1 Mon Aug 18 12:29:08 1997 Ezra Peisach <epeisach@kangaroo.mit.edu>
3 * kdc_util.h: Added prototype for setup_server_realm().
5 * main.c (get_realm_port): Removed unused function.
6 (setup_server_realm): Moved prototype to kdc_util.h
8 Wed Jul 30 18:29:19 1997 Tom Yu <tlyu@mit.edu>
11 * main.c: Don't use an rcache.
13 Fri Jul 25 15:44:07 1997 Tom Yu <tlyu@mit.edu>
15 * main.c (init_realm): Fix to use new ktkdb.
17 Tue Jul 15 01:55:56 1997 Tom Yu <tlyu@mit.edu>
19 * kdc_preauth.c (get_sam_edata): Don't goto cleanup if SAM is not
20 used; this prevents freeing an unallocated keyblock.
22 Thu May 29 21:08:24 1997 Theodore Y. Ts'o <tytso@mit.edu>
24 * do_as_req.c (process_as_req), do_tgs_req (process_tgs_req): Use
25 limit_string() to make sure the length of cname and sname
28 * kdc_util.c (limit_string): New function which limits the strings
29 that will end up in log files to "reasonable" lengths.
31 Tue Feb 18 09:56:16 1997 Ezra Peisach <epeisach@mit.edu>
33 * kerberos_v4.c: Remove include of krb4-proto.h
35 Tue Feb 18 18:51:09 1997 Richard Basch <basch@lehman.com>
37 * do_as_req.c do_tgs_req.c kdc_preauth.c kdc_util.c main.c
38 replay.c kerberos_v4.c:
39 Replace krb5_xfree with appropriate free routine.
41 Thu Feb 6 00:09:46 1997 Richard Basch <basch@lehman.com>
43 * Makefile.in: Remove logger.c target before copying over it.
44 This avoids permission problems if the source is read-only
47 Wed Jan 1 22:56:16 1997 Ezra Peisach <epeisach@mit.edu>
49 * kdc_preauth.c (get_sam_edata): Use proper interface to
50 krb5_db_get_principal. Also if SAM is not an option, do
51 not return as a possible type to client. [krb5-kdc/310]
53 Fri Jan 31 21:39:04 1997 Ezra Peisach <epeisach@mit.edu>
55 * Makefile.in (LOCALINCLUDE): Change KRB4_INCLUDE to KRB4_INCLUDES
57 Fri Jan 31 19:45:13 1997 Tom Yu <tlyu@mit.edu>
60 * configure.in: Update to new program build procedure.
62 Sat Nov 23 17:26:22 1996 Mark Eichin <eichin@kitten.gen.ma.us>
64 * [krb5-libs/149] only generate requests that you can actually
67 Tue Sep 3 22:53:56 1996 Mark Eichin <eichin@cygnus.com>
69 * kdc_preauth.c (get_preauth_hint_list): detect ap->get_edata
70 return status and don't pass back hint if it failed.
71 (get_etype_info): malloc one more word in entry for end marker.
73 Wed Nov 20 11:25:05 1996 Barry Jaspan <bjaspan@mit.edu>
75 * main.c (initialize_realms): krb5_aprof_init can succeed while
76 leaving aprof == NULL, but krb5_aprof_finish will fail. This is
77 just more grossness that needs to be redone when the kdc.conf
78 interface is reworked.
80 Thu Nov 7 12:27:21 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
82 * kdc_preauth.c (check_padata): Fixed error handling; in order for
83 check_preauth to return successfully, there must be at
84 least one preauth which succeeded, and no REQUIRED preauth
85 system which failed. If a preauth is marked SUFFICIENT,
86 then the rest of the preauth list aren't checked. Fixed
87 bug where when none of the preauth types were recognized,
88 an error message corresponding to stack garbage was printed.
90 Wed Nov 6 12:00:48 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
92 * main.c (argv): Check the error return from krb5_init_context(),
93 and print an error message if necessary.
95 Mon Nov 4 22:29:30 1996 Theodore Y. Ts'o <tytso@mit.edu>
97 * main.c (initialize_realms): Remove rather pointless use of
98 krb5.conf to find the kdc.conf used to get the default
99 port list. It's not useful for anything else, and will
101 (init_realm): Reformat function to be readable. Add error
102 checking to call of krb5_read_realm_params
104 Wed Sep 18 16:03:26 1996 Theodore Y. Ts'o <tytso@mit.edu>
106 * kdc_util.c: Added magic number to initializer of nolrentry.
