aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDoug Rabson <dfr@FreeBSD.org>2008-05-07 13:39:42 +0000
committerDoug Rabson <dfr@FreeBSD.org>2008-05-07 13:39:42 +0000
commit4fe54d7c6acb302aacc6ac18798804b26c882c13 (patch)
tree07a0d6761d1b42410a27e4c7d583b766d6671f80
parent86067c77149c346cf467f1db4307a68c3632aa23 (diff)
parentc19800e8cd5640693f36f2040db4ab5e8d738146 (diff)
downloadsrc-4fe54d7c6acb302aacc6ac18798804b26c882c13.tar.gz
src-4fe54d7c6acb302aacc6ac18798804b26c882c13.zip
This commit was generated by cvs2svn to compensate for changes in r178825,
which included commits to RCS files with non-trunk default branches.
Notes
Notes: svn path=/head/; revision=178826
-rw-r--r--crypto/heimdal/ChangeLog1675
-rw-r--r--crypto/heimdal/ChangeLog.20031795
-rw-r--r--crypto/heimdal/ChangeLog.20041485
-rw-r--r--crypto/heimdal/ChangeLog.20052004
-rw-r--r--crypto/heimdal/ChangeLog.20062047
-rw-r--r--crypto/heimdal/LICENSE30
-rw-r--r--crypto/heimdal/Makefile.am46
-rw-r--r--crypto/heimdal/Makefile.am.common2
-rw-r--r--crypto/heimdal/Makefile.in400
-rw-r--r--crypto/heimdal/NEWS177
-rw-r--r--crypto/heimdal/README2
-rw-r--r--crypto/heimdal/aclocal.m42263
-rw-r--r--crypto/heimdal/admin/ChangeLog70
-rw-r--r--crypto/heimdal/admin/Makefile.am23
-rw-r--r--crypto/heimdal/admin/Makefile.in326
-rw-r--r--crypto/heimdal/admin/add.c148
-rw-r--r--crypto/heimdal/admin/change.c109
-rw-r--r--crypto/heimdal/admin/copy.c140
-rw-r--r--crypto/heimdal/admin/get.c109
-rw-r--r--crypto/heimdal/admin/ktutil-commands.in266
-rw-r--r--crypto/heimdal/admin/ktutil.816
-rw-r--r--crypto/heimdal/admin/ktutil.c76
-rw-r--r--crypto/heimdal/admin/list.c192
-rw-r--r--crypto/heimdal/admin/purge.c48
-rw-r--r--crypto/heimdal/admin/remove.c62
-rw-r--r--crypto/heimdal/admin/rename.c38
-rw-r--r--crypto/heimdal/appl/Makefile.am3
-rw-r--r--crypto/heimdal/appl/Makefile.in340
-rw-r--r--crypto/heimdal/appl/afsutil/ChangeLog56
-rw-r--r--crypto/heimdal/appl/afsutil/Makefile.am10
-rw-r--r--crypto/heimdal/appl/afsutil/Makefile.in305
-rw-r--r--crypto/heimdal/appl/afsutil/afslog.174
-rw-r--r--crypto/heimdal/appl/afsutil/afslog.c83
-rw-r--r--crypto/heimdal/appl/afsutil/pagsh.192
-rw-r--r--crypto/heimdal/appl/afsutil/pagsh.c220
-rw-r--r--crypto/heimdal/appl/ftp/ChangeLog293
-rw-r--r--crypto/heimdal/appl/ftp/Makefile.am2
-rw-r--r--crypto/heimdal/appl/ftp/Makefile.in337
-rw-r--r--crypto/heimdal/appl/ftp/common/Makefile.am4
-rw-r--r--crypto/heimdal/appl/ftp/common/Makefile.in288
-rw-r--r--crypto/heimdal/appl/ftp/common/buffer.c2
-rw-r--r--crypto/heimdal/appl/ftp/common/common.h2
-rw-r--r--crypto/heimdal/appl/ftp/common/sockbuf.c2
-rw-r--r--crypto/heimdal/appl/ftp/ftp/Makefile.am13
-rw-r--r--crypto/heimdal/appl/ftp/ftp/Makefile.in328
-rw-r--r--crypto/heimdal/appl/ftp/ftp/cmds.c126
-rw-r--r--crypto/heimdal/appl/ftp/ftp/cmdtab.c17
-rw-r--r--crypto/heimdal/appl/ftp/ftp/domacro.c26
-rw-r--r--crypto/heimdal/appl/ftp/ftp/extern.h2
-rw-r--r--crypto/heimdal/appl/ftp/ftp/ftp.130
-rw-r--r--crypto/heimdal/appl/ftp/ftp/ftp.c85
-rw-r--r--crypto/heimdal/appl/ftp/ftp/ftp_var.h1
-rw-r--r--crypto/heimdal/appl/ftp/ftp/globals.c3
-rw-r--r--crypto/heimdal/appl/ftp/ftp/gssapi.c55
-rw-r--r--crypto/heimdal/appl/ftp/ftp/kauth.c25
-rw-r--r--crypto/heimdal/appl/ftp/ftp/krb4.c6
-rw-r--r--crypto/heimdal/appl/ftp/ftp/main.c8
-rw-r--r--crypto/heimdal/appl/ftp/ftp/ruserpass.c22
-rw-r--r--crypto/heimdal/appl/ftp/ftp/security.c152
-rw-r--r--crypto/heimdal/appl/ftp/ftp/security.h8
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/Makefile.am14
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/Makefile.in357
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/extern.h6
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpcmd.c3551
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpcmd.y147
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpd.84
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpd.c95
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpd_locl.h4
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ftpusers.52
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/gss_userok.c149
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/gssapi.c528
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/kauth.c167
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/klist.c178
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/krb4.c340
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/logwtmp.c2
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/ls.c93
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/pathnames.h2
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/popen.c2
-rw-r--r--crypto/heimdal/appl/ftp/ftpd/security.c883
-rw-r--r--crypto/heimdal/appl/gssmask/Makefile.am12
-rw-r--r--crypto/heimdal/appl/gssmask/Makefile.in760
-rw-r--r--crypto/heimdal/appl/gssmask/common.c97
-rw-r--r--crypto/heimdal/appl/gssmask/common.h112
-rw-r--r--crypto/heimdal/appl/gssmask/gssmaestro.c851
-rw-r--r--crypto/heimdal/appl/gssmask/gssmask.c1092
-rw-r--r--crypto/heimdal/appl/gssmask/protocol.h286
-rw-r--r--crypto/heimdal/appl/kf/Makefile.am6
-rw-r--r--crypto/heimdal/appl/kf/Makefile.in315
-rw-r--r--crypto/heimdal/appl/kf/kf.12
-rw-r--r--crypto/heimdal/appl/kf/kf.c2
-rw-r--r--crypto/heimdal/appl/kf/kf_locl.h2
-rw-r--r--crypto/heimdal/appl/kf/kfd.82
-rw-r--r--crypto/heimdal/appl/kf/kfd.c7
-rw-r--r--crypto/heimdal/appl/login/ChangeLog75
-rw-r--r--crypto/heimdal/appl/login/Makefile.am10
-rw-r--r--crypto/heimdal/appl/login/Makefile.in314
-rw-r--r--crypto/heimdal/appl/login/conf.c2
-rw-r--r--crypto/heimdal/appl/login/env.c2
-rw-r--r--crypto/heimdal/appl/login/limits_conf.c214
-rw-r--r--crypto/heimdal/appl/login/login.133
-rw-r--r--crypto/heimdal/appl/login/login.access.52
-rw-r--r--crypto/heimdal/appl/login/login.c57
-rw-r--r--crypto/heimdal/appl/login/login_access.c2
-rw-r--r--crypto/heimdal/appl/login/login_locl.h13
-rw-r--r--crypto/heimdal/appl/login/login_protos.h13
-rw-r--r--crypto/heimdal/appl/login/loginpaths.h52
-rw-r--r--crypto/heimdal/appl/login/osfc2.c2
-rw-r--r--crypto/heimdal/appl/login/read_string.c22
-rw-r--r--crypto/heimdal/appl/login/shadow.c2
-rw-r--r--crypto/heimdal/appl/login/stty_default.c2
-rw-r--r--crypto/heimdal/appl/login/tty.c2
-rw-r--r--crypto/heimdal/appl/login/utmp_login.c2
-rw-r--r--crypto/heimdal/appl/login/utmpx_login.c2
-rw-r--r--crypto/heimdal/appl/push/ChangeLog8
-rw-r--r--crypto/heimdal/appl/push/Makefile.am6
-rw-r--r--crypto/heimdal/appl/push/Makefile.in321
-rw-r--r--crypto/heimdal/appl/push/pfrom.12
-rw-r--r--crypto/heimdal/appl/push/pfrom.in2
-rw-r--r--crypto/heimdal/appl/push/push.82
-rw-r--r--crypto/heimdal/appl/push/push.c8
-rw-r--r--crypto/heimdal/appl/push/push_locl.h2
-rw-r--r--crypto/heimdal/appl/rcp/ChangeLog53
-rw-r--r--crypto/heimdal/appl/rcp/Makefile.am10
-rw-r--r--crypto/heimdal/appl/rcp/Makefile.in358
-rw-r--r--crypto/heimdal/appl/rcp/rcp.12
-rw-r--r--crypto/heimdal/appl/rcp/rcp.c51
-rw-r--r--crypto/heimdal/appl/rcp/rcp_locl.h7
-rw-r--r--crypto/heimdal/appl/rcp/util.c9
-rw-r--r--crypto/heimdal/appl/rsh/ChangeLog125
-rw-r--r--crypto/heimdal/appl/rsh/Makefile.am16
-rw-r--r--crypto/heimdal/appl/rsh/Makefile.in337
-rw-r--r--crypto/heimdal/appl/rsh/common.c22
-rw-r--r--crypto/heimdal/appl/rsh/limits_conf.c214
-rw-r--r--crypto/heimdal/appl/rsh/login_access.c277
-rw-r--r--crypto/heimdal/appl/rsh/rsh.1121
-rw-r--r--crypto/heimdal/appl/rsh/rsh.c63
-rw-r--r--crypto/heimdal/appl/rsh/rsh_locl.h22
-rw-r--r--crypto/heimdal/appl/rsh/rshd.86
-rw-r--r--crypto/heimdal/appl/rsh/rshd.c177
-rw-r--r--crypto/heimdal/appl/su/ChangeLog38
-rw-r--r--crypto/heimdal/appl/su/Makefile.in360
-rw-r--r--crypto/heimdal/appl/su/su.1123
-rw-r--r--crypto/heimdal/appl/su/supaths.h51
-rw-r--r--crypto/heimdal/appl/telnet/ChangeLog263
-rw-r--r--crypto/heimdal/appl/telnet/Makefile.am2
-rw-r--r--crypto/heimdal/appl/telnet/Makefile.in337
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/Makefile.am4
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/Makefile.in288
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/auth-proto.h2
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/auth.c2
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/auth.h2
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/enc-proto.h2
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/enc_des.c99
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/encrypt.c4
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/encrypt.h2
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/genget.c2
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/kerberos.c27
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/kerberos5.c206
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/krb4encpwd.c4
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/misc-proto.h2
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/misc.c2
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/rsaencpwd.c4
-rw-r--r--crypto/heimdal/appl/telnet/libtelnet/spx.c4
-rw-r--r--crypto/heimdal/appl/telnet/telnet/Makefile.am8
-rw-r--r--crypto/heimdal/appl/telnet/telnet/Makefile.in313
-rw-r--r--crypto/heimdal/appl/telnet/telnet/authenc.c9
-rw-r--r--crypto/heimdal/appl/telnet/telnet/commands.c24
-rw-r--r--crypto/heimdal/appl/telnet/telnet/externs.h7
-rw-r--r--crypto/heimdal/appl/telnet/telnet/main.c41
-rw-r--r--crypto/heimdal/appl/telnet/telnet/network.c2
-rw-r--r--crypto/heimdal/appl/telnet/telnet/ring.c2
-rw-r--r--crypto/heimdal/appl/telnet/telnet/ring.h2
-rw-r--r--crypto/heimdal/appl/telnet/telnet/sys_bsd.c2
-rw-r--r--crypto/heimdal/appl/telnet/telnet/telnet.16
-rw-r--r--crypto/heimdal/appl/telnet/telnet/telnet.c53
-rw-r--r--crypto/heimdal/appl/telnet/telnet/telnet_locl.h27
-rw-r--r--crypto/heimdal/appl/telnet/telnet/terminal.c2
-rw-r--r--crypto/heimdal/appl/telnet/telnet/utilities.c2
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/Makefile.am8
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/Makefile.in317
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/authenc.c2
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/ext.h8
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/global.c4
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/slc.c2
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/state.c21
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/sys_term.c328
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/telnetd.88
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/telnetd.c102
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/telnetd.h28
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/termstat.c2
-rw-r--r--crypto/heimdal/appl/telnet/telnetd/utility.c17
-rw-r--r--crypto/heimdal/appl/test/Makefile.am15
-rw-r--r--crypto/heimdal/appl/test/Makefile.in335
-rw-r--r--crypto/heimdal/appl/test/common.c4
-rw-r--r--crypto/heimdal/appl/test/gss_common.c42
-rw-r--r--crypto/heimdal/appl/test/gss_common.h6
-rw-r--r--crypto/heimdal/appl/test/gssapi_client.c26
-rw-r--r--crypto/heimdal/appl/test/gssapi_server.c101
-rw-r--r--crypto/heimdal/appl/test/http_client.c504
-rw-r--r--crypto/heimdal/appl/test/nt_gss_client.c8
-rw-r--r--crypto/heimdal/appl/test/nt_gss_common.c6
-rw-r--r--crypto/heimdal/appl/test/nt_gss_common.h2
-rw-r--r--crypto/heimdal/appl/test/nt_gss_server.c11
-rw-r--r--crypto/heimdal/appl/test/tcp_client.c4
-rw-r--r--crypto/heimdal/appl/test/tcp_server.c6
-rw-r--r--crypto/heimdal/appl/test/test_locl.h3
-rw-r--r--crypto/heimdal/appl/test/uu_client.c22
-rw-r--r--crypto/heimdal/appl/test/uu_server.c19
-rw-r--r--crypto/heimdal/autogen.sh5
-rw-r--r--crypto/heimdal/cf/ChangeLog423
-rw-r--r--crypto/heimdal/cf/Makefile.am.common58
-rw-r--r--crypto/heimdal/cf/aix.m44
-rw-r--r--crypto/heimdal/cf/auth-modules.m42
-rw-r--r--crypto/heimdal/cf/autobuild.m434
-rw-r--r--crypto/heimdal/cf/broken-getaddrinfo.m48
-rw-r--r--crypto/heimdal/cf/broken-glob.m48
-rw-r--r--crypto/heimdal/cf/broken-realloc.m411
-rw-r--r--crypto/heimdal/cf/broken-snprintf.m427
-rw-r--r--crypto/heimdal/cf/broken.m42
-rw-r--r--crypto/heimdal/cf/broken2.m49
-rw-r--r--crypto/heimdal/cf/c-attribute.m413
-rw-r--r--crypto/heimdal/cf/c-function.m416
-rw-r--r--crypto/heimdal/cf/capabilities.m42
-rw-r--r--crypto/heimdal/cf/check-compile-et.m440
-rw-r--r--crypto/heimdal/cf/check-getpwnam_r-posix.m49
-rw-r--r--crypto/heimdal/cf/check-man.m42
-rw-r--r--crypto/heimdal/cf/check-netinet-ip-and-tcp.m410
-rw-r--r--crypto/heimdal/cf/check-type-extra.m42
-rw-r--r--crypto/heimdal/cf/check-var.m418
-rw-r--r--crypto/heimdal/cf/check-x.m411
-rw-r--r--crypto/heimdal/cf/check-xau.m48
-rw-r--r--crypto/heimdal/cf/crypto.m4136
-rw-r--r--crypto/heimdal/cf/db.m4103
-rw-r--r--crypto/heimdal/cf/destdirs.m42
-rw-r--r--crypto/heimdal/cf/dlopen.m47
-rw-r--r--crypto/heimdal/cf/find-func-no-libs.m42
-rw-r--r--crypto/heimdal/cf/find-func-no-libs2.m44
-rw-r--r--crypto/heimdal/cf/find-func.m42
-rw-r--r--crypto/heimdal/cf/find-if-not-broken.m42
-rw-r--r--crypto/heimdal/cf/framework-security.m431
-rw-r--r--crypto/heimdal/cf/have-pragma-weak.m46
-rw-r--r--crypto/heimdal/cf/have-struct-field.m410
-rw-r--r--crypto/heimdal/cf/have-type.m414
-rw-r--r--crypto/heimdal/cf/have-types.m42
-rwxr-xr-xcrypto/heimdal/cf/install-catman.sh47
-rw-r--r--crypto/heimdal/cf/irix.m42
-rw-r--r--crypto/heimdal/cf/krb-bigendian.m426
-rw-r--r--crypto/heimdal/cf/krb-func-getcwd-broken.m48
-rw-r--r--crypto/heimdal/cf/krb-func-getlogin.m42
-rw-r--r--crypto/heimdal/cf/krb-ipv6.m422
-rw-r--r--crypto/heimdal/cf/krb-prog-ln-s.m42
-rw-r--r--crypto/heimdal/cf/krb-prog-ranlib.m42
-rw-r--r--crypto/heimdal/cf/krb-prog-yacc.m42
-rw-r--r--crypto/heimdal/cf/krb-readline.m412
-rw-r--r--crypto/heimdal/cf/krb-struct-spwd.m413
-rw-r--r--crypto/heimdal/cf/krb-struct-winsize.m42
-rw-r--r--crypto/heimdal/cf/krb-sys-aix.m42
-rw-r--r--crypto/heimdal/cf/krb-sys-nextstep.m42
-rw-r--r--crypto/heimdal/cf/krb-version.m42
-rw-r--r--crypto/heimdal/cf/largefile.m416
-rw-r--r--crypto/heimdal/cf/make-proto.pl136
-rw-r--r--crypto/heimdal/cf/mips-abi.m48
-rw-r--r--crypto/heimdal/cf/misc.m42
-rw-r--r--crypto/heimdal/cf/need-proto.m414
-rw-r--r--crypto/heimdal/cf/osfc2.m44
-rw-r--r--crypto/heimdal/cf/otp.m44
-rw-r--r--crypto/heimdal/cf/proto-compat.m49
-rw-r--r--crypto/heimdal/cf/pthreads.m475
-rw-r--r--crypto/heimdal/cf/resolv.m4109
-rw-r--r--crypto/heimdal/cf/retsigtype.m42
-rw-r--r--crypto/heimdal/cf/roken-frag.m4216
-rw-r--r--crypto/heimdal/cf/roken.m410
-rw-r--r--crypto/heimdal/cf/socket-wrapper.m416
-rw-r--r--crypto/heimdal/cf/sunos.m44
-rw-r--r--crypto/heimdal/cf/telnet.m412
-rw-r--r--crypto/heimdal/cf/test-package.m424
-rw-r--r--crypto/heimdal/cf/valgrind-suppressions84
-rw-r--r--crypto/heimdal/cf/vararray.m416
-rw-r--r--crypto/heimdal/cf/version-script.m440
-rw-r--r--crypto/heimdal/cf/wflags.m413
-rw-r--r--crypto/heimdal/cf/win32.m412
-rw-r--r--crypto/heimdal/cf/with-all.m48
-rwxr-xr-xcrypto/heimdal/compile92
-rwxr-xr-xcrypto/heimdal/config.guess634
-rwxr-xr-xcrypto/heimdal/config.sub175
-rwxr-xr-xcrypto/heimdal/configure36000
-rw-r--r--crypto/heimdal/configure.in316
-rw-r--r--crypto/heimdal/doc/Makefile.am83
-rw-r--r--crypto/heimdal/doc/Makefile.in504
-rw-r--r--crypto/heimdal/doc/ack.texi74
-rw-r--r--crypto/heimdal/doc/apps.texi244
-rw-r--r--crypto/heimdal/doc/doxytmpl.dxy257
-rw-r--r--crypto/heimdal/doc/hcrypto.din15
-rw-r--r--crypto/heimdal/doc/heimdal.css53
-rw-r--r--crypto/heimdal/doc/heimdal.texi250
-rw-r--r--crypto/heimdal/doc/hx509.din15
-rw-r--r--crypto/heimdal/doc/hx509.texi633
-rw-r--r--crypto/heimdal/doc/init-creds2
-rw-r--r--crypto/heimdal/doc/install.texi13
-rw-r--r--crypto/heimdal/doc/intro.texi12
-rw-r--r--crypto/heimdal/doc/kerberos4.texi6
-rw-r--r--crypto/heimdal/doc/krb5.din16
-rw-r--r--crypto/heimdal/doc/migration.texi2
-rw-r--r--crypto/heimdal/doc/misc.texi72
-rw-r--r--crypto/heimdal/doc/ntlm.din15
-rw-r--r--crypto/heimdal/doc/programming.texi407
-rw-r--r--crypto/heimdal/doc/setup.texi1119
-rwxr-xr-xcrypto/heimdal/doc/vars.texi7
-rw-r--r--crypto/heimdal/doc/vars.tin7
-rw-r--r--crypto/heimdal/doc/whatis.texi18
-rw-r--r--crypto/heimdal/doc/win2k.texi182
-rw-r--r--crypto/heimdal/etc/Makefile.am5
-rw-r--r--crypto/heimdal/etc/Makefile.in658
-rw-r--r--crypto/heimdal/etc/services.append2
-rw-r--r--crypto/heimdal/include/Makefile.am113
-rw-r--r--crypto/heimdal/include/Makefile.in507
-rw-r--r--crypto/heimdal/include/bits.c24
-rw-r--r--crypto/heimdal/include/config.h.in269
-rw-r--r--crypto/heimdal/include/gssapi/Makefile.am6
-rw-r--r--crypto/heimdal/include/gssapi/Makefile.in659
-rw-r--r--crypto/heimdal/include/hcrypto/Makefile.am23
-rw-r--r--crypto/heimdal/include/hcrypto/Makefile.in678
-rw-r--r--crypto/heimdal/include/kadm5/Makefile.am4
-rw-r--r--crypto/heimdal/include/kadm5/Makefile.in261
-rw-r--r--crypto/heimdal/include/make_crypto.c66
-rwxr-xr-xcrypto/heimdal/install-sh453
-rw-r--r--crypto/heimdal/kadmin/ChangeLog415
-rw-r--r--crypto/heimdal/kadmin/Makefile.am42
-rw-r--r--crypto/heimdal/kadmin/Makefile.in477
-rw-r--r--crypto/heimdal/kadmin/add-random-users.c15
-rw-r--r--crypto/heimdal/kadmin/add_enctype.c164
-rw-r--r--crypto/heimdal/kadmin/ank.c122
-rw-r--r--crypto/heimdal/kadmin/check.c238
-rw-r--r--crypto/heimdal/kadmin/cpw.c67
-rw-r--r--crypto/heimdal/kadmin/del.c43
-rw-r--r--crypto/heimdal/kadmin/del_enctype.c45
-rw-r--r--crypto/heimdal/kadmin/dump.c51
-rw-r--r--crypto/heimdal/kadmin/ext.c113
-rw-r--r--crypto/heimdal/kadmin/get.c576
-rw-r--r--crypto/heimdal/kadmin/init.c122
-rw-r--r--crypto/heimdal/kadmin/kadm_conn.c20
-rw-r--r--crypto/heimdal/kadmin/kadmin-commands.in420
-rw-r--r--crypto/heimdal/kadmin/kadmin.8252
-rw-r--r--crypto/heimdal/kadmin/kadmin.c224
-rw-r--r--crypto/heimdal/kadmin/kadmind.830
-rw-r--r--crypto/heimdal/kadmin/kadmind.c81
-rw-r--r--crypto/heimdal/kadmin/load.c169
-rw-r--r--crypto/heimdal/kadmin/mod.c302
-rw-r--r--crypto/heimdal/kadmin/pw_quality.c62
-rw-r--r--crypto/heimdal/kadmin/random_password.c10
-rw-r--r--crypto/heimdal/kadmin/rename.c49
-rw-r--r--crypto/heimdal/kadmin/server.c42
-rw-r--r--crypto/heimdal/kadmin/stash.c140
-rw-r--r--crypto/heimdal/kadmin/test_util.c92
-rw-r--r--crypto/heimdal/kadmin/util.c77
-rw-r--r--crypto/heimdal/kcm/Makefile.am44
-rw-r--r--crypto/heimdal/kcm/Makefile.in868
-rw-r--r--crypto/heimdal/kcm/acl.c180
-rw-r--r--crypto/heimdal/kcm/acquire.c531
-rw-r--r--crypto/heimdal/kcm/cache.c636
-rw-r--r--crypto/heimdal/kcm/client.c185
-rw-r--r--crypto/heimdal/kcm/config.c390
-rw-r--r--crypto/heimdal/kcm/connect.c688
-rw-r--r--crypto/heimdal/kcm/cursor.c151
-rw-r--r--crypto/heimdal/kcm/events.c440
-rw-r--r--crypto/heimdal/kcm/glue.c279
-rw-r--r--crypto/heimdal/kcm/headers.h89
-rw-r--r--crypto/heimdal/kcm/kcm.8224
-rw-r--r--crypto/heimdal/kcm/kcm_locl.h173
-rw-r--r--crypto/heimdal/kcm/kcm_protos.h288
-rw-r--r--crypto/heimdal/kcm/log.c85
-rw-r--r--crypto/heimdal/kcm/main.c107
-rw-r--r--crypto/heimdal/kcm/protocol.c1046
-rw-r--r--crypto/heimdal/kcm/renew.c124
-rw-r--r--crypto/heimdal/kdc/524.c167
-rw-r--r--crypto/heimdal/kdc/Makefile.am93
-rw-r--r--crypto/heimdal/kdc/Makefile.in556
-rw-r--r--crypto/heimdal/kdc/config.c357
-rw-r--r--crypto/heimdal/kdc/connect.c422
-rw-r--r--crypto/heimdal/kdc/default_config.c285
-rw-r--r--crypto/heimdal/kdc/digest.c1456
-rw-r--r--crypto/heimdal/kdc/hprop.827
-rw-r--r--crypto/heimdal/kdc/hprop.c419
-rw-r--r--crypto/heimdal/kdc/hprop.h6
-rw-r--r--crypto/heimdal/kdc/hpropd.86
-rw-r--r--crypto/heimdal/kdc/hpropd.c254
-rw-r--r--crypto/heimdal/kdc/kadb.h2
-rw-r--r--crypto/heimdal/kdc/kaserver.c496
-rw-r--r--crypto/heimdal/kdc/kdc-private.h286
-rw-r--r--crypto/heimdal/kdc/kdc-protos.h92
-rw-r--r--crypto/heimdal/kdc/kdc-replay.c197
-rw-r--r--crypto/heimdal/kdc/kdc.847
-rw-r--r--crypto/heimdal/kdc/kdc.h96
-rw-r--r--crypto/heimdal/kdc/kdc_locl.h85
-rw-r--r--crypto/heimdal/kdc/kerberos4.c563
-rw-r--r--crypto/heimdal/kdc/kerberos5.c2341
-rw-r--r--crypto/heimdal/kdc/krb5tgs.c1914
-rw-r--r--crypto/heimdal/kdc/kstash.858
-rw-r--r--crypto/heimdal/kdc/kstash.c55
-rw-r--r--crypto/heimdal/kdc/kx509.c460
-rw-r--r--crypto/heimdal/kdc/log.c39
-rw-r--r--crypto/heimdal/kdc/main.c57
-rw-r--r--crypto/heimdal/kdc/misc.c76
-rw-r--r--crypto/heimdal/kdc/mit_dump.c77
-rw-r--r--crypto/heimdal/kdc/pkinit.c1673
-rw-r--r--crypto/heimdal/kdc/process.c219
-rw-r--r--crypto/heimdal/kdc/rx.h16
-rw-r--r--crypto/heimdal/kdc/set_dbinfo.c100
-rw-r--r--crypto/heimdal/kdc/string2key.82
-rw-r--r--crypto/heimdal/kdc/string2key.c35
-rw-r--r--crypto/heimdal/kdc/v4_dump.c3
-rw-r--r--crypto/heimdal/kdc/version-script.map18
-rw-r--r--crypto/heimdal/kdc/windc.c109
-rw-r--r--crypto/heimdal/kdc/windc_plugin.h82
-rw-r--r--crypto/heimdal/kpasswd/Makefile.am8
-rw-r--r--crypto/heimdal/kpasswd/Makefile.in316
-rw-r--r--crypto/heimdal/kpasswd/kpasswd-generator.c26
-rw-r--r--crypto/heimdal/kpasswd/kpasswd.126
-rw-r--r--crypto/heimdal/kpasswd/kpasswd.c227
-rw-r--r--crypto/heimdal/kpasswd/kpasswd_locl.h2
-rw-r--r--crypto/heimdal/kpasswd/kpasswdd.814
-rw-r--r--crypto/heimdal/kpasswd/kpasswdd.c427
-rw-r--r--crypto/heimdal/kuser/Makefile.am45
-rw-r--r--crypto/heimdal/kuser/Makefile.in445
-rw-r--r--crypto/heimdal/kuser/copy_cred_cache.197
-rw-r--r--crypto/heimdal/kuser/copy_cred_cache.c215
-rw-r--r--crypto/heimdal/kuser/generate-requests.c19
-rw-r--r--crypto/heimdal/kuser/kdecode_ticket.c14
-rw-r--r--crypto/heimdal/kuser/kdestroy.117
-rw-r--r--crypto/heimdal/kuser/kdestroy.c40
-rw-r--r--crypto/heimdal/kuser/kdigest-commands.in280
-rw-r--r--crypto/heimdal/kuser/kdigest.c551
-rw-r--r--crypto/heimdal/kuser/kgetcred.125
-rw-r--r--crypto/heimdal/kuser/kgetcred.c147
-rw-r--r--crypto/heimdal/kuser/kimpersonate.1152
-rw-r--r--crypto/heimdal/kuser/kimpersonate.c330
-rw-r--r--crypto/heimdal/kuser/kinit.158
-rw-r--r--crypto/heimdal/kuser/kinit.c633
-rw-r--r--crypto/heimdal/kuser/klist.134
-rw-r--r--crypto/heimdal/kuser/klist.c342
-rw-r--r--crypto/heimdal/kuser/kuser_locl.h5
-rw-r--r--crypto/heimdal/kuser/kverify.c32
-rw-r--r--crypto/heimdal/lib/45/Makefile.am4
-rw-r--r--crypto/heimdal/lib/45/Makefile.in301
-rw-r--r--crypto/heimdal/lib/45/get_ad_tkt.c2
-rw-r--r--crypto/heimdal/lib/45/mk_req.c4
-rw-r--r--crypto/heimdal/lib/Makefile.am12
-rw-r--r--crypto/heimdal/lib/Makefile.in345
-rw-r--r--crypto/heimdal/lib/asn1/CMS.asn1157
-rw-r--r--crypto/heimdal/lib/asn1/ChangeLog1649
-rw-r--r--crypto/heimdal/lib/asn1/Makefile.am645
-rw-r--r--crypto/heimdal/lib/asn1/Makefile.in1334
-rw-r--r--crypto/heimdal/lib/asn1/asn1-common.h57
-rw-r--r--crypto/heimdal/lib/asn1/asn1_err.et7
-rw-r--r--crypto/heimdal/lib/asn1/asn1_gen.c187
-rw-r--r--crypto/heimdal/lib/asn1/asn1_print.c217
-rw-r--r--crypto/heimdal/lib/asn1/asn1_queue.h167
-rw-r--r--crypto/heimdal/lib/asn1/canthandle.asn134
-rw-r--r--crypto/heimdal/lib/asn1/check-common.c287
-rw-r--r--crypto/heimdal/lib/asn1/check-common.h21
-rw-r--r--crypto/heimdal/lib/asn1/check-der.c994
-rw-r--r--crypto/heimdal/lib/asn1/check-gen.c806
-rw-r--r--crypto/heimdal/lib/asn1/check-timegm.c72
-rw-r--r--crypto/heimdal/lib/asn1/der-protos.h567
-rw-r--r--crypto/heimdal/lib/asn1/der.c142
-rw-r--r--crypto/heimdal/lib/asn1/der.h153
-rw-r--r--crypto/heimdal/lib/asn1/der_cmp.c102
-rw-r--r--crypto/heimdal/lib/asn1/der_copy.c90
-rw-r--r--crypto/heimdal/lib/asn1/der_format.c170
-rw-r--r--crypto/heimdal/lib/asn1/der_free.c72
-rw-r--r--crypto/heimdal/lib/asn1/der_get.c575
-rw-r--r--crypto/heimdal/lib/asn1/der_length.c153
-rw-r--r--crypto/heimdal/lib/asn1/der_locl.h5
-rw-r--r--crypto/heimdal/lib/asn1/der_put.c452
-rw-r--r--crypto/heimdal/lib/asn1/digest.asn1164
-rw-r--r--crypto/heimdal/lib/asn1/extra.c155
-rw-r--r--crypto/heimdal/lib/asn1/gen.c663
-rw-r--r--crypto/heimdal/lib/asn1/gen_copy.c278
-rw-r--r--crypto/heimdal/lib/asn1/gen_decode.c872
-rw-r--r--crypto/heimdal/lib/asn1/gen_encode.c542
-rw-r--r--crypto/heimdal/lib/asn1/gen_free.c201
-rw-r--r--crypto/heimdal/lib/asn1/gen_glue.c79
-rw-r--r--crypto/heimdal/lib/asn1/gen_length.c240
-rw-r--r--crypto/heimdal/lib/asn1/gen_locl.h41
-rw-r--r--crypto/heimdal/lib/asn1/gen_seq.c119
-rw-r--r--crypto/heimdal/lib/asn1/hash.c19
-rw-r--r--crypto/heimdal/lib/asn1/hash.h2
-rw-r--r--crypto/heimdal/lib/asn1/heim_asn1.h52
-rw-r--r--crypto/heimdal/lib/asn1/k5.asn1303
-rw-r--r--crypto/heimdal/lib/asn1/kx509.asn120
-rw-r--r--crypto/heimdal/lib/asn1/lex.c2693
-rw-r--r--crypto/heimdal/lib/asn1/lex.h3
-rw-r--r--crypto/heimdal/lib/asn1/lex.l248
-rw-r--r--crypto/heimdal/lib/asn1/main.c63
-rw-r--r--crypto/heimdal/lib/asn1/parse.c2831
-rw-r--r--crypto/heimdal/lib/asn1/parse.h249
-rw-r--r--crypto/heimdal/lib/asn1/parse.y996
-rw-r--r--crypto/heimdal/lib/asn1/pkcs12.asn181
-rw-r--r--crypto/heimdal/lib/asn1/pkcs8.asn130
-rw-r--r--crypto/heimdal/lib/asn1/pkcs9.asn128
-rw-r--r--crypto/heimdal/lib/asn1/pkinit.asn1287
-rw-r--r--crypto/heimdal/lib/asn1/rfc2459.asn1503
-rw-r--r--crypto/heimdal/lib/asn1/setchgpw2.asn1193
-rw-r--r--crypto/heimdal/lib/asn1/symbol.c128
-rw-r--r--crypto/heimdal/lib/asn1/symbol.h120
-rw-r--r--crypto/heimdal/lib/asn1/test.asn195
-rw-r--r--crypto/heimdal/lib/asn1/test.gen14
-rw-r--r--crypto/heimdal/lib/asn1/timegm.c27
-rw-r--r--crypto/heimdal/lib/auth/ChangeLog50
-rw-r--r--crypto/heimdal/lib/auth/Makefile.am2
-rw-r--r--crypto/heimdal/lib/auth/Makefile.in335
-rw-r--r--crypto/heimdal/lib/auth/afskauthlib/Makefile.am18
-rw-r--r--crypto/heimdal/lib/auth/afskauthlib/Makefile.in289
-rw-r--r--crypto/heimdal/lib/auth/afskauthlib/verify.c10
-rw-r--r--crypto/heimdal/lib/auth/pam/Makefile.am28
-rw-r--r--crypto/heimdal/lib/auth/pam/Makefile.in298
-rw-r--r--crypto/heimdal/lib/auth/pam/pam.c2
-rw-r--r--crypto/heimdal/lib/auth/sia/Makefile.am24
-rw-r--r--crypto/heimdal/lib/auth/sia/Makefile.in296
-rw-r--r--crypto/heimdal/lib/auth/sia/krb4+c2_matrix.conf2
-rw-r--r--crypto/heimdal/lib/auth/sia/krb4_matrix.conf2
-rw-r--r--crypto/heimdal/lib/auth/sia/krb5+c2_matrix.conf2
-rw-r--r--crypto/heimdal/lib/auth/sia/krb5_matrix.conf2
-rwxr-xr-xcrypto/heimdal/lib/auth/sia/make-rpath2
-rw-r--r--crypto/heimdal/lib/auth/sia/posix_getpw.c2
-rw-r--r--crypto/heimdal/lib/auth/sia/sia.c35
-rw-r--r--crypto/heimdal/lib/auth/sia/sia_locl.h2
-rw-r--r--crypto/heimdal/lib/com_err/ChangeLog69
-rw-r--r--crypto/heimdal/lib/com_err/Makefile.am25
-rw-r--r--crypto/heimdal/lib/com_err/Makefile.in411
-rw-r--r--crypto/heimdal/lib/com_err/com_err.c9
-rw-r--r--crypto/heimdal/lib/com_err/com_err.h21
-rw-r--r--crypto/heimdal/lib/com_err/com_right.h16
-rw-r--r--crypto/heimdal/lib/com_err/compile_et.c19
-rw-r--r--crypto/heimdal/lib/com_err/compile_et.h5
-rw-r--r--crypto/heimdal/lib/com_err/error.c2
-rw-r--r--crypto/heimdal/lib/com_err/lex.c1896
-rw-r--r--crypto/heimdal/lib/com_err/lex.h2
-rw-r--r--crypto/heimdal/lib/com_err/lex.l6
-rw-r--r--crypto/heimdal/lib/com_err/parse.c1716
-rw-r--r--crypto/heimdal/lib/com_err/parse.h81
-rw-r--r--crypto/heimdal/lib/com_err/parse.y38
-rw-r--r--crypto/heimdal/lib/com_err/roken_rename.h25
-rw-r--r--crypto/heimdal/lib/com_err/version-script.map18
-rw-r--r--crypto/heimdal/lib/gssapi/ChangeLog2297
-rw-r--r--crypto/heimdal/lib/gssapi/Makefile.am361
-rw-r--r--crypto/heimdal/lib/gssapi/Makefile.in1542
-rw-r--r--crypto/heimdal/lib/gssapi/gss-commands.in46
-rw-r--r--crypto/heimdal/lib/gssapi/gss.c205
-rw-r--r--crypto/heimdal/lib/gssapi/gss_acquire_cred.3331
-rw-r--r--crypto/heimdal/lib/gssapi/gssapi.335
-rw-r--r--crypto/heimdal/lib/gssapi/gssapi.h753
-rw-r--r--crypto/heimdal/lib/gssapi/gssapi/gssapi.h809
-rw-r--r--crypto/heimdal/lib/gssapi/gssapi/gssapi_krb5.h220
-rw-r--r--crypto/heimdal/lib/gssapi/gssapi/gssapi_spnego.h58
-rw-r--r--crypto/heimdal/lib/gssapi/gssapi_mech.h359
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/8003.c248
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/accept_sec_context.c801
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/acquire_cred.c398
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/add_cred.c252
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/address_to_krb5addr.c77
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/arcfour.c760
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/canonicalize_name.c46
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/ccache_name.c79
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/cfx.c878
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/cfx.h65
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/compare_name.c55
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/compat.c128
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/context_time.c95
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/copy_ccache.c195
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/decapsulate.c209
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/delete_sec_context.c81
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/display_name.c74
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/display_status.c200
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/duplicate_name.c59
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/encapsulate.c155
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/export_name.c94
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/export_sec_context.c240
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/external.c425
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/get_mic.c317
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/gkrb5_err.et31
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/gsskrb5-private.h703
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/gsskrb5_locl.h134
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/import_name.c225
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/import_sec_context.c229
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/indicate_mechs.c57
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/init.c83
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/init_sec_context.c811
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/inquire_context.c112
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/inquire_cred.c182
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_mech.c76
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/inquire_cred_by_oid.c83
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/inquire_mechs_for_name.c57
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/inquire_names_for_mech.c80
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/inquire_sec_context_by_oid.c557
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/prf.c143
