also free memory.
2114
2115	* lib/krb5/verify_init.c: more functionality
2116
2117	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum
2118
2119	* lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
2120 	principals in creds.  Should also compare them with that received
2121 	from the KDC
2122
2123	* lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
2124 	krb5_ccache
2125	(krb5_cc_destroy): call krb5_cc_close
2126	(krb5_cc_retrieve_cred): delete the unused creds
2127
2128Fri Aug  8 02:30:40 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2129
2130	* lib/krb5/log.c: Allow better control of destinations of logging
2131 	(like passing explicit destinations, and log-functions).
2132
2133Fri Aug  8 01:20:39 1997  Assar Westerlund  <assar@sics.se>
2134
2135	* lib/krb5/get_default_principal.c: new file
2136
2137	* kpasswd/kpasswdd.c: use krb5_log*
2138
2139Fri Aug  8 00:37:47 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2140
2141	* lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.
2142
2143Fri Aug  8 00:37:17 1997  Assar Westerlund  <assar@sics.se>
2144
2145	* lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
2146  	Print password expire information.
2147
2148	* kdc/config.c: new variable `kdc_warn_pwexpire'
2149
2150	* kpasswd/kpasswd.c: converted to getarg and get_init_creds
2151
2152Thu Aug  7 22:17:09 1997  Assar Westerlund  <assar@sics.se>
2153
2154	* lib/krb5/mcache.c: new file
2155
2156	* admin/gettime.c: new function puttime.  Use it.
2157
2158	* lib/krb5/keyblock.c: Added krb5_free_keyblock and
2159 	krb5_copy_keyblock
2160
2161	* lib/krb5/init_creds_pw.c: more functionality
2162
2163	* lib/krb5/creds.c: Added krb5_free_creds_contents and
2164 	krb5_copy_creds.  Changed callers.
2165
2166	* lib/krb5/config_file.c: new functions krb5_config_get and
2167 	krb5_config_vget
2168
2169	* lib/krb5/cache.c: cleanup added mcache
2170
2171	* kdc/kerberos5.c: include last-req's of type 6 and 7, if
2172 	applicable
2173
2174Wed Aug  6 20:38:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2175
2176	* lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.
2177
2178Tue Aug  5 22:53:54 1997  Assar Westerlund  <assar@sics.se>
2179
2180	* lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
2181	prompter_posix.c: the beginning of an implementation of the cygnus
2182	initial-ticket API.
2183
2184	* lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global
2185
2186	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
2187 	almost krb5_get_in_tkt but doesn't write the creds to the ccache.
2188  	Small fixes in krb5_get_in_tkt
2189
2190	* lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
2191 	loopback.
2192
2193Mon Aug  4 20:20:48 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2194
2195	* kdc: Make context global.
2196
2197Fri Aug  1 17:23:56 1997  Assar Westerlund  <assar@sics.se>
2198
2199	* Release 0.0d
2200
2201	* lib/roken/flock.c: new file
2202
2203	* kuser/kinit.c: check for and print expiry information in the
2204 	`kdc_rep'
2205
2206	* lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL
2207
2208	* kdc/kerberos5.c: Check the valid times on client and server.
2209  	Check the password expiration.
2210	Check the require_preauth flag.
2211  	Send an lr_type == 6 with pw_end.
2212	Set key.expiration to min(valid_end, pw_end)
2213
2214	* lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'
2215
2216	* admin/util.c, admin/load.c: handle the new flags.
2217
2218Fri Aug  1 16:56:12 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2219
2220	* lib/hdb: Add some simple locking.
2221
2222Sun Jul 27 04:44:31 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2223
2224	* lib/krb5/log.c: Add some general logging functions.
2225
2226	* kdc/kerberos4.c: Add version 4 protocol handler. The requrement
2227 	for this to work is that all involved principals has a des key in
2228 	the database, and that the client has a version 4 (un-)salted
2229 	key. Furthermore krb5_425_conv_principal has to do it's job, as
2230 	present it's not very clever.
2231
2232	* lib/krb5/principal.c: Quick patch to make 425_conv work
2233 	somewhat.
2234
2235	* lib/hdb/hdb.c: Add keytype->key and next key functions.
2236
2237Fri Jul 25 17:32:12 1997  Assar Westerlund  <assar@sics.se>
2238
2239	* lib/krb5/build_auth.c (krb5_build_authenticator): don't free
2240 	`cksum'.  It's allocated and freed by the caller
2241
2242	* lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.
2243
2244	* kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
2245 	`client' to return as part of the KRB-ERROR
2246
2247Thu Jul 24 08:13:59 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2248
2249	* kdc/kerberos5.c: Unseal keys from database before use.
