xref: /freebsd/crypto/heimdal/ChangeLog (revision bbd80c285ead4d04e4b8b9e950164352819694ba) 
12003-05-08  Johan Danielsson  <joda@ratatosk.pdc.kth.se>
2
3	* Release 0.6
4
52003-05-08  Love H�rnquist �strand  <lha@it.su.se>
6
7	* kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
8	support
9
10	* kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
11	v4 support
12
13	* kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
14	support
15
162003-05-06  Johan Danielsson  <joda@pdc.kth.se>
17
18	* lib/krb5/name-45-test.c: need to use empty krb5.conf for some
19	tests
20
21	* lib/asn1/check-gen.c: there is no \e escape sequence; replace
22	everything with hex-codes, and cast to unsigned char* to make some
23	compilers happy
24
252003-05-06  Love H�rnquist �strand  <lha@it.su.se>
26
27	* lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
28	argument to krb5_us_timeofday have correct type
29
302003-05-05  Assar Westerlund  <assar@kth.se>
31
32	* include/make_crypto.c (main): include aes.h if ENABLE_AES
33
342003-05-05  Love H�rnquist �strand  <lha@it.su.se>
35
36	* NEWS: 1.108->1.110: fix text about gssapi compat
37
382003-04-28  Love H�rnquist �strand  <lha@it.su.se>
39
40	* kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
41	from openbsd
42
432003-04-24  Love H�rnquist �strand  <lha@it.su.se>
44
45	* doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
46	<jmc@prioris.mini.pw.edu.pl>
47
482003-04-22  Love H�rnquist �strand  <lha@it.su.se>
49
50	* lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
51	via openbsd
52
532003-04-17  Love H�rnquist �strand  <lha@it.su.se>
54
55	* lib/asn1/der_copy.c (copy_general_string): use strdup
56	* lib/asn1/der_put.c: remove sprintf
57	* lib/asn1/gen.c: remove strcpy/sprintf
58
59	* lib/krb5/name-45-test.c: use a more unique name then ratatosk so
60	that other (me) have such hosts in the local domain and the tests
61	fails, to take hokkigai.pdc.kth.se instead
62
63	* lib/krb5/test_alname.c: add --version and --help
64
652003-04-16  Love H�rnquist �strand  <lha@it.su.se>
66
67	* lib/krb5/krb5_warn.3: add krb5_get_err_text
68
69	* lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
70	* lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
71	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
72	strlcpy, from openbsd
73	* kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
74	* appl/kf/kfd.c: use strlcpy, from openbsd
75
762003-04-16  Johan Danielsson  <joda@pdc.kth.se>
77
78	* configure.in: fix for large file support in AIX, _LARGE_FILES
79	needs to be defined on the command line, since lex likes to
80	include stdio.h before we get to config.h
81
822003-04-16  Love H�rnquist �strand  <lha@it.su.se>
83
84	* lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
85	from Thomas Klausner <wiz@netbsd.org>
86
87	* lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
88	<wiz@netbsd.org>
89
902003-04-15  Love H�rnquist �strand  <lha@it.su.se>
91
92	* kdc/kerberos5.c: fix some more memory leaks
93
942003-04-11  Love H�rnquist �strand  <lha@it.su.se>
95
96	* appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
97
982003-04-08  Love H�rnquist �strand  <lha@it.su.se>
99
100	* admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
101
1022003-04-06  Love H�rnquist �strand  <lha@it.su.se>
103
104	* lib/krb5/krb5.3: s/kerberos/Kerberos/
105	* lib/krb5/krb5_data.3: s/kerberos/Kerberos/
106	* lib/krb5/krb5_address.3: s/kerberos/Kerberos/
107	* lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
108	* lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
109	* kuser/kinit.1: s/kerberos/Kerberos/
110	* kdc/kdc.8: s/kerberos/Kerberos/
111
1122003-04-01  Love H�rnquist �strand  <lha@it.su.se>
113
114	* lib/krb5/test_alname.c: more krb5_aname_to_localname tests
115
116	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
117	converting too root, make sure user is ok according to
118	krb5_kuserok before allowing it.
119
120	* lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
121
122	* lib/krb5/test_alname.c: add test for krb5_aname_to_localname
123
124	* lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
125	instead of the "illegal" salt #~, same change as kth-krb did
126	1999. Problems occur with crypt() that behaves like AT&T crypt
127	(openssl does this). Pointed out by Marcus Watts.
128
129	* admin/change.c (kt_change): collect all principals we are going
130	to change, and pick the highest kvno and use that to guess what
131	kvno the resulting kvno is going to be. Now two ktutil change in a
132	row works. XXX fix the protocol to pass the kvno back.