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/process_context_token.c70
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/release_buffer.c48
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/release_cred.c80
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/release_name.c55
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/sequence.c294
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/set_cred_option.c229
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/set_sec_context_option.c192
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/test_cfx.c159
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/ticket_flags.c60
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/unwrap.c413
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/v1.c104
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/verify_mic.c344
-rw-r--r--crypto/heimdal/lib/gssapi/krb5/wrap.c551
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/accept_sec_context.c257
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/acquire_cred.c94
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/add_cred.c62
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/canonicalize_name.c46
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/compare_name.c47
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/context_time.c47
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/crypto.c595
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/delete_sec_context.c65
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/digest.c435
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/display_name.c72
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/display_status.c55
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/duplicate_name.c49
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/export_name.c51
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/export_sec_context.c52
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/external.c82
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/import_name.c102
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/import_sec_context.c50
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/indicate_mechs.c48
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/init_sec_context.c508
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/inquire_context.c69
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/inquire_cred.c78
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/inquire_cred_by_mech.c59
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/inquire_mechs_for_name.c49
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/inquire_names_for_mech.c53
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/ntlm-private.h264
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/ntlm.h139
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/process_context_token.c46
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/release_cred.c65
-rw-r--r--crypto/heimdal/lib/gssapi/ntlm/release_name.c53
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/accept_sec_context.c1024
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/compat.c322
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/context_stubs.c903
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/cred_stubs.c336
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/external.c89
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/init_sec_context.c663
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/spnego-private.h330
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/spnego.asn163
-rw-r--r--crypto/heimdal/lib/gssapi/spnego/spnego_locl.h115
-rw-r--r--crypto/heimdal/lib/gssapi/test_acquire_cred.c203
-rw-r--r--crypto/heimdal/lib/gssapi/test_common.c74
-rw-r--r--crypto/heimdal/lib/gssapi/test_common.h36
-rw-r--r--crypto/heimdal/lib/gssapi/test_context.c542
-rw-r--r--crypto/heimdal/lib/gssapi/test_cred.c229
-rw-r--r--crypto/heimdal/lib/gssapi/test_kcred.c186
-rw-r--r--crypto/heimdal/lib/gssapi/test_names.c233
-rw-r--r--crypto/heimdal/lib/gssapi/test_ntlm.c339
-rw-r--r--crypto/heimdal/lib/gssapi/test_oid.c71
-rw-r--r--crypto/heimdal/lib/gssapi/version-script.map97
-rw-r--r--crypto/heimdal/lib/hdb/Makefile.am105
-rw-r--r--crypto/heimdal/lib/hdb/Makefile.in582
-rw-r--r--crypto/heimdal/lib/hdb/common.c192
-rw-r--r--crypto/heimdal/lib/hdb/db.c188
-rw-r--r--crypto/heimdal/lib/hdb/db3.c167
-rw-r--r--crypto/heimdal/lib/hdb/dbinfo.c266
-rw-r--r--crypto/heimdal/lib/hdb/ext.c418
-rw-r--r--crypto/heimdal/lib/hdb/hdb-ldap.c1677
-rw-r--r--crypto/heimdal/lib/hdb/hdb-private.h33
-rw-r--r--crypto/heimdal/lib/hdb/hdb-protos.h220
-rw-r--r--crypto/heimdal/lib/hdb/hdb.asn1107
-rw-r--r--crypto/heimdal/lib/hdb/hdb.c220
-rw-r--r--crypto/heimdal/lib/hdb/hdb.h117
-rw-r--r--crypto/heimdal/lib/hdb/hdb.schema139
-rw-r--r--crypto/heimdal/lib/hdb/hdb_err.et3
-rw-r--r--crypto/heimdal/lib/hdb/keys.c398
-rw-r--r--crypto/heimdal/lib/hdb/keytab.c64
-rw-r--r--crypto/heimdal/lib/hdb/mkey.c220
-rw-r--r--crypto/heimdal/lib/hdb/ndbm.c149
-rw-r--r--crypto/heimdal/lib/hdb/print.c46
-rw-r--r--crypto/heimdal/lib/hdb/test_dbinfo.c91
-rw-r--r--crypto/heimdal/lib/hx509/ChangeLog2641
-rw-r--r--crypto/heimdal/lib/hx509/Makefile.am388
-rw-r--r--crypto/heimdal/lib/hx509/Makefile.in1530
-rw-r--r--crypto/heimdal/lib/hx509/ca.c1518
-rw-r--r--crypto/heimdal/lib/hx509/cert.c3108
-rw-r--r--crypto/heimdal/lib/hx509/cms.c1426
-rw-r--r--crypto/heimdal/lib/hx509/collector.c329
-rw-r--r--crypto/heimdal/lib/hx509/crmf.asn1113
-rw-r--r--crypto/heimdal/lib/hx509/crypto.c2706
-rw-r--r--crypto/heimdal/lib/hx509/data/bleichenbacher-bad.pem12
-rw-r--r--crypto/heimdal/lib/hx509/data/bleichenbacher-good.pem12
-rw-r--r--crypto/heimdal/lib/hx509/data/bleichenbacher-sf-pad-correct.pem16
-rw-r--r--crypto/heimdal/lib/hx509/data/ca.crt15
-rw-r--r--crypto/heimdal/lib/hx509/data/ca.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/crl1.crl8
-rw-r--r--crypto/heimdal/lib/hx509/data/crl1.derbin0 -> 264 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/gen-req.sh316
-rw-r--r--crypto/heimdal/lib/hx509/data/j.pem26
-rw-r--r--crypto/heimdal/lib/hx509/data/kdc.crt59
-rw-r--r--crypto/heimdal/lib/hx509/data/kdc.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/key.derbin0 -> 609 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/key2.derbin0 -> 610 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/nist-data91
-rw-r--r--crypto/heimdal/lib/hx509/data/nist-data2291
-rw-r--r--crypto/heimdal/lib/hx509/data/no-proxy-test.crt13
-rw-r--r--crypto/heimdal/lib/hx509/data/no-proxy-test.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-req1.derbin0 -> 105 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-req2.derbin0 -> 105 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-resp1-2.derbin0 -> 999 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-resp1-3.derbin0 -> 363 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-resp1-ca.derbin0 -> 999 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-resp1-keyhash.derbin0 -> 900 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp-no-cert.derbin0 -> 363 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-resp1-ocsp.derbin0 -> 918 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-resp1.derbin0 -> 918 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-resp2.derbin0 -> 935 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-responder.crt56
-rw-r--r--crypto/heimdal/lib/hx509/data/ocsp-responder.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/openssl.cnf182
-rw-r--r--crypto/heimdal/lib/hx509/data/pkinit-proxy-chain.crt70
-rw-r--r--crypto/heimdal/lib/hx509/data/pkinit-proxy.crt14
-rw-r--r--crypto/heimdal/lib/hx509/data/pkinit-proxy.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/pkinit-pw.key18
-rw-r--r--crypto/heimdal/lib/hx509/data/pkinit.crt56
-rw-r--r--crypto/heimdal/lib/hx509/data/pkinit.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/proxy-level-test.crt15
-rw-r--r--crypto/heimdal/lib/hx509/data/proxy-level-test.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/proxy-test.crt14
-rw-r--r--crypto/heimdal/lib/hx509/data/proxy-test.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/proxy10-child-child-test.crt16
-rw-r--r--crypto/heimdal/lib/hx509/data/proxy10-child-child-test.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/proxy10-child-test.crt15
-rw-r--r--crypto/heimdal/lib/hx509/data/proxy10-child-test.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/proxy10-test.crt14
-rw-r--r--crypto/heimdal/lib/hx509/data/proxy10-test.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/revoke.crt53
-rw-r--r--crypto/heimdal/lib/hx509/data/revoke.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/sf-class2-root.pem24
-rw-r--r--crypto/heimdal/lib/hx509/data/static-file84
-rw-r--r--crypto/heimdal/lib/hx509/data/sub-ca.crt60
-rw-r--r--crypto/heimdal/lib/hx509/data/sub-ca.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/sub-cert.crt53
-rw-r--r--crypto/heimdal/lib/hx509/data/sub-cert.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/sub-cert.p12bin0 -> 3008 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-ds-only.crt53
-rw-r--r--crypto/heimdal/lib/hx509/data/test-ds-only.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/test-enveloped-aes-128bin0 -> 3160 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-enveloped-aes-256bin0 -> 3160 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-enveloped-desbin0 -> 3140 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-enveloped-des-ede3bin0 -> 3143 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-enveloped-rc2-128bin0 -> 3148 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-enveloped-rc2-40bin0 -> 3149 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-enveloped-rc2-64bin0 -> 3148 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-ke-only.crt53
-rw-r--r--crypto/heimdal/lib/hx509/data/test-ke-only.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/test-nopw.p12bin0 -> 2223 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-pw.key18
-rw-r--r--crypto/heimdal/lib/hx509/data/test-signed-databin0 -> 3838 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-signed-data-noattrbin0 -> 3656 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test-signed-data-noattr-nocertsbin0 -> 3142 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/test.combined.crt68
-rw-r--r--crypto/heimdal/lib/hx509/data/test.crt53
-rw-r--r--crypto/heimdal/lib/hx509/data/test.key15
-rw-r--r--crypto/heimdal/lib/hx509/data/test.p12bin0 -> 2320 bytes
-rw-r--r--crypto/heimdal/lib/hx509/data/yutaka-pad-broken-ca.pem16
-rw-r--r--crypto/heimdal/lib/hx509/data/yutaka-pad-broken-cert.pem18
-rw-r--r--crypto/heimdal/lib/hx509/data/yutaka-pad-ok-ca.pem16
-rw-r--r--crypto/heimdal/lib/hx509/data/yutaka-pad-ok-cert.pem18
-rw-r--r--crypto/heimdal/lib/hx509/data/yutaka-pad.key15
-rw-r--r--crypto/heimdal/lib/hx509/doxygen.c85
-rw-r--r--crypto/heimdal/lib/hx509/env.c161
-rw-r--r--crypto/heimdal/lib/hx509/error.c223
-rw-r--r--crypto/heimdal/lib/hx509/file.c376
-rw-r--r--crypto/heimdal/lib/hx509/hx509-private.h529
-rw-r--r--crypto/heimdal/lib/hx509/hx509-protos.h1049
-rw-r--r--crypto/heimdal/lib/hx509/hx509.h148
-rw-r--r--crypto/heimdal/lib/hx509/hx509_err.et101
-rw-r--r--crypto/heimdal/lib/hx509/hx_locl.h199
-rw-r--r--crypto/heimdal/lib/hx509/hxtool-commands.in707
-rw-r--r--crypto/heimdal/lib/hx509/hxtool.c1986
-rw-r--r--crypto/heimdal/lib/hx509/keyset.c677
-rw-r--r--crypto/heimdal/lib/hx509/ks_dir.c223
-rw-r--r--crypto/heimdal/lib/hx509/ks_file.c643
-rw-r--r--crypto/heimdal/lib/hx509/ks_keychain.c548
-rw-r--r--crypto/heimdal/lib/hx509/ks_mem.c224
-rw-r--r--crypto/heimdal/lib/hx509/ks_null.c98
-rw-r--r--crypto/heimdal/lib/hx509/ks_p11.c1192
-rw-r--r--crypto/heimdal/lib/hx509/ks_p12.c704
-rw-r--r--crypto/heimdal/lib/hx509/lock.c248
-rw-r--r--crypto/heimdal/lib/hx509/name.c918
-rw-r--r--crypto/heimdal/lib/hx509/ocsp.asn1113
-rw-r--r--crypto/heimdal/lib/hx509/peer.c202
-rw-r--r--crypto/heimdal/lib/hx509/pkcs10.asn125
-rw-r--r--crypto/heimdal/lib/hx509/print.c990
-rw-r--r--crypto/heimdal/lib/hx509/ref/pkcs11.h1357
-rw-r--r--crypto/heimdal/lib/hx509/req.c325
-rw-r--r--crypto/heimdal/lib/hx509/revoke.c1525
-rw-r--r--crypto/heimdal/lib/hx509/softp11.c1740
-rw-r--r--crypto/heimdal/lib/hx509/test_ca.in424
-rw-r--r--crypto/heimdal/lib/hx509/test_cert.in69
-rw-r--r--crypto/heimdal/lib/hx509/test_chain.in242
-rw-r--r--crypto/heimdal/lib/hx509/test_cms.in377
-rw-r--r--crypto/heimdal/lib/hx509/test_crypto.in187
-rw-r--r--crypto/heimdal/lib/hx509/test_java_pkcs11.in73
-rw-r--r--crypto/heimdal/lib/hx509/test_name.c132
-rw-r--r--crypto/heimdal/lib/hx509/test_nist.in116
-rw-r--r--crypto/heimdal/lib/hx509/test_nist2.in118
-rw-r--r--crypto/heimdal/lib/hx509/test_nist_cert.in68
-rw-r--r--crypto/heimdal/lib/hx509/test_nist_pkcs12.in77
-rw-r--r--crypto/heimdal/lib/hx509/test_pkcs11.in62
-rw-r--r--crypto/heimdal/lib/hx509/test_query.in146
-rw-r--r--crypto/heimdal/lib/hx509/test_req.in63
-rw-r--r--crypto/heimdal/lib/hx509/test_soft_pkcs11.c228
-rw-r--r--crypto/heimdal/lib/hx509/test_windows.in89
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-available113
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-available24
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-available36
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-select1
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-select11
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-select21
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-select31
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-select41
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-select51
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-select61
-rw-r--r--crypto/heimdal/lib/hx509/tst-crypto-select71
-rw-r--r--crypto/heimdal/lib/hx509/version-script.map227
-rw-r--r--crypto/heimdal/lib/kadm5/ChangeLog749
-rw-r--r--crypto/heimdal/lib/kadm5/Makefile.am115
-rw-r--r--crypto/heimdal/lib/kadm5/Makefile.in761
-rw-r--r--crypto/heimdal/lib/kadm5/acl.c8
-rw-r--r--crypto/heimdal/lib/kadm5/ad.c1449
-rw-r--r--crypto/heimdal/lib/kadm5/admin.h37
-rw-r--r--crypto/heimdal/lib/kadm5/bump_pw_expire.c2
-rwxr-xr-xcrypto/heimdal/lib/kadm5/check-cracklib.pl106
-rw-r--r--crypto/heimdal/lib/kadm5/chpass_c.c18
-rw-r--r--crypto/heimdal/lib/kadm5/chpass_s.c97
-rw-r--r--crypto/heimdal/lib/kadm5/client_glue.c2
-rw-r--r--crypto/heimdal/lib/kadm5/common_glue.c18
-rw-r--r--crypto/heimdal/lib/kadm5/context_s.c153
-rw-r--r--crypto/heimdal/lib/kadm5/create_c.c14
-rw-r--r--crypto/heimdal/lib/kadm5/create_s.c89
-rw-r--r--crypto/heimdal/lib/kadm5/default_keys.c120
-rw-r--r--crypto/heimdal/lib/kadm5/delete_c.c8
-rw-r--r--crypto/heimdal/lib/kadm5/delete_s.c37
-rw-r--r--crypto/heimdal/lib/kadm5/destroy_c.c6
-rw-r--r--crypto/heimdal/lib/kadm5/destroy_s.c4
-rw-r--r--crypto/heimdal/lib/kadm5/ent_setup.c122
-rw-r--r--crypto/heimdal/lib/kadm5/error.c2
-rw-r--r--crypto/heimdal/lib/kadm5/flush.c2
-rw-r--r--crypto/heimdal/lib/kadm5/flush_c.c2
-rw-r--r--crypto/heimdal/lib/kadm5/flush_s.c2
-rw-r--r--crypto/heimdal/lib/kadm5/free.c2
-rw-r--r--crypto/heimdal/lib/kadm5/get_c.c12
-rw-r--r--crypto/heimdal/lib/kadm5/get_princs_c.c10
-rw-r--r--crypto/heimdal/lib/kadm5/get_princs_s.c16
-rw-r--r--crypto/heimdal/lib/kadm5/get_s.c187
-rw-r--r--crypto/heimdal/lib/kadm5/init_c.c233
-rw-r--r--crypto/heimdal/lib/kadm5/init_s.c2
-rw-r--r--crypto/heimdal/lib/kadm5/iprop-commands.in130
-rw-r--r--crypto/heimdal/lib/kadm5/iprop-log.8170
-rw-r--r--crypto/heimdal/lib/kadm5/iprop-log.c486
-rw-r--r--crypto/heimdal/lib/kadm5/iprop.8223
-rw-r--r--crypto/heimdal/lib/kadm5/iprop.h18
-rw-r--r--crypto/heimdal/lib/kadm5/ipropd_common.c69
-rw-r--r--crypto/heimdal/lib/kadm5/ipropd_master.c429
-rw-r--r--crypto/heimdal/lib/kadm5/ipropd_slave.c327
-rw-r--r--crypto/heimdal/lib/kadm5/kadm5-private.h115
-rw-r--r--crypto/heimdal/lib/kadm5/kadm5-protos.h52
-rw-r--r--crypto/heimdal/lib/kadm5/kadm5-pwcheck.h73
-rw-r--r--crypto/heimdal/lib/kadm5/kadm5_err.et6
-rw-r--r--crypto/heimdal/lib/kadm5/kadm5_locl.h2
-rw-r--r--crypto/heimdal/lib/kadm5/kadm5_pwcheck.3146
-rw-r--r--crypto/heimdal/lib/kadm5/keys.c18
-rw-r--r--crypto/heimdal/lib/kadm5/log.c523
-rw-r--r--crypto/heimdal/lib/kadm5/marshall.c18
-rw-r--r--crypto/heimdal/lib/kadm5/modify_c.c10
-rw-r--r--crypto/heimdal/lib/kadm5/modify_s.c36
-rw-r--r--crypto/heimdal/lib/kadm5/password_quality.c423
-rw-r--r--crypto/heimdal/lib/kadm5/private.h30
-rw-r--r--crypto/heimdal/lib/kadm5/privs_c.c15
-rw-r--r--crypto/heimdal/lib/kadm5/privs_s.c4
-rw-r--r--crypto/heimdal/lib/kadm5/randkey_c.c8
-rw-r--r--crypto/heimdal/lib/kadm5/randkey_s.c36
-rw-r--r--crypto/heimdal/lib/kadm5/rename_c.c2
-rw-r--r--crypto/heimdal/lib/kadm5/rename_s.c54
-rw-r--r--crypto/heimdal/lib/kadm5/sample_passwd_check.c4
-rw-r--r--crypto/heimdal/lib/kadm5/send_recv.c16
-rw-r--r--crypto/heimdal/lib/kadm5/server_glue.c2
-rw-r--r--crypto/heimdal/lib/kadm5/set_keys.c444
-rw-r--r--crypto/heimdal/lib/kadm5/set_modifier.c2
-rw-r--r--crypto/heimdal/lib/kadm5/test_pw_quality.c95
-rw-r--r--crypto/heimdal/lib/kadm5/version-script.map66
-rw-r--r--crypto/heimdal/lib/kafs/ChangeLog171
-rw-r--r--crypto/heimdal/lib/kafs/Makefile.am33
-rw-r--r--crypto/heimdal/lib/kafs/Makefile.in386
-rw-r--r--crypto/heimdal/lib/kafs/afskrb.c56
-rw-r--r--crypto/heimdal/lib/kafs/afskrb5.c64
-rw-r--r--crypto/heimdal/lib/kafs/afslib.c2
-rw-r--r--crypto/heimdal/lib/kafs/afssys.c151
-rw-r--r--crypto/heimdal/lib/kafs/afssysdefs.h8
-rw-r--r--crypto/heimdal/lib/kafs/common.c64
-rw-r--r--crypto/heimdal/lib/kafs/kafs.329
-rw-r--r--crypto/heimdal/lib/kafs/kafs.h81
-rw-r--r--crypto/heimdal/lib/kafs/kafs_locl.h15
-rw-r--r--crypto/heimdal/lib/kafs/roken_rename.h5
-rw-r--r--crypto/heimdal/lib/krb5/Makefile.am162
-rw-r--r--crypto/heimdal/lib/krb5/Makefile.in1186
-rw-r--r--crypto/heimdal/lib/krb5/acache.c961
-rw-r--r--crypto/heimdal/lib/krb5/acl.c112
-rw-r--r--crypto/heimdal/lib/krb5/add_et_list.c4
-rw-r--r--crypto/heimdal/lib/krb5/addr_families.c625
-rw-r--r--crypto/heimdal/lib/krb5/aes-test.c516
-rw-r--r--crypto/heimdal/lib/krb5/aname_to_localname.c6
-rw-r--r--crypto/heimdal/lib/krb5/appdefault.c25
-rw-r--r--crypto/heimdal/lib/krb5/asn1_glue.c21
-rw-r--r--crypto/heimdal/lib/krb5/auth_context.c99
-rw-r--r--crypto/heimdal/lib/krb5/build_ap_req.c7
-rw-r--r--crypto/heimdal/lib/krb5/build_auth.c234
-rw-r--r--crypto/heimdal/lib/krb5/cache.c819
-rw-r--r--crypto/heimdal/lib/krb5/changepw.c53
-rw-r--r--crypto/heimdal/lib/krb5/codec.c50
-rw-r--r--crypto/heimdal/lib/krb5/config_file.c183
-rw-r--r--crypto/heimdal/lib/krb5/config_file_netinfo.c4
-rw-r--r--crypto/heimdal/lib/krb5/constants.c10
-rw-r--r--crypto/heimdal/lib/krb5/context.c622
-rw-r--r--crypto/heimdal/lib/krb5/convert_creds.c104
-rw-r--r--crypto/heimdal/lib/krb5/copy_host_realm.c15
-rw-r--r--crypto/heimdal/lib/krb5/crc.c6
-rw-r--r--crypto/heimdal/lib/krb5/creds.c176
-rw-r--r--crypto/heimdal/lib/krb5/data.c129
-rw-r--r--crypto/heimdal/lib/krb5/derived-key-test.c8
-rw-r--r--crypto/heimdal/lib/krb5/digest.c1199
-rw-r--r--crypto/heimdal/lib/krb5/doxygen.c67
-rw-r--r--crypto/heimdal/lib/krb5/eai_to_heim_errno.c30
-rw-r--r--crypto/heimdal/lib/krb5/error_string.c82
-rw-r--r--crypto/heimdal/lib/krb5/expand_hostname.c13
-rw-r--r--crypto/heimdal/lib/krb5/fcache.c273
-rw-r--r--crypto/heimdal/lib/krb5/free.c9
-rw-r--r--crypto/heimdal/lib/krb5/free_host_realm.c4
-rw-r--r--crypto/heimdal/lib/krb5/generate_seq_number.c8
-rw-r--r--crypto/heimdal/lib/krb5/generate_subkey.c26
-rw-r--r--crypto/heimdal/lib/krb5/get_addrs.c6
-rw-r--r--crypto/heimdal/lib/krb5/get_cred.c555
-rw-r--r--crypto/heimdal/lib/krb5/get_default_principal.c43
-rw-r--r--crypto/heimdal/lib/krb5/get_default_realm.c20
-rw-r--r--crypto/heimdal/lib/krb5/get_for_creds.c197
-rw-r--r--crypto/heimdal/lib/krb5/get_host_realm.c77
-rw-r--r--crypto/heimdal/lib/krb5/get_in_tkt.c133
-rw-r--r--crypto/heimdal/lib/krb5/get_in_tkt_pw.c8
-rw-r--r--crypto/heimdal/lib/krb5/get_in_tkt_with_keytab.c22
-rw-r--r--crypto/heimdal/lib/krb5/get_in_tkt_with_skey.c4
-rw-r--r--crypto/heimdal/lib/krb5/get_port.c4
-rw-r--r--crypto/heimdal/lib/krb5/heim_err.et10
-rw-r--r--crypto/heimdal/lib/krb5/heim_threads.h175
-rw-r--r--crypto/heimdal/lib/krb5/init_creds.c312
-rw-r--r--crypto/heimdal/lib/krb5/init_creds_pw.c1417
-rw-r--r--crypto/heimdal/lib/krb5/k524_err.et2
-rw-r--r--crypto/heimdal/lib/krb5/kcm.c1122
-rw-r--r--crypto/heimdal/lib/krb5/kcm.h69
-rw-r--r--crypto/heimdal/lib/krb5/kerberos.861
-rw-r--r--crypto/heimdal/lib/krb5/keyblock.c62
-rw-r--r--crypto/heimdal/lib/krb5/keytab.c125
-rw-r--r--crypto/heimdal/lib/krb5/keytab_any.c33
-rw-r--r--crypto/heimdal/lib/krb5/keytab_file.c153
-rw-r--r--crypto/heimdal/lib/krb5/keytab_keyfile.c83
-rw-r--r--crypto/heimdal/lib/krb5/keytab_krb4.c37
-rw-r--r--crypto/heimdal/lib/krb5/keytab_memory.c79
-rw-r--r--crypto/heimdal/lib/krb5/krb5-private.h397
-rw-r--r--crypto/heimdal/lib/krb5/krb5-protos.h2146
-rw-r--r--crypto/heimdal/lib/krb5/krb5-v4compat.h57
-rw-r--r--crypto/heimdal/lib/krb5/krb5.3368
-rw-r--r--crypto/heimdal/lib/krb5/krb5.conf.5127
-rw-r--r--crypto/heimdal/lib/krb5/krb5.h247
-rw-r--r--crypto/heimdal/lib/krb5/krb5.moduli3
-rw-r--r--crypto/heimdal/lib/krb5/krb524_convert_creds_kdc.386
-rw-r--r--crypto/heimdal/lib/krb5/krb5_425_conv_principal.364
-rw-r--r--crypto/heimdal/lib/krb5/krb5_acl_match_file.3111
-rw-r--r--crypto/heimdal/lib/krb5/krb5_address.3106
-rw-r--r--crypto/heimdal/lib/krb5/krb5_aname_to_localname.374
-rw-r--r--crypto/heimdal/lib/krb5/krb5_appdefault.350
-rw-r--r--crypto/heimdal/lib/krb5/krb5_auth_context.3184
-rw-r--r--crypto/heimdal/lib/krb5/krb5_c_make_checksum.3297
-rw-r--r--crypto/heimdal/lib/krb5/krb5_ccache.3307
-rw-r--r--crypto/heimdal/lib/krb5/krb5_ccapi.h230
-rw-r--r--crypto/heimdal/lib/krb5/krb5_check_transited.3106
-rw-r--r--crypto/heimdal/lib/krb5/krb5_compare_creds.3104
-rw-r--r--crypto/heimdal/lib/krb5/krb5_config.3268
-rw-r--r--crypto/heimdal/lib/krb5/krb5_context.356
-rw-r--r--crypto/heimdal/lib/krb5/krb5_create_checksum.3203
-rw-r--r--crypto/heimdal/lib/krb5/krb5_creds.3119
-rw-r--r--crypto/heimdal/lib/krb5/krb5_crypto_init.379
-rw-r--r--crypto/heimdal/lib/krb5/krb5_data.394
-rw-r--r--crypto/heimdal/lib/krb5/krb5_digest.3260
-rw-r--r--crypto/heimdal/lib/krb5/krb5_eai_to_heim_errno.368
-rw-r--r--crypto/heimdal/lib/krb5/krb5_encrypt.3263
-rw-r--r--crypto/heimdal/lib/krb5/krb5_err.et63
-rw-r--r--crypto/heimdal/lib/krb5/krb5_expand_hostname.393
-rw-r--r--crypto/heimdal/lib/krb5/krb5_find_padata.387
-rw-r--r--crypto/heimdal/lib/krb5/krb5_generate_random_block.357
-rw-r--r--crypto/heimdal/lib/krb5/krb5_get_all_client_addrs.351
-rw-r--r--crypto/heimdal/lib/krb5/krb5_get_credentials.3208
-rw-r--r--crypto/heimdal/lib/krb5/krb5_get_creds.3173
-rw-r--r--crypto/heimdal/lib/krb5/krb5_get_forwarded_creds.379
-rw-r--r--crypto/heimdal/lib/krb5/krb5_get_in_cred.3274
-rw-r--r--crypto/heimdal/lib/krb5/krb5_get_init_creds.3398
-rw-r--r--crypto/heimdal/lib/krb5/krb5_get_krbhst.362
-rw-r--r--crypto/heimdal/lib/krb5/krb5_getportbyname.367
-rw-r--r--crypto/heimdal/lib/krb5/krb5_init_context.3304
-rw-r--r--crypto/heimdal/lib/krb5/krb5_is_thread_safe.358
-rw-r--r--crypto/heimdal/lib/krb5/krb5_keyblock.3218
-rw-r--r--crypto/heimdal/lib/krb5/krb5_keytab.3153
-rw-r--r--crypto/heimdal/lib/krb5/krb5_krbhst_init.392
-rw-r--r--crypto/heimdal/lib/krb5/krb5_kuserok.3131
-rw-r--r--crypto/heimdal/lib/krb5/krb5_mk_req.3187
-rw-r--r--crypto/heimdal/lib/krb5/krb5_mk_safe.382
-rw-r--r--crypto/heimdal/lib/krb5/krb5_openlog.360
-rw-r--r--crypto/heimdal/lib/krb5/krb5_parse_name.356
-rw-r--r--crypto/heimdal/lib/krb5/krb5_principal.3384
-rw-r--r--crypto/heimdal/lib/krb5/krb5_rcache.3163
-rw-r--r--crypto/heimdal/lib/krb5/krb5_rd_error.398
-rw-r--r--crypto/heimdal/lib/krb5/krb5_rd_safe.381
-rw-r--r--crypto/heimdal/lib/krb5/krb5_set_default_realm.394
-rw-r--r--crypto/heimdal/lib/krb5/krb5_set_password.368
-rw-r--r--crypto/heimdal/lib/krb5/krb5_storage.3427
-rw-r--r--crypto/heimdal/lib/krb5/krb5_string_to_key.3156
-rw-r--r--crypto/heimdal/lib/krb5/krb5_ticket.3137
-rw-r--r--crypto/heimdal/lib/krb5/krb5_timeofday.3145
-rw-r--r--crypto/heimdal/lib/krb5/krb5_unparse_name.350
-rw-r--r--crypto/heimdal/lib/krb5/krb5_verify_init_creds.3103
-rw-r--r--crypto/heimdal/lib/krb5/krb5_verify_user.390
-rw-r--r--crypto/heimdal/lib/krb5/krb5_warn.3189
-rw-r--r--crypto/heimdal/lib/krb5/krb_err.et63
-rw-r--r--crypto/heimdal/lib/krb5/krbhst-test.c10
-rw-r--r--crypto/heimdal/lib/krb5/krbhst.c289
-rw-r--r--crypto/heimdal/lib/krb5/kuserok.c259
-rw-r--r--crypto/heimdal/lib/krb5/locate_plugin.h64
-rw-r--r--crypto/heimdal/lib/krb5/log.c64
-rw-r--r--crypto/heimdal/lib/krb5/mcache.c168
-rw-r--r--crypto/heimdal/lib/krb5/misc.c52
-rw-r--r--crypto/heimdal/lib/krb5/mit_glue.c369
-rw-r--r--crypto/heimdal/lib/krb5/mk_error.c13
-rw-r--r--crypto/heimdal/lib/krb5/mk_priv.c206
-rw-r--r--crypto/heimdal/lib/krb5/mk_rep.c43
-rw-r--r--crypto/heimdal/lib/krb5/mk_req.c12
-rw-r--r--crypto/heimdal/lib/krb5/mk_req_ext.c216
-rw-r--r--crypto/heimdal/lib/krb5/mk_safe.c183
-rw-r--r--crypto/heimdal/lib/krb5/n-fold-test.c6
-rw-r--r--crypto/heimdal/lib/krb5/n-fold.c23
-rw-r--r--crypto/heimdal/lib/krb5/name-45-test.c32
-rw-r--r--crypto/heimdal/lib/krb5/net_read.c4
-rw-r--r--crypto/heimdal/lib/krb5/net_write.c62
-rw-r--r--crypto/heimdal/lib/krb5/pac.c1041
-rw-r--r--crypto/heimdal/lib/krb5/padata.c31
-rw-r--r--crypto/heimdal/lib/krb5/parse-name-test.c6
-rw-r--r--crypto/heimdal/lib/krb5/pkinit.c2070
-rw-r--r--crypto/heimdal/lib/krb5/plugin.c264
-rw-r--r--crypto/heimdal/lib/krb5/principal.c379
-rw-r--r--crypto/heimdal/lib/krb5/prog_setup.c12
-rw-r--r--crypto/heimdal/lib/krb5/prompter_posix.c8
-rw-r--r--crypto/heimdal/lib/krb5/rd_cred.c188
-rw-r--r--crypto/heimdal/lib/krb5/rd_error.c17
-rw-r--r--crypto/heimdal/lib/krb5/rd_priv.c263
-rw-r--r--crypto/heimdal/lib/krb5/rd_rep.c135
-rw-r--r--crypto/heimdal/lib/krb5/rd_req.c518
-rw-r--r--crypto/heimdal/lib/krb5/rd_safe.c225
-rw-r--r--crypto/heimdal/lib/krb5/read_message.c20
-rw-r--r--crypto/heimdal/lib/krb5/recvauth.c246
-rw-r--r--crypto/heimdal/lib/krb5/replay.c42
-rw-r--r--crypto/heimdal/lib/krb5/send_to_kdc.c261
-rw-r--r--crypto/heimdal/lib/krb5/sendauth.c10
-rw-r--r--crypto/heimdal/lib/krb5/set_default_realm.c4
-rw-r--r--crypto/heimdal/lib/krb5/sock_principal.c4
-rw-r--r--crypto/heimdal/lib/krb5/store-test.c5
-rw-r--r--crypto/heimdal/lib/krb5/store.c464
-rw-r--r--crypto/heimdal/lib/krb5/store_emem.c15
-rw-r--r--crypto/heimdal/lib/krb5/store_fd.c84
-rw-r--r--crypto/heimdal/lib/krb5/store_mem.c39
-rw-r--r--crypto/heimdal/lib/krb5/string-to-key-test.c7
-rw-r--r--crypto/heimdal/lib/krb5/test_acl.c113
-rw-r--r--crypto/heimdal/lib/krb5/test_addr.c202
-rw-r--r--crypto/heimdal/lib/krb5/test_alname.c12
-rw-r--r--crypto/heimdal/lib/krb5/test_cc.c476
-rw-r--r--crypto/heimdal/lib/krb5/test_config.c124
-rw-r--r--crypto/heimdal/lib/krb5/test_crypto.c215
-rw-r--r--crypto/heimdal/lib/krb5/test_crypto_wrapping.c164
-rw-r--r--crypto/heimdal/lib/krb5/test_forward.c136
-rw-r--r--crypto/heimdal/lib/krb5/test_get_addrs.c10
-rw-r--r--crypto/heimdal/lib/krb5/test_hostname.c152
-rw-r--r--crypto/heimdal/lib/krb5/test_keytab.c191
-rw-r--r--crypto/heimdal/lib/krb5/test_kuserok.c106
-rw-r--r--crypto/heimdal/lib/krb5/test_mem.c73
-rw-r--r--crypto/heimdal/lib/krb5/test_pac.c295
-rw-r--r--crypto/heimdal/lib/krb5/test_pkinit_dh2key.c218
-rw-r--r--crypto/heimdal/lib/krb5/test_plugin.c126
-rw-r--r--crypto/heimdal/lib/krb5/test_prf.c102
-rw-r--r--crypto/heimdal/lib/krb5/test_princ.c366
-rw-r--r--crypto/heimdal/lib/krb5/test_renew.c122
-rw-r--r--crypto/heimdal/lib/krb5/test_store.c252
-rw-r--r--crypto/heimdal/lib/krb5/test_time.c87
-rw-r--r--crypto/heimdal/lib/krb5/ticket.c197
-rw-r--r--crypto/heimdal/lib/krb5/time.c45
-rw-r--r--crypto/heimdal/lib/krb5/transited.c42
-rw-r--r--crypto/heimdal/lib/krb5/v4_glue.c939
-rw-r--r--crypto/heimdal/lib/krb5/verify_init.c11
-rw-r--r--crypto/heimdal/lib/krb5/verify_krb5_conf.861
-rw-r--r--crypto/heimdal/lib/krb5/verify_krb5_conf.c146
-rw-r--r--crypto/heimdal/lib/krb5/verify_user.c55
-rw-r--r--crypto/heimdal/lib/krb5/version-script.map722
-rw-r--r--crypto/heimdal/lib/krb5/version.c2
-rw-r--r--crypto/heimdal/lib/krb5/warn.c34
-rw-r--r--crypto/heimdal/lib/krb5/write_message.c12
-rw-r--r--crypto/heimdal/lib/ntlm/ChangeLog112
-rw-r--r--crypto/heimdal/lib/ntlm/Makefile.am34
-rw-r--r--crypto/heimdal/lib/ntlm/Makefile.in909
-rw-r--r--crypto/heimdal/lib/ntlm/heimntlm-protos.h131
-rw-r--r--crypto/heimdal/lib/ntlm/heimntlm.h124
-rw-r--r--crypto/heimdal/lib/ntlm/ntlm.c1364
-rw-r--r--crypto/heimdal/lib/ntlm/test_ntlm.c339
-rw-r--r--crypto/heimdal/lib/ntlm/version-script.map27
-rw-r--r--crypto/heimdal/lib/roken/ChangeLog732
-rw-r--r--crypto/heimdal/lib/roken/Makefile.am60
-rw-r--r--crypto/heimdal/lib/roken/Makefile.in836
-rw-r--r--crypto/heimdal/lib/roken/base64-test.c8
-rw-r--r--crypto/heimdal/lib/roken/base64.c10
-rw-r--r--crypto/heimdal/lib/roken/base64.h17
-rw-r--r--crypto/heimdal/lib/roken/bswap.c6
-rw-r--r--crypto/heimdal/lib/roken/chown.c4
-rw-r--r--crypto/heimdal/lib/roken/closefrom.c60
-rw-r--r--crypto/heimdal/lib/roken/concat.c10
-rw-r--r--crypto/heimdal/lib/roken/copyhostent.c4
-rw-r--r--crypto/heimdal/lib/roken/daemon.c10
-rw-r--r--crypto/heimdal/lib/roken/dumpdata.c57
-rw-r--r--crypto/heimdal/lib/roken/ecalloc.384
-rw-r--r--crypto/heimdal/lib/roken/ecalloc.c6
-rw-r--r--crypto/heimdal/lib/roken/emalloc.c6
-rw-r--r--crypto/heimdal/lib/roken/environment.c129
-rw-r--r--crypto/heimdal/lib/roken/eread.c6
-rw-r--r--crypto/heimdal/lib/roken/erealloc.c6
-rw-r--r--crypto/heimdal/lib/roken/err.c4
-rw-r--r--crypto/heimdal/lib/roken/err.hin44
-rw-r--r--crypto/heimdal/lib/roken/errx.c4
-rw-r--r--crypto/heimdal/lib/roken/esetenv.c6
-rw-r--r--crypto/heimdal/lib/roken/estrdup.c6
-rw-r--r--crypto/heimdal/lib/roken/ewrite.c6
-rw-r--r--crypto/heimdal/lib/roken/fchown.c4
-rw-r--r--crypto/heimdal/lib/roken/flock.c4
-rw-r--r--crypto/heimdal/lib/roken/fnmatch.c12
-rw-r--r--crypto/heimdal/lib/roken/fnmatch.hin27
-rw-r--r--crypto/heimdal/lib/roken/freeaddrinfo.c4
-rw-r--r--crypto/heimdal/lib/roken/freehostent.c4
-rw-r--r--crypto/heimdal/lib/roken/gai_strerror.c6
-rw-r--r--crypto/heimdal/lib/roken/get_default_username.c4
