Cradicle Explorer
darling-Heimdal
/ ChangeLog.2007
ChangeLog.2007
   1  2007-12-28  Love Hörnquist Åstrand  <lha@it.su.se>
   2  
   3  	* kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the
   4  	type2 message.
   5  
   6  2007-12-14  Love Hörnquist Åstrand  <lha@it.su.se>
   7  
   8  	* lib/hdb/dbinfo.c: Add hdb_default_db().
   9  
  10  	* Makefile.am: Add some extra cf/*.
  11  
  12  2007-12-12  Love Hörnquist Åstrand  <lha@it.su.se>
  13  	
  14  	* kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov.
  15  
  16  2007-12-09  Love Hörnquist Åstrand  <lha@it.su.se>
  17  
  18  	* kdc/log.c: Use hdb_db_dir().
  19  
  20  	* kpasswd/kpasswdd.c: Use hdb_db_dir().
  21  
  22  2007-12-08  Love Hörnquist Åstrand  <lha@it.su.se>
  23  	
  24  	* kdc/config.c: Use hdb_db_dir().
  25  
  26  	* kdc/kdc_locl.h: add KDC_LOG_FILE
  27  
  28  	* kdc/hpropd.c: Use hdb_default_db().
  29  
  30  	* kdc/kstash.c: Use hdb_db_dir().
  31  
  32  	* kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir().
  33  
  34  	* lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check.
  35  
  36  	* lib/krb5/verify_krb5_conf.c: Check check_pac.
  37  
  38  	* lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac
  39  	field in the krb5_rd_req_in_ctx
  40  
  41  	* lib/krb5/expand_hostname.c: Adapt to changing
  42  	dns_canonicalize_hostname into flags field.
  43  
  44  	* lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname
  45  	into flags field, add check-pac as an libdefaults option.
  46  
  47  	* lib/krb5/pkinit.c: Adapt to changes in hx509 interface.
  48  
  49  	* doc: add doxygen documentation to hcrypto
  50  
  51  	* doc/doxytmpl.dxy: generate links
  52  	
  53  2007-12-07  Love Hörnquist Åstrand  <lha@it.su.se>
  54  
  55  	* lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h
  56  
  57  	* lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the
  58  	hdb database resides.
  59  
  60  	* configure.in: Add --with-hdbdir to specify where the database is
  61  	stored.
  62  
  63  	* lib/krb5/crypto.c: revert previous patch, the problem is located
  64  	in the RAND_file_name() function that will cause recursive nss
  65  	lookups, can't fix that here.
  66  
  67  2007-12-06  Love Hörnquist Åstrand  <lha@it.su.se>
  68  
  69  	* lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the
  70  	dead-lock in by not holding the lock while running
  71  	RAND_file_name. Prompted by Hai Zaar.
  72  
  73  	* lib/krb5/n-fold.c: spelling
  74  	
  75  2007-12-04  Love Hörnquist Åstrand  <lha@it.su.se>
  76  
  77  	* kuser/kdigest.c (digest-probe): implement command.
  78  
  79  	* kuser/kdigest-commands.in (digest-probe): new command
  80  	
  81  	* kdc/digest.c: Implement supportedMechs request.
  82  
  83  	* lib/krb5/error_string.c: Make krb5_get_error_string return an
  84  	allocated string to make the function indempotent. From
  85  	Zeqing (Fred) Xia.
  86  
  87  2007-12-03  Love Hörnquist Åstrand  <lha@it.su.se>
  88  
  89  	* lib/krb5/krb5_locl.h (krb5_context_data): Flag if
  90  	default_cc_name was set by the user.
  91  
  92  	* lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate.
  93  
  94  	* kcm/acquire.c: use krb5_free_cred_contents
  95  
  96  	* kuser/kimpersonate.c: use krb5_free_cred_contents
  97  	
  98  	* kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the
  99  	cred cache.
 100  
 101  	* lib/krb5/cache.c: Put back code that was needed, move gen_new
 102  	into new_unique.
 103  
 104  	* lib/krb5/mcache.c (mcc_default_name): Remove const
 105  
 106  	* lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine
 107  	KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE
 108  
 109  	* lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the
 110  	default name.
 111  
 112  	* lib/krb5/kcm.c: Implement krb5_cc_ops->default_name.
 113  
 114  	* lib/krb5/mcache.c: Implement krb5_cc_ops->default_name.
 115  
 116  	* lib/krb5/fcache.c: Implement krb5_cc_ops->default_name.
 117  
 118  	* lib/krb5/krb5.h: Add krb5_cc_ops->default_name.
 119  
 120  	* lib/krb5/acache.c: Free context when done, implement
 121  	krb5_cc_ops->default_name.
 122  
 123  	* lib/krb5/kcm.c: implement dummy kcm_move
 124  
 125  	* lib/krb5/mcache.c: Implement the move operation.
 126  
 127  	* lib/krb5/version-script.map: export krb5_cc_move
 128  
 129  	* lib/krb5/cache.c: New function krb5_cc_move().
 130  
 131  	* lib/krb5/fcache.c: Implement the move operation.
 132  
 133  	* lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major
 134  	version bump.
 135  
 136  	* lib/krb5/acache.c: Implement the move operation. Avoid using
 137  	cc_set_principal() since it broken on Mac OS X 10.5.0.
 138  	
 139  2007-12-02  Love Hörnquist Åstrand  <lha@it.su.se>
 140  
 141  	* lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow.
 142  	
 143  2007-11-14  Love Hörnquist Åstrand  <lha@it.su.se>
 144  
 145  	* kdc/krb5tgs.c: Should pass different key usage constants
 146  	depending on whether or not optional sub-session key was passed by
 147  	the client for the check of authorization data. The constant is
 148  	used to derive "specific key" and its values are specified in
 149  	7.5.1 of RFC4120.
 150  	
 151  	Patch from Andy Polyakov.
 152  
 153  	* kdc/krb5tgs.c: Don't send auth data in referrals, microsoft
 154  	clients have started to not like that. Thanks to Andy Polyakov for
 155  	excellent research.
