xref: /freebsd/crypto/heimdal/ChangeLog (revision 8373020d34ceb1ac55d8f43333c1ca3680185b39) 
12002-08-28  Assar Westerlund  <assar@kth.se>
2
3	* kdc/config.c: add missing ifdef DAEMON
4
52002-08-28  Johan Danielsson  <joda@pdc.kth.se>
6
7	* configure.in: use rk_SUNOS
8
9	* kdc/config.c: add detach options
10
11	* kdc/main.c: maybe detach from console?
12
13	* kdc/kdc.8: markup changes
14
15	* configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
16
17	* configure.in: use rk_TELNET, rename some other macros, and don't
18	add -ldes to krb4 link command
19
20	* kuser/kinit.1: whitespace fix (from NetBSD)
21
22	* include/bits.c: we may need unistd.h for ssize_t
23
242002-08-26  Assar Westerlund  <assar@kth.se>
25
26	* lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
27	rrs before A ones when using the resolver to verify a mapping,
28	also use getaddrinfo when resolver is not available
29
30	* lib/hdb/keytab.c (find_db): const-correctness in parameters to
31	krb5_config_get_next
32
33	* lib/asn1/gen.c: include <string.h> in the generated files (for
34	memset)
35
362002-08-22  Assar Westerlund  <assar@kth.se>
37
38	* lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
39	getarg so that it can handle --help and --version (and thus make
40	check can pass)
41
42	* lib/asn1/check-der.c: make this build again
43
442002-08-22  Assar Westerlund <assar@kth.se>
45
46	* lib/asn1/der_get.c (der_get_int): handle len == 0.  based on a
47	patch from Love <lha@stacken.kth.se>
48
492002-08-22  Johan Danielsson  <joda@pdc.kth.se>
50
51	* lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
52	KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
53
54	* kdc/kdc.8: add blurb about adding and removing addresses; update
55	kdc.conf section to match reality
56
57	* configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
58	don't define it
59
602002-08-21  Assar Westerlund  <assar@kth.se>
61
62	* lib/asn1/asn1_print.c: print OIDs too, based on a patch from
63	Love <lha@stacken.kth.se>
64
652002-08-21  Johan Danielsson  <joda@pdc.kth.se>
66
67	* kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
68	since it might not exist, and we don't actually care about the key
69
702002-08-20  Johan Danielsson  <joda@pdc.kth.se>
71
72	* lib/krb5/krb5.conf.5: correct documentation for
73	verify_ap_req_nofail
74
75	* lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
76	Mattias Amnefelt)
77
78	* kuser/klist.c (display_tokens): increase token buffer size, and
79	add more checks of the kernel data (from Love)
80
812002-08-19  Johan Danielsson  <joda@pdc.kth.se>
82
83	* fix-export: use make to parse Makefile.am instead of perl
84
85	* configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
86	groks AC_INIT with package name etc.
87
88	* kpasswd/kpasswdd.c: include <kadm5/private.h>
89
90	* lib/asn1/asn1_print.c: include com_right.h
91
92	* lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
93
94	* include/bits.c: define krb5_socklen_t type; this should really
95	go someplace else, but this was easy
96
97	* lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
98	fails, just warn about it
99
100	* kdc/log.c (kdc_openlog): no need for a config_file parameter
101
102	* kdc/config.c: just treat kdc.conf like any other config file
103
104	* lib/krb5/context.c (krb5_get_default_config_files): ignore
105	duplicate files
106
1072002-08-16  Johan Danielsson  <joda@pdc.kth.se>
108
109	* lib/krb5/krb5.h: turn strings into pointers, so we can assign to
110	them
111
112	* lib/krb5/constants.c: turn strings into pointers, so we can
113	assign to them
114
115	* lib/krb5/get_addrs.c (get_addrs_int): initialise res if
116	SCAN_INTERFACES is not set
117
118	* lib/krb5/context.c: fix various borked stuff in previous commits
119
1202002-08-16  Jacques Vidrine <n@nectar.com>
121
122	* lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
123	the `admin_server' entry for kpasswd, override the `proto' result
124	to be UDP.
