+1998-10-24 Marc Horowitz <marc@mit.edu>
+
+ * login.c: update to new get_creds API
+
+ * krlogin.c (main, oob, server_message, control), krlogind.c
+ (sendoob, protocol, recvauth): If the enctype is not
+ similar to DES, use an inband signalling protocol instead
+ of MSG_OOB data to indicate status changes.
+
+ * kcmd.c (rcmd_stream_init_krb5, v5_des_read, v5_des_write):
+ update to new crypto API. Add ivec chaining to
+ encryption when the enctype is not similar to DES as part
+ of the new protocol.
+
1998-10-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
* krshd.c (doit): Apply ghudson's patch so that rshd passes the
+1998-10-24 Marc Horowitz <marc@mit.edu>
+
+ * gss-server.c (sign_server): fix the text heuristic to recognize
+ whitespace as text.
+ (main): clean up file descriptors properly after each
+ connection.
+
+ * gss-client.c (read_file): properly handle empty files
+
+ * gss-client.c: (call_server): NUL-terminate the contents
+ of non-empty files on the wire.
+
Wed Feb 18 15:27:32 1998 Tom Yu <tlyu@mit.edu>
* Makefile.in: Remove trailing slash from BUILDTOP. Fix up
+1998-10-26 Marc Horowitz <marc@mit.edu>
+
+ * ftp.c (login): *always* encrypt the password, regardless
+ of the default command mode.
+ (do_auth): Try the new krb5 mech, and if that fails, try the
+ old one.
+
Fri Oct 2 16:16:13 1998 Theodore Y. Ts'o <tytso@mit.edu>
* cmdtab.c: Update help message for passive mode so that it
+1998-10-26 Marc Horowitz <marc@mit.edu>
+
+ * enc_des.c, kerberos.c: the ECB des functions don't exist
+ anymore, but telnet always encrypted/decrypted one block. Convert
+ to calls to the new crypto api, with des-cbc-raw, using a single
+ block.
+
Tue Mar 3 14:43:30 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
* configure.in: Change test for cgetent to use HAVE_ instead
+1998-10-26 Marc Horowitz <marc@mit.edu>
+
+ * commands.c: remove calls to setuid(getuid()). This looks like
+ it was once an attempt to make it safe to run setuid, but it's not
+ safe for a number of other reasons, so there's no reason to
+ pretend.
+
Sat Oct 10 06:24:55 1998 Geoffrey King <gjking@mit.edu>
* telnet.c (telnet): Cosmetic change: Put a newline after "Waiting
+1998-10-26 Marc Horowitz <marc@mit.edu>
+
+ * configure.in: add kvno
+
Sat Jul 25 15:00:26 1998 Sam Hartman <hartmans@utwig.mesas.com>
* Makefile.in (LOCAL_SUBDIRS): add kvno
+1998-10-26 Marc Horowitz <marc@mit.edu>
+
+ * kinit.c: convert to new init_creds api
+
1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
* kinit.c (main): POSIX states that getopt returns -1 when it
+1998-10-26 Marc Horowitz <marc@mit.edu>
+
+ * klist.c: add -a flag to print the ticket address, and -n flag to
+ do so without attempting resolution. Make klist use the new api
+ for stringifying enctypes.
+
Tue Aug 11 23:38:53 1998 Matthew D Hancher <mdh@mit.edu>
* klist.c (do_ccache): Properly check the return value of
--- /dev/null
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * kvno.c, kvno.M: Create a new application.
+
+1998-10-26 Marc Horowitz <marc@mit.edu>
+
+ * krb5.hin: add new interfaces for new crypto API and key
+ derivation/key usage. Add new (krb5_get_permitted_enctypes,
+ krb5_is_permitted_enctype) api for querying permitted etypes from
+ krb5.conf, and new auth_context flag
+ (KRB5_AUTH_CONTEXT_PERMIT_ALL) to override this. Fix bug in
+ krb5_kt_get_type.
+
+ * k5-int.h: make changes related to new crypto API and key
+ derivation/key usage
+
Tue Sep 1 19:32:33 1998 Tom Yu <tlyu@mit.edu>
* krb5.hin: Add ENCTYPE_LOCAL_DES3_HMAC_SHA1, in order to deal
+1998-10-26 Marc Horowitz <marc@mit.edu>
+
+ * kdb_dbc.h, kdb.h: update kdb api to be compatible with the new
+ crypto api.
+
Wed Jul 8 04:30:22 1998 Geoffrey King <gjking@mit.edu>
* adm_proto.h: Added prototype for new function krb5_klog_reopen()
+1998-10-26 Marc Horowitz <marc@mit.edu>
+
+ * keytab.c (etype_string): replace the hardwired table with a call
+ to krb5_enctype_to_string()
+
Fri Feb 27 23:32:38 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Changed thisconfigdir to point at the kadmin
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * dumpv4, loadv4.c, kdb5_create.c, kdb5_stash.c, kdb5_util.c,
+ kadm5_create.c: convert to new crypto api
+
Wed Sep 30 00:02:01 1998 Theodore Y. Ts'o <tytso@mit.edu>
* dump.c: Add support for changing the master key for a database
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * ovsec_kadmd.c: add calls to a new function
+ _svcauth_gssapi_unset_names() to clean up memory when shutting
+ down. Use krb5_overridekeyname instead of krb5_defkeyname, so the
+ command line takes precedence over the environment.