108 Tue Sep 10 14:18:41 1996 Tom Yu <tlyu@mit.edu>
110 * krb5kdc.M: remove ".so man1/header.doc"
112 Fri Aug 23 14:22:45 1996 Sam Hartman <hartmans@tertius.mit.edu>
114 * kerberos_v4.c (check_princ): Assume an expiration date of zero means never expire.
116 Thu Aug 1 11:13:46 1996 Ezra Peisach <epeisach@dumpster.rose.brandeis.edu>
118 * configure.in (withval): Link -ldyn as it is needed by the kadm5
121 Wed Jul 24 02:29:19 1996 Sam Hartman <hartmans@mit.edu>
123 * kerberos_v4.c (set_tgtkey): s/KRB4_#@/krb5_ui_4 so we work with
128 Tue Jul 23 22:26:29 1996 Theodore Y. Ts'o <tytso@mit.edu>
130 * Makefile.in: Build logger.o from the libkadm5 directory. This
131 is prepatory work towards eliminating the dependency on
132 libkadm5. Ultimately we will probably need to rethink how
133 the library structure for krb5....
135 * configure.in: Add -lgssapi and -lgssrpc to libraries linked with
136 krb5kdc since they are needed for shared libraries. This
137 is a horrible hack....
140 Thu Jun 13 22:09:34 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
142 * configure.in: remove ref to ET_RULES
144 Sun Jun 9 23:03:06 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
146 * main.c (finish_realm): Do not invoke krb5_finish_key if
147 encryption block is not set.
149 Sun May 12 01:17:05 1996 Marc Horowitz <marc@mit.edu>
151 * configure.in: USE_KADM_LIBRARY replaced by USE_KADMSRV_LIBRARY
153 Tue May 7 18:19:59 1996 Ken Raeburn <raeburn@cygnus.com>
155 Thu May 2 22:52:56 1996 Mark Eichin <eichin@cygnus.com>
157 * kdc_util.c (kdc_process_tgs_req): call
158 krb5_rd_req_decoded_anyflag instead of krb5_rd_req_decoded, so
159 that invalid tickets can be used to validate themselves. Add
160 explicit check that if the ticket is TKT_FLG_INVALID, then
161 KDC_OPT_VALIDATE was requested.
163 Mon May 6 12:15:36 1996 Richard Basch <basch@lehman.com>
165 * main.c: Fixed various abstraction violations where the code knew
166 the internals of eblock->crypto_entry.
168 Wed Feb 28 13:07:28 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
170 * main.c: Move com_err.h after k5-int.h include.
172 Tue Feb 27 17:33:44 1996 Richard Basch <basch@lehman.com>
175 Do not repeat random number generator initializations, as memory
176 is allocated and never reclaimed. Also fixed the V4 random number
177 generator initialization (a DES_CBC_CRC random number is generated
178 and used as a seed for the V4 routine, but the generation function
179 was being called with the wrong arguments).
182 Memory was occassionally being freed twice because the pointer was
183 not re-initialized to NULL after it was freed.
185 Sun Feb 25 16:04:10 1996 Mark W. Eichin <eichin@cygnus.com>
187 * main.c (initialize_realms): missing indirection for conf_val in
188 alternate profile code. (This should really be in a library...)
190 Sat Feb 3 22:37:55 1996 Mark Eichin <eichin@cygnus.com>
192 * network.c (add_port): sunos realloc doesn't handle a NULL
193 pointer, so protect with a macro.
195 Sat Feb 10 02:46:27 1996 Mark Eichin <eichin@cygnus.com>
197 * main.c (initialize_realms): look for [kdc] profile=path for
198 default alternate kdc profile (environment variable still
201 Wed Feb 21 23:28:33 1996 Richard Basch <basch@lehman.com>
203 * kerberos_v4.c: Improve checking of DES keys
205 * main.c: Do not assume the master key is DES; instead initialize
206 the V4 random key generator from a random key after the
207 DES_CBC_CRC generator has been initialized.
209 Tue Feb 20 16:50:59 1996 Theodore Y. Ts'o <tytso@dcl>
211 * kerberos_v4.c (kerberos_v4): Use strong random number generator
213 * main.c (main): Initialize Kerberos V4's random number generator.
215 Sat Jan 27 00:53:41 1996 Mark Eichin <eichin@cygnus.com>
217 * network.c (setup_network): strtol is good enough for port
218 number, and sunos doesn't have strtoul (and nothing else in the
220 (add_port): use proper old-style definition.
