summaryrefslogtreecommitdiffstats
path: root/third_party/heimdal/ChangeLog.2004
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-05 17:47:29 +0000
commit4f5791ebd03eaec1c7da0865a383175b05102712 (patch)
tree8ce7b00f7a76baa386372422adebbe64510812d4 /third_party/heimdal/ChangeLog.2004
parentInitial commit. (diff)
downloadsamba-upstream.tar.xz
samba-upstream.zip
Adding upstream version 2:4.17.12+dfsg.upstream/2%4.17.12+dfsgupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '')
-rw-r--r--third_party/heimdal/ChangeLog.20041485
1 files changed, 1485 insertions, 0 deletions
diff --git a/third_party/heimdal/ChangeLog.2004 b/third_party/heimdal/ChangeLog.2004
new file mode 100644
index 0000000..47cd799
--- /dev/null
+++ b/third_party/heimdal/ChangeLog.2004
@@ -0,0 +1,1485 @@
+2004-12-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for
+ now (used in pkinit)
+
+2004-12-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/Makefile.am: add CHECK_SYMBOLS
+
+ * lib/hdb/keys.c: make all_etypes static
+
+ * lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err
+ -version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops
+
+ * kdc/kerberos5.c: use private version of principalname
+
+ * kdc/kerberos4.c: use private version of principalname
+
+ * kdc/hpropd.c: use private version of principalname
+
+ * kdc/524.c: use private version of principalname
+
+ * lib/krb5/rd_req.c: use private version of principalname
+
+ * lib/krb5/rd_cred.c: use private version of principalname
+
+ * lib/krb5/init_creds_pw.c: use private version of principalname
+
+ * lib/krb5/get_in_tkt.c: use private version of principalname
+
+ * lib/krb5/asn1_glue.c: make principalname functions private
+
+ * lib/krb5/krb5.h: add key usage for server referrals
+
+2004-12-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/principal.c: make default_v4_name_convert static
+
+ * lib/krb5/crypto.c: make lots of crypto related variables static
+
+ * lib/krb5/acache.c: make default_acc_name static
+
+2004-12-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: add some text about samba, use example.com
+
+ * lib/hdb/hdb-ldap.c: Add account expiration for samba from James
+ F. Hranicky <jfh@cise.ufl.edu>.
+ Add LDAP_addmod_integer and use it.
+
+2004-12-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text
+ fixes, from Dave Love
+
+2004-12-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just
+ needs pthread.h, threadlib is dead
+
+2004-12-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/config.c (configure): check for deprecated
+ enforce-transited-policy is set and fail if it is
+
+ * lib/asn1/asn1_print.c: don't print garabage for octet strings
+
+2004-12-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/main.c (main): catch sigpipe, we don't bother select()ing
+ for errors
+
+ * kdc/connect.c (handle_http_tcp): handle error from write(2)
+
+ * doc/setup.texi: clarify credentials refreshing stuff
+
+ * doc/setup.texi: add new node: Providing Kerberos credentials to
+ servers and programs
+
+ * doc/whatis.texi: fix spurious cross-reference makeinfo warning
+
+ * lib/hdb/hdb-ldap.c (pos): uppercase in character
+
+2004-12-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode
+ nibbels in the other order
+
+ * lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if
+ attribute exists before we try to delete it LDAP__bytes2hex
+ encodes in strange byte order, is this really right ?
+
+2004-12-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all
+ entries, search for samba accounts too, From: "James F. Hranicky"
+ <jfh@cise.ufl.edu>
+
+ * lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid
+ too
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing
+ both krb5PrincipalName and uid, it must be broken, ignore it and
+ return it doesn't exists.
+
+2004-12-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/hpropd.8: spelling, from OpenBSD
+
+ * kdc/kdc.8: use keeps for options, From OpenBSD k
+
+2004-12-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: document --random-key and the need to do backup
+ of the master key
+
+ * kdc/kstash.8: add --random-key
+
+ * kdc/kstash.c: add --random-key
+
+2004-12-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.8: spelling, from openbsd
+
+ * lib/krb5/krb5_init_context.3: spelling, from openbsd
+
+ * lib/krb5/krb5.conf.5: spelling, from openbsd
+
+ * kuser/kdestroy.1: use keeps around options, spelling, from
+ openbsd
+
+ * kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD
+
+ * kdc/hpropd.8: use keeps around options, from OpenBSD
+
+ * kdc/hprop.8: use keeps around options, from OpenBSD
+
+2004-11-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c (krb5_free_context): clear error string
+ before destroying mutex
+ (krb5_init_context): don't call krb5_free_context before there is a
+ mutex initialized
+
+2004-11-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c (get_new_tickets): only complain about ticket
+ renewable lifetime when the user asked for a specific renewable
+ lifetime
+
+2004-11-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (find_keys): log what principal is missing
+ enctypes
+
+2004-11-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after
+ freeing data
+
+ * lib/krb5/init_creds_pw.c (change_password): handle old_options
+ being NULL From Guenther Deschner on samba-technical.
