PageRenderTime 37ms CodeModel.GetById 19ms app.highlight 9ms RepoModel.GetById 1ms app.codeStats 0ms

/crypto/heimdal/ChangeLog.2004

https://bitbucket.org/freebsd/freebsd-head/
Unknown | 1485 lines | 890 code | 595 blank | 0 comment | 0 complexity | 5f94fe3cf84d11b031fc00f4bbe52a36 MD5 | raw file
   12004-12-30  Love Hörnquist Åstrand  <lha@it.su.se>
   2
   3	* lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for
   4	now (used in pkinit)
   5
   62004-12-29  Love Hörnquist Åstrand  <lha@it.su.se>
   7
   8	* lib/hdb/Makefile.am: add CHECK_SYMBOLS
   9
  10	* lib/hdb/keys.c: make all_etypes static
  11
  12	* lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err
  13	-version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops
  14
  15	* kdc/kerberos5.c: use private version of principalname
  16
  17	* kdc/kerberos4.c: use private version of principalname
  18
  19	* kdc/hpropd.c: use private version of principalname
  20
  21	* kdc/524.c: use private version of principalname
  22
  23	* lib/krb5/rd_req.c: use private version of principalname
  24
  25	* lib/krb5/rd_cred.c: use private version of principalname
  26
  27	* lib/krb5/init_creds_pw.c: use private version of principalname
  28
  29	* lib/krb5/get_in_tkt.c: use private version of principalname
  30
  31	* lib/krb5/asn1_glue.c: make principalname functions private
  32
  33	* lib/krb5/krb5.h: add key usage for server referrals
  34	
  352004-12-29  Love Hörnquist Åstrand  <lha@it.su.se>
  36
  37	* lib/krb5/principal.c: make default_v4_name_convert static
  38	
  39	* lib/krb5/crypto.c: make lots of crypto related variables static
  40	
  41	* lib/krb5/acache.c: make default_acc_name static
  42	
  432004-12-28  Love Hörnquist Åstrand  <lha@it.su.se>
  44
  45	* doc/setup.texi: add some text about samba, use example.com
  46	
  47	* lib/hdb/hdb-ldap.c: Add account expiration for samba from James
  48	F.  Hranicky <jfh@cise.ufl.edu>.
  49	Add LDAP_addmod_integer and use it.
  50
  512004-12-27  Love Hörnquist Åstrand  <lha@it.su.se>
  52
  53	* doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text
  54	fixes, from Dave Love
  55
  562004-12-18  Love Hörnquist Åstrand  <lha@it.su.se>
  57
  58	* lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just
  59	needs pthread.h, threadlib is dead
  60
  612004-12-17  Love Hörnquist Åstrand  <lha@it.su.se>
  62
  63	* kdc/config.c (configure): check for deprecated
  64	enforce-transited-policy is set and fail if it is
  65	
  66	* lib/asn1/asn1_print.c: don't print garabage for octet strings
  67	
  682004-12-13  Love Hörnquist Åstrand  <lha@it.su.se>
  69
  70	* kdc/main.c (main): catch sigpipe, we don't bother select()ing
  71	for errors
  72
  73	* kdc/connect.c (handle_http_tcp): handle error from write(2)
  74	
  75	* doc/setup.texi: clarify credentials refreshing stuff
  76	
  77	* doc/setup.texi: add new node: Providing Kerberos credentials to
  78	servers and programs
  79
  80	* doc/whatis.texi: fix spurious cross-reference makeinfo warning
  81	
  82	* lib/hdb/hdb-ldap.c (pos): uppercase in character
  83
  842004-12-12  Love Hörnquist Åstrand  <lha@it.su.se>
  85
  86	* lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode
  87	nibbels in the other order
  88
  89	* lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if
  90	attribute exists before we try to delete it LDAP__bytes2hex
  91	encodes in strange byte order, is this really right ?
  92	
  932004-12-11  Love Hörnquist Åstrand  <lha@it.su.se>
  94
  95	* lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all
  96	entries, search for samba accounts too, From: "James F. Hranicky"
  97	<jfh@cise.ufl.edu>
  98
  99	* lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid
 100	too
 101
 102	* lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing
 103	both krb5PrincipalName and uid, it must be broken, ignore it and
 104	return it doesn't exists.
 105
 1062004-12-10  Love Hörnquist Åstrand  <lha@it.su.se>
 107
 108	* kdc/hpropd.8: spelling, from OpenBSD
 109	
 110	* kdc/kdc.8: use keeps for options, From OpenBSD k
 111	
 1122004-12-09  Love Hörnquist Åstrand  <lha@it.su.se>
 113
 114	* doc/setup.texi: document --random-key and the need to do backup
 115	of the master key
 116
 117	* kdc/kstash.8: add --random-key
 118	
 119	* kdc/kstash.c: add --random-key
 120	
 1212004-12-08  Love Hörnquist Åstrand  <lha@it.su.se>
 122
 123	* lib/krb5/verify_krb5_conf.8: spelling, from openbsd
 124	
 125	* lib/krb5/krb5_init_context.3: spelling, from openbsd
 126	
 127	* lib/krb5/krb5.conf.5: spelling, from openbsd
 128	
 129	* kuser/kdestroy.1: use keeps around options, spelling, from
 130	openbsd
 131
 132	* kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD
 133	
 134	* kdc/hpropd.8: use keeps around options, from OpenBSD
 135	
 136	* kdc/hprop.8: use keeps around options, from OpenBSD
 137	
 1382004-11-30  Love Hörnquist Åstrand  <lha@it.su.se>
 139
 140	* lib/krb5/context.c (krb5_free_context): clear error string
 141	before destroying mutex
 142	(krb5_init_context): don't call krb5_free_context before there is a
 143	mutex initialized
 144
 1452004-11-18  Love Hörnquist Åstrand  <lha@it.su.se>
 146
 147	* kuser/kinit.c (get_new_tickets): only complain about ticket
 148	renewable lifetime when the user asked for a specific renewable
 149	lifetime
 150
 1512004-11-15  Love Hörnquist Åstrand  <lha@it.su.se>
 152
 153	* kdc/kerberos5.c (find_keys): log what principal is missing
 154	enctypes
 155
 1562004-11-13  Love Hörnquist Åstrand  <lha@it.su.se>
 157
 158	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after
 159	freeing data
 160
 161	* lib/krb5/init_creds_pw.c (change_password): handle old_options
 162	being NULL From Guenther Deschner on samba-technical.
