Merge from vendor branch NTPD:

[dragonfly.git] / crypto / heimdal-0.6.3 / ChangeLog

2004-09-13  Johan Danielsson  <joda@pdc.kth.se>

        * Release 0.6.3
        
2004-09-05  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/asn1/der_get.c (decode_enumerated): check that the tag
        length isn't longer the the length

2004-08-31  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
        kdc_reply can be set in case of failure too, clean on entry and
        free the exit unconditionally to avoid memory leak
        
2004-08-20  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/context.c: 1.93: (krb5_get_err_text): if neither of
        com_right nor strerror finds the error-code, return Unknown error.

2004-08-13  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/kerberos5.c: based on 1.162: (get_pa_etype_info): check for
        dup enctypes from the client and filter them out.
        
2004-06-21  Love Hörnquist Åstrand  <lha@it.su.se>

        * admin/get.c: 1.23: (kt_get): catch errors from krb5_parse_name
        
2004-06-21  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/Makefile.am: man_MANS += krb5_set_password.3
        
        * lib/krb5/krb5_set_password.3: 1.1-1.3: change password manpage
        
        * lib/krb5/changepw.c: 1.49: implement
        krb5_set_password_using_ccache 1.47: add tcp support to the set
        protocol, should be cleaned up to enable sharing code with
        krb5_sendto 1.46: (process_reply): log into result_string if
        something goes bad, return 0 (even on failure), not the KPASSWD
        protocol error code 1.45: krb5_princ_realm ->
        krb5_principal_get_realm 1.44: (setpw_send_request): free
        ap_req_data on failure 1.41: ooops, remove cut and paste error
        1.40: draft-ietf-cat-kerb-chg-password-02 and rfc3244 share the
        response packet sure more constants now that they exists 1.39:
        implement rfc3244, partly from shadow@dementia.org
        
        * lib/krb5/krb5.h: 1.211: some defines for rfc3244
        
        * lib/asn1/Makefile.am: 1.71: (gen_files):
        asn1_ChangePasswdDataMS.x for RFC3244
        
        * lib/asn1/k5.asn1: 1.30: add ChangePasswdDataMS, for RFC3244
        
        * kuser/kinit.c: 1.114: move "setpag if (argc < 1)" to common path
        
2004-05-06  Johan Danielsson  <joda@pdc.kth.se>

        * Release 0.6.2

2004-04-02  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/connect.c: case size_t to unsigned long for LP64 platforms
        
2004-04-01  Johan Danielsson  <joda@pdc.kth.se>

        * Release 0.6.1

2004-03-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/kerberos4.c: 1.46: stop the client from renewing tickets
        into the future From: Jeffrey Hutzelman <jhutz@cmu.edu>
        
2004-03-10  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/fcache.c: 1.43: (fcc_store_cred): NULL terminate
        krb5_config_get_bool_default' arglist
        
2004-03-09  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/krb5.conf.5: 1.44: document
        [libdefaults]fcc-mit-ticketflags=boolean 1.43: don't use path's in
        first .Nm, it confuses some locate.updatedb, use FILES section to
        describe where the file is instead.
        
        * lib/krb5/fcache.c (fcc_store_cred): default to use old format
        
        * lib/krb5/fcache.c: 1.42: (fcc_store_cred): use
        [libdefaults]fcc-mit-ticketflags=boolean to decide what format to
        write the fcc in. Default to mit format (aka heimdal 0.7 format)
        1.41: (_krb5_xlock): handle that everything was ok, and don't put
        an error in the error strings then
        
        * lib/krb5/store.c: 1.43: add _krb5_store_creds_heimdal_0_7 and
        _krb5_store_creds_heimdal_pre_0_7 that store the creds in just
        that format make krb5_store_creds default to mit format 1.42:
        (krb5_ret_creds): Runtime detect the what is the higher bits of
        the bitfield 1.41: (krb5_store_creds): add disabled code that
        store the ticket flags in reverse order (bitswap32): new function
        1.40: (krb5_ret_creds): if the higher ticket flags are set, its a
        mit cache, reverse the bits, bug pointed out by Sergio Gelato
        <Sergio.Gelato@astro.su.se>
        
        delta modfied to not change the behavior of krb5_store_creds
        
2004-03-07  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/mk_safe.c (krb5_mk_safe): fix assignment of usec2
        
