xref: /freebsd/crypto/heimdal/ChangeLog.2000 (revision 1e413cf93298b5b97441a21d9a50fdcd0ee9945e)
12000-12-31  Assar Westerlund  <assar@sics.se>
2
3	* lib/krb5/test_get_addrs.c (main): handle krb5_init_context
4	failure consistently
5	* lib/krb5/string-to-key-test.c (main): handle krb5_init_context
6	failure consistently
7	* lib/krb5/prog_setup.c (krb5_program_setup): handle
8	krb5_init_context failure consistently
9	* lib/hdb/convert_db.c (main): handle krb5_init_context failure
10	consistently
11	* kuser/kverify.c (main): handle krb5_init_context failure
12	consistently
13	* kuser/klist.c (main): handle krb5_init_context failure
14	consistently
15	* kuser/kinit.c (main): handle krb5_init_context failure
16	consistently
17	* kuser/kgetcred.c (main): handle krb5_init_context failure
18	consistently
19	* kuser/kdestroy.c (main): handle krb5_init_context failure
20	consistently
21	* kuser/kdecode_ticket.c (main): handle krb5_init_context failure
22	consistently
23	* kuser/generate-requests.c (generate_requests): handle
24	krb5_init_context failure consistently
25	* kpasswd/kpasswd.c (main): handle krb5_init_context failure
26	consistently
27	* kpasswd/kpasswd-generator.c (generate_requests): handle
28	krb5_init_context failure consistently
29	* kdc/main.c (main): handle krb5_init_context failure consistently
30	* appl/test/uu_client.c (proto): handle krb5_init_context failure
31	consistently
32	* appl/kf/kf.c (main): handle krb5_init_context failure
33	consistently
34	* admin/ktutil.c (main): handle krb5_init_context failure
35	consistently
36
37	* admin/get.c (kt_get): more error checking
38
392000-12-29  Assar Westerlund  <assar@sics.se>
40
41	* lib/asn1/asn1_print.c (loop): check for length longer than data.
42	inspired by lha@stacken.kth.se
43
442000-12-16  Johan Danielsson  <joda@pdc.kth.se>
45
46	* admin/ktutil.8: reflect recent changes
47
48	* admin/copy.c: don't copy an entry that already exists in the
49	keytab, and warn if the keyblock differs
50
512000-12-15  Johan Danielsson  <joda@pdc.kth.se>
52
53	* admin/Makefile.am: merge srvconvert and srvcreate with copy
54
55	* admin/copy.c: merge srvconvert and srvcreate with copy
56
57	* lib/krb5/Makefile.am: always build keytab_krb4.c
58
59	* lib/krb5/context.c: always register the krb4 keytab functions
60
61	* lib/krb5/krb5.h: declare krb4_ftk_ops
62
63	* lib/krb5/keytab_krb4.c: We don't really need to include krb.h
64	here, since we only use the principal size macros, so define these
65	here. Theoretically someone could have a krb4 system where these
66	values are != 40, but this is unlikely, and
67	krb5_524_conv_principal also assume they are 40.
68
692000-12-13  Johan Danielsson  <joda@pdc.kth.se>
70
71	* lib/krb5/krb5.h: s/krb5_donot_reply/krb5_donot_replay/
72
73	* lib/krb5/replay.c: fix query-replace-o from MD5 API change, and
74	the struct is called krb5_donot_replay
75
762000-12-12  Assar Westerlund  <assar@sics.se>
77
78	* admin/srvconvert.c (srvconvert): do not use data after free:ing
79	it
80
812000-12-11  Assar Westerlund  <assar@sics.se>
82
83	* Release 0.3d
84
852000-12-11  Assar Westerlund  <assar@sics.se>
86
87	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 14:0:0
88	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 6:3:0
89	* lib/krb5/Makefile.am (libkrb5_la_LIBADD): add library
90	dependencies
91
922000-12-10  Johan Danielsson  <joda@pdc.kth.se>
93
94	* lib/krb5/auth_context.c: implement krb5_auth_con_{get,set}rcache
95
962000-12-08  Assar Westerlund  <assar@sics.se>
97
98	* lib/krb5/krb5.h (krb5_enctype): add ETYPE_DES3_CBC_NONE_IVEC as
99	a new pseudo-type
100
101	* lib/krb5/crypto.c (DES_AFS3_CMU_string_to_key): always treat
102	cell names as lower case
103	(krb5_encrypt_ivec, krb5_decrypt_ivec): new functions that allow an
104	explicit ivec to be specified.  fix all sub-functions.
105	(DES3_CBC_encrypt_ivec): new function that takes an explicit ivec
106
1072000-12-06  Johan Danielsson  <joda@pdc.kth.se>
108
109	* lib/krb5/Makefile.am: actually build replay cache code
110
111	* lib/krb5/replay.c: implement krb5_get_server_rcache
112
113	* kpasswd/kpasswdd.c: de-pointerise auth_context parameter to
114	krb5_mk_rep
115
116	* lib/krb5/recvauth.c: de-pointerise auth_context parameter to
117	krb5_mk_rep
118
119	* lib/krb5/mk_rep.c: auth_context should not be a pointer
120
121	* lib/krb5/auth_context.c: implement krb5_auth_con_genaddrs, and
122	make setaddrs_from_fd use that
123
124	* lib/krb5/krb5.h: add some more KRB5_AUTH_CONTEXT_* flags
125
1262000-12-05  Johan Danielsson  <joda@pdc.kth.se>
127
128	* lib/krb5/Makefile.am: add kerberos.8 manpage
129
130	* lib/krb5/cache.c: check for NULL remove_cred function
131
132	* lib/krb5/fcache.c: pretend that empty files are non-existant
133
134	* lib/krb5/get_addrs.c (find_all_addresses): use getifaddrs, from
135	Jason Thorpe <thorpej@netbsd.org>
136
1372000-12-01  Assar Westerlund  <assar@sics.se>
138
139	* configure.in: remove configure-time generation of krb5-config
140	* tools/Makefile.am: add generation of krb5-config at make-time
141	instead of configure-time
142
143	* tools/krb5-config.in: add --prefix and --exec-prefix
144
1452000-11-30  Assar Westerlund  <assar@sics.se>
146
147	* tools/Makefile.am: add krb5-config.1
148	* tools/krb5-config.in: add kadm-client and kadm5-server as
149	libraries
150
1512000-11-29  Assar Westerlund  <assar@sics.se>
152