-rw-r--r--crypto/heimdal/lib/roken/get_window_size.c6
-rw-r--r--crypto/heimdal/lib/roken/getaddrinfo-test.c12
-rw-r--r--crypto/heimdal/lib/roken/getaddrinfo.c20
-rw-r--r--crypto/heimdal/lib/roken/getaddrinfo_hostspec.c6
-rw-r--r--crypto/heimdal/lib/roken/getarg.34
-rw-r--r--crypto/heimdal/lib/roken/getarg.c30
-rw-r--r--crypto/heimdal/lib/roken/getarg.h27
-rw-r--r--crypto/heimdal/lib/roken/getcap.c45
-rw-r--r--crypto/heimdal/lib/roken/getcwd.c4
-rw-r--r--crypto/heimdal/lib/roken/getdtablesize.c5
-rw-r--r--crypto/heimdal/lib/roken/getegid.c5
-rw-r--r--crypto/heimdal/lib/roken/geteuid.c5
-rw-r--r--crypto/heimdal/lib/roken/getgid.c5
-rw-r--r--crypto/heimdal/lib/roken/gethostname.c2
-rw-r--r--crypto/heimdal/lib/roken/getifaddrs.c112
-rw-r--r--crypto/heimdal/lib/roken/getipnodebyaddr.c4
-rw-r--r--crypto/heimdal/lib/roken/getipnodebyname.c4
-rw-r--r--crypto/heimdal/lib/roken/getnameinfo.c10
-rw-r--r--crypto/heimdal/lib/roken/getnameinfo_verified.c4
-rw-r--r--crypto/heimdal/lib/roken/getopt.c8
-rw-r--r--crypto/heimdal/lib/roken/getprogname.c13
-rw-r--r--crypto/heimdal/lib/roken/gettimeofday.c4
-rw-r--r--crypto/heimdal/lib/roken/getuid.c5
-rw-r--r--crypto/heimdal/lib/roken/getusershell.c18
-rw-r--r--crypto/heimdal/lib/roken/glob.c10
-rw-r--r--crypto/heimdal/lib/roken/glob.hin33
-rw-r--r--crypto/heimdal/lib/roken/h_errno.c2
-rw-r--r--crypto/heimdal/lib/roken/hex-test.c110
-rw-r--r--crypto/heimdal/lib/roken/hex.c103
-rw-r--r--crypto/heimdal/lib/roken/hex.h55
-rw-r--r--crypto/heimdal/lib/roken/hostent_find_fqdn.c4
-rw-r--r--crypto/heimdal/lib/roken/hstrerror.c6
-rw-r--r--crypto/heimdal/lib/roken/ifaddrs.hin19
-rw-r--r--crypto/heimdal/lib/roken/inet_aton.c4
-rw-r--r--crypto/heimdal/lib/roken/inet_ntop.c6
-rw-r--r--crypto/heimdal/lib/roken/inet_pton.c6
-rw-r--r--crypto/heimdal/lib/roken/initgroups.c4
-rw-r--r--crypto/heimdal/lib/roken/innetgr.c4
-rw-r--r--crypto/heimdal/lib/roken/iruserok.c13
-rw-r--r--crypto/heimdal/lib/roken/issuid.c9
-rw-r--r--crypto/heimdal/lib/roken/k_getpwnam.c4
-rw-r--r--crypto/heimdal/lib/roken/k_getpwuid.c4
-rw-r--r--crypto/heimdal/lib/roken/localtime_r.c4
-rw-r--r--crypto/heimdal/lib/roken/lstat.c4
-rw-r--r--crypto/heimdal/lib/roken/memmove.c5
-rw-r--r--crypto/heimdal/lib/roken/mini_inetd.c6
-rw-r--r--crypto/heimdal/lib/roken/mkstemp.c4
-rw-r--r--crypto/heimdal/lib/roken/ndbm_wrap.c29
-rw-r--r--crypto/heimdal/lib/roken/ndbm_wrap.h28
-rw-r--r--crypto/heimdal/lib/roken/net_read.c6
-rw-r--r--crypto/heimdal/lib/roken/net_write.c6
-rw-r--r--crypto/heimdal/lib/roken/parse_bytes-test.c2
-rw-r--r--crypto/heimdal/lib/roken/parse_bytes.c8
-rw-r--r--crypto/heimdal/lib/roken/parse_bytes.h16
-rw-r--r--crypto/heimdal/lib/roken/parse_reply-test.c8
-rw-r--r--crypto/heimdal/lib/roken/parse_time-test.c118
-rw-r--r--crypto/heimdal/lib/roken/parse_time.3173
-rw-r--r--crypto/heimdal/lib/roken/parse_time.c10
-rw-r--r--crypto/heimdal/lib/roken/parse_time.h10
-rw-r--r--crypto/heimdal/lib/roken/parse_units.c49
-rw-r--r--crypto/heimdal/lib/roken/parse_units.h24
-rw-r--r--crypto/heimdal/lib/roken/putenv.c4
-rw-r--r--crypto/heimdal/lib/roken/rcmd.c4
-rw-r--r--crypto/heimdal/lib/roken/readv.c4
-rw-r--r--crypto/heimdal/lib/roken/realloc.c50
-rw-r--r--crypto/heimdal/lib/roken/recvmsg.c4
-rw-r--r--crypto/heimdal/lib/roken/resolve-test.c179
-rw-r--r--crypto/heimdal/lib/roken/resolve.c495
-rw-r--r--crypto/heimdal/lib/roken/resolve.h153
-rw-r--r--crypto/heimdal/lib/roken/roken-common.h161
-rw-r--r--crypto/heimdal/lib/roken/roken.awk4
-rw-r--r--crypto/heimdal/lib/roken/roken.h.in342
-rw-r--r--crypto/heimdal/lib/roken/roken_gethostby.c18
-rw-r--r--crypto/heimdal/lib/roken/rtbl.3201
-rw-r--r--crypto/heimdal/lib/roken/rtbl.c307
-rw-r--r--crypto/heimdal/lib/roken/rtbl.h77
-rw-r--r--crypto/heimdal/lib/roken/sendmsg.c4
-rw-r--r--crypto/heimdal/lib/roken/setegid.c4
-rw-r--r--crypto/heimdal/lib/roken/setenv.c4
-rw-r--r--crypto/heimdal/lib/roken/seteuid.c4
-rw-r--r--crypto/heimdal/lib/roken/setprogname.c16
-rw-r--r--crypto/heimdal/lib/roken/signal.c4
-rw-r--r--crypto/heimdal/lib/roken/simple_exec.c121
-rw-r--r--crypto/heimdal/lib/roken/snprintf-test.c37
-rw-r--r--crypto/heimdal/lib/roken/snprintf-test.h2
-rw-r--r--crypto/heimdal/lib/roken/snprintf.c871
-rw-r--r--crypto/heimdal/lib/roken/socket.c70
-rw-r--r--crypto/heimdal/lib/roken/socket_wrapper.c1913
-rw-r--r--crypto/heimdal/lib/roken/socket_wrapper.h146
-rw-r--r--crypto/heimdal/lib/roken/strcasecmp.c4
-rw-r--r--crypto/heimdal/lib/roken/strcollect.c8
-rw-r--r--crypto/heimdal/lib/roken/strdup.c4
-rw-r--r--crypto/heimdal/lib/roken/strerror.c4
-rw-r--r--crypto/heimdal/lib/roken/strftime.c9
-rw-r--r--crypto/heimdal/lib/roken/strlcat.c4
-rw-r--r--crypto/heimdal/lib/roken/strlcpy.c4
-rw-r--r--crypto/heimdal/lib/roken/strlwr.c6
-rw-r--r--crypto/heimdal/lib/roken/strncasecmp.c4
-rw-r--r--crypto/heimdal/lib/roken/strndup.c6
-rw-r--r--crypto/heimdal/lib/roken/strnlen.c4
-rw-r--r--crypto/heimdal/lib/roken/strpftime-test.c18
-rw-r--r--crypto/heimdal/lib/roken/strpftime-test.h48
-rw-r--r--crypto/heimdal/lib/roken/strpool.c110
-rw-r--r--crypto/heimdal/lib/roken/strptime.c131
-rw-r--r--crypto/heimdal/lib/roken/strsep.c4
-rw-r--r--crypto/heimdal/lib/roken/strsep_copy.c4
-rw-r--r--crypto/heimdal/lib/roken/strtok_r.c4
-rw-r--r--crypto/heimdal/lib/roken/strupr.c6
-rw-r--r--crypto/heimdal/lib/roken/swab.c4
-rw-r--r--crypto/heimdal/lib/roken/test-mem.c199
-rw-r--r--crypto/heimdal/lib/roken/test-mem.h39
-rw-r--r--crypto/heimdal/lib/roken/test-readenv.c118
-rw-r--r--crypto/heimdal/lib/roken/timegm.c88
-rw-r--r--crypto/heimdal/lib/roken/timeval.c8
-rw-r--r--crypto/heimdal/lib/roken/tm2time.c18
-rw-r--r--crypto/heimdal/lib/roken/unsetenv.c4
-rw-r--r--crypto/heimdal/lib/roken/unvis.c32
-rw-r--r--crypto/heimdal/lib/roken/verify.c4
-rw-r--r--crypto/heimdal/lib/roken/verr.c4
-rw-r--r--crypto/heimdal/lib/roken/verrx.c4
-rw-r--r--crypto/heimdal/lib/roken/vis.c94
-rw-r--r--crypto/heimdal/lib/roken/vis.h115
-rw-r--r--crypto/heimdal/lib/roken/vis.hin57
-rw-r--r--crypto/heimdal/lib/roken/vsyslog.c4
-rw-r--r--crypto/heimdal/lib/roken/vwarn.c4
-rw-r--r--crypto/heimdal/lib/roken/vwarnx.c4
-rw-r--r--crypto/heimdal/lib/roken/warn.c2
-rw-r--r--crypto/heimdal/lib/roken/warnerr.c4
-rw-r--r--crypto/heimdal/lib/roken/warnx.c4
-rw-r--r--crypto/heimdal/lib/roken/write_pid.c8
-rw-r--r--crypto/heimdal/lib/roken/writev.c4
-rw-r--r--crypto/heimdal/lib/roken/xdbm.h2
-rw-r--r--crypto/heimdal/lib/sl/ChangeLog133
-rw-r--r--crypto/heimdal/lib/sl/Makefile.am25
-rw-r--r--crypto/heimdal/lib/sl/Makefile.in548
-rw-r--r--crypto/heimdal/lib/sl/lex.c1880
-rw-r--r--crypto/heimdal/lib/sl/lex.l2
-rw-r--r--crypto/heimdal/lib/sl/make_cmds.c13
-rw-r--r--crypto/heimdal/lib/sl/make_cmds.h2
-rw-r--r--crypto/heimdal/lib/sl/parse.c1724
-rw-r--r--crypto/heimdal/lib/sl/parse.h78
-rw-r--r--crypto/heimdal/lib/sl/parse.y4
-rw-r--r--crypto/heimdal/lib/sl/roken_rename.h2
-rw-r--r--crypto/heimdal/lib/sl/sl.c122
-rw-r--r--crypto/heimdal/lib/sl/sl.h13
-rw-r--r--crypto/heimdal/lib/sl/sl_locl.h3
-rw-r--r--crypto/heimdal/lib/sl/slc-gram.c2275
-rw-r--r--crypto/heimdal/lib/sl/slc-gram.h69
-rw-r--r--crypto/heimdal/lib/sl/slc-gram.y764
-rw-r--r--crypto/heimdal/lib/sl/slc-lex.c1877
-rw-r--r--crypto/heimdal/lib/sl/slc-lex.l164
-rw-r--r--crypto/heimdal/lib/sl/slc.h55
-rw-r--r--crypto/heimdal/lib/sl/ss.c30
-rw-r--r--crypto/heimdal/lib/sl/ss.h2
-rw-r--r--crypto/heimdal/lib/sl/test_sl.c97
-rw-r--r--crypto/heimdal/lib/vers/ChangeLog32
-rw-r--r--crypto/heimdal/lib/vers/Makefile.am8
-rw-r--r--crypto/heimdal/lib/vers/Makefile.in294
-rw-r--r--crypto/heimdal/lib/vers/make-print-version.c7
-rw-r--r--crypto/heimdal/lib/vers/print_version.c6
-rw-r--r--crypto/heimdal/lib/vers/vers.h2
-rw-r--r--crypto/heimdal/ltmain.sh1778
-rw-r--r--crypto/heimdal/missing143
-rw-r--r--crypto/heimdal/packages/ChangeLog26
-rw-r--r--crypto/heimdal/packages/Makefile.am6
-rw-r--r--crypto/heimdal/packages/Makefile.in815
-rw-r--r--crypto/heimdal/packages/debian/Makefile.am91
-rw-r--r--crypto/heimdal/packages/debian/Makefile.in745
-rw-r--r--crypto/heimdal/packages/debian/README15
-rw-r--r--crypto/heimdal/packages/debian/README.Debian120
-rw-r--r--crypto/heimdal/packages/debian/changelog1168
-rw-r--r--crypto/heimdal/packages/debian/compat1
-rw-r--r--crypto/heimdal/packages/debian/control276
-rw-r--r--crypto/heimdal/packages/debian/copyright195
-rw-r--r--crypto/heimdal/packages/debian/extras/default17
-rw-r--r--crypto/heimdal/packages/debian/extras/kadmind.acl1
-rw-r--r--crypto/heimdal/packages/debian/extras/kdc.conf91
-rw-r--r--crypto/heimdal/packages/debian/heimdal-clients-x.install10
-rw-r--r--crypto/heimdal/packages/debian/heimdal-clients.install43
-rw-r--r--crypto/heimdal/packages/debian/heimdal-clients.postinst10
-rw-r--r--crypto/heimdal/packages/debian/heimdal-clients.prerm13
-rw-r--r--crypto/heimdal/packages/debian/heimdal-dev.install8
-rw-r--r--crypto/heimdal/packages/debian/heimdal-docs.install2
-rw-r--r--crypto/heimdal/packages/debian/heimdal-kcm.init69
-rw-r--r--crypto/heimdal/packages/debian/heimdal-kcm.install2
-rw-r--r--crypto/heimdal/packages/debian/heimdal-kdc.dirs5
-rw-r--r--crypto/heimdal/packages/debian/heimdal-kdc.examples2
-rw-r--r--crypto/heimdal/packages/debian/heimdal-kdc.init124
-rw-r--r--crypto/heimdal/packages/debian/heimdal-kdc.install20
-rw-r--r--crypto/heimdal/packages/debian/heimdal-kdc.logrotate5
-rw-r--r--crypto/heimdal/packages/debian/heimdal-kdc.postinst98
-rw-r--r--crypto/heimdal/packages/debian/heimdal-kdc.postrm32
-rw-r--r--crypto/heimdal/packages/debian/heimdal-kdc.templates12
-rw-r--r--crypto/heimdal/packages/debian/heimdal-servers-x.dirs1
-rw-r--r--crypto/heimdal/packages/debian/heimdal-servers-x.install2
-rw-r--r--crypto/heimdal/packages/debian/heimdal-servers-x.postinst34
-rw-r--r--crypto/heimdal/packages/debian/heimdal-servers-x.postrm23
-rw-r--r--crypto/heimdal/packages/debian/heimdal-servers-x.prerm11
-rw-r--r--crypto/heimdal/packages/debian/heimdal-servers.dirs1
-rw-r--r--crypto/heimdal/packages/debian/heimdal-servers.install12
-rw-r--r--crypto/heimdal/packages/debian/heimdal-servers.postinst47
-rw-r--r--crypto/heimdal/packages/debian/heimdal-servers.postrm26
-rw-r--r--crypto/heimdal/packages/debian/heimdal-servers.prerm14
-rw-r--r--crypto/heimdal/packages/debian/libasn1-8-heimdal.install2
-rw-r--r--crypto/heimdal/packages/debian/libasn1-8-heimdal.postinst.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libasn1-8-heimdal.postrm.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libasn1-8-heimdal.substvars1
-rw-r--r--crypto/heimdal/packages/debian/libgssapi2-heimdal.install2
-rw-r--r--crypto/heimdal/packages/debian/libgssapi2-heimdal.postinst.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libgssapi2-heimdal.postrm.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libgssapi2-heimdal.substvars1
-rw-r--r--crypto/heimdal/packages/debian/libhdb9-heimdal.install3
-rw-r--r--crypto/heimdal/packages/debian/libhdb9-heimdal.postinst.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libhdb9-heimdal.postrm.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libhdb9-heimdal.substvars1
-rw-r--r--crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.install3
-rw-r--r--crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.postinst.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.postrm.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libkadm5clnt7-heimdal.substvars1
-rw-r--r--crypto/heimdal/packages/debian/libkadm5srv7-heimdal.install2
-rw-r--r--crypto/heimdal/packages/debian/libkadm5srv8-heimdal.install3
-rw-r--r--crypto/heimdal/packages/debian/libkafs0-heimdal.install2
-rw-r--r--crypto/heimdal/packages/debian/libkrb5-22-heimdal.install3
-rw-r--r--crypto/heimdal/packages/debian/libkrb5-22-heimdal.postinst.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libkrb5-22-heimdal.postrm.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libkrb5-22-heimdal.substvars1
-rw-r--r--crypto/heimdal/packages/debian/libotp0-heimdal.install1
-rw-r--r--crypto/heimdal/packages/debian/libroken18-heimdal.install2
-rw-r--r--crypto/heimdal/packages/debian/libroken18-heimdal.postinst.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libroken18-heimdal.postrm.debhelper5
-rw-r--r--crypto/heimdal/packages/debian/libroken18-heimdal.substvars1
-rw-r--r--crypto/heimdal/packages/debian/libsl0-heimdal.install2
-rw-r--r--crypto/heimdal/packages/debian/patches/021_debian204
-rw-r--r--crypto/heimdal/packages/debian/patches/022_ftp-roken-glob270
-rw-r--r--crypto/heimdal/packages/debian/patches/022_openafs15
-rw-r--r--crypto/heimdal/packages/debian/patches/025_pthreads13
-rw-r--r--crypto/heimdal/packages/debian/patches/026_posix_max293
-rw-r--r--crypto/heimdal/packages/debian/po/POTFILES.in1
-rw-r--r--crypto/heimdal/packages/debian/po/templates.pot54
-rwxr-xr-xcrypto/heimdal/packages/debian/rules62
-rw-r--r--crypto/heimdal/packages/debian/scripts/convert_source17
-rw-r--r--crypto/heimdal/packages/mac/Info.plist36
-rw-r--r--crypto/heimdal/packages/mac/Makefile.am9
-rw-r--r--crypto/heimdal/packages/mac/Makefile.in663
-rw-r--r--crypto/heimdal/packages/mac/Resources/Description.plist10
-rw-r--r--crypto/heimdal/packages/mac/Resources/English.lproj/Welcome.rtf8
-rw-r--r--crypto/heimdal/packages/mac/mac.sh52
-rw-r--r--crypto/heimdal/tests/ChangeLog742
-rw-r--r--crypto/heimdal/tests/Makefile.am11
-rw-r--r--crypto/heimdal/tests/Makefile.in816
-rw-r--r--crypto/heimdal/tests/can/Makefile.am56
-rw-r--r--crypto/heimdal/tests/can/Makefile.in781
-rw-r--r--crypto/heimdal/tests/can/apple-10.4.kadm4
-rw-r--r--crypto/heimdal/tests/can/apple-10.4.reqbin0 -> 1199 bytes
-rw-r--r--crypto/heimdal/tests/can/check-can.in47
-rw-r--r--crypto/heimdal/tests/can/heim-0.8.kadm4
-rw-r--r--crypto/heimdal/tests/can/heim-0.8.reqbin0 -> 1177 bytes
-rw-r--r--crypto/heimdal/tests/can/krb5.conf.in24
-rw-r--r--crypto/heimdal/tests/can/mit-pkinit-20070607.ca.crt23
-rw-r--r--crypto/heimdal/tests/can/mit-pkinit-20070607.kadm3
-rw-r--r--crypto/heimdal/tests/can/mit-pkinit-20070607.reqbin0 -> 2352 bytes
-rw-r--r--crypto/heimdal/tests/can/mit-pkinit-20070607.xf28
-rw-r--r--crypto/heimdal/tests/can/test_can.in79
-rw-r--r--crypto/heimdal/tests/db/Makefile.am66
-rw-r--r--crypto/heimdal/tests/db/Makefile.in793
-rw-r--r--crypto/heimdal/tests/db/add-modify-delete.in137
-rw-r--r--crypto/heimdal/tests/db/check-dbinfo.in45
-rw-r--r--crypto/heimdal/tests/db/have-db.in60
-rw-r--r--crypto/heimdal/tests/db/krb5.conf.in28
-rw-r--r--crypto/heimdal/tests/db/loaddump-db.in132
-rw-r--r--crypto/heimdal/tests/db/text-dump-0.77
-rw-r--r--crypto/heimdal/tests/db/text-dump-known-ext7
-rw-r--r--crypto/heimdal/tests/db/text-dump-no-ext7
-rw-r--r--crypto/heimdal/tests/db/text-dump-unknown-ext7
-rw-r--r--crypto/heimdal/tests/gss/Makefile.am78
-rw-r--r--crypto/heimdal/tests/gss/Makefile.in804
-rw-r--r--crypto/heimdal/tests/gss/check-basic.in156
-rw-r--r--crypto/heimdal/tests/gss/check-context.in188
-rw-r--r--crypto/heimdal/tests/gss/check-gss.in45
-rw-r--r--crypto/heimdal/tests/gss/check-gssmask.in133
-rw-r--r--crypto/heimdal/tests/gss/check-ntlm.in170
-rw-r--r--crypto/heimdal/tests/gss/check-spnego.in209
-rw-r--r--crypto/heimdal/tests/gss/krb5.conf.in33
-rw-r--r--crypto/heimdal/tests/gss/ntlm-user-file.txt2
-rw-r--r--crypto/heimdal/tests/java/KerberosInit.java95
-rw-r--r--crypto/heimdal/tests/java/Makefile.am44
-rw-r--r--crypto/heimdal/tests/java/Makefile.in768
-rw-r--r--crypto/heimdal/tests/java/check-kinit.in101
-rw-r--r--crypto/heimdal/tests/java/have-java.sh58
-rw-r--r--crypto/heimdal/tests/java/jaas.conf5
-rw-r--r--crypto/heimdal/tests/java/krb5.conf.in30
-rw-r--r--crypto/heimdal/tests/kdc/Makefile.am159
-rw-r--r--crypto/heimdal/tests/kdc/Makefile.in971
-rw-r--r--crypto/heimdal/tests/kdc/ap-req.c221
-rw-r--r--crypto/heimdal/tests/kdc/check-digest.in295
-rw-r--r--crypto/heimdal/tests/kdc/check-iprop.in248
-rw-r--r--crypto/heimdal/tests/kdc/check-kadmin.in151
-rw-r--r--crypto/heimdal/tests/kdc/check-kdc.in413
-rw-r--r--crypto/heimdal/tests/kdc/check-keys.in101
-rw-r--r--crypto/heimdal/tests/kdc/check-pkinit.in273
-rw-r--r--crypto/heimdal/tests/kdc/check-referral.in200
-rw-r--r--crypto/heimdal/tests/kdc/check-uu.in138
-rw-r--r--crypto/heimdal/tests/kdc/donotexists.txt1
-rw-r--r--crypto/heimdal/tests/kdc/heimdal.acl3
-rw-r--r--crypto/heimdal/tests/kdc/iprop-acl1
-rw-r--r--crypto/heimdal/tests/kdc/krb5-pkinit.conf.in33
-rw-r--r--crypto/heimdal/tests/kdc/krb5.conf.in56
-rw-r--r--crypto/heimdal/tests/kdc/krb5.conf.keys.in13
-rw-r--r--crypto/heimdal/tests/kdc/ntlm-user-file.txt2
-rw-r--r--crypto/heimdal/tests/kdc/pki-mapping3
-rw-r--r--crypto/heimdal/tests/kdc/uuserver.txt4
-rw-r--r--crypto/heimdal/tests/kdc/wait-kdc.sh66
-rw-r--r--crypto/heimdal/tests/ldap/Makefile.am52
-rw-r--r--crypto/heimdal/tests/ldap/Makefile.in779
-rw-r--r--crypto/heimdal/tests/ldap/check-ldap.in143
-rw-r--r--crypto/heimdal/tests/ldap/init.ldif44
-rw-r--r--crypto/heimdal/tests/ldap/krb5.conf.in21
-rw-r--r--crypto/heimdal/tests/ldap/samba.schema554
-rw-r--r--crypto/heimdal/tests/ldap/slapd-init.in39
-rw-r--r--crypto/heimdal/tests/ldap/slapd-stop18
-rw-r--r--crypto/heimdal/tests/ldap/slapd.conf28
-rw-r--r--crypto/heimdal/tests/plugin/Makefile.am43
-rw-r--r--crypto/heimdal/tests/plugin/Makefile.in890
-rw-r--r--crypto/heimdal/tests/plugin/check-pac.in147
-rw-r--r--crypto/heimdal/tests/plugin/krb5.conf.in29
-rw-r--r--crypto/heimdal/tests/plugin/windc.c77
-rw-r--r--crypto/heimdal/tools/Makefile.am59
-rw-r--r--crypto/heimdal/tools/Makefile.in356
-rw-r--r--crypto/heimdal/tools/heimdal-build.sh295
-rw-r--r--crypto/heimdal/tools/heimdal-gssapi.pc.in14
-rwxr-xr-xcrypto/heimdal/tools/kdc-log-analyze.pl549
-rw-r--r--crypto/heimdal/tools/krb5-config.12
-rwxr-xr-xcrypto/heimdal/tools/krb5-config.in24
1483 files changed, 252590 insertions, 48403 deletions
diff --git a/crypto/heimdal/ChangeLog b/crypto/heimdal/ChangeLog
index 159cf48a4156..e167b09a8957 100644
--- a/crypto/heimdal/ChangeLog
+++ b/crypto/heimdal/ChangeLog
@@ -1,897 +1,1356 @@
-2004-09-13 Johan Danielsson <joda@pdc.kth.se>
+2008-01-24 Love Hörnquist Åstrand <lha@it.su.se>
- * Release 0.6.3
-
-2004-09-05 Love Hörnquist Åstrand <lha@it.su.se>
+ * Release 1.1
+
+2008-01-21 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/asn1/der_get.c (decode_enumerated): check that the tag
- length isn't longer the the length
+ * lib/krb5/get_for_creds.c: Use on variable less.
-2004-08-31 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/get_for_creds.c: Try to handle ticket full and
+ ticketless tickets better. Add doxygen comments while here.
- * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
- kdc_reply can be set in case of failure too, clean on entry and
- free the exit unconditionally to avoid memory leak
+ * lib/krb5/test_forward.c: Used for testing
+ krb5_get_forwarded_creds().
-2004-08-20 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward
- * lib/krb5/context.c: 1.93: (krb5_get_err_text): if neither of
- com_right nor strerror finds the error-code, return Unknown error.
+ * lib/krb5/Makefile.am: drop CHECK_SYMBOLS
-2004-08-13 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/hdb/Makefile.am: drop CHECK_SYMBOLS
- * kdc/kerberos5.c: based on 1.162: (get_pa_etype_info): check for
- dup enctypes from the client and filter them out.
-
-2004-06-21 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/Makefile.am: drop CHECK_SYMBOLS
- * admin/get.c: 1.23: (kt_get): catch errors from krb5_parse_name
-
-2004-06-21 Love Hörnquist Åstrand <lha@it.su.se>
+2008-01-18 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/Makefile.am: man_MANS += krb5_set_password.3
+ * lib/krb5/version-script.map: Add krb5_digest_probe.
- * lib/krb5/krb5_set_password.3: 1.1-1.3: change password manpage
+2008-01-13 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/changepw.c: 1.49: implement
- krb5_set_password_using_ccache 1.47: add tcp support to the set
- protocol, should be cleaned up to enable sharing code with
- krb5_sendto 1.46: (process_reply): log into result_string if
- something goes bad, return 0 (even on failure), not the KPASSWD
- protocol error code 1.45: krb5_princ_realm ->
- krb5_principal_get_realm 1.44: (setpw_send_request): free
- ap_req_data on failure 1.41: ooops, remove cut and paste error
- 1.40: draft-ietf-cat-kerb-chg-password-02 and rfc3244 share the
- response packet sure more constants now that they exists 1.39:
- implement rfc3244, partly from shadow@dementia.org
+ * lib/krb5/pkinit.c: Replace hx509_name_to_der_name with
+ hx509_name_binary.
+
+2008-01-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: add missing files
+
+2007-12-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the
+ type2 message.
+
+2007-12-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/dbinfo.c: Add hdb_default_db().
+
+ * Makefile.am: Add some extra cf/*.
+
+2007-12-12 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/krb5.h: 1.211: some defines for rfc3244
+ * kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov.
+
+2007-12-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/log.c: Use hdb_db_dir().
+
+ * kpasswd/kpasswdd.c: Use hdb_db_dir().
+
+2007-12-08 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/asn1/Makefile.am: 1.71: (gen_files):
- asn1_ChangePasswdDataMS.x for RFC3244
+ * kdc/config.c: Use hdb_db_dir().
+
+ * kdc/kdc_locl.h: add KDC_LOG_FILE
+
+ * kdc/hpropd.c: Use hdb_default_db().
+
+ * kdc/kstash.c: Use hdb_db_dir().
+
+ * kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir().
+
+ * lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check.
+
+ * lib/krb5/verify_krb5_conf.c: Check check_pac.
+
+ * lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac
+ field in the krb5_rd_req_in_ctx
+
+ * lib/krb5/expand_hostname.c: Adapt to changing
+ dns_canonicalize_hostname into flags field.
+
+ * lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname
+ into flags field, add check-pac as an libdefaults option.
+
+ * lib/krb5/pkinit.c: Adapt to changes in hx509 interface.
+
+ * doc: add doxygen documentation to hcrypto
+
+ * doc/doxytmpl.dxy: generate links
- * lib/asn1/k5.asn1: 1.30: add ChangePasswdDataMS, for RFC3244
+2007-12-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h
+
+ * lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the
+ hdb database resides.
+
+ * configure.in: Add --with-hdbdir to specify where the database is
+ stored.
+
+ * lib/krb5/crypto.c: revert previous patch, the problem is located
+ in the RAND_file_name() function that will cause recursive nss
+ lookups, can't fix that here.
+
+2007-12-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the
+ dead-lock in by not holding the lock while running
+ RAND_file_name. Prompted by Hai Zaar.
+
+ * lib/krb5/n-fold.c: spelling
- * kuser/kinit.c: 1.114: move "setpag if (argc < 1)" to common path
+2007-12-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kdigest.c (digest-probe): implement command.
+
+ * kuser/kdigest-commands.in (digest-probe): new command
-2004-05-06 Johan Danielsson <joda@pdc.kth.se>
+ * kdc/digest.c: Implement supportedMechs request.
- * Release 0.6.2
+ * lib/krb5/error_string.c: Make krb5_get_error_string return an
+ allocated string to make the function indempotent. From
+ Zeqing (Fred) Xia.
-2004-04-02 Love Hörnquist Åstrand <lha@it.su.se>
+2007-12-03 Love Hörnquist Åstrand <lha@it.su.se>
- * kdc/connect.c: case size_t to unsigned long for LP64 platforms
-
-2004-04-01 Johan Danielsson <joda@pdc.kth.se>
+ * lib/krb5/krb5_locl.h (krb5_context_data): Flag if
+ default_cc_name was set by the user.
- * Release 0.6.1
+ * lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate.
-2004-03-30 Love Hörnquist Åstrand <lha@it.su.se>
+ * kcm/acquire.c: use krb5_free_cred_contents
- * kdc/kerberos4.c: 1.46: stop the client from renewing tickets
- into the future From: Jeffrey Hutzelman <jhutz@cmu.edu>
+ * kuser/kimpersonate.c: use krb5_free_cred_contents
-2004-03-10 Love Hörnquist Åstrand <lha@it.su.se>
+ * kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the
+ cred cache.
+
+ * lib/krb5/cache.c: Put back code that was needed, move gen_new
+ into new_unique.
- * lib/krb5/fcache.c: 1.43: (fcc_store_cred): NULL terminate
- krb5_config_get_bool_default' arglist
+ * lib/krb5/mcache.c (mcc_default_name): Remove const
+
+ * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine
+ KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE
+
+ * lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the
+ default name.
+
+ * lib/krb5/kcm.c: Implement krb5_cc_ops->default_name.
+
+ * lib/krb5/mcache.c: Implement krb5_cc_ops->default_name.
+
+ * lib/krb5/fcache.c: Implement krb5_cc_ops->default_name.
+
+ * lib/krb5/krb5.h: Add krb5_cc_ops->default_name.
+
+ * lib/krb5/acache.c: Free context when done, implement
+ krb5_cc_ops->default_name.
+
+ * lib/krb5/kcm.c: implement dummy kcm_move
+
+ * lib/krb5/mcache.c: Implement the move operation.
+
+ * lib/krb5/version-script.map: export krb5_cc_move
+
+ * lib/krb5/cache.c: New function krb5_cc_move().
+
+ * lib/krb5/fcache.c: Implement the move operation.
+
+ * lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major
+ version bump.
+
+ * lib/krb5/acache.c: Implement the move operation. Avoid using
+ cc_set_principal() since it broken on Mac OS X 10.5.0.
-2004-03-09 Love Hörnquist Åstrand <lha@it.su.se>
+2007-12-02 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/krb5.conf.5: 1.44: document
- [libdefaults]fcc-mit-ticketflags=boolean 1.43: don't use path's in
- first .Nm, it confuses some locate.updatedb, use FILES section to
- describe where the file is instead.
+ * lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow.
- * lib/krb5/fcache.c (fcc_store_cred): default to use old format
+2007-11-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/krb5tgs.c: Should pass different key usage constants
+ depending on whether or not optional sub-session key was passed by
+ the client for the check of authorization data. The constant is
+ used to derive "specific key" and its values are specified in
+ 7.5.1 of RFC4120.
- * lib/krb5/fcache.c: 1.42: (fcc_store_cred): use
- [libdefaults]fcc-mit-ticketflags=boolean to decide what format to
- write the fcc in. Default to mit format (aka heimdal 0.7 format)
- 1.41: (_krb5_xlock): handle that everything was ok, and don't put
- an error in the error strings then
+ Patch from Andy Polyakov.
+
+ * kdc/krb5tgs.c: Don't send auth data in referrals, microsoft
+ clients have started to not like that. Thanks to Andy Polyakov for
+ excellent research.
+
+2007-11-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/creds.c: use krb5_data_cmp
+
+ * lib/krb5/acache.c: use krb5_free_cred_contents
+
+ * lib/krb5/test_renew.c: use krb5_free_cred_contents
- * lib/krb5/store.c: 1.43: add _krb5_store_creds_heimdal_0_7 and
- _krb5_store_creds_heimdal_pre_0_7 that store the creds in just
- that format make krb5_store_creds default to mit format 1.42:
- (krb5_ret_creds): Runtime detect the what is the higher bits of
- the bitfield 1.41: (krb5_store_creds): add disabled code that
- store the ticket flags in reverse order (bitswap32): new function
- 1.40: (krb5_ret_creds): if the higher ticket flags are set, its a
- mit cache, reverse the bits, bug pointed out by Sergio Gelato
- <Sergio.Gelato@astro.su.se>
+2007-11-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/acl.c: doxygen documentation
+
+ * lib/krb5/addr_families.c: doxygen documentation
+
+ * doc: add doxygen
+
+ * lib/krb5/plugin.c: doxygen documentation
+
+ * lib/krb5/kcm.c: doxygen documentation
+
+ * lib/krb5/fcache.c: doxygen documentation
+
+ * lib/krb5/cache.c: doxygen documentations
- delta modfied to not change the behavior of krb5_store_creds
+ * lib/krb5/doxygen.c: doxygen introduction
+
+ * lib/krb5/error_string.c: Doxygen documentation.
+
+2007-11-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_plugin.c: expose krb5_plugin_register
+
+ * lib/krb5/plugin.c: expose krb5_plugin_register
+
+ * lib/krb5/version-script.map: sort, expose krb5_plugin_register
+
+2007-10-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: Adding same enctype is enough one time. From
+ Andy Polyakov and Bjorn Sandell.
-2004-03-07 Love Hörnquist Åstrand <lha@it.su.se>
+2007-10-18 Love <lha@stacken.kth.se>
- * lib/krb5/mk_safe.c (krb5_mk_safe): fix assignment of usec2
+ * lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value
+ from krb5_cc_start_seq_get. From Zeqing (Fred) Xia
-2004-03-06 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/fcache.c (init_fcc): provide better error codes
- * lib/krb5/mcache.c: patch based on 1.17 and 1.18 but with
- threading code pulled out;
+ * kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid
+ sending warning about pruned etypes.
+
+ * kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour
+ based) "old", this to support windows 2000 clients (unjoined to a
+ domain). From Andy Polyakov.
+
+2007-10-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell.
- 1.18: (mcc_get_principal): also check for primary_principal ==
- NULL now that that isn't used as dead flag 1.17: don't overload
- the primary_principal == NULL as dead since that doesn't always
- work Based on patch from Jeffrey Hutzelman <jhutz@cmu.edu>, but
- tweek by me
+2007-10-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA
+ Ken'ichi.
- * lib/krb5/crypto.c: 1.94: (decrypt_internal_special): do not not
- modify the original data test case from Ronnie Sahlberg
- <ronnie_sahlberg@ozemail.com.au>
+ * lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is
+ NULL on failure.
-2004-02-13 Love Hörnquist Åstrand <lha@it.su.se>
+2007-10-03 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/verify_krb5_conf.c: 1.22->1.23: (check_host): don't
- check for EAI_NODATA, because its depricated in RFC3493 Pointed
- out by Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss
+ * kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from
+ krb5_addr2sockaddr and igore thte test is that case.
- * lib/krb5/eai_to_heim_errno.c: 1.3->1.4: EAI_ADDRFAMILY and
- EAI_NODATA is deprecated in RFC3493
+2007-09-29 Love Hörnquist Åstrand <lha@it.su.se>
-2004-02-09 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/context.c (krb5_free_context): free
+ default_cc_name_env, from Gunther Deschner.