2004-03-06  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/mcache.c: patch based on 1.17 and 1.18 but with
        threading code pulled out;
        
        1.18: (mcc_get_principal): also check for primary_principal ==
        NULL now that that isn't used as dead flag 1.17: don't overload
        the primary_principal == NULL as dead since that doesn't always
        work Based on patch from Jeffrey Hutzelman <jhutz@cmu.edu>, but
        tweek by me

        * lib/krb5/crypto.c: 1.94: (decrypt_internal_special): do not not
        modify the original data test case from Ronnie Sahlberg
        <ronnie_sahlberg@ozemail.com.au>

2004-02-13  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/verify_krb5_conf.c: 1.22->1.23: (check_host): don't
        check for EAI_NODATA, because its depricated in RFC3493 Pointed
        out by Hajimu UMEMOTO <ume@mahoroba.org> on heimdal-discuss
        
        * lib/krb5/eai_to_heim_errno.c: 1.3->1.4: EAI_ADDRFAMILY and
        EAI_NODATA is deprecated in RFC3493

2004-02-09  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/asn1/der_length.c: 1.16: Fix len_unsigned for certain
        negative integers, it got the length wrong, fix from Panasas, Inc.
        
        * lib/asn1/der_locl.h: 1.5: add _heim_len_unsigned, _heim_len_int
        
2004-01-26  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/asn1/gen_length.c: 1.14: (length_type): TSequenceOf: add up
        the size of all the elements, don't use just the size of the last
        element.

        * lib/krb5/fcache.c: 1.40: (_krb5_xlock): catch EINVAL and assume
        that it means that the filesystem doesn't support locking 1.39:
        (_krb5_xlock): fix compile error in last commit 1.38: internally
        export x{,un}lock and thus prefix them with _krb5_
        
2004-01-13  Love Hörnquist Åstrand  <lha@it.su.se>

        * kuser/kinit.c: 1.106: (renew_validate): if renewable_flag and
        not time specifed, use "1 month"
        1.105: make -9 work again

2004-01-09  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/get_for_creds.c: 1.36: (add_addrs): don't increase
        addr->len until in contains interesting data, use right iteration
        counter when clearing the addresses 1.39: krb5_princ_realm ->
        krb5_principal_get_realm 1.38: (krb5_get_forwarded_creds): use
        KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded
        krb-cred 1.39: (krb5_get_forwarded_creds): If tickets are
        address-less, forward address-less tickets.  1.40:
        (krb5_get_forwarded_creds): try to handle errors better for
        previous commit 1.41: (add_addrs): don't add same address multiple
        times
        
        * lib/krb5/get_cred.c: 1.96->1.97: rename get_krbtgt to
        _krb5_get_krbtgt and export it

2003-12-14  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/kerberos5.c: part of 1.146->1.147: handle NULL client/server
        names

2003-12-03  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/crypto.c: 1.90->1.91: require cipher-text to be padded
        to padsize 1.91->1.92: (decrypt_internal_derived): move up padsize
        check to avoid memory leak
        
2003-12-01  Love Hörnquist Åstrand  <lha@it.su.se>

        * kuser/kinit.c: 1.103->1.104: (main): return the return value
        from simple_execvp

2003-10-22  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/transited.c: 1.13->1.14: (krb5_domain_x500_encode):
        always zero out encoding to make sure it have a defined value on
        failure

        * lib/krb5/transited.c: 1.12->1.13: (krb5_domain_x500_encode): if
        num_realms == 0, set encoding and return (avoids malloc(0)) check
        return value from malloc
        
2003-10-21  Love Hörnquist Åstrand  <lha@it.su.se>

        * doc/setup.texi: 1.35->1.36: spelling
        
        * kdc/kdc_locl.h: 1.58->1.59: add flag to always check transited
        policy

        * doc/setup.texi: 1.27->1.35: many changes
        
        * lib/krb5/get_cred.c: 1.95->1.96: get capath info from [capaths]
        section

