From owner-svn-src-all@FreeBSD.ORG Thu Sep 29 05:23:58 2011 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 183A11065670; Thu, 29 Sep 2011 05:23:58 +0000 (UTC) (envelope-from stas@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 0377A8FC0C; Thu, 29 Sep 2011 05:23:58 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p8T5NvjK006113; Thu, 29 Sep 2011 05:23:57 GMT (envelope-from stas@svn.freebsd.org) Received: (from stas@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p8T5Nveg006110; Thu, 29 Sep 2011 05:23:57 GMT (envelope-from stas@svn.freebsd.org) Message-Id: <201109290523.p8T5Nveg006110@svn.freebsd.org> From: Stanislav Sedov Date: Thu, 29 Sep 2011 05:23:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-vendor@freebsd.org X-SVN-Group: vendor-crypto MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r225864 - in vendor-crypto/heimdal/dist: . admin appl cf crypto/heimdal crypto/heimdal/admin crypto/heimdal/appl crypto/heimdal/cf crypto/heimdal/doc crypto/heimdal/etc crypto/heimdal/i... X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2011 05:23:58 -0000 Author: stas Date: Thu Sep 29 05:23:57 2011 New Revision: 225864 URL: http://svn.freebsd.org/changeset/base/225864 Log: - Flatten the vendor heimdal tree. Added: vendor-crypto/heimdal/dist/ChangeLog - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog vendor-crypto/heimdal/dist/ChangeLog.1998 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.1998 vendor-crypto/heimdal/dist/ChangeLog.1999 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.1999 vendor-crypto/heimdal/dist/ChangeLog.2000 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2000 vendor-crypto/heimdal/dist/ChangeLog.2001 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2001 vendor-crypto/heimdal/dist/ChangeLog.2002 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2002 vendor-crypto/heimdal/dist/ChangeLog.2003 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2003 vendor-crypto/heimdal/dist/ChangeLog.2004 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2004 vendor-crypto/heimdal/dist/ChangeLog.2005 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2005 vendor-crypto/heimdal/dist/ChangeLog.2006 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2006 vendor-crypto/heimdal/dist/LICENSE - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/LICENSE vendor-crypto/heimdal/dist/Makefile.am - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/Makefile.am vendor-crypto/heimdal/dist/Makefile.am.common - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/Makefile.am.common vendor-crypto/heimdal/dist/Makefile.in - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/Makefile.in vendor-crypto/heimdal/dist/NEWS - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/NEWS vendor-crypto/heimdal/dist/README - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/README vendor-crypto/heimdal/dist/acinclude.m4 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/acinclude.m4 vendor-crypto/heimdal/dist/aclocal.m4 - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/aclocal.m4 vendor-crypto/heimdal/dist/admin/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/admin/ vendor-crypto/heimdal/dist/appl/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/appl/ vendor-crypto/heimdal/dist/autogen.sh - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/autogen.sh vendor-crypto/heimdal/dist/cf/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/cf/ vendor-crypto/heimdal/dist/compile - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/compile vendor-crypto/heimdal/dist/config.guess - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/config.guess vendor-crypto/heimdal/dist/config.sub - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/config.sub vendor-crypto/heimdal/dist/configure - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/configure vendor-crypto/heimdal/dist/configure.in - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/configure.in vendor-crypto/heimdal/dist/doc/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/doc/ vendor-crypto/heimdal/dist/etc/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/etc/ vendor-crypto/heimdal/dist/include/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/include/ vendor-crypto/heimdal/dist/install-sh - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/install-sh vendor-crypto/heimdal/dist/kadmin/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/kadmin/ vendor-crypto/heimdal/dist/kcm/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/kcm/ vendor-crypto/heimdal/dist/kdc/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/kdc/ vendor-crypto/heimdal/dist/kpasswd/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/kpasswd/ vendor-crypto/heimdal/dist/krb5.conf - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/krb5.conf vendor-crypto/heimdal/dist/kuser/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/kuser/ vendor-crypto/heimdal/dist/lib/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/lib/ vendor-crypto/heimdal/dist/ltconfig - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ltconfig vendor-crypto/heimdal/dist/ltmain.sh - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ltmain.sh vendor-crypto/heimdal/dist/missing - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/missing vendor-crypto/heimdal/dist/mkinstalldirs - copied unchanged from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/mkinstalldirs vendor-crypto/heimdal/dist/packages/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/packages/ vendor-crypto/heimdal/dist/tests/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/tests/ vendor-crypto/heimdal/dist/tools/ - copied from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/tools/ Deleted: vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.1998 vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.1999 vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2000 vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2001 vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2002 vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2003 vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2004 vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2005 vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog.2006 vendor-crypto/heimdal/dist/crypto/heimdal/LICENSE vendor-crypto/heimdal/dist/crypto/heimdal/Makefile.am vendor-crypto/heimdal/dist/crypto/heimdal/Makefile.am.common vendor-crypto/heimdal/dist/crypto/heimdal/Makefile.in vendor-crypto/heimdal/dist/crypto/heimdal/NEWS vendor-crypto/heimdal/dist/crypto/heimdal/README vendor-crypto/heimdal/dist/crypto/heimdal/acinclude.m4 vendor-crypto/heimdal/dist/crypto/heimdal/aclocal.m4 vendor-crypto/heimdal/dist/crypto/heimdal/admin/ vendor-crypto/heimdal/dist/crypto/heimdal/appl/ vendor-crypto/heimdal/dist/crypto/heimdal/autogen.sh vendor-crypto/heimdal/dist/crypto/heimdal/cf/ vendor-crypto/heimdal/dist/crypto/heimdal/compile vendor-crypto/heimdal/dist/crypto/heimdal/config.guess vendor-crypto/heimdal/dist/crypto/heimdal/config.sub vendor-crypto/heimdal/dist/crypto/heimdal/configure vendor-crypto/heimdal/dist/crypto/heimdal/configure.in vendor-crypto/heimdal/dist/crypto/heimdal/doc/ vendor-crypto/heimdal/dist/crypto/heimdal/etc/ vendor-crypto/heimdal/dist/crypto/heimdal/include/ vendor-crypto/heimdal/dist/crypto/heimdal/install-sh vendor-crypto/heimdal/dist/crypto/heimdal/kadmin/ vendor-crypto/heimdal/dist/crypto/heimdal/kcm/ vendor-crypto/heimdal/dist/crypto/heimdal/kdc/ vendor-crypto/heimdal/dist/crypto/heimdal/kpasswd/ vendor-crypto/heimdal/dist/crypto/heimdal/krb5.conf vendor-crypto/heimdal/dist/crypto/heimdal/kuser/ vendor-crypto/heimdal/dist/crypto/heimdal/lib/ vendor-crypto/heimdal/dist/crypto/heimdal/ltconfig vendor-crypto/heimdal/dist/crypto/heimdal/ltmain.sh vendor-crypto/heimdal/dist/crypto/heimdal/missing vendor-crypto/heimdal/dist/crypto/heimdal/mkinstalldirs vendor-crypto/heimdal/dist/crypto/heimdal/packages/ vendor-crypto/heimdal/dist/crypto/heimdal/tests/ vendor-crypto/heimdal/dist/crypto/heimdal/tools/ Copied: vendor-crypto/heimdal/dist/ChangeLog (from r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ vendor-crypto/heimdal/dist/ChangeLog Thu Sep 29 05:23:57 2011 (r225864, copy of r225862, vendor-crypto/heimdal/dist/crypto/heimdal/ChangeLog) @@ -0,0 +1,1356 @@ +2008-01-24 Love Hörnquist Åstrand + + * Release 1.1 + +2008-01-21 Love Hörnquist Åstrand + + * lib/krb5/get_for_creds.c: Use on variable less. + + * lib/krb5/get_for_creds.c: Try to handle ticket full and + ticketless tickets better. Add doxygen comments while here. + + * lib/krb5/test_forward.c: Used for testing + krb5_get_forwarded_creds(). + + * lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward + + * lib/krb5/Makefile.am: drop CHECK_SYMBOLS + + * lib/hdb/Makefile.am: drop CHECK_SYMBOLS + + * kdc/Makefile.am: drop CHECK_SYMBOLS + +2008-01-18 Love Hörnquist Åstrand + + * lib/krb5/version-script.map: Add krb5_digest_probe. + +2008-01-13 