Mon Nov 3 20:33:55 1997 Johan Danielsson * lib/krb5/principal.c: Reduce number of reallocs in unparse_name. Sat Nov 1 01:40:53 1997 Johan Danielsson * kadmin: Simple kadmin utility. * admin/ktutil.c: Print keytype. * lib/kadm5/get_s.c: Set correct n_key_data. * lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use master key. * lib/kadm5/destroy_s.c: Check for allocated context. * lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys(). Sat Nov 1 00:21:00 1997 Assar Westerlund * configure.in: test for readv, writev Wed Oct 29 23:41:26 1997 Assar Westerlund * lib/krb5/warn.c (_warnerr): handle the case of an illegal error code * kdc/kerberos5.c (encode_reply): return success Wed Oct 29 18:01:59 1997 Johan Danielsson * kdc/kerberos5.c (find_etype) Return correct index of selected etype. Wed Oct 29 04:07:06 1997 Assar Westerlund * Release 0.0k * lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG' environment variable * *: use the roken_get*-macros from roken.h for the benefit of Crays. * configure.in: add --{enable,disable}-otp. check for compatible prototypes for gethostbyname, gethostbyaddr, getservbyname, and openlog (they have strange prototypes on Crays) * acinclude.m4: new macro `AC_PROTO_COMPAT' Tue Oct 28 00:11:22 1997 Johan Danielsson * kdc/connect.c: Log bad requests. * kdc/kerberos5.c: Move stuff that's in common between as_rep and tgs_rep to separate functions. * kdc/kerberos5.c: Fix user-to-user authentication. * lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials: - add a kdc-options argument to krb5_get_credentials, and rename it to krb5_get_credentials_with_flags - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options - add some more user-to-user glue * lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new function, krb5_decrypt_ticket, so it is easier to decrypt and check a ticket without having an ap-req. * lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER flags. * lib/krb5/crc.c (crc_init_table): Check if table is already inited. Sun Oct 26 04:51:02 1997 Johan Danielsson * lib/asn1/der_get.c (der_get_length, fix_dce): Special-case indefinite encoding. * lib/asn1/gen_glue.c (generate_units): Check for empty member-list. Sat Oct 25 07:24:57 1997 Johan Danielsson * lib/error/compile_et.awk: Allow specifying table-base. Tue Oct 21 20:21:40 1997 Johan Danielsson * kdc/kerberos5.c: Check version number of krbtgt. Mon Oct 20 01:14:53 1997 Assar Westerlund * lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the case of unhidden prompts. * lib/krb5/str2key.c (string_to_key_internal): return error instead of aborting. always free memory * admin/ktutil.c: add `help' command * admin/kdb_edit.c: implement new commands: add_random_key(ark), change_password(cpw), change_random_key(crk) Thu Oct 16 05:16:36 1997 Assar Westerlund * kpasswd/kpasswdd.c: change all the keys in the database * kdc: removed all unsealing, now done by the hdb layer * lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key' and `hdb_clear_master_key' * admin/misc.c: removed Wed Oct 15 22:47:31 1997 Assar Westerlund * kuser/klist.c: print year as YYYY iff verbose Wed Oct 15 20:02:13 1997 Johan Danielsson * kuser/klist.c: print etype from ticket Mon Oct 13 17:18:57 1997 Johan Danielsson * Release 0.0j * lib/krb5/get_cred.c: Get the subkey from mk_req so it can be used to decrypt the reply from DCE secds. * lib/krb5/auth_context.c: Add {get,set}enctype. * lib/krb5/get_cred.c: Fix for DCE secd. * lib/krb5/store.c: Store keytype twice, as MIT does. * lib/krb5/get_in_tkt.c: Use etype from reply. Fri Oct 10 00:39:48 1997 Johan Danielsson * kdc/connect.c: check for leading '/' in http request Tue Sep 30 21:50:18 1997 Assar Westerlund * Release 0.0i Mon Sep 29 15:58:43 1997 Assar Westerlund * lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know the kvno or keytype before receiving the AP-REQ * lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to use from the keytype. * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what cksumtype to use from the keytype. * lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use from the keytype. * lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out what etype to use from the keytype. * lib/krb5/generate_seq_number.c (krb5_generate_seq_number): handle other key types than DES * lib/krb5/encrypt.c (key_type): add `best_cksumtype' (krb5_keytype_to_cksumtype): new function * lib/krb5/build_auth.c (krb5_build_authenticator): figure out what etype to use from the keytype. * lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype' and `enctype' to 0 * admin/extkeytab.c (ext_keytab): extract all keys * appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge * configure.in: check for . check for -linet6 Tue Sep 23 03:00:53 1997 Assar Westerlund * lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1 * lib/krb5/rd_safe.c: fix check for keyed and collision-proof checksum * lib/krb5/context.c (valid_etype): remove hard-coded constants (default_etypes): include DES3 * kdc/kerberos5.c: fix check for keyed and collision-proof checksum * admin/util.c (init_des_key, set_password): DES3 keys also * lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means no contact? * lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr' Mon Sep 22 11:44:27 1997 Johan Danielsson * kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by the client is used to select wich key to encrypt the kdc rep with (in case of as-req), and with the server info to select the session key type. The server key the ticket is encrypted is based purely on the keys in the database. * kdc/string2key.c: Add keytype support. Default to version 5 keys. * lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse. * lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add many *_to_* functions. * lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument to krb5_string_to_key(). * lib/krb5/checksum.c: Some cleanup, and added: - rsa-md5-des3 - hmac-sha1-des3 - keyed and collision proof flags to each checksum method - checksum<->string functions. * lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock. Sun Sep 21 15:19:23 1997 Assar Westerlund * kdc/connect.c: use new addr_families functions * kpasswd/kpasswdd.c: use new