mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-23 23:21:09 +01:00
ae77177087
several new kerberos related libraries and applications to FreeBSD: o kgetcred(1) allows one to manually get a ticket for a particular service. o kf(1) securily forwards ticket to another host through an authenticated and encrypted stream. o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1) and other user kerberos operations. klist and kswitch are just symlinks to kcc(1) now. o kswitch(1) allows you to easily switch between kerberos credentials if you're running KCM. o hxtool(1) is a certificate management tool to use with PKINIT. o string2key(1) maps a password into key. o kdigest(8) is a userland tool to access the KDC's digest interface. o kimpersonate(8) creates a "fake" ticket for a service. We also now install manpages for some lirbaries that were not installed before, libheimntlm and libhx509. - The new HEIMDAL version no longer supports Kerberos 4. All users are recommended to switch to Kerberos 5. - Weak ciphers are now disabled by default. To enable DES support (used by telnet(8)), use "allow_weak_crypto" option in krb5.conf. - libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings disabled due to the function they use (krb5_get_err_text(3)) being deprecated. I plan to work on this next. - Heimdal's KDC now require sqlite to operate. We use the bundled version and install it as libheimsqlite. If some other FreeBSD components will require it in the future we can rename it to libbsdsqlite and use for these components as well. - This is not a latest Heimdal version, the new one was released while I was working on the update. I will update it to 1.5.2 soon, as it fixes some important bugs and security issues.
727 lines
21 KiB
Plaintext
727 lines
21 KiB
Plaintext
2002-12-19 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/mk_rep.c: free allocated storage; reported by Howard
|
|
Chu
|
|
|
|
2002-12-08 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/kdc_locl.h: remove old encrypt_v4_ticket prototype
|
|
|
|
2002-12-02 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kpasswd/kpasswdd.c (doit): initialise sa_size to size of
|
|
sockaddr_storage
|
|
|
|
* kdc/connect.c (init_socket): initialise sa_size to size of
|
|
sockaddr_storage
|
|
|
|
2002-11-15 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/krb5.h: remove trailing comma in enum
|
|
|
|
2002-11-07 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/524.c: implement crude b2 style (non-)conversion for use
|
|
with afs
|
|
|
|
* kdc/kerberos4.c: move encrypt_v4_ticket to 524.c, since that's
|
|
where it's used
|
|
|
|
2002-10-21 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/keytab_keyfile.c: more strcspn
|
|
|
|
* lib/krb5/store_emem.c (emem_store): limit how much we allocate
|
|
(from Olaf Kirch)
|
|
|
|
* lib/krb5/principal.c: don't allow trailing backslashes in
|
|
components
|
|
|
|
* kdc/connect.c: check that %-quotes are followed by two hex
|
|
digits
|
|
|
|
* lib/krb5/keytab_any.c: properly close the open keytabs (from
|
|
Larry Greenfield)
|
|
|
|
* kdc/kaserver.c: make sure life is positive (from John Godehn)
|
|
|
|
2002-10-17 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kuser/klist.c (display_tokens): allow tokens up to size of
|
|
buffer (from Magnus Holmberg)
|
|
|
|
2002-09-29 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/changepw.c (process_reply): fix reply length check
|
|
calculation (reported by various people)
|
|
|
|
2002-09-24 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/keytab_file.c (fkt_remove_entry): check return value
|
|
from start_seq_get (from Wynn Wilkes)
|
|
|
|
2002-09-19 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/context.c (krb5_set_config_files): return ENXIO instead
|
|
of ENOENT when "unconfigured"
|
|
|
|
2002-09-16 Jacques Vidrine <nectar@kth.se>
|
|
|
|
* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
|
|
to convert the newline to NUL in fgets results.
