head	1.2;
access;
symbols
	RELENG_8_4:1.2.0.2
	RELENG_9_1_0_RELEASE:1.1.1.14
	RELENG_9_1:1.1.1.14.0.16
	RELENG_9_1_BP:1.1.1.14
	RELENG_8_3_0_RELEASE:1.1.1.14
	RELENG_8_3:1.1.1.14.0.14
	RELENG_8_3_BP:1.1.1.14
	RELENG_9_0_0_RELEASE:1.1.1.14
	RELENG_9_0:1.1.1.14.0.12
	RELENG_9_0_BP:1.1.1.14
	RELENG_9:1.1.1.14.0.10
	RELENG_9_BP:1.1.1.14
	RELENG_7_4_0_RELEASE:1.1.1.13
	RELENG_8_2_0_RELEASE:1.1.1.14
	RELENG_7_4:1.1.1.13.0.24
	RELENG_7_4_BP:1.1.1.13
	RELENG_8_2:1.1.1.14.0.8
	RELENG_8_2_BP:1.1.1.14
	RELENG_8_1_0_RELEASE:1.1.1.14
	RELENG_8_1:1.1.1.14.0.6
	RELENG_8_1_BP:1.1.1.14
	RELENG_7_3_0_RELEASE:1.1.1.13
	RELENG_7_3:1.1.1.13.0.22
	RELENG_7_3_BP:1.1.1.13
	RELENG_8_0_0_RELEASE:1.1.1.14
	RELENG_8_0:1.1.1.14.0.4
	RELENG_8_0_BP:1.1.1.14
	RELENG_8:1.1.1.14.0.2
	RELENG_8_BP:1.1.1.14
	RELENG_7_2_0_RELEASE:1.1.1.13
	RELENG_7_2:1.1.1.13.0.20
	RELENG_7_2_BP:1.1.1.13
	RELENG_7_1_0_RELEASE:1.1.1.13
	RELENG_6_4_0_RELEASE:1.1.1.13
	RELENG_7_1:1.1.1.13.0.18
	RELENG_7_1_BP:1.1.1.13
	RELENG_6_4:1.1.1.13.0.16
	RELENG_6_4_BP:1.1.1.13
	v_1_1_0:1.1.1.14
	RELENG_7_0_0_RELEASE:1.1.1.13
	RELENG_6_3_0_RELEASE:1.1.1.13
	RELENG_7_0:1.1.1.13.0.14
	RELENG_7_0_BP:1.1.1.13
	RELENG_6_3:1.1.1.13.0.12
	RELENG_6_3_BP:1.1.1.13
	RELENG_7:1.1.1.13.0.10
	RELENG_7_BP:1.1.1.13
	RELENG_6_2_0_RELEASE:1.1.1.13
	RELENG_6_2:1.1.1.13.0.8
	RELENG_6_2_BP:1.1.1.13
	RELENG_5_5_0_RELEASE:1.1.1.12.2.1
	RELENG_5_5:1.1.1.12.2.1.0.4
	RELENG_5_5_BP:1.1.1.12.2.1
	RELENG_6_1_0_RELEASE:1.1.1.13
	RELENG_6_1:1.1.1.13.0.6
	RELENG_6_1_BP:1.1.1.13
	RELENG_6_0_0_RELEASE:1.1.1.13
	RELENG_6_0:1.1.1.13.0.4
	RELENG_6_0_BP:1.1.1.13
	RELENG_6:1.1.1.13.0.2
	RELENG_6_BP:1.1.1.13
	RELENG_5_4_0_RELEASE:1.1.1.12.2.1
	RELENG_5_4:1.1.1.12.2.1.0.2
	RELENG_5_4_BP:1.1.1.12.2.1
	v_0_6_3:1.1.1.13
	RELENG_4_11_0_RELEASE:1.1.1.4.2.5
	RELENG_4_11:1.1.1.4.2.5.0.8
	RELENG_4_11_BP:1.1.1.4.2.5
	RELENG_5_3_0_RELEASE:1.1.1.12
	RELENG_5_3:1.1.1.12.0.4
	RELENG_5_3_BP:1.1.1.12
	RELENG_5:1.1.1.12.0.2
	RELENG_5_BP:1.1.1.12
	RELENG_4_10_0_RELEASE:1.1.1.4.2.5
	RELENG_4_10:1.1.1.4.2.5.0.6
	RELENG_4_10_BP:1.1.1.4.2.5
	v_0_6_1:1.1.1.12
	RELENG_5_2_1_RELEASE:1.1.1.11
	RELENG_5_2_0_RELEASE:1.1.1.11
	RELENG_5_2:1.1.1.11.0.2
	RELENG_5_2_BP:1.1.1.11
	RELENG_4_9_0_RELEASE:1.1.1.4.2.5
	RELENG_4_9:1.1.1.4.2.5.0.4
	RELENG_4_9_BP:1.1.1.4.2.5
	v_0_6:1.1.1.11
	RELENG_5_1_0_RELEASE:1.1.1.10
	RELENG_5_1:1.1.1.10.0.4
	RELENG_5_1_BP:1.1.1.10
	RELENG_4_8_0_RELEASE:1.1.1.4.2.5
	RELENG_4_8:1.1.1.4.2.5.0.2
	RELENG_4_8_BP:1.1.1.4.2.5
	RELENG_5_0_0_RELEASE:1.1.1.10
	RELENG_5_0:1.1.1.10.0.2
	RELENG_5_0_BP:1.1.1.10
	v_0_5_1:1.1.1.10
	RELENG_4_7_0_RELEASE:1.1.1.4.2.4
	RELENG_4_7:1.1.1.4.2.4.0.2
	RELENG_4_7_BP:1.1.1.4.2.4
	cvs_20020916:1.1.1.9
	cvs_20020829:1.1.1.8
	RELENG_4_6_2_RELEASE:1.1.1.4.2.2
	RELENG_4_6_1_RELEASE:1.1.1.4.2.2
	RELENG_4_6_0_RELEASE:1.1.1.4.2.2
	RELENG_4_6:1.1.1.4.2.2.0.2
	RELENG_4_6_BP:1.1.1.4.2.2
	cvs_20020217:1.1.1.7
	RELENG_4_5_0_RELEASE:1.1.1.4.2.1
	RELENG_4_5:1.1.1.4.2.1.0.6
	RELENG_4_5_BP:1.1.1.4.2.1
	RELENG_4_4_0_RELEASE:1.1.1.4.2.1
	RELENG_4_4:1.1.1.4.2.1.0.4
	RELENG_4_4_BP:1.1.1.4.2.1
	v_0_3_f:1.1.1.6
	RELENG_4_3_0_RELEASE:1.1.1.4.2.1
	RELENG_4_3:1.1.1.4.2.1.0.2
	RELENG_4_3_BP:1.1.1.4.2.1
	v_0_3_e:1.1.1.5
	RELENG_4_2_0_RELEASE:1.1.1.4
	RELENG_4_1_1_RELEASE:1.1.1.4
	PRE_SMPNG:1.1.1.4
	RELENG_4_1_0_RELEASE:1.1.1.4
	RELENG_4_0_0_RELEASE:1.1.1.4
	RELENG_4:1.1.1.4.0.2
	RELENG_4_BP:1.1.1.4
	v_0_2_p:1.1.1.4
	v_0_2_o:1.1.1.3
	v_0_2_n:1.1.1.2
	v_0_2_m:1.1.1.1
	KTH:1.1.1;
locks; strict;
comment	@# @;


1.2
date	2012.03.22.08.48.42;	author stas;	state Exp;
branches
	1.2.2.1;
next	1.1;

1.1
date	2000.01.09.20.57.24;	author markm;	state Exp;
branches
	1.1.1.1;
next	;

1.2.2.1
date	2012.03.22.08.48.42;	author svnexp;	state dead;
branches;
next	1.2.2.2;

1.2.2.2
date	2013.03.28.13.02.14;	author svnexp;	state Exp;
branches;
next	;

1.1.1.1
date	2000.01.09.20.57.24;	author markm;	state Exp;
branches;
next	1.1.1.2;

1.1.1.2
date	2000.02.24.11.00.13;	author markm;	state Exp;
branches;
next	1.1.1.3;

1.1.1.3
date	2000.02.24.11.12.20;	author markm;	state Exp;
branches;
next	1.1.1.4;

1.1.1.4
date	2000.02.24.11.22.00;	author markm;	state Exp;
branches
	1.1.1.4.2.1;
next	1.1.1.5;

1.1.1.5
date	2001.02.13.16.43.59;	author assar;	state Exp;
branches;
next	1.1.1.6;

1.1.1.6
date	2001.06.21.02.09.16;	author assar;	state Exp;
branches;
next	1.1.1.7;

1.1.1.7
date	2002.02.19.15.45.47;	author nectar;	state Exp;
branches;
next	1.1.1.8;

1.1.1.8
date	2002.08.30.21.22.39;	author nectar;	state Exp;
branches;
next	1.1.1.9;

1.1.1.9
date	2002.09.16.21.04.25;	author nectar;	state Exp;
branches;
next	1.1.1.10;

1.1.1.10
date	2002.11.24.20.55.04;	author nectar;	state Exp;
branches;
next	1.1.1.11;

1.1.1.11
date	2003.10.09.19.36.18;	author nectar;	state Exp;
branches;
next	1.1.1.12;

1.1.1.12
date	2004.04.03.21.17.53;	author nectar;	state Exp;
branches
	1.1.1.12.2.1;
next	1.1.1.13;

1.1.1.13
date	2005.02.24.22.17.52;	author nectar;	state Exp;
branches;
next	1.1.1.14;

1.1.1.14
date	2008.05.07.13.39.08;	author dfr;	state Exp;
branches;
next	;

1.1.1.4.2.1
date	2001.03.04.13.28.57;	author markm;	state Exp;
branches;
next	1.1.1.4.2.2;

1.1.1.4.2.2
date	2002.04.30.14.48.02;	author nectar;	state Exp;
branches;
next	1.1.1.4.2.3;

1.1.1.4.2.3
date	2002.09.01.04.20.43;	author nectar;	state Exp;
branches;
next	1.1.1.4.2.4;

1.1.1.4.2.4
date	2002.09.20.10.49.56;	author nectar;	state Exp;
branches;
next	1.1.1.4.2.5;

1.1.1.4.2.5
date	2002.12.01.17.44.42;	author nectar;	state Exp;
branches;
next	;

1.1.1.12.2.1
date	2005.03.01.16.42.00;	author nectar;	state Exp;
branches;
next	;


desc
@@


1.2
log
@SVN rev 233294 on 2012-03-22 08:48:42Z by stas

- Update FreeBSD Heimdal distribution to version 1.5.1.  This also brings
  several new kerberos related libraries and applications to FreeBSD:
  o kgetcred(1) allows one to manually get a ticket for a particular service.
  o kf(1) securily forwards ticket to another host through an authenticated
    and encrypted stream.
  o kcc(1) is an umbrella program around klist(1), kswitch(1), kgetcred(1)
    and other user kerberos operations. klist and kswitch are just symlinks
    to kcc(1) now.
  o kswitch(1) allows you to easily switch between kerberos credentials if
    you're running KCM.
  o hxtool(1) is a certificate management tool to use with PKINIT.
  o string2key(1) maps a password into key.
  o kdigest(8) is a userland tool to access the KDC's digest interface.
  o kimpersonate(8) creates a "fake" ticket for a service.

  We also now install manpages for some lirbaries that were not installed
  before, libheimntlm and libhx509.

- The new HEIMDAL version no longer supports Kerberos 4.  All users are
  recommended to switch to Kerberos 5.

- Weak ciphers are now disabled by default.  To enable DES support (used
  by telnet(8)), use "allow_weak_crypto" option in krb5.conf.

- libtelnet, pam_ksu and pam_krb5 are now compiled with error on warnings
  disabled due to the function they use (krb5_get_err_text(3)) being
  deprecated.  I plan to work on this next.

- Heimdal's KDC now require sqlite to operate.  We use the bundled version
  and install it as libheimsqlite.  If some other FreeBSD components will
  require it in the future we can rename it to libbsdsqlite and use for these
  components as well.

- This is not a latest Heimdal version, the new one was released while I was
  working on the update.  I will update it to 1.5.2 soon, as it fixes some
  important bugs and security issues.
@
text
@
We stop writing change logs, see the source code version control systems history log instead
	
2008-07-28  Love Hornquist Astrand  <lha@@h5l.org>

	* lib/krb5/v4_glue.c: The "kaserver" part of Heimdal occasionally
	issues invalid AFS tokens
	(here "occasionally" means for certain users in certain realms).
	
	In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket
	is padded to a multiple of 8 bytes. If it is already a multiple of
	8 bytes, 8 additional 0-bytes are added.
	
	This catches the AFS krb4 ticket decoder by surprise: unless the
	ticket is exactly 56 bytes, it only supports the minimum necessary
	padding.  It detects the superfluous padding by comparing the
	ticket length decoded to the advertised ticket length.
	
	Hence a 7-letter userid in "cern.ch" which resulted in a ticket of
	40 bytes, got "padded" to 48 bytes which the rxkad decoder
	rejected.
	
	From Rainer Toebbicke.

2008-07-25  Love Hörnquist Åstrand  <lha@@h5l.org>

	* kuser/kinit.c: add --ok-as-delegate and --windows flags

	* kpasswd/kpasswd-generator.c: Switch to krb5_set_password.

	* kuser/kinit.c: Use krb5_cc_set_config.

	* lib/krb5/cache.c: Add krb5_cc_[gs]et_config.

2008-07-22  Love Hörnquist Åstrand  <lha@@h5l.org>

	* lib/krb5/crypto.c: Allow numbers to be enctypes to as long as
	they are valid.

2008-07-17  Love Hörnquist Åstrand  <lha@@h5l.org>

	* lib/hdb/version-script.map: some random bits needed for libkadm

2008-07-15  Love Hörnquist Åstrand  <lha@@h5l.org>

	* lib/krb5/send_to_kdc_plugin.h: add name for send_to_kdc plugin.
	
	* lib/krb5/krbhst.c: handle KRB5_PLUGIN_NO_HANDLE for lookup
	plugin.

	* lib/krb5/send_to_kdc.c: Add support for the send_to_kdc plugin
	interface.

	* lib/krb5/Makefile.am: add send_to_kdc_plugin.h
	
	* lib/krb5/krb5_err.et: add plugin error codes

2008-07-14  Love Hornquist Astrand  <lha@@kth.se>

	* lib/hdb/Makefile.am: EXTRA_DIST += version-script.map

2008-07-14  Love Hornquist Astrand  <lha@@kth.se>

	* lib/krb5/krb5_{address,ccache}.3: spelling, from openbsd via janne
	johansson

2008-07-13  Love Hörnquist Åstrand  <lha@@kth.se>

	* lib/krb5/version-script.map: add krb5_free_error_message

2008-06-21  Love Hörnquist Åstrand  <lha@@kth.se>

	* lib/krb5/init_creds_pw.c: switch to krb5_set_password().

2008-06-18  Love Hörnquist Åstrand  <lha@@kth.se>

	* lib/krb5/time.c (krb5_set_real_time): handle negative usec

2008-05-31  Love Hörnquist Åstrand  <lha@@kth.se>

	* lib/krb5/krb5_locl.h: Add <wind.h>

	* lib/krb5/crypto.c: Use wind_utf8ucs2_length to convert the password to utf16.

2008-05-30  Love Hörnquist Åstrand  <lha@@kth.se>

	* lib/krb5/kcm.c: Add back krb5_kcmcache argument to try_door().

2008-05-27  Love Hörnquist Åstrand  <lha@@kth.se>

	* lib/krb5/error_string.c (krb5_free_error_message): constify
	
	* lib/krb5/error_string.c: Add krb5_get_error_message().

	* lib/krb5/doxygen.c: krb5_cc_new_unique() is name of the creation
	function.
	
2008-04-30  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/hdb/hdb-ldap.c: Use the _ext api for OpenLDAP, from Honza
	Machacek (gentoo).

2008-04-28  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/crypto.c: Use DES_set_key_unchecked().

	* lib/krb5/krb5.conf.5: Document default_cc_type.

	* lib/krb5/cache.c: Pick up [libdefaults]default_cc_type

2008-04-27  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* kdc/kaserver.c: Use DES_set_key_unchecked().

2008-04-21  Love Hörnquist Åstrand  <lha@@it.su.se>

	* doc/hx509.texi: About the pkcs11 module.

	* doc/hx509.texi: Pick up version from vars.texi

	* doc/hx509.texi: No MIT code in hx509.

	* hx509 now includes a pkcs11 implementation.

2008-04-20  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/hdb/Makefile.am: Move OpenLDAP includes to AM_CPPFLAGS to
	avoid dropping other defines for the library.

2008-04-17  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5: add __declspec() for windows.

	* configure.in: Update rk_WIN32_EXPORT, add gssapi to
	rk_WIN32_EXPORT.
	
	* configure.in: Lets try dependency tracking for automake 1.10 and
	later.
	
	* configure.in: Use at least libtool-2.2.

	* configure.in: Use LT_INIT the right way.

	* lib/krb5/Makefile.am: Update make-proto usage.

	* configure.in: Run autoupdate, use LT_INIT().

2008-04-15  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/test_forward.c: Don't print krb5_error_code since we
	are using krb5_err().

	* lib/krb5/ticket.c: Cast krb5_error_code to int to avoid warning.

	* lib/krb5/scache.c: Cast krb5_error_code to int to avoid warning.

	* lib/krb5/principal.c: Cast enum to int to avoid warning.

	* lib/krb5/pkinit.c: Cast krb5_error_code to int to avoid warning.

	* lib/krb5/pac.c: Cast size_t to unsigned long to avoid warning.

	* lib/krb5/error_string.c: Cast krb5_error_code to int to avoid
	warning.

	* lib/krb5/keytab_keyfile.c: Make num_entries an uint32 to avoid
	negative numbers and type warnings.

	* lib/krb5: cc_get_version returns an int, update.

2008-04-10  Love Hörnquist Åstrand  <lha@@it.su.se>

	* configure.in: Check for <asl.h>.

2008-04-09  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/version-script.map: sort and export _krb5_pk_kdf

	* lib/krb5/crypto.c: Check kdf params. calculate the second half
	of the key.

	* lib/krb5/Makefile.am: Add test_pknistkdf

	* lib/krb5/test_pknistkdf.c: Test the new pkinit nist kdf.

	* lib/krb5/crypto.c: Complete _krb5_pk_kdf.

	* lib/krb5/crypto.c: First version of KDF in
	draft-ietf-krb-wg-pkinit-alg-agility-03.txt.
	
2008-04-08  Love Hörnquist Åstrand  <lha@@it.su.se>

	* doc/setup.texi: Add text about smbk5pwd overlay from Buchan
	Milne.
	
	* lib/krb5/krb5_locl.h: Name the pkinit type enum.

	* kdc/pkinit.c: Rename constants to match global header.

	* lib/krb5/pkinit.c: Drop krb5_pk_identity and rename constants to
	match global header.

	* kdc/pkinit.c: Pick up krb5_pk_identity from krb5_locl.h.

	* lib/krb5/scache.c (scc_alloc): %x is unsigned int.
	
2008-04-07  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/version-script.map: Sort and add krb5_cc_switch.

	* lib/krb5/acache.c: Use unsigned where appropriate.

	* kcm/glue.c: Adapt to chenge to krb5_cc_ops.

	* kcm/acl.c: Add missing op.

	* kdc/connect.c: Use unsigned where appropriate.

	* lib/krb5/n-fold.c: Use size_t where appropriate.

	* lib/krb5/get_addrs.c: Use unsigned where appropriate.

	* lib/krb5/crypto.c: Use unsigned where appropriate.

	* lib/krb5/crc.c: Use unsigned where appropriate.

	* lib/krb5/changepw.c: simplify

	* lib/krb5/copy_host_realm.c: simplify

	* kuser/kswitch.c: Implement --principal.

2008-04-05  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/cache.c: allow returning the default cc-type.

	* kuser/kswitch.c: Enable switching between existing caches.

	* lib/krb5/cache.c: Add krb5_cc_switch, to set the default
	credential cache.

	* lib/krb5/acache.c: Implement set_default.

	* lib/krb5/krb5.h: Extend krb5_cc_ops and add set_default to set
	the default cc name for a credential type.

2008-04-04  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/test_cc.c: test remove

	* lib/krb5/fcache.c: Make the remove cred slight more atomic, now
	it might lose creds, but there will be no empty cache at any time.

	* lib/krb5/scache.c: Do credential iteration by temporary table.

2008-04-02  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/acache.c: Translate ccErrInvalidCCache.

	* lib/krb5/scache.c: implemetation of a sqlite3 backed credential
	cache.

	* lib/krb5/test_cc.c: test acc and scc

	* lib/krb5/acache.c: Only release context if its in use.

2008-04-01  Love Hörnquist Åstrand  <lha@@it.su.se>

	* doc/setup.texi: No patching of OpenLDAP is needed, from Buchan
	Milne.

2008-03-30  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/Makefile.am: Add scache.

	* lib/krb5/scache.c: initial implementation

	* lib/Makefile.am: sqlite

	* configure.in: lib/sqlite/Makefile

2008-03-26  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/fcache.c: Make the storing credential an atomic
	write(2) to avoid signal races, bug traced by Harald Barth and Lars
	Malinowsky.

2008-03-25  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/fcache.c: Make erase_file() do locking too.

	* kcm/protocol.c: Make work when moving to a non-existant
	cred-cache.

	* lib/krb5/test_cc.c: more verbose info.
	
	* lib/krb5/test_cc.c: test krb5_cc_move().
	
2008-03-23  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* lib/krb5/get_cred.c: Try both kdc server referral and the old
	client chasing mode.

	* lib/krb5/get_cred.c: Don't do canonicalize by default, make
	add_cred() sane, make loop detection in credential fetching
	better.

	* lib/krb5/krb5_locl.h: Add flag EXTRACT_TICKET_AS_REQ.

	* lib/krb5/init_creds_pw.c: Tell _krb5_extract_ticket that this is
	an AS-REQ.

	* lib/krb5/get_in_tkt.c: Make server referral work.
	
2008-03-22  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* lib/krb5/get_in_tkt.c: check no server referral, don't use
	stringent length tests since encryption layer does padding for
	us...

	* kdc/kerberos5.c: Match name in ClientCanonicalizedNames with -10

	* lib/krb5/principal.c (_krb5_principal_compare_PrincipalName):
	new function to compare a principal to a PrincipalName.

	* lib/krb5/init_creds_pw.c: Move client referral checking to
	_krb5_extract_ticket().

	* lib/krb5/get_in_tkt.c: More bits for server referral.

	* lib/krb5/get_in_tkt.c: Make working with client referrals.

	* lib/krb5/get_cred.c: Try moving referrals checking into
	_krb5_extract_ticket().

	* lib/krb5/get_in_tkt.c: Try moving referrals checking into
	_krb5_extract_ticket().

2008-03-21  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* kdc/krb5tgs.c: Send SERVER-REFERRAL data in rep.padata instead
	of auth_data in ticket.

2008-03-20  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/init_creds_pw.c: remove lost bits from using
	krb5_principal_set_realm
	
	* kdc/krb5tgs.c: Better referrals support, use canonicalize flag.

	* kdc/hprop.c: use krb5_principal_set_realm

	* lib/krb5/init_creds_pw.c: use krb5_principal_set_realm

	* lib/krb5/verify_user.c: use krb5_principal_set_realm

	* lib/krb5/version-script.map: add krb5_principal_set_realm

	* lib/krb5/principal.c: add krb5_principal_set_realm

	* lib/krb5/get_cred.c: Insecure tgs referrals.

	* lib/krb5/get_cred.c: Dont try key usage KRB5_KU_AP_REQ_AUTH for
	TGS-REQ. This drop compatibility with pre 0.3d KDCs.
	
	* lib/krb5/get_cred.c: catch KRB5_GC_CANONICALIZE.

	* lib/krb5/krb5.h: set KRB5_GC_CANONICALIZE.

	* kuser/kgetcred.c: set KRB5_GC_CANONICALIZE.

	* kuser/kgetcred.c: Add stub --canonicalize implementation.

2008-03-19  Love Hörnquist Åstrand  <lha@@it.su.se>

	* doc/setup.texi: Fix sasl-regexp, from Howard Chu.

2008-03-14  Love Hörnquist Åstrand  <lha@@it.su.se>

	* kdc/kx509.c: Adapt to hx509_env changes.
	
2008-03-10  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/pkinit.c: Try searchin the key by to use by first
	looking for for PK-INIT EKU, then the Microsoft smart card EKU and
	last, no special EKU at all.

2008-03-09  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/acache.c: Create a new credential cache is ->get_name
	is called, make acc_initialize() reset the existing credential
	cache if needed.

	* lib/krb5/acache.c (acc_get_name): just return the cache_name
	directly instead of trying to resolve it.

2008-02-23  Love Hörnquist Åstrand  <lha@@it.su.se>

	* include/Makefile.am (CLEANFILES): add wind.h and wind_err.h and
	sort.

2008-02-11  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/hdb/hdb-ldap.c: Use malloc() instead of static buffer.

	* lib/hdb/hdb-ldap.c: Use ldap_get_values_len, from LaMont Jones
	via Brian May and Debian.

	* doc/Makefile.am: add libwind

2008-02-05  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/test_renew.c: Remove extra ;, From Dennis Davis.

	* lib/krb5/store_emem.c: Make compile on-pre c99 compilers. From
	Dennis Davis.

2008-02-03  Love Hörnquist Åstrand  <lha@@it.su.se>

	* tools/heimdal-gssapi.pc.in: Add wind.

	* tools/krb5-config.in: Add wind.

	* lib/krb5/pac.c: Use libwind.

2008-02-01  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/Makefile.am: SUBDIRS: add wind

2008-01-29  Love Hörnquist Åstrand  <lha@@it.su.se>

	* doc/programming.texi: See the Kerberos 5 API introduction and
	documentation on the Heimdal webpage.
	
2008-01-27  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5: better error strings for the keytab fetching functions

	* lib/krb5/verify_krb5_conf.c: Catch deprecated entries.

	* lib/krb5/get_cred.c: Remove support
	for [libdefaults]capath (not [libdefaults] capaths though).

2008-01-25  Love Hörnquist Åstrand  <lha@@it.su.se>

	* tools/heimdal-gssapi.pc.in: Fix caps of prefix, from Joakim
	Fallsjo.

2008-01-24  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* lib/krb5/fcache.c (fcc_move): more explict why the fcc_move
	failes, handle cross device moves.
	
2008-01-21  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/get_for_creds.c: Use on variable less.

	* lib/krb5/get_for_creds.c: Try to handle ticket full and
	ticketless tickets better. Add doxygen comments while here.

	* lib/krb5/test_forward.c: Used for testing
	krb5_get_forwarded_creds().
	
	* lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward

	* lib/krb5/Makefile.am: drop CHECK_SYMBOLS

	* lib/hdb/Makefile.am: drop CHECK_SYMBOLS

	* kdc/Makefile.am: drop CHECK_SYMBOLS

2008-01-18  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/version-script.map: Add krb5_digest_probe.
	
2008-01-13  Love Hörnquist Åstrand  <lha@@it.su.se>
	
	* lib/krb5/pkinit.c: Replace hx509_name_to_der_name with
	hx509_name_binary.

2008-01-12  Love Hörnquist Åstrand  <lha@@it.su.se>

	* lib/krb5/Makefile.am: add missing files

	* Happy new year.
@


1.2.2.1
log
@file ChangeLog was added on branch RELENG_8_4 on 2013-03-28 13:02:14 +0000
@
text
@d1 485
@


1.2.2.2
log
@## SVN ## Exported commit - http://svnweb.freebsd.org/changeset/base/248810
## SVN ## CVS IS DEPRECATED: http://wiki.freebsd.org/CvsIsDeprecated
@
text
@a0 1356
2008-01-24  Love Hrnquist strand  <lha@@it.su.se>

	* Release 1.1

2008-01-21  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/get_for_creds.c: Use on variable less.

	* lib/krb5/get_for_creds.c: Try to handle ticket full and
	ticketless tickets better. Add doxygen comments while here.

	* lib/krb5/test_forward.c: Used for testing
	krb5_get_forwarded_creds().
	
	* lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward

	* lib/krb5/Makefile.am: drop CHECK_SYMBOLS

	* lib/hdb/Makefile.am: drop CHECK_SYMBOLS

	* kdc/Makefile.am: drop CHECK_SYMBOLS

2008-01-18  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/version-script.map: Add krb5_digest_probe.
	
2008-01-13  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/krb5/pkinit.c: Replace hx509_name_to_der_name with
	hx509_name_binary.

2008-01-12  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/Makefile.am: add missing files

2007-12-28  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the
	type2 message.

2007-12-14  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/dbinfo.c: Add hdb_default_db().

	* Makefile.am: Add some extra cf/*.

2007-12-12  Love Hrnquist strand  <lha@@it.su.se>
	
	* kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov.

2007-12-09  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/log.c: Use hdb_db_dir().

	* kpasswd/kpasswdd.c: Use hdb_db_dir().

2007-12-08  Love Hrnquist strand  <lha@@it.su.se>
	
	* kdc/config.c: Use hdb_db_dir().

	* kdc/kdc_locl.h: add KDC_LOG_FILE

	* kdc/hpropd.c: Use hdb_default_db().

	* kdc/kstash.c: Use hdb_db_dir().

	* kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir().

	* lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check.

	* lib/krb5/verify_krb5_conf.c: Check check_pac.

	* lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac
	field in the krb5_rd_req_in_ctx

	* lib/krb5/expand_hostname.c: Adapt to changing
	dns_canonicalize_hostname into flags field.

	* lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname
	into flags field, add check-pac as an libdefaults option.

	* lib/krb5/pkinit.c: Adapt to changes in hx509 interface.

	* doc: add doxygen documentation to hcrypto

	* doc/doxytmpl.dxy: generate links
	
2007-12-07  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h

	* lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the
	hdb database resides.

	* configure.in: Add --with-hdbdir to specify where the database is
	stored.

	* lib/krb5/crypto.c: revert previous patch, the problem is located
	in the RAND_file_name() function that will cause recursive nss
	lookups, can't fix that here.

2007-12-06  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the
	dead-lock in by not holding the lock while running
	RAND_file_name. Prompted by Hai Zaar.

	* lib/krb5/n-fold.c: spelling
	
2007-12-04  Love Hrnquist strand  <lha@@it.su.se>

	* kuser/kdigest.c (digest-probe): implement command.

	* kuser/kdigest-commands.in (digest-probe): new command
	
	* kdc/digest.c: Implement supportedMechs request.

	* lib/krb5/error_string.c: Make krb5_get_error_string return an
	allocated string to make the function indempotent. From
	Zeqing (Fred) Xia.

2007-12-03  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/krb5_locl.h (krb5_context_data): Flag if
	default_cc_name was set by the user.

	* lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate.

	* kcm/acquire.c: use krb5_free_cred_contents

	* kuser/kimpersonate.c: use krb5_free_cred_contents
	
	* kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the
	cred cache.

	* lib/krb5/cache.c: Put back code that was needed, move gen_new
	into new_unique.

	* lib/krb5/mcache.c (mcc_default_name): Remove const

	* lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine
	KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE

	* lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the
	default name.

	* lib/krb5/kcm.c: Implement krb5_cc_ops->default_name.

	* lib/krb5/mcache.c: Implement krb5_cc_ops->default_name.

	* lib/krb5/fcache.c: Implement krb5_cc_ops->default_name.

	* lib/krb5/krb5.h: Add krb5_cc_ops->default_name.

	* lib/krb5/acache.c: Free context when done, implement
	krb5_cc_ops->default_name.

	* lib/krb5/kcm.c: implement dummy kcm_move

	* lib/krb5/mcache.c: Implement the move operation.

	* lib/krb5/version-script.map: export krb5_cc_move

	* lib/krb5/cache.c: New function krb5_cc_move().

	* lib/krb5/fcache.c: Implement the move operation.

	* lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major
	version bump.

	* lib/krb5/acache.c: Implement the move operation. Avoid using
	cc_set_principal() since it broken on Mac OS X 10.5.0.
	
2007-12-02  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow.
	
2007-11-14  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/krb5tgs.c: Should pass different key usage constants
	depending on whether or not optional sub-session key was passed by
	the client for the check of authorization data. The constant is
	used to derive "specific key" and its values are specified in
	7.5.1 of RFC4120.
	
	Patch from Andy Polyakov.

	* kdc/krb5tgs.c: Don't send auth data in referrals, microsoft
	clients have started to not like that. Thanks to Andy Polyakov for
	excellent research.

2007-11-11  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/creds.c: use krb5_data_cmp

	* lib/krb5/acache.c: use krb5_free_cred_contents

	* lib/krb5/test_renew.c: use krb5_free_cred_contents
	
2007-11-10  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/acl.c: doxygen documentation

	* lib/krb5/addr_families.c: doxygen documentation

	* doc: add doxygen

	* lib/krb5/plugin.c: doxygen documentation

	* lib/krb5/kcm.c: doxygen documentation

	* lib/krb5/fcache.c: doxygen documentation

	* lib/krb5/cache.c: doxygen documentations
	
	* lib/krb5/doxygen.c: doxygen introduction

	* lib/krb5/error_string.c: Doxygen documentation.

2007-11-03  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/test_plugin.c: expose krb5_plugin_register

	* lib/krb5/plugin.c: expose krb5_plugin_register

	* lib/krb5/version-script.map: sort, expose krb5_plugin_register

2007-10-24  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kerberos5.c: Adding same enctype is enough one time. From
	Andy Polyakov and Bjorn Sandell.
	
2007-10-18  Love  <lha@@stacken.kth.se>

	* lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value
	from krb5_cc_start_seq_get. From Zeqing (Fred) Xia
	
	* lib/krb5/fcache.c (init_fcc): provide better error codes

	* kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid
	sending warning about pruned etypes.

	* kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour
	based) "old", this to support windows 2000 clients (unjoined to a
	domain). From Andy Polyakov.

2007-10-07  Love Hrnquist strand  <lha@@it.su.se>

	* doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell.
	
2007-10-04  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA
	Ken'ichi.

	* lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is
	NULL on failure.

2007-10-03  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from
	krb5_addr2sockaddr and igore thte test is that case.
	
2007-09-29  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/context.c (krb5_free_context): free
	default_cc_name_env, from Gunther Deschner.

2007-08-27  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make
	work with c++, reported by Hai Zaar

	* lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar

2007-08-20  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema

2007-07-31  Love Hrnquist strand  <lha@@it.su.se>

	* check return value of alloc functions, from Charles Longeau

	* lib/krb5/principal.c: spelling.

	* kadmin/kadmin.8: spelling

	* lib/krb5/crypto.c: Check return values from alloc
	functions. Prompted by patch of Charles Longeau.

	* lib/krb5/n-fold.c: Make _krb5_n_fold return a error
	code. Prompted by patch of Charles Longeau.

2007-07-27  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/init_creds.c: Always set the ticket options, use
	KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset
	tri-state not so useful.

2007-07-24  Love Hrnquist strand  <lha@@it.su.se>

	* tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of
	libraries.

	* tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in
	heimdal.

	* tools/Makefile.am: Add heimdal-gssapi.pc and install it into
	$(libdir)/pkgconfig

2007-07-23  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default.

2007-07-22  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as
	key if the entry is a correct entry.

	* lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from
	Gunther Deschner.

	* lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS.

	* lib/krb5/test_renew.c: Test for krb5_get_renewed_creds.

2007-07-21  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/keys.c: Make parse_key_set handle key set string "v5",
	from Peter Meinecke.

	* kdc/kaserver.c: Don't ovewrite the error code, from Peter
	Meinecke.

2007-07-18  Love Hrnquist strand  <lha@@it.su.se>

	* TODO-1.0: remove 

	* Makefile.am: remove TODO-1.0

2007-07-17  Love Hrnquist strand  <lha@@it.su.se>

	* Heimdal 1.0 release branch cut here
	
	* doc/hx509.texi: use version.texi
	
	* doc/heimdal.texi: use version.texi
	
	* doc/version.texi: version.texi

	* lib/hdb/db3.c: avoid type-punned pointer warning.

	* kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to
	please OpenSSL and gcc.

	* kdc/digest.c: Use unsigned char * as argument to MD5_Update to
	please OpenSSL and gcc.

2007-07-16  Love Hrnquist strand  <lha@@it.su.se>

	* include/Makefile.am: Add krb_err.h.

	* kdc/set_dbinfo.c: Print acl file too.

	* kdc/kerberos4.c: Error codes are just fine, remove XXX now.

	* lib/krb5/krb5-v4compat.h: Drop duplicate error codes.

	* kdc/kerberos4.c: switch to ET errors.

	* lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ.

	* lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the
	et BASE.

2007-07-15  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/krb5-v4compat.h: Include "krb_err.h".

	* lib/krb5/v4_glue.c: return more interesting error codes.

	* lib/krb5/plugin.c: Prefix enum plugin_type.

	* lib/krb5/krb5_locl.h: Expose plugin structures.
	
	* lib/krb5/krb5.h: Add plugin structures.

	* lib/krb5/krb_err.et: V4 errors.

	* lib/krb5/version-script.map: First version of version script.

2007-07-13  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kerberos5.c: Java 1.6 expects the name to be the same type,
	lets allow that for uncomplicated name-types.

2007-07-12  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains
	address 0, its ticket less and don't really care about
	from_addr. return better error codes.

	* kpasswd/kpasswdd.c: Fix pointer vs strict alias rules.

2007-07-11  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding
	more then one enctype 23 to krb5EncryptionType.

	* lib/krb5/cache.c: Spelling.

	* kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO.
	(get_pa_etype_info2): return the enctypes as sorted in the
	database

2007-07-10  Love Hrnquist strand  <lha@@it.su.se>

	* kuser/kinit.c: krb5-v4compat.h defines prototypes for
	v4 (semiprivate functions) in libkrb5, don't include
	krb5-private.h any longer.

	* lib/krb5/krbhst.c: Set error string when there is no KDC for a
	realm.

	* lib/krb5/Makefile.am: New library version.

	* kdc/Makefile.am: New library version.

	* lib/krb5/krb5_locl.h: Add default_cc_name_env.

	* lib/krb5/cache.c (enviroment_changed): return non-zero if
	enviroment that will determine default krb5cc name has changed.
	(krb5_cc_default_name): also check if cached value is uptodate.

	* lib/krb5/krb5_locl.h: Drop pkinit_flags.

2007-07-05  Love Hrnquist strand  <lha@@it.su.se>

	* configure.in: add tests/java/Makefile

	* lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file.

2007-07-04  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kerberos5.c: Improve the default salt detection to avoid
	returning v4 password salting to java that doesn't look at the
	returning padata for salting.

	* kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett

2007-07-02  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/digest.c: Try harder to provide better error message for
	digest messages.

	* lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on
	krb5-pr*.h, make -j finds this.
	
2007-06-28  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/digest.c: On success, print username, not ip-adress.

2007-06-26  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/get_cred.c: Add krb5_get_renewed_creds.

	* lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds

	* lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo.
	
2007-06-25  Love Hrnquist strand  <lha@@it.su.se>

	* doc/setup.texi: Add example for pkinit_win2k_require_binding
	in [kdc] section.

	* kdc/default_config.c: Rename require_binding to
	win2k_require_binding to match client configuration.

	* kdc/default_config.c: Add [kdc]pkinit_require_binding option.

	* kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply
	if its not required.

	* kdc/default_config.c: rename pkinit_princ_in_cert and add
	pkinit_require_binding

	* kdc/kdc.h: rename pkinit_princ_in_cert and add
	pkinit_require_binding

	* kdc/pkinit.c: rename pkinit_princ_in_cert

2007-06-24  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change.

2007-06-21  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/krb5tgs.c: Drop unused variable.

	* kdc/krb5tgs.c: disable anonyous tgs requests

	* kdc/krb5tgs.c: Don't check PAC on cross realm for now.

	* kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse
	nametypes.

	* lib/krb5/krb5_principal.3: Document krb5_parse_nametype.

	* lib/krb5/principal.c (krb5_parse_nametype): parse nametype and
	return their integer values.

	* lib/krb5/krb5.h (krb5_get_creds): Add
	KRB5_GC_CONSTRAINED_DELEGATION.

	* lib/krb5/get_cred.c (krb5_get_creds): if
	KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous
	and constrained_delegation.

2007-06-20  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/digest.c: Return an error message instead of dropping the
	packet for more failure cases.

	* lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY.

	* appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more
	gracefully
	
2007-06-18  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/pac.c: make compile.
	
	* lib/krb5/pac.c (verify_checksum): memset cksum to avoid using
	pointer from stack.

	* lib/krb5/plugin.c: Don't expose free pointer.

	* lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first
	calloc.
	
	* lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory

	* lib/krb5/krbhst.c: Host is static memory, don't free.

	* lib/krb5/crypto.c (decrypt_internal_derived): make sure length
	is longer then confounder + checksum.

	* kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from
	users. This to allows libkdc users to to specify their own
	databases

	* lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of
	content data (and avoid leaking memory).

	* kdc/misc.c (_kdc_db_fetch): set error string for failures.
	
2007-06-15  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.

2007-06-13  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/pkinit.c: tell user when they got a pk-init request with
	pkinit disabled.

2007-06-12  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to
	UNPARSE_DISPLAY.

	* lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY.

	* lib/krb5/principal.c: Make no-quote mean replace strange chars
	with space.

	* lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.

	* lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.

	* lib/krb5/test_princ.c: Test quoteing.

	* lib/krb5/pkinit.c: update (c)
	
	* lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC.

	* lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole
	process needs to restart or just skip this KDC.

	* lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to
	KDC.

	* lib/krb5/krb5.h: Add sendto hooks and opaque structure.

	* lib/krb5/krb5_rd_error.3: Update prototype.

	* lib/krb5/send_to_kdc.c: Add hooks for processing the reply from
	the server.
	
2007-06-11  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/krb5_err.et: Some new error codes from RFC 4120.
	
2007-06-09  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/krb5tgs.c: Constify.

	* kdc/kerberos5.c: Constify.

	* kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify.

2007-06-08  Love Hrnquist strand  <lha@@it.su.se>

	* include/Makefile.am: Make krb5-types.h nodist_include_HEADERS.

	* kdc/Makefile.am: EXTRA_DIST += version-script.map.
	
2007-06-07  Love Hrnquist strand  <lha@@it.su.se>
	
	* Makefile.am (print-distdir): print name of dist

	* kdc/pkinit.c: Break out loading of mappings file to a separate
	function and remove warning that it can't open the mapping file,
	there are now mappings in the db, maybe the users uses that
	instead...

	* lib/krb5/crypto.c: Require the raw key have the correct size and
	do away with the minsize.  Minsize was a thing that originated
	from RC2, but since RC2 is done in the x509/cms subsystem now
	there is no need to keep that around.

	* lib/hdb/dbinfo.c: If there is no default dbname, also check for
	unset mkey_file and set it default mkey name, make backward compat
	stuff work.

	* kdc/version-script.map: add new symbols

	* kdc/kdc-replay.c: Also update krb5_context view of what the time
	is.

	* configure.in: add tests/can/Makefile

	* kdc/kdc-replay.c: Add --[version|help].

	* kdc/pkinit.c: Push down the kdc time into the x509 library.

	* kdc/connect.c: Move up krb5_kdc_save_request so we can catch the
	reply data too.

	* kdc/kdc-replay.c: verify reply by checking asn1 class, type and
	tag of the reply if there is one.

	* kdc/process.c: Save asn1 class, type and tag of the reply if
	there is one. Used to verify the reply in kdc-replay.

2007-06-06  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kdc_locl.h: extern for request_log.

	* kdc/Makefile.am: Add kdc-replay.

	* kdc/kdc-replay.c: Replay kdc messages to the KDC library.

	* kdc/config.c: Pick up request_log from [kdc]kdc-request-log.

	* kdc/connect.c: Option to save the request to disk.

	* kdc/process.c (krb5_kdc_save_request): save request to file.

	* kdc/process.c (krb5_kdc_process*): dont update _kdc_time
	automagicly.
	(krb5_kdc_update_time): set or get current kdc-time.

	* kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and
	pkauthdata as the signeddata oid
	
	* kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong.

2007-06-05  Love Hrnquist strand  <lha@@it.su.se>
	
	* kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to
	match windows DC behavior better.
	
2007-06-04  Love Hrnquist strand  <lha@@it.su.se>

	* configure.in: use test for -framework Security

	* appl/test/uu_server.c: Print status to stdout.

	* kdc/digest.c (digest ntlm): provide log entires by setting ret
	to an error.
	
2007-06-03  Love Hrnquist strand  <lha@@it.su.se>

	* doc/hx509.texi: Indent crl-sign.

	* doc/hx509.texi: One more crl-sign example.

	* lib/krb5/test_princ.c: plug memory leaks.

	* lib/krb5/pac.c: plug memory leaks.

	* lib/krb5/test_pac.c: plug memory leaks.

	* lib/krb5/test_prf.c: plug memory leak.

	* lib/krb5/test_cc.c: plug memory leaks.

	* doc/hx509.texi: Simple blob about publishing CRLs.

	* doc/win2k.texi: drop text about enctypes.
	
2007-06-02  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/pkinit.c: In case of OCSP verification failure, referash
	every 5 min. In case of success, refreash 2 min before expiring or
	faster.
	
2007-05-31  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/krb5/krb5_err.et: add error 68, WRONG_REALM

	* kdc/pkinit.c: Handle the ms san in a propper way, still cheat
	with the realm name.

	* kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out
	directly and hand the error back to the client.

	* lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE
	and fix error message for CLIENT_NAME_MISMATCH.

	* kdc/pkinit.c: More logging for pk-init client mismatch.

	* kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for
	windows pk-init (-9) to make MIT clients happy.
	
2007-05-30  Love Hrnquist strand  <lha@@it.su.se>
	
	* kdc/pkinit.c: Force des3 for win2k.

	* kdc/pkinit.c: Add wrapping to ContentInfo wrapping to
	COMPAT_WIN2K.

	* lib/krb5/keytab_keyfile.c: Spelling.

	* kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta
	doesn't deal with case of realm.
	
2007-05-16  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead
	of encryption.
	
2007-05-10  Dave Love  <fx@@gnu.org>
	
	* doc/win2k.texi: Update some URLs.

2007-05-13  Love Hrnquist strand  <lha@@it.su.se>

	* kuser/kimpersonate.c: Fix version number of ticket, it should be
	5 not the kvno.
	
2007-05-08  Love Hrnquist strand  <lha@@it.su.se>

	* doc/setup.texi: Salting is really Encryption types and salting.
	
2007-05-07  Love Hrnquist strand  <lha@@it.su.se>
	
	* doc/setup.texi: spelling, from Ronny Blomme

	* doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny
	Blomme
	
2007-05-02  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database
	specified, create one and let it use the defaults.
	
2007-04-27  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/hdb/test_dbinfo.c: test acl file

	* lib/hdb/test_dbinfo.c: test acl file

	* lib/hdb/dbinfo.c: add acl file

	* etc: ignore Makefile.in

	* Makefile.am: SUBDIRS += etc

	* configure.in: Add etc/Makefile.

	* etc/Makefile.am: make sure services.append is distributed

2007-04-24  Love Hrnquist strand  <lha@@it.su.se>

	* kdc: rename windc_init to krb5_kdc_windc_init

	* kdc/version-script.map: version script for libkdc
	
	* kdc/Makefile.am: version script for libkdc
	
2007-04-23  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error):
	correct the order of the arguments.

	* lib/hdb/Makefile.am: Add and test dbinfo.

	* lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo;

	* kdc/config.c: Use krb5_kdc_get_config and just fill in what the
	users wanted differently.

	* kdc/default_config.c: Make the default configuration fetch info
	from the krb5.conf.
	
2007-04-22  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
	determine if to send the session-key, for the second place in the
	function.

	* tools/krb5-config.in: rename des to hcrypto

	* kuser/Makefile.am: depend on libheimntlm

	* kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for
	this domain if the Kerberos password auth worked.

	* kuser/klist.c: add new option --hidden that doesn't display
	principal that starts with @@

	* tools/krb5-config.in: Add heimntlm when we use gssapi.

	* lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to
	free 'cred' with.

	* lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free
	'cred' with.
	
2007-04-21  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
	determine if to send the session-key.

	* kcm/client.c (kcm_ccache_new_client): make root be able to pass
	the name constraints, not the opposite. From Bryan Jacobs.
	
2007-04-20  Love Hrnquist strand  <lha@@it.su.se>

	* kcm/acl.c: make compile again.

	* kcm/client.c: fix warning.
	
	* kcm: First, it allows root to ignore the naming conventions.
	Second, it allows root to always perform any operation on any
	ccache.  Note that root could do this anyway with FILE ccaches.
	From Bryan Jacobs.

	* Rename libdes to libhcrypto.

2007-04-19  Love Hrnquist strand  <lha@@it.su.se>

	* kinit: remove code that depend on kerberos 4 library
	
	* kdc: remove code that depend on kerberos 4 library
	
	* configure.in: Drop kerberos 4 support.

	* kdc/hpropd.c (main): free the message when done with it.

	* lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit):
	remember to free memory too.

	* lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when
	done.

	* configure.in: test rk_VERSIONSCRIPT
	
2007-04-18  Love Hrnquist strand  <lha@@it.su.se>

	* fix-export: remove, all done by make dist now

2007-04-15  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre

2007-04-11  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kstash.8: Spelling, from raga <raga@@comcast.net> 
	via Bjorn Sandell.

	* lib/krb5/store_mem.c: indent.

	* lib/krb5/recvauth.c: Set error string.

	* lib/krb5/rd_req.c: clear error strings.

	* lib/krb5/rd_cred.c: clear error string.

	* lib/krb5/pkinit.c: Set error strings.

	* lib/krb5/get_cred.c: Tell what principal we are not finding for
	all KRB5_CC_NOTFOUND.
	
2007-02-22  Love Hrnquist strand  <lha@@it.su.se>
	
	* kdc/kerberos5.c: Return the same error codes as a windows KDC.

	* kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password
	failed.
	
	* kdc/kerberos5.c: Make handling of replying e_data more generic,
	from metze.

	* kdc/kerberos5.c: Fix (string const and shadow) warnings, from
	metze.

	* lib/krb5/pac.c: Create the PAC element in the same order as
	w2k3, maybe there's some broken code in windows which relies on
	this... From metze.

	* kdc/kerberos5.c: Select a session enctype from the list of the
	crypto systems supported enctype, is supported by the client and
	is one of the enctype of the enctype of the krbtgt.
	
	The later is used as a hint what enctype all KDC are supporting to
	make sure a newer version of KDC wont generate a session enctype
	that and older version of a KDC in the same realm can't decrypt.
	
	But if the KDC admin is paranoid and doesn't want to have "no the
	best" enctypes on the krbtgt, lets save the best pick from the
	client list and hope that that will work for any other KDCs.
	
	Reported by metze.

	* kdc/hprop.c (propagate_database): on any failure, drop the
	connection to the peer and try next one.
	
2007-02-18  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/krb5_get_init_creds.3: document new options.

	* kdc/krb5tgs.c: Only check service key for cross realm PACs.

	* lib/krb5/init_creds.c: use the new merged flags field.
	(krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k
	compat flags.

	* lib/krb5/init_creds_pw.c: use the new merged flags field.

	* lib/krb5/krb5_locl.h: merge all flags into one entity
	
2007-02-11  Dave Love  <fx@@gnu.org>
	
	* lib/krb5/krb5_aname_to_localname.3: Small fixes
	
	* lib/krb5/krb5_digest.3: Small fixes
	
	* kuser/kimpersonate.1: Small fixes

2007-02-17  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/init_creds_pw.c (find_pa_data): if there is no list,
	there is no entry.

	* kdc/krb5tgs.c: Don't check PACs on cross realm requests.

	* lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES.

	* lib/krb5/init_creds_pw.c: Verify client referral data.

	* kdc/kerberos5.c: switch some "return ret" to "goto out".
	
	* kdc/kerberos5.c: Pass down canonicalize request to hdb layer,
	sign client referrals.
	
	* lib/hdb/hdb.h: Add HDB_F_CANON.

	* lib/hdb: add simple alias support to the database backends

2007-02-16  Love Hrnquist strand  <lha@@it.su.se>

	* kuser/kinit.c: Add canonicalize flag.

	* lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support
	canonicalize.

	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize):
	new function.
	
	* lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags.

	* lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags.

	* lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags.
	
2007-02-15  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/test_princ.c: test parsing enterprise-names.

	* lib/krb5/principal.c: Add support for parsing enterprise-names.

	* lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE.

	* lib/hdb/hdb-ldap.c: Make work again.
	
2007-02-11  Dave Love  <fx@@gnu.org>

	* kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value.
	
2007-02-10  Love Hrnquist strand  <lha@@it.su.se>
	
	* doc/setup.texi: prune trailing space

	* lib/hdb/db.c: Be better at setting and clearing error string.

	* lib/hdb/hdb.c: Be better at setting and clearing error string.

2007-02-09  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name
	to print out the keytab name.

	* doc/setup.texi: Spelling, from Guido Guenther
	
2007-02-08  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen.

2007-02-06  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/test_store.c (test_uint16): unsigned ints can't be
	negative
	
2007-02-03  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/pkinit.c: pass extra flags for detached signatures.

	* lib/krb5/pkinit.c: pass extra flags for detached signatures.

	* kdc/digest.c: Remove debug output.

	* kuser/kdigest.c: Add support for ms-chap-v2 client.
	
2007-02-02  Love Hrnquist strand  <lha@@it.su.se>
		
	* kdc/digest.c: Fix ms-chap-v2 get_masterkey

	* kdc/digest.c: Fix ms-chap-v2 mutual response auth code.

	* kuser/kdigest.c: Print session key if there is one.

	* lib/krb5/digest.c: rename hash-a1 to session key

	* kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2

	* kuser/kdigest.c: print rsp if there is one, from Klas.

	* kdc/digest.c: Use right size, from Klas Lindfors.

	* kuser/kdigest.c: Set client nonce if avaible, from Klas.

	* kdc/digest.c: First version from kllin.

	* kuser/kdigest.c: Don't restrict the type.
	
2007-02-01  Love Hrnquist strand  <lha@@it.su.se>
	
	* kuser/kdigest-commands.in: add --client-response

	* kuser/kdigest.c: Print status instead of response.

	* kdc/digest.c: Better logging and return status = FALSE when
	checksum doesn't match.

	* kdc/digest.c: Check the digest response in the KDC.

	* lib/krb5/digest.c: New functions to send in requestResponse to
	KDC and get status of the request.

	* kdc/digest.c: Add support for MS-CHAP v2.

	* lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap.
	
2007-01-31  Love Hrnquist strand  <lha@@it.su.se>

	* fix-export: Make hx509.info too

	* kdc/digest.c: don't verify identifier in CHAP, its the client
	that chooses it.
	
2007-01-23  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/Makefile.am: Basic test of prf.

	* lib/krb5/test_prf.c: Basic test of prf.

	* lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF
	functions.

	* lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions.

	* lib/krb5/krb5_data.3: Document krb5_data_cmp.

	* lib/krb5/data.c: Add krb5_data_cmp.
	
2007-01-20  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kx509.c: Don't use C99 syntax.
	
2007-01-17  Love Hrnquist strand  <lha@@it.su.se>
	
	* configure.in: its LIBADD_roken (and shouldn't really exist, our
	libtool usage it broken)

	* configure.in: Add an extra variable for roken, LIBADD, that
	should be used for library depencies.

	* lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer.

	* lib/krb5/krb5_init_context.3: fix mdoc errors

	* Heimdal 0.8 branch cut today

	* doc/hx509.texi: Spelling and more about proxy certificates.

	* configure.in: check for arc4random
	
2007-01-16  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data
	before starting

	* tools/heimdal-build.sh: make cvs keep quiet

	* kuser/kverify.c: Use argument as principal if passed an
	argument. Bug report from Douglas E. Engert
	
2007-01-15  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider
	the enc_tkt_in_skey case, from Douglas E. Engert.

	* kdc/kx509.c: Issue certificates.

	* kdc/config.c: Parse kx509/kca configuration.