153	* tools/krb5-config.in: add --prefix, --exec-prefix and gssapi
154
1552000-11-29  Johan Danielsson  <joda@pdc.kth.se>
156
157	* configure.in: add roken/Makefile here, since it can't live in
158	rk_ROKEN
159
1602000-11-16  Assar Westerlund  <assar@sics.se>
161
162	* configure.in: use the libtool -rpath, do not rely on ld
163	understanding -rpath
164
165	* configure.in: fix the -Wl stuff for krb4 linking add some
166	gratuitous extra options when linking with an existing libdes
167
1682000-11-15  Assar Westerlund  <assar@sics.se>
169
170	* lib/hdb/hdb.c (hdb_next_enctype2key): const-ize a little bit
171	* lib/Makefile.am (SUBDIRS): try to only build des when needed
172	* kuser/klist.c: print key versions numbers of v4 tickets in
173	verbose mode
174
175	* kdc/kerberos5.c (tgs_rep2): adapt to new krb5_verify_ap_req2
176	* appl/test/gss_common.c (read_token): remove unused variable
177
178	* configure.in (krb4): add -Wl
179	(MD4Init et al): look for these in more libraries
180	(getmsg): only run test if we have the function
181	(AC_OUTPUT): create tools/krb5-config
182
183	* tools/krb5-config.in: new script for storing flags to use
184	* Makefile.am (SUBDIRS): add tools
185
186	* lib/krb5/get_cred.c (make_pa_tgs_req): update to new
187	krb5_mk_req_internal
188	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): allow different
189	usages for the encryption.  change callers
190	* lib/krb5/rd_req.c (decrypt_authenticator): add an encryption
191	`usage'.  also try the old
192	(and wrong) usage of KRB5_KU_AP_REQ_AUTH for backwards compatibility
193	(krb5_verify_ap_req2): new function for specifying the usage different
194	from the default (KRB5_KU_AP_REQ_AUTH)
195	* lib/krb5/build_auth.c (krb5_build_authenticator): add a `usage'
196	parameter to permit the generation of authenticators with
197	different crypto usage
198
199	* lib/krb5/mk_req.c (krb5_mk_req_exact): new function that takes a
200	krb5_principal
201	(krb5_mk_req): use krb5_mk_req_exact
202
203	* lib/krb5/mcache.c (mcc_close): free data
204	(mcc_destroy): don't free data
205
2062000-11-13  Assar Westerlund  <assar@sics.se>
207
208	* lib/hdb/ndbm.c: handle both ndbm.h and gdbm/ndbm.h
209	* lib/hdb/hdb.c: handle both ndbm.h and gdbm/ndbm.h
210
2112000-11-12  Johan Danielsson  <joda@pdc.kth.se>
212
213	* kdc/hpropd.8: remove extra .Xc
214
2152000-10-27  Johan Danielsson  <joda@pdc.kth.se>
216
217	* kuser/kinit.c: fix v4 fallback lifetime calculation
218
2192000-10-10  Johan Danielsson  <joda@pdc.kth.se>
220
221	* kdc/524.c: fix log messge
222
2232000-10-08  Assar Westerlund  <assar@sics.se>
224
225	* lib/krb5/changepw.c (krb5_change_password): check for fd's being
226	too large to select on
227	* kpasswd/kpasswdd.c (add_new_tcp): check for the socket fd being
228	too large to select on
229	* kdc/connect.c (add_new_tcp): check for the socket fd being too
230	large to selct on
231	* kdc/connect.c (loop): check that the socket fd is not too large
232	to select on
233	* lib/krb5/send_to_kdc.c (recv_loop): check `fd' for being too
234	large to be able to select on
235
236	* kdc/kaserver.c (do_authenticate): check for time skew
237
2382000-10-01  Assar Westerlund  <assar@sics.se>
239
240	* kdc/524.c (set_address): allocate memory for storing addresses
241	in if the original request had an empty set of addresses
242	* kdc/524.c (set_address): fix bad return of pointer to automatic
243	data
244
245	* config.sub: update to version 2000-09-11 (aka 1.181) from
246	subversions.gnu.org
247
248	* config.guess: update to version 2000-09-05 (aka 1.156) from
249	subversions.gnu.org plus some minor tweaks
250
2512000-09-20  Assar Westerlund  <assar@juguete.sics.se>
252
253	* Release 0.3c
254
2552000-09-19  Assar Westerlund  <assar@sics.se>
256
257	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
258	13:1:0
259
260	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 6:2:0
261
2622000-09-17  Assar Westerlund  <assar@sics.se>
263
264	* lib/krb5/rd_req.c (krb5_decrypt_ticket): plug some memory leak
265	(krb5_rd_req): try not to return an allocated auth_context on error
266
267	* lib/krb5/log.c (krb5_vlog_msg): fix const-ness
268
2692000-09-10  Assar Westerlund  <assar@sics.se>
270
271	* kdc/524.c: re-organize
272	* kdc/kerberos5.c (tgs_rep2): try to avoid leaking auth_context
273	* kdc/kerberos4.c (valid_princ): check return value of functions
274	(encode_v4_ticket): add some const
275	* kdc/misc.c (db_fetch): check malloc
276	(free_ent): new function
277
278	* lib/krb5/log.c (krb5_vlog_msg): log just the format string it we
279	fail to allocate the actual string to log, should at least provide
280	some hint as to where things went wrong
281
2822000-09-10  Johan Danielsson  <joda@pdc.kth.se>
283
284	* kdc/log.c: use DEFAULT_LOG_DEST
285
286	* kdc/config.c: use _PATH_KDC_CONF
287
288	* kdc/kdc_locl.h: add macro constants for kdc.conf, and kdc.log
289
2902000-09-09  Assar Westerlund  <assar@sics.se>
291
292	* lib/krb5/crypto.c (_key_schedule): re-use an existing schedule
293
2942000-09-06  Johan Danielsson  <joda@pdc.kth.se>
295
296	* configure.in: fix dpagaix test
297
2982000-09-05  Assar Westerlund  <assar@sics.se>
299
300	* configure.in: with_dce -> enable_dce.  noticed by Ake Sandgren
301 	<ake@cs.umu.se>
302
3032000-09-01  Johan Danielsson  <joda@pdc.kth.se>
304
305	* kdc/kstash.8: update manual page
306
307	* kdc/kstash.c: fix typo, and remove unused option
308
