From cb45ffc90af6104f42fb7fced6f780ddac6e633e Mon Sep 17 00:00:00 2001 From: Tom Yu Date: Sun, 1 Feb 2009 03:05:56 +0000 Subject: [PATCH] Update README with changes by ticket ID git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-7@21856 dc483132-0cff-0310-8789-dd5450dbe970 --- README | 276 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 276 insertions(+) diff --git a/README b/README index 5b1c82a9a..323f9e05f 100644 --- a/README +++ b/README @@ -114,6 +114,282 @@ Major changes in 1.7 Changes by ticket ID -------------------- +194 a stash file is not a keytab +914 keytab add without randomizing key +1201 replay cache can produce false positive indications +2836 feature request: compile/link time warnings for deprecated + functions +2939 unified CCAPI implementation +3496 krb524d should log success as well as failure +3497 problems with corrupt (truncated) ccaches +3499 race in replay cache file ownership +3737 plugins support requires a Windows equivalent to opendir and + friends +3929 support lazy launching of ccapi server +3930 CCAPI server must be able to distinguish context handles from + other server instances +3931 CCAPI context and ccache change times must be stored by the client +3932 CCAPI should use a cc_handle not implemented as a pointer +3933 CCAPI client library reconnection support +3934 Implement CCAPI blocking calls +3935 CCAPI implement locking +3936 krb5_ccache functions should use the ccapi version 3 interface +5411 MEMORY keytab +5425 nonce needs to be random +5427 buffer overflow in krb5_kt_get_name +5428 MEMORY keytab leaks +5429 MEMORY keytab should use krb5_copy_keyblock +5430 MEMORY keytab's get_entry should set enctypes and kvnos +5431 krb5_kt_get_type should return const char *. +5432 krb5_kt_default_name should take an unsized length +5440 sendto_kdc() not signal safe, doesn't respond well to + staggered TCP responses. +5481 manual test of commit handler +5517 use IP(V6)_PKTINFO in KDC for UDP sockets +5545 uninitialized salt length when reading some keys +5560 threads on Solaris 10 +5561 close-on-exec flags +5565 krb5kdc.M is confused about keytype +5567 don't check for readability resolving SRVTAB: keytab +5568 Move CCAPI sources to krb5 repository +5569 Fixed bugs introduced while moving to krb5 repository +5570 Only use __attribute__ on GNUC compilers +5574 Add advisory locking to CCAPI +5575 don't include time.h in CredentialsCache.h if it's not needed +5578 test commit handler +5580 provide asprintf functionality for internal use +5589 krb5 trunk no longer builds on Windows - vsnprintf + implementation required +5590 gss krb5 mech enhanced error messages +5593 kadmind crash on Debian AMD64 +5594 Work on compiling CCAPI test suite on Windows +5595 Problems with kpasswd and an IPv6 enviroment +5598 ccs_pipe_t needs copy and release functions +5599 Added new autogenerated file to generate-files-mac target +5600 provide more useful error message when running kpropd on + command line +5635 need more dylib_file specs for darwin +5641 kadm5_setkey_principal_3 fix +5642 Remove unused, unlocalizable error strings +5643 Alignment fix +5649 t_ser should no longer use kdb libraries +5654 remap mechanism-specific status codes in mechglue/spnego +5655 authorization-data plugin support in KDC +5657 (Mac-specific) PROG_LIBPATH build fix +5667 listprincs *z is broken +5670 Add documentation for CCAPI +5671 cleanup src/lib/gssapi/krb5/error_map.h on Windows +5672 no unistd.h on Windows +5699 test program build problem +5754 cci_array_move should work when the source and dest positions are equal +5760 stdint.h should only be accessed if HAVE_STDINT_H defined +5771 cc_ccache_set_principal always returns error 227 +5776 profile library memory leaks introduced when malloc returns 0 +5786 Update Release Documentation for KFW 3.2.2 +5804 cc_initalize(ccapi_version_2) should return CC_BAD_API_VERSION + not CC_NOT_SUPP +5805 Add documentation for error codes used for flow control. +5806 Removed NOP line of code from krb5_fcc_next_cred() +5807 can't store delegated krb5 creds when using spnego +5813 cc_ccache_store_credentials should return ccErrBadCredentialsVersion +5814 cci_array_move not returning correct new position +5815 ccs_lock_status_grant_lock granting wrong lock +5822 fixed mispelling in kadmin error message +5828 Include time.h for time() +5835 Kerberos with apple leopard +5863 [no subject] +5864 improve debugging of ticket verification in ksu +5867 krb-priv sequence numbers don't match up in retransmitted requests +5872 Add ccs_pipe_compare +5884 Need CCAPI v2 support for Windows +5885 Remove AppleConnect workaround +5894 krb5int_arcfour_string_to_key does not support utf-8 strings +5899 Compiling krb5-1.6.3 on FreeBSD 7.0-RELEASE +5900 ccs_ccache_reset should check all arguments for NULL +5901 CCAPI v2 support