1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
|
Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com)
* *.[ch]: removed unneeded INTERFACE from non-api functions.
Fri Mar 31 16:45:47 1995 Keith Vetter (keithv@fusion.com)
* krb5_get_in_tkt: changed error return value for when clocks
are out of skew to be KRB5_KDCREP_SKEW.
Fri Mar 31 00:44:26 1995 Theodore Y. Ts'o (tytso@dcl)
* rd_req.c (krb5_rd_req): Fix typo which caused new_keytab to not
get freed, causing a memory leak.
Thu Mar 30 15:49:27 1995 Keith Vetter (keithv@fusion.com)
* rd_req.c: removed unused local variable.
Tue Mar 28 18:34:20 1995 John Gilmore (gnu at toad.com)
* rd_req_sim.c: Really remove the file.
Mon Mar 27 08:34:49 1995 Chris Provenzano (proven@mit.edu)
* Makefile.in: Removed rd_req_sim.c
* auth_con.c: Default cksumtype is now CKSUMTYPE_RSA_MD4_DES.
* auth_con.c: Added krb5_auth_con_setuseruserkey(),
krb5_auth_con_getkey(),
krb5_auth_con_getremotesubkey(),
krb5_auth_con_getauthenticator(),
krb5_auth_con_getremoteseqnumber(),
krb5_auth_con_initivector().
* auth_con.c: Fixed krb5_auth_con_getlocalsubkey() to check for
a valid local_subkey before calling krb5_copy_keyblock().
* auth_con.h: Fixed some comments.
* mk_req_ext.c (krb5_mk_req_extended()): Always pass in a seed
(the keyblock contents) to krb5_calculate_checksum()
* rd_rep.c (krb5_rd_rep()): Use appropriate key to decode reply.
* rd_safe.c (krb5_rd_safe()): Don't pass checksum to
krb5_rd_safe_basic(), it's unnecessary.
* compat_recv.c (krb5_compat_recvauth()):
* mk_rep.c (krb5_mk_rep()):
* rd_req.c (krb5_rd_req()):
* rd_req_dec.c (krb5_rd_req_decode()):
* recvauth.c (krb5_recvauth()):
Added a krb5_auth_context argument and eliminated many of
the other arguments because they are included in the
krb5_auth_context structure.
Tue Mar 21 19:22:51 1995 Keith Vetter (keithv@fusion.com)
* mk_safe.c: fixed signed/unsigned mismatch.
* rd_safe.c: removed unused local variable currentime.
* mk_req_e.c: fixed signed/unsigned mismatch.
Sat Mar 18 18:58:02 1995 John Gilmore (gnu at toad.com)
* bld_pr_ext.c, bld_princ.c: Replace STDARG_PROTOTYPES with
HAVE_STDARG_H for consistency.
Fri Mar 17 19:48:07 1995 John Gilmore (gnu at toad.com)
* Makefile.in (check-mac): Add.
* compat_recv.c, get_fcreds.c, recvauth.c: Eliminate Unix socket
#includes, which are now handled by k5-int.h (via k5-config.h).
* conv_princ.c: Rename variable "comp" to another name; "comp"
apparently bothers the MPW compiler...
* rd_cred.c: Avoid (void) casts of void functions, for MPW.
* t_walk_rtree.c: Put com_err.h after k5_int for <sys/types> stuff.
(main): Declare and initialize the krb5_context that's being
passed to everything.
Fri Mar 10 10:58:59 1995 Chris Provenzano (proven@mit.edu)
* auth_con.h auth_con.c Added for krb5_auth_con definition and
support routines.
* mk_req.c (krb5_mk_req())
* mk_req_ext.c (krb5_mk_req_extended())
* rd_rep.c (krb5_rd_rep())
* sendauth.c (krb5_sendauth())
* mk_priv.c (krb5_mk_priv())
* mk_safe.c (krb5_mk_safe())
* rd_priv.c (krb5_rd_priv())
* rd_safe.c (krb5_rd_safe())
Added a krb5_auth_context argument and eliminated many of
the other arguments because they are included in the
krb5_auth_context structure.
* send_tgs.c (krb5_send_tgs()) Eliminate call to krb5_mk_req_extended(),
which does far more than krb5_send_tgs() needs.
Tue Mar 7 19:57:34 1995 Mark Eichin <eichin@cygnus.com>
* configure.in: take out ISODE_INCLUDE.