+
+2004-11-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_get_init_creds.3: add more text describing the
+ krb5_get_init_creds functions
+
+2004-11-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work
+ again
+
+2004-11-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.asn1: use constrained integers
+
+2004-11-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_get_init_creds.3: add description for opt_init,
+ opt_alloc, opt_free
+
+ * lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit
+
+ * lib/krb5/init_creds.c: unexport
+ krb5_get_init_creds_opt_free_pkinit
+
+ * lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into
+ get_init_creds_common
+
+ * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in
+ options NULL, just make a clean copy
+
+2004-11-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier
+ so we don't leak it on error
+
+2004-10-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: unbreak 2b entry
+
+ * lib/krb5/acache.c (make_cred_from_ccred): the address isn't a
+ sockaddr but rather a kerberos address, deal with that. Based on
+ bug report from Jakob Schlyter <jakob@rfc.se>.
+
+2004-10-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/connect.c: Make sure argument passed to ctype isn't signed
+ char
+
+2004-10-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: match new error names
+
+ * lib/krb5/krb5_err.et: make error messages sane again
+
+2004-10-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab.c: use KRB5_KT_BADNAME
+
+ * lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major
+ version bump) add KRB5_DELTAT_BADFORMAT
+
+ * lib/krb5/krb5.conf.5: time defaults to "s"
+
+ * lib/krb5/time.c (krb5_string_to_deltat): default to "s" again,
+ MIT's behavior was actually that it failed to parse the number
+ (and thus used the default). Even better, ticket_lifetime (that
+ was a consumer supposed a of the interface) was documented but
+ never implemented, when it was implemented, people configuraiton
+ files started to fail. Also, use KRB5_DELTAT_BADFORMAT as a
+ failure code.
+
+ * lib/asn1/k5.asn1: sync enctypes with pkinit branch
+
+ * lib/asn1/parse.y (readd) support negative numbers
+
+ * lib/asn1/lex.l: support hex numbers
+
+2004-10-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS
+
+ * lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding
+ for rc2 don't to padding for blocksize 1
+
+ * lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c:
+ Move keyset parsing and password based keyset generation into hdb.
+ Requested by Andrew Bartlett <abartlet@samba.org> for hdb-ldb
+ backend.
+
+2004-10-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: adapt to new signature of
+ krb5_get_init_creds_opt_set_pkinit
+
+ * lib/krb5/pkinit.c: free openssl engine deal with
+ RecipientIdentifier -> CMSIdentifier and heim_any -> name change
+ improve error messages
+
+ * kdc/pkinit.c: free openssl engine deal with RecipientIdentifier
+ -> CMSIdentifier and heim_any -> name change
+
+2004-10-04 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/klist.c: use rtbl_set_separator
+
+2004-10-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: filter out dup openssl engine keys, parse
+ user options first
+
+ * lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add
+ openssl engine support for private key
+
+ * lib/krb5/crypto.c: support padding as its done in CMS
+
+ * kdc/pkinit.c: improve error logging
+
+ * kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt
+
+2004-09-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: assume minutes for time
+
+ * lib/krb5/config_file.c (krb5_config_vget_time_default): use
+ krb5_string_to_deltat
+
+ * lib/krb5/appdefault.c (krb5_appdefault_time): use
+ krb5_string_to_deltat
+
+ * lib/krb5/time.c (krb5_string_to_deltat): set default unit to
+ minute for compatibility with MIT Kerberos.
+
+
+2004-09-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large
+ message safe" transport if we get back
+ KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner
+ <gd@sernet.de>
+
+2004-09-23 Johan Danielsson <joda@pdc.kth.se>
+
+ * admin/list.c: use rtbl
+
+ * admin/ktutil-commands.in: slc source file
+
+ * lib/krb5/constants.c: check
+ /Library/Preferences/edu.mit.Kerberos on OSX
+
+2004-09-21 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/time.c (krb5_format_time): check return value from
+ localtime and strftime
+
+2004-09-14 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/kinit.c: make sure we don't always get renewable creds
+
+2004-09-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/acache.c: use krb5_ccapi.h
+
+ * lib/krb5/krb5_ccapi.h: break out krb5 api definitions to
+ separate (not installed) file
+
+ * lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS
+ since AM_CPPFLAGS overridden by target specific _CPPFLAGS
+
+2004-09-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: make variable shorter, make error messages
+ from pkinit, make freeing easier
+
+2004-09-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen
+
+ * lib/krb5/crypto.c (seed_something): avoid poking at memory that
+ is uninitialized, make valgrind unhappy. Pointd out by
+ abartlet@samba.org. While where, plug the fd leak.