addr_families functions. Now works over IPv6 * kuser/klist.c: use correct symbols for address families * lib/krb5/sock_principal.c: use new addr_families functions * lib/krb5/send_to_kdc.c: use new addr_families functions * lib/krb5/krb5.h: add KRB5_ADDRESS_INET6 * lib/krb5/get_addrs.c: use new addr_families functions * lib/krb5/changepw.c: use new addr_families functions. Now works over IPv6 * lib/krb5/auth_context.c: use new addr_families functions * lib/krb5/addr_families.c: new file * acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6. Updated uses. * acinclude.m4: new macro `AC_KRB_IPV6'. Use it. Sat Sep 13 23:04:23 1997 Johan Danielsson * kdc/hprop.c: Don't encrypt twice. Complain on non-convertable principals. Sat Sep 13 00:59:36 1997 Assar Westerlund * Release 0.0h * appl/telnet/telnet/commands.c: AF_INET6 support * admin/misc.c: new file * lib/krb5/context.c: new configuration variable `max_retries' * lib/krb5/get_addrs.c: fixes and better #ifdef's * lib/krb5/config_file.c: implement krb5_config_get_int * lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c: AF_INET6 support * kuser/klist.c: support for printing IPv6-addresses * kdc/connect.c: support AF_INET6 * configure.in: test for gethostbyname2 and struct sockaddr_in6 Thu Sep 11 07:25:28 1997 Assar Westerlund * lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF PA-DATA' Wed Sep 10 21:20:17 1997 Johan Danielsson * kdc/kerberos5.c: Fixes for cross-realm, including (but not limited to): - allow client to be non-existant (should probably check for "local realm") - if server isn't found and it is a request for a krbtgt, try to find a realm on the way to the requested realm - update the transited encoding iff client-realm != server-realm != tgt-realm * lib/krb5/get_cred.c: Several fixes for cross-realm. Tue Sep 9 15:59:20 1997 Johan Danielsson * kdc/string2key.c: Fix password handling. * lib/krb5/encrypt.c: krb5_key_to_string Tue Sep 9 07:46:05 1997 Assar Westerlund * lib/krb5/get_addrs.c: rewrote. Now should be able to handle aliases and IPv6 addresses * kuser/klist.c: try printing IPv6 addresses * kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192 * configure.in: check for Mon Sep 8 02:57:14 1997 Assar Westerlund * doc: fixes * admin/util.c (init_des_key): increase kvno (set_password): return -1 if `des_read_pw_string' failed * admin/mod.c (doit2): check the return value from `set_password' * admin/ank.c (doit): don't add a new entry if `set_password' failed Mon Sep 8 02:20:16 1997 Johan Danielsson * lib/krb5/verify_init.c: fix ap_req_nofail semantics * lib/krb5/transited.c: something that might resemble domain-x500-compress Mon Sep 8 01:24:42 1997 Assar Westerlund * kdc/hpropd.c (main): check number of arguments * appl/popper/pop_init.c (pop_init): check number of arguments * kpasswd/kpasswd.c (main): check number of arguments * kdc/string2key.c (main): check number of arguments * kuser/kdestroy.c (main): check number of arguments * kuser/kinit.c (main): check number of arguments * kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to break out of select when a signal arrives * kdc/main.c (main): use sigaction without SA_RESTART to break out of select when a signal arrives * kdc/kstash.c: default to HDB_DB_DIR "/m-key" * kdc/config.c (configure): add `--version'. Check the number of arguments. Handle the case of there being no specification of port numbers. * admin/util.c: seal and unseal key at appropriate places * admin/kdb_edit.c (main): parse arguments, config file and read master key iff there's one. * admin/extkeytab.c (ext_keytab): unseal key while extracting Sun Sep 7 20:41:01 1997 Assar Westerlund * lib/roken/roken.h: include * kdc/kerberos5.c (set_salt_padata): new function * appl/telnet/telnetd/telnetd.c: Rename some variables that conflict with cpp symbols on HP-UX 10.20 * change all calls of `gethostbyaddr' to cast argument 1 to `const char *' * acconfig.h: only use SGTTY on nextstep Sun Sep 7 14:33:50 1997 Johan Danielsson * kdc/kerberos5.c: Check invalid flag. Fri Sep 5 14:19:38 1997 Johan Danielsson * lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds. * lib/kafs: Move functions common to krb/krb5 modules to new file, and make things more modular. * lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST -> krb5_config_list Thu Sep 4 23:39:43 1997 Johan Danielsson * lib/krb5/get_addrs.c: Fix loopback test. Thu Sep 4 04:45:49 1997 Assar Westerlund * lib/roken/roken.h: fallback definition of `O_ACCMODE' * lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when checking for a v4 reply Wed Sep 3 18:20:14 1997 Johan Danielsson * kdc/hprop.c: Add `--decrypt' and `--encrypt' flags. * lib/hdb/hdb.c: new {seal,unseal}_keys functions * kdc/{hprop,hpropd}.c: Add support to dump database to stdout. * kdc/hprop.c: Don't use same master key as version 4. * admin/util.c: Don't dump core if no `default' is found. Wed Sep 3 16:01:07 1997 Johan Danielsson * kdc/connect.c: Allow run time port specification. * kdc/config.c: Add flags for http support, and port specifications. Tue Sep 2 02:00:03 1997 Assar Westerlund * include/bits.c: Don't generate ifndef's in bits.h. Instead, use them when building the program. This makes it possible to include bits.h without having defined all HAVE_INT17_T symbols. * configure.in: test for sigaction * doc: updated documentation. Tue Sep 2 00:20:31 1997 Johan Danielsson * Release 0.0g Mon Sep 1 17:42:14 1997 Johan Danielsson * lib/krb5/data.c: don't return ENOMEM if len == 0 Sun Aug 31 17:15:49 1997 Johan Danielsson * lib/hdb/hdb.asn1: Include salt type in salt. * kdc/hprop.h: Change port to 754. * kdc/hpropd.c: Verify who tries to transmit a database. * appl/popper: Use getarg and krb5_log. * lib/krb5/get_port.c: Add context parameter. Now takes port in host byte order. Sat Aug 30 18:48:19 1997 Johan Danielsson * kdc/connect.c: Add timeout to select, and log about expired tcp connections. * kdc/config.c: Add `database' option. * kdc/hpropd.c: Log about duplicate entries. * lib/hdb/{db,ndbm}.c: Use common routines. * lib/hdb/common.c: Implement more generic fetch/store/delete functions. * lib/hdb/hdb.h: Add `replace' parameter to store. * kdc/connect.c: Set filedecriptor to -1 on allocated decriptor entries. Fri Aug 29 