Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) * decode_kdc.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c, gc_frm_kdc.c * gc_via_tkt.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c * init_ctx.c, kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c * mk_req_ext.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c, * send_tgs.c, ser_ctx.c, ser_eblk.c, ser_key.c, t_ser.c: Remove krb5_enctype references, and replace with krb5_keytype where appropriate Fri Sep 1 20:03:41 1995 Theodore Y. Ts'o * get_in_tkt.c (krb5_get_in_tkt): If kdc_settime is enabled, then set the time_offset fields from the returned ticket's authtime value. * init_ctx.c (krb5_init_context): Initialize new fields in krb5_context (clockskew, kdc_req_sumtype, and kdc_default_options). * gc_via_tkt.c (krb5_get_cred_via_tkt): Perform the necessary sanity checking on the KDC response to make sure we detect tampering. * send_tgs.c (krb5_send_tgs): Set the expected nonce in the response structure. Fri Sep 1 11:16:43 EDT 1995 Paul Park (pjpark@mit.edu) * ser_ctx.c - Add handling of new time offset fields in the os_context. Tue Aug 29 14:14:26 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in, .Sanitize, ser_{actx,adata,addr,auth,cksum,ctx,eblk,key, princ}.c, serialize.c, t_ser.c - Add serialization operations for data structures required to serialize krb5_context, krb5_ auth_context, krb5_encrypt_block and krb5_principal. * auth_con.h - Add magic number. * auth_con.c - Add static routine to copy an address and use this instead of the other code. Set the magic number when initing an auth_context. Use krb5_free_address to release an address. * init_ctx.c - Free the allocated serializers when releasing context. * rd_rep.c - Copy the keyblock from the message instead of setting a pointer into it. Thu Aug 24 18:55:50 1995 Theodore Y. Ts'o * .Sanitize: Update file list. Mon Aug 7 18:54:35 1995 Theodore Y. Ts'o * in_tkt_ktb.c (keytab_keyproc): If there is an error looking up the key, make sure the keytab is closed as part of the cleanup. Fri Aug 4 22:04:08 1995 Tom Yu * conv_princ.c: Add braces to initializer to shut up gcc -Wall Fri Jul 7 16:31:06 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Find com_err in TOPLIBD. * rd_safe.c - Use checksum verifier instead of doing it manually. Thu Jul 6 17:31:40 1995 Tom Yu * rd_safe.c (krb5_rd_safe_basic): Pass context to os_localaddr. * rd_priv.c (krb5_rd_priv_basic): Pass context to os_localaddr. * rd_cred.c (krb5_rd_cred_basic): Pass context to os_localaddr. * get_in_tkt.c (krb5_get_in_tkt): Pass context to os_localaddr. Wed July 5 15:52:31 1995 James Mattly * added condition for _MACINTOSH Sun Jul 2 18:59:53 1995 Sam Hartman * recvauth.c (krb5_recvauth): recvauth should send an error reply if problem is not zero. Removed if that caused it to only send a reply on success. Fri Jun 16 22:11:21 1995 Theodore Y. Ts'o (tytso@dcl) * get_in_tkt.c (krb5_get_in_tkt): Allow the credentials cache argument to be optional; allow it to be NULL, meaning that the credentials shouldn't be stored in a credentials cache. Mon Jun 12 16:49:42 1995 Chris Provenzano (proven@mit.edu) A couple bug reports/patches from Ed Phillips (flaregun@udel.edu) * in_tkt_ktb.c (keytab_keyproc()): Fix memory leak. * recvauth.c (krb5_recvauth()): Don't open a new rcache if the