--- /dev/null
+2003-12-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/error_string.c: protect error_string with mutex
+
+ * lib/krb5/context.c: allocate and destroy mutex in krb5_context
+
+ * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string
+
+2003-12-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: make -9 work again
+
+2003-12-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: try handle ts preauth better, still
+ not good, but at least it work with older heimdal releases that
+ doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was
+ sent
+
+2003-12-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer
+ used
+
+2003-12-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as
+ parameters, required by CMS
+
+2003-12-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab):
+ avoid memory leak that snuck in when krb5_keytab_key_proc was
+ exported, pointed out by Panases Inc
+
+ * lib/krb5/keytab_file.c: do locking, found to be a problem for
+ Panasas Inc
+
+ * lib/krb5/fcache.c: internally export x{,un}lock and thus prefix
+ them with _krb5_
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
+ KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded
+ krb-cred
+
+ * lib/krb5/krb5_auth_context.3: some text about
+ krb5_auth_con_{add,remove}flags
+
+ * lib/krb5/auth_context.c: add krb5_auth_con_addflags and
+ krb5_auth_con_removeflags
+
+2003-12-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to
+ avoid memory leak
+
+2003-12-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/crypto.c: require cipher-text to be padded to padsize
+
+ * lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is
+ deprecated in RFC3493
+
+ * lib/krb5/verify_krb5_conf.c (check_host): don't check for
+ EAI_NODATA, because its depricated in RFC3493 Pointed out by
+ Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss
+
+2003-12-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS
+
+ * lib/krb5/test_crypto.c: add --version,--help
+
+ * kuser/kinit.c (main): return the return value from simple_execvp
+
+2003-11-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: don't use PKINIT DH per default since its too
+ slow
+
+ * lib/krb5/pkinit.c: tweek to make pkinit work with the fact the
+ asn1_compile can't generate code for context tagless optionals
+
+ * kdc/pkinit.c: add support for KDC side of DH PKINIT
+
+ * lib/krb5/pkinit.c: clean up error handling, make enc-type work
+ again
+
+2003-11-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: add flag to make it work with pkinit dh
+
+ * lib/krb5/pkinit.c: make PKINIT DH support work
+
+2003-11-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen
+
+ * kdc/pkinit.c: clean up
+
+ * lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field
+
+ * lib/krb5/pkinit.c: remove most compile depencies clean up
+
+ * kdc/pkinit.c: print an error and turn of pkinit if openssl
+ failed to load
+
+ * kdc/config.c: read pkinit (pki-mumble) configuration options
+
+ * kdc/kerberos5.c: add pkinit support
+
+ * kdc/kdc_locl.h: add prototypes for pkinit
+
+ * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I
+ removed the dependency on valicert asn1 parser, remove smartcard
+ and globus support (for now). Work to be done on this: DH support,
+ Globus support, Smartcard support, windows support (MS implements
+ -09 of the draft), make it conform to the new draft
+
+ * lib/krb5/pkinit.c: fix bugs, improve error reporting
+
+2003-11-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: add some "struct foo;" glue for pkinit
+ structures that isn't used
+
+ * lib/krb5/pkinit.c: clean up, make remove depenency on openssl's
+ api
+
+ * lib/krb5/krb5_locl.h: add some glue for pkinit add reference
+ counter to _krb5_get_init_creds_opt_private
+
+ * lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt
+ private component to avoid copy all the data in it
+
+ * lib/krb5/crypto.c (AES_string_to_key): fix memory leak
+
+ * lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak
+
+ * lib/krb5/heim_threads.h: include pthread.h in the pthread case
+
+2003-11-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswdd.c (main): parse kdc.conf
+ From: Jeffrey Hutzelman <jhutz@cmu.edu>
+
+2003-11-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am (TESTS): add test_crypto
+
+ * lib/krb5/test_crypto.c: time crypto operations
+
+2003-11-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/init-creds: spelling, Bruno Rohee <bruno@rohee.com>
+
+2003-11-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free
+ the ticket now, rewrite error handling to handle that
+
+ * kpasswd/kpasswdd.c (process): don't free ticket,
+ krb5_free_ticket does that now
+
+ * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket
+ does that now
+
+ * lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to
+ match mit behavior, pointed out by Derrick Brashear
+
+ * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket
+
+2003-11-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/padata.c: add krb5_padata_add
+
+ * lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible
+
+ * lib/krb5/Makefile.am: add pkinit.c
+
+ * kuser/kinit.c: add pkinit support
+
+ * lib/krb5/init_creds_pw.c: add support for pkinit
+
+ * lib/krb5/krb5_locl.h: add the opaque krb5_pk_init_ctx to
+ _krb5_get_init_creds_opt_private
+
+ * lib/krb5/pkinit.c: rename krb5_pk_init_openssl_ctx to
+ krb5_pk_init_ctx fix win2k error handling
+
+ * lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr
+ Holub, I removed the dependency on valicert asn1 parser, remove
+ smartcard and globus support (for now). Work to be done on this:
+ DH support, Globus support, Smartcard support, windows support (MS
+ implements -09 of the draft), verify that it conforms the new
+ draft
+
+2003-11-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/der_copy.c (copy_oid): copy all components
+
+2003-10-27 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: document capaths section
+
+2003-10-22 Johan Danielsson <joda@pdc.kth.se>
+
+ * kdc/kerberos5.c: make sure that the server realm and the krbtgt