	* kdc/kdc.h: add kx509 config
	
2007-01-14  Love Hrnquist strand  <lha@@it.su.se>
	
	* kdc/kerberos5.c (_kdc_find_padata): if there is not padata,
	there is nothing find.

	* doc/hx509.texi: Examples for pk-init.

	* doc/hx509.texi: About extending ca lifetime and sub cas.
	
2007-01-13  Love Hrnquist strand <lha@@it.su.se>
	
	* doc/hx509.texi: More about certificates.
	
2007-01-12  Love Hrnquist strand  <lha@@it.su.se>

	* doc/hx509.texi: add Application requirements and write about
	xmpp/jabber.
	
2007-01-11  Love Hrnquist strand  <lha@@it.su.se>

	* doc/hx509.texi: More about issuing certificates.

	* doc/hx509.texi: Start of a x.509 manual.

	* include/Makefile.am: remove install headerfiles

	* lib/krb5/test_pac.c: Use more interesting data to cause more
	errors.

	* include/Makefile.am: remove install headerfiles

	* lib/krb5/mcache.c: MCC_CURSOR not used, remove.

	* lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used

	* lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to
	allocate data
	
2007-01-10  Love Hrnquist strand  <lha@@it.su.se>
	
	* doc/setup.texi: Hint about hxtool validate.

	* appl/test/uu_server.c: print both "server" and "client"

	* kdc/krb5tgs.c: Rename keys to be more obvious what they do.

	* kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew
	Bartlett
	
	* kdc/windc.c: ident, spelling.

	* kdc/windc_plugin.h: indent.

	* kdc/krb5tgs.c: Pass down server entry to verify_pac function.
	from Andrew Bartlett

	* kdc/windc.c: pass down server entry to verify_pac function, from
	Andrew Bartlett

	* kdc/windc_plugin.h: pass down server entry to verify_pac
	function, from Andrew Bartlett

	* configure.in: Provide a automake symbol ENABLE_SHARED if shared
	libraries are built.

	* lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock
	when verifying the PAC.  From Andrew Bartlett.
	
2007-01-09  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/test_pac.c: move around to code test on real PAC.

	* lib/krb5/pac.c: A tiny 2 char diffrence that make the code work
	for real.

	* lib/krb5/test_pac.c: Test more PAC (note that the values used in
	this test is wrong, they have to be fixed when the pac code is
	fixed).

	* doc/setup.texi: Update to new hxtool issue-certificate usage

	* lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS
	and PK-INIT pa data, no need to expose our password protecting our
	PKCS12 key.

	* kuser/klist.c (print_cred_verbose): include ticket length in the
	verbose output
	
2007-01-08  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without
	it linux is unhappy.

	* lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without
	it linux is unhappy.

	* lib/krb5/name-45-test.c: One of the hosts I sometimes uses is
	named "bar.domain", this make one of the tests pass when it
	shouldn't.

2007-01-05  Love Hrnquist strand  <lha@@it.su.se>

	* doc/setup.texi: Change --key argument to --out-key.

	* kuser/kimpersonate.1: mangle my name
	
2007-01-04  Love Hrnquist strand  <lha@@it.su.se>
	
	* doc/setup.texi: describe how to use hx509 to create
	certificates.

	* tools/heimdal-build.sh: Add --distcheck.

	* kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check
	if we should include the PAC in the krbtgt.

	* kdc/pkinit.c (_kdc_as_rep): check if
	krb5_generate_random_keyblock failes.

	* kdc/kerberos5.c (_kdc_as_rep): check if
	krb5_generate_random_keyblock failes.

	* kdc/krb5tgs.c (tgs_build_reply): check if
	krb5_generate_random_keyblock failes.

	* kdc/krb5tgs.c: Scope etype.

	* lib/krb5/rd_req.c: Make it possible to turn off PAC check, its
	default on.

	* lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify
	its server signature.

	* kdc/kerberos5.c (_kdc_as_rep): call windc client access hook.
	(_kdc_tkt_add_if_relevant_ad): constify in data argument.

	* kdc/windc_plugin.h: More comments add a client_access hook.

	* kdc/windc.c: Add _kdc_windc_client_access.

	* kdc/krb5tgs.c: rename functions after export some more pac
	functions.

	* lib/krb5/test_pac.c: export some more pac functions.

	* lib/krb5/pac.c: export some more pac functions.

	* kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC.

	* configure.in: add tests/plugin/Makefile
	
2007-01-03  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/krb5tgs.c: Get right key for PAC krbtgt verification.

	* kdc/config.c: spelling

	* lib/krb5/krb5.h: typedef for krb5_pac.

	* kdc/headers.h: Include <windc_plugin.h>.

	* kdc/Makefile.am: Include windc.c and use windc_plugin.h

	* kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain
	Controller.

	* kdc/kerberos5.c: Call callbacks for emulating a Windows Domain
	Controller.  Move the some of the log related stuff to its own
	function.

	* kdc/config.c: Init callbacks for emulating a Windows Domain
	Controller.

	* kdc/windc.c: Rename the init function to windc instead of pac.

	* kdc/windc.c: Callbacks specific to emulating a Windows Domain
	Controller.

	* kdc/windc_plugin.h: Callbacks specific to emulating a Windows
	Domain Controller.

	* lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ

	* lib/krb5/pac.c: Support all keyed checksum types.
	
2007-01-02  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/krb5/pac.c (krb5_pac_get_types): Return list of types.
	
	* lib/krb5/test_pac.c: test krb5_pac_get_types

	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.

	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.

	* lib/krb5/krb5.h: Add KRB5_KRBHST_KCA.

	* lib/krb5/test_pac.c: test Add/remove pac buffer functions.

	* lib/krb5/pac.c: Add/remove pac buffer functions.

	* lib/krb5/pac.c: sprinkle const

	* lib/krb5/pac.c: rename DCHECK to CHECK
	
	* Happy New Year.
@


1.1
log
@Initial revision
@
text
@a0 1
2000-01-08  Assar Westerlund  <assar@@sics.se>
d2 3
a4 93
	* Release 0.2m

2000-01-08  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am: bump version to 7:1:0
	* lib/krb5/principal.c (krb5_sname_to_principal): use
	krb5_expand_hostname
	* lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
	ai_canonname being set in any of the addresses returnedby
	getaddrinfo.  glibc apparently returns the reverse lookup of every
	address in ai_canonname.

2000-01-06  Assar Westerlund  <assar@@sics.se>

	* Release 0.2l

2000-01-06  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am: set version to 7:0:0
	* lib/krb5/principal.c (krb5_sname_to_principal): remove `hp'

	* lib/hdb/Makefile.am: set version to 4:1:1

	* kdc/hpropd.c (dump_krb4): use `krb5_get_default_realms'
	* lib/krb5/get_in_tkt.c (add_padata): change types to make
	everything work out
	(krb5_get_in_cred): remove const to make types match
	* lib/krb5/crypto.c (ARCFOUR_string_to_key): correct signature
	* lib/krb5/principal.c (krb5_sname_to_principal): handle not
	getting back a canonname

2000-01-06  Assar Westerlund  <assar@@sics.se>

	* Release 0.2k

2000-01-06  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): advance colon so that
	we actually parse the port number.  based on a patch from Leif
	Johansson <leifj@@it.su.se>

2000-01-02  Assar Westerlund  <assar@@sics.se>

	* admin/purge.c: remove all non-current and old entries from a
	keytab

	* admin: break up ktutil.c into files

	* admin/ktutil.c (list): support --verbose (also listning time
	stamps)
	(kt_add, kt_get): set timestamp in newly created entries
	(kt_change): add `change' command

	* admin/srvconvert.c (srvconv): set timestamp in newly created
	entries
	* lib/krb5/keytab_keyfile.c (akf_next_entry): set timetsamp,
	always go the a predicatble position on error
	* lib/krb5/keytab.c (krb5_kt_copy_entry_contents): copy timestamp
	* lib/krb5/keytab_file.c (fkt_add_entry): store timestamp
	(fkt_next_entry_int): return timestamp
	* lib/krb5/krb5.h (krb5_keytab_entry): add timestamp

1999-12-30  Assar Westerlund  <assar@@sics.se>

	* configure.in (krb4): use `-ldes' in tests

1999-12-26  Assar Westerlund  <assar@@sics.se>

	* lib/hdb/print.c (event2string): handle events without principal.
  	From Luke Howard <lukeh@@PADL.COM>

1999-12-25  Assar Westerlund  <assar@@sics.se>

	* Release 0.2j

Tue Dec 21 18:03:17 1999  Assar Westerlund  <assar@@sics.se>

	* lib/hdb/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
 	related systems

	* lib/asn1/Makefile.am (asn1_files): add $(EXEEXT) for cygwin and
 	related systems

	* include/Makefile.am (krb5-types.h): add $(EXEEXT) for cygwin and
 	related systems

1999-12-20  Assar Westerlund  <assar@@sics.se>

	* Release 0.2i

1999-12-20  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to 6:3:1
d6 3
a8 47
	* lib/krb5/send_to_kdc.c (send_via_proxy): free data
	* lib/krb5/send_to_kdc.c (send_via_proxy): new function use
	getaddrinfo instead of gethostbyname{,2}
	* lib/krb5/get_for_creds.c: use getaddrinfo instead of
	getnodebyname{,2}

1999-12-17  Assar Westerlund  <assar@@sics.se>

	* Release 0.2h

1999-12-17  Assar Westerlund  <assar@@sics.se>

	* Release 0.2g

1999-12-16  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am: bump version to 6:2:1

	* lib/krb5/principal.c (krb5_sname_to_principal): handle
	ai_canonname not being set
	* lib/krb5/expand_hostname.c (krb5_expand_hostname): handle
	ai_canonname not being set

	* appl/test/uu_server.c: print messages to stderr
	* appl/test/tcp_server.c: print messages to stderr
	* appl/test/nt_gss_server.c: print messages to stderr
	* appl/test/gssapi_server.c: print messages to stderr

	* appl/test/tcp_client.c (proto): remove shadowing `context'
	* appl/test/common.c (client_doit): add forgotten ntohs

1999-12-13  Assar Westerlund  <assar@@sics.se>

	* configure.in (VERISON): bump to 0.2g-pre

1999-12-12  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/principal.c (krb5_425_conv_principal_ext): be more
 	robust and handle extra dot at the beginning of default_domain

1999-12-12  Assar Westerlund  <assar@@sics.se>

	* Release 0.2f

1999-12-12  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am: bump version to 6:1:1
d10 3
a12 95
	* lib/krb5/changepw.c (get_kdc_address): use
 	`krb5_get_krb_changepw_hst'

	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): add

	* lib/krb5/get_host_realm.c: add support for _kerberos.domain
 	(according to draft-ietf-cat-krb-dns-locate-01.txt)

1999-12-06  Assar Westerlund  <assar@@sics.se>

	* Release 0.2e

1999-12-06  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/changepw.c (krb5_change_password): use the correct
 	address

	* lib/krb5/Makefile.am: bump version to 6:0:1

	* lib/asn1/Makefile.am: bump version to 1:4:0

1999-12-04  Assar Westerlund  <assar@@sics.se>

	* configure.in: move AC_KRB_IPv6 to make sure it's performed
 	before AC_BROKEN
	(el_init): use new feature of AC_FIND_FUNC_NO_LIBS

	* appl/test/uu_client.c: use client_doit
	* appl/test/test_locl.h (client_doit): add prototype
	* appl/test/tcp_client.c: use client_doit
	* appl/test/nt_gss_client.c: use client_doit
	* appl/test/gssapi_client.c: use client_doit
	* appl/test/common.c (client_doit): move identical code here and
	start using getaddrinfo

	* appl/kf/kf.c (doit): rewrite to use getaddrinfo
	* kdc/hprop.c: re-write to use getaddrinfo
	* lib/krb5/principal.c (krb5_sname_to_principal): use getaddrinfo
	* lib/krb5/expand_hostname.c (krb5_expand_hostname): use
	getaddrinfo
	* lib/krb5/changepw.c: re-write to use getaddrinfo
	* lib/krb5/addr_families.c (krb5_parse_address): use getaddrinfo

1999-12-03  Assar Westerlund  <assar@@sics.se>

	* configure.in (BROKEN): check for freeaddrinfo, getaddrinfo,
	getnameinfo, gai_strerror
	(socklen_t): check for

1999-11-23  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c (ARCFOUR_string_to_key): change order of bytes
 	within unicode characters.  this should probably be done in some
 	arbitrarly complex way to do it properly and you would have to
 	know what character encoding was used for the password and salt
 	string.

	* lib/krb5/addr_families.c (ipv4_uninteresting): ignore 0.0.0.0
	(INADDR_ANY)
	(ipv6_uninteresting): remove unused macro

1999-11-22  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/krb5.h: rc4->arcfour

	* lib/krb5/crypto.c: rc4->arcfour

1999-11-17  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5_locl.h: add <rc4.h>
	* lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_RC4
	* lib/krb5/crypto.c: some code for doing RC4/MD5/HMAC which might
	not be totally different from some small company up in the
	north-west corner of the US

	* lib/krb5/get_addrs.c (find_all_addresses): change code to
 	actually increment buf_size

1999-11-14  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.h (krb5_context_data): add `scan_interfaces'
	* lib/krb5/get_addrs.c (krb5_get_all_client_addrs): make interaces
 	scanning optional
	* lib/krb5/context.c (init_context_from_config_file): set
 	`scan_interfaces'

	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add add_et_list.c
	* lib/krb5/add_et_list.c (krb5_add_et_list): new function

1999-11-12  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_default_realm.c (krb5_get_default_realm,
	krb5_get_default_realms): set realms if they were unset
	* lib/krb5/context.c (init_context_from_config_file): don't
	initialize default realms here.  it's done lazily instead.
d14 4
a17 13
	* lib/krb5/krb5.h (KRB5_TC_*): make constants unsigned
	* lib/asn1/gen_glue.c (generate_2int, generate_units): make sure
	bit constants are unsigned
	* lib/asn1/gen.c (define_type): make length in sequences be
	unsigned.

	* configure.in: remove duplicate test for setsockopt test for
	struct tm.tm_isdst

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): generate
	preauthentication information if we get back ERR_PREAUTH_REQUIRED
	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): remove
	preauthentication generation code.  it's now in krb5_get_in_cred
d19 3
a21 2
	* configure.in (AC_BROKEN_SNPRINTF): add strptime check for struct
	tm.tm_gmtoff and timezone
d23 1
a23 1
1999-11-11  Johan Danielsson  <joda@@pdc.kth.se>
d25 1
a25 1
	* kdc/main.c: make this work with multi-db
d27 1
a27 1
	* kdc/kdc_locl.h: make this work with multi-db
d29 1
a29 1
	* kdc/config.c: make this work with multi-db
d31 1
a31 1
1999-11-09  Johan Danielsson  <joda@@pdc.kth.se>
d33 1
a33 1
	* kdc/misc.c: update for multi-database code
d35 1
a35 1
	* kdc/main.c: update for multi-database code
d37 2
a38 1
	* kdc/kdc_locl.h: update
d40 1
a40 1
	* kdc/config.c: allow us to have more than one database
d42 1
a42 1
1999-11-04  Assar Westerlund  <assar@@sics.se>
d44 1
a44 1
	* Release 0.2d
d46 4
a49 3
	* lib/krb5/Makefile.am: bump version to 5:0:0 to be safe
 	(krb5_context_data has changed and some code do (might) access
 	fields directly)
d51 2
a52 1
	* lib/krb5/krb5.h (krb5_context_data): add `etypes_des'
d54 3
a56 2
	* lib/krb5/get_cred.c (init_tgs_req): use
 	krb5_keytype_to_enctypes_default
d58 1
a58 2
	* lib/krb5/crypto.c (krb5_keytype_to_enctypes_default): new
 	function
d60 1
a60 2
	* lib/krb5/context.c (set_etypes): new function
	(init_context_from_config_file): set both `etypes' and `etypes_des'
d62 1
a62 1
1999-11-02  Assar Westerlund  <assar@@sics.se>
d64 2
a65 1
	* configure.in (VERSION): bump to 0.2d-pre
d67 1
a67 1
1999-10-29  Assar Westerlund  <assar@@sics.se>
d69 1
a69 1
	* lib/krb5/principal.c (krb5_parse_name): check memory allocations
d71 1
a71 1
1999-10-28  Assar Westerlund  <assar@@sics.se>
d73 1
a73 1
	* Release 0.2c
d75 1
a75 1
	* lib/krb5/dump_config.c (print_tree): check for empty tree
d77 1
a77 3
	* lib/krb5/string-to-key-test.c (tests): update the test cases
 	with empty principals so that they actually use an empty realm and
 	not the default.  use the correct etype for 3DES
d79 1
a79 1
	* lib/krb5/Makefile.am: bump version to 4:1:0
d81 1
a81 1
	* kdc/config.c (configure): more careful with the port string
d83 1
a83 1
1999-10-26  Assar Westerlund  <assar@@sics.se>
d85 1
a85 1
	* Release 0.2b
d87 1
a87 1
1999-10-20  Assar Westerlund  <assar@@sics.se>
d89 1
a89 3
	* lib/krb5/Makefile.am: bump version to 4:0:0
 	(krb524_convert_creds_kdc and potentially some other functions
 	have changed prototypes)
d91 3
a93 1
	* lib/hdb/Makefile.am: bump version to 4:0:1
d95 2
a96 20
	* lib/asn1/Makefile.am: bump version to 1:3:0

	* configure.in (LIB_roken): add dbopen.  getcap in roken
 	references dbopen and with shared libraries we need to add this
 	dependency.

	* lib/krb5/verify_krb5_conf.c (main): support speicifying the
 	configuration file to test on the command line

	* lib/krb5/config_file.c (parse_binding): handle line with no
 	whitespace before =
	(krb5_config_parse_file_debug): set lineno earlier so that we don't
	use it unitialized

	* configure.in (AM_INIT_AUTOMAKE): bump to 0.2b-pre opt*: need
 	more include files for these tests

	* lib/krb5/set_default_realm.c (krb5_set_default_realm): use
 	krb5_config_get_strings, which means that your configuration file
 	should look like:
d98 1
a98 2
	[libdefaults]
	  default_realm = realm1 realm2 realm3
d100 2
a101 2
	* lib/krb5/set_default_realm.c (config_binding_to_list): fix
 	copy-o.  From Michal Vocu <michal@@karlin.mff.cuni.cz>
d103 1
a103 2
	* kdc/config.c (configure): add a missing strdup.  From Michal
 	Vocu <michal@@karlin.mff.cuni.cz>
d105 1
a105 1
1999-10-17  Assar Westerlund  <assar@@sics.se>
d107 1
a107 1
	* Release 0.2a
d109 1
a109 2
	* configure.in: only test for db.h with using berkeley_db. remember
 	to link with LIB_tgetent when checking for el_init. add xnlock
d111 3
a113 5
	* appl/Makefile.am: add xnlock

	* kdc/kerberos5.c (find_etype): support null keys

	* kdc/kerberos4.c (get_des_key): support null keys
d115 1
a115 2
	* lib/krb5/crypto.c (krb5_get_wrapped_length): more correct
 	calculation
d117 1
a117 1
1999-10-16  Johan Danielsson  <joda@@pdc.kth.se>
d119 1
a119 1
	* kuser/kinit.c (main): pass ccache to krb524_convert_creds_kdc
d121 1
a121 1
1999-10-12  Johan Danielsson  <joda@@pdc.kth.se>
d123 1
a123 1
	* lib/krb5/crypto.c (krb5_enctype_to_keytype): remove warning
d125 1
a125 1
1999-10-10  Assar Westerlund  <assar@@sics.se>
d127 2
a128 1
	* lib/krb5/mk_req.c (krb5_mk_req): use krb5_free_host_realm
d130 1
a130 1
	* lib/krb5/krb5.h (krb5_ccache_data): make `ops' const
d132 1
a132 1
	* lib/krb5/crypto.c (krb5_string_to_salttype): new function
d134 2
a135 3
	* **/*.[ch]: const-ize

1999-10-06  Assar Westerlund  <assar@@sics.se>
d137 2
a138 1
	* lib/krb5/creds.c (krb5_compare_creds): const-ify
d140 1
a140 1
	* lib/krb5/cache.c: clean-up and comment-up
d142 1
a142 2
	* lib/krb5/copy_host_realm.c (krb5_copy_host_realm): copy all the
 	strings
d144 1
a144 2
	* lib/krb5/verify_user.c (krb5_verify_user_lrealm): free the
 	correct realm part
d146 1
a146 2
	* kdc/connect.c (handle_tcp): things work much better when ret is
 	initialized
d148 1
a148 1
1999-10-03  Assar Westerlund  <assar@@sics.se>
d150 2
a151 2
	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): look at the
 	type of the session key
d153 1
a153 2
	* lib/krb5/crypto.c (krb5_enctypes_compatible_keys): spell
 	correctly
d155 1
a155 2
	* lib/krb5/creds.c (krb5_compare_creds): fix spelling of
 	krb5_enctypes_compatible_keys
d157 1
a157 3
	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): get new
 	credentials from the KDC if the existing one doesn't have a DES
 	session key.
d159 1
a159 2
	* lib/45/get_ad_tkt.c (get_ad_tkt): update to new
 	krb524_convert_creds_kdc
d161 1
a161 1
1999-10-03  Johan Danielsson  <joda@@pdc.kth.se>
d163 2
a164 1
	* lib/krb5/keytab_keyfile.c: make krb5_akf_ops const
d166 2
a167 1
	* lib/krb5/keytab_memory.c: make krb5_mkt_ops const
d169 1
a169 1
	* lib/krb5/keytab_file.c: make krb5_fkt_ops const
d171 1
a171 1
1999-10-01  Assar Westerlund  <assar@@sics.se>
d173 1
a173 1
	* lib/krb5/config_file.c: rewritten to allow error messages
d175 1
a175 2
	* lib/krb5/Makefile.am (bin_PROGRAMS): add verify_krb5_conf
	(libkrb5_la_SOURCES): add config_file_netinfo.c
d177 1
a177 2
	* lib/krb5/verify_krb5_conf.c: new program for verifying that
	krb5.conf is corret
d179 2
a180 2
	* lib/krb5/config_file_netinfo.c: moved netinfo code here from
 	config_file.c
d182 1
a182 1
1999-09-28  Assar Westerlund  <assar@@sics.se>
d184 1
a184 1
	* kdc/hpropd.c (dump_krb4): kludge default_realm
d186 1
a186 2
	* lib/asn1/check-der.c: add test cases for Generalized time and
 	make sure we return the correct value
d188 4
a191 1
	* lib/asn1/der_put.c: simplify by using der_put_length_and_tag
d193 4
a196 84
	* lib/krb5/verify_user.c (krb5_verify_user_lrealm): ariant of
 	krb5_verify_user that tries in all the local realms

	* lib/krb5/set_default_realm.c: add support for having several
 	default realms

	* lib/krb5/kuserok.c (krb5_kuserok): use `krb5_get_default_realms'

	* lib/krb5/get_default_realm.c (krb5_get_default_realms): add

	* lib/krb5/krb5.h (krb5_context_data): change `default_realm' to
 	`default_realms'

	* lib/krb5/context.c: change from `default_realm' to
 	`default_realms'

	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
 	krb5_get_default_realms

	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add copy_host_realm.c

	* lib/krb5/copy_host_realm.c: new file

1999-09-27  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/asn1/der_put.c (encode_generalized_time): encode length

	* lib/krb5/recvauth.c: new function `krb5_recvauth_match_version'
	that allows more intelligent matching of the application version

1999-09-26  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/asn1_print.c: add err.h

	* kdc/config.c (configure): use parse_bytes

	* appl/test/nt_gss_common.c: use the correct header file

1999-09-24  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/klist.c: add a `--cache' flag

	* kuser/kinit.c (main): only get default value for `get_v4_tgt' if
	it's explicitly set in krb5.conf

1999-09-23  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/asn1_print.c (tag_names); add another univeral tag

	* lib/asn1/der.h: update universal tags

1999-09-22  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/asn1_print.c (loop): print length of octet string

1999-09-21  Johan Danielsson  <joda@@pdc.kth.se>

	* admin/ktutil.c (kt_get): add `--help'

1999-09-21  Assar Westerlund  <assar@@sics.se>

	* kuser/Makefile.am: add kdecode_ticket

	* kuser/kdecode_ticket.c: new debug program

	* appl/test/nt_gss_server.c: new program to test against `Sample *
 	SSPI Code' in Windows 2000 RC1 SDK.

	* appl/test/Makefile.am: add nt_gss_client and nt_gss_server

	* lib/asn1/der_get.c (decode_general_string): remember to advance
 	ret over the length-len

	* lib/asn1/Makefile.am: add asn1_print

	* lib/asn1/asn1_print.c: new program for printing DER-structures

	* lib/asn1/der_put.c: make functions more consistent

	* lib/asn1/der_get.c: make functions more consistent

1999-09-20  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/kerberos5.c: be more informative in pa-data error messages
d198 1
a198 1
1999-09-16  Assar Westerlund  <assar@@sics.se>
d200 2
a201 1
	* configure.in: test for strlcpy, strlcat
d203 1
a203 1
1999-09-14  Assar Westerlund  <assar@@sics.se>
d205 1
a205 217
	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): return
 	KRB5_LIBOS_PWDINTR when interrupted

	* lib/krb5/get_in_tkt_pw.c (krb5_password_key_proc): check return
 	value from des_read_pw_string

	* kuser/kinit.c (main): don't print any error if reading the
 	password was interrupted

	* kpasswd/kpasswd.c (main): don't print any error if reading the
 	password was interrupted

	* kdc/string2key.c (main): check the return value from fgets

	* kdc/kstash.c (main): check return value from des_read_pw_string

	* admin/ktutil.c (kt_add): check the return-value from fgets and
 	overwrite the password for paranoid reasons

	* lib/krb5/keytab_keyfile.c (get_cell_and_realm): only remove the
 	newline if it's there

1999-09-13  Assar Westerlund  <assar@@sics.se>

	* kdc/hpropd.c (main): remove bogus error with `--print'.  remove
 	sysloging of number of principals transferred

	* kdc/hprop.c (ka_convert): set flags correctly for krbtgt/CELL
 	principals
	(main): get rid of bogus opening of hdb database when propagating
	ka-server database

1999-09-12  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5_locl.h (O_BINARY): add fallback definition

	* lib/krb5/krb5.h (krb5_context_data): add keytab types

	* configure.in: revert back awk test, not worked around in
 	roken.awk

	* lib/krb5/keytab_krb4.c: remove O_BINARY

	* lib/krb5/keytab_keyfile.c: some support for AFS KeyFile's.  From
	Love <lha@@e.kth.se>

	* lib/krb5/keytab_file.c: remove O_BINARY

	* lib/krb5/keytab.c: move the list of keytab types to the context

	* lib/krb5/fcache.c: remove O_BINARY

	* lib/krb5/context.c (init_context_from_config_file): register all
 	standard cache and keytab types
	(krb5_free_context): free `kt_types'

	* lib/krb5/cache.c (krb5_cc_resolve): move the registration of the
 	standard types of credential caches to context

	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_keyfile.c

1999-09-10  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/keytab.c: add comments and clean-up

	* admin/ktutil.c: add `ktutil copy'

	* lib/krb5/keytab_krb4.c: new file

	* lib/krb5/krb5.h (krb5_kt_cursor): add a `data' field

	* lib/krb5/Makefile.am: add keytab_krb4.c

	* lib/krb5/keytab.c: add krb4 and correct some if's

	* admin/srvconvert.c (srvconv): move common code

	* lib/krb5/krb5.h (krb5_fkt_ops, krb5_mkt_ops): new variables

	* lib/krb5/keytab.c: move out file and memory functions

	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_file.c,
 	keytab_memory.c

	* lib/krb5/keytab_memory.c: new file

	* lib/krb5/keytab_file.c: new file

	* kpasswd/kpasswdd.c: move out password quality functions

1999-09-07  Assar Westerlund  <assar@@sics.se>

	* lib/hdb/Makefile.am (libhdb_la_SOURCES): add keytab.c.  From
 	Love <lha@@e.kth.se>

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): check
 	return value from `krb5_sendto_kdc'

1999-09-06  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/send_to_kdc.c (send_and_recv): rename to recv_loop and
 	remove the sending of data.  add a parameter `limit'.  let callers
 	send the date themselves (and preferably with net_write on tcp
 	sockets)
	(send_and_recv_tcp): read first the length field and then only that
	many bytes

1999-09-05  Assar Westerlund  <assar@@sics.se>

	* kdc/connect.c (handle_tcp): try to print warning `TCP data of
 	strange type' less often

	* lib/krb5/send_to_kdc.c (send_and_recv): handle EINTR properly.
  	return on EOF.  always free data.  check return value from
 	realloc.
	(send_and_recv_tcp, send_and_recv_http): check advertised length
	against actual length

1999-09-01  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: check for sgi capabilities

1999-08-27  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/get_addrs.c: krb5_get_all_server_addrs shouldn't return
	extra addresses

	* kpasswd/kpasswdd.c: use HDB keytabs; change some error messages;
	add --realm flag

	* lib/krb5/address.c (krb5_append_addresses): remove duplicates

1999-08-26  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/keytab.c: HDB keytab backend

1999-08-25  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/keytab.c
	(krb5_kt_{start_seq_get,next_entry,end_seq_get}): check for NULL
	pointer

1999-08-24  Johan Danielsson  <joda@@pdc.kth.se>

	* kpasswd/kpasswdd.c: add `--keytab' flag

1999-08-23  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/addr_families.c (IN6_ADDR_V6_TO_V4): use `s6_addr'
 	instead of the non-standard `s6_addr32'.  From Yoshinobu Inoue
 	<shin@@kame.net> by way of the KAME repository

1999-08-18  Assar Westerlund  <assar@@sics.se>

	* configure.in (--enable-new-des3-code): remove check for `struct
 	addrinfo'

	* lib/krb5/crypto.c (etypes): remove NEW_DES3_CODE, enable
 	des3-cbc-sha1 and keep old-des3-cbc-sha1 for backwards
 	compatability

	* lib/krb5/krb5.h (krb5_enctype): des3-cbc-sha1 (with key
 	derivation) just got assigned etype 16 by <bcn@@isi.edu>.  keep the
 	old etype at 7.

1999-08-16  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/sendauth.c (krb5_sendauth): only look at errno if
 	krb5_net_read actually returns -1

	* lib/krb5/recvauth.c (krb5_recvauth): only look at errno if
 	krb5_net_read actually returns -1

	* appl/kf/kf.c (proto): don't trust errno if krb5_net_read hasn't
 	returned -1

	* appl/test/tcp_server.c (proto): only trust errno if
 	krb5_net_read actually returns -1

	* appl/kf/kfd.c (proto): be more careful with the return value
 	from krb5_net_read

1999-08-13  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_addrs.c (get_addrs_int): try the different ways
 	sequentially instead of just one.  this helps if your heimdal was
 	built with v6-support but your kernel doesn't have it, for
 	example.

1999-08-12  Assar Westerlund  <assar@@sics.se>

	* kdc/hpropd.c: add inetd flag.  default means try to figure out
 	if stdin is a socket or not.

	* Makefile.am (ACLOCAL): just use `cf', this variable is only used
 	when the current directory is $(top_srcdir) anyways and having
 	$(top_srcdir) there breaks if it's a relative path

1999-08-09  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: check for setproctitle

1999-08-05  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/principal.c (krb5_sname_to_principal): remember to call
 	freehostent

	* appl/test/tcp_client.c: call freehostent

	* appl/kf/kf.c (doit): call freehostent

	* appl/kf/kf.c: make v6 friendly and simplify

	* appl/kf/kfd.c: make v6 friendly and simplify

	* appl/test/tcp_server.c: simplify by using krb5_err instead of
 	errx
d207 1
a207 14
	* appl/test/tcp_client.c: simplify by using krb5_err instead of
 	errx

	* appl/test/tcp_server.c: make v6 friendly and simplify

	* appl/test/tcp_client.c: make v6 friendly and simplify

1999-08-04  Assar Westerlund  <assar@@sics.se>

	* Release 0.1m

1999-08-04  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.c (main): some more KRB4-conditionalizing
d209 1
a209 1
	* lib/krb5/get_in_tkt.c: type correctness
d211 1
a211 2
	* lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): set forwarded in
 	flags.  From Miroslav Ruda <ruda@@ics.muni.cz>
d213 1
a213 2
	* kuser/kinit.c (main): add config file support for forwardable
 	and krb4 support.  From Miroslav Ruda <ruda@@ics.muni.cz>
d215 1
a215 4
	* kdc/kerberos5.c (as_rep): add an empty X500-compress string as
 	transited.
	(fix_transited_encoding): check length.
	From Miroslav Ruda <ruda@@ics.muni.cz>
d217 1
a217 5
	* kdc/hpropd.c (dump_krb4): check the realm so that we don't dump
 	principals in some other realm. From Miroslav Ruda
 	<ruda@@ics.muni.cz>
	(main): rename sa_len -> sin_len, sa_lan is a define on some
	platforms.
d219 1
a219 2
	* appl/kf/kfd.c: add regpag support. From Miroslav Ruda
 	<ruda@@ics.muni.cz>
d221 1
a221 2
	* appl/kf/kf.c: add `-G' and forwardable option in krb5.conf.
  	From Miroslav Ruda <ruda@@ics.muni.cz>
d223 1
a223 1
	* lib/krb5/config_file.c (parse_list): don't run past end of line
d225 1
a225 1
	* appl/test/gss_common.h: new prototypes
d227 1
a227 1
	* appl/test/gssapi_client.c: use gss_err instead of abort
d229 1
a229 1
	* appl/test/gss_common.c (gss_verr, gss_err): add
d231 1
a231 1
1999-08-03  Assar Westerlund  <assar@@sics.se>
d233 1
a233 2
	* lib/krb5/Makefile.am (n_fold_test_LDADD): need to set this
 	otherwise it doesn't build with shared libraries
d235 1
a235 1
	* kdc/hpropd.c: v6-ify
d237 1
a237 1
	* kdc/hprop.c: v6-ify
d239 2
a240 1
1999-08-01  Assar Westerlund  <assar@@sics.se>
d242 1
a242 1
	* lib/krb5/mk_req.c (krb5_mk_req): use krb5_expand_hostname
d244 2
a245 1
1999-07-31  Assar Westerlund  <assar@@sics.se>
d247 1
a247 2
	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): new
 	function that takes a FQDN
d249 1
a249 1
	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add exapnd_hostname.c
d251 2
a252 1
	* lib/krb5/expand_hostname.c: new file
d254 1
a254 1
1999-07-28  Assar Westerlund  <assar@@sics.se>
d256 1
a256 1
	* Release 0.1l
d258 1
a258 1
1999-07-28  Assar Westerlund  <assar@@sics.se>
d260 2
a261 1
	* lib/asn1/Makefile.am: bump version to 1:2:0
d263 1
a263 1
	* lib/krb5/Makefile.am: bump version to 3:1:0
d265 1
a265 1
	* configure.in: more inet_pton to roken
d267 1
a267 2
	* lib/krb5/principal.c (krb5_sname_to_principal): use
 	getipnodebyname
d269 2
a270 1
1999-07-26  Assar Westerlund  <assar@@sics.se>
d272 1
a272 1
	* Release 0.1k
d274 1
a274 1
1999-07-26  Johan Danielsson  <joda@@pdc.kth.se>
d276 1
a276 2
	* lib/krb5/Makefile.am: bump version number (changed function
	signatures)
d278 1
a278 2
	* lib/hdb/Makefile.am: bump version number (changes to some
	function signatures)
d280 1
a280 1
1999-07-26  Assar Westerlund  <assar@@sics.se>
d282 1
a282 1
	* lib/krb5/Makefile.am: bump version to 3:0:2
d284 3
a286 1
	* lib/hdb/Makefile.am: bump version to 2:1:0
d288 1
a288 1
	* lib/asn1/Makefile.am: bump version to 1:1:0
d290 1
a290 1
1999-07-26  Assar Westerlund  <assar@@sics.se>
d292 2
a293 1
	* Release 0.1j
d295 1
a295 5
1999-07-26  Assar Westerlund  <assar@@sics.se>

	* configure.in: rokenize inet_ntop

	* lib/krb5/store_fd.c: lots of changes from size_t to ssize_t
d297 1
a297 1
	* lib/krb5/store_mem.c: lots of changes from size_t to ssize_t
d299 1
a299 1
	* lib/krb5/store_emem.c: lots of changes from size_t to ssize_t
d301 2
a302 2
	* lib/krb5/store.c: lots of changes from size_t to ssize_t
	(krb5_ret_stringz): check return value from realloc
d304 3
a306 8
	* lib/krb5/mk_safe.c: some type correctness
	
	* lib/krb5/mk_priv.c: some type correctness
	
	* lib/krb5/krb5.h (krb5_storage): change return values of
	functions from size_t to ssize_t
	
1999-07-24  Assar Westerlund  <assar@@sics.se>
d308 1
a308 1
	* Release 0.1i
d310 2
a311 2
	* configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
 	in lib/roken/roken.awk
d313 7
a319 2
	* lib/krb5/get_addrs.c (find_all_addresses): try to use SA_LEN to
 	step over addresses if there's no `sa_lan' field
d321 1
a321 2
	* lib/krb5/sock_principal.c (krb5_sock_to_principal): simplify by
 	using `struct sockaddr_storage'
d323 2
a324 2
	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): simplify by using
 	`struct sockaddr_storage'
d326 2
a327 2
	* lib/krb5/changepw.c (krb5_change_password): simplify by using
 	`struct sockaddr_storage'
d329 1
a329 2
	* lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd):
 	simplify by using `struct sockaddr_storage'
d331 1
a331 2
	* kpasswd/kpasswdd.c (*): simplify by using `struct
 	sockaddr_storage'
d333 2
a334 1
	* kdc/connect.c (*): simplify by using `struct sockaddr_storage'
d336 2
a337 2
	* configure.in (sa_family_t): just test for existence
	(sockaddr_storage): also specify include file
d339 4
a342 3
	* configure.in (AM_INIT_AUTOMAKE): bump version to 0.1i
	(sa_family_t): test for
	(struct	sockaddr_storage): test for
d344 1
a344 2
	* kdc/hprop.c (propagate_database): typo, NULL should be
 	auth_context
d346 4
a349 2
	* lib/krb5/get_addrs.c: conditionalize on HAVE_IPV6 instead of
 	AF_INET6
d351 1
a351 1
	* appl/kf/kf.c (main): use warnx
d353 1
a353 1
	* appl/kf/kf.c (proto): remove shadowing context
d355 1
a355 5
	* lib/krb5/get_addrs.c (find_all_addresses): try to handle the
 	case of getting back an `sockaddr_in6' address when sizeof(struct
 	sockaddr_in6) > sizeof(struct sockaddr) and we have no sa_len to
 	tell us how large the address is.  This obviously doesn't work
 	with unknown protocol types.
d357 1
a357 1
1999-07-24  Assar Westerlund  <assar@@sics.se>
d359 1
a359 1
	* Release 0.1h
d361 1
a361 1
1999-07-23  Assar Westerlund  <assar@@sics.se>
d363 4
a366 1
	* appl/kf/kfd.c: clean-up and more paranoia
d368 1
a368 1
	* etc/services.append: add kf
d370 1
a370 1
	* appl/kf/kf.c: rename tk_file to ccache for consistency.  clean-up
d372 1
a372 1
1999-07-22  Assar Westerlund  <assar@@sics.se>
d374 1
a374 1
	* lib/krb5/n-fold-test.c (main): print the correct data
d376 1
a376 1
	* appl/Makefile.am (SUBDIRS): add kf
d378 1
a378 1
	* appl/kf: new program.  From Miroslav Ruda <ruda@@ics.muni.cz>
d380 3
a382 2
	* kdc/hprop.c: declare some variables unconditionally to simplify
 	things
d384 3
a386 2
	* kpasswd/kpasswdd.c: initialize kadm5 connection for every change
 	(otherwise the modifier in the database doesn't get set)
d388 1
a388 1
	* kdc/hpropd.c: clean-up and re-organize
d390 3
a392 1
	* kdc/hprop.c: clean-up and re-organize
d394 2
a395 1
 	* configure.in (SunOS): define to xy for SunOS x.y
d397 1
a397 1
1999-07-19  Assar Westerlund  <assar@@sics.se>
d399 2
a400 2
	* configure.in (AC_BROKEN): test for copyhostent, freehostent,
 	getipnodebyaddr, getipnodebyname
d402 1
a402 1
1999-07-15  Assar Westerlund  <assar@@sics.se>
d404 1
a404 1
	* lib/asn1/check-der.c: more test cases for integers
d406 2
a407 2
	* lib/asn1/der_length.c (length_int): handle the case of the
 	largest negative integer by not calling abs
d409 1
a409 1
1999-07-14  Assar Westerlund  <assar@@sics.se>
d411 1
a411 2
	* lib/asn1/check-der.c (generic_test): check malloc return value
 	properly
d413 1
a413 1
	* lib/krb5/Makefile.am: add string_to_key_test
d415 2
a416 2
	* lib/krb5/prog_setup.c (krb5_program_setup): always initialize
 	the context
d418 1
a418 1
	* lib/krb5/n-fold-test.c (main): return a relevant return value
d420 1
a420 2
	* lib/krb5/krbhst.c: do SRV lookups for admin server as well.
  	some clean-up.
d422 1
a422 1
1999-07-12  Assar Westerlund  <assar@@sics.se>
d424 1
a424 1
	* configure.in: handle not building X programs
d426 1
a426 1
1999-07-06  Assar Westerlund  <assar@@sics.se>
d428 1
a428 3
	* lib/krb5/addr_families.c (ipv6_parse_addr): remove duplicate
 	variable
	(ipv6_sockaddr2port): fix typo
d430 1
a430 1
	* etc/services.append: beginning of a file with services
d432 4
a435 2
	* lib/krb5/cache.c (krb5_cc_resolve): fall-back to files if
 	there's no prefix.  also clean-up a little bit.
d437 1
a437 3
	* kdc/hprop.c (--kaspecials): new flag for handling special KA
 	server entries.  From "Brandon S. Allbery KF8NH"
 	<allbery@@kf8nh.apk.net>
d439 1
a439 1
1999-07-05  Assar Westerlund  <assar@@sics.se>
d441 2
a442 2
	* kdc/connect.c (handle_tcp): make sure we have data before
 	starting to look for HTTP
d444 1
a444 2
	* kdc/connect.c (handle_tcp): always do getpeername, we can't
 	trust recvfrom to return anything sensible
d446 2
a447 1
1999-07-04  Assar Westerlund  <assar@@sics.se>
d449 6
a454 2
	* lib/krb5/get_in_tkt.c (add_padat): encrypt pre-auth data with
 	all enctypes
d456 1
a456 1
	* kpasswd/kpasswdd.c (change): fetch the salt-type from the entry
d458 2
a459 1
	* admin/srvconvert.c (srvconv): better error messages
d461 4
a464 1
1999-07-03  Assar Westerlund  <assar@@sics.se>
d466 1
a466 1
	* lib/krb5/principal.c (unparse_name): error check malloc properly
d468 1
a468 2
	* lib/krb5/get_in_tkt.c (krb5_init_etype): error check malloc
 	properly
d470 1
a470 2
	* lib/krb5/crypto.c (*): do some malloc return-value checks
 	properly
d472 1
a472 2
	* lib/hdb/hdb.c (hdb_process_master_key): simplify by using
 	krb5_data_alloc
d474 3
a476 46
	* lib/hdb/hdb.c (hdb_process_master_key): check return value from
 	malloc

	* lib/asn1/gen_decode.c (decode_type): fix generation of decoding
 	information for TSequenceOf.

	* kdc/kerberos5.c (get_pa_etype_info): check return value from
 	malloc

1999-07-02  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/der_copy.c (copy_octet_string): don't fail if length ==
 	0 and malloc returns NULL

1999-06-29  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/addr_families.c (ipv6_parse_addr): implement

1999-06-24  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_cred.c (krb5_rd_cred): compare the sender's address
 	as an addrport one

	* lib/krb5/krb5.h (KRB5_ADDRESS_ADDRPORT, KRB5_ADDRESS_IPPORT):
 	add
	(krb5_auth_context): add local and remote port

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): get the
 	local and remote address and add them to the krb-cred packet

	* lib/krb5/auth_context.c: save the local and remove ports in the
 	auth_context

	* lib/krb5/address.c (krb5_make_addrport): create an address of
 	type KRB5_ADDRESS_ADDRPORT from (addr, port)

	* lib/krb5/addr_families.c (krb5_sockaddr2port): new function for
 	grabbing the port number out of the sockaddr

1999-06-23  Assar Westerlund  <assar@@sics.se>

	* admin/srvcreate.c (srvcreate): always take the DES-CBC-MD5 key.
  	increase possible verbosity.

	* lib/krb5/config_file.c (parse_list): handle blank lines at
 	another place
d478 2
a479 4352
	* kdc/connect.c (add_port_string): don't return a value

 	* lib/kadm5/init_c.c (get_cred_cache): you cannot reuse the cred
 	cache if the principals are different.  close and NULL the old one
 	so that we create a new one.

	* configure.in: move around cgywin et al
	(LIB_kdb): set at the end of krb4-block
	(krb4): test for krb_enable_debug and krb_disable_debug

1999-06-16  Assar Westerlund  <assar@@sics.se>

	* kuser/kdestroy.c (main): try to destroy v4 ticket even if the
 	destruction of the v5 one fails

	* lib/krb5/crypto.c (DES3_postproc): new version that does the
 	right thing
	(*): don't put and recover length in 3DES encoding
	other small fixes

1999-06-15  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_default_principal.c: rewrite to use
 	get_default_username

	* lib/krb5/Makefile.am: add n-fold-test

	* kdc/connect.c: add fallbacks for all lookups by service name
	(handle_tcp): break-up and clean-up

1999-06-09  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/addr_families.c (ipv6_uninteresting): don't consider
 	the loopback address as uninteresting

	* lib/krb5/get_addrs.c: new magic flag to get loopback address if
 	there are no other addresses.
	(krb5_get_all_client_addrs): use that flag

1999-06-04  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c (HMAC_SHA1_DES3_checksum): don't include the
 	length
	(checksum_sha1, checksum_hmac_sha1_des3): blocksize should be 64
	(encrypt_internal_derived): don't include the length and don't
	decrease by the checksum size twice
	(_get_derived_key): the constant should be 5 bytes

1999-06-02  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: use KRB_CHECK_X
	
	* configure.in: check for netinet/ip.h
	
1999-05-31  Assar Westerlund  <assar@@sics.se>

	* kpasswd/kpasswdd.c (setup_passwd_quality_check): conditionalize
 	on RTLD_NOW

1999-05-23  Assar Westerlund  <assar@@sics.se>

	* appl/test/uu_server.c: removed unused stuff

	* appl/test/uu_client.c: removed unused stuff

1999-05-21  Assar Westerlund  <assar@@sics.se>

	* kuser/kgetcred.c (main): correct error message

	* lib/krb5/crypto.c (verify_checksum): call (*ct->checksum)
 	directly, avoiding redundant lookups and memory leaks

	* lib/krb5/auth_context.c (krb5_auth_con_setaddrs_from_fd): free
 	local and remote addresses

	* lib/krb5/get_default_principal.c (get_logname): also try
 	$USERNAME
	
	* lib/asn1/Makefile.am (asn1_files): add $(EXEEXT)

	* lib/krb5/principal.c (USE_RESOLVER): try to define only if we
	have a libresolv (currently by checking for res_search)

1999-05-18  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/connect.c (handle_tcp): remove %-escapes in request

1999-05-14  Assar Westerlund  <assar@@sics.se>

	* Release 0.1g

	* admin/ktutil.c (kt_remove): -t should be -e

	* configure.in (CHECK_NETINET_IP_AND_TCP): use

	* kdc/hpropd.c: support for dumping to krb4.  From Miroslav Ruda
 	<ruda@@ics.muni.cz>

	* admin/ktutil.c (kt_add): new option `--no-salt'.  From Miroslav
 	Ruda <ruda@@ics.muni.cz>

	* configure.in: add cygwin and DOS tests replace sendmsg, recvmsg,
 	and innetgr with roken versions

	* kuser/kgetcred.c: new program

Tue May 11 14:09:33 1999  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/mcache.c: fix paste-o
	
1999-05-10  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: don't use uname

1999-05-10  Assar Westerlund  <assar@@sics.se>

	* acconfig.h (KRB_PUT_INT): if we don't have KRB4 use four
	arguments :-)

	* appl/test/uu_server.c (setsockopt): cast to get rid of a warning
	
	* appl/test/tcp_server.c (setsockopt): cast to get rid of a
	warning

	* appl/test/tcp_client.c (proto): call krb5_sendauth with ccache
	== NULL

	* appl/test/gssapi_server.c (setsockopt): cast to get rid of a
	warning

	* lib/krb5/sendauth.c (krb5_sendauth): handle ccache == NULL by
	setting the default ccache.

	* configure.in (getsockopt, setsockopt): test for
	(AM_INIT_AUTOMAKE): bump version to 0.1g

	* appl/Makefile.am (SUBDIRS): add kx
	
	* lib/hdb/convert_db.c (main): handle the case of no master key
	
1999-05-09  Assar Westerlund  <assar@@sics.se>

	* Release 0.1f

	* kuser/kinit.c: add --noaddresses
	
	* lib/krb5/get_in_tkt.c (init_as_req): interpret `addrs' being an
	empty sit of list as to not ask for any addresses.
	
1999-05-08  Assar Westerlund  <assar@@sics.se>

	* acconfig.h (_GNU_SOURCE): define this to enable (used)
 	extensions on glibc-based systems such as linux

1999-05-03  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): allocate and free
	`*out_creds' properly

	* lib/krb5/creds.c (krb5_compare_creds): just verify that the
	keytypes/enctypes are compatible, not that they are the same

	* kuser/kdestroy.c (cache): const-correctness

1999-05-03  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/hdb.c (hdb_set_master_key): initialise master key
	version

	* lib/hdb/convert_db.c: add support for upgrading database
	versions

	* kdc/misc.c: add flags to fetch

	* kdc/kstash.c: unlink keyfile on failure, chmod to 400

	* kdc/hpropd.c: add --print option

	* kdc/hprop.c: pass flags to hdb_foreach

	* lib/hdb/convert_db.c: add some flags

	* lib/hdb/Makefile.am: remove extra LDFLAGS, update version to 2;
	build prototype headers
	
	* lib/hdb/hdb_locl.h: update prototypes

	* lib/hdb/print.c: move printable version of entry from kadmin

	* lib/hdb/hdb.c: change hdb_{seal,unseal}_* to check if the key is
	sealed or not; add flags to hdb_foreach

	* lib/hdb/ndbm.c: add flags to NDBM_seq, NDBM_firstkey, and
	NDBM_nextkey

	* lib/hdb/db.c: add flags to DB_seq, DB_firstkey, and DB_nextkey

	* lib/hdb/common.c: add flags to _hdb_{fetch,store}

	* lib/hdb/hdb.h: add master_key_version to struct hdb, update
	prototypes

	* lib/hdb/hdb.asn1: make mkvno optional, update version to 2

	* configure.in: --enable-netinfo

	* lib/krb5/config_file.c: HAVE_NETINFO_NI_H -> HAVE_NETINFO

	* config.sub: fix for crays

	* config.guess: new version from automake 1.4
	
	* config.sub: new version from automake 1.4

Wed Apr 28 00:21:17 1999  Assar Westerlund  <assar@@sics.se>

	* Release 0.1e

	* lib/krb5/mcache.c (mcc_get_next): get the current cursor
 	correctly

	* acconfig.h: correct definition of KRB_PUT_INT for old krb4 code.
  	From Ake Sandgren <ake@@cs.umu.se>

1999-04-27  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/kerberos5.c: fix arguments to decrypt_ticket
	
1999-04-25  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): try to handle old
	DCE secd's that are not able to handle MD5 checksums by defaulting
	to MD4 if the keytype was DES-CBC-CRC
	
	* lib/krb5/mk_req.c (krb5_mk_req): use auth_context->keytype
	
	* lib/krb5/krb5.h (krb5_auth_context_data): add `keytype' and
	`cksumtype'

	* lib/krb5/get_cred.c (make_pa_tgs_req): remove old kludge for
	secd
	(init_tgs_req): add all supported enctypes for the keytype in
	`in_creds->session.keytype' if it's set

	* lib/krb5/crypto.c (F_PSEUDO): new flag for non-protocol
	encryption types
	(do_checksum): new function
	(verify_checksum): take the checksum to use from the checksum message
	and not from the crypto struct
	(etypes): add F_PSEUDO flags
	(krb5_keytype_to_enctypes): new function

	* lib/krb5/auth_context.c (krb5_auth_con_init): initalize keytype
	and cksumtype
	(krb5_auth_setcksumtype, krb5_auth_getcksumtype): implement
	(krb5_auth_setkeytype, krb5_auth_getkeytype): implement
	(krb5_auth_setenctype): comment out, it's rather bogus anyway

Sun Apr 25 16:55:50 1999  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/krb5_locl.h: fix for stupid aix warnings

	* lib/krb5/fcache.c (erase_file): don't malloc
	
Sat Apr 24 18:35:21 1999  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/config.c: pass context to krb5_config_file_free

	* kuser/kinit.c: add `--fcache-version' to set cache version to
	create

	* kuser/klist.c: print cache version if verbose

	* lib/krb5/transited.c (krb5_domain_x500_decode): don't abort

	* lib/krb5/principal.c: abort -> krb5_abortx

	* lib/krb5/mk_rep.c: abort -> krb5_abortx

	* lib/krb5/config_file.c: abort -> krb5_abortx

	* lib/krb5/context.c (init_context_from_config_file): init
	fcache_version; add krb5_{get,set}_fcache_version

	* lib/krb5/keytab.c: add support for reading (and writing?) old
	version keytabs

	* lib/krb5/cache.c: add krb5_cc_get_version

	* lib/krb5/fcache.c: add support for reading and writing old
	version cache files

	* lib/krb5/store_mem.c (krb5_storage_from_mem): zero flags

	* lib/krb5/store_emem.c (krb5_storage_emem): zero flags

	* lib/krb5/store_fd.c (krb5_storage_from_fd): zero flags

	* lib/krb5/store.c: add flags to change how various fields are
	stored, used for old cache version support
	
	* lib/krb5/krb5.h: add support for reading and writing old version
	cache files, and keytabs
	
Wed Apr 21 00:09:26 1999  Assar Westerlund  <assar@@sics.se>

	* configure.in: fix test for readline.h remember to link with
 	$LIB_tgetent when trying linking with readline

	* lib/krb5/init_creds_pw.c (get_init_creds_common): if start_time
 	is given, request a postdated ticket.

	* lib/krb5/data.c (krb5_data_free): free data as long as it's not
 	NULL

Tue Apr 20 20:18:14 1999  Assar Westerlund  <assar@@sics.se>

	* kpasswd/Makefile.am (kpasswdd_LDADD): add LIB_dlopen

	* lib/krb5/krb5.h (KRB5_VERIFY_AP_REQ_IGNORE_INVALID): add

	* lib/krb5/rd_req.c (krb5_decrypt_ticket): add `flags` and
 	KRB5_VERIFY_AP_REQ_IGNORE_INVALID for ignoring that the ticket is
 	invalid

Tue Apr 20 12:42:08 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* kpasswd/kpasswdd.c: don't try to load library by default; get
 	library and function name from krb5.conf

	* kpasswd/sample_passwd_check.c: sample password checking
 	functions

Mon Apr 19 22:22:19 1999  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/store.c (krb5_storage_to_data, krb5_ret_data): use
 	krb5_data_alloc and be careful with checking allocation and sizes.

	* kuser/klist.c (--tokens): conditionalize on KRB4

	* kuser/kinit.c (renew_validate): set all flags
	(main): fix cut-n-paste error when setting start-time

	* kdc/kerberos5.c (check_tgs_flags): starttime of a validate
 	ticket should be > than current time
	(*): send flags to krb5_verify_ap_req and krb5_decrypt_ticket

	* kuser/kinit.c (renew_validate): use the client realm instead of
 	the local realm when renewing tickets.