2250
2251	* kdc/misc.c: New functions set_master_key, unseal_key and
2252 	free_key.
2253
2254	* lib/roken/getarg.c: Handle `-f arg' correctly.
2255
2256Thu Jul 24 01:54:43 1997  Assar Westerlund  <assar@sics.se>
2257
2258	* kuser/kinit.c: implement `-l' aka `--lifetime'
2259
2260	* lib/roken/parse_units.c, parse_time.c: new files
2261
2262	* admin/gettime.c (gettime): use `parse_time'
2263
2264	* kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
2265 	KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.
2266
2267	* kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
2268 	addresses in auth_context bind one socket per interface.
2269
2270	* kpasswd/kpasswd.c: use sequence numbers
2271
2272	* lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
2273 	the timestamps
2274
2275	* lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
2276 	from auth_context
2277
2278	* lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
2279 	from auth_context
2280
2281	* lib/krb5/mk_error.c (krb5_mk_error): return an error number and
2282 	not a comerr'd number.
2283
2284	* lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
2285 	number in KRB-ERROR correctly.
2286
2287	* lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
2288 	number in KRB-ERROR correctly.
2289
2290	* lib/asn1/k5.asn1: Add `METHOD-DATA'
2291
2292	* removed some memory leaks.
2293
2294Wed Jul 23 07:53:18 1997  Assar Westerlund  <assar@sics.se>
2295
2296	* Release 0.0c
2297
2298	* lib/krb5/rd_cred.c, get_for_creds.c: new files
2299
2300	* lib/krb5/get_host_realm.c: try default realm as last chance
2301
2302	* kpasswd/kpasswdd.c: updated to hdb changes
2303
2304	* appl/telnet/libtelnet/kerberos5.c: Implement forwarding
2305
2306	* appl/telnet/libtelnet: removed totally unused files
2307
2308	* admin/ank.c: fix prompts and generation of random keys
2309
2310Wed Jul 23 04:02:32 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2311
2312	* admin/dump.c: Include salt in dump.
2313
2314	* admin: Mostly updated for new db-format.
2315
2316	* kdc/kerberos5.c: Update to use new db format. Better checking of
2317 	flags and such. More logging.
2318
2319	* lib/hdb/hdb.c: Use generated encode and decode functions.
2320
2321	* lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.
2322
2323	* lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
2324 	in the reply.
2325
2326Sun Jul 20 16:22:30 1997  Assar Westerlund  <assar@sics.se>
2327
2328	* kuser/kinit.c: break if des_read_pw_string() != 0
2329
2330	* kpasswd/kpasswdd.c: send a reply
2331
2332	* kpasswd/kpasswd.c: restructured code.  better report on
2333 	krb-error break if des_read_pw_string() != 0
2334
2335	* kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
2336 	starttime and renew_till
2337
2338	* appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
2339 	keyblock to krb5_verify_chekcsum
2340
2341Sun Jul 20 06:35:46 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2342
2343	* Release 0.0b
2344
2345	* kpasswd/kpasswd.c: Avoid using non-standard struct names.
2346
2347Sat Jul 19 19:26:23 1997  Assar Westerlund  <assar@sics.se>
2348
2349	* lib/krb5/keytab.c (krb5_kt_get_entry): check return from
2350 	`krb5_kt_start_seq_get'.  From <map@stacken.kth.se>
2351
2352Sat Jul 19 04:07:39 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2353
2354	* lib/asn1/k5.asn1: Update with more pa-data types from
2355 	draft-ietf-cat-kerberos-revisions-00.txt
2356
2357	* admin/load.c: Update to match current db-format.
2358
2359	* kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
2360 	up. Send back an empty pa-data if the client has the v4 flag set.
2361
2362	* lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
2363 	pa-data. DTRT if there is any pa-data in the reply.
2364
2365	* lib/krb5/str2key.c: XOR with some sane value.
2366
2367	* lib/hdb/hdb.h: Add `version 4 salted key' flag.
2368
2369	* kuser/kinit.c: Ask for password before calling get_in_tkt. This
2370 	makes it possible to call key_proc more than once.
2371
2372	* kdc/string2key.c: Add flags to output version 5 (DES only),
2373 	version 4, and AFS string-to-key of a password.
2374
2375	* lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
2376 	ENOMEM).
2377
2378Fri Jul 18 02:54:58 1997  Assar Westerlund  <assar@sics.se>
2379
2380	* lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
2381 	name2name thing
2382
2383	* kdc/misc.c: check result of hdb_open
2384
2385	* admin/kdb_edit: updated to new sl
2386
2387	* lib/sl: sl_func now returns an int. != 0 means to exit.