- * lib/asn1/der_length.c: 1.16: Fix len_unsigned for certain
- negative integers, it got the length wrong, fix from Panasas, Inc.
+2007-08-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make
+ work with c++, reported by Hai Zaar
+
+ * lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar
+
+2007-08-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema
+
+2007-07-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * check return value of alloc functions, from Charles Longeau
+
+ * lib/krb5/principal.c: spelling.
+
+ * kadmin/kadmin.8: spelling
+
+ * lib/krb5/crypto.c: Check return values from alloc
+ functions. Prompted by patch of Charles Longeau.
+
+ * lib/krb5/n-fold.c: Make _krb5_n_fold return a error
+ code. Prompted by patch of Charles Longeau.
+
+2007-07-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds.c: Always set the ticket options, use
+ KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset
+ tri-state not so useful.
+
+2007-07-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of
+ libraries.
+
+ * tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in
+ heimdal.
+
+ * tools/Makefile.am: Add heimdal-gssapi.pc and install it into
+ $(libdir)/pkgconfig
+
+2007-07-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default.
+
+2007-07-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as
+ key if the entry is a correct entry.
+
+ * lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from
+ Gunther Deschner.
+
+ * lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS.
+
+ * lib/krb5/test_renew.c: Test for krb5_get_renewed_creds.
+
+2007-07-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/keys.c: Make parse_key_set handle key set string "v5",
+ from Peter Meinecke.
+
+ * kdc/kaserver.c: Don't ovewrite the error code, from Peter
+ Meinecke.
+
+2007-07-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * TODO-1.0: remove
+
+ * Makefile.am: remove TODO-1.0
+
+2007-07-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * Heimdal 1.0 release branch cut here
+
+ * doc/hx509.texi: use version.texi
- * lib/asn1/der_locl.h: 1.5: add _heim_len_unsigned, _heim_len_int
+ * doc/heimdal.texi: use version.texi
-2004-01-26 Love Hörnquist Åstrand <lha@it.su.se>
+ * doc/version.texi: version.texi
- * lib/asn1/gen_length.c: 1.14: (length_type): TSequenceOf: add up
- the size of all the elements, don't use just the size of the last
- element.
+ * lib/hdb/db3.c: avoid type-punned pointer warning.
- * lib/krb5/fcache.c: 1.40: (_krb5_xlock): catch EINVAL and assume
- that it means that the filesystem doesn't support locking 1.39:
- (_krb5_xlock): fix compile error in last commit 1.38: internally
- export x{,un}lock and thus prefix them with _krb5_
-
-2004-01-13 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to
+ please OpenSSL and gcc.
- * kuser/kinit.c: 1.106: (renew_validate): if renewable_flag and
- not time specifed, use "1 month"
- 1.105: make -9 work again
+ * kdc/digest.c: Use unsigned char * as argument to MD5_Update to
+ please OpenSSL and gcc.
-2004-01-09 Love Hörnquist Åstrand <lha@it.su.se>
+2007-07-16 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/get_for_creds.c: 1.36: (add_addrs): don't increase
- addr->len until in contains interesting data, use right iteration
- counter when clearing the addresses 1.39: krb5_princ_realm ->
- krb5_principal_get_realm 1.38: (krb5_get_forwarded_creds): use
- KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded
- krb-cred 1.39: (krb5_get_forwarded_creds): If tickets are
- address-less, forward address-less tickets. 1.40:
- (krb5_get_forwarded_creds): try to handle errors better for
- previous commit 1.41: (add_addrs): don't add same address multiple
- times
-
- * lib/krb5/get_cred.c: 1.96->1.97: rename get_krbtgt to
- _krb5_get_krbtgt and export it
+ * include/Makefile.am: Add krb_err.h.
-2003-12-14 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/set_dbinfo.c: Print acl file too.
- * kdc/kerberos5.c: part of 1.146->1.147: handle NULL client/server
- names
+ * kdc/kerberos4.c: Error codes are just fine, remove XXX now.
-2003-12-03 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/krb5-v4compat.h: Drop duplicate error codes.
- * lib/krb5/crypto.c: 1.90->1.91: require cipher-text to be padded
- to padsize 1.91->1.92: (decrypt_internal_derived): move up padsize
- check to avoid memory leak
-
-2003-12-01 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/kerberos4.c: switch to ET errors.
- * kuser/kinit.c: 1.103->1.104: (main): return the return value
- from simple_execvp
+ * lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ.
-2003-10-22 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the
+ et BASE.
- * lib/krb5/transited.c: 1.13->1.14: (krb5_domain_x500_encode):
- always zero out encoding to make sure it have a defined value on
- failure
+2007-07-15 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/transited.c: 1.12->1.13: (krb5_domain_x500_encode): if
- num_realms == 0, set encoding and return (avoids malloc(0)) check
- return value from malloc
-
-2003-10-21 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/krb5-v4compat.h: Include "krb_err.h".
+
+ * lib/krb5/v4_glue.c: return more interesting error codes.
- * doc/setup.texi: 1.35->1.36: spelling
+ * lib/krb5/plugin.c: Prefix enum plugin_type.
+
+ * lib/krb5/krb5_locl.h: Expose plugin structures.
- * kdc/kdc_locl.h: 1.58->1.59: add flag to always check transited
- policy
+ * lib/krb5/krb5.h: Add plugin structures.
+
+ * lib/krb5/krb_err.et: V4 errors.
- * doc/setup.texi: 1.27->1.35: many changes
+ * lib/krb5/version-script.map: First version of version script.
+
+2007-07-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: Java 1.6 expects the name to be the same type,
+ lets allow that for uncomplicated name-types.
+
+2007-07-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains
+ address 0, its ticket less and don't really care about
+ from_addr. return better error codes.
+
+ * kpasswd/kpasswdd.c: Fix pointer vs strict alias rules.
+
+2007-07-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding
+ more then one enctype 23 to krb5EncryptionType.
+
+ * lib/krb5/cache.c: Spelling.
+
+ * kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO.
+ (get_pa_etype_info2): return the enctypes as sorted in the
+ database
+
+2007-07-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: krb5-v4compat.h defines prototypes for
+ v4 (semiprivate functions) in libkrb5, don't include
+ krb5-private.h any longer.
+
+ * lib/krb5/krbhst.c: Set error string when there is no KDC for a
+ realm.
+
+ * lib/krb5/Makefile.am: New library version.
+
+ * kdc/Makefile.am: New library version.
+
+ * lib/krb5/krb5_locl.h: Add default_cc_name_env.
+
+ * lib/krb5/cache.c (enviroment_changed): return non-zero if
+ enviroment that will determine default krb5cc name has changed.
+ (krb5_cc_default_name): also check if cached value is uptodate.
+
+ * lib/krb5/krb5_locl.h: Drop pkinit_flags.
+
+2007-07-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: add tests/java/Makefile
+
+ * lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file.
+
+2007-07-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: Improve the default salt detection to avoid
+ returning v4 password salting to java that doesn't look at the
+ returning padata for salting.
+
+ * kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett
+
+2007-07-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/digest.c: Try harder to provide better error message for
+ digest messages.
+
+ * lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on
+ krb5-pr*.h, make -j finds this.
- * lib/krb5/get_cred.c: 1.95->1.96: get capath info from [capaths]
- section
+2007-06-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/digest.c: On success, print username, not ip-adress.
- * lib/krb5/rd_req.c: 1.50->1.51: (krb5_decrypt_ticket): try to
- verify transited realms, unless the transited-policy-checked flag
- is set
+2007-06-26 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/transited.c:
- 1.12: (krb5_domain_x500_decode): set *num_realms to zero not num_realms
- 1.11: (krb5_domain_x500_decode): handle zero length tr data;
- (krb5_check_transited): new function that does more useful stuff
+ * lib/krb5/get_cred.c: Add krb5_get_renewed_creds.
- * kdc/kdc.8: 1.23->1.24: document enforce-transited-policy
+ * lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds
+
+ * lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo.
- * kdc/config.c: 1.47->1.48: add flag to always check transited
- policy
+2007-06-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: Add example for pkinit_win2k_require_binding
+ in [kdc] section.
+
+ * kdc/default_config.c: Rename require_binding to
+ win2k_require_binding to match client configuration.
+
+ * kdc/default_config.c: Add [kdc]pkinit_require_binding option.
+
+ * kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply
+ if its not required.
+
+ * kdc/default_config.c: rename pkinit_princ_in_cert and add
+ pkinit_require_binding
+
+ * kdc/kdc.h: rename pkinit_princ_in_cert and add
+ pkinit_require_binding
+
+ * kdc/pkinit.c: rename pkinit_princ_in_cert
+
+2007-06-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change.
+
+2007-06-21 Love Hörnquist Åstrand <lha@it.su.se>
- * kdc/kerberos5.c:
- 1.150: (fix_transited_encoding): also verify with policy,
- unless asked not to
- 1.151: always check transited policy if flag set either globally
- (on principal part of patch not pulled up)
- 1.152: (fix_transited_encoding): set transited type
- 1.153: (fix_transited_encoding): always print cross-realm information
+ * kdc/krb5tgs.c: Drop unused variable.
-2003-10-06 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/krb5tgs.c: disable anonyous tgs requests
- * lib/krb5/config_file.c: 1.48->1.49:
- (krb5_config_parse_file_debug): punt if there is binding before a
- section declaration.
- Bug found by Arkadiusz Miskiewicz <arekm@pld-linux.org>
+ * kdc/krb5tgs.c: Don't check PAC on cross realm for now.
- * kdc/kaserver.c: 1.21->1.23:
- (do_getticket): if times data is shorter then 8 bytes, request is
- malformed.
- (do_authenticate): if request length is less then 8 bytes, its a
- bad request and fail. Pointed out by Marco Foglia <marco@foglia.org>
+ * kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse
+ nametypes.
-2003-09-22 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/krb5_principal.3: Document krb5_parse_nametype.
- * lib/krb5/verify_krb5_conf.c: 1.17->1.18: add missing " within
- #if 0 From: stefan sokoll <stefansokoll@yahoo.de>
+ * lib/krb5/principal.c (krb5_parse_nametype): parse nametype and
+ return their integer values.
+
+ * lib/krb5/krb5.h (krb5_get_creds): Add
+ KRB5_GC_CONSTRAINED_DELEGATION.
+
+ * lib/krb5/get_cred.c (krb5_get_creds): if
+ KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous
+ and constrained_delegation.
+
+2007-06-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/digest.c: Return an error message instead of dropping the
+ packet for more failure cases.
+
+ * lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY.
+
+ * appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more
+ gracefully
-2003-09-19 Love Hörnquist Åstrand <lha@it.su.se>
+2007-06-18 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/rd_req.c:
- 1.47->1.48: (krb5_rd_req): allow caller to pass in a key
- in the auth_context, they way processes that doesn't use the
- keytab can still pass in the key of the service (matches behavior
- of MIT Kerberos).
+ * lib/krb5/pac.c: make compile.
-2003-09-18 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/pac.c (verify_checksum): memset cksum to avoid using
+ pointer from stack.
+
+ * lib/krb5/plugin.c: Don't expose free pointer.
+
+ * lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first
+ calloc.
- * lib/krb5/crypto.c:
- 1.87->1.88: (usage2arcfour): simplify, only
- include special cases From: Luke Howard <lukeh@PADL.COM>
- 1.86->1.87: (arcfour_checksum_p): return true when is arcfour,
- not when its not pointed out by Luke Howard
- 1.82->1.83: Do the arcfour checksum mapping for
- krb5_create_checksum and krb5_verify_checksum, From: Luke Howard
- <lukeh@PADL.COM>
- 1.81->1.82: (hmac): make it return an error
- when out of memory, update callsites to either return error or use
- krb5_abortx
- (krb5_hmac): expose hmac
- * lib/krb5/mk_req_ext.c: 1.26->1.27: (krb5_mk_req_internal):
- when using arcfour-hmac-md5, use an unkeyed checksum
- (rsa-md5), since Microsoft calculates the keyed checksum with
- the subkey of the authenticator.
+ * lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory
+
+ * lib/krb5/krbhst.c: Host is static memory, don't free.
+
+ * lib/krb5/crypto.c (decrypt_internal_derived): make sure length
+ is longer then confounder + checksum.
- * lib/krb5/get_cred.c:
- 1.93->1.94 (init_tgs_req): make generation of subkey
- optional on configuration parameter
- [realms]realm={tgs_require_subkey=bool}
- defaults to off. The RFC1510 weakly defines the correct behavior,
- so old DCE secd apparently required the subkey to be there, and MS
- will use it when its there. But the request isn't encrypted in the
- subkey, so you get to choose if you want to talk to a MS mdc or a
- old DCE secd.
+ * kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from
+ users. This to allows libkdc users to to specify their own
+ databases
- partly 1.91->1.92: (init_tgs_req): in case of error, don't
- free in the req_body addresses since they where pass in by caller
+ * lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of
+ content data (and avoid leaking memory).
- lib/krb5/get_in_tkt.c:
- 1.108->1.1.09: (krb5_get_in_tkt): for compatibility with with
- the mit implemtation, don't free `creds' argument when done, its up
- the the caller to do that, also allow a NULL ccache.
+ * kdc/misc.c (_kdc_db_fetch): set error string for failures.
+
+2007-06-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.
- * doc/ack.texi
- 1.16->1.17: update Luke Howard email address
+2007-06-13 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/hdb/hdb-ldap.c:
- 1.13->1.14: code rewrite from Luke Howard <lukeh@PADL.COM>
- 1.12->1.13: (LDAP_store): log what principal/dn failed
- 1.11->1.12: use int2HDBFlags/HDBFlags2int
- From: Alberto Patino <jalbertop@aranea.com.mx>,
- Luke Howard <lukeh@PADL.COM>
- Pointed out by Andrew Bartlett of Samba
- 1.10->1.11: (LDAP__connect): bind sasl "EXTERNAL" to ldap connection
- (LDAP_store): remove superfluous argument to asprintf
- From Alberto Patino <jalbertop@aranea.com.mx>
+ * kdc/pkinit.c: tell user when they got a pk-init request with
+ pkinit disabled.
- * lib/krb5/krb5.h:
- 1.214->1.2015: add KEYTYPE_ARCFOUR_56
+2007-06-12 Love Hörnquist Åstrand <lha@it.su.se>
-2003-09-12 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to
+ UNPARSE_DISPLAY.
+
+ * lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY.
+
+ * lib/krb5/principal.c: Make no-quote mean replace strange chars
+ with space.
+
+ * lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
- * lib/krb5/config_file.c: fix prototypes Fredrik Ljungberg
- <flag@pobox.se>
+ * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
+
+ * lib/krb5/test_princ.c: Test quoteing.
+
+ * lib/krb5/pkinit.c: update (c)
-2003-09-11 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC.
+
+ * lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole
+ process needs to restart or just skip this KDC.
+
+ * lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to
+ KDC.
+
+ * lib/krb5/krb5.h: Add sendto hooks and opaque structure.
- * lib/hdb/hdb_locl.h: 1.18->1.19: include <limits.h> for ULONG_MAX
- noted by Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss
+ * lib/krb5/krb5_rd_error.3: Update prototype.
+
+ * lib/krb5/send_to_kdc.c: Add hooks for processing the reply from
+ the server.
-2003-08-29 Love Hörnquist Åstrand <lha@it.su.se>
+2007-06-11 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/hdb/db3.c: 1.8->1.9: patch for working with DB4 on
- heimdal-discuss From: Luke Howard <lukeh@PADL.COM> 1.9->1.10: try
- to include more db headers
+ * lib/krb5/krb5_err.et: Some new error codes from RFC 4120.
-2003-08-25 Love Hörnquist Åstrand <lha@it.su.se>
+2007-06-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/krb5tgs.c: Constify.
+
+ * kdc/kerberos5.c: Constify.
+
+ * kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify.
+
+2007-06-08 Love Hörnquist Åstrand <lha@it.su.se>
- * kdc/connect.c: 1.92->1.93 (handle_tcp): handle recvfrom
- returning 0 (connection closed) 1.91->1.92: (grow_descr):
- increment the size after we succeed to allocate the space
+ * include/Makefile.am: Make krb5-types.h nodist_include_HEADERS.
+
+ * kdc/Makefile.am: EXTRA_DIST += version-script.map.
+
+2007-06-07 Love Hörnquist Åstrand <lha@it.su.se>
-2003-08-15 Love Hörnquist Åstrand <lha@it.su.se>
+ * Makefile.am (print-distdir): print name of dist
+
+ * kdc/pkinit.c: Break out loading of mappings file to a separate
+ function and remove warning that it can't open the mapping file,
+ there are now mappings in the db, maybe the users uses that
+ instead...
+
+ * lib/krb5/crypto.c: Require the raw key have the correct size and
+ do away with the minsize. Minsize was a thing that originated
+ from RC2, but since RC2 is done in the x509/cms subsystem now
+ there is no need to keep that around.
+
+ * lib/hdb/dbinfo.c: If there is no default dbname, also check for
+ unset mkey_file and set it default mkey name, make backward compat
+ stuff work.
- * lib/krb5/principal.c: 1.83->1.85: (unparse_name): len can't be
- zero, so, don't check for that
- (unparse_name): make sure there are space for a NUL, set *name to NULL
- when there is a failure (so caller can't get hold of a freed
- pointer)
+ * kdc/version-script.map: add new symbols
-2003-05-08 Johan Danielsson <joda@ratatosk.pdc.kth.se>
+ * kdc/kdc-replay.c: Also update krb5_context view of what the time
+ is.
- * Release 0.6
+ * configure.in: add tests/can/Makefile
-2003-05-08 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/kdc-replay.c: Add --[version|help].
- * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
- support
+ * kdc/pkinit.c: Push down the kdc time into the x509 library.
- * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
- v4 support
+ * kdc/connect.c: Move up krb5_kdc_save_request so we can catch the
+ reply data too.
- * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
- support
+ * kdc/kdc-replay.c: verify reply by checking asn1 class, type and
+ tag of the reply if there is one.
-2003-05-06 Johan Danielsson <joda@pdc.kth.se>
+ * kdc/process.c: Save asn1 class, type and tag of the reply if
+ there is one. Used to verify the reply in kdc-replay.
- * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
- tests
+2007-06-06 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/asn1/check-gen.c: there is no \e escape sequence; replace
- everything with hex-codes, and cast to unsigned char* to make some
- compilers happy
+ * kdc/kdc_locl.h: extern for request_log.
-2003-05-06 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/Makefile.am: Add kdc-replay.
- * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
- argument to krb5_us_timeofday have correct type
+ * kdc/kdc-replay.c: Replay kdc messages to the KDC library.
+
+ * kdc/config.c: Pick up request_log from [kdc]kdc-request-log.
+
+ * kdc/connect.c: Option to save the request to disk.
+
+ * kdc/process.c (krb5_kdc_save_request): save request to file.
+
+ * kdc/process.c (krb5_kdc_process*): dont update _kdc_time
+ automagicly.
+ (krb5_kdc_update_time): set or get current kdc-time.
+
+ * kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and
+ pkauthdata as the signeddata oid
-2003-05-05 Assar Westerlund <assar@kth.se>
+ * kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong.
- * include/make_crypto.c (main): include aes.h if ENABLE_AES
+2007-06-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to
+ match windows DC behavior better.
+
+2007-06-04 Love Hörnquist Åstrand <lha@it.su.se>
-2003-05-05 Love Hörnquist Åstrand <lha@it.su.se>
+ * configure.in: use test for -framework Security
- * NEWS: 1.108->1.110: fix text about gssapi compat
+ * appl/test/uu_server.c: Print status to stdout.
+
+ * kdc/digest.c (digest ntlm): provide log entires by setting ret
+ to an error.
-2003-04-28 Love Hörnquist Åstrand <lha@it.su.se>
+2007-06-03 Love Hörnquist Åstrand <lha@it.su.se>
- * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
- from openbsd
+ * doc/hx509.texi: Indent crl-sign.
-2003-04-24 Love Hörnquist Åstrand <lha@it.su.se>
+ * doc/hx509.texi: One more crl-sign example.
- * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
- <jmc@prioris.mini.pw.edu.pl>
+ * lib/krb5/test_princ.c: plug memory leaks.
-2003-04-22 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/pac.c: plug memory leaks.
- * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
- via openbsd
+ * lib/krb5/test_pac.c: plug memory leaks.
-2003-04-17 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/test_prf.c: plug memory leak.
- * lib/asn1/der_copy.c (copy_general_string): use strdup
- * lib/asn1/der_put.c: remove sprintf
- * lib/asn1/gen.c: remove strcpy/sprintf
-
- * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
- that other (me) have such hosts in the local domain and the tests
- fails, to take hokkigai.pdc.kth.se instead
-
- * lib/krb5/test_alname.c: add --version and --help
+ * lib/krb5/test_cc.c: plug memory leaks.
+
+ * doc/hx509.texi: Simple blob about publishing CRLs.
+
+ * doc/win2k.texi: drop text about enctypes.
-2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
+2007-06-02 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/krb5_warn.3: add krb5_get_err_text
+ * kdc/pkinit.c: In case of OCSP verification failure, referash
+ every 5 min. In case of success, refreash 2 min before expiring or
+ faster.
- * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
- * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
- * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
- strlcpy, from openbsd
- * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
- * appl/kf/kfd.c: use strlcpy, from openbsd
+2007-05-31 Love Hörnquist Åstrand <lha@it.su.se>
-2003-04-16 Johan Danielsson <joda@pdc.kth.se>
+ * lib/krb5/krb5_err.et: add error 68, WRONG_REALM
+
+ * kdc/pkinit.c: Handle the ms san in a propper way, still cheat
+ with the realm name.
+
+ * kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out
+ directly and hand the error back to the client.
- * configure.in: fix for large file support in AIX, _LARGE_FILES
- needs to be defined on the command line, since lex likes to
- include stdio.h before we get to config.h
+ * lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE
+ and fix error message for CLIENT_NAME_MISMATCH.
-2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/pkinit.c: More logging for pk-init client mismatch.
+
+ * kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for
+ windows pk-init (-9) to make MIT clients happy.
- * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
- from Thomas Klausner <wiz@netbsd.org>
+2007-05-30 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
- <wiz@netbsd.org>
+ * kdc/pkinit.c: Force des3 for win2k.
+
+ * kdc/pkinit.c: Add wrapping to ContentInfo wrapping to
+ COMPAT_WIN2K.
-2003-04-15 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/keytab_keyfile.c: Spelling.
- * kdc/kerberos5.c: fix some more memory leaks
+ * kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta
+ doesn't deal with case of realm.
-2003-04-11 Love Hörnquist Åstrand <lha@it.su.se>
+2007-05-16 Love Hörnquist Åstrand <lha@it.su.se>
- * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
+ * lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead
+ of encryption.
+
+2007-05-10 Dave Love <fx@gnu.org>
-2003-04-08 Love Hörnquist Åstrand <lha@it.su.se>
+ * doc/win2k.texi: Update some URLs.
- * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
+2007-05-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kimpersonate.c: Fix version number of ticket, it should be
+ 5 not the kvno.
-2003-04-06 Love Hörnquist Åstrand <lha@it.su.se>
+2007-05-08 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/krb5.3: s/kerberos/Kerberos/
- * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
- * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
- * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
- * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
- * kuser/kinit.1: s/kerberos/Kerberos/
- * kdc/kdc.8: s/kerberos/Kerberos/
+ * doc/setup.texi: Salting is really Encryption types and salting.
+
+2007-05-07 Love Hörnquist Åstrand <lha@it.su.se>
-2003-04-01 Love Hörnquist Åstrand <lha@it.su.se>
+ * doc/setup.texi: spelling, from Ronny Blomme
- * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
+ * doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny
+ Blomme
- * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
- converting too root, make sure user is ok according to
- krb5_kuserok before allowing it.
+2007-05-02 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
+ * lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database
+ specified, create one and let it use the defaults.
- * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
+2007-04-27 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
- instead of the "illegal" salt #~, same change as kth-krb did
- 1999. Problems occur with crypt() that behaves like AT&T crypt
- (openssl does this). Pointed out by Marcus Watts.
+ * lib/hdb/test_dbinfo.c: test acl file
- * admin/change.c (kt_change): collect all principals we are going
- to change, and pick the highest kvno and use that to guess what
- kvno the resulting kvno is going to be. Now two ktutil change in a
- row works. XXX fix the protocol to pass the kvno back.
+ * lib/hdb/test_dbinfo.c: test acl file
+
+ * lib/hdb/dbinfo.c: add acl file
+
+ * etc: ignore Makefile.in
+
+ * Makefile.am: SUBDIRS += etc
+
+ * configure.in: Add etc/Makefile.
+
+ * etc/Makefile.am: make sure services.append is distributed
+
+2007-04-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc: rename windc_init to krb5_kdc_windc_init
+
+ * kdc/version-script.map: version script for libkdc
+
+ * kdc/Makefile.am: version script for libkdc
-2003-03-31 Love Hörnquist Åstrand <lha@it.su.se>
+2007-04-23 Love Hörnquist Åstrand <lha@it.su.se>
- * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error):
+ correct the order of the arguments.
+
+ * lib/hdb/Makefile.am: Add and test dbinfo.
+
+ * lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo;
+
+ * kdc/config.c: Use krb5_kdc_get_config and just fill in what the
+ users wanted differently.
+
+ * kdc/default_config.c: Make the default configuration fetch info
+ from the krb5.conf.
-2003-03-30 Love Hörnquist Åstrand <lha@it.su.se>
+2007-04-22 Love Hörnquist Åstrand <lha@it.su.se>
- * doc/setup.texi: add description on how to turn on v4, 524 and
- kaserver support
+ * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
+ determine if to send the session-key, for the second place in the
+ function.
-2003-03-29 Love Hörnquist Åstrand <lha@it.su.se>
+ * tools/krb5-config.in: rename des to hcrypto
- * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
- and afs-use-524
+ * kuser/Makefile.am: depend on libheimntlm
-2003-03-28 Love Hörnquist Åstrand <lha@it.su.se>
+ * kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for
+ this domain if the Kerberos password auth worked.
- * kdc/kerberos5.c (as_rep): when the second enctype_to_string
- failes, remember to free memory from the first enctype_to_string
+ * kuser/klist.c: add new option --hidden that doesn't display
+ principal that starts with @
- * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
- from Harald Joerg <harald.joerg@fujitsu-siemens.com>
- (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
+ * tools/krb5-config.in: Add heimntlm when we use gssapi.
- * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
- length when key is longer then expected length, its probably
- longer since the encrypted data was padded, reported by Aidan
- Cully <aidan@kublai.com>
+ * lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to
+ free 'cred' with.
- * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
- encyption type, inspired by Aidan Cully <aidan@kublai.com>
+ * lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free
+ 'cred' with.
-2003-03-27 Love Hörnquist Åstrand <lha@it.su.se>
+2007-04-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
+ determine if to send the session-key.
- * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
- (wildcard kvno) after principal when the keytab entry isn't found,
- reported by Chris Chiappa <chris@chiappa.net>
+ * kcm/client.c (kcm_ccache_new_client): make root be able to pass
+ the name constraints, not the opposite. From Bryan Jacobs.
-2003-03-26 Love Hörnquist Åstrand <lha@it.su.se>
+2007-04-20 Love Hörnquist Åstrand <lha@it.su.se>
- * doc/misc.texi: update 2b example to match reality (from
- mattiasa@e.kth.se)
+ * kcm/acl.c: make compile again.
- * doc/misc.texi: spelling and add `Configuring AFS clients'
- subsection
+ * kcm/client.c: fix warning.
+
+ * kcm: First, it allows root to ignore the naming conventions.
+ Second, it allows root to always perform any operation on any
+ ccache. Note that root could do this anyway with FILE ccaches.
+ From Bryan Jacobs.
-2003-03-25 Love Hörnquist Åstrand <lha@it.su.se>
+ * Rename libdes to libhcrypto.
- * lib/krb5/krb5.3: add krb5_free_data_contents.3
-
- * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
- API
+2007-04-19 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
- with MIT API
+ * kinit: remove code that depend on kerberos 4 library
- * lib/krb5/krb5_verify_user.3: write more about how the ccache
- argument should be inited when used
+ * kdc: remove code that depend on kerberos 4 library
-2003-03-25 Johan Danielsson <joda@pdc.kth.se>
+ * configure.in: Drop kerberos 4 support.
- * lib/krb5/addr_families.c (krb5_print_address): make sure
- print_addr is defined for the given address type; make addrports
- printable
+ * kdc/hpropd.c (main): free the message when done with it.
- * kdc/string2key.c: print the used enctype for kerberos 5 keys
+ * lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit):
+ remember to free memory too.
-2003-03-25 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when
+ done.
- * lib/krb5/aes-test.c: add another arcfour test
+ * configure.in: test rk_VERSIONSCRIPT
-2003-03-22 Love Hörnquist Åstrand <lha@it.su.se>
+2007-04-18 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
-
-2003-03-20 Love Hörnquist Åstrand <lha@it.su.se>
-
- * lib/krb5/krb5_ccache.3: update .Dd
+ * fix-export: remove, all done by make dist now
- * lib/krb5/krb5.3: sort in krb5_data functions
+2007-04-15 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
+ * lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre
- * lib/krb5/krb5_data.3: document krb5_data
+2007-04-11 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
- prompter is NULL, don't try to ask for a password to
- change. reported by Iain Moffat @ ufl.edu via Howard Chu
- <hyc@highlandsun.com>
+ * kdc/kstash.8: Spelling, from raga <raga@comcast.net>
+ via Bjorn Sandell.
-2003-03-19 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/store_mem.c: indent.
- * lib/krb5/krb5_keytab.3: spelling, from
- <jmc@prioris.mini.pw.edu.pl>
+ * lib/krb5/recvauth.c: Set error string.
- * lib/krb5/krb5.conf.5: . means new line
-
- * lib/krb5/krb5.conf.5: spelling, from
- <jmc@prioris.mini.pw.edu.pl>
+ * lib/krb5/rd_req.c: clear error strings.
- * lib/krb5/krb5_auth_context.3: spelling, from
- <jmc@prioris.mini.pw.edu.pl>
+ * lib/krb5/rd_cred.c: clear error string.
-2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/pkinit.c: Set error strings.
- * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
+ * lib/krb5/get_cred.c: Tell what principal we are not finding for
+ all KRB5_CC_NOTFOUND.
- * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
+2007-02-22 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
+ * kdc/kerberos5.c: Return the same error codes as a windows KDC.
- * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
- #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
+ * kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password
+ failed.
- * kdc/config.c: 524 is independent of kerberos 4, so move out
- enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
-
-2003-03-17 Assar Westerlund <assar@kth.se>
+ * kdc/kerberos5.c: Make handling of replying e_data more generic,
+ from metze.
- * kdc/kdc.8: document --kerberos4-cross-realm
- * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
- * kdc/kdc_locl.h (enable_v4_cross_realm): add
- * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
- flag before giving out v4 tickets for foreign v5 principals
- * kdc/config.c: add --enable-kerberos4-cross-realm option (default
- to off)
+ * kdc/kerberos5.c: Fix (string const and shadow) warnings, from
+ metze.
-2003-03-17 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/pac.c: Create the PAC element in the same order as
+ w2k3, maybe there's some broken code in windows which relies on
+ this... From metze.
- * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
+ * kdc/kerberos5.c: Select a session enctype from the list of the
+ crypto systems supported enctype, is supported by the client and
+ is one of the enctype of the enctype of the krbtgt.
+
+ The later is used as a hint what enctype all KDC are supporting to
+ make sure a newer version of KDC wont generate a session enctype
+ that and older version of a KDC in the same realm can't decrypt.
+
+ But if the KDC admin is paranoid and doesn't want to have "no the
+ best" enctypes on the krbtgt, lets save the best pick from the
+ client list and hope that that will work for any other KDCs.
- * lib/krb5/krb5_aname_to_localname.3: manpage for
- krb5_aname_to_localname
+ Reported by metze.
- * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
+ * kdc/hprop.c (propagate_database): on any failure, drop the
+ connection to the peer and try next one.
-2003-03-16 Love Hörnquist Åstrand <lha@it.su.se>
+2007-02-18 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
+ * lib/krb5/krb5_get_init_creds.3: document new options.
- * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
+ * kdc/krb5tgs.c: Only check service key for cross realm PACs.
- * lib/krb5/krb5_set_default_realm.3: Manpage for
- krb5_free_host_realm, krb5_get_default_realm,
- krb5_get_default_realms, krb5_get_host_realm, and
- krb5_set_default_realm.
+ * lib/krb5/init_creds.c: use the new merged flags field.
+ (krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k
+ compat flags.
- * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
- <sobrado@acm.org> via NetBSD
+ * lib/krb5/init_creds_pw.c: use the new merged flags field.
- * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
+ * lib/krb5/krb5_locl.h: merge all flags into one entity
- * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
+2007-02-11 Dave Love <fx@gnu.org>
- * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
+ * lib/krb5/krb5_aname_to_localname.3: Small fixes
- * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
- types, add krb5_fcc_ops and krb5_mcc_ops
+ * lib/krb5/krb5_digest.3: Small fixes
- * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
- a id
+ * kuser/kimpersonate.1: Small fixes
-2003-03-15 Love Hörnquist Åstrand <lha@it.su.se>
+2007-02-17 Love Hörnquist Åstrand <lha@it.su.se>
- * doc/intro.texi: add reference to source code, binaries and the
- manual
+ * lib/krb5/init_creds_pw.c (find_pa_data): if there is no list,
+ there is no entry.
- * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
-
-2003-03-14 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/krb5tgs.c: Don't check PACs on cross realm requests.
+
+ * lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES.
- * kdc/kdc.8: better/difrent english
+ * lib/krb5/init_creds_pw.c: Verify client referral data.
- * kdc/kdc.8: . -> .\n, copyright/license
+ * kdc/kerberos5.c: switch some "return ret" to "goto out".
- * kdc/kdc.8: changed configuration file -> restart kdc
+ * kdc/kerberos5.c: Pass down canonicalize request to hdb layer,
+ sign client referrals.
+
+ * lib/hdb/hdb.h: Add HDB_F_CANON.
+
+ * lib/hdb: add simple alias support to the database backends
- * kdc/kerberos4.c: add krb4 into the most error messages written
- to the logfile
+2007-02-16 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/krb5_ccache.3: add missing name of argument
- (krb5_context) to most functions
+ * kuser/kinit.c: Add canonicalize flag.
-2003-03-13 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support
+ canonicalize.
- * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
- function and return FALSE when there isn't a local account for
- `luser'.
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize):
+ new function.
+
+ * lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags.
- * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
- describing the function
+ * lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags.
-2003-03-12 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags.
+
+2007-02-15 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
- returned memory, don't return ENOMEM
+ * lib/krb5/test_princ.c: test parsing enterprise-names.
-2003-03-11 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/principal.c: Add support for parsing enterprise-names.
- * lib/krb5/krb5.3: add krb5_address stuff and sort
+ * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE.
+
+ * lib/hdb/hdb-ldap.c: Make work again.
- * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
+2007-02-11 Dave Love <fx@gnu.org>
+
+ * kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value.
- * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
+2007-02-10 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/krb5_address.3: document types krb5_address and
- krb5_addresses and their helper functions
+ * doc/setup.texi: prune trailing space
-2003-03-10 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/hdb/db.c: Be better at setting and clearing error string.
- * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
+ * lib/hdb/hdb.c: Be better at setting and clearing error string.
- * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
+2007-02-09 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
+ * lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name
+ to print out the keytab name.
- * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
+ * doc/setup.texi: Spelling, from Guido Guenther
- * lib/krb5/krb5.3: add more functions
+2007-02-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen.
+
+2007-02-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_store.c (test_uint16): unsigned ints can't be
+ negative
- * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
- functions
+2007-02-03 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/krb5_kuserok.3: document krb5_kuserok
+ * kdc/pkinit.c: pass extra flags for detached signatures.
+
+ * lib/krb5/pkinit.c: pass extra flags for detached signatures.
+
+ * kdc/digest.c: Remove debug output.
+
+ * kuser/kdigest.c: Add support for ms-chap-v2 client.
- * lib/krb5/krb5_verify_user.3: document
- krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
+2007-02-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/digest.c: Fix ms-chap-v2 get_masterkey
+
+ * kdc/digest.c: Fix ms-chap-v2 mutual response auth code.
+
+ * kuser/kdigest.c: Print session key if there is one.
- * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
- krb5_verify_user_opt
+ * lib/krb5/digest.c: rename hash-a1 to session key
- * lib/krb5/*.[0-9]: add copyright/licenses on more manpages
+ * kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2
- * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
- return NULL
+ * kuser/kdigest.c: print rsp if there is one, from Klas.
- * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
- (TESTS): add test_cc
+ * kdc/digest.c: Use right size, from Klas Lindfors.
- * lib/krb5/test_cc.c: test some
- krb5_cc_default_name/krb5_cc_set_default_name combinations
+ * kuser/kdigest.c: Set client nonce if avaible, from Klas.
+
+ * kdc/digest.c: First version from kllin.
+
+ * kuser/kdigest.c: Don't restrict the type.
+
+2007-02-01 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/krb5/context.c (init_context_from_config_file): set
- default_cc_name to NULL
- (krb5_free_context): free default_cc_name if set
+ * kuser/kdigest-commands.in: add --client-response
+
+ * kuser/kdigest.c: Print status instead of response.
+
+ * kdc/digest.c: Better logging and return status = FALSE when
+ checksum doesn't match.
- * lib/krb5/cache.c (krb5_cc_set_default_name): new function
- (krb5_cc_default_name): use krb5_cc_set_default_name
+ * kdc/digest.c: Check the digest response in the KDC.
- * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
+ * lib/krb5/digest.c: New functions to send in requestResponse to
+ KDC and get status of the request.
+
+ * kdc/digest.c: Add support for MS-CHAP v2.
+
+ * lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap.
-2003-02-25 Love Hörnquist Åstrand <lha@it.su.se>
+2007-01-31 Love Hörnquist Åstrand <lha@it.su.se>
- * appl/kf/kf.1: s/securly/securely/ from NetBSD
+ * fix-export: Make hx509.info too
+
+ * kdc/digest.c: don't verify identifier in CHAP, its the client
+ that chooses it.
-2003-02-18 Love Hörnquist Åstrand <lha@it.su.se>
+2007-01-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: Basic test of prf.
- * kdc/connect.c: s/intialize/initialize, from
- <jmc@prioris.mini.pw.edu.pl>
+ * lib/krb5/test_prf.c: Basic test of prf.
-2003-02-17 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF
+ functions.
- * configure.in: add AM_MAINTAINER_MODE
+ * lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions.
+
+ * lib/krb5/krb5_data.3: Document krb5_data_cmp.
+
+ * lib/krb5/data.c: Add krb5_data_cmp.
+
+2007-01-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kx509.c: Don't use C99 syntax.
+
+2007-01-17 Love Hörnquist Åstrand <lha@it.su.se>
-2003-02-16 Love Hörnquist Åstrand <lha@it.su.se>
+ * configure.in: its LIBADD_roken (and shouldn't really exist, our
+ libtool usage it broken)
- * **/*.[0-9]: add copyright/licenses on all manpages
+ * configure.in: Add an extra variable for roken, LIBADD, that
+ should be used for library depencies.
-2003-14-16 Jacques Vidrine <nectar@kth.se>
+ * lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer.
- * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
- PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
- type specified by the KDC.