auth_context already has one. * auth_con.c (krb5_auth_con_free()): Close rcache is the auth_context has one set. * auth_con.c (krb5_auth_con_getrcache()): Return pointer to the rcache set in the auth_context. Sun Jun 11 12:31:39 1995 Ezra Peisach (epeisach@kangaroo.mit.edu) * auth_con.c (krb5_auth_con_init): Zero newly allocated krb5_auth_context. (Fixed error in redefinitions). Sat Jun 10 23:05:51 1995 Tom Yu (tlyu@dragons-lair) * auth_con.c, compat_recv.c, mk_cred.c, mk_priv.c, mk_rep.c, mk_req.c, mk_req_ext.c, mk_safe.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req.c rd_req_dec.c, rd_safe.c, recvauth.c, sendauth.c: krb5_auth_context redefinitions Fri Jun 9 18:48:43 1995 * rd_req_dec.c (krb5_rd_req_decoded): Fix -Wall nits * configure.in: Remove standardized set of autoconf macros, which are now handled by CONFIG_RULES. * Makefile.in, faddr_ordr.c: Remove faddr_ordr.c; its function, krb5_fulladdr_order, isn't used anywhere. Fri Jun 9 02:42:54 1995 Tom Yu (tlyu@dragons-lair) * rd_cred.c (krb5_rd_cred_basic): fix typo (extra "context" argument passed to krb5_xfree) Thu Jun 8 22:48:27 1995 Theodore Y. Ts'o * rd_cred.c (krb5_rd_cred_basic): Fix problem where the ticket field was assigned with a krb5_data, which was then immediately freed. Thu Jun 8 16:06:44 1995 * compat_recv.c, auth_con.c, chk_trans.c, encrypt_tk.c, gc_frm_kdc.c, gc_via_tkt.c, gen_seqnum.c, gen_subkey.c, get_creds.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_skey.c, init_ctx.c, kdc_rep_dc.c, mk_cred.c, mk_error.c, mk_priv.c, mk_rep.c, mk_req.c, mk_req_ext.c, mk_cred.c, mk_safe.c, parse.c, preauth.c, rd_cred.c, rd_rep.c, rd_req.c, rd_req_dec.c, rd_safe.c, recvauth.c, sendauth.c, send_tgs.c, srv_rcache.c, walk_rtree.c: Clean up GCC -Wall flames. Wed Jun 7 15:23:21 1995 * conv_princ.c (krb5_425_conv_principal): Remove old CONFIG_FILES code. Fri May 26 10:18:28 1995 Keith Vetter (keithv@fusion.com) * makefile.in: removed for the PC creating shared directory. (still bug with the '@SHARED_RULE@' line but I'm waiting on tytso for that since I don't want to break Unix). Thu May 25 09:58:42 1995 Ezra Peisach * gc_via_tkt.c (krb5_kdcrep2creds): Fix syntax error in the freeing of the keyblock. Wed May 24 18:19:17 1995 Theodore Y. Ts'o (tytso@dcl) * Makefile.in, configure.in: Add rules for building shared library. * gc_via_tkt.c (krb5_kdcrep2creds): On an error, free the keyblock. Tue May 23 16:28:42 1995 Theodore Y. Ts'o (tytso@dcl) * gc_frm_kdc.c, preauth.c, t_kerb.c, t_walk_rtree.c, unparse.c: Rearrange #include files so that krb5.h gets included first, so that the debugging information can be more efficiently collapsed since the type numbers will be the same. Sat May 20 14:01:16 1995 Ezra Peisach * rd_safe.c (krb5_rd_safe): Increment remote_seq_number if KRB5_AUTH_CONTEXT_DO_SEQUENCE is set. Thu May 11 22:42:30 1995 Ezra Peisach * rd_cred.c (krb5_rd_cred_basic): If address don't match, return KRB5KRB_AP_ERR_BADADDR (add missing retval). Thu May 11 18:30:21 1995 Chris Provenzano (proven@mit.edu) * mk_cred.c (krb5_mk_cred()), mk_priv.c (krb5_mk_priv()), * mk_safe.c (krb5_mk_safe()), rd_cred.c (krb5_rd_cred()), * rd_priv.c (krb5_rd_prev()), rd_safe.c (krb5_rd_safe()): Pass the contents pointer returned from krb5_make_fulladdr() to free() not the address of the pointer. Tue May 9 08:34:21 1995 Ezra