03:13:23 1997 Assar Westerlund * lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket * aux/make-proto.pl: fix __P for stone age mode Fri Aug 29 02:45:46 1997 Johan Danielsson * lib/45/mk_req.c: implementation of krb_mk_req that uses 524 protocol * lib/krb5/init_creds_pw.c: make change_password and get_init_creds_common static * lib/krb5/krb5.h: Merge stuff from removed headerfiles. * lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops * lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops Fri Aug 29 01:45:25 1997 Johan Danielsson * lib/krb5/krb5.h: Remove all prototypes. * lib/krb5/convert_creds.c: Use `struct credentials' instead of `CREDENTIALS'. Fri Aug 29 00:08:18 1997 Assar Westerlund * lib/asn1/gen_glue.c: new file. generates 2int and int2 functions and units for bit strings. * admin/util.c: flags2int, int2flags, and flag_units are now generated by asn1_compile * lib/roken/parse_units.c: generalised `parse_units' and `unparse_units' and added new functions `parse_flags' and `unparse_flags' that use these * lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h * admin/util.c: Use {un,}parse_flags for printing and parsing hdbflags. Thu Aug 28 03:26:12 1997 Assar Westerlund * lib/krb5/get_addrs.c: restructured * lib/krb5/warn.c (_warnerr): leak less memory * lib/hdb/hdb.c (hdb_free_entry): zero keys (hdb_check_db_format): leak less memory * lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement NDBM__get, NDBM__put * lib/hdb/db.c (DB_seq): check for valid hdb_entries Thu Aug 28 02:06:58 1997 Johan Danielsson * lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets. Thu Aug 28 01:13:17 1997 Assar Westerlund * kuser/kinit.1, klist.1, kdestroy.1: new man pages * kpasswd/kpasswd.1, kpasswdd.8: new man pages * kdc/kstash.8, hprop.8, hpropd.8: new man pages * admin/ktutil.8, admin/kdb_edit.8: new man pages * admin/mod.c: new file * admin/life.c: renamed gettime and puttime to getlife and putlife and moved them to life.c * admin/util.c: add print_flags, parse_flags, init_entry, set_created_by, set_modified_by, edit_entry, set_password. Use them. * admin/get.c: use print_flags * admin: removed unused stuff. use krb5_{warn,err}* * admin/ank.c: re-organized and abstracted. * admin/gettime.c: removed Thu Aug 28 00:37:39 1997 Johan Danielsson * lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply. * lib/roken/base64.c: Add base64 functions. * kdc/connect.c lib/krb5/send_to_kdc.c: Add http support. Wed Aug 27 00:29:20 1997 Johan Danielsson * include/Makefile.am: Don't make links to built files. * admin/kdb_edit.c: Add command to set the database path. * lib/hdb: Include version number in database. Tue Aug 26 20:14:54 1997 Johan Danielsson * admin/ktutil: Merged v4 srvtab conversion. Mon Aug 25 23:02:18 1997 Assar Westerlund * lib/roken/roken.h: add F_OK * lib/gssapi/acquire_creds.c: fix typo * configure.in: call AC_TYPE_MODE_T * acinclude.m4: Add AC_TYPE_MODE_T Sun Aug 24 16:46:53 1997 Assar Westerlund * Release 0.0f Sun Aug 24 08:06:54 1997 Assar Westerlund * appl/rsh/rshd.c: syslog remote shells * appl/popper/pop_pass.c: log poppers * kdc/kaserver.c: some more checks * kpasswd/kpasswd.c: removed `-p' * kuser/kinit.c: removed `-p' * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again. * lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out krb-error text * lib/gssapi/import_name.c (input_name): more names types. * admin/load.c (parse_keys): handle the case of an empty salt * kdc/kaserver.c: fix up memory deallocation * kdc/kaserver.c: quick hack at talking kaserver protocol * kdc/kerberos4.c: Make `db-fetch4' global * configure.in: add --enable-kaserver * kdc/rx.h, kdc/kerberos4.h: new header files * lib/krb5/principal.c: fix krb5_build_principal_ext & c:o Sun Aug 24 03:52:44 1997 Johan Danielsson * lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific type conflicts. * lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits. * lib/des/{md4,md5,sha}.c: Now works on Crays. Sat Aug 23 18:15:01 1997 Johan Danielsson * appl/afsutil/afslog.c: If no cells or files specified, get tokens for all local cells. Better test for files. Thu Aug 21 23:33:38 1997 Assar Westerlund * lib/gssapi/v1.c: new file with v1 compatibility functions. Thu Aug 21 20:36:13 1997 Johan Danielsson * lib/kafs/afskrb5.c: Don't check ticket file for afs ticket. * kdc/kerberos4.c: Check database when converting v4 principals. * kdc/kerberos5.c: Include kvno in Ticket. * lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData. * kuser/klist.c: Print version number of ticket, include more flags. Wed Aug 20 21:26:58 1997 Johan Danielsson * lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for expiration. Wed Aug 20 17:40:31 1997 Assar Westerlund * lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff there's an error. * lib/krb5/sendauth.c (krb5_sendauth): correct the protocol documentation and process KRB-ERROR's Tue Aug 19 20:41:30 1997 Johan Danielsson * kdc/kerberos4.c: Fix memory leak in v4 protocol handler. Mon Aug 18 05:15:09 1997 Assar Westerlund * lib/gssapi/accept_sec_context.c: Added `gsskrb5_register_acceptor_identity' Sun Aug 17 01:40:20 1997 Assar Westerlund * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't always pass server == NULL to krb5_rd_req. * lib/gssapi: new files: canonicalize_name.c export_name.c context_time.c compare_name.c release_cred.c acquire_cred.c inquire_cred.c, from Luke Howard * lib/krb5/config_file.c: Add netinfo support from Luke Howard * lib/editline/sysunix.c: sgtty-support from Luke Howard * lib/krb5/principal.c: krb5_sname_to_principal fix from Luke Howard Sat Aug 16 00:44:47 1997 Assar Westerlund * Release 0.0e Sat Aug 16 00:23:46 1997 Johan Danielsson * appl/afsutil/afslog.c: Use new libkafs. * lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol. * lib/krb5/warn.c: Fix format string for *x type. Fri Aug 15 22:15:01 1997 Assar Westerlund * admin/get.c (get_entry): print more information about the entry * lib/des/Makefile.am: build destest, mdtest, des, rpw, speed * lib/krb5/config_file.c: new functions `krb5_config_get_time' and `krb5_config_vget_time'. Use them. Fri Aug 15 00:09:37 1997 Johan Danielsson * admin/ktutil.c: Keytab manipulation program. * lib/krb5/keytab.c: Return