+ second component are identical; get rpath from the capaths section
+
+ * kdc/kerberos5.c: change logic for when to check transited policy
+ to a tri-state model involving per principal flags (to be
+ implemented)
+
+ * kdc/kdc_locl.h: change enforce_transited_policy to a tri-state
+ variable
+
+ * kdc/config.c: change enforce_transited_policy to a tri-state
+ variable
+
+2003-10-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out
+ encoding to make sure it have a defined value on failure
+
+ * lib/krb5/transited.c (krb5_domain_x500_encode):
+ if num_realms ==0, set encoding and return (avoids malloc(0)),
+ check return value for malloc
+
+2003-10-21 Johan Danielsson <joda@pdc.kth.se>
+
+ * kdc/kerberos5.c (fix_transited_encoding): always print
+ cross-realm information
+
+2003-10-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: spelling, From: Tracy Di Marco White
+
+ * kdc/kerberos5.c (fix_transited_encoding): set transited type
+
+2003-10-21 Johan Danielsson <joda@pdc.kth.se>
+
+ * kdc/kdc.8: document enforce-transited-policy
+
+ * kdc/kerberos5.c: always check transited policy if flag set
+ either globally or on principal
+
+ * kdc/config.c: add flag to always check transited policy
+
+ * lib/hdb/hdb.asn1: add flag to enforce transited policy
+
+2003-10-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms
+ to zero not num_realms
+
+ * kuser/kgetcred.1: add --no-transit-check
+
+ * kuser/kgetcred.c: add --no-transit-check
+
+ * doc/setup.texi: describe Transit policy
+
+2003-10-20 Johan Danielsson <joda@pdc.kth.se>
+
+ * kdc/kerberos5.c (fix_transited_encoding): also verify with
+ policy, unless asked not to
+
+ * lib/krb5/rd_req.c (krb5_decrypt_ticket): try to verify transited
+ realms, unless the transited-policy-checked flag is set
+
+ * lib/krb5/transited.c (krb5_domain_x500_decode): handle zero
+ length tr data;
+ (krb5_check_transited): new function that does more useful stuff
+
+ * lib/krb5/get_cred.c: get capath info from [capaths] section
+
+2003-10-16 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/fcache.c: Sleep forever waiting for lock. Previous
+ method doesn't work well with a large number of clients accessing
+ the cache at the same time, and there is no simple way to add a
+ timeout to the lock.
+
+2003-10-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: print the error value
+ krb5_init_context failed with
+
+ * lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if
+ there is binding before a section declaration. Bug found by
+ Arkadiusz Miskiewicz <arekm@pld-linux.org>
+
+2003-10-13 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/fcache.c (erase_file): revert a change in previous; if
+ the ccache is a symlink, kdestroy should remove it
+
+ * lib/krb5/fcache.c: implement locking
+
+2003-10-12 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred
+ returns error other than KRB5_CC_END
+
+2003-10-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: add some help function that is common
+ between ENC_TS and SAM2, free the etype{,2}-infos on failure, move
+ the pa counter into krb5_get_init_creds_ctx
+
+2003-10-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kaserver.c (do_getticket): if times data is shorter then 8
+ byte, request is malformed.
+
+ * kdc/kaserver.c (do_authenticate): if request length is less then
+ 8 byte, its a bad request and fail. Pointed out by Marco Foglia
+ <marco@foglia.org>
+
+ * lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that
+ warns for mit syntax is used and just ignore the mit syntax when
+ its used
+
+ * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi]
+
+2003-10-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/lex.l: add BOOLEAN
+
+ * lib/asn1/parse.y: add BOOLEAN
+
+2003-10-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: When running kinit in "fork mode" do pagsh
+ independent of krb4, also always do krb4 setup of cc. Always try
+ to destroy the v4 cc.
+ - add boolean --{,no-}request-pac that will request pac or not
+
+ * kuser/klist.c (check_for_tgt): set client as part of the
+ pattern/match cred
+
+ * lib/krb5/convert_creds.c (_krb5_krb_dest_tkt): unlink v4 token
+ (get_krb4_cc_name): move out from _krb5_krb_tf_setup
+ (_krb5_krb_tf_setup): adapt to allocated filename instead of
+ static filename
+
+ * lib/krb5/krb5-v4compat.h: add _krb5_krb_dest_tkt and TKT_ROOT
+
+ * lib/krb5/init_creds_pw.c (*) send PA_PAC_REQUEST when the user
+ have requested either use PAC or not use PAC, if the option not
+ set from the user, leave it up to the kdc to decide.
+ (init_creds_loop): clear error string on success
+
+ * lib/krb5/init_creds.c: add
+ krb5_get_init_creds_opt_set_paq_request break out common part of
+ extended opt functions to require_ext_opt
+
+ * lib/krb5/krb5_locl.h: add enum krb5_get_init_creds_req_pac and
+ use it in struct _krb5_get_init_creds_opt_private
+
+ * tools/kdc-log-analyze.pl: handle some more failure lines
+
+ * doc/programming.texi: some diffrences between Heimdal and MIT
+ Kerberos in the API
+
+ * doc/setup.texi: add Setting up DNS
+
+ * lib/krb5/rd_req.c (krb5_rd_req): always free keyblock since its
+ alway used
+
+ * lib/asn1/Makefile.am: add SAM types and PAC_REQUEST
+
+ * lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST
+
+ * lib/asn1: add boolean support
+
+2003-10-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on
+ failure
+
+2003-09-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/http_client.c (do_connect): use ai_protocol 0
+
+ * lib/krb5/init_creds_pw.c (init_cred_loop): handle
+ KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting
+ LARGE_MSG from send to kdc, and if this is the second time bail
+ out; try to free memory
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc_flags): new function,
+ and then implement the order krb5_sendto_kdc* function with this
+ function.
+
+ * lib/krb5/krbhst.c (krb5_krbhst_init_flags): new function, use it
+ and adapt callers
+ (krbhst_get_default_proto): new function, returns udp, or in case
+ large_msg was requested for the krb5_krbhst_data, use tcp.