125
1262002-08-15  Johan Danielsson  <joda@pdc.kth.se>
127
128	* lib/krb5/auth_context.c: check return value of
129	krb5_sockaddr2address
130
131	* lib/krb5/addr_families.c: check return value of
132	krb5_sockaddr2address
133
134	* lib/krb5/context.c: get the default keytab from KRB5_KTNAME
135
1362002-08-14  Johan Danielsson  <joda@pdc.kth.se>
137
138	* lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
139
140	* lib/krb5/context.c: allow changing config files with the
141	function krb5_set_config_files, there are also related functions
142	krb5_get_default_config_files and krb5_free_config_files; these
143	should work similar to their MIT counterparts
144
145	* lib/krb5/config_file.c: allow the use of more than one config
146	file by using the new function krb5_config_parse_file_multi
147
1482002-08-12  Johan Danielsson  <joda@pdc.kth.se>
149
150	* use sysconfdir instead of /etc
151
152	* configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
153	to appease automake; force sysconfdir and localstatedir to /etc
154	and /var/heimdal for now
155
156	* kdc/connect.c (addr_to_string): check return value of
157	sockaddr2address
158
1592002-08-09  Johan Danielsson  <joda@pdc.kth.se>
160
161	* lib/krb5/rd_cred.c: if the remote address isn't an addrport,
162	don't try comparing to one; this should make old clients work with
163	new servers
164
165	* lib/asn1/gen_decode.c: remove unused variable
166
1672002-07-31  Johan Danielsson  <joda@pdc.kth.se>
168
169	* kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
170	Brashear)
171
172	* lib/krb5/principal.c: actually lower case the lower case
173	instance name (spotted by Derrick Brashear)
174
1752002-07-24  Johan Danielsson  <joda@pdc.kth.se>
176
177	* fix-export: if DATEDVERSION is set, change the version to
178	current date
179
180	* configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
181	LTLIBOBJS
182
1832002-07-04  Johan Danielsson  <joda@pdc.kth.se>
184
185	* kdc/connect.c: add some cache-control-foo to the http responses
186	(from Gombas Gabor)
187
188	* lib/krb5/addr_families.c (krb5_print_address): don't copy size
189	if ret_len == NULL
190
1912002-06-28  Johan Danielsson  <joda@pdc.kth.se>
192
193	* kuser/klist.c (display_tokens): don't bail out before we get
194	EDOM (signaling the end of the tokens), the kernel can also return
195	ENOTCONN, meaning that the index does not exist anymore (for
196	example if the token has expired)
197
1982002-06-06  Johan Danielsson  <joda@pdc.kth.se>
199
200	* lib/krb5/changepw.c: make sure we return an error if there are
201	no changepw hosts found; from Wynn Wilkes
202
2032002-05-29  Johan Danielsson  <joda@pdc.kth.se>
204
205	* lib/krb5/cache.c (krb5_cc_register): break out of loop when the
206	same type is found; spotted by Wynn Wilkes
207
2082002-05-15  Johan Danielsson  <joda@pdc.kth.se>
209
210	* kdc/kerberos5.c: don't free encrypted padata until we're really
211	done with it
212
2132002-05-07  Johan Danielsson  <joda@pdc.kth.se>
214
215	* kdc/kerberos5.c: when decrypting pa-data, try all keys matching
216	enctype
217
218	* kuser/kinit.1: document -a
219
220	* kuser/kinit.c: add command line switch for extra addresses
221
2222002-04-30  Johan Danielsson  <joda@blubb.pdc.kth.se>
223
224	* configure.in: remove some duplicate tests
225
226	* configure.in: use AC_HELP_STRING
227
2282002-04-29  Johan Danielsson  <joda@pdc.kth.se>
229
230	* lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
231	unknown
232
2332002-04-25  Johan Danielsson  <joda@pdc.kth.se>
234
235	* configure.in: use rk_DESTDIRS
236
2372002-04-22  Johan Danielsson  <joda@pdc.kth.se>
238
239	* lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
240	the principal
241