sane values from resolve and start_seq_get. * kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'. * lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using krb524_convert_creds_kdc. * lib/krb5/convert_creds.c: Implementation of krb524_convert_creds_kdc. * lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL * kdc/524.c: A somewhat working 524-protocol module. * kdc/kerberos4.c: Add version 4 ticket encoding and encryption functions. * lib/krb5/context.c: Fix kdc_timeout. * lib/hdb/{ndbm,db}.c: Free name in close. * kdc/kerberos5.c (tgs_check_autenticator): Return error code Thu Aug 14 21:29:03 1997 Johan Danielsson * kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply. * lib/krb5/store_emem.c: Fix reallocation bug. Tue Aug 12 01:29:46 1997 Assar Westerlund * appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c, appl/rshd/rshd.c: Use `krb5_sock_to_principal'. Send server parameter to krb5_rd_req/krb5_recvauth. Set addresses in auth_context. * lib/krb5/recvauth.c: Set addresses in auth_context if there aren't any * lib/krb5/auth_context.c: New function `krb5_auth_con_setaddrs_from_fd' * lib/krb5/sock_principal.c: new function `krb5_sock_to_principal' * lib/krb5/time.c: new file with `krb5_timeofday' and `krb5_us_timeofday'. Use these functions. * kuser/klist.c: print KDC offset iff verbose * lib/krb5/get_in_tkt.c: implement KDC time offset and use it if [libdefaults]kdc_timesync is set. * lib/krb5/fcache.c: Implement version 4 of the ccache format. Mon Aug 11 05:34:43 1997 Assar Westerlund * lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory * lib/krb5/principal.c (krb5_unparse_name): allocate memory properly * kpasswd/kpasswd.c: Use `krb5_change_password' * lib/krb5/init_creds_pw.c (init_cred): set realm of server correctly. * lib/krb5/init_creds_pw.c: support changing of password when it has expired * lib/krb5/changepw.c: new file * kuser/klist.c: use getarg * admin/init.c (init): add `kadmin/changepw' Mon Aug 11 04:30:47 1997 Johan Danielsson * lib/krb5/get_cred.c: Make get_credentials handle cross-realm. Mon Aug 11 00:03:24 1997 Assar Westerlund * lib/krb5/config_file.c: implement support for #-comments Sat Aug 9 02:21:46 1997 Johan Danielsson * kdc/hprop*.c: Add database propagation programs. * kdc/connect.c: Max request size. Sat Aug 9 00:47:28 1997 Assar Westerlund * lib/otp: resurrected from krb4 * appl/push: new program for fetching mail with POP. * appl/popper/popper.h: new include files. new fields in `POP' * appl/popper/pop_pass.c: Implement both v4 and v5. * appl/popper/pop_init.c: Implement both v4 and v5. * appl/popper/pop_debug.c: use getarg. Talk both v4 and v5 * appl/popper: Popper from krb4. * configure.in: check for inline and generate files in appl/popper, appl/push, and lib/otp Fri Aug 8 05:51:02 1997 Assar Westerlund * lib/krb5/get_cred.c: clean-up and try to free memory even when there're errors * lib/krb5/get_cred.c: adapt to new `extract_ticket' * lib/krb5/get_in_tkt.c: reorganize. check everything and try to return memory even if there are errors. * kuser/kverify.c: new file * lib/krb5/free_host_realm.c: new file * lib/krb5/principal.c (krb5_sname_to_principal): implement different nametypes. Also free memory. * lib/krb5/verify_init.c: more functionality * lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum * lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the principals in creds. Should also compare them with that received from the KDC * lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated krb5_ccache (krb5_cc_destroy): call krb5_cc_close (krb5_cc_retrieve_cred): delete the unused creds Fri Aug 8 02:30:40 1997 Johan Danielsson * lib/krb5/log.c: Allow better control of destinations of logging (like passing explicit destinations, and log-functions). Fri Aug 8 01:20:39 1997 Assar Westerlund * lib/krb5/get_default_principal.c: new file * kpasswd/kpasswdd.c: use krb5_log* Fri Aug 8 00:37:47 1997 Johan Danielsson * lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab. Fri Aug 8 00:37:17 1997 Assar Westerlund * lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'. Print password expire information. * kdc/config.c: new variable `kdc_warn_pwexpire' * kpasswd/kpasswd.c: converted to getarg and get_init_creds Thu Aug 7 22:17:09 1997 Assar Westerlund * lib/krb5/mcache.c: new file * admin/gettime.c: new function puttime. Use it. * lib/krb5/keyblock.c: Added krb5_free_keyblock and krb5_copy_keyblock * lib/krb5/init_creds_pw.c: more functionality * lib/krb5/creds.c: Added krb5_free_creds_contents and krb5_copy_creds. Changed callers. * lib/krb5/config_file.c: new functions krb5_config_get and krb5_config_vget * lib/krb5/cache.c: cleanup added mcache * kdc/kerberos5.c: include last-req's of type 6 and 7, if applicable Wed Aug 6 20:38:23 1997 Johan Danielsson * lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'. Tue Aug 5 22:53:54 1997 Assar Westerlund * lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c, prompter_posix.c: the beginning of an implementation of the cygnus initial-ticket API. * lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global * lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is almost krb5_get_in_tkt but doesn't write the creds to the ccache. Small fixes in krb5_get_in_tkt * lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include loopback. Mon Aug 4 20:20:48 1997 Johan Danielsson * kdc: Make context global. Fri Aug 1 17:23:56 1997 Assar Westerlund * Release 0.0d * lib/roken/flock.c: new file * kuser/kinit.c: check for and print expiry information in the `kdc_rep' * lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL * kdc/kerberos5.c: Check the valid times on client and server. Check the password expiration. Check the require_preauth flag. Send an lr_type == 6 with pw_end. Set key.expiration to min(valid_end, pw_end) * lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw' * admin/util.c, admin/load.c: handle the new flags. Fri Aug 1 16:56:12 1997 Johan Danielsson * lib/hdb: Add some simple locking. Sun Jul 27 04:44:31 1997 Johan Danielsson * lib/krb5/log.c: Add some general logging functions. * kdc/kerberos4.c: Add version 4 protocol handler. The requrement for this to work is that all involved principals has a des key in the