1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
|
Tue Feb 28 01:14:57 1995 John Gilmore (gnu at toad.com)
* *.c: Avoid <krb5/...> includes.
* parse.c: Exdent #ifndef to left margin for old compilers.
Wed Feb 22 17:14:31 1995 Keith Vetter (keithv@fusion.com)
* walk_rtr.c (krb5_walk_realm_tree): formal parameter wasn't declared.
* send_tgs.c: const in wrong place in the prototype.
* get_in_tkt.c, preauth.c, rd_cred.c, rd_priv.c, rd_req_dec.c,
rd_safe.c: needed a 32 bit abs() function.
* parse.c: removed call to fprintf on error the windows version
* send_auth.c: defined for windows the ECONNABORTED errno (will
be removed when the socket layer is fully implemented).
Tue Feb 21 23:38:34 1995 Theodore Y. Ts'o (tytso@dcl)
* mk_cred.c (krb5_mk_cred): Fix argument type to
krb5_free_cred_enc_part().
Mon Feb 13 20:25:20 1995 Theodore Y. Ts'o (tytso@dcl)
* get_in_tkt.c (krb5_get_in_tkt): Fix memory leak --- the default
encryption types was not being freed.
Fri Feb 10 15:45:59 1995 Theodore Y. Ts'o <tytso@dcl>
* rd_req.c (krb5_rd_req): Remove ISODE cruft.
Thu Feb 9 17:43:04 1995 Theodore Y. Ts'o <tytso@dcl>
* gc_via_tgt.c (krb5_get_cred_via_tgt): Set up the keyblock's
etype field correctly (after copying the keyblock, so it
doesn't get overwritten!)
Mon Feb 06 17:19:04 1995 Chris Provenzano (proven@mit.edu)
* get_in_tkt.c (krb5_get_in_tkt())
* in_tkt_sky.c (krb5_get_in_tkt_with_skey())
* in_tkt_pwd.c (krb5_get_in_tkt_with_password())
Removed krb5_keytype, changed krb5_enctype to krb5_enctype *,
changed krb5_preauthtype to krb5_preauthtype *.
Changed the args to the key_proc arg of krb5_get_in_tkt()
to be the following (krb5_context, const krb5_keytype,
krb5_data *, krb5_const_pointer, krb5_keyblock **)
* in_tkt_ktb.c (krb5_get_in_tkt_with_keytab()) Added this routine
to replace krb5_get_in_tkt_with_skey() in kinit.
* Makefile.in Added new source file in_tkt_ktb.c.
Fri Feb 3 16:41:19 1995 Mark Eichin (eichin@cygnus.com)
* get_in_tkt.c (krb5_get_in_tkt): also check for the version
number of the reply being whatever we had in the first byte of the
request.
Fri Feb 3 08:07:55 1995 Theodore Y. Ts'o (tytso@dcl)
* compat_recv.c (krb_v4_recvauth): Use explicit 32 bit types so
this will work on an Alpha.
Fri Feb 3 00:43:48 1995 Tom Yu (tlyu@dragons-lair)
* get_in_tkt.c (krb5_get_in_tkt): fix typo
Thu Feb 2 20:51:55 1995 Mark Eichin (eichin@cygnus.com)
* get_in_tkt.c (krb5_get_in_tkt): if krb5_is_as_rep fails, check
if the packet might be a V4 error packet. Use modified V4 check so
that it compiles under SCO.
Mon Jan 30 15:46:14 1995 Chris Provenzano (proven@mit.edu)
* int-proto.h Update prototypes for krb5_get_cred_via_tgt(), and
krb5_get_cred_via_2tgt().
* get_fcreds.c (krb5_get_for_creds())
* gc_via_tgt.c (krb5_get_cred_via_tgt())
* gc_2tgt.c (krb5_get_cred_via_2tgt())
Removed krb5_enctype argument. Pass NULL list of encryption
types to krb5_send_tgs to get default encryption types.
* gc_frm_kdc.c Removed krb5_enctype argument passed to
krb5_get_cred_via_tgt()
* send_tgs.c (krb5_send_tgs()) Changed krb5_enctype arg to
krb5_enctype *, a NULL terminated array of encryption
types. If argument is NULL then krb5_send_tgs() will
use defaul list of encryption types.