222 Wed Dec 13 03:51:53 1995 Chris Provenzano (proven@mit.edu)
224 * kerberos_v4.c : Remove mkvno for krb5_db_entry
226 Tue Dec 12 01:10:34 1995 Chris Provenzano (proven@mit.edu)
228 * extern.h: Added a krb5_keytab to the realm context. The keytab
229 should be associated with a krb5_db_context which will
230 make having a krb5_context unnecessary in the realm context.
231 * kdc_util.c kdc_process_tgs_req(): Use the realm keytab instead
232 of faking up a user-to-user key to pass to krb5_rd_req_decode().
233 * main.c: Added code to use the new database keytab routines.
235 Mon Dec 11 16:58:31 1995 Chris Provenzano (proven@mit.edu)
237 * kdc_preauth.c return_padata(): Initialize local variable "size"
238 to 0 before using it.
240 Thu Nov 30 20:57:11 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU>
242 * kdc_preauth.c: #@&^(!! Ultrix cc sucks. Typedef to function
243 pointer rather than function prototype to avoid lossage.
245 Wed Nov 29 13:31:39 1995 Theodore Y. Ts'o <tytso@dcl>
247 * do_tgs_req.c (process_tgs_req): Removed extra eblock argument
248 from call to krb5_encode_kdc_rep.
250 Fri Nov 17 22:41:37 1995 Theodore Y. Ts'o <tytso@dcl>
252 * do_as_req.c (process_as_req): Removed extra eblock argument from
253 call to krb5_encode_kdc_rep.
255 Mon Nov 13 19:40:50 1995 Theodore Y. Ts'o <tytso@dcl>
257 * kdc_util.h: Added new prototypes for return_padata() and
260 * kdc_preauth.c (return_padata): New function which calls out to
261 each preauth type to see if it is necessary to return
263 (return_pw_salt): New function responsible for returning the
264 KRB5_PW_SALT preauth information.
266 * do_as_req.c (process_as_req): Move creation of the PW_SALT
267 preauthentication step into kdc_preauth.c. Call
268 return_pdata() which is responsible for all padata info
269 which is returned by the KDC in the KRB_AS_REP message.
272 Thu Nov 9 00:05:55 1995 Theodore Y. Ts'o <tytso@dcl>
274 * kdc_preauth.c (get_etype_info): Added function to return the
275 etype_info preauth hint to the client.
277 * kdc_util.c (get_salt_from_key): Added new function which
278 determines the salting information from the krb5_key_data
281 * main.c (kdc_initialize_rcache): Replace use of krb5_clockskew
282 with context->clockskew.
284 Wed Nov 8 02:57:15 1995 Theodore Y. Ts'o <tytso@dcl>
286 * kdc_util.c (): Added new helper functions
287 dbentry_has_key_for_enctype(), dbentry_supports_enctype(),
288 and select_session_keytype().
290 * kdc_preauth.c: Added support for the ENC_TIMESTAMP
291 preauthentication scheme.
293 * do_tgs_req.c (process_tgs_req): Fixed the keytype/enctype
294 selection criteria for the server key, and the ticket
297 * do_as_req.c (process_as_req): Added calls to the kdc
298 preauthentication verification routines. Fixed the
299 keytype/enctype selection criteria for the client key, the
300 server key, and the ticket session key.
302 * main.c (finish_realm): Make sure all parts of the realm
303 structure are freed properly.
304 (main): Free the kcontext krb5_context.
306 Fri Oct 6 00:07:49 1995 Theodore Y. Ts'o <tytso@dcl>
308 * kdc_preauth.c (get_preauth_hint_list): Fix missing indirection
311 * kdc_util.c (validate_as_request): Remove preauthentication
312 check; this is handled in do_as_req.c
314 * do_tgs_req.c (process_tgs_req): Use a slightly more compressed
317 * do_as_req.c (process_as_req): Unify the logging and error packet
318 production, to make sure that both logging and an error
319 packet is returned for each error condition. Pass
320 e_data to prepare_as_error so that the proper
321 preauthentication hint list can be passed back to the client.
323 Thu Oct 5 21:23:12 1995 Theodore Y. Ts'o <tytso@dcl>
325 * network.c (setup_network):
326 * main.c (initialize_realms): Massive revamp of how the network
327 ports are setup. The default port list for a realm is
328 read from [kdcdefaults]/kdc_ports from the kdc.conf file.
329 For each realm, a list of ports can be specified in
330 [realms]/<realm>/kdc_ports.
332 * extern.h (kdc_realm_t): Remove realm_pport and realm_sport, and
335 * do_tgs_req.c (process_tgs_req):
336 * do_as_req.c (process_as_req):
337 * dispatch.c (dispatch): Pass the portnumber of the incoming
338 request down to process_as_req and process_tgs_req,
339 instead of the boolean "is_secondary".