database, and that the client has a version 4 (un-)salted key. Furthermore krb5_425_conv_principal has to do it's job, as present it's not very clever. * lib/krb5/principal.c: Quick patch to make 425_conv work somewhat. * lib/hdb/hdb.c: Add keytype->key and next key functions. Fri Jul 25 17:32:12 1997 Assar Westerlund * lib/krb5/build_auth.c (krb5_build_authenticator): don't free `cksum'. It's allocated and freed by the caller * lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'. * kdc/kerberos5.c (tgs_rep2): make sure we also have an defined `client' to return as part of the KRB-ERROR * appl/rsh/rshd.c: implement forwarding * appl/rsh/rsh.c: Use getarg. Implement forwarding. Thu Jul 24 08:13:59 1997 Johan Danielsson * kdc/kerberos5.c: Unseal keys from database before use. * kdc/misc.c: New functions set_master_key, unseal_key and free_key. * lib/roken/getarg.c: Handle `-f arg' correctly. Thu Jul 24 01:54:43 1997 Assar Westerlund * kuser/kinit.c: implement `-l' aka `--lifetime' * lib/roken/parse_units.c, parse_time.c: new files * admin/gettime.c (gettime): use `parse_time' * kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA. * kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set addresses in auth_context bind one socket per interface. * kpasswd/kpasswd.c: use sequence numbers * lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying the timestamps * lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key from auth_context * lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key from auth_context * lib/krb5/mk_error.c (krb5_mk_error): return an error number and not a comerr'd number. * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error number in KRB-ERROR correctly. * lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error number in KRB-ERROR correctly. * lib/asn1/k5.asn1: Add `METHOD-DATA' * removed some memory leaks. Wed Jul 23 07:53:18 1997 Assar Westerlund * Release 0.0c * lib/krb5/rd_cred.c, get_for_creds.c: new files * lib/krb5/get_host_realm.c: try default realm as last chance * kpasswd/kpasswdd.c: updated to hdb changes * appl/telnet/libtelnet/kerberos5.c: Implement forwarding * appl/telnet/libtelnet: removed totally unused files * admin/ank.c: fix prompts and generation of random keys Wed Jul 23 04:02:32 1997 Johan Danielsson * admin/dump.c: Include salt in dump. * admin: Mostly updated for new db-format. * kdc/kerberos5.c: Update to use new db format. Better checking of flags and such. More logging. * lib/hdb/hdb.c: Use generated encode and decode functions. * lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code. * lib/krb5/get_cred.c: Get addresses from krbtgt if there are none in the reply. Sun Jul 20 16:22:30 1997 Assar Westerlund * kuser/kinit.c: break if des_read_pw_string() != 0 * kpasswd/kpasswdd.c: send a reply * kpasswd/kpasswd.c: restructured code. better report on krb-error break if des_read_pw_string() != 0 * kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for starttime and renew_till * appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a keyblock to krb5_verify_chekcsum Sun Jul 20 06:35:46 1997 Johan Danielsson * Release 0.0b * kpasswd/kpasswd.c: Avoid using non-standard struct names. Sat Jul 19 19:26:23 1997 Assar Westerlund * lib/krb5/keytab.c (krb5_kt_get_entry): check return from `krb5_kt_start_seq_get'. From Sat Jul 19 04:07:39 1997 Johan Danielsson * lib/asn1/k5.asn1: Update with more pa-data types from draft-ietf-cat-kerberos-revisions-00.txt * admin/load.c: Update to match current db-format. * kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving up. Send back an empty pa-data if the client has the v4 flag set. * lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted pa-data. DTRT if there is any pa-data in the reply. * lib/krb5/str2key.c: XOR with some sane value. * lib/hdb/hdb.h: Add `version 4 salted key' flag. * kuser/kinit.c: Ask for password before calling get_in_tkt. This makes it possible to call key_proc more than once. * kdc/string2key.c: Add flags to output version 5 (DES only), version 4, and AFS string-to-key of a password. * lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or ENOMEM). Fri Jul 18 02:54:58 1997 Assar Westerlund * lib/krb5/get_host_realm.c (krb5_get_host_realm): do the name2name thing * kdc/misc.c: check result of hdb_open * admin/kdb_edit: updated to new sl * lib/sl: sl_func now returns an int. != 0 means to exit. * kpasswd/kpasswdd: A crude (but somewhat working) implementation of `draft-ietf-cat-kerb-chg-password-00.txt' Fri Jul 18 00:55:39 1997 Johan Danielsson * kuser/krenew.c: Crude ticket renewing program. * kdc/kerberos5.c: Rewritten flags parsing, it now might work to get forwarded and renewed tickets. * kuser/kinit.c: Add `-r' flag. * lib/krb5/get_cred.c: Move most of contents of get_creds to new function get_kdc_cred, that always contacts the kdc and doesn't save in the cache. This is a hack. * lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request (a bit kludgy). * lib/krb5/mk_req_ext.c: Make an auth_context if none passed in. * lib/krb5/send_to_kdc.c: Get timeout from context. * lib/krb5/context.c: Add kdc_timeout to context struct. Thu Jul 17 20:35:45 1997 Johan Danielsson * kuser/klist.c: Print start time of ticket if available. * lib/krb5/get_host_realm.c: Return error if no realm was found. Thu Jul 17 20:28:21 1997 Assar Westerlund * kpasswd: non-working kpasswd added Thu Jul 17 00:21:22 1997 Johan Danielsson * Release 0.0a * kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement. Wed Jul 16 03:37:41 1997 Johan Danielsson * kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req. * lib/krb5/auth_context.c (krb5_auth_con_free): Free remote subkey. * lib/krb5/principal.c (krb5_free_principal): Check for NULL. * lib/krb5/send_to_kdc.c: Check for NULL return from gethostbyname. * lib/krb5/set_default_realm.c: Try to get realm of local host if no default realm is available. * Remove non ASN.1 principal code. Wed Jul 16 03:17:30 1997 Johan Danielsson * kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better error handing. Do some logging. * kdc/log.c: Some simple logging facilities. * kdc/misc.c (db_fetch): Take a krb5_principal. * kdc/connect.c: Pass address of request to as_rep and