+
+2004-09-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/der_get.c (decode_*): name all tag-length variables the
+ same
+ (decode_enumerated): check that the tag-length is not longer the length
+
+ * lib/asn1/der_get.c (decode_boolean): fail if length of tag is
+ larger then len
+
+2004-08-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be
+ set in case of failure too, free unconditionally on exit to avoid
+ memory leak
+
+2004-08-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after
+ free
+
+2004-08-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c (krb5_get_err_text): if neither of com_right
+ nor strerror finds the error-code, return Unknown error.
+
+2004-08-19 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/krb5_kuserok.3: update to reality
+
+ * lib/krb5/kuserok.c: if a .k5login file exist, don't give
+ implicit rights to anyone; also check owner/mode of .k5login
+
+2004-08-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3
+
+ * lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname
+
+ * lib/krb5/krb5.3: add krb5_getportbyname
+
+ * lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid
+
+ * lib/krb5/krb5_encrypt.3: document krb5_enctype_valid
+
+2004-08-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes
+ from the client and filter them out.
+
+ * lib/krb5/krb5_string_to_key.3: document krb5_free_salt
+
+2004-08-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_ticket.3: data needs to be freed when using
+ krb5_ticket_get_authorization_data_type
+
+2004-08-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_cc.c: test variables in default_cc_name
+
+ * lib/krb5/krb5.conf.5: explain support for varibles in
+ [libdefaults]default_cc_name
+
+ * lib/krb5/cache.c: drop ${time}, its not very useful
+
+ * lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand
+ variables in the default cc name. Supported variables now are:
+ ${time},${uid} and ${null}
+
+ * lib/krb5/krb5.conf.5: document default_cc_name
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name):
+ s/libdefault/libdefaults/
+
+2004-08-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/acache.c: replace magic 3 with ccapi_version_3
+
+ * lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c
+
+ * lib/krb5/krb5.h: add krb5_acc_ops
+
+ * lib/krb5/acache.c: CCAPI v3 implementation, the read only
+ support was from Magnus Ahltorp and then extended by me to support
+ all other operations. Tested with MIT kerberos cc cache
+ implementation on MacOS 10.3.3
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the
+ default cc name, this is not very useful for general purpose glue
+ since its not possible to glue in user information (like uid), but
+ for CCAPI it works just fine
+
+2004-08-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kgetcred.1: document --cache/-c
+
+ * kuser/kgetcred.c: allow to specify what credential cache to use
+
+2004-08-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3
+
+ * lib/krb5/krb5_eai_to_heim_errno.3: document
+ krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno
+
+ * lib/krb5/krb5.3: add krb5_eai_to_heim_errno,
+ krb5_h_errno_to_heim_errno
+
+2004-07-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms
+ result should be free with krb5_free_host_realm drop
+ krb5_get_host_realm text
+
+ * lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result
+ should be free with krb5_free_host_realm
+
+ * lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep
+
+ * lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds
+
+ * lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator
+
+ * lib/krb5/Makefile.am: man_MANS += krb5_rd_error
+
+ * lib/krb5/krb5_rd_error.3: krb5_rd_error and friends
+
+ * lib/krb5/krb5_warn.3: clarify on what string
+ krb5_free_error_string should operate on
+
+ * lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred
+
+ * lib/krb5/Makefile.am: krb5_get_credentials,
+ krb5_get_forwarded_creds and friends
+
+ * lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds
+ and friends
+
+ * lib/krb5/krb5_get_credentials.3: krb5_get_credentials and
+ friends
+
+2004-07-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/klist.c (print_cred_verbose): keytypes are no longer, use
+ enctype
+
+2004-07-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99
+ compilers, From metze at samba.org
+
+2004-07-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_cc.c: more cc tests
+
+ * lib/krb5/krb5_check_transited.3: document krb5_check_transited
+
+2004-07-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c (pk_principal_from_X509): reverse test, makes
+ principal in cert work From: Mayur Patel <patelm4@rpi.edu>
+
+2004-07-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: add krb5_verify_init_creds.3
+
+ * lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds
+
+2004-07-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org
+ description for krb5_passwd_result_to_string
+
+2004-07-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar
+ fixes; split sentence in two for better understanding. From
+ wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here.
+
+ * lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan
+ Stone <jonathan@dsg.stanford.edu>
+
+ * lib/krb5/changepw.c (process_reply): cast ssize_t to long and
+ print that From NetBSD via Havard Eidnes.