Tue Mar 7 13:20:06 1995 Keith Vetter (keithv@fusion.com)
* Makefile.in: changed library name on the pc.
* parse.c: disabled for the PC error messages to stderr.
* chk_trans.c: fixed signed/unsigned assignment.
Thu Mar 2 11:45:00 1995 Keith Vetter (keithv@fusion.com)
* compat_recv.c, get_fcre.c, recvauth.c, sendauth.c: changed
NEED_WINSOCK_H to NEED_SOCKETS.
Wed Mar 1 20:15:00 1995 Keith Vetter (keithv@fusion.com)
* compat_r.c, copy_pri.c, get_fcre.c, get_in_t.c, init_ctx.c, in_tkt_p.c
in_tkt_s.c, preauth.c, princ_co.c, pr_to_sa.c, rd_req_d.c, recvauth.c
sendauth.c, send_tgs.c, unparse.c: 16 vs 32 bit casts, removed some
unused local variables, and pulled in winsock.h for network byte
ordering.
Tue Feb 28 01:14:57 1995 John Gilmore (gnu at toad.com)
* *.c: Avoid <krb5/...> includes.
* parse.c: Exdent #ifndef to left margin for old compilers.
Wed Feb 22 17:14:31 1995 Keith Vetter (keithv@fusion.com)
* walk_rtr.c (krb5_walk_realm_tree): formal parameter wasn't declared.
* send_tgs.c: const in wrong place in the prototype.
* get_in_tkt.c, preauth.c, rd_cred.c, rd_priv.c, rd_req_dec.c,
rd_safe.c: needed a 32 bit abs() function.
* parse.c: removed call to fprintf on error the windows version
* send_auth.c: defined for windows the ECONNABORTED errno (will
be removed when the socket layer is fully implemented).
Tue Feb 21 23:38:34 1995 Theodore Y. Ts'o (tytso@dcl)
* mk_cred.c (krb5_mk_cred): Fix argument type to
krb5_free_cred_enc_part().
Mon Feb 13 20:25:20 1995 Theodore Y. Ts'o (tytso@dcl)
* get_in_tkt.c (krb5_get_in_tkt): Fix memory leak --- the default
encryption types was not being freed.
Fri Feb 10 15:45:59 1995 Theodore Y. Ts'o <tytso@dcl>
* rd_req.c (krb5_rd_req): Remove ISODE cruft.
Thu Feb 9 17:43:04 1995 Theodore Y. Ts'o <tytso@dcl>
* gc_via_tgt.c (krb5_get_cred_via_tgt): Set up the keyblock's
etype field correctly (after copying the keyblock, so it
doesn't get overwritten!)
Mon Feb 06 17:19:04 1995 Chris Provenzano (proven@mit.edu)
* get_in_tkt.c (krb5_get_in_tkt())
* in_tkt_sky.c (krb5_get_in_tkt_with_skey())
* in_tkt_pwd.c (krb5_get_in_tkt_with_password())
Removed krb5_keytype, changed krb5_enctype to krb5_enctype *,
changed krb5_preauthtype to krb5_preauthtype *.
Changed the args to the key_proc arg of krb5_get_in_tkt()
to be the following (krb5_context, const krb5_keytype,
krb5_data *, krb5_const_pointer, krb5_keyblock **)
* in_tkt_ktb.c (krb5_get_in_tkt_with_keytab()) Added this routine
to replace krb5_get_in_tkt_with_skey() in kinit.
* Makefile.in Added new source file in_tkt_ktb.c.
Fri Feb 3 16:41:19 1995 Mark Eichin (eichin@cygnus.com)
* get_in_tkt.c (krb5_get_in_tkt): also check for the version
number of the reply being whatever we had in the first byte of the
request.
Fri Feb 3 08:07:55 1995 Theodore Y. Ts'o (tytso@dcl)
* compat_recv.c (krb_v4_recvauth): Use explicit 32 bit types so
this will work on an Alpha.
Fri Feb 3 00:43:48 1995 Tom Yu (tlyu@dragons-lair)
* get_in_tkt.c (krb5_get_in_tkt): fix typo
Thu Feb 2 20:51:55 1995 Mark Eichin (eichin@cygnus.com)
* get_in_tkt.c (krb5_get_in_tkt): if krb5_is_as_rep fails, check
if the packet might be a V4 error packet. Use modified V4 check so
that it compiles under SCO.
Mon Jan 30 15:46:14 1995 Chris Provenzano (proven@mit.edu)
* int-proto.h Update prototypes for krb5_get_cred_via_tgt(), and
krb5_get_cred_via_2tgt().