 163	
 1642004-11-12  Love Hörnquist Åstrand  <lha@it.su.se>
 165
 166	* lib/krb5/krb5_get_init_creds.3: add more text describing the
 167	krb5_get_init_creds functions
 168
 1692004-11-11  Love Hörnquist Åstrand  <lha@it.su.se>
 170
 171	* lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work
 172	again
 173
 1742004-11-10  Love Hörnquist Åstrand  <lha@it.su.se>
 175
 176	* lib/hdb/hdb.asn1: use constrained integers
 177	
 1782004-11-09  Love Hörnquist Åstrand  <lha@it.su.se>
 179
 180	* lib/krb5/krb5_get_init_creds.3: add description for opt_init,
 181	opt_alloc, opt_free
 182
 183	* lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit
 184	
 185	* lib/krb5/init_creds.c: unexport
 186	krb5_get_init_creds_opt_free_pkinit
 187
 188	* lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into
 189	get_init_creds_common
 190
 191	* lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in
 192	options NULL, just make a clean copy
 193
 1942004-11-01  Love Hörnquist Åstrand  <lha@it.su.se>
 195
 196	* lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier
 197	so we don't leak it on error
 198
 1992004-10-31  Love Hörnquist Åstrand  <lha@it.su.se>
 200
 201	* lib/krb5/krb5.conf.5: unbreak 2b entry
 202	
 203	* lib/krb5/acache.c (make_cred_from_ccred): the address isn't a
 204	sockaddr but rather a kerberos address, deal with that.  Based on
 205	bug report from Jakob Schlyter <jakob@rfc.se>.
 206
 2072004-10-30  Love Hörnquist Åstrand  <lha@it.su.se>
 208
 209	* kdc/connect.c: Make sure argument passed to ctype isn't signed
 210	char
 211
 2122004-10-14  Love Hörnquist Åstrand  <lha@it.su.se>
 213
 214	* lib/krb5/pkinit.c: match new error names
 215	
 216	* lib/krb5/krb5_err.et: make error messages sane again
 217	
 2182004-10-13  Love Hörnquist Åstrand  <lha@it.su.se>
 219
 220	* lib/krb5/keytab.c: use KRB5_KT_BADNAME
 221
 222	* lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major
 223	version bump) add KRB5_DELTAT_BADFORMAT
 224	
 225	* lib/krb5/krb5.conf.5: time defaults to "s"
 226	
 227	* lib/krb5/time.c (krb5_string_to_deltat): default to "s" again,
 228	MIT's behavior was actually that it failed to parse the number
 229	(and thus used the default). Even better, ticket_lifetime (that
 230	was a consumer supposed a of the interface) was documented but
 231	never implemented, when it was implemented, people configuraiton
 232	files started to fail.  Also, use KRB5_DELTAT_BADFORMAT as a
 233	failure code.
 234
 235	* lib/asn1/k5.asn1: sync enctypes with pkinit branch
 236	
 237	* lib/asn1/parse.y (readd) support negative numbers
 238	
 239	* lib/asn1/lex.l: support hex numbers
 240	
 2412004-10-12  Love Hörnquist Åstrand  <lha@it.su.se>
 242
 243	* kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS
 244	
 245	* lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding
 246	for rc2 don't to padding for blocksize 1
 247	
 248	* lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c:
 249	Move keyset parsing and password based keyset generation into hdb.
 250	Requested by Andrew Bartlett <abartlet@samba.org> for hdb-ldb
 251	backend.
 252
 2532004-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
 254
 255	* kuser/kinit.c: adapt to new signature of
 256	krb5_get_init_creds_opt_set_pkinit
 257	
 258	* lib/krb5/pkinit.c: free openssl engine deal with
 259	RecipientIdentifier -> CMSIdentifier and heim_any -> name change
 260	improve error messages
 261	
 262	* kdc/pkinit.c: free openssl engine deal with RecipientIdentifier
 263	-> CMSIdentifier and heim_any -> name change
 264	
 2652004-10-04  Johan Danielsson  <joda@pdc.kth.se>
 266
 267	* kuser/klist.c: use rtbl_set_separator
 268	
 2692004-10-03  Love Hörnquist Åstrand  <lha@it.su.se>
 270
 271	* lib/krb5/pkinit.c: filter out dup openssl engine keys, parse
 272	user options first
 273
 274	* lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add
 275	openssl engine support for private key
 276
 277	* lib/krb5/crypto.c: support padding as its done in CMS
 278	
 279	* kdc/pkinit.c: improve error logging
 280	
 281	* kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt
 282	
 2832004-09-30  Love Hörnquist Åstrand <lha@it.su.se>
 284
 285	* lib/krb5/krb5.conf.5: assume minutes for time
 286
 287	* lib/krb5/config_file.c (krb5_config_vget_time_default): use
 288	krb5_string_to_deltat
 289
 290	* lib/krb5/appdefault.c (krb5_appdefault_time): use
 291	krb5_string_to_deltat
 292
 293	* lib/krb5/time.c (krb5_string_to_deltat): set default unit to
 294	minute for compatibility with MIT Kerberos.
 295	
 296
 2972004-09-28  Love Hörnquist Åstrand <lha@it.su.se>
 298
 299	* lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large
 300	message safe" transport if we get back
 301	KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner
 302	<gd@sernet.de>
 303
 3042004-09-23 Johan Danielsson <joda@pdc.kth.se>
 305
 306	* admin/list.c: use rtbl
 307	
 308	* admin/ktutil-commands.in: slc source file
 309	
 310	* lib/krb5/constants.c: check
 311	/Library/Preferences/edu.mit.Kerberos on OSX
 312
 3132004-09-21  Johan Danielsson  <joda@pdc.kth.se>
 314
 315	* lib/krb5/time.c (krb5_format_time): check return value from
 316	localtime and strftime
 317
 3182004-09-14  Johan Danielsson  <joda@pdc.kth.se>
 319
 320	* kuser/kinit.c: make sure we don't always get renewable creds
 321	
 3222004-09-11   Love Hörnquist Åstrand  <lha@it.su.se>
 323
 324	* lib/krb5/acache.c: use krb5_ccapi.h
 325	
 326	* lib/krb5/krb5_ccapi.h: break out krb5 api definitions to
 327	separate (not installed) file
 328
 329	* lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS
 330	since AM_CPPFLAGS overridden by target specific _CPPFLAGS
 331	
 3322004-09-08  Love Hörnquist Åstrand  <lha@it.su.se>
 333
 334	* lib/krb5/pkinit.c: make variable shorter, make error messages
 335	from pkinit, make freeing easier
 336	
 3372004-09-06  Love Hörnquist Åstrand  <lha@it.su.se>
 338
 339	* lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen
 340	
 341	* lib/krb5/crypto.c (seed_something): avoid poking at memory that
 342	is uninitialized, make valgrind unhappy. Pointd out by
 343	abartlet@samba.org. While where, plug the fd leak.