309	* lib/krb5/kerberos.7: short kerberos intro page
310
3112000-08-27  Assar Westerlund  <assar@sics.se>
312
313	* include/bits.c: add __attribute__ for gcc's pleasure
314	* lib/hdb/keytab.c: re-write to delay the opening of the database
315	till it's known which principal is being sought, thereby allowing
316	the usage of multiple databases, however they need to be specified
317	in /etc/krb5.conf since all the programs using this keytab do not
318	read kdc.conf
319
320	* appl/test/test_locl.h (keytab): add
321	* appl/test/common.c: add --keytab
322	* lib/krb5/crypto.c: remove trailing commas
323	(KRB5_KU_USAGE_SEQ): renamed from KRB5_KU_USAGE_MIC
324
3252000-08-26  Assar Westerlund  <assar@sics.se>
326
327	* lib/krb5/send_to_kdc.c (send_via_proxy): handle `http://' at the
328	beginning of the proxy specification.  use getaddrinfo correctly
329	(krb5_sendto): always return a return code
330
331	* lib/krb5/krb5.h (KRB5_KU_USAGE_MIC): rename to KRB5_KU_USAGE_SEQ
332	* lib/krb5/auth_context.c (krb5_auth_con_free): handle
333	auth_context == NULL
334
3352000-08-23  Assar Westerlund  <assar@sics.se>
336
337	* kdc/kerberos5.c (find_type): make sure of always setting
338	`ret_etype' correctly.  clean-up structure some
339
3402000-08-23  Johan Danielsson  <joda@pdc.kth.se>
341
342	* lib/krb5/mcache.c: implement resolve
343
3442000-08-18  Assar Westerlund  <assar@sics.se>
345
346	* kuser/kdecode_ticket.c: check return value from krb5_crypto_init
347	* kdc/kerberos5.c, kdc/524.c: check return value from krb5_crypto_init
348	* lib/krb5/*.c: check return value from krb5_crypto_init
349
3502000-08-16  Assar Westerlund  <assar@sics.se>
351
352	* Release 0.3b
353
3542000-08-16  Assar Westerlund  <assar@sics.se>
355
356	* lib/krb5/Makefile.am: bump version to 13:0:0
357
358	* lib/hdb/Makefile.am: set version to 6:1:0
359
360	* configure.in: do getmsg testing the same way as in krb4
361
362	* lib/krb5/config_file.c (krb5_config_parse_file_debug): make sure
363 	of closing the file on error
364
365	* lib/krb5/crypto.c (encrypt_internal_derived): free the checksum
366 	after use
367
368	* lib/krb5/warn.c (_warnerr): initialize args to make third,
369 	purify et al happy
370
3712000-08-13  Assar Westerlund  <assar@sics.se>
372
373	* kdc/kerberos5.c: re-write search for keys code.  loop over all
374	supported enctypes in order, looping over all keys of each type,
375	and picking the one with the v5 default salt preferably
376
3772000-08-10  Assar Westerlund  <assar@sics.se>
378
379	* appl/test/gss_common.c (enet_read): add and use
380	* lib/krb5/krb5.h (heimdal_version, heimdal_long_version): make
381	const
382
383	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): add comment on
384	checksum type selection
385
386	* lib/krb5/context.c (krb5_init_context): do not leak memory on
387	failure
388	(default_etypes): prefer arcfour-hmac-md5 to des-cbc-md5
389
390	* lib/krb5/principal.c: add fnmatch.h
391
3922000-08-09  Assar Westerlund  <assar@sics.se>
393
394	* configure.in: call AC_PROG_CC and AC_PROG_CPP to make sure later
395	checks that should require them don't fail
396	* acconfig.h: add HAVE_UINT17_T
397
3982000-08-09  Johan Danielsson  <joda@pdc.kth.se>
399
400	* kdc/mit_dump.c: handle all sorts of weird MIT salt types
401
4022000-08-08  Johan Danielsson  <joda@pdc.kth.se>
403
404	* doc/setup.texi: port 212 -> 2121
405
406	* lib/krb5/principal.c: krb5_principal_match
407
4082000-08-04  Johan Danielsson  <joda@pdc.kth.se>
409
410	* lib/asn1/der_get.c: add comment on *why* DCE sometimes used BER
411	encoding
412
413	* kpasswd/Makefile.am: link with pidfile library
414
415	* kpasswd/kpasswdd.c: write a pid file
416
417	* kpasswd/kpasswd_locl.h: util.h
418
419	* kdc/Makefile.am: link with pidfile library
420
421	* kdc/main.c: write a pid file
422
423	* kdc/headers.h: util.h
424
4252000-08-04  Assar Westerlund  <assar@sics.se>
426
427	* lib/krb5/principal.c (krb5_425_conv_principal_ext): always put
428	hostnames in lower case
429	(default_v4_name_convert): add imap
430
4312000-08-03  Assar Westerlund  <assar@sics.se>
432
433	* lib/krb5/crc.c (_krb5_crc_update): const-ize (finally)
434
4352000-07-31  Johan Danielsson  <joda@pdc.kth.se>
436
437	* configure.in: check for uint*_t
438	* include/bits.c: define uint*_t
439
4402000-07-29  Assar Westerlund  <assar@sics.se>
441
442	* kdc/kerberos5.c (check_tgs_flags): set endtime correctly when
443	renewing, From Derrick J Brashear <shadow@dementia.org>
444
4452000-07-28  Assar Westerlund  <assar@juguete.sics.se>
446
447	* Release 0.3a
448
4492000-07-27  Assar Westerlund  <assar@sics.se>
450
451	* kdc/hprop.c (dump_database): write an empty message to signal
452	end of dump
453
4542000-07-26  Assar Westerlund  <assar@sics.se>
455
456	* lib/krb5/changepw.c (krb5_change_password): try to be more
457	careful when not to resend
458
459	* lib/hdb/db3.c: always create a cursor with db3.  From Derrick J
460	Brashear <shadow@dementia.org>
461
4622000-07-25  Johan Danielsson  <joda@pdc.kth.se>
463
464	* lib/hdb/Makefile.am: bump version to 6:0:0
465
466	* lib/asn1/Makefile.am: bump version to 3:0:1
467
468	* lib/krb5/Makefile.am: bump version to 12:0:1
469
470	* lib/krb5/krb5_config.3: manpage
471
472	* lib/krb5/krb5_appdefault.3: manpage
473
474	* lib/krb5/appdefault.c: implementation of the krb5_appdefault set
475	of functions
476
4772000-07-23  Assar Westerlund  <assar@sics.se>
478