+ * lib/krb5/krb5_init_context.3: fix mdoc errors
-2003-02-15 Love Hörnquist Åstrand <lha@it.su.se>
+ * Heimdal 0.8 branch cut today
- * fix-export: some autoconf put their version number in
- autom4te.cache, so remove autom4te*.cache
+ * doc/hx509.texi: Spelling and more about proxy certificates.
+
+ * configure.in: check for arc4random
- * fix-export: make sure $1 is a directory
+2007-01-16 Love Hörnquist Åstrand <lha@it.su.se>
-2003-02-04 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data
+ before starting
- * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
+ * tools/heimdal-build.sh: make cvs keep quiet
- * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
+ * kuser/kverify.c: Use argument as principal if passed an
+ argument. Bug report from Douglas E. Engert
+
+2007-01-15 Love Hörnquist Åstrand <lha@it.su.se>
-2003-01-31 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider
+ the enc_tkt_in_skey case, from Douglas E. Engert.
+
+ * kdc/kx509.c: Issue certificates.
- * kdc/hpropd.8: s/databases/a database/ s/Not/not/
+ * kdc/config.c: Parse kx509/kca configuration.
- * kdc/hprop.8: add missing .
+ * kdc/kdc.h: add kx509 config
-2003-01-30 Love Hörnquist Åstrand <lha@it.su.se>
+2007-01-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (_kdc_find_padata): if there is not padata,
+ there is nothing find.
+
+ * doc/hx509.texi: Examples for pk-init.
- * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
- address, write out encryption type in sentences, s/Host/host
+ * doc/hx509.texi: About extending ca lifetime and sub cas.
-2003-01-26 Love Hörnquist Åstrand <lha@it.su.se>
+2007-01-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/hx509.texi: More about certificates.
+
+2007-01-12 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/asn1/check-gen.c: add checks for Authenticator too
+ * doc/hx509.texi: add Application requirements and write about
+ xmpp/jabber.
-2003-01-25 Love Hörnquist Åstrand <lha@it.su.se>
+2007-01-11 Love Hörnquist Åstrand <lha@it.su.se>
- * doc/setup.texi: in the hprop example, use hprop and the first
- component, not host
+ * doc/hx509.texi: More about issuing certificates.
- * lib/krb5/get_addrs.c (find_all_addresses): address-less
- point-to-point might not have an address, just ignore
- those. Reported by Harald Barth.
+ * doc/hx509.texi: Start of a x.509 manual.
-2003-01-23 Love Hörnquist Åstrand <lha@it.su.se>
+ * include/Makefile.am: remove install headerfiles
- * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
- found, don't print out all known keys
+ * lib/krb5/test_pac.c: Use more interesting data to cause more
+ errors.
- * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
- and facility start resp
- (check_log): find_value() returns -1 when key isn't found
+ * include/Makefile.am: remove install headerfiles
- * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
- 'const void *' to avoid AES_KEY being exposed in krb5-private.h
-
- * lib/krb5/krb5.conf.5: add [kdc]use_2b
+ * lib/krb5/mcache.c: MCC_CURSOR not used, remove.
- * kdc/524.c (encode_524_response): its 2b not b2
-
- * doc/misc.texi: quote @ where missing
+ * lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used
+
+ * lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to
+ allocate data
- * lib/asn1/Makefile.am: add check-gen
+2007-01-10 Love Hörnquist Åstrand <lha@it.su.se>
- * lib/asn1/check-gen.c: add Principal check
+ * doc/setup.texi: Hint about hxtool validate.
+
+ * appl/test/uu_server.c: print both "server" and "client"
+
+ * kdc/krb5tgs.c: Rename keys to be more obvious what they do.
+
+ * kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew
+ Bartlett
- * lib/asn1/check-common.h: move generic asn1/der functions from
- check-der.c to here
+ * kdc/windc.c: ident, spelling.
+
+ * kdc/windc_plugin.h: indent.
- * lib/asn1/check-common.c: move generic asn1/der functions from
- check-der.c to here
+ * kdc/krb5tgs.c: Pass down server entry to verify_pac function.
+ from Andrew Bartlett
- * lib/asn1/check-der.c: move out the generic asn1/der functions to
- a common file
+ * kdc/windc.c: pass down server entry to verify_pac function, from
+ Andrew Bartlett
-2003-01-22 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/windc_plugin.h: pass down server entry to verify_pac
+ function, from Andrew Bartlett
- * doc/misc.texi: more text about afs, how to get get your KeyFile,
- and how to start use 2b tokens
+ * configure.in: Provide a automake symbol ENABLE_SHARED if shared
+ libraries are built.
- * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
- <jmc@cvs.openbsd.org>
+ * lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock
+ when verifying the PAC. From Andrew Bartlett.
-2003-01-21 Jacques Vidrine <nectar@kth.se>
+2007-01-09 Love Hörnquist Åstrand <lha@it.su.se>
- * kuser/kuser_locl.h: include crypto-headers.h for
- des_read_pw_string prototype
+ * lib/krb5/test_pac.c: move around to code test on real PAC.
-2003-01-16 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/pac.c: A tiny 2 char diffrence that make the code work
+ for real.
- * admin/ktutil.8: document -v, --verbose
+ * lib/krb5/test_pac.c: Test more PAC (note that the values used in
+ this test is wrong, they have to be fixed when the pac code is
+ fixed).
- * admin/get.c (kt_get): make getarg usage consistent with other
- other parts of ktutil
+ * doc/setup.texi: Update to new hxtool issue-certificate usage
- * admin/copy.c (kt_copy): remove adding verbose_flag to args
- struct, since it will overrun the args array (from Sumit Bose)
+ * lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS
+ and PK-INIT pa data, no need to expose our password protecting our
+ PKCS12 key.
+
+ * kuser/klist.c (print_cred_verbose): include ticket length in the
+ verbose output
+
+2007-01-08 Love Hörnquist Åstrand <lha@it.su.se>
-2003-01-15 Love Hörnquist Åstrand <lha@it.su.se>
+ * lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without
+ it linux is unhappy.
- * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
- ... }
+ * lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without
+ it linux is unhappy.
- * lib/krb5/aes-test.c: test vectors in aes-draft
-
- * lib/krb5/Makefile.am: add aes-test.c
+ * lib/krb5/name-45-test.c: One of the hosts I sometimes uses is
+ named "bar.domain", this make one of the tests pass when it
+ shouldn't.
- * lib/krb5/crypto.c: Add support for AES
- (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
- (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
- to support checksumtype that are have a shorter wireformat then
- their output block size.
-
- * lib/krb5/crypto.c (struct encryption_type): split the blocksize
- into blocksize and padsize, padsize is the minimum padding
- size. they are the same for now
- (enctype_*): add padsize
- (encrypt_internal): use padsize
- (encrypt_internal_derived): use padsize
- (wrapped_length): use padsize
- (wrapped_length_dervied): use padsize
+2007-01-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: Change --key argument to --out-key.
- * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
- function for each enctype in preparation enctypes that uses
- `Encryption and Checksum Specifications for Kerberos 5' draft
+ * kuser/kimpersonate.1: mangle my name
- * lib/asn1/k5.asn1: add checksum and enctype for AES from
- draft-raeburn-krb-rijndael-krb-02.txt
+2007-01-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: describe how to use hx509 to create
+ certificates.
- * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
- KEYTYPE_AES256
+ * tools/heimdal-build.sh: Add --distcheck.
-2003-01-14 Love Hörnquist Åstrand <lha@it.su.se>
+ * kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check
+ if we should include the PAC in the krbtgt.
- * lib/hdb/common.c (_hdb_fetch): handle error code from
- hdb_value2entry
+ * kdc/pkinit.c (_kdc_as_rep): check if
+ krb5_generate_random_keyblock failes.
- * kdc/Makefile.am: always include kerberos4.c and 524.c in
- kdc_SOURCES to support 524
+ * kdc/kerberos5.c (_kdc_as_rep): check if
+ krb5_generate_random_keyblock failes.
- * kdc/524.c: always compile in support for 524
-
- * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
+ * kdc/krb5tgs.c (tgs_build_reply): check if
+ krb5_generate_random_keyblock failes.
+
+ * kdc/krb5tgs.c: Scope etype.
+
+ * lib/krb5/rd_req.c: Make it possible to turn off PAC check, its
+ default on.
+
+ * lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify
+ its server signature.
+
+ * kdc/kerberos5.c (_kdc_as_rep): call windc client access hook.
+ (_kdc_tkt_add_if_relevant_ad): constify in data argument.
+
+ * kdc/windc_plugin.h: More comments add a client_access hook.
+
+ * kdc/windc.c: Add _kdc_windc_client_access.
+
+ * kdc/krb5tgs.c: rename functions after export some more pac
+ functions.
+
+ * lib/krb5/test_pac.c: export some more pac functions.
+
+ * lib/krb5/pac.c: export some more pac functions.
+
+ * kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC.
+
+ * configure.in: add tests/plugin/Makefile
- * kdc/config.c: always compile in support for 524
+2007-01-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/krb5tgs.c: Get right key for PAC krbtgt verification.
+
+ * kdc/config.c: spelling
+
+ * lib/krb5/krb5.h: typedef for krb5_pac.
+
+ * kdc/headers.h: Include <windc_plugin.h>.
+
+ * kdc/Makefile.am: Include windc.c and use windc_plugin.h
+
+ * kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain
+ Controller.
+
+ * kdc/kerberos5.c: Call callbacks for emulating a Windows Domain
+ Controller. Move the some of the log related stuff to its own
+ function.
+
+ * kdc/config.c: Init callbacks for emulating a Windows Domain
+ Controller.
+
+ * kdc/windc.c: Rename the init function to windc instead of pac.
+
+ * kdc/windc.c: Callbacks specific to emulating a Windows Domain
+ Controller.
+
+ * kdc/windc_plugin.h: Callbacks specific to emulating a Windows
+ Domain Controller.
+
+ * lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ
+
+ * lib/krb5/pac.c: Support all keyed checksum types.
- * kdc/connect.c: always compile in support for 524
+2007-01-02 Love Hörnquist Åstrand <lha@it.su.se>
- * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
- even when we build without kerberos 4, 524 needs them
+ * lib/krb5/pac.c (krb5_pac_get_types): Return list of types.
- * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
- Kerberos 4 help functions/structures so other parts of the source
- tree can use it (like the KDC)
+ * lib/krb5/test_pac.c: test krb5_pac_get_types
+
+ * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
+
+ * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
+
+ * lib/krb5/krb5.h: Add KRB5_KRBHST_KCA.
+ * lib/krb5/test_pac.c: test Add/remove pac buffer functions.
+
+ * lib/krb5/pac.c: Add/remove pac buffer functions.
+
+ * lib/krb5/pac.c: sprinkle const
+
+ * lib/krb5/pac.c: rename DCHECK to CHECK
+
+ * Happy New Year.
diff --git a/crypto/heimdal/ChangeLog.2003 b/crypto/heimdal/ChangeLog.2003
new file mode 100644
index 000000000000..82233515246e
--- /dev/null
+++ b/crypto/heimdal/ChangeLog.2003
@@ -0,0 +1,1795 @@
+2003-12-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/error_string.c: protect error_string with mutex
+
+ * lib/krb5/context.c: allocate and destroy mutex in krb5_context
+
+ * lib/krb5/krb5.h (krb5_context_data): add mutex for error_string
+
+2003-12-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: make -9 work again
+
+2003-12-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: try handle ts preauth better, still
+ not good, but at least it work with older heimdal releases that
+ doesn't send back KRB5KDC_ERR_PREAUTH_REQUIRED when preauth was
+ sent
+
+2003-12-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.asn1: remove enforce-transited-policy, its no longer
+ used
+
+2003-12-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c (_krb5_pk_create_sign): fill in NULL as
+ parameters, required by CMS
+
+2003-12-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_in_tkt_with_keytab.c (krb5_get_in_tkt_with_keytab):
+ avoid memory leak that snuck in when krb5_keytab_key_proc was
+ exported, pointed out by Panases Inc
+
+ * lib/krb5/keytab_file.c: do locking, found to be a problem for
+ Panasas Inc
+
+ * lib/krb5/fcache.c: internally export x{,un}lock and thus prefix
+ them with _krb5_
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
+ KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded
+ krb-cred
+
+ * lib/krb5/krb5_auth_context.3: some text about
+ krb5_auth_con_{add,remove}flags
+
+ * lib/krb5/auth_context.c: add krb5_auth_con_addflags and
+ krb5_auth_con_removeflags
+
+2003-12-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/crypto.c (decrypt_internal_derived): move up padsize to
+ avoid memory leak
+
+2003-12-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/crypto.c: require cipher-text to be padded to padsize
+
+ * lib/krb5/eai_to_heim_errno.c: EAI_ADDRFAMILY and EAI_NODATA is
+ deprecated in RFC3493
+
+ * lib/krb5/verify_krb5_conf.c (check_host): don't check for
+ EAI_NODATA, because its depricated in RFC3493 Pointed out by
+ Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss
+
+2003-12-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: move test_crypto to noinst_PROGRAMS
+
+ * lib/krb5/test_crypto.c: add --version,--help
+
+ * kuser/kinit.c (main): return the return value from simple_execvp
+
+2003-11-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: don't use PKINIT DH per default since its too
+ slow
+
+ * lib/krb5/pkinit.c: tweek to make pkinit work with the fact the
+ asn1_compile can't generate code for context tagless optionals
+
+ * kdc/pkinit.c: add support for KDC side of DH PKINIT
+
+ * lib/krb5/pkinit.c: clean up error handling, make enc-type work
+ again
+
+2003-11-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: add flag to make it work with pkinit dh
+
+ * lib/krb5/pkinit.c: make PKINIT DH support work
+
+2003-11-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/Makefile.am (LDADD): link with LIB_dlopen
+
+ * kdc/pkinit.c: clean up
+
+ * lib/krb5/krb5.h: make pkinit_win2k_compatible into a flag field
+
+ * lib/krb5/pkinit.c: remove most compile depencies clean up
+
+ * kdc/pkinit.c: print an error and turn of pkinit if openssl
+ failed to load
+
+ * kdc/config.c: read pkinit (pki-mumble) configuration options
+
+ * kdc/kerberos5.c: add pkinit support
+
+ * kdc/kdc_locl.h: add prototypes for pkinit
+
+ * kdc/pkinit.c: PKINIT patch from Daniel Kouril and Petr Holub, I
+ removed the dependency on valicert asn1 parser, remove smartcard
+ and globus support (for now). Work to be done on this: DH support,
+ Globus support, Smartcard support, windows support (MS implements
+ -09 of the draft), make it conform to the new draft
+
+ * lib/krb5/pkinit.c: fix bugs, improve error reporting
+
+2003-11-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: add some "struct foo;" glue for pkinit
+ structures that isn't used
+
+ * lib/krb5/pkinit.c: clean up, make remove depenency on openssl's
+ api
+
+ * lib/krb5/krb5_locl.h: add some glue for pkinit add reference
+ counter to _krb5_get_init_creds_opt_private
+
+ * lib/krb5/init_creds.c: reference count krb5_get_init_creds_opt
+ private component to avoid copy all the data in it
+
+ * lib/krb5/crypto.c (AES_string_to_key): fix memory leak
+
+ * lib/krb5/init_creds_pw.c (init_cred_loop): fix memory leak
+
+ * lib/krb5/heim_threads.h: include pthread.h in the pthread case
+
+2003-11-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswdd.c (main): parse kdc.conf
+ From: Jeffrey Hutzelman <jhutz@cmu.edu>
+
+2003-11-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am (TESTS): add test_crypto
+
+ * lib/krb5/test_crypto.c: time crypto operations
+
+2003-11-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/init-creds: spelling, Bruno Rohee <bruno@rohee.com>
+
+2003-11-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_req2): krb5_free_ticket free
+ the ticket now, rewrite error handling to handle that
+
+ * kpasswd/kpasswdd.c (process): don't free ticket,
+ krb5_free_ticket does that now
+
+ * kdc/kerberos5.c (tgs_rep2): don't free ticket, krb5_free_ticket
+ does that now
+
+ * lib/krb5/ticket.c (krb5_free_ticket): free the ticket itself to
+ match mit behavior, pointed out by Derrick Brashear
+
+ * lib/krb5/krb5_ticket.3: krb5_free_ticket free the whole ticket
+
+2003-11-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/padata.c: add krb5_padata_add
+
+ * lib/krb5/krb5.h: krb5_context_data.pkinit_win2k_compatible
+
+ * lib/krb5/Makefile.am: add pkinit.c
+
+ * kuser/kinit.c: add pkinit support
+
+ * lib/krb5/init_creds_pw.c: add support for pkinit
+
+ * lib/krb5/krb5_locl.h: add the opaque krb5_pk_init_ctx to
+ _krb5_get_init_creds_opt_private
+
+ * lib/krb5/pkinit.c: rename krb5_pk_init_openssl_ctx to
+ krb5_pk_init_ctx fix win2k error handling
+
+ * lib/krb5/pkinit.c: PKINIT patch from Daniel Kouril and Petr
+ Holub, I removed the dependency on valicert asn1 parser, remove
+ smartcard and globus support (for now). Work to be done on this:
+ DH support, Globus support, Smartcard support, windows support (MS
+ implements -09 of the draft), verify that it conforms the new
+ draft
+
+2003-11-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/der_copy.c (copy_oid): copy all components
+
+2003-10-27 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: document capaths section
+
+2003-10-22 Johan Danielsson <joda@pdc.kth.se>
+
+ * kdc/kerberos5.c: make sure that the server realm and the krbtgt
+ second component are identical; get rpath from the capaths section
+
+ * kdc/kerberos5.c: change logic for when to check transited policy
+ to a tri-state model involving per principal flags (to be
+ implemented)
+
+ * kdc/kdc_locl.h: change enforce_transited_policy to a tri-state
+ variable
+
+ * kdc/config.c: change enforce_transited_policy to a tri-state
+ variable
+
+2003-10-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/transited.c (krb5_domain_x500_encode): always zero out
+ encoding to make sure it have a defined value on failure
+
+ * lib/krb5/transited.c (krb5_domain_x500_encode):
+ if num_realms ==0, set encoding and return (avoids malloc(0)),
+ check return value for malloc
+
+2003-10-21 Johan Danielsson <joda@pdc.kth.se>
+
+ * kdc/kerberos5.c (fix_transited_encoding): always print
+ cross-realm information
+
+2003-10-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: spelling, From: Tracy Di Marco White
+
+ * kdc/kerberos5.c (fix_transited_encoding): set transited type
+
+2003-10-21 Johan Danielsson <joda@pdc.kth.se>
+
+ * kdc/kdc.8: document enforce-transited-policy
+
+ * kdc/kerberos5.c: always check transited policy if flag set
+ either globally or on principal
+
+ * kdc/config.c: add flag to always check transited policy
+
+ * lib/hdb/hdb.asn1: add flag to enforce transited policy
+
+2003-10-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/transited.c (krb5_domain_x500_decode): set *num_realms
+ to zero not num_realms
+
+ * kuser/kgetcred.1: add --no-transit-check
+
+ * kuser/kgetcred.c: add --no-transit-check
+
+ * doc/setup.texi: describe Transit policy
+
+2003-10-20 Johan Danielsson <joda@pdc.kth.se>
+
+ * kdc/kerberos5.c (fix_transited_encoding): also verify with
+ policy, unless asked not to
+
+ * lib/krb5/rd_req.c (krb5_decrypt_ticket): try to verify transited
+ realms, unless the transited-policy-checked flag is set
+
+ * lib/krb5/transited.c (krb5_domain_x500_decode): handle zero
+ length tr data;
+ (krb5_check_transited): new function that does more useful stuff
+
+ * lib/krb5/get_cred.c: get capath info from [capaths] section
+
+2003-10-16 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/fcache.c: Sleep forever waiting for lock. Previous
+ method doesn't work well with a large number of clients accessing
+ the cache at the same time, and there is no simple way to add a
+ timeout to the lock.
+
+2003-10-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: print the error value
+ krb5_init_context failed with
+
+ * lib/krb5/config_file.c (krb5_config_parse_file_debug): punt if
+ there is binding before a section declaration. Bug found by
+ Arkadiusz Miskiewicz <arekm@pld-linux.org>
+
+2003-10-13 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/fcache.c (erase_file): revert a change in previous; if
+ the ccache is a symlink, kdestroy should remove it
+
+ * lib/krb5/fcache.c: implement locking
+
+2003-10-12 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/klist.c (print_tickets): bail out if krb5_cc_next_cred
+ returns error other than KRB5_CC_END
+
+2003-10-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: add some help function that is common
+ between ENC_TS and SAM2, free the etype{,2}-infos on failure, move
+ the pa counter into krb5_get_init_creds_ctx
+
+2003-10-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kaserver.c (do_getticket): if times data is shorter then 8
+ byte, request is malformed.
+
+ * kdc/kaserver.c (do_authenticate): if request length is less then
+ 8 byte, its a bad request and fail. Pointed out by Marco Foglia
+ <marco@foglia.org>
+
+ * lib/krb5/verify_krb5_conf.c: add flag --warn-mit-syntax that
+ warns for mit syntax is used and just ignore the mit syntax when
+ its used
+
+ * lib/krb5/verify_krb5_conf.c: parse [kdc]use_2b and [gssapi]
+
+2003-10-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/lex.l: add BOOLEAN
+
+ * lib/asn1/parse.y: add BOOLEAN
+
+2003-10-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: When running kinit in "fork mode" do pagsh
+ independent of krb4, also always do krb4 setup of cc. Always try
+ to destroy the v4 cc.
+ - add boolean --{,no-}request-pac that will request pac or not
+
+ * kuser/klist.c (check_for_tgt): set client as part of the
+ pattern/match cred
+
+ * lib/krb5/convert_creds.c (_krb5_krb_dest_tkt): unlink v4 token
+ (get_krb4_cc_name): move out from _krb5_krb_tf_setup
+ (_krb5_krb_tf_setup): adapt to allocated filename instead of
+ static filename
+
+ * lib/krb5/krb5-v4compat.h: add _krb5_krb_dest_tkt and TKT_ROOT
+
+ * lib/krb5/init_creds_pw.c (*) send PA_PAC_REQUEST when the user
+ have requested either use PAC or not use PAC, if the option not
+ set from the user, leave it up to the kdc to decide.
+ (init_creds_loop): clear error string on success
+
+ * lib/krb5/init_creds.c: add
+ krb5_get_init_creds_opt_set_paq_request break out common part of
+ extended opt functions to require_ext_opt
+
+ * lib/krb5/krb5_locl.h: add enum krb5_get_init_creds_req_pac and
+ use it in struct _krb5_get_init_creds_opt_private
+
+ * tools/kdc-log-analyze.pl: handle some more failure lines
+
+ * doc/programming.texi: some diffrences between Heimdal and MIT
+ Kerberos in the API
+
+ * doc/setup.texi: add Setting up DNS
+
+ * lib/krb5/rd_req.c (krb5_rd_req): always free keyblock since its
+ alway used
+
+ * lib/asn1/Makefile.am: add SAM types and PAC_REQUEST
+
+ * lib/asn1/k5.asn1: add more preauth types, add PA-PAC-REQUEST
+
+ * lib/asn1: add boolean support
+
+2003-10-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/changepw.c (setpw_send_request): free ap_req_data on
+ failure
+
+2003-09-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/http_client.c (do_connect): use ai_protocol 0
+
+ * lib/krb5/init_creds_pw.c (init_cred_loop): handle
+ KRB5KRB_ERR_RESPONSE_TOO_BIG and loop again, this time requesting
+ LARGE_MSG from send to kdc, and if this is the second time bail
+ out; try to free memory
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto_kdc_flags): new function,
+ and then implement the order krb5_sendto_kdc* function with this
+ function.
+
+ * lib/krb5/krbhst.c (krb5_krbhst_init_flags): new function, use it
+ and adapt callers
+ (krbhst_get_default_proto): new function, returns udp, or in case
+ large_msg was requested for the krb5_krbhst_data, use tcp.
+ (*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid
+ using udp, use krbhst_get_default_proto
+
+ * lib/krb5/krb5.h: flags for krb5_krbhst_init_flags (and
+ krb5_send_to_kdc_flags)
+
+2003-09-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/rd_req.c (krb5_rd_req): if we have a keyblock in auth
+ context, use that
+
+ * appl/test/uu_client.c: print authorization data if there are any
+
+ * lib/asn1/asn1_print.c: decode IA5Stringa and UTF8String
+
+2003-09-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: use _krb5_get_init_creds_opt_copy
+ * lib/krb5/init_creds.c: don't export krb5_get_init_creds_opt_copy
+
+ * lib/hdb/Makefile.am: libhdb might depend on LIB_dlopen
+
+ * kuser/kinit.c: don't get v4 tickets by default
+
+2003-09-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswdd.c (process): remove a abort()
+
+ * doc/win2k.texi: add some text about netdom.exe and trusts
+
+ * TODO-1.0: gssapi rc4 done
+
+ * kpasswd/kpasswdd.c: add support for Set password protocol as
+ defined by RFC3244 -- Microsoft Windows 2000 Kerberos Change
+ Password and Set Password Protocols
+
+2003-09-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/db3.c: improve readability of ->open ifdef, check if
+ version >= 4.1
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_copy): add
+
+ * lib/krb5/rd_req.c (krb5_rd_req): allow caller to pass in a key
+ in the auth_context, they way processes that doesn't use the
+ keytab can still pass in the key of the service (matches behavior
+ of MIT Kerberos).
+
+2003-09-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: collect all init_creds context into a
+ structure so it can easier be passed around, also, while here,
+ change nonce for every request
+
+ * lib/krb5/get_in_tkt.c (init_as_req): don't realloc data before
+ the loop, add_padata() will handle that itself
+
+ * lib/krb5/get_for_creds.c (add_addrs): don't increase addr->len
+ until in contains interesting data, use right iteration counter
+ when clearing the addresses
+
+ * lib/krb5/log.c (log_realloc): increase len after realloc returns
+ sucessfully
+
+2003-09-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/config_file.c: fix prototypes
+ From: Fredrik Ljungberg <flag@pobox.se>
+
+2003-09-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/http_client.c: close socket when we are done, don't
+ allow the server to restart gssapi negotiation
+
+ * lib/hdb/hdb_locl.h: include <limits.h> for ULONG_MAX noted by
+ Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss
+
+ * appl/test/gssapi_client.c (proto): use select_mech
+
+ * appl/test/http_client.c: use getarg
+
+ * appl/test/gss_common.h: prototype for select_mech
+
+ * appl/test/gss_common.c (select_mech): return the gss_OID from a
+ mech name
+
+ * appl/test/http_client.c: print both source and target
+
+ * appl/test/Makefile.am: build http_client
+
+2003-09-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/asn1_print.c: add support for printing Enumerated
+
+ * appl/test/gssapi_client.c: allow user to select mech; krb5,
+ spnego, and no-oid
+
+ * appl/test/test_locl.h: add mech
+
+ * appl/test/common.c: add --mech,-m argument
+
+ * appl/test/gssapi_server.c: print the mech that was used
+
+ * kdc/kerberos5.c (only_older_enctype_p): check request if the
+ client only supports old enctypes, before it used the database
+
+2003-09-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * **/*.c: add context argument to krb5_get_init_creds_opt_alloc
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): add
+ context argument
+
+ * lib/krb5/krb5_get_init_creds.3: spelling
+
+2003-09-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c (add_file): make len argument an pointer to
+ an integer
+
+ * lib/asn1/k5.asn1: add SAM types
+
+ * lib/krb5/init_creds_pw.c: break out the encrypt timestamp
+ preauth to its function break out the pa_data_to_key_plain to its
+ own function make more variables const
+
+2003-09-04 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: document appdefaults/{forward,encrypt}
+
+2003-09-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: Add key usage for encryption of the
+ SAM-NONCE-OR-SAD field.
+
+ * include/make_crypto.c: include <openssl/ui.h> in the openssl
+ case
+
+ * kdc/hprop.h: use new DES_ api
+
+ * lib/krb5/krb5-v4compat.h: assume session key is a char array of
+ length 8
+
+ * lib/krb5/prompter_posix.c:
+ s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * kuser/kinit.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * kdc/string2key.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * kdc/kstash.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * admin/add.c: s/des_read_pw_string/UI_UTIL_read_pw_string/
+
+ * lib/krb5/crypto.c: switch from the des_ to the DES_ api
+
+ * kdc/hprop.c: use DES_KEY_SZ instead of sizeof(des_block)
+
+ * kuser/kverify.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+ * kpasswd/kpasswd-generator.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+ * kdc/hprop.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free compare
+ a uint32_t with 0xffffffff instead of -1
+
+ * lib/krb5/krb5_425_conv_principal.3: fix [Gt]
+
+ * kuser/kinit.c: use
+ krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): handle
+ password passed in though context
+
+ * lib/krb5/Makefile.am (TESTS): += test_config
+
+ * lib/krb5/aes-test.c: move variable thats used within a #ifdef to
+ be defined within that #ifdef
+
+ * lib/krb5/data.c (krb5_data_free): reset whole krb5_data when
+ freeing it
+
+ * lib/krb5/keyblock.c (krb5_keyblock_zero): new function, zeros
+ out a keyblock
+
+ * lib/krb5/init_creds_pw.c: rewrite/implement
+ krb5_get_init_creds_password with new preauth handing, still it
+ can only work with krb5-pa-enc-timestamp for preauth, but now it
+ can handle etype-info2
+
+ * lib/krb5/init_creds.c (krb5_get_init_creds_opt_alloc): allocate
+ a opt structure
+ (krb5_get_init_creds_opt_free): free a opt structure
+ (krb5_get_init_creds_opt_set_pa_password): set preauth info for
+ enc-timestamp
+
+ * lib/krb5/krb5_locl.h: add struct
+ _krb5_get_init_creds_opt_private
+
+2003-09-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: add SAM keyusage numbers, add s2k proc typedef,
+ add a pointer to a private part of krb5_get_init_creds_opt
+
+ * kdc/string2key.c (main): avoid const warning by using a extra
+ variable
+
+2003-08-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type):
+ reindent
+
+ * lib/krb5/ticket.c (krb5_copy_ticket): free all data when
+ failing, copy data to right memory, the later pointed out by Luke
+ Howard.
+
+2003-08-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: cfx-01 use diffrent usage numbers
+
+2003-08-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/db3.c: try to include more db headers
+
+ * lib/hdb/db3.c: patch for working with DB4 on heimdal-discuss
+ From: Luke Howard <lukeh@PADL.COM>
+
+2003-08-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: add KEYTYPE_ARCFOUR_56
+
+ * appl/test/gssapi_client.c: send both INT and CONF wrapped token
+
+ * appl/test/gssapi_server.c: recv both INT and CONF wrapped token
+
+ * lib/asn1/k5.asn1: add KRB5_NT_SMTP_NAME and KRB5_NT_ENTERPRISE
+
+2003-08-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/uu_client.c (proto): fill in client in the match cred
+
+2003-08-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: CFX uses slightly diffrent usage numbers
+
+ * lib/krb5/crypto.c (usage2arcfour): simplify, only include
+ special cases From: Luke Howard <lukeh@PADL.COM>
+
+2003-08-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: code rewrite from Luke Howard
+ <lukeh@PADL.COM>
+
+ * lib/krb5/crypto.c (arcfour_checksum_p): return true when is
+ arcfour, not when its not pointed out by Luke Howard
+
+ * doc/ack.texi: update Luke Howard email address
+
+2003-08-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_encrypt.3: document:
+ krb5_crypto_getconfoundersize, krb5_crypto_getblocksize
+ krb5_crypto_getenctype, krb5_crypto_getpadsize
+
+ * lib/krb5/crypto.c (krb5_crypto_getpadsize,
+ krb5_crypto_getconfoundersize): added From: Luke Howard
+ <lukeh@PADL.COM>
+
+2003-08-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/connect.c (handle_tcp): handle recvfrom returning 0
+ (connection closed)
+
+ * kdc/connect.c (grow_descr): increment the size after we succeed
+ to allocate the space
+
+ * lib/krb5/krb5_create_checksum.3: text about when
+ krb5_crypto_get_checksum_type is useful
+
+ * lib/krb5/crypto.c (krb5_crypto_get_checksum_type): fix format
+ string
+
+ * lib/krb5/krb5_create_checksum.3: document
+ krb5_crypto_get_checksum_type
+
+ * lib/krb5/crypto.c: add krb5_crypto_get_checksum_type
+ From: Luke Howard <lukeh@PADL.COM>
+
+ * lib/asn1/gen.c: s/UTF8String/heim_utf8_string/ in generated code
+ From: Luke Howard <lukeh@PADL.COM>
+
+2003-08-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * include/make_crypto.c: include aes.h inc in the local libdes
+ case too
+
+2003-08-20 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/asn1/der_free.c: set free'd poiners to NULL
+
+ * lib/asn1/gen_free.c: set free'd poiners to NULL
+
+2003-08-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/heim_threads.h: XXX don't use "plain" pthread support
+ on netbsd
+
+ * lib/krb5/crypto.c: Do the arcfour checksum mapping for
+ krb5_create_checksum and krb5_verify_checksum, From: Luke Howard
+ <lukeh@PADL.COM>
+
+2003-08-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_config.c: check krb5_prepend_config_files_default
+ and krb5_prepend_config_files
+
+ * lib/krb5/context.c: add krb5_prepend_config_files and
+ krb5_prepend_config_files_default
+
+2003-08-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/mkey.c (read_master_mit): krb5_ret_int16 takes a int16_t
+ as argument
+
+ * lib/krb5/parse-name-test.c: please lint (and me)
+
+ * kdc/config.c (configure): remove only set variable 'e'
+
+ * kdc/connect.c (init_socket): sockaddr size argument to
+ krb5_addr2sockaddr is a krb5_addr2sockaddr *
+
+ * kdc/kerberos5.c (as_rep): remove usused variable
+ (tgs_rep2): don't use a temporary ret-variable, ret is reset later
+
+ * lib/krb5/krb5_get_in_cred.3: these function will be deprecated
+
+ * lib/krb5/Makefile.am: man_MANS += krb5_get_init_creds.3
+
+ * lib/krb5/krb5_get_init_creds.3: begining of documentation of
+ krb5_get_init_creds
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_tkt): for compatibility with
+ with the mit implemtation, don't free `creds' argument when done,
+ its up the the caller to do that, also allow a NULL ccache.
+
+2003-08-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: document tgs_require_subkey
+
+ * lib/asn1/Makefile.am: remove trance of generate tests files, its
+ not really for consumption yet
+
+ * lib/hdb/Makefile.am: split generated source from non generated
+ source we make-proto.pl can generate prototypes for non
+ generate-source only (make-proto.pl dies on asn1compile's .c
+ files)
+
+ * lib/krb5/get_cred.c (init_tgs_req): make generation of subkey
+ optional on configuration parameter
+ [realms]realm={tgs_require_subkey=bool}
+ defaults to off. The RFC1510 weakly defines the correct behavior,
+ so old DCE secd apparently required the subkey to be there, and MS
+ will use it when its there. But the request isn't encrypted in the
+ subkey, so you get to choose if you want to talk to a MS mdc or a
+ old DCE secd.
+
+ * kdc/kerberos5.c (*): handle krb5_unparse_name returning non-zero
+
+2003-08-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/principal.c (unparse_name): len can't be zero, so,
+ don't check for that
+
+2003-08-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/principal.c (unparse_name): make sure there are space
+ for a NUL, set *name to NULL when there is a failure (so caller
+ can't get hold of a freed pointer)
+
+2003-07-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/kerberos.8: remove duplicate manual, from
+ cjep@netbsd.org
+
+2003-07-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/cache.c: indent
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): only read
+ KRB5CCNAME when not suid
+
+2003-07-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab_krb4.c (read_v4_entry): the des key is 8 bytes,
+ use a char array instead of des_cblock
+
+2003-07-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: add support for KRB5_PADATA_ETYPE_INFO2
+
+ * lib/krb5/crypto.c (hmac): make it return an error when out of
+ memory, update callsites to either return error or use krb5_abortx
+ (krb5_hmac): expose hmac
+
+2003-07-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keyblock.c (krb5_keyblock_get_enctype): return enctype
+ of keyblock
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_keyblock.3
+
+ * lib/krb5/krb5_keyblock.3: some information about krb5_keyblock
+ and related functions
+
+ * lib/krb5/heim_threads.h: make the non-debug version of the mutex
+ macros "use" the "mutex" integer so the compile wont complain
+ about defined unused variables
+
+ * lib/krb5/heim_threads.h: make thread local storage macros take a
+ "return" argument so no functions need to be created for the
+ no-pthread case
+
+ * lib/krb5/heim_threads.h: adding RWLOCKS and [sg]etspecific
+
+ * configure.in: use KRB_PTHREADS
+
+ * lib/asn1/Makefile.am (gen_files): add asn1_KerberosString and
+ sort
+
+ * lib/asn1/k5.asn1 (ETYPE-INFO2-ENTRY): salt is a KerberosString
+
+ * lib/krb5/krb5.3: add ticket access functions
+ * lib/krb5/krb5_ticket.3: ditto
+ * lib/krb5/ticket.c: ditto
+ * lib/krb5/Makefile.am: ditto
+
+ * lib/krb5/mit_glue.c: add some more krb5_c functions
+
+ * lib/krb5/krb5_c_make_checksum.3: add some more krb5_c functions
+
+ * lib/krb5/crypto.c (krb5_cksumtype_valid): check is checksum type
+ is a valid one
+
+ * lib/krb5/crypto.c (krb5_checksum_is_keyed): only set extented
+ error string when there is a context
+ (krb5_checksum_is_collision_proof): ditto
+
+2003-07-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/mit_glue.c (krb5_c_get_checksum): make type and data
+ argument optional
+ (krb5_c_{encrypt,decrypt}): return "better" error codes for
+ invalid ivec length
+
+ * lib/krb5/krb5_c_make_checksum.3: update krb5_c_get_checksum
+ usage
+
+ * lib/krb5/crypto.c (krb5_crypto_getenctype): new function
+
+ * include/make_crypto.c: avoid redefining
+ OPENSSL_DES_LIBDES_COMPATIBILITY
+
+ * lib/krb5/krb5.h: add krb5_enc_data
+
+2003-07-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.3: add krb5_c_ functions
+
+ * lib/krb5/mit_glue.c: support passing in NULL as the
+ cipher_state/ivec
+
+ * lib/krb5/aes-test.c: add test for krb5_c_encrypt_length and
+ krb5_c_decrypt
+
+ * lib/krb5/krb5_c_make_checksum.3: krb5_c encryption glue
+
+ * lib/krb5/crypto.c (wrapped_length/wrapped_length_derived): when
+ calculating the length of the encrypted data, use the keyed
+ checksum length if the enctype supports a keyed checksum. This
+ only matter for aes, for all other enctypes the key and unkeyed
+ checksum have the same length.