2388
2389	* kpasswd/kpasswdd: A crude (but somewhat working) implementation
2390 	of `draft-ietf-cat-kerb-chg-password-00.txt'
2391
2392Fri Jul 18 00:55:39 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2393
2394	* kuser/krenew.c: Crude ticket renewing program.
2395
2396	* kdc/kerberos5.c: Rewritten flags parsing, it now might work to
2397 	get forwarded and renewed tickets.
2398
2399	* kuser/kinit.c: Add `-r' flag.
2400
2401	* lib/krb5/get_cred.c: Move most of contents of get_creds to new
2402 	function get_kdc_cred, that always contacts the kdc and doesn't
2403 	save in the cache. This is a hack.
2404
2405	* lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
2406 	(a bit kludgy).
2407
2408	* lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.
2409
2410	* lib/krb5/send_to_kdc.c: Get timeout from context.
2411
2412	* lib/krb5/context.c: Add kdc_timeout to context struct.
2413
2414Thu Jul 17 20:35:45 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2415
2416	* kuser/klist.c: Print start time of ticket if available.
2417
2418	* lib/krb5/get_host_realm.c: Return error if no realm was found.
2419
2420Thu Jul 17 20:28:21 1997  Assar Westerlund  <assar@sics.se>
2421
2422	* kpasswd: non-working kpasswd added
2423
2424Thu Jul 17 00:21:22 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2425
2426	* Release 0.0a
2427
2428	* kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.
2429
2430Wed Jul 16 03:37:41 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2431
2432	* kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.
2433
2434	* lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
2435 	subkey.
2436
2437	* lib/krb5/principal.c (krb5_free_principal): Check for NULL.
2438
2439	* lib/krb5/send_to_kdc.c: Check for NULL return from
2440 	gethostbyname.
2441
2442	* lib/krb5/set_default_realm.c: Try to get realm of local host if
2443 	no default realm is available.
2444
2445	* Remove non ASN.1 principal code.
2446
2447Wed Jul 16 03:17:30 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2448
2449	* kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
2450 	error handing. Do some logging.
2451
2452	* kdc/log.c: Some simple logging facilities.
2453
2454	* kdc/misc.c (db_fetch): Take a krb5_principal.
2455
2456	* kdc/connect.c: Pass address of request to as_rep and
2457 	tgs_rep. Send KRB-ERROR.
2458
2459	* lib/krb5/mk_error.c: Add more fields.
2460
2461	* lib/krb5/get_cred.c: Print normal error code if no e_text is
2462 	available.
2463
2464Wed Jul 16 03:07:50 1997  Assar Westerlund  <assar@sics.se>
2465
2466	* lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
2467 	Change encryption type of pa_enc_timestamp to DES-CBC-MD5
2468
2469	* lib/krb5/context.c: recognize all encryption types actually
2470 	implemented
2471
2472	* lib/krb5/auth_context.c (krb5_auth_con_init): Change default
2473 	encryption type to `DES_CBC_MD5'
2474
2475	*  lib/krb5/read_message.c, write_message.c: new files
2476
2477Tue Jul 15 17:14:21 1997  Assar Westerlund  <assar@sics.se>
2478
2479	* lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.
2480
2481	* lib/error/compile_et.awk: generate a prototype for the
2482 	`destroy_foo_error_table' function.
2483
2484Mon Jul 14 12:24:40 1997  Assar Westerlund  <assar@sics.se>
2485
2486	* lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
2487 	with `kerberos.REALM'
2488
2489	* kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
2490 	`max_skew'
2491
2492	* lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
2493 	subkey
2494
2495	* lib/krb5/build_auth.c (krb5_build_authenticator): always
2496 	generate a subkey.
2497
2498	* lib/krb5/address.c: implement `krb5_address_order'
2499
2500	* lib/gssapi/import_name.c: Implement `gss_import_name'
2501
2502	* lib/gssapi/external.c: Use new OID
2503
2504	* lib/gssapi/encapsulate.c: New functions
2505 	`gssapi_krb5_encap_length' and `gssapi_krb5_make_header'.  Changed
2506	callers.
2507
2508	* lib/gssapi/decapsulate.c: New function
2509 	`gssaspi_krb5_verify_header'.  Changed callers.
2510
2511	* lib/asn1/gen*.c: Give tags to generated structs.
2512	Use `err' and `asprintf'
2513
2514	* appl/test/gss_common.c: new file
2515
2516	* appl/test/gssapi_server.c: removed all krb5 calls
2517
2518	* appl/telnet/libtelnet/kerberos5.c: Add support for genering and
2519 	verifying checksums.  Also start using session subkeys.