479	* lib/krb5/init_creds_pw.c (change_password): reset forwardable
480	and proxiable.  copy preauthentication list correctly from
481	supplied options
482
483	* kdc/hpropd.c (main): check that the ticket was for `hprop/' for
484	paranoid reasons
485
486	* lib/krb5/sock_principal.c (krb5_sock_to_principal): look in
487	aliases for the real name
488
4892000-07-22  Johan Danielsson  <joda@pdc.kth.se>
490
491	* doc/setup.texi: say something about starting kadmind from the
492	command line
493
4942000-07-22  Assar Westerlund  <assar@sics.se>
495
496	* kpasswd/kpasswdd.c: use kadm5_s_chpass_principal_cond instead of
497	mis-doing it here
498
499	* lib/krb5/changepw.c (krb5_change_password): make timeout 1 +
500	2^{0,1,...}.  also keep track if we got an old packet back and
501	then just wait without sending a new packet
502	* lib/krb5/changepw.c: use a datagram socket and remove the
503	sequence numbers
504	* lib/krb5/changepw.c (krb5_change_password): clarify an
505	expression, avoiding a warning
506
5072000-07-22  Johan Danielsson  <joda@pdc.kth.se>
508
509	* kuser/klist.c: make -a and -n aliases for -v
510
511	* lib/krb5/write_message.c: ws
512
513	* kdc/hprop-common.c: nuke extra definitions of
514	krb5_read_priv_message et.al
515
516	* lib/krb5/read_message.c (krb5_read_message): return error if EOF
517
5182000-07-20  Assar Westerlund  <assar@sics.se>
519
520	* kpasswd/kpasswd.c: print usage consistently
521	* kdc/hprop.h (HPROP_KEYTAB): use HDB for the keytab
522	* kdc/hpropd.c: add --keytab
523	* kdc/hpropd.c: don't care what principal we recvauth as
524
525	* lib/krb5/get_cred.c: be more careful of not returning creds at
526	all when an error is returned
527	* lib/krb5/fcache.c (fcc_gen_new): do mkstemp correctly
528
5292000-07-19  Johan Danielsson  <joda@pdc.kth.se>
530
531	* fix-export: use autoreconf
532
533	* configure.in: remove stuff that belong in roken, and remove some
534	obsolete constructs
535
5362000-07-18  Johan Danielsson  <joda@pdc.kth.se>
537
538	* configure.in: fix some typos
539
540	* appl/Makefile.am: dceutil*s*
541
542	* missing: update to missing from automake 1.4a
543
5442000-07-17  Johan Danielsson  <joda@pdc.kth.se>
545
546	* configure.in: try to get xlc flags from ibmcxx.cfg use
547	conditional for X use readline cf macro
548
549	* configure.in: subst AIX compiler flags
550
5512000-07-15  Johan Danielsson  <joda@pdc.kth.se>
552
553	* configure.in: pass sixth parameter to test-package; use some
554	newer autoconf constructs
555
556	* ltmain.sh: update to libtool 1.3c
557
558	* ltconfig: update to libtool 1.3c
559
560	* configure.in: update this to newer auto*/libtool
561
562	* appl/Makefile.am: use conditional for dce
563
564	* lib/Makefile.am: use conditional for dce
565
5662000-07-11  Johan Danielsson  <joda@pdc.kth.se>
567
568	* lib/krb5/write_message.c: krb5_write_{priv,save}_message
569	* lib/krb5/read_message.c: krb5_read_{priv,save}_message
570	* lib/krb5/convert_creds.c: try port kerberos/88 if no response on
571	krb524/4444
572
573	* lib/krb5/convert_creds.c: use krb5_sendto
574
575	* lib/krb5/send_to_kdc.c: add more generic krb5_sendto that send
576	to a port at arbitrary list of hosts
577
5782000-07-10  Johan Danielsson  <joda@pdc.kth.se>
579
580	* doc/misc.texi: language; say something about kadmin del_enctype
581
5822000-07-10  Assar Westerlund  <assar@sics.se>
583
584	* appl/kf/Makefile.am: actually install
585
5862000-07-08  Assar Westerlund  <assar@sics.se>
587
588	* configure.in (AM_INIT_AUTOMAKE): bump to 0.3a-pre
589	(AC_ROKEN): roken is now at 10
590
591	* lib/krb5/string-to-key-test.c: add a arcfour-hmac-md5 test case
592	* kdc/Makefile.am (INCLUDES): add ../lib/krb5
593	* configure.in: update for standalone roken
594	* lib/Makefile.am (SUBDIRS): make roken conditional
595	* kdc/hprop.c: update to new hdb_seal_keys_mkey
596	* lib/hdb/mkey.c (_hdb_unseal_keys_int, _hdb_seal_keys_int):
597	rename and export them
598
599	* kdc/headers.h: add krb5_locl.h (since we just use some stuff
600	from there)
601
6022000-07-08  Johan Danielsson  <joda@pdc.kth.se>
603
604	* kuser/klist.1: update for -f and add some more text for -v
605
606	* kuser/klist.c: use rtbl to format cred listing, add -f and -s
607
608	* lib/krb5/crypto.c: fix type in des3-cbc-none
609
610	* lib/hdb/mkey.c: add key usage
611
612	* kdc/kstash.c: remove writing of old keyfile, and treat
613	--convert-file as just reading and writing the keyfile without
614	asking for a new key
615
616	* lib/hdb/mkey.c (read_master_encryptionkey): handle old keytype
617	based files, and convert the key to cfb64
618
619	* lib/hdb/mkey.c (hdb_read_master_key): set mkey to NULL before
620	doing anything else
621
622	* lib/krb5/send_to_kdc.c: use krb5_eai_to_heim_errno
623
624	* lib/krb5/get_for_creds.c: use krb5_eai_to_heim_errno
625
626	* lib/krb5/changepw.c: use krb5_eai_to_heim_errno
627
628	* lib/krb5/addr_families.c: use krb5_eai_to_heim_errno
629
630	* lib/krb5/eai_to_heim_errno.c: convert getaddrinfo error codes to
631	something that can be passed to get_err_text
632
6332000-07-07  Assar Westerlund  <assar@sics.se>
634
635	* lib/hdb/hdb.c (hdb_next_enctype2key): make sure of skipping
636	`*key'
637
638	* kdc/kerberos4.c (get_des_key): rewrite some, be more careful
639
6402000-07-06  Assar Westerlund  <assar@sics.se>
641
642	* kdc/kerberos5.c (as_rep): be careful as to now overflowing when
643	calculating the end of lifetime of a ticket.
