diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-05 17:47:29 +0000 |
commit | 4f5791ebd03eaec1c7da0865a383175b05102712 (patch) | |
tree | 8ce7b00f7a76baa386372422adebbe64510812d4 /third_party/heimdal/ChangeLog.2004 | |
parent | Initial commit. (diff) | |
download | samba-upstream.tar.xz samba-upstream.zip |
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r-- | third_party/heimdal/ChangeLog.2004 | 1485 |
1 files changed, 1485 insertions, 0 deletions
diff --git a/third_party/heimdal/ChangeLog.2004 b/third_party/heimdal/ChangeLog.2004 new file mode 100644 index 0000000..47cd799 --- /dev/null +++ b/third_party/heimdal/ChangeLog.2004 @@ -0,0 +1,1485 @@ +2004-12-30 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for + now (used in pkinit) + +2004-12-29 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/Makefile.am: add CHECK_SYMBOLS + + * lib/hdb/keys.c: make all_etypes static + + * lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err + -version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops + + * kdc/kerberos5.c: use private version of principalname + + * kdc/kerberos4.c: use private version of principalname + + * kdc/hpropd.c: use private version of principalname + + * kdc/524.c: use private version of principalname + + * lib/krb5/rd_req.c: use private version of principalname + + * lib/krb5/rd_cred.c: use private version of principalname + + * lib/krb5/init_creds_pw.c: use private version of principalname + + * lib/krb5/get_in_tkt.c: use private version of principalname + + * lib/krb5/asn1_glue.c: make principalname functions private + + * lib/krb5/krb5.h: add key usage for server referrals + +2004-12-29 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/principal.c: make default_v4_name_convert static + + * lib/krb5/crypto.c: make lots of crypto related variables static + + * lib/krb5/acache.c: make default_acc_name static + +2004-12-28 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/setup.texi: add some text about samba, use example.com + + * lib/hdb/hdb-ldap.c: Add account expiration for samba from James + F. Hranicky <jfh@cise.ufl.edu>. + Add LDAP_addmod_integer and use it. + +2004-12-27 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text + fixes, from Dave Love + +2004-12-18 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just + needs pthread.h, threadlib is dead + +2004-12-17 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/config.c (configure): check for deprecated + enforce-transited-policy is set and fail if it is + + * lib/asn1/asn1_print.c: don't print garabage for octet strings + +2004-12-13 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/main.c (main): catch sigpipe, we don't bother select()ing + for errors + + * kdc/connect.c (handle_http_tcp): handle error from write(2) + + * doc/setup.texi: clarify credentials refreshing stuff + + * doc/setup.texi: add new node: Providing Kerberos credentials to + servers and programs + + * doc/whatis.texi: fix spurious cross-reference makeinfo warning + + * lib/hdb/hdb-ldap.c (pos): uppercase in character + +2004-12-12 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode + nibbels in the other order + + * lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if + attribute exists before we try to delete it LDAP__bytes2hex + encodes in strange byte order, is this really right ? + +2004-12-11 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all + entries, search for samba accounts too, From: "James F. Hranicky" + <jfh@cise.ufl.edu> + + * lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid + too + + * lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing + both krb5PrincipalName and uid, it must be broken, ignore it and + return it doesn't exists. + +2004-12-10 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/hpropd.8: spelling, from OpenBSD + + * kdc/kdc.8: use keeps for options, From OpenBSD k + +2004-12-09 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/setup.texi: document --random-key and the need to do backup + of the master key + + * kdc/kstash.8: add --random-key + + * kdc/kstash.c: add --random-key + +2004-12-08 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/verify_krb5_conf.8: spelling, from openbsd + + * lib/krb5/krb5_init_context.3: spelling, from openbsd + + * lib/krb5/krb5.conf.5: spelling, from openbsd + + * kuser/kdestroy.1: use keeps around options, spelling, from + openbsd + + * kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD + + * kdc/hpropd.8: use keeps around options, from OpenBSD + + * kdc/hprop.8: use keeps around options, from OpenBSD + +2004-11-30 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/context.c (krb5_free_context): clear error string + before destroying mutex + (krb5_init_context): don't call krb5_free_context before there is a + mutex initialized + +2004-11-18 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kinit.c (get_new_tickets): only complain about ticket + renewable lifetime when the user asked for a specific renewable + lifetime + +2004-11-15 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/kerberos5.c (find_keys): log what principal is missing + enctypes + +2004-11-13 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after + freeing data + + * lib/krb5/init_creds_pw.c (change_password): handle old_options + being NULL From Guenther Deschner on samba-technical. + +2004-11-12 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_get_init_creds.3: add more text describing