        * lib/krb5/rd_req.c: 1.50->1.51: (krb5_decrypt_ticket): try to
        verify transited realms, unless the transited-policy-checked flag
        is set

        * lib/krb5/transited.c:
        1.12: (krb5_domain_x500_decode): set *num_realms to zero not num_realms
        1.11: (krb5_domain_x500_decode): handle zero length tr data;
        (krb5_check_transited): new function that does more useful stuff

        * kdc/kdc.8: 1.23->1.24: document enforce-transited-policy
        
        * kdc/config.c: 1.47->1.48: add flag to always check transited
        policy

        * kdc/kerberos5.c:
        1.150: (fix_transited_encoding): also verify with policy,
        unless asked not to
        1.151: always check transited policy if flag set either globally
        (on principal part of patch not pulled up)
        1.152: (fix_transited_encoding): set transited type
        1.153: (fix_transited_encoding): always print cross-realm information

2003-10-06  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/config_file.c: 1.48->1.49:
        (krb5_config_parse_file_debug): punt if there is binding before a
        section declaration.
        Bug found by Arkadiusz Miskiewicz <arekm@pld-linux.org>

        * kdc/kaserver.c: 1.21->1.23:
        (do_getticket): if times data is shorter then 8 bytes, request is
        malformed.
        (do_authenticate): if request length is less then 8 bytes, its a
        bad request and fail. Pointed out by Marco Foglia <marco@foglia.org>

2003-09-22  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/verify_krb5_conf.c: 1.17->1.18: add missing " within
        #if 0 From: stefan sokoll <stefansokoll@yahoo.de>
        
2003-09-19  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/rd_req.c:
        1.47->1.48: (krb5_rd_req): allow caller to pass in a key
        in the auth_context, they way processes that doesn't use the
        keytab can still pass in the key of the service (matches behavior
        of MIT Kerberos).
        
2003-09-18  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * lib/krb5/crypto.c: 
        1.87->1.88: (usage2arcfour): simplify, only
        include special cases From: Luke Howard <lukeh@PADL.COM>
        1.86->1.87: (arcfour_checksum_p): return true when is arcfour,
        not when its not pointed out by Luke Howard
        1.82->1.83: Do the arcfour checksum mapping for
        krb5_create_checksum and krb5_verify_checksum, From: Luke Howard
        <lukeh@PADL.COM>
        1.81->1.82: (hmac): make it return an error
        when out of memory, update callsites to either return error or use
        krb5_abortx
        (krb5_hmac): expose hmac
        * lib/krb5/mk_req_ext.c: 1.26->1.27: (krb5_mk_req_internal):
        when using arcfour-hmac-md5, use an unkeyed checksum
        (rsa-md5), since Microsoft calculates the keyed checksum with
        the subkey of the authenticator.

        * lib/krb5/get_cred.c:
        1.93->1.94 (init_tgs_req): make generation of subkey
        optional on configuration parameter
        [realms]realm={tgs_require_subkey=bool}
        defaults to off. The RFC1510 weakly defines the correct behavior,
        so old DCE secd apparently required the subkey to be there, and MS
        will use it when its there. But the request isn't encrypted in the
        subkey, so you get to choose if you want to talk to a MS mdc or a
        old DCE secd.

        partly 1.91->1.92: (init_tgs_req): in case of error, don't
        free in the req_body addresses since they where pass in by caller

        lib/krb5/get_in_tkt.c:
        1.108->1.1.09: (krb5_get_in_tkt): for compatibility with with
        the mit implemtation, don't free `creds' argument when done, its up
        the the caller to do that, also allow a NULL ccache.

