xref: /freebsd/crypto/heimdal/ChangeLog (revision 70fe064ad7cab6c0444b91622f60ec6a462f308a) 
12001-05-17  Assar Westerlund  <assar@sics.se>
2
3	* Release 0.3f
4
52001-05-17  Assar Westerlund  <assar@sics.se>
6
7	* lib/krb5/Makefile.am: bump version to 16:0:0
8	* lib/hdb/Makefile.am: bump version to 7:1:0
9	* lib/asn1/Makefile.am: bump version to 5:0:0
10	* lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
11	* lib/krb5/codec.c: remove dead code
12
132001-05-15  Assar Westerlund  <assar@sics.se>
14
15	* lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
16	parenthesis
17
18	* lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
19	`errno' (called system_error) to allow callers to make sure they
20	pass the current and relevant value.  update callers
21
222001-05-14  Johan Danielsson  <joda@pdc.kth.se>
23
24	* kdc/kerberos5.c: pass context to krb5_domain_x500_decode
25
262001-05-14  Assar Westerlund  <assar@sics.se>
27
28	* kpasswd/kpasswdd.c: adapt to new address functions
29	* kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
30	* kdc/connect.c: adapt to changing address functions
31	* kdc/config.c: new krb5_config_parse_file
32	* kdc/524.c: new krb5_sockaddr2address
33	* lib/krb5/*: add some krb5_{set,clear}_error_string
34
35	* lib/asn1/k5.asn1 (LR_TYPE): add
36	* lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x
37
382001-05-11  Assar Westerlund  <assar@sics.se>
39
40	* kdc/kerberos5.c (tsg_rep): fix typo in variable name
41
42	* kpasswd/kpasswd-generator.c (nop_prompter): update prototype
43	* lib/krb5/init_creds_pw.c: update to new prompter, use prompter
44	types and send two prompts at once when changning password
45	* lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
46	* lib/krb5/krb5.h (krb5_prompt): add type
47	(krb5_prompter_fct): add anem
48
49	* lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
50	paramaters to krb5_cc_next_cred (as MIT does, and not as they
51	document).  From "Jacques A. Vidrine" <n@nectar.com>
52
532001-05-11  Johan Danielsson  <joda@pdc.kth.se>
54
55	* lib/krb5/Makefile.am: store-test
56
57	* lib/krb5/store-test.c: simple bit storage test
58
59	* lib/krb5/store.c: add more byteorder storage flags
60
61	* lib/krb5/krb5.h: add more byteorder storage flags
62
63	* kdc/kerberos5.c: don't use NULL where we mean 0
64
65	* kdc/kerberos5.c: put referral test code in separate function,
66	and test for KRB5_NT_SRV_INST
67
682001-05-10  Assar Westerlund  <assar@sics.se>
69
70	* admin/list.c (do_list): do not close the keytab if opening it
71	failed
72	* admin/list.c (do_list): always print complete names.  print
73	everything to stdout.
74	* admin/list.c: print both v5 and v4 list by default
75	* admin/remove.c (kt_remove): reorganize some.  open the keytab
76	(defaulting to the modify one).