644
645	* lib/krb5/context.c (default_etypes): add ETYPE_ARCFOUR_HMAC_MD5
646
647	* lib/hdb/db3.c: only use a cursor when needed, from Derrick J
648	Brashear <shadow@dementia.org>
649
650	* lib/krb5/crypto.c: introduce the `special' encryption methods
651	that are not like all other encryption methods and implement
652	arcfour-hmac-md5
653
6542000-07-05  Johan Danielsson  <joda@pdc.kth.se>
655
656	* kdc/mit_dump.c: set initial master key version number to 0
657	instead of 1; if we lated bump the mkvno we don't risk using the
658	wrong key to decrypt
659
660	* kdc/hprop.c: only get master key if we're actually going to use
661	it; enable reading of MIT krb5 dump files
662
663	* kdc/mit_dump.c: read MIT krb5 dump files
664
665	* lib/hdb/mkey.c (read_master_mit): fix this
666
667	* kdc/kstash.c: make this work with the new mkey code
668
669	* lib/hdb/Makefile.am: add mkey.c, and bump version number
670
671	* lib/hdb/hdb.h: rewrite master key handling
672
673	* lib/hdb/mkey.c: rewrite master key handling
674
675	* lib/krb5/crypto.c: add some more pseudo crypto types
676
677	* lib/krb5/krb5.h: change some funny etypes to use negative
678	numbers, and add some more
679
6802000-07-04  Assar Westerlund  <assar@sics.se>
681
682	* lib/krb5/krbhst.c (get_krbhst): only try SRV lookup if there are
683	none in the configuration file
684
6852000-07-02  Assar Westerlund  <assar@sics.se>
686
687	* lib/krb5/keytab_keyfile.c (akf_add_entry): remove unused
688	variable
689
690	* kpasswd/kpasswd-generator.c: new test program
691	* kpasswd/Makefile.am: add kpasswd-generator
692
693	* include/Makefile.am (CLEANFILES): add rc4.h
694
695	* kuser/generate-requests.c: new test program
696	* kuser/Makefile.am (noinst_PROGRAMS): add generate-requests
697
6982000-07-01  Assar Westerlund  <assar@sics.se>
699
700	* configure.in: add --enable-dce and related stuff
701	* appl/Makefile.am (SUBDIRS): add $(APPL_dce)
702
7032000-06-29  Assar Westerlund  <assar@sics.se>
704
705	* kdc/kerberos4.c (get_des_key): fix thinkos/typos
706
7072000-06-29  Johan Danielsson  <joda@pdc.kth.se>
708
709	* admin/purge.c: use parse_time to parse age
710
711	* lib/krb5/log.c (krb5_vlog_msg): use krb5_format_time
712
713	* admin/list.c: add printing of timestamp and key data; some
714	cleanup
715
716	* lib/krb5/time.c (krb5_format_time): new function to format time
717
718	* lib/krb5/context.c (init_context_from_config_file): init
719	date_fmt, also do some cleanup
720
721	* lib/krb5/krb5.h: add date_fmt to context
722
7232000-06-28  Johan Danielsson  <joda@pdc.kth.se>
724
725	* kdc/{kerberos4,kaserver,524}.c (get_des_key): change to return
726	v4 or afs keys if possible
727
7282000-06-25  Johan Danielsson  <joda@pdc.kth.se>
729
730	* kdc/hprop.c (ka_convert): allow using null salt, and treat 0
731	pw_expire as never (from Derrick Brashear)
732
7332000-06-24  Johan Danielsson  <joda@pdc.kth.se>
734
735	* kdc/connect.c (add_standard_ports): only listen to port 750 if
736	serving v4 requests
737
7382000-06-22  Assar Westerlund  <assar@sics.se>
739
740	* lib/asn1/lex.l: fix includes, and lex stuff
741	* lib/asn1/lex.h (error_message): update prototype
742	(yylex): add
743	* lib/asn1/gen_length.c (length_type): fail on malloc error
744	* lib/asn1/gen_decode.c (decode_type): fail on malloc error
745
7462000-06-21  Assar Westerlund  <assar@sics.se>
747
748	* lib/krb5/get_for_creds.c: be more compatible with MIT code.
749	From Daniel Kouril <kouril@ics.muni.cz>
750	* lib/krb5/rd_cred.c: be more compatible with MIT code.  From
751	Daniel Kouril <kouril@ics.muni.cz>
752	* kdc/kerberos5.c (get_pa_etype_info): do not set salttype if it's
753	vanilla pw-salt, that keeps win2k happy.  also do the malloc check
754	correctly.  From Daniel Kouril <kouril@ics.muni.cz>
755
7562000-06-21  Johan Danielsson  <joda@pdc.kth.se>
757
758	* kdc/hprop.c: add hdb keytabs
759
7602000-06-20  Johan Danielsson  <joda@pdc.kth.se>
761
762	* lib/krb5/principal.c: back out rev. 1.64
763
7642000-06-19  Johan Danielsson  <joda@pdc.kth.se>
765
766	* kdc/kerberos5.c: pa_* -> KRB5_PADATA_*
767
768	* kdc/hpropd.c: add realm override flag
769
770	* kdc/v4_dump.c: code for reading krb4 dump files
771
772	* kdc/hprop.c: generalize source database handing, add support for
773	non-standard local realms (from by Daniel Kouril
774	<kouril@ics.muni.cz> and Miroslav Ruda <ruda@ics.muni.cz>), and
775	support for using different ports (requested by the Czechs, but
776	implemented differently)
777
778	* lib/krb5/get_cred.c: pa_* -> KRB5_PADATA_*
779
780	* lib/krb5/get_in_tkt.c: pa_* -> KRB5_PADATA_*
781
782	* lib/krb5/krb5.h: use some definitions from asn1.h
783
784	* lib/hdb/hdb.asn1: use new import syntax
785
786	* lib/asn1/k5.asn1: use distinguished value integers
787
788	* lib/asn1/gen_length.c: support for distinguished value integers
789
790	* lib/asn1/gen_encode.c: support for distinguished value integers
791
792	* lib/asn1/gen_decode.c: support for distinguished value integers
793
794	* lib/asn1/gen.c: support for distinguished value integers
795
796	* lib/asn1/lex.l: add support for more standards like import
797	statements
798
799	* lib/asn1/parse.y: add support for more standards like import
800	statements, and distinguished value integers
801
8022000-06-11  Assar Westerlund  <assar@sics.se>
803
804	* lib/krb5/get_for_creds.c (add_addrs): ignore addresses of
805	unknown type
806	* lib/krb5/get_for_creds.c (add_addrs): zero memory before
807	starting to copy memory
808
8092000-06-10  Assar Westerlund  <assar@sics.se>
810
811	* lib/krb5/test_get_addrs.c: test program for get_addrs
812	* lib/krb5/get_addrs.c (find_all_addresses): remember to add in
813 	the size of ifr->ifr_name when using SA_LEN.  noticed by Ken
814 	Raeburn <raeburn@MIT.EDU>
815
8162000-06-07  Assar Westerlund  <assar@sics.se>
817
818	* configure.in: add db3 detection stuff do not use streamsptys on
819	HP-UX 11
820	* lib/hdb/hdb.h (HDB): add dbc for db3
821	* kdc/connect.c (add_standard_ports): also listen on krb524 aka
822	4444
823	* etc/services.append (krb524): add
824	* lib/hdb/db3.c: add berkeley db3 interface.  contributed by
825	Derrick J Brashear <shadow@dementia.org>