 344	
 3452004-09-05  Love Hörnquist Åstrand  <lha@it.su.se>
 346
 347	* lib/asn1/der_get.c (decode_*): name all tag-length variables the
 348	same
 349	(decode_enumerated): check that the tag-length is not longer the length
 350
 351	* lib/asn1/der_get.c (decode_boolean): fail if length of tag is
 352	larger then len
 353
 3542004-08-31  Love Hörnquist Åstrand  <lha@it.su.se>
 355
 356	* lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be
 357	set in case of failure too, free unconditionally on exit to avoid
 358	memory leak
 359
 3602004-08-23  Love Hörnquist Åstrand  <lha@it.su.se>
 361
 362	* lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after
 363	free
 364
 3652004-08-20  Love Hörnquist Åstrand  <lha@it.su.se>
 366
 367	* lib/krb5/context.c (krb5_get_err_text): if neither of com_right
 368	nor strerror finds the error-code, return Unknown error.
 369	
 3702004-08-19  Johan Danielsson  <joda@pdc.kth.se>
 371
 372	* lib/krb5/krb5_kuserok.3: update to reality
 373
 374	* lib/krb5/kuserok.c: if a .k5login file exist, don't give
 375	implicit rights to anyone; also check owner/mode of .k5login
 376
 3772004-08-15  Love Hörnquist Åstrand  <lha@it.su.se>
 378
 379	* lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3
 380	
 381	* lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname
 382	
 383	* lib/krb5/krb5.3: add krb5_getportbyname
 384	
 385	* lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid
 386
 387	* lib/krb5/krb5_encrypt.3: document krb5_enctype_valid
 388	
 3892004-08-13  Love Hörnquist Åstrand  <lha@it.su.se>
 390
 391	* kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes
 392	from the client and filter them out.
 393	
 394	* lib/krb5/krb5_string_to_key.3: document krb5_free_salt
 395	
 3962004-08-12  Love Hörnquist Åstrand  <lha@it.su.se>
 397
 398	* lib/krb5/krb5_ticket.3: data needs to be freed when using
 399	krb5_ticket_get_authorization_data_type
 400
 4012004-08-11  Love Hörnquist Åstrand  <lha@it.su.se>
 402
 403	* lib/krb5/test_cc.c: test variables in default_cc_name
 404	
 405	* lib/krb5/krb5.conf.5: explain support for varibles in
 406	[libdefaults]default_cc_name
 407	
 408	* lib/krb5/cache.c: drop ${time}, its not very useful
 409	
 410	* lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand
 411	variables in the default cc name. Supported variables now are:
 412	${time},${uid} and ${null}
 413
 414	* lib/krb5/krb5.conf.5: document default_cc_name
 415	
 416	* lib/krb5/cache.c (krb5_cc_set_default_name):
 417	s/libdefault/libdefaults/
 418
 4192004-08-06  Love Hörnquist Åstrand  <lha@it.su.se>
 420
 421	* lib/krb5/acache.c: replace magic 3 with ccapi_version_3
 422	
 423	* lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c
 424	
 425	* lib/krb5/krb5.h: add krb5_acc_ops
 426	
 427	* lib/krb5/acache.c: CCAPI v3 implementation, the read only
 428	support was from Magnus Ahltorp and then extended by me to support
 429	all other operations.  Tested with MIT kerberos cc cache
 430	implementation on MacOS 10.3.3
 431
 432	* lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the
 433	default cc name, this is not very useful for general purpose glue
 434	since its not possible to glue in user information (like uid), but
 435	for CCAPI it works just fine
 436
 4372004-08-05  Love Hörnquist Åstrand  <lha@it.su.se>
 438
 439	* kuser/kgetcred.1: document --cache/-c
 440	
 441	* kuser/kgetcred.c: allow to specify what credential cache to use
 442	
 4432004-08-03  Love Hörnquist Åstrand  <lha@it.su.se>
 444
 445	* lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3
 446	
 447	* lib/krb5/krb5_eai_to_heim_errno.3: document
 448	krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno
 449	
 450	* lib/krb5/krb5.3: add krb5_eai_to_heim_errno,
 451	krb5_h_errno_to_heim_errno
 452
 4532004-07-26  Love Hörnquist Åstrand  <lha@it.su.se>
 454
 455	* lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms
 456	result should be free with krb5_free_host_realm drop
 457	krb5_get_host_realm text
 458
 459	* lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result
 460	should be free with krb5_free_host_realm
 461	
 462	* lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep
 463	
 464	* lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds
 465	
 466	* lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator
 467	
 468	* lib/krb5/Makefile.am: man_MANS += krb5_rd_error
 469	
 470	* lib/krb5/krb5_rd_error.3: krb5_rd_error and friends
 471	
 472	* lib/krb5/krb5_warn.3: clarify on what string
 473	krb5_free_error_string should operate on
 474
 475	* lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred
 476	
 477	* lib/krb5/Makefile.am: krb5_get_credentials,
 478	krb5_get_forwarded_creds and friends
 479
 480	* lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds
 481	and friends
 482
 483	* lib/krb5/krb5_get_credentials.3: krb5_get_credentials and
 484	friends
 485
 4862004-07-23  Love Hörnquist Åstrand  <lha@it.su.se>
 487
 488	* kuser/klist.c (print_cred_verbose): keytypes are no longer, use
 489	enctype
 490
 4912004-07-22  Love Hörnquist Åstrand  <lha@it.su.se>
 492
 493	* lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99
 494	compilers, From metze at samba.org
 495
 4962004-07-20  Love Hörnquist Åstrand  <lha@it.su.se>
 497
 498	* lib/krb5/test_cc.c: more cc tests
 499	
 500	* lib/krb5/krb5_check_transited.3: document krb5_check_transited
 501	
 5022004-07-19  Love Hörnquist Åstrand  <lha@it.su.se>
 503
 504	* kdc/pkinit.c (pk_principal_from_X509): reverse test, makes
 505	principal in cert work From: Mayur Patel <patelm4@rpi.edu>
 506	
 5072004-07-18  Love Hörnquist Åstrand  <lha@it.su.se>
 508
 509	* lib/krb5/Makefile.am: add krb5_verify_init_creds.3
 510
 511	* lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds
 512	
 5132004-07-15  Love Hörnquist Åstrand  <lha@it.su.se>
 514
 515	* lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org
 516	description for krb5_passwd_result_to_string
 517	
 5182004-07-14  Love Hörnquist Åstrand  <lha@it.su.se>
 519
 520	* lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar
 521	fixes; split sentence in two for better understanding.  From
 522	wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here.
 523
 524	* lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan
 525	Stone <jonathan@dsg.stanford.edu>
 526
 527	* lib/krb5/changepw.c (process_reply): cast ssize_t to long and
 528	print that From NetBSD via Havard Eidnes.
