From: Marc Horowitz Date: Tue, 27 Oct 1998 08:17:42 +0000 (+0000) Subject: Add changelog entries for all the changed and added files X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1694145ba6a9461926239574cc939aec166bac85;p=thirdparty%2Fkrb5.git Add changelog entries for all the changed and added files git-svn-id: svn://anonsvn.mit.edu/krb5/branches/marc-3des@10996 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index c575e07f0e..8f7e9a8fc8 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,17 @@ +1998-10-24 Marc Horowitz + + * login.c: update to new get_creds API + + * krlogin.c (main, oob, server_message, control), krlogind.c + (sendoob, protocol, recvauth): If the enctype is not + similar to DES, use an inband signalling protocol instead + of MSG_OOB data to indicate status changes. + + * kcmd.c (rcmd_stream_init_krb5, v5_des_read, v5_des_write): + update to new crypto API. Add ivec chaining to + encryption when the enctype is not similar to DES as part + of the new protocol. + 1998-10-06 Theodore Ts'o * krshd.c (doit): Apply ghudson's patch so that rshd passes the diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 476fb5bce1..bdf6e8d71a 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,3 +1,15 @@ +1998-10-24 Marc Horowitz + + * gss-server.c (sign_server): fix the text heuristic to recognize + whitespace as text. + (main): clean up file descriptors properly after each + connection. + + * gss-client.c (read_file): properly handle empty files + + * gss-client.c: (call_server): NUL-terminate the contents + of non-empty files on the wire. + Wed Feb 18 15:27:32 1998 Tom Yu * Makefile.in: Remove trailing slash from BUILDTOP. Fix up diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 786283c9c4..49c162509e 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,10 @@ +1998-10-26 Marc Horowitz + + * ftp.c (login): *always* encrypt the password, regardless + of the default command mode. + (do_auth): Try the new krb5 mech, and if that fails, try the + old one. + Fri Oct 2 16:16:13 1998 Theodore Y. Ts'o * cmdtab.c: Update help message for passive mode so that it diff --git a/src/appl/telnet/libtelnet/ChangeLog b/src/appl/telnet/libtelnet/ChangeLog index 494050438d..55168c36b3 100644 --- a/src/appl/telnet/libtelnet/ChangeLog +++ b/src/appl/telnet/libtelnet/ChangeLog @@ -1,3 +1,10 @@ +1998-10-26 Marc Horowitz + + * enc_des.c, kerberos.c: the ECB des functions don't exist + anymore, but telnet always encrypted/decrypted one block. Convert + to calls to the new crypto api, with des-cbc-raw, using a single + block. + Tue Mar 3 14:43:30 1998 Theodore Ts'o * configure.in: Change test for cgetent to use HAVE_ instead diff --git a/src/appl/telnet/telnet/ChangeLog b/src/appl/telnet/telnet/ChangeLog index 6d13e63f2c..7d94d0acf7 100644 --- a/src/appl/telnet/telnet/ChangeLog +++ b/src/appl/telnet/telnet/ChangeLog @@ -1,3 +1,10 @@ +1998-10-26 Marc Horowitz + + * commands.c: remove calls to setuid(getuid()). This looks like + it was once an attempt to make it safe to run setuid, but it's not + safe for a number of other reasons, so there's no reason to + pretend. + Sat Oct 10 06:24:55 1998 Geoffrey King * telnet.c (telnet): Cosmetic change: Put a newline after "Waiting diff --git a/src/clients/ChangeLog b/src/clients/ChangeLog index fc6d07275c..e8390d6b21 100644 --- a/src/clients/ChangeLog +++ b/src/clients/ChangeLog @@ -1,3 +1,7 @@ +1998-10-26 Marc Horowitz + + * configure.in: add kvno + Sat Jul 25 15:00:26 1998 Sam Hartman * Makefile.in (LOCAL_SUBDIRS): add kvno diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog index 65bcc031eb..5bdf452576 100644 --- a/src/clients/kinit/ChangeLog +++ b/src/clients/kinit/ChangeLog @@ -1,3 +1,7 @@ +1998-10-26 Marc Horowitz + + * kinit.c: convert to new init_creds api + 1998-05-06 Theodore Ts'o * kinit.c (main): POSIX states that getopt returns -1 when it diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index 3150210e4c..20feffb355 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,3 +1,9 @@ +1998-10-26 Marc Horowitz + + * klist.c: add -a flag to print the ticket address, and -n flag to + do so without attempting resolution. Make klist use the new api + for stringifying enctypes. + Tue Aug 11 23:38:53 1998 Matthew D Hancher * klist.c (do_ccache): Properly check the return value of diff --git a/src/clients/kvno/ChangeLog b/src/clients/kvno/ChangeLog new file mode 100644 index 0000000000..24ad575df6 --- /dev/null +++ b/src/clients/kvno/ChangeLog @@ -0,0 +1,4 @@ +1998-10-27 Marc Horowitz + + * kvno.c, kvno.M: Create a new application. + diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 0f5ee7119e..d66def009e 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,15 @@ +1998-10-26 Marc Horowitz + + * krb5.hin: add new interfaces for new crypto API and key + derivation/key usage. Add new (krb5_get_permitted_enctypes, + krb5_is_permitted_enctype) api for querying permitted etypes from + krb5.conf, and new auth_context flag + (KRB5_AUTH_CONTEXT_PERMIT_ALL) to override this. Fix bug in + krb5_kt_get_type. + + * k5-int.h: make changes related to new crypto API and key + derivation/key usage + Tue Sep 1 19:32:33 1998 Tom Yu * krb5.hin: Add ENCTYPE_LOCAL_DES3_HMAC_SHA1, in order to deal diff --git a/src/include/krb5/ChangeLog b/src/include/krb5/ChangeLog index 202608002e..af894dad15 100644 --- a/src/include/krb5/ChangeLog +++ b/src/include/krb5/ChangeLog @@ -1,3 +1,8 @@ +1998-10-26 Marc Horowitz + + * kdb_dbc.h, kdb.h: update kdb api to be compatible with the new + crypto api. + Wed Jul 8 04:30:22 1998 Geoffrey King * adm_proto.h: Added prototype for new function krb5_klog_reopen() diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog index 9bf1d76f00..455733b5f1 100644 --- a/src/kadmin/cli/ChangeLog +++ b/src/kadmin/cli/ChangeLog @@ -1,3 +1,8 @@ +1998-10-26 Marc Horowitz + + * keytab.c (etype_string): replace the hardwired table with a call + to krb5_enctype_to_string() + Fri Feb 27 23:32:38 1998 Theodore Ts'o * Makefile.in: Changed thisconfigdir to point at the kadmin diff --git a/src/kadmin/dbutil/ChangeLog b/src/kadmin/dbutil/ChangeLog index d579e91575..2f0c84e73e 100644 --- a/src/kadmin/dbutil/ChangeLog +++ b/src/kadmin/dbutil/ChangeLog @@ -1,3 +1,8 @@ +1998-10-27 Marc Horowitz + + * dumpv4, loadv4.c, kdb5_create.c, kdb5_stash.c, kdb5_util.c, + kadm5_create.c: convert to new crypto api + Wed Sep 30 00:02:01 1998 Theodore Y. Ts'o * dump.c: Add support for changing the master key for a database diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index 22f8214bd0..8131a8695c 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -1,3 +1,10 @@ +1998-10-27 Marc Horowitz + + * ovsec_kadmd.c: add calls to a new function + _svcauth_gssapi_unset_names() to clean up memory when shutting + down. Use krb5_overridekeyname instead of krb5_defkeyname, so the + command line takes precedence over the environment. + Wed Jul 22 00:28:57 1998 Geoffrey King * ovsec_kadmd.c (main): Cast gss_nt_krb5_name to diff --git a/src/kadmin/v4server/ChangeLog b/src/kadmin/v4server/ChangeLog index ce4eb4c174..b00913cde9 100644 --- a/src/kadmin/v4server/ChangeLog +++ b/src/kadmin/v4server/ChangeLog @@ -1,3 +1,8 @@ +1998-10-27 Marc Horowitz + + * admin_server.c, kadm_funcs.c, kadm_ser_wrap.c, kadm_server.h: + convert to new