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Replace hx509_name_to_der_name with + hx509_name_binary. + +2008-01-12 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: add missing files + +2007-12-28 Love Hörnquist Åstrand + + * kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the + type2 message. + +2007-12-14 Love Hörnquist Åstrand + + * lib/hdb/dbinfo.c: Add hdb_default_db(). + + * Makefile.am: Add some extra cf/*. + +2007-12-12 Love Hörnquist Åstrand + + * kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov. + +2007-12-09 Love Hörnquist Åstrand + + * kdc/log.c: Use hdb_db_dir(). + + * kpasswd/kpasswdd.c: Use hdb_db_dir(). + +2007-12-08 Love Hörnquist Åstrand + + * kdc/config.c: Use hdb_db_dir(). + + * kdc/kdc_locl.h: add KDC_LOG_FILE + + * kdc/hpropd.c: Use hdb_default_db(). + + * kdc/kstash.c: Use hdb_db_dir(). + + * kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir(). + + * lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check. + + * lib/krb5/verify_krb5_conf.c: Check check_pac. + + * lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac + field in the krb5_rd_req_in_ctx + + * lib/krb5/expand_hostname.c: Adapt to changing + dns_canonicalize_hostname into flags field. + + * lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname + into flags field, add check-pac as an libdefaults option. + + * lib/krb5/pkinit.c: Adapt to changes in hx509 interface. + + * doc: add doxygen documentation to hcrypto + + * doc/doxytmpl.dxy: generate links + +2007-12-07 Love Hörnquist Åstrand + + * lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h + + * lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the + hdb database resides. + + * configure.in: Add --with-hdbdir to specify where the database is + stored. + + * lib/krb5/crypto.c: revert previous patch, the problem is located + in the RAND_file_name() function that will cause recursive nss + lookups, can't fix that here. + +2007-12-06 Love Hörnquist Åstrand + + * lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the + dead-lock in by not holding the lock while running + RAND_file_name. Prompted by Hai Zaar. + + * lib/krb5/n-fold.c: spelling + +2007-12-04 Love Hörnquist Åstrand + + * kuser/kdigest.c (digest-probe): implement command. + + * kuser/kdigest-commands.in (digest-probe): new command + + * kdc/digest.c: Implement supportedMechs request. + + * lib/krb5/error_string.c: Make krb5_get_error_string return an + allocated string to make the function indempotent. From + Zeqing (Fred) Xia. + +2007-12-03 Love Hörnquist Åstrand + + * lib/krb5/krb5_locl.h (krb5_context_data): Flag if + default_cc_name was set by the user. + + * lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate. + + * kcm/acquire.c: use krb5_free_cred_contents + + * kuser/kimpersonate.c: use krb5_free_cred_contents + + * kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the + cred cache. + + * lib/krb5/cache.c: Put back code that was needed, move gen_new + into new_unique. + + * lib/krb5/mcache.c (mcc_default_name): Remove const + + * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine + KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE + + * lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the + default name. + + * lib/krb5/kcm.c: Implement krb5_cc_ops->default_name. + + * lib/krb5/mcache.c: Implement krb5_cc_ops->default_name. + + * lib/krb5/fcache.c: Implement krb5_cc_ops->default_name. + + * lib/krb5/krb5.h: Add krb5_cc_ops->default_name. + + * lib/krb5/acache.c: Free context when done, implement + krb5_cc_ops->default_name. + + * lib/krb5/kcm.c: implement dummy kcm_move + + * lib/krb5/mcache.c: Implement the move operation. + + * lib/krb5/version-script.map: export krb5_cc_move + + * lib/krb5/cache.c: New function krb5_cc_move(). + + * lib/krb5/fcache.c: Implement the move operation. + + * lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major + version bump. + + * lib/krb5/acache.c: Implement the move operation. Avoid using + cc_set_principal() since it broken on Mac OS X 10.5.0. + +2007-12-02 Love Hörnquist Åstrand + + * lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow. + +2007-11-14 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: Should pass different key usage constants + depending on whether or not optional sub-session key was passed by + the client for the check of authorization data. The constant is + used to derive "specific key" and its values are specified in + 7.5.1 of RFC4120. + + Patch from Andy Polyakov. + + * kdc/krb5tgs.c: Don't send auth data in referrals, microsoft + clients have started to not like that. Thanks to Andy Polyakov for + excellent research. + +2007-11-11 Love Hörnquist Åstrand + + * lib/krb5/creds.c: use krb5_data_cmp + + * lib/krb5/acache.c: use krb5_free_cred_contents + + * lib/krb5/test_renew.c: use krb5_free_cred_contents + +2007-11-10 Love Hörnquist Åstrand + + * lib/krb5/acl.c: doxygen documentation + + * lib/krb5/addr_families.c: doxygen documentation + + * doc: add doxygen + + * lib/krb5/plugin.c: doxygen documentation + + * lib/krb5/kcm.c: doxygen documentation + + * lib/krb5/fcache.c: doxygen documentation + + * lib/krb5/cache.c: doxygen documentations + + * lib/krb5/doxygen.c: doxygen introduction + + * lib/krb5/error_string.c: Doxygen documentation. + +2007-11-03 Love Hörnquist Åstrand + + * lib/krb5/test_plugin.c: expose krb5_plugin_register + + * lib/krb5/plugin.c: expose krb5_plugin_register + + * lib/krb5/version-script.map: sort, expose krb5_plugin_register + +2007-10-24 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Adding same enctype is enough one time. From + Andy Polyakov and Bjorn Sandell. + +2007-10-18 Love + + * lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value + from krb5_cc_start_seq_get. From Zeqing (Fred) Xia + + * lib/krb5/fcache.c (init_fcc): provide better error codes + + * kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid + sending warning about pruned etypes. + + * kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour + based) "old", this to support windows 2000 clients (unjoined to a + domain). From Andy Polyakov. + +2007-10-07 Love Hörnquist Åstrand + + * doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell. + +2007-10-04 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA + Ken'ichi. + + * lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is + NULL on failure. + +2007-10-03 Love Hörnquist Åstrand + + * kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from + krb5_addr2sockaddr and igore thte test is that case. + +2007-09-29 Love Hörnquist Åstrand + + * lib/krb5/context.c (krb5_free_context): free + default_cc_name_env, from Gunther Deschner. + +2007-08-27 Love Hörnquist Åstrand + + * lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make + work with c++, reported by Hai Zaar + + * lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar + +2007-08-20 Love Hörnquist Åstrand + + * lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema + +2007-07-31 Love Hörnquist Åstrand + + * check return value of alloc functions, from Charles Longeau + + * lib/krb5/principal.c: spelling. + + * kadmin/kadmin.8: spelling + + * lib/krb5/crypto.c: Check return values from alloc + functions. Prompted by patch of Charles Longeau. + + * lib/krb5/n-fold.c: Make _krb5_n_fold return a error + code. Prompted by patch of Charles Longeau. + +2007-07-27 Love Hörnquist Åstrand + + * lib/krb5/init_creds.c: Always set the ticket options, use + KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset + tri-state not so useful. + +2007-07-24 Love Hörnquist Åstrand + + * tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of + libraries. + + * tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in + heimdal. + + * tools/Makefile.am: Add heimdal-gssapi.pc and install it into + $(libdir)/pkgconfig + +2007-07-23 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default. + +2007-07-22 Love Hörnquist Åstrand + + * lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as + key if the entry is a correct entry. + + * lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from + Gunther Deschner. + + * lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS. + + * lib/krb5/test_renew.c: Test for krb5_get_renewed_creds. + +2007-07-21 Love Hörnquist Åstrand + + * lib/hdb/keys.c: Make parse_key_set handle key set string "v5", + from Peter Meinecke. + + * kdc/kaserver.c: Don't ovewrite the error code, from Peter + Meinecke. + +2007-07-18 Love Hörnquist Åstrand + + * TODO-1.0: remove + + * Makefile.am: remove TODO-1.0 + +2007-07-17 Love Hörnquist Åstrand + + * Heimdal 1.0 release branch cut here + + * doc/hx509.texi: use version.texi + + * doc/heimdal.texi: use version.texi + + * doc/version.texi: version.texi + + * lib/hdb/db3.c: avoid type-punned pointer warning. + + * kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to + please OpenSSL and gcc. + + * kdc/digest.c: Use unsigned char * as argument to MD5_Update to + please OpenSSL and gcc. + +2007-07-16 Love Hörnquist