+
+2003-07-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/mit_glue.c: first version of krb5_c encryption glue
+
+ * doc/install.texi: update pointer to luke ldap documentation
+
+ * lib/hdb/hdb.c (hdb_create): check for dynamic backend after
+ static to avoid warning from dynamic backend when using a known
+ static backend
+
+2003-07-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/cache.c: don't return value in void function
+
+2003-07-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/creds.c (krb5_compare_creds): if client is specified in
+ the mcreds, check that too
+
+ * lib/krb5/{keytab_file.c,principal.c,mk_error.c,krb5.h,get_cred.c}:
+ prefix libasn1 types with heim_
+
+ * lib/asn1: prefix typedefs and structs with heim_
+
+2003-07-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.c: avoid unnecessary setting of variable
+
+2003-07-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/klist.c (check_for_tgt): use krb5_cc_clear_mcred
+
+ * appl/test/uu_client.c (proto): use krb5_cc_clear_mcred
+
+ * lib/krb5/get_cred.c (init_tgs_req): in case of error, don't free
+ in the req_body addresses since they where pass in by caller
+ (find_cred): use krb5_cc_clear_mcred
+
+ * lib/krb5/krb5_ccache.3: document krb5_cc_clear_mcred
+
+ * lib/krb5/cache.c (krb5_cc_clear_mcred): new function, clear a
+ krb5_creds to use with krb5_cc_retrieve_cred
+
+2003-06-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.c (find_dynamic_method): if there isn't a prefix,
+ don't load anything
+
+2003-06-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.c: Dynamic backend loading, based on patch from Luke
+ Howard <lukeh@PADL.COM>
+
+ * lib/hdb/hdb.h: add struct hdb_so_method and
+ HDB_INTERFACE_VERSION
+
+2003-06-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/mk_req_ext.c (krb5_mk_req_internal): when using
+ arcfour-hmac-md5, use an unkeyed checksum (rsa-md5), since
+ Microsoft calculates the keyed checksum with the subkey of the
+ authenticator.
+
+ * kuser/kinit.c: write out v4 credential caches with
+ _krb5_krb_tf_setup
+
+ * lib/krb5/krb5-v4compat.h: add _krb5_krb_tf_setup
+
+ * lib/krb5/convert_creds.c (_krb5_krb_tf_setup): create/append v4
+ credential to a new krb4 ticket file
+
+2003-06-27 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/krb5_kuserok.3: put Nd argument in double quotes since
+ it contains more than 9 words; from wiz
+
+2003-06-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: add missing " within #if 0, from
+ stefan sokoll <stefansokoll@yahoo.de>
+
+2003-06-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_timeofday.3: improve krb5_set_real_time text
+
+ * lib/krb5/time.c: improve comment for krb5_set_real_time
+
+2003-06-23 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/kinit.1: document -A
+
+ * kuser/kinit.c: add -A as an alias for --no-addresses
+
+2003-06-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): pass in a
+ krb5_timestamp to krb5_us_timeofday
+
+ * lib/krb5/mk_error.c (krb5_mk_error): pass in a krb5_timestamp to
+ krb5_us_timeofday
+
+ * lib/krb5/time.c (krb5_set_real_time): fix comment and make it
+ work
+
+ * lib/krb5/time.c, lib/krb5/krb5_timeofday.3,
+ lib/krb5/Makefile.am lib/krb5/test_time.c:
+
+ implement krb5_set_real_time, used by SAMBA, requested by Luke
+ Howard <lukeh@PADL.COM>
+
+ * lib/asn1/k5.asn1: make the aes and sha1 checksum types match
+ draft-ietf-krb-wg-crypto-05
+
+2003-06-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: add a test for aes kcrypto encrypted data
+
+ * lib/krb5/crypto.c: clean up AES code to use a structure instead
+ of a key array
+ (_krb5_AES_string_to_default_iterator): set to 4096 as described in
+ aes draft -04
+ (derive_key): always remove the key->schedule since its
+ will contain the wrong (parent key) info
+
+2003-06-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: add aes256 test vectors from Ken Raeburn
+ * doc/setup.texi: add more kdc's to the example
+
+2003-06-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: use int2HDBFlags/HDBFlags2int From: Alberto
+ Patino <jalbertop@aranea.com.mx>, Luke Howard <lukeh@PADL.COM>
+ Pointed out by Andrew Bartlett of Samba
+
+ * lib/krb5/heim_threads.h: remove freebsd comment, don't use debug
+ pthread stubs by default
+
+ * lib/krb5/Makefile.am (man_MANS): drop krb5_free_addresses.3
+
+ * lib/krb5/krb5_free_addresses.3: removed file, functions are
+ documented in krb5_address.3
+
+ * lib/krb5/codec.c: add krb5_{de,en}code_ETYPE_INFO2
+
+ * lib/krb5/crypto.c: add _krb5_AES_string_to_default_iterator add
+ krb5_string_to_key_salt_opaque() fix keylengh for keytype_aes256
+
+2003-06-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: Point out that slave needs /var/heimdal
+ directory and masterkey From: Mans Nilsson <mansaxel@sunet.se>,
+ Fix spelling while here
+
+2003-06-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am, krb5_get_in_cred.3, krb5.3:
+ add manpage for: krb5_get_in_cred, krb5_get_in_tkt,
+ krb5_get_in_tkt_with_keytab, krb5_get_in_tkt_with_password,
+ krb5_get_in_tkt_with_skey
+
+2003-05-28 Assar Westerlund <assar@kth.se>
+
+ * lib/krb5/heim_threads.h: Fix unlock/destroy macros for the
+ non-threaded cases to work. Fix typo.
+
+2003-05-27 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/asn1/{der_put.c,der_length.c,check-der.c}: Fix encoding of
+ "unsigned" integers. If MSB is set, we need to pad with a zero
+ byte.
+
+2003-05-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_c_make_checksum.3: some more mdoc fixes
+
+ * lib/hdb/hdb-ldap.c (LDAP__connect): bind sasl "EXTERNAL" to ldap
+ connection
+ (LDAP_store): remove superfluous argument to asprintf
+
+ From Alberto Patino <jalbertop@aranea.com.mx>
+
+2003-05-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/*.[0-9]: pacify mdoclink
+
+ * lib/krb5/krb5_ccache.3: document diffrences between mit and
+ heimdal krb5_cc_gen_new ccache -> credential cache s/[\t ]+$//
+
+2003-05-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/gssapi_server.c (proto): start to use
+ gss_krb5_copy_ccache
+
+ * appl/test/nt_gss_server.c (proto): comment out gss_ctx_id_t
+ groveling for now
+
+2003-05-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1:
+ - add parser/generate glue for UTF8String and NULL
+ (DER primitive encode/decode functions missing)
+ - handle parsing of DEFAULT and, ...
+
+2003-05-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/heim_threads.h: add missing argument to mutex_init
+
+ * lib/krb5/crypto.c: protect the random initiator with a mutex
+
+ * lib/krb5/mcache.c: protect the mcc_head with a mutex
+
+ * lib/krb5/krb5_locl.h: include heim_threads.h
+
+ * lib/krb5/heim_threads.h: wrapper macros for thread
+ synchronization primitives
+
+2003-05-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_principal.3
+ lib/krb5/Makefile.am:
+ Add all Kerberos principal function to one manpage, add a few more
+ principal function to it, remove old now dup manpages
+
+ * lib/krb5/krb5_build_principal.3: remove file
+ * lib/krb5/krb5_free_principal.3: remove file
+ * lib/krb5/krb5_sname_to_principal.3: remove file
+ * lib/krb5/krb5_principal_get_realm.3: remove file
+
+2003-05-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.8: sort sections, from netbsd
+
+ * lib/krb5/krb5_verify_user.3: .Sh EXAMPLE -> .Sh EXAMPLES, from
+ netbsd
+
+ * lib/krb5/krb5_openlog.3: .Sh EXAMPLE -> .Sh EXAMPLES, sort
+ sections, from netbsd
+
+ * lib/krb5/krb5_keytab.3: .Sh EXAMPLE -> .Sh EXAMPLES, mdoc fixes,
+ from netbsd
+
+ * lib/krb5/krb5_get_krbhst.3: .Sh EXAMPLE -> .Sh EXAMPLES, from
+ netbsd
+
+ * lib/krb5/krb5_get_all_client_addrs.3: add .Os, from NetBSD
+
+ * lib/krb5/krb5_build_principal.3: sort sections, from NetBSD
+
+ * lib/krb5/krb5.conf.5: .Sh EXAMPLE -> .Sh EXAMPLES, from netbsd
+
+ * lib/krb5/get_default_realm.c: compatability -> compatibility,
+ from netbsd
+
+ * lib/krb5/krb5_warn.3: add copyright/license
+
+ * lib/krb5/krb5_context.3: add SYNOPSIS and LIBRARY
+
+ * lib/krb5/krb5.3: add RCSID
+
+ * kdc/hprop.8: fix mdoc problem, from netbsd
+
+ * lib/krb5/krb5_krbhst_init.3: uppercase url, from Thomas Klausner
+ <wiz@netbsd.org>
+
+ * kuser/kinit.1: setup -> set up, new sentence, new line from
+ Thomas Klausner <wiz@netbsd.org>
+
+2003-05-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswd.1: handle setting passwords for multiple
+ principals at the same time
+
+ * kpasswd/kpasswd.c: handle setting passwords for multiple
+ principals at the same time
+
+ * lib/krb5/changepw.c: draft-ietf-cat-kerb-chg-password-02 and
+ rfc3244 share the response packet sure more constants now that
+ they exists
+
+2003-05-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: some define for rfc3244
+
+ * lib/krb5/krb5.3: add krb5_change_password and krb5_set_password
+
+ * kpasswd/kpasswd.1: document --admin-principal
+
+ * kpasswd/kpasswd.c: use krb5_set_password
+
+ * lib/krb5/krb5_set_password.3: document krb5_change_password and
+ krb5_set_password
+
+ * lib/krb5/changepw.c: implement rfc3244, partly from
+ shadow@dementia.org
+
+ * lib/asn1/Makefile.am (gen_files): asn1_ChangePasswdDataMS.x for
+ RFC3244
+
+ * lib/asn1/k5.asn1: add ChangePasswdDataMS, for
+ RFC3244
+
+2003-05-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kdestroy.c: destroy tokens even if there isn't v4 support
+
+ * kuser/kinit.c: get token even if there isn't v4 support
+
+ * kuser/klist.c: print tokens even if there isn't v4 support
+
+2003-05-06 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
+ tests
+
+ * lib/asn1/check-gen.c: there is no \e escape sequence; replace
+ everything with hex-codes, and cast to unsigned char* to make some
+ compilers happy
+
+2003-05-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
+ argument to krb5_us_timeofday have correct type
+
+2003-05-05 Assar Westerlund <assar@kth.se>
+
+ * include/make_crypto.c (main): include aes.h if ENABLE_AES
+
+2003-05-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * make-release: when fixing a valid cvs tag from release name
+ replace all number. to number- for all non-overlapping matches
+
+2003-05-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/Makefile.am: gen_files += asn1_ETYPE_INFO2.x and
+ asn1_ETYPE_INFO2_ENTRY.x
+ (libasn1_la_LDFLAGS): set version to 6:1:1
+
+ * doc/Makefile.am: add apps.texi
+
+ * doc/setup.texi: add move forward link to applications
+
+ * doc/heimdal.texi: add applications
+
+ * doc/misc.texi: move afs stuff to applications add link to
+ applications
+
+ * doc/apps.texi: text about applications using kerberos
+ move afs text here
+
+2003-05-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: add cross realm text
+
+2003-04-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_crypto_init.3: document krb5_enctype_to_string and
+ krb5_string_to_enctype
+
+2003-04-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/v4_dump.c (v4_prop_dump): limit strings length, from openbsd
+
+2003-04-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: use _krb5_PKCS5_PBKDF2
+ * lib/krb5/crypto.c: unexport krb5_PKCS5_PBKDF2
+
+2003-04-25 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): if the local
+ sequence number is non-zero, don't generate a new one
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): if the local sequence number is
+ non-zero, don't generate a new one
+
+ * lib/krb5/time.c (krb5_us_timeofday): make the sec parameter a
+ krb5_timestamp
+
+ * lib/krb5/mk_priv.c lib/krb5/mk_safe.c lib/krb5/rd_priv.c
+ lib/krb5/rd_safe.c lib/krb5/rd_cred.c: implement RET_SEQUENCE and
+ RET_TIME
+
+ * lib/krb5/krb5.h (krb5_replay_data): make usec signed (matching
+ asn1)
+
+2003-04-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/programming.texi: s/managment/management/, from jmc
+ <jmc@prioris.mini.pw.edu.pl>
+
+2003-04-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c (default_etypes): also advertise that we
+ handle aes encryption types
+
+ * lib/krb5/Makefile.am: add krb5_c_ checksum related functions
+
+ * lib/krb5/krb5_c_make_checksum.3: document krb5_c_ checksum
+ related functions
+
+ * lib/krb5/mit_glue.c: add compat mit krb5_c checksum related
+ functions
+
+ * lib/asn1/k5.asn1: add ETYPE-INFO2 and ETYPE-INFO2-ENTRY
+
+2003-04-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krbhst.c: copy NUL too, from janj@wenf.org via openbsd
+
+2003-04-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/der_copy.c (copy_general_string): use strdup
+ * lib/asn1/der_put.c: remove sprintf
+ * lib/asn1/gen.c: remove strcpy/sprintf
+
+ * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
+ that other (me) have such hosts in the local domain and the tests
+ fails, to take hokkigai.pdc.kth.se instead
+
+ * lib/krb5/test_alname.c: add --version and --help
+
+2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_warn.3: add krb5_get_err_text
+
+ * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
+ * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
+ * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
+ strlcpy, from openbsd
+ * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
+ * appl/kf/kfd.c: use strlcpy, from openbsd
+
+2003-04-16 Johan Danielsson <joda@pdc.kth.se>
+
+ * configure.in: fix for large file support in AIX, _LARGE_FILES
+ needs to be defined on the command line, since lex likes to
+ include stdio.h before we get to config.h
+
+2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
+ from Thomas Klausner <wiz@netbsd.org>
+
+ * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
+ <wiz@netbsd.org>
+
+2003-04-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: fix some more memory leaks
+
+2003-04-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
+
+2003-04-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
+
+2003-04-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
+ * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
+ * kuser/kinit.1: s/kerberos/Kerberos/
+ * kdc/kdc.8: s/kerberos/Kerberos/
+
+2003-04-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
+
+ * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
+ converting too root, make sure user is ok according to
+ krb5_kuserok before allowing it.
+
+ * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
+
+ * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
+
+ * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
+ instead of the "illegal" salt #~, same change as kth-krb did
+ 1999. Problems occur with crypt() that behaves like AT&T crypt
+ (openssl does this). Pointed out by Marcus Watts.
+
+ * admin/change.c (kt_change): collect all principals we are going
+ to change, and pick the highest kvno and use that to guess what
+ kvno the resulting kvno is going to be. Now two ktutil change in a
+ row works. XXX fix the protocol to pass the kvno back.
+
+2003-03-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
+
+2003-03-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: add description on how to turn on v4, 524 and
+ kaserver support
+
+2003-03-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
+ and afs-use-524
+
+2003-03-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (as_rep): when the second enctype_to_string
+ failes, remember to free memory from the first enctype_to_string
+
+ * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
+ from Harald Joerg <harald.joerg@fujitsu-siemens.com>
+ (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
+
+ * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
+ length when key is longer then expected length, its probably
+ longer since the encrypted data was padded, reported by Aidan
+ Cully <aidan@kublai.com>
+
+ * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
+ encyption type, inspired by Aidan Cully <aidan@kublai.com>
+
+2003-03-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
+ (wildcard kvno) after principal when the keytab entry isn't found,
+ reported by Chris Chiappa <chris@chiappa.net>
+
+2003-03-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/misc.texi: update 2b example to match reality (from
+ mattiasa@e.kth.se)
+
+ * doc/misc.texi: spelling and add `Configuring AFS clients'
+ subsection
+
+2003-03-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.3: add krb5_free_data_contents.3
+
+ * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
+ API
+
+ * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
+ with MIT API
+
+ * lib/krb5/krb5_verify_user.3: write more about how the ccache
+ argument should be inited when used
+
+2003-03-25 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/addr_families.c (krb5_print_address): make sure
+ print_addr is defined for the given address type; make addrports
+ printable
+
+ * kdc/string2key.c: print the used enctype for kerberos 5 keys
+
+2003-03-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: add another arcfour test
+
+2003-03-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
+
+2003-03-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_ccache.3: update .Dd
+
+ * lib/krb5/krb5.3: sort in krb5_data functions
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_data.3
+
+ * lib/krb5/krb5_data.3: document krb5_data
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
+ prompter is NULL, don't try to ask for a password to
+ change. reported by Iain Moffat @ ufl.edu via Howard Chu
+ <hyc@highlandsun.com>
+
+2003-03-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_keytab.3: spelling, from
+ <jmc@prioris.mini.pw.edu.pl>
+
+ * lib/krb5/krb5.conf.5: . means new line
+
+ * lib/krb5/krb5.conf.5: spelling, from
+ <jmc@prioris.mini.pw.edu.pl>
+
+ * lib/krb5/krb5_auth_context.3: spelling, from
+ <jmc@prioris.mini.pw.edu.pl>
+
+2003-03-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
+
+ * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
+
+ * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
+
+ * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
+ #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
+
+ * kdc/config.c: 524 is independent of kerberos 4, so move out
+ enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
+
+2003-03-17 Assar Westerlund <assar@kth.se>
+
+ * kdc/kdc.8: document --kerberos4-cross-realm
+ * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
+ * kdc/kdc_locl.h (enable_v4_cross_realm): add
+ * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
+ flag before giving out v4 tickets for foreign v5 principals
+ * kdc/config.c: add --enable-kerberos4-cross-realm option (default
+ to off)
+
+2003-03-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
+
+ * lib/krb5/krb5_aname_to_localname.3: manpage for
+ krb5_aname_to_localname
+
+ * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
+
+2003-03-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
+
+ * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
+
+ * lib/krb5/krb5_set_default_realm.3: Manpage for
+ krb5_free_host_realm, krb5_get_default_realm,
+ krb5_get_default_realms, krb5_get_host_realm, and
+ krb5_set_default_realm.
+
+ * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
+ <sobrado@acm.org> via NetBSD
+
+ * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
+
+ * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
+
+ * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
+
+ * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
+ types, add krb5_fcc_ops and krb5_mcc_ops
+
+ * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
+ a id
+
+2003-03-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/intro.texi: add reference to source code, binaries and the
+ manual
+
+ * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
+
+2003-03-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kdc.8: better/difrent english
+
+ * kdc/kdc.8: . -> .\n, copyright/license
+
+ * kdc/kdc.8: changed configuration file -> restart kdc
+
+ * kdc/kerberos4.c: add krb4 into the most error messages written
+ to the logfile
+
+ * lib/krb5/krb5_ccache.3: add missing name of argument
+ (krb5_context) to most functions
+
+2003-03-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
+ function and return FALSE when there isn't a local account for
+ `luser'.
+
+ * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
+ describing the function
+
+2003-03-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
+ returned memory, don't return ENOMEM
+
+2003-03-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.3: add krb5_address stuff and sort
+
+ * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
+
+ * lib/krb5/krb5_address.3: document types krb5_address and
+ krb5_addresses and their helper functions
+
+2003-03-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
+
+ * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se
+
+ * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
+
+ * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
+
+ * lib/krb5/krb5.3: add more functions
+
+ * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
+ functions
+
+ * lib/krb5/krb5_kuserok.3: document krb5_kuserok
+
+ * lib/krb5/krb5_verify_user.3: document
+ krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
+
+ * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
+ krb5_verify_user_opt
+
+ * lib/krb5/*.[0-9]: add copyright/licenses on more manpages
+
+ * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
+ return NULL
+
+ * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
+ (TESTS): add test_cc
+
+ * lib/krb5/test_cc.c: test some
+ krb5_cc_default_name/krb5_cc_set_default_name combinations
+
+ * lib/krb5/context.c (init_context_from_config_file): set
+ default_cc_name to NULL
+ (krb5_free_context): free default_cc_name if set
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): new function
+ (krb5_cc_default_name): use krb5_cc_set_default_name
+
+ * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
+
+2003-02-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/kf/kf.1: s/securly/securely/ from NetBSD
+
+2003-02-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/connect.c: s/intialize/initialize, from
+ <jmc@prioris.mini.pw.edu.pl>
+
+2003-02-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: add AM_MAINTAINER_MODE
+
+2003-02-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * **/*.[0-9]: add copyright/licenses on all manpages
+
+2003-14-16 Jacques Vidrine <nectar@kth.se>
+
+ * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
+ PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
+ type specified by the KDC.
+
+2003-02-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * fix-export: some autoconf put their version number in
+ autom4te.cache, so remove autom4te*.cache
+
+ * fix-export: make sure $1 is a directory
+
+2003-02-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
+
+ * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
+
+2003-01-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/hpropd.8: s/databases/a database/ s/Not/not/
+
+ * kdc/hprop.8: add missing .
+
+2003-01-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
+ address, write out encryption type in sentences, s/Host/host
+
+2003-01-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/check-gen.c: add checks for Authenticator too
+
+2003-01-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: in the hprop example, use hprop and the first
+ component, not host
+
+ * lib/krb5/get_addrs.c (find_all_addresses): address-less
+ point-to-point might not have an address, just ignore
+ those. Reported by Harald Barth.
+
+2003-01-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
+ found, don't print out all known keys
+
+ * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
+ and facility start resp
+ (check_log): find_value() returns -1 when key isn't found
+
+ * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
+ 'const void *' to avoid AES_KEY being exposed in krb5-private.h
+
+ * lib/krb5/krb5.conf.5: add [kdc]use_2b
+
+ * kdc/524.c (encode_524_response): its 2b not b2
+
+ * doc/misc.texi: quote @ where missing
+
+ * lib/asn1/Makefile.am: add check-gen
+
+ * lib/asn1/check-gen.c: add Principal check
+
+ * lib/asn1/check-common.h: move generic asn1/der functions from
+ check-der.c to here
+
+ * lib/asn1/check-common.c: move generic asn1/der functions from
+ check-der.c to here
+
+ * lib/asn1/check-der.c: move out the generic asn1/der functions to
+ a common file
+
+2003-01-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/misc.texi: more text about afs, how to get get your KeyFile,
+ and how to start use 2b tokens
+
+ * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
+ <jmc@cvs.openbsd.org>
+
+2003-01-21 Jacques Vidrine <nectar@kth.se>
+
+ * kuser/kuser_locl.h: include crypto-headers.h for
+ des_read_pw_string prototype
+
+2003-01-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * admin/ktutil.8: document -v, --verbose
+
+ * admin/get.c (kt_get): make getarg usage consistent with other
+ other parts of ktutil
+
+ * admin/copy.c (kt_copy): remove adding verbose_flag to args
+ struct, since it will overrun the args array (from Sumit Bose)
+
+2003-01-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
+ ... }
+
+ * lib/krb5/aes-test.c: test vectors in aes-draft
+
+ * lib/krb5/Makefile.am: add aes-test.c
+
+ * lib/krb5/crypto.c: Add support for AES
+ (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
+ (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
+ to support checksumtype that are have a shorter wireformat then
+ their output block size.
+
+ * lib/krb5/crypto.c (struct encryption_type): split the blocksize
+ into blocksize and padsize, padsize is the minimum padding
+ size. they are the same for now
+ (enctype_*): add padsize
+ (encrypt_internal): use padsize
+ (encrypt_internal_derived): use padsize
+ (wrapped_length): use padsize
+ (wrapped_length_dervied): use padsize
+
+ * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
+ function for each enctype in preparation enctypes that uses
+ `Encryption and Checksum Specifications for Kerberos 5' draft
+
+ * lib/asn1/k5.asn1: add checksum and enctype for AES from
+ draft-raeburn-krb-rijndael-krb-02.txt
+
+ * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
+ KEYTYPE_AES256
+
+2003-01-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/common.c (_hdb_fetch): handle error code from
+ hdb_value2entry
+
+ * kdc/Makefile.am: always include kerberos4.c and 524.c in
+ kdc_SOURCES to support 524
+
+ * kdc/524.c: always compile in support for 524
+
+ * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
+
+ * kdc/config.c: always compile in support for 524
+
+ * kdc/connect.c: always compile in support for 524
+
+ * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
+ even when we build without kerberos 4, 524 needs them
+
+ * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
+ Kerberos 4 help functions/structures so other parts of the source
+ tree can use it (like the KDC)
+
diff --git a/crypto/heimdal/ChangeLog.2004 b/crypto/heimdal/ChangeLog.2004
new file mode 100644
index 000000000000..5e3934256828
--- /dev/null
+++ b/crypto/heimdal/ChangeLog.2004
@@ -0,0 +1,1485 @@
+2004-12-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for
+ now (used in pkinit)
+
+2004-12-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/Makefile.am: add CHECK_SYMBOLS
+
+ * lib/hdb/keys.c: make all_etypes static
+
+ * lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err
+ -version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops
+
+ * kdc/kerberos5.c: use private version of principalname
+
+ * kdc/kerberos4.c: use private version of principalname
+
+ * kdc/hpropd.c: use private version of principalname
+
+ * kdc/524.c: use private version of principalname
+
+ * lib/krb5/rd_req.c: use private version of principalname
+
+ * lib/krb5/rd_cred.c: use private version of principalname
+
+ * lib/krb5/init_creds_pw.c: use private version of principalname
+
+ * lib/krb5/get_in_tkt.c: use private version of principalname
+
+ * lib/krb5/asn1_glue.c: make principalname functions private
+
+ * lib/krb5/krb5.h: add key usage for server referrals
+
+2004-12-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/principal.c: make default_v4_name_convert static
+
+ * lib/krb5/crypto.c: make lots of crypto related variables static
+
+ * lib/krb5/acache.c: make default_acc_name static
+
+2004-12-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: add some text about samba, use example.com
+
+ * lib/hdb/hdb-ldap.c: Add account expiration for samba from James
+ F. Hranicky <jfh@cise.ufl.edu>.
+ Add LDAP_addmod_integer and use it.
+
+2004-12-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text
+ fixes, from Dave Love
+
+2004-12-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just
+ needs pthread.h, threadlib is dead
+
+2004-12-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/config.c (configure): check for deprecated
+ enforce-transited-policy is set and fail if it is
+
+ * lib/asn1/asn1_print.c: don't print garabage for octet strings
+
+2004-12-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/main.c (main): catch sigpipe, we don't bother select()ing
+ for errors
+
+ * kdc/connect.c (handle_http_tcp): handle error from write(2)
+
+ * doc/setup.texi: clarify credentials refreshing stuff
+
+ * doc/setup.texi: add new node: Providing Kerberos credentials to
+ servers and programs
+
+ * doc/whatis.texi: fix spurious cross-reference makeinfo warning
+
+ * lib/hdb/hdb-ldap.c (pos): uppercase in character
+
+2004-12-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode
+ nibbels in the other order
+
+ * lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if
+ attribute exists before we try to delete it LDAP__bytes2hex
+ encodes in strange byte order, is this really right ?
+
+2004-12-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all
+ entries, search for samba accounts too, From: "James F. Hranicky"
+ <jfh@cise.ufl.edu>
+
+ * lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid
+ too
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing
+ both krb5PrincipalName and uid, it must be broken, ignore it and
+ return it doesn't exists.
+
+2004-12-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/hpropd.8: spelling, from OpenBSD
+
+ * kdc/kdc.8: use keeps for options, From OpenBSD k
+
+2004-12-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: document --random-key and the need to do backup
+ of the master key
+
+ * kdc/kstash.8: add --random-key
+
+ * kdc/kstash.c: add --random-key
+
+2004-12-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.8: spelling, from openbsd
+
+ * lib/krb5/krb5_init_context.3: spelling, from openbsd
+
+ * lib/krb5/krb5.conf.5: spelling, from openbsd
+
+ * kuser/kdestroy.1: use keeps around options, spelling, from
+ openbsd
+
+ * kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD
+
+ * kdc/hpropd.8: use keeps around options, from OpenBSD
+
+ * kdc/hprop.8: use keeps around options, from OpenBSD
+
+2004-11-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c (krb5_free_context): clear error string
+ before destroying mutex
+ (krb5_init_context): don't call krb5_free_context before there is a
+ mutex initialized
+
+2004-11-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c (get_new_tickets): only complain about ticket
+ renewable lifetime when the user asked for a specific renewable
+ lifetime
+
+2004-11-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (find_keys): log what principal is missing
+ enctypes
+
+2004-11-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after
+ freeing data
+
+ * lib/krb5/init_creds_pw.c (change_password): handle old_options
+ being NULL From Guenther Deschner on samba-technical.
+
+2004-11-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_get_init_creds.3: add more text describing the
+ krb5_get_init_creds functions
+
+2004-11-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work
+ again
+
+2004-11-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.asn1: use constrained integers
+
+2004-11-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_get_init_creds.3: add description for opt_init,
+ opt_alloc, opt_free
+
+ * lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit
+
+ * lib/krb5/init_creds.c: unexport
+ krb5_get_init_creds_opt_free_pkinit
+
+ * lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into
+ get_init_creds_common
+
+ * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in
+ options NULL, just make a clean copy
+
+2004-11-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier
+ so we don't leak it on error
+
+2004-10-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: unbreak 2b entry
+
+ * lib/krb5/acache.c (make_cred_from_ccred): the address isn't a
+ sockaddr but rather a kerberos address, deal with that. Based on
+ bug report from Jakob Schlyter <jakob@rfc.se>.
+
+2004-10-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/connect.c: Make sure argument passed to ctype isn't signed
+ char
+
+2004-10-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: match new error names
+
+ * lib/krb5/krb5_err.et: make error messages sane again
+
+2004-10-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab.c: use KRB5_KT_BADNAME
+
+ * lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major
+ version bump) add KRB5_DELTAT_BADFORMAT
+
+ * lib/krb5/krb5.conf.5: time defaults to "s"
+
+ * lib/krb5/time.c (krb5_string_to_deltat): default to "s" again,
+ MIT's behavior was actually that it failed to parse the number
+ (and thus used the default). Even better, ticket_lifetime (that
+ was a consumer supposed a of the interface) was documented but
+ never implemented, when it was implemented, people configuraiton
+ files started to fail. Also, use KRB5_DELTAT_BADFORMAT as a
+ failure code.
+
+ * lib/asn1/k5.asn1: sync enctypes with pkinit branch
+
+ * lib/asn1/parse.y (readd) support negative numbers
+
+ * lib/asn1/lex.l: support hex numbers
+
+2004-10-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS
+
+ * lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding
+ for rc2 don't to padding for blocksize 1
+
+ * lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c:
+ Move keyset parsing and password based keyset generation into hdb.
+ Requested by Andrew Bartlett <abartlet@samba.org> for hdb-ldb
+ backend.
+
+2004-10-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: adapt to new signature of
+ krb5_get_init_creds_opt_set_pkinit
+
+ * lib/krb5/pkinit.c: free openssl engine deal with
+ RecipientIdentifier -> CMSIdentifier and heim_any -> name change
+ improve error messages
+
+ * kdc/pkinit.c: free openssl engine deal with RecipientIdentifier
+ -> CMSIdentifier and heim_any -> name change
+
+2004-10-04 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/klist.c: use rtbl_set_separator
+
+2004-10-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: filter out dup openssl engine keys, parse
+ user options first
+
+ * lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add
+ openssl engine support for private key
+
+ * lib/krb5/crypto.c: support padding as its done in CMS
+
+ * kdc/pkinit.c: improve error logging
+
+ * kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt
+
+2004-09-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: assume minutes for time
+
+ * lib/krb5/config_file.c (krb5_config_vget_time_default): use
+ krb5_string_to_deltat
+
+ * lib/krb5/appdefault.c (krb5_appdefault_time): use
+ krb5_string_to_deltat
+
+ * lib/krb5/time.c (krb5_string_to_deltat): set default unit to
+ minute for compatibility with MIT Kerberos.
+
+
+2004-09-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large
+ message safe" transport if we get back
+ KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner
+ <gd@sernet.de>
+
+2004-09-23 Johan Danielsson <joda@pdc.kth.se>
+
+ * admin/list.c: use rtbl
+
+ * admin/ktutil-commands.in: slc source file
+
+ * lib/krb5/constants.c: check
+ /Library/Preferences/edu.mit.Kerberos on OSX
+
+2004-09-21 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/time.c (krb5_format_time): check return value from
+ localtime and strftime
+
+2004-09-14 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/kinit.c: make sure we don't always get renewable creds
+
+2004-09-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/acache.c: use krb5_ccapi.h
+
+ * lib/krb5/krb5_ccapi.h: break out krb5 api definitions to
+ separate (not installed) file
+
+ * lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS
+ since AM_CPPFLAGS overridden by target specific _CPPFLAGS
+
+2004-09-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: make variable shorter, make error messages
+ from pkinit, make freeing easier
+
+2004-09-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen
+
+ * lib/krb5/crypto.c (seed_something): avoid poking at memory that
+ is uninitialized, make valgrind unhappy. Pointd out by
+ abartlet@samba.org. While where, plug the fd leak.
+
+2004-09-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/der_get.c (decode_*): name all tag-length variables the
+ same
+ (decode_enumerated): check that the tag-length is not longer the length
+
+ * lib/asn1/der_get.c (decode_boolean): fail if length of tag is
+ larger then len
+
+2004-08-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be
+ set in case of failure too, free unconditionally on exit to avoid
+ memory leak
+
+2004-08-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after
+ free
+
+2004-08-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c (krb5_get_err_text): if neither of com_right
+ nor strerror finds the error-code, return Unknown error.
+
+2004-08-19 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/krb5_kuserok.3: update to reality
+
+ * lib/krb5/kuserok.c: if a .k5login file exist, don't give
+ implicit rights to anyone; also check owner/mode of .k5login
+
+2004-08-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3
+
+ * lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname
+
+ * lib/krb5/krb5.3: add krb5_getportbyname
+
+ * lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid
+
+ * lib/krb5/krb5_encrypt.3: document krb5_enctype_valid
+
+2004-08-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes
+ from the client and filter them out.
+
+ * lib/krb5/krb5_string_to_key.3: document krb5_free_salt
+
+2004-08-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_ticket.3: data needs to be freed when using
+ krb5_ticket_get_authorization_data_type
+
+2004-08-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_cc.c: test variables in default_cc_name
+
+ * lib/krb5/krb5.conf.5: explain support for varibles in
+ [libdefaults]default_cc_name
+
+ * lib/krb5/cache.c: drop ${time}, its not very useful
+
+ * lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand
+ variables in the default cc name. Supported variables now are:
+ ${time},${uid} and ${null}
+
+ * lib/krb5/krb5.conf.5: document default_cc_name
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name):
+ s/libdefault/libdefaults/
+
+2004-08-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/acache.c: replace magic 3 with ccapi_version_3
+
+ * lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c
+
+ * lib/krb5/krb5.h: add krb5_acc_ops
+
+ * lib/krb5/acache.c: CCAPI v3 implementation, the read only
+ support was from Magnus Ahltorp and then extended by me to support
+ all other operations. Tested with MIT kerberos cc cache
+ implementation on MacOS 10.3.3
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the
+ default cc name, this is not very useful for general purpose glue
+ since its not possible to glue in user information (like uid), but
+ for CCAPI it works just fine
+
+2004-08-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kgetcred.1: document --cache/-c
+
+ * kuser/kgetcred.c: allow to specify what credential cache to use
+
+2004-08-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3
+
+ * lib/krb5/krb5_eai_to_heim_errno.3: document
+ krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno
+
+ * lib/krb5/krb5.3: add krb5_eai_to_heim_errno,
+ krb5_h_errno_to_heim_errno
+
+2004-07-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms
+ result should be free with krb5_free_host_realm drop
+ krb5_get_host_realm text
+
+ * lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result
+ should be free with krb5_free_host_realm
+
+ * lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep
+
+ * lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds
+
+ * lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator
+
+ * lib/krb5/Makefile.am: man_MANS += krb5_rd_error
+
+ * lib/krb5/krb5_rd_error.3: krb5_rd_error and friends
+
+ * lib/krb5/krb5_warn.3: clarify on what string
+ krb5_free_error_string should operate on
+
+ * lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred
+
+ * lib/krb5/Makefile.am: krb5_get_credentials,
+ krb5_get_forwarded_creds and friends
+
+ * lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds
+ and friends
+
+ * lib/krb5/krb5_get_credentials.3: krb5_get_credentials and
+ friends
+
+2004-07-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/klist.c (print_cred_verbose): keytypes are no longer, use
+ enctype
+
+2004-07-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99
+ compilers, From metze at samba.org
+
+2004-07-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_cc.c: more cc tests
+
+ * lib/krb5/krb5_check_transited.3: document krb5_check_transited
+
+2004-07-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c (pk_principal_from_X509): reverse test, makes
+ principal in cert work From: Mayur Patel <patelm4@rpi.edu>
+
+2004-07-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: add krb5_verify_init_creds.3
+
+ * lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds
+
+2004-07-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org
+ description for krb5_passwd_result_to_string
+
+2004-07-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar
+ fixes; split sentence in two for better understanding. From
+ wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here.
+
+ * lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan
+ Stone <jonathan@dsg.stanford.edu>
+
+ * lib/krb5/changepw.c (process_reply): cast ssize_t to long and
+ print that From NetBSD via Havard Eidnes.
+
+2004-07-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: fix helpstring for hdb-openldap-module
+
+ * lib/krb5/test_cc.c: don't use krb5_err on error code 0
+
+2004-07-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better
+
+2004-07-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const
+
+2004-07-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with
+ right argument
+
+2004-06-27 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the
+ krbtgt is without addresses, default to not sending our own
+ addrport
+
+ * lib/asn1/lex.l: add support for /* */ and partial line --
+ comments
+
+ * kuser/Makefile.am: don't install copy_cred_cache manpage
+
+2004-06-24 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if
+ copying a static opt, make sure to allocate the "private" field
+
+2004-06-24 Love <lha@stacken.kth.se>
+
+ * kdc/config.c: add enable_pkinit_princ_in_cert
+
+ * kdc/kdc_locl.h: enable_pkinit_princ_in_cert
+
+ * kdc/pkinit.c: Check certificate for Kerberos Principal in
+ OtherName of subjectAltName Based on patch from Mayur Patel
+ <patelm4@rpi.edu>
+
+2004-06-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use
+ session key for authorization-data
+
+2004-06-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/connect.c (handle_tcp): note who is what that closed the
+ connection on us
+
+2004-06-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * admin/get.c (kt_get): catch errors from krb5_parse_name
+
+2004-06-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: if its the entry just contains the
+ structural object (no samba nor heimdal object), add an aux
+ heimdal object on to it.
+
+2004-06-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswd.c: use krb5_set_password_using_ccache
+
+ * lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache
+
+ * lib/krb5/changepw.c: implement krb5_set_password_using_ccache
+
+ * lib/hdb/hdb-ldap.c: Allow the objectClass to be
+ "sambaSamAccount" or structural_object when searching for uid
+ entries.
+
+ * lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base
+
+ * lib/hdb/hdb-ldap.c: add creation base that defaults to the
+ search base
+
+ * lib/hdb/hdb-ldap.c: indent like the rest of the code
+
+2004-06-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: check return values from ldap operations and
+ close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you
+ should retry by yourself.