the + krb5_get_init_creds functions + +2004-11-11 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work + again + +2004-11-10 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb.asn1: use constrained integers + +2004-11-09 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_get_init_creds.3: add description for opt_init, + opt_alloc, opt_free + + * lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit + + * lib/krb5/init_creds.c: unexport + krb5_get_init_creds_opt_free_pkinit + + * lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into + get_init_creds_common + + * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in + options NULL, just make a clean copy + +2004-11-01 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier + so we don't leak it on error + +2004-10-31 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.conf.5: unbreak 2b entry + + * lib/krb5/acache.c (make_cred_from_ccred): the address isn't a + sockaddr but rather a kerberos address, deal with that. Based on + bug report from Jakob Schlyter <jakob@rfc.se>. + +2004-10-30 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/connect.c: Make sure argument passed to ctype isn't signed + char + +2004-10-14 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c: match new error names + + * lib/krb5/krb5_err.et: make error messages sane again + +2004-10-13 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/keytab.c: use KRB5_KT_BADNAME + + * lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major + version bump) add KRB5_DELTAT_BADFORMAT + + * lib/krb5/krb5.conf.5: time defaults to "s" + + * lib/krb5/time.c (krb5_string_to_deltat): default to "s" again, + MIT's behavior was actually that it failed to parse the number + (and thus used the default). Even better, ticket_lifetime (that + was a consumer supposed a of the interface) was documented but + never implemented, when it was implemented, people configuraiton + files started to fail. Also, use KRB5_DELTAT_BADFORMAT as a + failure code. + + * lib/asn1/k5.asn1: sync enctypes with pkinit branch + + * lib/asn1/parse.y (readd) support negative numbers + + * lib/asn1/lex.l: support hex numbers + +2004-10-12 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS + + * lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding + for rc2 don't to padding for blocksize 1 + + * lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c: + Move keyset parsing and password based keyset generation into hdb. + Requested by Andrew Bartlett <abartlet@samba.org> for hdb-ldb + backend. + +2004-10-07 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kinit.c: adapt to new signature of + krb5_get_init_creds_opt_set_pkinit + + * lib/krb5/pkinit.c: free openssl engine deal with + RecipientIdentifier -> CMSIdentifier and heim_any -> name change + improve error messages + + * kdc/pkinit.c: free openssl engine deal with RecipientIdentifier + -> CMSIdentifier and heim_any -> name change + +2004-10-04 Johan Danielsson <joda@pdc.kth.se> + + * kuser/klist.c: use rtbl_set_separator + +2004-10-03 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c: filter out dup openssl engine keys, parse + user options first + + * lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add + openssl engine support for private key + + * lib/krb5/crypto.c: support padding as its done in CMS + + * kdc/pkinit.c: improve error logging + + * kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt + +2004-09-30 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5.conf.5: assume minutes for time + + * lib/krb5/config_file.c (krb5_config_vget_time_default): use + krb5_string_to_deltat + + * lib/krb5/appdefault.c (krb5_appdefault_time): use + krb5_string_to_deltat + + * lib/krb5/time.c (krb5_string_to_deltat): set default unit to + minute for compatibility with MIT Kerberos. + + +2004-09-28 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large + message safe" transport if we get back + KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner + <gd@sernet.de> + +2004-09-23 Johan Danielsson <joda@pdc.kth.se> + + * admin/list.c: use rtbl + + * admin/ktutil-commands.in: slc source file + + * lib/krb5/constants.c: check + /Library/Preferences/edu.mit.Kerberos on OSX + +2004-09-21 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/time.c (krb5_format_time): check return value from + localtime and strftime + +2004-09-14 Johan Danielsson <joda@pdc.kth.se> + + * kuser/kinit.c: make sure we don't always get renewable creds + +2004-09-11 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/acache.c: use krb5_ccapi.h + + * lib/krb5/krb5_ccapi.h: break out krb5 api definitions to + separate (not installed) file + + * lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS + since AM_CPPFLAGS overridden by target specific _CPPFLAGS + +2004-09-08 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c: make variable shorter, make error messages + from pkinit, make freeing easier + +2004-09-06 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen + + * lib/krb5/crypto.c (seed_something): avoid poking at memory that + is uninitialized, make valgrind unhappy. Pointd out by + abartlet@samba.org. While where, plug the fd leak. + +2004-09-05 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/der_get.c (decode_*): name all tag-length variables the + same + (decode_enumerated): check that the tag-length is not longer the length + + * lib/asn1/der_get.c (decode_boolean): fail if length of tag is + larger then len + +2004-08-31 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be + set in case of failure too, free unconditionally on exit to avoid + memory leak + +2004-08-23 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after + free + +2004-08-20 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/context.c (krb5_get_err_text): if neither of com_right + nor strerror finds the error-code, return Unknown error. + +2004-08-19 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/krb5_kuserok.3: update to reality + + * lib/krb5/kuserok.c: if a .k5login file exist, don't give + implicit rights to anyone; also check owner/mode of .k5login + +2004-08-15 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3 + + * lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname + + * lib/krb5/krb5.3: add krb5_getportbyname + + * lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid + + * lib/krb5/krb5_encrypt.3: document krb5_enctype_valid + +2004-08-13 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes + from the client and filter them out. + + * lib/krb5/krb5_string_to_key.3: document krb5_free_salt + +2004-08-12 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_ticket.3: data needs to be freed when using + krb5_ticket_get_authorization_data_type + +2004-08-11 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/test_cc.c: test variables in default_cc_name + + * lib/krb5/krb5.conf.5: explain support for varibles in + [libdefaults]default_cc_name + + * lib/krb5/cache.c: drop ${time}, its not very useful + + * lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand + variables in the default cc name. Supported variables now are: + ${time},${uid} and ${null} + + * lib/krb5/krb5.conf.5: document default_cc_name + + * lib/krb5/cache.c (krb5_cc_set_default_name): + s/libdefault/libdefaults/ + +2004-08-06 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/acache.c: replace magic 3 with ccapi_version_3 + + * lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c + + * lib/krb5/krb5.h: add krb5_acc_ops + + * lib/krb5/acache.c: CCAPI v3 implementation, the read only + support was from Magnus Ahltorp and then extended by me to support + all other operations. Tested with MIT kerberos cc cache + implementation on MacOS 10.3.3 + + * lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the + default cc name, this is not very useful for general purpose glue + since its not possible to glue in user information (like uid), but + for CCAPI it works just fine + +2004-08-05 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kgetcred.1: document --cache/-c + + * kuser/kgetcred.c: allow to specify what credential cache to use + +2004-08-03 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3 + + * lib/krb5/krb5_eai_to_heim_errno.3: document + krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno + + * lib/krb5/krb5.3: add krb5_eai_to_heim_errno, + krb5_h_errno_to_heim_errno + +2004-07-26 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms + result should be free with krb5_free_host_realm drop + krb5_get_host_realm text + + * lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result + should be free with krb5_free_host_realm + + * lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep + + * lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds + + * lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator + + * lib/krb5/Makefile.am: man_MANS += krb5_rd_error + + * lib/krb5/krb5_rd_error.3: krb5_rd_error and friends + + * lib/krb5/krb5_warn.3: clarify on what string + krb5_free_error_string should operate on + + * lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred + + * lib/krb5/Makefile.am: krb5_get_credentials, + krb5_get_forwarded_creds and friends + + * lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds + and friends + + * lib/krb5/krb5_get_credentials.3: krb5_get_credentials and + friends + +2004-07-23 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/klist.c (print_cred_verbose): keytypes are no longer, use + enctype + +2004-07-22 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99 + compilers, From metze at samba.org + +2004-07-20 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/test_cc.c: more cc tests + + * lib/krb5/krb5_check_transited.3: document krb5_check_transited + +2004-07-19 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/pkinit.c (pk_principal_from_X509): reverse test, makes + principal in cert work From: Mayur Patel <patelm4@rpi.edu> + +2004-07-18 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am: add krb5_verify_init_creds.3 + + * lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds + +2004-07-15 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org + description for krb5_passwd_result_to_string + +2004-07-14 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar + fixes; split sentence in two for better understanding. From + wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here. + + * lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan + Stone <jonathan@dsg.stanford.edu> + + * lib/krb5/changepw.c (process_reply): cast ssize_t to long and + print that From NetBSD via Havard Eidnes. + +2004-07-09 Love Hörnquist Åstrand <lha@it.su.se> + + * configure.in: fix helpstring for hdb-openldap-module + + * lib/krb5/test_cc.c: don't use krb5_err on error code 0 + +2004-07-08 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better + +2004-07-02 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const + +2004-07-01 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with + right argument + +2004-06-27 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the + krbtgt is without addresses, default to not sending our own + addrport + + * lib/asn1/lex.l: add support for /* */ and partial line -- + comments + + * kuser/Makefile.am: don't install copy_cred_cache manpage + +2004-06-24 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if + copying a static opt, make sure to allocate the "private" field + +2004-06-24 Love <lha@stacken.kth.se> + + * kdc/config.c: add enable_pkinit_princ_in_cert + + * kdc/kdc_locl.h: enable_pkinit_princ_in_cert + + * kdc/pkinit.c: Check certificate for Kerberos Principal in + OtherName of subjectAltName Based on patch from Mayur Patel + <patelm4@rpi.edu> + +2004-06-21 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use + session key for authorization-data + +2004-06-15 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/connect.c (handle_tcp): note who is what that closed the + connection on us + +2004-06-09 Love Hörnquist Åstrand <lha@it.su.se> + + * admin/get.c (kt_get): catch errors from krb5_parse_name + +2004-06-05 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c: if its the entry just contains the + structural object (no samba nor heimdal object), add an aux + heimdal object on to it. + +2004-06-02 Love Hörnquist Åstrand <lha@it.su.se> + + * kpasswd/kpasswd.c: use krb5_set_password_using_ccache + + * lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache + + * lib/krb5/changepw.c: implement krb5_set_password_using_ccache + + * lib/hdb/hdb-ldap.c: Allow the objectClass to be + "sambaSamAccount" or structural_object when searching for uid + entries. + + * lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base + + * lib/hdb/hdb-ldap.c: add creation base that defaults to the + search base + + * lib/hdb/hdb-ldap.c: indent like the rest of the code + +2004-06-01 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c: check return values from ldap operations and + close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you + should retry by yourself. + + * lib/hdb/hdb-ldap.c: require search base to be configured, create + local context structure + +2004-05-31 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/setup.texi: more ldap text, partly from Tarjei Huse + <tarjei@nu.no> + +2004-05-28 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c: clean, indent + + * lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure + krb5KeyVersionNumber is added on new entires + +2004-05-27 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/setup.texi: minor fixes, partly from Tarjei Huse + <tarjei@nu.no> + + * lib/krb5/krb5.conf.5: some text about dbname and realm + + * lib/krb5/krb5.conf.5: default value for + hdb-ldap-structural-object is account + +2004-05-26 Love Hörnquist Åstrand <lha@it.su.se> + + * tools/Makefile.am: use ! instead of , as sed delimiter + +2004-05-25 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions + +2004-05-23 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean + + * lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure + option + + * lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From: + Andrew Bartlett <abartlet@samba.org> + + * lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length + check From: Andrew Bartlett <abartlet@samba.org> + + * lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword + case, make sure ent->etypes are allocated, From: Andrew Bartlett + <abartlet@samba.org> + +2004-05-14 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kinit.c: move "setpag if (argc < 1)" to common path + +2004-05-12 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers + + * fix-export: use right argument for -E + +2004-05-06 Johan Danielsson <joda@pdc.kth.se> + + * kuser/kinit.c: print some diagnostics if the exec fails + +2004-04-29 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key + From: Luke Howard <lukeh@padl.com> + + * lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket, + not just a pointer size of it From: Luke Howard <lukeh@padl.com> + +2004-04-28 Love Hörnquist Åstrand <lha@it.su.se> + + * fix-export: add -E flag where needed to make-proto + +2004-04-26 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/crypto.c: add set_param for RC2 + + * lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids + that are no longer needed + + * kdc/pkinit.c: use krb5_enctype_to_oid + + * lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists + before we compare with it + + * lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length + before returning it add aes-oids + + * lib/krb5/crypto.c: add krb5_enctype_to_oid and + krb5_oid_to_enctype + + * kdc/pkinit.c: use krb5_crypto_set_params + + * lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none + + * lib/krb5/krb5.h: add KEYTYPE_AES192 + + * lib/krb5/pkinit.c: use krb5_crypto_get_params to implement + kcrypto RC2 support + + * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype + rc2-cbc XXX RC2CBCParameter is wrong because the compiler is + broken + + * lib/krb5/krb5.h: add KEYTYPE_RC2 + + * lib/krb5/crypto.c: add partial CMS parameter handling, this is + needed for RC2 + + * lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp + + * lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c + + * lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp + + * lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE + + * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype + rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken + +2004-04-26 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/config_file.c: allow parsing directly from strings with + krb5_config_parse_string_multi + + * lib/krb5/verify_krb5_conf.c: try to resolve hostnames + +2004-04-25 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file + descriptor so we don't have to keep track of it in two places + + * kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in + libkrb5 + + * lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its + own manpage + + * replace krb5_free_creds_contents by krb5_free_cred_contents + + * lib/krb5/cache.c: add krb5_cc_next_cred_match() and + krb5_cc_copy_cred_match() + + * lib/krb5/creds.c (krb5_compare_creds): add more matching options + + * lib/krb5/krb5.h: add more creds match flags + + * kuser/copy_cred_cache: add --valid-for option + + * lib/krb5/store.c (krb5_store_creds): set is_skey flag if length + of second ticket is > 0 + +2004-04-25 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c: use the right oid for pkauthdata + + * lib/krb5/pkinit.c: always send both win2k compat version and the + ietf draft one, this is possible since microsoft use + wrong/diffrent PA number. Make the configuration flag boolean + configuring if NOT to send the win2k compat glue. + + * lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec + + * kuser/copy_cred_cache.1: pacify mdoclint + + * kdc/pkinit.c: use IV for envelopeddata encryption, patch + originally from Luke Howard <lukeh@padl.com>, tweeked by me. + + * lib/krb5/krb5_storage.3: document + KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER + + * lib/krb5/krb5_data.3: document that krb5_data_free cleans the + structure too + + * lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch + originally from Luke Howard <lukeh@padl.com>, tweeked by me. + +2004-04-24 Johan Danielsson <joda@pdc.kth.se> + + * kuser/copy_cred_cache.{c,1}: add cred cache copy tool + + * configure.in: use rk_SYS_LARGEFILE + + * lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder + issue with a storage flag instead of a separate function. + +2004-04-24 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c: move out the oid check from get_reply_key + + * lib/krb5/pkinit.c: uniquify error messages + + * lib/krb5/init_creds_pw.c: make the pkinit nonce same os the + plain nonce for now + + * lib/krb5/pkinit.c: more w2k compat from Luke Howard + <lukeh@padl.com> add RC2 support, clean up error messages + + * lib/krb5/pkinit.c: remove more dependency on + krb5_config->pkinit_flags + + * lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft + style answer to IETF, From Luke Howard <lukeh@padl.com> + (_krb5_pk_create_sign): ms handles NULL in param, so always send it + (_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool } + + * lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the + digestAlgorithm to sha1 (both for SignerInfo and SignedData, add + new function _set_digest_alg to set it + +2004-04-23 Love Hörnquist Åstrand <lha@it.su.se> + + * include/make_crypto.c: include rc2.h, and when I'm here, make + aes mandatory + + * lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT + kerberos + + * lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on + failure + + * lib/krb5/crypto.c (DES3_random_to_key): make it produce the + right result + (DES3_postproc): use DES3_random_to_key + (krb5_random_to_key): check the required number of bits (not the size + of the key) + + * lib/krb5/aes-test.c: test random to key function + + * lib/krb5/string-to-key-test.c: comment out the "@"/"" test for + now + +2004-04-22 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_string_to_key.3: document that + krb5_string_to_key_derived is broken for non 3des enctypes and + thus deprecated + + * kdc/pkinit.c (generate_dh_keyblock): use the new function + krb5_random_to_key + + * lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they + need special processing + + * lib/krb5/crypto.c (krb5_random_to_key): new function + + * lib/krb5/krb5_keyblock.3: document krb5_random_to_key + +2004-04-21 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/pkinit.c: use the first proposed enable enctype + + * lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the + return from krb5_enctype_valid + + * kdc/pkinit.c: at least try to handle diffrent enveloped enctypes + +2004-04-21 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid + components being smaller then 127 and allocate one extra element + since first byte is split to to elements. + +2004-04-20 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE: + private use, lukeh@padl.com + +2004-04-19 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode + DH public key + +2004-04-18 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_init_context.3: add krb5_context to so its added + as manpage-link too + +2004-04-17 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation, + XXX add locking + + * kuser/kdestroy.c: add --credential argument that just remove one + credential entry out of the cache specified + + * kdc/pkinit.c: replace the krb5.conf configuration option that + describes the mapping between principals and subject names with a + file, default /var/heimdal/pki-mapping. XXX this should be pushed + into HDB. XXX should add issuer too + + * kdc/config.c: merge certificate/private_key to a user_id + +2004-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/kdc_locl.h: update prototype for pk_initialize + + * kuser/kinit.c: merge certificate/private_key to a user_id + + * kdc/pkinit.c: adapt to heim_integer changes + + * lib/krb5/pkinit.c: merge certificate/private_key to a user_id + + * kdc/pkinit.c: adapt to heim_integer changes, + merge certificate/private_key to a user_id + +2004-04-15 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE + +2004-04-13 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building + libkrb5.la, add KRB5_LIB_FUNCTION proto + + * lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION + + * configure.in: export KRB5_LIB_FUNCTION when building with + BUILD_KRB5_LIB + + * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add + error strings + + * lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing + is printed on stderr, fflush it + + * lib/krb5/krb5_keyblock.3: free functions also zeros out the key + + * lib/krb5/krb5_get_init_creds.3: some text about + krb5_prompter_posix + + * lib/krb5/krb5.conf.5: document hdb-ldap-structural-object + + * lib/krb5/cache.c: add krb5_cc_get_prefix_ops + + * lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops + +2004-04-05 Love Hörnquist Åstrand <lha@it.su.se> + + * appl/test/http_client.c: support GSS_C_DELEG_FLAG and + GSS_C_MUTUAL_FLAG + + * appl/test/http_client.c: verbose logging + +2004-04-02 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/connect.c: case size_t to unsigned long for LP64 platforms + +2004-04-01 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of + default structural object + + * tools/Makefile.am: handle sed expression breaking + +2004-03-31 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr + + * lib/krb5/changepw.c: add tcp support to the set protocol, should + be cleaned up to enable sharing code with krb5_sendto + + * kpasswd/kpasswd.c (change_password): remove extra free + + * lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on + osf/1 + +2004-03-30 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't + increase md->len, krb5_padata_add already does that + + * lib/krb5/init_creds.c: its PAC not PAQ + + * kuser/kinit.c: its PAC not PAQ + + * kdc/kerberos4.c: stop the client from renewing tickets into the + future From: Jeffrey Hutzelman <jhutz@cmu.edu> + +2004-03-29 Love Hörnquist Åstrand <lha@it.su.se> + + * configure.in: try to handle sys/strtty.h needing sys/stream.h + +2004-03-23 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no + longer used + + * kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/ + + * lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to + external users by prefixing it with _ + + * lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/ + + * lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external + users by prefixing it with _ + +2004-03-22 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c: add missing } + +2004-03-21 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/pkinit.c: adapt to change of signature of + _krb5_pk_load_openssl_id + + * lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add + prompter argument and use it + + * kuser/kinit.c: adapt to signature change of + krb5_get_init_creds_opt_set_pkinit + + * lib/krb5/krb5.3: add more stuff, 105 functions to go + + * lib/krb5/krb5_rcache.3: add krb5_get_server_rcache + + * lib/krb5/krb5_rcache.3: framework for replay cache manpage + + * lib/krb5/krb5_string_to_key.3: document string to key functions + + * lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3 + krb5_find_padata.3 krb5_generate_random_block.3 + + * lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length + + * lib/krb5/krb5.3: add some more, 137 to go + + * lib/krb5/krb5_principal.3: document krb5_get_default_principal + + * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey + + * lib/krb5/krb5_generate_random_block.3: document + krb5_generate_random_block + + * lib/krb5/krb5_find_padata.3: document padata functions + + * lib/krb5/krb5.3: add some more, 142 to go + + * lib/krb5/krb5_creds.3: drop .Pp before .Sh + + * lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm + + * lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname + and krb5_expand_hostname_realms + + * lib/krb5/krb5.3: add more functions, 147 to go + + * lib/krb5/krb5_creds.3: document krb5_creds + + * lib/krb5/krb5_get_init_creds.3: add more functions, some more + text + + * lib/krb5/krb5_ticket.3: document + krb5_ticket_get_authorization_data_type + +2004-03-20 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/aes-test.c: remove #if 0'ed code + + * lib/krb5/krb5.3: add keyblock functions, 177 functions to go + + * lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache + + * lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket + + * lib/krb5/krb5_config.3: document krb5_config_free_strings and + krb5_config_file_free + + * lib/krb5/krb5_create_checksum.3: add krb5_hmac + + * lib/krb5/krb5.3: add keyblock functions, 190 functions to go + + * lib/krb5/krb5_keyblock.3: update .Dd + + * lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and + krb5_generate_random_keyblock + + * lib/krb5/krb5_init_context.3: add krb5_init_ets + + * lib/krb5/krb5_config.3: add more krb5_config_ functions and + prototypes + + * lib/krb5/krb5_init_context.3: document context modifcation + functions: address list, config file, use admin