diff options
Diffstat (limited to 'src/lib/krb5/krb/ChangeLog')
| -rw-r--r-- | src/lib/krb5/krb/ChangeLog | 3633 |
1 files changed, 0 insertions, 3633 deletions
diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog deleted file mode 100644 index f0794dbf5..000000000 --- a/src/lib/krb5/krb/ChangeLog +++ /dev/null @@ -1,3633 +0,0 @@ -2006-04-02 Ken Raeburn <raeburn@mit.edu> - - * t_kerb.c: Include autoconf.h. - - * Makefile.in (DEFS): Make empty. - -2006-03-26 Ken Raeburn <raeburn@mit.edu> - - * kerrs.c: New file. - * Makefile.in (SRCS, OBJS, STLIBOBJS): Add it. - - * gc_via_tkt.c (krb5_get_cred_via_tkt): If the KDC returns - KRB_ERR_GENERIC, store the e-text field as the error message. - -2006-03-13 Ken Raeburn <raeburn@mit.edu> - - * Makefile.in (check-unix): Use RUN_SETUP for t_deltat. - -2006-01-17 Ken Raeburn <raeburn@mit.edu> - - * Makefile.in (t_deltat): Include support library. - -2005-12-30 Tom Yu <tlyu@mit.edu> - - * gc_frm_kdc.c: Rewrite to modularize significantly. (~400-line - functions do not deserve to live.) The outer loop no longer - explicitly attempts the direct path to the target; that attempt - has been folded into the inner loop. Remove some redundant - credential lookups present in the old code. Treat unexpected - realm referrals as soft errors, in case some intermediate KDC - disagrees with client regarding a transit path. - -2005-12-28 Tom Yu <tlyu@mit.edu> - - * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Cause free_tgt and - free_otgt to track the states of tgt and otgt correctly, to avoid - a double-free condition which previously happened when this - function returned to krb5_get_credentials(), which proceeded to - free a previously freed TGT in the returned TGT list. - -2005-10-19 Ken Raeburn <raeburn@mit.edu> - - * Makefile.in (t_ser): Add dl library and thread link options, - since kdb5 library is linked in and needs them. - -2005-09-22 Tom Yu <tlyu@mit.edu> - - * mk_req_ext.c (krb5int_generate_and_save_subkey): Check for and - free pre-existing subkeys before clobbering the pointers. This - fixes some memory leaks. - -2005-08-23 Ezra Peisach <epeisach@mit.edu> - - * t_ser.c (ser_kcontext_test): Remove statement declaring an - unused variable using a non-portable gcc extension. - -2005-08-15 Tom Yu <tlyu@mit.edu> - - * get_in_tkt.c (krb5_get_init_creds): Free tempstr on non-error - returns from krb5_string_to_deltat() to avoid memory leak. - -2005-07-12 Tom Yu <tlyu@mit.edu> - - * recvauth.c (recvauth_common): Avoid double-free on invalid - version string. Thanks to Magnus Hagander. Fix for - MITKRB5-SA-2005-003 [CAN-2005-1689, VU#623332]. - - * unparse.c (krb5_unparse_name_ext): Account for zero-component - principal, to avoid single-byte overflow. Thanks to Daniel - Wachdorf. Part of fix for MITKRB5-SA-2005-002 [CAN-2005-1175, - VU#885830]. - -2005-06-29 Ken Raeburn <raeburn@mit.edu> - - * t_ser.c (ser_data): Don't initialize db serialization code that - doesn't exist any more. - (ser_kcontext_test): Don't create and destroy databases. - -2005-05-19 Sam Hartman <hartmans@mit.edu> - - * kfree.c (krb5_free_keyblock_contents krb5_free_keyblock): Make - stubs into libk5crypto so that libk5crypto can call these. - * init_keyblock.c (krb5_init_keyblock): As above. - -2005-04024 Jeffrey Altman <jaltman@mit.edu> - - * get_creds.c: - the purpose of the krb5_get_credentials call is to - obtain a set of credentials for the caller. the - krb5_cc_store_cred() call is to optimize performance - for future calls. Ignore any errors, since the credentials - are still valid even if we fail to store them in the cache. - - -2005-04-13 Ken Raeburn <raeburn@mit.edu> - - * Makefile.in (BISONFLAGS): Drop -v. - ($(srcdir)/deltat.c): Change to source directory before - rebuilding, so path to source tree doesn't get inserted. - - * fwd_tgt.c (NEED_SOCKETS): Don't define. - * recvauth.c (NEED_SOCKETS): Don't define. - * sendauth.c (NEED_SOCKETS): Don't define. - -2005-03-22 Tom Yu <tlyu@mit.edu> - - * x-deltat.y (wsnum): Add missing semicolon following YYERROR, - which was preventing bison-1.75 from producing compilable C - output. - - * gic_keytab.c (krb5_get_init_creds_keytab): When calling - krb5_get_init_creds() for the second time (with use_master=1), - also accept KRB5_REALM_UNKNOWN as a soft error, and use the result - from the first call to krb5_get_init_creds(). This can happen - when no master KDC is configured. - -2005-03-14 Jeffrey Altman <jaltman@mit.edu> - - * Makefile.in: fix maintainer mode since it is not supported on - Windows. - -2005-03-03 Ken Raeburn <raeburn@mit.edu> - - * x-deltat.y (tok_WS): Renamed terminal from "WS", which conflicts - with HP-UX 10 header files. Updated all productions. - (mylex): Updated. - * Makefile.in ($(srcdir)/deltat.c): Enable dependencies in - maintainer mode. - * deltat.c: Updated. - -2005-02-16 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (init_common): Delete redundant library - initialization call that was run only on UNIX. Test assertion - that krb5_ui_8 really did get a proper 64-bit type. - -2005-02-09 Tom Yu <tlyu@mit.edu> - - * gic_pwd.c (krb5_get_init_creds_password): Fix so empty password - string causes prompting and doesn't cause truncation of password - to zero characters. - -2005-01-28 Ezra Peisach <epeisach@mit.edu> - - * t_walk_rtree.c (main): Free context at end to allow searching - for memory leaks. - -2005-01-17 Jeffrey Altman <jaltman@mit.edu> - * unparse.c: krb5_unparse_name, krb5_unparse_name_ext() - prevent null pointer dereferencing if either 'name' or 'size' - are NULL. - -2005-01-17 Ezra Peisach <epeisach@mit.edu> - - * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): More memory leaks - fixed as introduced in ticket #2541. Do not rely on knowledge that - upon failure from krb5_cc_retrieve_cred, returned credential data - is untouched. - -2005-01-17 Ezra Peisach <epeisach@mit.edu> - - * preauth2.c (krb5_do_preauth): Upon error in decoding - krb5_type_info{,2}, on failure, do not call krb5_free_type_info - with a null pointer. - -2005-01-15 Jeffrey Altman <jaltman@mit.edu> - - * cp_key_cnt.c, copy_princ.c: - prevent krb5_copy_principal() and krb5_copy_keyblock() from - calling malloc(0). On platforms in which malloc(0) returns - NULL, these functions will return an ENOMEM error the way - they were written. - -2005-01-11 Ken Raeburn <raeburn@mit.edu> - - * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Free credentials - retrieved from ccache before returning. Based on patch from - fumihiko kakuma <kakuma@valinux.co.jp>. - -2005-01-03 Ken Raeburn <raeburn@mit.edu> - - * parse.c (krb5_parse_name): Don't cache the default realm name. - -2004-10-26 Tom Yu <tlyu@mit.edu> - - * mk_req_ext.c (krb5_mk_req_extended): Free keyblock before - copying new one in. - -2004-10-14 Tom Yu <tlyu@mit.edu> - - * t_deltat.c (main): Unadorned integer no longer fails now that we - default to seconds. - -2004-10-13 Alexandra Ellwood <lxs@mit.edu> - - * deltat.c, x-deltat.y: Default to seconds if no unit is provided. - -2004-09-24 Tom Yu <tlyu@mit.edu> - - * Makefile.in (LOCALINCLUDES): Include SRCTOP to get patchlevel.h. - - * brand.c: Use patchlevel.h as master version stamp file. - -2004-09-21 Tom Yu <tlyu@mit.edu> - - * rd_cred.c (decrypt_credencdata): Clear and free ppart to avoid - leak, reported by Derrick Schommer. - -2004-08-31 Tom Yu <tlyu@mit.edu> - - * rd_rep.c: - * send_tgs.c: Fix double-free vulnerabilities. - -2004-08-27 Ken Raeburn <raeburn@mit.edu> - - * conv_princ.c (krb5_425_conv_principal): Terminate argument list - to krb5_build_principal with NULL, not 0. Patch from Nalin - Dahyabhai. - -2004-08-12 Alexandra Ellwood <lxs@mit.edu> - - * get_in_tkt.c (get_init_creds): - Support ticket_lifetime libdefault. - Made aware of 32 bit min and max for times. - Allow renew_until time < expiration time. - -2004-08-03 Ken Raeburn <raeburn@mit.edu> - - * srv_rcache.c (krb5_get_server_rcache): Call - krb5_rc_recover_or_initialize. - -2004-06-22 Ken Raeburn <raeburn@mit.edu> - - * parse.c (krb5_parse_name): Don't test macintosh. - -2004-06-04 Ken Raeburn <raeburn@mit.edu> - - * str_conv.c (krb5_string_to_timestamp): Use localtime_r if - available. - (krb5_timestamp_to_string, krb5_timestamp_to_sfstring): Likewise. - - * parse.c (krb5_parse_name): Use assert and abort, not exit. - - * srv_rcache.c (krb5_get_server_rcache): Don't forget to actually - include the cache type in the cache name, after looking it up. - -2004-06-02 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (init_common): Don't call krb5_init_ets. - (krb5_free_context): Don't call krb5_free_ets. - - * srv_rcache.c (krb5_get_server_rcache): Use krb5_rc_resolve_full - instead of constructing an rcache object locally. - -2004-05-25 Ezra Peisach <epeisach@mit.edu> - - * conv_creds.c (krb5int_encode_v4tkt): Unsigned vs signed warning fix. - -2004-05-24 Ezra Peisach <epeisach@mit.edu> - - * t_ser.c (ser_keytab_test): Cleanup memory leak of forgetting to - close keytab. - - * chpw.c: Add parenthesis around assignments in conditionals. - -2004-05-12 Jeffrey Altman <jaltman@mit.edu> - - * send_tgs.c: krb5_send_tgs() was broken in the case of a KRB_ERROR - message. The krb5_response message_type field was never set - resulting in stack garbage being used instead. This would - break code which used transitive cross-realm to obtain service - tickets. - -2004-04-24 Ken Raeburn <raeburn@mit.edu> - - * conv_creds.c (krb524_init_ets, krb524_convert_creds_kdc): Add - forward declarations to silence gcc warnings. - - * init_ctx.c (init_common): In UNIX case, check the return value - from krb5int_initialize_library. - -2004-04-16 Sam Hartman <hartmans@mit.edu> - - * gic_pwd.c (krb5int_populate_gic_opt): Take credentials and - populate lifetime options based on them. - - * gic_keytab.c gic_pwd.c : update callers - -2004-04-15 Sam Hartman <hartmans@mit.edu> - - * gic_pwd.c (krb5_get_init_creds_password): Free the as reply in - the !use_master case (Thanks to Lijian Liu) - -2004-03-09 Ken Hornstein <kenh@cmf.nrl.navy.mil> - - * gic_keytab.c (krb5_get_in_tkt_with_keytab): Fix a case I missed - originally. - -2004-02-27 Ken Raeburn <raeburn@mit.edu> - - * gic_pwd.c (krb5_get_in_tkt_with_password): Fix a case Jeff - missed. - -2004-02-26 Jeffrey Altman <jaltman@mit.edu> - - * get_in_tkt.c, gic_keytab.c, gic_pwd.c, send_tgs.c: - Implement changes to support the use of - krb5_get_init_creds_password's use_master as an in/out - parameter. This allows us to prevent a duplicate request - being sent to the KDC in the situation that the password - used is incorrect. This behavior results a negative user - experience and had to be corrected. - -2004-02-13 Ken Raeburn <raeburn@mit.edu> - - * sendauth.c: Don't specify defaults for - GET{PEER,SOCK}NAME_ARG{2,3}_TYPE macros. - -2004-02-06 Sam Hartman <hartmans@avalanche-breakdown.mit.edu> - - * init_ctx.c (DEFAULT_ETYPE_LIST): Include aes128-cts - -2003-12-19 Ken Raeburn <raeburn@mit.edu> - - * get_in_tkt.c (get_in_tkt_enctypes): Now const. - -2003-12-16 Ken Raeburn <raeburn@mit.edu> - - * conv_creds.c (krb5int_encode_v4tkt): Zero out unused parts of - ticket. Use a temorary in case krb5_int32 isn't "int". - (decode_v4tkt): Use a temorary in case krb5_int32 isn't "int". - -2003-12-13 Ken Raeburn <raeburn@mit.edu> - - * mk_req_ext.c (krb5int_generate_and_save_subkey): New function, - split out from krb5_mk_req_extended. - (krb5_mk_req_extended): Call it. - * mk_rep.c (krb5_mk_rep): If KRB5_AUTH_CONTEXT_USE_SUBKEY flag is - set, call krb5int_generate_and_save_subkey to set up a new subkey - to send to the client. - - * serialize.c (krb5_ser_pack_int64, krb5_ser_unpack_int64): New - functions. - -2003-10-30 Tom Yu <tlyu@mit.edu> - - * gen_seqnum.c (krb5_generate_seq_number): Fix mask; was short by - 4 bits. - -2003-10-08 Tom Yu <tlyu@mit.edu> - - * rd_safe.c (krb5_rd_safe_basic): Save the encoded KRB-SAFE-BODY - to avoid trouble caused by re-encoding. Also, handle correctly - implemented RFC 1510 KRB-SAFE, i.e., checksummed over - KRB-SAFE-BODY only. - -2003-09-02 Tom Yu <tlyu@mit.edu> - - * conv_creds.c (krb524_convert_creds_plain): Apply patch from - Cesar Garcia to fix lifetime computation. - -2003-08-19 SamHartman <hartmans@avalanche-breakdown.mit.edu> - - * rd_cred.c (decrypt_credencdata): Don't double free credentials. - -2003-08-08 Tom Yu <tlyu@mit.edu> - - * gic_pwd.c (krb5_get_init_creds_password): If DNS SRV support is - turned off, the second call to get_init_creds() will fail with - KRB5_REALM_UNKNOWN under certain circumstances. If that happens, - return the error from the first call to get_init_creds(), which - will be more useful to the user. - -2003-07-22 Sam Hartman <hartmans@avalanche-breakdown.mit.edu> - - * preauth2.c (krb5_do_preauth): Use the etype_info2 decoder for decoding etype_info2 - (krb5_do_preauth): If an invalid encoding of etype_info or - etype_info2 is received, ignore it rather than failing the request - -2003-07-17 Ken Raeburn <raeburn@mit.edu> - - * Makefile.in (LIBNAME) [##WIN16##]: Don't define. - -2003-07-15 Ken Raeburn <raeburn@mit.edu> - - * Makefile.in (STLIBOBJS, OBJS, T_SER_OBJS): Drop ser_eblk.o. - -2003-06-03 Alexandra Ellwood <lxs@mit.edu> - - * init_ctx.c: Export krb5_get_permitted_enctypes for Samba. - -2003-06-27 Tom Yu <tlyu@mit.edu> - - * gic_keytab.c (krb5_get_in_tkt_with_keytab): Pass (void*)keytab, - not &keytab, to get_init_creds. Thanks to Herb Lewis. - -2003-06-16 Sam Hartman <hartmans@mit.edu> - - * fwd_tgt.c (krb5_fwd_tgt_creds): Set use_conf_ktypes to true while getting the TGT key - -2003-06-13 Tom Yu <tlyu@mit.edu> - - * rd_rep.c (krb5_rd_rep): Free subkeys before replacing them, if - needed. This avoids a memory leak. - -2003-06-11 Tom Yu <tlyu@mit.edu> - - * srv_rcache.c (krb5_get_server_rcache): Octal escapes begin with - hyphen now, since backslash is a pathname separator on DOS. - -2003-06-06 Sam Hartman <hartmans@mit.edu> - - * get_in_tkt.c (krb5_get_init_creds): Mask out renewable_ok if the - request is for a renewable ticket with rtime greater than till - -2003-06-06 Ezra Peisach <epeisach@mit.edu> - - * mk_req_ext.c (krb5_generate_authenticator): Sequence numbers are - unsigned now. - -2003-05-30 Ken Raeburn <raeburn@mit.edu> - - * get_in_tkt.c (krb5_get_init_creds): Change hardcoded default - ticket lifetime from 10 hours to 24 hours. - - * init_ctx.c (DEFAULT_KDC_TIMESYNC): Define as 1 always. - (DEFAULT_CCACHE_TYPE): Define as 4 always. - -2003-05-30 Alexandra Ellwood <lxs@mit.edu> - - * get_in_tkt.c: (verify_as_reply) Only check the renewable lifetime - of tickets whose request options included KDC_OPT_RENEWABLE_OK - if those options did not also include KDC_OPT_RENEWABLE. Otherwise - verify_as_reply() will fail for all renewable tickets. - -2003-05-27 Ken Raeburn <raeburn@mit.edu> - - * conv_creds.c: Enable support on Windows always. - (krb5_524_convert_creds): Renamed from krb524_convert_creds_kdc. - (krb524_convert_creds_kdc, krb524_init_ets) [!