|
|
|
|
2002-09-13 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kuser/kinit.1: remove unneeded Ns
|
|
|
|
* lib/krb5/krb5_appdefault.3: remove extra "application"
|
|
|
|
* fix-export: remove autom4ate.cache
|
|
|
|
2002-09-10 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* include/make_crypto.c: don't use function macros if possible
|
|
|
|
* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX
|
|
|
|
* include/Makefile.am: use make_crypto to create crypto-headers.h
|
|
|
|
* include/make_crypto.c: crypto header generation tool
|
|
|
|
* configure.in: move crypto test to just after testing for krb4,
|
|
and move roken tests to after both, this speeds up various failure
|
|
cases with krb4
|
|
|
|
* lib/krb5/config_file.c: don't use NULL when we mean 0
|
|
|
|
* configure.in: we don't set package_libdir anymore, so no point
|
|
in testing for it
|
|
|
|
* tools/Makefile.am: subst INCLUDE_des
|
|
|
|
* tools/krb5-config.in: add INCLUDE_des to cflags
|
|
|
|
* configure.in: use AC_CONFIG_SRCDIR
|
|
|
|
* fix-export: remove some unneeded stuff
|
|
|
|
* kuser/kinit.c (do_524init): free principals
|
|
|
|
2002-09-09 Jacques Vidrine <nectar@kth.se>
|
|
|
|
* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
|
|
kdc/kaserver.c (krb5_ret_xdr_data),
|
|
lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
|
|
counts: Check that they are non-negative, and that they are small
|
|
enough to avoid integer overflow when used in memory allocation
|
|
calculations. Potential problem areas pointed out by
|
|
Sebastian Krahmer <krahmer@suse.de>.
|
|
|
|
* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
|
|
creating a new keyfile.
|
|
|
|
2002-09-09 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* configure.in: don't try to build pam module
|
|
|
|
2002-09-05 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* appl/kf/kf.c: fix warning string
|
|
|
|
* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
|
|
know we need it
|
|
|
|
2002-09-04 Assar Westerlund <assar@kth.se>
|
|
|
|
* kdc/kerberos5.c (encode_reply): correct error logging
|
|
|
|
2002-09-04 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/sendauth.c: close ccache if we opened it
|
|
|
|
* appl/kf/kf.c: handle new protocol
|
|
|
|
* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
|
|
handle the new protocol, and bail out if an old client tries to
|
|
connect
|
|
|
|
* appl/kf/kf_locl.h: we need a protocol version string
|
|
|
|
* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE
|
|
|
|
* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE
|
|
|
|
* kdc/hprop.c: set AP_OPTS_USE_SUBKEY
|
|
|
|
* lib/hdb/common.c: use ASN1_MALLOC_ENCODE
|
|
|
|
* lib/asn1/gen.c: add convenience macro that allocates a buffer
|
|
and encoded into that
|
|
|
|
* lib/krb5/get_cred.c (init_tgs_req): use
|
|
in_creds->session.keytype literally instead of trying to convert
|
|
to a list of enctypes (it should already be an enctype)
|
|
|
|
* lib/krb5/get_cred.c (init_tgs_req): init ret
|
|
|
|
2002-09-03 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC
|
|
|
|
* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC
|
|
|
|
* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
|
|
zero ivec in DES3_CBC_encrypt if passed ivec is NULL
|
|
|
|
* lib/krb5/Makefile.am: back out 1.144, since it will re-create
|
|
krb5-protos.h at build-time, which requires perl, which is bad
|
|
|
|
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
|
|
blindly use the local subkey
|
|
|
|
* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
|
|
extracts the required blocksize from a crypto context
|
|
|
|
* lib/krb5/build_auth.c: just get the length of the encoded
|
|
authenticator instead of trying to grow a buffer
|
|
|
|
2002-09-03 Assar Westerlund <assar@kth.se>
|
|
|
|
* configure.in: add --disable-mmap option, and tests for
|
|
sys/mman.h and mmap
|
|
|
|
2002-09-03 Jacques Vidrine <nectar@kth.se>
|
|
|
|
* lib/krb5/changepw.c: verify lengths in response
|
|
|
|
* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
|
|
truncated integers
|
|
|
|
2002-09-02 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/mk_req_ext.c: generate a local subkey if
|
|
AP_OPTS_USE_SUBKEY is set
|
|
|
|
* lib/krb5/build_auth.c: we don't have enough information about
|
|
whether to generate a local subkey here, so don't try to
|
|
|
|
* lib/krb5/auth_context.c: new function
|
|
krb5_auth_con_generatelocalsubkey
|
|
|
|
* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
|
|
initial ticket
|
|
|
|
* lib/krb5/context.c (init_context_from_config_file): simplify
|
|
initialisation of srv_lookup
|
|
|
|
* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY
|
|
|
|
* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY
|
|
|
|
2002-08-30 Assar Westerlund <assar@kth.se>
|
|
|
|
* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
|
|
* lib/krb5/Makefile.am (TESTS): add name-45-test
|
|
* lib/krb5/name-45-test.c: add testcases for
|
|
krb5_425_conv_principal
|
|
|
|
2002-08-29 Assar Westerlund <assar@kth.se>
|
|
|
|
* lib/krb5/parse-name-test.c: also test unparse_short functions
|
|
* lib/asn1/asn1_print.c: use com_err/error_message API
|
|
* lib/krb5/Makefile.am: add parse-name-test
|
|
* lib/krb5/parse-name-test.c: add a program for testing parsing
|
|
and unparsing principal names
|
|
|
|
2002-08-28 Assar Westerlund <assar@kth.se>
|
|
|
|
* kdc/config.c: add missing ifdef DAEMON
|
|
|
|
2002-08-28 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* configure.in: use rk_SUNOS
|
|
|
|
* kdc/config.c: add detach options
|
|
|
|
* kdc/main.c: maybe detach from console?
|
|
|
|
* kdc/kdc.8: markup changes
|
|
|
|
* configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
|
|
|
|
* configure.in: use rk_TELNET, rename some other macros, and don't
|
|
add -ldes to krb4 link command
|
|
|
|
* kuser/kinit.1: whitespace fix (from NetBSD)
|
|
|
|
* include/bits.c: we may need unistd.h for ssize_t
|
|
|
|
2002-08-26 Assar Westerlund <assar@kth.se>
|
|
|
|
* lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
|
|
rrs before A ones when using the resolver to verify a mapping,
|
|
also use getaddrinfo when resolver is not available
|
|
|
|
* lib/hdb/keytab.c (find_db): const-correctness in parameters to
|
|
krb5_config_get_next
|
|
|
|
* lib/asn1/gen.c: include <string.h> in the generated files (for
|
|
memset)
|
|
|
|
2002-08-22 Assar Westerlund <assar@kth.se>
|
|
|
|
* lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
|
|
getarg so that it can handle --help and --version (and thus make
|
|
check can pass)
|
|
|
|
* lib/asn1/check-der.c: make this build again
|
|
|
|
2002-08-22 Assar Westerlund <assar@kth.se>
|
|
|
|
* lib/asn1/der_get.c (der_get_int): handle len == 0. based on a
|
|
patch from Love <lha@stacken.kth.se>
|
|
|
|
2002-08-22 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
|
|
KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
|
|
|
|
* kdc/kdc.8: add blurb about adding and removing addresses; update
|
|
kdc.conf section to match reality
|
|
|
|
* configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
|
|
don't define it
|
|
|
|
2002-08-21 Assar Westerlund <assar@kth.se>
|
|
|
|
* lib/asn1/asn1_print.c: print OIDs too, based on a patch from
|
|
Love <lha@stacken.kth.se>
|
|
|
|
2002-08-21 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
|
|
since it might not exist, and we don't actually care about the key
|
|
|
|
2002-08-20 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/krb5.conf.5: correct documentation for
|
|
verify_ap_req_nofail
|
|
|
|
* lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
|
|
Mattias Amnefelt)
|
|
|
|
* kuser/klist.c (display_tokens): increase token buffer size, and
|
|
add more checks of the kernel data (from Love)
|
|
|
|
2002-08-19 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* fix-export: use make to parse Makefile.am instead of perl
|
|
|
|
* configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
|
|
groks AC_INIT with package name etc.