2520
2521Mon Jul 14 12:08:25 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2522
2523	* lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.
2524
2525Sun Jul 13 03:07:44 1997  Assar Westerlund  <assar@sics.se>
2526
2527	* lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT
2528
2529	* lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
2530 	`DES_encrypt_key_ivec'
2531
2532	* lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des
2533
2534	* kdc/kerberos5.c (tgs_rep): support keyed checksums
2535
2536	* lib/krb5/creds.c: new file
2537
2538	* lib/krb5/get_in_tkt.c: better freeing
2539
2540	* lib/krb5/context.c (krb5_free_context): more freeing
2541
2542	* lib/krb5/config_file.c: New function `krb5_config_file_free'
2543
2544	* lib/error/compile_et.awk: Generate a `destroy_' function.
2545
2546	* kuser/kinit.c, klist.c: Don't leak memory.
2547
2548Sun Jul 13 02:46:27 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2549
2550	* kdc/connect.c: Check filedescriptor in select.
2551
2552	* kdc/kerberos5.c: Remove most of the most common memory leaks.
2553
2554	* lib/krb5/rd_req.c: Free allocated data.
2555
2556	* lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
2557 	fields.
2558
2559Sun Jul 13 00:32:16 1997  Assar Westerlund  <assar@sics.se>
2560
2561	* appl/telnet: Conditionalize the krb4-support.
2562
2563	* configure.in: Test for krb4
2564
2565Sat Jul 12 17:14:12 1997  Assar Westerlund  <assar@sics.se>
2566
2567	* kdc/kerberos5.c: check if the pre-auth was decrypted properly.
2568  	set the `pre_authent' flag
2569
2570	* lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.
2571
2572	* lib/krb5/encrypt.c: Made `generate_random_block' global.
2573
2574	* appl/test: Added gssapi_client and gssapi_server.
2575
2576	* lib/krb5/data.c: Add `krb5_data_zero'
2577
2578	* appl/test/tcp_client.c: try `mk_safe' and `mk_priv'
2579
2580	* appl/test/tcp_server.c: try `rd_safe' and `rd_priv'
2581
2582Sat Jul 12 16:45:58 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2583
2584	* lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
2585 	returns zero length from SIOCGIFCONF.
2586
2587Sat Jul 12 16:38:34 1997  Assar Westerlund  <assar@sics.se>
2588
2589	* appl/test: new programs
2590
2591	* lib/krb5/rd_req.c: add address compare
2592
2593	* lib/krb5/mk_req_ext.c: allow no checksum
2594
2595	* lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string
2596
2597	* lib/krb5/address.c: fix `krb5_address_compare'
2598
2599Sat Jul 12 15:03:16 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2600
2601	* lib/krb5/get_addrs.c: Fix ip4 address extraction.
2602
2603	* kuser/klist.c: Add verbose flag, and split main into smaller
2604 	pieces.
2605
2606	* lib/krb5/fcache.c: Save ticket flags.
2607
2608	* lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
2609 	flags.
2610
2611	* lib/krb5/krb5.h: Add ticket_flags to krb5_creds.
2612
2613Sat Jul 12 13:12:48 1997  Assar Westerlund  <assar@sics.se>
2614
2615	* configure.in: Call `AC_KRB_PROG_LN_S'
2616
2617	* acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4
2618
2619Sat Jul 12 00:57:01 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2620
2621	* lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
2622 	pass options.
2623
2624Fri Jul 11 15:04:22 1997  Assar Westerlund  <assar@sics.se>
2625
2626	* appl/telnet: telnet & telnetd seems to be working.
2627
2628	* lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
2629 	krb5_config_vget_next
2630
2631	* appl/telnet/libtelnet/kerberos5.c: update to current API
2632
2633Thu Jul 10 14:54:39 1997  Assar Westerlund  <assar@sics.se>
2634
2635	* appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
2636 	`krb5_kuserok'
2637
2638	* appl/telnet: Added.
2639
2640Thu Jul 10 05:09:25 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2641
2642	* lib/error/compile_et.awk: Remove usage of sub, gsub, and
2643 	functions for compatibility with awk.
2644
2645	* include/bits.c: Must use signed char.
2646
2647	* lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
2648 	here.
2649
2650	* lib/error/error.c: Replace krb5_get_err_text with new function
2651 	com_right.
2652
2653	* lib/error/compile_et.awk: Avoid using static variables.
2654
2655	* lib/error/error.c: Don't use krb5_locl.h
2656
2657	* lib/error/error.h: Move definitions of error_table and
2658 	error_list from krb5.h.
2659
2660	* lib/error: Moved from lib/krb5.
