diff --git a/ChangeLog b/ChangeLog index 2852d717a..f117da067 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,1480 +1,4 @@ -2004-12-29 Love +2005-01-01 Love Hörnquist Åstrand - * lib/hdb/Makefile.am: add CHECK_SYMBOLS - - * lib/hdb/keys.c: make all_etypes static - - * lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err - -version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops - - * kdc/kerberos5.c: use private version of principalname - - * kdc/kerberos4.c: use private version of principalname - - * kdc/hpropd.c: use private version of principalname - - * kdc/524.c: use private version of principalname - - * lib/krb5/rd_req.c: use private version of principalname - - * lib/krb5/rd_cred.c: use private version of principalname - - * lib/krb5/init_creds_pw.c: use private version of principalname - - * lib/krb5/get_in_tkt.c: use private version of principalname - - * lib/krb5/asn1_glue.c: make principalname functions private - - * lib/krb5/krb5.h: add key usage for server referrals - -2004-12-29 Love Hörnquist Åstrand - - * lib/krb5/principal.c: make default_v4_name_convert static - - * lib/krb5/crypto.c: make lots of crypto related variables static - - * lib/krb5/acache.c: make default_acc_name static - -2004-12-28 Love Hörnquist Åstrand - - * doc/setup.texi: add some text about samba, use example.com - - * lib/hdb/hdb-ldap.c: Add account expiration for samba from James - F. Hranicky . - Add LDAP_addmod_integer and use it. - -2004-12-27 Love Hörnquist Åstrand - - * doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text - fixes, from Dave Love - -2004-12-18 Love Hörnquist Åstrand - - * lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just - needs pthread.h, threadlib is dead - -2004-12-17 Love Hörnquist Åstrand - - * kdc/config.c (configure): check for deprecated - enforce-transited-policy is set and fail if it is - - * lib/asn1/asn1_print.c: don't print garabage for octet strings - -2004-12-13 Love Hörnquist Åstrand - - * kdc/main.c (main): catch sigpipe, we don't bother select()ing - for errors - - * kdc/connect.c (handle_http_tcp): handle error from write(2) - - * doc/setup.texi: clarify credentials refreshing stuff - - * doc/setup.texi: add new node: Providing Kerberos credentials to - servers and programs - - * doc/whatis.texi: fix spurious cross-reference makeinfo warning - - * lib/hdb/hdb-ldap.c (pos): uppercase in character - -2004-12-12 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode - nibbels in the other order - - * lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if - attribute exists before we try to delete it LDAP__bytes2hex - encodes in strange byte order, is this really right ? - -2004-12-11 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all - entries, search for samba accounts too, From: "James F. Hranicky" - - - * lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid - too - - * lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing - both krb5PrincipalName and uid, it must be broken, ignore it and - return it doesn't exists. - -2004-12-10 Love Hörnquist Åstrand - - * kdc/hpropd.8: spelling, from OpenBSD - - * kdc/kdc.8: use keeps for options, From OpenBSD k - -2004-12-09 Love Hörnquist Åstrand - - * doc/setup.texi: document --random-key and the need to do backup - of the master key - - * kdc/kstash.8: add --random-key - - * kdc/kstash.c: add --random-key - -2004-12-08 Love Hörnquist Åstrand - - * lib/krb5/verify_krb5_conf.8: spelling, from openbsd - - * lib/krb5/krb5_init_context.3: spelling, from openbsd - - * lib/krb5/krb5.conf.5: spelling, from openbsd - - * kuser/kdestroy.1: use keeps around options, spelling, from - openbsd - - * kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD - - * kdc/hpropd.8: use keeps around options, from OpenBSD - - * kdc/hprop.8: use keeps around options, from OpenBSD - -2004-11-30 Love Hörnquist Åstrand - - * lib/krb5/context.c (krb5_free_context): clear error string - before destroying mutex - (krb5_init_context): don't call krb5_free_context before there is a - mutex initialized - -2004-11-18 Love Hörnquist Åstrand - - * kuser/kinit.c (get_new_tickets): only complain about ticket - renewable lifetime when the user asked for a specific renewable - lifetime - -2004-11-15 Love Hörnquist Åstrand - - * kdc/kerberos5.c (find_keys): log what principal is missing - enctypes - -2004-11-13 Love Hörnquist Åstrand - - * lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after - freeing data - - * lib/krb5/init_creds_pw.c (change_password): handle old_options - being NULL From Guenther Deschner on samba-technical. - -2004-11-12 Love Hörnquist Åstrand - - * lib/krb5/krb5_get_init_creds.3: add more text describing the - krb5_get_init_creds functions - -2004-11-11 Love Hörnquist Åstrand - - * lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work - again - -2004-11-10 Love Hörnquist Åstrand - - * lib/hdb/hdb.asn1: use constrained integers - -2004-11-09 Love Hörnquist Åstrand - - * lib/krb5/krb5_get_init_creds.3: add description for opt_init, - opt_alloc, opt_free - - * lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit - - * lib/krb5/init_creds.c: unexport - krb5_get_init_creds_opt_free_pkinit - - * lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into - get_init_creds_common - - * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in - options NULL, just make a clean copy - -2004-11-01 Love Hörnquist Åstrand - - * lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier - so we don't leak it on error - -2004-10-31 Love Hörnquist Åstrand - - * lib/krb5/krb5.conf.5: unbreak 2b entry - - * lib/krb5/acache.c (make_cred_from_ccred): the address isn't a - sockaddr but rather a kerberos address, deal with that. Based on - bug report from Jakob Schlyter . - -2004-10-30 Love Hörnquist Åstrand - - * kdc/connect.c: Make sure argument passed to ctype isn't signed - char - -2004-10-14 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c: match new error names - - * lib/krb5/krb5_err.et: make error messages sane again - -2004-10-13 Love Hörnquist Åstrand - - * lib/krb5/keytab.c: use KRB5_KT_BADNAME - - * lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major - version bump) add KRB5_DELTAT_BADFORMAT - - * lib/krb5/krb5.conf.5: time defaults to "s" - - * lib/krb5/time.c (krb5_string_to_deltat): default to "s" again, - MIT's behavior was actually that it failed to parse the number - (and thus used the default). Even better, ticket_lifetime (that - was a consumer supposed a of the interface) was documented but - never implemented, when it was implemented, people configuraiton - files started to fail. Also, use KRB5_DELTAT_BADFORMAT as a - failure code. - - * lib/asn1/k5.asn1: sync enctypes with pkinit branch - - * lib/asn1/parse.y (readd) support negative numbers - - * lib/asn1/lex.l: support hex numbers - -2004-10-12 Love Hörnquist Åstrand - - * kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS - - * lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding - for rc2 don't to padding for blocksize 1 - - * lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c: - Move keyset parsing and password based keyset generation into hdb. - Requested by Andrew Bartlett for hdb-ldb - backend. - -2004-10-07 Love Hörnquist Åstrand - - * kuser/kinit.c: adapt to new signature of - krb5_get_init_creds_opt_set_pkinit - - * lib/krb5/pkinit.c: free openssl engine deal with - RecipientIdentifier -> CMSIdentifier and heim_any -> name change - improve error messages - - * kdc/pkinit.c: free openssl engine deal with RecipientIdentifier - -> CMSIdentifier and heim_any -> name change - -2004-10-04 Johan Danielsson - - * kuser/klist.c: use rtbl_set_separator - -2004-10-03 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c: filter out dup openssl engine keys, parse - user options first - - * lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add - openssl engine support for private key - - * lib/krb5/crypto.c: support padding as its done in CMS - - * kdc/pkinit.c: improve error logging - - * kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt - -2004-09-30 Love Hörnquist Åstrand - - * lib/krb5/krb5.conf.5: assume minutes for time - - * lib/krb5/config_file.c (krb5_config_vget_time_default): use - krb5_string_to_deltat - - * lib/krb5/appdefault.c (krb5_appdefault_time): use - krb5_string_to_deltat - - * lib/krb5/time.c (krb5_string_to_deltat): set default unit to - minute for compatibility with MIT Kerberos. - - -2004-09-28 Love Hörnquist Åstrand - - * lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large - message safe" transport if we get back - KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner - - -2004-09-23 Johan Danielsson - - * admin/list.c: use rtbl - - * admin/ktutil-commands.in: slc source file - - * lib/krb5/constants.c: check - /Library/Preferences/edu.mit.Kerberos on OSX - -2004-09-21 Johan Danielsson - - * lib/krb5/time.c (krb5_format_time): check return value from - localtime and strftime - -2004-09-14 Johan Danielsson - - * kuser/kinit.c: make sure we don't always get renewable creds - -2004-09-11 Love Hörnquist Åstrand - - * lib/krb5/acache.c: use krb5_ccapi.h - - * lib/krb5/krb5_ccapi.h: break out krb5 api definitions to - separate (not installed) file - - * lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS - since AM_CPPFLAGS overridden by target specific _CPPFLAGS - -2004-09-08 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c: make variable shorter, make error messages - from pkinit, make freeing easier - -2004-09-06 Love Hörnquist Åstrand - - * lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen - - * lib/krb5/crypto.c (seed_something): avoid poking at memory that - is uninitialized, make valgrind unhappy. Pointd out by - abartlet@samba.org. While where, plug the fd leak. - -2004-09-05 Love Hörnquist Åstrand - - * lib/asn1/der_get.c (decode_*): name all tag-length variables the - same - (decode_enumerated): check that the tag-length is not longer the length - - * lib/asn1/der_get.c (decode_boolean): fail if length of tag is - larger then len - -2004-08-31 Love Hörnquist Åstrand - - * lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be - set in case of failure too, free unconditionally on exit to avoid - memory leak - -2004-08-23 Love Hörnquist Åstrand - - * lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after - free - -2004-08-20 Love Hörnquist Åstrand - - * lib/krb5/context.c (krb5_get_err_text): if neither of com_right - nor strerror finds the error-code, return Unknown error. - -2004-08-19 Johan Danielsson - - * lib/krb5/krb5_kuserok.3: update to reality - - * lib/krb5/kuserok.c: if a .k5login file exist, don't give - implicit rights to anyone; also check owner/mode of .k5login - -2004-08-15 Love Hörnquist Åstrand - - * lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3 - - * lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname - - * lib/krb5/krb5.3: add krb5_getportbyname - - * lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid - - * lib/krb5/krb5_encrypt.3: document krb5_enctype_valid - -2004-08-13 Love Hörnquist Åstrand - - * kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes - from the client and filter them out. - - * lib/krb5/krb5_string_to_key.3: document krb5_free_salt - -2004-08-12 Love Hörnquist Åstrand - - * lib/krb5/krb5_ticket.3: data needs to be freed when using - krb5_ticket_get_authorization_data_type - -2004-08-11 Love Hörnquist Åstrand - - * lib/krb5/test_cc.c: test variables in default_cc_name - - * lib/krb5/krb5.conf.5: explain support for varibles in - [libdefaults]default_cc_name - - * lib/krb5/cache.c: drop ${time}, its not very useful - - * lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand - variables in the default cc name. Supported variables now are: - ${time},${uid} and ${null} - - * lib/krb5/krb5.conf.5: document default_cc_name - - * lib/krb5/cache.c (krb5_cc_set_default_name): - s/libdefault/libdefaults/ - -2004-08-06 Love Hörnquist Åstrand - - * lib/krb5/acache.c: replace magic 3 with ccapi_version_3 - - * lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c - - * lib/krb5/krb5.h: add krb5_acc_ops - - * lib/krb5/acache.c: CCAPI v3 implementation, the read only - support was from Magnus Ahltorp and then extended by me to support - all other operations. Tested with MIT kerberos cc cache - implementation on MacOS 10.3.3 - - * lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the - default cc name, this is not very useful for general purpose glue - since its not possible to glue in user information (like uid), but - for CCAPI it works just fine - -2004-08-05 Love Hörnquist Åstrand - - * kuser/kgetcred.1: document --cache/-c - - * kuser/kgetcred.c: allow to specify what credential cache to use - -2004-08-03 Love Hörnquist Åstrand - - * lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3 - - * lib/krb5/krb5_eai_to_heim_errno.3: document - krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno - - * lib/krb5/krb5.3: add krb5_eai_to_heim_errno, - krb5_h_errno_to_heim_errno - -2004-07-26 Love Hörnquist Åstrand - - * lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms - result should be free with krb5_free_host_realm drop - krb5_get_host_realm text - - * lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result - should be free with krb5_free_host_realm - - * lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep - - * lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds - - * lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator - - * lib/krb5/Makefile.am: man_MANS += krb5_rd_error - - * lib/krb5/krb5_rd_error.3: krb5_rd_error and friends - - * lib/krb5/krb5_warn.3: clarify on what string - krb5_free_error_string should operate on - - * lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred - - * lib/krb5/Makefile.am: krb5_get_credentials, - krb5_get_forwarded_creds and friends - - * lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds - and friends - - * lib/krb5/krb5_get_credentials.3: krb5_get_credentials and - friends - -2004-07-23 Love Hörnquist Åstrand - - * kuser/klist.c (print_cred_verbose): keytypes are no longer, use - enctype - -2004-07-22 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99 - compilers, From metze at samba.org - -2004-07-20 Love Hörnquist Åstrand - - * lib/krb5/test_cc.c: more cc tests - - * lib/krb5/krb5_check_transited.3: document krb5_check_transited - -2004-07-19 Love Hörnquist Åstrand - - * kdc/pkinit.c (pk_principal_from_X509): reverse test, makes - principal in cert work From: Mayur Patel - -2004-07-18 Love Hörnquist Åstrand - - * lib/krb5/Makefile.am: add krb5_verify_init_creds.3 - - * lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds - -2004-07-15 Love Hörnquist Åstrand - - * lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org - description for krb5_passwd_result_to_string - -2004-07-14 Love Hörnquist Åstrand - - * lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar - fixes; split sentence in two for better understanding. From - wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here. - - * lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan - Stone - - * lib/krb5/changepw.c (process_reply): cast ssize_t to long and - print that From NetBSD via Havard Eidnes. - -2004-07-09 Love Hörnquist Åstrand - - * configure.in: fix helpstring for hdb-openldap-module - - * lib/krb5/test_cc.c: don't use krb5_err on error code 0 - -2004-07-08 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better - -2004-07-02 Love Hörnquist Åstrand - - * lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const - -2004-07-01 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with - right argument - -2004-06-27 Johan Danielsson - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the - krbtgt is without addresses, default to not sending our own - addrport - - * lib/asn1/lex.l: add support for /* */ and partial line -- - comments - - * kuser/Makefile.am: don't install