 156  
 157  2007-11-11  Love Hörnquist Åstrand  <lha@it.su.se>
 158  
 159  	* lib/krb5/creds.c: use krb5_data_cmp
 160  
 161  	* lib/krb5/acache.c: use krb5_free_cred_contents
 162  
 163  	* lib/krb5/test_renew.c: use krb5_free_cred_contents
 164  	
 165  2007-11-10  Love Hörnquist Åstrand  <lha@it.su.se>
 166  
 167  	* lib/krb5/acl.c: doxygen documentation
 168  
 169  	* lib/krb5/addr_families.c: doxygen documentation
 170  
 171  	* doc: add doxygen
 172  
 173  	* lib/krb5/plugin.c: doxygen documentation
 174  
 175  	* lib/krb5/kcm.c: doxygen documentation
 176  
 177  	* lib/krb5/fcache.c: doxygen documentation
 178  
 179  	* lib/krb5/cache.c: doxygen documentations
 180  	
 181  	* lib/krb5/doxygen.c: doxygen introduction
 182  
 183  	* lib/krb5/error_string.c: Doxygen documentation.
 184  
 185  2007-11-03  Love Hörnquist Åstrand  <lha@it.su.se>
 186  
 187  	* lib/krb5/test_plugin.c: expose krb5_plugin_register
 188  
 189  	* lib/krb5/plugin.c: expose krb5_plugin_register
 190  
 191  	* lib/krb5/version-script.map: sort, expose krb5_plugin_register
 192  
 193  2007-10-24  Love Hörnquist Åstrand  <lha@it.su.se>
 194  
 195  	* kdc/kerberos5.c: Adding same enctype is enough one time. From
 196  	Andy Polyakov and Bjorn Sandell.
 197  	
 198  2007-10-18  Love  <lha@stacken.kth.se>
 199  
 200  	* lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value
 201  	from krb5_cc_start_seq_get. From Zeqing (Fred) Xia
 202  	
 203  	* lib/krb5/fcache.c (init_fcc): provide better error codes
 204  
 205  	* kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid
 206  	sending warning about pruned etypes.
 207  
 208  	* kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour
 209  	based) "old", this to support windows 2000 clients (unjoined to a
 210  	domain). From Andy Polyakov.
 211  
 212  2007-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
 213  
 214  	* doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell.
 215  	
 216  2007-10-04  Love Hörnquist Åstrand  <lha@it.su.se>
 217  
 218  	* kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA
 219  	Ken'ichi.
 220  
 221  	* lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is
 222  	NULL on failure.
 223  
 224  2007-10-03  Love Hörnquist Åstrand  <lha@it.su.se>
 225  
 226  	* kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from
 227  	krb5_addr2sockaddr and igore thte test is that case.
 228  	
 229  2007-09-29  Love Hörnquist Åstrand  <lha@it.su.se>
 230  
 231  	* lib/krb5/context.c (krb5_free_context): free
 232  	default_cc_name_env, from Gunther Deschner.
 233  
 234  2007-08-27  Love Hörnquist Åstrand  <lha@it.su.se>
 235  
 236  	* lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make
 237  	work with c++, reported by Hai Zaar
 238  
 239  	* lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar
 240  
 241  2007-08-20  Love Hörnquist Åstrand  <lha@it.su.se>
 242  
 243  	* lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema
 244  
 245  2007-07-31  Love Hörnquist Åstrand  <lha@it.su.se>
 246  
 247  	* check return value of alloc functions, from Charles Longeau
 248  
 249  	* lib/krb5/principal.c: spelling.
 250  
 251  	* kadmin/kadmin.8: spelling
 252  
 253  	* lib/krb5/crypto.c: Check return values from alloc
 254  	functions. Prompted by patch of Charles Longeau.
 255  
 256  	* lib/krb5/n-fold.c: Make _krb5_n_fold return a error
 257  	code. Prompted by patch of Charles Longeau.
 258  
 259  2007-07-27  Love Hörnquist Åstrand  <lha@it.su.se>
 260  
 261  	* lib/krb5/init_creds.c: Always set the ticket options, use
 262  	KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset
 263  	tri-state not so useful.
 264  
 265  2007-07-24  Love Hörnquist Åstrand  <lha@it.su.se>
 266  
 267  	* tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of
 268  	libraries.
 269  
 270  	* tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in
 271  	heimdal.
 272  
 273  	* tools/Makefile.am: Add heimdal-gssapi.pc and install it into
 274  	$(libdir)/pkgconfig
 275  
 276  2007-07-23  Love Hörnquist Åstrand  <lha@it.su.se>
 277  
 278  	* lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default.
 279  
 280  2007-07-22  Love Hörnquist Åstrand  <lha@it.su.se>
 281  
 282  	* lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as
 283  	key if the entry is a correct entry.
 284  
 285  	* lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from
 286  	Gunther Deschner.
 287  
 288  	* lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS.
 289  
 290  	* lib/krb5/test_renew.c: Test for krb5_get_renewed_creds.
 291  
 292  2007-07-21  Love Hörnquist Åstrand  <lha@it.su.se>
 293  
 294  	* lib/hdb/keys.c: Make parse_key_set handle key set string "v5",
 295  	from Peter Meinecke.
 296  
 297  	* kdc/kaserver.c: Don't ovewrite the error code, from Peter
 298  	Meinecke.
 299  
 300  2007-07-18  Love Hörnquist Åstrand  <lha@it.su.se>
 301  
 302  	* TODO-1.0: remove 
 303  
 304  	* Makefile.am: remove TODO-1.0
 305  
 306  2007-07-17  Love Hörnquist Åstrand  <lha@it.su.se>
 307  
 308  	* Heimdal 1.0 release branch cut here
 309  	
 310  	* doc/hx509.texi: use version.texi
 311  	
 312  	* doc/heimdal.texi: use version.texi
 313  	
 314  	* doc/version.texi: version.texi
 315  
 316  	* lib/hdb/db3.c: avoid type-punned pointer warning.
 317  
 318  	* kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to
 319  	please OpenSSL and gcc.
 320  
 321  	* kdc/digest.c: Use unsigned char * as argument to MD5_Update to
 322  	please OpenSSL and gcc.
 323  
 324  2007-07-16  Love Hörnquist Åstrand  <lha@it.su.se>
 325  
 326  	* include/Makefile.am: Add krb_err.h.
 327  
 328  	* kdc/set_dbinfo.c: Print acl file too.
 329  
 330  	* kdc/kerberos4.c: Error codes are just fine, remove XXX now.