* send_tgs.c (krb5_send_tgs()) To encrypt request ticket use
usecred->keyblock.etype instead of (and now defunct)
krb5_enctype arg.
* init_ctx.c Added krb5_set_default_in_tkt_etypes() and
krb5_get_default_in_tkt_etypes().
* rd_req.c, rd_req_decode.c Removed typedef for rdreq_key_proc
and use krb5_rd_req_decoded in its place.
Mon Jan 30 11:26:05 1995 Chris Provenzano (proven@mit.edu)
* get_fcreds.c Really needs #include<krb5/asn1.h> for definition
of krb5_is_krb_error()
Sat Jan 28 14:45:55 1995 Chris Provenzano (proven@mit.edu)
* in_tkt_sky.c (skey_keyproc()), rd_req_dec.c (krb5_rd_req_decoded())
use new API for krb5_kt_get_entry.
Fri Jan 27 15:45:45 1995 Chris Provenzano (proven@mit.edu)
* get_fcreds.c Removed #include<krb5/crc-32.h> and #include<krb5/asn1.h>
Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu)
* Removed all narrow types and references to wide.h and narrow.h
Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
* Added krb5_context to all krb5_routines
Mon Dec 19 21:55:44 1994 Theodore Y. Ts'o (tytso@dcl)
* init_ctx.c: New file. Initializes and frees the krb5_context
structure.
Wed Dec 7 17:52:08 1994 <tytso@localhost>
* rd_req_dec.c (decrypt_authenticator): If the subkey doesn't
exist, don't try to set the subkey's etype.
Wed Nov 30 17:10:39 1994 Theodore Y. Ts'o (tytso@dcl)
* bld_princ.c (krb5_build_principal_va): Set the principal's type
and magic number.
* Makefile.in: Build new test driver (t_walk_rtree) for
krb5_walk_realm_tree.
* walk_realm_tree.c (krb5_walk_realm_tree): Fix bug which occured
when the client or the server is a subdomain of the other;
walk_realm_tree would return the wrong answer, and suffer
from memory access errors.
* unparse.c (krb5_unparse_name_ext): Quote the '/' and '@'
characters properly.
* configure.in: Add appropriate help text for the --with-krb4
option. Remove ISODE_DEFS call, since ISODE_INCLUDES now
defines ISODE automatically.
Mon Nov 21 15:30:07 1994 Theodore Y. Ts'o (tytso@dcl)
* mk_req_ext.c (krb5_mk_req_extended): Sanitize how memory is
freed in both error and normal cases, to remove memory
leaks.
* mk_req_ext.c (krb5_mk_req_extended): Use the encryption type
specified by the ticket to generate the authenticator.
* encode_kdc.c (krb5_encode_kdc_rep): Now requires that the
caller pass in the encryption block to be used for
encrpyting the ticket. That way, this routine doesn't
need to create its own encryption block.
* encrypt_tk.c (krb5_encrypt_tkt_part): Now requires that the
caller pass in the encryption block to be used for
encrpyting the ticket. That way, this routine doesn't
need to create its own encryption block.
Fri Nov 18 17:30:44 1994 Theodore Y. Ts'o (tytso@dcl)
* mk_req_ext.c (krb5_mk_req_extended): Encrypt the authenticator
using the same encryption system used to encrypt the ticket.
Thu Nov 17 01:56:05 1994 Theodore Y. Ts'o (tytso@dcl)
* gc_via_tgt.c (krb5_get_cred_via_tgt):
* gc_2tgt.c (krb5_get_cred_via_2tgt): Set the encryption type of
the session keyblock to be the type used to encrypt the
ticket.
Fri Nov 11 01:20:22 1994 Theodore Y. Ts'o (tytso@dcl)
* get_in_tkt.c (krb5_get_in_tkt): Set the encryption type of the
session keyblock to be the type used to encrypt the
ticket.
Thu Nov 10 23:56:43 1994 Theodore Y. Ts'o (tytso@dcl)
* rd_rep.c (krb5_rd_rep): Set the encryption type in
the subkey keyblock to be the encryption type used to
encrypt the rd_rep message.