	* lib/krb5/get_for_creds.c (krb5_fwd_tgs_creds): compat function
	(krb5_get_forwarded_creds): correct freeing of out_creds

	* kuser/kinit.c (renew_validate): hopefully fix up freeing of
 	memory

	* configure.in: do all the krb4 tests with "$krb4" != "no"

	* lib/krb5/keyblock.c (krb5_free_keyblock_contents): don't zero
 	keyvalue if it's NULL.  noticed by Ake Sandgren <ake@@cs.umu.se>

	* lib/krb5/get_in_tkt.c (add_padata): loop over all enctypes
 	instead of just taking the first one.  fix all callers.  From
 	"Brandon S. Allbery KF8NH" <allbery@@kf8nh.apk.net>

	* kdc/kdc_locl.h (enable_kaserver): declaration
	
	* kdc/hprop.c (ka_convert): print the failing principal.  AFS 3.4a
 	creates krbtgt.REALMOFCELL as NOTGS+NOSEAL, work around.  From
 	"Brandon S. Allbery KF8NH" <allbery@@kf8nh.apk.net>

	* kdc/hpropd.c (open_socket): stupid cast to get rid of a warning

	* kdc/connect.c (add_standard_ports, process_request): look at
 	enable_kaserver.  From "Brandon S. Allbery KF8NH"
 	<allbery@@kf8nh.apk.net>

	* kdc/config.c: new flag --kaserver and config file option
 	enable-kaserver.  From "Brandon S. Allbery KF8NH"
 	<allbery@@kf8nh.apk.net>

Mon Apr 19 12:32:04 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* configure.in: check for dlopen, and dlfcn.h

	* kpasswd/kpasswdd.c: add support for dlopen:ing password quality
 	check library

	* configure.in: add appl/su

Sun Apr 18 15:46:53 1999  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/cache.c: add krb5_cc_get_type that returns type of a
 	cache

Fri Apr 16 17:58:51 1999  Assar Westerlund  <assar@@sics.se>

	* configure.in: LIB_kdb: -L should be before -lkdb
	test for prototype of strsep
	
Thu Apr 15 11:34:38 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/krb5/Makefile.am: update version

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): use
 	ALLOC_SEQ

	* lib/krb5/fcache.c: add some support for reading and writing old
 	cache formats;
	(fcc_store_cred): use krb5_store_creds; (fcc_read_cred): use
	krb5_ret_creds

	* lib/krb5/store_mem.c (krb5_storage_from_mem): check malloc,
 	initialize host_byteorder

	* lib/krb5/store_fd.c (krb5_storage_from_fd): initialize
 	host_byteorder

	* lib/krb5/store_emem.c (krb5_storage_emem): initialize
 	host_byteorder

	* lib/krb5/store.c (krb5_storage_set_host_byteorder): add;
	(krb5_store_int32,krb5_ret_int32,krb5_store_int16,krb5_ret_int16):
 	check host_byteorder flag; (krb5_store_creds): add;
 	(krb5_ret_creds): add

	* lib/krb5/krb5.h (krb5_storage): add `host_byteorder' flag for
 	storage of numbers

	* lib/krb5/heim_err.et: add `host not found' error

	* kdc/connect.c: don't use data after clearing decriptor

	* lib/krb5/auth_context.c: abort -> krb5_abortx

	* lib/krb5/warn.c: add __attribute__; add *abort functions

	* configure.in: check for __attribute__

	* kdc/connect.c: log bogus requests

Tue Apr 13 18:38:05 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/kadm5/create_s.c (kadm5_s_create_principal): create v4 salts
 	for all DES keys

1999-04-12  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_cred.c (init_tgs_req): re-structure a little bit

	* lib/krb5/get_cred.c (init_tgs_req): some more error checking

	* lib/krb5/generate_subkey.c (krb5_generate_subkey): check return
	value from malloc

Sun Apr 11 03:47:23 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/krb5/krb5.conf.5: update to reality

	* lib/krb5/krb5_425_conv_principal.3: update to reality

1999-04-11  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_host_realm.c: handle more than one realm for a host

	* kpasswd/kpasswd.c (main): use krb5_program_setup and
	print_version

	* kdc/string2key.c (main): use krb5_program_setup and
	print_version

Sun Apr 11 02:35:58 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/krb5/principal.c (krb5_524_conv_principal): make it actually
 	work, and check built-in list of host-type first-components

	* lib/krb5/krbhst.c: lookup SRV-records to find a kdc for a realm

	* lib/krb5/context.c: add srv_* flags to context

	* lib/krb5/principal.c: add default v4_name_convert entries

	* lib/krb5/krb5.h: add srv_* flags to context

Sat Apr 10 22:52:28 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* kadmin/kadmin.c: complain about un-recognised commands

	* admin/ktutil.c: complain about un-recognised commands

Sat Apr 10 15:41:49 1999  Assar Westerlund  <assar@@sics.se>

	* kadmin/load.c (doit): fix error message

	* lib/krb5/crypto.c (encrypt_internal): free checksum if lengths
 	fail to match.
	(krb5_get_wrapped_length): new function

	* configure.in: security/pam_modules.h: check for

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): kludge
 	around `ret_as_reply' semantics by only freeing it when ret == 0

Fri Apr  9 20:24:04 1999  Assar Westerlund  <assar@@sics.se>

	* kuser/klist.c (print_cred_verbose): handle the case of a bad
 	enctype

	* configure.in: test for more header files
	(LIB_roken): set

Thu Apr  8 15:01:59 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* configure.in: fixes for building w/o krb4

	* ltmain.sh: update to libtool 1.2d

	* ltconfig: update to libtool 1.2d

Wed Apr  7 23:37:26 1999  Assar Westerlund  <assar@@sics.se>

	* kdc/hpropd.c: fix some error messages to be more understandable.

	* kdc/hprop.c (ka_dump): remove unused variables

	* appl/test/tcp_server.c: remove unused variables

	* appl/test/gssapi_server.c: remove unused variables

	* appl/test/gssapi_client.c: remove unused variables

Wed Apr  7 14:05:15 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/krb5/context.c (krb5_get_err_text): long -> krb5_error_code

	* kuser/klist.c: make it compile w/o krb4

	* kuser/kdestroy.c: make it compile w/o krb4

	* admin/ktutil.c: fix {srv,key}2{srv,key}tab confusion; add help
 	strings

Mon Apr  5 16:13:46 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* configure.in: test for MIPS ABI; new test_package

Thu Apr  1 11:00:40 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* include/Makefile.am: clean krb5-private.h

	* Release 0.1d

	* kpasswd/kpasswdd.c (doit): pass context to
 	krb5_get_all_client_addrs

	* kdc/connect.c (init_sockets): pass context to
 	krb5_get_all_server_addrs

	* lib/krb5/get_in_tkt.c (init_as_req): pass context to
 	krb5_get_all_client_addrs

	* lib/krb5/get_cred.c (get_cred_kdc_la): pass context to
 	krb5_get_all_client_addrs

	* lib/krb5/get_addrs.c (get_addrs_int): add extra host addresses

	* lib/krb5/krb5.h: add support for adding an extra set of
 	addresses

	* lib/krb5/context.c: add support for adding an extra set of
 	addresses

	* lib/krb5/addr_families.c: add krb5_parse_address

	* lib/krb5/address.c: krb5_append_addresses

	* lib/krb5/config_file.c (parse_binding): don't zap everything
 	after first whitespace

	* kuser/kinit.c (renew_validate): don't allocate out

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
 	allocate out_creds

	* lib/krb5/get_cred.c (get_cred_kdc, get_cred_kdc_la): make
 	out_creds pointer;
	(krb5_get_kdc_cred): allocate out_creds; (get_cred_from_kdc_flags):
	free more memory

	* lib/krb5/crypto.c (encrypt_internal): free checksum

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): free reply,
 	and ticket

	* kuser/Makefile.am: remove kfoo

	* lib/Makefile.am: add auth

	* lib/kadm5/iprop.h: getarg.h

	* lib/kadm5/replay_log.c: use getarg

	* lib/kadm5/ipropd_slave.c: use getarg

	* lib/kadm5/ipropd_master.c: use getarg

	* lib/kadm5/dump_log.c: use getarg

	* kpasswd/kpasswdd.c: use getarg

	* Makefile.am.common: make a more working check-local target

	* lib/asn1/main.c: use getargs

Mon Mar 29 20:19:57 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* kuser/klist.c (print_cred_verbose): use krb5_print_address

	* lib/kadm5/server.c: k_{put,get}_int -> _krb5_{put,get}_int

	* lib/krb5/addr_families.c (krb5_print_address): handle unknown
 	address types; (ipv6_print_addr): print in 16-bit groups (as it
 	should)

	* lib/krb5/crc.c: crc_{init_table,update} ->
 	_krb5_crc_{init_table,update}

	* lib/krb5/crypto.c: k_{put,get}_int -> _krb5_{put,get}_int
 	crc_{init_table,update} -> _krb5_crc_{init_table,update}

	* lib/krb5/send_to_kdc.c: k_{put,get}_int -> _krb5_{put,get}_int

	* lib/krb5/store.c: k_{put,get}_int -> _krb5_{put,get}_int

	* lib/krb5/krb5_locl.h: include krb5-private.h

	* kdc/connect.c (addr_to_string): use krb5_print_address

	* lib/krb5/addr_families.c (krb5_print_address): int -> size_t

	* lib/krb5/addr_families.c: add support for printing ipv6
 	addresses, either with inet_ntop, or ugly for-loop

	* kdc/524.c: check that the ticket came from a valid address; use
 	the address of the connection as the address to put in the v4
 	ticket (if this address is AF_INET)

	* kdc/connect.c: pass addr to do_524

	* kdc/kdc_locl.h: prototype for do_524

Sat Mar 27 17:48:31 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* configure.in: check for OSF C2; bind/bitypes.h, getudbnam,
 	setlim; check for auth modules; siad.h, getpwnam_r;
 	lib/auth/Makefile, lib/auth/sia/Makefile

	* lib/krb5/crypto.c: n_fold -> _krb5_n_fold

	* lib/krb5/n-fold.c: n_fold -> _krb5_n_fold

Thu Mar 25 04:35:21 1999  Assar Westerlund  <assar@@sics.se>

	* lib/kadm5/set_keys.c (_kadm5_set_keys): free salt when zapping
 	it

	* lib/kadm5/free.c (kadm5_free_principal_ent): free `key_data'

	* lib/hdb/ndbm.c (NDBM_destroy): clear master key

	* lib/hdb/db.c (DB_destroy): clear master key
	(DB_open): check malloc

	* kdc/connect.c (init_sockets): free addresses

	* kadmin/kadmin.c (main): make code more consistent.  always free
 	configuration information.

	* kadmin/init.c (create_random_entry): free the entry

Wed Mar 24 04:02:03 1999  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
 	re-organize the code to always free `kdc_reply'

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful about
 	freeing memory

	* lib/krb5/fcache.c (fcc_destroy): don't call fcc_close

	* lib/krb5/crypto.c (krb5_crypto_destroy): free `crypto'

	* lib/hdb/hdb_locl.h: try db_185.h first in case db.h is a DB 2.0
 	header

	* configure.in (db_185.h): check for

	* admin/srvcreate.c: new file. contributed by Daniel Kouril
 	<kouril@@informatics.muni.cz>

	* admin/ktutil.c: srvcreate: new command

	* kuser/klist.c: add support for printing AFS tokens

	* kuser/kdestroy.c: add support for destroying v4 tickets and AFS
 	tokens.  based on code by Love <lha@@stacken.kth.se>

	* kuser/Makefile.am (kdestroy_LDADD, klist_LDADD): more libraries

	* configure.in: sys/ioccom.h: test for

	* kuser/klist.c (main): don't print `no ticket file' with --test.
  	From: Love <lha@@e.kth.se>

	* kpasswd/kpasswdd.c (doit): more braces to make gcc happy

	* kdc/connect.c (init_socket): get rid of a stupid warning

	* include/bits.c (my_strupr): cast away some stupid warnings

Tue Mar 23 14:34:44 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/krb5/get_host_realm.c (krb5_get_host_realm): no infinite
 	loops, please

Tue Mar 23 00:00:45 1999  Assar Westerlund  <assar@@sics.se>

	* lib/kadm5/Makefile.am (install_build_headers): recover from make
 	rewriting the names of the headers kludge to help solaris make

	* lib/krb5/Makefile.am: kludge to help solaris make

	* lib/hdb/Makefile.am: kludge to help solaris make

	* configure.in (LIB_kdb): make sure there's a -L option in here by
 	adding $(LIB_krb4)

	* lib/asn1/gen_glue.c (generate_2int, generate_int2): int ->
 	unsigned

	* configure.in (SunOS): set to a number KRB4, KRB5 conditionals:
 	remove the `dnl' to work around an automake flaw

Sun Mar 21 15:08:49 1999  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/get_default_realm.c: char* -> krb5_realm

Sun Mar 21 14:08:30 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* include/bits.c: <bind/bitypes.h>

	* lib/krb5/Makefile.am: create krb5-private.h

Sat Mar 20 00:08:59 1999  Assar Westerlund  <assar@@sics.se>

	* configure.in (gethostname): remove duplicate

Fri Mar 19 14:48:03 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/hdb/Makefile.am: add version-info

	* lib/gssapi/Makefile.am: add version-info

	* lib/asn1/Makefile.am: use $(x:y=z) make syntax; move check-der
 	to check_PROGRAMS

	* lib/Makefile.am: add 45

	* lib/kadm5/Makefile.am: split in client and server libraries
 	(breaks shared libraries otherwise)

Thu Mar 18 11:33:30 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* include/kadm5/Makefile.am: clean a lot of header files (since
 	automake lacks a clean-hook)

	* include/Makefile.am: clean a lot of header files (since automake
 	lacks a clean-hook)

	* lib/kadm5/Makefile.am: fix build-installation of headers

	* lib/krb5/Makefile.am: remove include_dir hack

	* lib/hdb/Makefile.am: remove include_dir hack

	* lib/asn1/Makefile.am: remove include_dir hack

	* include/Makefile.am: remove include_dir hack

	* doc/whatis.texi: define sub for html

	* configure.in: LIB_kdb, have_err_h, have_fnmatch_h, have_glob_h

	* lib/asn1/Makefile.am: der.h

	* kpasswd/kpasswdd.c: admin.h -> kadm5/admin.h

	* kdc/Makefile.am: remove junk

	* kadmin/Makefile.am: sl.a -> sl.la

	* appl/afsutil/Makefile.am: remove EXTRA_bin_PROGRAMS

	* admin/Makefile.am: sl.a -> sl.la

	* configure.in: condition KRB5; AC_CHECK_XAU

	* Makefile.am: include Makefile.am.common

	* include/kadm5/Makefile.am: include Makefile.am.common; don't
 	install headers from here

	* include/Makefile.am: include Makefile.am.common; don't install
 	headers from here

	* doc/Makefile.am: include Makefile.am.common

	* lib/krb5/Makefile.am: include Makefile.am.common

	* lib/kadm5/Makefile.am: include Makefile.am.common

	* lib/hdb/Makefile.am: include Makefile.am.common

	* lib/gssapi/Makefile.am: include Makefile.am.common

	* lib/asn1/Makefile.am: include Makefile.am.common

	* lib/Makefile.am: include Makefile.am.common

	* lib/45/Makefile.am: include Makefile.am.common

	* kuser/Makefile.am: include Makefile.am.common

	* kpasswd/Makefile.am: include Makefile.am.common

	* kdc/Makefile.am: include Makefile.am.common

	* kadmin/Makefile.am: include Makefile.am.common

	* appl/test/Makefile.am: include Makefile.am.common

	* appl/afsutil/Makefile.am: include Makefile.am.common

	* appl/Makefile.am: include Makefile.am.common

	* admin/Makefile.am: include Makefile.am.common

Wed Mar 17 03:04:38 1999  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/store.c (krb5_store_stringz): braces fix

	* lib/kadm5/get_s.c (kadm5_s_get_principal): braces fix

	* lib/kadm5/ent_setup.c (_kadm5_setup_entry): braces fix

	* kdc/connect.c (loop): braces fix

	* lib/krb5/config_file.c: cast to unsigned char to make is* happy

	* lib/krb5/log.c (krb5_addlog_dest): more braces to make gcc happy

	* lib/krb5/crypto.c (krb5_verify_checksum): rename C -> cksum to
 	be consistent

	* kadmin/util.c (timeval2str): more braces to make gcc happy

	* kadmin/load.c: cast in is* to get rid of stupid warning

	* kadmin/dump.c (append_hex): cast in isalnum to get rid of stupid
 	warning

	* kdc/kaserver.c: malloc checks and fixes

	* lib/krb5/get_host_realm.c (krb5_get_host_realm): include leading
 	dot (if any) when looking up realms.

Fri Mar 12 13:57:56 1999  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/get_host_realm.c: add dns support

	* lib/krb5/set_default_realm.c: use krb5_free_host_realm

	* lib/krb5/free_host_realm.c: check for NULL realmlist

	* lib/krb5/context.c: don't print warning if there is no krb5.conf

Wed Mar 10 19:29:46 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* configure.in: use AC_WFLAGS

Mon Mar  8 11:49:43 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* Release 0.1c

	* kuser/klist.c: use print_version

	* kuser/kdestroy.c: use print_version

	* kdc/hpropd.c: use print_version

	* kdc/hprop.c: use print_version

	* kdc/config.c: use print_version

	* kadmin/kadmind.c: use print_version

	* kadmin/kadmin.c: use print_version

	* appl/test/common.c: use print_version

	* appl/afsutil/afslog.c: use print_version

Mon Mar  1 10:49:14 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/krb5/get_addrs.c: SOCKADDR_HAS_SA_LEN ->
 	HAVE_STRUCT_SOCKADDR_SA_LEN

	* configure.in, acconfig.h, cf/*: update to automake 1.4/autoconf 2.13

Sun Feb 28 18:19:20 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/asn1/gen.c: make `BIT STRING's unsigned

	* lib/asn1/{symbol.h,gen.c}: add TUInteger type

	* lib/krb5/verify_user.c (krb5_verify_user): pass prompter to
 	krb5_get_init_creds_password

	* lib/krb5/fcache.c (fcc_gen_new): implement

Sat Feb 27 22:41:23 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* doc/install.texi: krb4 is now automatically detected

	* doc/misc.texi: update procedure to set supported encryption
 	types

	* doc/setup.texi: change some silly wordings

Sat Feb 27 22:17:30 1999  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/keytab.c (fkt_remove_entry): make this work

	* admin/ktutil.c: add minimally working `get' command

Sat Feb 27 19:44:49 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/hdb/convert_db.c: more typos

	* include/Makefile.am: remove EXTRA_DATA (as of autoconf
 	2.13/automake 1.4)

	* appl/Makefile.am: OTP_dir

Fri Feb 26 17:37:00 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* doc/setup.texi: add kadmin section

	* lib/asn1/check-der.c: fix printf warnings

Thu Feb 25 11:16:49 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* configure.in: -O does not belong in WFLAGS

Thu Feb 25 11:05:57 1999  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/asn1/der_put.c: fix der_put_int

Tue Feb 23 20:35:12 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* configure.in: use AC_BROKEN_GLOB

Mon Feb 22 15:12:44 1999  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* configure.in: check for glob

Mon Feb 22 11:32:42 1999  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* Release 0.1b

Sat Feb 20 15:48:06 1999  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/hdb/convert_db.c: convert DES3 keys to des3-cbc-sha1, and
 	des3-cbc-md5

	* lib/krb5/crypto.c (DES3_string_to_key): make this actually do
 	what the draft said it should

	* lib/hdb/convert_db.c: little program for database conversion

	* lib/hdb/db.c (DB_open): try to open database w/o .db extension

	* lib/hdb/ndbm.c (NDBM_open): add test for database format

	* lib/hdb/db.c (DB_open): add test for database format

	* lib/asn1/gen_glue.c (generate_2int): don't depend on flags being
 	unsigned

	* lib/hdb/hdb.c: change `hdb_set_master_key' to take an
 	EncryptionKey, and add a new function `hdb_set_master_keyfile' to
 	do what `hdb_set_master_key' used to do

	* kdc/kstash.c: add `--convert-file' option to change keytype of
 	existing master key file

Fri Feb 19 07:04:14 1999  Assar Westerlund  <assar@@squid.pdc.kth.se>

	* Release 0.1a

Sat Feb 13 17:12:53 1999  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/mk_safe.c (krb5_mk_safe): sizeof(buf) -> buf_size, buf
 	is now a `u_char *'

	* lib/krb5/get_in_tkt.c (krb5_init_etype): etypes are now `int'

	* lib/krb5/get_host_realm.c (krb5_get_host_realm): constize
 	orig_host

 	(krb5_salttype_to_string): new function (RSA_MD5_DES_verify,
 	RSA_MD5_DES3_verify): initialize ret

	* lib/gssapi/init_sec_context.c (init_auth): remove unnecessary
 	gssapi_krb5_init.  ask for KEYTYPE_DES credentials

	* kadmin/get.c (print_entry_long): print the keytypes and salts
 	available for the principal

	* configure.in (WFLAGS): add `-O' to catch unitialized variables
 	and such
	(gethostname, mkstemp, getusershell, inet_aton): more tests

	* lib/hdb/hdb.h: update prototypes

	* configure.in: homogenize broken detection with krb4

	* lib/kadm5/init_c.c (kadm5_c_init_with_context): remove unused
 	`error'

	* lib/asn1/Makefile.am (check-der): add

	* lib/asn1/gen.c (define_type): map ASN1 Integer to `int' instead
 	of `unsigned'

	* lib/asn1/der_length.c (length_unsigned): new function
	(length_int): handle signed integers

	* lib/asn1/der_put.c (der_put_unsigned): new function
	(der_put_int): handle signed integers

 	* lib/asn1/der_get.c (der_get_unsigned): new function
 	(der_get_int): handle signed integers

	* lib/asn1/der.h: all integer functions take `int' instead of
 	`unsigned'

	* lib/asn1/lex.l (filename): unused. remove.

	* lib/asn1/check-der.c: new test program for der encoding and
 	decoding.

Mon Feb  1 04:09:06 1999  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): only call
 	gethostbyname2 with AF_INET6 if we actually have IPv6.  From
 	"Brandon S. Allbery KF8NH" <allbery@@kf8nh.apk.net>

 	* lib/krb5/changepw.c (get_kdc_address): dito

Sun Jan 31 06:26:36 1999  Assar Westerlund  <assar@@sics.se>

	* kdc/connect.c (parse_prots): always bind to AF_INET, there are
 	v6-implementations without support for `mapped V4 addresses'.
  	From Jun-ichiro itojun Hagino <itojun@@kame.net>

Sat Jan 30 22:38:27 1999  Assar Westerlund  <assar@@juguete.sics.se>

	* Release 0.0u

Sat Jan 30 13:43:02 1999  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am: explicit rules for *.et files

 	* lib/kadm5/init_c.c (get_kadm_ticket): only remove creds if
 	krb5_get_credentials was succesful.
 	(get_new_cache): return better error codes and return earlier.
 	(get_cred_cache): only delete default_client if it's different
 	from client
 	(kadm5_c_init_with_context): return a more descriptive error.

	* kdc/kerberos5.c (check_flags): handle NULL client or server

	* lib/krb5/sendauth.c (krb5_sendauth): return the error in
 	`ret_error' iff != NULL

	* lib/krb5/rd_error.c (krb5_free_error, krb5_free_error_contents):
 	new functions

	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): more
 	type-correctness

	* lib/krb5/krb5.h (krb5_error): typedef to KRB_ERROR

	* lib/krb5/init_creds_pw.c: KRB5_TGS_NAME: use

	* lib/krb5/get_cred.c: KRB5_TGS_NAME: use

 	* lib/kafs/afskrb5.c (afslog_uid_int): update to changes

	* lib/kadm5/rename_s.c (kadm5_s_rename_principal): call remove
 	instead of rename, but shouldn't this just call rename?

 	* lib/kadm5/get_s.c (kadm5_s_get_principal): always return an
 	error if the principal wasn't found.

	* lib/hdb/ndbm.c (NDBM_seq): unseal key

	* lib/hdb/db.c (DB_seq): unseal key

	* lib/asn1/Makefile.am: added explicit rules for asn1_err.[ch]

	* kdc/hprop.c (v4_prop): add krbtgt/THISREALM@@OTHERREALM when
 	finding cross-realm tgts in the v4 database

	* kadmin/mod.c (mod_entry): check the number of arguments.  check
 	that kadm5_get_principal worked.

	* lib/krb5/keytab.c (fkt_remove_entry): remove KRB5_KT_NOTFOUND if
 	we weren't able to remove it.

	* admin/ktutil.c: less drive-by-deleting.  From Love
 	<lha@@e.kth.se>

	* kdc/connect.c (parse_ports): copy the string before mishandling
 	it with strtok_r

	* kdc/kerberos5.c (tgs_rep2): print the principal with mismatching
 	kvnos

	* kadmin/kadmind.c (main): convert `debug_port' to network byte
 	order

	* kadmin/kadmin.c: allow specification of port number.

	* lib/kadm5/kadm5_locl.h (kadm5_client_context): add
 	`kadmind_port'.

	* lib/kadm5/init_c.c (_kadm5_c_init_context): move up
 	initalize_kadm5_error_table_r.
	allow specification of port number.
	
  	From Love <lha@@stacken.kth.se>

	* kuser/klist.c: add option -t | --test

Sat Dec  5 19:49:34 1998  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/krb5/context.c: remove ktype_is_etype

	* lib/krb5/crypto.c, lib/krb5/krb5.h, acconfig.h: NEW_DES3_CODE

	* configure.in: fix for AIX install; better tests for AIX dynamic
 	AFS libs; `--enable-new-des3-code'

Tue Dec  1 14:44:44 1998  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* appl/afsutil/Makefile.am: link with extra libs for aix

	* kuser/Makefile.am: link with extra libs for aix

Sun Nov 29 01:56:21 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_addrs.c (krb5_get_all_server_addrs): add.  almost
 	the same as krb5_get_all_client_addrs except that it includes
 	loopback addresses

	* kdc/connect.c (init_socket): bind to a particular address
	(init_sockets): get all local addresses and bind to them all

	* lib/krb5/addr_families.c (addr2sockaddr, print_addr): new
 	methods
	(find_af, find_atype): new functions.  use them.

	* configure.in: add hesiod

Wed Nov 25 11:37:48 1998  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/krb5/krb5_err.et: add some codes from kerberos-revisions-03

Mon Nov 23 12:53:48 1998  Assar Westerlund  <assar@@sics.se>

	* lib/kadm5/log.c: rename delete -> remove

	* lib/kadm5/delete_s.c: rename delete -> remove

	* lib/hdb/common.c: rename delete -> remove

Sun Nov 22 12:26:26 1998  Assar Westerlund  <assar@@sics.se>

	* configure.in: check for environ and `struct spwd'

Sun Nov 22 11:42:45 1998  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* kdc/kerberos5.c (as_rep): set keytype to sess_ktype if
 	ktype_is_etype

	* lib/krb5/encrypt.c (krb5_keytype_to_etypes): zero terminate
 	etypes
	(em): sort entries

Sun Nov 22 06:54:48 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/init_creds_pw.c: more type correctness

	* lib/krb5/get_cred.c: re-structure code.  remove limits on ASN1
 	generated bits.

Sun Nov 22 01:49:50 1998  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* kdc/hprop.c (v4_prop): fix bogus indexing

Sat Nov 21 21:39:20 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/verify_init.c (fail_verify_is_ok): new function
	(krb5_verify_init_creds): if we cannot get a ticket for
	host/`hostname` and fail_verify_is_ok just return.  use
 	krb5_rd_req

Sat Nov 21 23:12:27 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/free.c (krb5_xfree): new function

	* lib/krb5/creds.c (krb5_free_creds_contents): new function

	* lib/krb5/context.c: more type correctness

	* lib/krb5/checksum.c: more type correctness

	* lib/krb5/auth_context.c (krb5_auth_con_init): more type
 	correctness

	* lib/asn1/der_get.c (der_get_length): fix test of len
	(der_get_tag): more type correctness

	* kuser/klist.c (usage): void-ize

	* admin/ktutil.c (kt_remove): some more type correctness.

Sat Nov 21 16:49:20 1998  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* kuser/klist.c: try to list enctypes as keytypes

	* kuser/kinit.c: remove extra `--cache' option, add `--enctypes'
 	to set list of enctypes to use

	* kadmin/load.c: load strings as hex

	* kadmin/dump.c: dump hex as string is possible

	* admin/ktutil.c: use print_version()

	* configure.in, acconfig.h: test for hesiod

Sun Nov 15 17:28:19 1998  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/krb5/crypto.c: add some crypto debug code

	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): don't use fixed
 	buffer when encoding ticket

	* lib/krb5/auth_context.c (re-)implement `krb5_auth_setenctype'

	* kdc/kerberos5.c: allow mis-match of tgt session key, and service
 	session key

	* admin/ktutil.c: keytype -> enctype

Fri Nov 13 05:35:48 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.h (KRB5_TGS_NAME, KRB5_TGS_NAME_SIZE): added
	
Sat Nov  7 19:56:31 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_cred.c (add_cred): add termination NULL pointer

Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_req.c: adapt to new crypto api

	* lib/krb5/rd_rep.c: adapt to new crypto api

	* lib/krb5/rd_priv.c: adopt to new crypto api

	* lib/krb5/rd_cred.c: adopt to new crypto api

	* lib/krb5/principal.c: ENOMEM -> ERANGE

	* lib/krb5/mk_safe.c: cleanup and adopt to new crypto api

	* lib/krb5/mk_req_ext.c: adopt to new crypto api

	* lib/krb5/mk_req.c: get enctype from auth_context keyblock

	* lib/krb5/mk_rep.c: cleanup and adopt to new crypto api

	* lib/krb5/mk_priv.c: adopt to new crypto api

	* lib/krb5/keytab.c: adopt to new crypto api

	* lib/krb5/get_in_tkt_with_skey.c: adopt to new crypto api

	* lib/krb5/get_in_tkt_with_keytab.c: adopt to new crypto api

	* lib/krb5/get_in_tkt_pw.c: adopt to new crypto api

	* lib/krb5/get_in_tkt.c: adopt to new crypto api

	* lib/krb5/get_cred.c: adopt to new crypto api

	* lib/krb5/generate_subkey.c: use new crypto api

	* lib/krb5/context.c: rename etype functions to enctype ditto

	* lib/krb5/build_auth.c: use new crypto api

	* lib/krb5/auth_context.c: remove enctype and cksumtype from
 	auth_context

Mon Nov  2 01:15:06 1998  Assar Westerlund  <assar@@sics.se>

	* kdc/connect.c (handle_udp, handle_tcp): correct type of `n'

Tue Sep 15 18:41:38 1998  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* admin/ktutil.c: fix printing of unrecognized keytypes

Tue Sep 15 17:02:33 1998  Johan Danielsson  <joda@@hella.pdc.kth.se>

	* lib/kadm5/set_keys.c: add KEYTYPE_USE_AFS3_SALT to keytype if
 	using AFS3 salt

Tue Aug 25 23:30:52 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): care about
 	`use_admin_kdc'

	* lib/krb5/changepw.c (get_kdc_address): use
 	krb5_get_krb_admin_hst

	* lib/krb5/krbhst.c (krb5_get_krb_admin_hst): new function

	* lib/krb5/krb5.h (krb5_context_data): add `use_admin_kdc'

	* lib/krb5/context.c (krb5_get_use_admin_kdc,
 	krb5_set_use_admin_kdc): new functions

Tue Aug 18 22:24:12 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/crypto.c: remove all calls to abort(); check return
 	value from _key_schedule;
	(RSA_MD[45]_DES_verify): zero tmp and res;
	(RSA_MD5_DES3_{verify,checksum}): implement

Mon Aug 17 20:18:46 1998  Assar Westerlund  <assar@@sics.se>

	* kdc/kerberos4.c (swap32): conditionalize

	* lib/krb5/mk_req_ext.c (krb5_mk_req_internal): new function

	* lib/krb5/get_host_realm.c (krb5_get_host_realm): if the hostname
 	returned from gethostby*() isn't a FQDN, try with the original
 	hostname

	* lib/krb5/get_cred.c (make_pa_tgs_req): use krb5_mk_req_internal
 	and correct key usage

	* lib/krb5/crypto.c (verify_checksum): make static

	* admin/ktutil.c (kt_list): use krb5_enctype_to_string

Sun Aug 16 20:57:56 1998  Assar Westerlund  <assar@@sics.se>

	* kadmin/cpw.c (do_cpw_entry): use asprintf for the prompt

	* kadmin/ank.c (ank): print principal name in prompt

	* lib/krb5/crypto.c (hmac): always allocate space for checksum.
  	never trust c.checksum.length
	(_get_derived_key): try to return the derived key

Sun Aug 16 19:48:42 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/crypto.c (hmac): fix some peculiarities and bugs
	(get_checksum_key): assume usage is `formatted'
	(create_checksum,verify_checksum): moved the guts of the krb5_*
	functions here, both take `formatted' key-usages
	(encrypt_internal_derived): fix various bogosities
	(derive_key): drop key_type parameter (already given by the
	encryption_type)

	* kdc/kerberos5.c (check_flags): handle case where client is NULL

	* kdc/connect.c (process_request): return zero after processing
 	kerberos 4 request

Sun Aug 16 18:38:15 1998  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/crypto.c: merge x-*.[ch] into one file

	* lib/krb5/cache.c: remove residual from krb5_ccache_data

Fri Aug 14 16:28:23 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/x-crypto.c (derive_key): move DES3 specific code to
 	separate function (will eventually end up someplace else)

	* lib/krb5/x-crypto.c (krb5_string_to_key_derived): allocate key

	* configure.in, acconfig.h: test for four valued krb_put_int

Thu Aug 13 23:46:29 1998  Assar Westerlund  <assar@@emma.pdc.kth.se>

	* Release 0.0t

Thu Aug 13 22:40:17 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/config_file.c (parse_binding): remove trailing
 	whitespace

Wed Aug 12 20:15:11 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/x-checksum.c (krb5_verify_checksum): pass checksum type
 	to krb5_create_checksum

	* lib/krb5/x-key.c: implement DES3_string_to_key_derived; fix a
 	few typos

Wed Aug  5 12:39:54 1998  Assar Westerlund  <assar@@emma.pdc.kth.se>

	* Release 0.0s

Thu Jul 30 23:12:17 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/mk_error.c (krb5_mk_error): realloc until you die

Thu Jul 23 19:49:03 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kdc_locl.h: proto for `get_des_key'

	* configure.in: test for four valued el_init

	* kuser/klist.c: keytype -> enctype

	* kpasswd/kpasswdd.c (change): use new `krb5_string_to_key*'

	* kdc/hprop.c (v4_prop, ka_convert): convert to a set of keys

	* kdc/kaserver.c: use `get_des_key'

	* kdc/524.c: use new crypto api

	* kdc/kerberos4.c: use new crypto api

	* kdc/kerberos5.c: always treat keytypes as enctypes; use new
 	crypto api

	* kdc/kstash.c: adapt to new crypto api

	* kdc/string2key.c: adapt to new crypto api

	* admin/srvconvert.c: add keys for all possible enctypes

	* admin/ktutil.c: keytype -> enctype

	* lib/gssapi/init_sec_context.c: get enctype from auth_context
 	keyblock

	* lib/hdb/hdb.c: remove hdb_*_keytype2key

	* lib/kadm5/set_keys.c: adapt to new crypto api

	* lib/kadm5/rename_s.c: adapt to new crypto api

	* lib/kadm5/get_s.c: adapt to new crypto api

	* lib/kadm5/create_s.c: add keys for des-cbc-crc, des-cbc-md4,
 	des-cbc-md5, and des3-cbc-sha1

	* lib/krb5/heim_err.et: error message for unsupported salt

	* lib/krb5/codec.c: short-circuit these functions, since they are
 	not needed any more

	* lib/krb5/rd_safe.c: cleanup and adapt to new crypto api

Mon Jul 13 23:00:59 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): don't advance
 	hostent->h_addr_list, use a copy instead

Mon Jul 13 15:00:31 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/config_file.c (parse_binding, parse_section): make sure
 	everything is ok before adding to linked list

	* lib/krb5/config_file.c: skip ws before checking for comment

Wed Jul  8 10:45:45 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/asn1/k5.asn1: hmac-sha1-des3 = 12

Tue Jun 30 18:08:05 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc): do not close the
 	unopened file

	* lib/krb5/mk_priv.c: realloc correctly

	* lib/krb5/get_addrs.c (find_all_addresses): init j

	* lib/krb5/context.c (krb5_init_context): print error if parsing
 	of config file produced an error.

	* lib/krb5/config_file.c (parse_list, krb5_config_parse_file):
 	ignore more spaces

	* lib/krb5/codec.c (krb5_encode_EncKrbCredPart,
 	krb5_encode_ETYPE_INFO): initialize `ret'

	* lib/krb5/build_auth.c (krb5_build_authenticator): realloc
 	correctly

	* lib/kadm5/set_keys.c (_kadm5_set_keys): initialize `ret'

	* lib/kadm5/init_c.c (get_cred_cache): try to do the right thing
 	with default_client

	* kuser/kinit.c (main): initialize `ticket_life'

	* kdc/kerberos5.c (get_pa_etype_info): initialize `ret'
	(tgs_rep2): initialize `krbtgt'

	* kdc/connect.c (do_request): check for errors from `sendto'

	* kdc/524.c (do_524): initialize `ret'

	* kadmin/util.c (foreach_principal): don't clobber `ret'

	* kadmin/del.c (del_entry): don't apply on zeroth argument

	* kadmin/cpw.c (do_cpw_entry): initialize `ret'

Sat Jun 13 04:14:01 1998  Assar Westerlund  <assar@@juguete.sics.se>

	* Release 0.0r

Sun Jun  7 04:13:14 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/addr_families.c: fall-back definition of
 	IN6_ADDR_V6_TO_V4

	* configure.in: only set CFLAGS if it wasn't set look for
 	dn_expand and res_search

Mon Jun  1 21:28:07 1998  Assar Westerlund  <assar@@sics.se>

	* configure.in: remove duplicate seteuid

Sat May 30 00:19:51 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/convert_creds.c: import _krb_time_to_life, to avoid
 	runtime dependencies on libkrb with some shared library
 	implementations

Fri May 29 00:09:02 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kuser/kinit_options.c: Default options for kinit.

	* kuser/kauth_options.c: Default options for kauth.

	* kuser/kinit.c: Implement lots a new options.

	* kdc/kerberos5.c (check_tgs_flags): make sure kdc-req-body->rtime
 	is not NULL; set endtime to min of new starttime + old_life, and
 	requested endtime

	* lib/krb5/init_creds_pw.c (get_init_creds_common): if the
 	forwardable or proxiable flags are set in options, set the
 	kdc-flags to the value specified, and not always to one

Thu May 28 21:28:06 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kerberos5.c: Optionally compare client address to addresses
 	in ticket.

	* kdc/connect.c: Pass client address to as_rep() and tgs_rep().

	* kdc/config.c: Add check_ticket_addresses, and
 	allow_null_ticket_addresses variables.

Tue May 26 14:03:42 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/kadm5/create_s.c: possibly make DES keys version 4 salted

	* lib/kadm5/set_keys.c: check config file for kadmin/use_v4_salt
 	before zapping version 4 salts

Sun May 24 05:22:17 1998  Assar Westerlund  <assar@@sics.se>

	* Release 0.0q

	* lib/krb5/aname_to_localname.c: new file

	* lib/gssapi/init_sec_context.c (repl_mutual): no output token

	* lib/gssapi/display_name.c (gss_display_name): zero terminate
 	output.

Sat May 23 19:11:07 1998  Assar Westerlund  <assar@@sics.se>

	* lib/gssapi/display_status.c: new file

	* Makefile.am: send -I to aclocal

	* configure.in: remove duplicate setenv

Sat May 23 04:55:19 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kadmin/util.c (foreach_principal): Check for expression before
 	wading through the whole database.

	* kadmin/kadmin.c: Pass NULL password to
 	kadm5_*_init_with_password.

	* lib/kadm5/init_c.c: Implement init_with_{skey,creds}*. Make use
 	of `password' parameter to init_with_password.

	* lib/kadm5/init_s.c: implement init_with_{skey,creds}*

	* lib/kadm5/server.c: Better arguments for
 	kadm5_init_with_password.

Sat May 16 07:10:36 1998  Assar Westerlund  <assar@@sics.se>

	* kdc/hprop.c: conditionalize ka-server reading support on
 	KASERVER_DB

	* configure.in: new option `--enable-kaserver-db'

Fri May 15 19:39:18 1998  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/get_cred.c: Better error if local tgt couldn't be
 	found.

Tue May 12 21:11:02 1998  Assar Westerlund  <assar@@sics.se>

	* Release 0.0p

	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): only set
 	encryption type in auth_context if it's compatible with the type
 	of the session key

Mon May 11 21:11:14 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/hprop.c: add support for ka-server databases

	* appl/ftp/ftpd: link with -lcrypt, if needed

Fri May  1 07:29:52 1998  Assar Westerlund  <assar@@sics.se>

	* configure.in: don't test for winsock.h

Sat Apr 18 21:43:11 1998  Johan Danielsson  <joda@@puffer.pdc.kth.se>

	* Release 0.0o

Sat Apr 18 00:31:11 1998  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/sock_principal.c: Save hostname.

Sun Apr  5 11:29:45 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/mk_req_ext.c: Use same enctype as in ticket.

	* kdc/hprop.c (v4_prop): Check for null key.

Fri Apr  3 03:54:54 1998  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/str2key.c: Fix DES3 string-to-key.

	* lib/krb5/keytab.c: Get default keytab name from context.

	* lib/krb5/context.c: Get `default_keytab_name' value.

	* kadmin/util.c (foreach_principal): Print error message if
 	`kadm5_get_principals' fails.

	* kadmin/kadmind.c: Use `kadmind_loop'.

	* lib/kadm5/server.c: Replace several other functions with
 	`kadmind_loop'.

Sat Mar 28 09:49:18 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/keytab.c (fkt_add_entry): use an explicit seek instead
 	of O_APPEND

	* configure.in: generate ftp Makefiles

	* kuser/klist.c (print_cred_verbose): print IPv4-address in a
 	portable way.

	* admin/srvconvert.c (srvconv): return 0 if successful

Tue Mar 24 00:40:33 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/keytab.c: MIT compatible changes: add and use sizes to
 	keytab entries, and change default keytab to `/etc/krb5.keytab'.

Mon Mar 23 23:43:59 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/gssapi/wrap.c: Use `gss_krb5_getsomekey'.

	* lib/gssapi/unwrap.c: Implement and use `gss_krb5_getsomekey'.
  	Fix bug in checking of pad.

	* lib/gssapi/{un,}wrap.c: Add support for just integrity
 	protecting data.
 	
	* lib/gssapi/accept_sec_context.c: Use
 	`gssapi_krb5_verify_8003_checksum'.

	* lib/gssapi/8003.c: Implement `gssapi_krb5_verify_8003_checksum'.

	* lib/gssapi/init_sec_context.c: Zero cred, and store session key
 	properly in auth-context.

Sun Mar 22 00:47:22 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/kadm5/delete_s.c: Check immutable bit.

	* kadmin/kadmin.c: Pass client name to kadm5_init.

	* lib/kadm5/init_c.c: Get creds for client name passed in.

	* kdc/hprop.c (v4_prop): Check for `changepw.kerberos'.

Sat Mar 21 22:57:13 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/mk_error.c: Verify that error_code is in the range
 	[0,127].

	* kdc/kerberos5.c: Move checking of principal flags to new
 	function `check_flags'.

Sat Mar 21 14:38:51 1998  Assar Westerlund  <assar@@sics.se>

	* lib/kadm5/get_s.c (kadm5_s_get_principal): handle an empty salt

	* configure.in: define SunOS if running solaris

Sat Mar 21 00:26:34 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/kadm5/server.c: Unifdef test for same principal when
 	changing password.

	* kadmin/util.c: If kadm5_get_principals failes, we might still be
 	able to perform the requested opreration (for instance someone if
 	trying to change his own password).

	* lib/kadm5/init_c.c: Try to get ticket via initial request, if
 	not possible via tgt.

	* lib/kadm5/server.c: Check for principals changing their own
 	passwords.

	* kdc/kerberos5.c (tgs_rep2): check for interesting flags on
 	involved principals.

	* kadmin/util.c: Fix order of flags.

Thu Mar 19 16:54:10 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kerberos4.c: Return sane error code if krb_rd_req fails.

Wed Mar 18 17:11:47 1998  Assar Westerlund  <assar@@sics.se>

	* acconfig.h: rename HAVE_STRUCT_SOCKADDR_IN6 to HAVE_IPV6

Wed Mar 18 09:58:18 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/get_in_tkt_with_keytab.c (krb5_keytab_key_proc): don't
 	free keyseed; use correct keytab

Tue Mar 10 09:56:16 1998  Assar Westerlund  <assar@@sics.se>

	* acinclude.m4 (AC_KRB_IPV6): rewrote to avoid false positives

Mon Mar 16 23:58:23 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* Release 0.0n

Fri Mar  6 00:41:30 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/gssapi/{accept_sec_context,release_cred}.c: Use
	krb5_kt_close/krb5_kt_resolve.
	
	* lib/krb5/principal.c (krb5_425_conv_principal_ext): Use resolver
 	to lookup hosts, so CNAMEs can be ignored.

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc, send_and_recv_http):
 	Add support for using proxy.

	* lib/krb5/context.c: Initialize `http_proxy' from
 	`libdefaults/http_proxy'.

	* lib/krb5/krb5.h: Add `http_proxy' to context.

	* lib/krb5/send_to_kdc.c: Recognize `http/' and `udp/' as protocol
 	specifications.

Wed Mar  4 01:47:29 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* admin/ktutil.c: Implement `add' and `remove' functions. Make
 	`--keytab' a global option.

	* lib/krb5/keytab.c: Implement remove with files. Add memory
 	operations.

Tue Mar  3 20:09:59 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/keytab.c: Use function pointers.

	* admin: Remove kdb_edit.

Sun Mar  1 03:28:42 1998  Assar Westerlund  <assar@@sics.se>

	* lib/kadm5/dump_log.c: print operation names

Sun Mar  1 03:04:12 1998  Assar Westerlund  <assar@@sics.se>

	* configure.in: add X-tests, and {bin,...}dir appl/{kx,kauth}
	
	* lib/krb5/build_auth.c,mk_priv.c,rd_safe.c,mk_safe.c,mk_rep.c:
 	remove arbitrary limit

	* kdc/hprop-common.c: use krb5_{read,write}_message

	* lib/kadm5/ipropd_master.c (send_diffs): more careful use
 	krb5_{write,read}_message

	* lib/kadm5/ipropd_slave.c (get_creds): get credentials for
 	`iprop/master' directly.
	(main): use `krb5_read_message'

Sun Mar  1 02:05:11 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kadmin/kadmin.c: Cleanup commands list, and add help strings.

	* kadmin/get.c: Add long, short, and terse (equivalent to `list')
 	output formats. Short is the default.

	* kadmin/util.c: Add `include_time' flag to timeval2str.

	* kadmin/init.c: Max-life and max-renew can, infact, be zero.

	* kadmin/{cpw,del,ext,get}.c: Use `foreach_principal'.

	* kadmin/util.c: Add function `foreach_principal', that loops over
 	all principals matching an expression.

	* kadmin/kadmin.c: Add usage string to `privileges'.

	* lib/kadm5/get_princs_s.c: Also try to match aganist the
 	expression appended with `@@default-realm'.

	* lib/krb5/principal.c: Add `krb5_unparse_name_fixed_short', that
 	excludes the realm if it's the same as the default realm.

Fri Feb 27 05:02:21 1998  Assar Westerlund  <assar@@sics.se>

	* configure.in: more WFLAGS and WFLAGS_NOUNUSED added missing
 	headers and functions error -> com_err

 	(krb5_get_init_creds_keytab): use krb5_keytab_key_proc

	* lib/krb5/get_in_tkt_with_keytab.c: make `krb5_keytab_key_proc'
 	global

	* lib/kadm5/marshall.c (ret_principal_ent): set `n_tl_data'

	* lib/hdb/ndbm.c: use `struct ndbm_db' everywhere.

Fri Feb 27 04:49:24 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/mk_priv.c (krb5_mk_priv): bump static limit to 10240.
  	This should be fixed the correct way.

	* lib/kadm5/ipropd_master.c (check_acl:) truncate buf correctly
	(send_diffs): compare versions correctly
	(main): reorder handling of events

	* lib/kadm5/log.c (kadm5_log_previous): avoid bad type conversion

Thu Feb 26 02:22:35 1998  Assar Westerlund  <assar@@sics.se>

	* lib/kadm5/ipropd_{slave,master}.c: new files

	* lib/kadm5/log.c (kadm5_log_get_version): take an `fd' as
 	argument

	* lib/krb5/krb5.h (krb5_context_data): `et_list' should be `struct
 	et_list *'

	* aux/make-proto.pl: Should work with perl4

Mon Feb 16 17:20:22 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/krb5_locl.h: Remove <error.h> (it gets included via
 	{asn1,krb5}_err.h).

Thu Feb 12 03:28:40 1998  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_in_tkt.c (_krb5_extract_ticket): if time difference
 	is larger than max_skew, return KRB5KRB_AP_ERR_SKEW

	* lib/kadm5/log.c (get_version): globalize

	* lib/kadm5/kadm5_locl.h: include <sys/file.h>

	* lib/asn1/Makefile.am: add PA_KEY_INFO and PA_KEY_INFO_ENTRY

	* kdc/kerberos5.c (get_pa_etype_info): remove gcc-ism of
 	initializing local struct in declaration.

Sat Jan 31 17:28:58 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/524.c: Use krb5_decode_EncTicketPart.

	* kdc/kerberos5.c: Check at runtime whether to use enctypes
 	instead of keytypes. If so use the same value to encrypt ticket,
 	and kdc-rep as well as `keytype' for session key. Fix some obvious
 	bugs with the handling of additional tickets.

	* lib/krb5/rd_req.c: Use krb5_decode_EncTicketPart, and
 	krb5_decode_Authenticator.

	* lib/krb5/rd_rep.c: Use krb5_decode_EncAPRepPart.

	* lib/krb5/rd_cred.c: Use krb5_decode_EncKrbCredPart.

	* lib/krb5/mk_rep.c: Make sure enc_part.etype is an encryption
 	type, and not a key type.  Use krb5_encode_EncAPRepPart.

	* lib/krb5/init_creds_pw.c: Use krb5_decode_PA_KEY_INFO.

	* lib/krb5/get_in_tkt.c: Use krb5_decode_Enc{AS,TGS}RepPart.

	* lib/krb5/get_for_creds.c: Use krb5_encode_EncKrbCredPart.

	* lib/krb5/get_cred.c: Use krb5_decode_Enc{AS,TGS}RepPart.

	* lib/krb5/build_auth.c: Use krb5_encode_Authenticator.

	* lib/krb5/codec.c: Enctype conversion stuff.

	* lib/krb5/context.c: Ignore KRB5_CONFIG if *not* running
 	setuid. Get configuration for libdefaults ktype_is_etype, and
 	default_etypes.

	* lib/krb5/encrypt.c: Add krb5_string_to_etype, rename
 	krb5_convert_etype to krb5_decode_keytype, and add
 	krb5_decode_keyblock.

Fri Jan 23 00:32:09 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/{get_in_tkt,rd_req}.c: Use krb5_convert_etype.

	* lib/krb5/encrypt.c: Add krb5_convert_etype function - converts
 	from protocol keytypes (that really are enctypes) to internal
 	representation.

Thu Jan 22 21:24:36 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/asn1/k5.asn1: Add PA-KEY-INFO structure to hold information
 	on keys in the database; and also a new `pa-key-info' padata-type.

	* kdc/kerberos5.c: If pre-authentication fails, return a list of
 	keytypes, salttypes, and salts.

	* lib/krb5/init_creds_pw.c: Add better support for
 	pre-authentication, by looking at hints from the KDC.

	* lib/krb5/get_in_tkt.c: Add better support for specifying what
 	pre-authentication to use.

	* lib/krb5/str2key.c: Merge entries for KEYTYPE_DES and
 	KEYTYPE_DES_AFS3.

	* lib/krb5/krb5.h: Add pre-authentication structures.

	* kdc/connect.c: Don't fail if realloc(X, 0) returns NULL.

Wed Jan 21 06:20:40 1998  Assar Westerlund  <assar@@sics.se>

	* lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
 	`log_context.socket_name' and `log_context.socket_fd'

	* lib/kadm5/log.c (kadm5_log_flush): send a unix domain datagram
 	to inform the possible running ipropd of an update.

Wed Jan 21 01:34:09 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/get_in_tkt.c: Return error-packet to caller.

	* lib/krb5/free.c (krb5_free_kdc_rep): Free krb5_kdc_rep->error.

	* kdc/kerberos5.c: Add some support for using enctypes instead of
 	keytypes.

	* lib/krb5/get_cred.c: Fixes to send authorization-data to the
 	KDC.

	* lib/krb5/build_auth.c: Only generate local subkey if there is
 	none.

	* lib/krb5/krb5.h: Add krb5_authdata type.

	* lib/krb5/auth_context.c: Add
 	krb5_auth_con_set{,localsub,remotesub}key.

	* lib/krb5/init_creds_pw.c: Return some error if prompter
 	functions return failure.

Wed Jan 21 01:16:13 1998  Assar Westerlund  <assar@@sics.se>

	* kpasswd/kpasswd.c: detect bad password.  use krb5_err.

	* kadmin/util.c (edit_entry): remove unused variables

Tue Jan 20 22:58:31 1998  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.c: rename `-s' to `-S' to be MIT-compatible.

	* lib/kadm5/kadm5_locl.h: add kadm5_log_context and
 	kadm5_log*-functions

	* lib/kadm5/create_s.c (kadm5_s_create_principal): add change to
 	log

	* lib/kadm5/rename_s.c (kadm5_s_rename_principal): add change to
 	log

	* lib/kadm5/init_s.c (kadm5_s_init_with_password_ctx): initialize
 	log_context

	* lib/kadm5/delete_s.c (kadm5_s_delete_principal): add change to
 	log

	* lib/kadm5/modify_s.c (kadm5_s_modify_principal): add change to
 	log

	* lib/kadm5/randkey_s.c (kadm5_s_randkey_principal): add change to
 	log

	* lib/kadm5/chpass_s.c (kadm5_s_chpass_principal): add change to
 	log

	* lib/kadm5/Makefile.am: add log.c, dump_log and replay_log

	* lib/kadm5/replay_log.c: new file

	* lib/kadm5/dump_log.c: new file

	* lib/kadm5/log.c: new file

	* lib/krb5/str2key.c (get_str): initialize pad space to zero

	* lib/krb5/config_file.c (krb5_config_vget_next): handle c == NULL

	* kpasswd/kpasswdd.c: rewritten to use the kadm5 API

	* kpasswd/Makefile.am: link with kadm5srv

	* kdc/kerberos5.c (tgs_rep): initialize `i'

	* kadmin/kadmind.c (main): use kadm5_server_{send,recv}_sp

	* include/Makefile.am: added admin.h

Sun Jan 18 01:41:34 1998  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/asn1/gen_copy.c: Don't return ENOMEM if allocating 0 bytes.

	* lib/krb5/mcache.c (mcc_store_cred): restore linked list if
 	copy_creds fails.

Tue Jan  6 04:17:56 1998  Assar Westerlund  <assar@@sics.se>

	* lib/kadm5/server.c: add kadm5_server_{send,recv}{,_sp}

	* lib/kadm5/marshall.c: add kadm5_{store,ret}_principal_ent_mask.

	* lib/kadm5/init_c.c (kadm5_c_init_with_password_ctx): use
 	krb5_getportbyname

	* kadmin/kadmind.c (main): htons correctly.
	moved kadm5_server_{recv,send}

	* kadmin/kadmin.c (main): only set admin_server if explicitly
 	given

Mon Jan  5 23:34:44 1998  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/hdb/ndbm.c: Implement locking of database.

	* kdc/kerberos5.c: Process AuthorizationData.

Sat Jan  3 22:07:07 1998  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* kdc/string2key.c: Use AFS string-to-key from libkrb5.

	* lib/krb5/get_in_tkt.c: Handle pa-afs3-salt case.