|
|
|
|
* kpasswd/kpasswdd.c: include <kadm5/private.h>
|
|
|
|
* lib/asn1/asn1_print.c: include com_right.h
|
|
|
|
* lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
|
|
|
|
* include/bits.c: define krb5_socklen_t type; this should really
|
|
go someplace else, but this was easy
|
|
|
|
* lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
|
|
fails, just warn about it
|
|
|
|
* kdc/log.c (kdc_openlog): no need for a config_file parameter
|
|
|
|
* kdc/config.c: just treat kdc.conf like any other config file
|
|
|
|
* lib/krb5/context.c (krb5_get_default_config_files): ignore
|
|
duplicate files
|
|
|
|
2002-08-16 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/krb5.h: turn strings into pointers, so we can assign to
|
|
them
|
|
|
|
* lib/krb5/constants.c: turn strings into pointers, so we can
|
|
assign to them
|
|
|
|
* lib/krb5/get_addrs.c (get_addrs_int): initialise res if
|
|
SCAN_INTERFACES is not set
|
|
|
|
* lib/krb5/context.c: fix various borked stuff in previous commits
|
|
|
|
2002-08-16 Jacques Vidrine <n@nectar.com>
|
|
|
|
* lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
|
|
the `admin_server' entry for kpasswd, override the `proto' result
|
|
to be UDP.
|
|
|
|
2002-08-15 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/auth_context.c: check return value of
|
|
krb5_sockaddr2address
|
|
|
|
* lib/krb5/addr_families.c: check return value of
|
|
krb5_sockaddr2address
|
|
|
|
* lib/krb5/context.c: get the default keytab from KRB5_KTNAME
|
|
|
|
2002-08-14 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
|
|
|
|
* lib/krb5/context.c: allow changing config files with the
|
|
function krb5_set_config_files, there are also related functions
|
|
krb5_get_default_config_files and krb5_free_config_files; these
|
|
should work similar to their MIT counterparts
|
|
|
|
* lib/krb5/config_file.c: allow the use of more than one config
|
|
file by using the new function krb5_config_parse_file_multi
|
|
|
|
2002-08-12 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* use sysconfdir instead of /etc
|
|
|
|
* configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
|
|
to appease automake; force sysconfdir and localstatedir to /etc
|
|
and /var/heimdal for now
|
|
|
|
* kdc/connect.c (addr_to_string): check return value of
|
|
sockaddr2address
|
|
|
|
2002-08-09 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/rd_cred.c: if the remote address isn't an addrport,
|
|
don't try comparing to one; this should make old clients work with
|
|
new servers
|
|
|
|
* lib/asn1/gen_decode.c: remove unused variable
|
|
|
|
2002-07-31 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
|
|
Brashear)
|
|
|
|
* lib/krb5/principal.c: actually lower case the lower case
|
|
instance name (spotted by Derrick Brashear)
|
|
|
|
2002-07-24 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* fix-export: if DATEDVERSION is set, change the version to
|
|
current date
|
|
|
|
* configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
|
|
LTLIBOBJS
|
|
|
|
2002-07-04 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/connect.c: add some cache-control-foo to the http responses
|
|
(from Gombas Gabor)
|
|
|
|
* lib/krb5/addr_families.c (krb5_print_address): don't copy size
|
|
if ret_len == NULL
|
|
|
|
2002-06-28 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kuser/klist.c (display_tokens): don't bail out before we get
|
|
EDOM (signaling the end of the tokens), the kernel can also return
|
|
ENOTCONN, meaning that the index does not exist anymore (for
|
|
example if the token has expired)
|
|
|
|
2002-06-06 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/changepw.c: make sure we return an error if there are
|
|
no changepw hosts found; from Wynn Wilkes
|
|
|
|
2002-05-29 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/cache.c (krb5_cc_register): break out of loop when the
|
|
same type is found; spotted by Wynn Wilkes
|
|
|
|
2002-05-28 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/keytab_file.c: check size of entry before trying to
|
|
read 32-bit kvno; also fix typo in previous
|
|
|
|