tgs_rep. Send KRB-ERROR. * lib/krb5/mk_error.c: Add more fields. * lib/krb5/get_cred.c: Print normal error code if no e_text is available. Wed Jul 16 03:07:50 1997 Assar Westerlund * lib/krb5/get_in_tkt.c: implement `krb5_init_etype'. Change encryption type of pa_enc_timestamp to DES-CBC-MD5 * lib/krb5/context.c: recognize all encryption types actually implemented * lib/krb5/auth_context.c (krb5_auth_con_init): Change default encryption type to `DES_CBC_MD5' * lib/krb5/read_message.c, write_message.c: new files Tue Jul 15 17:14:21 1997 Assar Westerlund * lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'. * lib/error/compile_et.awk: generate a prototype for the `destroy_foo_error_table' function. Mon Jul 14 12:24:40 1997 Assar Westerlund * lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also with `kerberos.REALM' * kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use `max_skew' * lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator subkey * lib/krb5/build_auth.c (krb5_build_authenticator): always generate a subkey. * lib/krb5/address.c: implement `krb5_address_order' * lib/gssapi/import_name.c: Implement `gss_import_name' * lib/gssapi/external.c: Use new OID * lib/gssapi/encapsulate.c: New functions `gssapi_krb5_encap_length' and `gssapi_krb5_make_header'. Changed callers. * lib/gssapi/decapsulate.c: New function `gssaspi_krb5_verify_header'. Changed callers. * lib/asn1/gen*.c: Give tags to generated structs. Use `err' and `asprintf' * appl/test/gss_common.c: new file * appl/test/gssapi_server.c: removed all krb5 calls * appl/telnet/libtelnet/kerberos5.c: Add support for genering and verifying checksums. Also start using session subkeys. Mon Jul 14 12:08:25 1997 Johan Danielsson * lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up. Sun Jul 13 03:07:44 1997 Assar Westerlund * lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT * lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and `DES_encrypt_key_ivec' * lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des * kdc/kerberos5.c (tgs_rep): support keyed checksums * lib/krb5/creds.c: new file * lib/krb5/get_in_tkt.c: better freeing * lib/krb5/context.c (krb5_free_context): more freeing * lib/krb5/config_file.c: New function `krb5_config_file_free' * lib/error/compile_et.awk: Generate a `destroy_' function. * kuser/kinit.c, klist.c: Don't leak memory. Sun Jul 13 02:46:27 1997 Johan Danielsson * kdc/connect.c: Check filedescriptor in select. * kdc/kerberos5.c: Remove most of the most common memory leaks. * lib/krb5/rd_req.c: Free allocated data. * lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of fields. Sun Jul 13 00:32:16 1997 Assar Westerlund * appl/telnet, appl/rsh: Conditionalize the krb4-support. * configure.in: Test for krb4 Sat Jul 12 17:14:12 1997 Assar Westerlund * kdc/kerberos5.c: check if the pre-auth was decrypted properly. set the `pre_authent' flag * lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce. * lib/krb5/encrypt.c: Made `generate_random_block' global. * appl/test: Added gssapi_client and gssapi_server. * lib/krb5/data.c: Add `krb5_data_zero' * appl/test/tcp_client.c: try `mk_safe' and `mk_priv' * appl/test/tcp_server.c: try `rd_safe' and `rd_priv' Sat Jul 12 16:45:58 1997 Johan Danielsson * lib/krb5/get_addrs.c: Fix for systems that has sa_len, but returns zero length from SIOCGIFCONF. Sat Jul 12 16:38:34 1997 Assar Westerlund * appl/test: new programs * lib/krb5/rd_req.c: add address compare * lib/krb5/mk_req_ext.c: allow no checksum * lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string * lib/krb5/address.c: fix `krb5_address_compare' Sat Jul 12 15:03:16 1997 Johan Danielsson * lib/krb5/get_addrs.c: Fix ip4 address extraction. * kuser/klist.c: Add verbose flag, and split main into smaller pieces. * lib/krb5/fcache.c: Save ticket flags. * lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and flags. * lib/krb5/krb5.h: Add ticket_flags to krb5_creds. Sat Jul 12 13:12:48 1997 Assar Westerlund * configure.in: Call `AC_KRB_PROG_LN_S' * acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4 Sat Jul 12 00:57:01 1997 Johan Danielsson * lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to pass options. Fri Jul 11 15:04:22 1997 Assar Westerlund * appl/telnet: telnet & telnetd seems to be working. * lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed krb5_config_vget_next * appl/telnet/libtelnet/kerberos5.c: update to current API Thu Jul 10 14:54:39 1997 Assar Westerlund * appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call `krb5_kuserok' * appl/telnet: Added. Thu Jul 10 05:09:25 1997 Johan Danielsson * lib/error/compile_et.awk: Remove usage of sub, gsub, and functions for compatibility with awk. * include/bits.c: Must use signed char. * lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets here. * lib/error/error.c: Replace krb5_get_err_text with new function com_right. * lib/error/compile_et.awk: Avoid using static variables. * lib/error/error.c: Don't use krb5_locl.h * lib/error/error.h: Move definitions of error_table and error_list from krb5.h. * lib/error: Moved from lib/krb5. Wed Jul 9 07:42:04 1997 Johan Danielsson * lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data. Wed Jul 9 06:58:00 1997 Assar Westerlund * appl/rsh/rsh.c: use the correct user for the checksum * lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff according to pseudocode from 1510 Wed Jul 9 06:06:06 1997 Johan Danielsson * lib/hdb/hdb.c: Add hdb_etype2key. * kdc/kerberos5.c: Check authenticator. Use more general etype functions. Wed Jul 9 03:51:12 1997 Assar Westerlund * lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to draft-ietf-cat-kerberos-r-00.txt * lib/krb5/principal.c (krb5_parse_name): default to local realm if none given * kuser/kinit.c: New option `-p' and prompt Wed Jul 9 02:30:06 1997 Johan Danielsson * lib/krb5/keyblock.c: Keyblock generation functions. * lib/krb5/encrypt.c: Use functions from checksum.c. * lib/krb5/checksum.c: Move checksum functions here. Add krb5_cksumsize function. Wed Jul 9 01:15:38 1997 Assar Westerlund * lib/krb5/get_host_realm.c: implemented * lib/krb5/config_file.c: Redid part. New functions: krb5_config_v?get_next * kuser/kdestroy.c: new program * kuser/kinit.c: new