+
+2004-07-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: fix helpstring for hdb-openldap-module
+
+ * lib/krb5/test_cc.c: don't use krb5_err on error code 0
+
+2004-07-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better
+
+2004-07-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const
+
+2004-07-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with
+ right argument
+
+2004-06-27 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the
+ krbtgt is without addresses, default to not sending our own
+ addrport
+
+ * lib/asn1/lex.l: add support for /* */ and partial line --
+ comments
+
+ * kuser/Makefile.am: don't install copy_cred_cache manpage
+
+2004-06-24 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if
+ copying a static opt, make sure to allocate the "private" field
+
+2004-06-24 Love <lha@stacken.kth.se>
+
+ * kdc/config.c: add enable_pkinit_princ_in_cert
+
+ * kdc/kdc_locl.h: enable_pkinit_princ_in_cert
+
+ * kdc/pkinit.c: Check certificate for Kerberos Principal in
+ OtherName of subjectAltName Based on patch from Mayur Patel
+ <patelm4@rpi.edu>
+
+2004-06-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use
+ session key for authorization-data
+
+2004-06-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/connect.c (handle_tcp): note who is what that closed the
+ connection on us
+
+2004-06-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * admin/get.c (kt_get): catch errors from krb5_parse_name
+
+2004-06-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: if its the entry just contains the
+ structural object (no samba nor heimdal object), add an aux
+ heimdal object on to it.
+
+2004-06-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswd.c: use krb5_set_password_using_ccache
+
+ * lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache
+
+ * lib/krb5/changepw.c: implement krb5_set_password_using_ccache
+
+ * lib/hdb/hdb-ldap.c: Allow the objectClass to be
+ "sambaSamAccount" or structural_object when searching for uid
+ entries.
+
+ * lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base
+
+ * lib/hdb/hdb-ldap.c: add creation base that defaults to the
+ search base
+
+ * lib/hdb/hdb-ldap.c: indent like the rest of the code
+
+2004-06-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: check return values from ldap operations and
+ close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you
+ should retry by yourself.
+
+ * lib/hdb/hdb-ldap.c: require search base to be configured, create
+ local context structure
+
+2004-05-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: more ldap text, partly from Tarjei Huse
+ <tarjei@nu.no>
+
+2004-05-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: clean, indent
+
+ * lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure
+ krb5KeyVersionNumber is added on new entires
+
+2004-05-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: minor fixes, partly from Tarjei Huse
+ <tarjei@nu.no>
+
+ * lib/krb5/krb5.conf.5: some text about dbname and realm
+
+ * lib/krb5/krb5.conf.5: default value for
+ hdb-ldap-structural-object is account
+
+2004-05-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * tools/Makefile.am: use ! instead of , as sed delimiter
+
+2004-05-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions
+
+2004-05-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean
+
+ * lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure
+ option
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From:
+ Andrew Bartlett <abartlet@samba.org>
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length
+ check From: Andrew Bartlett <abartlet@samba.org>
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword
+ case, make sure ent->etypes are allocated, From: Andrew Bartlett
+ <abartlet@samba.org>
+
+2004-05-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: move "setpag if (argc < 1)" to common path
+
+2004-05-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers
+
+ * fix-export: use right argument for -E
+
+2004-05-06 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/kinit.c: print some diagnostics if the exec fails
+
+2004-04-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key
+ From: Luke Howard <lukeh@padl.com>
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket,
+ not just a pointer size of it From: Luke Howard <lukeh@padl.com>
+
+2004-04-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * fix-export: add -E flag where needed to make-proto
+
+2004-04-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/crypto.c: add set_param for RC2
+
+ * lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids
+ that are no longer needed
+
+ * kdc/pkinit.c: use krb5_enctype_to_oid
+
+ * lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists
+ before we compare with it
+
+ * lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length
+ before returning it add aes-oids
+
+ * lib/krb5/crypto.c: add krb5_enctype_to_oid and
+ krb5_oid_to_enctype
+
+ * kdc/pkinit.c: use krb5_crypto_set_params
+
+ * lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none
+
+ * lib/krb5/krb5.h: add KEYTYPE_AES192
+
+ * lib/krb5/pkinit.c: use krb5_crypto_get_params to implement
+ kcrypto RC2 support
+
+ * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
+ rc2-cbc XXX RC2CBCParameter is wrong because the compiler is
+ broken
+
+ * lib/krb5/krb5.h: add KEYTYPE_RC2
+
+ * lib/krb5/crypto.c: add partial CMS parameter handling, this is
+ needed for RC2
+
+ * lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp
+
+ * lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c
+
+ * lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp
+
+ * lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE
+
+ * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
+ rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken
+
+2004-04-26 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/config_file.c: allow parsing directly from strings with
+ krb5_config_parse_string_multi
+
+ * lib/krb5/verify_krb5_conf.c: try to resolve hostnames
+
+2004-04-25 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file
+ descriptor so we don't have to keep track of it in two places
+
+ * kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in
+ libkrb5
+
+ * lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its
+ own manpage
+
+ * replace krb5_free_creds_contents by krb5_free_cred_contents
+
+ * lib/krb5/cache.c: add krb5_cc_next_cred_match() and
+ krb5_cc_copy_cred_match()
+
+ * lib/krb5/creds.c (krb5_compare_creds): add more matching options
+
+ * lib/krb5/krb5.h: add more creds match flags
+
+ * kuser/copy_cred_cache: add --valid-for option
+
+ * lib/krb5/store.c (krb5_store_creds): set is_skey flag if length
+ of second ticket is > 0
+
+2004-04-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: use the right oid for pkauthdata
+
+ * lib/krb5/pkinit.c: always send both win2k compat version and the
+ ietf draft one, this is possible since microsoft use
+ wrong/diffrent PA number. Make the configuration flag boolean
+ configuring if NOT to send the win2k compat glue.
