1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
|
Sun Sep 10 12:00:00 1995 James Mattly (mattly@fusion.com)
* gen_seqnum.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday
* get_in_tkt.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday
* mk_priv.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday
* mk_req_ext.c: change usage of krb5_crypto_us_timeofday to krb5_timeofday
* send_tgs.c: change usage of krb5_timeofday over to krb5_crypto_us_timeofday
Wed Sept 6 12:00:00 EDT 1995 James Mattly (mattly@fusion.com)
* get_in_tkt.c: change usage of krb5_timeofday to krb5_crypto_us_timeofday
* mk_req_ext.c: change usage of timeofday
* parse.c: disabled a usage of exit for macintosh
* send_tgs.c: change usage of krb5_timeofday over to
krb5_crypto_us_timeofday
* unparse.c: include <stdio.h>
Fri Sep 1 11:16:43 EDT 1995 Paul Park (pjpark@mit.edu)
* ser_ctx.c - Add handling of new time offset fields in the os_context.
Tue Aug 29 14:14:26 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in, .Sanitize, ser_{actx,adata,addr,auth,cksum,ctx,eblk,key,
princ}.c, serialize.c, t_ser.c - Add serialization operations
for data structures required to serialize krb5_context, krb5_
auth_context, krb5_encrypt_block and krb5_principal.
* auth_con.h - Add magic number.
* auth_con.c - Add static routine to copy an address and use this
instead of the other code. Set the magic number when initing
an auth_context. Use krb5_free_address to release an address.
* init_ctx.c - Free the allocated serializers when releasing context.
* rd_rep.c - Copy the keyblock from the message instead of setting
a pointer into it.
Thu Aug 24 18:55:50 1995 Theodore Y. Ts'o <tytso@dcl>
* .Sanitize: Update file list.
Mon Aug 7 18:54:35 1995 Theodore Y. Ts'o <tytso@dcl>
* in_tkt_ktb.c (keytab_keyproc): If there is an error looking up
the key, make sure the keytab is closed as part of the
cleanup.
Fri Aug 4 22:04:08 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU>
* conv_princ.c: Add braces to initializer to shut up gcc -Wall
Fri Jul 7 16:31:06 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Find com_err in TOPLIBD.
* rd_safe.c - Use checksum verifier instead of doing it manually.
Thu Jul 6 17:31:40 1995 Tom Yu <tlyu@lothlorien.MIT.EDU>
* rd_safe.c (krb5_rd_safe_basic): Pass context to os_localaddr.
* rd_priv.c (krb5_rd_priv_basic): Pass context to os_localaddr.
* rd_cred.c (krb5_rd_cred_basic): Pass context to os_localaddr.
* get_in_tkt.c (krb5_get_in_tkt): Pass context to os_localaddr.
Wed July 5 15:52:31 1995 James Mattly <mattly@fusion.com>
* added condition for _MACINTOSH
Sun Jul 2 18:59:53 1995 Sam Hartman <hartmans@tertius.mit.edu>
* recvauth.c (krb5_recvauth): recvauth should send an error reply
if problem is not zero. Removed if that caused it to only send a
reply on success.
Fri Jun 16 22:11:21 1995 Theodore Y. Ts'o (tytso@dcl)
* get_in_tkt.c (krb5_get_in_tkt): Allow the credentials cache
argument to be optional; allow it to be NULL, meaning that
the credentials shouldn't be stored in a credentials cache.
Mon Jun 12 16:49:42 1995 Chris Provenzano (proven@mit.edu)
A couple bug reports/patches from Ed Phillips (flaregun@udel.edu)
* in_tkt_ktb.c (keytab_keyproc()): Fix memory leak.
* recvauth.c (krb5_recvauth()): Don't open a new rcache if
the auth_context already has one.
* auth_con.c (krb5_auth_con_free()): Close rcache is the
auth_context has one set.
* auth_con.c (krb5_auth_con_getrcache()): Return pointer
to the rcache set in the auth_context.
Sun Jun 11 12:31:39 1995 Ezra Peisach (epeisach@kangaroo.mit.edu)
* auth_con.c (krb5_auth_con_init): Zero newly allocated
krb5_auth_context. (Fixed error in redefinitions).