_WIN32]: Backwards - compatibility functions. - -2003-05-27 Sam Hartman <hartmans@mit.edu> - - * gic_keytab.c (krb5_get_in_tkt_with_keytab): as below - - * gic_pwd.c (krb5_get_in_tkt_with_password): Store client and - server principals to avoid memory leak - -2003-05-24 Ken Raeburn <raeburn@mit.edu> - - * conv_creds.c: New file, moved from krb524/conv_creds.c and - krb524/encode.c. Rename exported encode routine, make other - encode and decode routines static. If KRB5_KRB4_COMPAT is not - defined, return an error. - * v4lifetime.c: New file, moved from lib/krb4/lifetime.c. Renamed - functions, changed interface to use krb5 types. - * Makefile.in (STLIBOBJS, OBJS, SRCS): Add them. - -2003-05-23 Sam Hartman <hartmans@mit.edu> - - * get_in_tkt.c (krb5_get_init_creds): Initialize options based on - context.kdc_default_options -2003-05-22 Tom Yu <tlyu@mit.edu> - - * gen_seqnum.c (krb5_generate_seq_number): Fix think-o on sequence - number mask. - - * auth_con.c (krb5int_auth_con_chkseqnum): New function; implement - heuristic for broken Heimdal sequence number encoding. - (chk_heimdal_seqnum): Auxiliary function for above. - - * auth_con.h: Add flags for sequence number heuristic. - - * rd_priv.c: Use krb5int_auth_con_chkseqnum. - - * rd_safe.c: Use krb5int_auth_con_chkseqnum. - -2003-05-22 Sam Hartman <hartmans@mit.edu> - - * gic_pwd.c (krb5int_populate_gic_opt): returns void - -2003-05-21 Tom Yu <tlyu@mit.edu> - - * gic_pwd.c (krb5_get_in_tkt_with_password): Set pw0.length - correctly if a password is passed in. - -2003-05-20 Sam Hartman <hartmans@mit.edu> - - * get_in_tkt.c: get_in_tkt only supports old (non-etype-info2) - enctypes. - - * Makefile.in (SRCS): Remove in_ktb.c - - * gic_keytab.c (krb5_get_in_tkt_with_keytab): Move from - in_tkt_keytab.c and rewrite to use krb5_get_init_creds - - * gic_pwd.c (krb5_get_in_tkt_with_password): Moved here from - in_tkt_pwd.c so it can share code with - krb5_get_init_creds_password. Rewritten to call - krb5_get_in_tkt_password - - * Makefile.in (SRCS): Delete in_tkt_pwd.c - -2003-05-18 Tom Yu <tlyu@mit.edu> - - * auth_con.h: Sequence numbers are now unsigned. - - * gen_seqnum.c (krb5_generate_seq_number): Constrain initial - sequence number space to facilitate backwards compatibility. - -2003-05-16 Ken Raeburn <raeburn@mit.edu> - - * ser_ctx.c (krb5_context_internalize): Copy read-in OS context - data into krb5_context and free up the newly allocated OS - context. - - * chpw.c (krb5int_rd_chpw_rep): Allow new kpasswd error codes up - through _INITIAL_FLAG_NEEDED. - -2003-05-13 Sam Hartman <hartmans@mit.edu> - - * fwd_tgt.c (krb5_fwd_tgt_creds): Try with no specified enctype if - forwarding a specific enctype fails. l - - * get_in_tkt.c (krb5_get_init_creds): Free s2kparams - - * preauth2.c (krb5_do_preauth): Fix memory management - (pa_salt): Use copy_data_contents - - * copy_data.c (krb5int_copy_data_contents): New function - -2003-05-09 Sam Hartman <hartmans@mit.edu> - - * preauth2.c: Patch from Sun to reorganize code for handling - etype_info requests. More efficient and easier to implement etype_info2 - (krb5_do_preauth): Support enctype_info2 - -2003-05-08 Sam Hartman <hartmans@mit.edu> - - * preauth2.c: Add s2kparams to the declaration of a preauth - function, to every instance of a preauth function and to every - call to gak_fct - - * get_in_tkt.c (krb5_get_init_creds): Add s2kparams support - - * gic_keytab.c (krb5_get_as_key_keytab): Add s2kparams - - * gic_pwd.c (krb5_get_as_key_password): Add s2kparams support - -2003-05-09 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (init_common): Copy tgs_ktypes array to - conf_tgs_ktypes. Clear use_conf_ktypes. - (krb5_free_context): Free conf_tgs_ktypes. - (krb5_get_tgs_ktypes): Use use_conf_ktypes to choose between - tgs_ktypes and conf_tgs_ktypes. - - * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Set use_conf_ktypes - in context to 1 for all operations except the acquisition of the - desired service ticket. - -2003-05-09 Tom Yu <tlyu@mit.edu> - - * auth_con.c (krb5_auth_con_setsendsubkey) - (krb5_auth_con_setrecvsubkey, krb5_auth_con_getsendsubkey) - (krb5_auth_con_getrecvsubkey): New functions. Set or retrieve - subkeys from an auth_context. - (krb5_auth_con_getlocalsubkey, krb5_auth_con_getremotesubkey): - Reimplement in terms of the above. - - * auth_con.h, ser_actx.c: Rename {local,remote}_subkey -> - {send,recv}_subkey. - - * chpw.c (krb5int_rd_chpw_rep): Save send_subkey prior to rd_rep; - use saved send_subkey to smash recv_subkey obtained from rd_rep. - - * mk_req_ext.c (krb5_mk_req_extended): Rename - {local,remote}_subkey -> {send,recv}_subkey. Set both subkeys if - subkey generation is requested. - - * mk_cred.c, mk_priv.c, mk_safe.c: Rename {local,remote}_subkey -> - {send,recv}_subkey. Use either send_subkey or keyblock, in that - order. - - * rd_cred.c, rd_priv.c, rd_safe.c: Rename {local,remote}_subkey -> - {send,recv}_subkey. Use either recv_subkey or keyblock, in that - order. - - * rd_rep.c (krb5_rd_rep): Rename {local,remote}_subkey -> - {send,recv}_subkey. Set both subkeys if a subkey is present in - the AP-REP message. - - * rd_req_dec.c (krb5_rd_req_decoded_opt): Rename - {local,remote}_subkey -> {send,recv}_subkey. Set both subkeys if - a subkey is present in the AP-REQ message. - -2003-05-06 Sam Hartman <hartmans@mit.edu> - - * kfree.c (krb5_free_etype_info): Free s2kparams - -2003-04-27 Sam Hartman <hartmans@mit.edu> - - * chpw.c (krb5int_setpw_result_code_string): Make internal - -2003-04-25 Sam Hartman <hartmans@mit.edu> - - * chpw.c (krb5int_rd_setpw_rep): Fix error handling; allow - krberrors to be read correctly; fix memory alloctaion so that - allocated structures are freed. - -2003-04-16 Sam Hartman <hartmans@mit.edu> - - * chpw.c (krb5int_mk_setpw_req): Use encode_krb5_setpw_req. Fix - memory handling to free data that is allocated - -2003-04-15 Sam Hartman <hartmans@mit.edu> - - * chpw.c (krb5int_mk_setpw_req krb5int_rd_setpw_rep): New function - -2003-04-24 Ezra Peisach <epeisach@mit.edu> - - * kfree.c (krb5_free_pwd_sequences): Correction to previous - fix. Free contents of krb5_data - not just the pointer. - -2003-04-23 Ezra Peisach <epeisach@mit.edu> - - * kfree.c (krb5_free_pwd_sequences): Actually free the entire - sequence of passwd_phase_elements and not just the first one. - -2003-04-13 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (DEFAULT_ETYPE_LIST): Add AES with 256 bits at the - front of the list. No 128-bit support by default. - -2003-04-01 Nalin Dahyabhai <nalin@redhat.com> - - * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Check principal name - length before examining components. - - * parse.c (krb5_parse_name): Double-check principal name length - before filling in components. - - * srv_rcache.c (krb5_get_server_rcache): Check for null pointer - supplied in place of name. - - * unparse.c (krb5_unparse_name_ext): Don't move buffer pointer - backwards if nothing has been put into the buffer yet. - -2003-04-01 Sam Hartman <hartmans@mit.edu> - - * rd_req.c (krb5_rd_req): If AUTH_CONTEXT_DO_TIME is cleared, - don't set up a replay cache. - -2003-03-08 Ezra Peisach <epeisach@mit.edu> - - * t_kerb.c: Only include krb.h if krb4 support compiled in, - otherwise define ANAME_SZ, INST_SZ and REALM_SZ. - -2003-03-06 Tom Yu <tlyu@mit.edu> - - * preauth2.c (pa_sam_2): Add intermediate size_t variable to hold - output of krb5_c_encrypt_length(). - -2003-03-06 Alexandra Ellwood <lxs@mit.edu> - - * appdefault.c: Fix constness to avoid warning. - - * init_ctx.c: Do the same stuff on the Mac as on Unix. - - * preauth2.c: Added cast to fix warning. - -2003-03-04 Tom Yu <tlyu@mit.edu> - - * srv_rcache.c (krb5_get_server_rcache): Fix missed - isinvalidrcname -> isvalidrcname. - -2003-03-02 Sam Hartman <hartmans@mit.edu> - - * srv_rcache.c (krb5_get_server_rcache): If punctuation or graphic characters in replay ccache name then use escaping - - * rd_req.c (krb5_rd_req): Allow initializing the replay cache from the ticket - -2003-02-25 Tom Yu <tlyu@mit.edu> - - * gic_pwd.c (krb5_get_init_creds_password): Don't pass a NULL - pointer to sprintf(). - -2003-02-14 Sam Hartman <hartmans@mit.edu> - - * preauth2.c (krb5_do_preauth): Sort incoming etype info based on - preference order in request - -2003-02-13 Sam Hartman <hartmans@mit.edu> - - * gic_keytab.c (krb5_get_as_key_keytab): Nathan Neulinger points - out that the AS key is double freed; fix. - -2003-02-11 Sam Hartman <hartmans@mit.edu> - - * rd_cred.c (krb5_rd_cred): Free creds using krb5_free_tgt_creds - and make sure they are set to null in case of error. - -2003-02-07 Sam Hartman <hartmans@mit.edu> - - * rd_cred.c (krb5_rd_cred): Allow the tickets to be encrypted the - session key as well as the subsession key; for GSSAPI this tends - to be what happens. - -2003-02-04 Sam Hartman <hartmans@mit.edu> - - * get_in_tkt.c (krb5_get_init_creds): Default to addressless tickets - -2003-01-12 Ezra Peisach <epeisach@bu.edu> - - * send_tgs.c (krb5_send_tgs): Free memory leak of TGS_REQ. - -2003-01-10 Ken Raeburn <raeburn@mit.edu> - - * Makefile.in: Add AC_SUBST_FILE marker for libobj_frag. - -2003-01-09 Sam Hartman <hartmans@mit.edu> - - * get_creds.c (krb5_get_credentials_core): Patch from Ben Cox - <cox-work@djehuti.com> to not use expired service credentials if - the endtime is null but instead to search for unexpired - credentials. If none are found, get new credentials. - - -2003-01-08 Sam Hartman <hartmans@mit.edu> - - * fwd_tgt.c (krb5_fwd_tgt_creds): Don't require hostname to be supplied unless you are using addresses in the ticket. - -2003-01-07 Ken Raeburn <raeburn@mit.edu> - - * appdefault.c (conf_yes, conf_no): Now const. - -2003-01-07 Sam Hartman <hartmans@mit.edu> - - * mk_req_ext.c (krb5_mk_req_extended): Fix logic error in checksum function handling - (krb5_mk_req_extended): For consistency with Microsoft, never use a subkey before calling the checksum callback - -2003-01-06 Sam Hartman <hartmans@mit.edu> - - * mk_req_ext.c (krb5_mk_req_extended): Inf no in_data is provided - but krb5_auth_con_set_checksum_func has been called, then use that - callback to generate the in_data. - - * auth_con.c (krb5_auth_con_init): Initialize checksum_func fields - (krb5_auth_con_set_checksum_func): new function-- set the mk_req - checksum function - (krb5_auth_con_get_checksum_func): return the same - - * auth_con.h: Add checksum_func and checksum_func_data - -2002-12-23 Ezra Peisach <epeisach@bu.edu> - - * t_kerb.c: Include string.h for strcmp prototype. - -2002-12-19 Ken Raeburn <raeburn@mit.edu> - - * conv_princ.c (krb5_524_conv_principal): Clean up use of "const" - in API. - -2002-11-14 Ezra Peisach <epeisach@bu.edu> - - * get_in_tkt.c (krb5_get_in_tkt): Do not pass NULL when an - integer 0 is intended to send_as_request(). - -2002-11-07 Ezra Peisach <epeisach@bu.edu> - - * conv_princ.c (strnchr): Make length argument unsigned int. - - * preauth2.c: Add parentheses around assignment used as truth - value. Cleanup unused variable. - - -2002-10-30 Tom Yu <tlyu@mit.edu> - - * chk_trans.c (krb5_check_transited_list): Style nit: check - character against '\0' not NULL. - -2002-10-30 Sam Hartman <hartmans@mit.edu> - - * chk_trans.c: Ignore trailing null in transited encoding; older - versions of MIT code included this. - -2002-10-28 Ken Raeburn <raeburn@mit.edu> - - * get_in_tkt.c (conf_yes, conf_no): Now const. References - updated. - * preauth.c (preauth_systems): Now const. References updated. - * preauth2.c (pa_types): Now const. - (krb5_do_preauth): Local array paorder now const. - -2002-10-28 Sam Hartman <hartmans@mit.edu> - - * gic_keytab.c (krb5_get_init_creds_keytab): Don't allow failure - to resolve master KDC to mask error from a slave we did talk to. - -2002-10-24 Ken Hornstein <kenh@cmf.nrl.navy.mil> - - * gic_pwd.c (krb5_get_init_creds_password): Exit out of the loop - when preauth fails. - - * kfree.c: Add various free functions for new preauth - data structures. - - * preauth2.c (pa_sam): Fix up support for "old" hardware preauth. - Also implement new hardware preauth in pa_sam2(). - -2002-10-23 Ken Hornstein <kenh@cmf.nrl.navy.mil> - - * gic_pwd.c (krb5_get_init_creds_password): Fix bug in previous - password expiration warning; also, check for password expiration - warnings via LRQ type from krb-clarifications. - -2002-09-11 Sam Hartman <hartmans@mit.edu> - - * fwd_tgt.c (krb5_fwd_tgt_creds): If our initial tickets don't - have addresses, neither should forwarded tickets. Also, noticed - that cc was being used before initialized in some cases; fixed. - -2002-09-02 Ken Raeburn <raeburn@mit.edu> - - * addr_comp.c, addr_order.c, addr_srch.c, appdefault.c, - auth_con.c, bld_princ.c, chpw.c, cleanup.h, conv_princ.c, - copy_addrs.c, copy_athctr.c, copy_auth.c, copy_cksum.c, - copy_creds.c, copy_data.c, copy_key.c, copy_princ.c, copy_tick.c, - cp_key_cnt.c, decode_kdc.c, decrypt_tk.c, enc_helper.c, - encode_kdc.c, encrypt_tk.c, free_rtree.c, fwd_tgt.c, gc_frm_kdc.c, - gc_via_tkt.c, gen_seqnum.c, gen_subkey.c, get_creds.c, - get_in_tkt.c, gic_keytab.c, gic_opt.c, gic_pwd.c, in_tkt_ktb.c, - in_tkt_pwd.c, in_tkt_sky.c, init_ctx.c, kdc_rep_dc.c, kfree.c, - mk_cred.c, mk_error.c, mk_priv.c, mk_rep.c, mk_req.c, - mk_req_ext.c, mk_safe.c, parse.c, pr_to_salt.c, preauth.c, - preauth2.c, princ_comp.c, rd_cred.c, rd_error.c, rd_priv.c, - rd_rep.c, rd_req.c, rd_req_dec.c, rd_safe.c, recvauth.c, - send_tgs.c, sendauth.c, ser_actx.c, ser_adata.c, ser_addr.c, - ser_auth.c, ser_cksum.c, ser_ctx.c, ser_key.c, ser_princ.c, - serialize.c, set_realm.c, srv_rcache.c, str_conv.c, t_deltat.c, - t_kerb.c, t_ser.c, t_walk_rtree.c, tgtname.c, unparse.c, - valid_times.c, vfy_increds.c, vic_opt.c, walk_rtree.c, - x-deltat.y: Use prototype style function definitions. - * deltat.c: Regenerated. - * bld_princ.c: Include stdarg.h before k5-int.h. - * cleanup.h (struct cleanup): Include prototype for function - pointer field 'func'. - -2002-08-29 Ken Raeburn <raeburn@mit.edu> - - * Makefile.in: Revert $(S)=>/ change, for Windows support. - -2002-08-23 Ken Raeburn <raeburn@mit.edu> - - * Makefile.in: Change $(S)=>/ and $(U)=>.. globally. - -2002-08-22 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (init_common): Initialize udp_pref_limit field. - -2002-08-15 Tom Yu <tlyu@mit.edu> - - * t_ser.c (ser_ccache_test): Remove references to STDIO ccaches. - -2002-08-01 Tom Yu <tlyu@mit.edu> - - * unparse.c (krb5_unparse_name_ext): Error out if passed a NULL - pointer. Patch from Mark Levinson; fixes [krb5-admin/1140]. - -2002-06-26 Ezra Peisach <epeisach@bu.edu> - - * appdefault.c (conf_boolean): Change variable from char ** to - const char ** to prevent warning of const to non-const. - - * get_in_tkt.c (_krb5_conf_boolean): Same - -2002-06-25 Alexandra Ellwood <lxs@mit.edu> - - * appdefault.c, get_in_tkt.c: made conf_yes and conf_no const to - improve load time on Mach-O - - * init_ctx: fixed Mac OS macros - - [pullups from 1-2-2-branch] - -2001-06-25 Miro Jurisic <meeroh@mit.edu> - - * rd_safe.c, rd_priv.c, rd_cred.c, preauth.c, mk_safe.c, - mk_cred.c, appdefault.c: use "" includes for krb5.h, k5-int.h and - syslog.h - [pullup from 1-2-2-branch] - -2002-06-18 Ken Raeburn <raeburn@mit.edu> - - * sendauth.c (ECONNABORTED): Don't define here now that it's - defined in port-sockets.h. - -2002-06-18 Danilo Almeida <dalmeida@mit.edu> - - * princ_comp.c (krb5_realm_compare), auth_con.c - (krb5_auth_con_setports, krb5_auth_con_getaddrs, - krb5_auth_con_initivector), addr_order.c (krb5_address_order), - addr_comp.c (krb5_address_compare): Make KRB5_CALLCONV. - [pullup from 1-2-2-branch] - -2002-06-18 Danilo Almeida <dalmeida@mit.edu> - - * bld_princ.c (krb5_build_principal_va): Make - krb5_build_principal_va() KRB5_CALLCONV. - [pullup from 1-2-2-branch] - -2002-06-12 Ken Raeburn <raeburn@mit.edu> - - * preauth.c: Don't include syslog.h. - -2002-06-10 Ken Raeburn <raeburn@mit.edu> - - * get_in_tkt.c (send_as_request): Update arg list for - sendto_kdc. If a RESPONSE_TOO_BIG error is returned from the KDC, - use a TCP connection. - * send_tgs.c (krb5_send_tgs): Update arg list for sendto_kdc. If - a RESPONSE_TOO_BIG error is returned from the KDC, use a TCP - connection. - -2002-04-12 Ezra Peisach <epeisach@bu.edu> - - * Makefile.in (clean): Remove t_expand and t_expand.o - -2002-04-12 Ken Raeburn <raeburn@mit.edu> - - * conv_princ.c (struct krb_convert): Add new field 'len'. - (RC, R, NR): New macros. - (sconv_list): Use them. - (krb5_524_conv_principal): Compare lengths and then use memcmp. - - * recvauth.c (sendauth_version): Now a const array. - * sendauth.c (sendauth_version): Now a const array. - (krb5_sendauth): Cast address when assigning to outbuf data - field. - -2002-04-05 Ken Raeburn <raeburn@mit.edu> - - * decrypt_tk.c (krb5_decrypt_tkt_part): Call krb5_c_valid_enctype - instead of valid_enctype. - * encode_kdc.c (krb5_encode_kdc_rep): Likewise. - * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Likewise. - * gic_keytab.c (krb5_get_as_key_keytab): Likewise. - * in_tkt_ktb.c (keytab_keyproc): Likewise. - * in_tkt_sky.c (skey_keyproc): Likewise. - * init_ctx.c (krb5_set_default_in_tkt_ktypes, - krb5_set_default_tgs_enctypes): Likewise. - * send_tgs.c (krb5_send_tgs): Likewise. - - * mk_safe.c (krb5_mk_safe_basic): Call krb5_c_valid_cksumtype, - krb5_c_is_coll_proof_cksum, krb5_c_is_keyed_cksum instead of - non-prefixed forms. - * rd_safe.c (krb5_rd_safe_basic): Likewise. - -2002-03-28 Sam Hartman <hartmans@mit.edu> - - * Makefile.in : New file init_keyblock.c - - * init_keyblock.c (krb5_init_keyblock): New function - -2002-03-16 Sam Hartman <hartmans@mit.edu> - - * fwd_tgt.c (krb5_fwd_tgt_creds): Fix merge of patch from 1.2.2 - back to mainline. - -2002-03-14 Sam Hartman <hartmans@mit.edu> - - * walk_rtree.c (krb5_walk_realm_tree): Fix handling of null client or server realm - -2002-03-06 Ken Raeburn <raeburn@mit.edu> - - * ser_actx.c (krb5_auth_context_externalize): Do bounds checking - on converted size value. - - * fwd_tgt.c (krb5_fwd_tgt_creds): If no session key has been set, - try getting credentials and use the session key type as a hint - for the enctype to use for the forwarded credentials. - -2002-02-27 Sam Hartman <hartmans@mit.edu> - - * rd_cred.c (krb5_rd_cred_basic): Don't check IP addresses; if - someone knows the key and wants to give us credentials, that's OK. - No reflection attack is possible in most protocols since krb_cred - is almost always client->server. Address checking created - significant problems for NATs. We also ran into problems - getting our code to work with Heimdal and removing checking was - easier than a staged upgrade to fix the problems. - (krb5_rd_cred): Don't pass in addresses - -2002-02-22 Ken Raeburn <raeburn@mit.edu> - - * addr_comp.c, addr_order.c, addr_srch.c, bld_pr_ext.c, - bld_princ.c, enc_helper.c, encrypt_tk.c, gen_seqnum.c, - gen_subkey.c, preauth.c: Use const instead of krb5_const. - * bld_pr_ext.c, bld_princ.c: Always use stdarg macros and not - varargs. - -2002-01-08 Sam Hartman <hartmans@mit.edu> - - * gen_subkey.c (krb5_generate_subkey): Label entropy sources - - * init_ctx.c (init_common): Use /dev/urandom if present for random data - -2001-12-05 Ezra Peisach <epeisach@mit.edu> - - * t_ser.c (main): Free context on failure exit route. - - 2001-11-24 Sam Hartman <hartmans@mit.edu> - - * fwd_tgt.c (krb5_fwd_tgt_creds): Get a session key for the - forwarded tgt that is the same as the session key for the - auth_context. This is an enctype we know the remote side - supports. - -2001-11-26 Sam Hartman <hartmans@mit.edu> - - * gen_seqnum.c (krb5_generate_seq_number): add entropy source id - - * sendauth.c (krb5_sendauth): Add entropy source ID - - * mk_req_ext.c (krb5_mk_req_extended): Add entropy source ID to random seed call - - * init_ctx.c (init_common): Specify entropy source for random seed - -2001-11-16 Sam Hartman <hartmans@mit.edu> - - * init_ctx.c (krb5_set_default_tgs_enctypes): rename from - set_default_ktypes; old function provided as APIA - -2001-11-16 Ezra Peisach <epeisach@mit.edu> - - * init_ctx.c (DEFAULT_ETYPE_LIST): Ensure space present after - arcfour-hmac-md5 entry for when ANSI strings concatenated the - des-cbc-crc entry was dropped. - -2001-11-07 Sam Hartman <hartmans@mit.edu> - - * init_ctx.c (DEFAULT_ETYPE_LIST): Add arcfour-hmac-md5; it really - is probably at least as good as DES - -2001-10-10 Danilo Almeida <dalmeida@mit.edu> - - * gic_pwd.c (krb5_get_as_key_password), - gic_keytab.c (krb5_get_as_key_keytab): Use ANSI-style - declaration in definition. - -2001-10-09 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (init_common): After fetching kdc_default_options - value from krb5.conf, actually use that value. Pointed out by - Emily Ratliff, <ratliff@austin.ibm.com>. - - * get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c, - int-proto.h, mk_req_ext.c, pr_to_salt.c, rd_req_dec.c, ser_actx.c, - ser_adata.c, ser_addr.c, ser_auth.c, ser_cksum.c, ser_ctx.c, - ser_eblk.c, ser_key.c, ser_princ.c, t_kerb.c: Make prototypes - unconditional. - -2001-10-05 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c, preauth.c: Drop _MSDOS support. - -2001-10-03 Ken Raeburn <raeburn@mit.edu> - - * appdefault.c, auth_con.c, bld_pr_ext.c, bld_princ.c, chpw.c, - conv_princ.c, copy_addrs.c, copy_athctr.c, copy_auth.c, - copy_cksum.c, copy_creds.c, copy_data.c, copy_key.c, copy_princ.c, - copy_tick.c, cp_key_cnt.c, decrypt_tk.c, fwd_tgt.c, get_creds.c, - get_in_tkt.c, gic_keytab.c, gic_opt.c, gic_pwd.c, in_tkt_ktb.c, - in_tkt_pwd.c, in_tkt_sky.c, init_ctx.c, kfree.c, mk_cred.c, - mk_error.c, mk_priv.c, mk_rep.c, mk_req.c, mk_req_ext.c, - mk_safe.c, parse.c, princ_comp.c, rd_cred.c, rd_error.c, - rd_priv.c, rd_rep.c, rd_req.c, rd_safe.c, recvauth.c, sendauth.c, - ser_actx.c, ser_ctx.c, serialize.c, set_realm.c, srv_rcache.c, - str_conv.c, unparse.c, vfy_increds.c, vic_opt.c, x-deltat.y: Don't - use KRB5_DLLIMP. Don't explicitly declare pointers FAR any more. - -2001-09-07 Ken Raeburn <raeburn@mit.edu> - - * t_expand.c: New file. - * Makefile.in (SRCS): Add test-case source files; rebuilt - dependencies. - (t_expand.o): Build from t_expand.c now, no special build rule. - -2001-09-07 Ken Raeburn <raeburn@mit.edu> - - * rd_req_dec.c (krb5_rd_req_decoded_opt): Pass server realm to - transited-list check, not local realm, in case they're different. - -2001-08-21 Ken Raeburn <raeburn@mit.edu> - - * walk_rtree.c (krb5_walk_realm_tree): Initialize slen to silence - compiler warning. - -2001-08-08 <epeisach@mit.edu> - - * walk_rtree.c (krb5_walk_realm_tree): Do not try to free const char *. - - * mk_safe.c (krb5_mk_safe_basic): Do not declare local_addr and - remote_addr const and then cast the attribute away. - - * mk_req_ext.c (krb5_generate_authenticator): Static function - - remove const attribute from cksum pointer. - - * gc_via_tkt.c (krb5_get_cred_via_tkt): Cast unsigned integer - krb5_error error_value to signed before adding - ERROR_TABLE_BASE_krb5. - -2001-07-31 Ken Raeburn <raeburn@mit.edu> - - * chk_trans.c (krb5_check_transited_list): Pointer args now point - to const. - -2001-07-31 Ezra Peisach <epeisach@mit.edu> - - * get_in_tkt.c: Cast to unsigned krb5_error error value to - krb5_error_code before trying to add to ERROR_TABLE_BASE_krb5. - -2001-07-30 Ezra Peisach <epeisach@mit.edu> - - * sendauth.c (krb5_sendauth): Instead of casting second argument - to getpeername() and getsockname() to "struct sockaddr *", cast to - system specific type as determined by autoconf. - -2001-07-24 Ezra Peisach <epeisach@mit.edu> - - * in_tkt_sky.c (krb5_get_in_tkt_with_skey): Change cast from - krb5_pointer to krb5_const_pointer to ensure const integrity of - parameter. - - * in_tkt_ktb.c (keytab_keyproc): Add const argument to cast of - keyseed to struct keytab_keyproc_arg to maintain const status. - - * conv_princ.c (krb5_524_conv_principal): Cast argument to memcpy - to size_t. - -2001-07-06 Ezra Peisach <epeisach@mit.edu> - - * conv_princ.c (krb5_425_conv_principal): Cast argument to tolower - to int. - - * get_in_tkt.c: Include os-proto.h for _krb5_conf_boolean prototype. - - * Makefile.in (LOCALINCLUDES): Add -I$(srcdir)/../os so os-proto.h - can be included. - -2001-06-29 Tom Yu <tlyu@mit.edu> - - * init_ctx.c (get_profile_etype_list): Fix etype-counting loop so - that trailing separator characters (as in the DEFAULT_ETYPE_LIST) - don't cause another iteration, which was causing the following - loop to fall off the end of the string due to count being one too - great. - -2001-06-28 Ezra Peisach <epeisach@mit.edu> - - * chk_trans.c (foreach_realm): Cleanup loal variable set but never - used. - -2001-06-21 Ezra Peisach <epeisach@mit.edu> - - * chk_trans.c: Cast length arguments of %.*s in formats to int. - -2001-06-20 Ezra Peisach <epeisach@mit.edu> - - * Makefile.in (check-unix): Add $(RUN_SETUP) before invocation of - transit-tests for shared library environment variables. - -2001-06-19 Ken Raeburn <raeburn@mit.edu> - - * chk_trans.c: Reimplemented from scratch. - * transit-tests: New file. - * Makefile.in (t_expand, t_expand.o): New targets. Build test - program from chk_trans.c. - (T_EXPAND_OBJS): New variable. - (TEST_PROGS): Add t_expand. - (check-unix): Run transit-tests. - * t_krb5.conf: Added capaths section. - -2001-06-16 Ken Raeburn <raeburn@mit.edu> - - * fwd_tgt.c (krb5_fwd_tgt_creds): Copy enctype for new creds from - tgt. - -2001-06-12 Ezra Peisach <epeisach@mit.edu> - - * Makefile.in (t_walk_rtree, t_kerb): Do not link against kdb libraries - for these test executables. - - * srv_rcache.c (krb5_get_server_rcache): Cast argument to - isgraph() to int. - - * init_ctx.c: Cast arguments to isspace() to int. If unix is defined, - include ../krb5_libinit.h. There has to be a better was for windows. - - * conv_princ.c (krb5_425_conv_principal): Cast argument to isupper(). - to int. - -2001-06-11 Ezra Peisach <epeisach@mit.edu> - - * str_conv.c: If strptime() is present on system without a - prototype, provide one. - -2001-06-07 Ezra Peisach <epeisach@mit.edu> - - * vfy_increds.c (krb5_verify_init_creds): Get rid of a variable - that was set in a conditional and never used afterwards. - -2001-06-01 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (get_profile_etype_list): Zero out multiple separator - characters between tokens, so the second can be recognized - properly. - -2001-04-04 Tom Yu <tlyu@mit.edu> - - * mk_safe.c (krb5_mk_safe): Only use safe_cksumtype from the - auth_context (derived from the config file or hardcoded default) - if it's suitable for the enctype of the key we're going to - use. [pullup from krb5-1-2-2-branch] - -2001-03-28 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (DEFAULT_ETYPE_LIST): New macro. Old etype list, - plus des-md4, with des-crc before des-mdX for now. - (get_profile_etype_list): Use DEFAULT_ETYPE_LIST. - -2001-03-10 Ezra Peisach <epeisach@mit.edu> - - * init_ctx.c: Provide a full prototype for init_common(). - - * recvauth.c (recvauth_common): Declare recvauth_common as static. - - * parse.c, sendauth.c: Changes to prevent shadowing of local - variables. - - * get_in_tkt.c, tgtname.c: Include int-proto.h for prototypes. - -2001-03-03 Ken Raeburn <raeburn@mit.edu> - - * preauth2.c (pa_sam): Return an error if no prompter was - provided. - -2001-02-15 Ezra Peisach <epeisach@mit.edu> - - * t_deltat.c (main): Test of overflow and underflow of krb5_int32. - - * x-deltat.y: Test for over/underflow of krb5_int32 for a - krb5_deltat. Return EINVAL. [krb5-libs/922] - - * deltat.c: Regenerated from x-deltat.y - - * str_conv.c (krb5_string_to_timestamp): Do not accept a time - format that only partially matches the input string. [krb5-lib/922] - -2001-01-30 Tom Yu <tlyu@mit.edu> - - * preauth.c (krb5_obtain_padata): Don't dereference a NULL pointer - if we receive an empty ETYPE_INFO preauth. [krb5-libs/903 from - craziboy77@hotmail.com] - - * preauth2.c (krb5_do_preauth): Don't dereference a NULL pointer - if we receive an empty ETYPE_INFO preauth. [krb5-libs/903 from - craziboy77@hotmail.com] - -2001-01-30 Ezra Peisach <epeisach@mit.edu> - - * rd_req_dec.c (krb5_rd_req_decrypt_tkt_part): Free - krb5_keytab_entry if call to krb5_decrypt_tkt_part() - fails. [krb5-libs/855 reported by guy@packeteer.com] - -2001-01-19 Ken Raeburn <raeburn@mit.edu> - - * preauth.c: Don't use PROTOTYPE macro, just always use the - prototypes. - -2001-01-19 Tom Yu <tlyu@mit.edu> - - * preauth.c: Remove uses of KRB5_NPROTOTYPE() macro. - -2000-10-26 Ezra Peisach <epeisach@mit.edu> - - * t_ser.c: Cast getpid() calls to int as arguments to sprintf. - - * ser_actx.c: Move prototypes (listed below) to int-proto.h - - * int-proto.h: Add prototypes for krb5_ser_authdata_init, - krb5_ser_address_init, krb5_ser_authenticator_init, - krb5_ser_checksum_init, krb5_ser_keyblock_init, - krb5_ser_principal_init. - - * ser_adata.c, ser_addr.c, ser_auth.c, ser_cksum.c, ser_key.c, - ser_princ.c: Include int-proto.h for prototypes. - -2000-10-17 Ezra Peisach <epeisach@mit.edu> - - * bld_pr_ext.c, bld_princ.c (krb5_build_principal_ext, - krb5_build_principal_va, krb5_build_principal): Take an unsigned - int realm length. - - * get_in_tkt.c (krb5_get_init_creds): Use SALT_TYPE_AFS_LENGTH - instead of -1. - - * gic_pwd.c (krb5_get_as_key_password): Use SALT_TYPE_AFS_LENGTH - instead of -1. - - * in_tkt_pwd.c (pwd_keyproc): Argument to krb5_read_password is - unsigned int. - - * pr_to_salt.c (krb5_principal2salt_internal): Declare as - static. Unsigned int fix. - - * preauth.c (krb5_obtain_padata): Use SALT_TYPE_AFS_LENGTH instead - of -1. - - * preauth2.c (pa_salt): Use SALT_TYPE_AFS_LENGTH instead of -1. - - * conv_princ.c, copy_auth.c, copy_princ.c, gc_frm_kdc.c, parse.c, - send_tgs.c, srv_rcache.c: Unsigned/signed int cleanup. - - * unparse.c (krb5_unparse_name_ext): size parameter changed to - unsigned int *. - -2000-10-04 Ezra Peisach <epeisach@mit.edu> - - * rd_req_dec.c (krb5_rd_req_decrypt_tkt_part): Fix memory leak if - krb5_decrypt_tkt_part() fails. [krb5-libs/855] - -2000-10-03 Ezra Peisach <epeisach@mit.edu> - - * srv_rcache.c (krb5_get_server_rcache): Signed vs unsigned int - warning fix. - - * pr_to_salt.c (krb5_principal2salt_internal): Add prototype for - internal function, and declare static. - - * copy_addrs.c (krb5_copy_addresses): Cleanup unsigned vs signed - warnings as arguments to malloc(). - -Tue Sep 26 13:00:54 2000 Ezra Peisach <epeisach@mit.edu> - - * conv_princ.c (krb5_425_conv_principal): Call profile_free_list - on v4realms during the iteration loop. Do not call - profile_release_string with a NULL pointer. - -2000-09-25 Ezra Peisach <epeisach@mit.edu> - - * t_kerb.c: Add prototypes for test functions. - -2000-08-29 Ken Raeburn <raeburn@mit.edu> - - * get_creds.c (krb5_get_credentials_core): If the supplied enctype - is not supported, return an error; can't satisfy both - TC_SUPPORTED_KTYPES and TC_MATCH_KTYPE that way. Delete unused - arguments CCACHE and OUT_CREDS; fix callers. - -2000-07-18 Ezra Peisach <epeisach@mit.edu> - - * vfy_increds.c: include int-proto.h for krb5_libdefault_boolean - prototype. - - * t_ser.c (ser_eblock_test): ifdef out old eblock serialization - test which is no longer called. (see 1999-09-01 ChangeLog) - - * t_kerb.c: Cast argument to fprintf to long to agree with format - string. - - * t_deltat.c: If MIN is defined, undef before redefined as 60. - - * str_conv.c: Provide strptime prototype if the system header - files fail to provide a prototype. - - * int-proto.h: Add prototype for krb5_libdefault_boolean() - -2000-06-30 Tom Yu <tlyu@mit.edu> - - * conv_princ.c (krb5_425_conv_principal): NULL, not nil. - -2000-06-30 Miro Jurisic <meeroh@mit.edu> - - * conv_princ.c (krb5_425_conv_principal): Fixed a memory leak - -2000-06-29 Ezra Peisach <epeisach@engrailed.mit.edu> - - * t_walk_rtree.c (main): Declare as returning int. - - * get_in_tkt.c (_krb5_conf_boolean): Declare as taking a const char * - - * str_conv.c (krb5_timestamp_to_string): Work around gcc's warning - that %c format in strftime might return only two digits for the - year. - - * mk_safe.c, rd_rep.c, send_tgs.c: Remove unused goto label. - - * kdc_rep_dc.c (krb5_kdc_rep_decrypt_proc): Remove code with no - effect. - - * init_ctx.c: Make krb5_brand[] look used. - - * chpw.c, decode_kdc.c, decrypt_tk.c, enc_helper.c, get_creds.c, - get_in_tkt.c, gic_keytab.c, gic_pwd.c, preauth2.c, vfy_increds.c: - Add parentheses around assignment used as truth value - -2000-06-28 Ezra Peisach <epeisach@mit.edu> - - * conv_princ.c, get_creds.c, get_in_tkt.c, mk_rep.c, parse.c, - send_tgs.c: Remove unused variable. - -2000-06-23 Miro Jurisic <meeroh@mit.edu> - - * conv_princ.c (krb5_425_conv_principal): Fixed v4->v5 realm - name conversion - - * conv_princ.c (krb5_425_conv_principal): Honor v4/v5 realm name - differences when convertion from v4 principals to v5. - -2000-06-23 Tom Yu <tlyu@mit.edu> - - * get_creds.c (krb5_get_credentials): Translate KRB5_CC_NOTFOUND - returned from krb5_get_cred_from_kdc() if a prior call to - krb5_cc_retrieve_cred() returned KRB5_CC_NOT_KTYPE. - - * rd_priv.c (krb5_rd_priv_basic): Delete code that was incorrectly - doing explicit ivec chaining; c_decrypt() does it now. - - * mk_priv.c (krb5_mk_priv_basic): Delete code that was incorrectly - doing explicit ivec chaining; c_encrypt() does it now. - - * conv_princ.c (krb5_524_conv_principal): Make a copy of the krb5 - realm that is nul-terminated to avoid falling off the end of the - krb5 realm, which is not necessarily nul-terminated. - -2000-06-23 Danilo Almeida <dalmeida@mit.edu> - - * init_ctx.c (krb5_get_tgs_ktypes, krb5_free_ktypes): Fix linkage to - be KRB5_CALLCONV. - -2000-06-23 Ken Raeburn <raeburn@mit.edu> - - * get_in_tkt.c (krb5_get_in_tkt): If enctypes are specified, send - the server the intersection of that list and the supported types, - in the order requested. - - * recvauth.c (krb5_recvauth_version): New routine, takes a - krb5_data in which to store the client's application version - string. - (recvauth_common): Renamed from krb5_recvauth, added above - functionality depending on extra argument values. - (krb5_recvauth): New stub, calls above routine with extra dummy - values. - - * kfree.c: Remove unneeded "return" statements at the end of many - functions. - (krb5_free_*_content, krb5_free_*_contents, - krb5_free_cred_enc_part, krb5_free_pwd_sequences): Set freed - pointer members to null when containing structure isn't being - freed. - - * t_kerb.c (test_524_conv_principal): New test code, to exercise - bbense's code addition. - (main, usage): Updated. - * t_krb5.conf: Added stanford.edu->IR.STANFORD.EDU mapping, and a - test case for improperly long v4 realm names. - * Makefile.in (check-unix): Run 524 conversion test for some test - Athena and Stanford names. - * t_ref_kerb.out: Updated. - - * init_ctx.c (init_common): Feed current-microsecond time and - process-id into PRNG, instead of just current-second time. - * mk_req_ext.c (krb5_mk_req_extended): Feed current time into - PRNG if a subkey will be generated. - * sendauth.c (krb5_sendauth): Feed local and remote addresses of - socket, if they can be determined, into the PRNG if a subkey will - be used. - - * init_ctx.c (krb5_free_ktypes): New routine, to free values - returned by krb5_get_tgs_ktypes, krb5_get_permitted_enctypes, and - krb5_get_default_in_tkt_ktypes. - (krb5_set_default_tgs_ktypes, krb5_is_permitted_enctype): Use it. - (get_profile_etype_list): Use passed-in enctype list if the - passed-in count is non-zero, instead of checking the - in_tkt_ktype_count value in the context. - -2000-06-23 Ken Raeburn <raeburn@mit.edu> - Nalin Dahyabhai <nalin@redhat.com> - - * conv_princ.c (krb5_524_conv_principal): Return an error if name - is too long. Use memcpy for character data since we already know - the length. - -2000-06-23 Nalin Dahyabhai <nalin@redhat.com> - - * kfree.c (krb5_free_keyblock_contents): Set contents pointer to - null after freeing. - - * chk_trans.c (krb5_check_transited_list): Don't overflow buffers - "prev" and "next". - * conv_princ.c (krb5_425_conv_principal): Don't overflow buffer - "buf". - -2000-06-23 Ken Raeburn <raeburn@mit.edu> - Booker C. Bense <bbense@networking.stanford.edu> - - * conv_princ.c (krb5_524_conv_principal): Look up v4_realm in - config file, in case site's krb4 realm name isn't the same as the - krb5 realm name. - -2000-05-31 Wilfredo Sanchez <tritan@mit.edu> - - * fwd_tgt.c: Check for existance of <memory.h>. - [from Nathan Neulinger <nneul@umr.edu>] - -2000-5-19 Alexandra Ellwood <lxs@mit.edu> - - * sendauth.c, fwd_tgt.c: Changed to use krb5int_cc_default. This function - supports the Kerberos Login Library and pops up a dialog if the cache does - not contain valid tickets. This is used to automatically get a tgt before - obtaining service tickets. Note that this should be an internal function - because callers don't expect krb5_cc_default to pop up a dialog! - (We found this out the hard way :-) - -2000-05-15 Jeffrey Altman <jaltman@columbia.edu> - - * Added new source file appdefault.c - Implements new public functions - - krb5_appdefault_string - krb5_appdefault_boolean - -2000-04-28 Alexandra Ellwood <lxs@mit.edu> - - * gic_pwd.c (krb5_init_creds_password) added code to return to - login library if the password is expired (login library handles - this error appropriately). - -2000-04-08 Tom Yu <tlyu@mit.edu> - - * vfy_increds.c (krb5_verify_init_creds): appdefault_boolean -> - libdefault_boolean; it somehow got missed earlier. - -2000-04-07 Jeffrey Altman <jaltman@columbia.edu> - - * gic_pwd.c (krb5_get_init_creds_keytab), gic_pwd.c - (krb5_get_init_creds_password) when determining whether or not to - retry with a "master kdc" do not retry if the return value from - the first attempt was KRB5_REALM_CANT_RESOLV. Also, do not - overwrite the return code if the return value from the access to - the "master kdc" was KRB5_REALM_CANT_RESOLV. - -2000-03-15 Danilo Almeida <dalmeida@mit.edu> - - * init_ctx.c (init_common), gic_pwd.c (krb5_get_as_key_password, - krb5_get_init_creds_password), preauth2.c (pa_sam): Add support - for krb5_get_prompt_types(). - -2000-03-13 Ken Raeburn <raeburn@mit.edu> - - * preauth2.c (pa_function): Called function now takes new - krb5_enctype pointer argument. - (pa_salt, pa_sam): Accept new arg, ignore it. - (pa_enc_timestamp): Accept new arg. If value pointed to is - nonzero, pass it to get-AS-key fn instead of first requested - enctype. Added some debugging fprintf calls, conditionally - compiled. - (krb5_do_preauth): Accept new arg, and pass it through to the - specific preauth functions. Added some debugging fprintf calls, - conditionally compiled. - - * get_in_tkt.c (krb5_get_init_creds): Pass etype pointer to - krb5_do_preauth. - -2000-03-12 Ezra Peisach <epeisach@mit.edu> - - * addr_comp.c, addr_order.c, addr_srch.c, bld_pr_ext.c, - bld_princ.c, encrypt_tk.c, gen_seqnum.c, gen_subkey.c: Change - prototypes to use krb5_const instead of const to match the entries - in krb5.hin - -2000-03-10 Miro Jurisic <meeroh@mit.edu> - - * get_in_tkt.c (krb5_get_init_creds): Always initialize local_as_reply - to avoid returning garbage on error returns. - -2000-02-25 Ken Raeburn <raeburn@mit.edu> - - * preauth2.c (krb5_do_preauth): Check paorder[h] not h for - PA_REAL. Fix from Matt Crawford. - -2000-02-16 Ken Raeburn <raeburn@mit.edu> - - * preauth2.c (pa_sam): In send-encrypted-sad mode, check for magic - salt length and generate a salt from the principal name if found; - use the password and salt to generate a key. Provide timestamp if - nonce is zero, regardless of preauth mode. (Patch from Chas - Williams.) - -2000-02-07 Ken Raeburn <raeburn@mit.edu> - - * gic_pwd.c (krb5_get_as_key_password): If the as_key enctype is - already set to the correct type, do continue and ask for the - password anyways. (Patch from Chas Williams, PR krb5-libs/730.) - - * preauth2.c (pa_sam): If no sam_flags were set, return - KRB5_PREAUTH_BAD_TYPE, because we don't currently handle that - case. - -2000-02-06 Ken Raeburn <raeburn@mit.edu> - - * preauth2.c (pa_sam): Remove unused variable use_sam_key. - (SAMDATA): Cast first result to int, which is what sprintf needs. - (pa_salt): Delete unused variable ret. - - Patches from Frank Cusack: - * kfree.c (krb5_free_predicted_sam_response_contents): Fix typo. - Free new data fields if needed. - (krb5_free_enc_sam_response_enc_contents): Update for field name - change. - * preauth.c (obtain_sam_padata): Update for field name change. - * preauth2.c (pa_sam): Likewise. - -2000-01-27 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (get_profile_etype_list): Discard DESONLY changes - from 1999-09-01, and revert call sites. - -1999-12-02 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (get_profile_etype_list): Report an error if no - recognized enctypes are found in the config file. - -1999-11-23 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (init_common): Renamed from krb5_init_context, now - static. New argument SECURE provides initialization of - profile_secure field. - (krb5_init_context): Call it. - (krb5_init_secure_context): New function. - - * in_tkt_ktb.c (keytab_keyproc): Now static. - * in_tkt_pwd.c (pwd_keyproc): Now static. - * in_tkt_sky.c (skey_keyproc): Now static. - - * preauth2.c (krb5_do_preauth): Fix syntax in switch statement. - Cast padata contents pointer to avoid warning. - (pa_types): Now static. - - * str_conv.c (krb5_deltat_to_string): Always write to a local - temporary buffer that's guaranteed to be large enough, then see if - the supplied output buffer is big enough. - (krb5_string_to_deltat): Deleted. - * x-deltat.y, deltat.c: New files. - * Makefile.in (deltat.c): Add rule for building from x-deltat.y, - but comment out dependencies for easier maintenance. - (BISON, BISONFLAGS): New variables. - - * str_conv.c: Removed most static char arrays, substituting the - values in place. - (krb5_string_to_timestamp): Move atime_format_table inside here. - (krb5_timestamp_to_sfstring): Move sftime_format_table inside - here. - - * str_conv.c: If strftime or strptime are not available, include - the renamed NetBSD versions, and define the function names as - macros to map them to the replacement names. - (__P, _CurrentTimeLocale, dummy_locale_info, TM_YEAR_BASE, - DAYSPERLYEAR, DAYSPERNYEAR, DAYSPERWEEK, isleap, tzname, tzset): - Define some dummies for strftime/strptime to use. - (strptime): Deleted old stub version. - (krb5_timestamp_to_string, krb5_timestamp_to_sfstring): Always - assume strftime is available. - (krb5_string_to_timestamp): Assume strptime is always available. - * strftime.c, strptime.c: New files, based on NetBSD versions. - Modified to rename the functions and not export any symbols. - - * Makefile.in (T_DELTAT_OBJS): New variable. - (TEST_PROGS): Add t_deltat. - (t_deltat): Add rule. - (clean): Added t_deltat stuff. Run rm only once. - * t_deltat.c: New file. - -1999-11-02 Ken Raeburn <raeburn@mit.edu> - - * t_ref_kerb.out: Fix expected zephyr/zephyr output. - -1999-10-26 Wilfredo Sanchez <tritan@mit.edu> - - * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, - LOCAL_INCLUDES such that one can override CFLAGS from the command - line without losing CPP search patchs and defines. Some associated - Makefile cleanup. - -1999-10-12 Ken Raeburn <raeburn@mit.edu> - - * conv_princ.c (sconv_list): Don't do conversion for "zephyr" - principal. (Noticed by Derrick Brashear.) Delete about a dozen - duplicate entries. - -1999-09-01 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (get_profile_etype_list): Update name of the des3 - entry in the default etype list. - - * init_ctx.c (get_profile_etype_list): New argument DESONLY; if - set, ignore any ktype values other than NULL, DES_CBC_CRC, and - DES_CBC_MD5. - (krb5_get_default_in_tkt_ktypes, krb5_get_tgs_ktypes): Set it. - (krb5_get_permitted_enctypes): Don't set it. - - * fwd_tgt.c (krb5_fwd_tgt_creds): Use KRB5_TC_SUPPORTED_KTYPES - when calling krb5_cc_retrieve_cred. - * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): Ditto. - * get_creds.c (krb5_get_credentials_core): Set that flag. - (krb5_get_credentials): Check for KRB5_CC_NOT_KTYPE error return. - - * t_ser.c (main): Disable eblock serialization test, since the - code it tests was disabled nearly a year ago. - - * str_conv.c (krb5_timestamp_to_sfstring): Don't pass extra - argument to sprintf. - -1999-08-10 Alexandra Ellwood <lxs@mit.edu> - - * chpw.c (krb5_mk_chpw_req): - Added call to free cipherpw.data. cipherpw.data is allocated - by krb5_mk_priv and passed back. Since cipherpw is never - passed back, krb5_mk_chpw_req should free it. - -1999-08-05 Danilo Almeida <dalmeida@mit.edu> - - * init_ctx.c (krb5_init_context): Document why krb5_win_ccdll_load - is called way early in code. (It is because we need to have the - ccapi stuff loaded before trying to get the OS-specific context - initialization where we figure out default cache names and such.) - -1999-08-05 Danilo Almeida <dalmeida@mit.edu> - - * init_ctx.c (get_profile_etype_list): Use profile_release_string - to free string allocated by profile_get_string. - (krb5_init_context): Use a real context for krb5_win_ccdll_load. - - * get_in_tkt.c (krb5_appdefault_string): - * conv_princ.c (krb5_425_conv_principal): Use profile_free_list - to free values allocated by profile_get_values. - -1999-08-04 Danilo Almeida <dalmeida@mit.edu> - - * get_in_tkt.c (_krb5_conf_boolean, krb5_appdefault_boolean): - Rename krb5_conf_boolean to _krb5_conf_boolean to denote that - it is not public so that folks outside the libraries won't - be tempted to use it. - -1999-08-03 Danilo Almeida <dalmeida@mit.edu> - - * get_creds.c (krb5_validate_or_renew_creds): Intialize out_creds - pointer to 0 and then check whether it is 0 before trying to - dereference it, in case lower-level routine failed to assign - a value to it. - -1999-07-22 Jeffrey Altman <jaltman@columbia.edu> - - get_in_tkt.c: rename conf_boolean to krb5_conf_boolean so that - it may be used in additional modules. - -1999-06-28 Tom Yu <tlyu@mit.edu> - - * enc_helper.c (krb5_encrypt_helper): NULL out the pointer to the - ciphertext if there is an error; this prevents stuff farther up - from freeing freed memory. - -1999-06-18 Ken Raeburn <raeburn@mit.edu> - - * init_ctx.c (krb5_free_context): Set field pointers to NULL after - freeing targets, in case higher-level code retains pointers into - the context structure. (From Jeffrey Altman.) - -Thu May 13 17:31:34 1999 Theodore Y. Ts'o <tytso@mit.edu> - - * init_ctx.c (krb5_init_context): Pass the context to - kkrb5_win_ccdll_load so that it can register the FILE - ccache type if using ccapi (so that the FILE ccache type - will always work). - -Mon May 10 15:26:00 1999 Danilo Almeida <dalmeida@mit.edu> - - * Makefile.in: Do win32 build in subdir. - -1999-04-09 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * kfree.c (krb5_free_sam_challenge, krb5_free_sam_challenge_contents, - krb5_free_sam_response, krb5_free_sam_response_contents, - krb5_free_predicted_sam_response, - krb5_free_predicted_sam_response_contents, - krb5_free_enc_sam_response_enc, - krb5_free_enc_sam_response_enc_contents, - krb5_free_pa_enc_ts): Added new functions. Part of - patches from [krb5-kdc/662] - - * gic_pwd.c (krb5_get_init_creds_password): Add new argument to - calls to the prompter function. Part of patches from - [krb5-kdc/662]. - - * preauth2.c (pa_enc_timestamp, pa_sam): Update calls to new - prompter function. [krb5-kdc/662]. - -1999-03-31 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * init_ctx.c (krb5_init_context): Call krb5_win_ccdll_load() to - load the krbcc32.dll under windows. - -Mon Mar 8 22:39:01 1999 Tom Yu <tlyu@mit.edu> - - * sendauth.c (krb5_sendauth): Set credspout to NULL if it's - destined to be returned to avoid freeing it. Also, - unconditionally free credspout if it's non-NULL so that if someone - doesn't pass in a ticket and doesn't give us a non-NULL out_creds, - we don't leak it. [krb5-libs/699] - -1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * Makefile.in: Set the myfulldir and mydir variables (which are - relative to buildtop and thisconfigdir, respectively.) - -Mon Nov 2 19:00:23 1998 Tom Yu <tlyu@mit.edu> - - * str_conv.c: Remove krb5_cksumtype_to_string after merge. - -1998-10-27 Marc Horowitz <marc@mit.edu> - - * vfy_increds.c: rearrange the code a bit to make it more clear - that the logic is correct. - - * str_conv.c: remove enctype and cksumtype string converstions. - They're in the crypto library now, since the information drops - right into the enctype table. - - * ser_eblk.c: ifdef the whole file out, since it's not used - anywhere. it should probably be deleted, but I'm not sure about - backward-compatibility issues yet. - - * rd_req_dec.c: check the auth_context permit-all flag and - permitted_enctypes list, and reject the request if the policy - check fails. - - * init_ctx.c: add code to initialize the prng. It's not great, - but can be improved, and the prng is reseeded when new keys are - processed. Read permitted_enctypes from the krb5.conf file, and - provide accessor functions for it. Make the various etype list - parsers share code as a side effect. - - * get_creds.c: add krb5_get_{validat,renew}ed_creds