 529	
 5302004-07-09  Love Hörnquist Åstrand  <lha@it.su.se>
 531
 532	* configure.in: fix helpstring for hdb-openldap-module
 533	
 534	* lib/krb5/test_cc.c: don't use krb5_err on error code 0
 535	
 5362004-07-08  Love Hörnquist Åstrand  <lha@it.su.se>
 537
 538	* lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better
 539	
 5402004-07-02  Love Hörnquist Åstrand  <lha@it.su.se>
 541
 542	* lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const
 543	
 5442004-07-01  Love Hörnquist Åstrand  <lha@it.su.se>
 545
 546	* lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with
 547	right argument
 548
 5492004-06-27  Johan Danielsson  <joda@pdc.kth.se>
 550
 551	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the
 552	krbtgt is without addresses, default to not sending our own
 553	addrport
 554
 555	* lib/asn1/lex.l: add support for /* */ and partial line --
 556	comments
 557
 558	* kuser/Makefile.am: don't install copy_cred_cache manpage
 559	
 5602004-06-24  Johan Danielsson  <joda@pdc.kth.se>
 561
 562	* lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if
 563	copying a static opt, make sure to allocate the "private" field
 564
 5652004-06-24  Love  <lha@stacken.kth.se>
 566
 567	* kdc/config.c: add enable_pkinit_princ_in_cert
 568	
 569	* kdc/kdc_locl.h: enable_pkinit_princ_in_cert
 570	
 571	* kdc/pkinit.c: Check certificate for Kerberos Principal in
 572	OtherName of subjectAltName Based on patch from Mayur Patel
 573	<patelm4@rpi.edu>
 574
 5752004-06-21  Love Hörnquist Åstrand  <lha@it.su.se>
 576
 577	* lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use
 578	session key for authorization-data
 579
 5802004-06-15  Love Hörnquist Åstrand  <lha@it.su.se>
 581
 582	* kdc/connect.c (handle_tcp): note who is what that closed the
 583	connection on us
 584
 5852004-06-09  Love Hörnquist Åstrand  <lha@it.su.se>
 586
 587	* admin/get.c (kt_get): catch errors from krb5_parse_name
 588	
 5892004-06-05  Love Hörnquist Åstrand  <lha@it.su.se>
 590
 591	* lib/hdb/hdb-ldap.c: if its the entry just contains the
 592	structural object (no samba nor heimdal object), add an aux
 593	heimdal object on to it.
 594	
 5952004-06-02  Love Hörnquist Åstrand  <lha@it.su.se>
 596
 597	* kpasswd/kpasswd.c: use krb5_set_password_using_ccache
 598	
 599	* lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache
 600	
 601	* lib/krb5/changepw.c: implement krb5_set_password_using_ccache
 602	
 603	* lib/hdb/hdb-ldap.c: Allow the objectClass to be
 604	"sambaSamAccount" or structural_object when searching for uid
 605	entries.
 606
 607	* lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base
 608	
 609	* lib/hdb/hdb-ldap.c: add creation base that defaults to the
 610	search base
 611
 612	* lib/hdb/hdb-ldap.c: indent like the rest of the code
 613	
 6142004-06-01  Love Hörnquist Åstrand  <lha@it.su.se>
 615
 616	* lib/hdb/hdb-ldap.c: check return values from ldap operations and
 617	close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you
 618	should retry by yourself.
 619
 620	* lib/hdb/hdb-ldap.c: require search base to be configured, create
 621	local context structure
 622	
 6232004-05-31  Love Hörnquist Åstrand  <lha@it.su.se>
 624
 625	* doc/setup.texi: more ldap text, partly from Tarjei Huse
 626	<tarjei@nu.no>
 627
 6282004-05-28  Love Hörnquist Åstrand  <lha@it.su.se>
 629	
 630	* lib/hdb/hdb-ldap.c: clean, indent
 631	
 632	* lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure
 633	krb5KeyVersionNumber is added on new entires
 634
 6352004-05-27  Love Hörnquist Åstrand  <lha@it.su.se>
 636
 637	* doc/setup.texi: minor fixes, partly from Tarjei Huse
 638	<tarjei@nu.no>
 639
 640	* lib/krb5/krb5.conf.5: some text about dbname and realm
 641	
 642	* lib/krb5/krb5.conf.5: default value for
 643	hdb-ldap-structural-object is account
 644
 6452004-05-26  Love Hörnquist Åstrand  <lha@it.su.se>
 646
 647	* tools/Makefile.am: use ! instead of , as sed delimiter
 648	
 6492004-05-25  Love Hörnquist Åstrand  <lha@it.su.se>
 650
 651	* lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions
 652
 6532004-05-23  Love Hörnquist Åstrand  <lha@it.su.se>
 654
 655	* lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean
 656	
 657	* lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure
 658	option
 659
 660	* lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From:
 661	Andrew Bartlett <abartlet@samba.org>
 662	
 663	* lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length
 664	check From: Andrew Bartlett <abartlet@samba.org>
 665	
 666	* lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword
 667	case, make sure ent->etypes are allocated, From: Andrew Bartlett
 668	<abartlet@samba.org>
 669
 6702004-05-14  Love Hörnquist Åstrand  <lha@it.su.se>
 671
 672	* kuser/kinit.c: move "setpag if (argc < 1)" to common path
 673	
 6742004-05-12  Love Hörnquist Åstrand  <lha@it.su.se>
 675
 676	* lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers
 677	
 678	* fix-export: use right argument for -E
 679
 6802004-05-06  Johan Danielsson  <joda@pdc.kth.se>
 681
 682	* kuser/kinit.c: print some diagnostics if the exec fails
 683	
 6842004-04-29  Love Hörnquist Åstrand  <lha@it.su.se>
 685
 686	* lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key
 687	From: Luke Howard <lukeh@padl.com>
 688	
 689	* lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket,
 690	not just a pointer size of it From: Luke Howard <lukeh@padl.com>
 691	
 6922004-04-28  Love Hörnquist Åstrand  <lha@it.su.se>
 693
 694	* fix-export: add -E flag where needed to make-proto
 695	
 6962004-04-26  Love Hörnquist Åstrand  <lha@it.su.se>
 697
 698	* lib/krb5/crypto.c: add set_param for RC2
 699	
 700	* lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids
 701	that are no longer needed
 702
 703	* kdc/pkinit.c: use krb5_enctype_to_oid
 704	
 705	* lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists
 706	before we compare with it
 707
 708	* lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length
 709	before returning it add aes-oids
 710	
 711	* lib/krb5/crypto.c: add krb5_enctype_to_oid and