+
+ * lib/hdb/hdb-ldap.c: require search base to be configured, create
+ local context structure
+
+2004-05-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: more ldap text, partly from Tarjei Huse
+ <tarjei@nu.no>
+
+2004-05-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: clean, indent
+
+ * lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure
+ krb5KeyVersionNumber is added on new entires
+
+2004-05-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: minor fixes, partly from Tarjei Huse
+ <tarjei@nu.no>
+
+ * lib/krb5/krb5.conf.5: some text about dbname and realm
+
+ * lib/krb5/krb5.conf.5: default value for
+ hdb-ldap-structural-object is account
+
+2004-05-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * tools/Makefile.am: use ! instead of , as sed delimiter
+
+2004-05-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions
+
+2004-05-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean
+
+ * lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure
+ option
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From:
+ Andrew Bartlett <abartlet@samba.org>
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length
+ check From: Andrew Bartlett <abartlet@samba.org>
+
+ * lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword
+ case, make sure ent->etypes are allocated, From: Andrew Bartlett
+ <abartlet@samba.org>
+
+2004-05-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: move "setpag if (argc < 1)" to common path
+
+2004-05-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers
+
+ * fix-export: use right argument for -E
+
+2004-05-06 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/kinit.c: print some diagnostics if the exec fails
+
+2004-04-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key
+ From: Luke Howard <lukeh@padl.com>
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket,
+ not just a pointer size of it From: Luke Howard <lukeh@padl.com>
+
+2004-04-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * fix-export: add -E flag where needed to make-proto
+
+2004-04-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/crypto.c: add set_param for RC2
+
+ * lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids
+ that are no longer needed
+
+ * kdc/pkinit.c: use krb5_enctype_to_oid
+
+ * lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists
+ before we compare with it
+
+ * lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length
+ before returning it add aes-oids
+
+ * lib/krb5/crypto.c: add krb5_enctype_to_oid and
+ krb5_oid_to_enctype
+
+ * kdc/pkinit.c: use krb5_crypto_set_params
+
+ * lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none
+
+ * lib/krb5/krb5.h: add KEYTYPE_AES192
+
+ * lib/krb5/pkinit.c: use krb5_crypto_get_params to implement
+ kcrypto RC2 support
+
+ * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
+ rc2-cbc XXX RC2CBCParameter is wrong because the compiler is
+ broken
+
+ * lib/krb5/krb5.h: add KEYTYPE_RC2
+
+ * lib/krb5/crypto.c: add partial CMS parameter handling, this is
+ needed for RC2
+
+ * lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp
+
+ * lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c
+
+ * lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp
+
+ * lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE
+
+ * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
+ rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken
+
+2004-04-26 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/config_file.c: allow parsing directly from strings with
+ krb5_config_parse_string_multi
+
+ * lib/krb5/verify_krb5_conf.c: try to resolve hostnames
+
+2004-04-25 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file
+ descriptor so we don't have to keep track of it in two places
+
+ * kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in
+ libkrb5
+
+ * lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its
+ own manpage
+
+ * replace krb5_free_creds_contents by krb5_free_cred_contents
+
+ * lib/krb5/cache.c: add krb5_cc_next_cred_match() and
+ krb5_cc_copy_cred_match()
+
+ * lib/krb5/creds.c (krb5_compare_creds): add more matching options
+
+ * lib/krb5/krb5.h: add more creds match flags
+
+ * kuser/copy_cred_cache: add --valid-for option
+
+ * lib/krb5/store.c (krb5_store_creds): set is_skey flag if length
+ of second ticket is > 0
+
+2004-04-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: use the right oid for pkauthdata
+
+ * lib/krb5/pkinit.c: always send both win2k compat version and the
+ ietf draft one, this is possible since microsoft use
+ wrong/diffrent PA number. Make the configuration flag boolean
+ configuring if NOT to send the win2k compat glue.
+
+ * lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec
+
+ * kuser/copy_cred_cache.1: pacify mdoclint
+
+ * kdc/pkinit.c: use IV for envelopeddata encryption, patch
+ originally from Luke Howard <lukeh@padl.com>, tweeked by me.
+
+ * lib/krb5/krb5_storage.3: document
+ KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER
+
+ * lib/krb5/krb5_data.3: document that krb5_data_free cleans the
+ structure too
+
+ * lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch
+ originally from Luke Howard <lukeh@padl.com>, tweeked by me.
+
+2004-04-24 Johan Danielsson <joda@pdc.kth.se>
+
+ * kuser/copy_cred_cache.{c,1}: add cred cache copy tool
+
+ * configure.in: use rk_SYS_LARGEFILE
+
+ * lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder
+ issue with a storage flag instead of a separate function.
+
+2004-04-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: move out the oid check from get_reply_key
+
+ * lib/krb5/pkinit.c: uniquify error messages
+
+ * lib/krb5/init_creds_pw.c: make the pkinit nonce same os the
+ plain nonce for now
+
+ * lib/krb5/pkinit.c: more w2k compat from Luke Howard
+ <lukeh@padl.com> add RC2 support, clean up error messages
+
+ * lib/krb5/pkinit.c: remove more dependency on
+ krb5_config->pkinit_flags
+
+ * lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft
+ style answer to IETF, From Luke Howard <lukeh@padl.com>
+ (_krb5_pk_create_sign): ms handles NULL in param, so always send it
+ (_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool }
+
+ * lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the
+ digestAlgorithm to sha1 (both for SignerInfo and SignedData, add
+ new function _set_digest_alg to set it
+
+2004-04-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * include/make_crypto.c: include rc2.h, and when I'm here, make
+ aes mandatory
+
+ * lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT
+ kerberos
+
+ * lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on
+ failure
+
+ * lib/krb5/crypto.c (DES3_random_to_key): make it produce the
+ right result
+ (DES3_postproc): use DES3_random_to_key
+ (krb5_random_to_key): check the required number of bits (not the size
+ of the key)
+
+ * lib/krb5/aes-test.c: test random to key function
+
+ * lib/krb5/string-to-key-test.c: comment out the "@"/"" test for
+ now
+
+2004-04-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_string_to_key.3: document that
+ krb5_string_to_key_derived is broken for non 3des enctypes and
+ thus deprecated
+
+ * kdc/pkinit.c (generate_dh_keyblock): use the new function
+ krb5_random_to_key
+
+ * lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they
+ need special processing
+
+ * lib/krb5/crypto.c (krb5_random_to_key): new function
+
+ * lib/krb5/krb5_keyblock.3: document krb5_random_to_key
+
+2004-04-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: use the first proposed enable enctype
+
+ * lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the
+ return from krb5_enctype_valid
+
+ * kdc/pkinit.c: at least try to handle diffrent enveloped enctypes
+
+2004-04-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid
+ components being smaller then 127 and allocate one extra element
+ since first byte is split to to elements.
+
+2004-04-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE:
+ private use, lukeh@padl.com
+
+2004-04-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode
+ DH public key
+
+2004-04-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_init_context.3: add krb5_context to so its added
+ as manpage-link too
+
+2004-04-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation,
+ XXX add locking
+
+ * kuser/kdestroy.c: add --credential argument that just remove one
+ credential entry out of the cache specified
+
+ * kdc/pkinit.c: replace the krb5.conf configuration option that
+ describes the mapping between principals and subject names with a
+ file, default /var/heimdal/pki-mapping. XXX this should be pushed
+ into HDB. XXX should add issuer too
+
+ * kdc/config.c: merge certificate/private_key to a user_id
+
+2004-04-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kdc_locl.h: update prototype for pk_initialize
+
+ * kuser/kinit.c: merge certificate/private_key to a user_id
+
+ * kdc/pkinit.c: adapt to heim_integer changes
+
+ * lib/krb5/pkinit.c: merge certificate/private_key to a user_id
+
+ * kdc/pkinit.c: adapt to heim_integer changes,
+ merge certificate/private_key to a user_id
+
+2004-04-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE
+
+2004-04-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building
+ libkrb5.la, add KRB5_LIB_FUNCTION proto
+
+ * lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION
+
+ * configure.in: export KRB5_LIB_FUNCTION when building with
+ BUILD_KRB5_LIB
+
+ * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add
+ error strings
+
+ * lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing
+ is printed on stderr, fflush it
+
+ * lib/krb5/krb5_keyblock.3: free functions also zeros out the key
+
+ * lib/krb5/krb5_get_init_creds.3: some text about
+ krb5_prompter_posix
+
+ * lib/krb5/krb5.conf.5: document hdb-ldap-structural-object
+
+ * lib/krb5/cache.c: add krb5_cc_get_prefix_ops
+
+ * lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops
+
+2004-04-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/http_client.c: support GSS_C_DELEG_FLAG and
+ GSS_C_MUTUAL_FLAG
+
+ * appl/test/http_client.c: verbose logging
+
+2004-04-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/connect.c: case size_t to unsigned long for LP64 platforms
+
+2004-04-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of
+ default structural object
+
+ * tools/Makefile.am: handle sed expression breaking
+
+2004-03-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr
+
+ * lib/krb5/changepw.c: add tcp support to the set protocol, should
+ be cleaned up to enable sharing code with krb5_sendto
+
+ * kpasswd/kpasswd.c (change_password): remove extra free
+
+ * lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on
+ osf/1
+
+2004-03-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't
+ increase md->len, krb5_padata_add already does that
+
+ * lib/krb5/init_creds.c: its PAC not PAQ
+
+ * kuser/kinit.c: its PAC not PAQ
+
+ * kdc/kerberos4.c: stop the client from renewing tickets into the
+ future From: Jeffrey Hutzelman <jhutz@cmu.edu>
+
+2004-03-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: try to handle sys/strtty.h needing sys/stream.h
+
+2004-03-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no
+ longer used
+
+ * kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/
+
+ * lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to
+ external users by prefixing it with _
+
+ * lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/
+
+ * lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external
+ users by prefixing it with _
+
+2004-03-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: add missing }
+
+2004-03-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: adapt to change of signature of
+ _krb5_pk_load_openssl_id
+
+ * lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add
+ prompter argument and use it
+
+ * kuser/kinit.c: adapt to signature change of
+ krb5_get_init_creds_opt_set_pkinit
+
+ * lib/krb5/krb5.3: add more stuff, 105 functions to go
+
+ * lib/krb5/krb5_rcache.3: add krb5_get_server_rcache
+
+ * lib/krb5/krb5_rcache.3: framework for replay cache manpage
+
+ * lib/krb5/krb5_string_to_key.3: document string to key functions
+
+ * lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3
+ krb5_find_padata.3 krb5_generate_random_block.3
+
+ * lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length
+
+ * lib/krb5/krb5.3: add some more, 137 to go
+
+ * lib/krb5/krb5_principal.3: document krb5_get_default_principal
+
+ * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey
+
+ * lib/krb5/krb5_generate_random_block.3: document
+ krb5_generate_random_block
+
+ * lib/krb5/krb5_find_padata.3: document padata functions
+
+ * lib/krb5/krb5.3: add some more, 142 to go
+
+ * lib/krb5/krb5_creds.3: drop .Pp before .Sh
+
+ * lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm
+
+ * lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname
+ and krb5_expand_hostname_realms
+
+ * lib/krb5/krb5.3: add more functions, 147 to go
+
+ * lib/krb5/krb5_creds.3: document krb5_creds
+
+ * lib/krb5/krb5_get_init_creds.3: add more functions, some more
+ text
+
+ * lib/krb5/krb5_ticket.3: document
+ krb5_ticket_get_authorization_data_type
+
+2004-03-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/aes-test.c: remove #if 0'ed code
+
+ * lib/krb5/krb5.3: add keyblock functions, 177 functions to go
+
+ * lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache
+
+ * lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket
+
+ * lib/krb5/krb5_config.3: document krb5_config_free_strings and
+ krb5_config_file_free
+
+ * lib/krb5/krb5_create_checksum.3: add krb5_hmac
+
+ * lib/krb5/krb5.3: add keyblock functions, 190 functions to go
+
+ * lib/krb5/krb5_keyblock.3: update .Dd
+
+ * lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and
+ krb5_generate_random_keyblock
+
+ * lib/krb5/krb5_init_context.3: add krb5_init_ets
+
+ * lib/krb5/krb5_config.3: add more krb5_config_ functions and
+ prototypes
+
+ * lib/krb5/krb5_init_context.3: document context modifcation
+ functions: address list, config file, use admin kdc, fcc version
+
+ * lib/krb5/krb5_storage.3: document krb5_storage and related
+ functions
+
+ * lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc
+ manpages and test_acl test program
+
+ * lib/krb5/krb5.3: add error string functions and sort
+
+ * lib/krb5/krb5_warn.3: document krb5_abort and error string
+ functions
+
+ * lib/krb5/krb5.3: add missing functions, only 285 left to
+ document
+
+ * lib/krb5/krb5_crypto_init.3: remove various enctype related
+ function
+
+ * lib/krb5/krb5_encrypt.3: add various enctype related function
+ here
+
+ * lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid
+ krb5_cksumtype_valid
+
+ * lib/krb5/crypto.c: real return values for
+ krb5_{enctype,cksumtype}_valid
+
+ * lib/krb5/krb5_create_checksum.3: add some functions and
+ descriptions
+
+ * lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions
+
+ * lib/krb5/krb5_auth_context.3: document
+ krb5_auth_con_generatelocalsubkey
+
+ * lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags
+
+ * lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name
+
+ * lib/krb5/krb5_init_context.3: document krb5_add_et_list
+
+ * lib/krb5/krb524_convert_creds_kdc.3: document
+ krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache
+
+ * lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_*
+
+ * lib/krb5/test_acl.c: test for generic acl code
+
+ * lib/krb5/acl.c: plug memory leak on file matching,
+ make it not fall over when no non matching acl,
+ make fnmatch matching useful by switching arguments
+
+2004-03-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/config.c: add --builtin-hdb command
+
+ * lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin
+ backends
+
+ * doc/setup.texi: include Luke Howard of PADL.COM ldap hdb
+ documentation
+
+ * doc/win2k.texi: fix bugs in examples, add more restrictions, use
+ example.com as an example. From: Pavel Ferdan
+ <xferdan@informatics.muni.cz>
+
+2004-03-18 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin]
+ password_lifetime; from Henry B. Hotz
+
+2004-03-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY
+ is set send subkey
+ (generate if needed)
+
+ * lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY
+
+2004-03-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks,
+ and free memory in error path, assume realloc(NULL, ...) works,
+ factor out common code, indent
+
+2004-03-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c: understand [password_quality]
+ spelling
+
+ * kuser/kgetcred.1: document --canonicalize
+
+ * kuser/kgetcred.c: add --canonicalize
+
+2004-03-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/fcache.c (fcc_store_cred): NULL terminate
+ krb5_config_get_bool_default' arglist
+
+2004-03-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply
+
+ * kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry
+
+ * kdc/pkinit.c: pass client hdb_entry to pk_check_client
+
+ * kdc/kdc_locl.h: pass client hdb_entry to pk_check_client
+
+ * kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its
+ more like that language in RFC3280
+
+ * lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since
+ its more like that language in RFC3280
+
+ * lib/krb5/krb5.conf.5: document
+ [libdefaults]fcc-mit-ticketflags=boolean
+
+ * lib/krb5/fcache.c (fcc_store_cred): use
+ [libdefaults]fcc-mit-ticketflags=boolean to decide what format to
+ write the fcc in. Default to mit version (aka heimdal 0.7)
+
+ * lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and
+ _krb5_store_creds_heimdal_pre_0_7 that store the creds in just
+ that format make krb5_store_creds default to mit format
+
+ * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is
+ the higher bits of the bitfield
+
+2004-03-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/store.c (krb5_store_creds): add disabled code that
+ store the ticket flags in reverse order
+ (bitswap32): new function
+
+ * lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags
+ are set, its a mit cache, reverse the bits, bug pointed out by
+ Sergio Gelato <Sergio.Gelato@astro.su.se>
+
+2004-03-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP *
+
+ * kuser/kinit.c: when running kinit with a subprocess, fetch new
+ tickets after half the tickets lifetime
+
+ * lib/hdb/hdb.c: spelling
+
+ * lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba
+ password database. From: Andrew Bartlett <abartlet@samba.org>
+
+ * kdc/config.c: add --disable-DES
+
+ * kdc/kdc.8: document --detach and --disable-DES
+
+ * kdc/kerberos5.c: check if enctype is disabled before using it
+
+ * lib/krb5/crypto.c: add support for disabling checksum/encryption
+ types
+
+ * tools/kdc-log-analyze.pl: add more cases
+
+ * kdc/connect.c: on strange tcp error; log local port number and
+ socket type
+
+ * lib/asn1/der.h: fix prototype of encode_utf8string
+
+ * lib/asn1/gen.c: catch CHOICE and generate dummy placeholder
+
+ * lib/asn1/lex.l: added dummy parsing of CHOICE
+
+ * lib/asn1/parse.y: added dummy parsing of CHOICE
+
+ * lib/asn1/k5.asn1: drop SMTP_NAME
+
+2004-03-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/Makefile.am: support building ldap backend as module
+ sort asn1 hdb files
+
+ * lib/hdb/hdb.c: when building ldap as a shared module, don't
+ include it in the list
+
+ * configure.in: add --enable-hdb-openldap-module
+
+ * lib/hdb/hdb-ldap.c: make ldap possible to build as a shared
+ module
+
+ * lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew
+ Bartlett <abartlet@samba.org>
+
+ * lib/krb5/crypto.c (decrypt_internal_special): do not not modify
+ the original data test case from Ronnie Sahlberg
+ <ronnie_sahlberg@ozemail.com.au>
+
+2004-03-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_cc.c: more cc tests, mostly related to mcc
+ behavior
+
+ * lib/krb5/mcache.c (mcc_get_principal): also check for
+ primary_principal == NULL now that that isn't used as dead flag
+
+ * lib/krb5/mcache.c: don't overload the primary_principal == NULL
+ as dead since that doesn't always work. Based on patch from
+ Jeffrey Hutzelman <jhutz@cmu.edu>, tweeked by me
+
+2004-02-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
+
+ * lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
+
+ * lib/hdb/db3.c: fix all db >= 4.1 cases
+
+ * doc/setup.texi: add text about hostname to realm mapping using
+ DNS
+
+2004-02-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: update error codes
+
+ * lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_
+
+ * lib/krb5/pkinit.c: update error codes
+
+2004-02-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort()
+
+ * lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling
+
+ * lib/krb5/store.c: handle memory allocate errors
+
+ * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok,
+ and don't put an error in the error strings then
+
+2004-02-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: s/heim_big_integer/heim_integer/
+
+ * lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/
+
+ * kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors
+
+ * lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT
+ errors
+
+ * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors
+
+2004-02-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: rename AC_WFLAGS to rk_WFLAGS
+
+ * acinclude.m4: use m4_define, over-quote string
+
+2004-02-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c (change_password): handle that
+ printf("%.*s", 0, (void*)NULL); doesn't work on solaris
+
+2004-02-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswd.c (change_password): handle that printf("%.*s",
+ 0, (void*)NULL); doesn't work on solaris
+
+ * lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses
+ some locate.updatedb, use FILES section to describe where the file
+ is instead.
+
+2004-02-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned
+ for certain negative integers, it got the length wrong" , from
+ Panasas, Inc.
+
+ * lib/asn1/der_length.c: Fix len_unsigned for certain negative
+ integers, it got the length wrong, fix from Panasas, Inc.
+
+ rename len_int and len_unsigned to _heim_\&
+
+ * lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int
+
+2004-02-06 Dave Love <d.love@dl.ac.uk>
+
+ * configure.in: Check for sys/socket.h, net/if.h. Modify term.h,
+ security/pam_appl.h tests.
+
+2004-02-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add
+ up the size of all the elements, don't use just the size of the
+ last element.
+
+ * lib/krb5/aes-test.c: add "next iv" test for aes128, check
+ decryption case too
+
+ * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
+ the next to last block, fix decryption case too
+
+ * lib/krb5/aes-test.c: add "next iv" test for aes128
+
+ * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
+ the next to last block
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
+ error
+
+ * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
+ error
+
+ * lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1
+ encode error
+
+ * lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode
+ error
+
+ * lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1
+ encode error
+
+ * lib/krb5/build_auth.c (krb5_build_authenticator): abort on
+ internal asn1 encode error
+
+ * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal
+ asn1 encode error
+
+2004-01-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: some text about order of [capaths] realms
+
+2004-01-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c: register WRFILE ops
+
+ * lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE)
+
+ * lib/krb5/krb5.h: add krb5_wrfkt_ops
+
+ * kpasswd/kpasswdd.c (change): use the right password when
+ changing the password
+
+2004-01-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it
+ means that the filesystem doesn't support locking
+
+ * lib/krb5/keytab.c: remove #if 0 out file locking code
+
+2004-01-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the
+ size of all the elements, don't use just the size of the last
+ element.
+
+2004-01-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c (renew_validate): if renewable_flag and not time
+ specifed, use "1 month"
+
+2004-01-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_keyblock.3: add prototypes, describe
+ krb5_keyblock_zero
+
+2004-01-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_for_creds.c (add_addrs): don't add same address
+ multiple times
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to
+ handle errors better for previous commit
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets
+ are address-less, forward address-less tickets.
+
+ * lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and
+ export it
+
diff --git a/crypto/heimdal/ChangeLog.2005 b/crypto/heimdal/ChangeLog.2005
new file mode 100644
index 000000000000..8c84b1c5c385
--- /dev/null
+++ b/crypto/heimdal/ChangeLog.2005
@@ -0,0 +1,2004 @@
+2005-12-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (tgs_make_reply): less const on hdb_entry_ex to
+ make samba happy
+
+ * fix-export: Build kdc-private.h.
+
+2005-12-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (tgs_rep2): also print the principal for which
+ the enctype was missing
+
+2005-12-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kaserver.c: Finish up transition from hdb_entry to
+ hdb_entry_ex.
+
+ * kdc/kerberos4.c: Finish up transition from hdb_entry to
+ hdb_entry_ex.
+
+ * kdc/524.c: Finish up transition from hdb_entry to hdb_entry_ex.
+
+ * kdc/kerberos5.c: Finish up transition from hdb_entry with
+ hdb_entry_ex.
+
+ * lib/krb5/cache.c (krb5_cc_set_default_name): use
+ KRB5_DEFAULT_CCNAME.
+
+ * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME, pointer to
+ default credential cache.
+
+ * lib/hdb/ndbm.c: memset hdb_entry_ex before use
+
+ * lib/hdb/db3.c: memset hdb_entry_ex before use
+
+ * lib/hdb/db.c: memset hdb_entry_ex before use
+
+2005-12-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.3: Add some more entrypoints.
+
+ * lib/krb5/changepw.c: If there is a target principal, use the
+ realm of the realm to change the password with,
+
+ * kuser/kinit.c: Default to use DH when fetching keys.
+
+ * lib/hdb, kdc, kadmin/load.c: Wrap hdb_entry with hdb_entry_ex, patch
+ originally from Andrew Bartlet
+
+ * lib/hdb/hdb-ldap.c: Wrap hdb_entry with hdb_entry_ex, add url
+ support, add ldapi support.
+
+ * kdc/kerberos5.c (tgs_make_reply): there are no such things a
+ keytypes any more, just use enctypes.
+
+ * kdc/kdc_locl.h: Remove private prototypes and instead include
+ <kdc-private.h>.
+
+ * kdc/Makefile.am: Build kdc-private.h and depend on it.
+
+ * kdc/config.c (configure): wrap line
+
+ * doc/kerberos4.texi: KDC 4 support is always compiled in.
+
+ * TODO: Remove some stuff that have been done.
+
+ * Makefile.am: Split long line
+
+ * doc/apps.texi: Spelling, From Måns Nilsson.
+
+ * doc/install.texi: spelling, From Måns Nilsson
+
+2005-12-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_principal.3: Constify principal argument to on
+ krb5_principal_get_ functions.
+
+ * lib/krb5/principal.c: Constify principal argument to on
+ krb5_principal_get_ functions.
+
+2005-12-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb: drop convert_db, 0.0 to 0.1 transition was a long long
+ time ago
+
+2005-12-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_keytab.c: more tests, From Andrew Bartlet
+
+ * lib/krb5/keytab_memory.c (mkt_remove_entry): realloc can return
+ NULL on success in the case 0 entries are allocated, From Andrew
+ Bartlet
+
+2005-12-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/acl.c (acl_parse_format): tmp needs to be freed too on
+ failure to parse format specifier.
+
+ * lib/krb5/store-test.c: Free more of the allocated memory.
+
+ * lib/krb5/crypto.c (krb5_derive_key): Free more of the allocated
+ memory, this function is only used by the test program.
+
+ * lib/krb5/parse-name-test.c: Free more of the allocated memory.
+
+ * lib/krb5/derived-key-test.c: Free more of the allocated memory.
+
+2005-12-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: spelling, From Måns Nilsson
+
+ * lib/krb5/krb5_keytab.3: Memory keytab are now named and
+ refcounted.
+
+ * lib/krb5/test_keytab.c: Test that memory keytab are refcounted.
+
+ * lib/krb5/keytab_memory.c: Index by name and start reference
+ counting on entries.
+
+2005-11-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h (krb5_address_type): add
+ KRB5_ADDRESS_NETBIOS (20)
+
+ * lib/hdb/hdb.c (find_method): accept relative paths as old db
+ format too.
+
+ * lib/krb5/aes-test.c: Remove usage of krb5_enctype_to_keytype.
+
+2005-11-29 Dave Love <fx@gnu.org>
+
+ * kcm/connect.c (kcm_loop): Use HAVE_DOOR_CREATE, not HAVE_DOORS.
+
+2005-11-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/verify_krb5_conf.c (libdefaults_entries): add
+ default_cc_name
+
+ * lib/hdb/hdb.c: Only match db databases on filename starting with
+ '/'.
+
+ * lib/krb5/rd_req.c (krb5_verify_ap_re2): check timestamp in
+ authenticator
+
+ * lib/krb5/rd_req.c (check_transited): explain the TR-type 0
+ better and why it matters.
+
+ * lib/krb5/test_cc.c: test krb5_cc_get_prefix_ops
+
+ * lib/krb5/cache.c (krb5_cc_get_prefix_ops): change the behavior
+ to return NULL when its not found, and fcc when the name starts
+ with a '/'. Almost matches behavior in other parts of the code,
+ but can't really do that since the name passed in to this function
+ may only contain the prefix itself without the colon.
+
+ * lib/krb5/cache.c (krb5_cc_get_prefix_ops): if there are not
+ colon (:) in the name, its a file credential cache
+
+ * lib/hdb/db3.c (hdb_db_create): use calloc to callocate memory
+
+ * lib/hdb/ndbm.c (hdb_ndbm_create): use calloc to allocate memory
+
+ * lib/hdb/db.c (hdb_db_create): use calloc to allocate memory
+
+2005-11-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use session
+ key for delegated credentials
+
+ * kdc/kerberos5.c (_kdc_as_rep): add comment when we send
+ ETYPE-INFO and ETYPE-INFO2, from Andrew Bartlett
+
+2005-11-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab.c (krb5_kt_get_full_name): new function
+
+2005-11-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_crypto.c: Split encryption and s2k iterations to
+ diffrent counters, 38seconds of aes256 s2k is way too long.
+
+ * lib/krb5/test_crypto.c: Add timing code for s2k function.
+
+2005-11-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: Print the time the principal expired, based on
+ patch from Andrew Bartlett.
+
+2005-11-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/cache.c (krb5_cc_get_full_name): Add
+
+2005-11-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: Spelling, From Michael Banck <mbanck@debian.org>
+
+2005-10-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kcm/headers.h: Maybe include <sys/param.h>.
+
+2005-10-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type):
+ understand KRB5_AUTHDATA_IF_RELEVANT and KRB5_AUTHDATA_AND_OR (but
+ have KRB5_AUTHDATA_KDC_ISSUED commented out for now)
+
+2005-10-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/klist.c: In the list caches view, rename the Status field
+ to Expires.
+
+ * lib/krb5/krb5_encrypt.3: Fix mdoc for
+ krb5_encrypt_EncryptedData, Johnny Lam <jlam@pkgsrc.org>
+
+2005-10-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/gssapi_client.c: Check return value from asprintf
+ instead of string != NULL since it undefined behavior on
+ Linux. From Björn Sandell
+
+2005-10-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c (_krb5_dh_group_ok): if not enough bits are
+ generated from the DH groups, fail.
+
+ * kdc/pkinit.c (get_dh_param): Pass down config so this function
+ can check pkinit_dh_min_bits
+
+ * kdc/config.c: Fill in pkinit_dh_min_bits from configuration
+ file.
+
+ * kdc/kdc.h: Add pkinit_dh_min_bits to krb5_kdc_configuration.
+
+2005-10-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: Add option to require binding between reply
+ and response for the win2k version of the protocol.
+
+2005-10-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/programming.texi: Text about Kerberos errors.
+
+ * lib/krb5/pkinit.c: Try both ReplyKey and ReplyKey-Win2k for the
+ Windows case to support the updated -09 protocol (using
+ asChecksum). Tell KDC we support this by sending
+ KRB5-PADATA-PK-AS-09-BINDING in the pa-data.
+
+ * lib/krb5/test_cc.c: Test copy FILE -> FILE, and MEMORY -> MEMORY
+ too.
+
+ * lib/krb5/test_cc.c: Test krb5_cc_copy_cache and
+ krb5_cc_cache_match.
+
+ * lib/krb5/cache.c (krb5_cc_cache_match): add function that
+ iterates over all credential caches for a user and returns a
+ match.
+
+ * lib/krb5/krb5_ccache.3: Add krb5_cc_start_seq_get and an
+ example.
+
+2005-10-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/programming.texi: Try to explain krb5_ccache, krb5_principal
+ and errors.
+
+2005-10-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_get_credentials.3: Add example how to use
+ krb5_get_credentials.
+
+2005-10-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds.c: Rename private to opt_private.
+
+ * lib/krb5/init_creds_pw.c: Rename private to opt_private.
+
+ * lib/krb5/pkinit.c: rename element private to opt_private to make
+ c++ picky compilers less upset.
+
+ * lib/krb5/krb5.h (krb5_get_init_creds_opt): rename element
+ private to opt_private to make c++ picky compilers less upset.
+
+2005-10-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krbhst.c (_krb5_krbhost_info_move): new function
+ (_krb5_free_krbhst_info): expose to internal use
+
+ * lib/krb5/init_creds_pw.c: Prepare to pass down a
+ krb5_krbhst_info into the pre-auth mechs
+
+ * lib/krb5/pkinit.c: Inline short functions, share more code,
+ rename COMPAT_27 to COMPAT_IETF, pass down a krb5_krbhst_info for
+ verification of KDC info, and general cleaning up.
+
+2005-10-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: Install krb5.moduli in sysconfdir.
+
+ * lib/krb5/krb5_locl.h: rename moduli file to SYSCONFDIR
+ "/krb5.moduli"
+
+ * lib/krb5/krb5_locl.h: Add forward declaration for
+ krb5_dh_moduli. Add define for MODULI_FILE.
+
+ * kdc/pkinit.c: Removing PK-INIT-19 support.
+
+ * lib/krb5/pkinit.c: Removing PK-INIT-19 support.
+
+ * lib/krb5/pkinit.c (_krb5_dh_group_ok): return DH group name on
+ success.
+ (krb5_get_init_creds_opt_set_pkinit): use moduli file if it exists
+
+ * kdc/pkinit.c: Save DH group name and print it on success.
+
+ * lib/krb5/pkinit.c (_krb5_dh_group_ok): if q is zero, ignore it.
+
+ * kdc/pkinit.c: Check dh group parameters from client.
+
+ * lib/krb5/krb5_err.et: Match error code with pk-init-27.
+
+ * lib/krb5/pkinit.c: Update error codes. Add name to group. Change
+ return value of _krb5_dh_group_ok.
+
+ * lib/krb5/pkinit.c: Add support for reading a moduli-file for DH
+ parameters.
+
+2005-10-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/klist.1: Document --list-caches
+
+ * kuser/klist.c: Change short flag of --list-caches to -l (-v is
+ already used).
+
+2005-10-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/kerberos.8: RFC 1510 was obsoleted by 4120.
+
+ * lib/krb5/acache.c (init_ccapi): return kerberos errors, callers
+ expect it
+ (acc_get_cache_first): don't leak memory or abort on malloc
+ failure
+
+2005-10-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/kerberos.8: Update text about Kerberos RFC's.
+
+2005-10-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/klist.c: Add option --list-caches that lists the avaible
+ caches and their status.
+
+ $ klist --list-caches
+ Principal Cache name Status
+ lha@E.KTH.SE 2 Valid
+ lha@SU.SE 1 Expired
+ lha/root@SU.SE 0 Expired
+ lha@N.L.NXS.SE Initial default ccache Expired
+
+2005-09-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab_keyfile.c: Use all DES keys, not just
+ des-cbc-md5, verify that they all are the same.
+
+ * lib/krb5/mcache.c Implement the cache iteration functions.
+
+ * lib/krb5/acache.c: Implement the cache iteration functions.
+
+ * lib/krb5/test_cc.c: Test the new cache iteration functions.
+
+ * lib/krb5/cache.c: Add cache iteration funcations. Add internal
+ allocation function for the memory of a krb5_ccache, and use it.
+
+ * lib/krb5/krb5.h (krb5_cc_ops): add cache iteration functions
+
+2005-09-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_mk_req.3: Remove leftovers, remove extra space.
+
+ * kdc/kerberos5.c: More verbose PK-INIT logging.
+
+ * kdc/pkinit.c: The public DH key is encoded as an INTEGER in
+ subjectPublicKey. Don't verify OID's for now.
+
+ * lib/krb5/pkinit.c: Support cached DH variable (still need to
+ store it though), don't check the oid of the DH signedData for
+ now.
+
+2005-09-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/rd_cred.c (krb5_rd_cred): try both the session key and
+ the sender subkey. Both RFC1510 and RFC4120 say that you have to
+ use the session key, Heimdal uses subkey.
+
+2005-09-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: Don't check oid's too closely, they change in
+ Windows Vista.
+
+2005-09-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: Disable sending -19, fix parsing -27 of the
+ protocol.
+
+ * kdc/pkinit.c: Support PK-INIT-27 DH (and remove -19)
+
+ * lib/krb5/pkinit.c (pk_verify_chain_standard): set cert to NULL
+ to make sure its not freed.
+
+2005-09-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/crypto.c (krb5_DES_string_to_key): If the opaque length
+ it set to 1, and content is 0x01, use the afs3 string-to-key.
+
+ * kdc/kerberos5.c (make_etype_info2_entry): When its a afs3-salted
+ key, use send the opaque, length 1 (with content set to 0x01) in
+ ETYPE-INFO2-ENTRY.
+
+ * lib/krb5/kcm.c: Remove signedness warnings.
+
+2005-09-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: Use libtool's default values for building
+ shared/static libaries, ie remove AC_ENABLE_SHARED(no), solves
+ building problems users have on Mac OS X.
+
+2005-09-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/changepw.c: Constify password.
+
+2005-09-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_mk_req.3: Document krb5_rd_req.
+
+ * lib/krb5/Makefile.am: MAN_mans+= krb5_mk_req.3
+
+ * lib/krb5/krb5_mk_req.3: Document krb5_mk_req, krb5_mk_req_exact,
+ krb5_mk_req_extended, krb5_rd_req, krb5_rd_req_with_keyblock,
+ krb5_mk_rep, krb5_mk_rep_exact, krb5_mk_rep_extended, krb5_rd_rep,
+ krb5_build_ap_req, krb5_verify_ap_req.
+
+2005-09-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (make_etype_info_entry): Dont send salttype at
+ all, use KRB5-PADATA-AFS3-SALT
+
+2005-08-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (log_timestamp): endtime, not endtype
+
+2005-08-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: Check for <sys/ucred.h>.
+
+ * kcm/connect.c (update_client_creds): in case there is no
+ UCRED_VERSION, skip LOCAL_PEERCRED
+
+ * kcm/headers.h: include <sys/ucred.h>
+
+2005-08-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/rd_req.c (check_transited): Allow empty content of type
+ 0 because that is was Microsoft generates in their TGT.
+
+ * kdc/kerberos5.c (fix_transited_encoding): Allow empty content of
+ type 0 because that is was Microsoft enerates in their TGT.
+
+2005-08-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/intro.texi: RFC 4120 replaces RFC 1510
+
+2005-08-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: Add --disable-afs-support.
+
+2005-08-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: Add test_hostname to check_PROGRAMS but
+ not TESTS, I have no same dns to use.
+
+ * lib/krb5/test_hostname.c: Testprogram for krb5_expand_hostname()
+ and krb5_expand_hostname_realms().
+
+ * configure.in: Build KCM if we have doors or unix sockets.
+
+ * lib/krb5/principal.c (krb5_425_conv_principal_ex2): Remove
+ shadowing variable.
+
+ * lib/krb5/get_host_realm.c (dns_find_realm): Fix const warnings,
+ plug memory leak. From: Stefan Metzmacher <metze@samba.org>
+
+ * lib/krb5/krb5_config.3: Document what happens with NULL to
+ krb5_config_free_strings
+ (nothing). Mdoc nit.
+
+2005-08-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/klist.c (check_for_tgt): Re-order code so it only free the
+ credential if one was returned.
+
+ * lib/krb5/test_crypto_wrapping.c: Fix printing of size_t.
+
+2005-08-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/dbinfo.c: provide interface to find databases
+
+ * lib/hdb/mkey.c: hdb_seal_key_mkey): dont double encrypt keys
+
+2005-08-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kdc_locl.h: Update prototype for _kdc_pk_mk_pa_reply.
+
+2005-08-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: Save the request buffer so that
+ pre-auth mechanism that needs it can verify the reply.
+
+2005-08-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_mem.c: Rename logf to avoid shadowing.
+
+ * lib/krb5/krb5_keytab.3: Fix the version number for
+ fcc-mit-ticketflags.
+
+ * lib/krb5/fcache.c: Revert previous, I was confused.
+
+ * lib/krb5/krb5_keytab.3: Document fcc-mit-ticketflags in
+ COMPATIBILITY section.
+
+ * lib/krb5/fcache.c (fcc_store_cred): default to MIT style ticket
+ flags.
+
+ * kdc/pkinit.c (pk_mk_pa_reply_enckey): add missing break;
+
+ * lib/krb5/krb5_create_checksum.3: Update prototype for
+ krb5_create_checksum.
+
+ * kdc/pkinit.c: Make compile.
+
+ * lib/krb5/pkinit.c: Implement verification of asChecksum, now
+ client side code is using -27 of the pk-init draft.
+
+ * kdc/kdc_locl.h: update prototype for _kdc_as_rep
+
+ * kdc/pkinit.c: Fill in asChecksum, we now implements -27 in the KDC.
+
+ * kdc/process.c: Pass down the request buffer to _kdc_as_rep().
+
+ * kdc/kerberos5.c (_kdc_as_rep): Pass down the request buffer to
+ _kdc_pk_mk_pa_reply.
+
+2005-08-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/ext.c: HDB extensions access glue.
+
+ * kcm/acquire.c: Use krb5_set_password instead of
+ krb5_change_password.
+
+ * configure.in: Add tests/Makefile and tests/db/Makefile.
+
+ * NEWS: New ASN.1 compiler
+
+ * lib/hdb/Makefile.am: Build extensions.
+
+ * lib/hdb/print.c: Print extensions.
+
+ * lib/hdb/hdb_err.et: Add error "Entry contains unknown mandatory
+ extension".
+
+ * lib/hdb/hdb.h: Update interface version (and indent).
+
+ * lib/hdb/hdb.asn1: Add support for HDB-extension.
+
+2005-08-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_pkinit_dh2key.c: add tests vectors from
+ "Liqiang(Larry) Zhu" <lzhu@windows.microsoft.com>
+
+ * lib/hdb/mkey.c: Expose the crypto operations on the master key.