crypto api + Fri Jul 31 18:17:16 1998 Tom Yu * kadm_ser_wrap.c (kadm_ser_init): Remove references to diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index 65f6e05a41..757ac7dc58 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -1,3 +1,8 @@ +1998-10-27 Marc Horowitz + + * do_as_req.c, do_tgs_req.c, extern.h, kdc_preauth.c, kdc_util.c, + kerberos_v4.c, main.c: conver to new crypto api. + Fri Sep 25 19:47:26 1998 Tom Yu * kerberos_v4.c (check_princ): Re-order if statements that check diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index e95b2aaedf..566afc88f3 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -25,6 +25,10 @@ Mon Aug 17 23:40:11 1998 Tom Yu compatibility for krb5-beta5 checksums. Fix typos similar to those corrected in k5_md4des.c. +Sun Jul 19 12:00:00 1998 Marc Horowitz + + * *.c: replace the crypto layer. + Wed Apr 15 18:02:44 1998 Tom Yu * Makefile.in (LIB): Rename to k5crypto. diff --git a/src/lib/crypto/crc32/ChangeLog b/src/lib/crypto/crc32/ChangeLog index 1ee004262c..5f6e617cb9 100644 --- a/src/lib/crypto/crc32/ChangeLog +++ b/src/lib/crypto/crc32/ChangeLog @@ -1,3 +1,7 @@ +Sun Jul 19 12:00:00 1998 Marc Horowitz + + * *.c: replace the crypto layer. + Wed Feb 18 16:05:45 1998 Tom Yu * Makefile.in: Remove trailing slash from thisconfigdir. Fix up diff --git a/src/lib/crypto/des/ChangeLog b/src/lib/crypto/des/ChangeLog index e236a9cb96..70c431aa5c 100644 --- a/src/lib/crypto/des/ChangeLog +++ b/src/lib/crypto/des/ChangeLog @@ -1,3 +1,7 @@ +Sun Jul 19 12:00:00 1998 Marc Horowitz + + * *.c: replace the crypto layer. + Wed Feb 18 16:06:23 1998 Tom Yu * Makefile.in: Remove trailing slash from thisconfigdir. Fix up diff --git a/src/lib/crypto/md4/ChangeLog b/src/lib/crypto/md4/ChangeLog index 3ca8c08728..7714d4a43f 100644 --- a/src/lib/crypto/md4/ChangeLog +++ b/src/lib/crypto/md4/ChangeLog @@ -1,3 +1,7 @@ +Sun Jul 19 12:00:00 1998 Marc Horowitz + + * *.c: replace the crypto layer. + Tue Mar 3 08:39:47 1998 Ezra Peisach * Makefile.in (t_cksum): Do not depend on libkrb5.a, use diff --git a/src/lib/crypto/md5/ChangeLog b/src/lib/crypto/md5/ChangeLog index 1c0026add4..79fb94a7dd 100644 --- a/src/lib/crypto/md5/ChangeLog +++ b/src/lib/crypto/md5/ChangeLog @@ -1,3 +1,7 @@ +Sun Jul 19 12:00:00 1998 Marc Horowitz + + * *.c: replace the crypto layer. + Tue Mar 3 08:42:10 1998 Ezra Peisach * Makefile.in (t_cksum): Do not depend on libkrb5.a, use diff --git a/src/lib/des425/ChangeLog b/src/lib/des425/ChangeLog index ce04691e95..4eeef10287 100644 --- a/src/lib/des425/ChangeLog +++ b/src/lib/des425/ChangeLog @@ -1,6 +1,12 @@ +1998-10-27 Marc Horowitz + + * random_key.c, new_rnd_key.c: make the v4 compat random key code + use the krb5 crypto interface, instead of the des implementation + internals. + Wed Apr 15 18:03:43 1998 Tom Yu - * Makefile.in (SHLIB_EXPDEPS): + * Makefile.in (SHLIB_EXPDEPS): (SHLIB_EXPLIBS): Rename libcrypto -> libk5crypto. Tue Mar 3 08:59:03 1998 Ezra Peisach diff --git a/src/lib/gssapi/generic/ChangeLog b/src/lib/gssapi/generic/ChangeLog index 74f13a4a3e..601ca76f6b 100644 --- a/src/lib/gssapi/generic/ChangeLog +++ b/src/lib/gssapi/generic/ChangeLog @@ -1,3 +1,8 @@ +1998-10-27 Marc Horowitz + + * gssapi.hin: define GSS_S_DUPLICATE_ELEMENT, GSS_S_NAME_NOT_MN, + and GSS_S_GAP_TOKEN as per gss v2 c bindings + 1998-06-08 Theodore Ts'o * oid_ops.c (generic_gss_release_oid): Recognize our own "self" diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index 2f3da297d1..e12dfdb2b3 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,16 @@ +1998-10-27 Marc Horowitz + + * Makefile.in, accept_sec_context.c, acquire_cred.c, canon_name.c, + delete_sec_context.c, disp_status.c, gssapiP_krb5.h, + gssapi_err_krb5.et, gssapi_krb5.c, gssapi_krb5.h, + init_sec_context.c, inq_cred.c, inq_names.c, k5seal.c, k5unseal.c, + rel_oid.c, ser_sctx.c, util_cksum.c, util_crypt.c, util_seed.c, + util_seqnum.c, wrap_size_limit.c: convert to new crypto api. + Implement new krb5 v2 gssapi mechanism. + + * add_cred.c, util_ctxsetup.c: New files needed to implement the + krb5 v2 mech. + Mon Sep 21 00:32:28 1998 Tom Yu * accept_sec_context.c (krb5_gss_accept_sec_context): Free authdat diff --git a/src/lib/kadm5/clnt/ChangeLog b/src/lib/kadm5/clnt/ChangeLog index 63a914a70d..5f46d21854 100644 --- a/src/lib/kadm5/clnt/ChangeLog +++ b/src/lib/kadm5/clnt/ChangeLog @@ -1,3 +1,8 @@ +1998-10-27 Marc Horowitz + + * client_init.c (_kadm5_init_any): try the krb5 v2 mechanism + first, and if that fails, try the krb5 v1 mech. + Sun Jul 26 18:11:56 1998 Sam Hartman * Makefile.in (LIBMAJOR): bump libmajor diff --git a/src/lib/kadm5/srv/ChangeLog b/src/lib/kadm5/srv/ChangeLog index e3ef6450b1..67dbe38429 100644 --- a/src/lib/kadm5/srv/ChangeLog +++ b/src/lib/kadm5/srv/ChangeLog @@ -1,3 +1,7 @@ +1998-10-27 Marc Horowitz + + * server_kdb.c, svr_principal.c: convert to new crypto api + Sun Jul 26 18:09:55 1998 Sam Hartman * Makefile.in (LIBMAJOR): bump libmajor diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index f23bd61330..e12270d5c8 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,19 @@ +1998-10-27 Marc Horowitz + + * kdb_xdr.c, kdb_cpw.c: remove the special knowledge of ENCTYPE + string-to-key equivalances. the crypto api has a function for + this now. + + * decrypt_key.c, encrypt_key.c, fetch_mkey.c, kdb_cpw.c, + kdb_db2.c, kdb_db2.h, kdb_dbm.c, keytab.c, verify_mky.c: change or + remove all the places krb5_encrypt_block was used + (this is mostly relevant to kdb manipulations). It was usually + used to specify an enctype (which is now implied by the keyblock), + or to store or pass in a processed key (now the api just takes a + key directly, so these structures and functions do, too). The kdb + key manuipulation functions also need to be made to use the new + api. + Fri Sep 25 19:42:10 1998 Tom Yu * kdb_xdr.c (krb5_dbe_search_enctype): Re-order booleans so that diff --git a/src/lib/krb5/asn.1/ChangeLog b/src/lib/krb5/asn.1/ChangeLog index a42ad235c3..ca3f679f50 100644 --- a/src/lib/krb5/asn.1/ChangeLog +++ b/src/lib/krb5/asn.1/ChangeLog @@ -1,3 +1,10 @@ +1998-10-27 Marc Horowitz + + * asn1buf.c (asn1buf_sync): interoperation testing against heimdal + revealed a bug. if extra fields are present in a SEQUENCE, they + are not ignored and skipped. This caused the decoder to get out + of sync. + Thu Jul 2 15:30:25 1998 Theodore Y. Ts'o * asn1_encode.c: Make the magic Macintosh EPOCH offset be 70 years diff --git a/src/lib/krb5/keytab/file/ChangeLog b/src/lib/krb5/keytab/file/ChangeLog index 2120127db1..4e575b6519 100644 --- a/src/lib/krb5/keytab/file/ChangeLog +++ b/src/lib/krb5/keytab/file/ChangeLog @@ -1,3 +1,8 @@ +1998-10-27 Marc Horowitz + + * ktf_g_ent.c (krb5_ktfile_get_entry): restructure the code to use + the compare_enctypes function and not leak memory + Fri Feb 27 18:03:33 1998 Theodore Ts'o * Makefile.in: Changed thisconfigdir to point at the lib/krb5 diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index 49d6ef3bb5..9d1cfb02a0 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,39 @@ +1998-10-27 Marc Horowitz + + * vfy_increds.c: rearrange the code a bit to make it more clear + that the logic is correct. + + * str_conv.c: remove enctype and cksumtype string converstions. + They're in the crypto library now, since