Åstrand + + * include/Makefile.am: Add krb_err.h. + + * kdc/set_dbinfo.c: Print acl file too. + + * kdc/kerberos4.c: Error codes are just fine, remove XXX now. + + * lib/krb5/krb5-v4compat.h: Drop duplicate error codes. + + * kdc/kerberos4.c: switch to ET errors. + + * lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ. + + * lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the + et BASE. + +2007-07-15 Love Hörnquist Åstrand + + * lib/krb5/krb5-v4compat.h: Include "krb_err.h". + + * lib/krb5/v4_glue.c: return more interesting error codes. + + * lib/krb5/plugin.c: Prefix enum plugin_type. + + * lib/krb5/krb5_locl.h: Expose plugin structures. + + * lib/krb5/krb5.h: Add plugin structures. + + * lib/krb5/krb_err.et: V4 errors. + + * lib/krb5/version-script.map: First version of version script. + +2007-07-13 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Java 1.6 expects the name to be the same type, + lets allow that for uncomplicated name-types. + +2007-07-12 Love Hörnquist Åstrand + + * lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains + address 0, its ticket less and don't really care about + from_addr. return better error codes. + + * kpasswd/kpasswdd.c: Fix pointer vs strict alias rules. + +2007-07-11 Love Hörnquist Åstrand + + * lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding + more then one enctype 23 to krb5EncryptionType. + + * lib/krb5/cache.c: Spelling. + + * kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO. + (get_pa_etype_info2): return the enctypes as sorted in the + database + +2007-07-10 Love Hörnquist Åstrand + + * kuser/kinit.c: krb5-v4compat.h defines prototypes for + v4 (semiprivate functions) in libkrb5, don't include + krb5-private.h any longer. + + * lib/krb5/krbhst.c: Set error string when there is no KDC for a + realm. + + * lib/krb5/Makefile.am: New library version. + + * kdc/Makefile.am: New library version. + + * lib/krb5/krb5_locl.h: Add default_cc_name_env. + + * lib/krb5/cache.c (enviroment_changed): return non-zero if + enviroment that will determine default krb5cc name has changed. + (krb5_cc_default_name): also check if cached value is uptodate. + + * lib/krb5/krb5_locl.h: Drop pkinit_flags. + +2007-07-05 Love Hörnquist Åstrand + + * configure.in: add tests/java/Makefile + + * lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file. + +2007-07-04 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Improve the default salt detection to avoid + returning v4 password salting to java that doesn't look at the + returning padata for salting. + + * kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett + +2007-07-02 Love Hörnquist Åstrand + + * kdc/digest.c: Try harder to provide better error message for + digest messages. + + * lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on + krb5-pr*.h, make -j finds this. + +2007-06-28 Love Hörnquist Åstrand + + * kdc/digest.c: On success, print username, not ip-adress. + +2007-06-26 Love Hörnquist Åstrand + + * lib/krb5/get_cred.c: Add krb5_get_renewed_creds. + + * lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds + + * lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo. + +2007-06-25 Love Hörnquist Åstrand + + * doc/setup.texi: Add example for pkinit_win2k_require_binding + in [kdc] section. + + * kdc/default_config.c: Rename require_binding to + win2k_require_binding to match client configuration. + + * kdc/default_config.c: Add [kdc]pkinit_require_binding option. + + * kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply + if its not required. + + * kdc/default_config.c: rename pkinit_princ_in_cert and add + pkinit_require_binding + + * kdc/kdc.h: rename pkinit_princ_in_cert and add + pkinit_require_binding + + * kdc/pkinit.c: rename pkinit_princ_in_cert + +2007-06-24 Love Hörnquist Åstrand + + * lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change. + +2007-06-21 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: Drop unused variable. + + * kdc/krb5tgs.c: disable anonyous tgs requests + + * kdc/krb5tgs.c: Don't check PAC on cross realm for now. + + * kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse + nametypes. + + * lib/krb5/krb5_principal.3: Document krb5_parse_nametype. + + * lib/krb5/principal.c (krb5_parse_nametype): parse nametype and + return their integer values. + + * lib/krb5/krb5.h (krb5_get_creds): Add + KRB5_GC_CONSTRAINED_DELEGATION. + + * lib/krb5/get_cred.c (krb5_get_creds): if + KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous + and constrained_delegation. + +2007-06-20 Love Hörnquist Åstrand + + * kdc/digest.c: Return an error message instead of dropping the + packet for more failure cases. + + * lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY. + + * appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more + gracefully + +2007-06-18 Love Hörnquist Åstrand + + * lib/krb5/pac.c: make compile. + + * lib/krb5/pac.c (verify_checksum): memset cksum to avoid using + pointer from stack. + + * lib/krb5/plugin.c: Don't expose free pointer. + + * lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first + calloc. + + * lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory + + * lib/krb5/krbhst.c: Host is static memory, don't free. + + * lib/krb5/crypto.c (decrypt_internal_derived): make sure length + is longer then confounder + checksum. + + * kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from + users. This to allows libkdc users to to specify their own + databases + + * lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of + content data (and avoid leaking memory). + + * kdc/misc.c (_kdc_db_fetch): set error string for failures. + +2007-06-15 Love Hörnquist Åstrand + + * kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS. + +2007-06-13 Love Hörnquist Åstrand + + * kdc/pkinit.c: tell user when they got a pk-init request with + pkinit disabled. + +2007-06-12 Love Hörnquist Åstrand + + * lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to + UNPARSE_DISPLAY. + + * lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY. + + * lib/krb5/principal.c: Make no-quote mean replace strange chars + with space. + + * lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. + + * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. + + * lib/krb5/test_princ.c: Test quoteing. + + * lib/krb5/pkinit.c: update (c) + + * lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC. + + * lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole + process needs to restart or just skip this KDC. + + * lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to + KDC. + + * lib/krb5/krb5.h: Add sendto hooks and opaque structure. + + * lib/krb5/krb5_rd_error.3: Update prototype. + + * lib/krb5/send_to_kdc.c: Add hooks for processing the reply from + the server. + +2007-06-11 Love Hörnquist Åstrand + + * lib/krb5/krb5_err.et: Some new error codes from RFC 4120. + +2007-06-09 Love Hörnquist Åstrand + + * kdc/krb5tgs.c: Constify. + + * kdc/kerberos5.c: Constify. + + * kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify. + +2007-06-08 Love Hörnquist Åstrand + + * include/Makefile.am: Make krb5-types.h nodist_include_HEADERS. + + * kdc/Makefile.am: EXTRA_DIST += version-script.map. + +2007-06-07 Love Hörnquist Åstrand + + * Makefile.am (print-distdir): print name of dist + + * kdc/pkinit.c: Break out loading of mappings file to a separate + function and remove warning that it can't open the mapping file, + there are now mappings in the db, maybe the users uses that + instead... + + * lib/krb5/crypto.c: Require the raw key have the correct size and + do away with the minsize. Minsize was a thing that originated + from RC2, but since RC2 is done in the x509/cms subsystem now + there is no need to keep that around. + + * lib/hdb/dbinfo.c: If there is no default dbname, also check for + unset mkey_file and set it default mkey name, make backward compat + stuff work. + + * kdc/version-script.map: add new symbols + + * kdc/kdc-replay.c: Also update krb5_context view of what the time + is. + + * configure.in: add tests/can/Makefile + + * kdc/kdc-replay.c: Add --[version|help]. + + * kdc/pkinit.c: Push down the kdc time into the x509 library. + + * kdc/connect.c: Move up krb5_kdc_save_request so we can catch the + reply data too. + + * kdc/kdc-replay.c: verify reply by checking asn1 class, type and + tag of the reply if there is one. + + * kdc/process.c: Save asn1 class, type and tag of the reply if + there is one. Used to verify the reply in kdc-replay. + +2007-06-06 Love Hörnquist Åstrand + + * kdc/kdc_locl.h: extern for request_log. + + * kdc/Makefile.am: Add kdc-replay. + + * kdc/kdc-replay.c: Replay kdc messages to the KDC library. + + * kdc/config.c: Pick up request_log from [kdc]kdc-request-log. + + * kdc/connect.c: Option to save the request to disk. + + * kdc/process.c (krb5_kdc_save_request): save request to file. + + * kdc/process.c (krb5_kdc_process*): dont update _kdc_time + automagicly. + (krb5_kdc_update_time): set or get current