* get_fcreds.c (krb5_get_for_creds())
* gc_via_tgt.c (krb5_get_cred_via_tgt())
* gc_2tgt.c (krb5_get_cred_via_2tgt())
Removed krb5_enctype argument. Pass NULL list of encryption
types to krb5_send_tgs to get default encryption types.
* gc_frm_kdc.c Removed krb5_enctype argument passed to
krb5_get_cred_via_tgt()
* send_tgs.c (krb5_send_tgs()) Changed krb5_enctype arg to
krb5_enctype *, a NULL terminated array of encryption
types. If argument is NULL then krb5_send_tgs() will
use defaul list of encryption types.
* send_tgs.c (krb5_send_tgs()) To encrypt request ticket use
usecred->keyblock.etype instead of (and now defunct)
krb5_enctype arg.
* init_ctx.c Added krb5_set_default_in_tkt_etypes() and
krb5_get_default_in_tkt_etypes().
* rd_req.c, rd_req_decode.c Removed typedef for rdreq_key_proc
and use krb5_rd_req_decoded in its place.
Mon Jan 30 11:26:05 1995 Chris Provenzano (proven@mit.edu)
* get_fcreds.c Really needs #include<krb5/asn1.h> for definition
of krb5_is_krb_error()
Sat Jan 28 14:45:55 1995 Chris Provenzano (proven@mit.edu)
* in_tkt_sky.c (skey_keyproc()), rd_req_dec.c (krb5_rd_req_decoded())
use new API for krb5_kt_get_entry.
Fri Jan 27 15:45:45 1995 Chris Provenzano (proven@mit.edu)
* get_fcreds.c Removed #include<krb5/crc-32.h> and #include<krb5/asn1.h>
Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu)
* Removed all narrow types and references to wide.h and narrow.h
Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
* Added krb5_context to all krb5_routines
Mon Dec 19 21:55:44 1994 Theodore Y. Ts'o (tytso@dcl)
* init_ctx.c: New file. Initializes and frees the krb5_context
structure.
Wed Dec 7 17:52:08 1994 <tytso@localhost>
* rd_req_dec.c (decrypt_authenticator): If the subkey doesn't
exist, don't try to set the subkey's etype.
Wed Nov 30 17:10:39 1994 Theodore Y. Ts'o (tytso@dcl)
* bld_princ.c (krb5_build_principal_va): Set the principal's type
and magic number.
* Makefile.in: Build new test driver (t_walk_rtree) for
krb5_walk_realm_tree.
* walk_realm_tree.c (krb5_walk_realm_tree): Fix bug which occured
when the client or the server is a subdomain of the other;
walk_realm_tree would return the wrong answer, and suffer
from memory access errors.
* unparse.c (krb5_unparse_name_ext): Quote the '/' and '@'
characters properly.
* configure.in: Add appropriate help text for the --with-krb4
option. Remove ISODE_DEFS call, since ISODE_INCLUDES now
defines ISODE automatically.
Mon Nov 21 15:30:07 1994 Theodore Y. Ts'o (tytso@dcl)
* mk_req_ext.c (krb5_mk_req_extended): Sanitize how memory is
freed in both error and normal cases, to remove memory
leaks.
* mk_req_ext.c (krb5_mk_req_extended): Use the encryption type
specified by the ticket to generate the authenticator.
* encode_kdc.c (krb5_encode_kdc_rep): Now requires that the
caller pass in the encryption block to be used for
encrpyting the ticket. That way, this routine doesn't
need to create its own encryption block.
* encrypt_tk.c (krb5_encrypt_tkt_part): Now requires that the
caller pass in the encryption block to be used for
encrpyting the ticket. That way, this routine doesn't
need to create its own encryption block.
Fri Nov 18 17:30:44 1994 Theodore Y. Ts'o (tytso@dcl)
* mk_req_ext.c (krb5_mk_req_extended): Encrypt the authenticator
using the same encryption system used to encrypt the ticket.
Thu Nov 17 01:56:05 1994 Theodore Y. Ts'o (tytso@dcl)
* gc_via_tgt.c (krb5_get_cred_via_tgt):
* gc_2tgt.c (krb5_get_cred_via_2tgt): Set the encryption type of
the session keyblock to be the type used to encrypt the
ticket.