flag `-f' * lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress * acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN * lib/krb5/krb5.h: krb5_addresses == HostAddresses. Changed all users. * lib/krb5/get_addrs.c: figure out all local addresses, possibly even IPv6! * lib/krb5/checksum.c: table-driven checksum Mon Jul 7 21:13:28 1997 Johan Danielsson * lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as krb5_encrypt. Mon Jul 7 11:15:51 1997 Assar Westerlund * lib/roken/vsyslog.c: new file * lib/krb5/encrypt.c: add des-cbc-md4. adjust krb5_encrypt and krb5_decrypt to reality * appl/rsh/rshd.c: Now works. Also implementd encryption and `-p'. * appl/rsh/common.c: new file Mon Jul 7 02:46:31 1997 Johan Danielsson * lib/krb5/encrypt.c: Implement as a vector of function pointers. * lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and des-cbc-md5 in separate functions. * lib/krb5/krb5.h: Add more checksum and encryption types. * lib/krb5/krb5_locl.h: Add etype to krb5_decrypt. Sun Jul 6 23:02:59 1997 Assar Westerlund * lib/krb5/[gs]et_default_realm.c, kuserok.c: new files * lib/krb5/config_file.[ch]: new c-based configuration reading stuff Wed Jul 2 23:12:56 1997 Assar Westerlund * configure.in: Set WFLAGS if using gcc Wed Jul 2 17:47:03 1997 Johan Danielsson * lib/asn1/der_put.c (der_put_int): Return size correctly. * admin/ank.c: Be compatible with the asn1 principal format. Wed Jul 1 23:52:20 1997 Johan Danielsson * lib/asn1: Now all decode_* and encode_* functions now take a final size_t* argument, that they return the size in. Return values are zero for success, and anything else (such as some ASN1_* constant) for error. Mon Jun 30 06:08:14 1997 Assar Westerlund * appl/rsh: New program. * lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to O_WRONLY | O_APPEND * lib/krb5/get_cred.c: removed stale prototype for `extract_ticket' and corrected call. * lib/asn1/gen_length.c (length_type): Make the length functions for SequenceOf non-destructive * admin/ank.c (doit): Fix reading of `y/n'. Mon Jun 16 05:41:43 1997 Assar Westerlund * lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number * lib/gssapi/get_mic.c, verify_mic.c: Add sequence number. * lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set KRB5_AUTH_CONTEXT_DO_SEQUENCE. Verify 8003 checksum. * lib/gssapi/8003.c: New file. * lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1 Authenticator. * lib/krb5/auth_context.c: New functions `krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber' Tue Jun 10 00:35:54 1997 Johan Danielsson * lib/krb5: Preapre for use of some asn1-types. * lib/asn1/*.c (copy_*): Constness. * lib/krb5/krb5.h: Include asn1.h; krb5_data is now an octet_string. * lib/asn1/der*,gen.c: krb5_data -> octet_string, char * -> general_string * lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't have anything to do with asn1_compile. * lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes. Sun Jun 8 03:51:55 1997 Assar Westerlund * kdc/kerberos5.c: Fix PA-ENC-TS-ENC * kdc/connect.c(process_request): Set `new' * lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way. * lib: Added editline,sl,roken. Mon Jun 2 00:37:48 1997 Johan Danielsson * lib/krb5/fcache.c: Move file cache from cache.c. * lib/krb5/cache.c: Allow more than one cache type. Sun Jun 1 23:45:33 1997 Johan Danielsson * admin/extkeytab.c: Merged with kdb_edit. Sun Jun 1 23:23:08 1997 Assar Westerlund * kdc/kdc.c: more support for ENC-TS-ENC * lib/krb5/get_in_tkt.c: redone to enable pre-authentication Sun Jun 1 22:45:11 1997 Johan Danielsson * lib/hdb/db.c: Merge fetch and store. * admin: Merge to one program. * lib/krb5/str2key.c: Fill in keytype and length. Sun Jun 1 16:31:23 1997 Assar Westerlund * lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c, lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for KRB5_AUTH_CONTEXT_DO_SEQUENCE * lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an KRB_ERROR. Some support for PA_ENC_TS_ENC. * lib/krb5/auth_context.c: implemented seq_number functions * lib/krb5/generate_subkey.c, generate_seq_number.c: new files * lib/gssapi/gssapi.h: avoid including * lib/asn1/Makefile.am: SUFFIXES as a variable to make automake happy * kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP * configure.in: adapted to automake 1.1p Mon May 26 22:26:21 1997 Johan Danielsson * lib/krb5/principal.c: Add contexts to many functions. Thu May 15 20:25:37 1997 Johan Danielsson * lib/krb5/verify_user.c: First stab at a verify user. * lib/auth/sia/sia5.c: SIA module for Kerberos 5. Mon Apr 14 00:09:03 1997 Assar Westerlund * lib/gssapi: Enough of a gssapi-over-krb5 implementation to be able to (mostly) run gss-client and gss-server. * lib/krb5/keytab.c: implemented krb5_kt_add_entry, krb5_kt_store_principal, krb5_kt_store_keyblock * lib/des/md5.[ch], sha.[ch]: new files * lib/asn1/der_get.c (generalizedtime2time): use `timegm' * lib/asn1/timegm.c: new file * admin/extkeytab.c: new program * admin/admin_locl.h: new file * admin/Makefile.am: Added extkeytab * configure.in: moved config to include removed timezone garbage added lib/gssapi and admin * Makefile.am: Added admin Mon Mar 17 11:34:05 1997 Johan Danielsson * kdc/kdc.c: Use new copying functions, and free some data. * lib/asn1/Makefile.am: Try to not always rebuild generated files. * lib/asn1/der_put.c: Add fix_dce(). * lib/asn1/der_{get,length,put}.c: Fix include files. * lib/asn1/der_free.c: Remove unused functions. * lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free, gen_length, and gen_copy. Sun Mar 16 18:13:52 1997 Assar Westerlund * lib/krb5/sendauth.c: implemented functionality * lib/krb5/rd_rep.c: Use `krb5_decrypt' * lib/krb5/cache.c (krb5_cc_get_name): return default if `id' == NULL * lib/krb5/principal.c (krb5_free_principal): added `context' argument. Changed all callers. (krb5_sname_to_principal): new function * lib/krb5/auth_context.c (krb5_free_authenticator): add `context' argument. Changed all callers * lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files * lib/asn1/gen.c: Fix encoding and decoding of BitStrings Fri Mar 14 11:29:00 1997 Assar Westerlund * configure.in: look for *dbm? * lib/asn1/gen.c: Fix filename in generated files. Check fopens. Put