77	* admin/purge.c (kt_purge): reorganize some.  open the keytab
78	(defaulting to the modify one). correct usage strings
79	* admin/list.c (kt_list): reorganize some.  open the keytab
80	* admin/get.c (kt_get): reorganize some.  open the keytab
81	(defaulting to the modify one)
82	* admin/copy.c (kt_copy): default to modify key name.  re-organise
83	* admin/change.c (kt_change): reorganize some.  open the keytab
84	(defaulting to the modify one)
85	* admin/add.c (kt_add): reorganize some.  open the keytab
86	(defaulting to the modify one)
87	* admin/ktutil.c (main): do not open the keytab, let every
88	sub-function handle it
89
90	* kdc/config.c (configure): call free_getarg_strings
91
92	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
93	a few more errors
94
95	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
96	`use_dns' parameter boolean
97
98	* lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
99	* lib/krb5/context.c (init_context_from_config_file): set
100	default_keytab_modify
101	* lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
102	ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
103	(KEYTAB_DEFAULT_MODIFY): add
104	* lib/krb5/keytab.c (krb5_kt_default_modify_name): add
105	(krb5_kt_resolve): set error string for failed keytab type
106
1072001-05-08  Assar Westerlund  <assar@sics.se>
108
109	* lib/krb5/crypto.c (encryption_type): make field names more
110	consistent
111	(create_checksum): separate usage and type
112	(krb5_create_checksum): add a separate type parameter
113	(encrypt_internal): only free once on mismatched checksum length
114
115	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
116	realm we didn't manage to reach any KDC for in the error string
117
118	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
119	the entire subkey.  from <tmartin@mirapoint.com>
120
1212001-05-07  Johan Danielsson  <joda@pdc.kth.se>
122
123	* lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
124	KT_NOTFOUND if the file is empty
125
1262001-05-07  Assar Westerlund  <assar@sics.se>
127
128	* lib/krb5/fcache.c: call krb5_set_error_string when open fails
129	fatally
130	* lib/krb5/keytab_file.c: call krb5_set_error_string when open
131	fails fatally
132
133	* lib/krb5/warn.c (_warnerr): print error_string in context in
134	preference to error string derived from error code
135	* kuser/kinit.c (main): try to print the error string
136	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
137	error strings for errors
138
139	* lib/krb5/krb5.h (krb5_context_data): add error_string and
140	error_buf
141	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
142	* lib/krb5/error_string.c: new file
143
1442001-05-02  Johan Danielsson  <joda@pdc.kth.se>
145
146	* lib/krb5/time.c: krb5_string_to_deltat
147
148	* lib/krb5/sock_principal.c: one less data copy
149
150	* lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's
151
152	* lib/krb5/get_default_principal.c: change this slightly
153
154	* lib/krb5/crypto.c: make checksum_types into an array of pointers
155
156	* lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
157	ticket
158
1592001-04-29  Assar Westerlund  <assar@sics.se>
160
161	* kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
162	the right realm if we fail to find a non-krbtgt service in the
163	database and the second component does a succesful non-dns lookup
164	to get the real realm (which has to be different from the
165	originally-supplied realm).  this should help windows 2000 clients
166	that always start their lookups in `their' realm and do not have
167	any idea of how to map hostnames into realms
168	* kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm
169
1702001-04-27  Johan Danielsson  <joda@pdc.kth.se>
171
172	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
173	parameter to request use of dns or not
174
1752001-04-25  Assar Westerlund  <assar@sics.se>
176
177	* admin/get.c (kt_get): allow specification of encryption types
178	* lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
179	close an unopened ccache, noted by <marc@mit.edu>
180
181	* lib/krb5/krb5.h (krb5_any_ops): add declaration
182	* lib/krb5/context.c (init_context_from_config_file): register
183	krb5_any_ops
184
185	* lib/krb5/keytab_any.c: new file, implementing union of keytabs
186	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
187
188	* lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
189	== NULL.  noted by <marc@mit.edu>
190
1912001-04-19  Johan Danielsson  <joda@pdc.kth.se>
192
193	* lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
194	else, from Jacques Vidrine
195
1962001-04-18  Johan Danielsson  <joda@pdc.kth.se>
197
198	* lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h
199
200	* lib/asn1/Makefile.am: add asn1_ENCTYPE.x
201
202	* lib/krb5/krb5.h: adapt to asn1 changes
203
204	* lib/asn1/k5.asn1: move enctypes here
205
206	* lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
207	conflicts
208
209	* lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
210	conflicts
211
212	* lib/asn1/lex.l: use strtol to parse constants
213
2142001-04-06  Johan Danielsson  <joda@pdc.kth.se>
215
216	* kuser/kinit.c: add simple support for running commands
217
2182001-03-26  Assar Westerlund  <assar@sics.se>
219
220	* lib/hdb/hdb-ldap.c: change order of includes to allow it to work