Sat Jun 10 23:05:51 1995 Tom Yu (tlyu@dragons-lair)
* auth_con.c, compat_recv.c, mk_cred.c, mk_priv.c, mk_rep.c,
mk_req.c, mk_req_ext.c, mk_safe.c, rd_cred.c, rd_priv.c,
rd_rep.c, rd_req.c rd_req_dec.c, rd_safe.c, recvauth.c,
sendauth.c: krb5_auth_context redefinitions
Fri Jun 9 18:48:43 1995 <tytso@rsx-11.mit.edu>
* rd_req_dec.c (krb5_rd_req_decoded): Fix -Wall nits
* configure.in: Remove standardized set of autoconf macros, which
are now handled by CONFIG_RULES.
* Makefile.in, faddr_ordr.c: Remove faddr_ordr.c; its function,
krb5_fulladdr_order, isn't used anywhere.
Fri Jun 9 02:42:54 1995 Tom Yu (tlyu@dragons-lair)
* rd_cred.c (krb5_rd_cred_basic): fix typo (extra "context"
argument passed to krb5_xfree)
Thu Jun 8 22:48:27 1995 Theodore Y. Ts'o <tytso@dcl>
* rd_cred.c (krb5_rd_cred_basic): Fix problem where the ticket
field was assigned with a krb5_data, which was then
immediately freed.
Thu Jun 8 16:06:44 1995 <tytso@rsx-11.mit.edu>
* compat_recv.c, auth_con.c, chk_trans.c, encrypt_tk.c,
gc_frm_kdc.c, gc_via_tkt.c, gen_seqnum.c, gen_subkey.c,
get_creds.c, get_in_tkt.c, in_tkt_ktb.c, in_tkt_pwd.c,
in_tkt_skey.c, init_ctx.c, kdc_rep_dc.c, mk_cred.c,
mk_error.c, mk_priv.c, mk_rep.c, mk_req.c, mk_req_ext.c,
mk_cred.c, mk_safe.c, parse.c, preauth.c, rd_cred.c,
rd_rep.c, rd_req.c, rd_req_dec.c, rd_safe.c, recvauth.c,
sendauth.c, send_tgs.c, srv_rcache.c, walk_rtree.c: Clean
up GCC -Wall flames.
Wed Jun 7 15:23:21 1995 <tytso@rsx-11.mit.edu>
* conv_princ.c (krb5_425_conv_principal): Remove old CONFIG_FILES
code.
Fri May 26 10:18:28 1995 Keith Vetter (keithv@fusion.com)
* makefile.in: removed for the PC creating shared directory.
(still bug with the '@SHARED_RULE@' line but I'm waiting
on tytso for that since I don't want to break Unix).
Thu May 25 09:58:42 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* gc_via_tkt.c (krb5_kdcrep2creds): Fix syntax error in the
freeing of the keyblock.
Wed May 24 18:19:17 1995 Theodore Y. Ts'o (tytso@dcl)
* Makefile.in, configure.in: Add rules for building shared library.
* gc_via_tkt.c (krb5_kdcrep2creds): On an error, free the keyblock.
Tue May 23 16:28:42 1995 Theodore Y. Ts'o (tytso@dcl)
* gc_frm_kdc.c, preauth.c, t_kerb.c, t_walk_rtree.c, unparse.c:
Rearrange #include files so that krb5.h gets included
first, so that the debugging information can be more
efficiently collapsed since the type numbers will be the
same.
Sat May 20 14:01:16 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* rd_safe.c (krb5_rd_safe): Increment remote_seq_number if
KRB5_AUTH_CONTEXT_DO_SEQUENCE is set.
Thu May 11 22:42:30 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* rd_cred.c (krb5_rd_cred_basic): If address don't match, return
KRB5KRB_AP_ERR_BADADDR (add missing retval).
Thu May 11 18:30:21 1995 Chris Provenzano (proven@mit.edu)
* mk_cred.c (krb5_mk_cred()), mk_priv.c (krb5_mk_priv()),
* mk_safe.c (krb5_mk_safe()), rd_cred.c (krb5_rd_cred()),
* rd_priv.c (krb5_rd_prev()), rd_safe.c (krb5_rd_safe()):
Pass the contents pointer returned from krb5_make_fulladdr()
to free() not the address of the pointer.