the information drops + right into the enctype table. + + * ser_eblk.c: ifdef the whole file out, since it's not used + anywhere. it should probably be deleted, but I'm not sure about + backward-compatibility issues yet. + + * rd_req_dec.c: check the auth_context permit-all flag and + permitted_enctypes list, and reject the request if the policy + check fails. + + * init_ctx.c: add code to initialize the prng. It's not great, + but can be improved, and the prng is reseeded when new keys are + processed. Read permitted_enctypes from the krb5.conf file, and + provide accessor functions for it. Make the various etype list + parsers share code as a side effect. + + * get_creds.c: add krb5_get_{validat,renew}ed_creds functions, + which are part of the new init_creds api. The prototypes were + already in, krb5.hin but there was no implementing code. + + * auth_con.c, auth_con.h: add a list of permitted enctypes to the + auth_context for rd_req to check, and create accessor functions + for this list. + + * Makefile.in, enc_helper.c: add enc_helper.c. This provides a + wrapper around the conventional way the library encrypts and wraps + encoded asn.1 structures, so the code isn't repeated in a dozen + places. + Wed Aug 19 17:27:51 1998 Tom Yu * conv_princ.c: Add some additional entries to sconv_list that diff --git a/src/lib/krb5/os/ChangeLog b/src/lib/krb5/os/ChangeLog index 0ee4a7192f..84f0dec670 100644 --- a/src/lib/krb5/os/ChangeLog +++ b/src/lib/krb5/os/ChangeLog @@ -1,3 +1,16 @@ +1998-10-27 Marc Horowitz + + * c_ustime.c, localaddr.c: moved here from lib/crypto + + * ktdefname.c (krb5_kt_default_name): there is code in the tree + (notably, the admin server code) which uses globals to set the + keytab which will be used by gssapi. this is gross, and we need a + better answer. However, even that didn't work if there was an env + var or krb5.conf variable, since those override krb5_defkeyname. + Add a new global, krb5_overridekeyname, which really does override + all the other keytab locators. While I'm at it, make the buffer + overflow checks sane. + Fri Sep 25 22:32:16 1998 Theodore Y. Ts'o * ccdefname.c: We shouldn't try to use the CCache API on Unix diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog index 7ee603dacc..50ec692cba 100644 --- a/src/lib/rpc/ChangeLog +++ b/src/lib/rpc/ChangeLog @@ -1,3 +1,8 @@ +1998-10-27 Marc Horowitz + + * svc_auth_gssapi.c, auth_gssapi.h: fix the set_name prototype, + add a new unset_names function + Sun Jul 26 18:13:39 1998 Sam Hartman * Makefile.in (LIBMAJOR): bump libmajor diff --git a/src/slave/ChangeLog b/src/slave/ChangeLog index 9f285d41c9..79107f86c7 100644 --- a/src/slave/ChangeLog +++ b/src/slave/ChangeLog @@ -1,3 +1,8 @@ +1998-10-27 Marc Horowitz + + * kpropd.c (authorized_principal): make the acl file contain + etypes, and use that in the authorization process. + Wed Feb 18 16:27:28 1998 Tom Yu * Makefile.in (thisconfigdir): Remove trailing slash. diff --git a/src/tests/create/ChangeLog b/src/tests/create/ChangeLog index 64e0b2801c..ecb782e71b 100644 --- a/src/tests/create/ChangeLog +++ b/src/tests/create/ChangeLog @@ -1,3 +1,7 @@ +1998-10-27 Marc Horowitz + + * kdb5_mkdums.c: update to new crypto api + 1998-05-06 Theodore Ts'o * kdb5_mkdums.c (argv): POSIX states that getopt returns -1 diff --git a/src/tests/verify/ChangeLog b/src/tests/verify/ChangeLog index 12fb1f93b5..7f4aaf5a53 100644 --- a/src/tests/verify/ChangeLog +++ b/src/tests/verify/ChangeLog @@ -1,3 +1,7 @@ +1998-10-27 Marc Horowitz + + * kdb5_verify.c: update to new crypto api + 1998-05-06 Theodore Ts'o * kdb5_verify.c (argv): POSIX states that getopt returns -1