133
1342003-03-31  Love H�rnquist �strand  <lha@it.su.se>
135
136	* appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
137
1382003-03-30  Love H�rnquist �strand  <lha@it.su.se>
139
140	* doc/setup.texi: add description on how to turn on v4, 524 and
141	kaserver support
142
1432003-03-29  Love H�rnquist �strand  <lha@it.su.se>
144
145	* lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
146	and afs-use-524
147
1482003-03-28  Love H�rnquist �strand  <lha@it.su.se>
149
150	* kdc/kerberos5.c (as_rep): when the second enctype_to_string
151	failes, remember to free memory from the first enctype_to_string
152
153	* lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
154	from Harald Joerg <harald.joerg@fujitsu-siemens.com>
155	(enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
156
157	* lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
158	length when key is longer then expected length, its probably
159	longer since the encrypted data was padded, reported by Aidan
160	Cully <aidan@kublai.com>
161
162	* lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
163	encyption type, inspired by Aidan Cully <aidan@kublai.com>
164
1652003-03-27  Love H�rnquist �strand  <lha@it.su.se>
166
167	* lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
168	(wildcard kvno) after principal when the keytab entry isn't found,
169	reported by Chris Chiappa <chris@chiappa.net>
170
1712003-03-26  Love H�rnquist �strand  <lha@it.su.se>
172
173	* doc/misc.texi: update 2b example to match reality (from
174	mattiasa@e.kth.se)
175
176	* doc/misc.texi: spelling and add `Configuring AFS clients'
177	subsection
178
1792003-03-25  Love H�rnquist �strand  <lha@it.su.se>
180
181	* lib/krb5/krb5.3: add krb5_free_data_contents.3
182
183	* lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
184	API
185
186	* lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
187	with MIT API
188
189	* lib/krb5/krb5_verify_user.3: write more about how the ccache
190	argument should be inited when used
191
1922003-03-25  Johan Danielsson  <joda@pdc.kth.se>
193
194	* lib/krb5/addr_families.c (krb5_print_address): make sure
195	print_addr is defined for the given address type; make addrports
196	printable
197
198	* kdc/string2key.c: print the used enctype for kerberos 5 keys
199
2002003-03-25  Love H�rnquist �strand  <lha@it.su.se>
201
202	* lib/krb5/aes-test.c: add another arcfour test
203
2042003-03-22  Love H�rnquist �strand  <lha@it.su.se>
205
206	* lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
207
2082003-03-20  Love H�rnquist �strand  <lha@it.su.se>
209
210	* lib/krb5/krb5_ccache.3: update .Dd
211
212	* lib/krb5/krb5.3: sort in krb5_data functions
213
214	* lib/krb5/Makefile.am (man_MANS): += krb5_data.3
215
216	* lib/krb5/krb5_data.3: document krb5_data
217
218	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
219	prompter is NULL, don't try to ask for a password to
220	change. reported by Iain Moffat @ ufl.edu via Howard Chu
221	<hyc@highlandsun.com>
222
2232003-03-19  Love H�rnquist �strand  <lha@it.su.se>
224
225	* lib/krb5/krb5_keytab.3: spelling, from
226	<jmc@prioris.mini.pw.edu.pl>
227
228	* lib/krb5/krb5.conf.5: . means new line
229
230	* lib/krb5/krb5.conf.5: spelling, from
231	<jmc@prioris.mini.pw.edu.pl>
232
233	* lib/krb5/krb5_auth_context.3: spelling, from
234	<jmc@prioris.mini.pw.edu.pl>
235
2362003-03-18  Love H�rnquist �strand  <lha@it.su.se>
237
238	* kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
239
240	* lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
241
242	* lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
243
244	* kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
245	#ifdef KRB4 from enable_v4_cross_realm since 524 needs it
246
247	* kdc/config.c: 524 is independent of kerberos 4, so move out
248	enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
249
2502003-03-17  Assar Westerlund  <assar@kth.se>
251
252	* kdc/kdc.8: document --kerberos4-cross-realm
253	* kdc/kerberos4.c: pay attention to enable_v4_cross_realm
254	* kdc/kdc_locl.h (enable_v4_cross_realm): add
255	* kdc/524.c (encode_524_response): check the enable_v4_cross_realm
256	flag before giving out v4 tickets for foreign v5 principals
257	* kdc/config.c: add --enable-kerberos4-cross-realm option (default
258	to off)
259
2602003-03-17  Love H�rnquist �strand  <lha@it.su.se>
261
262	* lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
263
264	* lib/krb5/krb5_aname_to_localname.3: manpage for
265	krb5_aname_to_localname
266
267	* lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
268
2692003-03-16  Love H�rnquist �strand  <lha@it.su.se>
270
271	* lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
272
273	* lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
274
275	* lib/krb5/krb5_set_default_realm.3: Manpage for
276	krb5_free_host_realm, krb5_get_default_realm,
277	krb5_get_default_realms, krb5_get_host_realm, and
278	krb5_set_default_realm.