 331  
 332  	* lib/krb5/krb5-v4compat.h: Drop duplicate error codes.
 333  
 334  	* kdc/kerberos4.c: switch to ET errors.
 335  
 336  	* lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ.
 337  
 338  	* lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the
 339  	et BASE.
 340  
 341  2007-07-15  Love Hörnquist Åstrand  <lha@it.su.se>
 342  
 343  	* lib/krb5/krb5-v4compat.h: Include "krb_err.h".
 344  
 345  	* lib/krb5/v4_glue.c: return more interesting error codes.
 346  
 347  	* lib/krb5/plugin.c: Prefix enum plugin_type.
 348  
 349  	* lib/krb5/krb5_locl.h: Expose plugin structures.
 350  	
 351  	* lib/krb5/krb5.h: Add plugin structures.
 352  
 353  	* lib/krb5/krb_err.et: V4 errors.
 354  
 355  	* lib/krb5/version-script.map: First version of version script.
 356  
 357  2007-07-13  Love Hörnquist Åstrand  <lha@it.su.se>
 358  
 359  	* kdc/kerberos5.c: Java 1.6 expects the name to be the same type,
 360  	lets allow that for uncomplicated name-types.
 361  
 362  2007-07-12  Love Hörnquist Åstrand  <lha@it.su.se>
 363  
 364  	* lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains
 365  	address 0, its ticket less and don't really care about
 366  	from_addr. return better error codes.
 367  
 368  	* kpasswd/kpasswdd.c: Fix pointer vs strict alias rules.
 369  
 370  2007-07-11  Love Hörnquist Åstrand  <lha@it.su.se>
 371  
 372  	* lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding
 373  	more then one enctype 23 to krb5EncryptionType.
 374  
 375  	* lib/krb5/cache.c: Spelling.
 376  
 377  	* kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO.
 378  	(get_pa_etype_info2): return the enctypes as sorted in the
 379  	database
 380  
 381  2007-07-10  Love Hörnquist Åstrand  <lha@it.su.se>
 382  
 383  	* kuser/kinit.c: krb5-v4compat.h defines prototypes for
 384  	v4 (semiprivate functions) in libkrb5, don't include
 385  	krb5-private.h any longer.
 386  
 387  	* lib/krb5/krbhst.c: Set error string when there is no KDC for a
 388  	realm.
 389  
 390  	* lib/krb5/Makefile.am: New library version.
 391  
 392  	* kdc/Makefile.am: New library version.
 393  
 394  	* lib/krb5/krb5_locl.h: Add default_cc_name_env.
 395  
 396  	* lib/krb5/cache.c (enviroment_changed): return non-zero if
 397  	enviroment that will determine default krb5cc name has changed.
 398  	(krb5_cc_default_name): also check if cached value is uptodate.
 399  
 400  	* lib/krb5/krb5_locl.h: Drop pkinit_flags.
 401  
 402  2007-07-05  Love Hörnquist Åstrand  <lha@it.su.se>
 403  
 404  	* configure.in: add tests/java/Makefile
 405  
 406  	* lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file.
 407  
 408  2007-07-04  Love Hörnquist Åstrand  <lha@it.su.se>
 409  
 410  	* kdc/kerberos5.c: Improve the default salt detection to avoid
 411  	returning v4 password salting to java that doesn't look at the
 412  	returning padata for salting.
 413  
 414  	* kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett
 415  
 416  2007-07-02  Love Hörnquist Åstrand  <lha@it.su.se>
 417  
 418  	* kdc/digest.c: Try harder to provide better error message for
 419  	digest messages.
 420  
 421  	* lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on
 422  	krb5-pr*.h, make -j finds this.
 423  	
 424  2007-06-28  Love Hörnquist Åstrand  <lha@it.su.se>
 425  
 426  	* kdc/digest.c: On success, print username, not ip-adress.
 427  
 428  2007-06-26  Love Hörnquist Åstrand  <lha@it.su.se>
 429  
 430  	* lib/krb5/get_cred.c: Add krb5_get_renewed_creds.
 431  
 432  	* lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds
 433  
 434  	* lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo.
 435  	
 436  2007-06-25  Love Hörnquist Åstrand  <lha@it.su.se>
 437  
 438  	* doc/setup.texi: Add example for pkinit_win2k_require_binding
 439  	in [kdc] section.
 440  
 441  	* kdc/default_config.c: Rename require_binding to
 442  	win2k_require_binding to match client configuration.
 443  
 444  	* kdc/default_config.c: Add [kdc]pkinit_require_binding option.
 445  
 446  	* kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply
 447  	if its not required.
 448  
 449  	* kdc/default_config.c: rename pkinit_princ_in_cert and add
 450  	pkinit_require_binding
 451  
 452  	* kdc/kdc.h: rename pkinit_princ_in_cert and add
 453  	pkinit_require_binding
 454  
 455  	* kdc/pkinit.c: rename pkinit_princ_in_cert
 456  
 457  2007-06-24  Love Hörnquist Åstrand  <lha@it.su.se>
 458  
 459  	* lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change.
 460  
 461  2007-06-21  Love Hörnquist Åstrand  <lha@it.su.se>
 462  
 463  	* kdc/krb5tgs.c: Drop unused variable.
 464  
 465  	* kdc/krb5tgs.c: disable anonyous tgs requests
 466  
 467  	* kdc/krb5tgs.c: Don't check PAC on cross realm for now.
 468  
 469  	* kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse
 470  	nametypes.
 471  
 472  	* lib/krb5/krb5_principal.3: Document krb5_parse_nametype.
 473  
 474  	* lib/krb5/principal.c (krb5_parse_nametype): parse nametype and
 475  	return their integer values.
 476  
 477  	* lib/krb5/krb5.h (krb5_get_creds): Add
 478  	KRB5_GC_CONSTRAINED_DELEGATION.
 479  
 480  	* lib/krb5/get_cred.c (krb5_get_creds): if
 481  	KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous
 482  	and constrained_delegation.
 483  
 484  2007-06-20  Love Hörnquist Åstrand  <lha@it.su.se>
 485  
 486  	* kdc/digest.c: Return an error message instead of dropping the
 487  	packet for more failure cases.
 488  
 489  	* lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY.