+
+ * lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec
+
+ * kuser/copy_cred_cache.1: pacify mdoclint
+
+ * kdc/pkinit.c: use IV for envelopeddata encryption, patch
+ originally from Luke Howard <lukeh@padl.com>, tweeked by me.
+
+ * lib/krb5/krb5_storage.3: document
+ KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
+
+ * lib/krb5/krb5_data.3: document that krb5_data_free cleans the
+ structure too
+
+ * lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch
+ originally from Luke Howard <lukeh@padl.com>, tweeked by me.
+
+2004-04-24 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/copy_cred_cache.{c,1}: add cred cache copy tool
+
+ * configure.in: use rk_SYS_LARGEFILE
+
+ * lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder
+ issue with a storage flag instead of a separate function.
+
+2004-04-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: move out the oid check from get_reply_key
+
+ * lib/krb5/pkinit.c: uniquify error messages
+
+ * lib/krb5/init_creds_pw.c: make the pkinit nonce same os the
+ plain nonce for now
+
+ * lib/krb5/pkinit.c: more w2k compat from Luke Howard
+ <lukeh@padl.com> add RC2 support, clean up error messages
+
+ * lib/krb5/pkinit.c: remove more dependency on
+ krb5_config->pkinit_flags
+
+ * lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft
+ style answer to IETF, From Luke Howard <lukeh@padl.com>
+ (_krb5_pk_create_sign): ms handles NULL in param, so always send it
+ (_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool }
+
+ * lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the
+ digestAlgorithm to sha1 (both for SignerInfo and SignedData, add
+ new function _set_digest_alg to set it
+
+2004-04-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * include/make_crypto.c: include rc2.h, and when I'm here, make
+ aes mandatory
+
+ * lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT
+ kerberos
+
+ * lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on
+ failure
+
+ * lib/krb5/crypto.c (DES3_random_to_key): make it produce the
+ right result
+ (DES3_postproc): use DES3_random_to_key
+ (krb5_random_to_key): check the required number of bits (not the size
+ of the key)
+
+ * lib/krb5/aes-test.c: test random to key function
+
+ * lib/krb5/string-to-key-test.c: comment out the "@"/"" test for
+ now
+
+2004-04-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_string_to_key.3: document that
+ krb5_string_to_key_derived is broken for non 3des enctypes and
+ thus deprecated
+
+ * kdc/pkinit.c (generate_dh_keyblock): use the new function
+ krb5_random_to_key
+
+ * lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they
+ need special processing
+
+ * lib/krb5/crypto.c (krb5_random_to_key): new function
+
+ * lib/krb5/krb5_keyblock.3: document krb5_random_to_key
+
+2004-04-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: use the first proposed enable enctype
+
+ * lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the
+ return from krb5_enctype_valid
+
+ * kdc/pkinit.c: at least try to handle diffrent enveloped enctypes
+
+2004-04-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid
+ components being smaller then 127 and allocate one extra element
+ since first byte is split to to elements.