        * doc/ack.texi
        1.16->1.17: update Luke Howard email address

        * lib/hdb/hdb-ldap.c:
        1.13->1.14: code rewrite from Luke Howard <lukeh@PADL.COM>
        1.12->1.13: (LDAP_store): log what principal/dn failed
        1.11->1.12: use int2HDBFlags/HDBFlags2int
        From: Alberto Patino <jalbertop@aranea.com.mx>, 
        Luke Howard <lukeh@PADL.COM>
        Pointed out by Andrew Bartlett of Samba
        1.10->1.11: (LDAP__connect): bind sasl "EXTERNAL" to ldap connection
        (LDAP_store): remove superfluous argument to asprintf
        From Alberto Patino <jalbertop@aranea.com.mx>

        * lib/krb5/krb5.h:
        1.214->1.2015: add KEYTYPE_ARCFOUR_56
        
2003-09-12  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/config_file.c: fix prototypes Fredrik Ljungberg
        <flag@pobox.se>
        
2003-09-11  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/hdb/hdb_locl.h: 1.18->1.19: include <limits.h> for ULONG_MAX
        noted by Wissler Magnus <M.Wissler@abalon.se> on heimdal-discuss
        
2003-08-29  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/hdb/db3.c: 1.8->1.9: patch for working with DB4 on
        heimdal-discuss From: Luke Howard <lukeh@PADL.COM> 1.9->1.10: try
        to include more db headers
        
2003-08-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/connect.c: 1.92->1.93 (handle_tcp): handle recvfrom
        returning 0 (connection closed) 1.91->1.92: (grow_descr):
        increment the size after we succeed to allocate the space
        
2003-08-15  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/principal.c: 1.83->1.85: (unparse_name): len can't be
        zero, so, don't check for that
        (unparse_name): make sure there are space for a NUL, set *name to NULL
        when there is a failure (so caller can't get hold of a freed
        pointer)

2003-05-08  Johan Danielsson  <joda@ratatosk.pdc.kth.se>

        * Release 0.6

2003-05-08  Love Hörnquist Åstrand  <lha@it.su.se>

        * kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
        support

        * kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
        v4 support

        * kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
        support

2003-05-06  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/name-45-test.c: need to use empty krb5.conf for some
        tests

        * lib/asn1/check-gen.c: there is no \e escape sequence; replace
        everything with hex-codes, and cast to unsigned char* to make some
        compilers happy

2003-05-06  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
        argument to krb5_us_timeofday have correct type
        
2003-05-05  Assar Westerlund  <assar@kth.se>

        * include/make_crypto.c (main): include aes.h if ENABLE_AES

2003-05-05  Love Hörnquist Åstrand  <lha@it.su.se>

        * NEWS: 1.108->1.110: fix text about gssapi compat
        
2003-04-28  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
        from openbsd

2003-04-24  Love Hörnquist Åstrand  <lha@it.su.se>

        * doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
        <jmc@prioris.mini.pw.edu.pl>

2003-04-22  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@wenf.org
        via openbsd

2003-04-17  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/asn1/der_copy.c (copy_general_string): use strdup
        * lib/asn1/der_put.c: remove sprintf
        * lib/asn1/gen.c: remove strcpy/sprintf
        
        * lib/krb5/name-45-test.c: use a more unique name then ratatosk so
        that other (me) have such hosts in the local domain and the tests
        fails, to take hokkigai.pdc.kth.se instead
        
        * lib/krb5/test_alname.c: add --version and --help
        
2003-04-16  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/krb5_warn.3: add krb5_get_err_text
        
        * lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
        * lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
        * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
        strlcpy, from openbsd
        * kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
        * appl/kf/kfd.c: use strlcpy, from openbsd
        
2003-04-16  Johan Danielsson  <joda@pdc.kth.se>

        * configure.in: fix for large file support in AIX, _LARGE_FILES
        needs to be defined on the command line, since lex likes to
        include stdio.h before we get to config.h

2003-04-16  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
        from Thomas Klausner <wiz@netbsd.org>
        
        * lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
        <wiz@netbsd.org>

2003-04-15  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/kerberos5.c: fix some more memory leaks
        
2003-04-11  Love Hörnquist Åstrand  <lha@it.su.se>

        * appl/kf/kf.1: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
        
2003-04-08  Love Hörnquist Åstrand  <lha@it.su.se>

        * admin/ktutil.8: typos, from jmc <jmc@acn.waw.pl>
        
2003-04-06  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/krb5.3: s/kerberos/Kerberos/
        * lib/krb5/krb5_data.3: s/kerberos/Kerberos/
        * lib/krb5/krb5_address.3: s/kerberos/Kerberos/
        * lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
        * lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
        * kuser/kinit.1: s/kerberos/Kerberos/
        * kdc/kdc.8: s/kerberos/Kerberos/
        
2003-04-01  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/test_alname.c: more krb5_aname_to_localname tests
        
        * lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
        converting too root, make sure user is ok according to
        krb5_kuserok before allowing it.

        * lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
        
        * lib/krb5/test_alname.c: add test for krb5_aname_to_localname
        
        * lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
        instead of the "illegal" salt #~, same change as kth-krb did
        1999. Problems occur with crypt() that behaves like AT&T crypt
        (openssl does this). Pointed out by Marcus Watts.

        * admin/change.c (kt_change): collect all principals we are going
        to change, and pick the highest kvno and use that to guess what
        kvno the resulting kvno is going to be. Now two ktutil change in a
        row works. XXX fix the protocol to pass the kvno back.
        
2003-03-31  Love Hörnquist Åstrand  <lha@it.su.se>

        * appl/kf/kf.1: afs->AFS, from jmc <jmc@acn.waw.pl>
        
2003-03-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * doc/setup.texi: add description on how to turn on v4, 524 and
        kaserver support

2003-03-29  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
        and afs-use-524

2003-03-28  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/kerberos5.c (as_rep): when the second enctype_to_string
        failes, remember to free memory from the first enctype_to_string

        * lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
        from Harald Joerg <harald.joerg@fujitsu-siemens.com>
        (enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc

        * lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
        length when key is longer then expected length, its probably
        longer since the encrypted data was padded, reported by Aidan
        Cully <aidan@kublai.com>

        * lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
        encyption type, inspired by Aidan Cully <aidan@kublai.com>
        
2003-03-27  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
        (wildcard kvno) after principal when the keytab entry isn't found,
        reported by Chris Chiappa <chris@chiappa.net>
        
2003-03-26  Love Hörnquist Åstrand  <lha@it.su.se>

        * doc/misc.texi: update 2b example to match reality (from
        mattiasa@e.kth.se)

        * doc/misc.texi: spelling and add `Configuring AFS clients'
        subsection

2003-03-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/krb5.3: add krb5_free_data_contents.3
        
        * lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
        API

        * lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
        with MIT API
        
        * lib/krb5/krb5_verify_user.3: write more about how the ccache
        argument should be inited when used
        
2003-03-25  Johan Danielsson  <joda@pdc.kth.se>

        * lib/krb5/addr_families.c (krb5_print_address): make sure
        print_addr is defined for the given address type; make addrports
        printable

        * kdc/string2key.c: print the used enctype for kerberos 5 keys

2003-03-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/aes-test.c: add another arcfour test
        
2003-03-22  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
        
2003-03-20  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * lib/krb5/krb5_ccache.3: update .Dd

        * lib/krb5/krb5.3: sort in krb5_data functions

        * lib/krb5/Makefile.am (man_MANS): += krb5_data.3

        * lib/krb5/krb5_data.3: document krb5_data

        * lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
        prompter is NULL, don't try to ask for a password to
        change. reported by Iain Moffat @ ufl.edu via Howard Chu
        <hyc@highlandsun.com>

2003-03-19  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/krb5_keytab.3: spelling, from
        <jmc@prioris.mini.pw.edu.pl>

        * lib/krb5/krb5.conf.5: . means new line
        
        * lib/krb5/krb5.conf.5: spelling, from
        <jmc@prioris.mini.pw.edu.pl>

        * lib/krb5/krb5_auth_context.3: spelling, from
        <jmc@prioris.mini.pw.edu.pl>

2003-03-18  Love Hörnquist Åstrand  <lha@it.su.se>

        * kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
        
        * lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
        
        * lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time

        * kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
        #ifdef KRB4 from enable_v4_cross_realm since 524 needs it
        
        * kdc/config.c: 524 is independent of kerberos 4, so move out
        enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
        