copy_cred_cache manpage - -2004-06-24 Johan Danielsson - - * lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if - copying a static opt, make sure to allocate the "private" field - -2004-06-24 Love - - * kdc/config.c: add enable_pkinit_princ_in_cert - - * kdc/kdc_locl.h: enable_pkinit_princ_in_cert - - * kdc/pkinit.c: Check certificate for Kerberos Principal in - OtherName of subjectAltName Based on patch from Mayur Patel - - -2004-06-21 Love Hörnquist Åstrand - - * lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use - session key for authorization-data - -2004-06-15 Love Hörnquist Åstrand - - * kdc/connect.c (handle_tcp): note who is what that closed the - connection on us - -2004-06-09 Love Hörnquist Åstrand - - * admin/get.c (kt_get): catch errors from krb5_parse_name - -2004-06-05 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c: if its the entry just contains the - structural object (no samba nor heimdal object), add an aux - heimdal object on to it. - -2004-06-02 Love Hörnquist Åstrand - - * kpasswd/kpasswd.c: use krb5_set_password_using_ccache - - * lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache - - * lib/krb5/changepw.c: implement krb5_set_password_using_ccache - - * lib/hdb/hdb-ldap.c: Allow the objectClass to be - "sambaSamAccount" or structural_object when searching for uid - entries. - - * lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base - - * lib/hdb/hdb-ldap.c: add creation base that defaults to the - search base - - * lib/hdb/hdb-ldap.c: indent like the rest of the code - -2004-06-01 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c: check return values from ldap operations and - close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you - should retry by yourself. - - * lib/hdb/hdb-ldap.c: require search base to be configured, create - local context structure - -2004-05-31 Love Hörnquist Åstrand - - * doc/setup.texi: more ldap text, partly from Tarjei Huse - - -2004-05-28 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c: clean, indent - - * lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure - krb5KeyVersionNumber is added on new entires - -2004-05-27 Love Hörnquist Åstrand - - * doc/setup.texi: minor fixes, partly from Tarjei Huse - - - * lib/krb5/krb5.conf.5: some text about dbname and realm - - * lib/krb5/krb5.conf.5: default value for - hdb-ldap-structural-object is account - -2004-05-26 Love Hörnquist Åstrand - - * tools/Makefile.am: use ! instead of , as sed delimiter - -2004-05-25 Love Hörnquist Åstrand - - * lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions - -2004-05-23 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean - - * lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure - option - - * lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From: - Andrew Bartlett - - * lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length - check From: Andrew Bartlett - - * lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword - case, make sure ent->etypes are allocated, From: Andrew Bartlett - - -2004-05-14 Love Hörnquist Åstrand - - * kuser/kinit.c: move "setpag if (argc < 1)" to common path - -2004-05-12 Love Hörnquist Åstrand - - * lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers - - * fix-export: use right argument for -E - -2004-05-06 Johan Danielsson - - * kuser/kinit.c: print some diagnostics if the exec fails - -2004-04-29 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key - From: Luke Howard - - * lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket, - not just a pointer size of it From: Luke Howard - -2004-04-28 Love Hörnquist Åstrand - - * fix-export: add -E flag where needed to make-proto - -2004-04-26 Love Hörnquist Åstrand - - * lib/krb5/crypto.c: add set_param for RC2 - - * lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids - that are no longer needed - - * kdc/pkinit.c: use krb5_enctype_to_oid - - * lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists - before we compare with it - - * lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length - before returning it add aes-oids - - * lib/krb5/crypto.c: add krb5_enctype_to_oid and - krb5_oid_to_enctype - - * kdc/pkinit.c: use krb5_crypto_set_params - - * lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none - - * lib/krb5/krb5.h: add KEYTYPE_AES192 - - * lib/krb5/pkinit.c: use krb5_crypto_get_params to implement - kcrypto RC2 support - - * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype - rc2-cbc XXX RC2CBCParameter is wrong because the compiler is - broken - - * lib/krb5/krb5.h: add KEYTYPE_RC2 - - * lib/krb5/crypto.c: add partial CMS parameter handling, this is - needed for RC2 - - * lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp - - * lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c - - * lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp - - * lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE - - * lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype - rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken - -2004-04-26 Johan Danielsson - - * lib/krb5/config_file.c: allow parsing directly from strings with - krb5_config_parse_string_multi - - * lib/krb5/verify_krb5_conf.c: try to resolve hostnames - -2004-04-25 Johan Danielsson - - * lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file - descriptor so we don't have to keep track of it in two places - - * kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in - libkrb5 - - * lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its - own manpage - - * replace krb5_free_creds_contents by krb5_free_cred_contents - - * lib/krb5/cache.c: add krb5_cc_next_cred_match() and - krb5_cc_copy_cred_match() - - * lib/krb5/creds.c (krb5_compare_creds): add more matching options - - * lib/krb5/krb5.h: add more creds match flags - - * kuser/copy_cred_cache: add --valid-for option - - * lib/krb5/store.c (krb5_store_creds): set is_skey flag if length - of second ticket is > 0 - -2004-04-25 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c: use the right oid for pkauthdata - - * lib/krb5/pkinit.c: always send both win2k compat version and the - ietf draft one, this is possible since microsoft use - wrong/diffrent PA number. Make the configuration flag boolean - configuring if NOT to send the win2k compat glue. - - * lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec - - * kuser/copy_cred_cache.1: pacify mdoclint - - * kdc/pkinit.c: use IV for envelopeddata encryption, patch - originally from Luke Howard , tweeked by me. - - * lib/krb5/krb5_storage.3: document - KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER - - * lib/krb5/krb5_data.3: document that krb5_data_free cleans the - structure too - - * lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch - originally from Luke Howard , tweeked by me. - -2004-04-24 Johan Danielsson - - * kuser/copy_cred_cache.{c,1}: add cred cache copy tool - - * configure.in: use rk_SYS_LARGEFILE - - * lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder - issue with a storage flag instead of a separate function. - -2004-04-24 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c: move out the oid check from get_reply_key - - * lib/krb5/pkinit.c: uniquify error messages - - * lib/krb5/init_creds_pw.c: make the pkinit nonce same os the - plain nonce for now - - * lib/krb5/pkinit.c: more w2k compat from Luke Howard - add RC2 support, clean up error messages - - * lib/krb5/pkinit.c: remove more dependency on - krb5_config->pkinit_flags - - * lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft - style answer to IETF, From Luke Howard - (_krb5_pk_create_sign): ms handles NULL in param, so always send it - (_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool } - - * lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the - digestAlgorithm to sha1 (both for SignerInfo and SignedData, add - new function _set_digest_alg to set it - -2004-04-23 Love Hörnquist Åstrand - - * include/make_crypto.c: include rc2.h, and when I'm here, make - aes mandatory - - * lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT - kerberos - - * lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on - failure - - * lib/krb5/crypto.c (DES3_random_to_key): make it produce the - right result - (DES3_postproc): use DES3_random_to_key - (krb5_random_to_key): check the required number of bits (not the size - of the key) - - * lib/krb5/aes-test.c: test random to key function - - * lib/krb5/string-to-key-test.c: comment out the "@"/"" test for - now - -2004-04-22 Love Hörnquist Åstrand - - * lib/krb5/krb5_string_to_key.3: document that - krb5_string_to_key_derived is broken for non 3des enctypes and - thus deprecated - - * kdc/pkinit.c (generate_dh_keyblock): use the new function - krb5_random_to_key - - * lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they - need special processing - - * lib/krb5/crypto.c (krb5_random_to_key): new function - - * lib/krb5/krb5_keyblock.3: document krb5_random_to_key - -2004-04-21 Love Hörnquist Åstrand - - * kdc/pkinit.c: use the first proposed enable enctype - - * lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the - return from krb5_enctype_valid - - * kdc/pkinit.c: at least try to handle diffrent enveloped enctypes - -2004-04-21 Love Hörnquist Åstrand - - * lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid - components being smaller then 127 and allocate one extra element - since first byte is split to to elements. - -2004-04-20 Love Hörnquist Åstrand - - * lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE: - private use, lukeh@padl.com - -2004-04-19 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode - DH public key - -2004-04-18 Love Hörnquist Åstrand - - * lib/krb5/krb5_init_context.3: add krb5_context to so its added - as manpage-link too - -2004-04-17 Love Hörnquist Åstrand - - * lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation, - XXX add locking - - * kuser/kdestroy.c: add --credential argument that just remove one - credential entry out of the cache specified - - * kdc/pkinit.c: replace the krb5.conf configuration option that - describes the mapping between principals and subject names with a - file, default /var/heimdal/pki-mapping. XXX this should be pushed - into HDB. XXX should add issuer too - - * kdc/config.c: merge certificate/private_key to a user_id - -2004-04-16 Love Hörnquist Åstrand - - * kdc/kdc_locl.h: update prototype for pk_initialize - - * kuser/kinit.c: merge certificate/private_key to a user_id - - * kdc/pkinit.c: adapt to heim_integer changes - - * lib/krb5/pkinit.c: merge certificate/private_key to a user_id - - * kdc/pkinit.c: adapt to heim_integer changes, - merge certificate/private_key to a user_id - -2004-04-15 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE - -2004-04-13 Love Hörnquist Åstrand - - * lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building - libkrb5.la, add KRB5_LIB_FUNCTION proto - - * lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION - - * configure.in: export KRB5_LIB_FUNCTION when building with - BUILD_KRB5_LIB - - * lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add - error strings - - * lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing - is printed on stderr, fflush it - - * lib/krb5/krb5_keyblock.3: free functions also zeros out the key - - * lib/krb5/krb5_get_init_creds.3: some text about - krb5_prompter_posix - - * lib/krb5/krb5.conf.5: document hdb-ldap-structural-object - - * lib/krb5/cache.c: add krb5_cc_get_prefix_ops - - * lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops - -2004-04-05 Love Hörnquist Åstrand - - * appl/test/http_client.c: support GSS_C_DELEG_FLAG and - GSS_C_MUTUAL_FLAG - - * appl/test/http_client.c: verbose logging - -2004-04-02 Love Hörnquist Åstrand - - * kdc/connect.c: case size_t to unsigned long for LP64 platforms - -2004-04-01 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of - default structural object - - * tools/Makefile.am: handle sed expression breaking - -2004-03-31 Love Hörnquist Åstrand - - * lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr - - * lib/krb5/changepw.c: add tcp support to the set protocol, should - be cleaned up to enable sharing code with krb5_sendto - - * kpasswd/kpasswd.c (change_password): remove extra free - - * lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on - osf/1 - -2004-03-30 Love Hörnquist Åstrand - - * lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't - increase md->len, krb5_padata_add already does that - - * lib/krb5/init_creds.c: its PAC not PAQ - - * kuser/kinit.c: its PAC not PAQ - - * kdc/kerberos4.c: stop the client from renewing tickets into the - future From: Jeffrey Hutzelman - -2004-03-29 Love Hörnquist Åstrand - - * configure.in: try to handle sys/strtty.h needing sys/stream.h - -2004-03-23 Love Hörnquist Åstrand - - * lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no - longer used - - * kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/ - - * lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to - external users by prefixing it with _ - - * lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/ - - * lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external - users by prefixing it with _ - -2004-03-22 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c: add missing } - -2004-03-21 Love Hörnquist Åstrand - - * kdc/pkinit.c: adapt to change of signature of - _krb5_pk_load_openssl_id - - * lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add - prompter argument and use it - - * kuser/kinit.c: adapt to signature change of - krb5_get_init_creds_opt_set_pkinit - - * lib/krb5/krb5.3: add more stuff, 105 functions to go - - * lib/krb5/krb5_rcache.3: add krb5_get_server_rcache - - * lib/krb5/krb5_rcache.3: framework for replay cache manpage - - * lib/krb5/krb5_string_to_key.3: document string to key functions - - * lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3 - krb5_find_padata.3 krb5_generate_random_block.3 - - * lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length - - * lib/krb5/krb5.3: add some more, 137 to go - - * lib/krb5/krb5_principal.3: document krb5_get_default_principal - - * lib/krb5/krb5_keyblock.3: document krb5_generate_subkey - - * lib/krb5/krb5_generate_random_block.3: document - krb5_generate_random_block - - * lib/krb5/krb5_find_padata.3: document padata functions - - * lib/krb5/krb5.3: add some more, 142 to go - - * lib/krb5/krb5_creds.3: drop .Pp before .Sh - - * lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm - - * lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname - and krb5_expand_hostname_realms - - * lib/krb5/krb5.3: add more functions, 147 to go - - * lib/krb5/krb5_creds.3: document krb5_creds - - * lib/krb5/krb5_get_init_creds.3: add more functions, some more - text - - * lib/krb5/krb5_ticket.3: document - krb5_ticket_get_authorization_data_type - -2004-03-20 Love Hörnquist Åstrand - - * lib/krb5/aes-test.c: remove #if 0'ed code - - * lib/krb5/krb5.3: add keyblock functions, 177 functions to go - - * lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache - - * lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket - - * lib/krb5/krb5_config.3: document krb5_config_free_strings and - krb5_config_file_free - - * lib/krb5/krb5_create_checksum.3: add krb5_hmac - - * lib/krb5/krb5.3: add keyblock functions, 190 functions to go - - * lib/krb5/krb5_keyblock.3: update .Dd - - * lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and - krb5_generate_random_keyblock - - * lib/krb5/krb5_init_context.3: add krb5_init_ets - - * lib/krb5/krb5_config.3: add more krb5_config_ functions and - prototypes - - * lib/krb5/krb5_init_context.3: document context modifcation - functions: address list, config file, use admin kdc, fcc version - - * lib/krb5/krb5_storage.3: document krb5_storage and related - functions - - * lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc - manpages and test_acl