summaryrefslogtreecommitdiffstats
path: root/src/appl/telnet/libtelnet/ChangeLog
blob: 832f6a01cf123053701dc692c66e4373f34f8506 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
Thu May  9 00:06:41 1996  Richard Basch  <basch@lehman.com>

	* kerberos5.c: use the default server principal name to generate
	the rcache filename

Sat Apr 27 16:09:54 1996  Richard Basch  <basch@lehman.com>

	* kerberos5.c: a host may have multiple names and multiple keys,
	so do not try to resolve the "server" principal before the rd_req

Fri Apr 12 23:36:01 1996  Richard Basch  <basch@lehman.com>

	* forward.c (rd_and_store_for_creds): Consistency with the
	krlogind forwarded credentials cache naming scheme - krb5cc_p<pid>

Thu Apr 11 21:45:21 1996  Richard Basch  <basch@lehman.com>

	* forward.c (rd_and_store_for_creds): If we are going to use a
	ttyname based credentials file, at least compute it in a saner
	fashion (strip the /dev/ and translate remaining /'s into _, so
	the cache name looks like krb5cc_pts_4 instead of krb5cc_4).

	* kerberos5.c (kerberos5_cleanup): Cleanup the credentials cache
	that we may have created and destroy the context.

Mon Mar 18 20:56:37 1996  Theodore Y. Ts'o  <tytso@dcl>

	* kerberos5.c (kerberos5_send): Send in as input the
		authentication type pair (ap->type, ap->way) to be
		checksumed in the authenticator.
		(kerberos5_is): If the checksum is present in the
		authenticator, then validate the authentication type pair
		against the checksum.
		(kerberos5_reply): If we didn't do mutual authentication,
		and we receive a KRB_ACCEPT, then stash away the session
		key anyway.  This way we have a chance of doing encryption
		even if mutual authentication wasn't done.

	* encrypt.c (EncryptStartInput, EncryptStartOutput): Added
		conditional around printf so that these two functions can
		be called by the server.
		(encrypt_is_encrypting): New function which returns true
		only if both sides of the telnet stream is encrypted.

Fri Mar 15 18:19:44 1996  Theodore Y. Ts'o  <tytso@dcl>

	* auth.c: Added new authentication scheme for Krb5 mutual
		authentication with mandatory encryption.
		(auth_send, auth_send_retry): Split auth_send() so that
		the functionality done by auth_send_retry() is separate.
		This avoids a really dodgy pointer comparison which was
		caused by auth_send() being used for two purposes.  
		If the client has not requested encryption, then don't
		use the authentication systems which require encryption.
		(auth_must_encrypt):  New function which returns whether 
		or not encryption must be negotiated.

	* auth-proto.h: Added prototype for new option
		auth_must_encrypt().

	* Makefile.in (ENCRYPTION, DES_ENCRYPTION): Added defines to turn
	        on encryption and des encryption.

Fri Jan 26 01:05:46 1996  Sam Hartman  <hartmans@tertius.mit.edu>

	* kerberos5.c (kerberos5_send): Get DES_CBC-CRC credentials.

Tue Jan  9 22:53:58 1996  Theodore Y. Ts'o  <tytso@dcl>

	* forward.c (get_for_creds): Removed no longer used function.

	* kerberos5.c (kerberos5_forward): Convert from using
		get_for_creds() from forward.c to using the official
		library routine, krb5_fwd_tgt_creds().  Misc. lint
		cleanups. 

Sun Nov 12 04:48:41 1995  Mark W. Eichin  <eichin@cygnus.com>

	* forward.c: set KRB5_DEFAULT_LIFE to 10 hours, not 8.
	* forward.c (rd_and_store_for_creds): construct correct cache name
	for forwarded tickets (based on tty name if available) and drop it
	into the environment so login notices it.

Mon Oct  9 23:03:48 1995  Sam Hartman  <hartmans@tertius.mit.edu>

	* kerberos5.c: make session_key a pointer, and use
        krb5_copy_keyblock not krb5_copy_keyblock_contents; there was no
        reason to violate this abstraction.

Sun Sep 24 12:33:03 1995  Sam Hartman  <hartmans@tertius.mit.edu>

	* kerberos5.c: Initialize session key from the subsession key we get from krb5_mk_req_extended, using ticket key as a fallback.
	(kerberos5_send): Use appropriate enctypes when encryption defined.

Wed Sep 06 14:20:57 1995   Chris Provenzano (proven@mit.edu)

        * encrypt.h, kerberos5.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g

Tue Sep 05 22:10:34 1995   Chris Provenzano (proven@mit.edu)

        * kerberos5.c : Remove krb5_enctype references, and replace with
                krb5_keytype where appropriate.

Thu Aug 3 11:36:15 EDT 1995	Paul Park	(pjpark@mit.edu)
	* kerberos.c - Give the compiler something to compile when K4 disabled.