2422002-04-19  Johan Danielsson  <joda@pdc.kth.se>
243
244	* lib/krb5/verify_init.c: fix typo in error string
245
2462002-04-18  Johan Danielsson  <joda@pdc.kth.se>
247
248	* acconfig.h: remove some stuff that is defined elsewhere
249
250	* lib/krb5/krb5_locl.h: include <sys/file.h>
251
252	* lib/krb5/acl.c: rename acl_string parameter
253
254	* lib/krb5/Makefile.am: remove __P from protos, and put parameter
255	names in comments
256
257	* kuser/klist.c: better align some headers
258
259	* kdc/kerberos4.c: storage tweaks
260
261	* kdc/kaserver.c: storage tweaks
262
263	* kdc/524.c: storage tweaks
264
265	* lib/krb5/keytab_krb4.c: storage tweaks
266
267	* lib/krb5/keytab_keyfile.c: storage tweaks
268
269	* lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
270	sized keytab files
271
272	* lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
273
274	* lib/krb5/fcache.c: storage tweaks
275
276	* lib/krb5/store_mem.c: make the krb5_storage opaque, and add
277	function wrappers for store/fetch/seek, and also make the eof-code
278	configurable
279
280	* lib/krb5/store_fd.c: make the krb5_storage opaque, and add
281	function wrappers for store/fetch/seek, and also make the eof-code
282	configurable
283
284	* lib/krb5/store_emem.c: make the krb5_storage opaque, and add
285	function wrappers for store/fetch/seek, and also make the eof-code
286	configurable
287
288	* lib/krb5/store.c: make the krb5_storage opaque, and add function
289	wrappers for store/fetch/seek, and also make the eof-code
290	configurable
291
292	* lib/krb5/store-int.h: make the krb5_storage opaque, and add
293	function wrappers for store/fetch/seek, and also make the eof-code
294	configurable
295
296	* lib/krb5/krb5.h: make the krb5_storage opaque, and add function
297	wrappers for store/fetch/seek, and also make the eof-code
298	configurable
299
300	* include/bits.c: include <sys/socket.h> to get socklen_t
301
302	* kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
303	requested KDC-REQ etypes
304
305	* kdc/hpropd.c: constify
306
307	* kdc/hprop.c: constify
308
309	* kdc/string2key.c: constify
310
311	* kdc/kdc_locl.h: make port_str const
312
313	* kdc/config.c: constify
314
315	* lib/krb5/config_file.c: constify
316
317	* kdc/kstash.c: constify
318
319	* lib/krb5/verify_user.c: remove unnecessary cast
320
321	* lib/krb5/recvauth.c: constify
322
323	* lib/krb5/principal.c (krb5_parse_name): const qualify
324
325	* lib/krb5/mcache.c (mcc_get_name): constify return type
326
327	* lib/krb5/context.c (krb5_free_context): don't try to free the
328	ccache prefix
329
330	* lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
331	prefix
332
333	* lib/krb5/krb5.h: constify some struct members
334
335	* lib/krb5/log.c: constify
336
337	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
338	qualify
339
340	* lib/krb5/get_in_tkt.c (krb5_init_etype): constify
341
342	* lib/krb5/crypto.c: constify some
343
344	* lib/krb5/config_file.c: constify
345
346	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
347	constify local variable
348
349	* lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
350
3512002-04-17  Johan Danielsson  <joda@pdc.kth.se>
352
353	* lib/krb5/verify_krb5_conf.c: add some log checking
354
355	* lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
356
3572002-04-16  Johan Danielsson  <joda@pdc.kth.se>
358
359	* lib/krb5/crypto.c (krb5_crypto_init): check that the key size
360	matches the expected length
361
3622002-03-27  Johan Danielsson  <joda@pdc.kth.se>
363
364	* lib/krb5/send_to_kdc.c: rename send parameter to send_data
365
366	* lib/krb5/mk_error.c: rename ctime parameter to client_time
367
3682002-03-22  Johan Danielsson  <joda@pdc.kth.se>
369
370	* kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