2003-03-17  Assar Westerlund  <assar@kth.se>

        * kdc/kdc.8: document --kerberos4-cross-realm
        * kdc/kerberos4.c: pay attention to enable_v4_cross_realm
        * kdc/kdc_locl.h (enable_v4_cross_realm): add
        * kdc/524.c (encode_524_response): check the enable_v4_cross_realm
        flag before giving out v4 tickets for foreign v5 principals
        * kdc/config.c: add --enable-kerberos4-cross-realm option (default
        to off)

2003-03-17  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
        
        * lib/krb5/krb5_aname_to_localname.3: manpage for
        krb5_aname_to_localname

        * lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
        
2003-03-16  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3

        * lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3

        * lib/krb5/krb5_set_default_realm.3: Manpage for
        krb5_free_host_realm, krb5_get_default_realm,
        krb5_get_default_realms, krb5_get_host_realm, and
        krb5_set_default_realm.

        * admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
        <sobrado@acm.org> via NetBSD

        * lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
        
        * lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
        
        * lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
        
        * lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
        types, add krb5_fcc_ops and krb5_mcc_ops
        
        * lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
        a id

2003-03-15  Love Hörnquist Åstrand  <lha@it.su.se>

        * doc/intro.texi: add reference to source code, binaries and the
        manual

        * lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
        
2003-03-14  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/kdc.8: better/difrent english

        * kdc/kdc.8: . -> .\n, copyright/license
        
        * kdc/kdc.8: changed configuration file -> restart kdc

        * kdc/kerberos4.c: add krb4 into the most error messages written
        to the logfile

        * lib/krb5/krb5_ccache.3: add missing name of argument
        (krb5_context) to most functions

2003-03-13  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
        function and return FALSE when there isn't a local account for
        `luser'.

        * lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
        describing the function

2003-03-12  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
        returned memory, don't return ENOMEM

2003-03-11  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/krb5.3: add krb5_address stuff and sort
        
        * lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
        
        * lib/krb5/Makefile.am (man_MANS): += krb5_address.3
        
        * lib/krb5/krb5_address.3: document types krb5_address and
        krb5_addresses and their helper functions

2003-03-10  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3

        * lib/krb5/krb5_kuserok.3: spelling, from cizzi@it.su.se

        * lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3

        * lib/krb5/krb5_ccache.3: spelling, from cizzi@it.su.se
        
        * lib/krb5/krb5.3: add more functions
        
        * lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
        functions

        * lib/krb5/krb5_kuserok.3: document krb5_kuserok
        
        * lib/krb5/krb5_verify_user.3: document
        krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior

        * lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
        krb5_verify_user_opt

        * lib/krb5/*.[0-9]: add copyright/licenses on more manpages

        * kuser/kdestroy.c (main): handle that krb5_cc_default_name can
        return NULL

        * lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
        (TESTS): add test_cc

        * lib/krb5/test_cc.c: test some
        krb5_cc_default_name/krb5_cc_set_default_name combinations
        
        * lib/krb5/context.c (init_context_from_config_file): set
        default_cc_name to NULL
        (krb5_free_context): free default_cc_name if set

        * lib/krb5/cache.c (krb5_cc_set_default_name): new function
        (krb5_cc_default_name): use krb5_cc_set_default_name

        * lib/krb5/krb5.h (krb5_context_data): add default_cc_name
        
2003-02-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * appl/kf/kf.1: s/securly/securely/ from NetBSD
        
2003-02-18  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/connect.c: s/intialize/initialize, from
        <jmc@prioris.mini.pw.edu.pl>

2003-02-17  Love Hörnquist Åstrand  <lha@it.su.se>

        * configure.in: add AM_MAINTAINER_MODE
        
2003-02-16  Love Hörnquist Åstrand  <lha@it.su.se>

        * **/*.[0-9]: add copyright/licenses on all manpages

2003-14-16  Jacques Vidrine  <nectar@kth.se>

        * lib/krb5/get_in_tkt.c (init_as_req): Send only a single
        PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
        type specified by the KDC.