279
280	* admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
281	<sobrado@acm.org> via NetBSD
282
283	* lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
284
285	* lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
286
287	* lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
288
289	* lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
290	types, add krb5_fcc_ops and krb5_mcc_ops
291
292	* lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
293	a id
294
2952003-03-15  Love H�rnquist �strand  <lha@it.su.se>
296
297	* doc/intro.texi: add reference to source code, binaries and the
298	manual
299
300	* lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
301
3022003-03-14  Love H�rnquist �strand  <lha@it.su.se>
303
304	* kdc/kdc.8: better/difrent english
305
306	* kdc/kdc.8: . -> .\n, copyright/license
307
308	* kdc/kdc.8: changed configuration file -> restart kdc
309
310	* kdc/kerberos4.c: add krb4 into the most error messages written
311	to the logfile
312
313	* lib/krb5/krb5_ccache.3: add missing name of argument
314	(krb5_context) to most functions
315
3162003-03-13  Love H�rnquist �strand  <lha@it.su.se>
317
318	* lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
319	function and return FALSE when there isn't a local account for
320	`luser'.
321
322	* lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
323	describing the function
324
3252003-03-12  Love H�rnquist �strand  <lha@it.su.se>
326
327	* lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
328	returned memory, don't return ENOMEM
329
3302003-03-11  Love H�rnquist �strand  <lha@it.su.se>
331
332	* lib/krb5/krb5.3: add krb5_address stuff and sort
333
334	* lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
335
336	* lib/krb5/Makefile.am (man_MANS): += krb5_address.3
337
338	* lib/krb5/krb5_address.3: document types krb5_address and
339	krb5_addresses and their helper functions
340
3412003-03-10  Love H�rnquist �strand  <lha@it.su.se>
342
343	* lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
344
345	* lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
346
347	* lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
348
349	* lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
350
351	* lib/krb5/krb5.3: add more functions
352
353	* lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
354	functions
355
356	* lib/krb5/krb5_kuserok.3: document krb5_kuserok
357
358	* lib/krb5/krb5_verify_user.3: document
359	krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
360
361	* lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
362	krb5_verify_user_opt
363
364	* lib/krb5/*.[0-9]: add copyright/licenses on more manpages
365
366	* kuser/kdestroy.c (main): handle that krb5_cc_default_name can
367	return NULL
368
369	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
370	(TESTS): add test_cc
371
372	* lib/krb5/test_cc.c: test some
373	krb5_cc_default_name/krb5_cc_set_default_name combinations
374
375	* lib/krb5/context.c (init_context_from_config_file): set
376	default_cc_name to NULL
377	(krb5_free_context): free default_cc_name if set
378
379	* lib/krb5/cache.c (krb5_cc_set_default_name): new function
380	(krb5_cc_default_name): use krb5_cc_set_default_name
381
382	* lib/krb5/krb5.h (krb5_context_data): add default_cc_name
383
3842003-02-25  Love H�rnquist �strand  <lha@it.su.se>
385
386	* appl/kf/kf.1: s/securly/securely/ from NetBSD
387
3882003-02-18  Love H�rnquist �strand  <lha@it.su.se>
389
390	* kdc/connect.c: s/intialize/initialize, from
391	<jmc@prioris.mini.pw.edu.pl>
392
3932003-02-17  Love H�rnquist �strand  <lha@it.su.se>
394
395	* configure.in: add AM_MAINTAINER_MODE
396
3972003-02-16  Love H�rnquist �strand  <lha@it.su.se>
398
399	* **/*.[0-9]: add copyright/licenses on all manpages
400
4012003-14-16  Jacques Vidrine  <nectar@kth.se>
402
403	* lib/krb5/get_in_tkt.c (init_as_req): Send only a single
404	PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
405	type specified by the KDC.
406
4072003-02-15  Love H�rnquist �strand  <lha@it.su.se>
408
409	* fix-export: some autoconf put their version number in
410	autom4te.cache, so remove autom4te*.cache
411
412	* fix-export: make sure $1 is a directory
413
4142003-02-04  Love H�rnquist �strand  <lha@it.su.se>
415
416	* kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
417
418	* kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
419
4202003-01-31  Love H�rnquist �strand  <lha@it.su.se>
421
422	* kdc/hpropd.8: s/databases/a database/ s/Not/not/
423
424	* kdc/hprop.8: add missing .