 712	krb5_oid_to_enctype
 713
 714	* kdc/pkinit.c: use krb5_crypto_set_params
 715	
 716	* lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none
 717
 718	* lib/krb5/krb5.h: add KEYTYPE_AES192
 719	
 720	* lib/krb5/pkinit.c: use krb5_crypto_get_params to implement
 721	kcrypto RC2 support
 722
 723	* lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
 724	rc2-cbc XXX RC2CBCParameter is wrong because the compiler is
 725	broken
 726
 727	* lib/krb5/krb5.h: add KEYTYPE_RC2
 728	
 729	* lib/krb5/crypto.c: add partial CMS parameter handling, this is
 730	needed for RC2
 731	
 732	* lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp
 733	
 734	* lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c
 735	
 736	* lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp
 737	
 738	* lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE
 739	
 740	* lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
 741	rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken
 742
 7432004-04-26  Johan Danielsson  <joda@pdc.kth.se>
 744
 745	* lib/krb5/config_file.c: allow parsing directly from strings with
 746	krb5_config_parse_string_multi
 747	
 748	* lib/krb5/verify_krb5_conf.c: try to resolve hostnames
 749	
 7502004-04-25  Johan Danielsson  <joda@pdc.kth.se>
 751
 752	* lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file
 753	descriptor so we don't have to keep track of it in two places
 754	
 755	* kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in
 756	libkrb5
 757
 758	* lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its
 759	own manpage
 760	
 761	* replace krb5_free_creds_contents by krb5_free_cred_contents
 762	
 763	* lib/krb5/cache.c: add krb5_cc_next_cred_match() and
 764	krb5_cc_copy_cred_match()
 765	
 766	* lib/krb5/creds.c (krb5_compare_creds): add more matching options
 767	
 768	* lib/krb5/krb5.h: add more creds match flags
 769	
 770	* kuser/copy_cred_cache: add --valid-for option
 771	
 772	* lib/krb5/store.c (krb5_store_creds): set is_skey flag if length
 773	of second ticket is > 0
 774
 7752004-04-25  Love Hörnquist Åstrand  <lha@it.su.se>
 776	
 777	* lib/krb5/pkinit.c: use the right oid for pkauthdata
 778	
 779	* lib/krb5/pkinit.c: always send both win2k compat version and the
 780	ietf draft one, this is possible since microsoft use
 781	wrong/diffrent PA number.  Make the configuration flag boolean
 782	configuring if NOT to send the win2k compat glue.
 783	
 784	* lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec
 785
 786	* kuser/copy_cred_cache.1: pacify mdoclint
 787	
 788	* kdc/pkinit.c: use IV for envelopeddata encryption, patch
 789	originally from Luke Howard <lukeh@padl.com>, tweeked by me.
 790	
 791	* lib/krb5/krb5_storage.3: document
 792	KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
 793
 794	* lib/krb5/krb5_data.3: document that krb5_data_free cleans the
 795	structure too
 796
 797	* lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch
 798	originally from Luke Howard <lukeh@padl.com>, tweeked by me.
 799	
 8002004-04-24  Johan Danielsson  <joda@pdc.kth.se>
 801
 802	* kuser/copy_cred_cache.{c,1}: add cred cache copy tool
 803	
 804	* configure.in: use rk_SYS_LARGEFILE
 805	
 806	* lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder
 807	issue with a storage flag instead of a separate function.
 808	
 8092004-04-24  Love Hörnquist Åstrand  <lha@it.su.se>
 810
 811	* lib/krb5/pkinit.c: move out the oid check from get_reply_key
 812
 813	* lib/krb5/pkinit.c: uniquify error messages
 814	
 815	* lib/krb5/init_creds_pw.c: make the pkinit nonce same os the
 816	plain nonce for now
 817
 818	* lib/krb5/pkinit.c: more w2k compat from Luke Howard
 819	<lukeh@padl.com> add RC2 support, clean up error messages
 820	
 821	* lib/krb5/pkinit.c: remove more dependency on
 822	krb5_config->pkinit_flags
 823
 824	* lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft
 825	style answer to IETF, From Luke Howard <lukeh@padl.com>
 826	(_krb5_pk_create_sign): ms handles NULL in param, so always send it
 827	(_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool }
 828
 829	* lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the
 830	digestAlgorithm to sha1 (both for SignerInfo and SignedData, add
 831	new function _set_digest_alg to set it
 832
 8332004-04-23  Love Hörnquist Åstrand  <lha@it.su.se>
 834
 835	* include/make_crypto.c: include rc2.h, and when I'm here, make
 836	aes mandatory
 837
 838	* lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT
 839	kerberos
 840
 841	* lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on
 842	failure
 843
 844	* lib/krb5/crypto.c (DES3_random_to_key): make it produce the
 845	right result
 846	(DES3_postproc): use DES3_random_to_key
 847	(krb5_random_to_key): check the required number of bits (not the size
 848	of the key)
 849
 850	* lib/krb5/aes-test.c: test random to key function
 851
 852	* lib/krb5/string-to-key-test.c: comment out the "@"/"" test for
 853	now
 854
 8552004-04-22  Love Hörnquist Åstrand  <lha@it.su.se>
 856
 857	* lib/krb5/krb5_string_to_key.3: document that
 858	krb5_string_to_key_derived is broken for non 3des enctypes and
 859	thus deprecated
 860
 861	* kdc/pkinit.c (generate_dh_keyblock): use the new function
 862	krb5_random_to_key
 863
 864	* lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they
 865	need special processing
 866
 867	* lib/krb5/crypto.c (krb5_random_to_key): new function
 868	
 869	* lib/krb5/krb5_keyblock.3: document krb5_random_to_key
 870	
 8712004-04-21  Love Hörnquist Åstrand  <lha@it.su.se>
 872
 873	* kdc/pkinit.c: use the first proposed enable enctype
 874	
 875	* lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the
 876	return from krb5_enctype_valid
 877
 878	* kdc/pkinit.c: at least try to handle diffrent enveloped enctypes
 879	
 8802004-04-21  Love Hörnquist Åstrand  <lha@it.su.se>
 881
 882	* lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid
 883	components being smaller then 127 and allocate one extra element
 884	since first byte is split to to elements.