Tue May 9 08:34:21 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* Makefile.in (clean): Remove t_kerb and t_kerb.o
Fri May 5 00:06:24 1995 Theodore Y. Ts'o (tytso@dcl)
* conv_princ.c (krb5_425_conv_principal): Use new calling
convention of krb5_get_realm_domain, which is that it
returns the realm *without* the leading dot.
Also use the profile code to look up individual instance
conversions using [realms]/<realm>/v4_instance_convert/<inst>
This allows special case handling of mit.edu and
lithium.lcs.mit.edu.
* t_kerb.c: New file for testing krb library functions. Currently
only tests krb5_425_conv_principal.
Wed May 03 03:30:51 1995 Chris Provenzano (proven@mit.edu)
* recvauth.c, compat_recv.c (krb5_recvauth()):
* compat_recv.c (krb5_compat_recvauth()):
No longer needs the rc_type arg.
Tue May 02 19:29:18 1995 Chris Provenzano (proven@mit.edu)
* mk_cred.c (mk_cred()), mk_priv.c (mk_priv()), mk_safe.c (mk_safe()),
* rd_cred.c (rd_cred()), rd_priv.c (rd_priv()), rd_safe.c (rd_safe()):
Don't call krb5_make_fulladdrs() if a port isn't specified.
Mon May 01 15:56:32 1995 Chris Provenzano (proven@mit.edu)
* auth_con.c (krb5_auth_con_free()) :
Free all the data associated with the auth_context.
* auth_con.c (krb5_auth_con_setkey()) : Removed.
* mk_rep.c (mk_rep()),
The krb5_mk_rep() routine must always encode the data in
the keyblock of the ticket, not the subkey.
* cleanup.h, auth_con.c (krb5_auth_con_setports()) : Added.
* auth_con.h, mk_cred.c (mk_cred()), mk_priv.c (mk_priv()),
* mk_safe.c (mk_safe()), rd_cred.c (rd_cred()),
* rd_priv.c (rd_priv()), rd_safe.c (rd_safe()) :
Changes to auth_context to better support full addresses.
Sat Apr 29 00:09:40 1995 Theodore Y. Ts'o <tytso@dcl>
* srv_rcache.c (krb5_get_server_rcache): Fix fencepost error which
caused an access beyond the allocated memory of piece->data.
* rd_priv.c (krb5_rd_priv_basic): Call krb5_free_priv_enc_part to free
the entire privenc_msg structure.
Fri Apr 28 09:54:51 EDT 1995 Paul Park (pjpark@mit.edu)
Move adm_rw.c from libkrb5 to libkadm.
Fri Apr 28 08:36:03 1995 Theodore Y. Ts'o <tytso@lurch.mit.edu>
* init_ctx.c (krb5_free_context): Extra semicolon meant the etypes
field in the context was never being freed.
Fri Apr 28 01:44:51 1995 Chris Provenzano (proven@mit.edu)
* send_tgs.c (krb5_send_tgs()), gc_via_tkt.c (krb5_get_cred_via_tkt()):
Removed krb5_cksumtype argument.
Thu Apr 27 21:36:01 1995 Chris Provenzano (proven@mit.edu)
* auth_con.c (krb5_auth_con_getaddrs() and krb5_auth_con_getflags()):
Added for completeness.
* mk_req_ext.c (krb5_mk_req_extended()) : Don't send the
AP_OPTS_USE_SUBKEY option over the wire.
Thu Apr 27 17:40:20 1995 Keith Vetter (keithv@fusion.com)
* adm_rw.c, mk_cred.c, rd_cred.c:
malloc on the PC must be size SIZE_T not int32.
* adm_rw.c: krb5_free_adm_data second argument now a krb5_int32.
Thu Apr 27 16:33:17 EDT 1995 Paul Park (pjpark@mit.edu)
* mk_priv.c - Back out previous change which always put in
timestamp, regardless of DO_TIME setting and
instead, clear out the replaydata before calling
mk_priv_basic from mk_priv.
* mk_safe.c - Same replaydata fix.
Thu Apr 26 15:59:51 EDT 1995 Paul Park (pjpark@mit.edu)
* Add adm_rw.c - routines to read and write commands from/to the
administrative (kpasswd/kadmin) server.
Wed Apr 27 11:30:00 1995 Keith Vetter (keithv@fusion.com)
* init_ctx.c: krb5_init_context wasn't checking return values.
* mk_req.c: deleted unused local variable.