crash when client or server strings are NULL +5902 cci_cred_union_compare_to_credentials_union doesn't work for v5 creds +5903 Fix pointer cast in cc_seq_fetch_NCs_end +5904 cc_set_principal should return error on bad cred version +5905 cc_remove_cred should only remove one cred +5906 Fixed error code remapping +5907 Removed tests for check_cc_context_get_version +5908 Remove C warnings from CCAPI tests +5909 Add CCAPI v2 tests +5911 removed unused header file inclusion CoreFoundation.h +5912 Invalid assignment while trying to set input to NULL +5915 cc_ccache_iterator_release, cc_credentials_iterator_release + leak server memory +5920 CCacheServer should track client iterators +5923 Protect CFBundle calls with mutexes +5925 Windows socket(...) returns SOCKET, not file handle +5926 Added prototype to test function to remove warning. +5943 db creation creates a kadmin/hostname princ but doesn't fix case +5947 krb5_walk_realm_tree broken substring logic +5948 error in filebase+suffix list generation in plugin code +5949 Don't leak memory when multiple arguments are NULL +5954 ksu fails without domain_realm mapping for local host +5960 Move KIM implementation to the krb5 repository +5962 unchecked calls to k5_mutex_lock() interact poorly with finalizers +5963 Profile library should not call rw_access earlier than needed +5964 Re: Fwd: [modauthkerb] [SOLVED] 'Request is a replay' + Basic auth +5966 signed vs unsigned char * warnings in kdb_xdr.c +5967 No prototype when building kdb5_util without krb4 support +5969 Add header for kill() in USE_PASSWORD_SERVER case +5982 cci_credentials_iterator_release using wrong message ID +5989 Add new launchd flags to CCacheServer plist file +5990 kadm5_setkey_principal_3 not copying key_data_ver and key_data_kvno +5993 Masterkey Keytab Stash +5999 fix ktutil listing with timestamp +6000 misc uninitialized-storage accesses +6001 Big endian stash file support +6002 krb5_rc_io_creat should use mkstemp +6005 krb5_get_error_message returns const char * +6009 kdc does not compile with glibc 2.8 +6010 krb5int_gic_opte_copy should copy elements individually +6011 Add EnableTransactions launchd option to CCacheServer +6012 Add EnableTransactions launchd option to KerberosAgent +6013 Stop building Kerberos.app as part of KfM. +6015 gss_export_lucid_sec_context support for SPNEGO +6016 SPNEGO workaround for SAMBA mech OID quirks +6017 KDC virtual address support +6019 Add signal to force KDC to check for changed interfaces +6024 Don't use "ccache" in error string printed to user +6025 Add macro so we don't print deprecated warnings while building KfM +6026 CCacheServer crashes iterating over creds which have been destroyed +6029 kadmind leaks error strings on failures +6031 krb needs better realm lookup logic +6032 test commit handler change +6044 Add Apple Inc. to copyright lists. +6052 Return extended krb5 error strings +6055 KIM API +6066 turn off thread-support debugging code +6070 update DES code copyright notices +6074 Use a valid UTF8 password for randkey password +6075 Open log file for appending only, not also reading +6076 Don't build PKINIT ASN.1 support code if not building PKINIT plugin +6077 krb5_fcc_resolve file locking error on malloc failuer +6080 mac port of kim should not depend on kipc +6081 Conditionalize building of CCAPI ccache type on USE_CCAPI +6083 profile write code should only quote empty strings +6087 Notify clients on ccache deletion +6088 Add support to send CFNotifications on ccache and cache + collection changes +6090 k5_mutex_destroy calls pthread_mutex_destroy with mutex locked +6091 lean client changes +6093 KIM should not provide keytab functions when building lite framework +6094 CCAPI is leaking mach ports +6101 compile-time flag to disable iprop +6103 fix resource leak in USE_PASSWORD_SERVER code +6111 CCAPI should only use one pthread key +6120 increase rpc timeout +6121 dead code in lib/rpc/clnt_udp.c +6131 Removed argument from kipc_client_lookup_server +6133 C90 compliance +6138 Switch KfM back to error tables +6140 CCAPI should use common ipc and stream code +6142 KerberosAgent dialogs jump around the screen +6143 KerberosAgent: Enter Identity text field shouldn't be clear + automatically +6144 KerberosAgent: ignore user interaction while busy +6145 KerberosAgent attach associated dialogs to Select Identity dialog +6146 Client name passed by KIM is incorrect +6147 KerberosAgent Use Defaults button doesn't work +6151 Don't touch keychain if home directory access is disabled +6153 Add KLL error table +6154 Hinge building KLL shim off KIM_TO_KLL_SHIM, not LEAN_CLIENT +6155 KLLastChangedTime should return current time, not 0 +6156 KLL shim layer does not correctly handle options +6157 KIM should remember options and identity if prefs indicate +6158 KerberosAgent should handle