2661
2662Wed Jul  9 07:42:04 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2663
2664	* lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.
2665
2666Wed Jul  9 06:58:00 1997  Assar Westerlund  <assar@sics.se>
2667
2668	* lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
2669	according to pseudocode from 1510
2670
2671Wed Jul  9 06:06:06 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2672
2673	* lib/hdb/hdb.c: Add hdb_etype2key.
2674
2675	* kdc/kerberos5.c: Check authenticator. Use more general etype
2676 	functions.
2677
2678Wed Jul  9 03:51:12 1997  Assar Westerlund  <assar@sics.se>
2679
2680	* lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
2681 	draft-ietf-cat-kerberos-r-00.txt
2682
2683	* lib/krb5/principal.c (krb5_parse_name): default to local realm
2684 	if none given
2685
2686	* kuser/kinit.c: New option `-p' and prompt
2687
2688Wed Jul  9 02:30:06 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2689
2690	* lib/krb5/keyblock.c: Keyblock generation functions.
2691
2692	* lib/krb5/encrypt.c: Use functions from checksum.c.
2693
2694	* lib/krb5/checksum.c: Move checksum functions here. Add
2695 	krb5_cksumsize function.
2696
2697Wed Jul  9 01:15:38 1997  Assar Westerlund  <assar@sics.se>
2698
2699	* lib/krb5/get_host_realm.c: implemented
2700
2701	* lib/krb5/config_file.c: Redid part.  New functions:
2702 	krb5_config_v?get_next
2703
2704	* kuser/kdestroy.c: new program
2705
2706	* kuser/kinit.c: new flag `-f'
2707
2708	* lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress
2709
2710	* acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN
2711
2712	* lib/krb5/krb5.h: krb5_addresses == HostAddresses.  Changed all
2713 	users.
2714
2715	* lib/krb5/get_addrs.c: figure out all local addresses, possibly
2716 	even IPv6!
2717
2718	* lib/krb5/checksum.c: table-driven checksum
2719
2720Mon Jul  7 21:13:28 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2721
2722	* lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
2723 	krb5_encrypt.
2724
2725Mon Jul  7 11:15:51 1997  Assar Westerlund  <assar@sics.se>
2726
2727	* lib/roken/vsyslog.c: new file
2728
2729	* lib/krb5/encrypt.c: add des-cbc-md4.
2730	adjust krb5_encrypt and krb5_decrypt to reality
2731
2732Mon Jul  7 02:46:31 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2733
2734	* lib/krb5/encrypt.c: Implement as a vector of function pointers.
2735
2736	* lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
2737 	des-cbc-md5 in separate functions.
2738
2739	* lib/krb5/krb5.h: Add more checksum and encryption types.
2740
2741	* lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.
2742
2743Sun Jul  6 23:02:59 1997  Assar Westerlund  <assar@sics.se>
2744
2745	* lib/krb5/[gs]et_default_realm.c, kuserok.c: new files
2746
2747	* lib/krb5/config_file.[ch]: new c-based configuration reading
2748 	stuff
2749
2750Wed Jul  2 23:12:56 1997  Assar Westerlund  <assar@sics.se>
2751
2752	* configure.in: Set WFLAGS if using gcc
2753
2754Wed Jul  2 17:47:03 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2755
2756	* lib/asn1/der_put.c (der_put_int): Return size correctly.
2757
2758	* admin/ank.c: Be compatible with the asn1 principal format.
2759
2760Wed Jul  1 23:52:20 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2761
2762	* lib/asn1: Now all decode_* and encode_* functions now take a
2763 	final size_t* argument, that they return the size in. Return
2764 	values are zero for success, and anything else (such as some
2765 	ASN1_* constant) for error.
2766
2767Mon Jun 30 06:08:14 1997  Assar Westerlund  <assar@sics.se>
2768
2769	* lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
2770 	O_WRONLY | O_APPEND
2771
2772	* lib/krb5/get_cred.c: removed stale prototype for
2773 	`extract_ticket' and corrected call.
2774
2775	* lib/asn1/gen_length.c (length_type): Make the length functions
2776 	for SequenceOf non-destructive
2777
2778	* admin/ank.c (doit): Fix reading of `y/n'.
2779
2780Mon Jun 16 05:41:43 1997  Assar Westerlund  <assar@sics.se>
2781
2782	* lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number
2783
2784	* lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.
2785
2786	* lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
2787 	KRB5_AUTH_CONTEXT_DO_SEQUENCE.  Verify 8003 checksum.
2788
2789	* lib/gssapi/8003.c: New file.