kdc, fcc version + + * lib/krb5/krb5_storage.3: document krb5_storage and related + functions + + * lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc + manpages and test_acl test program + + * lib/krb5/krb5.3: add error string functions and sort + + * lib/krb5/krb5_warn.3: document krb5_abort and error string + functions + + * lib/krb5/krb5.3: add missing functions, only 285 left to + document + + * lib/krb5/krb5_crypto_init.3: remove various enctype related + function + + * lib/krb5/krb5_encrypt.3: add various enctype related function + here + + * lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid + krb5_cksumtype_valid + + * lib/krb5/crypto.c: real return values for + krb5_{enctype,cksumtype}_valid + + * lib/krb5/krb5_create_checksum.3: add some functions and + descriptions + + * lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions + + * lib/krb5/krb5_auth_context.3: document + krb5_auth_con_generatelocalsubkey + + * lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags + + * lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name + + * lib/krb5/krb5_init_context.3: document krb5_add_et_list + + * lib/krb5/krb524_convert_creds_kdc.3: document + krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache + + * lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_* + + * lib/krb5/test_acl.c: test for generic acl code + + * lib/krb5/acl.c: plug memory leak on file matching, + make it not fall over when no non matching acl, + make fnmatch matching useful by switching arguments + +2004-03-19 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/config.c: add --builtin-hdb command + + * lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin + backends + + * doc/setup.texi: include Luke Howard of PADL.COM ldap hdb + documentation + + * doc/win2k.texi: fix bugs in examples, add more restrictions, use + example.com as an example. From: Pavel Ferdan + <xferdan@informatics.muni.cz> + +2004-03-18 Johan Danielsson <joda@pdc.kth.se> + + * lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin] + password_lifetime; from Henry B. Hotz + +2004-03-14 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY + is set send subkey + (generate if needed) + + * lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY + +2004-03-14 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks, + and free memory in error path, assume realloc(NULL, ...) works, + factor out common code, indent + +2004-03-12 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/verify_krb5_conf.c: understand [password_quality] + spelling + + * kuser/kgetcred.1: document --canonicalize + + * kuser/kgetcred.c: add --canonicalize + +2004-03-10 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/fcache.c (fcc_store_cred): NULL terminate + krb5_config_get_bool_default' arglist + +2004-03-09 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply + + * kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry + + * kdc/pkinit.c: pass client hdb_entry to pk_check_client + + * kdc/kdc_locl.h: pass client hdb_entry to pk_check_client + + * kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its + more like that language in RFC3280 + + * lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since + its more like that language in RFC3280 + + * lib/krb5/krb5.conf.5: document + [libdefaults]fcc-mit-ticketflags=boolean + + * lib/krb5/fcache.c (fcc_store_cred): use + [libdefaults]fcc-mit-ticketflags=boolean to decide what format to + write the fcc in. Default to mit version (aka heimdal 0.7) + + * lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and + _krb5_store_creds_heimdal_pre_0_7 that store the creds in just + that format make krb5_store_creds default to mit format + + * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is + the higher bits of the bitfield + +2004-03-08 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/store.c (krb5_store_creds): add disabled code that + store the ticket flags in reverse order + (bitswap32): new function + + * lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags + are set, its a mit cache, reverse the bits, bug pointed out by + Sergio Gelato <Sergio.Gelato@astro.su.se> + +2004-03-07 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP * + + * kuser/kinit.c: when running kinit with a subprocess, fetch new + tickets after half the tickets lifetime + + * lib/hdb/hdb.c: spelling + + * lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba + password database. From: Andrew Bartlett <abartlet@samba.org> + + * kdc/config.c: add --disable-DES + + * kdc/kdc.8: document --detach and --disable-DES + + * kdc/kerberos5.c: check if enctype is disabled before using it + + * lib/krb5/crypto.c: add support for disabling checksum/encryption + types + + * tools/kdc-log-analyze.pl: add more cases + + * kdc/connect.c: on strange tcp error; log local port number and + socket type + + * lib/asn1/der.h: fix prototype of encode_utf8string + + * lib/asn1/gen.c: catch CHOICE and generate dummy placeholder + + * lib/asn1/lex.l: added dummy parsing of CHOICE + + * lib/asn1/parse.y: added dummy parsing of CHOICE + + * lib/asn1/k5.asn1: drop SMTP_NAME + +2004-03-06 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/hdb/Makefile.am: support building ldap backend as module + sort asn1 hdb files + + * lib/hdb/hdb.c: when building ldap as a shared module, don't + include it in the list + + * configure.in: add --enable-hdb-openldap-module + + * lib/hdb/hdb-ldap.c: make ldap possible to