+ (*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid
+ using udp, use krbhst_get_default_proto
+
+ * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and
+ krb5_send_to_kdc_flags)
+
+2003-09-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth
+ context, use that
+
+ * appl/test/uu_client.c: print authorization data if there are any
+
+ * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String
+
+2003-09-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy
+ * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy
+
+ * lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen
+
+ * kuser/kinit.c: don't get v4 tickets by default
+
+2003-09-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswdd.c (process): remove a abort()
+
+ * doc/win2k.texi: add some text about netdom.exe and trusts
+
+ * TODO-1.0: gssapi rc4 done
+
+ * kpasswd/kpasswdd.c: add support for Set password protocol as
+ defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change
+ Password and Set Password Protocols
+
+2003-09-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/db3.c: improve readability of ->open ifdef, check if
+ version >= 4.1
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add
+
+ * lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key
+ in the auth_context, they way processes that doesn't use the
+ keytab can still pass in the key of the service (matches behavior
+ of MIT Kerberos).
+
+2003-09-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: collect all init_creds context into a
+ structure so it can easier be passed around, also, while here,
+ change nonce for every request
+
+ * lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before
+ the loop, add_padata() will handle that itself
+
+ * lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len
+ until in contains interesting data, use right iteration counter
+ when clearing the addresses
+
+ * lib/krb5/log.c (log_realloc): increase len after realloc returns
+ sucessfully
+
+2003-09-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/config_file.c: fix prototypes
+ From: Fredrik Ljungberg <flag@pobox.se>
+
+2003-09-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/http_client.c: close socket when we are done, don't
+ allow the server to restart gssapi negotiation
+
+ * lib/hdb/hdb_locl.h: include <limits.h> for ULONG_MAX noted by
+ Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss
+
+ * appl/test/gssapi_client.c (proto): use select_mech
+
+ * appl/test/http_client.c: use getarg
+
+ * appl/test/gss_common.h: prototype for select_mech
+
+ * appl/test/gss_common.c (select_mech): return the gss_OID from a
+ mech name
+
+ * appl/test/http_client.c: print both source and target
+
+ * appl/test/Makefile.am: build http_client
+
+2003-09-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/asn1_print.c: add support for printing Enumerated
+
+ * appl/test/gssapi_client.c: allow user to select mech; krb5,
+ spnego, and no-oid
+
+ * appl/test/test_locl.h: add mech
+
+ * appl/test/common.c: add --mech,-m argument
+
+ * appl/test/gssapi_server.c: print the mech that was used
+
+ * kdc/kerberos5.c (only_older_enctype_p): check request if the
+ client only supports old enctypes, before it used the database
+
+2003-09-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * **/*.c: add context argument to krb5_get_init_creds_opt_alloc
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add
+ context argument
+
+ * lib/krb5/krb5_get_init_creds.3: spelling
+
+2003-09-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c (add_file): make len argument an pointer to
+ an integer
+
+ * lib/asn1/k5.asn1: add SAM types
+
+ * lib/krb5/init_creds_pw.c: break out the encrypt timestamp
+ preauth to its function break out the pa_data_to_key_plain to its
+ own function make more variables const
+
+2003-09-04 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt}
+
+2003-09-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: Add key usage for encryption of the
+ SAM-NONCE-OR-SAD field.
+
+ * include/make_crypto.c: include <openssl/ui.h> in the openssl
+ case
+
+ * kdc/hprop.h: use new DES_ api
+
+ * lib/krb5/krb5-v4compat.h: assume session key is a char array of
+ length 8
+
+ * lib/krb5/prompter_posix.c:
+ s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * kuser/kinit.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * kdc/string2key.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * kdc/kstash.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * admin/add.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * lib/krb5/crypto.c: switch from the des_ to the DES_ api
+
+ * kdc/hprop.c: use DES_KEY_SZ instead of sizeof(des_block)
+
+ * kuser/kverify.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+ * kpasswd/kpasswd-generator.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+ * kdc/hprop.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free compare
+ a uint32_t with 0xffffffff instead of -1
+
+ * lib/krb5/krb5_425_conv_principal.3: fix [Gt]
+
+ * kuser/kinit.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): handle
+ password passed in though context
+
+ * lib/krb5/Makefile.am (TESTS): += test_config
+
+ * lib/krb5/aes-test.c: move variable thats used within a #ifdef to
+ be defined within that #ifdef
+
+ * lib/krb5/data.c (krb5_data_free): reset whole krb5_data when
+ freeing it
+
+ * lib/krb5/keyblock.c (krb5_keyblock_zero): new function, zeros
+ out a keyblock
+
+ * lib/krb5/init_creds_pw.c: rewrite/implement
+ krb5_get_init_creds_password with new preauth handing, still it
+ can only work with krb5-pa-enc-timestamp for preauth, but now it
+ can handle etype-info2
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): allocate
+ a opt structure
+ (krb5_get_init_creds_opt_free): free a opt structure
+ (krb5_get_init_creds_opt_set_pa_password): set preauth info for
+ enc-timestamp
+
+ * lib/krb5/krb5_locl.h: add struct
+ _krb5_get_init_creds_opt_private
+
+2003-09-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef,
+ add a pointer to a private part of krb5_get_init_creds_opt
+
+ * kdc/string2key.c (main): avoid const warning by using a extra
+ variable
+
+2003-08-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type):
+ reindent
+
+ * lib/krb5/ticket.c (krb5_copy_ticket): free all data when
+ failing, copy data to right memory, the later pointed out by Luke
+ Howard.