2002-05-24 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* include/Makefile.am: only add to INCLUDES
|
|
|
|
* lib/45/mk_req.c: fix for storage change
|
|
|
|
* lib/hdb/print.c: fix for storage change
|
|
|
|
2002-05-15 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/kerberos5.c: don't free encrypted padata until we're really
|
|
done with it
|
|
|
|
2002-05-07 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/kerberos5.c: when decrypting pa-data, try all keys matching
|
|
enctype
|
|
|
|
* kuser/kinit.1: document -a
|
|
|
|
* kuser/kinit.c: add command line switch for extra addresses
|
|
|
|
2002-04-30 Johan Danielsson <joda@blubb.pdc.kth.se>
|
|
|
|
* configure.in: remove some duplicate tests
|
|
|
|
* configure.in: use AC_HELP_STRING
|
|
|
|
2002-04-29 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
|
|
unknown
|
|
|
|
2002-04-25 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* configure.in: use rk_DESTDIRS
|
|
|
|
2002-04-22 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
|
|
the principal
|
|
|
|
2002-04-19 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/verify_init.c: fix typo in error string
|
|
|
|
2002-04-18 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* acconfig.h: remove some stuff that is defined elsewhere
|
|
|
|
* lib/krb5/krb5_locl.h: include <sys/file.h>
|
|
|
|
* lib/krb5/acl.c: rename acl_string parameter
|
|
|
|
* lib/krb5/Makefile.am: remove __P from protos, and put parameter
|
|
names in comments
|
|
|
|
* kuser/klist.c: better align some headers
|
|
|
|
* kdc/kerberos4.c: storage tweaks
|
|
|
|
* kdc/kaserver.c: storage tweaks
|
|
|
|
* kdc/524.c: storage tweaks
|
|
|
|
* lib/krb5/keytab_krb4.c: storage tweaks
|
|
|
|
* lib/krb5/keytab_keyfile.c: storage tweaks
|
|
|
|
* lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
|
|
sized keytab files
|
|
|
|
* lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
|
|
|
|
* lib/krb5/fcache.c: storage tweaks
|
|
|
|
* lib/krb5/store_mem.c: make the krb5_storage opaque, and add
|
|
function wrappers for store/fetch/seek, and also make the eof-code
|
|
configurable
|
|
|
|
* lib/krb5/store_fd.c: make the krb5_storage opaque, and add
|
|
function wrappers for store/fetch/seek, and also make the eof-code
|
|
configurable
|
|
|
|
* lib/krb5/store_emem.c: make the krb5_storage opaque, and add
|
|
function wrappers for store/fetch/seek, and also make the eof-code
|
|
configurable
|
|
|
|
* lib/krb5/store.c: make the krb5_storage opaque, and add function
|
|
wrappers for store/fetch/seek, and also make the eof-code
|
|
configurable
|
|
|
|
* lib/krb5/store-int.h: make the krb5_storage opaque, and add
|
|
function wrappers for store/fetch/seek, and also make the eof-code
|
|
configurable
|
|
|
|
* lib/krb5/krb5.h: make the krb5_storage opaque, and add function
|
|
wrappers for store/fetch/seek, and also make the eof-code
|
|
configurable
|
|
|
|
* include/bits.c: include <sys/socket.h> to get socklen_t
|
|
|
|
* kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
|
|
requested KDC-REQ etypes
|
|
|
|
* kdc/hpropd.c: constify
|
|
|
|
* kdc/hprop.c: constify
|
|
|
|
* kdc/string2key.c: constify
|
|
|
|
* kdc/kdc_locl.h: make port_str const
|
|
|
|
* kdc/config.c: constify
|
|
|
|
* lib/krb5/config_file.c: constify
|
|
|
|
* kdc/kstash.c: constify
|
|
|
|
* lib/krb5/verify_user.c: remove unnecessary cast
|
|
|
|
* lib/krb5/recvauth.c: constify
|
|
|
|
* lib/krb5/principal.c (krb5_parse_name): const qualify
|
|
|
|
* lib/krb5/mcache.c (mcc_get_name): constify return type
|
|
|
|
* lib/krb5/context.c (krb5_free_context): don't try to free the
|
|
ccache prefix
|
|
|
|
* lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
|
|
prefix
|
|
|
|
* lib/krb5/krb5.h: constify some struct members
|
|
|
|
* lib/krb5/log.c: constify
|
|
|
|
* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
|
|
qualify
|
|
|
|
* lib/krb5/get_in_tkt.c (krb5_init_etype): constify
|
|
|
|
* lib/krb5/crypto.c: constify some
|
|
|
|
* lib/krb5/config_file.c: constify
|
|
|
|
* lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
|
|
constify local variable
|
|
|
|
* lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
|
|
|
|