221	with more versions of openldap
222
223	* kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
224	replies
225	(*): update callers of krb5_km_error
226	(check_tgs_flags): handle renews requesting non-renewable tickets
227
228	* lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
229	and cusec
230
231	* lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
232	compatibility names
233
234	* lib/krb5/crypto.c (create_checksum): change so that `type == 0'
235	means pick from the `crypto' (context) and otherwise use that
236	type.  this is not a large change in practice and allows callers
237	to specify the exact checksum algorithm to use
238
2392001-03-13  Assar Westerlund  <assar@sics.se>
240
241	* lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
242	to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
243	integrity'.  this helps for talking to old (pre 0.3d) KDCs
244
2452001-03-12  Assar Westerlund  <assar@pdc.kth.se>
246
247	* lib/krb5/crypto.c (krb5_derive_key): new function, used by
248	derived-key-test.c
249	* lib/krb5/string-to-key-test.c: add new test vectors posted by
250	Ken Raeburn <raeburn@mit.edu> in <tx1bsra8919.fsf@raeburn.org> to
251	ietf-krb-wg@anl.gov
252	* lib/krb5/n-fold-test.c: more test vectors from same source
253	* lib/krb5/derived-key-test.c: more tests from same source
254
2552001-03-06  Assar Westerlund  <assar@sics.se>
256
257	* acconfig.h: include roken_rename.h when appropriate
258
2592001-03-06  Assar Westerlund  <assar@sics.se>
260
261	* lib/krb5/krb5.h (krb5_enctype): remove trailing comma
262
2632001-03-04  Assar Westerlund  <assar@sics.se>
264
265	* lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
266	compatibility with MIT krb5
267
2682001-03-02  Assar Westerlund  <assar@sics.se>
269
270	* kuser/kinit.c (main): only request a renewable ticket when
271	explicitly requested.  it still gets a renewable one if the renew
272	life is specified
273	* kuser/kinit.c (renew_validate): treat -1 as flags not being set
274
2752001-02-28  Johan Danielsson  <joda@pdc.kth.se>
276
277	* lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list
278
2792001-02-27  Johan Danielsson  <joda@pdc.kth.se>
280
281	* lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt
282
2832001-02-25  Assar Westerlund  <assar@sics.se>
284
285	* configure.in: do not use -R when testing for des functions
286
2872001-02-14  Assar Westerlund  <assar@sics.se>
288
289	* configure.in: test for lber.h when trying to link against
290 	openldap to handle openldap v1, from Sumit Bose
291 	<sumit.bose@suse.de>
292
2932001-02-19  Assar Westerlund  <assar@sics.se>
294
295	* lib/asn1/libasn1.h: add string.h (for memset)
296
2972001-02-15  Assar Westerlund  <assar@sics.se>
298
299	* lib/krb5/warn.c (_warnerr): add printf attributes
300	* lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
301	returned by getaddrinfo before trying the next kdc.  from
302	thorpej@netbsd.org
303
304	* lib/krb5/krb5.conf.5: fix default_realm in example
305
306	* kdc/connect.c: fix a few kdc_log format types
307
308	* configure.in: try to handle libdes/libcrypto ont requiring -L
309
3102001-02-10  Assar Westerlund  <assar@sics.se>
311
312	* lib/asn1/gen_decode.c (generate_type_decode): zero the data at
313	the beginning of the generated function, and add a label `fail'
314	that the code jumps to in case of errors that frees all allocated
315	data
316
3172001-02-07  Assar Westerlund  <assar@sics.se>
318
319	* configure.in: aix dce: fix misquotes, from Ake Sandgren
320	<ake@cs.umu.se>
321
322	* configure.in (dpagaix_LDFLAGS): try to add export file
323
3242001-02-05  Assar Westerlund  <assar@sics.se>
325
326	* lib/krb5/krb5_keytab.3: new man page, contributed by
327	<lha@stacken.kth.se>
328
329	* kdc/kaserver.c: update to new db_fetch4
330
3312001-02-05  Assar Westerlund  <assar@assaris.sics.se>
332
333	* Release 0.3e
334
3352001-01-30  Assar Westerlund  <assar@sics.se>
336
337	* kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
338	properly
339	(kdb_prop): decrypt key properly
340	* kdc/hprop.c: handle building with KRB4 always try to decrypt v4
341	data with the master key leave it up to the v5 how to encrypt with
342	that master key
343
344	* kdc/kstash.c: include file name in error messages
345	* kdc/hprop.c: fix a typo and check some more return values
346	* lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
347	correctly.  From Jacques Vidrine <n@nectar.com>
348	* kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
349	ENOENT
350
351	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
352	15:0:0
353	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
354	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
355	* kdc/misc.c (db_fetch): return an error code.  change callers to
356	look at this and try to print it in log messages
357
358	* lib/krb5/crypto.c (decrypt_internal_derived): check that there's
359	enough data
360
3612001-01-29  Assar Westerlund  <assar@sics.se>
362
363	* kdc/hprop.c (realm_buf): move it so it becomes properly
364	conditional on KRB4
365
366	* lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
367	hdb_unseal_keys, hdb_seal_keys): check that we have the correct
368	master key and that we manage to decrypt the key properly,
369	returning an error code.  fix all callers to check return value.