	* lib/krb5/krb5.h: Add value for AFS salts.

	* lib/krb5/str2key.c: Add support for AFS string-to-key.

	* lib/kadm5/rename_s.c: Use correct salt.

	* lib/kadm5/ent_setup.c: Always enable client. Only set max-life
 	and max-renew if != 0.

	* lib/krb5/config_file.c: Add context to all krb5_config_*get_*.

Thu Dec 25 17:03:25 1997  Assar Westerlund  <assar@@sics.se>

	* kadmin/ank.c (ank): don't zero password if --random-key was
 	given.

Tue Dec 23 01:56:45 1997  Assar Westerlund  <assar@@sics.se>

	* Release 0.0m

	* lib/kadm5/ent_setup.c (attr_to_flags): try to set `client'

	* kadmin/util.c (edit_time): only set mask if != 0
	(edit_attributes): only set mask if != 0

	* kadmin/init.c (init): create `default'

Sun Dec 21 09:44:05 1997  Assar Westerlund  <assar@@sics.se>

	* kadmin/util.c (str2deltat, str2attr, get_deltat): return value
 	as pointer and have return value indicate success.
	
	(get_response): check NULL from fgets
	
	(edit_time, edit_attributes): new functions for reading values and
	offering list of answers on '?'
	
	(edit_entry): use edit_time and edit_attributes

	* kadmin/ank.c (add_new_key): test the return value of
 	`krb5_parse_name'

	* kdc/kerberos5.c (tgs_check_authenticator): RFC1510 doesn't say
 	that the checksum has to be keyed, even though later drafts do.
  	Accept unkeyed checksums to be compatible with MIT.

	* kadmin/kadmin_locl.h: add some prototypes.

	* kadmin/util.c (edit_entry): return a value

	* appl/afsutil/afslog.c (main): return a exit code.

	* lib/krb5/get_cred.c (init_tgs_req): use krb5_keytype_to_enctypes

	* lib/krb5/encrypt.c (krb5_keytype_to_enctypes): new function.

	* lib/krb5/build_auth.c (krb5_build_authenticator): use
 	krb5_{free,copy}_keyblock instead of the _contents versions

Fri Dec 12 14:20:58 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/{mk,rd}_priv.c: fix check for local/remote subkey

Mon Dec  8 08:48:09 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/context.c: don't look at KRB5_CONFIG if running setuid

Sat Dec  6 10:09:40 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/keyblock.c (krb5_free_keyblock): check for NULL
	keyblock

Sat Dec  6 08:26:10 1997  Assar Westerlund  <assar@@sics.se>

	* Release 0.0l

Thu Dec  4 03:38:12 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/send_to_kdc.c: Add TCP client support.

	* lib/krb5/store.c: Add k_{put,get}_int.

	* kadmin/ank.c: Set initial kvno to 1.

	* kdc/connect.c: Send version 5 TCP-reply as length+data.

Sat Nov 29 07:10:11 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_req.c (krb5_rd_req): fixed obvious bug

	* kdc/kaserver.c (create_reply_ticket): use a random nonce in the
 	reply packet.

	* kdc/connect.c (init_sockets): less reallocing.

	* **/*.c: changed `struct fd_set' to `fd_set'

Sat Nov 29 05:12:01 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/get_default_principal.c: More guessing.

Thu Nov 20 02:55:09 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/rd_req.c: Use principal from ticket if no server is
 	given.

Tue Nov 18 02:58:02 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kuser/klist.c: Use krb5_err*().

Sun Nov 16 11:57:43 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kadmin/kadmin.c: Add local `init', `load', `dump', and `merge'
 	commands.

Sun Nov 16 02:52:20 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/mk_req_ext.c (krb5_mk_req_ext): figure out the correct
 	`enctype'

	* lib/krb5/mk_req.c (krb5_mk_req): use `(*auth_context)->enctype'
 	if set.

	* lib/krb5/get_cred.c: handle the case of a specific keytype

	* lib/krb5/build_auth.c (krb5_build_authenticator): enctype as a
 	parameter instead of guessing it.

	* lib/krb5/build_ap_req.c (krb5_build_ap_req): new parameter
 	`enctype'

	* appl/test/common.c (common_setup): don't use `optarg'

	* lib/krb5/keytab.c (krb5_kt_copy_entry_contents): new function
	(krb5_kt_get_entry): retrieve the latest version if kvno == 0

	* lib/krb5/krb5.h: define KRB5_TC_MATCH_KEYTYPE

	* lib/krb5/creds.c (krb5_compare_creds): check for
 	KRB5_TC_MATCH_KEYTYPE

	* lib/gssapi/8003.c (gssapi_krb5_create_8003_checksum): remove
 	unused variable

	* lib/krb5/creds.c (krb5_copy_creds_contents): only free the
 	contents if we fail.

Sun Nov 16 00:32:48 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kpasswd/kpasswdd.c: Get password expiration time from config
 	file.

	* lib/asn1/{der_get,gen_decode}.c: Allow passing NULL size.

Wed Nov 12 02:35:57 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
 	restructured and fixed.

	* lib/krb5/addr_families.c (krb5_h_addr2addr): new function.

Wed Nov 12 01:36:01 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/get_addrs.c: Fall back to hostname's addresses if other
 	methods fail.

Tue Nov 11 22:22:12 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kadmin/kadmin.c: Add `-l' flag to use local database.

	* lib/kadm5/acl.c: Use KADM5_PRIV_ALL.

	* lib/kadm5: Use function pointer trampoline for easier dual use
 	(without radiation-hardening capability).

Tue Nov 11 05:15:22 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/encrypt.c (krb5_etype_valid): new function

	* lib/krb5/creds.c (krb5_copy_creds_contents): zero target

	* lib/krb5/context.c (valid_etype): remove

	* lib/krb5/checksum.c: remove dead code

	* lib/krb5/changepw.c (send_request): free memory on error.

	* lib/krb5/build_ap_req.c (krb5_build_ap_req): check return value
 	from malloc.

	* lib/krb5/auth_context.c (krb5_auth_con_init): free memory on
 	failure correctly.
	(krb5_auth_con_setaddrs_from_fd): return error correctly.

	* lib/krb5/get_in_tkt_with_{keytab,skey}.c: new files

Tue Nov 11 02:53:19 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/auth_context.c: Implement auth_con_setuserkey.

	* lib/gssapi/init_sec_context.c: Use krb5_auth_con_getkey.

	* lib/krb5/keyblock.c: Rename krb5_free_keyblock to
 	krb5_free_keyblock_contents, and reimplement krb5_free_keyblock.

	* lib/krb5/rd_req.c: Use auth_context->keyblock if
 	ap_options.use_session_key.

Tue Nov 11 02:35:17 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/net_{read,write}.c: change `int fd' to `void *p_fd'.
	fix callers.

	* lib/krb5/krb5_locl.h: include <asn1.h> and <der.h>

	* include/Makefile.am: add xdbm.h

Tue Nov 11 01:58:22 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/get_cred.c: Implement krb5_get_cred_from_kdc.

Mon Nov 10 22:41:53 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/ticket.c: Implement copy_ticket.

	* lib/krb5/get_in_tkt.c: Make `options' parameter MIT-compatible.

	* lib/krb5/data.c: Implement free_data and copy_data.

Sun Nov  9 02:17:27 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/kadm5: Implement kadm5_get_privs, and kadm5_get_principals.

	* kadmin/kadmin.c: Add get_privileges function.

	* lib/kadm5: Rename KADM5_ACL_* -> KADM5_PRIV_* to conform with
 	specification.

	* kdc/connect.c: Exit if no sockets could be bound.

	* kadmin/kadmind.c: Check return value from krb5_net_read().

	* lib/kadm5,kadmin: Fix memory leaks.

Fri Nov  7 02:45:26 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/kadm5/create_s.c: Get some default values from `default'
 	principal.

	* lib/kadm5/ent_setup.c: Add optional default entry to get some
 	values from.

Thu Nov  6 00:20:41 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/error/compile_et.awk: Remove generated destroy_*_error_table
 	prototype

	* kadmin/kadmind.c: Crude admin server.

	* kadmin/kadmin.c: Update to use remote protocol.

	* kadmin/get.c: Fix principal formatting.

	* lib/kadm5: Add client support.

	* lib/kadm5/error.c: Error code mapping.

	* lib/kadm5/server.c: Kadmind support function.

	* lib/kadm5/marshall.c: Kadm5 marshalling.

	* lib/kadm5/acl.c: Simple acl system.

	* lib/kadm5/kadm5_locl.h: Add client stuff.

	* lib/kadm5/init_s.c: Initialize acl.

	* lib/kadm5/*:  Return values.

	* lib/kadm5/create_s.c: Correct kvno.

Wed Nov  5 22:06:50 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/log.c: Fix parsing of log destinations.

Mon Nov  3 20:33:55 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/principal.c: Reduce number of reallocs in unparse_name.

Sat Nov  1 01:40:53 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kadmin: Simple kadmin utility.

	* admin/ktutil.c: Print keytype.

	* lib/kadm5/get_s.c: Set correct n_key_data.

	* lib/kadm5/init_s.c: Add kadm5_s_init_with_password_ctx. Use
 	master key.

	* lib/kadm5/destroy_s.c: Check for allocated context.

	* lib/kadm5/{create,chpass}_s.c: Use _kadm5_set_keys().

Sat Nov  1 00:21:00 1997  Assar Westerlund  <assar@@sics.se>

	* configure.in: test for readv, writev

Wed Oct 29 23:41:26 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/warn.c (_warnerr): handle the case of an illegal error
 	code

	* kdc/kerberos5.c (encode_reply): return success

Wed Oct 29 18:01:59 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kerberos5.c (find_etype) Return correct index of selected
 	etype.

Wed Oct 29 04:07:06 1997  Assar Westerlund  <assar@@sics.se>

	* Release 0.0k

	* lib/krb5/context.c (krb5_init_context): support `KRB5_CONFIG'
 	environment variable

	* *: use the roken_get*-macros from roken.h for the benefit of
 	Crays.

	* configure.in: add --{enable,disable}-otp.  check for compatible
 	prototypes for gethostbyname, gethostbyaddr, getservbyname, and
 	openlog (they have strange prototypes on Crays)

	* acinclude.m4: new macro `AC_PROTO_COMPAT'

Tue Oct 28 00:11:22 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/connect.c: Log bad requests.

	* kdc/kerberos5.c: Move stuff that's in common between as_rep and
 	tgs_rep to separate functions.

	* kdc/kerberos5.c: Fix user-to-user authentication.

	* lib/krb5/get_cred.c: Some restructuring of krb5_get_credentials:
 	  - add a kdc-options argument to krb5_get_credentials, and rename
	    it to krb5_get_credentials_with_flags
	  - honour the KRB5_GC_CACHED, and KRB5_GC_USER_USER options
	  - add some more user-to-user glue

	* lib/krb5/rd_req.c: Move parts of krb5_verify_ap_req into a new
 	function, krb5_decrypt_ticket, so it is easier to decrypt and
 	check a ticket without having an ap-req.

	* lib/krb5/krb5.h: Add KRB5_GC_CACHED, and KRB5_GC_USER_USER
 	flags.

	* lib/krb5/crc.c (crc_init_table): Check if table is already
 	inited.

Sun Oct 26 04:51:02 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/asn1/der_get.c (der_get_length, fix_dce): Special-case
 	indefinite encoding.

	* lib/asn1/gen_glue.c (generate_units): Check for empty
 	member-list.

Sat Oct 25 07:24:57 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/error/compile_et.awk: Allow specifying table-base.

Tue Oct 21 20:21:40 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kerberos5.c: Check version number of krbtgt.

Mon Oct 20 01:14:53 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/prompter_posix.c (krb5_prompter_posix): implement the
 	case of unhidden prompts.

	* lib/krb5/str2key.c (string_to_key_internal): return error
 	instead of aborting.  always free memory

	* admin/ktutil.c: add `help' command

	* admin/kdb_edit.c: implement new commands: add_random_key(ark),
 	change_password(cpw), change_random_key(crk)

Thu Oct 16 05:16:36 1997  Assar Westerlund  <assar@@sics.se>

	* kpasswd/kpasswdd.c: change all the keys in the database

	* kdc: removed all unsealing, now done by the hdb layer

	* lib/hdb/hdb.c: new functions `hdb_create', `hdb_set_master_key'
 	and `hdb_clear_master_key'

	* admin/misc.c: removed

Wed Oct 15 22:47:31 1997  Assar Westerlund  <assar@@sics.se>

	* kuser/klist.c: print year as YYYY iff verbose

Wed Oct 15 20:02:13 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kuser/klist.c: print etype from ticket

Mon Oct 13 17:18:57 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* Release 0.0j

	* lib/krb5/get_cred.c: Get the subkey from mk_req so it can be
 	used to decrypt the reply from DCE secds.

	* lib/krb5/auth_context.c: Add {get,set}enctype.

	* lib/krb5/get_cred.c: Fix for DCE secd.

	* lib/krb5/store.c: Store keytype twice, as MIT does.

	* lib/krb5/get_in_tkt.c: Use etype from reply.

Fri Oct 10 00:39:48 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/connect.c: check for leading '/' in http request

Tue Sep 30 21:50:18 1997  Assar Westerlund  <assar@@assaris.pdc.kth.se>

	* Release 0.0i

Mon Sep 29 15:58:43 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_req.c (krb5_rd_req): redone because we don't know
 	the kvno or keytype before receiving the AP-REQ

	* lib/krb5/mk_safe.c (krb5_mk_safe): figure out what cksumtype to
 	use from the keytype.

	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): figure out what
 	cksumtype to use from the keytype.

	* lib/krb5/mk_priv.c (krb5_mk_priv): figure out what etype to use
 	from the keytype.

	* lib/krb5/keytab.c (krb5_kt_get_entry): check the keytype

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): figure out
 	what etype to use from the keytype.

	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number):
 	handle other key types than DES

	* lib/krb5/encrypt.c (key_type): add `best_cksumtype'
	(krb5_keytype_to_cksumtype): new function

	* lib/krb5/build_auth.c (krb5_build_authenticator): figure out
 	what etype to use from the keytype.

	* lib/krb5/auth_context.c (krb5_auth_con_init): set `cksumtype'
 	and `enctype' to 0

	* admin/extkeytab.c (ext_keytab): extract all keys

	* appl/telnet/telnet/commands.c: INET6_ADDRSTRLEN kludge

	* configure.in: check for <netinet6/in6.h>. check for -linet6
	
Tue Sep 23 03:00:53 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/encrypt.c: fix checksumtype for des3-cbc-sha1

	* lib/krb5/rd_safe.c: fix check for keyed and collision-proof
 	checksum

	* lib/krb5/context.c (valid_etype): remove hard-coded constants
	(default_etypes): include DES3

	* kdc/kerberos5.c: fix check for keyed and collision-proof
 	checksum

	* admin/util.c (init_des_key, set_password): DES3 keys also

 	* lib/krb/send_to_kdc.c (krb5_sendto_kdc): no data returned means
 	no contact?

	* lib/krb5/addr_families.c: fix typo in `ipv6_anyaddr'

Mon Sep 22 11:44:27 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* kdc/kerberos5.c: Somewhat fix the etype usage. The list sent by
 	the client is used to select wich key to encrypt the kdc rep with
 	(in case of as-req), and with the server info to select the
 	session key type. The server key the ticket is encrypted is based
 	purely on the keys in the database.

	* kdc/string2key.c: Add keytype support. Default to version 5
 	keys.

	* lib/krb5/get_in_tkt.c: Fix a lot of etype/keytype misuse.

	* lib/krb5/encrypt.c: Add des3-cbc-md5, and des3-cbc-sha1. Add
 	many *_to_* functions.

	* lib/krb5/str2key.c: Add des3 string-to-key. Add ktype argument
 	to krb5_string_to_key().

	* lib/krb5/checksum.c: Some cleanup, and added: 
	  - rsa-md5-des3 
	  - hmac-sha1-des3 
	  - keyed and collision proof flags to each checksum method
	  - checksum<->string functions.

	* lib/krb5/generate_subkey.c: Use krb5_generate_random_keyblock.

Sun Sep 21 15:19:23 1997  Assar Westerlund  <assar@@sics.se>

	* kdc/connect.c: use new addr_families functions

	* kpasswd/kpasswdd.c: use new addr_families functions.  Now works
 	over IPv6

	* kuser/klist.c: use correct symbols for address families

	* lib/krb5/sock_principal.c: use new addr_families functions

	* lib/krb5/send_to_kdc.c: use new addr_families functions

	* lib/krb5/krb5.h: add KRB5_ADDRESS_INET6

	* lib/krb5/get_addrs.c: use new addr_families functions

	* lib/krb5/changepw.c: use new addr_families functions.  Now works
 	over IPv6

	* lib/krb5/auth_context.c: use new addr_families functions

	* lib/krb5/addr_families.c: new file

	* acconfig.h: AC_SOCKADDR_IN6 -> AC_STRUCT_SOCKADDR_IN6.  Updated
 	uses.

	* acinclude.m4: new macro `AC_KRB_IPV6'.  Use it.

Sat Sep 13 23:04:23 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/hprop.c: Don't encrypt twice. Complain on non-convertable
 	principals.

Sat Sep 13 00:59:36 1997  Assar Westerlund  <assar@@sics.se>

	* Release 0.0h
	
	* appl/telnet/telnet/commands.c: AF_INET6 support

	* admin/misc.c: new file

	* lib/krb5/context.c: new configuration variable `max_retries'

	* lib/krb5/get_addrs.c: fixes and better #ifdef's

	* lib/krb5/config_file.c: implement krb5_config_get_int

	* lib/krb5/auth_context.c, send_to_kdc.c, sock_principal.c:
 	AF_INET6 support

	* kuser/klist.c: support for printing IPv6-addresses

	* kdc/connect.c: support AF_INET6

	* configure.in: test for gethostbyname2 and struct sockaddr_in6

Thu Sep 11 07:25:28 1997  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/k5.asn1: Use `METHOD-DATA' instead of `SEQUENCE OF
 	PA-DATA'

Wed Sep 10 21:20:17 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kerberos5.c: Fixes for cross-realm, including (but not
 	limited to):
	  - allow client to be non-existant (should probably check for
	    "local realm")
	  - if server isn't found and it is a request for a krbtgt, try to
 	    find a realm on the way to the requested realm
	  - update the transited encoding iff 
	    client-realm != server-realm != tgt-realm

	* lib/krb5/get_cred.c: Several fixes for cross-realm.

Tue Sep  9 15:59:20 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/string2key.c: Fix password handling.

	* lib/krb5/encrypt.c: krb5_key_to_string

Tue Sep  9 07:46:05 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_addrs.c: rewrote.  Now should be able to handle
 	aliases and IPv6 addresses

	* kuser/klist.c: try printing IPv6 addresses

	* kdc/kerberos5.c: increase the arbitrary limit from 1024 to 8192

	* configure.in: check for <netinet/in6_var.h>

Mon Sep  8 02:57:14 1997  Assar Westerlund  <assar@@sics.se>

	* doc: fixes

	* admin/util.c (init_des_key): increase kvno
	(set_password): return -1 if `des_read_pw_string' failed

	* admin/mod.c (doit2): check the return value from `set_password'

	* admin/ank.c (doit): don't add a new entry if `set_password'
 	failed

Mon Sep  8 02:20:16 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/verify_init.c: fix ap_req_nofail semantics

	* lib/krb5/transited.c: something that might resemble
 	domain-x500-compress

Mon Sep  8 01:24:42 1997  Assar Westerlund  <assar@@sics.se>

	* kdc/hpropd.c (main): check number of arguments

	* appl/popper/pop_init.c (pop_init): check number of arguments

	* kpasswd/kpasswd.c (main): check number of arguments

	* kdc/string2key.c (main): check number of arguments

	* kuser/kdestroy.c (main): check number of arguments

	* kuser/kinit.c (main): check number of arguments

	* kpasswd/kpasswdd.c (main): use sigaction without SA_RESTART to
 	break out of select when a signal arrives

	* kdc/main.c (main): use sigaction without SA_RESTART to break out
 	of select when a signal arrives

	* kdc/kstash.c: default to HDB_DB_DIR "/m-key"

	* kdc/config.c (configure): add `--version'.  Check the number of
 	arguments. Handle the case of there being no specification of port
 	numbers.

	* admin/util.c: seal and unseal key at appropriate places

	* admin/kdb_edit.c (main): parse arguments, config file and read
 	master key iff there's one.

	* admin/extkeytab.c (ext_keytab): unseal key while extracting

Sun Sep  7 20:41:01 1997  Assar Westerlund  <assar@@sics.se>

	* lib/roken/roken.h: include <fcntl.h>

	* kdc/kerberos5.c (set_salt_padata): new function

	* appl/telnet/telnetd/telnetd.c: Rename some variables that
 	conflict with cpp symbols on HP-UX 10.20

	* change all calls of `gethostbyaddr' to cast argument 1 to `const
 	char *'

	* acconfig.h: only use SGTTY on nextstep

Sun Sep  7 14:33:50 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kerberos5.c: Check invalid flag.

Fri Sep  5 14:19:38 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/verify_user.c: Use get_init_creds/verify_init_creds.

	* lib/kafs: Move functions common to krb/krb5 modules to new file,
 	and make things more modular.

	* lib/krb5/krb5.h: rename STRING -> krb5_config_string, and LIST
 	-> krb5_config_list

Thu Sep  4 23:39:43 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/get_addrs.c: Fix loopback test.

Thu Sep  4 04:45:49 1997  Assar Westerlund  <assar@@sics.se>

	* lib/roken/roken.h: fallback definition of `O_ACCMODE'

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): be more careful when
 	checking for a v4 reply

Wed Sep  3 18:20:14 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/hprop.c: Add `--decrypt' and `--encrypt' flags.

	* lib/hdb/hdb.c: new {seal,unseal}_keys functions

	* kdc/{hprop,hpropd}.c: Add support to dump database to stdout.

	* kdc/hprop.c: Don't use same master key as version 4.

	* admin/util.c: Don't dump core if no `default' is found.

Wed Sep  3 16:01:07 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* kdc/connect.c: Allow run time port specification.

	* kdc/config.c: Add flags for http support, and port
 	specifications.

Tue Sep  2 02:00:03 1997  Assar Westerlund  <assar@@sics.se>

	* include/bits.c: Don't generate ifndef's in bits.h.  Instead, use
 	them when building the program.  This makes it possible to include
 	bits.h without having defined all HAVE_INT17_T symbols.
	
	* configure.in: test for sigaction

	* doc: updated documentation.
	
Tue Sep  2 00:20:31 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* Release 0.0g

Mon Sep  1 17:42:14 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/data.c: don't return ENOMEM if len == 0

Sun Aug 31 17:15:49 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/hdb/hdb.asn1: Include salt type in salt.

	* kdc/hprop.h: Change port to 754.

	* kdc/hpropd.c: Verify who tries to transmit a database.

	* appl/popper: Use getarg and krb5_log.

	* lib/krb5/get_port.c: Add context parameter. Now takes port in
 	host byte order.

Sat Aug 30 18:48:19 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/connect.c: Add timeout to select, and log about expired tcp
 	connections.

	* kdc/config.c: Add `database' option.

	* kdc/hpropd.c: Log about duplicate entries.

	* lib/hdb/{db,ndbm}.c: Use common routines.

	* lib/hdb/common.c: Implement more generic fetch/store/delete
 	functions.

	* lib/hdb/hdb.h: Add `replace' parameter to store.
	
	* kdc/connect.c: Set filedecriptor to -1 on allocated decriptor
 	entries.

Fri Aug 29 03:13:23 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_in_tkt.c: extract_ticket -> _krb5_extract_ticket

	* aux/make-proto.pl: fix __P for stone age mode

Fri Aug 29 02:45:46 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/45/mk_req.c: implementation of krb_mk_req that uses 524
 	protocol

	* lib/krb5/init_creds_pw.c: make change_password and
 	get_init_creds_common static

	* lib/krb5/krb5.h: Merge stuff from removed headerfiles.

	* lib/krb5/fcache.c: fcc_ops -> krb5_fcc_ops

	* lib/krb5/mcache.c: mcc_ops -> krb5_mcc_ops

Fri Aug 29 01:45:25 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/krb5.h: Remove all prototypes.

	* lib/krb5/convert_creds.c: Use `struct credentials' instead of
 	`CREDENTIALS'.

Fri Aug 29 00:08:18 1997  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/gen_glue.c: new file. generates 2int and int2 functions
	and units for bit strings.

	* admin/util.c: flags2int, int2flags, and flag_units are now
 	generated by asn1_compile

	* lib/roken/parse_units.c: generalised `parse_units' and
 	`unparse_units' and added new functions `parse_flags' and
 	`unparse_flags' that use these

	* lib/krb5/krb5_locl.h: moved krb5_data* functions to krb5.h

	* admin/util.c: Use {un,}parse_flags for printing and parsing
 	hdbflags.

Thu Aug 28 03:26:12 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_addrs.c: restructured

	* lib/krb5/warn.c (_warnerr): leak less memory

	* lib/hdb/hdb.c (hdb_free_entry): zero keys
	(hdb_check_db_format): leak less memory

	* lib/hdb/ndbm.c (NDBM_seq): check for valid hdb_entries implement
 	NDBM__get, NDBM__put

	* lib/hdb/db.c (DB_seq): check for valid hdb_entries

Thu Aug 28 02:06:58 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/send_to_kdc.c: Don't use sendto on connected sockets.

Thu Aug 28 01:13:17 1997  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.1, klist.1, kdestroy.1: new man pages

	* kpasswd/kpasswd.1, kpasswdd.8: new man pages

	* kdc/kstash.8, hprop.8, hpropd.8: new man pages

	* admin/ktutil.8, admin/kdb_edit.8: new man pages

	* admin/mod.c: new file

	* admin/life.c: renamed gettime and puttime to getlife and putlife
	and moved them to life.c

	* admin/util.c: add print_flags, parse_flags, init_entry,
 	set_created_by, set_modified_by, edit_entry, set_password.  Use
 	them.

	* admin/get.c: use print_flags

	* admin: removed unused stuff.  use krb5_{warn,err}*

	* admin/ank.c: re-organized and abstracted.

	* admin/gettime.c: removed

Thu Aug 28 00:37:39 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/{get_cred,get_in_tkt}.c: Check for v4 reply.

	* lib/roken/base64.c: Add base64 functions.

	* kdc/connect.c lib/krb5/send_to_kdc.c: Add http support.

Wed Aug 27 00:29:20 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* include/Makefile.am: Don't make links to built files.

	* admin/kdb_edit.c: Add command to set the database path.

	* lib/hdb: Include version number in database.

Tue Aug 26 20:14:54 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* admin/ktutil: Merged v4 srvtab conversion.

Mon Aug 25 23:02:18 1997  Assar Westerlund  <assar@@sics.se>

	* lib/roken/roken.h: add F_OK

	* lib/gssapi/acquire_creds.c: fix typo

	* configure.in: call AC_TYPE_MODE_T

	* acinclude.m4: Add AC_TYPE_MODE_T

Sun Aug 24 16:46:53 1997  Assar Westerlund  <assar@@sics.se>

	* Release 0.0f

Sun Aug 24 08:06:54 1997  Assar Westerlund  <assar@@sics.se>

	* appl/popper/pop_pass.c: log poppers

	* kdc/kaserver.c: some more checks

	* kpasswd/kpasswd.c: removed `-p'

	* kuser/kinit.c: removed `-p'

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): If
 	KDC_ERR_PREUATH_REQUIRED, add preauthentication and try again.

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): don't print out
 	krb-error text

	* lib/gssapi/import_name.c (input_name): more names types.

	* admin/load.c (parse_keys): handle the case of an empty salt

	* kdc/kaserver.c: fix up memory deallocation

	* kdc/kaserver.c: quick hack at talking kaserver protocol

	* kdc/kerberos4.c: Make `db-fetch4' global

	* configure.in: add --enable-kaserver

	* kdc/rx.h, kdc/kerberos4.h: new header files

	* lib/krb5/principal.c: fix krb5_build_principal_ext & c:o

Sun Aug 24 03:52:44 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/{get_in_tkt,mk_safe,mk_priv}.c: Fix some Cray specific
 	type conflicts.

	* lib/krb5/{get_cred,get_in_tkt}.c: Mask nonce to 32 bits.

	* lib/des/{md4,md5,sha}.c: Now works on Crays.

Sat Aug 23 18:15:01 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* appl/afsutil/afslog.c: If no cells or files specified, get
 	tokens for all local cells. Better test for files.

Thu Aug 21 23:33:38 1997  Assar Westerlund  <assar@@sics.se>

	* lib/gssapi/v1.c: new file with v1 compatibility functions.

Thu Aug 21 20:36:13 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/kafs/afskrb5.c: Don't check ticket file for afs ticket.

	* kdc/kerberos4.c: Check database when converting v4 principals.

	* kdc/kerberos5.c: Include kvno in Ticket.

	* lib/krb5/encrypt.c: Add kvno parameter to encrypt_EncryptedData.

	* kuser/klist.c: Print version number of ticket, include more
 	flags.

Wed Aug 20 21:26:58 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/kafs/afskrb5.c (get_cred): Check cached afs tickets for
 	expiration.

Wed Aug 20 17:40:31 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/recvauth.c (krb5_recvauth): Send a KRB-ERROR iff
 	there's an error.

	* lib/krb5/sendauth.c (krb5_sendauth): correct the protocol
 	documentation and process KRB-ERROR's

Tue Aug 19 20:41:30 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kerberos4.c: Fix memory leak in v4 protocol handler.

Mon Aug 18 05:15:09 1997  Assar Westerlund  <assar@@sics.se>

	* lib/gssapi/accept_sec_context.c: Added
 	`gsskrb5_register_acceptor_identity'

Sun Aug 17 01:40:20 1997  Assar Westerlund  <assar@@sics.se>

	* lib/gssapi/accept_sec_context.c (gss_accept_sec_context): don't
 	always pass server == NULL to krb5_rd_req.

	* lib/gssapi: new files: canonicalize_name.c export_name.c
 	context_time.c compare_name.c release_cred.c acquire_cred.c
 	inquire_cred.c, from Luke Howard <lukeh@@xedoc.com.au>

	* lib/krb5/config_file.c: Add netinfo support from Luke Howard
 	<lukeh@@xedoc.com.au>

	* lib/editline/sysunix.c: sgtty-support from Luke Howard
 	<lukeh@@xedoc.com.au>

	* lib/krb5/principal.c: krb5_sname_to_principal fix from Luke
 	Howard <lukeh@@xedoc.com.au>

Sat Aug 16 00:44:47 1997  Assar Westerlund  <assar@@koi.pdc.kth.se>

	* Release 0.0e

Sat Aug 16 00:23:46 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* appl/afsutil/afslog.c: Use new libkafs.

	* lib/kafs/afskrb5.c: Get AFS tokens via 524 protocol.

	* lib/krb5/warn.c: Fix format string for *x type.

Fri Aug 15 22:15:01 1997  Assar Westerlund  <assar@@sics.se>

	* admin/get.c (get_entry): print more information about the entry

	* lib/des/Makefile.am: build destest, mdtest, des, rpw, speed

	* lib/krb5/config_file.c: new functions `krb5_config_get_time' and
 	`krb5_config_vget_time'.  Use them.

Fri Aug 15 00:09:37 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* admin/ktutil.c: Keytab manipulation program.

	* lib/krb5/keytab.c: Return sane values from resolve and
 	start_seq_get.

	* kdc/kerberos5.c: Fix for old clients passing 0 for `no endtime'.

	* lib/45/get_ad_tkt.c: Kerberos 4 get_ad_tkt using
 	krb524_convert_creds_kdc.

	* lib/krb5/convert_creds.c: Implementation of
 	krb524_convert_creds_kdc.

	* lib/asn1/k5.asn1: Make kdc-req-body.till OPTIONAL

	* kdc/524.c: A somewhat working 524-protocol module.

	* kdc/kerberos4.c: Add version 4 ticket encoding and encryption
 	functions.

	* lib/krb5/context.c: Fix kdc_timeout.

	* lib/hdb/{ndbm,db}.c: Free name in close.

	* kdc/kerberos5.c (tgs_check_autenticator): Return error code

Thu Aug 14 21:29:03 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kerberos5.c (tgs_make_reply): Fix endtime in reply.

	* lib/krb5/store_emem.c: Fix reallocation bug.

Tue Aug 12 01:29:46 1997  Assar Westerlund  <assar@@sics.se>

	* appl/telnet/libtelnet/kerberos5.c, appl/popper/pop_init.c: Use
 	`krb5_sock_to_principal'.  Send server parameter to
 	krb5_rd_req/krb5_recvauth.  Set addresses in auth_context.

	* lib/krb5/recvauth.c: Set addresses in auth_context if there
 	aren't any

	* lib/krb5/auth_context.c: New function
 	`krb5_auth_con_setaddrs_from_fd'

	* lib/krb5/sock_principal.c: new function
	`krb5_sock_to_principal'
	
	* lib/krb5/time.c: new file with `krb5_timeofday' and
 	`krb5_us_timeofday'.  Use these functions.

	* kuser/klist.c: print KDC offset iff verbose

	* lib/krb5/get_in_tkt.c: implement KDC time offset and use it if
 	[libdefaults]kdc_timesync is set.
	
	* lib/krb5/fcache.c: Implement version 4 of the ccache format.

Mon Aug 11 05:34:43 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_rep.c (krb5_free_ap_rep_enc_part): free all memory

	* lib/krb5/principal.c (krb5_unparse_name): allocate memory
 	properly

	* kpasswd/kpasswd.c: Use `krb5_change_password'

	* lib/krb5/init_creds_pw.c (init_cred): set realm of server
 	correctly.

	* lib/krb5/init_creds_pw.c: support changing of password when it
 	has expired

	* lib/krb5/changepw.c: new file

	* kuser/klist.c: use getarg

	* admin/init.c (init): add `kadmin/changepw'

Mon Aug 11 04:30:47 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/get_cred.c: Make get_credentials handle cross-realm.

Mon Aug 11 00:03:24 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/config_file.c: implement support for #-comments

Sat Aug  9 02:21:46 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/hprop*.c: Add database propagation programs.

	* kdc/connect.c: Max request size.

Sat Aug  9 00:47:28 1997  Assar Westerlund  <assar@@sics.se>

	* lib/otp: resurrected from krb4

	* appl/push: new program for fetching mail with POP.

	* appl/popper/popper.h: new include files.  new fields in `POP'

	* appl/popper/pop_pass.c: Implement both v4 and v5.

	* appl/popper/pop_init.c: Implement both v4 and v5.

	* appl/popper/pop_debug.c: use getarg.  Talk both v4 and v5

	* appl/popper: Popper from krb4.

	* configure.in: check for inline and <netinet/tcp.h> generate
 	files in appl/popper, appl/push, and lib/otp

Fri Aug  8 05:51:02 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_cred.c: clean-up and try to free memory even when
 	there're errors

	* lib/krb5/get_cred.c: adapt to new `extract_ticket'

	* lib/krb5/get_in_tkt.c: reorganize.  check everything and try to
 	return memory even if there are errors.

	* kuser/kverify.c: new file

	* lib/krb5/free_host_realm.c: new file

	* lib/krb5/principal.c (krb5_sname_to_principal): implement
 	different nametypes.  Also free memory.

	* lib/krb5/verify_init.c: more functionality

	* lib/krb5/mk_req_ext.c (krb5_mk_req_extended): free the checksum

	* lib/krb5/get_in_tkt.c (extract_ticket): don't copy over the
 	principals in creds.  Should also compare them with that received
 	from the KDC

	* lib/krb5/cache.c (krb5_cc_gen_new): copy the newly allocated
 	krb5_ccache
	(krb5_cc_destroy): call krb5_cc_close
	(krb5_cc_retrieve_cred): delete the unused creds

Fri Aug  8 02:30:40 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/log.c: Allow better control of destinations of logging
 	(like passing explicit destinations, and log-functions).

Fri Aug  8 01:20:39 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_default_principal.c: new file

	* kpasswd/kpasswdd.c: use krb5_log*

Fri Aug  8 00:37:47 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/init_creds_pw.c: Implement krb5_get_init_creds_keytab.

Fri Aug  8 00:37:17 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/init_creds_pw.c: Use `krb5_get_default_principal'.
  	Print password expire information.

	* kdc/config.c: new variable `kdc_warn_pwexpire'

	* kpasswd/kpasswd.c: converted to getarg and get_init_creds

Thu Aug  7 22:17:09 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/mcache.c: new file

	* admin/gettime.c: new function puttime.  Use it.

	* lib/krb5/keyblock.c: Added krb5_free_keyblock and
 	krb5_copy_keyblock

	* lib/krb5/init_creds_pw.c: more functionality

	* lib/krb5/creds.c: Added krb5_free_creds_contents and
 	krb5_copy_creds.  Changed callers.

	* lib/krb5/config_file.c: new functions krb5_config_get and
 	krb5_config_vget

	* lib/krb5/cache.c: cleanup added mcache
	
	* kdc/kerberos5.c: include last-req's of type 6 and 7, if
 	applicable

Wed Aug  6 20:38:23 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/log.c: New parameter `log-level'. Default to `SYSLOG'.

Tue Aug  5 22:53:54 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/verify_init.c, init_creds_pw.c, init_creds.c,
	prompter_posix.c: the beginning of an implementation of the cygnus
	initial-ticket API.

	* lib/krb5/get_in_tkt_pw.c: make `krb5_password_key_proc' global

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): new function that is
 	almost krb5_get_in_tkt but doesn't write the creds to the ccache.
  	Small fixes in krb5_get_in_tkt

	* lib/krb5/get_addrs.c (krb5_get_all_client_addrs): don't include
 	loopback.

Mon Aug  4 20:20:48 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc: Make context global.

Fri Aug  1 17:23:56 1997  Assar Westerlund  <assar@@sics.se>

	* Release 0.0d

	* lib/roken/flock.c: new file

	* kuser/kinit.c: check for and print expiry information in the
 	`kdc_rep'

	* lib/krb5/get_in_tkt.c: Set `ret_as_reply' if != NULL

	* kdc/kerberos5.c: Check the valid times on client and server.
  	Check the password expiration.
	Check the require_preauth flag.
  	Send an lr_type == 6 with pw_end.
	Set key.expiration to min(valid_end, pw_end)
	
	* lib/hdb/hdb.asn1: new flags `require_preauth' and `change_pw'

	* admin/util.c, admin/load.c: handle the new flags.

Fri Aug  1 16:56:12 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/hdb: Add some simple locking.

Sun Jul 27 04:44:31 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/log.c: Add some general logging functions.

	* kdc/kerberos4.c: Add version 4 protocol handler. The requrement
 	for this to work is that all involved principals has a des key in
 	the database, and that the client has a version 4 (un-)salted
 	key. Furthermore krb5_425_conv_principal has to do it's job, as
 	present it's not very clever.

	* lib/krb5/principal.c: Quick patch to make 425_conv work
 	somewhat.

	* lib/hdb/hdb.c: Add keytype->key and next key functions.

Fri Jul 25 17:32:12 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/build_auth.c (krb5_build_authenticator): don't free
 	`cksum'.  It's allocated and freed by the caller

	* lib/krb5/get_cred.c (krb5_get_kdc_cred): Don't free `addresses'.

	* kdc/kerberos5.c (tgs_rep2): make sure we also have an defined
 	`client' to return as part of the KRB-ERROR

Thu Jul 24 08:13:59 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kerberos5.c: Unseal keys from database before use.

	* kdc/misc.c: New functions set_master_key, unseal_key and
 	free_key.

	* lib/roken/getarg.c: Handle `-f arg' correctly.

Thu Jul 24 01:54:43 1997  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.c: implement `-l' aka `--lifetime'

	* lib/roken/parse_units.c, parse_time.c: new files

	* admin/gettime.c (gettime): use `parse_time'

	* kdc/kerberos5.c (as_rep): Use `METHOD-DATA' when sending
 	KRB5KDC_ERR_PREAUTH_REQUIRED, not PA-DATA.

	* kpasswd/kpasswdd.c: fix freeing bug use sequence numbers set
 	addresses in auth_context bind one socket per interface.
	
	* kpasswd/kpasswd.c: use sequence numbers

	* lib/krb5/rd_req.c (krb5_verify_ap_req): do abs when verifying
 	the timestamps

	* lib/krb5/rd_priv.c (krb5_rd_priv): Fetch the correct session key
 	from auth_context

	* lib/krb5/mk_priv.c (krb5_mk_priv): Fetch the correct session key
 	from auth_context

	* lib/krb5/mk_error.c (krb5_mk_error): return an error number and
 	not a comerr'd number.

	* lib/krb5/get_in_tkt.c (krb5_get_in_tkt): interpret the error
 	number in KRB-ERROR correctly.

	* lib/krb5/get_cred.c (krb5_get_kdc_cred): interpret the error
 	number in KRB-ERROR correctly.

	* lib/asn1/k5.asn1: Add `METHOD-DATA'

	* removed some memory leaks.

Wed Jul 23 07:53:18 1997  Assar Westerlund  <assar@@sics.se>

	* Release 0.0c

	* lib/krb5/rd_cred.c, get_for_creds.c: new files

	* lib/krb5/get_host_realm.c: try default realm as last chance

	* kpasswd/kpasswdd.c: updated to hdb changes

	* appl/telnet/libtelnet/kerberos5.c: Implement forwarding

	* appl/telnet/libtelnet: removed totally unused files

	* admin/ank.c: fix prompts and generation of random keys

Wed Jul 23 04:02:32 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* admin/dump.c: Include salt in dump.

	* admin: Mostly updated for new db-format.

	* kdc/kerberos5.c: Update to use new db format. Better checking of
 	flags and such. More logging.

	* lib/hdb/hdb.c: Use generated encode and decode functions.

	* lib/hdb/hdb.h: Get hdb_entry from ASN.1 generated code.

	* lib/krb5/get_cred.c: Get addresses from krbtgt if there are none
 	in the reply.

Sun Jul 20 16:22:30 1997  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.c: break if des_read_pw_string() != 0

	* kpasswd/kpasswdd.c: send a reply

	* kpasswd/kpasswd.c: restructured code.  better report on
 	krb-error break if des_read_pw_string() != 0

	* kdc/kerberos5.c: Check `require_enc_timestamp' malloc space for
 	starttime and renew_till

	* appl/telnet/libtelnet/kerberos5.c (kerberos5_is): Send a
 	keyblock to krb5_verify_chekcsum

Sun Jul 20 06:35:46 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* Release 0.0b

	* kpasswd/kpasswd.c: Avoid using non-standard struct names.

Sat Jul 19 19:26:23 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/keytab.c (krb5_kt_get_entry): check return from
 	`krb5_kt_start_seq_get'.  From <map@@stacken.kth.se>

Sat Jul 19 04:07:39 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/asn1/k5.asn1: Update with more pa-data types from
 	draft-ietf-cat-kerberos-revisions-00.txt

	* admin/load.c: Update to match current db-format.

	* kdc/kerberos5.c (as_rep): Try all valid pa-datas before giving
 	up. Send back an empty pa-data if the client has the v4 flag set.

	* lib/krb5/get_in_tkt.c: Pass both version5 and version4 salted
 	pa-data. DTRT if there is any pa-data in the reply.

	* lib/krb5/str2key.c: XOR with some sane value.

	* lib/hdb/hdb.h: Add `version 4 salted key' flag.

	* kuser/kinit.c: Ask for password before calling get_in_tkt. This
 	makes it possible to call key_proc more than once.

	* kdc/string2key.c: Add flags to output version 5 (DES only),
 	version 4, and AFS string-to-key of a password.

	* lib/asn1/gen_copy.c: copy_* functions now returns an int (0 or
 	ENOMEM).

Fri Jul 18 02:54:58 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_host_realm.c (krb5_get_host_realm): do the
 	name2name thing

	* kdc/misc.c: check result of hdb_open

	* admin/kdb_edit: updated to new sl

	* lib/sl: sl_func now returns an int. != 0 means to exit.

	* kpasswd/kpasswdd: A crude (but somewhat working) implementation
 	of `draft-ietf-cat-kerb-chg-password-00.txt'

Fri Jul 18 00:55:39 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* kuser/krenew.c: Crude ticket renewing program.

	* kdc/kerberos5.c: Rewritten flags parsing, it now might work to
 	get forwarded and renewed tickets.

	* kuser/kinit.c: Add `-r' flag.

	* lib/krb5/get_cred.c: Move most of contents of get_creds to new
 	function get_kdc_cred, that always contacts the kdc and doesn't
 	save in the cache. This is a hack.

	* lib/krb5/get_in_tkt.c: Pass starttime and renew_till in request
 	(a bit kludgy).

	* lib/krb5/mk_req_ext.c: Make an auth_context if none passed in.

	* lib/krb5/send_to_kdc.c: Get timeout from context.

	* lib/krb5/context.c: Add kdc_timeout to context struct.

Thu Jul 17 20:35:45 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* kuser/klist.c: Print start time of ticket if available.

	* lib/krb5/get_host_realm.c: Return error if no realm was found.

Thu Jul 17 20:28:21 1997  Assar Westerlund  <assar@@sics.se>

	* kpasswd: non-working kpasswd added

Thu Jul 17 00:21:22 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* Release 0.0a

	* kdc/main.c: Add -p flag to disable pa-enc-timestamp requirement.

Wed Jul 16 03:37:41 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/kerberos5.c (tgs_rep2): Free ticket and ap_req.

	* lib/krb5/auth_context.c (krb5_auth_con_free): Free remote
 	subkey.

	* lib/krb5/principal.c (krb5_free_principal): Check for NULL.

	* lib/krb5/send_to_kdc.c: Check for NULL return from
 	gethostbyname.

	* lib/krb5/set_default_realm.c: Try to get realm of local host if
 	no default realm is available.

	* Remove non ASN.1 principal code.

Wed Jul 16 03:17:30 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* kdc/kerberos5.c: Split tgs_rep in smaller functions. Add better
 	error handing. Do some logging.

	* kdc/log.c: Some simple logging facilities.

	* kdc/misc.c (db_fetch): Take a krb5_principal.

	* kdc/connect.c: Pass address of request to as_rep and
 	tgs_rep. Send KRB-ERROR.

	* lib/krb5/mk_error.c: Add more fields.

	* lib/krb5/get_cred.c: Print normal error code if no e_text is
 	available.

Wed Jul 16 03:07:50 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_in_tkt.c: implement `krb5_init_etype'.
 	Change encryption type of pa_enc_timestamp to DES-CBC-MD5

	* lib/krb5/context.c: recognize all encryption types actually
 	implemented

	* lib/krb5/auth_context.c (krb5_auth_con_init): Change default
 	encryption type to `DES_CBC_MD5'

	*  lib/krb5/read_message.c, write_message.c: new files

Tue Jul 15 17:14:21 1997  Assar Westerlund  <assar@@sics.se>

	* lib/asn1: replaced asn1_locl.h by `der_locl.h' and `gen_locl.h'.

	* lib/error/compile_et.awk: generate a prototype for the
 	`destroy_foo_error_table' function.

Mon Jul 14 12:24:40 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krbhst.c (krb5_get_krbhst): Get all kdc's and try also
 	with `kerberos.REALM'

	* kdc/kerberos5.c, lib/krb5/rd_priv.c, lib/krb5/rd_safe.c: use
 	`max_skew'

	* lib/krb5/rd_req.c (krb5_verify_ap_req): record authenticator
 	subkey

	* lib/krb5/build_auth.c (krb5_build_authenticator): always
 	generate a subkey.

	* lib/krb5/address.c: implement `krb5_address_order'

	* lib/gssapi/import_name.c: Implement `gss_import_name'

	* lib/gssapi/external.c: Use new OID

	* lib/gssapi/encapsulate.c: New functions
 	`gssapi_krb5_encap_length' and `gssapi_krb5_make_header'.  Changed
	callers.

	* lib/gssapi/decapsulate.c: New function
 	`gssaspi_krb5_verify_header'.  Changed callers.

	* lib/asn1/gen*.c: Give tags to generated structs.
	Use `err' and `asprintf'

	* appl/test/gss_common.c: new file

	* appl/test/gssapi_server.c: removed all krb5 calls

	* appl/telnet/libtelnet/kerberos5.c: Add support for genering and
 	verifying checksums.  Also start using session subkeys.

Mon Jul 14 12:08:25 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/rd_req.c (krb5_rd_req_with_keyblock): Split up.

Sun Jul 13 03:07:44 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_safe.c, mk_safe.c: made bug-compatible with MIT

	* lib/krb5/encrypt.c: new functions `DES_encrypt_null_ivec' and
 	`DES_encrypt_key_ivec'

	* lib/krb5/checksum.c: implement rsa-md4-des and rsa-md5-des

	* kdc/kerberos5.c (tgs_rep): support keyed checksums

	* lib/krb5/creds.c: new file

	* lib/krb5/get_in_tkt.c: better freeing

	* lib/krb5/context.c (krb5_free_context): more freeing

	* lib/krb5/config_file.c: New function `krb5_config_file_free'

	* lib/error/compile_et.awk: Generate a `destroy_' function.

	* kuser/kinit.c, klist.c: Don't leak memory.

Sun Jul 13 02:46:27 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kdc/connect.c: Check filedescriptor in select.

	* kdc/kerberos5.c: Remove most of the most common memory leaks.

	* lib/krb5/rd_req.c: Free allocated data.

	* lib/krb5/auth_context.c (krb5_auth_con_free): Free a lot of
 	fields.

Sun Jul 13 00:32:16 1997  Assar Westerlund  <assar@@sics.se>

	* appl/telnet: Conditionalize the krb4-support.

	* configure.in: Test for krb4

Sat Jul 12 17:14:12 1997  Assar Westerlund  <assar@@sics.se>

	* kdc/kerberos5.c: check if the pre-auth was decrypted properly.
  	set the `pre_authent' flag

	* lib/krb5/get_cred.c, lib/krb5/get_in_tkt.c: generate a random nonce.

	* lib/krb5/encrypt.c: Made `generate_random_block' global.

	* appl/test: Added gssapi_client and gssapi_server.

	* lib/krb5/data.c: Add `krb5_data_zero'

	* appl/test/tcp_client.c: try `mk_safe' and `mk_priv'

	* appl/test/tcp_server.c: try `rd_safe' and `rd_priv'

Sat Jul 12 16:45:58 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/get_addrs.c: Fix for systems that has sa_len, but
 	returns zero length from SIOCGIFCONF.

Sat Jul 12 16:38:34 1997  Assar Westerlund  <assar@@sics.se>

	* appl/test: new programs
	
	* lib/krb5/rd_req.c: add address compare

	* lib/krb5/mk_req_ext.c: allow no checksum

	* lib/krb5/keytab.c (krb5_kt_ret_string): 0-terminate string

	* lib/krb5/address.c: fix `krb5_address_compare'

Sat Jul 12 15:03:16 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/get_addrs.c: Fix ip4 address extraction.

	* kuser/klist.c: Add verbose flag, and split main into smaller
 	pieces.

	* lib/krb5/fcache.c: Save ticket flags.

	* lib/krb5/get_in_tkt.c (extract_ticket): Extract addresses and
 	flags.

	* lib/krb5/krb5.h: Add ticket_flags to krb5_creds.

Sat Jul 12 13:12:48 1997  Assar Westerlund  <assar@@sics.se>

	* configure.in: Call `AC_KRB_PROG_LN_S'

	* acinclude.m4: Add `AC_KRB_PROG_LN_S' from krb4

Sat Jul 12 00:57:01 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/get_in_tkt.c: Use union of krb5_flags and KDCOptions to
 	pass options.

Fri Jul 11 15:04:22 1997  Assar Westerlund  <assar@@sics.se>

	* appl/telnet: telnet & telnetd seems to be working.
	
	* lib/krb5/config_file.c: Added krb5_config_v?get_list Fixed
 	krb5_config_vget_next

	* appl/telnet/libtelnet/kerberos5.c: update to current API

Thu Jul 10 14:54:39 1997  Assar Westerlund  <assar@@sics.se>

	* appl/telnet/libtelnet/kerberos5.c (kerberos5_status): call
 	`krb5_kuserok'

	* appl/telnet: Added.

Thu Jul 10 05:09:25 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/error/compile_et.awk: Remove usage of sub, gsub, and
 	functions for compatibility with awk.

	* include/bits.c: Must use signed char.

	* lib/krb5/context.c: Move krb5_get_err_text, and krb5_init_ets
 	here.

	* lib/error/error.c: Replace krb5_get_err_text with new function
 	com_right.

	* lib/error/compile_et.awk: Avoid using static variables.

	* lib/error/error.c: Don't use krb5_locl.h

	* lib/error/error.h: Move definitions of error_table and
 	error_list from krb5.h.

	* lib/error: Moved from lib/krb5.

Wed Jul  9 07:42:04 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/encrypt.c: Temporary hack to avoid des_rand_data.

Wed Jul  9 06:58:00 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/{rd,mk}_{*}.c: more checking for addresses and stuff
	according to pseudocode from 1510

Wed Jul  9 06:06:06 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/hdb/hdb.c: Add hdb_etype2key.

	* kdc/kerberos5.c: Check authenticator. Use more general etype
 	functions.
	
Wed Jul  9 03:51:12 1997  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/k5.asn1: Made all `s_address' OPTIONAL according to
 	draft-ietf-cat-kerberos-r-00.txt

	* lib/krb5/principal.c (krb5_parse_name): default to local realm
 	if none given
	
	* kuser/kinit.c: New option `-p' and prompt

Wed Jul  9 02:30:06 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/keyblock.c: Keyblock generation functions.

	* lib/krb5/encrypt.c: Use functions from checksum.c.

	* lib/krb5/checksum.c: Move checksum functions here. Add
 	krb5_cksumsize function.

Wed Jul  9 01:15:38 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_host_realm.c: implemented

	* lib/krb5/config_file.c: Redid part.  New functions:
 	krb5_config_v?get_next

	* kuser/kdestroy.c: new program

	* kuser/kinit.c: new flag `-f'

	* lib/asn1/k5.asn1: Made HostAddresses = SEQUENCE OF HostAddress

	* acinclude.m4: Added AC_KRB_STRUCT_SOCKADDR_SA_LEN

	* lib/krb5/krb5.h: krb5_addresses == HostAddresses.  Changed all
 	users.

	* lib/krb5/get_addrs.c: figure out all local addresses, possibly
 	even IPv6!

	* lib/krb5/checksum.c: table-driven checksum

Mon Jul  7 21:13:28 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/encrypt.c: Make krb5_decrypt use the same struct as
 	krb5_encrypt.

Mon Jul  7 11:15:51 1997  Assar Westerlund  <assar@@sics.se>

	* lib/roken/vsyslog.c: new file

	* lib/krb5/encrypt.c: add des-cbc-md4.
	adjust krb5_encrypt and krb5_decrypt to reality

Mon Jul  7 02:46:31 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/encrypt.c: Implement as a vector of function pointers.

	* lib/krb5/{decrypt,encrypt}.c: Implement des-cbc-crc, and
 	des-cbc-md5 in separate functions.

	* lib/krb5/krb5.h: Add more checksum and encryption types.

	* lib/krb5/krb5_locl.h: Add etype to krb5_decrypt.

Sun Jul  6 23:02:59 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/[gs]et_default_realm.c, kuserok.c: new files

	* lib/krb5/config_file.[ch]: new c-based configuration reading
 	stuff

Wed Jul  2 23:12:56 1997  Assar Westerlund  <assar@@sics.se>

	* configure.in: Set WFLAGS if using gcc

Wed Jul  2 17:47:03 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/asn1/der_put.c (der_put_int): Return size correctly.

	* admin/ank.c: Be compatible with the asn1 principal format.

Wed Jul  1 23:52:20 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/asn1: Now all decode_* and encode_* functions now take a
 	final size_t* argument, that they return the size in. Return
 	values are zero for success, and anything else (such as some
 	ASN1_* constant) for error.

Mon Jun 30 06:08:14 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/keytab.c (krb5_kt_add_entry): change open mode to
 	O_WRONLY | O_APPEND

	* lib/krb5/get_cred.c: removed stale prototype for
 	`extract_ticket' and corrected call.

	* lib/asn1/gen_length.c (length_type): Make the length functions
 	for SequenceOf non-destructive

	* admin/ank.c (doit): Fix reading of `y/n'.