+
+2003-08-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers
+
+2003-08-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/db3.c: try to include more db headers
+
+ * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss
+ From: Luke Howard <lukeh@PADL.COM>
+
+2003-08-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56
+
+ * appl/test/gssapi_client.c: send both INT and CONF wrapped token
+
+ * appl/test/gssapi_server.c: recv both INT and CONF wrapped token
+
+ * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE
+
+2003-08-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/uu_client.c (proto): fill in client in the match cred
+
+2003-08-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers
+
+ * lib/krb5/crypto.c (usage2arcfour): simplify, only include
+ special cases From: Luke Howard <lukeh@PADL.COM>
+
+2003-08-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard
+ <lukeh@PADL.COM>
+
+ * lib/krb5/crypto.c (arcfour_checksum_p): return true when is
+ arcfour, not when its not pointed out by Luke Howard
+
+ * doc/ack.texi: update Luke Howard email address
+
+2003-08-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_encrypt.3: document:
+ krb5_crypto_getconfoundersize, krb5_crypto_getblocksize
+ krb5_crypto_getenctype, krb5_crypto_getpadsize
+
+ * lib/krb5/crypto.c (krb5_crypto_getpadsize,
+ krb5_crypto_getconfoundersize): added From: Luke Howard
+ <lukeh@PADL.COM>
+
+2003-08-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/connect.c (handle_tcp): handle recvfrom returning 0
+ (connection closed)
+
+ * kdc/connect.c (grow_descr): increment the size after we succeed
+ to allocate the space
+
+ * lib/krb5/krb5_create_checksum.3: text about when
+ krb5_crypto_get_checksum_type is useful
+
+ * lib/krb5/crypto.c (krb5_crypto_get_checksum_type): fix format
+ string
+
+ * lib/krb5/krb5_create_checksum.3: document
+ krb5_crypto_get_checksum_type
+
+ * lib/krb5/crypto.c: add krb5_crypto_get_checksum_type
+ From: Luke Howard <lukeh@PADL.COM>
+
+ * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code
+ From: Luke Howard <lukeh@PADL.COM>
+
+2003-08-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * include/make_crypto.c: include aes.h inc in the local libdes
+ case too
+
+2003-08-20 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/asn1/der_free.c: set free'd poiners to NULL
+
+ * lib/asn1/gen_free.c: set free'd poiners to NULL
+
+2003-08-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support
+ on netbsd
+
+ * lib/krb5/crypto.c: Do the arcfour checksum mapping for
+ krb5_create_checksum and krb5_verify_checksum, From: Luke Howard
+ <lukeh@PADL.COM>
+
+2003-08-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_config.c: check krb5_prepend_config_files_default
+ and krb5_prepend_config_files
+
+ * lib/krb5/context.c: add krb5_prepend_config_files and
+ krb5_prepend_config_files_default
+
+2003-08-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t
+ as argument
+
+ * lib/krb5/parse-name-test.c: please lint (and me)
+
+ * kdc/config.c (configure): remove only set variable 'e'
+
+ * kdc/connect.c (init_socket): sockaddr size argument to
+ krb5_addr2sockaddr is a krb5_addr2sockaddr *
+
+ * kdc/kerberos5.c (as_rep): remove usused variable
+ (tgs_rep2): don't use a temporary ret-variable, ret is reset later
+
+ * lib/krb5/krb5_get_in_cred.3: these function will be deprecated
+
+ * lib/krb5/Makefile.am: man_MANS += krb5_get_init_creds.3
+
+ * lib/krb5/krb5_get_init_creds.3: begining of documentation of
+ krb5_get_init_creds
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with
+ with the mit implemtation, don't free `creds' argument when done,
+ its up the the caller to do that, also allow a NULL ccache.
+
+2003-08-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: document tgs_require_subkey
+
+ * lib/asn1/Makefile.am: remove trance of generate tests files, its
+ not really for consumption yet
+
+ * lib/hdb/Makefile.am: split generated source from non generated
+ source we make-proto.pl can generate prototypes for non
+ generate-source only (make-proto.pl dies on asn1compile's .c
+ files)
+
+ * lib/krb5/get_cred.c (init_tgs_req): make generation of subkey
+ optional on configuration parameter
+ [realms]realm={tgs_require_subkey=bool}
+ defaults to off. The RFC1510 weakly defines the correct behavior,
+ so old DCE secd apparently required the subkey to be there, and MS
+ will use it when its there. But the request isn't encrypted in the
+ subkey, so you get to choose if you want to talk to a MS mdc or a
+ old DCE secd.
+
+ * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero
+
+2003-08-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/principal.c (unparse_name): len can't be zero, so,
+ don't check for that
+
+2003-08-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/principal.c (unparse_name): make sure there are space
+ for a NUL, set *name to NULL when there is a failure (so caller
+ can't get hold of a freed pointer)
+
+2003-07-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/kerberos.8: remove duplicate manual, from
+ cjep@netbsd.org
+
+2003-07-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/cache.c: indent
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): only read
+ KRB5CCNAME when not suid
+
+2003-07-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes,
+ use a char array instead of des_cblock
+
+2003-07-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2
+
+ * lib/krb5/crypto.c (hmac): make it return an error when out of
+ memory, update callsites to either return error or use krb5_abortx
+ (krb5_hmac): expose hmac
+
+2003-07-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype
+ of keyblock
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3
+
+ * lib/krb5/krb5_keyblock.3: some information about krb5_keyblock
+ and related functions
+
+ * lib/krb5/heim_threads.h: make the non-debug version of the mutex
+ macros "use" the "mutex" integer so the compile wont complain
+ about defined unused variables
+
+ * lib/krb5/heim_threads.h: make thread local storage macros take a
+ "return" argument so no functions need to be created for the
+ no-pthread case
+
+ * lib/krb5/heim_threads.h: adding RWLOCKS and [sg]etspecific
+
+ * configure.in: use KRB_PTHREADS
+
+ * lib/asn1/Makefile.am (gen_files): add asn1_KerberosString and
+ sort
+
+ * lib/asn1/k5.asn1 (ETYPE-INFO2-ENTRY): salt is a KerberosString
+
+ * lib/krb5/krb5.3: add ticket access functions
+ * lib/krb5/krb5_ticket.3: ditto
+ * lib/krb5/ticket.c: ditto
+ * lib/krb5/Makefile.am: ditto
+
+ * lib/krb5/mit_glue.c: add some more krb5_c functions
+
+ * lib/krb5/krb5_c_make_checksum.3: add some more krb5_c functions
+
+ * lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type
+ is a valid one
+
+ * lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented
+ error string when there is a context
+ (krb5_checksum_is_collision_proof): ditto
+
+2003-07-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data
+ argument optional
+ (krb5_c_{encrypt,decrypt}): return "better" error codes for
+ invalid ivec length
+
+ * lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum
+ usage
+
+ * lib/krb5/crypto.c (krb5_crypto_getenctype): new function
+
+ * include/make_crypto.c: avoid redefining
+ OPENSSL_DES_LIBDES_COMPATIBILITY
+
+ * lib/krb5/krb5.h: add krb5_enc_data
+
+2003-07-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.3: add krb5_c_ functions
+
+ * lib/krb5/mit_glue.c: support passing in NULL as the
+ cipher_state/ivec
+
+ * lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and
+ krb5_c_decrypt
+
+ * lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue
+
+ * lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when
+ calculating the length of the encrypted data, use the keyed
+ checksum length if the enctype supports a keyed checksum. This
+ only matter for aes, for all other enctypes the key and unkeyed
+ checksum have the same length.