 490  
 491  	* appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more
 492  	gracefully
 493  	
 494  2007-06-18  Love Hörnquist Åstrand  <lha@it.su.se>
 495  
 496  	* lib/krb5/pac.c: make compile.
 497  	
 498  	* lib/krb5/pac.c (verify_checksum): memset cksum to avoid using
 499  	pointer from stack.
 500  
 501  	* lib/krb5/plugin.c: Don't expose free pointer.
 502  
 503  	* lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first
 504  	calloc.
 505  	
 506  	* lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory
 507  
 508  	* lib/krb5/krbhst.c: Host is static memory, don't free.
 509  
 510  	* lib/krb5/crypto.c (decrypt_internal_derived): make sure length
 511  	is longer then confounder + checksum.
 512  
 513  	* kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from
 514  	users. This to allows libkdc users to to specify their own
 515  	databases
 516  
 517  	* lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of
 518  	content data (and avoid leaking memory).
 519  
 520  	* kdc/misc.c (_kdc_db_fetch): set error string for failures.
 521  	
 522  2007-06-15  Love Hörnquist Åstrand  <lha@it.su.se>
 523  
 524  	* kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.
 525  
 526  2007-06-13  Love Hörnquist Åstrand  <lha@it.su.se>
 527  
 528  	* kdc/pkinit.c: tell user when they got a pk-init request with
 529  	pkinit disabled.
 530  
 531  2007-06-12  Love Hörnquist Åstrand  <lha@it.su.se>
 532  	
 533  	* lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to
 534  	UNPARSE_DISPLAY.
 535  
 536  	* lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY.
 537  
 538  	* lib/krb5/principal.c: Make no-quote mean replace strange chars
 539  	with space.
 540  
 541  	* lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
 542  
 543  	* lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
 544  
 545  	* lib/krb5/test_princ.c: Test quoteing.
 546  
 547  	* lib/krb5/pkinit.c: update (c)
 548  	
 549  	* lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC.
 550  
 551  	* lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole
 552  	process needs to restart or just skip this KDC.
 553  
 554  	* lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to
 555  	KDC.
 556  
 557  	* lib/krb5/krb5.h: Add sendto hooks and opaque structure.
 558  
 559  	* lib/krb5/krb5_rd_error.3: Update prototype.
 560  
 561  	* lib/krb5/send_to_kdc.c: Add hooks for processing the reply from
 562  	the server.
 563  	
 564  2007-06-11  Love Hörnquist Åstrand  <lha@it.su.se>
 565  
 566  	* lib/krb5/krb5_err.et: Some new error codes from RFC 4120.
 567  	
 568  2007-06-09  Love Hörnquist Åstrand  <lha@it.su.se>
 569  
 570  	* kdc/krb5tgs.c: Constify.
 571  
 572  	* kdc/kerberos5.c: Constify.
 573  
 574  	* kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify.
 575  
 576  2007-06-08  Love Hörnquist Åstrand  <lha@it.su.se>
 577  
 578  	* include/Makefile.am: Make krb5-types.h nodist_include_HEADERS.
 579  
 580  	* kdc/Makefile.am: EXTRA_DIST += version-script.map.
 581  	
 582  2007-06-07  Love Hörnquist Åstrand  <lha@it.su.se>
 583  	
 584  	* Makefile.am (print-distdir): print name of dist
 585  
 586  	* kdc/pkinit.c: Break out loading of mappings file to a separate
 587  	function and remove warning that it can't open the mapping file,
 588  	there are now mappings in the db, maybe the users uses that
 589  	instead...
 590  
 591  	* lib/krb5/crypto.c: Require the raw key have the correct size and
 592  	do away with the minsize.  Minsize was a thing that originated
 593  	from RC2, but since RC2 is done in the x509/cms subsystem now
 594  	there is no need to keep that around.
 595  
 596  	* lib/hdb/dbinfo.c: If there is no default dbname, also check for
 597  	unset mkey_file and set it default mkey name, make backward compat
 598  	stuff work.
 599  
 600  	* kdc/version-script.map: add new symbols
 601  
 602  	* kdc/kdc-replay.c: Also update krb5_context view of what the time
 603  	is.
 604  
 605  	* configure.in: add tests/can/Makefile
 606  
 607  	* kdc/kdc-replay.c: Add --[version|help].
 608  
 609  	* kdc/pkinit.c: Push down the kdc time into the x509 library.
 610  
 611  	* kdc/connect.c: Move up krb5_kdc_save_request so we can catch the
 612  	reply data too.
 613  
 614  	* kdc/kdc-replay.c: verify reply by checking asn1 class, type and
 615  	tag of the reply if there is one.
 616  
 617  	* kdc/process.c: Save asn1 class, type and tag of the reply if
 618  	there is one. Used to verify the reply in kdc-replay.
 619  
 620  2007-06-06  Love Hörnquist Åstrand  <lha@it.su.se>
 621  
 622  	* kdc/kdc_locl.h: extern for request_log.
 623  
 624  	* kdc/Makefile.am: Add kdc-replay.
 625  
 626  	* kdc/kdc-replay.c: Replay kdc messages to the KDC library.
 627  
 628  	* kdc/config.c: Pick up request_log from [kdc]kdc-request-log.
 629  
 630  	* kdc/connect.c: Option to save the request to disk.
 631  
 632  	* kdc/process.c (krb5_kdc_save_request): save request to file.
 633  
 634  	* kdc/process.c (krb5_kdc_process*): dont update _kdc_time
 635  	automagicly.
 636  	(krb5_kdc_update_time): set or get current kdc-time.
 637  
 638  	* kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and
 639  	pkauthdata as the signeddata oid
 640  	
 641  	* kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong.
 642  
 643  2007-06-05  Love Hörnquist Åstrand  <lha@it.su.se>
 644  	
 645  	* kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to
 646  	match windows DC behavior better.
 647  	
 648  2007-06-04  Love Hörnquist Åstrand  <lha@it.su.se>
 649  
 650  	* configure.in: use test for -framework Security
 651  
 652  	* appl/test/uu_server.c: Print status to stdout.
 653  
 654  	* kdc/digest.c (digest ntlm): provide log entires by setting ret
 655  	to an error.
 656  	
 657  2007-06-03  Love Hörnquist Åstrand  <lha@it.su.se>
 658  
 659  	* doc/hx509.texi: Indent crl-sign.