Mon Jun 16 05:41:43 1997  Assar Westerlund  <assar@@sics.se>

	* lib/gssapi/wrap.c, unwrap.c: do encrypt and add sequence number

	* lib/gssapi/get_mic.c, verify_mic.c: Add sequence number.

	* lib/gssapi/accept_sec_context.c (gss_accept_sec_context): Set
 	KRB5_AUTH_CONTEXT_DO_SEQUENCE.  Verify 8003 checksum.

	* lib/gssapi/8003.c: New file.

	* lib/krb/krb5.h: Define a `krb_authenticator' as an ASN.1
 	Authenticator.

	* lib/krb5/auth_context.c: New functions
 	`krb5_auth_setlocalseqnumber' and `krb5_auth_setremoteseqnumber'

Tue Jun 10 00:35:54 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5: Preapre for use of some asn1-types.

	* lib/asn1/*.c (copy_*): Constness.

	* lib/krb5/krb5.h: Include asn1.h; krb5_data is now an
 	octet_string.

	* lib/asn1/der*,gen.c: krb5_data -> octet_string, char * ->
 	general_string

	* lib/asn1/libasn1.h: Moved stuff from asn1_locl.h that doesn't
 	have anything to do with asn1_compile.

	* lib/asn1/asn1_locl.h: Remove der.h. Add some prototypes.

Sun Jun  8 03:51:55 1997  Assar Westerlund  <assar@@sics.se>

	* kdc/kerberos5.c: Fix PA-ENC-TS-ENC

 	* kdc/connect.c(process_request): Set `new'
	
	* lib/krb5/get_in_tkt.c: Do PA-ENC-TS-ENC the correct way.

	* lib: Added editline,sl,roken.

Mon Jun  2 00:37:48 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/fcache.c: Move file cache from cache.c.

	* lib/krb5/cache.c: Allow more than one cache type.

Sun Jun  1 23:45:33 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* admin/extkeytab.c: Merged with kdb_edit.

Sun Jun  1 23:23:08 1997  Assar Westerlund  <assar@@sics.se>

	* kdc/kdc.c: more support for ENC-TS-ENC

	* lib/krb5/get_in_tkt.c: redone to enable pre-authentication

Sun Jun  1 22:45:11 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/hdb/db.c: Merge fetch and store.

	* admin: Merge to one program.

	* lib/krb5/str2key.c: Fill in keytype and length.

Sun Jun  1 16:31:23 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_safe.c, lib/krb5/rd_priv.c, lib/krb5/mk_rep.c,
 	lib/krb5/mk_priv.c, lib/krb5/build_auth.c: Some support for
 	KRB5_AUTH_CONTEXT_DO_SEQUENCE

	* lib/krb5/get_in_tkt.c (get_in_tkt): be prepared to parse an
 	KRB_ERROR.  Some support for PA_ENC_TS_ENC.

	* lib/krb5/auth_context.c: implemented seq_number functions

	* lib/krb5/generate_subkey.c, generate_seq_number.c: new files

	* lib/gssapi/gssapi.h: avoid including <krb5.h>

	* lib/asn1/Makefile.am: SUFFIXES as a variable to make automake
 	happy

	* kdc/kdc.c: preliminary PREAUTH_ENC_TIMESTAMP

	* configure.in: adapted to automake 1.1p

Mon May 26 22:26:21 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/principal.c: Add contexts to many functions.

Thu May 15 20:25:37 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/verify_user.c: First stab at a verify user.

	* lib/auth/sia/sia5.c: SIA module for Kerberos 5.

Mon Apr 14 00:09:03 1997  Assar Westerlund  <assar@@sics.se>

	* lib/gssapi: Enough of a gssapi-over-krb5 implementation to be
	able to (mostly) run gss-client and gss-server.
	
	* lib/krb5/keytab.c: implemented krb5_kt_add_entry,
 	krb5_kt_store_principal, krb5_kt_store_keyblock

	* lib/des/md5.[ch], sha.[ch]: new files

	* lib/asn1/der_get.c (generalizedtime2time): use `timegm'

	* lib/asn1/timegm.c: new file

	* admin/extkeytab.c: new program

	* admin/admin_locl.h: new file

	* admin/Makefile.am: Added extkeytab

	* configure.in: moved config to include
	removed timezone garbage
	added lib/gssapi and admin

	* Makefile.am: Added admin

Mon Mar 17 11:34:05 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* kdc/kdc.c: Use new copying functions, and free some data.

	* lib/asn1/Makefile.am: Try to not always rebuild generated files.

	* lib/asn1/der_put.c: Add fix_dce().

	* lib/asn1/der_{get,length,put}.c: Fix include files.

	* lib/asn1/der_free.c: Remove unused functions.
	
	* lib/asn1/gen.c: Split into gen_encode, gen_decode, gen_free,
 	gen_length, and gen_copy.

Sun Mar 16 18:13:52 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/sendauth.c: implemented functionality

	* lib/krb5/rd_rep.c: Use `krb5_decrypt'

	* lib/krb5/cache.c (krb5_cc_get_name): return default if `id' ==
 	NULL

	* lib/krb5/principal.c (krb5_free_principal): added `context'
 	argument.  Changed all callers.
	
	(krb5_sname_to_principal): new function

	* lib/krb5/auth_context.c (krb5_free_authenticator): add `context'
 	argument.  Changed all callers

	* lib/krb5/{net_write.c,net_read.c,recvauth.c}: new files

	* lib/asn1/gen.c: Fix encoding and decoding of BitStrings

Fri Mar 14 11:29:00 1997  Assar Westerlund  <assar@@sics.se>

	* configure.in: look for *dbm?

	* lib/asn1/gen.c: Fix filename in generated files. Check fopens.
  	Put trailing newline in asn1_files.

Fri Mar 14 05:06:44 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/get_in_tkt.c: Fix some memory leaks.

	* lib/krb5/krbhst.c: Properly free hostlist.

	* lib/krb5/decrypt.c: CRCs are 32 bits.

Fri Mar 14 04:39:15 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/asn1/gen.c: Generate one file for each type.

Fri Mar 14 04:13:47 1997  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/gen.c: Generate `length_FOO' functions

	* lib/asn1/der_length.c: new file

	* kuser/klist.c: renamed stime -> printable_time to avoid conflict
 	on HP/UX

Fri Mar 14 03:37:23 1997  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/hdb/ndbm.c: Return NOENTRY if fetch fails. Don't free
 	datums. Don't add .db to filename.

Fri Mar 14 02:49:51 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* kdc/dump.c: Database dump program.

	* kdc/ank.c: Trivial database editing program.

	* kdc/{kdc.c, load.c}: Use libhdb.

	* lib/hdb: New database routine library.

	* lib/krb5/error/Makefile.am: Add hdb_err.

Wed Mar 12 17:41:14 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* kdc/kdc.c: Rewritten AS, and somewhat more working TGS support.

	* lib/asn1/gen.c: Generate free functions.

	* Some specific free functions.

Wed Mar 12 12:30:13 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5_mk_req_ext.c: new file

	* lib/asn1/gen.c: optimize the case with a simple type

	* lib/krb5/get_cred.c (krb5_get_credentials): Use
 	`mk_req_extended' and remove old code.

	* lib/krb5/get_in_tkt.c (decrypt_tkt): First try with an
 	EncASRepPart, then with an EncTGSRepPart.

Wed Mar 12 08:26:04 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/store_emem.c: New resizable memory storage.

	* lib/krb5/{store.c, store_fd.c, store_mem.c}: Split of store.c

	* lib/krb5/krb5.h: Add free entry to krb5_storage.

	* lib/krb5/decrypt.c: Make keyblock const.

Tue Mar 11 20:22:17 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/krb5.h: Add EncTicketPart to krb5_ticket.

	* lib/krb5/rd_req.c: Return whole asn.1 ticket in
 	krb5_ticket->tkt.

	* lib/krb5/get_in_tkt.c: TGS -> AS

	* kuser/kfoo.c: Print error string rather than number.

	* kdc/kdc.c: Some kind of non-working TGS support.

Mon Mar 10 01:43:22 1997  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/gen.c: reduced generated code by 1/5

 	* lib/asn1/der_put.c: (der_put_length_and_tag): new function

	* lib/asn1/der_get.c (der_match_tag_and_length): new function

	* lib/asn1/der.h: added prototypes

Mon Mar 10 01:15:43 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/krb5.h: Include <asn1_err.h>. Add prototype for
 	krb5_rd_req_with_keyblock.

	* lib/krb5/rd_req.c: Add function krb5_rd_req_with_keyblock that
 	takes a precomputed keyblock.

	* lib/krb5/get_cred.c: Use krb5_mk_req rather than inlined code.

	* lib/krb5/mk_req.c: Calculate checksum of in_data.

Sun Mar  9 21:17:58 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/error/compile_et.awk: Add a declaration of struct
 	error_list, and multiple inclusion block to header files.

Sun Mar  9 21:01:12 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_req.c: do some checks on times

	* lib/krb/{mk_priv.c, rd_priv.c, sendauth.c, decrypt.c,
	address.c}: new files

	* lib/krb5/auth_context.c: more code

	* configure.in: try to figure out timezone

Sat Mar  8 11:41:07 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/error/error.c: Try strerror if error code wasn't found.

	* lib/krb5/get_in_tkt.c: Remove realm parameter from
 	krb5_get_salt.

	* lib/krb5/context.c: Initialize error table.

	* kdc: The beginnings of a kdc.

Sat Mar  8 08:16:28 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_safe.c: new file

	* lib/krb5/checksum.c (krb5_verify_checksum): New function

	* lib/krb5/get_cred.c: use krb5_create_checksum

	* lib/krb5/checksum.c: new file

	* lib/krb5/store.c: no more arithmetic with void*

	* lib/krb5/cache.c: now seems to work again

Sat Mar  8 06:58:09 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/Makefile.am: Add asn1_glue.c and error/*.c to libkrb5.

	* lib/krb5/get_in_tkt.c: Moved some functions to asn1_glue.c.

	* lib/krb5/asn1_glue.c: Moved some asn1-stuff here.
	
	* lib/krb5/{cache,keytab}.c: Use new storage functions.

	* lib/krb5/krb5.h: Protypes for new storage functions.

	* lib/krb5/krb5.h: Make krb5_{ret,store}_* functions able to write
 	data to more than file descriptors.

Sat Mar  8 01:01:17 1997  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/encrypt.c: New file.

	* lib/krb5/Makefile.am: More -I

	* configure.in: Test for big endian, random, rand, setitimer

	* lib/asn1/gen.c: perhaps even decodes bitstrings

Thu Mar  6 19:05:29 1997  Johan Danielsson  <joda@@blubb.pdc.kth.se>

	* lib/krb5/config_file.y: Better return values on error.

Sat Feb  8 15:59:56 1997  Assar Westerlund  <assar@@pdc.kth.se>

	* lib/asn1/parse.y: ifdef HAVE_STRDUP

	* lib/asn1/lex.l: ifdef strdup
	brange-dead version of list of special characters to make stupid
 	lex accept it.

	* lib/asn1/gen.c: A DER integer should really be a `unsigned'

	* lib/asn1/der_put.c: A DER integer should really be a `unsigned'

	* lib/asn1/der_get.c: A DER integer should really be a `unsigned'

	* lib/krb5/error/Makefile.am: It seems "$(SHELL) ./compile_et" is
 	needed.

	* lib/krb/mk_rep.c, lib/krb/rd_req.c, lib/krb/store.c,
 	lib/krb/store.h: new files.

	* lib/krb5/keytab.c: now even with some functionality.

	* lib/asn1/gen.c: changed paramater from void * to Foo *

	* lib/asn1/der_get.c (der_get_octet_string): Fixed bug with empty
 	string.

Sun Jan 19 06:17:39 1997  Assar Westerlund  <assar@@pdc.kth.se>

	* lib/krb5/get_cred.c (krb5_get_credentials): Check for creds in
 	cc before getting new ones.

	* lib/krb5/krb5.h (krb5_free_keyblock): Fix prototype.

	* lib/krb5/build_auth.c (krb5_build_authenticator): It seems the
 	CRC should be stored LSW first. (?)

	* lib/krb5/auth_context.c: Implement `krb5_auth_con_getkey' and
 	`krb5_free_keyblock'

	* lib/**/Makefile.am: Rename foo libfoo.a

	* include/Makefile.in: Use test instead of [
	-e does not work with /bin/sh on psoriasis

	* configure.in: Search for awk
	create lib/krb/error/compile_et
	
Tue Jan 14 03:46:26 1997  Assar Westerlund  <assar@@pdc.kth.se>

	* lib/krb5/Makefile.am: replaced mit-crc.c by crc.c

Wed Dec 18 00:53:55 1996  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* kuser/kinit.c: Guess principal.

	* lib/krb5/error/compile_et.awk: Don't include krb5.h. Fix some
 	warnings.

	* lib/krb5/error/asn1_err.et: Add ASN.1 error messages.

	* lib/krb5/mk_req.c: Get client from cache.

	* lib/krb5/cache.c: Add better error checking some useful return
 	values.

	* lib/krb5/krb5.h: Fix krb5_auth_context.

	* lib/asn1/der.h: Make krb5_data compatible with krb5.h

Tue Dec 17 01:32:36 1996  Johan Danielsson  <joda@@emma.pdc.kth.se>

	* lib/krb5/error: Add primitive error library.

Mon Dec 16 16:30:20 1996  Johan Danielsson  <joda@@emma.pdc.kth.se>
d481 1
a481 1
	* lib/krb5/cache.c: Get correct address type from cache.
d483 1
a483 1
	* lib/krb5/krb5.h: Change int16 to int to be compatible with asn1.
d485 1
@


1.1.1.1
log
@Import KTH Heimdal, which will be the core of our Kerberos5.
Userland to follow.
@
text
@@


1.1.1.2
log
@Vendor import of Heimdal 0.2n
@
text
@a0 86
2000-02-07  Assar Westerlund  <assar@@sics.se>

	* Release 0.2n

2000-02-07  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am: set version to 8:0:0
	* lib/krb5/keytab.c (krb5_kt_default_name): use strlcpy
	(krb5_kt_add_entry): set timestamp

2000-02-06  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.h: add macros for accessing krb5_realm
	* lib/krb5/time.c (krb5_timeofday): use `krb5_timestamp' instead
	of `int32_t'

	* lib/krb5/replay.c (checksum_authenticator): update to new API
	for md5

	* lib/krb5/krb5.h: remove des.h, it's not needed and applications
	should not have to make sure to find it.

2000-02-03  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_req.c (get_key_from_keytab): rename parameter to
	`out_key' to avoid conflicting with label.  reported by Sean Doran
	<smd@@ebone.net>

2000-02-02  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/expand_hostname.c: remember to lower-case host names.
	bug reported by <amu@@mit.edu>

	* kdc/kerberos4.c (do_version4): look at check_ticket_addresses
	and emulate that by setting krb_ignore_ip_address (not a great
	interface but it doesn't seem like the time to go around fixing
	libkrb stuff now)

2000-02-01  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/kinit.c: change --noaddresses into --no-addresses

2000-01-28  Assar Westerlund  <assar@@sics.se>

	* kpasswd/kpasswd.c (main): make sure the ticket is not
	forwardable and not proxiable

2000-01-26  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c: update to pseudo-standard APIs for
	md4,md5,sha.  some changes to libdes calls to make them more
	portable.

2000-01-21  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/verify_init.c (krb5_verify_init_creds): make sure to
 	clean up the correct creds.

2000-01-16  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/principal.c (append_component): change parameter to
	`const char *'.  check malloc
	* lib/krb5/principal.c (append_component, va_ext_princ, va_princ):
	const-ize
	* lib/krb5/mk_req.c (krb5_mk_req): make `service' and `hostname'
	const
	* lib/krb5/principal.c (replace_chars): also add space here
	* lib/krb5/principal.c: (quotable_chars): add space

2000-01-12  Assar Westerlund  <assar@@sics.se>

	* kdc/kerberos4.c (do_version4): check if preauth was required and
	bail-out if so since there's no way that could be done in v4.
	Return NULL_KEY as an error to the client (which is non-obvious,
	but what can you do?)

2000-01-09  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/principal.c (krb5_sname_to_principal): use
	krb5_expand_hostname_realms
	* lib/krb5/mk_req.c (krb5_km_req): use krb5_expand_hostname_realms
	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): new
	variant of krb5_expand_hostname that tries until it expands into
	something that's digestable by krb5_get_host_realm, returning also
	the result from that function.

a6 2
	* configure.in: replace AC_C_BIGENDIAN with KRB_C_BIGENDIAN

a7 1

a192 4

1999-12-02  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/crypto.c: ARCFOUR_set_key -> RC4_set_key
@


1.1.1.3
log
@Vendor import of Heimdal 0.2o
@
text
@a0 40
2000-02-14  Assar Westerlund  <assar@@sics.se>

	* Release 0.2o

2000-02-13  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am: set version to 9:0:0

	* kdc/kaserver.c (do_authenticate): return the kvno of the server
	and not the client.  Thanks to Brandon S. Allbery KF8NH
	<allbery@@kf8nh.apk.net> and Chaskiel M Grundman
	<cg2v@@andrew.cmu.edu> for debugging.

	* kdc/kerberos4.c (do_version4): if an tgs-req is received with an
	old kvno, return an error reply and write a message in the log.
	
2000-02-12  Assar Westerlund  <assar@@sics.se>

	* appl/test/gssapi_server.c (proto): with `--fork', create a child
	and send over/receive creds with export/import_sec_context
	* appl/test/gssapi_client.c (proto): with `--fork', create a child
	and send over/receive creds with export/import_sec_context
	* appl/test/common.c: add `--fork' / `-f' (only used by gssapi)

2000-02-11  Assar Westerlund  <assar@@sics.se>

	* kdc/kdc_locl.h: remove keyfile add explicit_addresses
	* kdc/connect.c (init_sockets): pay attention to
	explicit_addresses some more comments.  better error messages.
	* kdc/config.c: add some comments.
	remove --key-file.
	add --addresses.

	* lib/krb5/context.c (krb5_set_extra_addresses): const-ize and use
	proper abstraction

2000-02-07  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/changepw.c: use roken_getaddrinfo_hostspec

@


1.1.1.4
log
@Vendor import of Heimdal 0.2p
@
text
@a0 20
2000-02-20  Assar Westerlund  <assar@@sics.se>

	* Release 0.2p

2000-02-19  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am: set version to 9:1:0
	
	* lib/krb5/expand_hostname.c (krb5_expand_hostname): make sure
	that realms is filled in even when getaddrinfo fails or does not
	return any canonical name

	* kdc/connect.c (descr): add sockaddr and string representation
	(*): re-write to use the above mentioned

2000-02-16  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/addr_families.c (krb5_parse_address): use
	krb5_sockaddr2address to copy the result from getaddrinfo.

@


1.1.1.4.2.1
log
@MFC: Heimdal 0.3e (MIT mucho-compatible) upgrade.
@
text
@d1 1
a1 1
2001-02-05  Assar Westerlund  <assar@@assaris.sics.se>
d3 1
a3 1
	* Release 0.3e
d5 1
a5 1
2001-01-30  Assar Westerlund  <assar@@sics.se>
d7 4917
a4923 6
	* kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
	properly
	(kdb_prop): decrypt key properly
	* kdc/hprop.c: handle building with KRB4 always try to decrypt v4
	data with the master key leave it up to the v5 how to encrypt with
	that master key
d4925 2
a4926 6
	* kdc/kstash.c: include file name in error messages
	* kdc/hprop.c: fix a typo and check some more return values
	* lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
	correctly.  From Jacques Vidrine <n@@nectar.com>
	* kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
	ENOENT
d4928 1
a4928 6
	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
	15:0:0
	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
	* kdc/misc.c (db_fetch): return an error code.  change callers to
	look at this and try to print it in log messages
d4930 1
a4930 2
	* lib/krb5/crypto.c (decrypt_internal_derived): check that there's
	enough data
d4932 1
a4932 1
2001-01-29  Assar Westerlund  <assar@@sics.se>
d4934 1
a4934 2
	* kdc/hprop.c (realm_buf): move it so it becomes properly
	conditional on KRB4
d4936 2
a4937 4
	* lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
	hdb_unseal_keys, hdb_seal_keys): check that we have the correct
	master key and that we manage to decrypt the key properly,
	returning an error code.  fix all callers to check return value.
d4939 1
a4939 4
	* tools/krb5-config.in: use @@LIB_des_appl@@
	* tools/Makefile.am (krb5-config): add LIB_des_appl
	* configure.in (LIB_des): set correctly
	(LIB_des_appl): add for the use by krb5-config.in
d4941 1
a4941 3
	* lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
	to make sure of not dropping data when doing it over a socket.
	(this might break when used with ordinary files on win32)
d4943 1
a4943 1
	* lib/hdb/hdb_err.et (NO_MKEY): add
d4945 1
a4945 2
	* kdc/kerberos5.c (as_rep): be paranoid and check
	krb5_enctype_to_string for failure, noted by <lha@@stacken.kth.se>
d4947 1
a4947 3
	* lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
	lib/krb5/krb5_auth_context.3: add new man pages, contributed by
	<lha@@stacken.kth.se>
d4949 1
a4949 1
	* use the openssl api for md4/md5/sha and handle openssl/*.h
d4951 1
a4951 2
	* kdc/kaserver.c (do_getticket): check length of ticket.  noted by
 	<lha@@stacken.kth.se>
d4953 1
a4953 1
2001-01-28  Assar Westerlund  <assar@@sics.se>
d4955 1
a4955 2
	* configure.in: send -R instead of -rpath to libtool to set
	runtime library paths
d4957 1
a4957 1
	* lib/krb5/Makefile.am: remove all dependencies on libkrb
d4959 1
a4959 1
2001-01-27  Assar Westerlund  <assar@@sics.se>
d4961 1
a4961 2
	* appl/rcp: add port of bsd rcp changed to use existing rsh,
	contributed by Richard Nyberg <rnyberg@@it.su.se>
d4963 2
a4964 1
2001-01-27  Johan Danielsson  <joda@@pdc.kth.se>
d4966 1
a4966 2
	* lib/krb5/get_port.c: don't warn if the port name can't be found,
	nobody cares anyway
d4968 1
a4968 1
2001-01-26  Johan Danielsson  <joda@@pdc.kth.se>
d4970 1
a4970 2
	* kdc/hprop.c: make it possible to convert a v4 dump file without
	having any v4 libraries; the kdb backend still require them
d4972 1
a4972 2
	* kdc/v4_dump.c: include shadow definition of kdb Principal, so we
	don't have to depend on any v4 libraries
d4974 2
a4975 2
	* kdc/hprop.h: include shadow definition of kdb Principal, so we
	don't have to depend on any v4 libraries
d4977 1
a4977 1
	* lib/hdb/print.c: reduce number of memory allocations
d4979 1
a4979 1
	* lib/hdb/mkey.c: add support for reading krb4 /.k files
d4981 1
a4981 1
2001-01-19  Assar Westerlund  <assar@@sics.se>
d4983 1
a4983 2
	* lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
	for realms document capath better
d4985 1
a4985 2
	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
	at kpasswd_server before admin_server
d4987 1
a4987 4
	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
	[libdefaults]capath for better hint of realm to send request to.
	this allows the client to specify `realm routing information' in
	case it cannot be done at the server (which is preferred)
d4989 1
a4989 5
	* lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
	zero when we were expecting a sequence number.  MIT krb5 cannot
	generate a sequence number of zero, instead generating no sequence
	number
	* lib/krb5/rd_safe.c (krb5_rd_safe): dito
d4991 2
a4992 1
2001-01-11  Assar Westerlund  <assar@@sics.se>
d4994 1
a4994 1
	* kpasswd/kpasswdd.c: add --port option
d4996 436
a5431 1
2001-01-10  Assar Westerlund  <assar@@sics.se>
d5433 1
a5433 2
	* lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
	just before returning
d5435 1
a5435 1
2001-01-09  Assar Westerlund  <assar@@sics.se>
d5437 1
a5437 1
	* appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
d5439 1
a5439 1
2001-01-05  Johan Danielsson  <joda@@pdc.kth.se>
d5441 1
a5441 1
	* kuser/kinit.c: call a time `time', and not `seconds'
d5443 1
a5443 2
	* lib/krb5/init_creds.c: not much point in setting the anonymous
	flag here
d5445 1
a5445 1
	* lib/krb5/krb5_appdefault.3: document appdefault_time
d5447 1
a5447 1
2001-01-04  Johan Danielsson  <joda@@pdc.kth.se>
d5449 2
a5450 2
	* lib/krb5/verify_user.c: use
	krb5_get_init_creds_opt_set_default_flags
d5452 2
a5453 1
	* kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
d5455 1
a5455 3
	* lib/krb5/init_creds.c: new function
	krb5_get_init_creds_opt_set_default_flags to set options from
	krb5.conf
d5457 119
a5575 1
	* lib/krb5/rd_cred.c: make this match the MIT function
d5577 27
a5603 3
	* lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
	def_val
	(krb5_appdefault_time): new function
d5605 1
a5605 1
2001-01-03  Assar Westerlund  <assar@@sics.se>
d5607 1
a5607 1
	* kdc/hpropd.c (main): handle EOF when reading from stdin
@


1.1.1.4.2.2
log
@MFC: Update Heimdal Kerberos to 0.4e around 2002/02/17.
@
text
@a0 1013
2002-02-15  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
	before we need to write to it
	(from ke Sandgren)

2002-02-14  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
	rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
	directly

	* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
	Kouril)

2002-02-12  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/context.c (krb5_get_err_text): protect against NULL
	context

2002-02-11  Johan Danielsson  <joda@@pdc.kth.se>

	* admin/ktutil.c: no need to use the "modify" keytab anymore

	* lib/krb5/keytab_any.c: implement add and remove

	* lib/krb5/keytab_krb4.c: implement add and remove

	* lib/krb5/store_emem.c (emem_free): clear memory before freeing
	(this should perhaps be selectable with a flag)

2002-02-04  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/config.c (get_dbinfo): if there are database specifications
	in the config file, don't automatically try to use the default
	values (from Gombas Gabor)

	* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
	(from Gombas Gabor)

2002-01-30  Johan Danielsson  <joda@@pdc.kth.se>

	* admin/list.c: get the default keytab from krb5.conf, and list
	all parts of an ANY type keytab

	* lib/krb5/context.c: default default_keytab_modify to NULL

	* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
	name is specified take it from the first component of the default
	keytab name

2002-01-29  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/keytab.c: compare keytab types case insensitively

2002-01-07  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
	not really a krb5_key_usage).  From Ben Harris <bjh21@@netbsd.org>
	* lib/krb5/get_in_tkt.c: use krb5_enctype consistently.  From Ben
	Harris <bjh21@@netbsd.org>
	* lib/krb5/crypto.c: use krb5_enctype consistently.  From Ben
	Harris <bjh21@@netbsd.org>
	* kdc/kerberos5.c: use krb5_enctype consistently.  From Ben Harris
	<bjh21@@netbsd.org>

2001-12-20  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/crypto.c: use our own des string-to-key function, since
	the one from openssl sometimes generates wrong output

2001-12-05  Jacques Vidrine <n@@nectar.cc>

        * lib/hdb/mkey.c: fix a bug in which kstash would crash if
        there were no /etc/krb5.conf

2001-10-29  Jacques Vidrine <n@@nectar.com>

	* admin/get.c: fix a bug in which a reference to a data
	structure on the stack was being kept after the containing
	function's lifetime, resulting in a segfault during `ktutil
	get'.

2001-10-22  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c: make all high-level encrypting and decrypting
	functions check the return value of the underlying function and
	handle errors more consistently.  noted by Sam Hartman
	<hartmans@@mit.edu>

2001-10-21  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a
	non-keyed checksum when it should be non-keyed

2001-09-29  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.1: add the kauth alias
	* kuser/kinit.c: allow specification of afslog in krb5.conf, noted
	by jhutz@@cs.cmu.edu

2001-09-27  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/gen.c: remove the need for libasn1.h, also make
	generated files include all files from IMPORTed modules

	* lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values
	* kpasswd/kpasswd.c: improve error message printing
	* lib/krb5/changepw.c (krb5_passwd_result_to_string): add change
	to use sequence numbers connect the udp socket so that we can
	figure out the local address

2001-09-25  Assar Westerlund  <assar@@sics.se>

	* lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED

2001-09-20  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/principal.c (krb5_425_conv_principal_ext): try using
	lower case realm as domain, but only when given a verification
	function

2001-09-20  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/der_put.c (der_put_length): do not even try writing
	anything when len == 0

2001-09-18  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/hpropd.c: add realm override option

	* lib/krb5/set_default_realm.c (krb5_set_default_realm): make
	realm parameter const

	* kdc/hprop.c: more free's

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key
	proc data

	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free
	addrinfo

	* lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when
	not returning error

2001-09-16  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time):
	make realm const

	* lib/krb5/crypto.c: use des functions to avoid generating
	warnings with openssl's prototypes

2001-09-05  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: check for termcap.h

	* lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy

2001-09-03  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/addr_families.c (krb5_print_address): handle snprintf
	returning < 0.  noticed by hin@@stacken.kth.se

2001-09-03  Assar Westerlund  <assar@@sics.se>

	* Release 0.4e

2001-09-02  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/Makefile.am: install kauth as a symlink to kinit

	* kuser/kinit.c: get v4_tickets by default

	* lib/asn1/Makefile.am: fix for broken automake

2001-08-31  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke
	Howard

	* kuser/kinit.1: remove references to kauth

	* kuser/Makefile.am: kauth is no more

	* kuser/kinit.c: use appdefaults for everything. defaults are now
	as in kauth.

	* lib/krb5/appdefault.c: also check libdefaults, and realms/realm

	* lib/krb5/context.c (krb5_free_context): free more stuff

2001-08-30  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/verify_krb5_conf.c: do some checks of the values in the
	file

	* lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling

	* lib/krb5/context.c: don't init srv_try_txt, since it isn't used
	anymore

2001-08-29  Jacques Vidrine  <n@@nectar.com>

	* configure.in: Check for already-installed com_err.

2001-08-28  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1

2001-08-24  Assar Westerlund  <assar@@sics.se>

	* kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require
	no special treatment now

	* kuser/generate-requests.c: parse arguments in a useful way
	* kuser/kverify.c: add --help/--verify

2001-08-22  Assar Westerlund  <assar@@sics.se>

	* configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4

	* configure.in: re-write the handling of crypto libraries.  try to
	use the one of openssl's libcrypto or krb4's libdes that has all
	the required functionality (md4, md5, sha1, des, rc4).  if there
	is no such library, the included lib/des is built.

	* kdc/headers.h: include libutil.h if it exists
	* kpasswd/kpasswd_locl.h: include libutil.h if it exists
	* kdc/kerberos4.c (get_des_key): check for null keys even if
	is_server

2001-08-21  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/asn1_print.c: print some size_t correctly
	* configure.in: remove extra space after -L check for libutil.h

2001-08-17  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/kdc_locl.h: fix prototype for get_des_key

	* kdc/kaserver.c: fix call to get_des_key

	* kdc/524.c: fix call to get_des_key

	* kdc/kerberos4.c (get_des_key): if getting a key for a server,
	return any des-key not just keys that can be string-to-keyed by
	the client

2001-08-10  Assar Westerlund  <assar@@sics.se>

	* Release 0.4d

2001-08-10  Assar Westerlund  <assar@@sics.se>

	* configure.in: check for openpty
	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0

2001-08-08  Assar Westerlund  <assar@@sics.se>

	* configure.in: just add -L (if required) from krb4 when testing
	for libdes/libcrypto

2001-08-04  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am (man_MANS): add some missing man pages
	* fix-export: fix the sed expression for finding the man pages

2001-07-31  Assar Westerlund  <assar@@sics.se>

	* kpasswd/kpasswd-generator.c (main): implement --version and
	--help

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to
	18:1:1

2001-07-27  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/context.c (init_context_from_config_file): check
	parsing of addresses

2001-07-26  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/sock_principal.c (krb5_sock_to_principal): rename
	sa_len -> salen to avoid the macro that's defined on irix.  noted
	by "Jacques A. Vidrine" <n@@nectar.com>

2001-07-24  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/addr_families.c: add support for type
	KRB5_ADDRESS_ADDRPORT

	* lib/krb5/addr_families.c (krb5_address_order): complain about
	unsuppored address types

2001-07-23  Johan Danielsson  <joda@@pdc.kth.se>

	* admin/get.c: don't open connection to server until we loop over
	the principals, at that time we know the realm of the (first)
	principal and we can default to that admin server

	* admin: add a rename command

2001-07-19  Assar Westerlund  <assar@@sics.se>

	* kdc/hprop.c (usage): clarify a tiny bit

2001-07-19  Assar Westerlund  <assar@@sics.se>

	* Release 0.4c

2001-07-19  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
	18:0:1

	* lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave
	the same way as the MIT function

	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0
	* lib/krb5/sock_principal.c (krb5_sock_to_principal): use
	getnameinfo

	* lib/krb5/krbhst.c (srv_find_realm): handle port numbers
	consistenly in local byte order

	* lib/krb5/get_default_realm.c (krb5_get_default_realm): set an
	error string

	* kuser/kinit.c (renew_validate): invert condition correctly.  get
	v4 tickets if we succeed renewing
	* lib/krb5/principal.c (krb5_principal_get_type): add
	(default_v4_name_convert): add "smtp"

2001-07-13  Assar Westerlund  <assar@@sics.se>

	* configure.in: remove make-print-version from LIBOBJS, it's no
	longer in lib/roken but always built in lib/vers

2001-07-12  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/mkey.c: more set_error_string

2001-07-12  Assar Westerlund  <assar@@sics.se>

	* lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library
	dependencies

	* lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library
	dependencies

2001-07-11  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/hprop.c: remove v4 master key handling; remove old v4-db and
	ka-db flags; add defaults for v4_realm and afs_cell

2001-07-09  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname
	before calling krb5_sname_to_principal.  from "Jacques A. Vidrine"
	<n@@nectar.com>

2001-07-08  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/context.c: use krb5_copy_addresses instead of
	copy_HostAddresses

2001-07-06  Assar Westerlund  <assar@@sics.se>

	* configure.in (LIB_des_a, LIB_des_so): add these so that they can
	be used by lib/auth/sia

	* kuser/kinit.c: re-do some of the v4 fallbacks: look at
	get-tokens flag do not print extra errors do not try to do 524 if
	we got tickets from a v4 server

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/replay.c (krb5_get_server_rcache): cast argument to
	printf

	* lib/krb5/get_addrs.c (find_all_addresses): call free_addresses
	on ignore_addresses correctly
	* lib/krb5/init_creds.c
	(krb5_get_init_creds_opt_set_default_flags): change to take a
	const realm

	* lib/krb5/principal.c (krb5_425_conv_principal_ext): if the
	instance is the first component of the local hostname, the
	converted host should be the long hostname.  from
	<shadow@@dementia.org>

2001-07-02  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/Makefile.am: address.c is no more; add a couple of
	manpages

	* lib/krb5/krb5_timeofday.3: new manpage

	* lib/krb5/krb5_get_all_client_addrs.3: new manpage

	* lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as
	wildcard

	* lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as
	wildcard

	* lib/krb5/get_addrs.c: don't include client addresses that match
	ignore_addresses

	* lib/krb5/context.c: initialise ignore_addresses

	* lib/krb5/addr_families.c: add new `arange' fake address type,
	that matches more than one address; this required some internal
	changes to many functions, so all of address.c got moved here
	(wasn't much left there)

	* lib/krb5/krb5.h: add list of ignored addresses to context

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* Release 0.4b

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0
	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* Release 0.4a

2001-07-02  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/kinit.c: make this compile without krb4 support

	* lib/krb5/write_message.c: remove priv parameter from
	write_safe_message; don't know why it was there in the first place

	* doc/install.texi: remove kaserver switches, it's always compiled
	in now

	* kdc/hprop.c: always include kadb support

	* kdc/kaserver.c: always include kaserver support

2001-07-02  Assar Westerlund  <assar@@sics.se>

	* kpasswd/kpasswdd.c (doit): make failing to bind a socket a
	non-fatal error, and abort if no sockets were bound

2001-07-01  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krbhst.c: remember the real port number when falling
	back from kpasswd -> kadmin, and krb524 -> kdc

2001-06-29  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if
	no_addresses is set, do not add any local addresses to KRB_CRED

	* kuser/kinit.c: remove extra clearing of password and some
	redundant code

2001-06-29  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/kinit.c: move ticket conversion code to separate function,
	and call that from a couple of places, like when renewing a
	ticket; also add a flag for just converting a ticket

	* lib/krb5/init_creds_pw.c: set renew-life to some sane value

	* kdc/524.c: don't send more data than required

2001-06-24  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns

	* lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY:
	(any_start_seq_get): remove a double free
	(any_next_entry): iterate over all (sub) keytabs and avoid leave data
	around to be freed again

	* kdc/kdc_locl.h: add a define for des_new_random_key when using
	openssl's libcrypto

	* configure.in: move v6 tests down

	* lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052

	* update to libtool 1.4 and autoconf 2.50

2001-06-22  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/hdb.c: use krb5_add_et_list

2001-06-21  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/Makefile.am: add generation number
	* lib/hdb/common.c: add generation number code
	* lib/hdb/hdb.asn1: add generation number
	* lib/hdb/print.c: use krb5_storage to make it more dynamic

2001-06-21  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.conf.5: update to changed names used by
	krb5_get_init_creds_opt_set_default_flags
	* lib/krb5/init_creds.c
	(krb5_get_init_creds_opt_set_default_flags): make the appdefault
	keywords have the same names

	* configure.in: only add -L and -R to the krb4 libdir if we are
	actually using it

	* lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing
	dot of hostname add some comments
	* lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when
	testing for kerberos.REALM.  this allows reusing that information
	when actually contacting the server and thus avoids one DNS lookup

2001-06-20  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/krb5.h: include k524_err.h

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test
	for keytype, the server will do this for us if it has anything to
	complain about

	* lib/krb5/context.c: add protocol compatible krb524 error codes

	* lib/krb5/Makefile.am: add protocol compatible krb524 error codes

	* lib/krb5/k524_err.et: add protocol compatible krb524 error codes

	* lib/krb5/krb5_principal_get_realm.3: manpage

	* lib/krb5/principal.c: add functions `krb5_principal_get_realm'
	and `krb5_principal_get_comp_string' that returns parts of a
	principal; this is a replacement for the internal
	`krb5_princ_realm' and `krb5_princ_component' macros that everyone
	seem to use

2001-06-19  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.c (main): dereference result from krb5_princ_realm.
	from Thomas Nystrom <thn@@saeab.se>

2001-06-18  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done
	* lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak
	* lib/krb5/krbhst.c (config_get_hosts): free hostlist
	* kuser/kinit.c: free principal

2001-06-18  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra
	freeaddrinfo

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache):
	remove some unused variables

	* lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly
	* kdc/kerberos5.c: update to new krb5_auth_con* names
	* kdc/hpropd.c: update to new krb5_auth_con* names
	* lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions
	and remove some comments
	* lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right
	order: remote - local - session
	* lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the
	auth_context
	* lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct
	order: remote - local - session
	* lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order,
	local - remote - session

2001-06-18  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/convert_creds.c: use starttime instead of authtime,
	from Chris Chiappa

	* lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match
	the MIT function by the same name; add
	krb524_convert_creds_kdc_ccache that does what the old version did

	* admin/list.c (do_list): make sure list of keys is NULL
	terminated; similar to patch sent by Chris Chiappa

2001-06-18  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/mcache.c (mcc_remove_cred): use
	krb5_free_creds_contents

	* lib/krb5/auth_context.c: name function krb5_auth_con more
	consistenly
	* lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use
	renamed krb5_auth_con_getauthenticator

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to
	use krb5_krbhst API
	* lib/krb5/changepw.c (krb5_change_password): update to use
	krb5_krbhst API
	* lib/krb5/send_to_kdc.c: update to use krb5_krbhst API
	* lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port
	in krb5_krbhst_info
	(krb5_krbhst_free): free everything

	* lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add
	(krb5_krbhst_info): add def_port (default port for this service)

	* lib/krb5/krbhst-test.c: make it more verbose and useful
	* lib/krb5/krbhst.c: remove some more memory leaks do not try any
	dns operations if there is local configuration admin: fallback to
	kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin
	add some comments

	* configure.in: remove initstate and setstate, they should be in
	cf/roken-frag.m4

	* lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test
	* lib/krb5/krbhst-test.c: new program for testing krbhst
	* lib/krb5/krbhst.c (common_init): remove memory leak
	(main): move test program into krbhst-test

2001-06-17  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/krb5_krbhst_init.3: manpage

	* lib/krb5/krb5_get_krbhst.3: manpage

2001-06-16  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/krb5.h: add opaque krb5_krbhst_handle type

	* lib/krb5/krbhst.c: change void* to krb5_krbhst_handle

	* lib/krb5/krb5.h: types for new krbhst api

	* lib/krb5/krbhst.c: implement a new api that looks up one host at
	a time, instead of making a list of hosts

2001-06-09  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: test for initstate and setstate

	* lib/krb5/krbhst.c: remove rfc2052 support

2001-06-08  Johan Danielsson  <joda@@pdc.kth.se>

	* fix some manpages for broken mdoc.old grog test

2001-05-28  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.conf.5: add [appdefaults]
	* lib/krb5/init_creds_pw.c: remove configuration reading that is
	now done in krb5_get_init_creds_opt_set_default_flags
	* lib/krb5/init_creds.c
	(krb5_get_init_creds_opt_set_default_flags): add reading of
	libdefaults versions of these and add no_addresses

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string
	when preauth was required and we retry

2001-05-25  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call
	krb5_get_krb524hst
	* lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the
	support functions

2001-05-22  Assar Westerlund  <assar@@sics.se>

	* kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec
	properly

2001-05-17  Assar Westerlund  <assar@@sics.se>

	* Release 0.3f

2001-05-17  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am: bump version to 16:0:0
	* lib/hdb/Makefile.am: bump version to 7:1:0
	* lib/asn1/Makefile.am: bump version to 5:0:0
	* lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
	* lib/krb5/codec.c: remove dead code

2001-05-17  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/config.c: actually check the ticket addresses

2001-05-15  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
	parenthesis

	* lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
	`errno' (called system_error) to allow callers to make sure they
	pass the current and relevant value.  update callers

2001-05-14  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/verify_user.c: krb5_verify_user_opt

	* lib/krb5/krb5.h: verify_opt

	* kdc/kerberos5.c: pass context to krb5_domain_x500_decode

2001-05-14  Assar Westerlund  <assar@@sics.se>

	* kpasswd/kpasswdd.c: adapt to new address functions
	* kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
	* kdc/connect.c: adapt to changing address functions
	* kdc/config.c: new krb5_config_parse_file
	* kdc/524.c: new krb5_sockaddr2address
	* lib/krb5/*: add some krb5_{set,clear}_error_string

	* lib/asn1/k5.asn1 (LR_TYPE): add
	* lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x

2001-05-11  Assar Westerlund  <assar@@sics.se>

	* kdc/kerberos5.c (tsg_rep): fix typo in variable name

	* kpasswd/kpasswd-generator.c (nop_prompter): update prototype
	* lib/krb5/init_creds_pw.c: update to new prompter, use prompter
	types and send two prompts at once when changning password
	* lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
	* lib/krb5/krb5.h (krb5_prompt): add type
	(krb5_prompter_fct): add anem

	* lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
	paramaters to krb5_cc_next_cred (as MIT does, and not as they
	document).  From "Jacques A. Vidrine" <n@@nectar.com>

2001-05-11  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/Makefile.am: store-test

	* lib/krb5/store-test.c: simple bit storage test

	* lib/krb5/store.c: add more byteorder storage flags
	
	* lib/krb5/krb5.h: add more byteorder storage flags
	
	* kdc/kerberos5.c: don't use NULL where we mean 0

	* kdc/kerberos5.c: put referral test code in separate function,
	and test for KRB5_NT_SRV_INST

2001-05-10  Assar Westerlund  <assar@@sics.se>

	* admin/list.c (do_list): do not close the keytab if opening it
	failed
	* admin/list.c (do_list): always print complete names.  print
	everything to stdout.
	* admin/list.c: print both v5 and v4 list by default
	* admin/remove.c (kt_remove): reorganize some.  open the keytab
	(defaulting to the modify one).
	* admin/purge.c (kt_purge): reorganize some.  open the keytab
	(defaulting to the modify one). correct usage strings
	* admin/list.c (kt_list): reorganize some.  open the keytab
	* admin/get.c (kt_get): reorganize some.  open the keytab
	(defaulting to the modify one)
	* admin/copy.c (kt_copy): default to modify key name.  re-organise
	* admin/change.c (kt_change): reorganize some.  open the keytab
	(defaulting to the modify one)
	* admin/add.c (kt_add): reorganize some.  open the keytab
	(defaulting to the modify one)
	* admin/ktutil.c (main): do not open the keytab, let every
	sub-function handle it

	* kdc/config.c (configure): call free_getarg_strings

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
	a few more errors

	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
	`use_dns' parameter boolean

	* lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
	* lib/krb5/context.c (init_context_from_config_file): set
	default_keytab_modify
	* lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
	ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
	(KEYTAB_DEFAULT_MODIFY): add
	* lib/krb5/keytab.c (krb5_kt_default_modify_name): add
	(krb5_kt_resolve): set error string for failed keytab type

2001-05-08  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c (encryption_type): make field names more
	consistent
	(create_checksum): separate usage and type
	(krb5_create_checksum): add a separate type parameter
	(encrypt_internal): only free once on mismatched checksum length

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
	realm we didn't manage to reach any KDC for in the error string

	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
	the entire subkey.  from <tmartin@@mirapoint.com>

2001-05-07  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
	KT_NOTFOUND if the file is empty

2001-05-07  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/fcache.c: call krb5_set_error_string when open fails
	fatally
	* lib/krb5/keytab_file.c: call krb5_set_error_string when open
	fails fatally

	* lib/krb5/warn.c (_warnerr): print error_string in context in
	preference to error string derived from error code
	* kuser/kinit.c (main): try to print the error string
	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
	error strings for errors

	* lib/krb5/krb5.h (krb5_context_data): add error_string and
	error_buf
	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
	* lib/krb5/error_string.c: new file

2001-05-02  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/time.c: krb5_string_to_deltat

	* lib/krb5/sock_principal.c: one less data copy

	* lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's

	* lib/krb5/get_default_principal.c: change this slightly

	* lib/krb5/crypto.c: make checksum_types into an array of pointers

	* lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
	ticket

2001-04-29  Assar Westerlund  <assar@@sics.se>

	* kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
	the right realm if we fail to find a non-krbtgt service in the
	database and the second component does a succesful non-dns lookup
	to get the real realm (which has to be different from the
	originally-supplied realm).  this should help windows 2000 clients
	that always start their lookups in `their' realm and do not have
	any idea of how to map hostnames into realms
	* kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm

2001-04-27  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
	parameter to request use of dns or not

2001-04-25  Assar Westerlund  <assar@@sics.se>

	* admin/get.c (kt_get): allow specification of encryption types
	* lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
	close an unopened ccache, noted by <marc@@mit.edu>

	* lib/krb5/krb5.h (krb5_any_ops): add declaration
	* lib/krb5/context.c (init_context_from_config_file): register
	krb5_any_ops

	* lib/krb5/keytab_any.c: new file, implementing union of keytabs
	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
	
	* lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
	== NULL.  noted by <marc@@mit.edu>

2001-04-19  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
	else, from Jacques Vidrine

2001-04-18  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h

	* lib/asn1/Makefile.am: add asn1_ENCTYPE.x

	* lib/krb5/krb5.h: adapt to asn1 changes

	* lib/asn1/k5.asn1: move enctypes here

	* lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
	conflicts

	* lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
	conflicts

	* lib/asn1/lex.l: use strtol to parse constants

2001-04-06  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/kinit.c: add simple support for running commands

2001-03-26  Assar Westerlund  <assar@@sics.se>

	* lib/hdb/hdb-ldap.c: change order of includes to allow it to work
	with more versions of openldap

	* kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
	replies
	(*): update callers of krb5_km_error
	(check_tgs_flags): handle renews requesting non-renewable tickets

	* lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
	and cusec

	* lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
	compatibility names

	* lib/krb5/crypto.c (create_checksum): change so that `type == 0'
	means pick from the `crypto' (context) and otherwise use that
	type.  this is not a large change in practice and allows callers
	to specify the exact checksum algorithm to use

2001-03-13  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
	to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
	integrity'.  this helps for talking to old (pre 0.3d) KDCs

2001-03-12  Assar Westerlund  <assar@@pdc.kth.se>

	* lib/krb5/crypto.c (krb5_derive_key): new function, used by
	derived-key-test.c
	* lib/krb5/string-to-key-test.c: add new test vectors posted by
	Ken Raeburn <raeburn@@mit.edu> in <tx1bsra8919.fsf@@raeburn.org> to
	ietf-krb-wg@@anl.gov
	* lib/krb5/n-fold-test.c: more test vectors from same source
	* lib/krb5/derived-key-test.c: more tests from same source

2001-03-06  Assar Westerlund  <assar@@sics.se>

	* acconfig.h: include roken_rename.h when appropriate

2001-03-06  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.h (krb5_enctype): remove trailing comma

2001-03-04  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
	compatibility with MIT krb5

2001-03-02  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.c (main): only request a renewable ticket when
	explicitly requested.  it still gets a renewable one if the renew
	life is specified
	* kuser/kinit.c (renew_validate): treat -1 as flags not being set

2001-02-28  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list

2001-02-27  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt

2001-02-25  Assar Westerlund  <assar@@sics.se>

	* configure.in: do not use -R when testing for des functions

2001-02-14  Assar Westerlund  <assar@@sics.se>

	* configure.in: test for lber.h when trying to link against
 	openldap to handle openldap v1, from Sumit Bose
 	<sumit.bose@@suse.de>

2001-02-19  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/libasn1.h: add string.h (for memset)

2001-02-15  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/warn.c (_warnerr): add printf attributes
	* lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
	returned by getaddrinfo before trying the next kdc.  from
	thorpej@@netbsd.org

	* lib/krb5/krb5.conf.5: fix default_realm in example

	* kdc/connect.c: fix a few kdc_log format types

	* configure.in: try to handle libdes/libcrypto ont requiring -L

2001-02-10  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/gen_decode.c (generate_type_decode): zero the data at
	the beginning of the generated function, and add a label `fail'
	that the code jumps to in case of errors that frees all allocated
	data

2001-02-07  Assar Westerlund  <assar@@sics.se>

	* configure.in: aix dce: fix misquotes, from Ake Sandgren
	<ake@@cs.umu.se>

	* configure.in (dpagaix_LDFLAGS): try to add export file

2001-02-05  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5_keytab.3: new man page, contributed by
	<lha@@stacken.kth.se>

	* kdc/kaserver.c: update to new db_fetch4

@


1.1.1.4.2.3
log
@MFC: Update Heimdal Kerberos to pre-0.5 around 2002/08/29.
@
text
@d1 308
a308 1
2002-08-28  Assar Westerlund  <assar@@kth.se>
d310 1
a310 1
	* kdc/config.c: add missing ifdef DAEMON
d312 1
a312 1
2002-08-28  Johan Danielsson  <joda@@pdc.kth.se>
d314 114
a427 1
	* configure.in: use rk_SUNOS
d429 1
a429 1
	* kdc/config.c: add detach options
d431 1
a431 1
	* kdc/main.c: maybe detach from console?
d433 1
a433 1
	* kdc/kdc.8: markup changes
d435 1
a435 1
	* configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
d437 2
a438 2
	* configure.in: use rk_TELNET, rename some other macros, and don't
	add -ldes to krb4 link command
d440 2
a441 1
	* kuser/kinit.1: whitespace fix (from NetBSD)
d443 1
a443 1
	* include/bits.c: we may need unistd.h for ssize_t
d445 1
a445 1
2002-08-26  Assar Westerlund  <assar@@kth.se>
d447 1
a447 3
	* lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
	rrs before A ones when using the resolver to verify a mapping,
	also use getaddrinfo when resolver is not available
d449 2
a450 2
	* lib/hdb/keytab.c (find_db): const-correctness in parameters to
	krb5_config_get_next
d452 1
a452 2
	* lib/asn1/gen.c: include <string.h> in the generated files (for
	memset)
d454 2
a455 1
2002-08-22  Assar Westerlund  <assar@@kth.se>
d457 1
a457 3
	* lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
	getarg so that it can handle --help and --version (and thus make
	check can pass)
d459 2
a460 1
	* lib/asn1/check-der.c: make this build again
d462 2
a463 1
2002-08-22  Assar Westerlund <assar@@kth.se>
d465 1
a465 2
	* lib/asn1/der_get.c (der_get_int): handle len == 0.  based on a
	patch from Love <lha@@stacken.kth.se>
d467 3
a469 1
2002-08-22  Johan Danielsson  <joda@@pdc.kth.se>
d471 12
a482 5
	* lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
	KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
	
	* kdc/kdc.8: add blurb about adding and removing addresses; update
	kdc.conf section to match reality
d484 2
a485 7
	* configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
	don't define it
	
2002-08-21  Assar Westerlund  <assar@@kth.se>
	
	* lib/asn1/asn1_print.c: print OIDs too, based on a patch from
	Love <lha@@stacken.kth.se>
d487 1
a487 1
2002-08-21  Johan Danielsson  <joda@@pdc.kth.se>
d489 1
a489 4
	* kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
	since it might not exist, and we don't actually care about the key
	