+
+2003-07-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/mit_glue.c: first version of krb5_c encryption glue
+
+ * doc/install.texi: update pointer to luke ldap documentation
+
+ * lib/hdb/hdb.c (hdb_create): check for dynamic backend after
+ static to avoid warning from dynamic backend when using a known
+ static backend
+
+2003-07-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/cache.c: don't return value in void function
+
+2003-07-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/creds.c (krb5_compare_creds): if client is specified in
+ the mcreds, check that too
+
+ * lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}:
+ prefix libasn1 types with heim_
+
+ * lib/asn1: prefix typedefs and structs with heim_
+
+2003-07-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.c: avoid unnecessary setting of variable
+
+2003-07-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred
+
+ * appl/test/uu_client.c (proto): use krb5_cc_clear_mcred
+
+ * lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free
+ in the req_body addresses since they where pass in by caller
+ (find_cred): use krb5_cc_clear_mcred
+
+ * lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred
+
+ * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a
+ krb5_creds to use with krb5_cc_retrieve_cred
+
+2003-06-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix,
+ don't load anything
+
+2003-06-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke
+ Howard <lukeh@PADL.COM>
+
+ * lib/hdb/hdb.h: add struct hdb_so_method and
+ HDB_INTERFACE_VERSION
+
+2003-06-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using
+ arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since
+ Microsoft calculates the keyed checksum with the subkey of the
+ authenticator.
+
+ * kuser/kinit.c: write out v4 credential caches with
+ _krb5_krb_tf_setup
+
+ * lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup
+
+ * lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4
+ credential to a new krb4 ticket file
+
+2003-06-27 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since
+ it contains more than 9 words; from wiz
+
+2003-06-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from
+ stefan sokoll <stefansokoll@yahoo.de>
+
+2003-06-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text
+
+ * lib/krb5/time.c: improve comment for krb5_set_real_time
+
+2003-06-23 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/kinit.1: document -A
+
+ * kuser/kinit.c: add -A as an alias for --no-addresses
+
+2003-06-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a
+ krb5_timestamp to krb5_us_timeofday
+
+ * lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to
+ krb5_us_timeofday
+
+ * lib/krb5/time.c (krb5_set_real_time): fix comment and make it
+ work
+
+ * lib/krb5/time.c, lib/krb5/krb5_timeofday.3,
+ lib/krb5/Makefile.am lib/krb5/test_time.c:
+
+ implement krb5_set_real_time, used by SAMBA, requested by Luke
+ Howard <lukeh@PADL.COM>
+
+ * lib/asn1/k5.asn1: make the aes and sha1 checksum types match
+ draft-ietf-krb-wg-crypto-05
+
+2003-06-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data
+
+ * lib/krb5/crypto.c: clean up AES code to use a structure instead
+ of a key array
+ (_krb5_AES_string_to_default_iterator): set to 4096 as described in
+ aes draft -04
+ (derive_key): always remove the key->schedule since its
+ will contain the wrong (parent key) info
+
+2003-06-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn
+ * doc/setup.texi: add more kdc's to the example
+
+2003-06-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto
+ Patino <jalbertop@aranea.com.mx>, Luke Howard <lukeh@PADL.COM>
+ Pointed out by Andrew Bartlett of Samba
+
+ * lib/krb5/heim_threads.h: remove freebsd comment, don't use debug
+ pthread stubs by default
+
+ * lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3
+
+ * lib/krb5/krb5_free_addresses.3: removed file, functions are
+ documented in krb5_address.3
+
+ * lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2
+
+ * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add
+ krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256
+
+2003-06-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: Point out that slave needs /var/heimdal
+ directory and masterkey From: Mans Nilsson <mansaxel@sunet.se>,
+ Fix spelling while here
+
+2003-06-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3:
+ add manpage for: krb5_get_in_cred, krb5_get_in_tkt,
+ krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password,
+ krb5_get_in_tkt_with_skey
+
+2003-05-28 Assar Westerlund <assar@kth.se>
+
+ * lib/krb5/heim_threads.h: Fix unlock/destroy macros for the
+ non-threaded cases to work. Fix typo.
+
+2003-05-27 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of
+ "unsigned" integers. If MSB is set, we need to pad with a zero
+ byte.
+
+2003-05-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes
+
+ * lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap
+ connection
+ (LDAP_store): remove superfluous argument to asprintf
+
+ From Alberto Patino <jalbertop@aranea.com.mx>
+
+2003-05-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/*.[0-9]: pacify mdoclink
+
+ * lib/krb5/krb5_ccache.3: document diffrences between mit and
+ heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$//
+
+2003-05-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/gssapi_server.c (proto): start to use
+ gss_krb5_copy_ccache
+
+ * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t
+ groveling for now
+
+2003-05-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1:
+ - add parser/generate glue for UTF8String and NULL
+ (DER primitive encode/decode functions missing)
+ - handle parsing of DEFAULT and, ...