Tue Jun 27 16:16:18 EDT 1995	Paul Park	(pjpark@mit.edu)
	* enc_des.c, encrypt.c, krb4encpwd.c, read_password.c, rsaencpwd.c,
		spx.c - Give the compiler something to compile when these
		modules are essentially disabled.  Some compilers choke when
		there's nothing to compile.
	* setenv.c - Change prototype for __findenv to be static since it's
		really static.

Tue Jun 20 13:59:43 1995  Tom Yu  (tlyu@dragons-lair)

	* configure.in: fix typo

	* strrchr.c: NO_STRING_H -> HAVE_STRING_H

	* strftime.c: NO_STRING_H -> HAVE_STRING_H

	* strerror.c: NO_STRING_H -> HAVE_STRING_H

	* strdup.c: NO_STRING_H -> HAVE_STRING_H

	* strchr.c: NO_STRING_H -> HAVE_STRING_H

	* strcasecmp.c: NO_STRING_H -> HAVE_STRING_H

	* spx.c: NO_STRING_H -> HAVE_STRING_H

	* rsaencpwd: NO_STRING_H -> HAVE_STRING_H

	* read_password.c: NO_STRING_H -> HAVE_STRING_H

	* mem.c: NO_STRING_H -> HAVE_STRING_H

	* krb4encpwd.c: NO_STRING_H -> HAVE_STRING_H

	* kerberos5.c: NO_STRING_H -> HAVE_STRING_H

	* kerberos.c: NO_STRING_H -> HAVE_STRING_H

	* encrypt.c: NO_STRING_H -> HAVE_STRING_H

	* auth.c: NO_STRING_H -> HAVE_STRING_H for consistency

	* configure.in: added missing tests for string.h, stdlib.h

Sat Jun 10 22:59:42 1995  Tom Yu  (tlyu@dragons-lair)

	* forward.c, kerberos5.c: krb5_auth_context redefinitions

Fri Jun  9 18:30:02 1995    <tytso@rsx-11.mit.edu>

	* configure.in: Remove standardized set of autoconf macros, which
		are now handled by CONFIG_RULES.

Wed May 24 10:29:54 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>

	* kerberos5.c: Include string.h/strings.h. Include stdlib.h or
		declare malloc. 

Sun May  7 18:45:09 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>

	* kerberos5.c (kerberos5_send): Fix improperly closed comment
			krb5_get_credentials second argument is not 
				kdc_options....

	* configure.in (LIBOBJS): Removed duplicate WITH_KRB4

Fri Apr 28 11:17:16 1995  Mark Eichin  <eichin@cygnus.com>

	* configure.in: switch to WITH_KRB4 since it suffices in this case.

Thu Apr 27 17:08:16 1995  Mark Eichin  <eichin@cygnus.com>

	* configure.in: use AC_CONST since we need it for v4.

Thu Apr 27 15:52:19 1995  Chris Provenzano  (proven@mit.edu)

	* kerberos5.c (kerberos_is()) : Initialize keytabid to NULL.

Thu Apr 27 14:48:38 1995  Mark Eichin  <eichin@cygnus.com>

	* Makefile.in (LOCALINCLUDES): find kerberosIV headers.

Wed Apr 26 19:52:52 1995  Mark Eichin  <eichin@cygnus.com>

	* kerberos5.c (kerberos5_is): use kt_resolve to get keytab, to
	correspond to current interface to rd_req.

Tue Apr 25 21:23:28 1995  Chris Provenzano  (proven@mit.edu)

        * forward.c (rd_and_store_for_creds()) : Rewritten to use
                auth_context and the new krb5_rd_creds().
        * forward.c (get_for_creds()) : New function replacing
                krb5_get_for_creds() and uses auth_context and new
                krb5_mk_creds() routine.
        * kerberos5.c (kerberos5_send()): Set initial flags on auth_context
		to KRB5_AUTH_CONTEXT_RET_TIME, and use new
        	rd_and_store_for_creds() routine.
	* kerberos5.c (kerberos5_forward()): Use the new get_for_creds().

Sat Apr 22 00:50:14 1995  Theodore Y. Ts'o  (tytso@dcl)

	* kerberos5.c (kerberos5_init): Only call krb5_init_context if 
		the telnet context hasn't been initialized yet.

Thu Apr 20 20:12:32 1995  Mark Eichin  <eichin@cygnus.com>

	Changes for testsuite from Ian Taylor <ian@cygnus.com>
	* kerberos5.c (telnet_srvtab): New global variable.
	(telnet_krb5_realm): New global variable.
	(kerberos5_send): If telnet_krb5_realm is set, copy it into
	creds.server.  Pass new_creds to krb5_mk_req_extended, not &creds.
	Pass &new_creds->keyblock to krb5_copy_keyblock_contents, not
	new_creds.
	(kerberos5_is): pass telnet_srvtab in to krb_rd_req.
	(kerberos5_forward): If telnet_krb5_realm is set, copy it into
	local_creds->server.