functions, - which are part of the new init_creds api. The prototypes were - already in, krb5.hin but there was no implementing code. - - * auth_con.c, auth_con.h: add a list of permitted enctypes to the - auth_context for rd_req to check, and create accessor functions - for this list. - - * Makefile.in, enc_helper.c: add enc_helper.c. This provides a - wrapper around the conventional way the library encrypts and wraps - encoded asn.1 structures, so the code isn't repeated in a dozen - places. - -Wed Aug 19 17:27:51 1998 Tom Yu <tlyu@mit.edu> - - * conv_princ.c: Add some additional entries to sconv_list that - were forgotten. - -Wed Jul 15 11:46:05 1998 Ezra Peisach <epeisach@mit.edu> - - * gic_pwd.c (krb5_get_init_creds_password): Remove unused argument - to sprintf(). - - * t_ref_kerb.out: Fix test case for zephyr principal to reflect - addition to conv_princ.c - -Tue Jul 7 17:06:13 1998 Theodore Y. Ts'o <tytso@mit.edu> - - * conv_princ.c: Add additional commonly seen Kerberos V4 services - to the hard-coded list. - -Tue Jul 7 16:59:03 1998 Tom Yu <tlyu@mit.edu> - - * chk_trans.c: Fix up previous fix; short-circuit out when - trans->length == 0. - -Wed Jul 1 17:59:26 1998 Theodore Y. Ts'o <tytso@mit.edu> - - * chk_trans.c (krb5_check_transited_list): Fix use of an - uninitialized variable; apparently the code was depending - on the stack garbage being non-zero(!) - -1998-05-26 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * srv_rcache.c (krb5_get_server_rcache): - * auth_con.c (krb5_auth_con_setrcache): Export this function in - Windows DLL. - -1998-05-12 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * str_conv.c (krb5_timestamp_to_sfstring): Make sure the date - string printed uses 4 digit years. - -1998-05-08 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * str_conv.c (krb5_string_to_timestamp, strptime): Fix routines to - be able to properly parse Y2K dates. - - * t_kerb.c: Add ability to test krb5_string_to_timestamp - -1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * t_ser.c (main): POSIX states that getopt returns -1 - when it is done parsing options, not EOF. - -1998-05-05 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * get_in_tkt.c (krb5_get_init_creds): If - libdefaults/{REALM}/noaddresses is true, then don't put - any addresses in the ticket request. - -Mon May 4 15:54:07 1998 Tom Yu <tlyu@mit.edu> - - * get_in_tkt.c: Add prototype for make_preauth_list. - -Sat May 2 21:46:02 1998 Tom Yu <tlyu@mit.edu> - - * get_in_tkt.c (krb5_get_in_tkt): Add missing argument to call to - make_preauth_list to avoid stack smashing. Pointed out by lxs. - -Mon Mar 16 19:50:55 1998 Tom Yu <tlyu@mit.edu> - - * chk_trans.c (krb5_check_transited_list): Check lengths when - appending to next and prev. - -Fri Feb 27 18:03:33 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * Makefile.in: Changed thisconfigdir to point at the lib/krb5 - directory, since we've moved the configure.in tests in - this directory to the toplevel lib/krb5 configure.in - -Thu Feb 19 19:03:20 1998 Tom Yu <tlyu@mit.edu> - - * recvauth.c (krb5_recvauth): Add some bookkeeping flags so we - know how much stuff to free upon cleanup. Fix the up cleanup - code. - -Wed Feb 18 16:24:02 1998 Tom Yu <tlyu@mit.edu> - - * Makefile.in: Remove trailing slash from thisconfigdir. Fix up - BUILDTOP for new conventions. - -Fri Feb 13 15:27:35 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * Makefile.in: Added new file kfree.c, which contained all of the - functions previously in the lib/krb5/free directory. - -Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile - -Thu Feb 5 23:48:34 1998 Theodore Y. Ts'o <tytso@mit.edu> - - * rd_cred.c (krb5_rd_cred): - * rd_safe.c (krb5_rd_safe): - * rd_priv.c (krb5_rd_priv): Use the remote_subkey first, since the - mk_* routines try to use their local_subkey first. - Otherwise, the wrong keys will get used if subkeys are - used in both directions. - -Fri Jan 2 21:21:29 1998 Tom Yu <tlyu@mit.edu> - - * preauth.c (handle_sam_labels): - (obtain_sam_padata): Check return of malloc. [krb5-libs/518] - - * chpw.c (krb5_mk_chpw_req): Check return of malloc. - (krb5_rd_chpw_rep): Check return of malloc. [krb5-libs/518] - -Tue Dec 16 00:08:33 1997 Tom Yu <tlyu@mit.edu> - - * mk_req_ext.c (krb5_mk_req_extended): Check enctype of session - key, not that of the ticket, which we really shouldn't care about. - -Sun Dec 7 07:24:23 1997 Ezra Peisach <epeisach@dumpster.rose.brandeis.edu> - - * gic_pwd.c (krb5_get_init_creds_password): Change fourth argument - in call to prompter (which is an int) from NULL to 0. - -Sat Dec 6 02:28:17 1997 Tom Yu <tlyu@mit.edu> - - * Makefile.in: Add files chpw.c, gic_*, preauth2.c, vfy_increds.c, - vic_opt.c. - - * chpw.c: New file; implement Cygnus chpw. - - * get_in_tkt.c: Implement support for Cygnus initial credentials - API. - - * gic_keytab.c: New file; Cygnus initial creds. - - * gic_opt.c: New file; Cygnus initial creds. - - * gic_pwd.c: New file; Cygnus initial creds. - - * preauth.c: Add more SAM support (from Cygnus). - - * preauth2.c: New file; additional SAM support from Cygnus. - - * send_tgs.c: Account for additional parameter to sendto_kdc. - - * vfy_increds.c: New file; Cygnus initial creds. - - * vic_opt.c: New file; Cygnus initial creds. - -Wed Oct 22 00:29:33 1997 Theodore Y. Ts'o <tytso@mit.edu> - - * send_tgs.c (krb5_send_tgs): Don't send a zero endtime; if the - requested endtime is zero, set it equal to the TGT endtime. - -Mon Oct 6 12:07:19 1997 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * set_realm.c (krb5_set_principal_realm): Allocate extra byte for - \0 after realm. - -Mon Sep 1 21:38:16 1997 Tom Yu <tlyu@mit.edu> - - * rd_cred.c (krb5_rd_cred_basic): Fix swapped args to memset. - -Fri Aug 29 16:41:25 1997 Tom Yu <tlyu@mit.edu> - - * get_in_tkt.c (krb5_get_in_tkt): Move nulling out of - request.padata before the os_localaddr call in order to avoid - freeing a null pointer in the cleanup code. - -Tue Aug 12 09:13:22 1997 Ezra Peisach <epeisach@mit.edu> - - * init_ctx.c (krb5_init_context): Initialize local variable ctx - before calling krb5_init_ets. - -Fri Aug 8 17:04:54 1997 Tom Yu <tlyu@mit.edu> - - * rd_cred.c (krb5_rd_cred_basic): Check remote_addr and - encpart.s_address before calling krb5_address_compare. Fixes - krb5-libs/456. - -Fri Jul 25 15:25:32 1997 Tom Yu <tlyu@mit.edu> - - * t_ser.c: Add support for changed kdb API. - -Tue Jul 15 22:15:09 1997 Theodore Y. Ts'o <tytso@mit.edu> - - * serialize.c (krb5_register_serializer): Only copy over the old - table when there's an old table to copy over. Otherwise, - BoundsChecker complains about memcpy(foo, NULL, 0). - -Tue Mar 25 00:32:55 1997 Theodore Y. Ts'o <tytso@mit.edu> - - * preauth.c (obtain_sam_padata): Fix handling of the sam-timestamp - and sam-usec fields, which should always be set if the - nonce is not available, not just SAM_USE_SAD_AS_KEY is - being used. [krb5-libs/325] - -Mon Mar 24 12:21:38 1997 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * t_ser.c: Clean up error reporting for krb5_init_context(). Also - report errors for each subtest, so we know which subtest - failed. - -Sat Feb 22 22:39:49 1997 Richard Basch <basch@lehman.com> - - * Makefile.in: Use some of the new library list build rules in - win-post.in - -Fri Feb 21 18:38:06 1997 Sam Hartman <hartmans@tertius.mit.edu> - - * crypto_glue.c: Move into libcrypto as krb5_glue.c; I need to - avoid libcrypto depending on libkrb5 - -Wed Feb 19 14:21:12 1997 Theodore Y. Ts'o <tytso@mit.edu> - - * t_kerb.c (test_set_realm): New function used to test - krb5_set_principal_realm(). Called by using the new "set_realm" - command to t_kerb. - - * set_realm.c (krb5_set_principal_realm): New function which sets - the realm of a principal. - -Thu Feb 13 14:17:00 1997 Richard Basch <basch@lehman.com> - - * get_in_tkt.c (krb5_get_in_tkt): Initialize as_reply; if - krb5_os_localaddr() returns an error, the cleanup - routine may try to free a garbage pointer (as_reply). - -Wed Feb 12 20:47:30 1997 Tom Yu <tlyu@mit.edu> - - * fwd_tgt.c (krb5_fwd_tgt_creds): Use the client's realm rather - than the server's realm for constructing the tgs principal. - Remove TC_MATCH_SRV_NAMEONLY from call to retrieve_cred() - because we want to get an exact match. - -Mon Feb 10 10:41:36 1997 Ezra Peisach <epeisach@mit.edu> - - * crypto_glue.c (krb5_calculate_checksum): Add krb5_const to - krb5_pointer of in data to match prototype. - -Sat Feb 8 15:02:39 1997 Richard Basch <basch@lehman.com> - - * get_creds.c: - Export krb5_get_credentials_{renew,validate} (win32) - Removed unused variable. - -Fri Feb 7 09:41:33 1997 Richard Basch <basch@lehman.com> - - * mk_cred.c (krb5_mk_ncred): Declare ncred as krb5_int32 so that - the right value is pushed onto the stack when calling - krb5_mk_ncred_basic() - - * copy_addrs.c fwd_tgt.c mk_cred.c: - Use FAR keyword in pointer declarations. - - * sendauth.c (krb5_sendauth): Do not free the credentials if they - are being returned to the caller [krb5-libs/357] - -Sun Feb 2 20:57:15 1997 Richard Basch <basch@lehman.com> - - * serialize.c: Added FAR declarations to pointer arguments for - all functions declared as KRB5_DLLIMP. - -Thu Jan 30 21:44:37 1997 Richard Basch <basch@lehman.com> - - * crypto_glue.c: - Export more crypto-layer functions: - krb5_encrypt, krb5_decrypt, krb5_eblock_enctype, - krb5_process_key, krb5_finish_key, krb5_string_to_key, - krb5_init_random_key, krb5_finish_random_key, krb5_random_key - -Sat Feb 8 18:41:42 1997 Tom Yu <tlyu@mit.edu> - - * Makefile.in: - * configure.in: Update to new program build procedure. - -Thu Jan 2 17:16:18 1997 Tom Yu <tlyu@mit.edu> - - * Makefile.in: - * configure.in: Update to new library build procedure. - -Mon Dec 23 17:20:03 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * Makefile.in (SRCS): Add brand.c to the SRCS line so that the - kerbsrc.mac.tar includes brand.c - -Sat Dec 21 01:26:11 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * brand.c: New file, which allows a release engineer to "brand" - the krb5 library or a binary application program - statically linked against the krb5 library. This file is - statically included by init_ctx.c, to force it be in a - binary library or application program. - - * init_ctx.c (krb5_init_context): Use new call krb5_vercheck() for - Windows timebomb checking; this call returns an error - code, which is returned to the user if the timebomb should - be activated. - -Thu Nov 21 14:55:16 EST 1996 Richard Basch <basch@lehman.com> - - * Makefile.in: win32 build - - * auth_con.c bld_pr_ext.c conv_princ.c copy_addrs.c copy_athctr.c - copy_auth.c copy_cksum.c copy_creds.c copy_data.c copy_key.c - copy_princ.c copy_tick.c cp_key_cnt.c decrypt_tk.c fwd_tgt.c - gc_via_tkt.c get_creds.c get_in_tkt.c in_tkt_ktb.c in_tkt_pwd.c - in_tkt_sky.c init_ctx.c mk_cred.c mk_error.c mk_priv.c mk_rep.c - mk_req.c mk_req_ext.c mk_safe.c parse.c princ_comp.c rd_cred.c - rd_error.c rd_priv.c rd_rep.c rd_req.c rd_safe.c recvauth.c - sendauth.c str_conv.c unparse.c valid_times.c - DLL export various functions (see lib/krb5.def for full list) - -Thu Nov 21 13:54:01 1996 Ezra Peisach <epeisach@mit.edu> - - * recvauth.c (krb5_recvauth): If there is an error, and the server - argument to krb5_recvauth is NULL, create a dummy server - entry for the krb5_error structure so that krb5_mk_error - will not die with missing required fields. [krb5-libs/209] - -Wed Nov 13 14:30:47 1996 Tom Yu <tlyu@mit.edu> - - * init_ctx.c: Revert previous kt_default_name changes. - -Tue Nov 12 22:07:33 1996 Tom Yu <tlyu@mit.edu> - - * init_ctx.c (krb5_init_context): Oops. Initialize kt_default_name - to NULL. - - * init_ctx.c (krb5_free_context): Free kt_default_name if it's - non-NULL. - -Sat Nov 9 14:19:28 1996 Ezra Peisach <epeisach@mit.edu> - - * Makefile.in (check-unix): Invoking t_ser requires that - KRB5_CONFIG points to a valid krb5.conf - - * t_ser.c (main): If verbose flag is set and there is an error, - display error message. - -Wed Nov 6 14:02:21 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * init_ctx.c (krb5_init_context): Initialize the error tables, so - applications don't need to call krb5_init_ets(). - -Tue Nov 5 08:09:23 1996 Ezra Peisach <epeisach@mit.edu> - - * serialize.c (krb5_register_serializer): Do not free a NULL pointer. - -Thu Oct 31 13:48:14 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * init_ctx.c (krb5_init_context): Make it more obvious that - default ticket lifetimes is not yet supported. - -Tue Sep 24 20:59:14 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * get_in_tkt.c (make_preauth_list): Correctly null-terminate the - preauth list generated by make_preauth_list. - -Thu Sep 19 12:29:59 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * unparse.c (krb5_unparse_name_ext): Make unparse correctly handle - a all cases where a principal contains a nulls, backspace, - newlines, or tabs. - - * t_kerb.c (test_parse_principal): Add test for checking - krb5_parse_principal() - - * parse.c (krb5_parse_name): Set all of the magic field values. - -Wed Jul 24 17:09:39 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * preauth.c (find_pa_system): Change type of first argument to be - krb5_preauthtype, to eliminate compiler warnings under - Windows. - -Wed Jul 10 20:22:41 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * init_ctx.c (krb5_init_context): Add a call to krb5_win_do_init() - on Win16 and Win32 machines. This is where we do timebomb - and version server checking. - -Sun Jul 7 15:14:43 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * get_creds.c: (krb5_get_credentials_val_renew_core) Combine - common internals needed from krb5_get_credentials_validate() - and used by new function krb5_get_credentials_renew() - - * gc_frm_kdc.c (krb5_get_cred_from_kdc_renew): A wrapper that - passes KDC_OPT_RENEW to the static - krb5_get_cred_from_kdc_opt so that kinit can use it. - - -Mon Jun 24 09:45:04 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * bld_princ.c (krb5_build_principal_va): Change const to - krb5_const, so that it works on compilers that don't - support const. - -Mon Jun 17 20:23:48 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * str_conv.c (krb5_string_to_timestamp): Ensure that all fields of - the timestamp are filled in if strptime does not fill in - unspecified fields. - -Wed Jun 12 01:10:09 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * sendauth.c (krb5_sendauth): If ECCONABORTED is not defined, try - using the Winsock equivalent (WSAECONNABORTED). - -Mon Jun 10 21:47:21 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> - - * parse.c (krb5_parse_name): Change use of _WINDOWS to _MSDOS, and - add check for _WIN32. - -Thu Jun 6 00:06:18 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * get_creds.c (krb5_get_credentials_core): A static function must - not use the INTERFACE keyword. - -Tue May 14 18:39:22 1996 Richard Basch <basch@lehman.com> - - * mk_req_ext.c mk_safe.c send_tgs.c: - set the length field of the krb5_checksum structure before - calling krb5_calculate_checksum. - - * str_conv.c: replaced sha-des3 cksum with hmac-sha. - -Tue May 14 02:53:42 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * ser_ctx.c (krb5_context_size, krb5_context_externalize, - krb5_context_internalize): Add missing fields from the - serialized context: clockskew, default_kdc_req_sumtype, - default_ap_req_sumtype, default_safe_sumtype, - kdc_default_options, library_options, profile_secure, - fcc_default_format, scc_default_format. - - * ser_actx.c (krb5_auth_context_size, krb5_auth_context_externalize, - krb5_auth_context_internalize): Serialize the two fields - req_cksumtype and safe_cksumtype, instead of the one - cksumtype field. - - * mk_safe.c (krb_mk_safe): Use safe_cksumtype instead of cksumtype - in the auth context. - - * mk_req_ext.c (krb5_mk_req_extended): Use req_cksumtype instead - of cksumtype in the auth context. - - * init_ctx.c (krb5_init_context): Add support for new profile - relations