+
+2003-05-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/heim_threads.h: add missing argument to mutex_init
+
+ * lib/krb5/crypto.c: protect the random initiator with a mutex
+
+ * lib/krb5/mcache.c: protect the mcc_head with a mutex
+
+ * lib/krb5/krb5_locl.h: include heim_threads.h
+
+ * lib/krb5/heim_threads.h: wrapper macros for thread
+ synchronization primitives
+
+2003-05-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_principal.3
+ lib/krb5/Makefile.am:
+ Add all Kerberos principal function to one manpage, add a few more
+ principal function to it, remove old now dup manpages
+
+ * lib/krb5/krb5_build_principal.3: remove file
+ * lib/krb5/krb5_free_principal.3: remove file
+ * lib/krb5/krb5_sname_to_principal.3: remove file
+ * lib/krb5/krb5_principal_get_realm.3: remove file
+
+2003-05-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd
+
+ * lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from
+ netbsd
+
+ * lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort
+ sections, from netbsd
+
+ * lib/krb5/krb5_keytab.3: .Sh EXAMPLE -> .Sh EXAMPLES, mdoc fixes,
+ from netbsd
+
+ * lib/krb5/krb5_get_krbhst.3: .Sh EXAMPLE -> .Sh EXAMPLES, from
+ netbsd
+
+ * lib/krb5/krb5_get_all_client_addrs.3: add .Os, from NetBSD
+
+ * lib/krb5/krb5_build_principal.3: sort sections, from NetBSD
+
+ * lib/krb5/krb5.conf.5: .Sh EXAMPLE -> .Sh EXAMPLES, from netbsd
+
+ * lib/krb5/get_default_realm.c: compatability -> compatibility,
+ from netbsd
+
+ * lib/krb5/krb5_warn.3: add copyright/license
+
+ * lib/krb5/krb5_context.3: add SYNOPSIS and LIBRARY
+
+ * lib/krb5/krb5.3: add RCSID
+
+ * kdc/hprop.8: fix mdoc problem, from netbsd
+
+ * lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner
+ <wiz@netbsd.org>
+
+ * kuser/kinit.1: setup -> set up, new sentence, new line from
+ Thomas Klausner <wiz@netbsd.org>
+
+2003-05-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswd.1: handle setting passwords for multiple
+ principals at the same time
+
+ * kpasswd/kpasswd.c: handle setting passwords for multiple
+ principals at the same time
+
+ * lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and
+ rfc3244 share the response packet sure more constants now that
+ they exists
+
+2003-05-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: some define for rfc3244
+
+ * lib/krb5/krb5.3: add krb5_change_password and krb5_set_password
+
+ * kpasswd/kpasswd.1: document --admin-principal
+
+ * kpasswd/kpasswd.c: use krb5_set_password
+
+ * lib/krb5/krb5_set_password.3: document krb5_change_password and
+ krb5_set_password
+
+ * lib/krb5/changepw.c: implement rfc3244, partly from
+ shadow@dementia.org
+
+ * lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for
+ RFC3244
+
+ * lib/asn1/k5.asn1: add ChangePasswdDataMS, for
+ RFC3244
+
+2003-05-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kdestroy.c: destroy tokens even if there isn't v4 support
+
+ * kuser/kinit.c: get token even if there isn't v4 support
+
+ * kuser/klist.c: print tokens even if there isn't v4 support
+
+2003-05-06 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
+ tests
+
+ * lib/asn1/check-gen.c: there is no \e escape sequence; replace
+ everything with hex-codes, and cast to unsigned char* to make some
+ compilers happy
+
+2003-05-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
+ argument to krb5_us_timeofday have correct type
+
+2003-05-05 Assar Westerlund <assar@kth.se>
+
+ * include/make_crypto.c (main): include aes.h if ENABLE_AES
+
+2003-05-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * make-release: when fixing a valid cvs tag from release name
+ replace all number. to number- for all non-overlapping matches
+
+2003-05-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and
+ asn1_ETYPE_INFO2_ENTRY.x
+ (libasn1_la_LDFLAGS): set version to 6:1:1
+
+ * doc/Makefile.am: add apps.texi
+
+ * doc/setup.texi: add move forward link to applications
+
+ * doc/heimdal.texi: add applications
+
+ * doc/misc.texi: move afs stuff to applications add link to
+ applications
+
+ * doc/apps.texi: text about applications using kerberos
+ move afs text here
+
+2003-05-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: add cross realm text
+
+2003-04-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and
+ krb5_string_to_enctype
+
+2003-04-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd
+
+2003-04-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2
+ * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2
+
+2003-04-25 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): if the local
+ sequence number is non-zero, don't generate a new one
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): if the local sequence number is
+ non-zero, don't generate a new one
+
+ * lib/krb5/time.c (krb5_us_timeofday): make the sec parameter a
+ krb5_timestamp
+
+ * lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c
+ lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and
+ RET_TIME
+
+ * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching
+ asn1)
+
+2003-04-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/programming.texi: s/managment/management/, from jmc
+ <jmc@prioris.mini.pw.edu.pl>
+
+2003-04-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c (default_etypes): also advertise that we
+ handle aes encryption types
+
+ * lib/krb5/Makefile.am: add krb5_c_ checksum related functions
+
+ * lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum
+ related functions
+
+ * lib/krb5/mit_glue.c: add compat mit krb5_c checksum related
+ functions
+
+ * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY
+
+2003-04-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd
+
+2003-04-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/der_copy.c (copy_general_string): use strdup
+ * lib/asn1/der_put.c: remove sprintf
+ * lib/asn1/gen.c: remove strcpy/sprintf
+
+ * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
+ that other (me) have such hosts in the local domain and the tests
+ fails, to take hokkigai.pdc.kth.se instead
+
+ * lib/krb5/test_alname.c: add --version and --help
+
+2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_warn.3: add krb5_get_err_text
+
+ * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
+ * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
+ * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
+ strlcpy, from openbsd
+ * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
+ * appl/kf/kfd.c: use strlcpy, from openbsd
+
+2003-04-16 Johan Danielsson <joda@pdc.kth.se>
+
+ * configure.in: fix for large file support in AIX, _LARGE_FILES
+ needs to be defined on the command line, since lex likes to
+ include stdio.h before we get to config.h
+
+2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
+ from Thomas Klausner <wiz@netbsd.org>
+
+ * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
+ <wiz@netbsd.org>
+
+2003-04-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: fix some more memory leaks
+
+2003-04-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
+
+2003-04-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
+
+2003-04-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
+ * kuser/kinit.1: s/kerberos/Kerberos/
+ * kdc/kdc.8: s/kerberos/Kerberos/
+
+2003-04-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
+
+ * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
+ converting too root, make sure user is ok according to
+ krb5_kuserok before allowing it.