425
4262003-01-30  Love H�rnquist �strand  <lha@it.su.se>
427
428	* lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
429	address, write out encryption type in sentences, s/Host/host
430
4312003-01-26  Love H�rnquist �strand  <lha@it.su.se>
432
433	* lib/asn1/check-gen.c: add checks for Authenticator too
434
4352003-01-25  Love H�rnquist �strand  <lha@it.su.se>
436
437	* doc/setup.texi: in the hprop example, use hprop and the first
438	component, not host
439
440	* lib/krb5/get_addrs.c (find_all_addresses): address-less
441	point-to-point might not have an address, just ignore
442	those. Reported by Harald Barth.
443
4442003-01-23  Love H�rnquist �strand  <lha@it.su.se>
445
446	* lib/krb5/verify_krb5_conf.c (check_section): when key isn't
447	found, don't print out all known keys
448
449	* lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
450	and facility start resp
451	(check_log): find_value() returns -1 when key isn't found
452
453	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
454	'const void *' to avoid AES_KEY being exposed in krb5-private.h
455
456	* lib/krb5/krb5.conf.5: add [kdc]use_2b
457
458	* kdc/524.c (encode_524_response): its 2b not b2
459
460	* doc/misc.texi: quote @ where missing
461
462	* lib/asn1/Makefile.am: add check-gen
463
464	* lib/asn1/check-gen.c: add Principal check
465
466	* lib/asn1/check-common.h: move generic asn1/der functions from
467	check-der.c to here
468
469	* lib/asn1/check-common.c: move generic asn1/der functions from
470	check-der.c to here
471
472	* lib/asn1/check-der.c: move out the generic asn1/der functions to
473	a common file
474
4752003-01-22  Love H�rnquist �strand  <lha@it.su.se>
476
477	* doc/misc.texi: more text about afs, how to get get your KeyFile,
478	and how to start use 2b tokens
479
480	* lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
481	<jmc@cvs.openbsd.org>
482
4832003-01-21  Jacques Vidrine  <nectar@kth.se>
484
485	* kuser/kuser_locl.h: include crypto-headers.h for
486	des_read_pw_string prototype
487
4882003-01-16  Love H�rnquist �strand  <lha@it.su.se>
489
490	* admin/ktutil.8: document -v, --verbose
491
492	* admin/get.c (kt_get): make getarg usage consistent with other
493	other parts of ktutil
494
495	* admin/copy.c (kt_copy): remove adding verbose_flag to args
496	struct, since it will overrun the args array (from Sumit Bose)
497
4982003-01-15  Love H�rnquist �strand  <lha@it.su.se>
499
500	* lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
501	... }
502
503	* lib/krb5/aes-test.c: test vectors in aes-draft
504
505	* lib/krb5/Makefile.am: add aes-test.c
506
507	* lib/krb5/crypto.c: Add support for AES
508	(draft-raeburn-krb-rijndael-krb-02), not enabled by default.
509	(HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
510	to support checksumtype that are have a shorter wireformat then
511	their output block size.
512
513	* lib/krb5/crypto.c (struct encryption_type): split the blocksize
514	into blocksize and padsize, padsize is the minimum padding
515	size. they are the same for now
516	(enctype_*): add padsize
517	(encrypt_internal): use padsize
518	(encrypt_internal_derived): use padsize
519	(wrapped_length): use padsize
520	(wrapped_length_dervied): use padsize
521
522	* lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
523	function for each enctype in preparation enctypes that uses
524	`Encryption and Checksum Specifications for Kerberos 5' draft
525
526	* lib/asn1/k5.asn1: add checksum and enctype for AES from
527	draft-raeburn-krb-rijndael-krb-02.txt
528
529	* lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
530	KEYTYPE_AES256
531
5322003-01-14  Love H�rnquist �strand  <lha@it.su.se>
533
534	* lib/hdb/common.c (_hdb_fetch): handle error code from
535	hdb_value2entry
536
537	* kdc/Makefile.am: always include kerberos4.c and 524.c in
538	kdc_SOURCES to support 524
539
540	* kdc/524.c: always compile in support for 524
541
542	* kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
543
544	* kdc/config.c: always compile in support for 524
545
546	* kdc/connect.c: always compile in support for 524
547
548	* kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
549	even when we build without kerberos 4, 524 needs them
550
551	* lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
552	Kerberos 4 help functions/structures so other parts of the source
553	tree can use it (like the KDC)
554
555