2790
2791	* lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
2792 	Authenticator.
2793
2794	* lib/krb5/auth_context.c: New functions
2795 	`krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'
2796
2797Tue Jun 10 00:35:54 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2798
2799	* lib/krb5: Preapre for use of some asn1-types.
2800
2801	* lib/asn1/*.c (copy_*): Constness.
2802
2803	* lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
2804 	octet_string.
2805
2806	* lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
2807 	general_string
2808
2809	* lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
2810 	have anything to do with asn1_compile.
2811
2812	* lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.
2813
2814Sun Jun  8 03:51:55 1997  Assar Westerlund  <assar@sics.se>
2815
2816	* kdc/kerberos5.c: Fix PA-ENC-TS-ENC
2817
2818 	* kdc/connect.c(process_request): Set `new'
2819
2820	* lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.
2821
2822	* lib: Added editline,sl,roken.
2823
2824Mon Jun  2 00:37:48 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2825
2826	* lib/krb5/fcache.c: Move file cache from cache.c.
2827
2828	* lib/krb5/cache.c: Allow more than one cache type.
2829
2830Sun Jun  1 23:45:33 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2831
2832	* admin/extkeytab.c: Merged with kdb_edit.
2833
2834Sun Jun  1 23:23:08 1997  Assar Westerlund  <assar@sics.se>
2835
2836	* kdc/kdc.c: more support for ENC-TS-ENC
2837
2838	* lib/krb5/get_in_tkt.c: redone to enable pre-authentication
2839
2840Sun Jun  1 22:45:11 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2841
2842	* lib/hdb/db.c: Merge fetch and store.
2843
2844	* admin: Merge to one program.
2845
2846	* lib/krb5/str2key.c: Fill in keytype and length.
2847
2848Sun Jun  1 16:31:23 1997  Assar Westerlund  <assar@sics.se>
2849
2850	* lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
2851 	lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
2852 	KRB5_AUTH_CONTEXT_DO_SEQUENCE
2853
2854	* lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
2855 	KRB_ERROR.  Some support for PA_ENC_TS_ENC.
2856
2857	* lib/krb5/auth_context.c: implemented seq_number functions
2858
2859	* lib/krb5/generate_subkey.c, generate_seq_number.c: new files
2860
2861	* lib/gssapi/gssapi.h: avoid including <krb5.h>
2862
2863	* lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
2864 	happy
2865
2866	* kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP
2867
2868	* configure.in: adapted to automake 1.1p
2869
2870Mon May 26 22:26:21 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2871
2872	* lib/krb5/principal.c: Add contexts to many functions.
2873
2874Thu May 15 20:25:37 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2875
2876	* lib/krb5/verify_user.c: First stab at a verify user.
2877
2878	* lib/auth/sia/sia5.c: SIA module for Kerberos 5.
2879
2880Mon Apr 14 00:09:03 1997  Assar Westerlund  <assar@sics.se>
2881
2882	* lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
2883	able to (mostly) run gss-client and gss-server.
2884
2885	* lib/krb5/keytab.c: implemented krb5_kt_add_entry,
2886 	krb5_kt_store_principal, krb5_kt_store_keyblock
2887
2888	* lib/des/md5.[ch], sha.[ch]: new files
2889
2890	* lib/asn1/der_get.c (generalizedtime2time): use `timegm'
2891
2892	* lib/asn1/timegm.c: new file
2893
2894	* admin/extkeytab.c: new program
2895
2896	* admin/admin_locl.h: new file
2897
2898	* admin/Makefile.am: Added extkeytab
2899
2900	* configure.in: moved config to include
2901	removed timezone garbage
2902	added lib/gssapi and admin
2903
2904	* Makefile.am: Added admin
2905
2906Mon Mar 17 11:34:05 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2907
2908	* kdc/kdc.c: Use new copying functions, and free some data.
2909
2910	* lib/asn1/Makefile.am: Try to not always rebuild generated files.
2911
2912	* lib/asn1/der_put.c: Add fix_dce().
2913
2914	* lib/asn1/der_{get,length,put}.c: Fix include files.
2915
2916	* lib/asn1/der_free.c: Remove unused functions.
2917
2918	* lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
2919 	gen_length, and gen_copy.
2920
2921Sun Mar 16 18:13:52 1997  Assar Westerlund  <assar@sics.se>
2922
2923	* lib/krb5/sendauth.c: implemented functionality
2924
2925	* lib/krb5/rd_rep.c: Use `krb5_decrypt'
2926
2927	* lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
2928 	NULL
2929
2930	* lib/krb5/principal.c (krb5_free_principal): added `context'
2931 	argument.  Changed all callers.