multiple clients simultaneously +6159 KerberosAgent should handle zoom button better +6160 KLL should use __attribute ((deprecated)) +6162 kim_options_copy should allow in_options to be KIM_OPTIONS_DEFAULT +6163 Crash in kim_credential_create_from_keytab +6164 KL APIs which take a NULL principal return klParameterErr +6165 kim_options_create sometimes returns KIM_OPTIONS_DEFAULT +6166 preferences should handle KIM_OPTIONS_DEFAULT +6168 prefs should not create empty dictionary for KIM_OPTIONS_DEFAULT +6169 Missing keys in KerberosAgent Info.plist +6170 change password should always reprompt on error +6171 allow kim ui plugins to have any name +6172 kim_ui_plugin_fini sends pointer to context instead of context. +6175 always zero out authentication strings +6176 Test KIM plugin +6179 kim_os_string_create_localized leaks CFStringRef +6181 Free error message returned by krb5_get_error_message +6182 kim test suite reports error messages incorrectly +6183 KerberosAgent enter identity dialog should use default +6184 handle stash file names with missing keytab type spec and colon in path +6185 Merge KerberosIPC into k5_mig support +6186 Move GUI/CLI detection from KerberosIPC into KIM +6187 use KIM_BUILTIN_UI instead of LEAN_CLIENT for builtin UI +6189 remove unused variable in kim_ui_cli_ask_change_password +6190 Use a context to store error table info +6192 Treat unreadable terminal as user cancelled so regression tests work +6193 Remap some of the more confusing krb5 errors +6194 Double free and leak in kim_os_library_get_application_path +6195 Added back KLL test programs +6197 KLCreatePrincipalFromTriplet should work with empty instance +6198 KerberosAgent continues to ignore mouse events after error +6199 don't include "WRFILE:" in call to mktemp +6201 small leak in KDC authdata plugins +6202 kadmind leaks extended error strings +6211 pam_sam leaking outer krb5_data created by encode_krb5_sam_response +6214 krb5_change_set_password not freeing chpw_rep contents +6216 Free data in tests so leaks checking is easier +6217 kim_preferences should free old identity before overwriting +6218 kim_ccache_iterator_next leaks principal +6219 kim_os_library_get_caller_name leaks file path +6220 kim_identity_change_password_with_credential leaks krb5_creds +6221 KerberosAgent should clear generic auth prompt +6222 KerberosAgent enter dialog should add entered identities to favorites +6224 KerberosAgent 'no selection' placeholder in ticket options +6225 Remove ipc message sent on cc_context_release +6226 KIM should only display error dialogs if it has displayed UI already +6227 Apple LW_net_trans.patch make KDC rescan network after 30 seconds +6231 Apple split build support +6247 Apple patch: null out pointer in string_to_key after free +6248 Apple patch: destroy Mach ports on unload +6250 Use CFStringGetCStringPtr when possible +6251 Add test for kim_identity_create_from_components +6252 krb5_build_principal_va does not allocate krb5_principal +6254 krb5_build_principal_ext walks off beginning of array +6255 partial rewrite of the ASN.1 encoders +6256 localize format strings, not final error string +6260 KerberosAgent hangs changing pw for passwordless identities +6261 Remove saved password if it fails to get tickets +6262 Only prompt automatically from GUI apps +6264 Avoid duplicate identical dialogs in KIM +6265 KerberosAgent bindings causing crashes +6266 BIND_8_COMPAT no longer needed in Leopard +6267 Add _with_password credential acquisition functions to KIM API +6274 Crypto IOV API per Projects/AEAD encryption API +6282 krb5kdc deref uninit memory on the stack on unknown principal (pk-init) +6285 Provide SPI to switch the mach port lookup for kipc +6286 Allow kerberos configuration files fail with EPERM +6289 replay cache is insecurely handled +6290 KIM: Pushing authentication login window do application +6291 Using referrals fills the the credentials cache more entries + of the same name +6294 lib/gssapi/krb5/init_sec_context.c: don't leak on mutex_lock failure +6295 Memory leak in KIM identity object +6297 "make check" fails due to krb5_cc_new_unique() on 64-bit + Solaris SPARC under Sun Studio +6302 kadmind mem leaks [rdar 6358917] +6303 Remove krb4 support +6308 Alignment problem in resolver test +6309 update ldap plugin Makefile for krb4 removal +6315 move generated dependencies out of Makefile.in +6316 KIM GC problem on 64-bit +6335 test failures in password changing +6336 enctype negotiation - etype list +6337 kadmin should force non-forwardable tickets +6339 Fwd: krb5_sendauth vs NAGLE vs DelayedAck +6342 hash db2 code breaks if st_blksize > 64k +6351 gss_header|trailerlen should be unsigned int +6352 return correct kvno in TGS case +6354 Master Key Migration Project + Copyright and Other Legal Notices --------------------------------- -- 2.26.2