341 * kerberos_v4.c (kerb_get_principal, kerberos_v4): Fix gcc -Wall
342 flames, by fixing signed vs. unsigned types.
344 Mon Sep 18 11:16:30 1995 Mark Eichin <eichin@cygnus.com>
346 * main.c (init_realm): strdup KRB5_KDB_M_NAME if we use it, to
347 avoid free'ing a constant later.
349 Fri Sep 15 01:33:40 1995 Theodore Y. Ts'o <tytso@dcl>
351 * main.c (init_realm): Stop after finding the first TGS key which
352 matches an entry in the key/salt list. (Typo; added
355 Sun Sep 10 10:51:29 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
357 * main.c (init_realm): When checking for master key in valid
358 enctypes, do not stop after checking only the first type.
360 Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
362 * do_as_req.c, do_tgs_req.c, kdc_util.c, kerberos_v4.c, main.c :
363 s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
365 Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
367 * do_as_req.c, do_tgs_req.c, kerberos_v4.c, main.c: Remove krb5_enctype
368 references, and replace with krb5_keytype where appropriate.
370 Mon Sep 4 14:10:26 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
372 * do_as_req.c, do_tgs_req.c, kdc_util.c, kdc_util.h, policy.c: Add
373 const declarations to variables pointing to error strings
374 in order to make everything self consistant.
376 Fri Sep 1 23:28:29 1995 Theodore Y. Ts'o <tytso@dcl>
378 * kdc_preauth.c: New file, to contain the server-side
379 preauthentication routines.
381 * do_as_req.c (process_as_req): Move preauthentication code to
382 kdc_preauth.c, for better modularity.
384 * do_as_req.c (prepare_error_as): Add new argument to this
385 function so that the e_data field may be passed in and
386 included in the KRB_ERROR messsage which is passed back to
389 Mon Aug 21 17:03:53 EDT 1995 Paul Park (pjpark@mit.edu)
390 * main.c - Interpret -k and -e arguments as strings instead of string
391 representations of integers (e.g. -e des-cbc-md5).
392 * krb5kdc.M - Remove "ascii representation of a decimal number".
395 Thu Aug 17 13:49:14 EDT 1995 Paul Park (pjpark@mit.edu)
396 * do_as_req.c - Close and re-open the database after performing a
397 database update. This is the cleanest way to flush out the
398 update without reorganizing the code.
400 Wed Aug 16 02:45:19 1995 Chris Provenzano <proven@mit.edu>
402 * do_as_req.c: Pass fds to krb5_lock_file() and krb5_unlock_file()
403 * do_as_req.c: Add a missing #ifdef KRBCONF_KDC_MODIFIES_KDB
404 for update_client and updating the database.
406 Tue Aug 15 14:32:54 EDT 1995 Paul Park (pjpark@mit.edu)
407 * extern.h - Add key/salt list to per-realm data.
408 * main.c - Save or generate per-realm key/salt list. Use this list
409 to determine which key to use from the list of server keys.
410 Fix gcc -Wall complaints.
411 * do_as_req.c - Batch KRBCONF_KDC_MODIFIES_KDB updates after the
412 response is issued. Use krb5_dbe_find_keytype() to find the
413 appropriate key in the list of keys. Find appropriate client
414 key instead of using the key in slot 0. Fix gcc -Wall moans.
415 * kdc_util.c - Use per-realm key/salt list to determine which key to
416 use from the list of server keys. Fix gcc -Wall complaints.
417 * kerberos_v4.c - Use krb5_dbe_find_keytype() to find appropriate key.
418 Fix gcc -Wall complaints.
420 Thu Aug 10 14:52:24 EDT 1995 Paul Park (pjpark@mit.edu)
421 * do_as_req.c - Add missing variable when KRBCONF_KDC_MODIFIES_KDB on.
424 Thu Aug 03 12:22:34 1995 Chris Provenzano (proven@mit.edu)
426 * do_as_req.c : Fix bug from new kdb changes.
427 * kerberos_v4.c : Use new db format.
429 Thu Aug 3 11:49:35 EDT 1995 Paul Park (pjpark@mit.edu)
430 * do_as_req.c - Ensure that padata is null with normal salt.
431 * kerberos_v4.c - Give the compiler something to compile when Kerberos
434 Thu Jul 27 15:10:58 EDT 1995 Paul Park (pjpark@mit.edu)
435 * configure.in - Add --with-vague-errors and --with-kdc-kdb-update
436 which define KRBCONF_VAGUE_ERRORS and KRBCONF_KDC_MODIFIES_KDB
437 which replace the definitions that used to be in k5-config.h.