Wed Apr 26 22:49:18 1995 Chris Provenzano (proven@mit.edu)
* gc_via_tgt.c, and gc_2tgt.c : Removed.
* Makefile.in, gc_via_tkt.c, gc_frm_kdc.c, and, int-proto.h :
Replaced get_cred_via_tgt() and get_cred_via_2tgt()
with more general function get_cred_via_tkt().
Tue Apr 25 21:58:23 1995 Chris Provenzano (proven@mit.edu)
* Makefile.in : Added gc_via_tkt.c and removed get_fcreds.c
* auth_con.c (krb5_auth_con_setaddrs()) : Fixed so it allocates
space and copies addresses, not just pointer.
* mk_cred.c: Completely rewritten from sources donated by asriniva.
* rd_cred.c: Completely rewritten from sources donated by asriniva.
* mk_priv.c (krb5_mk_priv()), mk_safe.c (krb5_mk_safe()),
rd_priv.c (krb5_rd_priv()), and rd_safe (krb5_rd_safe()) :
Try using a subkey before using the session key for encryption.
* recvauth.c (krb5_recvauth()): Don't close the rcache on success.
Mon Apr 24 23:12:21 1995 Theodore Y. Ts'o <tytso@dcl>
* Makefile.in, configure.in (t_walk_rtree): Add WITH_NETLIBS and
$(LIBS), so that t_walk_rtree can compile under solaris.
Mon Apr 24 17:09:36 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* parse.c (krb5_parse_name): Add magic number to new structure
* get_creds.c: Fix comments describing operation
* gc_frm_kdc.c: Fix comments describing operation
* copy_cksum.c (krb5_copy_checksum): Fix comment in file
* copy_addrs.c (krb5_append_addresses): ifdef out unused
krb5_append_addresses function. (no API or prototype
existed).
* copy_data.c (krb5_copy_data): Initialize magic number
* init_ctx.c (krb5_init_context): If an error is returned from
krb5_set_default_in_tkt_etypes or krb5_os_init_context,
pass to caller instead of stack garbage.
Sat Apr 22 11:06:45 1995 Ezra Peisach (epeisach@kangaroo.mit.edu)
* Makefile.in: t_walk_rtree needs libcrypto
* t_walk_rtree.c: error in checking for argument count
Thu Apr 20 16:23:23 1995 Theodore Y. Ts'o (tytso@dcl)
* copy_addrs.c, copy_athctr.c, copy_auth.c, copy_cksum.c,
copy_creds.c, copy_key.c, copy_princ.c, copy_tick.c,
gc_2tgt.c, gc_frm_kdc.c, gc_via_tgt.c, get_creds.c,
mk_req_ext.c: Unless HAVE_C_STRUCTURE_ASSIGNMENT is defined, use
memcpy to copy structures around, instead of using
structure assignments. (Which aren't guaranteed to work
on some broken compilers.)
* mk_req.c (krb5_mk_req): Use krb5_sname_to_principal() in order
to create the service principal from the service and
hostname pair. This allows for the host cannoncialization
to work correctly.
* mk_req_ext.c (krb5_mk_req_extended): Revamp checksum handling
code so that no checksum is performed in in_data is NULL,
and the special case handing of cksumtype == 0x8003 for
the GSSAPI library is handled correctly.
Wed Apr 19 13:39:34 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* init_ctx.c: (krb5_init_context) initialize context default
realm. (krb5_free_context) free default realm.
Fri Apr 14 15:05:51 1995 <tytso@rsx-11.mit.edu>
* sendauth.c (krb5_sendauth): initialize error return parameter
* copy_princ.c (krb5_copy_principal): Fix bug where
krb5_copy_principal can fail if it is asked to copy a
principal with a zero-length component on a system where
malloc(0) returns null.
Thu Apr 13 15:49:16 1995 Keith Vetter (keithv@fusion.com)
* *.[ch]: removed unneeded INTERFACE from non-api functions.
Fri Mar 31 16:45:47 1995 Keith Vetter (keithv@fusion.com)
* krb5_get_in_tkt: changed error return value for when clocks
are out of skew to be KRB5_KDCREP_SKEW.
Fri Mar 31 00:44:26 1995 Theodore Y. Ts'o (tytso@dcl)
* rd_req.c (krb5_rd_req): Fix typo which caused new_keytab to not
get freed, causing a memory leak.