2002-08-20  Johan Danielsson  <joda@@pdc.kth.se>
d491 1
a491 2
	* lib/krb5/krb5.conf.5: correct documentation for
	verify_ap_req_nofail
d493 1
a493 2
	* lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
	Mattias Amnefelt)
d495 1
a495 2
	* kuser/klist.c (display_tokens): increase token buffer size, and
	add more checks of the kernel data (from Love)
d497 1
a497 1
2002-08-19  Johan Danielsson  <joda@@pdc.kth.se>
d499 4
a502 1
	* fix-export: use make to parse Makefile.am instead of perl
d504 1
a504 2
	* configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
	groks AC_INIT with package name etc.
d506 5
a510 1
	* kpasswd/kpasswdd.c: include <kadm5/private.h>
d512 2
a513 1
	* lib/asn1/asn1_print.c: include com_right.h
d515 5
a519 1
	* lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
d521 1
a521 2
	* include/bits.c: define krb5_socklen_t type; this should really
	go someplace else, but this was easy
d523 1
a523 2
	* lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
	fails, just warn about it
d525 3
a527 1
	* kdc/log.c (kdc_openlog): no need for a config_file parameter
d529 1
a529 1
	* kdc/config.c: just treat kdc.conf like any other config file
d531 1
a531 2
	* lib/krb5/context.c (krb5_get_default_config_files): ignore
	duplicate files
d533 1
a533 1
2002-08-16  Johan Danielsson  <joda@@pdc.kth.se>
d535 1
a535 2
	* lib/krb5/krb5.h: turn strings into pointers, so we can assign to
	them
d537 5
a541 2
	* lib/krb5/constants.c: turn strings into pointers, so we can
	assign to them
d543 1
a543 2
	* lib/krb5/get_addrs.c (get_addrs_int): initialise res if
	SCAN_INTERFACES is not set
d545 2
a546 1
	* lib/krb5/context.c: fix various borked stuff in previous commits
d548 1
a548 1
2002-08-16  Jacques Vidrine <n@@nectar.com>
d550 4
a553 3
	* lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
	the `admin_server' entry for kpasswd, override the `proto' result
	to be UDP.
d555 1
a555 1
2002-08-15  Johan Danielsson  <joda@@pdc.kth.se>
d557 2
a558 2
	* lib/krb5/auth_context.c: check return value of
	krb5_sockaddr2address
d560 2
a561 2
	* lib/krb5/addr_families.c: check return value of
	krb5_sockaddr2address
d563 13
a575 1
	* lib/krb5/context.c: get the default keytab from KRB5_KTNAME
d577 1
a577 1
2002-08-14  Johan Danielsson  <joda@@pdc.kth.se>
d579 2
a580 1
	* lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
d582 3
a584 4
	* lib/krb5/context.c: allow changing config files with the
	function krb5_set_config_files, there are also related functions
	krb5_get_default_config_files and krb5_free_config_files; these
	should work similar to their MIT counterparts
d586 2
a587 2
	* lib/krb5/config_file.c: allow the use of more than one config
	file by using the new function krb5_config_parse_file_multi
d589 1
a589 1
2002-08-12  Johan Danielsson  <joda@@pdc.kth.se>
d591 2
a592 1
	* use sysconfdir instead of /etc
d594 4
a597 3
	* configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
	to appease automake; force sysconfdir and localstatedir to /etc
	and /var/heimdal for now
d599 8
a606 2
	* kdc/connect.c (addr_to_string): check return value of
	sockaddr2address
d608 2
a609 1
2002-08-09  Johan Danielsson  <joda@@pdc.kth.se>
d611 5
a615 3
	* lib/krb5/rd_cred.c: if the remote address isn't an addrport,
	don't try comparing to one; this should make old clients work with
	new servers
d617 2
a618 1
	* lib/asn1/gen_decode.c: remove unused variable
d620 4
a623 1
2002-07-31  Johan Danielsson  <joda@@pdc.kth.se>
d625 1
a625 2
	* kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
	Brashear)
d627 1
a627 2
	* lib/krb5/principal.c: actually lower case the lower case
	instance name (spotted by Derrick Brashear)
d629 1
a629 1
2002-07-24  Johan Danielsson  <joda@@pdc.kth.se>
d631 1
a631 2
	* fix-export: if DATEDVERSION is set, change the version to
	current date
d633 1
a633 2
	* configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
	LTLIBOBJS
d635 1
a635 1
2002-07-04  Johan Danielsson  <joda@@pdc.kth.se>
d637 1
a637 2
	* kdc/connect.c: add some cache-control-foo to the http responses
	(from Gombas Gabor)
d639 2
a640 2
	* lib/krb5/addr_families.c (krb5_print_address): don't copy size
	if ret_len == NULL
d642 1
a642 1
2002-06-28  Johan Danielsson  <joda@@pdc.kth.se>
d644 1
a644 4
	* kuser/klist.c (display_tokens): don't bail out before we get
	EDOM (signaling the end of the tokens), the kernel can also return
	ENOTCONN, meaning that the index does not exist anymore (for
	example if the token has expired)
d646 1
a646 1
2002-06-06  Johan Danielsson  <joda@@pdc.kth.se>
d648 1
a648 2
	* lib/krb5/changepw.c: make sure we return an error if there are
	no changepw hosts found; from Wynn Wilkes
d650 1
a650 1
2002-05-29  Johan Danielsson  <joda@@pdc.kth.se>
d652 1
a652 2
	* lib/krb5/cache.c (krb5_cc_register): break out of loop when the
	same type is found; spotted by Wynn Wilkes
d654 6
a659 1
2002-05-15  Johan Danielsson  <joda@@pdc.kth.se>
d661 2
a662 2
	* kdc/kerberos5.c: don't free encrypted padata until we're really
	done with it
d664 1
a664 1
2002-05-07  Johan Danielsson  <joda@@pdc.kth.se>
d666 4
a669 2
	* kdc/kerberos5.c: when decrypting pa-data, try all keys matching
	enctype
d671 1
a671 1
	* kuser/kinit.1: document -a
d673 2
a674 1
	* kuser/kinit.c: add command line switch for extra addresses
d676 1
a676 1
2002-04-30  Johan Danielsson  <joda@@blubb.pdc.kth.se>
d678 1
a678 1
	* configure.in: remove some duplicate tests
d680 1
a680 1
	* configure.in: use AC_HELP_STRING
d682 5
a686 1
2002-04-29  Johan Danielsson  <joda@@pdc.kth.se>
d688 1
a688 2
	* lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
	unknown
d690 1
a690 1
2002-04-25  Johan Danielsson  <joda@@pdc.kth.se>
d692 1
a692 1
	* configure.in: use rk_DESTDIRS
d694 2
a695 1
2002-04-22  Johan Danielsson  <joda@@pdc.kth.se>
d697 3
a699 2
	* lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
	the principal
d701 1
a701 1
2002-04-19  Johan Danielsson  <joda@@pdc.kth.se>
d703 1
a703 1
	* lib/krb5/verify_init.c: fix typo in error string
d705 1
a705 1
2002-04-18  Johan Danielsson  <joda@@pdc.kth.se>
d707 1
a707 1
	* acconfig.h: remove some stuff that is defined elsewhere
d709 1
a709 1
	* lib/krb5/krb5_locl.h: include <sys/file.h>
d711 6
a716 1
	* lib/krb5/acl.c: rename acl_string parameter
d718 2
a719 2
	* lib/krb5/Makefile.am: remove __P from protos, and put parameter
	names in comments
d721 1
a721 1
	* kuser/klist.c: better align some headers
d723 1
a723 1
	* kdc/kerberos4.c: storage tweaks
d725 6
a730 1
	* kdc/kaserver.c: storage tweaks
d732 3
a734 1
	* kdc/524.c: storage tweaks
d736 1
a736 1
	* lib/krb5/keytab_krb4.c: storage tweaks
d738 1
a738 1
	* lib/krb5/keytab_keyfile.c: storage tweaks
d740 1
a740 2
	* lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
	sized keytab files
d742 5
a746 1
	* lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
d748 2
a749 1
	* lib/krb5/fcache.c: storage tweaks
d751 1
a751 3
	* lib/krb5/store_mem.c: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable
d753 19
a771 3
	* lib/krb5/store_fd.c: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable
d773 1
a773 3
	* lib/krb5/store_emem.c: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable
d775 2
a776 3
	* lib/krb5/store.c: make the krb5_storage opaque, and add function
	wrappers for store/fetch/seek, and also make the eof-code
	configurable
d778 2
a779 3
	* lib/krb5/store-int.h: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable
d781 8
a788 3
	* lib/krb5/krb5.h: make the krb5_storage opaque, and add function
	wrappers for store/fetch/seek, and also make the eof-code
	configurable
d790 1
a790 1
	* include/bits.c: include <sys/socket.h> to get socklen_t
d792 5
a796 2
	* kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
	requested KDC-REQ etypes
d798 2
a799 1
	* kdc/hpropd.c: constify
d801 2
a802 1
	* kdc/hprop.c: constify
d804 1
a804 1
	* kdc/string2key.c: constify
d806 2
a807 1
	* kdc/kdc_locl.h: make port_str const
d809 1
a809 1
	* kdc/config.c: constify
d811 4
a814 1
	* lib/krb5/config_file.c: constify
d816 5
a820 1
	* kdc/kstash.c: constify
d822 4
a825 1
	* lib/krb5/verify_user.c: remove unnecessary cast
d827 1
a827 1
	* lib/krb5/recvauth.c: constify
d829 1
a829 1
	* lib/krb5/principal.c (krb5_parse_name): const qualify
d831 1
a831 1
	* lib/krb5/mcache.c (mcc_get_name): constify return type
d833 1
a833 2
	* lib/krb5/context.c (krb5_free_context): don't try to free the
	ccache prefix
d835 1
a835 2
	* lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
	prefix
d837 1
a837 1
	* lib/krb5/krb5.h: constify some struct members
d839 2
a840 1
	* lib/krb5/log.c: constify
d842 1
a842 2
	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
	qualify
d844 8
a851 1
	* lib/krb5/get_in_tkt.c (krb5_init_etype): constify
d853 1
a853 1
	* lib/krb5/crypto.c: constify some
d855 2
a856 1
	* lib/krb5/config_file.c: constify
d858 1
a858 2
	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
	constify local variable
d860 3
a862 1
	* lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
d864 3
a866 1
2002-04-17  Johan Danielsson  <joda@@pdc.kth.se>
d868 2
a869 1
	* lib/krb5/verify_krb5_conf.c: add some log checking
d871 81
a951 1
	* lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
d953 4
a956 1
2002-04-16  Johan Danielsson  <joda@@pdc.kth.se>
d958 1
a958 2
	* lib/krb5/crypto.c (krb5_crypto_init): check that the key size
	matches the expected length
d960 1
a960 1
2002-03-27  Johan Danielsson  <joda@@pdc.kth.se>
d962 1
a962 1
	* lib/krb5/send_to_kdc.c: rename send parameter to send_data
d964 1
a964 1
	* lib/krb5/mk_error.c: rename ctime parameter to client_time
d966 1
a966 1
2002-03-22  Johan Danielsson  <joda@@pdc.kth.se>
d968 1
a968 2
	* kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
	Reinoud Zandijk)
d970 1
a970 1
2002-03-18  Johan Danielsson  <joda@@pdc.kth.se>
d972 3
a974 1
	* lib/asn1/k5.asn1: add the GSS-API checksum type here
d976 57
a1032 1
2002-03-11  Assar Westerlund  <assar@@sics.se>
d1035 53
a1087 5
	18:3:1
	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
	
2002-03-10  Assar Westerlund  <assar@@sics.se>
d1089 1
a1089 1
	* lib/krb5/rd_cred.c: handle addresses with port numbers
d1091 2
a1092 3
	* lib/krb5/keytab_file.c, lib/krb5/keytab.c:
	store the kvno % 256 as the byte and the complete 32 bit kvno after
	the end of the current keytab entry
d1094 1
a1094 2
	* lib/krb5/init_creds_pw.c:
	handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
d1096 2
a1097 2
	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
	handle ports giving for the remote address
d1099 2
a1100 2
	* lib/krb5/get_cred.c:
	get a ticket with no addresses if no-addresses is set
d1102 2
a1103 3
	* lib/krb5/crypto.c:
	rename functions DES_* to krb5_* to avoid colliding with modern
	openssl
d1105 1
a1105 4
	* lib/krb5/addr_families.c:
	make all functions taking 'struct sockaddr' actually take a socklen_t
	instead of int and that acts as an in-out parameter (indicating the
	maximum length of the sockaddr to be written)
d1107 1
a1107 3
	* kdc/kerberos4.c:
	make the kvno's in the krb4 universe by the real one % 256, since they
	cannot only be 8 bit, and the v5 ones are actually 32 bits
d1109 1
a1109 1
2002-02-15  Johan Danielsson  <joda@@pdc.kth.se>
d1111 2
a1112 3
	* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
	before we need to write to it
	(from ke Sandgren)
d1114 2
a1115 1
2002-02-14  Johan Danielsson  <joda@@pdc.kth.se>
d1117 4
a1120 3
	* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
	rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
	directly
d1122 5
a1126 2
	* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
	Kouril)
d1128 1
a1128 1
2002-02-12  Johan Danielsson  <joda@@pdc.kth.se>
d1130 1
a1130 2
	* lib/krb5/context.c (krb5_get_err_text): protect against NULL
	context
d1132 1
a1132 1
2002-02-11  Johan Danielsson  <joda@@pdc.kth.se>
d1134 2
a1135 1
	* admin/ktutil.c: no need to use the "modify" keytab anymore
d1137 1
a1137 1
	* lib/krb5/keytab_any.c: implement add and remove
d1139 1
a1139 1
	* lib/krb5/keytab_krb4.c: implement add and remove
d1141 1
a1141 2
	* lib/krb5/store_emem.c (emem_free): clear memory before freeing
	(this should perhaps be selectable with a flag)
d1143 1
a1143 1
2002-02-04  Johan Danielsson  <joda@@pdc.kth.se>
d1145 2
a1146 3
	* kdc/config.c (get_dbinfo): if there are database specifications
	in the config file, don't automatically try to use the default
	values (from Gombas Gabor)
d1148 1
a1148 2
	* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
	(from Gombas Gabor)
d1150 1
a1150 1
2002-01-30  Johan Danielsson  <joda@@pdc.kth.se>
d1152 2
a1153 2
	* admin/list.c: get the default keytab from krb5.conf, and list
	all parts of an ANY type keytab
d1155 1
a1155 1
	* lib/krb5/context.c: default default_keytab_modify to NULL
d1157 3
a1159 3
	* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
	name is specified take it from the first component of the default
	keytab name
d1161 5
a1165 1
2002-01-29  Johan Danielsson  <joda@@pdc.kth.se>
d1167 1
a1167 1
	* lib/krb5/keytab.c: compare keytab types case insensitively
d1169 1
a1169 1
2002-01-07  Assar Westerlund  <assar@@sics.se>
a1170 8
	* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
	not really a krb5_key_usage).  From Ben Harris <bjh21@@netbsd.org>
	* lib/krb5/get_in_tkt.c: use krb5_enctype consistently.  From Ben
	Harris <bjh21@@netbsd.org>
	* lib/krb5/crypto.c: use krb5_enctype consistently.  From Ben
	Harris <bjh21@@netbsd.org>
	* kdc/kerberos5.c: use krb5_enctype consistently.  From Ben Harris
	<bjh21@@netbsd.org>
@


1.1.1.4.2.4
log
@MFC: Update Heimdal Kerberos to 0.5 around 2002/09/16.

Approved by:	re (jhb)
@
text
@a0 168
2002-09-16  Jacques Vidrine  <nectar@@kth.se>

	* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
	to convert the newline to NUL in fgets results.

2002-09-13  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/kinit.1: remove unneeded Ns

	* lib/krb5/krb5_appdefault.3: remove extra "application"

	* fix-export: remove autom4ate.cache

2002-09-10  Johan Danielsson  <joda@@pdc.kth.se>

	* include/make_crypto.c: don't use function macros if possible

	* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX

	* include/Makefile.am: use make_crypto to create crypto-headers.h

	* include/make_crypto.c: crypto header generation tool

	* configure.in: move crypto test to just after testing for krb4,
	and move roken tests to after both, this speeds up various failure
	cases with krb4

	* lib/krb5/config_file.c: don't use NULL when we mean 0

	* configure.in: we don't set package_libdir anymore, so no point
	in testing for it

	* tools/Makefile.am: subst INCLUDE_des

	* tools/krb5-config.in: add INCLUDE_des to cflags

	* configure.in: use AC_CONFIG_SRCDIR

	* fix-export: remove some unneeded stuff

	* kuser/kinit.c (do_524init): free principals

2002-09-09  Jacques Vidrine  <nectar@@kth.se>

	* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
	kdc/kaserver.c (krb5_ret_xdr_data),
	lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
	counts: Check that they are non-negative, and that they are small
	enough to avoid integer overflow when used in memory allocation
	calculations.  Potential problem areas pointed out by 
	Sebastian Krahmer <krahmer@@suse.de>.

	* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
	creating a new keyfile.

2002-09-09  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: don't try to build pam module

2002-09-05  Johan Danielsson  <joda@@pdc.kth.se>

	* appl/kf/kf.c: fix warning string

	* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
	know we need it

2002-09-04  Assar Westerlund  <assar@@kth.se>

	* kdc/kerberos5.c (encode_reply): correct error logging

2002-09-04  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/sendauth.c: close ccache if we opened it

	* appl/kf/kf.c: handle new protocol

	* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
	handle the new protocol, and bail out if an old client tries to
	connect

	* appl/kf/kf_locl.h: we need a protocol version string

	* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE

	* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE

	* kdc/hprop.c: set AP_OPTS_USE_SUBKEY

	* lib/hdb/common.c: use ASN1_MALLOC_ENCODE

	* lib/asn1/gen.c: add convenience macro that allocates a buffer
	and encoded into that

	* lib/krb5/get_cred.c (init_tgs_req): use
	in_creds->session.keytype literally instead of trying to convert
	to a list of enctypes (it should already be an enctype)
	
	* lib/krb5/get_cred.c (init_tgs_req): init ret

2002-09-03  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC

	* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC

	* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
	zero ivec in DES3_CBC_encrypt if passed ivec is NULL

	* lib/krb5/Makefile.am: back out 1.144, since it will re-create
	krb5-protos.h at build-time, which requires perl, which is bad

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
	blindly use the local subkey

	* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
	extracts the required blocksize from a crypto context

	* lib/krb5/build_auth.c: just get the length of the encoded
	authenticator instead of trying to grow a buffer

2002-09-03  Assar Westerlund  <assar@@kth.se>

	* configure.in: add --disable-mmap option, and tests for
	sys/mman.h and mmap

2002-09-03  Jacques Vidrine  <nectar@@kth.se>

	* lib/krb5/changepw.c: verify lengths in response

	* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
	truncated integers

2002-09-02  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/mk_req_ext.c: generate a local subkey if
	AP_OPTS_USE_SUBKEY is set

	* lib/krb5/build_auth.c: we don't have enough information about
	whether to generate a local subkey here, so don't try to

	* lib/krb5/auth_context.c: new function
	krb5_auth_con_generatelocalsubkey

	* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
	initial ticket

	* lib/krb5/context.c (init_context_from_config_file): simplify
	initialisation of srv_lookup

	* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY

	* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY

2002-08-30  Assar Westerlund  <assar@@kth.se>

	* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
	* lib/krb5/Makefile.am (TESTS): add name-45-test
	* lib/krb5/name-45-test.c: add testcases for
	krb5_425_conv_principal

2002-08-29  Assar Westerlund  <assar@@kth.se>

	* lib/krb5/parse-name-test.c: also test unparse_short functions
	* lib/asn1/asn1_print.c: use com_err/error_message API
	* lib/krb5/Makefile.am: add parse-name-test
	* lib/krb5/parse-name-test.c: add a program for testing parsing
	and unparsing principal names

@


1.1.1.4.2.5
log
@MFC: Heimdal 0.5.1
@
text
@d1 1
a1 1
2002-10-21  Johan Danielsson  <joda@@pdc.kth.se>
d3 2
a4 1
	* lib/krb5/store_emem.c: pull up 1.13; limit how much we allocate
d6 1
a6 2
	* lib/krb5/principal.c: pull up 1.82; don't allow trailing
	backslashes in components
d8 1
a8 1
	* lib/krb5/keytab_keyfile.c: pull up 1.15; more strcspn
d10 1
a10 2
	* lib/krb5/keytab_any.c: pull up 1.7; properly close the open
	keytabs
d12 1
a12 23
	* kdc/connect.c: pull up 1.87; check that %-quotes are followed by
	two hex digits

	* lib/krb5/prompter_posix.c: pull up 1.7; use strcspn to convert
	the newline to NUL in fgets results.

	* lib/krb5/kuserok.c: pull up 1.6; use strcspn to convert the
	newline to NUL in fgets results.

	* lib/krb5/keytab_file.c: pull up 1.12; check return value from
	start_seq_get

	* lib/krb5/context.c: pull up 1.82; return ENXIO instead of ENOENT
	when "unconfigured"

	* lib/krb5/changepw.c: pull up 1.38; fix reply length check
	calculation

	* kuser/klist.c: pull up 1.68; allow tokens up to size of buffer

	* kdc/kaserver.c: pull up 1.21; make sure life is positive

	* fix-export: pull up 1.28; remove autom4ate.cache
a14 2

	* Release 0.5
@


1.1.1.5
log
@import of heimdal 0.3e
@
text
@d1 1
a1 1
2001-02-05  Assar Westerlund  <assar@@assaris.sics.se>
d3 1
a3 1
	* Release 0.3e
d5 1
a5 1
2001-01-30  Assar Westerlund  <assar@@sics.se>
d7 4917
a4923 6
	* kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
	properly
	(kdb_prop): decrypt key properly
	* kdc/hprop.c: handle building with KRB4 always try to decrypt v4
	data with the master key leave it up to the v5 how to encrypt with
	that master key
d4925 2
a4926 6
	* kdc/kstash.c: include file name in error messages
	* kdc/hprop.c: fix a typo and check some more return values
	* lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
	correctly.  From Jacques Vidrine <n@@nectar.com>
	* kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
	ENOENT
d4928 1
a4928 6
	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
	15:0:0
	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
	* kdc/misc.c (db_fetch): return an error code.  change callers to
	look at this and try to print it in log messages
d4930 1
a4930 2
	* lib/krb5/crypto.c (decrypt_internal_derived): check that there's
	enough data
d4932 1
a4932 1
2001-01-29  Assar Westerlund  <assar@@sics.se>
d4934 1
a4934 2
	* kdc/hprop.c (realm_buf): move it so it becomes properly
	conditional on KRB4
d4936 2
a4937 4
	* lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
	hdb_unseal_keys, hdb_seal_keys): check that we have the correct
	master key and that we manage to decrypt the key properly,
	returning an error code.  fix all callers to check return value.
d4939 1
a4939 4
	* tools/krb5-config.in: use @@LIB_des_appl@@
	* tools/Makefile.am (krb5-config): add LIB_des_appl
	* configure.in (LIB_des): set correctly
	(LIB_des_appl): add for the use by krb5-config.in
d4941 1
a4941 3
	* lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
	to make sure of not dropping data when doing it over a socket.
	(this might break when used with ordinary files on win32)
d4943 1
a4943 1
	* lib/hdb/hdb_err.et (NO_MKEY): add
d4945 1
a4945 2
	* kdc/kerberos5.c (as_rep): be paranoid and check
	krb5_enctype_to_string for failure, noted by <lha@@stacken.kth.se>
d4947 1
a4947 3
	* lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
	lib/krb5/krb5_auth_context.3: add new man pages, contributed by
	<lha@@stacken.kth.se>
d4949 1
a4949 1
	* use the openssl api for md4/md5/sha and handle openssl/*.h
d4951 1
a4951 2
	* kdc/kaserver.c (do_getticket): check length of ticket.  noted by
 	<lha@@stacken.kth.se>
d4953 1
a4953 1
2001-01-28  Assar Westerlund  <assar@@sics.se>
d4955 1
a4955 2
	* configure.in: send -R instead of -rpath to libtool to set
	runtime library paths
d4957 1
a4957 1
	* lib/krb5/Makefile.am: remove all dependencies on libkrb
d4959 1
a4959 1
2001-01-27  Assar Westerlund  <assar@@sics.se>
d4961 1
a4961 2
	* appl/rcp: add port of bsd rcp changed to use existing rsh,
	contributed by Richard Nyberg <rnyberg@@it.su.se>
d4963 2
a4964 1
2001-01-27  Johan Danielsson  <joda@@pdc.kth.se>
d4966 1
a4966 2
	* lib/krb5/get_port.c: don't warn if the port name can't be found,
	nobody cares anyway
d4968 1
a4968 1
2001-01-26  Johan Danielsson  <joda@@pdc.kth.se>
d4970 1
a4970 2
	* kdc/hprop.c: make it possible to convert a v4 dump file without
	having any v4 libraries; the kdb backend still require them
d4972 1
a4972 2
	* kdc/v4_dump.c: include shadow definition of kdb Principal, so we
	don't have to depend on any v4 libraries
d4974 2
a4975 2
	* kdc/hprop.h: include shadow definition of kdb Principal, so we
	don't have to depend on any v4 libraries
d4977 1
a4977 1
	* lib/hdb/print.c: reduce number of memory allocations
d4979 1
a4979 1
	* lib/hdb/mkey.c: add support for reading krb4 /.k files
d4981 1
a4981 1
2001-01-19  Assar Westerlund  <assar@@sics.se>
d4983 1
a4983 2
	* lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
	for realms document capath better
d4985 1
a4985 2
	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
	at kpasswd_server before admin_server
d4987 1
a4987 4
	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
	[libdefaults]capath for better hint of realm to send request to.
	this allows the client to specify `realm routing information' in
	case it cannot be done at the server (which is preferred)
d4989 1
a4989 5
	* lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
	zero when we were expecting a sequence number.  MIT krb5 cannot
	generate a sequence number of zero, instead generating no sequence
	number
	* lib/krb5/rd_safe.c (krb5_rd_safe): dito
d4991 2
a4992 1
2001-01-11  Assar Westerlund  <assar@@sics.se>
d4994 1
a4994 1
	* kpasswd/kpasswdd.c: add --port option
d4996 436
a5431 1
2001-01-10  Assar Westerlund  <assar@@sics.se>
d5433 1
a5433 2
	* lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
	just before returning
d5435 1
a5435 1
2001-01-09  Assar Westerlund  <assar@@sics.se>
d5437 1
a5437 1
	* appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
d5439 1
a5439 1
2001-01-05  Johan Danielsson  <joda@@pdc.kth.se>
d5441 1
a5441 1
	* kuser/kinit.c: call a time `time', and not `seconds'
d5443 1
a5443 2
	* lib/krb5/init_creds.c: not much point in setting the anonymous
	flag here
d5445 1
a5445 1
	* lib/krb5/krb5_appdefault.3: document appdefault_time
d5447 1
a5447 1
2001-01-04  Johan Danielsson  <joda@@pdc.kth.se>
d5449 2
a5450 2
	* lib/krb5/verify_user.c: use
	krb5_get_init_creds_opt_set_default_flags
d5452 2
a5453 1
	* kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
d5455 1
a5455 3
	* lib/krb5/init_creds.c: new function
	krb5_get_init_creds_opt_set_default_flags to set options from
	krb5.conf
d5457 119
a5575 1
	* lib/krb5/rd_cred.c: make this match the MIT function
d5577 27
a5603 3
	* lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
	def_val
	(krb5_appdefault_time): new function
d5605 1
a5605 1
2001-01-03  Assar Westerlund  <assar@@sics.se>
d5607 1
a5607 1
	* kdc/hpropd.c (main): handle EOF when reading from stdin
@


1.1.1.6
log
@import of heimdal 0.3f
@
text
@a0 330
2001-05-17  Assar Westerlund  <assar@@sics.se>

	* Release 0.3f

2001-05-17  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am: bump version to 16:0:0
	* lib/hdb/Makefile.am: bump version to 7:1:0
	* lib/asn1/Makefile.am: bump version to 5:0:0
	* lib/krb5/keytab_krb4.c: add SRVTAB as an alias for krb4
	* lib/krb5/codec.c: remove dead code

2001-05-15  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/rd_error.c (krb5_error_from_rd_error): use correct
	parenthesis

	* lib/krb5/eai_to_heim_errno.c (krb5_eai_to_heim_errno): add
	`errno' (called system_error) to allow callers to make sure they
	pass the current and relevant value.  update callers

2001-05-14  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/kerberos5.c: pass context to krb5_domain_x500_decode

2001-05-14  Assar Westerlund  <assar@@sics.se>

	* kpasswd/kpasswdd.c: adapt to new address functions
	* kdc/kerberos5.c: adapt to changing address functions use LR_TYPE
	* kdc/connect.c: adapt to changing address functions
	* kdc/config.c: new krb5_config_parse_file
	* kdc/524.c: new krb5_sockaddr2address
	* lib/krb5/*: add some krb5_{set,clear}_error_string

	* lib/asn1/k5.asn1 (LR_TYPE): add
	* lib/asn1/Makefile.am (gen_files): add asn1_LR_TYPE.x

2001-05-11  Assar Westerlund  <assar@@sics.se>

	* kdc/kerberos5.c (tsg_rep): fix typo in variable name

	* kpasswd/kpasswd-generator.c (nop_prompter): update prototype
	* lib/krb5/init_creds_pw.c: update to new prompter, use prompter
	types and send two prompts at once when changning password
	* lib/krb5/prompter_posix.c (krb5_prompter_posix): add name
	* lib/krb5/krb5.h (krb5_prompt): add type
	(krb5_prompter_fct): add anem

	* lib/krb5/cache.c (krb5_cc_next_cred): transpose last two
	paramaters to krb5_cc_next_cred (as MIT does, and not as they
	document).  From "Jacques A. Vidrine" <n@@nectar.com>

2001-05-11  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/Makefile.am: store-test

	* lib/krb5/store-test.c: simple bit storage test

	* lib/krb5/store.c: add more byteorder storage flags
	
	* lib/krb5/krb5.h: add more byteorder storage flags
	
	* kdc/kerberos5.c: don't use NULL where we mean 0

	* kdc/kerberos5.c: put referral test code in separate function,
	and test for KRB5_NT_SRV_INST

2001-05-10  Assar Westerlund  <assar@@sics.se>

	* admin/list.c (do_list): do not close the keytab if opening it
	failed
	* admin/list.c (do_list): always print complete names.  print
	everything to stdout.
	* admin/list.c: print both v5 and v4 list by default
	* admin/remove.c (kt_remove): reorganize some.  open the keytab
	(defaulting to the modify one).
	* admin/purge.c (kt_purge): reorganize some.  open the keytab
	(defaulting to the modify one). correct usage strings
	* admin/list.c (kt_list): reorganize some.  open the keytab
	* admin/get.c (kt_get): reorganize some.  open the keytab
	(defaulting to the modify one)
	* admin/copy.c (kt_copy): default to modify key name.  re-organise
	* admin/change.c (kt_change): reorganize some.  open the keytab
	(defaulting to the modify one)
	* admin/add.c (kt_add): reorganize some.  open the keytab
	(defaulting to the modify one)
	* admin/ktutil.c (main): do not open the keytab, let every
	sub-function handle it

	* kdc/config.c (configure): call free_getarg_strings

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set error strings for
	a few more errors

	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): make
	`use_dns' parameter boolean

	* lib/krb5/krb5.h (krb5_context_data): add default_keytab_modify
	* lib/krb5/context.c (init_context_from_config_file): set
	default_keytab_modify
	* lib/krb5/krb5_locl.h (KEYTAB_DEFAULT): change to
	ANY:FILE:/etc/krb5.keytab,krb4:/etc/srvtab
	(KEYTAB_DEFAULT_MODIFY): add
	* lib/krb5/keytab.c (krb5_kt_default_modify_name): add
	(krb5_kt_resolve): set error string for failed keytab type

2001-05-08  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c (encryption_type): make field names more
	consistent
	(create_checksum): separate usage and type
	(krb5_create_checksum): add a separate type parameter
	(encrypt_internal): only free once on mismatched checksum length

	* lib/krb5/send_to_kdc.c (krb5_sendto_kdc2): try to tell what
	realm we didn't manage to reach any KDC for in the error string

	* lib/krb5/generate_seq_number.c (krb5_generate_seq_number): free
	the entire subkey.  from <tmartin@@mirapoint.com>

2001-05-07  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/keytab_keyfile.c (akf_start_seq_get): return
	KT_NOTFOUND if the file is empty

2001-05-07  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/fcache.c: call krb5_set_error_string when open fails
	fatally
	* lib/krb5/keytab_file.c: call krb5_set_error_string when open
	fails fatally

	* lib/krb5/warn.c (_warnerr): print error_string in context in
	preference to error string derived from error code
	* kuser/kinit.c (main): try to print the error string
	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): set some sensible
	error strings for errors

	* lib/krb5/krb5.h (krb5_context_data): add error_string and
	error_buf
	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add error_string.c
	* lib/krb5/error_string.c: new file

2001-05-02  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/time.c: krb5_string_to_deltat

	* lib/krb5/sock_principal.c: one less data copy

	* lib/krb5/eai_to_heim_errno.c: conversion function for h_errno's

	* lib/krb5/get_default_principal.c: change this slightly

	* lib/krb5/crypto.c: make checksum_types into an array of pointers

	* lib/krb5/convert_creds.c: make sure we always use a des-cbc-crc
	ticket

2001-04-29  Assar Westerlund  <assar@@sics.se>

	* kdc/kerberos5.c (tgs_rep2): return a reference to a krbtgt for
	the right realm if we fail to find a non-krbtgt service in the
	database and the second component does a succesful non-dns lookup
	to get the real realm (which has to be different from the
	originally-supplied realm).  this should help windows 2000 clients
	that always start their lookups in `their' realm and do not have
	any idea of how to map hostnames into realms
	* kdc/kerberos5.c (is_krbtgt): rename to get_krbtgt_realm

2001-04-27  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/get_host_realm.c (krb5_get_host_realm_int): add extra
	parameter to request use of dns or not

2001-04-25  Assar Westerlund  <assar@@sics.se>

	* admin/get.c (kt_get): allow specification of encryption types
	* lib/krb5/verify_init.c (krb5_verify_init_creds): do not try to
	close an unopened ccache, noted by <marc@@mit.edu>

	* lib/krb5/krb5.h (krb5_any_ops): add declaration
	* lib/krb5/context.c (init_context_from_config_file): register
	krb5_any_ops

	* lib/krb5/keytab_any.c: new file, implementing union of keytabs
	* lib/krb5/Makefile.am (libkrb5_la_SOURCES): add keytab_any.c
	
	* lib/krb5/init_creds_pw.c (get_init_creds_common): handle options
	== NULL.  noted by <marc@@mit.edu>

2001-04-19  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/rd_cred.c: set ret_creds to NULL before doing anything
	else, from Jacques Vidrine

2001-04-18  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/libasn1.h: asn1.h -> krb5_asn1.h

	* lib/asn1/Makefile.am: add asn1_ENCTYPE.x

	* lib/krb5/krb5.h: adapt to asn1 changes

	* lib/asn1/k5.asn1: move enctypes here

	* lib/asn1/libasn1.h: rename asn1.h to krb5_asn1.h to avoid
	conflicts

	* lib/asn1/Makefile.am: rename asn1.h to krb5_asn1.h to avoid
	conflicts

	* lib/asn1/lex.l: use strtol to parse constants

2001-04-06  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/kinit.c: add simple support for running commands

2001-03-26  Assar Westerlund  <assar@@sics.se>

	* lib/hdb/hdb-ldap.c: change order of includes to allow it to work
	with more versions of openldap

	* kdc/kerberos5.c (tgs_rep2): try to set sec and usec in error
	replies
	(*): update callers of krb5_km_error
	(check_tgs_flags): handle renews requesting non-renewable tickets

	* lib/krb5/mk_error.c (krb5_mk_error): allow specifying both ctime
	and cusec

	* lib/krb5/krb5.h (krb5_checksum, krb5_keyusage): add
	compatibility names

	* lib/krb5/crypto.c (create_checksum): change so that `type == 0'
	means pick from the `crypto' (context) and otherwise use that
	type.  this is not a large change in practice and allows callers
	to specify the exact checksum algorithm to use

2001-03-13  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_cred.c (get_cred_kdc): add support for falling back
	to KRB5_KU_AP_REQ_AUTH when KRB5_KU_TGS_REQ_AUTH gives `bad
	integrity'.  this helps for talking to old (pre 0.3d) KDCs

2001-03-12  Assar Westerlund  <assar@@pdc.kth.se>

	* lib/krb5/crypto.c (krb5_derive_key): new function, used by
	derived-key-test.c
	* lib/krb5/string-to-key-test.c: add new test vectors posted by
	Ken Raeburn <raeburn@@mit.edu> in <tx1bsra8919.fsf@@raeburn.org> to
	ietf-krb-wg@@anl.gov
	* lib/krb5/n-fold-test.c: more test vectors from same source
	* lib/krb5/derived-key-test.c: more tests from same source

2001-03-06  Assar Westerlund  <assar@@sics.se>

	* acconfig.h: include roken_rename.h when appropriate

2001-03-06  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.h (krb5_enctype): remove trailing comma

2001-03-04  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.h (krb5_enctype): add ENCTYPE_* aliases for
	compatibility with MIT krb5

2001-03-02  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.c (main): only request a renewable ticket when
	explicitly requested.  it still gets a renewable one if the renew
	life is specified
	* kuser/kinit.c (renew_validate): treat -1 as flags not being set

2001-02-28  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/context.c (krb5_init_ets): use krb5_add_et_list

2001-02-27  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/get_cred.c: implement krb5_get_cred_from_kdc_opt

2001-02-25  Assar Westerlund  <assar@@sics.se>

	* configure.in: do not use -R when testing for des functions

2001-02-14  Assar Westerlund  <assar@@sics.se>

	* configure.in: test for lber.h when trying to link against
 	openldap to handle openldap v1, from Sumit Bose
 	<sumit.bose@@suse.de>

2001-02-19  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/libasn1.h: add string.h (for memset)

2001-02-15  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/warn.c (_warnerr): add printf attributes
	* lib/krb5/send_to_kdc.c (krb5_sendto): loop over all address
	returned by getaddrinfo before trying the next kdc.  from
	thorpej@@netbsd.org

	* lib/krb5/krb5.conf.5: fix default_realm in example

	* kdc/connect.c: fix a few kdc_log format types

	* configure.in: try to handle libdes/libcrypto ont requiring -L

2001-02-10  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/gen_decode.c (generate_type_decode): zero the data at
	the beginning of the generated function, and add a label `fail'
	that the code jumps to in case of errors that frees all allocated
	data

2001-02-07  Assar Westerlund  <assar@@sics.se>

	* configure.in: aix dce: fix misquotes, from Ake Sandgren
	<ake@@cs.umu.se>

	* configure.in (dpagaix_LDFLAGS): try to add export file

2001-02-05  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5_keytab.3: new man page, contributed by
	<lha@@stacken.kth.se>

	* kdc/kaserver.c: update to new db_fetch4

@


1.1.1.7
log
@Import of Heimdal Kerberos from KTH repository circa 2002/02/17.
@
text
@a0 675
2002-02-15  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
	before we need to write to it
	(from ke Sandgren)

2002-02-14  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
	rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
	directly

	* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
	Kouril)

2002-02-12  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/context.c (krb5_get_err_text): protect against NULL
	context

2002-02-11  Johan Danielsson  <joda@@pdc.kth.se>

	* admin/ktutil.c: no need to use the "modify" keytab anymore

	* lib/krb5/keytab_any.c: implement add and remove

	* lib/krb5/keytab_krb4.c: implement add and remove

	* lib/krb5/store_emem.c (emem_free): clear memory before freeing
	(this should perhaps be selectable with a flag)

2002-02-04  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/config.c (get_dbinfo): if there are database specifications
	in the config file, don't automatically try to use the default
	values (from Gombas Gabor)

	* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
	(from Gombas Gabor)

2002-01-30  Johan Danielsson  <joda@@pdc.kth.se>

	* admin/list.c: get the default keytab from krb5.conf, and list
	all parts of an ANY type keytab

	* lib/krb5/context.c: default default_keytab_modify to NULL

	* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
	name is specified take it from the first component of the default
	keytab name

2002-01-29  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/keytab.c: compare keytab types case insensitively

2002-01-07  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
	not really a krb5_key_usage).  From Ben Harris <bjh21@@netbsd.org>
	* lib/krb5/get_in_tkt.c: use krb5_enctype consistently.  From Ben
	Harris <bjh21@@netbsd.org>
	* lib/krb5/crypto.c: use krb5_enctype consistently.  From Ben
	Harris <bjh21@@netbsd.org>
	* kdc/kerberos5.c: use krb5_enctype consistently.  From Ben Harris
	<bjh21@@netbsd.org>

2001-12-20  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/crypto.c: use our own des string-to-key function, since
	the one from openssl sometimes generates wrong output

2001-12-05  Jacques Vidrine <n@@nectar.cc>

        * lib/hdb/mkey.c: fix a bug in which kstash would crash if
        there were no /etc/krb5.conf

2001-10-29  Jacques Vidrine <n@@nectar.com>

	* admin/get.c: fix a bug in which a reference to a data
	structure on the stack was being kept after the containing
	function's lifetime, resulting in a segfault during `ktutil
	get'.

2001-10-22  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c: make all high-level encrypting and decrypting
	functions check the return value of the underlying function and
	handle errors more consistently.  noted by Sam Hartman
	<hartmans@@mit.edu>

2001-10-21  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/crypto.c (enctype_arcfour_hmac_md5): actually use a
	non-keyed checksum when it should be non-keyed

2001-09-29  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.1: add the kauth alias
	* kuser/kinit.c: allow specification of afslog in krb5.conf, noted
	by jhutz@@cs.cmu.edu

2001-09-27  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/gen.c: remove the need for libasn1.h, also make
	generated files include all files from IMPORTed modules

	* lib/krb5/krb5.h (KRB5_KPASSWD_*): set correct values
	* kpasswd/kpasswd.c: improve error message printing
	* lib/krb5/changepw.c (krb5_passwd_result_to_string): add change
	to use sequence numbers connect the udp socket so that we can
	figure out the local address

2001-09-25  Assar Westerlund  <assar@@sics.se>

	* lib/asn1: implement OBJECT IDENTIFIER and ENUMERATED

2001-09-20  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/principal.c (krb5_425_conv_principal_ext): try using
	lower case realm as domain, but only when given a verification
	function

2001-09-20  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/der_put.c (der_put_length): do not even try writing
	anything when len == 0

2001-09-18  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/hpropd.c: add realm override option

	* lib/krb5/set_default_realm.c (krb5_set_default_realm): make
	realm parameter const

	* kdc/hprop.c: more free's

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_keytab): free key
	proc data

	* lib/krb5/expand_hostname.c (krb5_expand_hostname_realms): free
	addrinfo

	* lib/hdb/mkey.c (hdb_set_master_keyfile): clear error string when
	not returning error

2001-09-16  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/appdefault.c (krb5_appdefault_{boolean,string,time):
	make realm const

	* lib/krb5/crypto.c: use des functions to avoid generating
	warnings with openssl's prototypes

2001-09-05  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: check for termcap.h

	* lib/asn1/lex.l: add another undef ECHO to keep AIX lex happy

2001-09-03  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/addr_families.c (krb5_print_address): handle snprintf
	returning < 0.  noticed by hin@@stacken.kth.se

2001-09-03  Assar Westerlund  <assar@@sics.se>

	* Release 0.4e

2001-09-02  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/Makefile.am: install kauth as a symlink to kinit

	* kuser/kinit.c: get v4_tickets by default

	* lib/asn1/Makefile.am: fix for broken automake

2001-08-31  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/hdb-ldap.c: some pretty much untested changes from Luke
	Howard

	* kuser/kinit.1: remove references to kauth

	* kuser/Makefile.am: kauth is no more

	* kuser/kinit.c: use appdefaults for everything. defaults are now
	as in kauth.

	* lib/krb5/appdefault.c: also check libdefaults, and realms/realm

	* lib/krb5/context.c (krb5_free_context): free more stuff

2001-08-30  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/verify_krb5_conf.c: do some checks of the values in the
	file

	* lib/krb5/krb5.conf.5: remove srv_try_txt, fix spelling

	* lib/krb5/context.c: don't init srv_try_txt, since it isn't used
	anymore

2001-08-29  Jacques Vidrine  <n@@nectar.com>

	* configure.in: Check for already-installed com_err.

2001-08-28  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set versoin to 18:2:1

2001-08-24  Assar Westerlund  <assar@@sics.se>

	* kuser/Makefile.am: remove CHECK_LOCAL - non bin programs require
	no special treatment now

	* kuser/generate-requests.c: parse arguments in a useful way
	* kuser/kverify.c: add --help/--verify

2001-08-22  Assar Westerlund  <assar@@sics.se>

	* configure.in: bump prereq to 2.52 remove unused test_LIB_KRB4

	* configure.in: re-write the handling of crypto libraries.  try to
	use the one of openssl's libcrypto or krb4's libdes that has all
	the required functionality (md4, md5, sha1, des, rc4).  if there
	is no such library, the included lib/des is built.

	* kdc/headers.h: include libutil.h if it exists
	* kpasswd/kpasswd_locl.h: include libutil.h if it exists
	* kdc/kerberos4.c (get_des_key): check for null keys even if
	is_server

2001-08-21  Assar Westerlund  <assar@@sics.se>

	* lib/asn1/asn1_print.c: print some size_t correctly
	* configure.in: remove extra space after -L check for libutil.h

2001-08-17  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/kdc_locl.h: fix prototype for get_des_key

	* kdc/kaserver.c: fix call to get_des_key

	* kdc/524.c: fix call to get_des_key

	* kdc/kerberos4.c (get_des_key): if getting a key for a server,
	return any des-key not just keys that can be string-to-keyed by
	the client

2001-08-10  Assar Westerlund  <assar@@sics.se>

	* Release 0.4d

2001-08-10  Assar Westerlund  <assar@@sics.se>

	* configure.in: check for openpty
	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:4:0

2001-08-08  Assar Westerlund  <assar@@sics.se>

	* configure.in: just add -L (if required) from krb4 when testing
	for libdes/libcrypto

2001-08-04  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am (man_MANS): add some missing man pages
	* fix-export: fix the sed expression for finding the man pages

2001-07-31  Assar Westerlund  <assar@@sics.se>

	* kpasswd/kpasswd-generator.c (main): implement --version and
	--help

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): update version to
	18:1:1

2001-07-27  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/context.c (init_context_from_config_file): check
	parsing of addresses

2001-07-26  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/sock_principal.c (krb5_sock_to_principal): rename
	sa_len -> salen to avoid the macro that's defined on irix.  noted
	by "Jacques A. Vidrine" <n@@nectar.com>

2001-07-24  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/addr_families.c: add support for type
	KRB5_ADDRESS_ADDRPORT

	* lib/krb5/addr_families.c (krb5_address_order): complain about
	unsuppored address types

2001-07-23  Johan Danielsson  <joda@@pdc.kth.se>

	* admin/get.c: don't open connection to server until we loop over
	the principals, at that time we know the realm of the (first)
	principal and we can default to that admin server

	* admin: add a rename command

2001-07-19  Assar Westerlund  <assar@@sics.se>

	* kdc/hprop.c (usage): clarify a tiny bit

2001-07-19  Assar Westerlund  <assar@@sics.se>

	* Release 0.4c

2001-07-19  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
	18:0:1

	* lib/krb5/get_for_creds.c (krb5_fwd_tgt_creds): make it behave
	the same way as the MIT function

	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): update to 7:3:0
	* lib/krb5/sock_principal.c (krb5_sock_to_principal): use
	getnameinfo

	* lib/krb5/krbhst.c (srv_find_realm): handle port numbers
	consistenly in local byte order

	* lib/krb5/get_default_realm.c (krb5_get_default_realm): set an
	error string

	* kuser/kinit.c (renew_validate): invert condition correctly.  get
	v4 tickets if we succeed renewing
	* lib/krb5/principal.c (krb5_principal_get_type): add
	(default_v4_name_convert): add "smtp"

2001-07-13  Assar Westerlund  <assar@@sics.se>

	* configure.in: remove make-print-version from LIBOBJS, it's no
	longer in lib/roken but always built in lib/vers

2001-07-12  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/mkey.c: more set_error_string

2001-07-12  Assar Westerlund  <assar@@sics.se>

	* lib/hdb/Makefile.am (libhdb_la_LIBADD): add required library
	dependencies

	* lib/asn1/Makefile.am (libasn1_la_LIBADD): add required library
	dependencies

2001-07-11  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/hprop.c: remove v4 master key handling; remove old v4-db and
	ka-db flags; add defaults for v4_realm and afs_cell

2001-07-09  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/sock_principal.c (krb5_sock_to_principal): copy hname
	before calling krb5_sname_to_principal.  from "Jacques A. Vidrine"
	<n@@nectar.com>

2001-07-08  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/context.c: use krb5_copy_addresses instead of
	copy_HostAddresses

2001-07-06  Assar Westerlund  <assar@@sics.se>

	* configure.in (LIB_des_a, LIB_des_so): add these so that they can
	be used by lib/auth/sia

	* kuser/kinit.c: re-do some of the v4 fallbacks: look at
	get-tokens flag do not print extra errors do not try to do 524 if
	we got tickets from a v4 server

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/replay.c (krb5_get_server_rcache): cast argument to
	printf

	* lib/krb5/get_addrs.c (find_all_addresses): call free_addresses
	on ignore_addresses correctly
	* lib/krb5/init_creds.c
	(krb5_get_init_creds_opt_set_default_flags): change to take a
	const realm

	* lib/krb5/principal.c (krb5_425_conv_principal_ext): if the
	instance is the first component of the local hostname, the
	converted host should be the long hostname.  from
	<shadow@@dementia.org>

2001-07-02  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/Makefile.am: address.c is no more; add a couple of
	manpages

	* lib/krb5/krb5_timeofday.3: new manpage

	* lib/krb5/krb5_get_all_client_addrs.3: new manpage

	* lib/krb5/get_in_tkt.c (init_as_req): treat no addresses as
	wildcard

	* lib/krb5/get_cred.c (get_cred_kdc_la): treat no addresses as
	wildcard

	* lib/krb5/get_addrs.c: don't include client addresses that match
	ignore_addresses

	* lib/krb5/context.c: initialise ignore_addresses

	* lib/krb5/addr_families.c: add new `arange' fake address type,
	that matches more than one address; this required some internal
	changes to many functions, so all of address.c got moved here
	(wasn't much left there)

	* lib/krb5/krb5.h: add list of ignored addresses to context

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* Release 0.4b

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): set version to 17:0:0
	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): set version to 7:2:0

2001-07-03  Assar Westerlund  <assar@@sics.se>

	* Release 0.4a

2001-07-02  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/kinit.c: make this compile without krb4 support

	* lib/krb5/write_message.c: remove priv parameter from
	write_safe_message; don't know why it was there in the first place

	* doc/install.texi: remove kaserver switches, it's always compiled
	in now

	* kdc/hprop.c: always include kadb support

	* kdc/kaserver.c: always include kaserver support

2001-07-02  Assar Westerlund  <assar@@sics.se>

	* kpasswd/kpasswdd.c (doit): make failing to bind a socket a
	non-fatal error, and abort if no sockets were bound

2001-07-01  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krbhst.c: remember the real port number when falling
	back from kpasswd -> kadmin, and krb524 -> kdc

2001-06-29  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if
	no_addresses is set, do not add any local addresses to KRB_CRED

	* kuser/kinit.c: remove extra clearing of password and some
	redundant code

2001-06-29  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/kinit.c: move ticket conversion code to separate function,
	and call that from a couple of places, like when renewing a
	ticket; also add a flag for just converting a ticket

	* lib/krb5/init_creds_pw.c: set renew-life to some sane value

	* kdc/524.c: don't send more data than required

2001-06-24  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/store_fd.c (krb5_storage_from_fd): check malloc returns

	* lib/krb5/keytab_any.c (any_resolve); improving parsing of ANY:
	(any_start_seq_get): remove a double free
	(any_next_entry): iterate over all (sub) keytabs and avoid leave data
	around to be freed again

	* kdc/kdc_locl.h: add a define for des_new_random_key when using
	openssl's libcrypto

	* configure.in: move v6 tests down

	* lib/krb5/krb5.h (krb5_context_data): remove srv_try_rfc2052

	* update to libtool 1.4 and autoconf 2.50

2001-06-22  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/hdb.c: use krb5_add_et_list

2001-06-21  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/hdb/Makefile.am: add generation number
	* lib/hdb/common.c: add generation number code
	* lib/hdb/hdb.asn1: add generation number
	* lib/hdb/print.c: use krb5_storage to make it more dynamic

2001-06-21  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.conf.5: update to changed names used by
	krb5_get_init_creds_opt_set_default_flags
	* lib/krb5/init_creds.c
	(krb5_get_init_creds_opt_set_default_flags): make the appdefault
	keywords have the same names

	* configure.in: only add -L and -R to the krb4 libdir if we are
	actually using it

	* lib/krb5/krbhst.c (fallback_get_hosts): do not copy trailing
	dot of hostname add some comments
	* lib/krb5/krbhst.c: use getaddrinfo instead of dns_lookup when
	testing for kerberos.REALM.  this allows reusing that information
	when actually contacting the server and thus avoids one DNS lookup

2001-06-20  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/krb5.h: include k524_err.h

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): don't test
	for keytype, the server will do this for us if it has anything to
	complain about

	* lib/krb5/context.c: add protocol compatible krb524 error codes

	* lib/krb5/Makefile.am: add protocol compatible krb524 error codes

	* lib/krb5/k524_err.et: add protocol compatible krb524 error codes

	* lib/krb5/krb5_principal_get_realm.3: manpage

	* lib/krb5/principal.c: add functions `krb5_principal_get_realm'
	and `krb5_principal_get_comp_string' that returns parts of a
	principal; this is a replacement for the internal
	`krb5_princ_realm' and `krb5_princ_component' macros that everyone
	seem to use

2001-06-19  Assar Westerlund  <assar@@sics.se>

	* kuser/kinit.c (main): dereference result from krb5_princ_realm.
	from Thomas Nystrom <thn@@saeab.se>

2001-06-18  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/mk_req.c (krb5_mk_req_exact): free creds when done
	* lib/krb5/crypto.c (krb5_string_to_key_derived): fix memory leak
	* lib/krb5/krbhst.c (config_get_hosts): free hostlist
	* kuser/kinit.c: free principal

2001-06-18  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/send_to_kdc.c (krb5_sendto): remove an extra
	freeaddrinfo

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc_ccache):
	remove some unused variables

	* lib/krb5/krbhst.c (admin_get_next): spell kerberos correctly
	* kdc/kerberos5.c: update to new krb5_auth_con* names
	* kdc/hpropd.c: update to new krb5_auth_con* names
	* lib/krb5/rd_req.c (krb5_rd_req): use krb5_auth_con* functions
	and remove some comments
	* lib/krb5/rd_safe.c (krb5_rd_safe): pick the keys in the right
	order: remote - local - session
	* lib/krb5/rd_rep.c (krb5_rd_rep): save the remote sub key in the
	auth_context
	* lib/krb5/rd_priv.c (krb5_rd_priv): pick keys in the correct
	order: remote - local - session
	* lib/krb5/mk_safe.c (krb5_mk_safe): pick keys in the right order,
	local - remote - session

2001-06-18  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/convert_creds.c: use starttime instead of authtime,
	from Chris Chiappa

	* lib/krb5/convert_creds.c: make krb524_convert_creds_kdc match
	the MIT function by the same name; add
	krb524_convert_creds_kdc_ccache that does what the old version did

	* admin/list.c (do_list): make sure list of keys is NULL
	terminated; similar to patch sent by Chris Chiappa

2001-06-18  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/mcache.c (mcc_remove_cred): use
	krb5_free_creds_contents

	* lib/krb5/auth_context.c: name function krb5_auth_con more
	consistenly
	* lib/krb5/rd_req.c (krb5_verify_authenticator_checksum): use
	renamed krb5_auth_con_getauthenticator

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): update to
	use krb5_krbhst API
	* lib/krb5/changepw.c (krb5_change_password): update to use
	krb5_krbhst API
	* lib/krb5/send_to_kdc.c: update to use krb5_krbhst API
	* lib/krb5/krbhst.c (krb5_krbhst_get_addrinfo): add set def_port
	in krb5_krbhst_info
	(krb5_krbhst_free): free everything

	* lib/krb5/krb5.h (KRB5_VERIFY_NO_ADDRESSES): add
	(krb5_krbhst_info): add def_port (default port for this service)

	* lib/krb5/krbhst-test.c: make it more verbose and useful
	* lib/krb5/krbhst.c: remove some more memory leaks do not try any
	dns operations if there is local configuration admin: fallback to
	kerberos.REALM 524: fallback to kdcs kpasswd: fallback to admin
	add some comments

	* configure.in: remove initstate and setstate, they should be in
	cf/roken-frag.m4

	* lib/krb5/Makefile.am (noinst_PROGRAMS): add krbhst-test
	* lib/krb5/krbhst-test.c: new program for testing krbhst
	* lib/krb5/krbhst.c (common_init): remove memory leak
	(main): move test program into krbhst-test

2001-06-17  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/krb5_krbhst_init.3: manpage

	* lib/krb5/krb5_get_krbhst.3: manpage

2001-06-16  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/krb5.h: add opaque krb5_krbhst_handle type

	* lib/krb5/krbhst.c: change void* to krb5_krbhst_handle

	* lib/krb5/krb5.h: types for new krbhst api

	* lib/krb5/krbhst.c: implement a new api that looks up one host at
	a time, instead of making a list of hosts

2001-06-09  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: test for initstate and setstate

	* lib/krb5/krbhst.c: remove rfc2052 support

2001-06-08  Johan Danielsson  <joda@@pdc.kth.se>

	* fix some manpages for broken mdoc.old grog test

2001-05-28  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/krb5.conf.5: add [appdefaults]
	* lib/krb5/init_creds_pw.c: remove configuration reading that is
	now done in krb5_get_init_creds_opt_set_default_flags
	* lib/krb5/init_creds.c
	(krb5_get_init_creds_opt_set_default_flags): add reading of
	libdefaults versions of these and add no_addresses

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear error string
	when preauth was required and we retry

2001-05-25  Assar Westerlund  <assar@@sics.se>

	* lib/krb5/convert_creds.c (krb524_convert_creds_kdc): call
	krb5_get_krb524hst
	* lib/krb5/krbhst.c (krb5_get_krb524hst): add and restructure the
	support functions