 885	
 8862004-04-20  Love Hörnquist Åstrand  <lha@it.su.se>
 887
 888	* lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE:
 889	private use, lukeh@padl.com
 890
 8912004-04-19  Love Hörnquist Åstrand  <lha@it.su.se>
 892
 893	* lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode
 894	DH public key
 895
 8962004-04-18  Love Hörnquist Åstrand  <lha@it.su.se>
 897
 898	* lib/krb5/krb5_init_context.3: add krb5_context to so its added
 899	as manpage-link too
 900
 9012004-04-17  Love Hörnquist Åstrand  <lha@it.su.se>
 902
 903	* lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation,
 904	XXX add locking
 905
 906	* kuser/kdestroy.c: add --credential argument that just remove one
 907	credential entry out of the cache specified
 908	
 909	* kdc/pkinit.c: replace the krb5.conf configuration option that
 910	describes the mapping between principals and subject names with a
 911	file, default /var/heimdal/pki-mapping. XXX this should be pushed
 912	into HDB. XXX should add issuer too
 913	
 914	* kdc/config.c: merge certificate/private_key to a user_id
 915	
 9162004-04-16  Love Hörnquist Åstrand  <lha@it.su.se>
 917
 918	* kdc/kdc_locl.h: update prototype for pk_initialize
 919	
 920	* kuser/kinit.c: merge certificate/private_key to a user_id
 921	
 922	* kdc/pkinit.c: adapt to heim_integer changes
 923	
 924	* lib/krb5/pkinit.c: merge certificate/private_key to a user_id
 925	
 926	* kdc/pkinit.c: adapt to heim_integer changes,
 927	merge certificate/private_key to a user_id
 928	
 9292004-04-15  Love Hörnquist Åstrand  <lha@it.su.se>
 930
 931	* lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE
 932	
 9332004-04-13  Love Hörnquist Åstrand  <lha@it.su.se>
 934
 935	* lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building
 936	libkrb5.la, add KRB5_LIB_FUNCTION proto
 937
 938	* lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION
 939	
 940	* configure.in: export KRB5_LIB_FUNCTION when building with
 941	BUILD_KRB5_LIB
 942
 943	* lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add
 944	error strings
 945
 946	* lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing
 947	is printed on stderr, fflush it
 948
 949	* lib/krb5/krb5_keyblock.3: free functions also zeros out the key
 950	
 951	* lib/krb5/krb5_get_init_creds.3: some text about
 952	krb5_prompter_posix
 953
 954	* lib/krb5/krb5.conf.5: document hdb-ldap-structural-object
 955	
 956	* lib/krb5/cache.c: add krb5_cc_get_prefix_ops
 957	
 958	* lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops
 959	
 9602004-04-05  Love Hörnquist Åstrand  <lha@it.su.se>
 961
 962	* appl/test/http_client.c: support GSS_C_DELEG_FLAG and
 963	GSS_C_MUTUAL_FLAG
 964
 965	* appl/test/http_client.c: verbose logging
 966	
 9672004-04-02  Love Hörnquist Åstrand  <lha@it.su.se>
 968
 969	* kdc/connect.c: case size_t to unsigned long for LP64 platforms
 970	
 9712004-04-01  Love Hörnquist Åstrand  <lha@it.su.se>
 972
 973	* lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of
 974	default structural object
 975
 976	* tools/Makefile.am: handle sed expression breaking
 977	
 9782004-03-31  Love Hörnquist Åstrand  <lha@it.su.se>
 979
 980	* lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr
 981	
 982	* lib/krb5/changepw.c: add tcp support to the set protocol, should
 983	be cleaned up to enable sharing code with krb5_sendto
 984	
 985	* kpasswd/kpasswd.c (change_password): remove extra free
 986	
 987	* lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on
 988	osf/1
 989
 9902004-03-30  Love Hörnquist Åstrand  <lha@it.su.se>
 991
 992	* lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't
 993	increase md->len, krb5_padata_add already does that
 994	
 995	* lib/krb5/init_creds.c: its PAC not PAQ
 996	
 997	* kuser/kinit.c: its PAC not PAQ
 998	
 999	* kdc/kerberos4.c: stop the client from renewing tickets into the
1000	future From: Jeffrey Hutzelman <jhutz@cmu.edu>
1001
10022004-03-29  Love Hörnquist Åstrand  <lha@it.su.se>
1003
1004	* configure.in: try to handle sys/strtty.h needing sys/stream.h
1005	
10062004-03-23  Love Hörnquist Åstrand  <lha@it.su.se>
1007
1008	* lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no
1009	longer used
1010	
1011	* kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/
1012	
1013	* lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to
1014	external users by prefixing it with _
1015
1016	* lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/
1017	
1018	* lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external
1019	users by prefixing it with _
1020
10212004-03-22  Love Hörnquist Åstrand  <lha@it.su.se>
1022
1023	* lib/krb5/pkinit.c: add missing }
1024	
10252004-03-21  Love Hörnquist Åstrand  <lha@it.su.se>
1026
1027	* kdc/pkinit.c: adapt to change of signature of
1028	_krb5_pk_load_openssl_id
1029
1030	* lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add
1031	prompter argument and use it
1032
1033	* kuser/kinit.c: adapt to signature change of
1034	krb5_get_init_creds_opt_set_pkinit
1035	
1036	* lib/krb5/krb5.3: add more stuff, 105 functions to go
1037
1038	* lib/krb5/krb5_rcache.3: add krb5_get_server_rcache
1039	
1040	* lib/krb5/krb5_rcache.3: framework for replay cache manpage
1041	
1042	* lib/krb5/krb5_string_to_key.3: document string to key functions
1043	
1044	* lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3
1045	krb5_find_padata.3 krb5_generate_random_block.3
1046
1047	* lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length
1048	
1049	* lib/krb5/krb5.3: add some more, 137 to go
1050	
1051	* lib/krb5/krb5_principal.3: document krb5_get_default_principal
1052	
1053	* lib/krb5/krb5_keyblock.3: document krb5_generate_subkey
1054	
1055	* lib/krb5/krb5_generate_random_block.3: document
1056	krb5_generate_random_block
1057	
1058	* lib/krb5/krb5_find_padata.3: document padata functions
1059	
1060	* lib/krb5/krb5.3: add some more, 142 to go
1061	
1062	* lib/krb5/krb5_creds.3: drop .Pp before .Sh
1063	
1064	* lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm
1065	
1066	* lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname
1067	and krb5_expand_hostname_realms
1068
1069	* lib/krb5/krb5.3: add more functions, 147 to go
1070	
1071	* lib/krb5/krb5_creds.3: document krb5_creds
1072	
1073	* lib/krb5/krb5_get_init_creds.3: add more functions, some more
1074	text
1075
1076	* lib/krb5/krb5_ticket.3: document
1077	krb5_ticket_get_authorization_data_type
1078
10792004-03-20  Love Hörnquist Åstrand  <lha@it.su.se>
1080
1081	* lib/krb5/aes-test.c: remove #if 0'ed code
1082	
1083	* lib/krb5/krb5.3: add keyblock functions, 177 functions to go
1084	
1085	* lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache
1086	
1087	* lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket
1088	
1089	* lib/krb5/krb5_config.3: document krb5_config_free_strings and
1090	krb5_config_file_free
1091
1092	* lib/krb5/krb5_create_checksum.3: add krb5_hmac
1093	
1094	* lib/krb5/krb5.3: add keyblock functions, 190 functions to go
1095
1096	* lib/krb5/krb5_keyblock.3: update .Dd
1097	
1098	* lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and
1099	krb5_generate_random_keyblock
1100
1101	* lib/krb5/krb5_init_context.3: add krb5_init_ets
1102	
1103	* lib/krb5/krb5_config.3: add more krb5_config_ functions and
1104	prototypes
1105
1106	* lib/krb5/krb5_init_context.3: document context modifcation
1107	functions: address list, config file, use admin kdc, fcc version
1108	
1109	* lib/krb5/krb5_storage.3: document krb5_storage and related
1110	functions
1111
1112	* lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc
1113	manpages and test_acl test program
1114
1115	* lib/krb5/krb5.3: add error string functions and sort
1116	
1117	* lib/krb5/krb5_warn.3: document krb5_abort and error string
1118	functions
1119
1120	* lib/krb5/krb5.3: add missing functions, only 285 left to
1121	document
1122
1123	* lib/krb5/krb5_crypto_init.3: remove various enctype related
1124	function
1125
1126	* lib/krb5/krb5_encrypt.3: add various enctype related function
1127	here
1128
1129	* lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid
1130	krb5_cksumtype_valid
1131
1132	* lib/krb5/crypto.c: real return values for
1133	krb5_{enctype,cksumtype}_valid
1134
1135	* lib/krb5/krb5_create_checksum.3: add some functions and
1136	descriptions
1137
1138	* lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions
1139	
1140	* lib/krb5/krb5_auth_context.3: document
1141	krb5_auth_con_generatelocalsubkey
1142
1143	* lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags
1144	
1145	* lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name
1146	
1147	* lib/krb5/krb5_init_context.3: document krb5_add_et_list
1148	
1149	* lib/krb5/krb524_convert_creds_kdc.3: document
1150	krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache
1151
1152	* lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_*
1153	
1154	* lib/krb5/test_acl.c: test for generic acl code
1155
1156	* lib/krb5/acl.c: plug memory leak on file matching, 
1157	make it not fall over when no non matching acl,
1158	make fnmatch matching useful by switching arguments
1159	
11602004-03-19  Love Hörnquist Åstrand  <lha@it.su.se>
1161
1162	* kdc/config.c: add --builtin-hdb command
1163	
1164	* lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin
1165	backends
1166
1167	* doc/setup.texi: include Luke Howard of PADL.COM ldap hdb
1168	documentation
1169
1170	* doc/win2k.texi: fix bugs in examples, add more restrictions, use
1171	example.com as an example. From: Pavel Ferdan
1172	<xferdan@informatics.muni.cz>
1173
11742004-03-18  Johan Danielsson  <joda@pdc.kth.se>
1175
1176	* lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin]
1177	password_lifetime; from Henry B. Hotz
1178
11792004-03-14  Love Hörnquist Åstrand  <lha@it.su.se>
1180
1181	* lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY
1182	is set send subkey
1183	(generate if needed)
1184
1185	* lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY
1186	
11872004-03-14  Love Hörnquist Åstrand  <lha@it.su.se>
1188
1189	* lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks,
1190	and free memory in error path, assume realloc(NULL, ...) works,
1191	factor out common code, indent
1192
11932004-03-12  Love Hörnquist Åstrand  <lha@it.su.se>
1194
1195	* lib/krb5/verify_krb5_conf.c: understand [password_quality]
1196	spelling
1197	
1198	* kuser/kgetcred.1: document --canonicalize
1199	
1200	* kuser/kgetcred.c: add --canonicalize
1201	
12022004-03-10  Love Hörnquist Åstrand  <lha@it.su.se>
1203
1204	* lib/krb5/fcache.c (fcc_store_cred): NULL terminate
1205	krb5_config_get_bool_default' arglist
1206	
12072004-03-09  Love Hörnquist Åstrand  <lha@it.su.se>
1208
1209	* kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply
1210	
1211	* kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry
1212	
1213	* kdc/pkinit.c: pass client hdb_entry to pk_check_client
1214	
1215	* kdc/kdc_locl.h: pass client hdb_entry to pk_check_client
1216	
1217	* kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its
1218	more like that language in RFC3280
1219	
1220	* lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since
1221	its more like that language in RFC3280
1222	
1223	* lib/krb5/krb5.conf.5: document
1224	[libdefaults]fcc-mit-ticketflags=boolean
1225
1226	* lib/krb5/fcache.c (fcc_store_cred): use
1227	[libdefaults]fcc-mit-ticketflags=boolean to decide what format to
1228	write the fcc in. Default to mit version (aka heimdal 0.7)
1229	
1230	* lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and
1231	_krb5_store_creds_heimdal_pre_0_7 that store the creds in just
1232	that format make krb5_store_creds default to mit format
1233	
1234	* lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is
1235	the higher bits of the bitfield
1236	
12372004-03-08  Love Hörnquist Åstrand  <lha@it.su.se>
1238
1239	* lib/krb5/store.c (krb5_store_creds): add disabled code that
1240	store the ticket flags in reverse order
1241	(bitswap32): new function
1242
1243	* lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags
1244	are set, its a mit cache, reverse the bits, bug pointed out by
1245	Sergio Gelato <Sergio.Gelato@astro.su.se>
1246
12472004-03-07  Love Hörnquist Åstrand  <lha@it.su.se>
1248
1249	* lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP *
1250	
1251	* kuser/kinit.c: when running kinit with a subprocess, fetch new
1252	tickets after half the tickets lifetime
1253	
1254	* lib/hdb/hdb.c: spelling
1255	
1256	* lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba
1257	password database.  From: Andrew Bartlett <abartlet@samba.org>
1258
1259	* kdc/config.c: add --disable-DES
1260	
1261	* kdc/kdc.8: document --detach and --disable-DES
1262	
1263	* kdc/kerberos5.c: check if enctype is disabled before using it
1264	
1265	* lib/krb5/crypto.c: add support for disabling checksum/encryption
1266	types
1267
1268	* tools/kdc-log-analyze.pl: add more cases
1269	
1270	* kdc/connect.c: on strange tcp error; log local port number and
1271	socket type
1272	
1273	* lib/asn1/der.h: fix prototype of encode_utf8string
1274	
1275	* lib/asn1/gen.c: catch CHOICE and generate dummy placeholder
1276	
1277	* lib/asn1/lex.l: added dummy parsing of CHOICE
1278	
1279	* lib/asn1/parse.y: added dummy parsing of CHOICE
1280	
1281	* lib/asn1/k5.asn1: drop SMTP_NAME
1282	
12832004-03-06  Love Hörnquist Åstrand  <lha@it.su.se>