 660  
 661  	* doc/hx509.texi: One more crl-sign example.
 662  
 663  	* lib/krb5/test_princ.c: plug memory leaks.
 664  
 665  	* lib/krb5/pac.c: plug memory leaks.
 666  
 667  	* lib/krb5/test_pac.c: plug memory leaks.
 668  
 669  	* lib/krb5/test_prf.c: plug memory leak.
 670  
 671  	* lib/krb5/test_cc.c: plug memory leaks.
 672  
 673  	* doc/hx509.texi: Simple blob about publishing CRLs.
 674  
 675  	* doc/win2k.texi: drop text about enctypes.
 676  	
 677  2007-06-02  Love Hörnquist Åstrand  <lha@it.su.se>
 678  
 679  	* kdc/pkinit.c: In case of OCSP verification failure, referash
 680  	every 5 min. In case of success, refreash 2 min before expiring or
 681  	faster.
 682  	
 683  2007-05-31  Love Hörnquist Åstrand  <lha@it.su.se>
 684  	
 685  	* lib/krb5/krb5_err.et: add error 68, WRONG_REALM
 686  
 687  	* kdc/pkinit.c: Handle the ms san in a propper way, still cheat
 688  	with the realm name.
 689  
 690  	* kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out
 691  	directly and hand the error back to the client.
 692  
 693  	* lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE
 694  	and fix error message for CLIENT_NAME_MISMATCH.
 695  
 696  	* kdc/pkinit.c: More logging for pk-init client mismatch.
 697  
 698  	* kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for
 699  	windows pk-init (-9) to make MIT clients happy.
 700  	
 701  2007-05-30  Love Hörnquist Åstrand  <lha@it.su.se>
 702  	
 703  	* kdc/pkinit.c: Force des3 for win2k.
 704  
 705  	* kdc/pkinit.c: Add wrapping to ContentInfo wrapping to
 706  	COMPAT_WIN2K.
 707  
 708  	* lib/krb5/keytab_keyfile.c: Spelling.
 709  
 710  	* kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta
 711  	doesn't deal with case of realm.
 712  	
 713  2007-05-16  Love Hörnquist Åstrand  <lha@it.su.se>
 714  
 715  	* lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead
 716  	of encryption.
 717  	
 718  2007-05-10  Dave Love  <fx@gnu.org>
 719  	
 720  	* doc/win2k.texi: Update some URLs.
 721  
 722  2007-05-13  Love Hörnquist Åstrand  <lha@it.su.se>
 723  
 724  	* kuser/kimpersonate.c: Fix version number of ticket, it should be
 725  	5 not the kvno.
 726  	
 727  2007-05-08  Love Hörnquist Åstrand  <lha@it.su.se>
 728  
 729  	* doc/setup.texi: Salting is really Encryption types and salting.
 730  	
 731  2007-05-07  Love Hörnquist Åstrand  <lha@it.su.se>
 732  	
 733  	* doc/setup.texi: spelling, from Ronny Blomme
 734  
 735  	* doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny
 736  	Blomme
 737  	
 738  2007-05-02  Love Hörnquist Åstrand  <lha@it.su.se>
 739  
 740  	* lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database
 741  	specified, create one and let it use the defaults.
 742  	
 743  2007-04-27  Love Hörnquist Åstrand  <lha@it.su.se>
 744  	
 745  	* lib/hdb/test_dbinfo.c: test acl file
 746  
 747  	* lib/hdb/test_dbinfo.c: test acl file
 748  
 749  	* lib/hdb/dbinfo.c: add acl file
 750  
 751  	* etc: ignore Makefile.in
 752  
 753  	* Makefile.am: SUBDIRS += etc
 754  
 755  	* configure.in: Add etc/Makefile.
 756  
 757  	* etc/Makefile.am: make sure services.append is distributed
 758  
 759  2007-04-24  Love Hörnquist Åstrand  <lha@it.su.se>
 760  
 761  	* kdc: rename windc_init to krb5_kdc_windc_init
 762  
 763  	* kdc/version-script.map: version script for libkdc
 764  	
 765  	* kdc/Makefile.am: version script for libkdc
 766  	
 767  2007-04-23  Love Hörnquist Åstrand  <lha@it.su.se>
 768  
 769  	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error):
 770  	correct the order of the arguments.
 771  
 772  	* lib/hdb/Makefile.am: Add and test dbinfo.
 773  
 774  	* lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo;
 775  
 776  	* kdc/config.c: Use krb5_kdc_get_config and just fill in what the
 777  	users wanted differently.
 778  
 779  	* kdc/default_config.c: Make the default configuration fetch info
 780  	from the krb5.conf.
 781  	
 782  2007-04-22  Love Hörnquist Åstrand  <lha@it.su.se>
 783  
 784  	* lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
 785  	determine if to send the session-key, for the second place in the
 786  	function.
 787  
 788  	* tools/krb5-config.in: rename des to hcrypto
 789  
 790  	* kuser/Makefile.am: depend on libheimntlm
 791  
 792  	* kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for
 793  	this domain if the Kerberos password auth worked.
 794  
 795  	* kuser/klist.c: add new option --hidden that doesn't display
 796  	principal that starts with @
 797  
 798  	* tools/krb5-config.in: Add heimntlm when we use gssapi.
 799  
 800  	* lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to
 801  	free 'cred' with.
 802  
 803  	* lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free
 804  	'cred' with.
 805  	
 806  2007-04-21  Love Hörnquist Åstrand  <lha@it.su.se>
 807  
 808  	* lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
 809  	determine if to send the session-key.
 810  
 811  	* kcm/client.c (kcm_ccache_new_client): make root be able to pass
 812  	the name constraints, not the opposite. From Bryan Jacobs.
 813  	
 814  2007-04-20  Love Hörnquist Åstrand  <lha@it.su.se>
 815  
 816  	* kcm/acl.c: make compile again.
 817  
 818  	* kcm/client.c: fix warning.
 819  	
 820  	* kcm: First, it allows root to ignore the naming conventions.
 821  	Second, it allows root to always perform any operation on any
 822  	ccache.  Note that root could do this anyway with FILE ccaches.
 823  	From Bryan Jacobs.
 824  
 825  	* Rename libdes to libhcrypto.