Peisach * Makefile.in (clean): Remove t_kerb and t_kerb.o Fri May 5 00:06:24 1995 Theodore Y. Ts'o (tytso@dcl) * conv_princ.c (krb5_425_conv_principal): Use new calling convention of krb5_get_realm_domain, which is that it returns the realm *without* the leading dot. Also use the profile code to look up individual instance conversions using [realms]//v4_instance_convert/ This allows special case handling of mit.edu and lithium.lcs.mit.edu. * t_kerb.c: New file for testing krb library functions. Currently only tests krb5_425_conv_principal. Wed May 03 03:30:51 1995 Chris Provenzano (proven@mit.edu) * recvauth.c, compat_recv.c (krb5_recvauth()): * compat_recv.c (krb5_compat_recvauth()): No longer needs the rc_type arg. Tue May 02 19:29:18 1995 Chris Provenzano (proven@mit.edu) * mk_cred.c (mk_cred()), mk_priv.c (mk_priv()), mk_safe.c (mk_safe()), * rd_cred.c (rd_cred()), rd_priv.c (rd_priv()), rd_safe.c (rd_safe()): Don't call krb5_make_fulladdrs() if a port isn't specified. Mon May 01 15:56:32 1995 Chris Provenzano (proven@mit.edu) * auth_con.c (krb5_auth_con_free()) : Free all the data associated with the auth_context. * auth_con.c (krb5_auth_con_setkey()) : Removed. * mk_rep.c (mk_rep()), The krb5_mk_rep() routine must always encode the data in the keyblock of the ticket, not the subkey. * cleanup.h, auth_con.c (krb5_auth_con_setports()) : Added. * auth_con.h, mk_cred.c (mk_cred()), mk_priv.c (mk_priv()), * mk_safe.c (mk_safe()), rd_cred.c (rd_cred()), * rd_priv.c (rd_priv()), rd_safe.c (rd_safe()) : Changes to auth_context to better support full addresses. Sat Apr 29 00:09:40 1995 Theodore Y. Ts'o * srv_rcache.c (krb5_get_server_rcache): Fix fencepost error which caused an access beyond the allocated memory of piece->data. * rd_priv.c (krb5_rd_priv_basic): Call krb5_free_priv_enc_part to free the entire privenc_msg structure. Fri Apr 28 09:54:51 EDT 1995 Paul Park (pjpark@mit.edu) Move adm_rw.c from libkrb5 to libkadm. Fri Apr 28 08:36:03 1995 Theodore Y. Ts'o * init_ctx.c (krb5_free_context): Extra semicolon meant the etypes field in the context was never being freed. Fri Apr 28 01:44:51 1995 Chris Provenzano (proven@mit.edu) * send_tgs.c (krb5_send_tgs()), gc_via_tkt.c (krb5_get_cred_via_tkt()): Removed krb5_cksumtype argument. Thu Apr 27 21:36:01 1995 Chris Provenzano (proven@mit.edu) * auth_con.c (krb5_auth_con_getaddrs() and krb5_auth_con_getflags()): Added for completeness. * mk_req_ext.c (krb5_mk_req_extended()) : Don't send the AP_OPTS_USE_SUBKEY option over the wire. Thu Apr 27 17:40:20 1995 Keith Vetter (keithv@fusion.com) * adm_rw.c, mk_cred.c, rd_cred.c: malloc on the PC must be size SIZE_T not int32. * adm_rw.c: krb5_free_adm_data second argument now a krb5_int32. Thu Apr 27 16:33:17 EDT 1995 Paul Park (pjpark@mit.edu) * mk_priv.c - Back out previous change which always put in timestamp, regardless of DO_TIME setting and instead, clear out the replaydata before calling mk_priv_basic from mk_priv. * mk_safe.c - Same replaydata fix. Thu Apr 26 15:59:51 EDT 1995 Paul Park (pjpark@mit.edu) * Add adm_rw.c - routines to read and write commands from/to the administrative (kpasswd/kadmin) server. Wed Apr 27 11:30:00 1995 Keith Vetter (keithv@fusion.com) * init_ctx.c: krb5_init_context wasn't checking return values. * mk_req.c: deleted unused local variable. Wed