2932
2933	(krb5_sname_to_principal): new function
2934
2935	* lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
2936 	argument.  Changed all callers
2937
2938	* lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files
2939
2940	* lib/asn1/gen.c: Fix encoding and decoding of BitStrings
2941
2942Fri Mar 14 11:29:00 1997  Assar Westerlund  <assar@sics.se>
2943
2944	* configure.in: look for *dbm?
2945
2946	* lib/asn1/gen.c: Fix filename in generated files. Check fopens.
2947  	Put trailing newline in asn1_files.
2948
2949Fri Mar 14 05:06:44 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2950
2951	* lib/krb5/get_in_tkt.c: Fix some memory leaks.
2952
2953	* lib/krb5/krbhst.c: Properly free hostlist.
2954
2955	* lib/krb5/decrypt.c: CRCs are 32 bits.
2956
2957Fri Mar 14 04:39:15 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2958
2959	* lib/asn1/gen.c: Generate one file for each type.
2960
2961Fri Mar 14 04:13:47 1997  Assar Westerlund  <assar@sics.se>
2962
2963	* lib/asn1/gen.c: Generate `length_FOO' functions
2964
2965	* lib/asn1/der_length.c: new file
2966
2967	* kuser/klist.c: renamed stime -> printable_time to avoid conflict
2968 	on HP/UX
2969
2970Fri Mar 14 03:37:23 1997  Johan Danielsson  <joda@emma.pdc.kth.se>
2971
2972	* lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
2973 	datums. Don't add .db to filename.
2974
2975Fri Mar 14 02:49:51 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2976
2977	* kdc/dump.c: Database dump program.
2978
2979	* kdc/ank.c: Trivial database editing program.
2980
2981	* kdc/{kdc.c, load.c}: Use libhdb.
2982
2983	* lib/hdb: New database routine library.
2984
2985	* lib/krb5/error/Makefile.am: Add hdb_err.
2986
2987Wed Mar 12 17:41:14 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
2988
2989	* kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.
2990
2991	* lib/asn1/gen.c: Generate free functions.
2992
2993	* Some specific free functions.
2994
2995Wed Mar 12 12:30:13 1997  Assar Westerlund  <assar@sics.se>
2996
2997	* lib/krb5/krb5_mk_req_ext.c: new file
2998
2999	* lib/asn1/gen.c: optimize the case with a simple type
3000
3001	* lib/krb5/get_cred.c (krb5_get_credentials): Use
3002 	`mk_req_extended' and remove old code.
3003
3004	* lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
3005 	EncASRepPart, then with an EncTGSRepPart.
3006
3007Wed Mar 12 08:26:04 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
3008
3009	* lib/krb5/store_emem.c: New resizable memory storage.
3010
3011	* lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c
3012
3013	* lib/krb5/krb5.h: Add free entry to krb5_storage.
3014
3015	* lib/krb5/decrypt.c: Make keyblock const.
3016
3017Tue Mar 11 20:22:17 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
3018
3019	* lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.
3020
3021	* lib/krb5/rd_req.c: Return whole asn.1 ticket in
3022 	krb5_ticket->tkt.
3023
3024	* lib/krb5/get_in_tkt.c: TGS -> AS
3025
3026	* kuser/kfoo.c: Print error string rather than number.
3027
3028	* kdc/kdc.c: Some kind of non-working TGS support.
3029
3030Mon Mar 10 01:43:22 1997  Assar Westerlund  <assar@sics.se>
3031
3032	* lib/asn1/gen.c: reduced generated code by 1/5
3033
3034 	* lib/asn1/der_put.c: (der_put_length_and_tag): new function
3035
3036	* lib/asn1/der_get.c (der_match_tag_and_length): new function
3037
3038	* lib/asn1/der.h: added prototypes
3039
3040Mon Mar 10 01:15:43 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
3041
3042	* lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
3043 	krb5_rd_req_with_keyblock.
3044
3045	* lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
3046 	takes a precomputed keyblock.
3047
3048	* lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.
3049
3050	* lib/krb5/mk_req.c: Calculate checksum of in_data.
3051
3052Sun Mar  9 21:17:58 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
3053
3054	* lib/krb5/error/compile_et.awk: Add a declaration of struct
3055 	error_list, and multiple inclusion block to header files.
3056
3057Sun Mar  9 21:01:12 1997  Assar Westerlund  <assar@sics.se>
3058
3059	* lib/krb5/rd_req.c: do some checks on times
3060
3061	* lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
3062	address.c}: new files
3063
3064	* lib/krb5/auth_context.c: more code
3065
3066	* configure.in: try to figure out timezone
3067
3068Sat Mar  8 11:41:07 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
3069
3070	* lib/krb5/error/error.c: Try strerror if error code wasn't found.