371	Reinoud Zandijk)
372
3732002-03-18  Johan Danielsson  <joda@pdc.kth.se>
374
375	* lib/asn1/k5.asn1: add the GSS-API checksum type here
376
3772002-03-11  Assar Westerlund  <assar@sics.se>
378
379	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
380	18:3:1
381	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
382	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
383
3842002-03-10  Assar Westerlund  <assar@sics.se>
385
386	* lib/krb5/rd_cred.c: handle addresses with port numbers
387
388	* lib/krb5/keytab_file.c, lib/krb5/keytab.c:
389	store the kvno % 256 as the byte and the complete 32 bit kvno after
390	the end of the current keytab entry
391
392	* lib/krb5/init_creds_pw.c:
393	handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
394
395	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
396	handle ports giving for the remote address
397
398	* lib/krb5/get_cred.c:
399	get a ticket with no addresses if no-addresses is set
400
401	* lib/krb5/crypto.c:
402	rename functions DES_* to krb5_* to avoid colliding with modern
403	openssl
404
405	* lib/krb5/addr_families.c:
406	make all functions taking 'struct sockaddr' actually take a socklen_t
407	instead of int and that acts as an in-out parameter (indicating the
408	maximum length of the sockaddr to be written)
409
410	* kdc/kerberos4.c:
411	make the kvno's in the krb4 universe by the real one % 256, since they
412	cannot only be 8 bit, and the v5 ones are actually 32 bits
413
4142002-02-15  Johan Danielsson  <joda@pdc.kth.se>
415
416	* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
417	before we need to write to it
418	(from �ke Sandgren)
419
4202002-02-14  Johan Danielsson  <joda@pdc.kth.se>
421
422	* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
423	rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
424	directly
425
426	* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
427	Kouril)
428
4292002-02-12  Johan Danielsson  <joda@pdc.kth.se>
430
431	* lib/krb5/context.c (krb5_get_err_text): protect against NULL
432	context
433
4342002-02-11  Johan Danielsson  <joda@pdc.kth.se>
435
436	* admin/ktutil.c: no need to use the "modify" keytab anymore
437
438	* lib/krb5/keytab_any.c: implement add and remove
439
440	* lib/krb5/keytab_krb4.c: implement add and remove
441
442	* lib/krb5/store_emem.c (emem_free): clear memory before freeing
443	(this should perhaps be selectable with a flag)
444
4452002-02-04  Johan Danielsson  <joda@pdc.kth.se>
446
447	* kdc/config.c (get_dbinfo): if there are database specifications
448	in the config file, don't automatically try to use the default
449	values (from Gombas Gabor)
450
451	* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
452	(from Gombas Gabor)
453
4542002-01-30  Johan Danielsson  <joda@pdc.kth.se>
455
456	* admin/list.c: get the default keytab from krb5.conf, and list
457	all parts of an ANY type keytab
458
459	* lib/krb5/context.c: default default_keytab_modify to NULL
460
461	* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
462	name is specified take it from the first component of the default
463	keytab name
464
4652002-01-29  Johan Danielsson  <joda@pdc.kth.se>
466
467	* lib/krb5/keytab.c: compare keytab types case insensitively
468
4692002-01-07  Assar Westerlund  <assar@sics.se>
470
471	* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
472	not really a krb5_key_usage).  From Ben Harris <bjh21@netbsd.org>
473	* lib/krb5/get_in_tkt.c: use krb5_enctype consistently.  From Ben
474	Harris <bjh21@netbsd.org>
475	* lib/krb5/crypto.c: use krb5_enctype consistently.  From Ben
476	Harris <bjh21@netbsd.org>
477	* kdc/kerberos5.c: use krb5_enctype consistently.  From Ben Harris
478	<bjh21@netbsd.org>
479