Thu Mar 30 15:49:27 1995 Keith Vetter (keithv@fusion.com)
* rd_req.c: removed unused local variable.
Tue Mar 28 18:34:20 1995 John Gilmore (gnu at toad.com)
* rd_req_sim.c: Really remove the file.
Mon Mar 27 08:34:49 1995 Chris Provenzano (proven@mit.edu)
* Makefile.in: Removed rd_req_sim.c
* auth_con.c: Default cksumtype is now CKSUMTYPE_RSA_MD4_DES.
* auth_con.c: Added krb5_auth_con_setuseruserkey(),
krb5_auth_con_getkey(),
krb5_auth_con_getremotesubkey(),
krb5_auth_con_getauthenticator(),
krb5_auth_con_getremoteseqnumber(),
krb5_auth_con_initivector().
* auth_con.c: Fixed krb5_auth_con_getlocalsubkey() to check for
a valid local_subkey before calling krb5_copy_keyblock().
* auth_con.h: Fixed some comments.
* mk_req_ext.c (krb5_mk_req_extended()): Always pass in a seed
(the keyblock contents) to krb5_calculate_checksum()
* rd_rep.c (krb5_rd_rep()): Use appropriate key to decode reply.
* rd_safe.c (krb5_rd_safe()): Don't pass checksum to
krb5_rd_safe_basic(), it's unnecessary.
* compat_recv.c (krb5_compat_recvauth()):
* mk_rep.c (krb5_mk_rep()):
* rd_req.c (krb5_rd_req()):
* rd_req_dec.c (krb5_rd_req_decode()):
* recvauth.c (krb5_recvauth()):
Added a krb5_auth_context argument and eliminated many of
the other arguments because they are included in the
krb5_auth_context structure.
Tue Mar 21 19:22:51 1995 Keith Vetter (keithv@fusion.com)
* mk_safe.c: fixed signed/unsigned mismatch.
* rd_safe.c: removed unused local variable currentime.
* mk_req_e.c: fixed signed/unsigned mismatch.
Sat Mar 18 18:58:02 1995 John Gilmore (gnu at toad.com)
* bld_pr_ext.c, bld_princ.c: Replace STDARG_PROTOTYPES with
HAVE_STDARG_H for consistency.
Fri Mar 17 19:48:07 1995 John Gilmore (gnu at toad.com)
* Makefile.in (check-mac): Add.
* compat_recv.c, get_fcreds.c, recvauth.c: Eliminate Unix socket
#includes, which are now handled by k5-int.h (via k5-config.h).
* conv_princ.c: Rename variable "comp" to another name; "comp"
apparently bothers the MPW compiler...
* rd_cred.c: Avoid (void) casts of void functions, for MPW.
* t_walk_rtree.c: Put com_err.h after k5_int for <sys/types> stuff.
(main): Declare and initialize the krb5_context that's being
passed to everything.
Fri Mar 10 10:58:59 1995 Chris Provenzano (proven@mit.edu)
* auth_con.h auth_con.c Added for krb5_auth_con definition and
support routines.
* mk_req.c (krb5_mk_req())
* mk_req_ext.c (krb5_mk_req_extended())
* rd_rep.c (krb5_rd_rep())
* sendauth.c (krb5_sendauth())
* mk_priv.c (krb5_mk_priv())
* mk_safe.c (krb5_mk_safe())
* rd_priv.c (krb5_rd_priv())
* rd_safe.c (krb5_rd_safe())
Added a krb5_auth_context argument and eliminated many of
the other arguments because they are included in the
krb5_auth_context structure.
* send_tgs.c (krb5_send_tgs()) Eliminate call to krb5_mk_req_extended(),
which does far more than krb5_send_tgs() needs.
Tue Mar 7 19:57:34 1995 Mark Eichin <eichin@cygnus.com>
* configure.in: take out ISODE_INCLUDE.
Tue Mar 7 13:20:06 1995 Keith Vetter (keithv@fusion.com)
* Makefile.in: changed library name on the pc.
* parse.c: disabled for the PC error messages to stderr.
* chk_trans.c: fixed signed/unsigned assignment.
Thu Mar 2 11:45:00 1995 Keith Vetter (keithv@fusion.com)
* compat_recv.c, get_fcre.c, recvauth.c, sendauth.c: changed
NEED_WINSOCK_H to NEED_SOCKETS.