libdefaults/tkt_lifetime, - libdefaults/kdc_req_checksum_type, - libdefaults/ap_req_cksumtype, - libdefaults/safe_checksumtype, and - libdefaults/kdc_default_options. - - * auth_con.h: Remove old cksumtype element, and replace it with - req_cksumtype and safe_cksumtype. - - * auth_con.c (krb5_auth_con_init): Initialize the req_cksumtype - and safe_cksumtype from the context's default - req_cksumtype and safe_cksumtype. - (krb5_auth_con_set_req_cksumtype, - krb5_auth_con_set_safe_cksumtype): New functions, to - replace old krb5_auth_con_setcksumtype - -Fri May 10 18:48:38 EDT 1996 Richard Basch <basch@lehman.com> - - * init_ctx.c: Removed des3-cbc-md5 default support - -Fri May 10 02:51:17 1996 Richard Basch <basch@lehman.com> - - * str_conv.c: changes des3-md5 to des3-sha & added sha cksum types - -Sun May 5 09:46:18 1996 Ezra Peisach (epeisach@kangaroo.mit.edu) - - * preauth.c: Add casts and const keywords as needed. - -Fri May 3 00:15:18 1996 Mark Eichin <eichin@cygnus.com> - - * get_creds.c (krb5_get_credentials_core): new function. Common - part of krb5_get_credentials and krb5_get_credentials_validate. - Some formerly local variables are now arguments. - (krb5_get_credentials): same as before, but calls _core to do some - of the work. - (krb5_get_credentials_validate): uses - krb5_get_cred_from_kdc_validate and only stores the returned - credential in the cache, instead of storing all of them. - -Thu May 2 22:48:56 1996 Mark Eichin <eichin@cygnus.com> - - * gc_frm_kdc.c (krb5_get_cred_from_kdc_opt): new function. Same - body as krb5_get_cred_from_kdc, but takes one new argument, - kdcopts, and combines it with the other kdc options when calling - krb5_get_cred_via_tkt. This is static and only called by - (krb5_get_cred_from_kdc): a wrapper that provides the same - function it did before, and - (krb5_get_cred_from_kdc_validate): a wrapper that passes - KDC_OPT_VALIDATE, so that kinit can use it. - We'll probably need another one for renewing tickets as well. - - * rd_req_dec.c (krb5_rd_req_decoded_opt): new function. Same body - as krb5_rd_req_decoded, but takes one new argument, - check_valid_flag, to determine whether or not to check if the - "invalid flag" is set in the ticket. Also made static, so that it - is only called via: - (krb5_rd_req_decoded): wrapper for krb5_rd_req_decoded_opt that - specifies the "invalid flag" gets checked, and - (krb5_rd_req_decoded_anyflag): wrapper for krb5_rd_req_decoded_opt - that specifies that the "invalid flag" doesn't get checked. (This - version is only called from kdc_util.c:kdc_process_tgs_req.) - -Wed May 1 14:30:29 1996 Richard Basch <basch@lehman.com> - - * srv_rcache.c (krb5_get_server_rcache): include the uid in the - default server replay cachename, for systems with geteuid. - - * configure.in: test if the system has geteuid() - -Wed May 1 02:26:53 1996 Mark Eichin <eichin@cygnus.com> - - * str_conv.c (krb5_string_to_timestamp): double check that - strptime at least parsed *some* of the string, avoid degenerate - cases from GNU libc strptime. - -Tue Apr 30 18:19:01 1996 Ken Raeburn <raeburn@cygnus.com> - - * t_ser.c (stuff): New variable. - (ser_acontext_test, ser_eblock_test, ser_cksum_test): Use it, - instead of assuming it's valid to treat &FUNCTION as a data - pointer. - - * conv_princ.c (sconv_list): Now const. - (krb5_*_conv_principal): Use pointer to const for it. - - Tue Apr 23 19:39:59 1996 Mark Eichin <eichin@cygnus.com> - - * get_creds.c (krb5_get_credentials): this isn't the kernel, so - don't return negative errno values. - -Sat Apr 27 19:14:21 1996 Richard Basch <basch@lehman.com> - - * fwd_tgt.c (krb5_fwd_tgt_creds): fixed a possible null dereference. - -Wed Apr 17 14:22:10 1996 Theodore Y. Ts'o <tytso@mit.edu> - - * conv_princ.c: Added ftp and ecat to the list of services which - should be converted. This really ought to be something - that's configurable in the profile... - -Thu Apr 11 21:30:23 1996 Theodore Y. Ts'o <tytso@dcl> - - * init_ctx.c (krb5_init_context): On a Macintosh, turn on - kdc_timesync and use the v4 credentials cache by default. - - * get_in_tkt.c (stash_as_reply, verify_as_reply): Move time offset - code from stash_as_reply to verify_as_reply, and fix it so - that it actually works. - -Wed Apr 3 16:04:36 1996 Theodore Y. Ts'o <tytso@dcl> - - * rd_req_dec.c (krb5_rd_req_decoded): Move code which - validated the ticket times to krb5_validate_times. - - * valid_times.c (krb5_validate_times): New function which - determines whether or not the ticket times are valid. - - * mk_req_ext.c (krb5_mk_req_extended): Call krb5_validate_time() - to determine whether or not the ticket in passed-in - credentials is valid. If it isn't, return an error right - away. - -Wed Mar 27 17:05:47 1996 Richard Basch <basch@lehman.com> - - * in_tkt_ktb.c (keytab_keyproc): Do not check to see that the - enctype of the key is identical; there are several equivalent - DES enctypes. - - * in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): Removed the fancy - logic to only request the keytypes that correspond to those in - the keytab. There were too many fencepost conditions that could - get you into trouble. Either it should be there and *fully* - functional, or not in there at all. Besides, there are too many - other components in Kerberos that expect the end-service to know - all its keys that this sanity check is overkill. - -Tue Mar 26 14:45:03 1996 Richard Basch <basch@lehman.com> - - * conv_princ.c: added "imap" service to the conversion list as - requiring domain conversion for the instance. (imap/<host> is used - by some of the new imap mail implementations) - -Sun Mar 24 01:34:14 1996 Sam Hartman <hartmans@tertius.mit.edu> - - * send_tgs.c (krb5_send_tgs_basic): You want to setup the eblock - used for the authenticator using the in_cred->keyblock, *not* - request.ticket.enc_part.enctype. Under a multi-enctype system, - the session key may be different from the ticket key. - -Wed Mar 20 23:00:59 1996 Theodore Y. Ts'o <tytso@dcl> - - * walk_rtree.c (krb5_walk_realm_tree): Fix 16bit vs. 32bit error. - (cap_code should been a krb5_error_code, not an int!) - - * mk_cred.c (krb5_mk_ncred_basic): Fix windows lint flame. - - * get_in_tkt.c (krb5_get_in_tkt): Fix 16bit vs. 32bit error. - (do_more should not have been an int!) - -Tue Mar 19 13:03:26 1996 Richard Basch <basch@lehman.com> - - * in_tkt_ktb.c (krb5_get_in_tkt_with_keytab): - Only request keytypes that correspond to those in the keytab. - -Mon Mar 18 21:49:39 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * configure.in: Add KRB5_RUN_FLAGS - - * Makefile.in: Use runtime flags. - -Sun Mar 17 20:32:08 1996 Ezra Peisach <epeisach@dumpster.rose.brandeis.edu> - - * configure.in: Add USE_ANAME, USE_KRB5_LIBRARY, KRB5_LIBRARIES so - that Makefile does not have to know build tree layout. - - * Makefile.in: Rework to be consistant with configure defines so - that configure can specify other needed libraries. - -Sun Mar 17 02:10:19 1996 Mark W. Eichin <eichin@cygnus.com> - - * copy_addrs.c (krb5_copy_addr): make non-static so we can use it - in mk_cred. - * mk_cred.c (krb5_mk_ncred_basic): copy local_addr and remote_addr - instead of just aliasing them, so we can safely free them ourselves. - -Fri Mar 15 14:29:00 1996 Richard Basch <basch@lehman.com> - - * in_tkt_ktb.c: Close the keytab if we opened it, not if the - caller opened it. - -Wed Mar 13 17:31:30 1996 Ken Raeburn <raeburn@cygnus.com> - - * configure.in: Use AC_HEADER_STDARG. - -Mon Mar 11 11:15:26 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * str_conv.c (krb5_timestamp_to_string): Handle statement not - reached warning. - - * ser_addr.c (krb5_address_internalize): Add magic numbers - -Thu Feb 29 11:49:38 1996 Theodore Y. Ts'o <tytso@dcl> - - * fwd_tgt.c (NEED_SOCKETS): Use NEED_SOCKETS instead of #including - <netdb.h> - -Sat Feb 24 16:27:54 1996 Theodore Y. Ts'o <tytso@dcl> - - * gc_via_tkt.c (krb5_get_cred_via_tkt): Fix memory leak; free - enctypes after use. - -Thu Jan 25 01:35:52 1996 Sam Hartman <hartmans@tertius.mit.edu> - - * rd_req_dec.c (krb5_rd_req_decrypt_tkt_part): Remove outdated - comment about mapping etype to ktype. - - * gc_via_tkt.c (krb5_get_cred_via_tkt): If the keyblock.enctype is - non-null in in_cred, then request that particular key. - -Wed Jan 24 21:48:53 1996 Sam Hartman <hartmans@tertius.mit.edu> - - * get_creds.c (krb5_get_credentials): Only match against enctype - if it is non-null in increds. - -Sun Jan 21 23:32:53 1996 Tom Yu <tlyu@dragons-lair.MIT.EDU> - - * gc_via_tkt.c (krb5_kdcrep2creds): Set is_skey so get_creds won't - break trying to match is_skey in the ccache. This way we - won't end up with many copies of user-to-user tickets. - -Fri Jan 19 23:16:17 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * mk_req.c (krb5_mk_req): krb5_get_credentials does not take - default_kdc_options. - - * sendauth.c (krb5_sendauth): krb5_get_credentials does not take - default_kdc_options. - -Wed Jan 10 21:01:36 1996 Theodore Y. Ts'o <tytso@dcl> - - * init_ctx.c (krb5_init_context): Added checking of profile for - DCE compatability options (ccache type, and checksum type). - - * fwd_tgt.c (krb5_fwd_tgt_creds): Initialize addrs to 0 so that we - don't try to free stack garbage on an error. - - * krbconfig.c, Makefile.in: Removed krbconfig.c; it contained - global variables which are no longer used. - - * recvauth.c: Removed the global extern of - krb5_kdc_default_options, which wasn't being used anyway. - - * mk_req.c (krb5_mk_req): Replace use of krb5_kdc_default_options - with context->kdc_default_options. - - * gc_frm_kdc.c: Remove the global extern of krb5_kdc_req_sumtype, - which wasn't being used anymore anyway. - - * send_tgs.c (krb5_send_tgs_basic): Remove use of the global - variable krb5_kdc_req_sumtype, and use the kdc_req_sumtype - in the context structure instead. - - * walk_rtree.c (krb5_walk_realm_tree): Applied patch submitted by - Doug Engbert, so that the configurable authentication - patch takes into account the null entry at the end of the - list. - -Tue Jan 9 22:04:09 1996 Theodore Y. Ts'o <tytso@dcl> - - * fwd_tgt.c (krb5_fwd_tgt_creds): New function which handles all - of the dirty work of forwarding TGT's. - - * rd_cred.c (krb5_rd_cred_basic): Clean up memory allocation - discpline to remove memory leaks. - - * mk_cred.c (krb5_mk_ncred_basic, krb5_mk_ncred, krb5_mk_1cred): - Clean up memory allocation discpline to remove memory - leaks. - - * init_ctx.c (krb5_get_tgs_ktypes): Clean up parsing of the etype - list. Don't overrun the string containing the etype list. - -Wed Jan 3 21:32:59 1996 Theodore Y. Ts'o <tytso@dcl> - - * rd_cred.c (krb5_rd_cred_basic): When the keyblock is NULL, - assume we're being called from the gssapi code, which - doesn't have access to the sender or receive address - information, don't check the sender address, since it - won't be available. - - * rd_cred.c (decrypt_credencdata): When calling krb5_rd_credd(), - if the keyblock is null, just copy the encoded structure - from the "ciphertext" part of the structure and decode it. - - * mk_cred.c (encrypt_credencpart): When calling krb5_mk_cred(), if - the keyblock is NULL, don't encrypt it; just encode it and - leave it in the ciphertext area of the structure. - -Thu Dec 21 18:47:54 1995 Theodore Y. Ts'o <tytso@dcl> - - * rd_rep.c (krb5_rd_rep): Change use of - KRB5_SENDAUTH_MUTUAL_FAILED to KRB5_MUTUAL_FAILED. - -Tue Dec 19 17:15:40 1995 Theodore Y. Ts'o <tytso@dcl> - - * rd_cred.c (krb5_rd_cred_basic): Missing parenthesis meant that - wrong number of bytes was being allocated. - -Sun Dec 3 11:49:09 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * Makefile.in (SRCS/OBJS): Move compat_recv.c to krb5util library. - -Fri Dec 1 17:04:43 1995 Theodore Y. Ts'o <tytso@dcl> - - * recvauth.c (krb5_recvauth): Initialize rcache to zero, so that - on cleanup we don't try to free stack garbage. - -Sun Nov 26 19:31:18 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU> - - * preauth.c: Ultrix is broken. Prototype obtain_enc_ts_padata() - and process_pw_salt() explicitly rather than using the - typedef in k5-int.h becaus that typedef is to a function - pointer now. - -Fri Nov 17 22:35:52 1995 Theodore Y. Ts'o <tytso@dcl> - - * get_in_tkt.c (decrypt_as_reply): - * preauth.c (process_pw_salt): When fetching the key to decrypting - the encrypted kdc reply, use the etype associated with the - etype reply, not the etype associated with the included - ticket. - - * encode_kdc.c: Remove eblock argument from krb5_encode_kdc_rep; - set the eblock type from the client_key's enctype. - -Thu Nov 16 20:29:17 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * srv_rcache.c (krb5_get_server_rcache): Use krb5_rc_default_type - instead of assuming default rcache type is "dfl". - -Mon Nov 13 14:40:05 1995 <tytso@rsts-11.mit.edu> - - * walk_rtree.c (krb5_walk_realm_tree): Added ANL changes to - support configuration authentication paths. - -Mon Nov 13 12:57:12 1995 Theodore Y. Ts'o <tytso@dcl> - - * preauth.c (krb5_process_padata): Added generalized processing - for preauth information which is returned by the KDC. - This should be general enough to support the AFS3_SALT - preauth type, the SNK4 preauth type, and the public-key - mods to Kerberos. - (process_pw_salt): New function for processing the KRB5_PW_SALT - preauthentication type. - - * get_in_tkt.c (decrypt_as_reply): Removed temporary kludge for - processing the PW_SALT preauth type; that's now done in - preauth.c - (krb5_get_in_tkt): Call krb5_process_padata with new arguments so - that the preauth code can set the decryption_key if - necessary. - -Thu Nov 09 17:05:57 1995 Chris Provenzano (proven@mit.edu) - - * in_tkt_pwd.c : Remove krb5_enctype from krb5_string_to_key() args. - -Thu Nov 9 00:02:43 1995 Theodore Y. Ts'o <tytso@dcl> - - * get_in_tkt.c (krb5_get_in_tkt): Remove the etype_info argument - from the call to krb5_obtain_padata. - - * preauth.c (krb5_obtain_padata): Use the PADATA_ETYPE_INFO - preauth, if it exists, to determine which salt type to use - when encrypting the preauthentication data. Remove the - etype_info argument. - -Wed Nov 8 02:50:59 1995 Theodore Y. Ts'o <tytso@dcl> - - * krbconfig.c: Removed the krb5_clockskew variable. - - * srv_rcache.c (krb5_get_server_rcache): - * rd_safe.c (krb5_rd_safe): - * rd_req_dec.c (krb5_rd_req_decoded): - * rd_priv.c (krb5_rd_priv): - * rd_cred.c (krb5_rd_cred): - * gc_via_tkt.c (krb5_get_cred_via_tkt): - * get_in_tkt.c (verify_as_reply): Replace use of krb5_clockskew - with context->clockskew. - - * encrypt_tk.c (cleanup_scratch): Changed interface to no longer - require an eblock; we can use our own and figure out the - enctype from the passed-in key. - - * get_in_tkt.c (krb5_get_in_tkt): Added calls to - krb5_obtain_padata(). - - * preauth.c: Completely restructured file to support - preauthentication. - - -Fri Oct 27 22:15:33 1995 Theodore Y. Ts'o <tytso@dcl> - - * get_in_tkt.c (krb5_get_in_tkt): Extensive reworking of the - structure of this file to make it possible to support - preauthentication. - -Mon Oct 23 17:08:59 1995 Theodore Y. Ts'o <tytso@dcl> - - * in_tkt_pwd.c (krb5_get_in_tkt_with_password): Fix to properly - malloc password buffer. - -Mon Oct 23 11:09:56 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * rd_req_dec.c (krb5_rd_req_decoded): For heirarchal cross-realm, - set the length after initializing string. - - * rd_req.c (krb5_rd_req): If a new auth_context is created - and then there is an error, make sure return pointer is not - looking at freed memory. - -Fri Oct 6 22:04:42 1995 Theodore Y. Ts'o <tytso@dcl> - - * Makefile.in: Remove ##DOS!include of config/windows.in. - config/windows.in is now included by wconfig. - -Fri Sep 29 00:08:53 1995 Theodore Y. Ts'o <tytso@dcl> - - * gc_via_tkt.c (krb5_get_cred_via_tkt): Only check the returned - starttime to make sure it matches the requested starttime - if we requested a postdated ticket. - -Thu Sep 28 22:58:53 1995 Theodore Y. Ts'o <tytso@dcl> - - * conv_princ.c (krb5_425_conv_principal): Only convert instances - which don't have a '.' in them. If they have a '.', - assume that they are fully qualified already. - -Thu Sep 28 12:00:00 1995 John Rivlin <jrivlin@fusion.com) - - * gc_via_tkt.c: Cleaned up corrupt ticket error testing to - make it more debugable and I think work around a compiler - bug. - -Mon Sep 25 16:57:59 1995 Theodore Y. Ts'o <tytso@dcl> - - * Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the - Makefile. - -Wed Sep 13 10:58:20 1995 Keith Vetter (keithv@fusion.com) - - * get_in_t.c: removed unused variable. - * rd_cred.c: removed INTERFACE keyword. - * ser_auth.c: passing int32 where a size_t is wanted. - * ser_ctx.c: 16/32 bit int size mismatch. - -Sun Sep 17 23:41:19 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * rd_safe.c: Fix typo error. - -Sat Sep 16 01:23:14 1995 Theodore Y. Ts'o <tytso@dcl> - - * sendauth.c (krb5_sendauth): Make sure the scratch credentials - structure may have possible been used be freed.. - - * rd_safe.c (krb5_rd_safe_basic): Fall through to the cleanup code - at the end, to make sure the decoded message in message is - freed. - - * rd_req_dec.c (krb5_rd_req_decoded): Use krb5_copy_keyblock to - copy authent->subkey to auth_context->remote_subkey. - Keeping them separate avoids aliasing problems. - - * mk_req_ext.c (krb5_generate_authenticator): Fix memory leak. - Don't bash authent->subkey with key after carefully - copying it using krb5_copy_keyblock! - - * recvauth.c (krb5_recvauth): krb5_get_server_rcache() already - opens the rcache; doing it again merely causes a memory leak. - -Fri Sep 15 17:20:08 1995 Theodore Y. Ts'o <tytso@dcl> - - * gen_subkey.c (krb5_generate_subkey): Eliminate memory leak. - krb5_init_random_key() does its own allocation of the - keyblock. - - * gc_via_tkt.c (krb5_kdcrep2creds): Fix memory leak. - - * srv_rcache.c (krb5_get_server_rcache): Fix memory leak. - - * rd_safe.c (krb5_rd_safe_basic): Fix memory leak. - -Tue Sep 12 12:40:30 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * t_ser.c (ser_cksum_test): Work around an optimizer bug unser - OSF/1 and gcc. - -Sun Sep 10 12:00:00 1995 James Mattly (mattly@fusion.com) - - * gen_seqnum.