1284
1285	* lib/hdb/Makefile.am: support building ldap backend as module
1286	sort asn1 hdb files
1287	
1288	* lib/hdb/hdb.c: when building ldap as a shared module, don't
1289	include it in the list
1290
1291	* configure.in: add --enable-hdb-openldap-module
1292	
1293	* lib/hdb/hdb-ldap.c: make ldap possible to build as a shared
1294	module
1295
1296	* lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew
1297	Bartlett <abartlet@samba.org>
1298
1299	* lib/krb5/crypto.c (decrypt_internal_special): do not not modify
1300	the original data test case from Ronnie Sahlberg
1301	<ronnie_sahlberg@ozemail.com.au>
1302
13032004-03-03  Love Hörnquist Åstrand  <lha@it.su.se>
1304
1305	* lib/krb5/test_cc.c: more cc tests, mostly related to mcc
1306	behavior
1307
1308	* lib/krb5/mcache.c (mcc_get_principal): also check for
1309	primary_principal == NULL now that that isn't used as dead flag
1310	
1311	* lib/krb5/mcache.c: don't overload the primary_principal == NULL
1312	as dead since that doesn't always work. Based on patch from
1313	Jeffrey Hutzelman <jhutz@cmu.edu>, tweeked by me
1314	
13152004-02-22  Love Hörnquist Åstrand  <lha@it.su.se>
1316
1317	* kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
1318	
1319	* lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
1320	
1321	* lib/hdb/db3.c: fix all db >= 4.1 cases
1322	
1323	* doc/setup.texi: add text about hostname to realm mapping using
1324	DNS
1325
13262004-02-20  Love Hörnquist Åstrand  <lha@it.su.se>
1327
1328	* kdc/pkinit.c: update error codes
1329	
1330	* lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_
1331
1332	* lib/krb5/pkinit.c: update error codes
1333	
13342004-02-19  Love Hörnquist Åstrand  <lha@it.su.se>
1335
1336	* lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort()
1337	
1338	* lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling
1339	
1340	* lib/krb5/store.c: handle memory allocate errors
1341
1342	* lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok,
1343	and don't put an error in the error strings then
1344	
13452004-02-13  Love Hörnquist Åstrand  <lha@it.su.se>
1346
1347	* kdc/pkinit.c: s/heim_big_integer/heim_integer/
1348	
1349	* lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/
1350	
1351	* kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors
1352	
1353	* lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT
1354	errors
1355	
1356	* lib/krb5/heim_err.et: add HEIM_PKINIT specific errors
1357	
13582004-02-12  Love Hörnquist Åstrand  <lha@it.su.se>
1359
1360	* configure.in: rename AC_WFLAGS to rk_WFLAGS
1361	
1362	* acinclude.m4: use m4_define, over-quote string
1363	
13642004-02-11  Love Hörnquist Åstrand  <lha@it.su.se>
1365
1366	* lib/krb5/init_creds_pw.c (change_password): handle that
1367	printf("%.*s", 0, (void*)NULL); doesn't work on solaris
1368	
13692004-02-10  Love Hörnquist Åstrand  <lha@it.su.se>
1370
1371	* kpasswd/kpasswd.c (change_password): handle that printf("%.*s",
1372	0, (void*)NULL); doesn't work on solaris
1373	
1374	* lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses
1375	some locate.updatedb, use FILES section to describe where the file
1376	is instead.
1377
13782004-02-07  Love Hörnquist Åstrand  <lha@it.su.se>
1379
1380	* lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned
1381	for certain negative integers, it got the length wrong" , from
1382	Panasas, Inc.
1383
1384	* lib/asn1/der_length.c: Fix len_unsigned for certain negative
1385	integers, it got the length wrong, fix from Panasas, Inc.
1386	
1387	rename len_int and len_unsigned to _heim_\&
1388	
1389	* lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int
1390	
13912004-02-06  Dave Love  <d.love@dl.ac.uk>
1392
1393	* configure.in: Check for sys/socket.h, net/if.h.  Modify term.h,
1394	security/pam_appl.h tests.
1395	
13962004-02-03  Love Hörnquist Åstrand  <lha@it.su.se>
1397
1398	* lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add
1399	up the size of all the elements, don't use just the size of the
1400	last element.
1401
1402	* lib/krb5/aes-test.c: add "next iv" test for aes128, check
1403	decryption case too
1404
1405	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
1406	the next to last block, fix decryption case too
1407	
1408	* lib/krb5/aes-test.c: add "next iv" test for aes128
1409	
1410	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
1411	the next to last block
1412
1413	* lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
1414	error
1415	
1416	* lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
1417	error
1418
1419	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1
1420	encode error
1421
1422	* lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode
1423	error
1424
1425	* lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1
1426	encode error
1427
1428	* lib/krb5/build_auth.c (krb5_build_authenticator): abort on
1429	internal asn1 encode error
1430
1431	* lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal
1432	asn1 encode error
1433
14342004-01-30  Love Hörnquist Åstrand  <lha@it.su.se>
1435
1436	* doc/setup.texi: some text about order of [capaths] realms
1437	
14382004-01-25  Love Hörnquist Åstrand  <lha@it.su.se>
1439
1440	* lib/krb5/context.c: register WRFILE ops
1441	
1442	* lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE)
1443	
1444	* lib/krb5/krb5.h: add krb5_wrfkt_ops
1445	
1446	* kpasswd/kpasswdd.c (change): use the right password when
1447	changing the password
1448
14492004-01-21  Love Hörnquist Åstrand  <lha@it.su.se>
1450
1451	* lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it
1452	means that the filesystem doesn't support locking
1453	
1454	* lib/krb5/keytab.c: remove #if 0 out file locking code
1455	
14562004-01-19  Love Hörnquist Åstrand  <lha@it.su.se>
1457
1458	* lib/asn1/gen_length.c (length_type): TSequenceOf: add up the
1459	size of all the elements, don't use just the size of the last
1460	element.
1461
14622004-01-13  Love Hörnquist Åstrand  <lha@it.su.se>
1463
1464	* kuser/kinit.c (renew_validate): if renewable_flag and not time
1465	specifed, use "1 month"
1466
14672004-01-08  Love Hörnquist Åstrand  <lha@it.su.se>
1468
1469	* lib/krb5/krb5_keyblock.3: add prototypes, describe
1470	krb5_keyblock_zero
1471
14722004-01-05  Love Hörnquist Åstrand  <lha@it.su.se>
1473
1474	* lib/krb5/get_for_creds.c (add_addrs): don't add same address
1475	multiple times
1476
1477	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to
1478	handle errors better for previous commit
1479
1480	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets
1481	are address-less, forward address-less tickets.
1482	
1483	* lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and
1484	export it
1485