+
Wed Jul 22 00:28:57 1998 Geoffrey King <gjking@mit.edu>
* ovsec_kadmd.c (main): Cast gss_nt_krb5_name to
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * admin_server.c, kadm_funcs.c, kadm_ser_wrap.c, kadm_server.h:
+ convert to new crypto api
+
Fri Jul 31 18:17:16 1998 Tom Yu <tlyu@mit.edu>
* kadm_ser_wrap.c (kadm_ser_init): Remove references to
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * do_as_req.c, do_tgs_req.c, extern.h, kdc_preauth.c, kdc_util.c,
+ kerberos_v4.c, main.c: conver to new crypto api.
+
Fri Sep 25 19:47:26 1998 Tom Yu <tlyu@mit.edu>
* kerberos_v4.c (check_princ): Re-order if statements that check
compatibility for krb5-beta5 checksums. Fix typos similar to
those corrected in k5_md4des.c.
+Sun Jul 19 12:00:00 1998 Marc Horowitz <marc@mit.edu>
+
+ * *.c: replace the crypto layer.
+
Wed Apr 15 18:02:44 1998 Tom Yu <tlyu@mit.edu>
* Makefile.in (LIB): Rename to k5crypto.
+Sun Jul 19 12:00:00 1998 Marc Horowitz <marc@mit.edu>
+
+ * *.c: replace the crypto layer.
+
Wed Feb 18 16:05:45 1998 Tom Yu <tlyu@mit.edu>
* Makefile.in: Remove trailing slash from thisconfigdir. Fix up
+Sun Jul 19 12:00:00 1998 Marc Horowitz <marc@mit.edu>
+
+ * *.c: replace the crypto layer.
+
Wed Feb 18 16:06:23 1998 Tom Yu <tlyu@mit.edu>
* Makefile.in: Remove trailing slash from thisconfigdir. Fix up
+Sun Jul 19 12:00:00 1998 Marc Horowitz <marc@mit.edu>
+
+ * *.c: replace the crypto layer.
+
Tue Mar 3 08:39:47 1998 Ezra Peisach <epeisach@kangaroo.mit.edu>
* Makefile.in (t_cksum): Do not depend on libkrb5.a, use
+Sun Jul 19 12:00:00 1998 Marc Horowitz <marc@mit.edu>
+
+ * *.c: replace the crypto layer.
+
Tue Mar 3 08:42:10 1998 Ezra Peisach <epeisach@kangaroo.mit.edu>
* Makefile.in (t_cksum): Do not depend on libkrb5.a, use
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * random_key.c, new_rnd_key.c: make the v4 compat random key code
+ use the krb5 crypto interface, instead of the des implementation
+ internals.
+
Wed Apr 15 18:03:43 1998 Tom Yu <tlyu@mit.edu>
- * Makefile.in (SHLIB_EXPDEPS):
+ * Makefile.in (SHLIB_EXPDEPS):
(SHLIB_EXPLIBS): Rename libcrypto -> libk5crypto.
Tue Mar 3 08:59:03 1998 Ezra Peisach <epeisach@kangaroo.mit.edu>
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * gssapi.hin: define GSS_S_DUPLICATE_ELEMENT, GSS_S_NAME_NOT_MN,
+ and GSS_S_GAP_TOKEN as per gss v2 c bindings
+
1998-06-08 Theodore Ts'o <tytso@rsts-11.mit.edu>
* oid_ops.c (generic_gss_release_oid): Recognize our own "self"
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * Makefile.in, accept_sec_context.c, acquire_cred.c, canon_name.c,
+ delete_sec_context.c, disp_status.c, gssapiP_krb5.h,
+ gssapi_err_krb5.et, gssapi_krb5.c, gssapi_krb5.h,
+ init_sec_context.c, inq_cred.c, inq_names.c, k5seal.c, k5unseal.c,
+ rel_oid.c, ser_sctx.c, util_cksum.c, util_crypt.c, util_seed.c,
+ util_seqnum.c, wrap_size_limit.c: convert to new crypto api.
+ Implement new krb5 v2 gssapi mechanism.
+
+ * add_cred.c, util_ctxsetup.c: New files needed to implement the
+ krb5 v2 mech.
+
Mon Sep 21 00:32:28 1998 Tom Yu <tlyu@mit.edu>
* accept_sec_context.c (krb5_gss_accept_sec_context): Free authdat
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * client_init.c (_kadm5_init_any): try the krb5 v2 mechanism
+ first, and if that fails, try the krb5 v1 mech.