+
+2004-04-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE:
+ private use, lukeh@padl.com
+
+2004-04-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode
+ DH public key
+
+2004-04-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_init_context.3: add krb5_context to so its added
+ as manpage-link too
+
+2004-04-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation,
+ XXX add locking
+
+ * kuser/kdestroy.c: add --credential argument that just remove one
+ credential entry out of the cache specified
+
+ * kdc/pkinit.c: replace the krb5.conf configuration option that
+ describes the mapping between principals and subject names with a
+ file, default /var/heimdal/pki-mapping. XXX this should be pushed
+ into HDB. XXX should add issuer too
+
+ * kdc/config.c: merge certificate/private_key to a user_id
+
+2004-04-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kdc_locl.h: update prototype for pk_initialize
+
+ * kuser/kinit.c: merge certificate/private_key to a user_id
+
+ * kdc/pkinit.c: adapt to heim_integer changes
+
+ * lib/krb5/pkinit.c: merge certificate/private_key to a user_id
+
+ * kdc/pkinit.c: adapt to heim_integer changes,
+ merge certificate/private_key to a user_id
+
+2004-04-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE
+
+2004-04-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building
+ libkrb5.la, add KRB5_LIB_FUNCTION proto
+
+ * lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION
+
+ * configure.in: export KRB5_LIB_FUNCTION when building with
+ BUILD_KRB5_LIB
+
+ * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add
+ error strings
+
+ * lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing
+ is printed on stderr, fflush it
+
+ * lib/krb5/krb5_keyblock.3: free functions also zeros out the key
+
+ * lib/krb5/krb5_get_init_creds.3: some text about
+ krb5_prompter_posix
+
+ * lib/krb5/krb5.conf.5: document hdb-ldap-structural-object
+
+ * lib/krb5/cache.c: add krb5_cc_get_prefix_ops
+
+ * lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops
+
+2004-04-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/http_client.c: support GSS_C_DELEG_FLAG and
+ GSS_C_MUTUAL_FLAG
+
+ * appl/test/http_client.c: verbose logging
+
+2004-04-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/connect.c: case size_t to unsigned long for LP64 platforms
+
+2004-04-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of
+ default structural object
+
+ * tools/Makefile.am: handle sed expression breaking
+
+2004-03-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr
+
+ * lib/krb5/changepw.c: add tcp support to the set protocol, should
+ be cleaned up to enable sharing code with krb5_sendto
+
+ * kpasswd/kpasswd.c (change_password): remove extra free
+
+ * lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on
+ osf/1
+
+2004-03-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't
+ increase md->len, krb5_padata_add already does that
+
+ * lib/krb5/init_creds.c: its PAC not PAQ
+
+ * kuser/kinit.c: its PAC not PAQ
+
+ * kdc/kerberos4.c: stop the client from renewing tickets into the
+ future From: Jeffrey Hutzelman <jhutz@cmu.edu>
+
+2004-03-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: try to handle sys/strtty.h needing sys/stream.h
+
+2004-03-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no
+ longer used
+
+ * kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/
+
+ * lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to
+ external users by prefixing it with _
+
+ * lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/
+
+ * lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external
+ users by prefixing it with _
+
+2004-03-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: add missing }
+
+2004-03-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: adapt to change of signature of
+ _krb5_pk_load_openssl_id
+
+ * lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add
+ prompter argument and use it
+
+ * kuser/kinit.c: adapt to signature change of
+ krb5_get_init_creds_opt_set_pkinit
+
+ * lib/krb5/krb5.3: add more stuff, 105 functions to go
+
+ * lib/krb5/krb5_rcache.3: add krb5_get_server_rcache
+
+ * lib/krb5/krb5_rcache.3: framework for replay cache manpage
+
+ * lib/krb5/krb5_string_to_key.3: document string to key functions
+
+ * lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3
+ krb5_find_padata.3 krb5_generate_random_block.3
+
+ * lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length
+
+ * lib/krb5/krb5.3: add some more, 137 to go
+
+ * lib/krb5/krb5_principal.3: document krb5_get_default_principal
+
+ * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey
+
+ * lib/krb5/krb5_generate_random_block.3: document
+ krb5_generate_random_block
+
+ * lib/krb5/krb5_find_padata.3: document padata functions
+
+ * lib/krb5/krb5.3: add some more, 142 to go
+
+ * lib/krb5/krb5_creds.3: drop .Pp before .Sh
+
+ * lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm
+
+ * lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname
+ and krb5_expand_hostname_realms
+
+ * lib/krb5/krb5.3: add more functions, 147 to go
+
+ * lib/krb5/krb5_creds.3: document krb5_creds
+
+ * lib/krb5/krb5_get_init_creds.3: add more functions, some more
+ text
+
+ * lib/krb5/krb5_ticket.3: document
+ krb5_ticket_get_authorization_data_type
+
+2004-03-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: remove #if 0'ed code
+
+ * lib/krb5/krb5.3: add keyblock functions, 177 functions to go
+
+ * lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache
+
+ * lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket
+
+ * lib/krb5/krb5_config.3: document krb5_config_free_strings and