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday - * get_in_tkt.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday - * mk_priv.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday - * mk_req_ext.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday - * send_tgs.c: change usage of krb5_timeofday over to krb5_crypto_us_timeofday - -Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) - - * auth_con.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c, - * gc_frm_kdc.c, gen_seqnum.c, get_creds.c, get_in_tkt.c, - * in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c, init_ctx.c, - * kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c, mk_req._ext.c, - * preauth.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c, - * send_tgs.c, sendauth.c, ser_actx.c, ser_ctx.c, ser_eblk.c, - * ser_key.c, t_ser.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g - -Wed Sept 6 12:00:00 EDT 1995 James Mattly (mattly@fusion.com) - - * get_in_tkt.c: change usage of krb5_timeofday to krb5_crypto_us_timeofday - * mk_req_ext.c: change usage of timeofday - * parse.c: disabled a usage of exit for macintosh - * send_tgs.c: change usage of krb5_timeofday over to - krb5_crypto_us_timeofday - * unparse.c: include <stdio.h> - - -Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) - - * decode_kdc.c, decrypt_tk.c, encode_kdc.c, encrypt_tk.c, gc_frm_kdc.c - * gc_via_tkt.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, in_tkt_sky.c - * init_ctx.c, kdc_rep_dc.c, mk_cred.c, mk_priv.c, mk_rep.c - * mk_req_ext.c, rd_cred.c, rd_priv.c, rd_rep.c, rd_req_dec.c, - * send_tgs.c, ser_ctx.c, ser_eblk.c, ser_key.c, t_ser.c: - Remove krb5_enctype references, and replace with - krb5_keytype where appropriate - -Fri Sep 1 20:03:41 1995 Theodore Y. Ts'o <tytso@dcl> - - * get_in_tkt.c (krb5_get_in_tkt): If kdc_settime is enabled, then - set the time_offset fields from the returned ticket's - authtime value. - - * init_ctx.c (krb5_init_context): Initialize new fields in - krb5_context (clockskew, kdc_req_sumtype, and - kdc_default_options). - - * gc_via_tkt.c (krb5_get_cred_via_tkt): Perform the necessary - sanity checking on the KDC response to make sure we detect - tampering. - - * send_tgs.c (krb5_send_tgs): Set the expected nonce in the - response structure. - - * krbconfig.c: Set the default checksum to use MD5 - -Fri Sep 1 11:16:43 EDT 1995 Paul Park (pjpark@mit.edu) - * ser_ctx.c - Add handling of new time offset fields in the os_context. - - -Tue Aug 29 14:14:26 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in, .Sanitize, ser_{actx,adata,addr,auth,cksum,ctx,eblk,key, - princ}.c, serialize.c, t_ser.c - Add serialization operations - for data structures required to serialize krb5_context, krb5_ - auth_context, krb5_encrypt_block and krb5_principal. - * auth_con.h - Add magic number. - * auth_con.c - Add static routine to copy an address and use this - instead of the other code. Set the magic number when initing - an auth_context. Use krb5_free_address to release an address. - * init_ctx.c - Free the allocated serializers when releasing context. - * rd_rep.c - Copy the keyblock from the message instead of setting - a pointer into it. - -Thu Aug 24 18:55:50 1995 Theodore Y. Ts'o <tytso@dcl> - - * .Sanitize: Update file list. - -Mon Aug 7 18:54:35 1995 Theodore Y. Ts'o <tytso@dcl> - - * in_tkt_ktb.c (keytab_keyproc): If there is an error looking up - the key, make sure the keytab is closed as part of the - cleanup. - -Fri Aug 4 22:04:08 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU> - - * conv_princ.c: Add braces to initializer to shut up gcc -Wall - -Fri Jul 7 16:31:06 EDT 1995 Paul Park (pjpark@mit.edu) - * Makefile.in - Find com_err in TOPLIBD. - * rd_safe.c - Use checksum verifier instead of doing it manually. - -Thu Jul 6 17:31:40 1995 Tom Yu <tlyu@lothlorien.MIT.EDU> - - * rd_safe.c (krb5_rd_safe_basic): Pass context to os_localaddr. - - * rd_priv.c (krb5_rd_priv_basic): Pass context to os_localaddr. - - * rd_cred.c (krb5_rd_cred_basic): Pass context to os_localaddr. - - * get_in_tkt.c (krb5_get_in_tkt): Pass context to os_localaddr. - -Wed July 5 15:52:31 1995 James Mattly <mattly@fusion.com> - * added condition for _MACINTOSH - -Sun Jul 2 18:59:53 1995 Sam Hartman <hartmans@tertius.mit.edu> - - * recvauth.c (krb5_recvauth): recvauth should send an error reply - if problem is not zero. Removed if that caused it to only send a - reply on success. - -Fri Jun 16 22:11:21 1995 Theodore Y. Ts'o (tytso@dcl) - - * get_in_tkt.c (krb5_get_in_tkt): Allow the credentials cache - argument to be optional; allow it to be NULL, meaning that - the credentials shouldn't be stored in a credentials cache. - -Mon Jun 12 16:49:42 1995 Chris Provenzano (proven@mit.edu) - - A couple bug reports/patches from Ed Phillips (flaregun@udel.edu) - * in_tkt_ktb.c (keytab_keyproc()): Fix memory leak. - * recvauth.c (krb5_recvauth()): Don't open a new rcache if - the auth_context already has one. - * auth_con.c (krb5_auth_con_free()): Close rcache is the - auth_context has one set. - * auth_con.c (krb5_auth_con_getrcache()): Return pointer - to the rcache set in the auth_context. - -Sun Jun 11 12:31:39 1995 Ezra Peisach (epeisach@kangaroo.mit.edu) - - * auth_con.c (krb5_auth_con_init): Zero newly allocated - krb5_auth_context. (Fixed error in redefinitions). - -Sat Jun 10 23:05:51 1995 Tom Yu (tlyu@dragons-lair) - - * auth_con.c, compat_recv.c, mk_cred.c, mk_priv.c, mk_rep.c, - mk_req.c, mk_req_ext.c, mk_safe.c, rd_cred.c, rd_priv.c, - rd_rep.c, rd_req.c rd_req_dec.c, rd_safe.c, recvauth.c, - sendauth.c: krb5_auth_context redefinitions - -Fri Jun 9 18:48:43 1995 <tytso@rsx-11.mit.edu> - - * rd_req_dec.c (krb5_rd_req_decoded): Fix -Wall nits - - * configure.in: Remove standardized set of autoconf macros, which - are now handled by CONFIG_RULES. - - * Makefile.in, faddr_ordr.c: Remove faddr_ordr.c; its function, - krb5_fulladdr_order, isn't used anywhere. - -Fri Jun 9 02:42:54 1995 Tom Yu (tlyu@dragons-lair) - - * rd_cred.c (krb5_rd_cred_basic): fix typo (extra "context" - argument passed to krb5_xfree) - -Thu Jun 8 22:48:27 1995 Theodore Y. Ts'o <tytso@dcl> - - * rd_cred.c (krb5_rd_cred_basic): Fix problem where the ticket - field was assigned with a krb5_data, which was then - immediately freed. - -Thu Jun 8 16:06:44 1995 <tytso@rsx-11.mit.edu> - - * compat_recv.c, auth_con.c, chk_trans.c, encrypt_tk.c, - gc_frm_kdc.c, gc_via_tkt.c, gen_seqnum.c, gen_subkey.c, - get_creds.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c, - in_tkt_skey.c, init_ctx.c, kdc_rep_dc.c, mk_cred.c, - mk_error.c, mk_priv.c, mk_rep.c, mk_req.c, mk_req_ext.c, - mk_cred.c, mk_safe.c, parse.c, preauth.c, rd_cred.c, - rd_rep.c, rd_req.c, rd_req_dec.c, rd_safe.c, recvauth.c, - sendauth.c, send_tgs.c, srv_rcache.c, walk_rtree.c: Clean - up GCC -Wall flames. - -Wed Jun 7 15:23:21 1995 <tytso@rsx-11.mit.edu> - - * conv_princ.c (krb5_425_conv_principal): Remove old CONFIG_FILES - code. - -Fri May 26 10:18:28 1995 Keith Vetter (keithv@fusion.com) - - * makefile.in: removed for the PC creating shared directory. - (still bug with the '@SHARED_RULE@' line but I'm waiting - on tytso for that since I don't want to break Unix). - -Thu May 25 09:58:42 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * gc_via_tkt.c (krb5_kdcrep2creds): Fix syntax error in the - freeing of the keyblock. - -Wed May 24 18:19:17 1995 Theodore Y. Ts'o (tytso@dcl) - - * Makefile.in, configure.in: Add rules for building shared library. - - * gc_via_tkt.c (krb5_kdcrep2creds): On an error, free the keyblock. - -Tue May 23 16:28:42 1995 Theodore Y. Ts'o (tytso@dcl) - - * gc_frm_kdc.c, preauth.c, t_kerb.c, t_walk_rtree.c, unparse.c: - Rearrange #include files so that krb5.h gets included - first, so that the debugging information can be more - efficiently collapsed since the type numbers will be the - same. - -Sat May 20 14:01:16 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * rd_safe.c (krb5_rd_safe): Increment remote_seq_number if - KRB5_AUTH_CONTEXT_DO_SEQUENCE is set. - -Thu May 11 22:42:30 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * rd_cred.c (krb5_rd_cred_basic): If address don't match, return - KRB5KRB_AP_ERR_BADADDR (add missing retval). - -Thu May 11 18:30:21 1995 Chris Provenzano (proven@mit.edu) - - * mk_cred.c (krb5_mk_cred()), mk_priv.c (krb5_mk_priv()), - * mk_safe.c (krb5_mk_safe()), rd_cred.c (krb5_rd_cred()), - * rd_priv.c (krb5_rd_prev()), rd_safe.c (krb5_rd_safe()): - Pass the contents pointer returned from krb5_make_fulladdr() - to free() not the address of the pointer. - -Tue May 9 08:34:21 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * Makefile.in (clean): Remove t_kerb and t_kerb.o - -Fri May 5 00:06:24 1995 Theodore Y. Ts'o (tytso@dcl) - - * conv_princ.c (krb5_425_conv_principal): Use new calling - convention of krb5_get_realm_domain, which is that it - returns the realm *without* the leading dot. - - Also use the profile code to look up individual instance - conversions using [realms]/<realm>/v4_instance_convert/<inst> - This allows special case handling of mit.edu and - lithium.lcs.mit.edu. - - * t_kerb.c: New file for testing krb library functions. Currently - only tests krb5_425_conv_principal. - -Wed May 03 03:30:51 1995 Chris Provenzano (proven@mit.edu) - - * recvauth.c, compat_recv.c (krb5_recvauth()): - * compat_recv.c (krb5_compat_recvauth()): - No longer needs the rc_type arg. - -Tue May 02 19:29:18 1995 Chris Provenzano (proven@mit.edu) - - * mk_cred.c (mk_cred()), mk_priv.c (mk_priv()), mk_safe.c (mk_safe()), - * rd_cred.c (rd_cred()), rd_priv.c (rd_priv()), rd_safe.c (rd_safe()): - Don't call krb5_make_fulladdrs() if a port isn't specified. - -Mon May 01 15:56:32 1995 Chris Provenzano (proven@mit.edu) - - * auth_con.c (krb5_auth_con_free()) : - Free all the data associated with the auth_context. - - * auth_con.c (krb5_auth_con_setkey()) : Removed. - * mk_rep.c (mk_rep()), - The krb5_mk_rep() routine must always encode the data in - the keyblock of the ticket, not the subkey. - - * cleanup.h, auth_con.c (krb5_auth_con_setports()) : Added. - * auth_con.h, mk_cred.c (mk_cred()), mk_priv.c (mk_priv()), - * mk_safe.c (mk_safe()), rd_cred.c (rd_cred()), - * rd_priv.c (rd_priv()), rd_safe.c (rd_safe()) : - Changes to auth_context to better support full addresses. - -Sat Apr 29 00:09:40 1995 Theodore Y. Ts'o <tytso@dcl> - - * srv_rcache.c (krb5_get_server_rcache): Fix fencepost error which - caused an access beyond the allocated memory of piece->data. - - * rd_priv.c (krb5_rd_priv_basic): Call krb5_free_priv_enc_part to free - the entire privenc_msg structure. - -Fri Apr 28 09:54:51 EDT 1995 Paul Park (pjpark@mit.edu) - - Move adm_rw.c from libkrb5 to libkadm. - -Fri Apr 28 08:36:03 1995 Theodore Y. Ts'o <tytso@lurch.mit.edu> - - * init_ctx.c (krb5_free_context): Extra semicolon meant the etypes - field in the context was never being freed. - -Fri Apr 28 01:44:51 1995 Chris Provenzano (proven@mit.edu) - - * send_tgs.c (krb5_send_tgs()), gc_via_tkt.c (krb5_get_cred_via_tkt()): - Removed krb5_cksumtype argument. - -Thu Apr 27 21:36:01 1995 Chris Provenzano (proven@mit.edu) - - * auth_con.c (krb5_auth_con_getaddrs() and krb5_auth_con_getflags()): - Added for completeness. - * mk_req_ext.c (krb5_mk_req_extended()) : Don't send the - AP_OPTS_USE_SUBKEY option over the wire. - -Thu Apr 27 17:40:20 1995 Keith Vetter (keithv@fusion.com) - - * adm_rw.c, mk_cred.c, rd_cred.c: - malloc on the PC must be size SIZE_T not int32. - * adm_rw.c: krb5_free_adm_data second argument now a krb5_int32. - -Thu Apr 27 16:33:17 EDT 1995 Paul Park (pjpark@mit.edu) - - * mk_priv.c - Back out previous change which always put in - timestamp, regardless of DO_TIME setting and - instead, clear out the replaydata before calling - mk_priv_basic from mk_priv. - * mk_safe.c - Same replaydata fix. - -Thu Apr 26 15:59:51 EDT 1995 Paul Park (pjpark@mit.edu) - - * Add adm_rw.c - routines to read and write commands from/to the - administrative (kpasswd/kadmin) server. - -Wed Apr 27 11:30:00 1995 Keith Vetter (keithv@fusion.com) - - * init_ctx.c: krb5_init_context wasn't checking return values. - * mk_req.c: deleted unused local variable. - -Wed Apr 26 22:49:18 1995 Chris Provenzano (proven@mit.edu) - - * gc_via_tgt.c, and gc_2tgt.c : Removed. - * Makefile.in, gc_via_tkt.c, gc_frm_kdc.c, and, int-proto.h : - Replaced get_cred_via_tgt() and get_cred_via_2tgt() - with more general function get_cred_via_tkt(). - -Tue Apr 25 21:58:23 1995 Chris Provenzano (proven@mit.edu) - - * Makefile.in : Added gc_via_tkt.c and removed get_fcreds.c - * auth_con.c (krb5_auth_con_setaddrs()) : Fixed so it allocates - space and copies addresses, not just pointer. - * mk_cred.c: Completely rewritten from sources donated by asriniva. - * rd_cred.c: Completely rewritten from sources donated by asriniva. - * mk_priv.c (krb5_mk_priv()), mk_safe.c (krb5_mk_safe()), - rd_priv.c (krb5_rd_priv()), and rd_safe (krb5_rd_safe()) : - Try using a subkey before using the session key for encryption. - * recvauth.c (krb5_recvauth()): Don't close the rcache on success. - -Mon Apr 24 23:12:21 1995 Theodore Y. Ts'o <tytso@dcl> - - * Makefile.in, configure.in (t_walk_rtree): Add WITH_NETLIBS and - $(LIBS), so that t_walk_rtree can compile under solaris. - -Mon Apr 24 17:09:36 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * parse.c (krb5_parse_name): Add magic number to new structure - - * get_creds.c: Fix comments describing operation - - * gc_frm_kdc.c: Fix comments describing operation - - * copy_cksum.c (krb5_copy_checksum): Fix comment in file - - * copy_addrs.c (krb5_append_addresses): ifdef out unused - krb5_append_addresses function. (no API or prototype - existed). - - * copy_data.c (krb5_copy_data): Initialize magic number - - * init_ctx.c (krb5_init_context): If an error is returned from - krb5_set_default_in_tkt_etypes or krb5_os_init_context, - pass to caller instead of stack garbage. - -Sat Apr 22 11:06:45 1995 Ezra Peisach (epeisach@kangaroo.mit.edu) - - * Makefile.in: t_walk_rtree needs libcrypto - - * t_walk_rtree.c: error in checking for argument count - -Thu Apr 20 16:23:23 1995 Theodore Y. Ts'o (tytso@dcl) - - * copy_addrs.c, copy_athctr.c, copy_auth.c, copy_cksum.c, - copy_creds.c, copy_key.c, copy_princ.c, copy_tick.c, - gc_2tgt.c, gc_frm_kdc.c, gc_via_tgt.c, get_creds.c, - mk_req_ext.c: Unless HAVE_C_STRUCTURE_ASSIGNMENT is defined, use - memcpy to copy structures around, instead of using - structure assignments. (Which aren't guaranteed to work - on some broken compilers.) - - * mk_req.c (krb5_mk_req): Use krb5_sname_to_principal() in order - to create the service principal from the service and - hostname pair. This allows for the host cannoncialization - to work correctly. - - * mk_req_ext.c (krb5_mk_req_extended): Revamp checksum handling - code so that no checksum is performed in in_data is NULL, - and the special case handing of cksumtype == 0x8003 for - the GSSAPI library is handled correctly. - -Wed Apr 19 13:39:34 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> - - * init_ctx.c: (krb5_init_context) initialize context default - realm. (krb5_free_context) free default realm. - -Fri Apr 14 15:05:51 1995 <tytso@rsx-11.mit.edu> - - * sendauth.c (krb5_sendauth): initialize error return parameter - - * copy_princ.c (krb5_copy_principal): Fix bug where - krb5_copy_principal can fail if it is asked to copy a - principal with a zero-length component on a system where - malloc(0) returns null. - -Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com) - - * *.