+
Sun Jul 26 18:11:56 1998 Sam Hartman <hartmans@utwig.mesas.com>
* Makefile.in (LIBMAJOR): bump libmajor
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * server_kdb.c, svr_principal.c: convert to new crypto api
+
Sun Jul 26 18:09:55 1998 Sam Hartman <hartmans@utwig.mesas.com>
* Makefile.in (LIBMAJOR): bump libmajor
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * kdb_xdr.c, kdb_cpw.c: remove the special knowledge of ENCTYPE
+ string-to-key equivalances. the crypto api has a function for
+ this now.
+
+ * decrypt_key.c, encrypt_key.c, fetch_mkey.c, kdb_cpw.c,
+ kdb_db2.c, kdb_db2.h, kdb_dbm.c, keytab.c, verify_mky.c: change or
+ remove all the places krb5_encrypt_block was used
+ (this is mostly relevant to kdb manipulations). It was usually
+ used to specify an enctype (which is now implied by the keyblock),
+ or to store or pass in a processed key (now the api just takes a
+ key directly, so these structures and functions do, too). The kdb
+ key manuipulation functions also need to be made to use the new
+ api.
+
Fri Sep 25 19:42:10 1998 Tom Yu <tlyu@mit.edu>
* kdb_xdr.c (krb5_dbe_search_enctype): Re-order booleans so that
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * asn1buf.c (asn1buf_sync): interoperation testing against heimdal
+ revealed a bug. if extra fields are present in a SEQUENCE, they
+ are not ignored and skipped. This caused the decoder to get out
+ of sync.
+
Thu Jul 2 15:30:25 1998 Theodore Y. Ts'o <tytso@mit.edu>
* asn1_encode.c: Make the magic Macintosh EPOCH offset be 70 years
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * ktf_g_ent.c (krb5_ktfile_get_entry): restructure the code to use
+ the compare_enctypes function and not leak memory
+
Fri Feb 27 18:03:33 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Changed thisconfigdir to point at the lib/krb5
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * vfy_increds.c: rearrange the code a bit to make it more clear
+ that the logic is correct.
+
+ * str_conv.c: remove enctype and cksumtype string converstions.
+ They're in the crypto library now, since the information drops
+ right into the enctype table.
+
+ * ser_eblk.c: ifdef the whole file out, since it's not used
+ anywhere. it should probably be deleted, but I'm not sure about
+ backward-compatibility issues yet.
+
+ * rd_req_dec.c: check the auth_context permit-all flag and
+ permitted_enctypes list, and reject the request if the policy
+ check fails.
+
+ * init_ctx.c: add code to initialize the prng. It's not great,
+ but can be improved, and the prng is reseeded when new keys are
+ processed. Read permitted_enctypes from the krb5.conf file, and
+ provide accessor functions for it. Make the various etype list
+ parsers share code as a side effect.
+
+ * get_creds.c: add krb5_get_{validat,renew}ed_creds functions,
+ which are part of the new init_creds api. The prototypes were
+ already in, krb5.hin but there was no implementing code.
+
+ * auth_con.c, auth_con.h: add a list of permitted enctypes to the
+ auth_context for rd_req to check, and create accessor functions
+ for this list.
+
+ * Makefile.in, enc_helper.c: add enc_helper.c. This provides a
+ wrapper around the conventional way the library encrypts and wraps
+ encoded asn.1 structures, so the code isn't repeated in a dozen
+ places.
+
Wed Aug 19 17:27:51 1998 Tom Yu <tlyu@mit.edu>
* conv_princ.c: Add some additional entries to sconv_list that
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * c_ustime.c, localaddr.c: moved here from lib/crypto
+
+ * ktdefname.c (krb5_kt_default_name): there is code in the tree
+ (notably, the admin server code) which uses globals to set the
+ keytab which will be used by gssapi. this is gross, and we need a
+ better answer. However, even that didn't work if there was an env
+ var or krb5.conf variable, since those override krb5_defkeyname.
+ Add a new global, krb5_overridekeyname, which really does override
+ all the other keytab locators. While I'm at it, make the buffer
+ overflow checks sane.
+
Fri Sep 25 22:32:16 1998 Theodore Y. Ts'o <tytso@mit.edu>
* ccdefname.c: We shouldn't try to use the CCache API on Unix
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * svc_auth_gssapi.c, auth_gssapi.h: fix the set_name prototype,
+ add a new unset_names function
+
Sun Jul 26 18:13:39 1998 Sam Hartman <hartmans@utwig.mesas.com>
* Makefile.in (LIBMAJOR): bump libmajor
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * kpropd.c (authorized_principal): make the acl file contain
+ etypes, and use that in the authorization process.
+
Wed Feb 18 16:27:28 1998 Tom Yu <tlyu@mit.edu>
* Makefile.in (thisconfigdir): Remove trailing slash.
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * kdb5_mkdums.c: update to new crypto api
+
1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
* kdb5_mkdums.c (argv): POSIX states that getopt returns -1
+1998-10-27 Marc Horowitz <marc@mit.edu>
+
+ * kdb5_verify.c: update to new crypto api
+
1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
* kdb5_verify.c (argv): POSIX states that getopt returns -1
projects / thirdparty / krb5.git / commitdiff