438 * kdc_util.c - Cast argument to fetch_asn1_field which caused a
440 * kerberos_v4.c - Use KRB5_PROTOTYPE for v4_klog which is set correctly
441 for the compiler. Some compilers (e.g. OSF/1 native) understand
442 prototypes even when not in STDC mode.
443 Also use KRB5_MIT_DES_KEYSIZE instead of MIT_DES_KEYSIZE.
446 Thu Jul 27 02:59:05 1995 Chris Provenzano (proven@mit.edu)
448 * do_as_req.c do_tgs_req.c kdc_util.c main.c : Use new kdb format.
450 Mon Jul 17 15:13:09 EDT 1995 Paul Park (pjpark@mit.edu)
451 * main.c - Gut KDC profile handling logic and move it to lib/kadm/
452 alt_prof.c because it's now used by admin and kadmin programs.
453 Remove explicit stash file handling logic and supply stash
454 file name to krb5_db_fetch_mkey() since it can now handle a
455 non-default stash file name.
457 Thu Jul 13 19:51:33 1995 Sam Hartman <hartmans@tertius.mit.edu>
459 * main.c: Include netinet/in.h if we're using IP.
461 Wed Jul 12 12:19:44 EDT 1995 Paul Park (pjpark@mit.edu)
462 * main.c - Reorganize KDC profile handling so that the hierarchy for
463 locating per-realm data is [realms]->realm->tag. Add
464 [kdcdefaults] section with primary_ports and secondary_ports
465 to list ports to listen on. Consolidate all port location here
466 from network.c. Add -s flag and change meaning of -p flag to
467 be the default if none specified in KDC or Kerberos profile.
468 * network.c - Open list of primary ports and then per-realm ports.
469 Handle secondary ports just like primary ports except that
470 bind failures are only warnings. Support more than one
472 * extern,kdc_util.h - Add supporting definitions.
473 * krb5kdc.M - update description of -p and add description of -s.
475 Tue Jul 11 07:35:12 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
477 * kerberos_v4.c: Add prototype for set_tgtkey
479 Mon Jul 10 17:01:15 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
481 * kerberos_v4.c: Add prototypes for compat_decrypt_key,
482 kerb_get_principal, check_princ, v4_klog
484 * network.c (process_packet): Make prog a const char *.
486 * main.c: Add prototypes for find_realm_data, setup_server_realm,
487 usage, request_exit, setup_signal_handlers, initialize_realms,
490 * kdc_util.h: Add prototypes for against_local_policy_as,
491 against_local_policy_tgs, validate_as_request,
492 validate_tgs_request, fetch_asn1_field,
493 kdc_initialize_rcache, process_packet.
495 Sat Jul 8 17:40:10 1995 Theodore Y. Ts'o (tytso@dcl)
497 * kerberos_v4.c (v4_klog): Also log L_KRB_PERR error messages, so
498 we know when there are protocol problems.
500 Fri Jul 7 16:05:57 EDT 1995 Paul Park (pjpark@mit.edu)
501 * Makefile.in - Remove all explicit library handling and LDFLAGS.
502 * configure.in - Add USE_<mumble> and KRB5_LIBRARIES.
503 * kdc_util.c(comp_cksum) - Use krb5_verify_checksum to verify cksum.
506 Fri Jun 30 14:38:09 EDT 1995 Paul Park (pjpark@mit.edu)
507 * configure.in - Add --with-dbm to select between Berkeley and DBM
510 Thu Jun 29 06:50:08 1995 Mark Eichin <eichin@cygnus.com>
512 * kerberos_v4.c (check_princ): delete master_key_version check,
513 since we never actually set it.
514 (main): elide original V4 server code to avoid confusion when
515 looking for variable references.
516 (type_2_v5err): reformat for 79 columns instead of 80 and
517 conditionalize out since it is unused (though still informative.)
519 Tue Jun 27 15:59:48 EDT 1995 Paul Park (pjpark@mit.edu)
520 * main.c - Change profile name hierarchy storage to const char *. Add
521 signal name argument to signal handler to conform to prototype.
522 * kerberos_v4.c - Cast key to (char *) to conform to prototype.
525 Thu Jun 22 15:24:16 EDT 1995 Paul Park (pjpark@mit.edu)
526 * main.c - Change option parsing logic to support multiple realms.
527 Use alternate profile routines from libkadm to support reading
529 * dispatch.c - Setup global realm context before calling process_as_
531 * do_as_req.c - Change KDB_CONVERT_KEY_OUTOF_DB to decrypt_key call.