test program - - * lib/krb5/krb5.3: add error string functions and sort - - * lib/krb5/krb5_warn.3: document krb5_abort and error string - functions - - * lib/krb5/krb5.3: add missing functions, only 285 left to - document - - * lib/krb5/krb5_crypto_init.3: remove various enctype related - function - - * lib/krb5/krb5_encrypt.3: add various enctype related function - here - - * lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid - krb5_cksumtype_valid - - * lib/krb5/crypto.c: real return values for - krb5_{enctype,cksumtype}_valid - - * lib/krb5/krb5_create_checksum.3: add some functions and - descriptions - - * lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions - - * lib/krb5/krb5_auth_context.3: document - krb5_auth_con_generatelocalsubkey - - * lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags - - * lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name - - * lib/krb5/krb5_init_context.3: document krb5_add_et_list - - * lib/krb5/krb524_convert_creds_kdc.3: document - krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache - - * lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_* - - * lib/krb5/test_acl.c: test for generic acl code - - * lib/krb5/acl.c: plug memory leak on file matching, - make it not fall over when no non matching acl, - make fnmatch matching useful by switching arguments + * doc/heimdal.texi: Happy New Year -2004-03-19 Love Hörnquist Åstrand - - * kdc/config.c: add --builtin-hdb command - - * lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin - backends - - * doc/setup.texi: include Luke Howard of PADL.COM ldap hdb - documentation - - * doc/win2k.texi: fix bugs in examples, add more restrictions, use - example.com as an example. From: Pavel Ferdan - - -2004-03-18 Johan Danielsson - - * lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin] - password_lifetime; from Henry B. Hotz - -2004-03-14 Love Hörnquist Åstrand - - * lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY - is set send subkey - (generate if needed) - - * lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY - -2004-03-14 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks, - and free memory in error path, assume realloc(NULL, ...) works, - factor out common code, indent - -2004-03-12 Love Hörnquist Åstrand - - * lib/krb5/verify_krb5_conf.c: understand [password_quality] - spelling - - * kuser/kgetcred.1: document --canonicalize - - * kuser/kgetcred.c: add --canonicalize - -2004-03-10 Love Hörnquist Åstrand - - * lib/krb5/fcache.c (fcc_store_cred): NULL terminate - krb5_config_get_bool_default' arglist - -2004-03-09 Love Hörnquist Åstrand - - * kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply - - * kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry - - * kdc/pkinit.c: pass client hdb_entry to pk_check_client - - * kdc/kdc_locl.h: pass client hdb_entry to pk_check_client - - * kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its - more like that language in RFC3280 - - * lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since - its more like that language in RFC3280 - - * lib/krb5/krb5.conf.5: document - [libdefaults]fcc-mit-ticketflags=boolean - - * lib/krb5/fcache.c (fcc_store_cred): use - [libdefaults]fcc-mit-ticketflags=boolean to decide what format to - write the fcc in. Default to mit version (aka heimdal 0.7) - - * lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and - _krb5_store_creds_heimdal_pre_0_7 that store the creds in just - that format make krb5_store_creds default to mit format - - * lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is - the higher bits of the bitfield - -2004-03-08 Love Hörnquist Åstrand - - * lib/krb5/store.c (krb5_store_creds): add disabled code that - store the ticket flags in reverse order - (bitswap32): new function - - * lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags - are set, its a mit cache, reverse the bits, bug pointed out by - Sergio Gelato - -2004-03-07 Love Hörnquist Åstrand - - * lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP * - - * kuser/kinit.c: when running kinit with a subprocess, fetch new - tickets after half the tickets lifetime - - * lib/hdb/hdb.c: spelling - - * lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba - password database. From: Andrew Bartlett - - * kdc/config.c: add --disable-DES - - * kdc/kdc.8: document --detach and --disable-DES - - * kdc/kerberos5.c: check if enctype is disabled before using it - - * lib/krb5/crypto.c: add support for disabling checksum/encryption - types - - * tools/kdc-log-analyze.pl: add more cases - - * kdc/connect.c: on strange tcp error; log local port number and - socket type - - * lib/asn1/der.h: fix prototype of encode_utf8string - - * lib/asn1/gen.c: catch CHOICE and generate dummy placeholder - - * lib/asn1/lex.l: added dummy parsing of CHOICE - - * lib/asn1/parse.y: added dummy parsing of CHOICE - - * lib/asn1/k5.asn1: drop SMTP_NAME - -2004-03-06 Love Hörnquist Åstrand - - * lib/hdb/Makefile.am: support building ldap backend as module - sort asn1 hdb files - - * lib/hdb/hdb.c: when building ldap as a shared module, don't - include it in the list - - * configure.in: add --enable-hdb-openldap-module - - * lib/hdb/hdb-ldap.c: make ldap possible to build as a shared - module - - * lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew - Bartlett - - * lib/krb5/crypto.c (decrypt_internal_special): do not not modify - the original data test case from Ronnie Sahlberg - - -2004-03-03 Love Hörnquist Åstrand - - * lib/krb5/test_cc.c: more cc tests, mostly related to mcc - behavior - - * lib/krb5/mcache.c (mcc_get_principal): also check for - primary_principal == NULL now that that isn't used as dead flag - - * lib/krb5/mcache.c: don't overload the primary_principal == NULL - as dead since that doesn't always work. Based on patch from - Jeffrey Hutzelman , tweeked by me - -2004-02-22 Love Hörnquist Åstrand - - * kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp - - * lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp - - * lib/hdb/db3.c: fix all db >= 4.1 cases - - * doc/setup.texi: add text about hostname to realm mapping using - DNS - -2004-02-20 Love Hörnquist Åstrand - - * kdc/pkinit.c: update error codes - - * lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_ - - * lib/krb5/pkinit.c: update error codes - -2004-02-19 Love Hörnquist Åstrand - - * lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort() - - * lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling - - * lib/krb5/store.c: handle memory allocate errors - - * lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok, - and don't put an error in the error strings then - -2004-02-13 Love Hörnquist Åstrand - - * kdc/pkinit.c: s/heim_big_integer/heim_integer/ - - * lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/ - - * kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors - - * lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT - errors - - * lib/krb5/heim_err.et: add HEIM_PKINIT specific errors - -2004-02-12 Love Hörnquist Åstrand - - * configure.in: rename AC_WFLAGS to rk_WFLAGS - - * acinclude.m4: use m4_define, over-quote string - -2004-02-11 Love Hörnquist Åstrand - - * lib/krb5/init_creds_pw.c (change_password): handle that - printf("%.*s", 0, (void*)NULL); doesn't work on solaris - -2004-02-10 Love Hörnquist Åstrand - - * kpasswd/kpasswd.c (change_password): handle that printf("%.*s", - 0, (void*)NULL); doesn't work on solaris - - * lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses - some locate.updatedb, use FILES section to describe where the file - is instead. - -2004-02-07 Love Hörnquist Åstrand - - * lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned - for certain negative integers, it got the length wrong" , from - Panasas, Inc. - - * lib/asn1/der_length.c: Fix len_unsigned for certain negative - integers, it got the length wrong, fix from Panasas, Inc. - - rename len_int and len_unsigned to _heim_\& - - * lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int - -2004-02-06 Dave Love - - * configure.in: Check for sys/socket.h, net/if.h. Modify term.h, - security/pam_appl.h tests. - -2004-02-03 Love Hörnquist Åstrand - - * lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add - up the size of all the elements, don't use just the size of the - last element. - - * lib/krb5/aes-test.c: add "next iv" test for aes128, check - decryption case too - - * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of - the next to last block, fix decryption case too - - * lib/krb5/aes-test.c: add "next iv" test for aes128 - - * lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of - the next to last block - - * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode - error - - * lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode - error - - * lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1 - encode error - - * lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode - error - - * lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1 - encode error - - * lib/krb5/build_auth.c (krb5_build_authenticator): abort on - internal asn1 encode error - - * lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal - asn1 encode error - -2004-01-30 Love Hörnquist Åstrand - - * doc/setup.texi: some text about order of [capaths] realms - -2004-01-25 Love Hörnquist Åstrand - - * lib/krb5/context.c: register WRFILE ops - - * lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE) - - * lib/krb5/krb5.h: add krb5_wrfkt_ops - - * kpasswd/kpasswdd.c (change): use the right password when - changing the password - -2004-01-21 Love Hörnquist Åstrand - - * lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it - means that the filesystem doesn't support locking - - * lib/krb5/keytab.c: remove #if 0 out file locking code - -2004-01-19 Love Hörnquist Åstrand - - * lib/asn1/gen_length.c (length_type): TSequenceOf: add up the - size of all the elements, don't use just the size of the last - element. - -2004-01-13 Love Hörnquist Åstrand - - * kuser/kinit.c (renew_validate): if renewable_flag and not time - specifed, use "1 month" - -2004-01-08 Love Hörnquist Åstrand - - * lib/krb5/krb5_keyblock.3: add prototypes, describe - krb5_keyblock_zero - -2004-01-05 Love Hörnquist Åstrand - - * lib/krb5/get_for_creds.c (add_addrs): don't add same address - multiple times - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to - handle errors better for previous commit - - * lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets - are address-less, forward address-less tickets. - - * lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and - export it -