Wed Mar 1 20:15:00 1995 Keith Vetter (keithv@fusion.com)
* compat_r.c, copy_pri.c, get_fcre.c, get_in_t.c, init_ctx.c, in_tkt_p.c
in_tkt_s.c, preauth.c, princ_co.c, pr_to_sa.c, rd_req_d.c, recvauth.c
sendauth.c, send_tgs.c, unparse.c: 16 vs 32 bit casts, removed some
unused local variables, and pulled in winsock.h for network byte
ordering.
Tue Feb 28 01:14:57 1995 John Gilmore (gnu at toad.com)
* *.c: Avoid <krb5/...> includes.
* parse.c: Exdent #ifndef to left margin for old compilers.
Wed Feb 22 17:14:31 1995 Keith Vetter (keithv@fusion.com)
* walk_rtr.c (krb5_walk_realm_tree): formal parameter wasn't declared.
* send_tgs.c: const in wrong place in the prototype.
* get_in_tkt.c, preauth.c, rd_cred.c, rd_priv.c, rd_req_dec.c,
rd_safe.c: needed a 32 bit abs() function.
* parse.c: removed call to fprintf on error the windows version
* send_auth.c: defined for windows the ECONNABORTED errno (will
be removed when the socket layer is fully implemented).
Tue Feb 21 23:38:34 1995 Theodore Y. Ts'o (tytso@dcl)
* mk_cred.c (krb5_mk_cred): Fix argument type to
krb5_free_cred_enc_part().
Mon Feb 13 20:25:20 1995 Theodore Y. Ts'o (tytso@dcl)
* get_in_tkt.c (krb5_get_in_tkt): Fix memory leak --- the default
encryption types was not being freed.
Fri Feb 10 15:45:59 1995 Theodore Y. Ts'o <tytso@dcl>
* rd_req.c (krb5_rd_req): Remove ISODE cruft.
Thu Feb 9 17:43:04 1995 Theodore Y. Ts'o <tytso@dcl>
* gc_via_tgt.c (krb5_get_cred_via_tgt): Set up the keyblock's
etype field correctly (after copying the keyblock, so it
doesn't get overwritten!)
Mon Feb 06 17:19:04 1995 Chris Provenzano (proven@mit.edu)
* get_in_tkt.c (krb5_get_in_tkt())
* in_tkt_sky.c (krb5_get_in_tkt_with_skey())
* in_tkt_pwd.c (krb5_get_in_tkt_with_password())
Removed krb5_keytype, changed krb5_enctype to krb5_enctype *,
changed krb5_preauthtype to krb5_preauthtype *.
Changed the args to the key_proc arg of krb5_get_in_tkt()
to be the following (krb5_context, const krb5_keytype,
krb5_data *, krb5_const_pointer, krb5_keyblock **)
* in_tkt_ktb.c (krb5_get_in_tkt_with_keytab()) Added this routine
to replace krb5_get_in_tkt_with_skey() in kinit.
* Makefile.in Added new source file in_tkt_ktb.c.
Fri Feb 3 16:41:19 1995 Mark Eichin (eichin@cygnus.com)
* get_in_tkt.c (krb5_get_in_tkt): also check for the version
number of the reply being whatever we had in the first byte of the
request.
Fri Feb 3 08:07:55 1995 Theodore Y. Ts'o (tytso@dcl)
* compat_recv.c (krb_v4_recvauth): Use explicit 32 bit types so
this will work on an Alpha.
Fri Feb 3 00:43:48 1995 Tom Yu (tlyu@dragons-lair)
* get_in_tkt.c (krb5_get_in_tkt): fix typo
Thu Feb 2 20:51:55 1995 Mark Eichin (eichin@cygnus.com)
* get_in_tkt.c (krb5_get_in_tkt): if krb5_is_as_rep fails, check
if the packet might be a V4 error packet. Use modified V4 check so
that it compiles under SCO.
Mon Jan 30 15:46:14 1995 Chris Provenzano (proven@mit.edu)
* int-proto.h Update prototypes for krb5_get_cred_via_tgt(), and
krb5_get_cred_via_2tgt().
* get_fcreds.c (krb5_get_for_creds())
* gc_via_tgt.c (krb5_get_cred_via_tgt())
* gc_2tgt.c (krb5_get_cred_via_2tgt())
Removed krb5_enctype argument. Pass NULL list of encryption
types to krb5_send_tgs to get default encryption types.