+ krb5_config_file_free
+
+ * lib/krb5/krb5_create_checksum.3: add krb5_hmac
+
+ * lib/krb5/krb5.3: add keyblock functions, 190 functions to go
+
+ * lib/krb5/krb5_keyblock.3: update .Dd
+
+ * lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and
+ krb5_generate_random_keyblock
+
+ * lib/krb5/krb5_init_context.3: add krb5_init_ets
+
+ * lib/krb5/krb5_config.3: add more krb5_config_ functions and
+ prototypes
+
+ * lib/krb5/krb5_init_context.3: document context modifcation
+ functions: address list, config file, use admin kdc, fcc version
+
+ * lib/krb5/krb5_storage.3: document krb5_storage and related
+ functions
+
+ * lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc
+ manpages and test_acl test program
+
+ * lib/krb5/krb5.3: add error string functions and sort
+
+ * lib/krb5/krb5_warn.3: document krb5_abort and error string
+ functions
+
+ * lib/krb5/krb5.3: add missing functions, only 285 left to
+ document
+
+ * lib/krb5/krb5_crypto_init.3: remove various enctype related
+ function
+
+ * lib/krb5/krb5_encrypt.3: add various enctype related function
+ here
+
+ * lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid
+ krb5_cksumtype_valid
+
+ * lib/krb5/crypto.c: real return values for
+ krb5_{enctype,cksumtype}_valid
+
+ * lib/krb5/krb5_create_checksum.3: add some functions and
+ descriptions
+
+ * lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions
+
+ * lib/krb5/krb5_auth_context.3: document
+ krb5_auth_con_generatelocalsubkey
+
+ * lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags
+
+ * lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name
+
+ * lib/krb5/krb5_init_context.3: document krb5_add_et_list
+
+ * lib/krb5/krb524_convert_creds_kdc.3: document
+ krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache
+
+ * lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_*
+
+ * lib/krb5/test_acl.c: test for generic acl code
+
+ * lib/krb5/acl.c: plug memory leak on file matching,
+ make it not fall over when no non matching acl,
+ make fnmatch matching useful by switching arguments
+
+2004-03-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/config.c: add --builtin-hdb command
+
+ * lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin
+ backends
+
+ * doc/setup.texi: include Luke Howard of PADL.COM ldap hdb
+ documentation
+
+ * doc/win2k.texi: fix bugs in examples, add more restrictions, use
+ example.com as an example. From: Pavel Ferdan
+ <xferdan@informatics.muni.cz>
+
+2004-03-18 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin]
+ password_lifetime; from Henry B. Hotz
+
+2004-03-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY
+ is set send subkey
+ (generate if needed)
+
+ * lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY
+
+2004-03-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks,
+ and free memory in error path, assume realloc(NULL, ...) works,
+ factor out common code, indent
+
+2004-03-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: understand [password_quality]
+ spelling
+
+ * kuser/kgetcred.1: document --canonicalize
+
+ * kuser/kgetcred.c: add --canonicalize
+
+2004-03-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/fcache.c (fcc_store_cred): NULL terminate
+ krb5_config_get_bool_default' arglist
+
+2004-03-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply
+
+ * kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry
+
+ * kdc/pkinit.c: pass client hdb_entry to pk_check_client
+
+ * kdc/kdc_locl.h: pass client hdb_entry to pk_check_client
+
+ * kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its
+ more like that language in RFC3280
+
+ * lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since
+ its more like that language in RFC3280
+
+ * lib/krb5/krb5.conf.5: document
+ [libdefaults]fcc-mit-ticketflags=boolean
+
+ * lib/krb5/fcache.c (fcc_store_cred): use
+ [libdefaults]fcc-mit-ticketflags=boolean to decide what format to
+ write the fcc in. Default to mit version (aka heimdal 0.7)
+
+ * lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and
+ _krb5_store_creds_heimdal_pre_0_7 that store the creds in just
+ that format make krb5_store_creds default to mit format
+
+ * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is
+ the higher bits of the bitfield
+
+2004-03-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/store.c (krb5_store_creds): add disabled code that
+ store the ticket flags in reverse order
+ (bitswap32): new function
+
+ * lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags
+ are set, its a mit cache, reverse the bits, bug pointed out by
+ Sergio Gelato <Sergio.Gelato@astro.su.se>
+
+2004-03-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP *
+
+ * kuser/kinit.c: when running kinit with a subprocess, fetch new
+ tickets after half the tickets lifetime
+
+ * lib/hdb/hdb.c: spelling
+
+ * lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba
+ password database. From: Andrew Bartlett <abartlet@samba.org>
+
+ * kdc/config.c: add --disable-DES
+
+ * kdc/kdc.8: document --detach and --disable-DES
+
+ * kdc/kerberos5.c: check if enctype is disabled before using it
+
+ * lib/krb5/crypto.c: add support for disabling checksum/encryption
+ types
+
+ * tools/kdc-log-analyze.pl: add more cases
+
+ * kdc/connect.c: on strange tcp error; log local port number and
+ socket type
+
+ * lib/asn1/der.h: fix prototype of encode_utf8string
+
+ * lib/asn1/gen.c: catch CHOICE and generate dummy placeholder
+
+ * lib/asn1/lex.l: added dummy parsing of CHOICE
+
+ * lib/asn1/parse.y: added dummy parsing of CHOICE
+
+ * lib/asn1/k5.asn1: drop SMTP_NAME
+