826	* lib/hdb/hdb.h (struct HDB): add
827
8282000-06-07  Johan Danielsson  <joda@pdc.kth.se>
829
830	* kdc/524.c: if 524 is not enabled, just generate error reply and
831	exit
832
833	* kdc/kerberos4.c: if v4 is not enabled, just generate error reply
834	and exit
835
836	* kdc/connect.c: only listen to port 4444 if 524 is enabled
837
838	* kdc/config.c: add options to enable/disable v4 and 524 requests
839
8402000-06-06  Johan Danielsson  <joda@pdc.kth.se>
841
842	* kdc/524.c: handle non-existant server principals (from Daniel
843	Kouril)
844
8452000-06-03  Assar Westerlund  <assar@sics.se>
846
847	* admin/ktutil.c: print name when failing to open keytab
848
849	* kuser/kinit.c: try also to fallback to v4 when no KDC is found
850
8512000-05-28  Assar Westerlund  <assar@sics.se>
852
853	* kuser/klist.c: continue even we have no v5 ccache.  make showing
854	your krb4 tickets the default (if build with krb4 support)
855	* kuser/kinit.c: add a fallback that tries to get a v4 ticket if
856	built with krb4 support and we got back a version error from the
857	KDC
858
8592000-05-23  Johan Danielsson  <joda@pdc.kth.se>
860
861	* lib/krb5/keytab_keyfile.c: make this actually work
862
8632000-05-19  Assar Westerlund  <assar@sics.se>
864
865	* lib/krb5/store_emem.c (emem_store): make it write-compatible
866	* lib/krb5/store_fd.c (fd_store): make it write-compatible
867	* lib/krb5/store_mem.c (mem_store): make it write-compatible
868	* lib/krb5/krb5.h (krb5_storage): make store write-compatible
869
8702000-05-18  Assar Westerlund  <assar@sics.se>
871
872	* configure.in: add stdio.h in dbopen test
873
8742000-05-16  Assar Westerlund  <assar@assaris.sics.se>
875
876	* Release 0.2t
877
8782000-05-16  Assar Westerlund  <assar@sics.se>
879
880	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:1:0
881	* lib/krb5/fcache.c: fix second lseek
882	* lib/krb5/principal.c (krb5_524_conv_principal): fix typo
883
8842000-05-15  Assar Westerlund  <assar@sics.se>
885
886	* Release 0.2s
887
8882000-05-15  Assar Westerlund  <assar@sics.se>
889
890	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 11:0:0
891	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 4:2:1
892	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump to 2:0:0
893	* lib/krb5/principal.c (krb5_524_conv_principal): comment-ize, and
894	simplify string copying
895
8962000-05-12  Assar Westerlund  <assar@sics.se>
897
898	* lib/krb5/fcache.c (scrub_file): new function
899	(erase_file): re-write, use scrub_file
900	* lib/krb5/krb5.h (KRB5_DEFAULT_CCFILE_ROOT): add
901
902	* configure.in (dbopen): add header files
903
904	* lib/krb5/krb5.h (krb5_key_usage): add some more
905	* lib/krb5/fcache.c (erase_file): try to detect symlink games.
906	also call revoke.
907	* lib/krb5/changepw.c (krb5_change_password): remember to close
908	the socket on error
909
910	* kdc/main.c (main): also call sigterm on SIGTERM
911
9122000-05-06  Assar Westerlund  <assar@sics.se>
913
914	* lib/krb5/config_file.c (krb5_config_vget_string_default,
915 	krb5_config_get_string_default): add
916
9172000-04-25  Assar Westerlund  <assar@sics.se>
918
919	* lib/krb5/fcache.c (fcc_initialize): just forget about
920	over-writing the old cred cache.  it's too much of a hazzle trying
921	to do this safely.
922
9232000-04-11  Assar Westerlund  <assar@sics.se>
924
925	* lib/krb5/crypto.c (krb5_get_wrapped_length): rewrite into
926	different parts for the derived and non-derived cases
927	* lib/krb5/crypto.c (krb5_get_wrapped_length): the padding should
928	be done after having added confounder and checksum
929
9302000-04-09  Assar Westerlund  <assar@sics.se>
931
932	* lib/krb5/get_addrs.c (find_all_addresses): apperently solaris
933	can return EINVAL when the buffer is too small.  cope.
934	* lib/asn1/Makefile.am (gen_files): add asn1_UNSIGNED.x
935	* lib/asn1/gen_locl.h (filename): add prototype
936	(init_generate): const-ize
937	* lib/asn1/gen.c (filename): new function clean-up a little bit.
938	* lib/asn1/parse.y: be more tolerant in ranges
939	* lib/asn1/lex.l: count lines correctly.
940	(error_message): print filename in messages
941
9422000-04-08  Assar Westerlund  <assar@sics.se>
943
944	* lib/krb5/rd_safe.c (krb5_rd_safe): increment sequence number
945	after comparing
946	* lib/krb5/rd_priv.c (krb5_rd_priv): increment sequence number
947	after comparing
948	* lib/krb5/mk_safe.c (krb5_mk_safe): make `tmp_seq' unsigned
949	* lib/krb5/mk_priv.c (krb5_mk_priv): make `tmp_seq' unsigned
950	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): make
951	`seqno' be unsigned
952	* lib/krb5/mk_safe.c (krb5_mk_safe): increment local sequence
953	number after the fact and only increment it if we were successful
954	* lib/krb5/mk_priv.c (krb5_mk_priv): increment local sequence
955	number after the fact and only increment it if we were successful
956	* lib/krb5/krb5.h (krb5_auth_context_data): make sequence number
957	unsigned
958
959	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
960	`in_tkt_service' can be NULL
961
9622000-04-06  Assar Westerlund  <assar@sics.se>
963
964	* lib/asn1/parse.y: regonize INTEGER (0..UNIT_MAX).
965	(DOTDOT): add
966	* lib/asn1/lex.l (DOTDOT): add
967	* lib/asn1/k5.asn1 (UNSIGNED): add.  use UNSIGNED for all sequence
968	numbers.
969	* lib/asn1/gen_length.c (length_type): add TUInteger
970	* lib/asn1/gen_free.c (free_type): add TUInteger
971	* lib/asn1/gen_encode.c (encode_type, generate_type_encode): add
972	TUInteger
973	* lib/asn1/gen_decode.c (decode_type, generate_type_decode): add
974	TUInteger
975	* lib/asn1/gen_copy.c (copy_type): add TUInteger
976	* lib/asn1/gen.c (define_asn1): add TUInteger
977	* lib/asn1/der_put.c (encode_unsigned): add
978	* lib/asn1/der_length.c (length_unsigned): add
979	* lib/asn1/der_get.c (decode_unsigned): add
980	* lib/asn1/der.h (decode_unsigned, encode_unsigned,
981	length_unsigned): add prototypes
982
983	* lib/asn1/k5.asn1: update pre-authentication types
984	* lib/krb5/krb5_err.et: add some error codes from pkinit
985
9862000-04-05  Assar Westerlund  <assar@sics.se>
987
988	* lib/hdb/hdb.c: add support for hdb methods (aka back-ends).