* gc_frm_kdc.c Removed krb5_enctype argument passed to
krb5_get_cred_via_tgt()
* send_tgs.c (krb5_send_tgs()) Changed krb5_enctype arg to
krb5_enctype *, a NULL terminated array of encryption
types. If argument is NULL then krb5_send_tgs() will
use defaul list of encryption types.
* send_tgs.c (krb5_send_tgs()) To encrypt request ticket use
usecred->keyblock.etype instead of (and now defunct)
krb5_enctype arg.
* init_ctx.c Added krb5_set_default_in_tkt_etypes() and
krb5_get_default_in_tkt_etypes().
* rd_req.c, rd_req_decode.c Removed typedef for rdreq_key_proc
and use krb5_rd_req_decoded in its place.
Mon Jan 30 11:26:05 1995 Chris Provenzano (proven@mit.edu)
* get_fcreds.c Really needs #include<krb5/asn1.h> for definition
of krb5_is_krb_error()
Sat Jan 28 14:45:55 1995 Chris Provenzano (proven@mit.edu)
* in_tkt_sky.c (skey_keyproc()), rd_req_dec.c (krb5_rd_req_decoded())
use new API for krb5_kt_get_entry.
Fri Jan 27 15:45:45 1995 Chris Provenzano (proven@mit.edu)
* get_fcreds.c Removed #include<krb5/crc-32.h> and #include<krb5/asn1.h>
Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu)
* Removed all narrow types and references to wide.h and narrow.h
Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
* Added krb5_context to all krb5_routines
Mon Dec 19 21:55:44 1994 Theodore Y. Ts'o (tytso@dcl)
* init_ctx.c: New file. Initializes and frees the krb5_context
structure.
Wed Dec 7 17:52:08 1994 <tytso@localhost>
* rd_req_dec.c (decrypt_authenticator): If the subkey doesn't
exist, don't try to set the subkey's etype.
Wed Nov 30 17:10:39 1994 Theodore Y. Ts'o (tytso@dcl)
* bld_princ.c (krb5_build_principal_va): Set the principal's type
and magic number.
* Makefile.in: Build new test driver (t_walk_rtree) for
krb5_walk_realm_tree.
* walk_realm_tree.c (krb5_walk_realm_tree): Fix bug which occured
when the client or the server is a subdomain of the other;
walk_realm_tree would return the wrong answer, and suffer
from memory access errors.
* unparse.c (krb5_unparse_name_ext): Quote the '/' and '@'
characters properly.
* configure.in: Add appropriate help text for the --with-krb4
option. Remove ISODE_DEFS call, since ISODE_INCLUDES now
defines ISODE automatically.
Mon Nov 21 15:30:07 1994 Theodore Y. Ts'o (tytso@dcl)
* mk_req_ext.c (krb5_mk_req_extended): Sanitize how memory is
freed in both error and normal cases, to remove memory
leaks.
* mk_req_ext.c (krb5_mk_req_extended): Use the encryption type
specified by the ticket to generate the authenticator.
* encode_kdc.c (krb5_encode_kdc_rep): Now requires that the
caller pass in the encryption block to be used for
encrpyting the ticket. That way, this routine doesn't
need to create its own encryption block.
* encrypt_tk.c (krb5_encrypt_tkt_part): Now requires that the
caller pass in the encryption block to be used for
encrpyting the ticket. That way, this routine doesn't
need to create its own encryption block.
Fri Nov 18 17:30:44 1994 Theodore Y. Ts'o (tytso@dcl)
* mk_req_ext.c (krb5_mk_req_extended): Encrypt the authenticator
using the same encryption system used to encrypt the ticket.
Thu Nov 17 01:56:05 1994 Theodore Y. Ts'o (tytso@dcl)
* gc_via_tgt.c (krb5_get_cred_via_tgt):
* gc_2tgt.c (krb5_get_cred_via_2tgt): Set the encryption type of
the session keyblock to be the type used to encrypt the
ticket.
Fri Nov 11 01:20:22 1994 Theodore Y. Ts'o (tytso@dcl)
* get_in_tkt.c (krb5_get_in_tkt): Set the encryption type of the
session keyblock to be the type used to encrypt the
ticket.