2003-02-15  Love Hörnquist Åstrand  <lha@it.su.se>

        * fix-export: some autoconf put their version number in
        autom4te.cache, so remove autom4te*.cache
        
        * fix-export: make sure $1 is a directory
        
2003-02-04  Love Hörnquist Åstrand  <lha@it.su.se>

        * kpasswd/kpasswdd.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>

        * kdc/kdc.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
        
2003-01-31  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/hpropd.8: s/databases/a database/ s/Not/not/

        * kdc/hprop.8: add missing .
        
2003-01-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
        address, write out encryption type in sentences, s/Host/host
        
2003-01-26  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/asn1/check-gen.c: add checks for Authenticator too
        
2003-01-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * doc/setup.texi: in the hprop example, use hprop and the first
        component, not host

        * lib/krb5/get_addrs.c (find_all_addresses): address-less
        point-to-point might not have an address, just ignore
        those. Reported by Harald Barth.

2003-01-23  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/verify_krb5_conf.c (check_section): when key isn't
        found, don't print out all known keys

        * lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
        and facility start resp
        (check_log): find_value() returns -1 when key isn't found

        * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
        'const void *' to avoid AES_KEY being exposed in krb5-private.h
        
        * lib/krb5/krb5.conf.5: add [kdc]use_2b

        * kdc/524.c (encode_524_response): its 2b not b2
        
        * doc/misc.texi: quote @ where missing
        
        * lib/asn1/Makefile.am: add check-gen
        
        * lib/asn1/check-gen.c: add Principal check
        
        * lib/asn1/check-common.h: move generic asn1/der functions from
        check-der.c to here

        * lib/asn1/check-common.c: move generic asn1/der functions from
        check-der.c to here

        * lib/asn1/check-der.c: move out the generic asn1/der functions to
        a common file

2003-01-22  Love Hörnquist Åstrand  <lha@it.su.se>

        * doc/misc.texi: more text about afs, how to get get your KeyFile,
        and how to start use 2b tokens

        * lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
        <jmc@cvs.openbsd.org>
        
2003-01-21  Jacques Vidrine  <nectar@kth.se>

        * kuser/kuser_locl.h: include crypto-headers.h for
        des_read_pw_string prototype

2003-01-16  Love Hörnquist Åstrand  <lha@it.su.se>

        * admin/ktutil.8: document -v, --verbose

        * admin/get.c (kt_get): make getarg usage consistent with other
        other parts of ktutil

        * admin/copy.c (kt_copy): remove adding verbose_flag to args
        struct, since it will overrun the args array (from Sumit Bose)
        
2003-01-15  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
        ... }

        * lib/krb5/aes-test.c: test vectors in aes-draft
        
        * lib/krb5/Makefile.am: add aes-test.c

        * lib/krb5/crypto.c: Add support for AES
        (draft-raeburn-krb-rijndael-krb-02), not enabled by default.
        (HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
        to support checksumtype that are have a shorter wireformat then
        their output block size.
        
        * lib/krb5/crypto.c (struct encryption_type): split the blocksize
        into blocksize and padsize, padsize is the minimum padding
        size. they are the same for now
        (enctype_*): add padsize
        (encrypt_internal): use padsize
        (encrypt_internal_derived): use padsize
        (wrapped_length): use padsize
        (wrapped_length_dervied): use padsize

        * lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
        function for each enctype in preparation enctypes that uses
        `Encryption and Checksum Specifications for Kerberos 5' draft
        
        * lib/asn1/k5.asn1: add checksum and enctype for AES from
        draft-raeburn-krb-rijndael-krb-02.txt

        * lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
        KEYTYPE_AES256

2003-01-14  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/hdb/common.c (_hdb_fetch): handle error code from
        hdb_value2entry

        * kdc/Makefile.am: always include kerberos4.c and 524.c in
        kdc_SOURCES to support 524

        * kdc/524.c: always compile in support for 524
        
        * kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
        
        * kdc/config.c: always compile in support for 524
        
        * kdc/connect.c: always compile in support for 524
        
        * kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
        even when we build without kerberos 4, 524 needs them
        
        * lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
        Kerberos 4 help functions/structures so other parts of the source
        tree can use it (like the KDC)