+2004-03-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/Makefile.am: support building ldap backend as module
+ sort asn1 hdb files
+
+ * lib/hdb/hdb.c: when building ldap as a shared module, don't
+ include it in the list
+
+ * configure.in: add --enable-hdb-openldap-module
+
+ * lib/hdb/hdb-ldap.c: make ldap possible to build as a shared
+ module
+
+ * lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew
+ Bartlett <abartlet@samba.org>
+
+ * lib/krb5/crypto.c (decrypt_internal_special): do not not modify
+ the original data test case from Ronnie Sahlberg
+ <ronnie_sahlberg@ozemail.com.au>
+
+2004-03-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_cc.c: more cc tests, mostly related to mcc
+ behavior
+
+ * lib/krb5/mcache.c (mcc_get_principal): also check for
+ primary_principal == NULL now that that isn't used as dead flag
+
+ * lib/krb5/mcache.c: don't overload the primary_principal == NULL
+ as dead since that doesn't always work. Based on patch from
+ Jeffrey Hutzelman <jhutz@cmu.edu>, tweeked by me
+
+2004-02-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
+
+ * lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
+
+ * lib/hdb/db3.c: fix all db >= 4.1 cases
+
+ * doc/setup.texi: add text about hostname to realm mapping using
+ DNS
+
+2004-02-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: update error codes
+
+ * lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_
+
+ * lib/krb5/pkinit.c: update error codes
+
+2004-02-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort()
+
+ * lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling
+
+ * lib/krb5/store.c: handle memory allocate errors
+
+ * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok,
+ and don't put an error in the error strings then
+
+2004-02-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: s/heim_big_integer/heim_integer/
+
+ * lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/
+
+ * kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors
+
+ * lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT
+ errors
+
+ * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors
+
+2004-02-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: rename AC_WFLAGS to rk_WFLAGS
+
+ * acinclude.m4: use m4_define, over-quote string
+
+2004-02-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c (change_password): handle that
+ printf("%.*s", 0, (void*)NULL); doesn't work on solaris
+
+2004-02-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswd.c (change_password): handle that printf("%.*s",
+ 0, (void*)NULL); doesn't work on solaris
+
+ * lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses
+ some locate.updatedb, use FILES section to describe where the file
+ is instead.
+
+2004-02-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned
+ for certain negative integers, it got the length wrong" , from
+ Panasas, Inc.
+
+ * lib/asn1/der_length.c: Fix len_unsigned for certain negative
+ integers, it got the length wrong, fix from Panasas, Inc.
+
+ rename len_int and len_unsigned to _heim_\&
+
+ * lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int
+
+2004-02-06 Dave Love <d.love@dl.ac.uk>
+
+ * configure.in: Check for sys/socket.h, net/if.h. Modify term.h,
+ security/pam_appl.h tests.
+
+2004-02-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add
+ up the size of all the elements, don't use just the size of the
+ last element.
+
+ * lib/krb5/aes-test.c: add "next iv" test for aes128, check
+ decryption case too
+
+ * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
+ the next to last block, fix decryption case too
+
+ * lib/krb5/aes-test.c: add "next iv" test for aes128
+
+ * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
+ the next to last block
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
+ error
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
+ error
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1
+ encode error
+
+ * lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode
+ error
+
+ * lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1
+ encode error
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): abort on
+ internal asn1 encode error
+
+ * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal
+ asn1 encode error
+
+2004-01-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: some text about order of [capaths] realms
+
+2004-01-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c: register WRFILE ops
+
+ * lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE)
+
+ * lib/krb5/krb5.h: add krb5_wrfkt_ops
+
+ * kpasswd/kpasswdd.c (change): use the right password when
+ changing the password
+
+2004-01-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it
+ means that the filesystem doesn't support locking
+
+ * lib/krb5/keytab.c: remove #if 0 out file locking code
+
+2004-01-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the
+ size of all the elements, don't use just the size of the last
+ element.
+
+2004-01-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c (renew_validate): if renewable_flag and not time
+ specifed, use "1 month"
+
+2004-01-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_keyblock.3: add prototypes, describe
+ krb5_keyblock_zero
+
+2004-01-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_for_creds.c (add_addrs): don't add same address
+ multiple times
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to
+ handle errors better for previous commit
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets
+ are address-less, forward address-less tickets.
+
+ * lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and
+ export it
+