532 * do_tgs_req.c - Setup global realm context from our service principal
534 * extern.c - Remove per-realm global data. Replace this with list
535 of per-realm data with a pointer to the active request's realm.
536 * extern.h - Change per-realm global data names to #define's. This
537 is to avoid having to rewrite everything to pass a pointer to
539 * kdc_util.c - Change "kdc_context" to "kcontext" because of #defines
540 in extern.h. Also add logic after call to rd_req_decoded
541 to see if it failed because of a rcache error. If so, then
542 reinitialize the replay cache and retry it.
543 Also change KDB_CONVERT_KEY_OUTOF_DB to decrypt_key.
544 * kerberos_v4.c - Remove extraneous definition of master_encblock.
545 * krb5kdc.M - Add definition of -p, add vague reference to kdc.conf
546 manpage and describe multiple realms briefly.
547 * network.c - Change udp_port_fd to a list of fds to support having
548 multiple ports to listen on.
551 Thu Jun 15 17:55:21 EDT 1995 Paul Park (pjpark@mit.edu)
552 * Makefile.in - Change explicit library names to -l<lib> form, and
553 change target link line to use $(LD) and associated flags.
554 Also, remove DBMLIB, it was not used. Also, for K4, use
555 KRB4_LIB and KRB4_CRYPTO_LIB, these were
557 * configure.in - Remove dbm library checks, these are no longer needed
558 with the Berkeley database code. Also, add shared library
561 Tue Jun 13 12:44:20 1995 Sam Hartman <hartmans@tardis.MIT.EDU>
563 * network.c: Base inclusion of sys/select.h on whether it exists
564 instead of a specific test for AIX.
566 * configure.in: Test for sys/select.h
568 Mon Jun 12 20:01:23 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
570 * kdc_util.c (kdc_process_tgs_req): Set the auth_context rcache to
571 null before freeing auth_context. This keeps the rcache
574 Sat Jun 10 23:04:31 1995 Tom Yu (tlyu@dragons-lair)
576 * kdc_util.c: krb5_auth_context redefinitions
578 Fri Jun 9 19:13:08 1995 <tytso@rsx-11.mit.edu>
580 * dispatch.c, kdc_util.h, kerberos_v4.c: Use KRB5_KRB4_COMPAT
581 instead of KRB4 for determining whether to compile in
582 Kerberos V4 backwards compatibility
584 * configure.in: Remove standardized set of autoconf macros, which
585 are now handled by CONFIG_RULES.
587 Thu Jun 8 23:35:27 1995 <tytso@rsx-11.mit.edu>
589 * do_as_req.c, do_tgs_req.c, kdc_util.c, kerberos_v4.c, main.c,
590 network.c: Fix -Wall nits.
592 Thu Jun 8 14:52:40 EDT 1995 Paul Park (pjpark@mit.edu)
593 * Makefile.in - Add libkadm.
594 * dispatch.c, do_as_req.c, do_tgs_req.c, kdc_util.c, kerberos_v4.c
595 main.c - Include adm_proto.h and change syslog calls to
596 calls to krb5_klog_syslog.
598 Fri May 26 17:50:39 EDT 1995 Paul Park (pjpark@mit.edu)
599 * Makefile.in - Define KDBDEPLIB.
601 Sat May 20 22:28:52 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
603 * kerberos_v4.c: Port to OSF/1. (change longs to KRB4_32)
605 Sat Apr 29 00:13:16 1995 Theodore Y. Ts'o <tytso@dcl>
607 * kdc_util.c (kdc_process_tgs_req): Make sure apreq->ticket gets
608 freed, since it isn't being passed back to the caller
611 Fri Apr 28 21:28:45 1995 Theodore Y. Ts'o <tytso@dcl>
613 * do_tgs_req.c (process_tgs_req): Free header_ticket when we're
614 done with it. (Prevents massive memory leak).
616 * Makefile.in (depend): Use $(LD) instead of $(CC) so that we can
619 Fri Apr 28 18:05:52 1995 Mark Eichin <eichin@cygnus.com>
621 * Makefile.in (KLIB): put KRB4_LIB inside KLIB.
623 Thu Apr 27 13:52:22 1995 Mark Eichin <eichin@cygnus.com>
625 * Makefile.in (krb5kdc): use KRB4_LIB directly.
626 * configure.in: use WITH_KRB4 as-is.
628 Wed Apr 26 11:23:11 1995 Mark Eichin <eichin@cygnus.com>
630 * configure.in: need HAS_ANSI_VOLATILE for signal_requests_exit.