 826  
 827  2007-04-19  Love Hörnquist Åstrand  <lha@it.su.se>
 828  
 829  	* kinit: remove code that depend on kerberos 4 library
 830  	
 831  	* kdc: remove code that depend on kerberos 4 library
 832  	
 833  	* configure.in: Drop kerberos 4 support.
 834  
 835  	* kdc/hpropd.c (main): free the message when done with it.
 836  
 837  	* lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit):
 838  	remember to free memory too.
 839  
 840  	* lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when
 841  	done.
 842  
 843  	* configure.in: test rk_VERSIONSCRIPT
 844  	
 845  2007-04-18  Love Hörnquist Åstrand  <lha@it.su.se>
 846  
 847  	* fix-export: remove, all done by make dist now
 848  
 849  2007-04-15  Love Hörnquist Åstrand  <lha@it.su.se>
 850  
 851  	* lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre
 852  
 853  2007-04-11  Love Hörnquist Åstrand  <lha@it.su.se>
 854  
 855  	* kdc/kstash.8: Spelling, from raga <raga@comcast.net> 
 856  	via Bjorn Sandell.
 857  
 858  	* lib/krb5/store_mem.c: indent.
 859  
 860  	* lib/krb5/recvauth.c: Set error string.
 861  
 862  	* lib/krb5/rd_req.c: clear error strings.
 863  
 864  	* lib/krb5/rd_cred.c: clear error string.
 865  
 866  	* lib/krb5/pkinit.c: Set error strings.
 867  
 868  	* lib/krb5/get_cred.c: Tell what principal we are not finding for
 869  	all KRB5_CC_NOTFOUND.
 870  	
 871  2007-02-22  Love Hörnquist Åstrand  <lha@it.su.se>
 872  	
 873  	* kdc/kerberos5.c: Return the same error codes as a windows KDC.
 874  
 875  	* kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password
 876  	failed.
 877  	
 878  	* kdc/kerberos5.c: Make handling of replying e_data more generic,
 879  	from metze.
 880  
 881  	* kdc/kerberos5.c: Fix (string const and shadow) warnings, from
 882  	metze.
 883  
 884  	* lib/krb5/pac.c: Create the PAC element in the same order as
 885  	w2k3, maybe there's some broken code in windows which relies on
 886  	this... From metze.
 887  
 888  	* kdc/kerberos5.c: Select a session enctype from the list of the
 889  	crypto systems supported enctype, is supported by the client and
 890  	is one of the enctype of the enctype of the krbtgt.
 891  	
 892  	The later is used as a hint what enctype all KDC are supporting to
 893  	make sure a newer version of KDC wont generate a session enctype
 894  	that and older version of a KDC in the same realm can't decrypt.
 895  	
 896  	But if the KDC admin is paranoid and doesn't want to have "no the
 897  	best" enctypes on the krbtgt, lets save the best pick from the
 898  	client list and hope that that will work for any other KDCs.
 899  	
 900  	Reported by metze.
 901  
 902  	* kdc/hprop.c (propagate_database): on any failure, drop the
 903  	connection to the peer and try next one.
 904  	
 905  2007-02-18  Love Hörnquist Åstrand  <lha@it.su.se>
 906  
 907  	* lib/krb5/krb5_get_init_creds.3: document new options.
 908  
 909  	* kdc/krb5tgs.c: Only check service key for cross realm PACs.
 910  
 911  	* lib/krb5/init_creds.c: use the new merged flags field.
 912  	(krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k
 913  	compat flags.
 914  
 915  	* lib/krb5/init_creds_pw.c: use the new merged flags field.
 916  
 917  	* lib/krb5/krb5_locl.h: merge all flags into one entity
 918  	
 919  2007-02-11  Dave Love  <fx@gnu.org>
 920  	
 921  	* lib/krb5/krb5_aname_to_localname.3: Small fixes
 922  	
 923  	* lib/krb5/krb5_digest.3: Small fixes
 924  	
 925  	* kuser/kimpersonate.1: Small fixes
 926  
 927  2007-02-17  Love Hörnquist Åstrand  <lha@it.su.se>
 928  
 929  	* lib/krb5/init_creds_pw.c (find_pa_data): if there is no list,
 930  	there is no entry.
 931  
 932  	* kdc/krb5tgs.c: Don't check PACs on cross realm requests.
 933  
 934  	* lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES.
 935  
 936  	* lib/krb5/init_creds_pw.c: Verify client referral data.
 937  
 938  	* kdc/kerberos5.c: switch some "return ret" to "goto out".
 939  	
 940  	* kdc/kerberos5.c: Pass down canonicalize request to hdb layer,
 941  	sign client referrals.
 942  	
 943  	* lib/hdb/hdb.h: Add HDB_F_CANON.
 944  
 945  	* lib/hdb: add simple alias support to the database backends
 946  
 947  2007-02-16  Love Hörnquist Åstrand  <lha@it.su.se>
 948  
 949  	* kuser/kinit.c: Add canonicalize flag.
 950  
 951  	* lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support
 952  	canonicalize.
 953  
 954  	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize):
 955  	new function.
 956  	
 957  	* lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags.
 958  
 959  	* lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags.
 960  
 961  	* lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags.
 962  	
 963  2007-02-15  Love Hörnquist Åstrand  <lha@it.su.se>
 964  
 965  	* lib/krb5/test_princ.c: test parsing enterprise-names.
 966  
 967  	* lib/krb5/principal.c: Add support for parsing enterprise-names.
 968  
 969  	* lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE.
 970  
 971  	* lib/hdb/hdb-ldap.c: Make work again.
 972  	
 973  2007-02-11  Dave Love  <fx@gnu.org>
 974  
 975  	* kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value.
 976  	
 977  2007-02-10  Love Hörnquist Åstrand  <lha@it.su.se>
 978  	
 979  	* doc/setup.texi: prune trailing space
 980  
 981  	* lib/hdb/db.c: Be better at setting and clearing error string.
 982  
 983  	* lib/hdb/hdb.c: Be better at setting and clearing error string.
 984  
 985  2007-02-09  Love Hörnquist Åstrand  <lha@it.su.se>
 986  
 987  	* lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name
 988  	to print out the keytab name.
 989  
 990  	* doc/setup.texi: Spelling, from Guido Guenther
 991  	
 992  2007-02-08  Love Hörnquist Åstrand  <lha@it.su.se>
 993  
 994  	* lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen.