Apr 26 22:49:18 1995 Chris Provenzano (proven@mit.edu) * gc_via_tgt.c, and gc_2tgt.c : Removed. * Makefile.in, gc_via_tkt.c, gc_frm_kdc.c, and, int-proto.h : Replaced get_cred_via_tgt() and get_cred_via_2tgt() with more general function get_cred_via_tkt(). Tue Apr 25 21:58:23 1995 Chris Provenzano (proven@mit.edu) * Makefile.in : Added gc_via_tkt.c and removed get_fcreds.c * auth_con.c (krb5_auth_con_setaddrs()) : Fixed so it allocates space and copies addresses, not just pointer. * mk_cred.c: Completely rewritten from sources donated by asriniva. * rd_cred.c: Completely rewritten from sources donated by asriniva. * mk_priv.c (krb5_mk_priv()), mk_safe.c (krb5_mk_safe()), rd_priv.c (krb5_rd_priv()), and rd_safe (krb5_rd_safe()) : Try using a subkey before using the session key for encryption. * recvauth.c (krb5_recvauth()): Don't close the rcache on success. Mon Apr 24 23:12:21 1995 Theodore Y. Ts'o * Makefile.in, configure.in (t_walk_rtree): Add WITH_NETLIBS and $(LIBS), so that t_walk_rtree can compile under solaris. Mon Apr 24 17:09:36 1995 Ezra Peisach * parse.c (krb5_parse_name): Add magic number to new structure * get_creds.c: Fix comments describing operation * gc_frm_kdc.c: Fix comments describing operation * copy_cksum.c (krb5_copy_checksum): Fix comment in file * copy_addrs.c (krb5_append_addresses): ifdef out unused krb5_append_addresses function. (no API or prototype existed). * copy_data.c (krb5_copy_data): Initialize magic number * init_ctx.c (krb5_init_context): If an error is returned from krb5_set_default_in_tkt_etypes or krb5_os_init_context, pass to caller instead of stack garbage. Sat Apr 22 11:06:45 1995 Ezra Peisach (epeisach@kangaroo.mit.edu) * Makefile.in: t_walk_rtree needs libcrypto * t_walk_rtree.c: error in checking for argument count Thu Apr 20 16:23:23 1995 Theodore Y. Ts'o (tytso@dcl) * copy_addrs.c, copy_athctr.c, copy_auth.c, copy_cksum.c, copy_creds.c, copy_key.c, copy_princ.c, copy_tick.c, gc_2tgt.c, gc_frm_kdc.c, gc_via_tgt.c, get_creds.c, mk_req_ext.c: Unless HAVE_C_STRUCTURE_ASSIGNMENT is defined, use memcpy to copy structures around, instead of using structure assignments. (Which aren't guaranteed to work on some broken compilers.) * mk_req.c (krb5_mk_req): Use krb5_sname_to_principal() in order to create the service principal from the service and hostname pair. This allows for the host cannoncialization to work correctly. * mk_req_ext.c (krb5_mk_req_extended): Revamp checksum handling code so that no checksum is performed in in_data is NULL, and the special case handing of cksumtype == 0x8003 for the GSSAPI library is handled correctly. Wed Apr 19 13:39:34 1995 Ezra Peisach * init_ctx.c: (krb5_init_context) initialize context default realm. (krb5_free_context) free default realm. Fri Apr 14 15:05:51 1995 * sendauth.c (krb5_sendauth): initialize error return parameter * copy_princ.c (krb5_copy_principal): Fix bug where krb5_copy_principal can fail if it is asked to copy a principal with a zero-length component on a system where malloc(0) returns null. Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com) * *.