632 Sat Apr 22 00:36:37 1995 Theodore Y. Ts'o (tytso@dcl)
634 * network.c (setup_network): Don't rely on krb5_kdc_portname and
635 krb5_kdc_sec_portname anymore. Use the #define'd versions.
637 Fri Mar 31 16:50:07 1995 Theodore Y. Ts'o (tytso@dcl)
639 * main.c (main): Make sure the context is initialized before it is
642 Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
644 * kdc_util.c Use new calling conventions for krb5_rd_req_decoded().
646 Fri Mar 24 14:58:07 1995 <tytso@rsx-11.mit.edu>
648 * replay.c: The KDC replay cache needs to store the database
649 modification time, so that if the database is modified in
650 between when it receives a request and when it receives a
651 replay of the same request, it knows to throw away the
652 replay cache entry and generate a new response (since the
653 record in the database on which the response is based may
656 * main.c (kdc_com_err_proc): Use syslog() instead of vsyslog().
658 Sat Mar 18 18:59:45 1995 John Gilmore (gnu at toad.com)
660 * kerberos_v4.c: Replace STDARG_PROTOTYPES with HAVE_STDARG_H.
662 Tue Mar 14 15:25:38 1995 <tytso@rsx-11.mit.edu>
664 * configure.in, Makefile.in: Use the libdes425 library so that the
665 DES code doesn't get dragged in twice.
667 * kdc_util.c (validate_as_request): Allow a client to obtain a
668 password changing ticket, even if the client's key is
671 * main.c (usage, process_args, main): The KDC will disassociate
672 itself from the terminal by default, unless the -n option
675 Thu Mar 2 12:16:50 1995 Theodore Y. Ts'o <tytso@dcl>
677 * Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
679 Wed Mar 1 16:30:27 1995 Theodore Y. Ts'o <tytso@dcl>
681 * configure.in: Remove ISODE_INCLUDE and ISODE_DEFS, replace check
682 for -lsocket and -lnsl with WITH_NETLIB check.
684 Tue Feb 28 02:27:11 1995 John Gilmore (gnu at toad.com)
686 * *.[ch]: Avoid <krb5/...> and <com_err.h> includes.
688 Fri Feb 10 14:35:42 1995 Theodore Y. Ts'o <tytso@dcl>
690 * do_tgs_req.c (process_tgs_req): krb5_use_keytype() was being
691 called when the argument was a encryption type. Change
692 use to krb5_use_cstype(). Actually, any use of
693 krb5_use_keytype() is a bug by definition.
695 Wed Feb 01 21:07:03 1995 Chris Provenzano (proven@mit.edu)
697 * kdc_util.c (kdc_rdreq_keyproc()) Add krb5_keytype() arg.
699 Wed Jan 25 23:20:07 1995 Theodore Y. Ts'o (tytso@dcl)
701 * network.c (setup_network), main.c (process_args): Allow the
702 primary port that the KDC listens on be configurable on the
703 command line. If the appropriate /etc/services entries
704 aren't found, use compiled in defaults.
706 Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu)
708 * Removed all narrow types and references to wide.h and narrow.h
710 Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
712 * Added krb5_context to all krb5_routines
714 Thu Dec 8 00:33:05 1994 <tytso@rsx-11.mit.edu>
716 * do_tgs_req.c (prepare_error_tgs): Don't free the passed in
717 ticket; it will be freed as part of other structures.
719 * do_tgs_req.c (process_tgs_req): Set the encryption type in the
720 reply structure, and set the eblock type accordingly.
722 Wed Dec 7 13:36:34 1994 <tytso@rsx-11.mit.edu>
724 * do_as_req.c (process_as_req): Set the encryption type in the
725 reply_encpart structure.
727 * kdc_util.c (validate_as_request):
728 * policy.c (against_local_policy_as): Move requirement that an AS
729 request must include the addresses field to the local
730 policy routine. (Not required by RFC).
732 * main.c (setup_com_err): Initialize the kdc5 error table (the
733 kdb5 error table is already initialized)
735 Wed Nov 30 16:37:26 1994 Theodore Y. Ts'o (tytso@dcl)
737 * confiugre.in: Add appropriate help text for --with-krb4
740 Mon Nov 21 17:23:50 1994 Theodore Y. Ts'o (tytso@dcl)
742 * do_tgs_req.c (process_tgs_req):
743 * do_as_req.c (process_as_req): Use the list of encryption types
744 passed as part of the KDC request to determine which
745 encryption to use for encrypting the ticket. The
746 encryption must be one that is supported by the KDC, as
747 well as being one which is marked as being supported by
748 the server of the ticket. In a AS request, also use this
749 encryption for encrypting the KDC response. In a TGS
750 request, use the encryption type of the TGT authenticator
751 to determine how to encrypt the KDC response.