Wed Mar 29 15:08:43 1995  Theodore Y. Ts'o  (tytso@dcl)

	* kerberos5.c: No need to have the session_key established for
		mutual authentication to work.  (That's only done if
		ENCRYPTION is defined.)

	* auth.c (authenticators): Allow mutual authentication even if the
		ENCRYPTION option is not turned on.

Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)

        * kerberos5.c (kerberos5_is()): Use new calling convention for 
		krb5_rd_req(), and krb5_mk_rep().

Fri Mar 24 23:51:18 1995  Theodore Y. Ts'o  <tytso@dcl>

	* kerberos5.c (kerberos5_send): Initialize auth_context to zero
		before calling mk_req.

Fri Mar 10 11:09:34 1995  Chris Provenzano (proven@mit.edu)

        * kerberos5.c: Use new calling convention for krb5_mk_req_extended().

Tue Mar  7 19:52:00 1995  Mark Eichin  <eichin@cygnus.com>

	* configure.in: take out ISODE_DEFS, ISODE_INCLUDE.

Tue Feb 28 01:48:32 1995  John Gilmore  (gnu at toad.com)

	* forward.c, kerberos5.c:  Avoid <krb5/...> includes.

Tue Feb 14 15:30:55 1995 Chris Provenzano  (proven@mit.edu)

        * kerberos5.c (kerberos5_send(), kerberos5_forward()) 
		Call krb5_get_credentials() and krb5_mk_req_extended() 
		with new calling convention.

Thu Feb  2 02:56:50 1995  John Gilmore  <gnu@cygnus.com>

	* forward.c:  Remove unused #include <krb5/crc-32.h>.
	* kerberos5.c (kerberos5_send):  Remove code for sending a checksum
	of a zero-byte string; we can just send no checksum at all.  This
	eliminates dependency on <krb5/crc-32.h>.
	(kerberos5_forward):  Remove extra parameter to krb5_get_for_creds,
	probably accidentally inserted during context changes -- which don't
	seem to be here in the ChangeLog.
	* kerberos.c:  Remove prototypes for krb4 functions, since
	some of them are wrong with CNS (u_long vs. KRB_INT32 conflicts).

Fri Nov 18 15:19:26 1994  Theodore Y. Ts'o  (tytso@dcl)

	* kerberos5.c (kerberos5_init): Initialize magic variable and
		encryption type.  

Fri Nov 18 00:37:13 1994  Mark Eichin  <eichin@cygnus.com>

	* configure.in: use WITH_KRB4. (from epeisach)

Mon Nov 14 16:27:29 1994  Theodore Y. Ts'o  (tytso@dcl)

	* kerberos.c (kerberos4_is): Initialize random number generator on
		the server side so that the encryption routines later on
		can use it. 

	* kerberos.c (kerberos4_send): Fix bug in how we pick the
		challenge for the challenge/response mutual
		authentication.

Fri Nov 11 00:55:36 1994  Theodore Y. Ts'o  (tytso@dcl)

	* forward.c (mk_cred, rd_cred): Move these routines to libkrb.a.

Tue Nov  8 01:39:50 1994  Theodore Y. Ts'o  (tytso@dcl)

	* kerberos.c (kerberos4_is): Fix bug in logic of incrementing the
		received challenge.  A ++/-- mixup means there's a 1 in
		256 chance the server will get it wrong.

	* kerberos.c: Use des_init_random_number_genator(), since that
		will result in different subsession keys on successive
		runs of telnet.

Mon Nov  7 22:36:20 1994  Theodore Y. Ts'o  (tytso@dcl)

	* auth.c (auth_status): Only print each possible authentication
		type once in the status report.

	* auth.c (auth_onoff): Remove excess call to getauthmask() which
		stomped the mask field.  Only print each possible
		authentication type once in the help message.

	* auth.c (getauthmask): Fix reversed sense of strcasecmp
		comparison.

	* auth.c (auth_enable, auth_disable): Change the input type to be
		a char *, which is what auth_onoff wants anyway.

Mon Aug  8 22:16:54 1994  Theodore Y. Ts'o  (tytso at tsx-11)

	* kerberos5.c (kerberos5_send): Whoops, mispelled
	krb5_copy_keyblock_contents().  (It was inside #ifdef
	ENCRYPTION)

Thu Aug  4 03:36:29 1994  Tom Yu  (tlyu@dragons-lair)

	* Makefile.in: add blank target for install

Tue Jul 26 18:21:29 1994  Tom Yu  (tlyu@dragons-lair)

	* Makefile.in: whoops left out some $(srcdir) stuff

Mon Jul 25 01:05:31 1994  Tom Yu  (tlyu@dragons-lair)

	* Makefile.in: remove reference to lorder (linux doesn't have
	lorder, it seems)

Fri Jul 15 23:36:50 1994  Theodore Y. Ts'o  (tytso at tsx-11)

	* kerberos5.c (kerberos5_is): Avoid coredump caused by freeing of
	an unitialized variable.  Also make sure we don't try to free name
	if it is NULL.