 995  
 996  2007-02-06  Love Hörnquist Åstrand  <lha@it.su.se>
 997  
 998  	* lib/krb5/test_store.c (test_uint16): unsigned ints can't be
 999  	negative
1000  	
1001  2007-02-03  Love Hörnquist Åstrand  <lha@it.su.se>
1002  
1003  	* kdc/pkinit.c: pass extra flags for detached signatures.
1004  
1005  	* lib/krb5/pkinit.c: pass extra flags for detached signatures.
1006  
1007  	* kdc/digest.c: Remove debug output.
1008  
1009  	* kuser/kdigest.c: Add support for ms-chap-v2 client.
1010  	
1011  2007-02-02  Love Hörnquist Åstrand  <lha@it.su.se>
1012  		
1013  	* kdc/digest.c: Fix ms-chap-v2 get_masterkey
1014  
1015  	* kdc/digest.c: Fix ms-chap-v2 mutual response auth code.
1016  
1017  	* kuser/kdigest.c: Print session key if there is one.
1018  
1019  	* lib/krb5/digest.c: rename hash-a1 to session key
1020  
1021  	* kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2
1022  
1023  	* kuser/kdigest.c: print rsp if there is one, from Klas.
1024  
1025  	* kdc/digest.c: Use right size, from Klas Lindfors.
1026  
1027  	* kuser/kdigest.c: Set client nonce if avaible, from Klas.
1028  
1029  	* kdc/digest.c: First version from kllin.
1030  
1031  	* kuser/kdigest.c: Don't restrict the type.
1032  	
1033  2007-02-01  Love Hörnquist Åstrand  <lha@it.su.se>
1034  	
1035  	* kuser/kdigest-commands.in: add --client-response
1036  
1037  	* kuser/kdigest.c: Print status instead of response.
1038  
1039  	* kdc/digest.c: Better logging and return status = FALSE when
1040  	checksum doesn't match.
1041  
1042  	* kdc/digest.c: Check the digest response in the KDC.
1043  
1044  	* lib/krb5/digest.c: New functions to send in requestResponse to
1045  	KDC and get status of the request.
1046  
1047  	* kdc/digest.c: Add support for MS-CHAP v2.
1048  
1049  	* lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap.
1050  	
1051  2007-01-31  Love Hörnquist Åstrand  <lha@it.su.se>
1052  
1053  	* fix-export: Make hx509.info too
1054  
1055  	* kdc/digest.c: don't verify identifier in CHAP, its the client
1056  	that chooses it.
1057  	
1058  2007-01-23  Love Hörnquist Åstrand  <lha@it.su.se>
1059  
1060  	* lib/krb5/Makefile.am: Basic test of prf.
1061  
1062  	* lib/krb5/test_prf.c: Basic test of prf.
1063  
1064  	* lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF
1065  	functions.
1066  
1067  	* lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions.
1068  
1069  	* lib/krb5/krb5_data.3: Document krb5_data_cmp.
1070  
1071  	* lib/krb5/data.c: Add krb5_data_cmp.
1072  	
1073  2007-01-20  Love Hörnquist Åstrand  <lha@it.su.se>
1074  
1075  	* kdc/kx509.c: Don't use C99 syntax.
1076  	
1077  2007-01-17  Love Hörnquist Åstrand  <lha@it.su.se>
1078  	
1079  	* configure.in: its LIBADD_roken (and shouldn't really exist, our
1080  	libtool usage it broken)
1081  
1082  	* configure.in: Add an extra variable for roken, LIBADD, that
1083  	should be used for library depencies.
1084  
1085  	* lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer.
1086  
1087  	* lib/krb5/krb5_init_context.3: fix mdoc errors
1088  
1089  	* Heimdal 0.8 branch cut today
1090  
1091  	* doc/hx509.texi: Spelling and more about proxy certificates.
1092  
1093  	* configure.in: check for arc4random
1094  	
1095  2007-01-16  Love Hörnquist Åstrand  <lha@it.su.se>
1096  	
1097  	* lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data
1098  	before starting
1099  
1100  	* tools/heimdal-build.sh: make cvs keep quiet
1101  
1102  	* kuser/kverify.c: Use argument as principal if passed an
1103  	argument. Bug report from Douglas E. Engert
1104  	
1105  2007-01-15  Love Hörnquist Åstrand  <lha@it.su.se>
1106  	
1107  	* lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider
1108  	the enc_tkt_in_skey case, from Douglas E. Engert.
1109  
1110  	* kdc/kx509.c: Issue certificates.
1111  
1112  	* kdc/config.c: Parse kx509/kca configuration.
1113  
1114  	* kdc/kdc.h: add kx509 config
1115  	
1116  2007-01-14  Love Hörnquist Åstrand  <lha@it.su.se>
1117  	
1118  	* kdc/kerberos5.c (_kdc_find_padata): if there is not padata,
1119  	there is nothing find.
1120  
1121  	* doc/hx509.texi: Examples for pk-init.
1122  
1123  	* doc/hx509.texi: About extending ca lifetime and sub cas.
1124  	
1125  2007-01-13  Love Hörnquist Åstrand <lha@it.su.se>
1126  	
1127  	* doc/hx509.texi: More about certificates.
1128  	
1129  2007-01-12  Love Hörnquist Åstrand  <lha@it.su.se>
1130  
1131  	* doc/hx509.texi: add Application requirements and write about
1132  	xmpp/jabber.
1133  	
1134  2007-01-11  Love Hörnquist Åstrand  <lha@it.su.se>
1135  
1136  	* doc/hx509.texi: More about issuing certificates.
1137  
1138  	* doc/hx509.texi: Start of a x.509 manual.
1139  
1140  	* include/Makefile.am: remove install headerfiles
1141  
1142  	* lib/krb5/test_pac.c: Use more interesting data to cause more
1143  	errors.
1144  
1145  	* include/Makefile.am: remove install headerfiles
1146  
1147  	* lib/krb5/mcache.c: MCC_CURSOR not used, remove.
1148  
1149  	* lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used
1150  
1151  	* lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to
1152  	allocate data
1153  	
1154  2007-01-10  Love Hörnquist Åstrand  <lha@it.su.se>
1155  	
1156  	* doc/setup.texi: Hint about hxtool validate.