2001-05-22  Assar Westerlund  <assar@@sics.se>

	* kdc/kerberos5.c (tgs_rep2): alloc and free csec and cusec
	properly

a12 4
2001-05-17  Johan Danielsson  <joda@@pdc.kth.se>

	* kdc/config.c: actually check the ticket addresses

a22 4

	* lib/krb5/verify_user.c: krb5_verify_user_opt

	* lib/krb5/krb5.h: verify_opt
@


1.1.1.8
log
@Import of Heimdal Kerberos from KTH repository circa 2002/08/29.
@
text
@d1 308
a308 1
2002-08-28  Assar Westerlund  <assar@@kth.se>
d310 1
a310 1
	* kdc/config.c: add missing ifdef DAEMON
d312 1
a312 1
2002-08-28  Johan Danielsson  <joda@@pdc.kth.se>
d314 114
a427 1
	* configure.in: use rk_SUNOS
d429 1
a429 1
	* kdc/config.c: add detach options
d431 1
a431 1
	* kdc/main.c: maybe detach from console?
d433 1
a433 1
	* kdc/kdc.8: markup changes
d435 1
a435 1
	* configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE
d437 2
a438 2
	* configure.in: use rk_TELNET, rename some other macros, and don't
	add -ldes to krb4 link command
d440 2
a441 1
	* kuser/kinit.1: whitespace fix (from NetBSD)
d443 1
a443 1
	* include/bits.c: we may need unistd.h for ssize_t
d445 1
a445 1
2002-08-26  Assar Westerlund  <assar@@kth.se>
d447 1
a447 3
	* lib/krb5/principal.c (krb5_425_conv_principal_ext): lookup AAAA
	rrs before A ones when using the resolver to verify a mapping,
	also use getaddrinfo when resolver is not available
d449 2
a450 2
	* lib/hdb/keytab.c (find_db): const-correctness in parameters to
	krb5_config_get_next
d452 1
a452 2
	* lib/asn1/gen.c: include <string.h> in the generated files (for
	memset)
d454 2
a455 1
2002-08-22  Assar Westerlund  <assar@@kth.se>
d457 1
a457 3
	* lib/krb5/test_get_addrs.c, lib/krb5/krbhst-test.c: make it use
	getarg so that it can handle --help and --version (and thus make
	check can pass)
d459 2
a460 1
	* lib/asn1/check-der.c: make this build again
d462 2
a463 1
2002-08-22  Assar Westerlund <assar@@kth.se>
d465 1
a465 2
	* lib/asn1/der_get.c (der_get_int): handle len == 0.  based on a
	patch from Love <lha@@stacken.kth.se>
d467 3
a469 1
2002-08-22  Johan Danielsson  <joda@@pdc.kth.se>
d471 12
a482 5
	* lib/krb5/krb5.h: we seem to call KRB5KDC_ERR_KEY_EXP
	KRB5KDC_ERR_KEY_EXPIRED, so define the former to the latter
	
	* kdc/kdc.8: add blurb about adding and removing addresses; update
	kdc.conf section to match reality
d484 2
a485 7
	* configure.in: KRB_SENDAUTH_VLEN seems to always have existed, so
	don't define it
	
2002-08-21  Assar Westerlund  <assar@@kth.se>
	
	* lib/asn1/asn1_print.c: print OIDs too, based on a patch from
	Love <lha@@stacken.kth.se>
d487 1
a487 1
2002-08-21  Johan Danielsson  <joda@@pdc.kth.se>
d489 1
a489 4
	* kuser/kinit.c (do_v4_fallback): don't use krb_get_pw_in_tkt2
	since it might not exist, and we don't actually care about the key
	
2002-08-20  Johan Danielsson  <joda@@pdc.kth.se>
d491 1
a491 2
	* lib/krb5/krb5.conf.5: correct documentation for
	verify_ap_req_nofail
d493 1
a493 2
	* lib/krb5/log.c: rename syslog_data to avoid name conflicts (from
	Mattias Amnefelt)
d495 1
a495 2
	* kuser/klist.c (display_tokens): increase token buffer size, and
	add more checks of the kernel data (from Love)
d497 1
a497 1
2002-08-19  Johan Danielsson  <joda@@pdc.kth.se>
d499 4
a502 1
	* fix-export: use make to parse Makefile.am instead of perl
d504 1
a504 2
	* configure.in: use argument-less AM_INIT_AUTOMAKE, now that it
	groks AC_INIT with package name etc.
d506 5
a510 1
	* kpasswd/kpasswdd.c: include <kadm5/private.h>
d512 2
a513 1
	* lib/asn1/asn1_print.c: include com_right.h
d515 5
a519 1
	* lib/krb5/addr_families.c: socklen_t -> krb5_socklen_t
d521 1
a521 2
	* include/bits.c: define krb5_socklen_t type; this should really
	go someplace else, but this was easy
d523 1
a523 2
	* lib/krb5/verify_krb5_conf.c: don't bail out if parsing of a file
	fails, just warn about it
d525 3
a527 1
	* kdc/log.c (kdc_openlog): no need for a config_file parameter
d529 1
a529 1
	* kdc/config.c: just treat kdc.conf like any other config file
d531 1
a531 2
	* lib/krb5/context.c (krb5_get_default_config_files): ignore
	duplicate files
d533 1
a533 1
2002-08-16  Johan Danielsson  <joda@@pdc.kth.se>
d535 1
a535 2
	* lib/krb5/krb5.h: turn strings into pointers, so we can assign to
	them
d537 5
a541 2
	* lib/krb5/constants.c: turn strings into pointers, so we can
	assign to them
d543 1
a543 2
	* lib/krb5/get_addrs.c (get_addrs_int): initialise res if
	SCAN_INTERFACES is not set
d545 2
a546 1
	* lib/krb5/context.c: fix various borked stuff in previous commits
d548 1
a548 1
2002-08-16  Jacques Vidrine <n@@nectar.com>
d550 4
a553 3
	* lib/krb5/krbhst.c (kpasswd_get_next): if we fall back to using
	the `admin_server' entry for kpasswd, override the `proto' result
	to be UDP.
d555 1
a555 1
2002-08-15  Johan Danielsson  <joda@@pdc.kth.se>
d557 2
a558 2
	* lib/krb5/auth_context.c: check return value of
	krb5_sockaddr2address
d560 2
a561 2
	* lib/krb5/addr_families.c: check return value of
	krb5_sockaddr2address
d563 13
a575 1
	* lib/krb5/context.c: get the default keytab from KRB5_KTNAME
d577 1
a577 1
2002-08-14  Johan Danielsson  <joda@@pdc.kth.se>
d579 2
a580 1
	* lib/krb5/verify_krb5_conf.c: allow parsing of more than one file
d582 3
a584 4
	* lib/krb5/context.c: allow changing config files with the
	function krb5_set_config_files, there are also related functions
	krb5_get_default_config_files and krb5_free_config_files; these
	should work similar to their MIT counterparts
d586 2
a587 2
	* lib/krb5/config_file.c: allow the use of more than one config
	file by using the new function krb5_config_parse_file_multi
d589 1
a589 1
2002-08-12  Johan Danielsson  <joda@@pdc.kth.se>
d591 2
a592 1
	* use sysconfdir instead of /etc
d594 4
a597 3
	* configure.in: require autoconf 2.53; rename dpagaix_LDFLAGS etc
	to appease automake; force sysconfdir and localstatedir to /etc
	and /var/heimdal for now
d599 8
a606 2
	* kdc/connect.c (addr_to_string): check return value of
	sockaddr2address
d608 2
a609 1
2002-08-09  Johan Danielsson  <joda@@pdc.kth.se>
d611 5
a615 3
	* lib/krb5/rd_cred.c: if the remote address isn't an addrport,
	don't try comparing to one; this should make old clients work with
	new servers
d617 2
a618 1
	* lib/asn1/gen_decode.c: remove unused variable
d620 4
a623 1
2002-07-31  Johan Danielsson  <joda@@pdc.kth.se>
d625 1
a625 2
	* kdc/{kerberos5,524}.c: ENOENT -> HDB_ERR_NOENTRY (from Derrick
	Brashear)
d627 1
a627 2
	* lib/krb5/principal.c: actually lower case the lower case
	instance name (spotted by Derrick Brashear)
d629 1
a629 1
2002-07-24  Johan Danielsson  <joda@@pdc.kth.se>
d631 1
a631 2
	* fix-export: if DATEDVERSION is set, change the version to
	current date
d633 1
a633 2
	* configure.in: don't use AC_PROG_RANLIB, and use magic foo to set
	LTLIBOBJS
d635 1
a635 1
2002-07-04  Johan Danielsson  <joda@@pdc.kth.se>
d637 1
a637 2
	* kdc/connect.c: add some cache-control-foo to the http responses
	(from Gombas Gabor)
d639 2
a640 2
	* lib/krb5/addr_families.c (krb5_print_address): don't copy size
	if ret_len == NULL
d642 1
a642 1
2002-06-28  Johan Danielsson  <joda@@pdc.kth.se>
d644 1
a644 4
	* kuser/klist.c (display_tokens): don't bail out before we get
	EDOM (signaling the end of the tokens), the kernel can also return
	ENOTCONN, meaning that the index does not exist anymore (for
	example if the token has expired)
d646 1
a646 1
2002-06-06  Johan Danielsson  <joda@@pdc.kth.se>
d648 1
a648 2
	* lib/krb5/changepw.c: make sure we return an error if there are
	no changepw hosts found; from Wynn Wilkes
d650 1
a650 1
2002-05-29  Johan Danielsson  <joda@@pdc.kth.se>
d652 1
a652 2
	* lib/krb5/cache.c (krb5_cc_register): break out of loop when the
	same type is found; spotted by Wynn Wilkes
d654 6
a659 1
2002-05-15  Johan Danielsson  <joda@@pdc.kth.se>
d661 2
a662 2
	* kdc/kerberos5.c: don't free encrypted padata until we're really
	done with it
d664 1
a664 1
2002-05-07  Johan Danielsson  <joda@@pdc.kth.se>
d666 4
a669 2
	* kdc/kerberos5.c: when decrypting pa-data, try all keys matching
	enctype
d671 1
a671 1
	* kuser/kinit.1: document -a
d673 2
a674 1
	* kuser/kinit.c: add command line switch for extra addresses
d676 1
a676 1
2002-04-30  Johan Danielsson  <joda@@blubb.pdc.kth.se>
d678 1
a678 1
	* configure.in: remove some duplicate tests
d680 1
a680 1
	* configure.in: use AC_HELP_STRING
d682 5
a686 1
2002-04-29  Johan Danielsson  <joda@@pdc.kth.se>
d688 1
a688 2
	* lib/krb5/crypto.c (usage2arcfour): don't abort if the usage is
	unknown
d690 1
a690 1
2002-04-25  Johan Danielsson  <joda@@pdc.kth.se>
d692 1
a692 1
	* configure.in: use rk_DESTDIRS
d694 2
a695 1
2002-04-22  Johan Danielsson  <joda@@pdc.kth.se>
d697 3
a699 2
	* lib/krb5/krb5_verify_user.3: make it clear that _lrealm modifies
	the principal
d701 1
a701 1
2002-04-19  Johan Danielsson  <joda@@pdc.kth.se>
d703 1
a703 1
	* lib/krb5/verify_init.c: fix typo in error string
d705 1
a705 1
2002-04-18  Johan Danielsson  <joda@@pdc.kth.se>
d707 1
a707 1
	* acconfig.h: remove some stuff that is defined elsewhere
d709 1
a709 1
	* lib/krb5/krb5_locl.h: include <sys/file.h>
d711 6
a716 1
	* lib/krb5/acl.c: rename acl_string parameter
d718 2
a719 2
	* lib/krb5/Makefile.am: remove __P from protos, and put parameter
	names in comments
d721 1
a721 1
	* kuser/klist.c: better align some headers
d723 1
a723 1
	* kdc/kerberos4.c: storage tweaks
d725 6
a730 1
	* kdc/kaserver.c: storage tweaks
d732 3
a734 1
	* kdc/524.c: storage tweaks
d736 1
a736 1
	* lib/krb5/keytab_krb4.c: storage tweaks
d738 1
a738 1
	* lib/krb5/keytab_keyfile.c: storage tweaks
d740 1
a740 2
	* lib/krb5/keytab_file.c: storage tweaks; also try to handle zero
	sized keytab files
d742 5
a746 1
	* lib/krb5/keytab_any.c: use KRB5_KT_END instead of KRB5_CC_END
d748 2
a749 1
	* lib/krb5/fcache.c: storage tweaks
d751 1
a751 3
	* lib/krb5/store_mem.c: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable
d753 19
a771 3
	* lib/krb5/store_fd.c: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable
d773 1
a773 3
	* lib/krb5/store_emem.c: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable
d775 2
a776 3
	* lib/krb5/store.c: make the krb5_storage opaque, and add function
	wrappers for store/fetch/seek, and also make the eof-code
	configurable
d778 2
a779 3
	* lib/krb5/store-int.h: make the krb5_storage opaque, and add
	function wrappers for store/fetch/seek, and also make the eof-code
	configurable
d781 8
a788 3
	* lib/krb5/krb5.h: make the krb5_storage opaque, and add function
	wrappers for store/fetch/seek, and also make the eof-code
	configurable
d790 1
a790 1
	* include/bits.c: include <sys/socket.h> to get socklen_t
d792 5
a796 2
	* kdc/kerberos5.c (get_pa_etype_info): sort ETYPE-INFOs by
	requested KDC-REQ etypes
d798 2
a799 1
	* kdc/hpropd.c: constify
d801 2
a802 1
	* kdc/hprop.c: constify
d804 1
a804 1
	* kdc/string2key.c: constify
d806 2
a807 1
	* kdc/kdc_locl.h: make port_str const
d809 1
a809 1
	* kdc/config.c: constify
d811 4
a814 1
	* lib/krb5/config_file.c: constify
d816 5
a820 1
	* kdc/kstash.c: constify
d822 4
a825 1
	* lib/krb5/verify_user.c: remove unnecessary cast
d827 1
a827 1
	* lib/krb5/recvauth.c: constify
d829 1
a829 1
	* lib/krb5/principal.c (krb5_parse_name): const qualify
d831 1
a831 1
	* lib/krb5/mcache.c (mcc_get_name): constify return type
d833 1
a833 2
	* lib/krb5/context.c (krb5_free_context): don't try to free the
	ccache prefix
d835 1
a835 2
	* lib/krb5/cache.c (krb5_cc_register): don't make a copy of the
	prefix
d837 1
a837 1
	* lib/krb5/krb5.h: constify some struct members
d839 2
a840 1
	* lib/krb5/log.c: constify
d842 1
a842 2
	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): const
	qualify
d844 8
a851 1
	* lib/krb5/get_in_tkt.c (krb5_init_etype): constify
d853 1
a853 1
	* lib/krb5/crypto.c: constify some
d855 2
a856 1
	* lib/krb5/config_file.c: constify
d858 1
a858 2
	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname):
	constify local variable
d860 3
a862 1
	* lib/krb5/addr_families.c (ipv4_sockaddr2port): constify
d864 3
a866 1
2002-04-17  Johan Danielsson  <joda@@pdc.kth.se>
d868 2
a869 1
	* lib/krb5/verify_krb5_conf.c: add some log checking
d871 81
a951 1
	* lib/krb5/log.c (krb5_addlog_dest): reorganise syslog parsing
d953 4
a956 1
2002-04-16  Johan Danielsson  <joda@@pdc.kth.se>
d958 1
a958 2
	* lib/krb5/crypto.c (krb5_crypto_init): check that the key size
	matches the expected length
d960 1
a960 1
2002-03-27  Johan Danielsson  <joda@@pdc.kth.se>
d962 1
a962 1
	* lib/krb5/send_to_kdc.c: rename send parameter to send_data
d964 1
a964 1
	* lib/krb5/mk_error.c: rename ctime parameter to client_time
d966 1
a966 1
2002-03-22  Johan Danielsson  <joda@@pdc.kth.se>
d968 1
a968 2
	* kdc/kerberos5.c (find_etype): unsigned -> krb5_enctype (from
	Reinoud Zandijk)
d970 1
a970 1
2002-03-18  Johan Danielsson  <joda@@pdc.kth.se>
d972 3
a974 1
	* lib/asn1/k5.asn1: add the GSS-API checksum type here
d976 57
a1032 1
2002-03-11  Assar Westerlund  <assar@@sics.se>
d1035 53
a1087 5
	18:3:1
	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:5:0
	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 6:0:0
	
2002-03-10  Assar Westerlund  <assar@@sics.se>
d1089 1
a1089 1
	* lib/krb5/rd_cred.c: handle addresses with port numbers
d1091 2
a1092 3
	* lib/krb5/keytab_file.c, lib/krb5/keytab.c:
	store the kvno % 256 as the byte and the complete 32 bit kvno after
	the end of the current keytab entry
d1094 1
a1094 2
	* lib/krb5/init_creds_pw.c:
	handle LR_PW_EXPTIME and LR_ACCT_EXPTIME in the same way
d1096 2
a1097 2
	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds):
	handle ports giving for the remote address
d1099 2
a1100 2
	* lib/krb5/get_cred.c:
	get a ticket with no addresses if no-addresses is set
d1102 2
a1103 3
	* lib/krb5/crypto.c:
	rename functions DES_* to krb5_* to avoid colliding with modern
	openssl
d1105 1
a1105 4
	* lib/krb5/addr_families.c:
	make all functions taking 'struct sockaddr' actually take a socklen_t
	instead of int and that acts as an in-out parameter (indicating the
	maximum length of the sockaddr to be written)
d1107 1
a1107 3
	* kdc/kerberos4.c:
	make the kvno's in the krb4 universe by the real one % 256, since they
	cannot only be 8 bit, and the v5 ones are actually 32 bits
d1109 1
a1109 1
2002-02-15  Johan Danielsson  <joda@@pdc.kth.se>
d1111 2
a1112 3
	* lib/krb5/keytab_keyfile.c (akf_add_entry): don't create the file
	before we need to write to it
	(from ke Sandgren)
d1114 2
a1115 1
2002-02-14  Johan Danielsson  <joda@@pdc.kth.se>
d1117 4
a1120 3
	* configure.in: rk_RETSIGTYPE and rk_BROKEN_REALLOC are called via
	rk_ROKEN (from Gombas Gabor); find inttypes by CHECK_TYPES
	directly
d1122 5
a1126 2
	* lib/krb5/rd_safe.c: actually use the correct key (from Daniel
	Kouril)
d1128 1
a1128 1
2002-02-12  Johan Danielsson  <joda@@pdc.kth.se>
d1130 1
a1130 2
	* lib/krb5/context.c (krb5_get_err_text): protect against NULL
	context
d1132 1
a1132 1
2002-02-11  Johan Danielsson  <joda@@pdc.kth.se>
d1134 2
a1135 1
	* admin/ktutil.c: no need to use the "modify" keytab anymore
d1137 1
a1137 1
	* lib/krb5/keytab_any.c: implement add and remove
d1139 1
a1139 1
	* lib/krb5/keytab_krb4.c: implement add and remove
d1141 1
a1141 2
	* lib/krb5/store_emem.c (emem_free): clear memory before freeing
	(this should perhaps be selectable with a flag)
d1143 1
a1143 1
2002-02-04  Johan Danielsson  <joda@@pdc.kth.se>
d1145 2
a1146 3
	* kdc/config.c (get_dbinfo): if there are database specifications
	in the config file, don't automatically try to use the default
	values (from Gombas Gabor)
d1148 1
a1148 2
	* lib/krb5/log.c (krb5_closelog): don't pass pointer to pointer
	(from Gombas Gabor)
d1150 1
a1150 1
2002-01-30  Johan Danielsson  <joda@@pdc.kth.se>
d1152 2
a1153 2
	* admin/list.c: get the default keytab from krb5.conf, and list
	all parts of an ANY type keytab
d1155 1
a1155 1
	* lib/krb5/context.c: default default_keytab_modify to NULL
d1157 3
a1159 3
	* lib/krb5/keytab.c (krb5_kt_default_modify_name): if no modify
	name is specified take it from the first component of the default
	keytab name
d1161 5
a1165 1
2002-01-29  Johan Danielsson  <joda@@pdc.kth.se>
d1167 1
a1167 1
	* lib/krb5/keytab.c: compare keytab types case insensitively
d1169 1
a1169 1
2002-01-07  Assar Westerlund  <assar@@sics.se>
a1170 8
	* lib/krb5/crypto.c (create_checksum): make usage `unsigned' (it's
	not really a krb5_key_usage).  From Ben Harris <bjh21@@netbsd.org>
	* lib/krb5/get_in_tkt.c: use krb5_enctype consistently.  From Ben
	Harris <bjh21@@netbsd.org>
	* lib/krb5/crypto.c: use krb5_enctype consistently.  From Ben
	Harris <bjh21@@netbsd.org>
	* kdc/kerberos5.c: use krb5_enctype consistently.  From Ben Harris
	<bjh21@@netbsd.org>
@


1.1.1.9
log
@Import of Heimdal Kerberos from KTH repository circa 2002/09/16.
@
text
@a0 168
2002-09-16  Jacques Vidrine  <nectar@@kth.se>

	* lib/krb5/kuserok.c, lib/krb5/prompter_posix.c: use strcspn
	to convert the newline to NUL in fgets results.

2002-09-13  Johan Danielsson  <joda@@pdc.kth.se>

	* kuser/kinit.1: remove unneeded Ns

	* lib/krb5/krb5_appdefault.3: remove extra "application"

	* fix-export: remove autom4ate.cache

2002-09-10  Johan Danielsson  <joda@@pdc.kth.se>

	* include/make_crypto.c: don't use function macros if possible

	* lib/krb5/krb5_locl.h: get limits.h for UINT_MAX

	* include/Makefile.am: use make_crypto to create crypto-headers.h

	* include/make_crypto.c: crypto header generation tool

	* configure.in: move crypto test to just after testing for krb4,
	and move roken tests to after both, this speeds up various failure
	cases with krb4

	* lib/krb5/config_file.c: don't use NULL when we mean 0

	* configure.in: we don't set package_libdir anymore, so no point
	in testing for it

	* tools/Makefile.am: subst INCLUDE_des

	* tools/krb5-config.in: add INCLUDE_des to cflags

	* configure.in: use AC_CONFIG_SRCDIR

	* fix-export: remove some unneeded stuff

	* kuser/kinit.c (do_524init): free principals

2002-09-09  Jacques Vidrine  <nectar@@kth.se>

	* kdc/kerberos5.c (get_pa_etype_info, fix_transited_encoding),
	kdc/kaserver.c (krb5_ret_xdr_data),
	lib/krb5/transited.c (krb5_domain_x500_decode): Validate some
	counts: Check that they are non-negative, and that they are small
	enough to avoid integer overflow when used in memory allocation
	calculations.  Potential problem areas pointed out by 
	Sebastian Krahmer <krahmer@@suse.de>.

	* lib/krb5/keytab_keyfile.c (akf_add_entry): Use O_EXCL when
	creating a new keyfile.

2002-09-09  Johan Danielsson  <joda@@pdc.kth.se>

	* configure.in: don't try to build pam module

2002-09-05  Johan Danielsson  <joda@@pdc.kth.se>

	* appl/kf/kf.c: fix warning string

	* lib/krb5/log.c (krb5_vlog_msg): delay message formating till we
	know we need it

2002-09-04  Assar Westerlund  <assar@@kth.se>

	* kdc/kerberos5.c (encode_reply): correct error logging

2002-09-04  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/sendauth.c: close ccache if we opened it

	* appl/kf/kf.c: handle new protocol

	* appl/kf/kfd.c: use krb5_err instead of sysloging directly,
	handle the new protocol, and bail out if an old client tries to
	connect

	* appl/kf/kf_locl.h: we need a protocol version string

	* lib/hdb/hdb-ldap.c: use ASN1_MALLOC_ENCODE

	* kdc/kerberos5.c: use ASN1_MALLOC_ENCODE

	* kdc/hprop.c: set AP_OPTS_USE_SUBKEY

	* lib/hdb/common.c: use ASN1_MALLOC_ENCODE

	* lib/asn1/gen.c: add convenience macro that allocates a buffer
	and encoded into that

	* lib/krb5/get_cred.c (init_tgs_req): use
	in_creds->session.keytype literally instead of trying to convert
	to a list of enctypes (it should already be an enctype)
	
	* lib/krb5/get_cred.c (init_tgs_req): init ret

2002-09-03  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/asn1/k5.asn1: remove ETYPE_DES3_CBC_NONE_IVEC

	* lib/krb5/krb5.h: remove ENCTYPE_DES3_CBC_NONE_IVEC

	* lib/krb5/crypto.c: get rid of DES3_CBC_encrypt_ivec, just use
	zero ivec in DES3_CBC_encrypt if passed ivec is NULL

	* lib/krb5/Makefile.am: back out 1.144, since it will re-create
	krb5-protos.h at build-time, which requires perl, which is bad

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): don't
	blindly use the local subkey

	* lib/krb5/crypto.c: add function krb5_crypto_getblocksize that
	extracts the required blocksize from a crypto context

	* lib/krb5/build_auth.c: just get the length of the encoded
	authenticator instead of trying to grow a buffer

2002-09-03  Assar Westerlund  <assar@@kth.se>

	* configure.in: add --disable-mmap option, and tests for
	sys/mman.h and mmap

2002-09-03  Jacques Vidrine  <nectar@@kth.se>

	* lib/krb5/changepw.c: verify lengths in response

	* lib/asn1/der_get.c (decode_integer, decode_unsigned): check for
	truncated integers

2002-09-02  Johan Danielsson  <joda@@pdc.kth.se>

	* lib/krb5/mk_req_ext.c: generate a local subkey if
	AP_OPTS_USE_SUBKEY is set

	* lib/krb5/build_auth.c: we don't have enough information about
	whether to generate a local subkey here, so don't try to

	* lib/krb5/auth_context.c: new function
	krb5_auth_con_generatelocalsubkey

	* lib/krb5/get_in_tkt.c: only set kdc_sec_offset if looking at an
	initial ticket

	* lib/krb5/context.c (init_context_from_config_file): simplify
	initialisation of srv_lookup

	* lib/krb5/changepw.c (send_request): set AP_OPTS_USE_SUBKEY

	* lib/krb5/krb5.h: add AP_OPTS_USE_SUBKEY

2002-08-30  Assar Westerlund  <assar@@kth.se>

	* lib/krb5/name-45-test.c: also test krb5_524_conv_principal
	* lib/krb5/Makefile.am (TESTS): add name-45-test
	* lib/krb5/name-45-test.c: add testcases for
	krb5_425_conv_principal

2002-08-29  Assar Westerlund  <assar@@kth.se>

	* lib/krb5/parse-name-test.c: also test unparse_short functions
	* lib/asn1/asn1_print.c: use com_err/error_message API
	* lib/krb5/Makefile.am: add parse-name-test
	* lib/krb5/parse-name-test.c: add a program for testing parsing
	and unparsing principal names

@


1.1.1.10
log
@Import of Heimdal 0.5.1.

Approved by:	re
@
text
@d1 1
a1 1
2002-10-21  Johan Danielsson  <joda@@pdc.kth.se>
d3 2
a4 1
	* lib/krb5/store_emem.c: pull up 1.13; limit how much we allocate
d6 1
a6 2
	* lib/krb5/principal.c: pull up 1.82; don't allow trailing
	backslashes in components
d8 1
a8 1
	* lib/krb5/keytab_keyfile.c: pull up 1.15; more strcspn
d10 1
a10 2
	* lib/krb5/keytab_any.c: pull up 1.7; properly close the open
	keytabs
d12 1
a12 23
	* kdc/connect.c: pull up 1.87; check that %-quotes are followed by
	two hex digits

	* lib/krb5/prompter_posix.c: pull up 1.7; use strcspn to convert
	the newline to NUL in fgets results.

	* lib/krb5/kuserok.c: pull up 1.6; use strcspn to convert the
	newline to NUL in fgets results.

	* lib/krb5/keytab_file.c: pull up 1.12; check return value from
	start_seq_get

	* lib/krb5/context.c: pull up 1.82; return ENXIO instead of ENOENT
	when "unconfigured"

	* lib/krb5/changepw.c: pull up 1.38; fix reply length check
	calculation

	* kuser/klist.c: pull up 1.68; allow tokens up to size of buffer

	* kdc/kaserver.c: pull up 1.21; make sure life is positive

	* fix-export: pull up 1.28; remove autom4ate.cache
a14 2

	* Release 0.5
@


1.1.1.11
log
@Vendor import of Heimdal 0.6.
@
text
@d1 1
a1 1
2003-05-08  Johan Danielsson  <joda@@ratatosk.pdc.kth.se>
d3 1
a3 1
	* Release 0.6
d5 2
a6 1
2003-05-08  Love Hrnquist strand  <lha@@it.su.se>
d8 1
a8 2
	* kuser/klist.c: 1.68->1.69: print tokens even if there isn't v4
	support
d10 2
a11 2
	* kuser/kdestroy.c: 1.14->1.15: destroy tokens even if there isn't
	v4 support
d13 2
a14 2
	* kuser/kinit.c: 1.90->1.91: print tokens even if there isn't v4
	support
d16 2
a17 1
2003-05-06  Johan Danielsson  <joda@@pdc.kth.se>
d19 2
a20 2
	* lib/krb5/name-45-test.c: need to use empty krb5.conf for some
	tests
d22 2
a23 3
	* lib/asn1/check-gen.c: there is no \e escape sequence; replace
	everything with hex-codes, and cast to unsigned char* to make some
	compilers happy
d25 2
a26 1
2003-05-06  Love Hrnquist strand  <lha@@it.su.se>
d28 94
a121 2
	* lib/krb5/get_in_tkt.c (make_pa_enc_timestamp): make sure first
	argument to krb5_us_timeofday have correct type
d123 19
a141 1
2003-05-05  Assar Westerlund  <assar@@kth.se>
d143 2
a144 1
	* include/make_crypto.c (main): include aes.h if ENABLE_AES
d146 1
a146 1
2003-05-05  Love Hrnquist strand  <lha@@it.su.se>
d148 80
a227 3
	* NEWS: 1.108->1.110: fix text about gssapi compat
	
2003-04-28  Love Hrnquist strand  <lha@@it.su.se>
d229 1
a229 2
	* kdc/v4_dump.c: 1.4->1.5: (v4_prop_dump): limit strings length,
	from openbsd
d231 3
a233 1
2003-04-24  Love Hrnquist strand  <lha@@it.su.se>
d235 1
a235 2
	* doc/programming.texi: 1.2-1.3: s/managment/management/, from jmc
	<jmc@@prioris.mini.pw.edu.pl>
d237 1
a237 1
2003-04-22  Love Hrnquist strand  <lha@@it.su.se>
d239 2
a240 2
	* lib/krb5/krbhst.c: 1.43->1.44: copy NUL too, from janj@@wenf.org
	via openbsd
d242 1
a242 1
2003-04-17  Love Hrnquist strand  <lha@@it.su.se>
d244 2
a245 3
	* lib/asn1/der_copy.c (copy_general_string): use strdup
	* lib/asn1/der_put.c: remove sprintf
	* lib/asn1/gen.c: remove strcpy/sprintf
d247 5
a251 3
	* lib/krb5/name-45-test.c: use a more unique name then ratatosk so
	that other (me) have such hosts in the local domain and the tests
	fails, to take hokkigai.pdc.kth.se instead
d253 1
a253 1
	* lib/krb5/test_alname.c: add --version and --help
d255 4
a258 1
2003-04-16  Love Hrnquist strand  <lha@@it.su.se>
d260 2
a261 1
	* lib/krb5/krb5_warn.3: add krb5_get_err_text
d263 98
a360 8
	* lib/krb5/transited.c: use strlcat/strlcpy, from openbsd
	* lib/krb5/krbhst.c (srv_find_realm): use strlcpy, from openbsd
	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): use
	strlcpy, from openbsd
	* kdc/hpropd.c: s/strcat/strlcat/, inspired from openbsd
	* appl/kf/kfd.c: use strlcpy, from openbsd
	
2003-04-16  Johan Danielsson  <joda@@pdc.kth.se>
d362 2
a363 3
	* configure.in: fix for large file support in AIX, _LARGE_FILES
	needs to be defined on the command line, since lex likes to
	include stdio.h before we get to config.h
d365 2
a366 7
2003-04-16  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/krb5/*.3: Change .Fd #include <header.h> to .In header.h,
	from Thomas Klausner <wiz@@netbsd.org>
	
	* lib/krb5/krb5.conf.5: spelling, from Thomas Klausner
	<wiz@@netbsd.org>
d368 1
a368 1
2003-04-15  Love Hrnquist strand  <lha@@it.su.se>
d370 2
a371 3
	* kdc/kerberos5.c: fix some more memory leaks
	
2003-04-11  Love Hrnquist strand  <lha@@it.su.se>
d373 2
a374 3
	* appl/kf/kf.1: spelling, from jmc <jmc@@prioris.mini.pw.edu.pl>
	
2003-04-08  Love Hrnquist strand  <lha@@it.su.se>
d376 1
a376 3
	* admin/ktutil.8: typos, from jmc <jmc@@acn.waw.pl>
	
2003-04-06  Love Hrnquist strand  <lha@@it.su.se>
d378 2
a379 9
	* lib/krb5/krb5.3: s/kerberos/Kerberos/
	* lib/krb5/krb5_data.3: s/kerberos/Kerberos/
	* lib/krb5/krb5_address.3: s/kerberos/Kerberos/
	* lib/krb5/krb5_ccache.3: s/kerberos/Kerberos/
	* lib/krb5/krb5.conf.5: s/kerberos/Kerberos/
	* kuser/kinit.1: s/kerberos/Kerberos/
	* kdc/kdc.8: s/kerberos/Kerberos/
	
2003-04-01  Love Hrnquist strand  <lha@@it.su.se>
d381 2
a382 5
	* lib/krb5/test_alname.c: more krb5_aname_to_localname tests
	
	* lib/krb5/aname_to_localname.c (krb5_aname_to_localname): when
	converting too root, make sure user is ok according to
	krb5_kuserok before allowing it.
d384 1
a384 15
	* lib/krb5/Makefile.am (noinst_PROGRAMS): += test_alname
	
	* lib/krb5/test_alname.c: add test for krb5_aname_to_localname
	
	* lib/krb5/crypto.c (krb5_DES_AFS3_CMU_string_to_key): used p1
	instead of the "illegal" salt #~, same change as kth-krb did
	1999. Problems occur with crypt() that behaves like AT&T crypt
	(openssl does this). Pointed out by Marcus Watts.

	* admin/change.c (kt_change): collect all principals we are going
	to change, and pick the highest kvno and use that to guess what
	kvno the resulting kvno is going to be. Now two ktutil change in a
	row works. XXX fix the protocol to pass the kvno back.
	
2003-03-31  Love Hrnquist strand  <lha@@it.su.se>
d386 4
a389 3
	* appl/kf/kf.1: afs->AFS, from jmc <jmc@@acn.waw.pl>
	
2003-03-30  Love Hrnquist strand  <lha@@it.su.se>
d391 1
a391 2
	* doc/setup.texi: add description on how to turn on v4, 524 and
	kaserver support
d393 2
a394 1
2003-03-29  Love Hrnquist strand  <lha@@it.su.se>
d396 1
a396 2
	* lib/krb5/verify_krb5_conf.c (appdefaults_entries): add afslog
	and afs-use-524
d398 2
a399 1
2003-03-28  Love Hrnquist strand  <lha@@it.su.se>
d401 1
a401 2
	* kdc/kerberos5.c (as_rep): when the second enctype_to_string
	failes, remember to free memory from the first enctype_to_string
d403 2
a404 3
	* lib/krb5/crypto.c (usage2arcfour): map KRB5_KU_TICKET to 2,
	from Harald Joerg <harald.joerg@@fujitsu-siemens.com>
	(enctype_arcfour_hmac_md5): disable checksum_hmac_md5_enc
d406 1
a406 4
	* lib/hdb/mkey.c (hdb_unseal_keys_mkey): truncate key to the key
	length when key is longer then expected length, its probably
	longer since the encrypted data was padded, reported by Aidan
	Cully <aidan@@kublai.com>
d408 2
a409 4
	* lib/krb5/crypto.c (krb5_enctype_keysize): return key size of
	encyption type, inspired by Aidan Cully <aidan@@kublai.com>
	
2003-03-27  Love Hrnquist strand  <lha@@it.su.se>
d411 1
a411 5
	* lib/krb5/keytab.c (krb5_kt_get_entry): avoid printing 0
	(wildcard kvno) after principal when the keytab entry isn't found,
	reported by Chris Chiappa <chris@@chiappa.net>
	
2003-03-26  Love Hrnquist strand  <lha@@it.su.se>
d413 1
a413 2
	* doc/misc.texi: update 2b example to match reality (from
	mattiasa@@e.kth.se)
d415 1
a415 2
	* doc/misc.texi: spelling and add `Configuring AFS clients'
	subsection
d417 1
a417 1
2003-03-25  Love Hrnquist strand  <lha@@it.su.se>
d419 1
a419 4
	* lib/krb5/krb5.3: add krb5_free_data_contents.3
	
	* lib/krb5/data.c: add krb5_free_data_contents for compat with MIT
	API
d421 1
a421 7
	* lib/krb5/krb5_data.3: add krb5_free_data_contents for compat
	with MIT API
	
	* lib/krb5/krb5_verify_user.3: write more about how the ccache
	argument should be inited when used
	
2003-03-25  Johan Danielsson  <joda@@pdc.kth.se>
d423 2
a424 3
	* lib/krb5/addr_families.c (krb5_print_address): make sure
	print_addr is defined for the given address type; make addrports
	printable
d426 1
a426 1
	* kdc/string2key.c: print the used enctype for kerberos 5 keys
d428 1
a428 1
2003-03-25  Love Hrnquist strand  <lha@@it.su.se>
d430 1
a430 3
	* lib/krb5/aes-test.c: add another arcfour test
	
2003-03-22  Love Hrnquist strand  <lha@@it.su.se>
d432 2
a433 5
	* lib/krb5/aes-test.c: sneek in a test for arcfour-hmac-md5
	
2003-03-20  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/krb5/krb5_ccache.3: update .Dd
d435 1
a435 1
	* lib/krb5/krb5.3: sort in krb5_data functions
d437 1
a437 1
	* lib/krb5/Makefile.am (man_MANS): += krb5_data.3
d439 1
a439 1
	* lib/krb5/krb5_data.3: document krb5_data
d441 1
a441 4
	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password): if
	prompter is NULL, don't try to ask for a password to
	change. reported by Iain Moffat @@ ufl.edu via Howard Chu
	<hyc@@highlandsun.com>
d443 1
a443 1
2003-03-19  Love Hrnquist strand  <lha@@it.su.se>
d445 1
a445 2
	* lib/krb5/krb5_keytab.3: spelling, from
	<jmc@@prioris.mini.pw.edu.pl>
d447 2
a448 4
	* lib/krb5/krb5.conf.5: . means new line
	
	* lib/krb5/krb5.conf.5: spelling, from
	<jmc@@prioris.mini.pw.edu.pl>
d450 1
a450 2
	* lib/krb5/krb5_auth_context.3: spelling, from
	<jmc@@prioris.mini.pw.edu.pl>
d452 1
a452 1
2003-03-18  Love Hrnquist strand  <lha@@it.su.se>
d454 1
a454 5
	* kuser/Makefile.am: INCLUDES: -I$(srcdir)/../lib/krb5
	
	* lib/krb5/convert_creds.c: add _krb5_krb_life_to_time
	
	* lib/krb5/krb5-v4compat.h: add _krb5_krb_life_to_time
d456 1
a456 7
	* kdc/kdc_locl.h: 524 is independent of kerberos 4, so move out
	#ifdef KRB4 from enable_v4_cross_realm since 524 needs it
	
	* kdc/config.c: 524 is independent of kerberos 4, so move out
	enable_v4_cross_realm from #ifdef KRB4 since 524 needs it
	
2003-03-17  Assar Westerlund  <assar@@kth.se>
d458 1
a458 7
	* kdc/kdc.8: document --kerberos4-cross-realm
	* kdc/kerberos4.c: pay attention to enable_v4_cross_realm
	* kdc/kdc_locl.h (enable_v4_cross_realm): add
	* kdc/524.c (encode_524_response): check the enable_v4_cross_realm
	flag before giving out v4 tickets for foreign v5 principals
	* kdc/config.c: add --enable-kerberos4-cross-realm option (default
	to off)
d460 1
a460 1
2003-03-17  Love Hrnquist strand  <lha@@it.su.se>
d462 2
a463 4
	* lib/krb5/Makefile.am (man_MANS) += krb5_aname_to_localname.3
	
	* lib/krb5/krb5_aname_to_localname.3: manpage for
	krb5_aname_to_localname
d465 1
a465 3
	* lib/krb5/krb5_kuserok.3: s/KRB5_USEROK/KRB5_KUSEROK/
	
2003-03-16  Love Hrnquist strand  <lha@@it.su.se>
d467 1
a467 1
	* lib/krb5/Makefile.am (man_MANS): add krb5_set_default_realm.3
d469 3
a471 1
	* lib/krb5/krb5.3: add manpages from krb5_set_default_realm.3
d473 3
a475 4
	* lib/krb5/krb5_set_default_realm.3: Manpage for
	krb5_free_host_realm, krb5_get_default_realm,
	krb5_get_default_realms, krb5_get_host_realm, and
	krb5_set_default_realm.
d477 3
a479 2
	* admin/ktutil.8: s/entype/enctype/, from Igor Sobrado
	<sobrado@@acm.org> via NetBSD
d481 3
a483 11
	* lib/krb5/krb5_keytab.3: add documention for krb5_kt_get_type
	
	* lib/krb5/keytab.c (krb5_kt_get_type): get prefix/type of keytab
	
	* lib/krb5/krb5.h (KRB5_KT_PREFIX_MAX_LEN): max length of prefix
	
	* lib/krb5/krb5_ccache.3: document krb5_cc_get_ops, add more
	types, add krb5_fcc_ops and krb5_mcc_ops
	
	* lib/krb5/cache.c (krb5_cc_get_ops): new function, return ops for
	a id
d485 3
a487 1
2003-03-15  Love Hrnquist strand  <lha@@it.su.se>
d489 3
a491 2
	* doc/intro.texi: add reference to source code, binaries and the
	manual
d493 1
a493 3
	* lib/krb5/krb5.3: krb5.h isn't in krb5 directory in heimdal
	
2003-03-14  Love Hrnquist strand  <lha@@it.su.se>
d495 2
a496 1
	* kdc/kdc.8: better/difrent english
d498 1
a498 3
	* kdc/kdc.8: . -> .\n, copyright/license
	
	* kdc/kdc.8: changed configuration file -> restart kdc
d500 1
a500 2
	* kdc/kerberos4.c: add krb4 into the most error messages written
	to the logfile
d502 1
a502 2
	* lib/krb5/krb5_ccache.3: add missing name of argument
	(krb5_context) to most functions
d504 1
a504 1
2003-03-13  Love Hrnquist strand  <lha@@it.su.se>
d506 1
a506 3
	* lib/krb5/kuserok.c (krb5_kuserok): preserve old behviour of
	function and return FALSE when there isn't a local account for
	`luser'.
d508 1
a508 2
	* lib/krb5/krb5_kuserok.3: fix prototype, spelling and more text
	describing the function
d510 1
a510 1
2003-03-12  Love Hrnquist strand  <lha@@it.su.se>
d512 1
a512 2
	* lib/krb5/cache.c (krb5_cc_default): if krb5_cc_default_name
	returned memory, don't return ENOMEM
d514 1
a514 1
2003-03-11  Love Hrnquist strand  <lha@@it.su.se>
d516 1
a516 8
	* lib/krb5/krb5.3: add krb5_address stuff and sort
	
	* lib/krb5/krb5_address.3: fix krb5_addr2sockaddr description
	
	* lib/krb5/Makefile.am (man_MANS): += krb5_address.3
	
	* lib/krb5/krb5_address.3: document types krb5_address and
	krb5_addresses and their helper functions
d518 1
a518 1
2003-03-10  Love Hrnquist strand  <lha@@it.su.se>
d520 2
a521 1
	* lib/krb5/Makefile.am (man_MANS): += krb5_kuserok.3
d523 2
a524 1
	* lib/krb5/krb5_kuserok.3: spelling, from cizzi@@it.su.se
d526 1
a526 1
	* lib/krb5/Makefile.am (man_MANS): += krb5_ccache.3
d528 1
a528 6
	* lib/krb5/krb5_ccache.3: spelling, from cizzi@@it.su.se
	
	* lib/krb5/krb5.3: add more functions
	
	* lib/krb5/krb5_ccache.3: document krb5_ccache and krb5_cc
	functions
d530 2
a531 4
	* lib/krb5/krb5_kuserok.3: document krb5_kuserok
	
	* lib/krb5/krb5_verify_user.3: document
	krb5_verify_opt_set_flags(opt, KRB5_VERIFY_LREALMS) behavior
d533 1
a533 2
	* lib/krb5/krb5_verify_user.3: document krb5_verify_opt* and
	krb5_verify_user_opt
d535 1
a535 1
	* lib/krb5/*.[0-9]: add copyright/licenses on more manpages
d537 1
a537 2
	* kuser/kdestroy.c (main): handle that krb5_cc_default_name can
	return NULL
d539 2
a540 2
	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump minor
	(TESTS): add test_cc
d542 1
a542 6
	* lib/krb5/test_cc.c: test some
	krb5_cc_default_name/krb5_cc_set_default_name combinations
	
	* lib/krb5/context.c (init_context_from_config_file): set
	default_cc_name to NULL
	(krb5_free_context): free default_cc_name if set
d544 1
a544 2
	* lib/krb5/cache.c (krb5_cc_set_default_name): new function
	(krb5_cc_default_name): use krb5_cc_set_default_name
d546 1
a546 1
	* lib/krb5/krb5.h (krb5_context_data): add default_cc_name
d548 1
a548 1
2003-02-25  Love Hrnquist strand  <lha@@it.su.se>
d550 1
a550 3
	* appl/kf/kf.1: s/securly/securely/ from NetBSD
	
2003-02-18  Love Hrnquist strand  <lha@@it.su.se>
d552 2
a553 2
	* kdc/connect.c: s/intialize/initialize, from
	<jmc@@prioris.mini.pw.edu.pl>
d555 1
a555 1
2003-02-17  Love Hrnquist strand  <lha@@it.su.se>
d557 1
a557 3
	* configure.in: add AM_MAINTAINER_MODE
	
2003-02-16  Love Hrnquist strand  <lha@@it.su.se>
d559 1
a559 1
	* **/*.[0-9]: add copyright/licenses on all manpages
d561 1
a561 1
2003-14-16  Jacques Vidrine  <nectar@@kth.se>
d563 2
a564 3
	* lib/krb5/get_in_tkt.c (init_as_req): Send only a single
	PA-ENC-TIMESTAMP in the AS-REQ, using the first encryption
	type specified by the KDC.
d566 1
a566 1
2003-02-15  Love Hrnquist strand  <lha@@it.su.se>
d568 1
a568 6
	* fix-export: some autoconf put their version number in
	autom4te.cache, so remove autom4te*.cache
	
	* fix-export: make sure $1 is a directory
	
2003-02-04  Love Hrnquist strand  <lha@@it.su.se>
d570 1
a570 1
	* kpasswd/kpasswdd.8: spelling, from jmc <jmc@@prioris.mini.pw.edu.pl>
d572 4
a575 1
	* kdc/kdc.8: spelling, from jmc <jmc@@prioris.mini.pw.edu.pl>
d577 1
a577 1
2003-01-31  Love Hrnquist strand  <lha@@it.su.se>
d579 1
a579 1
	* kdc/hpropd.8: s/databases/a database/ s/Not/not/
d581 6
a586 3
	* kdc/hprop.8: add missing .
	
2003-01-30  Love Hrnquist strand  <lha@@it.su.se>
d588 2
a589 4
	* lib/krb5/krb5.conf.5: documentation for of boolean, etypes,
	address, write out encryption type in sentences, s/Host/host
	
2003-01-26  Love Hrnquist strand  <lha@@it.su.se>
d591 2
a592 3
	* lib/asn1/check-gen.c: add checks for Authenticator too
	
2003-01-25  Love Hrnquist strand  <lha@@it.su.se>
d594 3
a596 2
	* doc/setup.texi: in the hprop example, use hprop and the first
	component, not host
d598 4
a601 3
	* lib/krb5/get_addrs.c (find_all_addresses): address-less
	point-to-point might not have an address, just ignore
	those. Reported by Harald Barth.
d603 3
a605 1
2003-01-23  Love Hrnquist strand  <lha@@it.su.se>
d607 1
a607 2
	* lib/krb5/verify_krb5_conf.c (check_section): when key isn't
	found, don't print out all known keys
d609 3
a611 3
	* lib/krb5/verify_krb5_conf.c (syslogvals): mark up where severity
	and facility start resp
	(check_log): find_value() returns -1 when key isn't found
d613 1
a613 4
	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): make key argument a
	'const void *' to avoid AES_KEY being exposed in krb5-private.h
	
	* lib/krb5/krb5.conf.5: add [kdc]use_2b
d615 3
a617 10
	* kdc/524.c (encode_524_response): its 2b not b2
	
	* doc/misc.texi: quote @@ where missing
	
	* lib/asn1/Makefile.am: add check-gen
	
	* lib/asn1/check-gen.c: add Principal check
	
	* lib/asn1/check-common.h: move generic asn1/der functions from
	check-der.c to here
d619 2
a620 2
	* lib/asn1/check-common.c: move generic asn1/der functions from
	check-der.c to here
d622 1
a622 2
	* lib/asn1/check-der.c: move out the generic asn1/der functions to
	a common file
d624 2
a625 1
2003-01-22  Love Hrnquist strand  <lha@@it.su.se>
d627 1
a627 2
	* doc/misc.texi: more text about afs, how to get get your KeyFile,
	and how to start use 2b tokens
d629 1
a629 4
	* lib/krb5/krb5.conf.5: spelling, from Jason McIntyre
	<jmc@@cvs.openbsd.org>
	
2003-01-21  Jacques Vidrine  <nectar@@kth.se>
d631 1
a631 2
	* kuser/kuser_locl.h: include crypto-headers.h for
	des_read_pw_string prototype
d633 1
a633 1
2003-01-16  Love Hrnquist strand  <lha@@it.su.se>
d635 2
a636 1
	* admin/ktutil.8: document -v, --verbose
d638 1
a638 2
	* admin/get.c (kt_get): make getarg usage consistent with other
	other parts of ktutil
d640 3
a642 4
	* admin/copy.c (kt_copy): remove adding verbose_flag to args
	struct, since it will overrun the args array (from Sumit Bose)
	
2003-01-15  Love Hrnquist strand  <lha@@it.su.se>
d644 2
a645 2
	* lib/krb5/krb5.conf.5: write more about [realms] REALM = { kdc =
	... }
d647 1
a647 3
	* lib/krb5/aes-test.c: test vectors in aes-draft
	
	* lib/krb5/Makefile.am: add aes-test.c
d649 2
a650 21
	* lib/krb5/crypto.c: Add support for AES
	(draft-raeburn-krb-rijndael-krb-02), not enabled by default.
	(HMAC_SHA1_DES3_checksum): rename to SP_HMAC_SHA1_checksum and modify
	to support checksumtype that are have a shorter wireformat then
	their output block size.
	
	* lib/krb5/crypto.c (struct encryption_type): split the blocksize
	into blocksize and padsize, padsize is the minimum padding
	size. they are the same for now
	(enctype_*): add padsize
	(encrypt_internal): use padsize
	(encrypt_internal_derived): use padsize
	(wrapped_length): use padsize
	(wrapped_length_dervied): use padsize

	* lib/krb5/crypto.c: add extra `opaque' argument to string_to_key
	function for each enctype in preparation enctypes that uses
	`Encryption and Checksum Specifications for Kerberos 5' draft
	
	* lib/asn1/k5.asn1: add checksum and enctype for AES from
	draft-raeburn-krb-rijndael-krb-02.txt
d652 1
a652 2
	* lib/krb5/krb5.h (krb5_keytype): add KEYTYPE_AES128,
	KEYTYPE_AES256
d654 3
a656 1
2003-01-14  Love Hrnquist strand  <lha@@it.su.se>
d658 1
a658 2
	* lib/hdb/common.c (_hdb_fetch): handle error code from
	hdb_value2entry
d660 1
a660 2
	* kdc/Makefile.am: always include kerberos4.c and 524.c in
	kdc_SOURCES to support 524
d662 1
a662 14
	* kdc/524.c: always compile in support for 524
	
	* kdc/kdc_locl.h: move out krb/524 protos from under #ifdef KRB4
	
	* kdc/config.c: always compile in support for 524
	
	* kdc/connect.c: always compile in support for 524
	
	* kdc/kerberos4.c: export encode_v4_ticket() and get_des_key()
	even when we build without kerberos 4, 524 needs them
	
	* lib/krb5/convert_creds.c, lib/krb5/krb5-v4compat.h: Split out
	Kerberos 4 help functions/structures so other parts of the source
	tree can use it (like the KDC)
d664 8
@


1.1.1.12
log
@Vendor import of Heimdal 0.6.1.
@
text
@a0 279
2004-04-01  Johan Danielsson  <joda@@pdc.kth.se>

	* Release 0.6.1

2004-03-30  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kerberos4.c: 1.46: stop the client from renewing tickets
	into the future From: Jeffrey Hutzelman <jhutz@@cmu.edu>
	
2004-03-10  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/fcache.c: 1.43: (fcc_store_cred): NULL terminate
	krb5_config_get_bool_default' arglist
	
2004-03-09  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/krb5.conf.5: 1.44: document
	[libdefaults]fcc-mit-ticketflags=boolean 1.43: don't use path's in
	first .Nm, it confuses some locate.updatedb, use FILES section to
	describe where the file is instead.
	
	* lib/krb5/fcache.c (fcc_store_cred): default to use old format
	
	* lib/krb5/fcache.c: 1.42: (fcc_store_cred): use
	[libdefaults]fcc-mit-ticketflags=boolean to decide what format to
	write the fcc in. Default to mit format (aka heimdal 0.7 format)
	1.41: (_krb5_xlock): handle that everything was ok, and don't put
	an error in the error strings then
	
	* lib/krb5/store.c: 1.43: add _krb5_store_creds_heimdal_0_7 and
	_krb5_store_creds_heimdal_pre_0_7 that store the creds in just
	that format make krb5_store_creds default to mit format 1.42:
	(krb5_ret_creds): Runtime detect the what is the higher bits of
	the bitfield 1.41: (krb5_store_creds): add disabled code that
	store the ticket flags in reverse order (bitswap32): new function
	1.40: (krb5_ret_creds): if the higher ticket flags are set, its a
	mit cache, reverse the bits, bug pointed out by Sergio Gelato
	<Sergio.Gelato@@astro.su.se>
	
	delta modfied to not change the behavior of krb5_store_creds
	
2004-03-07  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/mk_safe.c (krb5_mk_safe): fix assignment of usec2
	
2004-03-06  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/mcache.c: patch based on 1.17 and 1.18 but with
	threading code pulled out;
	
	1.18: (mcc_get_principal): also check for primary_principal ==
	NULL now that that isn't used as dead flag 1.17: don't overload
	the primary_principal == NULL as dead since that doesn't always
	work Based on patch from Jeffrey Hutzelman <jhutz@@cmu.edu>, but
	tweek by me

	* lib/krb5/crypto.c: 1.94: (decrypt_internal_special): do not not
	modify the original data test case from Ronnie Sahlberg
	<ronnie_sahlberg@@ozemail.com.au>

2004-02-13  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/verify_krb5_conf.c: 1.22->1.23: (check_host): don't
	check for EAI_NODATA, because its depricated in RFC3493 Pointed
	out by Hajimu UMEMOTO <ume@@mahoroba.org> on heimdal-discuss
	
	* lib/krb5/eai_to_heim_errno.c: 1.3->1.4: EAI_ADDRFAMILY and
	EAI_NODATA is deprecated in RFC3493

2004-02-09  Love Hrnquist strand  <lha@@it.su.se>

	* lib/asn1/der_length.c: 1.16: Fix len_unsigned for certain
	negative integers, it got the length wrong, fix from Panasas, Inc.
	