370
371	* tools/krb5-config.in: use @LIB_des_appl@
372	* tools/Makefile.am (krb5-config): add LIB_des_appl
373	* configure.in (LIB_des): set correctly
374	(LIB_des_appl): add for the use by krb5-config.in
375
376	* lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
377	to make sure of not dropping data when doing it over a socket.
378	(this might break when used with ordinary files on win32)
379
380	* lib/hdb/hdb_err.et (NO_MKEY): add
381
382	* kdc/kerberos5.c (as_rep): be paranoid and check
383	krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>
384
385	* lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
386	lib/krb5/krb5_auth_context.3: add new man pages, contributed by
387	<lha@stacken.kth.se>
388
389	* use the openssl api for md4/md5/sha and handle openssl/*.h
390
391	* kdc/kaserver.c (do_getticket): check length of ticket.  noted by
392 	<lha@stacken.kth.se>
393
3942001-01-28  Assar Westerlund  <assar@sics.se>
395
396	* configure.in: send -R instead of -rpath to libtool to set
397	runtime library paths
398
399	* lib/krb5/Makefile.am: remove all dependencies on libkrb
400
4012001-01-27  Assar Westerlund  <assar@sics.se>
402
403	* appl/rcp: add port of bsd rcp changed to use existing rsh,
404	contributed by Richard Nyberg <rnyberg@it.su.se>
405
4062001-01-27  Johan Danielsson  <joda@pdc.kth.se>
407
408	* lib/krb5/get_port.c: don't warn if the port name can't be found,
409	nobody cares anyway
410
4112001-01-26  Johan Danielsson  <joda@pdc.kth.se>
412
413	* kdc/hprop.c: make it possible to convert a v4 dump file without
414	having any v4 libraries; the kdb backend still require them
415
416	* kdc/v4_dump.c: include shadow definition of kdb Principal, so we
417	don't have to depend on any v4 libraries
418
419	* kdc/hprop.h: include shadow definition of kdb Principal, so we
420	don't have to depend on any v4 libraries
421
422	* lib/hdb/print.c: reduce number of memory allocations
423
424	* lib/hdb/mkey.c: add support for reading krb4 /.k files
425
4262001-01-19  Assar Westerlund  <assar@sics.se>
427
428	* lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
429	for realms document capath better
430
431	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
432	at kpasswd_server before admin_server
433
434	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
435	[libdefaults]capath for better hint of realm to send request to.
436	this allows the client to specify `realm routing information' in
437	case it cannot be done at the server (which is preferred)
438
439	* lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
440	zero when we were expecting a sequence number.  MIT krb5 cannot
441	generate a sequence number of zero, instead generating no sequence
442	number
443	* lib/krb5/rd_safe.c (krb5_rd_safe): dito
444
4452001-01-11  Assar Westerlund  <assar@sics.se>
446
447	* kpasswd/kpasswdd.c: add --port option
448
4492001-01-10  Assar Westerlund  <assar@sics.se>
450
451	* lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
452	just before returning
453
4542001-01-09  Assar Westerlund  <assar@sics.se>
455
456	* appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
457
4582001-01-05  Johan Danielsson  <joda@pdc.kth.se>
459
460	* kuser/kinit.c: call a time `time', and not `seconds'
461
462	* lib/krb5/init_creds.c: not much point in setting the anonymous
463	flag here
464
465	* lib/krb5/krb5_appdefault.3: document appdefault_time
466
4672001-01-04  Johan Danielsson  <joda@pdc.kth.se>
468
469	* lib/krb5/verify_user.c: use
470	krb5_get_init_creds_opt_set_default_flags
471
472	* kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
473
474	* lib/krb5/init_creds.c: new function
475	krb5_get_init_creds_opt_set_default_flags to set options from
476	krb5.conf
477
478	* lib/krb5/rd_cred.c: make this match the MIT function
479
480	* lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
481	def_val
482	(krb5_appdefault_time): new function
483
4842001-01-03  Assar Westerlund  <assar@sics.se>
485
486	* kdc/hpropd.c (main): handle EOF when reading from stdin
487
488