989	include ldap.
990	* lib/hdb/hdb-ldap.c: tweak the ifdef to OPENLDAP
991	* lib/hdb/Makefile.am: add hdb-ldap.c and openldap
992	* kdc/Makefile.am, kpasswd/Makefile.am, kadmin/Makefile.am: add
993	* configure.in: bump version to 0.2s-pre add options and testing
994	for (open)ldap
995
9962000-04-04  Assar Westerlund  <assar@sics.se>
997
998	* configure.in (krb4): fix the krb_mk_req test
999
10002000-04-03  Assar Westerlund  <assar@sics.se>
1001
1002	* configure.in (krb4): add test for const arguments to krb_mk_req
1003	* lib/45/mk_req.c (krb_mk_req): conditionalize const-ness of
1004	arguments
1005
10062000-04-03  Assar Westerlund  <assar@sics.se>
1007
1008	* Release 0.2r
1009
10102000-04-03  Assar Westerlund  <assar@sics.se>
1011
1012	* lib/krb5/Makefile.am: set version to 10:0:0
1013	* lib/45/mk_req.c (krb_mk_req): const-ize the arguments
1014
10152000-03-30  Assar Westerlund  <assar@sics.se>
1016
1017	* lib/krb5/principal.c (krb5_425_conv_principal_ext): add some
1018	comments.  add fall-back on adding the realm name in lower case.
1019
10202000-03-29  Assar Westerlund  <assar@sics.se>
1021
1022	* kdc/connect.c: remember to repoint all descr->sa to _ss after
1023	realloc as this might have moved the memory around.  problem
1024	discovered and diagnosed by Brandon S. Allbery
1025
10262000-03-27  Assar Westerlund  <assar@sics.se>
1027
1028	* configure.in: recognize solaris 2.8
1029	* config.guess, config.sub: update to current version from
1030	:pserver:anoncvs@subversions.gnu.org:/home/cvs
1031
1032	* lib/krb5/init_creds_pw.c (print_expire): do not assume anything
1033	about the size of time_t, i.e. make it 64-bit happy
1034
10352000-03-13  Assar Westerlund  <assar@sics.se>
1036
1037	* kuser/klist.c: add support for display v4 tickets
1038
10392000-03-11  Assar Westerlund  <assar@sics.se>
1040
1041	* kdc/kaserver.c (do_authenticate, do_getticket): call check_flags
1042	* kdc/kerberos4.c (do_version4): call check_flags.
1043	* kdc/kerberos5.c (check_flags): make global
1044
10452000-03-10  Assar Westerlund  <assar@sics.se>
1046
1047	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): evil
1048	hack to avoid recursion
1049
10502000-03-04  Assar Westerlund  <assar@sics.se>
1051
1052	* kuser/kinit.c: add `krb4_get_tickets' per realm. add --anonymous
1053	* lib/krb5/krb5.h (krb5_get_init_creds_opt): add `anonymous' and
1054	KRB5_GET_INIT_CREDS_OPT_ANONYMOUS
1055	* lib/krb5/init_creds_pw.c (get_init_creds_common): set
1056	request_anonymous flag appropriatly
1057	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_anonymous):
1058	add
1059
1060	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): new parameter to
1061	determine whetever to ignore client name of not.  always copy
1062	client name from kdc.  fix callers.
1063
1064	* kdc: add support for anonymous tickets
1065
1066	* kdc/string2key.8: add man-page for string2key
1067
10682000-03-03  Assar Westerlund  <assar@sics.se>
1069
1070	* kdc/hpropd.c (dump_krb4): get expiration date from `valid_end'
1071	and not `pw_end'
1072
1073	* kdc/kadb.h (ka_entry): fix name pw_end -> valid_end.  add some
1074	more fields
1075
1076	* kdc/hprop.c (v4_prop): set the `valid_end' from the v4
1077	expiration date instead of the `pw_expire'
1078	(ka_convert): set `valid_end' from ka expiration data and `pw_expire'
1079	from pw_change + pw_expire
1080	(main): add a default database for ka dumping
1081
10822000-02-28  Assar Westerlund  <assar@sics.se>
1083
1084	* lib/krb5/context.c (init_context_from_config_file): change
1085	rfc2052 default to no.  2782 says that underscore should be used.
1086
10872000-02-24  Assar Westerlund  <assar@sics.se>
1088
1089	* lib/krb5/fcache.c (fcc_initialize, fcc_store_cred): verify that
1090	stores and close succeed
1091	* lib/krb5/store.c (krb5_store_creds): check to see that the
1092	stores are succesful.
1093
10942000-02-23  Assar Westerlund  <assar@sics.se>
1095
1096	* Release 0.2q
1097
10982000-02-22  Assar Westerlund  <assar@sics.se>
1099
1100	* lib/krb5/Makefile.am: set version to 9:2:0
1101
1102	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): copy
1103	the correct hostname
1104
1105	* kdc/connect.c (add_new_tcp): use the correct entries in the
1106	descriptor table
1107	* kdc/connect.c: initialize `descr' uniformly and correctly
1108
11092000-02-20  Assar Westerlund  <assar@sics.se>
1110
1111	* Release 0.2p
1112
11132000-02-19  Assar Westerlund  <assar@sics.se>
1114
1115	* lib/krb5/Makefile.am: set version to 9:1:0
1116
1117	* lib/krb5/expand_hostname.c (krb5_expand_hostname): make sure
1118	that realms is filled in even when getaddrinfo fails or does not
1119	return any canonical name
1120
1121	* kdc/connect.c (descr): add sockaddr and string representation
1122	(*): re-write to use the above mentioned
1123
11242000-02-16  Assar Westerlund  <assar@sics.se>
1125
1126	* lib/krb5/addr_families.c (krb5_parse_address): use
1127	krb5_sockaddr2address to copy the result from getaddrinfo.
1128
11292000-02-14  Assar Westerlund  <assar@sics.se>
1130
1131	* Release 0.2o
1132
11332000-02-13  Assar Westerlund  <assar@sics.se>
1134
1135	* lib/krb5/Makefile.am: set version to 9:0:0
1136
1137	* kdc/kaserver.c (do_authenticate): return the kvno of the server
1138	and not the client.  Thanks to Brandon S. Allbery KF8NH
1139	<allbery@kf8nh.apk.net> and Chaskiel M Grundman
1140	<cg2v@andrew.cmu.edu> for debugging.
1141
1142	* kdc/kerberos4.c (do_version4): if an tgs-req is received with an
1143	old kvno, return an error reply and write a message in the log.
