heimdal/ChangeLog

2004-03-19  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/setup.texi: include Luke Howard of PADL.COM ldap hdb
	documentation

	* doc/win2k.texi: fix bugs in examples, add more restrictions, use
	example.com as an example. From: Pavel Ferdan
	<xferdan@informatics.muni.cz>

2004-03-18  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin]
	password_lifetime; from Henry B. Hotz

2004-03-14  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY
	is set send subkey
	(generate if needed)

	* lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY
	
2004-03-14  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks,
	and free memory in error path, assume realloc(NULL, ...) works,
	factor out common code, indent

2004-03-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/verify_krb5_conf.c: understand [password_quality]
	spelling
	
	* kuser/kgetcred.1: document --canonicalize
	
	* kuser/kgetcred.c: add --canonicalize
	
2004-03-10  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/fcache.c (fcc_store_cred): NULL terminate
	krb5_config_get_bool_default' arglist
	
2004-03-09  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply
	
	* kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry
	
	* kdc/pkinit.c: pass client hdb_entry to pk_check_client
	
	* kdc/kdc_locl.h: pass client hdb_entry to pk_check_client
	
	* kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its
	more like that language in RFC3280
	
	* lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since
	its more like that language in RFC3280
	
	* lib/krb5/krb5.conf.5: document
	[libdefaults]fcc-mit-ticketflags=boolean

	* lib/krb5/fcache.c (fcc_store_cred): use
	[libdefaults]fcc-mit-ticketflags=boolean to decide what format to
	write the fcc in. Default to mit version (aka heimdal 0.7)
	
	* lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and
	_krb5_store_creds_heimdal_pre_0_7 that store the creds in just
	that format make krb5_store_creds default to mit format
	
	* lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is
	the higher bits of the bitfield
	
2004-03-08  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/store.c (krb5_store_creds): add disabled code that
	store the ticket flags in reverse order
	(bitswap32): new function

	* lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags
	are set, its a mit cache, reverse the bits, bug pointed out by
	Sergio Gelato <Sergio.Gelato@astro.su.se>

2004-03-07  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP *
	
	* kuser/kinit.c: when running kinit with a subprocess, fetch new
	tickets after half the tickets lifetime
	
	* lib/hdb/hdb.c: spelling
	
	* lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba
	password database.  From: Andrew Bartlett <abartlet@samba.org>

	* kdc/config.c: add --disable-DES
	
	* kdc/kdc.8: document --detach and --disable-DES
	
	* kdc/kerberos5.c: check if enctype is disabled before using it
	
	* lib/krb5/crypto.c: add support for disabling checksum/encryption
	types

	* tools/kdc-log-analyze.pl: add more cases
	
	* kdc/connect.c: on strange tcp error; log local port number and
	socket type
	
	* lib/asn1/der.h: fix prototype of encode_utf8string
	
	* lib/asn1/gen.c: catch CHOICE and generate dummy placeholder
	
	* lib/asn1/lex.l: added dummy parsing of CHOICE
	
	* lib/asn1/parse.y: added dummy parsing of CHOICE
	
	* lib/asn1/k5.asn1: drop SMTP_NAME
	
2004-03-06  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/Makefile.am: support building ldap backend as module
	sort asn1 hdb files
	
	* lib/hdb/hdb.c: when building ldap as a shared module, don't
	include it in the list

	* configure.in: add --enable-hdb-openldap-module
	
	* lib/hdb/hdb-ldap.c: make ldap possible to build as a shared
	module

	* lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew
	Bartlett <abartlet@samba.org>

	* lib/krb5/crypto.c (decrypt_internal_special): do not not modify
	the original data test case from Ronnie Sahlberg
	<ronnie_sahlberg@ozemail.com.au>

2004-03-03  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/test_cc.c: more cc tests, mostly related to mcc
	behavior

	* lib/krb5/mcache.c (mcc_get_principal): also check for
	primary_principal == NULL now that that isn't used as dead flag
	
	* lib/krb5/mcache.c: don't overload the primary_principal == NULL
	as dead since that doesn't always work. Based on patch from
	Jeffrey Hutzelman <jhutz@cmu.edu>, tweeked by me
	
2004-02-22  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
	
	* lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
	
	* lib/hdb/db3.c: fix all db >= 4.1 cases
	
	* doc/setup.texi: add text about hostname to realm mapping using
	DNS

2004-02-20  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/pkinit.c: update error codes
	
	* lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_

	* lib/krb5/pkinit.c: update error codes
	
2004-02-19  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort()
	
	* lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling
	
	* lib/krb5/store.c: handle memory allocate errors

	* lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok,
	and don't put an error in the error strings then
	
2004-02-13  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/pkinit.c: s/heim_big_integer/heim_integer/
	
	* lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/
	
	* kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors
	
	* lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT
	errors
	
	* lib/krb5/heim_err.et: add HEIM_PKINIT specific errors
	
2004-02-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* configure.in: rename AC_WFLAGS to rk_WFLAGS
	
	* acinclude.m4: use m4_define, over-quote string
	
2004-02-11  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/init_creds_pw.c (change_password): handle that
	printf("%.*s", 0, (void*)NULL); doesn't work on solaris
	
2004-02-10  Love Hörnquist Åstrand  <lha@it.su.se>

	* kpasswd/kpasswd.c (change_password): handle that printf("%.*s",
	0, (void*)NULL); doesn't work on solaris
	
	* lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses
	some locate.updatedb, use FILES section to describe where the file
	is instead.

2004-02-07  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned
	for certain negative integers, it got the length wrong" , from
	Panasas, Inc.

	* lib/asn1/der_length.c: Fix len_unsigned for certain negative
	integers, it got the length wrong, fix from Panasas, Inc.
	
	rename len_int and len_unsigned to _heim_\&
	
	* lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int
	
2004-02-06  Dave Love  <d.love@dl.ac.uk>

	* configure.in: Check for sys/socket.h, net/if.h.  Modify term.h,
	security/pam_appl.h tests.
	
2004-02-03  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add
	up the size of all the elements, don't use just the size of the
	last element.

	* lib/krb5/aes-test.c: add "next iv" test for aes128, check
	decryption case too

	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
	the next to last block, fix decryption case too
	
	* lib/krb5/aes-test.c: add "next iv" test for aes128
	
	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
	the next to last block

	* lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
	error
	
	* lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
	error

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1
	encode error

	* lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode
	error

	* lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1
	encode error

	* lib/krb5/build_auth.c (krb5_build_authenticator): abort on
	internal asn1 encode error

	* lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal
	asn1 encode error

2004-01-30  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/setup.texi: some text about order of [capaths] realms
	
2004-01-25  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/context.c: register WRFILE ops
	
	* lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE)
	
	* lib/krb5/krb5.h: add krb5_wrfkt_ops
	
	* kpasswd/kpasswdd.c (change): use the right password when
	changing the password

2004-01-21  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it
	means that the filesystem doesn't support locking
	
	* lib/krb5/keytab.c: remove #if 0 out file locking code
	
2004-01-19  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/asn1/gen_length.c (length_type): TSequenceOf: add up the
	size of all the elements, don't use just the size of the last
	element.

2004-01-13  Love Hörnquist Åstrand  <lha@it.su.se>

	* kuser/kinit.c (renew_validate): if renewable_flag and not time
	specifed, use "1 month"

2004-01-08  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5_keyblock.3: add prototypes, describe
	krb5_keyblock_zero

2004-01-05  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/get_for_creds.c (add_addrs): don't add same address
	multiple times

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to
	handle errors better for previous commit

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets
	are address-less, forward address-less tickets.
	
	* lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and
	export it