[ch]: removed unneeded INTERFACE from non-api functions. Fri Mar 31 16:45:47 1995 Keith Vetter (keithv@fusion.com) * krb5_get_in_tkt: changed error return value for when clocks are out of skew to be KRB5_KDCREP_SKEW. Fri Mar 31 00:44:26 1995 Theodore Y. Ts'o (tytso@dcl) * rd_req.c (krb5_rd_req): Fix typo which caused new_keytab to not get freed, causing a memory leak. Thu Mar 30 15:49:27 1995 Keith Vetter (keithv@fusion.com) * rd_req.c: removed unused local variable. Tue Mar 28 18:34:20 1995 John Gilmore (gnu at toad.com) * rd_req_sim.c: Really remove the file. Mon Mar 27 08:34:49 1995 Chris Provenzano (proven@mit.edu) * Makefile.in: Removed rd_req_sim.c * auth_con.c: Default cksumtype is now CKSUMTYPE_RSA_MD4_DES. * auth_con.c: Added krb5_auth_con_setuseruserkey(), krb5_auth_con_getkey(), krb5_auth_con_getremotesubkey(), krb5_auth_con_getauthenticator(), krb5_auth_con_getremoteseqnumber(), krb5_auth_con_initivector(). * auth_con.c: Fixed krb5_auth_con_getlocalsubkey() to check for a valid local_subkey before calling krb5_copy_keyblock(). * auth_con.h: Fixed some comments. * mk_req_ext.c (krb5_mk_req_extended()): Always pass in a seed (the keyblock contents) to krb5_calculate_checksum() * rd_rep.c (krb5_rd_rep()): Use appropriate key to decode reply. * rd_safe.c (krb5_rd_safe()): Don't pass checksum to krb5_rd_safe_basic(), it's unnecessary. * compat_recv.c (krb5_compat_recvauth()): * mk_rep.c (krb5_mk_rep()): * rd_req.c (krb5_rd_req()): * rd_req_dec.c (krb5_rd_req_decode()): * recvauth.c (krb5_recvauth()): Added a krb5_auth_context argument and eliminated many of the other arguments because they are included in the krb5_auth_context structure. Tue Mar 21 19:22:51 1995 Keith Vetter (keithv@fusion.com) * mk_safe.c: fixed signed/unsigned mismatch. * rd_safe.c: removed unused local variable currentime. * mk_req_e.c: fixed signed/unsigned mismatch. Sat Mar 18 18:58:02 1995 John Gilmore (gnu at toad.com) * bld_pr_ext.c, bld_princ.c: Replace STDARG_PROTOTYPES with HAVE_STDARG_H for consistency. Fri Mar 17 19:48:07 1995 John Gilmore (gnu at toad.com) * Makefile.in (check-mac): Add. * compat_recv.c, get_fcreds.c, recvauth.c: Eliminate Unix socket #includes, which are now handled by k5-int.h (via k5-config.h). * conv_princ.c: Rename variable "comp" to another name; "comp" apparently bothers the MPW compiler... * rd_cred.c: Avoid (void) casts of void functions, for MPW. * t_walk_rtree.c: Put com_err.h after k5_int for stuff. (main): Declare and initialize the krb5_context that's being passed to everything. Fri Mar 10 10:58:59 1995 Chris Provenzano (proven@mit.edu) * auth_con.h auth_con.c Added for krb5_auth_con definition and support routines. * mk_req.c (krb5_mk_req()) * mk_req_ext.c (krb5_mk_req_extended()) * rd_rep.c (krb5_rd_rep()) * sendauth.c (krb5_sendauth()) * mk_priv.c (krb5_mk_priv()) * mk_safe.c (krb5_mk_safe()) * rd_priv.c (krb5_rd_priv()) * rd_safe.c (krb5_rd_safe()) Added a krb5_auth_context argument and eliminated many of the other arguments because they are included in the krb5_auth_context structure. * send_tgs.c (krb5_send_tgs()) Eliminate call to krb5_mk_req_extended(), which does far more than krb5_send_tgs() needs. Tue Mar 7 19:57:34 1995 Mark Eichin * configure.in: take out ISODE_INCLUDE. Tue Mar 7 13:20:06 1995 Keith Vetter (keithv@fusion.com) * Makefile.in: changed library name on the pc. * parse.c: disabled for the PC error messages to stderr. * chk_trans.c: fixed signed/unsigned assignment. Thu Mar 2 11:45:00 1995 Keith Vetter (keithv@fusion.com) * compat_recv.c, get_fcre.c, recvauth.c, sendauth.c: changed NEED_WINSOCK_H to NEED_SOCKETS. Wed Mar 1 20:15:00 1995 Keith Vetter (keithv@fusion.com) * compat_r.c, copy_pri.c, get_fcre.c, get_in_t.c, init_ctx.c, in_tkt_p.c in_tkt_s.c, preauth.c, princ_co.c, pr_to_sa.c, rd_req_d.c, recvauth.c sendauth.c, send_tgs.c, unparse.c: 16 vs 32 bit casts, removed some unused local variables, and pulled in winsock.h for network byte ordering. Tue Feb 28 01:14:57 1995 John Gilmore (gnu at toad.com) * *.c: Avoid includes. * parse.c: Exdent #ifndef to left margin for old compilers. Wed Feb 22 17:14:31 1995 Keith Vetter (keithv@fusion.com) * walk_rtr.c (krb5_walk_realm_tree): formal parameter wasn't declared. * send_tgs.c: const in wrong place in the prototype. * get_in_tkt.c, preauth.c, rd_cred.c, rd_priv.c, rd_req_dec.c, rd_safe.c: needed a 32 bit abs() function. * parse.c: removed call to fprintf on error the windows version * send_auth.c: defined for windows the ECONNABORTED errno (will be removed when the socket layer is fully implemented). Tue Feb 21 23:38:34 1995 Theodore Y. Ts'o (tytso@dcl) * mk_cred.c (krb5_mk_cred): Fix argument type to krb5_free_cred_enc_part(). Mon Feb 13 20:25:20 1995 Theodore Y. Ts'o (tytso@dcl) * get_in_tkt.c (krb5_get_in_tkt): Fix memory leak --- the default encryption types was not being freed. Fri Feb 10 15:45:59 1995 Theodore Y. Ts'o * rd_req.c (krb5_rd_req): Remove ISODE cruft. Thu Feb 9 17:43:04 1995 Theodore Y. Ts'o * gc_via_tgt.c (krb5_get_cred_via_tgt): Set up the keyblock's etype field correctly (after copying the keyblock, so it doesn't get overwritten!) Mon Feb 06 17:19:04 1995 Chris Provenzano (proven@mit.edu) * get_in_tkt.c (krb5_get_in_tkt()) * in_tkt_sky.c (krb5_get_in_tkt_with_skey()) * in_tkt_pwd.c (krb5_get_in_tkt_with_password()) Removed krb5_keytype, changed krb5_enctype to krb5_enctype *, changed krb5_preauthtype to krb5_preauthtype *. Changed the args to the key_proc arg of krb5_get_in_tkt() to be the following (krb5_context, const krb5_keytype, krb5_data *, krb5_const_pointer, krb5_keyblock **) * in_tkt_ktb.c (krb5_get_in_tkt_with_keytab()) Added this routine to replace krb5_get_in_tkt_with_skey() in kinit. * Makefile.in Added new source file in_tkt_ktb.c. Fri Feb 3 16:41:19 1995 Mark Eichin (eichin@cygnus.com) * get_in_tkt.c (krb5_get_in_tkt): also check for the version number of the reply being whatever we had in the first byte of the request. Fri Feb 3 08:07:55 1995 Theodore Y. Ts'o (tytso@dcl) * compat_recv.c (krb_v4_recvauth): Use explicit 32 bit types so this will work on an Alpha. Fri Feb 3 00:43:48 1995 Tom Yu (tlyu@dragons-lair) * get_in_tkt.c (krb5_get_in_tkt): fix typo Thu Feb 2 20:51:55 1995 Mark Eichin (eichin@cygnus.com) * get_in_tkt.c (krb5_get_in_tkt): if krb5_is_as_rep fails, check if the packet might be a V4 error packet. Use modified V4 check so that it compiles under SCO. Mon Jan 30 15:46:14 1995 Chris Provenzano (proven@mit.edu) * int-proto.h Update prototypes for krb5_get_cred_via_tgt(), and krb5_get_cred_via_2tgt(). * get_fcreds.c (krb5_get_for_creds()) * gc_via_tgt.c (krb5_get_cred_via_tgt()) * gc_2tgt.c (krb5_get_cred_via_2tgt()) Removed krb5_enctype argument. Pass NULL list of encryption types to krb5_send_tgs to get default encryption types. * gc_frm_kdc.c Removed krb5_enctype argument passed to krb5_get_cred_via_tgt() * send_tgs.c (krb5_send_tgs()) Changed krb5_enctype arg to krb5_enctype *, a NULL terminated array of encryption types. If argument is NULL then krb5_send_tgs() will use defaul list of encryption types. * send_tgs.c (krb5_send_tgs()) To encrypt request ticket use usecred->keyblock.etype instead of (and now defunct) krb5_enctype arg. * init_ctx.c Added krb5_set_default_in_tkt_etypes() and krb5_get_default_in_tkt_etypes(). * rd_req.c, rd_req_decode.c Removed typedef for rdreq_key_proc and use krb5_rd_req_decoded in its place. Mon Jan 30 11:26:05 1995 Chris Provenzano (proven@mit.edu) * get_fcreds.c Really needs #include for definition of krb5_is_krb_error() Sat Jan 28 14:45:55 1995 Chris Provenzano (proven@mit.edu) * in_tkt_sky.c (skey_keyproc()), rd_req_dec.c (krb5_rd_req_decoded()) use new API for krb5_kt_get_entry. Fri Jan 27 15:45:45 1995 Chris Provenzano (proven@mit.edu) * get_fcreds.c Removed #include and #include Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu) * Removed all narrow types and references to wide.h and narrow.h Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) * Added krb5_context to all krb5_routines Mon Dec 19 21:55:44 1994 Theodore Y. Ts'o (tytso@dcl) * init_ctx.c: New file. Initializes and frees the krb5_context structure. Wed Dec 7 17:52:08 1994 * rd_req_dec.c (decrypt_authenticator): If the subkey doesn't exist, don't try to set the subkey's etype. Wed Nov 30 17:10:39 1994 Theodore Y. Ts'o (tytso@dcl) * bld_princ.c (krb5_build_principal_va): Set the principal's type and magic number. * Makefile.in: Build new test driver (t_walk_rtree) for krb5_walk_realm_tree. * walk_realm_tree.c (krb5_walk_realm_tree): Fix bug which occured when the client or the server is a subdomain of the other; walk_realm_tree would return the wrong answer, and suffer from memory access errors. * unparse.c (krb5_unparse_name_ext): Quote the '/' and '@' characters properly. * configure.in: Add appropriate help text for the --with-krb4 option. Remove ISODE_DEFS call, since ISODE_INCLUDES now defines ISODE automatically. Mon Nov 21 15:30:07 1994 Theodore Y. Ts'o (tytso@dcl) * mk_req_ext.c (krb5_mk_req_extended): Sanitize how memory is freed in both error and normal cases, to remove memory leaks. * mk_req_ext.c (krb5_mk_req_extended): Use the encryption type specified by the ticket to generate the authenticator. * encode_kdc.c (krb5_encode_kdc_rep): Now requires that the caller pass in the encryption block to be used for encrpyting the ticket. That way, this routine doesn't need to create its own encryption block. * encrypt_tk.c (krb5_encrypt_tkt_part): Now requires that the caller pass in the encryption block to be used for encrpyting the ticket. That way, this routine doesn't need to create its own encryption block. Fri Nov 18 17:30:44 1994 Theodore Y. Ts'o (tytso@dcl) * mk_req_ext.c (krb5_mk_req_extended): Encrypt the authenticator using the same encryption system used to encrypt the ticket. Thu Nov 17 01:56:05 1994 Theodore Y. Ts'o (tytso@dcl) * gc_via_tgt.c (krb5_get_cred_via_tgt): * gc_2tgt.c (krb5_get_cred_via_2tgt): Set the encryption type of the session keyblock to be the type used to encrypt the ticket. Fri Nov 11 01:20:22 1994 Theodore Y. Ts'o (tytso@dcl) * get_in_tkt.c (krb5_get_in_tkt): Set the encryption type of the session keyblock to be the type used to encrypt