+
+ * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
+
+ * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
+
+ * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
+ instead of the "illegal" salt #~, same change as kth-krb did
+ 1999. Problems occur with crypt() that behaves like AT&T crypt
+ (openssl does this). Pointed out by Marcus Watts.
+
+ * admin/change.c (kt_change): collect all principals we are going
+ to change, and pick the highest kvno and use that to guess what
+ kvno the resulting kvno is going to be. Now two ktutil change in a
+ row works. XXX fix the protocol to pass the kvno back.
+
+2003-03-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
+
+2003-03-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: add description on how to turn on v4, 524 and
+ kaserver support
+
+2003-03-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
+ and afs-use-524
+
+2003-03-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (as_rep): when the second enctype_to_string
+ failes, remember to free memory from the first enctype_to_string
+
+ * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
+ from Harald Joerg <harald.joerg@fujitsu-siemens.com>
+ (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
+
+ * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
+ length when key is longer then expected length, its probably
+ longer since the encrypted data was padded, reported by Aidan
+ Cully <aidan@kublai.com>
+
+ * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
+ encyption type, inspired by Aidan Cully <aidan@kublai.com>
+
+2003-03-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
+ (wildcard kvno) after principal when the keytab entry isn't found,
+ reported by Chris Chiappa <chris@chiappa.net>
+
+2003-03-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/misc.texi: update 2b example to match reality (from
+ mattiasa@e.kth.se)
+
+ * doc/misc.texi: spelling and add `Configuring AFS clients'
+ subsection
+
+2003-03-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.3: add krb5_free_data_contents.3
+
+ * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
+ API
+
+ * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
+ with MIT API
+
+ * lib/krb5/krb5_verify_user.3: write more about how the ccache
+ argument should be inited when used
+
+2003-03-25 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/addr_families.c (krb5_print_address): make sure
+ print_addr is defined for the given address type; make addrports
+ printable
+
+ * kdc/string2key.c: print the used enctype for kerberos 5 keys
+
+2003-03-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: add another arcfour test
+
+2003-03-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
+
+2003-03-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_ccache.3: update .Dd
+
+ * lib/krb5/krb5.3: sort in krb5_data functions
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
+
+ * lib/krb5/krb5_data.3: document krb5_data
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
+ prompter is NULL, don't try to ask for a password to
+ change. reported by Iain Moffat @ ufl.edu via Howard Chu
+ <hyc@highlandsun.com>
+
+2003-03-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_keytab.3: spelling, from
+ <jmc@prioris.mini.pw.edu.pl>
+
+ * lib/krb5/krb5.conf.5: . means new line
+
+ * lib/krb5/krb5.conf.5: spelling, from
+ <jmc@prioris.mini.pw.edu.pl>
+
+ * lib/krb5/krb5_auth_context.3: spelling, from
+ <jmc@prioris.mini.pw.edu.pl>
+
+2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
+
+ * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
+
+ * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
+
+ * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
+ #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
+
+ * kdc/config.c: 524 is independent of kerberos 4, so move out
+ enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
+
+2003-03-17 Assar Westerlund <assar@kth.se>
+
+ * kdc/kdc.8: document --kerberos4-cross-realm
+ * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
+ * kdc/kdc_locl.h (enable_v4_cross_realm): add
+ * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
+ flag before giving out v4 tickets for foreign v5 principals
+ * kdc/config.c: add --enable-kerberos4-cross-realm option (default
+ to off)
+
+2003-03-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
+
+ * lib/krb5/krb5_aname_to_localname.3: manpage for
+ krb5_aname_to_localname
+
+ * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
+
+2003-03-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
+
+ * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
+
+ * lib/krb5/krb5_set_default_realm.3: Manpage for
+ krb5_free_host_realm, krb5_get_default_realm,
+ krb5_get_default_realms, krb5_get_host_realm, and
+ krb5_set_default_realm.
+
+ * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
+ <sobrado@acm.org> via NetBSD
+
+ * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
+
+ * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
+
+ * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
+
+ * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
+ types, add krb5_fcc_ops and krb5_mcc_ops
+
+ * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
+ a id
+
+2003-03-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/intro.texi: add reference to source code, binaries and the
+ manual
+
+ * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
+
+2003-03-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kdc.8: better/difrent english
+
+ * kdc/kdc.8: . -> .\n, copyright/license
+
+ * kdc/kdc.8: changed configuration file -> restart kdc
+
+ * kdc/kerberos4.c: add krb4 into the most error messages written
+ to the logfile
+
+ * lib/krb5/krb5_ccache.3: add missing name of argument
+ (krb5_context) to most functions
+
+2003-03-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
+ function and return FALSE when there isn't a local account for
+ `luser'.