1157  
1158  	* appl/test/uu_server.c: print both "server" and "client"
1159  
1160  	* kdc/krb5tgs.c: Rename keys to be more obvious what they do.
1161  
1162  	* kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew
1163  	Bartlett
1164  	
1165  	* kdc/windc.c: ident, spelling.
1166  
1167  	* kdc/windc_plugin.h: indent.
1168  
1169  	* kdc/krb5tgs.c: Pass down server entry to verify_pac function.
1170  	from Andrew Bartlett
1171  
1172  	* kdc/windc.c: pass down server entry to verify_pac function, from
1173  	Andrew Bartlett
1174  
1175  	* kdc/windc_plugin.h: pass down server entry to verify_pac
1176  	function, from Andrew Bartlett
1177  
1178  	* configure.in: Provide a automake symbol ENABLE_SHARED if shared
1179  	libraries are built.
1180  
1181  	* lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock
1182  	when verifying the PAC.  From Andrew Bartlett.
1183  	
1184  2007-01-09  Love Hörnquist Åstrand  <lha@it.su.se>
1185  
1186  	* lib/krb5/test_pac.c: move around to code test on real PAC.
1187  
1188  	* lib/krb5/pac.c: A tiny 2 char diffrence that make the code work
1189  	for real.
1190  
1191  	* lib/krb5/test_pac.c: Test more PAC (note that the values used in
1192  	this test is wrong, they have to be fixed when the pac code is
1193  	fixed).
1194  
1195  	* doc/setup.texi: Update to new hxtool issue-certificate usage
1196  
1197  	* lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS
1198  	and PK-INIT pa data, no need to expose our password protecting our
1199  	PKCS12 key.
1200  
1201  	* kuser/klist.c (print_cred_verbose): include ticket length in the
1202  	verbose output
1203  	
1204  2007-01-08  Love Hörnquist Åstrand  <lha@it.su.se>
1205  	
1206  	* lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without
1207  	it linux is unhappy.
1208  
1209  	* lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without
1210  	it linux is unhappy.
1211  
1212  	* lib/krb5/name-45-test.c: One of the hosts I sometimes uses is
1213  	named "bar.domain", this make one of the tests pass when it
1214  	shouldn't.
1215  
1216  2007-01-05  Love Hörnquist Åstrand  <lha@it.su.se>
1217  
1218  	* doc/setup.texi: Change --key argument to --out-key.
1219  
1220  	* kuser/kimpersonate.1: mangle my name
1221  	
1222  2007-01-04  Love Hörnquist Åstrand  <lha@it.su.se>
1223  	
1224  	* doc/setup.texi: describe how to use hx509 to create
1225  	certificates.
1226  
1227  	* tools/heimdal-build.sh: Add --distcheck.
1228  
1229  	* kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check
1230  	if we should include the PAC in the krbtgt.
1231  
1232  	* kdc/pkinit.c (_kdc_as_rep): check if
1233  	krb5_generate_random_keyblock failes.
1234  
1235  	* kdc/kerberos5.c (_kdc_as_rep): check if
1236  	krb5_generate_random_keyblock failes.
1237  
1238  	* kdc/krb5tgs.c (tgs_build_reply): check if
1239  	krb5_generate_random_keyblock failes.
1240  
1241  	* kdc/krb5tgs.c: Scope etype.
1242  
1243  	* lib/krb5/rd_req.c: Make it possible to turn off PAC check, its
1244  	default on.
1245  
1246  	* lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify
1247  	its server signature.
1248  
1249  	* kdc/kerberos5.c (_kdc_as_rep): call windc client access hook.
1250  	(_kdc_tkt_add_if_relevant_ad): constify in data argument.
1251  
1252  	* kdc/windc_plugin.h: More comments add a client_access hook.
1253  
1254  	* kdc/windc.c: Add _kdc_windc_client_access.
1255  
1256  	* kdc/krb5tgs.c: rename functions after export some more pac
1257  	functions.
1258  
1259  	* lib/krb5/test_pac.c: export some more pac functions.
1260  
1261  	* lib/krb5/pac.c: export some more pac functions.
1262  
1263  	* kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC.
1264  
1265  	* configure.in: add tests/plugin/Makefile
1266  	
1267  2007-01-03  Love Hörnquist Åstrand  <lha@it.su.se>
1268  
1269  	* kdc/krb5tgs.c: Get right key for PAC krbtgt verification.
1270  
1271  	* kdc/config.c: spelling
1272  
1273  	* lib/krb5/krb5.h: typedef for krb5_pac.
1274  
1275  	* kdc/headers.h: Include <windc_plugin.h>.
1276  
1277  	* kdc/Makefile.am: Include windc.c and use windc_plugin.h
1278  
1279  	* kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain
1280  	Controller.
1281  
1282  	* kdc/kerberos5.c: Call callbacks for emulating a Windows Domain
1283  	Controller.  Move the some of the log related stuff to its own
1284  	function.
1285  
1286  	* kdc/config.c: Init callbacks for emulating a Windows Domain
1287  	Controller.
1288  
1289  	* kdc/windc.c: Rename the init function to windc instead of pac.
1290  
1291  	* kdc/windc.c: Callbacks specific to emulating a Windows Domain
1292  	Controller.
1293  
1294  	* kdc/windc_plugin.h: Callbacks specific to emulating a Windows
1295  	Domain Controller.
1296  
1297  	* lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ
1298  
1299  	* lib/krb5/pac.c: Support all keyed checksum types.
1300  	
1301  2007-01-02  Love Hörnquist Åstrand  <lha@it.su.se>
1302  	
1303  	* lib/krb5/pac.c (krb5_pac_get_types): Return list of types.
1304  	
1305  	* lib/krb5/test_pac.c: test krb5_pac_get_types
1306  
1307  	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
1308  
1309  	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
1310  
1311  	* lib/krb5/krb5.h: Add KRB5_KRBHST_KCA.
1312  
1313  	* lib/krb5/test_pac.c: test Add/remove pac buffer functions.
1314  
1315  	* lib/krb5/pac.c: Add/remove pac buffer functions.
1316  
1317  	* lib/krb5/pac.c: sprinkle const
1318  
1319  	* lib/krb5/pac.c: rename DCHECK to CHECK
1320  	
1321  	* Happy New Year.