kdc-time. + + * kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and + pkauthdata as the signeddata oid + + * kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong. + +2007-06-05 Love Hörnquist Åstrand + + * kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to + match windows DC behavior better. + +2007-06-04 Love Hörnquist Åstrand + + * configure.in: use test for -framework Security + + * appl/test/uu_server.c: Print status to stdout. + + * kdc/digest.c (digest ntlm): provide log entires by setting ret + to an error. + +2007-06-03 Love Hörnquist Åstrand + + * doc/hx509.texi: Indent crl-sign. + + * doc/hx509.texi: One more crl-sign example. + + * lib/krb5/test_princ.c: plug memory leaks. + + * lib/krb5/pac.c: plug memory leaks. + + * lib/krb5/test_pac.c: plug memory leaks. + + * lib/krb5/test_prf.c: plug memory leak. + + * lib/krb5/test_cc.c: plug memory leaks. + + * doc/hx509.texi: Simple blob about publishing CRLs. + + * doc/win2k.texi: drop text about enctypes. + +2007-06-02 Love Hörnquist Åstrand + + * kdc/pkinit.c: In case of OCSP verification failure, referash + every 5 min. In case of success, refreash 2 min before expiring or + faster. + +2007-05-31 Love Hörnquist Åstrand + + * lib/krb5/krb5_err.et: add error 68, WRONG_REALM + + * kdc/pkinit.c: Handle the ms san in a propper way, still cheat + with the realm name. + + * kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out + directly and hand the error back to the client. + + * lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE + and fix error message for CLIENT_NAME_MISMATCH. + + * kdc/pkinit.c: More logging for pk-init client mismatch. + + * kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for + windows pk-init (-9) to make MIT clients happy. + +2007-05-30 Love Hörnquist Åstrand + + * kdc/pkinit.c: Force des3 for win2k. + + * kdc/pkinit.c: Add wrapping to ContentInfo wrapping to + COMPAT_WIN2K. + + * lib/krb5/keytab_keyfile.c: Spelling. + + * kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta + doesn't deal with case of realm. + +2007-05-16 Love Hörnquist Åstrand + + * lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead + of encryption. + +2007-05-10 Dave Love + + * doc/win2k.texi: Update some URLs. + +2007-05-13 Love Hörnquist Åstrand + + * kuser/kimpersonate.c: Fix version number of ticket, it should be + 5 not the kvno. + +2007-05-08 Love Hörnquist Åstrand + + * doc/setup.texi: Salting is really Encryption types and salting. + +2007-05-07 Love Hörnquist Åstrand + + * doc/setup.texi: spelling, from Ronny Blomme + + * doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny + Blomme + +2007-05-02 Love Hörnquist Åstrand + + * lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database + specified, create one and let it use the defaults. + +2007-04-27 Love Hörnquist Åstrand + + * lib/hdb/test_dbinfo.c: test acl file + + * lib/hdb/test_dbinfo.c: test acl file + + * lib/hdb/dbinfo.c: add acl file + + * etc: ignore Makefile.in + + * Makefile.am: SUBDIRS += etc + + * configure.in: Add etc/Makefile. + + * etc/Makefile.am: make sure services.append is distributed + +2007-04-24 Love Hörnquist Åstrand + + * kdc: rename windc_init to krb5_kdc_windc_init + + * kdc/version-script.map: version script for libkdc + + * kdc/Makefile.am: version script for libkdc + +2007-04-23 Love Hörnquist Åstrand + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): + correct the order of the arguments. + + * lib/hdb/Makefile.am: Add and test dbinfo. + + * lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo; + + * kdc/config.c: Use krb5_kdc_get_config and just fill in what the + users wanted differently. + + * kdc/default_config.c: Make the default configuration fetch info + from the krb5.conf. + +2007-04-22 Love Hörnquist Åstrand + + * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to + determine if to send the session-key, for the second place in the + function. + + * tools/krb5-config.in: rename des to hcrypto + + * kuser/Makefile.am: depend on libheimntlm + + * kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for + this domain if the Kerberos password auth worked. + + * kuser/klist.c: add new option --hidden that doesn't display + principal that starts with @ + + * tools/krb5-config.in: Add heimntlm when we use gssapi. + + * lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to + free 'cred' with. + + * lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free + 'cred' with. + +2007-04-21 Love Hörnquist Åstrand + + * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to + determine if to send the session-key. + + * kcm/client.c (kcm_ccache_new_client): make root be able to pass + the name constraints, not the opposite. From Bryan Jacobs. + +2007-04-20 Love Hörnquist Åstrand + + * kcm/acl.c: make compile again. + + * kcm/client.c: fix warning. + + * kcm: First, it allows root to ignore the naming conventions. + Second, it allows root to always perform any operation on any + ccache. Note that root could do this anyway with FILE ccaches. + From Bryan Jacobs. + + * Rename libdes to libhcrypto. + +2007-04-19 Love Hörnquist Åstrand + + * kinit: remove code that depend on kerberos 4 library + + * kdc: remove code that depend on kerberos 4 library + + * configure.in: Drop kerberos 4 support. + + * kdc/hpropd.c (main): free the message when done with it. + + * lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit): + remember to free memory too. + + * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when + done. + + * configure.in: test rk_VERSIONSCRIPT + +2007-04-18 Love Hörnquist Åstrand + + * fix-export: remove, all done by make dist now + +2007-04-15 Love Hörnquist Åstrand + + * lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre + +2007-04-11 Love Hörnquist Åstrand + + * kdc/kstash.8: Spelling, from raga + via Bjorn Sandell. + + * lib/krb5/store_mem.c: indent. + + * lib/krb5/recvauth.c: Set error string. + + * lib/krb5/rd_req.c: clear error strings. + + * lib/krb5/rd_cred.c: clear error string. + + * lib/krb5/pkinit.c: Set error strings. + + * lib/krb5/get_cred.c: Tell what principal we are not finding for + all KRB5_CC_NOTFOUND. + +2007-02-22 Love Hörnquist Åstrand + + * kdc/kerberos5.c: Return the same error codes as a windows KDC. + + * kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password + failed. + + * kdc/kerberos5.c: Make handling of replying e_data more generic, + from metze. + + * kdc/kerberos5.c: Fix (string const and shadow) warnings, from + metze. + + * lib/krb5/pac.c: Create the PAC element in the same order as + w2k3, maybe there's some broken code in windows which relies on + this... From metze. + + * kdc/kerberos5.c: Select a session enctype from the list of the + crypto systems supported enctype, is supported by the client and + is one of the enctype of the enctype of the krbtgt. + + The later is used as a hint what enctype all KDC are supporting to + make sure a newer version of KDC wont generate a session enctype + that and older version of a KDC in the same realm can't decrypt. + + But if the KDC admin is paranoid and doesn't want to have "no the + best" enctypes on the krbtgt, lets save the best pick from the + client list and hope that that will work for any other KDCs. + + Reported by metze. + + * kdc/hprop.c (propagate_database): on any failure, drop the + connection to the peer and try next one. + +2007-02-18 Love Hörnquist Åstrand + + * lib/krb5/krb5_get_init_creds.3: document new options. + + * kdc/krb5tgs.c: Only check service key for cross realm PACs. + + * lib/krb5/init_creds.c: use the new merged flags field. + (krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k + compat flags. + + * lib/krb5/init_creds_pw.c: use the new merged flags field. + + * lib/krb5/krb5_locl.h: merge all flags into one entity + +2007-02-11 Dave Love + + * lib/krb5/krb5_aname_to_localname.3: Small fixes + + * lib/krb5/krb5_digest.3: Small fixes + + * kuser/kimpersonate.1: Small fixes + +2007-02-17 Love Hörnquist Åstrand + + * lib/krb5/init_creds_pw.c (find_pa_data): if there is no list, + there is no entry. + + * kdc/krb5tgs.c: Don't check PACs on cross realm requests. + + * lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES. + + * lib/krb5/init_creds_pw.c: Verify client referral data. + + * kdc/kerberos5.c: switch some "return ret" to "goto out". + + * kdc/kerberos5.c: Pass down canonicalize request to hdb layer, + sign client referrals. + + * lib/hdb/hdb.h: Add HDB_F_CANON. + + * lib/hdb: add simple alias support to the database backends + +2007-02-16 Love Hörnquist Åstrand + + * kuser/kinit.c: Add canonicalize flag. + + * lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support + canonicalize. + + * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize): + new function. + + * lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags. + + * lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags. + + * lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags. + *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***