+
+ * lib/krb5/test_pkinit_dh2key.c: even more bits, not done yet
+
+2005-08-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (_kdc_as_rep): preserve the error code in the
+ ENC-TS case. From: Andrew Bartlett <abartlet@samba.org>
+
+ * kdc/kerberos5.c (tgs_rep2): only needs to log "Failed to verify
+ authenticator" once, its already done by
+ tgs_check_authenticator().
+
+ * kdc/kerberos5.c: Indent strings.
+
+ * kdc/kerberos5.c (log_timestamp): avoid shadow warnings From:
+ Andrew Bartlett <abartlet@samba.org>
+
+ * lib/krb5/verify_user.c: Add krb5_verify_opt_alloc and
+ krb5_verify_opt_free.
+
+ * lib/krb5/krb5_verify_user.3: Document krb5_verify_opt_alloc and
+ krb5_verify_opt_free.
+
+ * lib/hdb/db3.c (DB_open): catch errors from the d->open calls
+ instead of letting them slip though to d->cursor. Bug repport from
+ Andrew Bartlett <abartlet@samba.org>
+
+2005-07-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/Makefile.am (kdc_LDADD): add LDADD
+
+2005-07-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (_kdc_as_rep): log what enctypes was using in
+ ENC-TS preauth, both for failure and success.
+
+ * kdc/hprop.c: Use the _krb5_krb_life_to_time function from
+ libkrb5 instead of including our own here too.
+
+ * kdc/kerberos5.c: indent printf strings
+
+ * lib/hdb/mkey.c (hdb_unseal_key_mkey): try to unseal key with
+ keyusage 0 in case the key was encrypted with MIT Kerberos (old
+ patch from Johan)
+
+2005-07-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c: update to pkinit-27
+
+2005-07-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: Adapt to IMPLICIT changes in CMS module.
+
+2005-07-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/test_pkinit_dh2key.c: framework for testing
+ _krb5_pk_octetstring2key
+
+ * kpasswd/kpasswdd.c (doit): krb5_addr2sockaddr takes a
+ krb5_socklen_t
+
+ * kdc/connect.c (de_http): sscanf takes a char *, not unsigned
+ ditto, cast approriately
+
+ * lib/krb5/crypto.c (_krb5_pk_octetstring2key): make sha1 output
+ unsigned char to match openssl
+
+2005-07-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/common.c: Check encoder lengths from ASN1_MALLOC_ENCODE.
+
+2005-07-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/rd_cred.c (krb5_rd_cred): don't leak memory
+
+ * lib/krb5/get_cred.c (krb5_get_credentials_with_flags): only call
+ krb5_cc_retrieve_cred once, and plug memory leak.
+
+2005-07-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/Makefile.am: the new asn.1 compiler includes the modules
+ name in the depend file
+
+ * lib/krb5/keytab_file.c (fkt_start_seq_get_int): check return
+ value from krb5_storage_from_fd
+
+ * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): client do not contribute
+ to the DH when the server doesn't support the cached DH request.
+
+ * lib/krb5/crypto.c (_krb5_pk_octetstring2key): fix arguments
+
+2005-07-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: clean up pk-init DH support, not finished
+ yet; improve error reporting
+
+ * lib/krb5/crypto.c (_krb5_pk_octetstring2key): string2key
+ function used in pk-init-25
+
+ * configure.in: Use a configure switch to turn on PK-INIT, not by
+ detecting existence of the new ASN.1 library.
+
+ * lib/asn1: Much improved ASN.1 compiler from joda-choice-branch.
+
+ Highlighs for the compiler is support for CHOICE and in general better
+ support for tags. This compiler support most of what is needed for
+ PK-INIT, LDAP, X.509, PKCS-12 and many other protocols.
+
+2005-07-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1: make scope variables unique to avoid shadow warnings
+
+2005-07-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.h: comment out paramenter name in typedef
+ functions to avoid shadow warnings
+
+ * lib/krb5/crypto.c: make input data to krb5_encrypt{,_ivec} const
+
+ * kuser/klist.c: If there are no addresses, print addressless
+ instead of nothing.
+
+ * lib/krb5/Makefile.am (TESTS): add test_crypto_wrapping
+
+ * lib/krb5/crypto.c (wrapped_length): the underived encrypted
+ types checksum are all unkeyed (matches the code in
+ encrypt_internal() and encrypt_internal_special())
+
+ * lib/krb5/test_crypto_wrapping.c: ETYPE_ARCFOUR_HMAC_MD5_56 isn't
+ not supported
+
+ * lib/krb5/test_crypto_wrapping.c: test encryption wrapping
+
+ * lib/krb5/test_crypto.c (time_encryption): free cleartext buffer
+
+2005-07-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: run AM_INIT_AUTOMAKE before AM_PROG_CC_C_O
+ otherwise am_aux_dir will be expanded using ac_aux_dir before the
+ later is set.
+
+ * configure.in: check for strings.h explicitly instead of
+ depending on AC_HEADER_STDC to check it for us
+
+2005-07-07 Assar Westerlund <assar@kth.se>
+
+ * configure.in: add AM_PROG_CC_C_O for automake 1.9
+
+2005-07-06 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab.c (krb5_kt_get_entry): clear error string when
+ returning a new error
+
+ * lib/krb5/keytab.c: krb5_kt_close frees all resources, even on
+ error.
+
+ * lib/krb5/verify_init.c (krb5_verify_init_creds): `entry' unused,
+ remove From: "Henry B. Hotz" <hotz@jpl.nasa.gov>
+
+2005-07-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/win2k.texi: arcfour-hmac-md5 support for windows cross was
+ added in w2k3-sp1 From David Love
+
+ * doc/setup.texi: document kadmin command password-quality instead
+ of the not installed test_pw_quality
+
+ * lib/krb5/krb5_get_init_creds.3: Spelling, from David Love
+
+ * fix-export: build kdc-protos.h
+
+2005-07-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc: prefix pkinit symbols with _kdc
+
+ * kuser/kinit.c: avoid shadowing variables
+
+ * kuser: s/optind/optidx/
+
+ * kdc: adapt pkinit code to libkdc split
+
+2005-06-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * tools/Makefile.am: add depency on LIB_dlopen and LIB_door_create
+
+ * tools/krb5-config.in: add depency on LIB_dlopen and LIB_door_create
+
+ * kdc/kdc_locl.h: indent, remove dup prototypes
+
+ * kdc/libkdc: don't pollute namespace, generate public headerfile
+
+ * lib/krb5/principal.c: add krb5_425_conv_principal_ext2 that work
+ just like krb5_425_conv_principal_ext but takes a context variable
+ for the verification function
+
+ * kdc/Makefile.am: there is no export script, not pretend there is
+
+ * kdc: Merge in the libkdc/kdc configuration split from Andrew
+ Bartlet <abartlet@samba.org>
+
+ * lib/krb5/crypto.c: optionally compile in support for afs string2key
+
+ * configure.in: add --disable-afs-string-to-key to allow removal
+ of support for afs string2key (and dependency on crypt)
+
+2005-06-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: Add logging of all timestamps in AS-REQ and
+ TGS-REQ, for auditing
+
+ * kdc/kerberos5.c (as_req): print the supported encryption types
+ so its possible to know what clients to update.
+ (find_rpath): return const char * and update callers.
+
+2005-06-28 Luke Howard <lukeh@padl.com>
+
+ * kcm/connect.c: fix arguments to kcm_log() when reporting
+ sendmsg() error
+
+ * kcm/connect.c: don't send socket address in msghdr, it
+ returns an already connected error on Linux
+
+2005-06-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/524.c: Always include <krb5-v4compat.h>.
+
+2005-06-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/intro.texi: no more libdes, gssapi lib is complete
+
+ * lib/krb5/krb5.conf.5: Documentation for password quality
+ control. From: "James F. Hranicky" <jfh@cise.ufl.edu>
+
+ * lib/krb5/verify_krb5_conf.c (password_quality_entries): add
+ min_length and min_classes
+
+ * kdc/kaserver.c: log the kaserver requests, avoid shadowing
+ variables
+
+ * lib/hdb/db3.c (DB_open): in case of error, close database
+
+ * lib/hdb/ndbm.c (NDBM_open): in case of error, close database
+
+ * lib/hdb/db.c (DB_open): in case of error, close database
+
+2005-06-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kcm/kcm.8: fix example
+
+2005-06-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/rd_rep.c: indent
+
+ * lib/krb5/rd_rep.c (krb5_rd_rep): check if
+ KRB5_AUTH_CONTEXT_DO_TIME set and use that as a que that timestamp
+ should be checked, DCE-STYLE gssapi needs to be able to tweek this
+
+ * kdc/string2key.c: rename optind to optidx
+
+ * lib/hdb/convert_db.c: rename optind to optidx
+
+ * lib/hdb/keytab.c: const poison, add a unconst where needed
+
+ * lib/krb5/crypto.c (krb5_string_to_key): unconst password
+
+ * lib/asn1/k5.asn1: rename pvno to krb5-pvno
+
+ * lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc):
+ unconst argument
+
+ * lib/krb5/verify_krb5_conf.c: rename optind to optidx
+
+ * lib/krb5/transited.c: rename the temporary string variable to
+ `str'
+
+ * lib/krb5/test_crypto.c: rename optind to optidx
+
+ * lib/krb5/test_alname.c: rename optind to optidx
+
+ * lib/krb5/store.c: unconst argument to krb5_store (XXX this
+ should be fixed, krb5_store doesn't need to modify its argument)
+
+ * lib/krb5/send_to_kdc.c (krb5_sendto): remove shadowing
+ unnessecery variable ret
+
+ * lib/krb5/rd_cred.c (krb5_rd_cred): remove shadowing unnessecery
+ variable len
+
+ * lib/krb5/prog_setup.c: rename optind to optidx
+
+ * lib/krb5/padata.c: rename variable index to idx
+
+ * lib/krb5/log.c: rename variable time to timestr to avoid
+ shadowing
+
+ * lib/krb5/krbhst.c (krb5_krbhst_init_flags): rename variable to
+ avoid shadowing
+
+ * lib/krb5/krbhst-test.c: rename optind to optidx
+
+ * lib/krb5/kcm.c: unconst argumen to connect, unconst argument to
+ krb5_store (XXX this should be fixed, krb5_store doesn't need to
+ modify its argument)
+
+ * lib/krb5/init_creds_pw.c (default_s2k_func): unconst password
+
+ * lib/krb5/crypto.c: rename `encrypt' to avoid shadow warning
+
+2005-06-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/principal.c: rename index to idx
+
+ * lib/krb5/mk_error.c: use rk_UNCONST
+
+ * lib/krb5/fcache.c: rename to avoid shadowing
+
+ * lib/krb5/config_file.c: rename to avoid shadowing
+
+ * lib/krb5/cache.c (_krb5_expand_default_cc_name): just copy the
+ string instead of losing const
+
+ * lib/krb5/addr_families.c: use rk_UNCONST to silence const
+ warning
+
+ * lib/krb5/addr_families.c: rename sin to sin4
+
+ * lib/asn1/asn1_print.c: rename optind to optidx, remove shadowed
+ variables
+
+ * lib/asn1/main.c: rename optind to optidx
+
+ * lib/asn1/gen_copy.c: rename to avoid shadowing
+
+ * lib/asn1/gen_locl.h: rename function filename to get_filename
+
+ * lib/asn1/lex.l: use get_filename
+
+ * lib/asn1/gen.c: rename function filename to get_filename
+
+ * lib/krb5/acache.c: use HAVE_DLOPEN around cc_handle
+
+ * configure.in: add headers and prototypes to logwtmp, logout and
+ openpty checks
+
+ * configure.in: include headerfiles and set prototype for tgetent
+
+ * kdc/kerberos5.c (make_etype_info2_entry): NUL terminate the
+ string
+
+ * kdc/kerberos5.c: replace strndup with inline copy, free data on
+ failure
+
+ * lib/krb5/cache.c (_krb5_expand_default_cc_name): replace strndup
+ with inline copy
+
+ * lib/krb5/log.c: rename close and log to avoid shadow warnings
+
+ * lib/krb5/get_in_tkt.c: rename index to i to avoid shadowing
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): rename two
+ of the local `realm' to srealm to avoid shadowing
+
+ * kdc/kerberos5.c (tgs_rep2): rename one of the tkey to uukey to
+ avoid shadow warning
+
+ * kdc/kerberos5.c (tgs_rep2): rename loop to nloop to avoid shadow
+ warning
+
+2005-06-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * Release 0.7, see branch
+
+2005-06-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: TESTS += test_mem libkrb5_la_SOURCES +=
+ kcm.h
+
+ * kuser/kinit.c (main): catch KRB5_CONFIG_BADFORMAT from
+ krb5_init_context
+
+ * kdc/main.c (main): catch KRB5_CONFIG_BADFORMAT from
+ krb5_init_context
+
+ * lib/krb5/verify_krb5_conf.c (main): catch KRB5_CONFIG_BADFORMAT
+ from krb5_init_context From: Mathias Feiler
+ <feiler@uni-hohenheim.de>
+
+ * lib/krb5/verify_krb5_conf.c: Add more missig entires, from
+ Mathias Feiler <feiler@uni-hohenheim.de>
+
+2005-06-11 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/pkinit.c (pk_principal_from_X509): remember to free
+ KRB5PrincipalName
+
+ * lib/krb5/log.c (krb5_closelog): free all content in
+ krb5_log_facility
+
+2005-06-08 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/524.c: init kvno to please gcc
+
+ * kdc/kaserver.c (do_authenticate): check return value from
+ unparse_auth_args
+
+2005-06-07 Dave Love <fx@gnu.org>
+
+ * doc/setup.texi: Spelling.
+
+ * doc/programming.texi: Spelling.
+
+2005-06-02 Dave Love <fx@gnu.org>
+
+ * kcm/connect.c (kcm_door_server): Make static.
+
+ * kcm/kcm_locl.h (disallow_getting_krbtgt): Declare.
+
+2005-06-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/mit_dump.c (mit_prop_dump): cast argument to
+ krb5_parse_principal to avoid warning
+
+ * kdc/mit_dump.c: rename KRB5_TL_MOD_PRINC to
+ mit_KRB5_TL_MOD_PRINC to hint its a constant originating from mit
+ codebase
+
+2005-06-01 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/store.c: If we are allocating 0 entires, avoid failing
+ if ALLOC returns NULL
+
+ * lib/krb5/verify_krb5_conf.c: Check for [kdc]v4-realm
+
+ * lib/krb5/cache.c: When returning a new error code, set error
+ string.
+
+2005-05-31 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab_file.c: Adapt to changed signature of
+ _krb5_xunlock, clear more error string where needed.
+
+ * lib/krb5/fcache.c (_krb5_xunlock): catch the error and turn it
+ into something sensable
+
+2005-05-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c (tgs_make_reply): copy ok-as-delegate flag from
+ server entry to encrypted ticket flags
+
+2005-05-30 Johan Danielsson <joda@pdc.kth.se>
+
+ * kdc/connect.c: rename sendlength to prependlength (which
+ hopefully better represents its purpose), and change type to
+ krb5_boolean
+
+ * kdc/connect.c: log signal causing exit
+
+ * kdc/main.c (sigterm): set exit_flag to signal causing exit;
+ (main): trap SIGXCPU
+
+2005-05-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kcm/kcm.8: document --disallow-getting-krbtgt and --door-path
+
+ * kcm/protocol.c (kcm_op_retrieve): check server for krbtgt, not
+ client
+
+ * kcm/main.c: ignore SIGPIPE
+
+ * kcm/protocol.c: Add option to disallow getting krbtgt out from
+ from KCM. KCM will do the fetching part itself.
+
+ * kcm/config.c: Add option to disallow getting krbtgt out from
+ from KCM. KCM will do the fetching part itself.
+
+2005-05-30 Luke Howard <lukeh@padl.com>
+
+ * kcm/events.c: if credentials have expired when attempting
+ to renew, attempt to reacquire them using initial creds
+
+2005-05-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_principal.3: Spelling, from Björn Sandell
+
+ * doc/setup.texi: spelling, from Björn Sandell
+
+ * lib/krb5/name-45-test.c: XXX don't run the test unless the
+ machine is in kth.se or su.se because it depends on local resolver
+ configuration.
+
+ * lib/hdb/hdb.c: provde RTLD_NOW and RTLD_GLOBAL if they don't
+ exists
+
+ * kcm/connect.c: fix doors support, fix signedness warnings
+
+ * kcm/config.c: add --door-path=
+
+ * configure.in: comment what the "detect doors on solaris"
+ fragment tries to do
+
+ * kcm/acquire.c (generate_random_pw): fix signed-ness warnings
+
+ * kcm/connect.c (update_client_creds): fix compile error in the
+ getpeerucred case
+
+ * lib/krb5/test_cc.c: change format for expantion variables in
+ default_cc_name to %{variable} to not confuse them with shell
+ ditto
+
+ * kcm/headers.h: Maybe include <door.h>.
+
+ * kcm/kcm_locl.h: add extern door_path;
+
+ * configure.in: detect doors using door_create
+
+ * kcm/Makefile.am: add dependcy on kcm_protos.h add lib depency on
+ LIB_door_create
+
+ * lib/krb5/kcm.h: add _PATH_KCM_DOOR, default path to kcm door
+
+ * lib/krb5/kcm.c: use [libdefaults]kcm_door to find the door to
+ kcm
+
+ * lib/krb5/Makefile.am: libkrb5_la_LIBADD += LIB_door_create
+
+ * lib/krb5/krb5_locl.h: Maybe include <sys/mman.h>, maybe include
+ <door.h>.
+
+ * lib/krb5/kcm.c (kcm_send_request): add support for doing a door
+ call to kcm
+
+ * lib/asn1: prefix Der_class with ASN1_C_ to avoid problems with
+ system headerfiles that pollute the name space
+
+ * kcm/kcm.8: change format for expantion variables in
+ default_cc_name to %{variable} to not confuse them with shell
+ ditto
+
+ * lib/krb5/krb5.conf.5: change format for expantion variables in
+ default_cc_name to %{variable} to not confuse them with shell
+ ditto
+
+ * lib/krb5/cache.c (_krb5_expand_default_cc_name): change format
+ for expantion variables to %{variable} to not confuse them with
+ shell ditto
+
+ * kcm/connect.c: add LOCAL_PEERCRED and experimental doors support
+
+2005-05-27 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/kf/kfd.c: case uid_t to unsigned long in printf format
+
+2005-05-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_auth_context.3: remove trailing space
+
+2005-05-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kcm/connect.c (do_request): use sendmsg to send the reply
+
+ * fix-export: add make_proto for kcm/kcm_protos.h
+
+ * kcm/kcm_locl.h: remove prototypes and add <kcm_protos.h>
+
+ * kcm/Makefile.am (kcm_SOURCES): add headerfiles
+ (kcm_protos.h): generate prototypes
+
+ * kcm/protocol.c: fix error in last commit, use right function
+
+ * kcm/headers.h: include <ucred.h> if we have getpeerucred
+
+ * configure.in: check for functions getpeerucred and getpeereid
+
+ * kcm/connect.c (update_client_creds): add support for
+ getpeerucred and getpeereid
+
+ * lib/krb5/kcm.c (kcm_alloc): allow kcm socket to be configured by
+ [libdefaults]kcm_socket=/path
+
+2005-05-24 David Love <fx@gnu.org>
+
+ * kcm/kcm.8: KRB5CCNAME needs an literal uid, not ${uid}, spelling
+
+2005-05-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kcm/protocol.c: Merge the description and function jumptables
+ into one structure. Use the length of the array when checking if
+ opcode is value, not a constant.
+
+ * kcm/kcm_locl.h: struct kcm_op: jumptable structure
+
+ * kcm/main.c: move declaration of detach_from_console away from
+ here to kcm_locl.h, Don't test HAVE_DAEMON since roken supplies it.
+
+ * kcm/kcm_locl.h: move declaration of detach_from_console here
+
+ * kdc/config.c: Don't test HAVE_DAEMON since roken supplies it.
+
+2005-05-23 Dave Love <fx@gnu.org>
+
+ * kcm/config.c: Don't test HAVE_DAEMON since roken supplies it.
+
+ * kdc/main.c: Don't test HAVE_DAEMON since roken supplies it.
+
+2005-05-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_keytab.3: document WRFILE and JAVA14
+
+2005-05-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krbhst.c (srv_get_hosts): if srv_get_hosts failes,
+ return and ignore the error
+
+ * lib/krb5/krbhst.c (srv_find_realm): make sure `res' and `count'
+ have good values
+
+ * lib/krb5/test_keytab.c: tests all keytab format
+
+2005-05-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c (_krb5_pk_rd_pa_reply): non non asn1 decoding
+ errors, fail. Make sure we free memory on error.
+ (pk_verify_chain_standard): make sure we provide good errors.
+
+ * lib/krb5/verify_krb5_conf.c: add missing options, prompted by
+ James F. Hranicky mail to heimdal-discuss
+
+ * lib/krb5/verify_krb5_conf.c: add pkinit and password quailty
+ check options
+
+ * lib/krb5/pkinit.c (pk_verify_chain_standard): store better error
+ message in the context for certificate errors.
+
+ * lib/krb5/keytab.c (krb5_kt_free_entry): zero out content of all
+ krb5_free_x_content like functions to make sure data doesnt get
+ reused, idea from Wynn Wilkes <wwilkes@vintela.com>
+
+ * configure.in: depend on automake 1.8, we don't test anything
+ older
+
+ * lib/krb5/init_creds_pw.c (process_pa_data_to_md): add comment
+ that the caller always free out_md; remove comment about memory,
+ it doesn't happen.
+ (init_cred_loop): free ctx->as_req.padata when its reset (From Wynn
+ Wilkes <wwilkes@vintela.com>), move a comment close the the code
+
+ * lib/krb5/keytab_krb4.c (fkt_remove_entry): need to call
+ krb5_kt_free_entry after each krb5_kt_next_entry.
+
+ * lib/krb5/keytab_file.c (fkt_remove_entry): need to call
+ krb5_kt_free_entry after each fkt_next_entry_int. From: Wynn
+ Wilkes <wwilkes@vintela.com>
+
+2005-05-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: TESTS += test_keytab
+
+ * lib/krb5/keytab_krb4.c (krb4_kt_remove_entry): plug memory leaks,
+ avoid crashing on empty keytab
+
+ * lib/krb5/krb5_keytab.3: document behavior of
+ krb5_kt_remove_entry
+
+ * lib/krb5/keytab_memory.c (mkt_remove_entry): check if there
+ isn't any entries in the keytab before removing any since that
+ leads to bad pointer arithmetic and crashing. From: Wynn Wilkes
+ <wwilkes@vintela.com>. Make the function return KRB5_KT_NOTFOUND
+ if the entry wasn't in the keytab (just like the filebased
+ keytab).
+
+ * lib/krb5/test_keytab.c: test memory corruption in MEMORY keytab
+
+ * lib/krb5{addr_families,context,creds,free,keyblock,
+ mit_glue,rd_error}.c:zero out content of all krb5_free_x_content
+ like functions to make sure data doesnt get reused, idea from
+ Wynn Wilkes <wwilkes@vintela.com>
+
+ * lib/krb5/krb5_get_credentials.3: document KRB5_GC_EXPIRED_OK
+
+ * lib/krb5/krb5.3: add krb5_cc_new_unique
+
+2005-05-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/fcache.c (fcc_get_first): check return value from
+ malloc, memset the structure, make sure cursor doesn't point to
+ freed memory on failure. From: Wynn Wilkes <wwilkes@vintela.com>
+
+ * lib/krb5/krb5_auth_context.3: document
+ KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED
+
+ * lib/krb5/get_cred.c: Remove expired credentials, based on
+ patches and comments from Anders Magnusson <ragge@ltu.se> and Wynn
+ Wilkes <wwilkes@vintela.com>
+
+ * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): honor
+ KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED and create unencrypted
+ (ENCTYPE_NULL) credentials. for use with old mit server and java based
+ ones as they can't handle encrypted KRB-CRED. Note that the option
+ needs to turned on because if the consumer sends the KRB-CRED in
+ clear bad things will happen.
+
+ * lib/krb5/context.c (krb5_init_context): register krb5_javakt_ops
+
+ * lib/krb5/krb5.h: KRB5_GC_EXPIRED_OK: expired credentials is ok
+ to return from krb5_get_credentials.
+ KRB5_AUTH_CONTEXT_CLEAR_FORWARDED_CRED: make forward credentials
+ be unencrypted, for compatibility with mit kerberos and java
+ kerberos. krb5_javakt_ops: export
+
+2005-05-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/keytab_file.c: Add new keytab file format JAVA14 that
+ doesn't the use extended kvnos, as hinted, this is needed for
+ Java's Kerberos implementation.
+
+2005-05-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25
+ enckey, still no DH
+
+ * kdc/pkinit.c: handle pkinit-9, pkinit-19, and pkinit-25 enckey,
+ still no DH
+
+ * kdc/kerberos5.c (as_rep): search for pkinit-9, pkinit-19, and
+ pkinit-25 pa-data, return empty pkinit pa-data in the
+ PREAUTH_REQUIRED krb-error
+
+ * doc/ack.texi: add pkinit people
+
+ * lib/krb5/krb5_storage.3: document krb5_storage_is_flags
+
+ * lib/krb5/{krb5_compare_creds.3,krb5_get_init_creds.3,
+ krb5_krbhst_init.3,krb5_storage.3}:
+ make more pretty, from Björn Sandell
+
+2005-05-09 Dave Love <fx@gnu.org>
+
+ * doc/setup.texi: Fix and clarify password quality check examples.
+
+2005-05-09 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/kuserok.c (krb5_kuserok): use POSIX_GETPWNAM_R instead
+ of HAVE_GETPWNAM_R From: Dave Love <d.love@dl.ac.uk>
+
+2005-05-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/addr_families.c (krb5_print_address): catch when the
+ unknown adress don't fit. From Björn Sandell <biorn@dce.chalmers.se>
+
+2005-05-05 Dave Love <d.love@dl.ac.uk>
+
+ * configure.in: fix type right test, include <termios.h> for
+ sys/strtty.h, not sys/ptyvar.h
+
+2005-05-05 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: spelling
+
+2005-05-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5.conf.5: expand on what "trailing component" means
+
+2005-05-04 Johan Danielsson <joda@pdc.kth.se>
+
+ * lib/krb5/rd_cred.c: put address comparison in separate function
+
+ * lib/krb5/krb5_kuserok.3: check the user's ~/.k5login.d directory
+ for access files, all of which is handled like the regular
+ ~/.k5login
+
+ * lib/krb5/kuserok.c: check the user's ~/.k5login.d directory for
+ access files, all of which is handled like the regular ~/.k5login
+
+2005-05-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/ack.texi: Clearify what version of libdes we are using and
+ who's code in it we are using.
+
+ * kcm/kcm.8: more text about usage
+
+ * kcm/Makefile.am: man_MANS += kcm.8
+
+ * kcm/kcm.8: initial manpage
+
+ * configure.in: if we have a $srcdir/lib/asn1/pkcs12.asn1, define
+ PKINIT
+
+2005-05-02 Dave Love <fx@gnu.org>
+
+ * configure.in: sys/tty.h (for sys/ptyvar.h) might need termios.h.
+
+2005-05-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * tools/krb5-config.in: add com_err to required libs
+
+ * lib/krb5/pkinit.c (krb5_ui_method_read_string): use the fill in
+ length
+
+ * lib/krb5/init_creds_pw.c: Now that we fixed the signed-ness of
+ nonce for windows, remove the code that removed the signed
+ bit. Instead add comment that they still need to be the same
+ (Kerberos protocol nonce and pk-init nonce) for Windows.
+
+2005-05-02 David Love <fx@gnu.org>
+
+ * lib/krb5/crypto.c: Don't declare des_salt &c as static with
+ incomplete type (invalid in c89, at least).
+
+2005-05-02 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_locl.h: include <crypt.h>
+
+2005-05-02 David Love <fx@gnu.org>
+
+ * kcm/connect.c (init_socket): rename variable sun to un to avoid
+ namespace collision.
+ (handle_stream): Cast arg of krb5_warnx.
+
+2005-04-30 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c: if we are using PKINIT, strip of the
+ highest bit to make windows PK-INIT happy. Also make the nonces
+ the same, again for windows, they are using pk-init-9.
+
+ XXX check if it isn't the that nonce is an unsigned variable so
+ its just a asn1 mismatch.
+
+ * kdc/pkinit.c: pass a NULL prompter data to _krb5_pk_load_openssl_id
+
+ * kuser/kinit.c: krb5_get_init_creds_opt_set_pkinit
+
+ * lib/krb5/pkinit.c: Pass prompter data to the prompter function,
+ implement a UI prompter function wrapping the kerberos prompter
+ function so that the the OpenSSL ENGINE can ask for a password
+ when loading the private key. From: Douglas E. Engert
+
+ * lib/krb5: add <err.h> in test programs
+
+ * configure.in: sys/ptyvar.h might need <sys/tty.h>
+
+ * lib/krb5/Makefile.am: use LIB_com_err for libkrb5.la
+
+2005-04-29 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/Makefile.am: use $(LIB_com_err)
+
+2005-04-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/context.c (krb5_set_config_files): ignore permission
+ denied on configuration files, user might not be allowed to read
+ /var/heimdal/kdc.conf
+
+2005-04-26 Dave Love <fx@gnu.org>
+
+ * lib/krb5/krb5_locl.h: define _POSIX_PTHREAD_SEMANTICS so we get
+ posix getpwnam_r
+
+2005-04-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/gen_glue.c: switch the units variable to a
+ function. gcc-4.1 needs the size of the structure if its defined
+ as extern struct units foo_units[] an we don't want to include
+ <parse_units.h> in the generate headerfile
+
+2005-04-25 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/hdb.schema: add EQUALITY rule for krb5ValidStart,
+ krb5ValidEnd, krb5PasswordEnd From Howard Chu
+
+2005-04-24 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/whatis.texi: comment out docbook stuff for now
+
+ * kuser/klist.c: use strlcpy
+
+ * doc/ack.texi: we no longer use eay libdes, make acknowledgment
+ still be there, but claim that we no longer use it. Mark editline
+ to be a modified version as required by the license.
+
+ * lib/krb5/pkinit.c: use the unexported oid_to_enctype function
+
+ * lib/krb5/crypto.c: unexport the oid_to_enctype function, not for
+ external consumers
+
+ * kdc/Makefile.am: always add kaserver
+
+ * lib/krb5/krb5_ccache.3: document krb5_cc_new_unique
+
+ * lib/krb5/cache.c (krb5_cc_new_unique): new function to create a
+ new credential cache
+
+ * kdc/headers.h: don't include kerberos 4 headers here
+
+ * kdc/hpropd.c: include kerberos 4 headers here
+
+ * kdc/connect.c: add kaserver support independ of having krb4
+ support
+
+ * kdc/config.c: add kaserver support unconditionally, make kdc
+ only fail to start when there are no v4 realm configured and
+ krb4/kaserver is turned on
+
+ * kdc/kaserver.c: Use the new Kerberos 4 functions in libkrb5 and
+ so kaserver support is always compiled in (still default disabled)
+
+ * lib/krb5/v4_glue.c: simplify error handling
+
+ * doc/whatis.texi: add docbook version macro of @sub
+
+ * doc/heimdal.texi: change the wrapping around the Top node to
+ ifnottex, make html generation work
+
+ * lib/krb5/krb5_krbhst_init.3: spelling, from Björn Sandell
+ <biorn@dce.chalmers.se>
+
+ * lib/krb5/krb5_get_krbhst.3: spelling, from Björn Sandell
+ <biorn@dce.chalmers.se>
+
+ * lib/krb5/krb5_data.3: spelling, from Björn Sandell
+ <biorn@dce.chalmers.se>
+
+ * lib/krb5/krb5_aname_to_localname.3: spelling, from Björn Sandell
+ <biorn@dce.chalmers.se>
+
+ * lib/krb5/krb5_address.3: spelling, from Björn Sandell
+ <biorn@dce.chalmers.se>
+
+2005-04-23 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/config.c: Use the new Kerberos 4 functions in libkrb5 and so
+ kerberos 4 is always compiled in (still default disabled)
+
+ * kdc/kerberos4.c: Use the new Kerberos 4 functions in libkrb5 and
+ so kerberos 4 is always compiled in (still default disabled)
+
+ * lib/krb5/krb5_locl.h: forward declaration of _krb5_krb_auth_data
+
+ * lib/krb5/convert_creds.c: Move the kerberos v4 replacement
+ functions to v4_glue.c
+
+ * lib/krb5/v4_glue.c: Implement enough of kerberos 4 protocol to
+ be a KDC, move the v4 bits over here
+
+ * lib/krb5/krb5-v4compat.h: add more v4 defines
+
+2005-04-22 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kpasswd/kpasswdd.c: Support multi-realms databases, requires
+ that all the realms are configured on the KDC in krb5.conf with
+ [libdefaults]default_realm stanzas.
+
+2005-04-21 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kerberos5.c: spell succeeded correctly, From Sean Chittenden
+
+ * lib/krb5/addr_families.c: catch two more snprintf problems
+
+2005-04-20 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/Makefile.am: this lib include com_err, add -com_err to
+ CHECK_SYMBOLS
+
+ * appl/test/http_client.c: cast ssize_t to unsigned long, fix
+ printf format
+
+2005-04-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/kuserok.c: use asprintf to avoid truncating pathnames
+
+ * lib/krb5/get_host_realm.c: check return value of snprintf
+
+ * lib/krb5/test_addr.c: check address truncation
+
+ * lib/krb5/addr_families.c: check return values from snprintf and
+ clean up semantics of ret_len
+
+ * lib/krb5/krb5_address.3: clarify what ret_len is in
+ krb5_print_address
+
+ * lib/krb5/test_kuserok.c: add --version and --help
+
+ * lib/krb5/kuserok.c: use getpwnamn_r if it exists
+
+ * lib/krb5/Makefile.am: noinst_PROGRAMS += test_kuserok
+
+ * lib/krb5/test_kuserok.c: test program for krb5_kuserok
+
+2005-04-18 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/acache.c (acc_resolve): if open_default_ccache failed
+ with ccErrCCacheNotFound try again with create_default_ccache,
+ this fixes the problem where the security server apperenly haven't
+ started yet on Mac OS X
+
+ * lib/krb5/get_default_principal.c
+ (_krb5_get_default_principal_local): add, for use of functions
+ that in ccache layer to avoid recursive calls.
+
+ * lib/hdb/hdb-ldap.c: drop <ctype.h>, no longer use any of the is*
+ macros in this file
+
+ * include/make_crypto.c: cast to unsigned char to make sure its
+ not negative when passing it to is* functions
+
+2005-04-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/programming.texi: remove manpage macro, add some more
+ references to manpages
+
+ * doc/heimdal.texi: define manpage macro
+
+ * doc/setup.texi: document new password policy code
+
+ * kpasswd/kpasswdd.c: add verifier libraries with
+ kadm5_add_passwd_quality_verifier
+
+ * lib/krb5/krb5_keyblock.3: document krb5_keyblock_init
+
+2005-04-14 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kdc/kaserver.c: AUTHENTICATE and AUTHENTICATE_V2 is almost the
+ same, and clients
+ (klog) can deal with that the kaserver returns the same thing for
+ both
+
+ * lib/krb5/keyblock.c: Add krb5_keyblock_init to allocate an fill
+ in a keyblock from key data.
+
+2005-04-12 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * configure.in: rk_WIN32_EXPORT for roken
+
+2005-04-10 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/gssapi_server.c: print out client principla of
+ delegated credential
+
+2005-04-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/init_creds_pw.c (process_pa_data_to_key): also check
+ for KRB5_PADATA_PK_AS_REP_19, From: Douglas Engert
+
+2005-04-07 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * .cvsignore: ignore more generate files
+
+2005-04-04 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/asn1/check-der.c: use size_t, print size_t by casting to
+ unsigned long
+
+ * lib/krb5/test_crypto.c: print size_t by casting to unsigned long
+
+ * lib/krb5/acache.c: Argument to create_new_ccache is a principal,
+ not a credential cache name. Clean up lossage related to this
+ problem.
+
+ * lib/hdb/Makefile.am: CHECK_SYMBOLS += HDBFlags2int
+
+ * lib/krb5/addr_families.c
+ (krb5_address_prefixlen_boundary,krb5_free_address):
+ use find_atype when we are dealing with a kerberos address type
+
+ * lib/krb5/aes-test.c: size_t vs int + fix printf
+
+ * lib/krb5/pkinit.c: Since the decode can't make out the diffrence
+ between PA-PK-AS-REP-19 and PA-PK-AS-REQ-Win2k, try harder to
+ verify both cases
+
+2005-04-03 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * appl/test/uu_client.c: print size_t by casting to unsigned long
+
+2005-04-01 Johan Danielsson <joda@pdc.kth.se>
+
+ * kdc/kerberos4.c (do_version4): check client and server max_life
+
+ * kdc/kaserver.c (do_getticket): check client max_life
+
+2005-03-31 Love <lha@kth.se>
+
+ * lib/krb5/verify_krb5_conf.c: const poison
+
+ * lib/krb5/test_alname.c: const poison
+
+ * lib/asn1/main.c: const poison
+
+ * lib/krb5/test_addr.c: test parse IPv6 RANGE addresses
+
+ * lib/krb5/addr_families.c: implement mask boundary for IPv6
+
+ * lib/asn1/gen.c: avoid const string warnings steming from
+ writeable-string
+
+2005-03-28 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/Makefile.am: TESTS += test_addr
+
+ * lib/krb5/test_addr.c: simple test for addresses
+
+ * lib/krb5/addr_families.c: make RANGE parse prefixlen style
+ addresses too, fix printing of RANGE addresses, add
+ krb5_address_prefixlen_boundary
+
+ * lib/krb5/krb5_keytab.3: stop memory leak in example, expand on
+ wildcards
+
+2005-03-26 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_principal.3: spelling, from Tomas Olsson
+
+ * lib/krb5/krb5_warn.3: spelling, from Tomas Olsson
+
+2005-03-19 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/acache.c: add mutex for global variables, clean up
+ returned error codes, implement storing addresses into the ccapi
+
+ * appl/test/gssapi_server.c: free memory, make error strings match
+
+ * appl/test/gssapi_server.c: use print_gss_name, print server name
+ too
+
+ * appl/test/gss_common.h (print_gss_name): common code for
+ printing gss name
+
+ * appl/test/gss_common.c (print_gss_name): common code for
+ printing gss name
+
+ * appl/test/http_client.c: Make constent with rest of the gssapi
+ test programs
+
+2005-03-17 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/hdb/keys.c: AES is enabled by default, remove ifdefs
+
+ * lib/krb5/crypto.c: AES is enabled by default, remove ifdefs
+
+ * lib/krb5/aes-test.c: use hex encoder from roken AES is enabled
+ by default, remove ifdefs
+
+ * kdc/kerberos5.c: AES is enabled by default, remove ifdefs
+
+2005-03-16 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * doc/setup.texi: Add some text about modifying the database
+
+2005-03-15 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * kuser/kinit.c: widen lifetime/renewal warning text field, also
+ make use of unparse_time_approx, no need to be specific to the
+ second when ticket needs to be renewed or their lifetime.
+
+ * doc/heimdal.texi: copyright maintenance, drop eay, use updated
+ UCB license
+
+ * lib/krb5/crypto.c: more static and unsigned issues
+
+ * lib/krb5/crypto.c: fix signedness issues, prompted by report of
+ Magnus Ahltorp
+
+2005-03-13 Love Hörnquist Åstrand <lha@it.su.se>
+
+ * lib/krb5/krb5_keytab.3: more text about h