	* lib/asn1/der_locl.h: 1.5: add _heim_len_unsigned, _heim_len_int
	
2004-01-26  Love Hrnquist strand  <lha@@it.su.se>

	* lib/asn1/gen_length.c: 1.14: (length_type): TSequenceOf: add up
	the size of all the elements, don't use just the size of the last
	element.

	* lib/krb5/fcache.c: 1.40: (_krb5_xlock): catch EINVAL and assume
	that it means that the filesystem doesn't support locking 1.39:
	(_krb5_xlock): fix compile error in last commit 1.38: internally
	export x{,un}lock and thus prefix them with _krb5_
	
2004-01-13  Love Hrnquist strand  <lha@@it.su.se>

	* kuser/kinit.c: 1.106: (renew_validate): if renewable_flag and
	not time specifed, use "1 month"
	1.105: make -9 work again

2004-01-09  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/get_for_creds.c: 1.36: (add_addrs): don't increase
	addr->len until in contains interesting data, use right iteration
	counter when clearing the addresses 1.39: krb5_princ_realm ->
	krb5_principal_get_realm 1.38: (krb5_get_forwarded_creds): use
	KRB5_AUTH_CONTEXT_DO_TIME if we want timestamp in forwarded
	krb-cred 1.39: (krb5_get_forwarded_creds): If tickets are
	address-less, forward address-less tickets.  1.40:
	(krb5_get_forwarded_creds): try to handle errors better for
	previous commit 1.41: (add_addrs): don't add same address multiple
	times
	
	* lib/krb5/get_cred.c: 1.96->1.97: rename get_krbtgt to
	_krb5_get_krbtgt and export it

2003-12-14  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kerberos5.c: part of 1.146->1.147: handle NULL client/server
	names

2003-12-03  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/crypto.c: 1.90->1.91: require cipher-text to be padded
	to padsize 1.91->1.92: (decrypt_internal_derived): move up padsize
	check to avoid memory leak
	
2003-12-01  Love Hrnquist strand  <lha@@it.su.se>

	* kuser/kinit.c: 1.103->1.104: (main): return the return value
	from simple_execvp

2003-10-22  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/transited.c: 1.13->1.14: (krb5_domain_x500_encode):
	always zero out encoding to make sure it have a defined value on
	failure

	* lib/krb5/transited.c: 1.12->1.13: (krb5_domain_x500_encode): if
	num_realms == 0, set encoding and return (avoids malloc(0)) check
	return value from malloc
	
2003-10-21  Love Hrnquist strand  <lha@@it.su.se>

	* doc/setup.texi: 1.35->1.36: spelling
	
	* kdc/kdc_locl.h: 1.58->1.59: add flag to always check transited
	policy

	* doc/setup.texi: 1.27->1.35: many changes
	
	* lib/krb5/get_cred.c: 1.95->1.96: get capath info from [capaths]
	section

	* lib/krb5/rd_req.c: 1.50->1.51: (krb5_decrypt_ticket): try to
	verify transited realms, unless the transited-policy-checked flag
	is set

	* lib/krb5/transited.c:
	1.12: (krb5_domain_x500_decode): set *num_realms to zero not num_realms
	1.11: (krb5_domain_x500_decode): handle zero length tr data;
	(krb5_check_transited): new function that does more useful stuff

	* kdc/kdc.8: 1.23->1.24: document enforce-transited-policy
	
	* kdc/config.c: 1.47->1.48: add flag to always check transited
	policy

	* kdc/kerberos5.c:
	1.150: (fix_transited_encoding): also verify with policy,
	unless asked not to
	1.151: always check transited policy if flag set either globally
	(on principal part of patch not pulled up)
	1.152: (fix_transited_encoding): set transited type
	1.153: (fix_transited_encoding): always print cross-realm information

2003-10-06  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/config_file.c: 1.48->1.49:
	(krb5_config_parse_file_debug): punt if there is binding before a
	section declaration.
	Bug found by Arkadiusz Miskiewicz <arekm@@pld-linux.org>

	* kdc/kaserver.c: 1.21->1.23:
	(do_getticket): if times data is shorter then 8 bytes, request is
	malformed.
	(do_authenticate): if request length is less then 8 bytes, its a
	bad request and fail. Pointed out by Marco Foglia <marco@@foglia.org>

2003-09-22  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/verify_krb5_conf.c: 1.17->1.18: add missing " within
	#if 0 From: stefan sokoll <stefansokoll@@yahoo.de>
	
2003-09-19  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/rd_req.c:
	1.47->1.48: (krb5_rd_req): allow caller to pass in a key
	in the auth_context, they way processes that doesn't use the
	keytab can still pass in the key of the service (matches behavior
	of MIT Kerberos).
	
2003-09-18  Love Hrnquist strand  <lha@@it.su.se>
	
	* lib/krb5/crypto.c: 
	1.87->1.88: (usage2arcfour): simplify, only
	include special cases From: Luke Howard <lukeh@@PADL.COM>
	1.86->1.87: (arcfour_checksum_p): return true when is arcfour,
	not when its not pointed out by Luke Howard
	1.82->1.83: Do the arcfour checksum mapping for
	krb5_create_checksum and krb5_verify_checksum, From: Luke Howard
	<lukeh@@PADL.COM>
	1.81->1.82: (hmac): make it return an error
	when out of memory, update callsites to either return error or use
	krb5_abortx
	(krb5_hmac): expose hmac
	* lib/krb5/mk_req_ext.c: 1.26->1.27: (krb5_mk_req_internal):
	when using arcfour-hmac-md5, use an unkeyed checksum
	(rsa-md5), since Microsoft calculates the keyed checksum with
	the subkey of the authenticator.

	* lib/krb5/get_cred.c:
	1.93->1.94 (init_tgs_req): make generation of subkey
	optional on configuration parameter
	[realms]realm={tgs_require_subkey=bool}
	defaults to off. The RFC1510 weakly defines the correct behavior,
	so old DCE secd apparently required the subkey to be there, and MS
	will use it when its there. But the request isn't encrypted in the
	subkey, so you get to choose if you want to talk to a MS mdc or a
	old DCE secd.

	partly 1.91->1.92: (init_tgs_req): in case of error, don't
	free in	the req_body addresses since they where pass in by caller

	lib/krb5/get_in_tkt.c:
	1.108->1.1.09: (krb5_get_in_tkt): for compatibility with with
	the mit implemtation, don't free `creds' argument when done, its up
	the the caller to do that, also allow a NULL ccache.

	* doc/ack.texi
	1.16->1.17: update Luke Howard email address

	* lib/hdb/hdb-ldap.c:
	1.13->1.14: code rewrite from Luke Howard <lukeh@@PADL.COM>
	1.12->1.13: (LDAP_store): log what principal/dn failed
	1.11->1.12: use int2HDBFlags/HDBFlags2int
	From: Alberto Patino <jalbertop@@aranea.com.mx>, 
	Luke Howard <lukeh@@PADL.COM>
	Pointed out by Andrew Bartlett of Samba
	1.10->1.11: (LDAP__connect): bind sasl "EXTERNAL" to ldap connection
	(LDAP_store): remove superfluous argument to asprintf
	From Alberto Patino <jalbertop@@aranea.com.mx>

	* lib/krb5/krb5.h:
	1.214->1.2015: add KEYTYPE_ARCFOUR_56
	
2003-09-12  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/config_file.c: fix prototypes Fredrik Ljungberg
	<flag@@pobox.se>
	
2003-09-11  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/hdb_locl.h: 1.18->1.19: include <limits.h> for ULONG_MAX
	noted by Wissler Magnus <M.Wissler@@abalon.se> on heimdal-discuss
	
2003-08-29  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/db3.c: 1.8->1.9: patch for working with DB4 on
	heimdal-discuss From: Luke Howard <lukeh@@PADL.COM> 1.9->1.10: try
	to include more db headers
	
2003-08-25  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/connect.c: 1.92->1.93 (handle_tcp): handle recvfrom
	returning 0 (connection closed) 1.91->1.92: (grow_descr):
	increment the size after we succeed to allocate the space
	
2003-08-15  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/principal.c: 1.83->1.85: (unparse_name): len can't be
	zero, so, don't check for that
	(unparse_name): make sure there are space for a NUL, set *name to NULL
	when there is a failure (so caller can't get hold of a freed
	pointer)

@


1.1.1.12.2.1
log
@MFC update Heimdal 0.6.1 -> 0.6.3.
@
text
@a0 64
2004-09-13  Johan Danielsson  <joda@@pdc.kth.se>

	* Release 0.6.3
	
2004-09-05  Love Hrnquist strand  <lha@@it.su.se>

	* lib/asn1/der_get.c (decode_enumerated): check that the tag
	length isn't longer the the length

2004-08-31  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
	kdc_reply can be set in case of failure too, clean on entry and
	free the exit unconditionally to avoid memory leak
	
2004-08-20  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/context.c: 1.93: (krb5_get_err_text): if neither of
	com_right nor strerror finds the error-code, return Unknown error.

2004-08-13  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kerberos5.c: based on 1.162: (get_pa_etype_info): check for
	dup enctypes from the client and filter them out.
	
2004-06-21  Love Hrnquist strand  <lha@@it.su.se>

	* admin/get.c: 1.23: (kt_get): catch errors from krb5_parse_name
	
2004-06-21  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/Makefile.am: man_MANS += krb5_set_password.3
	
	* lib/krb5/krb5_set_password.3: 1.1-1.3: change password manpage
	
	* lib/krb5/changepw.c: 1.49: implement
	krb5_set_password_using_ccache 1.47: add tcp support to the set
	protocol, should be cleaned up to enable sharing code with
	krb5_sendto 1.46: (process_reply): log into result_string if
	something goes bad, return 0 (even on failure), not the KPASSWD
	protocol error code 1.45: krb5_princ_realm ->
	krb5_principal_get_realm 1.44: (setpw_send_request): free
	ap_req_data on failure 1.41: ooops, remove cut and paste error
	1.40: draft-ietf-cat-kerb-chg-password-02 and rfc3244 share the
	response packet sure more constants now that they exists 1.39:
	implement rfc3244, partly from shadow@@dementia.org
	
	* lib/krb5/krb5.h: 1.211: some defines for rfc3244
	
	* lib/asn1/Makefile.am: 1.71: (gen_files):
	asn1_ChangePasswdDataMS.x for RFC3244
	
	* lib/asn1/k5.asn1: 1.30: add ChangePasswdDataMS, for RFC3244
	
	* kuser/kinit.c: 1.114: move "setpag if (argc < 1)" to common path
	
2004-05-06  Johan Danielsson  <joda@@pdc.kth.se>

	* Release 0.6.2

2004-04-02  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/connect.c: case size_t to unsigned long for LP64 platforms
	
@


1.1.1.13
log
@Vendor import of Heimdal 0.6.3.
@
text
@a0 64
2004-09-13  Johan Danielsson  <joda@@pdc.kth.se>

	* Release 0.6.3
	
2004-09-05  Love Hrnquist strand  <lha@@it.su.se>

	* lib/asn1/der_get.c (decode_enumerated): check that the tag
	length isn't longer the the length

2004-08-31  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds_password):
	kdc_reply can be set in case of failure too, clean on entry and
	free the exit unconditionally to avoid memory leak
	
2004-08-20  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/context.c: 1.93: (krb5_get_err_text): if neither of
	com_right nor strerror finds the error-code, return Unknown error.

2004-08-13  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kerberos5.c: based on 1.162: (get_pa_etype_info): check for
	dup enctypes from the client and filter them out.
	
2004-06-21  Love Hrnquist strand  <lha@@it.su.se>

	* admin/get.c: 1.23: (kt_get): catch errors from krb5_parse_name
	
2004-06-21  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/Makefile.am: man_MANS += krb5_set_password.3
	
	* lib/krb5/krb5_set_password.3: 1.1-1.3: change password manpage
	
	* lib/krb5/changepw.c: 1.49: implement
	krb5_set_password_using_ccache 1.47: add tcp support to the set
	protocol, should be cleaned up to enable sharing code with
	krb5_sendto 1.46: (process_reply): log into result_string if
	something goes bad, return 0 (even on failure), not the KPASSWD
	protocol error code 1.45: krb5_princ_realm ->
	krb5_principal_get_realm 1.44: (setpw_send_request): free
	ap_req_data on failure 1.41: ooops, remove cut and paste error
	1.40: draft-ietf-cat-kerb-chg-password-02 and rfc3244 share the
	response packet sure more constants now that they exists 1.39:
	implement rfc3244, partly from shadow@@dementia.org
	
	* lib/krb5/krb5.h: 1.211: some defines for rfc3244
	
	* lib/asn1/Makefile.am: 1.71: (gen_files):
	asn1_ChangePasswdDataMS.x for RFC3244
	
	* lib/asn1/k5.asn1: 1.30: add ChangePasswdDataMS, for RFC3244
	
	* kuser/kinit.c: 1.114: move "setpag if (argc < 1)" to common path
	
2004-05-06  Johan Danielsson  <joda@@pdc.kth.se>

	* Release 0.6.2

2004-04-02  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/connect.c: case size_t to unsigned long for LP64 platforms
	
@


1.1.1.14
log
@Vendor import of Heimdal 1.1
@
text
@d1 1
a1 1
2008-01-24  Love Hrnquist strand  <lha@@it.su.se>
d3 3
a5 3
	* Release 1.1

2008-01-21  Love Hrnquist strand  <lha@@it.su.se>
d7 2
a8 1
	* lib/krb5/get_for_creds.c: Use on variable less.
d10 1
a10 2
	* lib/krb5/get_for_creds.c: Try to handle ticket full and
	ticketless tickets better. Add doxygen comments while here.
d12 3
a14 2
	* lib/krb5/test_forward.c: Used for testing
	krb5_get_forwarded_creds().
d16 1
a16 1
	* lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward
d18 2
a19 1
	* lib/krb5/Makefile.am: drop CHECK_SYMBOLS
d21 1
a21 1
	* lib/hdb/Makefile.am: drop CHECK_SYMBOLS
d23 4
a26 1
	* kdc/Makefile.am: drop CHECK_SYMBOLS
d28 3
a30 1
2008-01-18  Love Hrnquist strand  <lha@@it.su.se>
d32 1
a32 1
	* lib/krb5/version-script.map: Add krb5_digest_probe.
d34 1
a34 1
2008-01-13  Love Hrnquist strand  <lha@@it.su.se>
d36 11
a46 19
	* lib/krb5/pkinit.c: Replace hx509_name_to_der_name with
	hx509_name_binary.

2008-01-12  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/Makefile.am: add missing files

2007-12-28  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the
	type2 message.

2007-12-14  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/dbinfo.c: Add hdb_default_db().

	* Makefile.am: Add some extra cf/*.

2007-12-12  Love Hrnquist strand  <lha@@it.su.se>
d48 1
a48 9
	* kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov.

2007-12-09  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/log.c: Use hdb_db_dir().

	* kpasswd/kpasswdd.c: Use hdb_db_dir().

2007-12-08  Love Hrnquist strand  <lha@@it.su.se>
d50 2
a51 28
	* kdc/config.c: Use hdb_db_dir().

	* kdc/kdc_locl.h: add KDC_LOG_FILE

	* kdc/hpropd.c: Use hdb_default_db().

	* kdc/kstash.c: Use hdb_db_dir().

	* kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir().

	* lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check.

	* lib/krb5/verify_krb5_conf.c: Check check_pac.

	* lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac
	field in the krb5_rd_req_in_ctx

	* lib/krb5/expand_hostname.c: Adapt to changing
	dns_canonicalize_hostname into flags field.

	* lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname
	into flags field, add check-pac as an libdefaults option.

	* lib/krb5/pkinit.c: Adapt to changes in hx509 interface.

	* doc: add doxygen documentation to hcrypto

	* doc/doxytmpl.dxy: generate links
d53 1
a53 21
2007-12-07  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h

	* lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the
	hdb database resides.

	* configure.in: Add --with-hdbdir to specify where the database is
	stored.

	* lib/krb5/crypto.c: revert previous patch, the problem is located
	in the RAND_file_name() function that will cause recursive nss
	lookups, can't fix that here.

2007-12-06  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the
	dead-lock in by not holding the lock while running
	RAND_file_name. Prompted by Hai Zaar.

	* lib/krb5/n-fold.c: spelling
d55 1
a55 5
2007-12-04  Love Hrnquist strand  <lha@@it.su.se>

	* kuser/kdigest.c (digest-probe): implement command.

	* kuser/kdigest-commands.in (digest-probe): new command
d57 1
a57 1
	* kdc/digest.c: Implement supportedMechs request.
d59 1
a59 3
	* lib/krb5/error_string.c: Make krb5_get_error_string return an
	allocated string to make the function indempotent. From
	Zeqing (Fred) Xia.
d61 1
a61 1
2007-12-03  Love Hrnquist strand  <lha@@it.su.se>
d63 3
a65 2
	* lib/krb5/krb5_locl.h (krb5_context_data): Flag if
	default_cc_name was set by the user.
d67 1
a67 1
	* lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate.
d69 1
a69 1
	* kcm/acquire.c: use krb5_free_cred_contents
d71 2
a72 1
	* kuser/kimpersonate.c: use krb5_free_cred_contents
d74 1
a74 5
	* kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the
	cred cache.

	* lib/krb5/cache.c: Put back code that was needed, move gen_new
	into new_unique.
d76 2
a77 34
	* lib/krb5/mcache.c (mcc_default_name): Remove const

	* lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine
	KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE

	* lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the
	default name.

	* lib/krb5/kcm.c: Implement krb5_cc_ops->default_name.

	* lib/krb5/mcache.c: Implement krb5_cc_ops->default_name.

	* lib/krb5/fcache.c: Implement krb5_cc_ops->default_name.

	* lib/krb5/krb5.h: Add krb5_cc_ops->default_name.

	* lib/krb5/acache.c: Free context when done, implement
	krb5_cc_ops->default_name.

	* lib/krb5/kcm.c: implement dummy kcm_move

	* lib/krb5/mcache.c: Implement the move operation.

	* lib/krb5/version-script.map: export krb5_cc_move

	* lib/krb5/cache.c: New function krb5_cc_move().

	* lib/krb5/fcache.c: Implement the move operation.

	* lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major
	version bump.

	* lib/krb5/acache.c: Implement the move operation. Avoid using
	cc_set_principal() since it broken on Mac OS X 10.5.0.
d79 1
a79 1
2007-12-02  Love Hrnquist strand  <lha@@it.su.se>
d81 4
a84 1
	* lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow.
d86 1
a86 7
2007-11-14  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/krb5tgs.c: Should pass different key usage constants
	depending on whether or not optional sub-session key was passed by
	the client for the check of authorization data. The constant is
	used to derive "specific key" and its values are specified in
	7.5.1 of RFC4120.
d88 5
a92 13
	Patch from Andy Polyakov.

	* kdc/krb5tgs.c: Don't send auth data in referrals, microsoft
	clients have started to not like that. Thanks to Andy Polyakov for
	excellent research.

2007-11-11  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/creds.c: use krb5_data_cmp

	* lib/krb5/acache.c: use krb5_free_cred_contents

	* lib/krb5/test_renew.c: use krb5_free_cred_contents
d94 9
a102 15
2007-11-10  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/acl.c: doxygen documentation

	* lib/krb5/addr_families.c: doxygen documentation

	* doc: add doxygen

	* lib/krb5/plugin.c: doxygen documentation

	* lib/krb5/kcm.c: doxygen documentation

	* lib/krb5/fcache.c: doxygen documentation

	* lib/krb5/cache.c: doxygen documentations
d104 1
a104 16
	* lib/krb5/doxygen.c: doxygen introduction

	* lib/krb5/error_string.c: Doxygen documentation.

2007-11-03  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/test_plugin.c: expose krb5_plugin_register

	* lib/krb5/plugin.c: expose krb5_plugin_register

	* lib/krb5/version-script.map: sort, expose krb5_plugin_register

2007-10-24  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kerberos5.c: Adding same enctype is enough one time. From
	Andy Polyakov and Bjorn Sandell.
d106 1
a106 1
2007-10-18  Love  <lha@@stacken.kth.se>
d108 1
a108 2
	* lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value
	from krb5_cc_start_seq_get. From Zeqing (Fred) Xia
d110 1
a110 1
	* lib/krb5/fcache.c (init_fcc): provide better error codes
d112 2
a113 10
	* kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid
	sending warning about pruned etypes.

	* kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour
	based) "old", this to support windows 2000 clients (unjoined to a
	domain). From Andy Polyakov.

2007-10-07  Love Hrnquist strand  <lha@@it.su.se>

	* doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell.
d115 5
a119 4
2007-10-04  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA
	Ken'ichi.
d121 3
a123 2
	* lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is
	NULL on failure.
d125 1
a125 1
2007-10-03  Love Hrnquist strand  <lha@@it.su.se>
d127 3
a129 2
	* kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from
	krb5_addr2sockaddr and igore thte test is that case.
d131 2
a132 1
2007-09-29  Love Hrnquist strand  <lha@@it.su.se>
d134 1
a134 2
	* lib/krb5/context.c (krb5_free_context): free
	default_cc_name_env, from Gunther Deschner.
d136 2
a137 77
2007-08-27  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make
	work with c++, reported by Hai Zaar

	* lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar

2007-08-20  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema

2007-07-31  Love Hrnquist strand  <lha@@it.su.se>

	* check return value of alloc functions, from Charles Longeau

	* lib/krb5/principal.c: spelling.

	* kadmin/kadmin.8: spelling

	* lib/krb5/crypto.c: Check return values from alloc
	functions. Prompted by patch of Charles Longeau.

	* lib/krb5/n-fold.c: Make _krb5_n_fold return a error
	code. Prompted by patch of Charles Longeau.

2007-07-27  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/init_creds.c: Always set the ticket options, use
	KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset
	tri-state not so useful.

2007-07-24  Love Hrnquist strand  <lha@@it.su.se>

	* tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of
	libraries.

	* tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in
	heimdal.

	* tools/Makefile.am: Add heimdal-gssapi.pc and install it into
	$(libdir)/pkgconfig

2007-07-23  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default.

2007-07-22  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as
	key if the entry is a correct entry.

	* lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from
	Gunther Deschner.

	* lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS.

	* lib/krb5/test_renew.c: Test for krb5_get_renewed_creds.

2007-07-21  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/keys.c: Make parse_key_set handle key set string "v5",
	from Peter Meinecke.

	* kdc/kaserver.c: Don't ovewrite the error code, from Peter
	Meinecke.

2007-07-18  Love Hrnquist strand  <lha@@it.su.se>

	* TODO-1.0: remove 

	* Makefile.am: remove TODO-1.0

2007-07-17  Love Hrnquist strand  <lha@@it.su.se>

	* Heimdal 1.0 release branch cut here
	
	* doc/hx509.texi: use version.texi
d139 1
a139 1
	* doc/heimdal.texi: use version.texi
d141 1
a141 1
	* doc/version.texi: version.texi
d143 3
a145 1
	* lib/hdb/db3.c: avoid type-punned pointer warning.
d147 6
a152 2
	* kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to
	please OpenSSL and gcc.
d154 3
a156 2
	* kdc/digest.c: Use unsigned char * as argument to MD5_Update to
	please OpenSSL and gcc.
d158 1
a158 1
2007-07-16  Love Hrnquist strand  <lha@@it.su.se>
d160 13
a172 1
	* include/Makefile.am: Add krb_err.h.
d174 1
a174 1
	* kdc/set_dbinfo.c: Print acl file too.
d176 2
a177 1
	* kdc/kerberos4.c: Error codes are just fine, remove XXX now.
d179 1
a179 1
	* lib/krb5/krb5-v4compat.h: Drop duplicate error codes.
d181 5
a185 1
	* kdc/kerberos4.c: switch to ET errors.
d187 2
a188 1
	* lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ.
d190 1
a190 2
	* lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the
	et BASE.
d192 3
a194 1
2007-07-15  Love Hrnquist strand  <lha@@it.su.se>
d196 5
a200 3
	* lib/krb5/krb5-v4compat.h: Include "krb_err.h".

	* lib/krb5/v4_glue.c: return more interesting error codes.
d202 1
a202 3
	* lib/krb5/plugin.c: Prefix enum plugin_type.

	* lib/krb5/krb5_locl.h: Expose plugin structures.
d204 2
a205 3
	* lib/krb5/krb5.h: Add plugin structures.

	* lib/krb5/krb_err.et: V4 errors.
d207 1
a207 68
	* lib/krb5/version-script.map: First version of version script.

2007-07-13  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kerberos5.c: Java 1.6 expects the name to be the same type,
	lets allow that for uncomplicated name-types.

2007-07-12  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains
	address 0, its ticket less and don't really care about
	from_addr. return better error codes.

	* kpasswd/kpasswdd.c: Fix pointer vs strict alias rules.

2007-07-11  Love Hrnquist strand  <lha@@it.su.se>

	* lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding
	more then one enctype 23 to krb5EncryptionType.

	* lib/krb5/cache.c: Spelling.

	* kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO.
	(get_pa_etype_info2): return the enctypes as sorted in the
	database

2007-07-10  Love Hrnquist strand  <lha@@it.su.se>

	* kuser/kinit.c: krb5-v4compat.h defines prototypes for
	v4 (semiprivate functions) in libkrb5, don't include
	krb5-private.h any longer.

	* lib/krb5/krbhst.c: Set error string when there is no KDC for a
	realm.

	* lib/krb5/Makefile.am: New library version.

	* kdc/Makefile.am: New library version.

	* lib/krb5/krb5_locl.h: Add default_cc_name_env.

	* lib/krb5/cache.c (enviroment_changed): return non-zero if
	enviroment that will determine default krb5cc name has changed.
	(krb5_cc_default_name): also check if cached value is uptodate.

	* lib/krb5/krb5_locl.h: Drop pkinit_flags.

2007-07-05  Love Hrnquist strand  <lha@@it.su.se>

	* configure.in: add tests/java/Makefile

	* lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file.

2007-07-04  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kerberos5.c: Improve the default salt detection to avoid
	returning v4 password salting to java that doesn't look at the
	returning padata for salting.

	* kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett

2007-07-02  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/digest.c: Try harder to provide better error message for
	digest messages.

	* lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on
	krb5-pr*.h, make -j finds this.
d209 2
a210 3
2007-06-28  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/digest.c: On success, print username, not ip-adress.
d212 3
a214 1
2007-06-26  Love Hrnquist strand  <lha@@it.su.se>
d216 4
a219 1
	* lib/krb5/get_cred.c: Add krb5_get_renewed_creds.
d221 1
a221 3
	* lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds

	* lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo.
d223 2
a224 26
2007-06-25  Love Hrnquist strand  <lha@@it.su.se>

	* doc/setup.texi: Add example for pkinit_win2k_require_binding
	in [kdc] section.

	* kdc/default_config.c: Rename require_binding to
	win2k_require_binding to match client configuration.

	* kdc/default_config.c: Add [kdc]pkinit_require_binding option.

	* kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply
	if its not required.

	* kdc/default_config.c: rename pkinit_princ_in_cert and add
	pkinit_require_binding

	* kdc/kdc.h: rename pkinit_princ_in_cert and add
	pkinit_require_binding

	* kdc/pkinit.c: rename pkinit_princ_in_cert

2007-06-24  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change.

2007-06-21  Love Hrnquist strand  <lha@@it.su.se>
d226 7
a232 1
	* kdc/krb5tgs.c: Drop unused variable.
d234 1
a234 1
	* kdc/krb5tgs.c: disable anonyous tgs requests
d236 4
a239 1
	* kdc/krb5tgs.c: Don't check PAC on cross realm for now.
d241 5
a245 2
	* kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse
	nametypes.
d247 1
a247 1
	* lib/krb5/krb5_principal.3: Document krb5_parse_nametype.
d249 2
a250 19
	* lib/krb5/principal.c (krb5_parse_nametype): parse nametype and
	return their integer values.

	* lib/krb5/krb5.h (krb5_get_creds): Add
	KRB5_GC_CONSTRAINED_DELEGATION.

	* lib/krb5/get_cred.c (krb5_get_creds): if
	KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous
	and constrained_delegation.

2007-06-20  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/digest.c: Return an error message instead of dropping the
	packet for more failure cases.

	* lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY.

	* appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more
	gracefully
d252 1
a252 1
2007-06-18  Love Hrnquist strand  <lha@@it.su.se>
d254 5
a258 1
	* lib/krb5/pac.c: make compile.
d260 1
a260 7
	* lib/krb5/pac.c (verify_checksum): memset cksum to avoid using
	pointer from stack.

	* lib/krb5/plugin.c: Don't expose free pointer.

	* lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first
	calloc.
d262 16
a277 6
	* lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory

	* lib/krb5/krbhst.c: Host is static memory, don't free.

	* lib/krb5/crypto.c (decrypt_internal_derived): make sure length
	is longer then confounder + checksum.
d279 9
a287 3
	* kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from
	users. This to allows libkdc users to to specify their own
	databases
d289 2
a290 2
	* lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of
	content data (and avoid leaking memory).
d292 4
a295 5
	* kdc/misc.c (_kdc_db_fetch): set error string for failures.
	
2007-06-15  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.
d297 2
a298 1
2007-06-13  Love Hrnquist strand  <lha@@it.su.se>
d300 10
a309 2
	* kdc/pkinit.c: tell user when they got a pk-init request with
	pkinit disabled.
d311 2
a312 1
2007-06-12  Love Hrnquist strand  <lha@@it.su.se>
d314 1
a314 9
	* lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to
	UNPARSE_DISPLAY.

	* lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY.

	* lib/krb5/principal.c: Make no-quote mean replace strange chars
	with space.

	* lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
d316 2
a317 5
	* lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.

	* lib/krb5/test_princ.c: Test quoteing.

	* lib/krb5/pkinit.c: update (c)
d319 1
a319 9
	* lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC.

	* lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole
	process needs to restart or just skip this KDC.

	* lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to
	KDC.

	* lib/krb5/krb5.h: Add sendto hooks and opaque structure.
d321 2
a322 4
	* lib/krb5/krb5_rd_error.3: Update prototype.

	* lib/krb5/send_to_kdc.c: Add hooks for processing the reply from
	the server.
d324 1
a324 1
2007-06-11  Love Hrnquist strand  <lha@@it.su.se>
d326 3
a328 1
	* lib/krb5/krb5_err.et: Some new error codes from RFC 4120.
d330 1
a330 9
2007-06-09  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/krb5tgs.c: Constify.

	* kdc/kerberos5.c: Constify.

	* kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify.

2007-06-08  Love Hrnquist strand  <lha@@it.su.se>
d332 3
a334 5
	* include/Makefile.am: Make krb5-types.h nodist_include_HEADERS.

	* kdc/Makefile.am: EXTRA_DIST += version-script.map.
	
2007-06-07  Love Hrnquist strand  <lha@@it.su.se>
d336 1
a336 15
	* Makefile.am (print-distdir): print name of dist

	* kdc/pkinit.c: Break out loading of mappings file to a separate
	function and remove warning that it can't open the mapping file,
	there are now mappings in the db, maybe the users uses that
	instead...

	* lib/krb5/crypto.c: Require the raw key have the correct size and
	do away with the minsize.  Minsize was a thing that originated
	from RC2, but since RC2 is done in the x509/cms subsystem now
	there is no need to keep that around.

	* lib/hdb/dbinfo.c: If there is no default dbname, also check for
	unset mkey_file and set it default mkey name, make backward compat
	stuff work.
d338 5
a342 1
	* kdc/version-script.map: add new symbols
d344 1
a344 2
	* kdc/kdc-replay.c: Also update krb5_context view of what the time
	is.
d346 1
a346 1
	* configure.in: add tests/can/Makefile
d348 1
a348 1
	* kdc/kdc-replay.c: Add --[version|help].
d350 2
a351 1
	* kdc/pkinit.c: Push down the kdc time into the x509 library.
d353 2
a354 2
	* kdc/connect.c: Move up krb5_kdc_save_request so we can catch the
	reply data too.
d356 2
a357 2
	* kdc/kdc-replay.c: verify reply by checking asn1 class, type and
	tag of the reply if there is one.
d359 1
a359 2
	* kdc/process.c: Save asn1 class, type and tag of the reply if
	there is one. Used to verify the reply in kdc-replay.
d361 2
a362 1
2007-06-06  Love Hrnquist strand  <lha@@it.su.se>
d364 3
a366 1
	* kdc/kdc_locl.h: extern for request_log.
d368 1
a368 1
	* kdc/Makefile.am: Add kdc-replay.
d370 2
a371 14
	* kdc/kdc-replay.c: Replay kdc messages to the KDC library.

	* kdc/config.c: Pick up request_log from [kdc]kdc-request-log.

	* kdc/connect.c: Option to save the request to disk.

	* kdc/process.c (krb5_kdc_save_request): save request to file.

	* kdc/process.c (krb5_kdc_process*): dont update _kdc_time
	automagicly.
	(krb5_kdc_update_time): set or get current kdc-time.

	* kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and
	pkauthdata as the signeddata oid
d373 1
a373 1
	* kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong.
d375 1
a375 6
2007-06-05  Love Hrnquist strand  <lha@@it.su.se>
	
	* kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to
	match windows DC behavior better.
	
2007-06-04  Love Hrnquist strand  <lha@@it.su.se>
d377 1
a377 1
	* configure.in: use test for -framework Security
d379 1
a379 4
	* appl/test/uu_server.c: Print status to stdout.

	* kdc/digest.c (digest ntlm): provide log entires by setting ret
	to an error.
d381 1
a381 1
2007-06-03  Love Hrnquist strand  <lha@@it.su.se>
d383 2
a384 1
	* doc/hx509.texi: Indent crl-sign.
d386 1
a386 1
	* doc/hx509.texi: One more crl-sign example.
d388 2
a389 1
	* lib/krb5/test_princ.c: plug memory leaks.
d391 1
a391 1
	* lib/krb5/pac.c: plug memory leaks.
d393 2
a394 1
	* lib/krb5/test_pac.c: plug memory leaks.
d396 1
a396 1
	* lib/krb5/test_prf.c: plug memory leak.
d398 9
a406 5
	* lib/krb5/test_cc.c: plug memory leaks.

	* doc/hx509.texi: Simple blob about publishing CRLs.

	* doc/win2k.texi: drop text about enctypes.
d408 1
a408 1
2007-06-02  Love Hrnquist strand  <lha@@it.su.se>
d410 1
a410 3
	* kdc/pkinit.c: In case of OCSP verification failure, referash
	every 5 min. In case of success, refreash 2 min before expiring or
	faster.
d412 6
a417 1
2007-05-31  Love Hrnquist strand  <lha@@it.su.se>
d419 1
a419 7
	* lib/krb5/krb5_err.et: add error 68, WRONG_REALM

	* kdc/pkinit.c: Handle the ms san in a propper way, still cheat
	with the realm name.

	* kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out
	directly and hand the error back to the client.
d421 3
a423 2
	* lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE
	and fix error message for CLIENT_NAME_MISMATCH.
d425 1
a425 4
	* kdc/pkinit.c: More logging for pk-init client mismatch.

	* kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for
	windows pk-init (-9) to make MIT clients happy.
d427 2
a428 1
2007-05-30  Love Hrnquist strand  <lha@@it.su.se>
d430 2
a431 4
	* kdc/pkinit.c: Force des3 for win2k.

	* kdc/pkinit.c: Add wrapping to ContentInfo wrapping to
	COMPAT_WIN2K.
d433 1
a433 1
	* lib/krb5/keytab_keyfile.c: Spelling.
d435 1
a435 2
	* kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta
	doesn't deal with case of realm.
d437 1
a437 1
2007-05-16  Love Hrnquist strand  <lha@@it.su.se>
d439 1
a439 4
	* lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead
	of encryption.
	
2007-05-10  Dave Love  <fx@@gnu.org>
d441 1
a441 1
	* doc/win2k.texi: Update some URLs.
d443 1
a443 4
2007-05-13  Love Hrnquist strand  <lha@@it.su.se>

	* kuser/kimpersonate.c: Fix version number of ticket, it should be
	5 not the kvno.
d445 1
a445 1
2007-05-08  Love Hrnquist strand  <lha@@it.su.se>
d447 7
a453 3
	* doc/setup.texi: Salting is really Encryption types and salting.
	
2007-05-07  Love Hrnquist strand  <lha@@it.su.se>
d455 1
a455 1
	* doc/setup.texi: spelling, from Ronny Blomme
d457 1
a457 2
	* doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny
	Blomme
d459 3
a461 1
2007-05-02  Love Hrnquist strand  <lha@@it.su.se>
d463 1
a463 2
	* lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database
	specified, create one and let it use the defaults.
d465 1
a465 1
2007-04-27  Love Hrnquist strand  <lha@@it.su.se>
d467 4
a470 1
	* lib/hdb/test_dbinfo.c: test acl file
d472 4
a475 19
	* lib/hdb/test_dbinfo.c: test acl file

	* lib/hdb/dbinfo.c: add acl file

	* etc: ignore Makefile.in

	* Makefile.am: SUBDIRS += etc

	* configure.in: Add etc/Makefile.

	* etc/Makefile.am: make sure services.append is distributed

2007-04-24  Love Hrnquist strand  <lha@@it.su.se>

	* kdc: rename windc_init to krb5_kdc_windc_init

	* kdc/version-script.map: version script for libkdc
	
	* kdc/Makefile.am: version script for libkdc
d477 1
a477 1
2007-04-23  Love Hrnquist strand  <lha@@it.su.se>
d479 1
a479 12
	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error):
	correct the order of the arguments.

	* lib/hdb/Makefile.am: Add and test dbinfo.

	* lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo;

	* kdc/config.c: Use krb5_kdc_get_config and just fill in what the
	users wanted differently.

	* kdc/default_config.c: Make the default configuration fetch info
	from the krb5.conf.
d481 1
a481 1
2007-04-22  Love Hrnquist strand  <lha@@it.su.se>
d483 2
a484 3
	* lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
	determine if to send the session-key, for the second place in the
	function.
d486 1
a486 1
	* tools/krb5-config.in: rename des to hcrypto
d488 2
a489 1
	* kuser/Makefile.am: depend on libheimntlm
d491 1
a491 2
	* kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for
	this domain if the Kerberos password auth worked.
d493 2
a494 2
	* kuser/klist.c: add new option --hidden that doesn't display
	principal that starts with @@
d496 3
a498 1
	* tools/krb5-config.in: Add heimntlm when we use gssapi.
d500 4
a503 2
	* lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to
	free 'cred' with.
d505 2
a506 2
	* lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free
	'cred' with.
d508 1
a508 4
2007-04-21  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
	determine if to send the session-key.
d510 3
a512 2
	* kcm/client.c (kcm_ccache_new_client): make root be able to pass
	the name constraints, not the opposite. From Bryan Jacobs.
d514 1
a514 1
2007-04-20  Love Hrnquist strand  <lha@@it.su.se>
d516 2
a517 1
	* kcm/acl.c: make compile again.
d519 2
a520 6
	* kcm/client.c: fix warning.
	
	* kcm: First, it allows root to ignore the naming conventions.
	Second, it allows root to always perform any operation on any
	ccache.  Note that root could do this anyway with FILE ccaches.
	From Bryan Jacobs.
d522 1
a522 1
	* Rename libdes to libhcrypto.
d524 4
a527 1
2007-04-19  Love Hrnquist strand  <lha@@it.su.se>
d529 2
a530 1
	* kinit: remove code that depend on kerberos 4 library
d532 2
a533 1
	* kdc: remove code that depend on kerberos 4 library
d535 1
a535 1
	* configure.in: Drop kerberos 4 support.
d537 3
a539 1
	* kdc/hpropd.c (main): free the message when done with it.
d541 1
a541 2
	* lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit):
	remember to free memory too.
d543 1
a543 2
	* lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when
	done.
d545 1
a545 1
	* configure.in: test rk_VERSIONSCRIPT
d547 1
a547 1
2007-04-18  Love Hrnquist strand  <lha@@it.su.se>
d549 5
a553 1
	* fix-export: remove, all done by make dist now
d555 1
a555 1
2007-04-15  Love Hrnquist strand  <lha@@it.su.se>
d557 1
a557 1
	* lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre
d559 1
a559 1
2007-04-11  Love Hrnquist strand  <lha@@it.su.se>
d561 4
a564 2
	* kdc/kstash.8: Spelling, from raga <raga@@comcast.net> 
	via Bjorn Sandell.
d566 1
a566 1
	* lib/krb5/store_mem.c: indent.
d568 2
a569 1
	* lib/krb5/recvauth.c: Set error string.
d571 4
a574 1
	* lib/krb5/rd_req.c: clear error strings.
d576 2
a577 1
	* lib/krb5/rd_cred.c: clear error string.
d579 1
a579 1
	* lib/krb5/pkinit.c: Set error strings.
d581 1
a581 2
	* lib/krb5/get_cred.c: Tell what principal we are not finding for
	all KRB5_CC_NOTFOUND.
d583 1
a583 1
2007-02-22  Love Hrnquist strand  <lha@@it.su.se>
d585 1
a585 1
	* kdc/kerberos5.c: Return the same error codes as a windows KDC.
d587 2
a588 2
	* kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password
	failed.
d590 4
a593 2
	* kdc/kerberos5.c: Make handling of replying e_data more generic,
	from metze.
d595 7
a601 2
	* kdc/kerberos5.c: Fix (string const and shadow) warnings, from
	metze.
d603 1
a603 3
	* lib/krb5/pac.c: Create the PAC element in the same order as
	w2k3, maybe there's some broken code in windows which relies on
	this... From metze.
d605 1
a605 11
	* kdc/kerberos5.c: Select a session enctype from the list of the
	crypto systems supported enctype, is supported by the client and
	is one of the enctype of the enctype of the krbtgt.
	
	The later is used as a hint what enctype all KDC are supporting to
	make sure a newer version of KDC wont generate a session enctype
	that and older version of a KDC in the same realm can't decrypt.
	
	But if the KDC admin is paranoid and doesn't want to have "no the
	best" enctypes on the krbtgt, lets save the best pick from the
	client list and hope that that will work for any other KDCs.
d607 2
a608 1
	Reported by metze.
d610 1
a610 2
	* kdc/hprop.c (propagate_database): on any failure, drop the
	connection to the peer and try next one.
d612 1
a612 1
2007-02-18  Love Hrnquist strand  <lha@@it.su.se>
d614 1
a614 1
	* lib/krb5/krb5_get_init_creds.3: document new options.
d616 1
a616 1
	* kdc/krb5tgs.c: Only check service key for cross realm PACs.
d618 4
a621 3
	* lib/krb5/init_creds.c: use the new merged flags field.
	(krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k
	compat flags.
d623 2
a624 1
	* lib/krb5/init_creds_pw.c: use the new merged flags field.
d626 1
a626 1
	* lib/krb5/krb5_locl.h: merge all flags into one entity
d628 1
a628 1
2007-02-11  Dave Love  <fx@@gnu.org>
d630 1
a630 1
	* lib/krb5/krb5_aname_to_localname.3: Small fixes
d632 2
a633 1
	* lib/krb5/krb5_digest.3: Small fixes
d635 2
a636 1
	* kuser/kimpersonate.1: Small fixes
d638 1
a638 1
2007-02-17  Love Hrnquist strand  <lha@@it.su.se>
d640 2
a641 2
	* lib/krb5/init_creds_pw.c (find_pa_data): if there is no list,
	there is no entry.
d643 3
a645 3
	* kdc/krb5tgs.c: Don't check PACs on cross realm requests.

	* lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES.
d647 1
a647 1
	* lib/krb5/init_creds_pw.c: Verify client referral data.
d649 1
a649 1
	* kdc/kerberos5.c: switch some "return ret" to "goto out".
d651 1
a651 6
	* kdc/kerberos5.c: Pass down canonicalize request to hdb layer,
	sign client referrals.
	
	* lib/hdb/hdb.h: Add HDB_F_CANON.

	* lib/hdb: add simple alias support to the database backends
d653 2
a654 1
2007-02-16  Love Hrnquist strand  <lha@@it.su.se>
d656 2
a657 1
	* kuser/kinit.c: Add canonicalize flag.
d659 1
a659 2
	* lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support
	canonicalize.
d661 3
a663 4
	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize):
	new function.
	
	* lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags.
d665 2
a666 1
	* lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags.
d668 1
a668 3
	* lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags.
	
2007-02-15  Love Hrnquist strand  <lha@@it.su.se>
d670 2
a671 1
	* lib/krb5/test_princ.c: test parsing enterprise-names.
d673 1
a673 1
	* lib/krb5/principal.c: Add support for parsing enterprise-names.
d675 1
a675 3
	* lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE.

	* lib/hdb/hdb-ldap.c: Make work again.
d677 1
a677 3
2007-02-11  Dave Love  <fx@@gnu.org>

	* kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value.
d679 1
a679 1
2007-02-10  Love Hrnquist strand  <lha@@it.su.se>
d681 2
a682 1
	* doc/setup.texi: prune trailing space
d684 1
a684 1
	* lib/hdb/db.c: Be better at setting and clearing error string.
d686 1
a686 1
	* lib/hdb/hdb.c: Be better at setting and clearing error string.
d688 1
a688 1
2007-02-09  Love Hrnquist strand  <lha@@it.su.se>
d690 1
a690 2
	* lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name
	to print out the keytab name.
d692 1
a692 1
	* doc/setup.texi: Spelling, from Guido Guenther
d694 1
a694 8
2007-02-08  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen.

2007-02-06  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/test_store.c (test_uint16): unsigned ints can't be
	negative
d696 2
a697 1
2007-02-03  Love Hrnquist strand  <lha@@it.su.se>
d699 1
a699 7
	* kdc/pkinit.c: pass extra flags for detached signatures.

	* lib/krb5/pkinit.c: pass extra flags for detached signatures.

	* kdc/digest.c: Remove debug output.

	* kuser/kdigest.c: Add support for ms-chap-v2 client.
d701 2
a702 7
2007-02-02  Love Hrnquist strand  <lha@@it.su.se>
		
	* kdc/digest.c: Fix ms-chap-v2 get_masterkey

	* kdc/digest.c: Fix ms-chap-v2 mutual response auth code.

	* kuser/kdigest.c: Print session key if there is one.
d704 2
a705 1
	* lib/krb5/digest.c: rename hash-a1 to session key
d707 1
a707 1
	* kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2
d709 2
a710 1
	* kuser/kdigest.c: print rsp if there is one, from Klas.
d712 2
a713 1
	* kdc/digest.c: Use right size, from Klas Lindfors.
d715 2
a716 7
	* kuser/kdigest.c: Set client nonce if avaible, from Klas.

	* kdc/digest.c: First version from kllin.

	* kuser/kdigest.c: Don't restrict the type.
	
2007-02-01  Love Hrnquist strand  <lha@@it.su.se>
d718 3
a720 6
	* kuser/kdigest-commands.in: add --client-response

	* kuser/kdigest.c: Print status instead of response.

	* kdc/digest.c: Better logging and return status = FALSE when
	checksum doesn't match.
d722 2
a723 1
	* kdc/digest.c: Check the digest response in the KDC.
d725 1
a725 6
	* lib/krb5/digest.c: New functions to send in requestResponse to
	KDC and get status of the request.

	* kdc/digest.c: Add support for MS-CHAP v2.

	* lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap.
d727 1
a727 1
2007-01-31  Love Hrnquist strand  <lha@@it.su.se>
d729 1
a729 4
	* fix-export: Make hx509.info too

	* kdc/digest.c: don't verify identifier in CHAP, its the client
	that chooses it.
d731 1
a731 3
2007-01-23  Love Hrnquist strand  <lha@@it.su.se>

	* lib/krb5/Makefile.am: Basic test of prf.
d733 2
a734 1
	* lib/krb5/test_prf.c: Basic test of prf.
d736 1
a736 2
	* lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF
	functions.
d738 1
a738 11
	* lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions.

	* lib/krb5/krb5_data.3: Document krb5_data_cmp.

	* lib/krb5/data.c: Add krb5_data_cmp.
	
2007-01-20  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/kx509.c: Don't use C99 syntax.
	
2007-01-17  Love Hrnquist strand  <lha@@it.su.se>
d740 1
a740 2
	* configure.in: its LIBADD_roken (and shouldn't really exist, our
	libtool usage it broken)
d742 1
a742 2
	* configure.in: Add an extra variable for roken, LIBADD, that
	should be used for library depencies.
d744 1
a744 1
	* lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer.
d746 3
a748 1
	* lib/krb5/krb5_init_context.3: fix mdoc errors
d750 1
a750 1
	* Heimdal 0.8 branch cut today
d752 2
a753 3
	* doc/hx509.texi: Spelling and more about proxy certificates.

	* configure.in: check for arc4random
d755 1
a755 1
2007-01-16  Love Hrnquist strand  <lha@@it.su.se>
d757 1
a757 2
	* lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data
	before starting
d759 1
a759 1
	* tools/heimdal-build.sh: make cvs keep quiet
d761 1
a761 4
	* kuser/kverify.c: Use argument as principal if passed an
	argument. Bug report from Douglas E. Engert
	
2007-01-15  Love Hrnquist strand  <lha@@it.su.se>
d763 1
a763 4
	* lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider
	the enc_tkt_in_skey case, from Douglas E. Engert.

	* kdc/kx509.c: Issue certificates.
d765 1
a765 1
	* kdc/config.c: Parse kx509/kca configuration.
d767 1
a767 1
	* kdc/kdc.h: add kx509 config
d769 1
a769 6
2007-01-14  Love Hrnquist strand  <lha@@it.su.se>
	
	* kdc/kerberos5.c (_kdc_find_padata): if there is not padata,
	there is nothing find.

	* doc/hx509.texi: Examples for pk-init.
d771 2
a772 1
	* doc/hx509.texi: About extending ca lifetime and sub cas.
d774 1
a774 5
2007-01-13  Love Hrnquist strand <lha@@it.su.se>
	
	* doc/hx509.texi: More about certificates.
	
2007-01-12  Love Hrnquist strand  <lha@@it.su.se>
d776 1
a776 2
	* doc/hx509.texi: add Application requirements and write about
	xmpp/jabber.
d778 1
a778 1
2007-01-11  Love Hrnquist strand  <lha@@it.su.se>
d780 2
a781 1
	* doc/hx509.texi: More about issuing certificates.
d783 3
a785 1
	* doc/hx509.texi: Start of a x.509 manual.
d787 1
a787 1
	* include/Makefile.am: remove install headerfiles
d789 2
a790 2
	* lib/krb5/test_pac.c: Use more interesting data to cause more
	errors.
d792 3
a794 1
	* include/Makefile.am: remove install headerfiles
d796 4
a799 1
	* lib/krb5/mcache.c: MCC_CURSOR not used, remove.
d801 3
a803 4
	* lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used

	* lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to
	allocate data
d805 1
a805 1
2007-01-10  Love Hrnquist strand  <lha@@it.su.se>
d807 1
a807 8
	* doc/setup.texi: Hint about hxtool validate.

	* appl/test/uu_server.c: print both "server" and "client"

	* kdc/krb5tgs.c: Rename keys to be more obvious what they do.

	* kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew
	Bartlett
d809 2
a810 3
	* kdc/windc.c: ident, spelling.

	* kdc/windc_plugin.h: indent.
d812 2
a813 2
	* kdc/krb5tgs.c: Pass down server entry to verify_pac function.
	from Andrew Bartlett
d815 2
a816 2
	* kdc/windc.c: pass down server entry to verify_pac function, from
	Andrew Bartlett
d818 1
a818 2
	* kdc/windc_plugin.h: pass down server entry to verify_pac
	function, from Andrew Bartlett
d820 2
a821 2
	* configure.in: Provide a automake symbol ENABLE_SHARED if shared
	libraries are built.
d823 2
a824 2
	* lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock
	when verifying the PAC.  From Andrew Bartlett.
d826 1
a826 1
2007-01-09  Love Hrnquist strand  <lha@@it.su.se>
d828 2
a829 1
	* lib/krb5/test_pac.c: move around to code test on real PAC.
d831 1
a831 2
	* lib/krb5/pac.c: A tiny 2 char diffrence that make the code work
	for real.
d833 1
a833 3
	* lib/krb5/test_pac.c: Test more PAC (note that the values used in
	this test is wrong, they have to be fixed when the pac code is
	fixed).
d835 2
a836 1
	* doc/setup.texi: Update to new hxtool issue-certificate usage
d838 2
a839 8
	* lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS
	and PK-INIT pa data, no need to expose our password protecting our
	PKCS12 key.

	* kuser/klist.c (print_cred_verbose): include ticket length in the
	verbose output
	
2007-01-08  Love Hrnquist strand  <lha@@it.su.se>
d841 1
a841 2
	* lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without
	it linux is unhappy.
d843 2
a844 2
	* lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without
	it linux is unhappy.
d846 3
a848 3
	* lib/krb5/name-45-test.c: One of the hosts I sometimes uses is
	named "bar.domain", this make one of the tests pass when it
	shouldn't.
d850 14
a863 3
2007-01-05  Love Hrnquist strand  <lha@@it.su.se>

	* doc/setup.texi: Change --key argument to --out-key.
d865 3
a867 1
	* kuser/kimpersonate.1: mangle my name
d869 2
a870 4
2007-01-04  Love Hrnquist strand  <lha@@it.su.se>
	
	* doc/setup.texi: describe how to use hx509 to create
	certificates.
d872 2
a873 1
	* tools/heimdal-build.sh: Add --distcheck.
d875 1
a875 2
	* kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check
	if we should include the PAC in the krbtgt.
d877 2
a878 2
	* kdc/pkinit.c (_kdc_as_rep): check if
	krb5_generate_random_keyblock failes.
d880 2
a881 2
	* kdc/kerberos5.c (_kdc_as_rep): check if
	krb5_generate_random_keyblock failes.
d883 3
a885 28
	* kdc/krb5tgs.c (tgs_build_reply): check if
	krb5_generate_random_keyblock failes.

	* kdc/krb5tgs.c: Scope etype.

	* lib/krb5/rd_req.c: Make it possible to turn off PAC check, its
	default on.

	* lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify
	its server signature.

	* kdc/kerberos5.c (_kdc_as_rep): call windc client access hook.
	(_kdc_tkt_add_if_relevant_ad): constify in data argument.

	* kdc/windc_plugin.h: More comments add a client_access hook.

	* kdc/windc.c: Add _kdc_windc_client_access.

	* kdc/krb5tgs.c: rename functions after export some more pac
	functions.

	* lib/krb5/test_pac.c: export some more pac functions.

	* lib/krb5/pac.c: export some more pac functions.

	* kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC.

	* configure.in: add tests/plugin/Makefile
d887 1
a887 33
2007-01-03  Love Hrnquist strand  <lha@@it.su.se>

	* kdc/krb5tgs.c: Get right key for PAC krbtgt verification.

	* kdc/config.c: spelling

	* lib/krb5/krb5.h: typedef for krb5_pac.

	* kdc/headers.h: Include <windc_plugin.h>.

	* kdc/Makefile.am: Include windc.c and use windc_plugin.h

	* kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain
	Controller.

	* kdc/kerberos5.c: Call callbacks for emulating a Windows Domain
	Controller.  Move the some of the log related stuff to its own
	function.

	* kdc/config.c: Init callbacks for emulating a Windows Domain
	Controller.

	* kdc/windc.c: Rename the init function to windc instead of pac.

	* kdc/windc.c: Callbacks specific to emulating a Windows Domain
	Controller.

	* kdc/windc_plugin.h: Callbacks specific to emulating a Windows
	Domain Controller.

	* lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ

	* lib/krb5/pac.c: Support all keyed checksum types.
d889 1
a889 1
2007-01-02  Love Hrnquist strand  <lha@@it.su.se>
d891 2
a892 1
	* lib/krb5/pac.c (krb5_pac_get_types): Return list of types.
d894 3
a896 7
	* lib/krb5/test_pac.c: test krb5_pac_get_types

	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.

	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.

	* lib/krb5/krb5.h: Add KRB5_KRBHST_KCA.
a897 9
	* lib/krb5/test_pac.c: test Add/remove pac buffer functions.

	* lib/krb5/pac.c: Add/remove pac buffer functions.

	* lib/krb5/pac.c: sprinkle const

	* lib/krb5/pac.c: rename DCHECK to CHECK
	
	* Happy New Year.
@