build as a shared + module + + * lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew + Bartlett <abartlet@samba.org> + + * lib/krb5/crypto.c (decrypt_internal_special): do not not modify + the original data test case from Ronnie Sahlberg + <ronnie_sahlberg@ozemail.com.au> + +2004-03-03 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/test_cc.c: more cc tests, mostly related to mcc + behavior + + * lib/krb5/mcache.c (mcc_get_principal): also check for + primary_principal == NULL now that that isn't used as dead flag + + * lib/krb5/mcache.c: don't overload the primary_principal == NULL + as dead since that doesn't always work. Based on patch from + Jeffrey Hutzelman <jhutz@cmu.edu>, tweeked by me + +2004-02-22 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp + + * lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp + + * lib/hdb/db3.c: fix all db >= 4.1 cases + + * doc/setup.texi: add text about hostname to realm mapping using + DNS + +2004-02-20 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/pkinit.c: update error codes + + * lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_ + + * lib/krb5/pkinit.c: update error codes + +2004-02-19 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort() + + * lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling + + * lib/krb5/store.c: handle memory allocate errors + + * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok, + and don't put an error in the error strings then + +2004-02-13 Love Hörnquist Åstrand <lha@it.su.se> + + * kdc/pkinit.c: s/heim_big_integer/heim_integer/ + + * lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/ + + * kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors + + * lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT + errors + + * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors + +2004-02-12 Love Hörnquist Åstrand <lha@it.su.se> + + * configure.in: rename AC_WFLAGS to rk_WFLAGS + + * acinclude.m4: use m4_define, over-quote string + +2004-02-11 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/init_creds_pw.c (change_password): handle that + printf("%.*s", 0, (void*)NULL); doesn't work on solaris + +2004-02-10 Love Hörnquist Åstrand <lha@it.su.se> + + * kpasswd/kpasswd.c (change_password): handle that printf("%.*s", + 0, (void*)NULL); doesn't work on solaris + + * lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses + some locate.updatedb, use FILES section to describe where the file + is instead. + +2004-02-07 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned + for certain negative integers, it got the length wrong" , from + Panasas, Inc. + + * lib/asn1/der_length.c: Fix len_unsigned for certain negative + integers, it got the length wrong, fix from Panasas, Inc. + + rename len_int and len_unsigned to _heim_\& + + * lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int + +2004-02-06 Dave Love <d.love@dl.ac.uk> + + * configure.in: Check for sys/socket.h, net/if.h. Modify term.h, + security/pam_appl.h tests. + +2004-02-03 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add + up the size of all the elements, don't use just the size of the + last element. + + * lib/krb5/aes-test.c: add "next iv" test for aes128, check + decryption case too + + * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of + the next to last block, fix decryption case too + + * lib/krb5/aes-test.c: add "next iv" test for aes128 + + * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of + the next to last block + + * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode + error + + * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode + error + + * lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1 + encode error + + * lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode + error + + * lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1 + encode error + + * lib/krb5/build_auth.c (krb5_build_authenticator): abort on + internal asn1 encode error + + * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal + asn1 encode error + +2004-01-30 Love Hörnquist Åstrand <lha@it.su.se> + + * doc/setup.texi: some text about order of [capaths] realms + +2004-01-25 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/context.c: register WRFILE ops + + * lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE) + + * lib/krb5/krb5.h: add krb5_wrfkt_ops + + * kpasswd/kpasswdd.c (change): use the right password when + changing the password + +2004-01-21 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it + means that the filesystem doesn't support locking + + * lib/krb5/keytab.c: remove #if 0 out file locking code + +2004-01-19 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the + size of all the elements, don't use just the size of the last + element. + +2004-01-13 Love Hörnquist Åstrand <lha@it.su.se> + + * kuser/kinit.c (renew_validate): if renewable_flag and not time + specifed, use "1 month" + +2004-01-08 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/krb5_keyblock.3: add prototypes, describe + krb5_keyblock_zero + +2004-01-05 Love Hörnquist Åstrand <lha@it.su.se> + + * lib/krb5/get_for_creds.c (add_addrs): don't add same address + multiple times + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to + handle errors better for previous commit + + * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets + are address-less, forward address-less tickets. + + * lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and + export it + |