1144
11452000-02-12  Assar Westerlund  <assar@sics.se>
1146
1147	* appl/test/gssapi_server.c (proto): with `--fork', create a child
1148	and send over/receive creds with export/import_sec_context
1149	* appl/test/gssapi_client.c (proto): with `--fork', create a child
1150	and send over/receive creds with export/import_sec_context
1151	* appl/test/common.c: add `--fork' / `-f' (only used by gssapi)
1152
11532000-02-11  Assar Westerlund  <assar@sics.se>
1154
1155	* kdc/kdc_locl.h: remove keyfile add explicit_addresses
1156	* kdc/connect.c (init_sockets): pay attention to
1157	explicit_addresses some more comments.  better error messages.
1158	* kdc/config.c: add some comments.
1159	remove --key-file.
1160	add --addresses.
1161
1162	* lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
1163	proper abstraction
1164
11652000-02-07  Johan Danielsson  <joda@pdc.kth.se>
1166
1167	* lib/krb5/changepw.c: use roken_getaddrinfo_hostspec
1168
11692000-02-07  Assar Westerlund  <assar@sics.se>
1170
1171	* Release 0.2n
1172
11732000-02-07  Assar Westerlund  <assar@sics.se>
1174
1175	* lib/krb5/Makefile.am: set version to 8:0:0
1176	* lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy
1177	(krb5_kt_add_entry): set timestamp
1178
11792000-02-06  Assar Westerlund  <assar@sics.se>
1180
1181	* lib/krb5/krb5.h: add macros for accessing krb5_realm
1182	* lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead
1183	of `int32_t'
1184
1185	* lib/krb5/replay.c (checksum_authenticator): update to new API
1186	for md5
1187
1188	* lib/krb5/krb5.h: remove des.h, it's not needed and applications
1189	should not have to make sure to find it.
1190
11912000-02-03  Assar Westerlund  <assar@sics.se>
1192
1193	* lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to
1194	`out_key' to avoid conflicting with label.  reported by Sean Doran
1195	<smd@ebone.net>
1196
11972000-02-02  Assar Westerlund  <assar@sics.se>
1198
1199	* lib/krb5/expand_hostname.c: remember to lower-case host names.
1200	bug reported by <amu@mit.edu>
1201
1202	* kdc/kerberos4.c (do_version4): look at check_ticket_addresses
1203	and emulate that by setting krb_ignore_ip_address (not a great
1204	interface but it doesn't seem like the time to go around fixing
1205	libkrb stuff now)
1206
12072000-02-01  Johan Danielsson  <joda@pdc.kth.se>
1208
1209	* kuser/kinit.c: change --noaddresses into --no-addresses
1210
12112000-01-28  Assar Westerlund  <assar@sics.se>
1212
1213	* kpasswd/kpasswd.c (main): make sure the ticket is not
1214	forwardable and not proxiable
1215
12162000-01-26  Assar Westerlund  <assar@sics.se>
1217
1218	* lib/krb5/crypto.c: update to pseudo-standard APIs for
1219	md4,md5,sha.  some changes to libdes calls to make them more
1220	portable.
1221
12222000-01-21  Assar Westerlund  <assar@sics.se>
1223
1224	* lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to
1225 	clean up the correct creds.
1226
12272000-01-16  Assar Westerlund  <assar@sics.se>
1228
1229	* lib/krb5/principal.c (append_component): change parameter to
1230	`const char *'.  check malloc
1231	* lib/krb5/principal.c (append_component, va_ext_princ, va_princ):
1232	const-ize
1233	* lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname'
1234	const
1235	* lib/krb5/principal.c (replace_chars): also add space here
1236	* lib/krb5/principal.c: (quotable_chars): add space
1237
12382000-01-12  Assar Westerlund  <assar@sics.se>
1239
1240	* kdc/kerberos4.c (do_version4): check if preauth was required and
1241	bail-out if so since there's no way that could be done in v4.
1242	Return NULL_KEY as an error to the client (which is non-obvious,
1243	but what can you do?)
1244
12452000-01-09  Assar Westerlund  <assar@sics.se>
1246
1247	* lib/krb5/principal.c (krb5_sname_to_principal): use
1248	krb5_expand_hostname_realms
1249	* lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms
1250	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new
1251	variant of krb5_expand_hostname that tries until it expands into
1252	something that's digestable by krb5_get_host_realm, returning also
1253	the result from that function.
1254
12552000-01-08  Assar Westerlund  <assar@sics.se>
1256
1257	* Release 0.2m
1258
12592000-01-08  Assar Westerlund  <assar@sics.se>
1260
1261	* configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN
1262
1263	* lib/krb5/Makefile.am: bump version to 7:1:0
1264
1265	* lib/krb5/principal.c (krb5_sname_to_principal): use
1266	krb5_expand_hostname
1267	* lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
1268	ai_canonname being set in any of the addresses returnedby
1269	getaddrinfo.  glibc apparently returns the reverse lookup of every
1270	address in ai_canonname.
1271
12722000-01-06  Assar Westerlund  <assar@sics.se>
1273
1274	* Release 0.2l
1275
12762000-01-06  Assar Westerlund  <assar@sics.se>
1277
1278	* lib/krb5/Makefile.am: set version to 7:0:0
1279	* lib/krb5/principal.c (krb5_sname_to_principal): remove `hp'
1280
1281	* lib/hdb/Makefile.am: set version to 4:1:1
1282
1283	* kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms'
1284	* lib/krb5/get_in_tkt.c (add_padata): change types to make
1285	everything work out
1286	(krb5_get_in_cred): remove const to make types match
1287	* lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature
1288	* lib/krb5/principal.c (krb5_sname_to_principal): handle not
1289	getting back a canonname
1290
12912000-01-06  Assar Westerlund  <assar@sics.se>
1292
1293	* Release 0.2k
1294
12952000-01-06  Assar Westerlund  <assar@sics.se>
1296
1297	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that
1298	we actually parse the port number.  based on a patch from Leif
1299	Johansson <leifj@it.su.se>
1300
13012000-01-02  Assar Westerlund  <assar@sics.se>
1302
1303	* admin/purge.c: remove all non-current and old entries from a
1304	keytab
1305
1306	* admin: break up ktutil.c into files
1307
1308	* admin/ktutil.c (list): support --verbose (also listning time
1309	stamps)
1310	(kt_add, kt_get): set timestamp in newly created entries
1311	(kt_change): add `change' command
1312
1313	* admin/srvconvert.c (srvconv): set timestamp in newly created
1314	entries
1315	* lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp,
1316	always go the a predicatble position on error
1317	* lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp
1318	* lib/krb5/keytab_file.c (fkt_add_entry): store timestamp
1319	(fkt_next_entry_int): return timestamp
1320	* lib/krb5/krb5.h (krb5_keytab_entry): add timestamp
1321