[ch]: removed unneeded INTERFACE from non-api functions. - -Fri Mar 31 16:45:47 1995 Keith Vetter (keithv@fusion.com) - - * krb5_get_in_tkt: changed error return value for when clocks - are out of skew to be KRB5_KDCREP_SKEW. - -Fri Mar 31 00:44:26 1995 Theodore Y. Ts'o (tytso@dcl) - - * rd_req.c (krb5_rd_req): Fix typo which caused new_keytab to not - get freed, causing a memory leak. - -Thu Mar 30 15:49:27 1995 Keith Vetter (keithv@fusion.com) - - * rd_req.c: removed unused local variable. - -Tue Mar 28 18:34:20 1995 John Gilmore (gnu at toad.com) - - * rd_req_sim.c: Really remove the file. - -Mon Mar 27 08:34:49 1995 Chris Provenzano (proven@mit.edu) - - * Makefile.in: Removed rd_req_sim.c - - * auth_con.c: Default cksumtype is now CKSUMTYPE_RSA_MD4_DES. - - * auth_con.c: Added krb5_auth_con_setuseruserkey(), - krb5_auth_con_getkey(), - krb5_auth_con_getremotesubkey(), - krb5_auth_con_getauthenticator(), - krb5_auth_con_getremoteseqnumber(), - krb5_auth_con_initivector(). - - * auth_con.c: Fixed krb5_auth_con_getlocalsubkey() to check for - a valid local_subkey before calling krb5_copy_keyblock(). - - * auth_con.h: Fixed some comments. - - * mk_req_ext.c (krb5_mk_req_extended()): Always pass in a seed - (the keyblock contents) to krb5_calculate_checksum() - - * rd_rep.c (krb5_rd_rep()): Use appropriate key to decode reply. - - * rd_safe.c (krb5_rd_safe()): Don't pass checksum to - krb5_rd_safe_basic(), it's unnecessary. - - * compat_recv.c (krb5_compat_recvauth()): - * mk_rep.c (krb5_mk_rep()): - * rd_req.c (krb5_rd_req()): - * rd_req_dec.c (krb5_rd_req_decode()): - * recvauth.c (krb5_recvauth()): - Added a krb5_auth_context argument and eliminated many of - the other arguments because they are included in the - krb5_auth_context structure. - - -Tue Mar 21 19:22:51 1995 Keith Vetter (keithv@fusion.com) - - * mk_safe.c: fixed signed/unsigned mismatch. - * rd_safe.c: removed unused local variable currentime. - * mk_req_e.c: fixed signed/unsigned mismatch. - -Sat Mar 18 18:58:02 1995 John Gilmore (gnu at toad.com) - - * bld_pr_ext.c, bld_princ.c: Replace STDARG_PROTOTYPES with - HAVE_STDARG_H for consistency. - -Fri Mar 17 19:48:07 1995 John Gilmore (gnu at toad.com) - - * Makefile.in (check-mac): Add. - * compat_recv.c, get_fcreds.c, recvauth.c: Eliminate Unix socket - #includes, which are now handled by k5-int.h (via k5-config.h). - * conv_princ.c: Rename variable "comp" to another name; "comp" - apparently bothers the MPW compiler... - * rd_cred.c: Avoid (void) casts of void functions, for MPW. - * t_walk_rtree.c: Put com_err.h after k5_int for <sys/types> stuff. - (main): Declare and initialize the krb5_context that's being - passed to everything. - -Fri Mar 10 10:58:59 1995 Chris Provenzano (proven@mit.edu) - - * auth_con.h auth_con.c Added for krb5_auth_con definition and - support routines. - - * mk_req.c (krb5_mk_req()) - * mk_req_ext.c (krb5_mk_req_extended()) - * rd_rep.c (krb5_rd_rep()) - * sendauth.c (krb5_sendauth()) - * mk_priv.c (krb5_mk_priv()) - * mk_safe.c (krb5_mk_safe()) - * rd_priv.c (krb5_rd_priv()) - * rd_safe.c (krb5_rd_safe()) - Added a krb5_auth_context argument and eliminated many of - the other arguments because they are included in the - krb5_auth_context structure. - - * send_tgs.c (krb5_send_tgs()) Eliminate call to krb5_mk_req_extended(), - which does far more than krb5_send_tgs() needs. - -Tue Mar 7 19:57:34 1995 Mark Eichin <eichin@cygnus.com> - - * configure.in: take out ISODE_INCLUDE. - -Tue Mar 7 13:20:06 1995 Keith Vetter (keithv@fusion.com) - - * Makefile.in: changed library name on the pc. - * parse.c: disabled for the PC error messages to stderr. - * chk_trans.c: fixed signed/unsigned assignment. - -Thu Mar 2 11:45:00 1995 Keith Vetter (keithv@fusion.com) - - * compat_recv.c, get_fcre.c, recvauth.c, sendauth.c: changed - NEED_WINSOCK_H to NEED_SOCKETS. - -Wed Mar 1 20:15:00 1995 Keith Vetter (keithv@fusion.com) - - * compat_r.c, copy_pri.c, get_fcre.c, get_in_t.c, init_ctx.c, in_tkt_p.c - in_tkt_s.c, preauth.c, princ_co.c, pr_to_sa.c, rd_req_d.c, recvauth.c - sendauth.c, send_tgs.c, unparse.c: 16 vs 32 bit casts, removed some - unused local variables, and pulled in winsock.h for network byte - ordering. - -Tue Feb 28 01:14:57 1995 John Gilmore (gnu at toad.com) - - * *.c: Avoid <krb5/...> includes. - * parse.c: Exdent #ifndef to left margin for old compilers. - -Wed Feb 22 17:14:31 1995 Keith Vetter (keithv@fusion.com) - - * walk_rtr.c (krb5_walk_realm_tree): formal parameter wasn't declared. - * send_tgs.c: const in wrong place in the prototype. - * get_in_tkt.c, preauth.c, rd_cred.c, rd_priv.c, rd_req_dec.c, - rd_safe.c: needed a 32 bit abs() function. - * parse.c: removed call to fprintf on error the windows version - * send_auth.c: defined for windows the ECONNABORTED errno (will - be removed when the socket layer is fully implemented). - -Tue Feb 21 23:38:34 1995 Theodore Y. Ts'o (tytso@dcl) - - * mk_cred.c (krb5_mk_cred): Fix argument type to - krb5_free_cred_enc_part(). - -Mon Feb 13 20:25:20 1995 Theodore Y. Ts'o (tytso@dcl) - - * get_in_tkt.c (krb5_get_in_tkt): Fix memory leak --- the default - encryption types was not being freed. - -Fri Feb 10 15:45:59 1995 Theodore Y. Ts'o <tytso@dcl> - - * rd_req.c (krb5_rd_req): Remove ISODE cruft. - -Thu Feb 9 17:43:04 1995 Theodore Y. Ts'o <tytso@dcl> - - * gc_via_tgt.c (krb5_get_cred_via_tgt): Set up the keyblock's - etype field correctly (after copying the keyblock, so it - doesn't get overwritten!) - -Mon Feb 06 17:19:04 1995 Chris Provenzano (proven@mit.edu) - - * get_in_tkt.c (krb5_get_in_tkt()) - * in_tkt_sky.c (krb5_get_in_tkt_with_skey()) - * in_tkt_pwd.c (krb5_get_in_tkt_with_password()) - Removed krb5_keytype, changed krb5_enctype to krb5_enctype *, - changed krb5_preauthtype to krb5_preauthtype *. - - Changed the args to the key_proc arg of krb5_get_in_tkt() - to be the following (krb5_context, const krb5_keytype, - krb5_data *, krb5_const_pointer, krb5_keyblock **) - - * in_tkt_ktb.c (krb5_get_in_tkt_with_keytab()) Added this routine - to replace krb5_get_in_tkt_with_skey() in kinit. - - * Makefile.in Added new source file in_tkt_ktb.c. - -Fri Feb 3 16:41:19 1995 Mark Eichin (eichin@cygnus.com) - - * get_in_tkt.c (krb5_get_in_tkt): also check for the version - number of the reply being whatever we had in the first byte of the - request. - -Fri Feb 3 08:07:55 1995 Theodore Y. Ts'o (tytso@dcl) - - * compat_recv.c (krb_v4_recvauth): Use explicit 32 bit types so - this will work on an Alpha. - -Fri Feb 3 00:43:48 1995 Tom Yu (tlyu@dragons-lair) - - * get_in_tkt.c (krb5_get_in_tkt): fix typo - -Thu Feb 2 20:51:55 1995 Mark Eichin (eichin@cygnus.com) - - * get_in_tkt.c (krb5_get_in_tkt): if krb5_is_as_rep fails, check - if the packet might be a V4 error packet. Use modified V4 check so - that it compiles under SCO. - -Mon Jan 30 15:46:14 1995 Chris Provenzano (proven@mit.edu) - - * int-proto.h Update prototypes for krb5_get_cred_via_tgt(), and - krb5_get_cred_via_2tgt(). - - * get_fcreds.c (krb5_get_for_creds()) - * gc_via_tgt.c (krb5_get_cred_via_tgt()) - * gc_2tgt.c (krb5_get_cred_via_2tgt()) - Removed krb5_enctype argument. Pass NULL list of encryption - types to krb5_send_tgs to get default encryption types. - - * gc_frm_kdc.c Removed krb5_enctype argument passed to - krb5_get_cred_via_tgt() - - * send_tgs.c (krb5_send_tgs()) Changed krb5_enctype arg to - krb5_enctype *, a NULL terminated array of encryption - types. If argument is NULL then krb5_send_tgs() will - use defaul list of encryption types. - - * send_tgs.c (krb5_send_tgs()) To encrypt request ticket use - usecred->keyblock.etype instead of (and now defunct) - krb5_enctype arg. - - * init_ctx.c Added krb5_set_default_in_tkt_etypes() and - krb5_get_default_in_tkt_etypes(). - - * rd_req.c, rd_req_decode.c Removed typedef for rdreq_key_proc - and use krb5_rd_req_decoded in its place. - -Mon Jan 30 11:26:05 1995 Chris Provenzano (proven@mit.edu) - - * get_fcreds.c Really needs #include<krb5/asn1.h> for definition - of krb5_is_krb_error() - -Sat Jan 28 14:45:55 1995 Chris Provenzano (proven@mit.edu) - - * in_tkt_sky.c (skey_keyproc()), rd_req_dec.c (krb5_rd_req_decoded()) - use new API for krb5_kt_get_entry. - -Fri Jan 27 15:45:45 1995 Chris Provenzano (proven@mit.edu) - - * get_fcreds.c Removed #include<krb5/crc-32.h> and #include<krb5/asn1.h> - -Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu) - - * Removed all narrow types and references to wide.h and narrow.h - -Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) - - * Added krb5_context to all krb5_routines - -Mon Dec 19 21:55:44 1994 Theodore Y. Ts'o (tytso@dcl) - - * init_ctx.c: New file. Initializes and frees the krb5_context - structure. - -Wed Dec 7 17:52:08 1994 <tytso@localhost> - - * rd_req_dec.c (decrypt_authenticator): If the subkey doesn't - exist, don't try to set the subkey's etype. - -Wed Nov 30 17:10:39 1994 Theodore Y. Ts'o (tytso@dcl) - - * bld_princ.c (krb5_build_principal_va): Set the principal's type - and magic number. - - * Makefile.in: Build new test driver (t_walk_rtree) for - krb5_walk_realm_tree. - - * walk_realm_tree.c (krb5_walk_realm_tree): Fix bug which occured - when the client or the server is a subdomain of the other; - walk_realm_tree would return the wrong answer, and suffer - from memory access errors. - - * unparse.c (krb5_unparse_name_ext): Quote the '/' and '@' - characters properly. - - * configure.in: Add appropriate help text for the --with-krb4 - option. Remove ISODE_DEFS call, since ISODE_INCLUDES now - defines ISODE automatically. - -Mon Nov 21 15:30:07 1994 Theodore Y. Ts'o (tytso@dcl) - - * mk_req_ext.c (krb5_mk_req_extended): Sanitize how memory is - freed in both error and normal cases, to remove memory - leaks. - - * mk_req_ext.c (krb5_mk_req_extended): Use the encryption type - specified by the ticket to generate the authenticator. - - * encode_kdc.c (krb5_encode_kdc_rep): Now requires that the - caller pass in the encryption block to be used for - encrpyting the ticket. That way, this routine doesn't - need to create its own encryption block. - - * encrypt_tk.c (krb5_encrypt_tkt_part): Now requires that the - caller pass in the encryption block to be used for - encrpyting the ticket. That way, this routine doesn't - need to create its own encryption block. - -Fri Nov 18 17:30:44 1994 Theodore Y. Ts'o (tytso@dcl) - - * mk_req_ext.c (krb5_mk_req_extended): Encrypt the authenticator - using the same encryption system used to encrypt the ticket. - -Thu Nov 17 01:56:05 1994 Theodore Y. Ts'o (tytso@dcl) - - * gc_via_tgt.c (krb5_get_cred_via_tgt): - * gc_2tgt.c (krb5_get_cred_via_2tgt): Set the encryption type of - the session keyblock to be the type used to encrypt the - ticket. - -Fri Nov 11 01:20:22 1994 Theodore Y. Ts'o (tytso@dcl) - - * get_in_tkt.c (krb5_get_in_tkt): Set the encryption type of the - session keyblock to be the type used to encrypt the - ticket. - -Thu Nov 10 23:56:43 1994 Theodore Y. Ts'o (tytso@dcl) - - * rd_rep.c (krb5_rd_rep): Set the encryption type in - the subkey keyblock to be the encryption type used to - encrypt the rd_rep message. - - * decrypt_tk.c (krb5_decrypt_tkt_part): Set the encryption type in - the session keyblock to be the encryption type used to - encrypt the ticket. - - * rd_req_dec.c (decrypt_authenticator): Set the encryption type in - the subkey keyblock to be the encryption type used to - encrypt the authenticator. - -Tue Nov 8 17:09:48 1994 Theodore Y. Ts'o (tytso@dcl) - - * in_tkt_pwd.c (pwd_keyproc): Use the documented interface for - calling krb5_string_to_key(). - -Tue Oct 25 23:34:57 1994 Theodore Y. Ts'o (tytso@dcl) - - * srv_rcache.c (krb5_get_server_rcache): Added missing continue so - that we don't copy both the unprintable character as well - as the quoted version of it. - -Mon Oct 24 15:50:19 1994 Theodore Y. Ts'o (tytso@dcl) - - * configure.in: If KRB4 is defined, define KRB5_KRB4_COMPAT for - compat_recv.c. - -Thu Oct 13 17:26:28 1994 Theodore Y. Ts'o (tytso@maytag) - - * configure.in: Add ISODE_DEFS - -Tue Oct 4 16:29:19 1994 Theodore Y. Ts'o (tytso@dcl) - - * in_tkt_sky.c (skey_keyproc): - * in_tkt_pwd.c (pwd_keyproc): Add widen.h and narrow.h includes - around pwd_keyproc, so that the keyproc input arguments - are appropriately widened. - -Fri Sep 30 21:58:15 1994 Theodore Y. Ts'o (tytso@dcl) - - * preauth.c (preauth_systems): Add placeholder for magic number - -Thu Sep 29 15:31:10 1994 Theodore Y. Ts'o (tytso@dcl) - - * srv_rcache.c (krb5_get_server_rcache): cachename was not being - properly null-terminated. - - * get_in_tkt.c (krb5_get_in_tkt): Return KRB5_IN_TKT_REALM_MISATCH - if the client and server realms don't match. Return - KRB5_KDCREP_SKEW if the KDC reply has an unacceptible - clock skew (instead of KDCREP_MODIFIED.) - - * gc_via_tgt.c (krb5_get_cred_via_tgt): Use a distinct error code - for KDC skew separate from the standard KDCREP_MODIFIED - - * princ_comp.c (krb5_realm_compare): Added new function from - OpenVision. - -Wed Sep 21 17:57:35 1994 Theodore Y. Ts'o (tytso@dcl) - - * rd_req_dec.c (krb5_rd_req_decoded): Added Changes from Cybersafe - to do transited realm path checking. - - * chk_trans.c: Added donated module from CyberSafe. It checks to - see if a transited path is a legal one between two realms. - -Thu Sep 15 11:08:39 1994 Theodore Y. Ts'o (tytso@dcl) - - * rd_req_sim.c (krb5_rd_req_simple): Use krb5_rd_req instead of - krb5_rd_req_decoded, to eliminate some code duplication. - -Sat Aug 20 01:43:43 1994 Theodore Y. Ts'o (tytso at tsx-11) - - * mk_req_ext.c (krb5_generate_authenticator): Fix pointer aliasing - problem between newkey and authent->subkey. - -Wed Aug 17 17:58:22 1994 Theodore Y. Ts'o (tytso at tsx-11) - - * encode_kdc.c (krb5_encode_kdc_rep): Pass in to - encode_krb5_enc_kdc_rep_part the msg_type which should be used. - Old versions of Kerberos always assume TGS_REP; this merely allows - the right msg_type to be passed down to the encoding routines. - For now, the encoding routines will ignore this value and do - things the old way, for compatibility's sake. - -Mon Aug 8 22:38:16 1994 Theodore Y. Ts'o (tytso at tsx-11) - - * preauth.c: Renamed preauthentication mechanism names to match - what bcn and I agreed upon. - -Tue Jun 28 19:35:07 1994 Tom Yu (tlyu at dragons-lair) - - * decode_kdc.c: folding in Harry's changes - * rd_req.c: ditto - * rd_req_sim.c: ditto - * configure.in: adding ISODE_DEFS - |