3071
3072	* lib/krb5/get_in_tkt.c: Remove realm parameter from
3073 	krb5_get_salt.
3074
3075	* lib/krb5/context.c: Initialize error table.
3076
3077	* kdc: The beginnings of a kdc.
3078
3079Sat Mar  8 08:16:28 1997  Assar Westerlund  <assar@sics.se>
3080
3081	* lib/krb5/rd_safe.c: new file
3082
3083	* lib/krb5/checksum.c (krb5_verify_checksum): New function
3084
3085	* lib/krb5/get_cred.c: use krb5_create_checksum
3086
3087	* lib/krb5/checksum.c: new file
3088
3089	* lib/krb5/store.c: no more arithmetic with void*
3090
3091	* lib/krb5/cache.c: now seems to work again
3092
3093Sat Mar  8 06:58:09 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
3094
3095	* lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.
3096
3097	* lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.
3098
3099	* lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
3100
3101	* lib/krb5/{cache,keytab}.c: Use new storage functions.
3102
3103	* lib/krb5/krb5.h: Protypes for new storage functions.
3104
3105	* lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
3106 	data to more than file descriptors.
3107
3108Sat Mar  8 01:01:17 1997  Assar Westerlund  <assar@sics.se>
3109
3110	* lib/krb5/encrypt.c: New file.
3111
3112	* lib/krb5/Makefile.am: More -I
3113
3114	* configure.in: Test for big endian, random, rand, setitimer
3115
3116	* lib/asn1/gen.c: perhaps even decodes bitstrings
3117
3118Thu Mar  6 19:05:29 1997  Johan Danielsson  <joda@blubb.pdc.kth.se>
3119
3120	* lib/krb5/config_file.y: Better return values on error.
3121
3122Sat Feb  8 15:59:56 1997  Assar Westerlund  <assar@pdc.kth.se>
3123
3124	* lib/asn1/parse.y: ifdef HAVE_STRDUP
3125
3126	* lib/asn1/lex.l: ifdef strdup
3127	brange-dead version of list of special characters to make stupid
3128 	lex accept it.
3129
3130	* lib/asn1/gen.c: A DER integer should really be a `unsigned'
3131
3132	* lib/asn1/der_put.c: A DER integer should really be a `unsigned'
3133
3134	* lib/asn1/der_get.c: A DER integer should really be a `unsigned'
3135
3136	* lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
3137 	needed.
3138
3139	* lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
3140 	lib/krb/store.h: new files.
3141
3142	* lib/krb5/keytab.c: now even with some functionality.
3143
3144	* lib/asn1/gen.c: changed paramater from void * to Foo *
3145
3146	* lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
3147 	string.
3148
3149Sun Jan 19 06:17:39 1997  Assar Westerlund  <assar@pdc.kth.se>
3150
3151	* lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
3152 	cc before getting new ones.
3153
3154	* lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.
3155
3156	* lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
3157 	CRC should be stored LSW first. (?)
3158
3159	* lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
3160 	`krb5_free_keyblock'
3161
3162	* lib/**/Makefile.am: Rename foo libfoo.a
3163
3164	* include/Makefile.in: Use test instead of [
3165	-e does not work with /bin/sh on psoriasis
3166
3167	* configure.in: Search for awk
3168	create lib/krb/error/compile_et
3169
3170Tue Jan 14 03:46:26 1997  Assar Westerlund  <assar@pdc.kth.se>
3171
3172	* lib/krb5/Makefile.am: replaced mit-crc.c by crc.c
3173
3174Wed Dec 18 00:53:55 1996  Johan Danielsson  <joda@emma.pdc.kth.se>
3175
3176	* kuser/kinit.c: Guess principal.
3177
3178	* lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
3179 	warnings.
3180
3181	* lib/krb5/error/asn1_err.et: Add ASN.1 error messages.
3182
3183	* lib/krb5/mk_req.c: Get client from cache.
3184
3185	* lib/krb5/cache.c: Add better error checking some useful return
3186 	values.
3187
3188	* lib/krb5/krb5.h: Fix krb5_auth_context.
3189
3190	* lib/asn1/der.h: Make krb5_data compatible with krb5.h
3191
3192Tue Dec 17 01:32:36 1996  Johan Danielsson  <joda@emma.pdc.kth.se>
3193
3194	* lib/krb5/error: Add primitive error library.
3195
3196Mon Dec 16 16:30:20 1996  Johan Danielsson  <joda@emma.pdc.kth.se>
3197
3198	* lib/krb5/cache.c: Get correct address type from cache.
3199
3200	* lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.
3201
3202