* decrypt_tk.c (krb5_decrypt_tkt_part): Set the encryption type in
the session keyblock to be the encryption type used to
encrypt the ticket.
* rd_req_dec.c (decrypt_authenticator): Set the encryption type in
the subkey keyblock to be the encryption type used to
encrypt the authenticator.
Tue Nov 8 17:09:48 1994 Theodore Y. Ts'o (tytso@dcl)
* in_tkt_pwd.c (pwd_keyproc): Use the documented interface for
calling krb5_string_to_key().
Tue Oct 25 23:34:57 1994 Theodore Y. Ts'o (tytso@dcl)
* srv_rcache.c (krb5_get_server_rcache): Added missing continue so
that we don't copy both the unprintable character as well
as the quoted version of it.
Mon Oct 24 15:50:19 1994 Theodore Y. Ts'o (tytso@dcl)
* configure.in: If KRB4 is defined, define KRB5_KRB4_COMPAT for
compat_recv.c.
Thu Oct 13 17:26:28 1994 Theodore Y. Ts'o (tytso@maytag)
* configure.in: Add ISODE_DEFS
Tue Oct 4 16:29:19 1994 Theodore Y. Ts'o (tytso@dcl)
* in_tkt_sky.c (skey_keyproc):
* in_tkt_pwd.c (pwd_keyproc): Add widen.h and narrow.h includes
around pwd_keyproc, so that the keyproc input arguments
are appropriately widened.
Fri Sep 30 21:58:15 1994 Theodore Y. Ts'o (tytso@dcl)
* preauth.c (preauth_systems): Add placeholder for magic number
Thu Sep 29 15:31:10 1994 Theodore Y. Ts'o (tytso@dcl)
* srv_rcache.c (krb5_get_server_rcache): cachename was not being
properly null-terminated.
* get_in_tkt.c (krb5_get_in_tkt): Return KRB5_IN_TKT_REALM_MISATCH
if the client and server realms don't match. Return
KRB5_KDCREP_SKEW if the KDC reply has an unacceptible
clock skew (instead of KDCREP_MODIFIED.)
* gc_via_tgt.c (krb5_get_cred_via_tgt): Use a distinct error code
for KDC skew separate from the standard KDCREP_MODIFIED
* princ_comp.c (krb5_realm_compare): Added new function from
OpenVision.
Wed Sep 21 17:57:35 1994 Theodore Y. Ts'o (tytso@dcl)
* rd_req_dec.c (krb5_rd_req_decoded): Added Changes from Cybersafe
to do transited realm path checking.
* chk_trans.c: Added donated module from CyberSafe. It checks to
see if a transited path is a legal one between two realms.
Thu Sep 15 11:08:39 1994 Theodore Y. Ts'o (tytso@dcl)
* rd_req_sim.c (krb5_rd_req_simple): Use krb5_rd_req instead of
krb5_rd_req_decoded, to eliminate some code duplication.
Sat Aug 20 01:43:43 1994 Theodore Y. Ts'o (tytso at tsx-11)
* mk_req_ext.c (krb5_generate_authenticator): Fix pointer aliasing
problem between newkey and authent->subkey.
Wed Aug 17 17:58:22 1994 Theodore Y. Ts'o (tytso at tsx-11)
* encode_kdc.c (krb5_encode_kdc_rep): Pass in to
encode_krb5_enc_kdc_rep_part the msg_type which should be used.
Old versions of Kerberos always assume TGS_REP; this merely allows
the right msg_type to be passed down to the encoding routines.
For now, the encoding routines will ignore this value and do
things the old way, for compatibility's sake.
Mon Aug 8 22:38:16 1994 Theodore Y. Ts'o (tytso at tsx-11)
* preauth.c: Renamed preauthentication mechanism names to match
what bcn and I agreed upon.
Tue Jun 28 19:35:07 1994 Tom Yu (tlyu at dragons-lair)
* decode_kdc.c: folding in Harry's changes
* rd_req.c: ditto
* rd_req_sim.c: ditto
* configure.in: adding ISODE_DEFS
|