Thu Nov 10 23:56:43 1994 Theodore Y. Ts'o (tytso@dcl)
* rd_rep.c (krb5_rd_rep): Set the encryption type in
the subkey keyblock to be the encryption type used to
encrypt the rd_rep message.
* decrypt_tk.c (krb5_decrypt_tkt_part): Set the encryption type in
the session keyblock to be the encryption type used to
encrypt the ticket.
* rd_req_dec.c (decrypt_authenticator): Set the encryption type in
the subkey keyblock to be the encryption type used to
encrypt the authenticator.
Tue Nov 8 17:09:48 1994 Theodore Y. Ts'o (tytso@dcl)
* in_tkt_pwd.c (pwd_keyproc): Use the documented interface for
calling krb5_string_to_key().
Tue Oct 25 23:34:57 1994 Theodore Y. Ts'o (tytso@dcl)
* srv_rcache.c (krb5_get_server_rcache): Added missing continue so
that we don't copy both the unprintable character as well
as the quoted version of it.
Mon Oct 24 15:50:19 1994 Theodore Y. Ts'o (tytso@dcl)
* configure.in: If KRB4 is defined, define KRB5_KRB4_COMPAT for
compat_recv.c.
Thu Oct 13 17:26:28 1994 Theodore Y. Ts'o (tytso@maytag)
* configure.in: Add ISODE_DEFS
Tue Oct 4 16:29:19 1994 Theodore Y. Ts'o (tytso@dcl)
* in_tkt_sky.c (skey_keyproc):
* in_tkt_pwd.c (pwd_keyproc): Add widen.h and narrow.h includes
around pwd_keyproc, so that the keyproc input arguments
are appropriately widened.
Fri Sep 30 21:58:15 1994 Theodore Y. Ts'o (tytso@dcl)
* preauth.c (preauth_systems): Add placeholder for magic number
Thu Sep 29 15:31:10 1994 Theodore Y. Ts'o (tytso@dcl)
* srv_rcache.c (krb5_get_server_rcache): cachename was not being
properly null-terminated.
* get_in_tkt.c (krb5_get_in_tkt): Return KRB5_IN_TKT_REALM_MISATCH
if the client and server realms don't match. Return
KRB5_KDCREP_SKEW if the KDC reply has an unacceptible
clock skew (instead of KDCREP_MODIFIED.)
* gc_via_tgt.c (krb5_get_cred_via_tgt): Use a distinct error code
for KDC skew separate from the standard KDCREP_MODIFIED
* princ_comp.c (krb5_realm_compare): Added new function from
OpenVision.
Wed Sep 21 17:57:35 1994 Theodore Y. Ts'o (tytso@dcl)
* rd_req_dec.c (krb5_rd_req_decoded): Added Changes from Cybersafe
to do transited realm path checking.
* chk_trans.c: Added donated module from CyberSafe. It checks to
see if a transited path is a legal one between two realms.
Thu Sep 15 11:08:39 1994 Theodore Y. Ts'o (tytso@dcl)
* rd_req_sim.c (krb5_rd_req_simple): Use krb5_rd_req instead of
krb5_rd_req_decoded, to eliminate some code duplication.
Sat Aug 20 01:43:43 1994 Theodore Y. Ts'o (tytso at tsx-11)
* mk_req_ext.c (krb5_generate_authenticator): Fix pointer aliasing
problem between newkey and authent->subkey.
Wed Aug 17 17:58:22 1994 Theodore Y. Ts'o (tytso at tsx-11)
* encode_kdc.c (krb5_encode_kdc_rep): Pass in to
encode_krb5_enc_kdc_rep_part the msg_type which should be used.
Old versions of Kerberos always assume TGS_REP; this merely allows
the right msg_type to be passed down to the encoding routines.
For now, the encoding routines will ignore this value and do
things the old way, for compatibility's sake.
Mon Aug 8 22:38:16 1994 Theodore Y. Ts'o (tytso at tsx-11)
* preauth.c: Renamed preauthentication mechanism names to match
what bcn and I agreed upon.
Tue Jun 28 19:35:07 1994 Tom Yu (tlyu at dragons-lair)
* decode_kdc.c: folding in Harry's changes
* rd_req.c: ditto
* rd_req_sim.c: ditto
* configure.in: adding ISODE_DEFS
|