Fri Nov 11 01:20:22 1994 Theodore Y. Ts'o (tytso@dcl)
* get_in_tkt.c (krb5_get_in_tkt): Set the encryption type of the
session keyblock to be the type used to encrypt the
ticket.
Thu Nov 10 23:56:43 1994 Theodore Y. Ts'o (tytso@dcl)
* rd_rep.c (krb5_rd_rep): Set the encryption type in
the subkey keyblock to be the encryption type used to
encrypt the rd_rep message.
* decrypt_tk.c (krb5_decrypt_tkt_part): Set the encryption type in
the session keyblock to be the encryption type used to
encrypt the ticket.
* rd_req_dec.c (decrypt_authenticator): Set the encryption type in
the subkey keyblock to be the encryption type used to
encrypt the authenticator.
Tue Nov 8 17:09:48 1994 Theodore Y. Ts'o (tytso@dcl)
* in_tkt_pwd.c (pwd_keyproc): Use the documented interface for
calling krb5_string_to_key().
Tue Oct 25 23:34:57 1994 Theodore Y. Ts'o (tytso@dcl)
* srv_rcache.c (krb5_get_server_rcache): Added missing continue so
that we don't copy both the unprintable character as well
as the quoted version of it.
Mon Oct 24 15:50:19 1994 Theodore Y. Ts'o (tytso@dcl)
* configure.in: If KRB4 is defined, define KRB5_KRB4_COMPAT for
compat_recv.c.
Thu Oct 13 17:26:28 1994 Theodore Y. Ts'o (tytso@maytag)
* configure.in: Add ISODE_DEFS
Tue Oct 4 16:29:19 1994 Theodore Y. Ts'o (tytso@dcl)
* in_tkt_sky.c (skey_keyproc):
* in_tkt_pwd.c (pwd_keyproc): Add widen.h and narrow.h includes
around pwd_keyproc, so that the keyproc input arguments
are appropriately widened.
Fri Sep 30 21:58:15 1994 Theodore Y. Ts'o (tytso@dcl)
* preauth.c (preauth_systems): Add placeholder for magic number
Thu Sep 29 15:31:10 1994 Theodore Y. Ts'o (tytso@dcl)
* srv_rcache.c (krb5_get_server_rcache): cachename was not being
properly null-terminated.
* get_in_tkt.c (krb5_get_in_tkt): Return KRB5_IN_TKT_REALM_MISATCH
if the client and server realms don't match. Return
KRB5_KDCREP_SKEW if the KDC reply has an unacceptible
clock skew (instead of KDCREP_MODIFIED.)
* gc_via_tgt.c (krb5_get_cred_via_tgt): Use a distinct error code
for KDC skew separate from the standard KDCREP_MODIFIED
* princ_comp.c (krb5_realm_compare): Added new function from
OpenVision.
Wed Sep 21 17:57:35 1994 Theodore Y. Ts'o (tytso@dcl)
* rd_req_dec.c (krb5_rd_req_decoded): Added Changes from Cybersafe
to do transited realm path checking.
* chk_trans.c: Added donated module from CyberSafe. It checks to
see if a transited path is a legal one between two realms.
Thu Sep 15 11:08:39 1994 Theodore Y. Ts'o (tytso@dcl)
* rd_req_sim.c (krb5_rd_req_simple): Use krb5_rd_req instead of
krb5_rd_req_decoded, to eliminate some code duplication.
Sat Aug 20 01:43:43 1994 Theodore Y. Ts'o (tytso at tsx-11)
* mk_req_ext.c (krb5_generate_authenticator): Fix pointer aliasing
problem between newkey and authent->subkey.
Wed Aug 17 17:58:22 1994 Theodore Y. Ts'o (tytso at tsx-11)
* encode_kdc.c (krb5_encode_kdc_rep): Pass in to
encode_krb5_enc_kdc_rep_part the msg_type which should be used.
Old versions of Kerberos always assume TGS_REP; this merely allows
the right msg_type to be passed down to the encoding routines.
For now, the encoding routines will ignore this value and do
things the old way, for compatibility's sake.
Mon Aug 8 22:38:16 1994 Theodore Y. Ts'o (tytso at tsx-11)
* preauth.c: Renamed preauthentication mechanism names to match
what bcn and I agreed upon.
Tue Jun 28 19:35:07 1994 Tom Yu (tlyu at dragons-lair)
* decode_kdc.c: folding in Harry's changes
* rd_req.c: ditto
* rd_req_sim.c: ditto
* configure.in: adding ISODE_DEFS
|