the ticket. Thu Nov 10 23:56:43 1994 Theodore Y. Ts'o (tytso@dcl) * rd_rep.c (krb5_rd_rep): Set the encryption type in the subkey keyblock to be the encryption type used to encrypt the rd_rep message. * decrypt_tk.c (krb5_decrypt_tkt_part): Set the encryption type in the session keyblock to be the encryption type used to encrypt the ticket. * rd_req_dec.c (decrypt_authenticator): Set the encryption type in the subkey keyblock to be the encryption type used to encrypt the authenticator. Tue Nov 8 17:09:48 1994 Theodore Y. Ts'o (tytso@dcl) * in_tkt_pwd.c (pwd_keyproc): Use the documented interface for calling krb5_string_to_key(). Tue Oct 25 23:34:57 1994 Theodore Y. Ts'o (tytso@dcl) * srv_rcache.c (krb5_get_server_rcache): Added missing continue so that we don't copy both the unprintable character as well as the quoted version of it. Mon Oct 24 15:50:19 1994 Theodore Y. Ts'o (tytso@dcl) * configure.in: If KRB4 is defined, define KRB5_KRB4_COMPAT for compat_recv.c. Thu Oct 13 17:26:28 1994 Theodore Y. Ts'o (tytso@maytag) * configure.in: Add ISODE_DEFS Tue Oct 4 16:29:19 1994 Theodore Y. Ts'o (tytso@dcl) * in_tkt_sky.c (skey_keyproc): * in_tkt_pwd.c (pwd_keyproc): Add widen.h and narrow.h includes around pwd_keyproc, so that the keyproc input arguments are appropriately widened. Fri Sep 30 21:58:15 1994 Theodore Y. Ts'o (tytso@dcl) * preauth.c (preauth_systems): Add placeholder for magic number Thu Sep 29 15:31:10 1994 Theodore Y. Ts'o (tytso@dcl) * srv_rcache.c (krb5_get_server_rcache): cachename was not being properly null-terminated. * get_in_tkt.c (krb5_get_in_tkt): Return KRB5_IN_TKT_REALM_MISATCH if the client and server realms don't match. Return KRB5_KDCREP_SKEW if the KDC reply has an unacceptible clock skew (instead of KDCREP_MODIFIED.) * gc_via_tgt.c (krb5_get_cred_via_tgt): Use a distinct error code for KDC skew separate from the standard KDCREP_MODIFIED * princ_comp.c (krb5_realm_compare): Added new function from OpenVision. Wed Sep 21 17:57:35 1994 Theodore Y. Ts'o (tytso@dcl) * rd_req_dec.c (krb5_rd_req_decoded): Added Changes from Cybersafe to do transited realm path checking. * chk_trans.c: Added donated module from CyberSafe. It checks to see if a transited path is a legal one between two realms. Thu Sep 15 11:08:39 1994 Theodore Y. Ts'o (tytso@dcl) * rd_req_sim.c (krb5_rd_req_simple): Use krb5_rd_req instead of krb5_rd_req_decoded, to eliminate some code duplication. Sat Aug 20 01:43:43 1994 Theodore Y. Ts'o (tytso at tsx-11) * mk_req_ext.c (krb5_generate_authenticator): Fix pointer aliasing problem between newkey and authent->subkey. Wed Aug 17 17:58:22 1994 Theodore Y. Ts'o (tytso at tsx-11) * encode_kdc.c (krb5_encode_kdc_rep): Pass in to encode_krb5_enc_kdc_rep_part the msg_type which should be used. Old versions of Kerberos always assume TGS_REP; this merely allows the right msg_type to be passed down to the encoding routines. For now, the encoding routines will ignore this value and do things the old way, for compatibility's sake. Mon Aug 8 22:38:16 1994 Theodore Y. Ts'o (tytso at tsx-11) * preauth.c: Renamed preauthentication mechanism names to match what bcn and I agreed upon. Tue Jun 28 19:35:07 1994 Tom Yu (tlyu at dragons-lair) * decode_kdc.c: folding in Harry's changes * rd_req.c: ditto * rd_req_sim.c: ditto * configure.in: adding ISODE_DEFS