+
+ * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
+ describing the function
+
+2003-03-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
+ returned memory, don't return ENOMEM
+
+2003-03-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.3: add krb5_address stuff and sort
+
+ * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
+
+ * lib/krb5/krb5_address.3: document types krb5_address and
+ krb5_addresses and their helper functions
+
+2003-03-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
+
+ * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
+
+ * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
+
+ * lib/krb5/krb5.3: add more functions
+
+ * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
+ functions
+
+ * lib/krb5/krb5_kuserok.3: document krb5_kuserok
+
+ * lib/krb5/krb5_verify_user.3: document
+ krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
+
+ * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
+ krb5_verify_user_opt
+
+ * lib/krb5/*.[0-9]: add copyright/licenses on more manpages
+
+ * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
+ return NULL
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
+ (TESTS): add test_cc
+
+ * lib/krb5/test_cc.c: test some
+ krb5_cc_default_name/krb5_cc_set_default_name combinations
+
+ * lib/krb5/context.c (init_context_from_config_file): set
+ default_cc_name to NULL
+ (krb5_free_context): free default_cc_name if set
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): new function
+ (krb5_cc_default_name): use krb5_cc_set_default_name
+
+ * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
+
+2003-02-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/kf/kf.1: s/securly/securely/ from NetBSD
+
+2003-02-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/connect.c: s/intialize/initialize, from
+ <jmc@prioris.mini.pw.edu.pl>
+
+2003-02-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: add AM_MAINTAINER_MODE
+
+2003-02-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * **/*.[0-9]: add copyright/licenses on all manpages
+
+2003-14-16 Jacques Vidrine <nectar@kth.se>
+
+ * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
+ PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
+ type specified by the KDC.
+
+2003-02-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * fix-export: some autoconf put their version number in
+ autom4te.cache, so remove autom4te*.cache
+
+ * fix-export: make sure $1 is a directory
+
+2003-02-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
+
+ * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
+
+2003-01-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/hpropd.8: s/databases/a database/ s/Not/not/
+
+ * kdc/hprop.8: add missing .
+
+2003-01-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
+ address, write out encryption type in sentences, s/Host/host
+
+2003-01-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/check-gen.c: add checks for Authenticator too
+
+2003-01-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: in the hprop example, use hprop and the first
+ component, not host
+
+ * lib/krb5/get_addrs.c (find_all_addresses): address-less
+ point-to-point might not have an address, just ignore
+ those. Reported by Harald Barth.
+
+2003-01-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
+ found, don't print out all known keys
+
+ * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
+ and facility start resp
+ (check_log): find_value() returns -1 when key isn't found
+
+ * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
+ 'const void *' to avoid AES_KEY being exposed in krb5-private.h
+
+ * lib/krb5/krb5.conf.5: add [kdc]use_2b
+
+ * kdc/524.c (encode_524_response): its 2b not b2
+
+ * doc/misc.texi: quote @ where missing
+
+ * lib/asn1/Makefile.am: add check-gen
+
+ * lib/asn1/check-gen.c: add Principal check
+
+ * lib/asn1/check-common.h: move generic asn1/der functions from
+ check-der.c to here
+
+ * lib/asn1/check-common.c: move generic asn1/der functions from
+ check-der.c to here
+
+ * lib/asn1/check-der.c: move out the generic asn1/der functions to
+ a common file
+
+2003-01-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/misc.texi: more text about afs, how to get get your KeyFile,
+ and how to start use 2b tokens
+
+ * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
+ <jmc@cvs.openbsd.org>
+
+2003-01-21 Jacques Vidrine <nectar@kth.se>
+
+ * kuser/kuser_locl.h: include crypto-headers.h for
+ des_read_pw_string prototype
+
+2003-01-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * admin/ktutil.8: document -v, --verbose
+
+ * admin/get.c (kt_get): make getarg usage consistent with other
+ other parts of ktutil
+
+ * admin/copy.c (kt_copy): remove adding verbose_flag to args
+ struct, since it will overrun the args array (from Sumit Bose)
+
+2003-01-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
+ ... }
+
+ * lib/krb5/aes-test.c: test vectors in aes-draft
+
+ * lib/krb5/Makefile.am: add aes-test.c
+
+ * lib/krb5/crypto.c: Add support for AES
+ (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
+ (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
+ to support checksumtype that are have a shorter wireformat then
+ their output block size.
+
+ * lib/krb5/crypto.c (struct encryption_type): split the blocksize
+ into blocksize and padsize, padsize is the minimum padding
+ size. they are the same for now
+ (enctype_*): add padsize
+ (encrypt_internal): use padsize
+ (encrypt_internal_derived): use padsize
+ (wrapped_length): use padsize
+ (wrapped_length_dervied): use padsize
+
+ * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
+ function for each enctype in preparation enctypes that uses
+ `Encryption and Checksum Specifications for Kerberos 5' draft
+
+ * lib/asn1/k5.asn1: add checksum and enctype for AES from
+ draft-raeburn-krb-rijndael-krb-02.txt
+
+ * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
+ KEYTYPE_AES256
+
+2003-01-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/common.c (_hdb_fetch): handle error code from
+ hdb_value2entry
+
+ * kdc/Makefile.am: always include kerberos4.c and 524.c in
+ kdc_SOURCES to support 524
+
+ * kdc/524.c: always compile in support for 524
+
+ * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
+
+ * kdc/config.c: always compile in support for 524
+
+ * kdc/connect.c: always compile in support for 524
+
+ * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
+ even when we build without kerberos 4, 524 needs them
+
+ * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
+ Kerberos 4 help functions/structures so other parts of the source
+ tree can use it (like the KDC)
+
git.samba.org / samba.git / blobdiff