2002-04-17 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/verify_krb5_conf.c: add some log checking
|
|
|
|
* lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
|
|
|
|
2002-04-16 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/crypto.c (krb5_crypto_init): check that the key size
|
|
matches the expected length
|
|
|
|
2002-03-27 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/send_to_kdc.c: rename send parameter to send_data
|
|
|
|
* lib/krb5/mk_error.c: rename ctime parameter to client_time
|
|
|
|
2002-03-22 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
|
|
Reinoud Zandijk)
|
|
|
|
2002-03-18 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/asn1/k5.asn1: add the GSS-API checksum type here
|
|
|
|
2002-03-11 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
|
|
18:3:1
|
|
* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
|
|
* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
|
|
|
|
2002-03-10 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/rd_cred.c: handle addresses with port numbers
|
|
|
|
* lib/krb5/keytab_file.c, lib/krb5/keytab.c:
|
|
store the kvno % 256 as the byte and the complete 32 bit kvno after
|
|
the end of the current keytab entry
|
|
|
|
* lib/krb5/init_creds_pw.c:
|
|
handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
|
|
|
|
* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
|
|
handle ports giving for the remote address
|
|
|
|
* lib/krb5/get_cred.c:
|
|
get a ticket with no addresses if no-addresses is set
|
|
|
|
* lib/krb5/crypto.c:
|
|
rename functions DES_* to krb5_* to avoid colliding with modern
|
|
openssl
|
|
|
|
* lib/krb5/addr_families.c:
|
|
make all functions taking 'struct sockaddr' actually take a socklen_t
|
|
instead of int and that acts as an in-out parameter (indicating the
|
|
maximum length of the sockaddr to be written)
|
|
|
|
* kdc/kerberos4.c:
|
|
make the kvno's in the krb4 universe by the real one % 256, since they
|
|
cannot only be 8 bit, and the v5 ones are actually 32 bits
|
|
|
|
2002-02-15 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
|
|
before we need to write to it
|
|
(from Åke Sandgren)
|
|
|
|
2002-02-14 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
|
|
rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
|
|
directly
|
|
|
|
* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
|
|
Kouril)
|
|
|
|
2002-02-12 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/context.c (krb5_get_err_text): protect against NULL
|
|
context
|
|
|
|
2002-02-11 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* admin/ktutil.c: no need to use the "modify" keytab anymore
|
|
|
|
* lib/krb5/keytab_any.c: implement add and remove
|
|
|
|
* lib/krb5/keytab_krb4.c: implement add and remove
|
|
|
|
* lib/krb5/store_emem.c (emem_free): clear memory before freeing
|
|
(this should perhaps be selectable with a flag)
|
|
|
|
2002-02-04 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/config.c (get_dbinfo): if there are database specifications
|
|
in the config file, don't automatically try to use the default
|
|
values (from Gombas Gabor)
|
|
|
|
* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
|
|
(from Gombas Gabor)
|
|
|
|
2002-01-30 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* admin/list.c: get the default keytab from krb5.conf, and list
|
|
all parts of an ANY type keytab
|
|
|
|
* lib/krb5/context.c: default default_keytab_modify to NULL
|
|
|
|
* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
|
|
name is specified take it from the first component of the default
|
|
keytab name
|
|
|
|
2002-01-29 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/keytab.c: compare keytab types case insensitively
|
|
|
|
2002-01-07 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
|
|
not really a krb5_key_usage). From Ben Harris <bjh21@netbsd.org>
|
|
* lib/krb5/get_in_tkt.c: use krb5_enctype consistently. From Ben
|
|
Harris <bjh21@netbsd.org>
|
|
* lib/krb5/crypto.c: use krb5_enctype consistently. From Ben
|
|
Harris <bjh21@netbsd.org>
|
|
* kdc/kerberos5.c: use krb5_enctype consistently. From Ben Harris
|
|
<bjh21@netbsd.org>
|