trailing newline in asn1_files. Fri Mar 14 05:06:44 1997 Johan Danielsson * lib/krb5/get_in_tkt.c: Fix some memory leaks. * lib/krb5/krbhst.c: Properly free hostlist. * lib/krb5/decrypt.c: CRCs are 32 bits. Fri Mar 14 04:39:15 1997 Johan Danielsson * lib/asn1/gen.c: Generate one file for each type. Fri Mar 14 04:13:47 1997 Assar Westerlund * lib/asn1/gen.c: Generate `length_FOO' functions * lib/asn1/der_length.c: new file * kuser/klist.c: renamed stime -> printable_time to avoid conflict on HP/UX Fri Mar 14 03:37:23 1997 Johan Danielsson * lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free datums. Don't add .db to filename. Fri Mar 14 02:49:51 1997 Johan Danielsson * kdc/dump.c: Database dump program. * kdc/ank.c: Trivial database editing program. * kdc/{kdc.c, load.c}: Use libhdb. * lib/hdb: New database routine library. * lib/krb5/error/Makefile.am: Add hdb_err. Wed Mar 12 17:41:14 1997 Johan Danielsson * kdc/kdc.c: Rewritten AS, and somewhat more working TGS support. * lib/asn1/gen.c: Generate free functions. * Some specific free functions. Wed Mar 12 12:30:13 1997 Assar Westerlund * lib/krb5/krb5_mk_req_ext.c: new file * lib/asn1/gen.c: optimize the case with a simple type * lib/krb5/get_cred.c (krb5_get_credentials): Use `mk_req_extended' and remove old code. * lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an EncASRepPart, then with an EncTGSRepPart. Wed Mar 12 08:26:04 1997 Johan Danielsson * lib/krb5/store_emem.c: New resizable memory storage. * lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c * lib/krb5/krb5.h: Add free entry to krb5_storage. * lib/krb5/decrypt.c: Make keyblock const. Tue Mar 11 20:22:17 1997 Johan Danielsson * lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket. * lib/krb5/rd_req.c: Return whole asn.1 ticket in krb5_ticket->tkt. * lib/krb5/get_in_tkt.c: TGS -> AS * kuser/kfoo.c: Print error string rather than number. * kdc/kdc.c: Some kind of non-working TGS support. Mon Mar 10 01:43:22 1997 Assar Westerlund * lib/asn1/gen.c: reduced generated code by 1/5 * lib/asn1/der_put.c: (der_put_length_and_tag): new function * lib/asn1/der_get.c (der_match_tag_and_length): new function * lib/asn1/der.h: added prototypes Mon Mar 10 01:15:43 1997 Johan Danielsson * lib/krb5/krb5.h: Include . Add prototype for krb5_rd_req_with_keyblock. * lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that takes a precomputed keyblock. * lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code. * lib/krb5/mk_req.c: Calculate checksum of in_data. Sun Mar 9 21:17:58 1997 Johan Danielsson * lib/krb5/error/compile_et.awk: Add a declaration of struct error_list, and multiple inclusion block to header files. Sun Mar 9 21:01:12 1997 Assar Westerlund * lib/krb5/rd_req.c: do some checks on times * lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c, address.c}: new files * lib/krb5/auth_context.c: more code * configure.in: try to figure out timezone Sat Mar 8 11:41:07 1997 Johan Danielsson * lib/krb5/error/error.c: Try strerror if error code wasn't found. * lib/krb5/get_in_tkt.c: Remove realm parameter from krb5_get_salt. * lib/krb5/context.c: Initialize error table. * kdc: The beginnings of a kdc. Sat Mar 8 08:16:28 1997 Assar Westerlund * lib/krb5/rd_safe.c: new file * lib/krb5/checksum.c (krb5_verify_checksum): New function * lib/krb5/get_cred.c: use krb5_create_checksum * lib/krb5/checksum.c: new file * lib/krb5/store.c: no more arithmetic with void* * lib/krb5/cache.c: now seems to work again Sat Mar 8 06:58:09 1997 Johan Danielsson * lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5. * lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c. * lib/krb5/asn1_glue.c: Moved some asn1-stuff here. * lib/krb5/{cache,keytab}.c: Use new storage functions. * lib/krb5/krb5.h: Protypes for new storage functions. * lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write data to more than file descriptors. Sat Mar 8 01:01:17 1997 Assar Westerlund * lib/krb5/encrypt.c: New file. * lib/krb5/Makefile.am: More -I * configure.in: Test for big endian, random, rand, setitimer * lib/asn1/gen.c: perhaps even decodes bitstrings Thu Mar 6 19:05:29 1997 Johan Danielsson * lib/krb5/config_file.y: Better return values on error. Sat Feb 8 15:59:56 1997 Assar Westerlund * lib/asn1/parse.y: ifdef HAVE_STRDUP * lib/asn1/lex.l: ifdef strdup brange-dead version of list of special characters to make stupid lex accept it. * lib/asn1/gen.c: A DER integer should really be a `unsigned' * lib/asn1/der_put.c: A DER integer should really be a `unsigned' * lib/asn1/der_get.c: A DER integer should really be a `unsigned' * lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is needed. * lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c, lib/krb/store.h: new files. * lib/krb5/keytab.c: now even with some functionality. * lib/asn1/gen.c: changed paramater from void * to Foo * * lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty string. Sun Jan 19 06:17:39 1997 Assar Westerlund * lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in cc before getting new ones. * lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype. * lib/krb5/build_auth.c (krb5_build_authenticator): It seems the CRC should be stored LSW first. (?) * lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and `krb5_free_keyblock' * lib/**/Makefile.am: Rename foo libfoo.a * include/Makefile.in: Use test instead of [ -e does not work with /bin/sh on psoriasis * configure.in: Search for awk create lib/krb/error/compile_et Tue Jan 14 03:46:26 1997 Assar Westerlund * lib/krb5/Makefile.am: replaced mit-crc.c by crc.c Wed Dec 18 00:53:55 1996 Johan Danielsson * kuser/kinit.c: Guess principal. * lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some warnings. * lib/krb5/error/asn1_err.et: Add ASN.1 error messages. * lib/krb5/mk_req.c: Get client from cache. * lib/krb5/cache.c: Add better error checking some useful return values. * lib/krb5/krb5.h: Fix krb5_auth_context. * lib/asn1/der.h: Make krb5_data compatible with krb5.h Tue Dec 17 01:32:36 1996 Johan Danielsson * lib/krb5/error: Add primitive error library. Mon Dec 16 16:30:20 1996 Johan Danielsson * lib/krb5/cache.c: Get correct address type from cache. * lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.