753 Tue Nov 8 17:51:30 1994 Theodore Y. Ts'o (tytso@dcl)
755 * do_tgs_req.c (process_tgs_req): Use published interface to call
758 Mon Nov 7 22:11:01 1994 Theodore Y. Ts'o (tytso@dcl)
760 * kerberos_v4.c: Don't define functions manually, but pull in the
761 appropriate include files (com_err.h, krb5/ext-proto.h,
762 krb5/los-proto.h, etc.)
764 * kdc_util.c (kdc_process_tgs_req): Fix lineage check so that we
765 don't fail if we're cross-authenticating with a realm with
766 the same length as our own. ('||' should have been '&&')
768 Fri Nov 4 17:47:46 1994 Theodore Y. Ts'o (tytso@dcl)
770 * do_as_req.c (process_as_req): Use published interface to call
773 Fri Oct 14 00:31:14 1994 Theodore Y. Ts'o (tytso@dcl)
775 * main.c (process_args): Select the cryptosystem to be used using
776 krb5_use_cstype() instead of using a implementation
777 specific assignment. Also, allow the encryption type to
778 be specified using a command line option.
780 Tue Oct 11 22:11:09 1994 Theodore Y. Ts'o (tytso@dcl)
782 * do_as_req.c (process_as_req): Don't assume that the request
783 server's realm name is null terminated. Compare the
784 request server against changepw/kerberos using
785 krb5_principal_compare.
787 Tue Oct 4 16:42:16 1994 Theodore Y. Ts'o (tytso@dcl)
789 * kdc_util.c (kdc_rdreq_keyproc): Add widen.h and narrow.h around
790 keyproc call so that the argument types are widened.
792 Mon Oct 3 13:13:48 1994 Theodore Y. Ts'o (tytso@dcl)
794 * Makefile.in: Use $(srcdir) to find manual page for make install.
796 * Makefile.in: Remove krb5kdc on make clean
798 Fri Sep 30 22:13:13 1994 Theodore Y. Ts'o (tytso@dcl)
800 * extern.c: Add placeholder for magic number
802 Thu Sep 29 00:03:59 1994 Theodore Y. Ts'o (tytso@dcl)
804 * Makefile.in: Relink executable when library changes.
806 Wed Sep 21 17:40:56 1994 Theodore Y. Ts'o (tytso@dcl)
808 * kdc_util.c, kdc_util.h (realm_compare): Change realm_compare so
809 that both arguments are principals. This makes it less
812 * kdc_util.c (add_to_transited): Folded in Tony Andrea's changes
813 so that add_to_transited doesn't assume that the contents
814 of a krb5_data->data are null terminated.
816 * do_tgs_req.c (process_tgs_req): Add the realm of the presented
817 tgt if it is different from the local realm (cross-realm) and it
818 is different than the realm of the client (since the realm of
819 the client is already implicitly part of the transited list and
820 should not be explicitly listed).
822 Thu Aug 18 18:17:59 1994 Theodore Y. Ts'o (tytso at tsx-11)
825 * Makefile.in: Move optional link with $(KRB4)/lib/libdes.a to
828 Thu Aug 4 15:13:27 1994 Tom Yu (tlyu@dragons-lair)
831 * kerberos_v4.c: don't include <sgtty.h> if POSIX_TERMIOS is
834 Sat Jul 16 09:16:33 1994 Tom Yu (tlyu at dragons-lair)
836 * configure.in: hopefully make dbm libs dtrt
838 Sat Jul 16 01:59:02 1994 Theodore Y. Ts'o (tytso at tsx-11)
840 * do_as_req.c: Sanitie error return codes
841 * kdc_util.c (validate_tgs_request): Fix error handling for bogus
842 TGS renew/forward/etc. requests. Sanitize error return codes.
844 Fri Jul 8 00:33:45 1994 Tom Yu (tlyu at dragons-lair)
847 * Makefile.in: back out changes because of possible breakage under
848 Ultrix, among other things
850 Wed Jul 6 22:54:59 1994 Tom Yu (tlyu at dragons-lair)
853 * Makefile.in: fixes to suck in -lndbm or -ldbm if needed
855 Tue Jun 28 19:43:54 1994 Tom Yu (tlyu at dragons-lair)
857 * main.c: fix explicit calls to initialize_foo_error_table
860 * configure.in: folding in Harry's changes
projects / krb5.git / blob