12008-01-24 Love H�rnquist �strand <lha@it.su.se> 2 3 * Release 1.1 4 52008-01-21 Love H�rnquist �strand <lha@it.su.se> 6 7 * lib/krb5/get_for_creds.c: Use on variable less. 8 9 * lib/krb5/get_for_creds.c: Try to handle ticket full and 10 ticketless tickets better. Add doxygen comments while here. 11 12 * lib/krb5/test_forward.c: Used for testing 13 krb5_get_forwarded_creds(). 14 15 * lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward 16 17 * lib/krb5/Makefile.am: drop CHECK_SYMBOLS 18 19 * lib/hdb/Makefile.am: drop CHECK_SYMBOLS 20 21 * kdc/Makefile.am: drop CHECK_SYMBOLS 22 232008-01-18 Love H�rnquist �strand <lha@it.su.se> 24 25 * lib/krb5/version-script.map: Add krb5_digest_probe. 26 272008-01-13 Love H�rnquist �strand <lha@it.su.se> 28 29 * lib/krb5/pkinit.c: Replace hx509_name_to_der_name with 30 hx509_name_binary. 31 322008-01-12 Love H�rnquist �strand <lha@it.su.se> 33 34 * lib/krb5/Makefile.am: add missing files 35 362007-12-28 Love H�rnquist �strand <lha@it.su.se> 37 38 * kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the 39 type2 message. 40 412007-12-14 Love H�rnquist �strand <lha@it.su.se> 42 43 * lib/hdb/dbinfo.c: Add hdb_default_db(). 44 45 * Makefile.am: Add some extra cf/*. 46 472007-12-12 Love H�rnquist �strand <lha@it.su.se> 48 49 * kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov. 50 512007-12-09 Love H�rnquist �strand <lha@it.su.se> 52 53 * kdc/log.c: Use hdb_db_dir(). 54 55 * kpasswd/kpasswdd.c: Use hdb_db_dir(). 56 572007-12-08 Love H�rnquist �strand <lha@it.su.se> 58 59 * kdc/config.c: Use hdb_db_dir(). 60 61 * kdc/kdc_locl.h: add KDC_LOG_FILE 62 63 * kdc/hpropd.c: Use hdb_default_db(). 64 65 * kdc/kstash.c: Use hdb_db_dir(). 66 67 * kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir(). 68 69 * lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check. 70 71 * lib/krb5/verify_krb5_conf.c: Check check_pac. 72 73 * lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac 74 field in the krb5_rd_req_in_ctx 75 76 * lib/krb5/expand_hostname.c: Adapt to changing 77 dns_canonicalize_hostname into flags field. 78 79 * lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname 80 into flags field, add check-pac as an libdefaults option. 81 82 * lib/krb5/pkinit.c: Adapt to changes in hx509 interface. 83 84 * doc: add doxygen documentation to hcrypto 85 86 * doc/doxytmpl.dxy: generate links 87 882007-12-07 Love H�rnquist �strand <lha@it.su.se> 89 90 * lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h 91 92 * lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the 93 hdb database resides. 94 95 * configure.in: Add --with-hdbdir to specify where the database is 96 stored. 97 98 * lib/krb5/crypto.c: revert previous patch, the problem is located 99 in the RAND_file_name() function that will cause recursive nss 100 lookups, can't fix that here. 101 1022007-12-06 Love H�rnquist �strand <lha@it.su.se> 103 104 * lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the 105 dead-lock in by not holding the lock while running 106 RAND_file_name. Prompted by Hai Zaar. 107 108 * lib/krb5/n-fold.c: spelling 109 1102007-12-04 Love H�rnquist �strand <lha@it.su.se> 111 112 * kuser/kdigest.c (digest-probe): implement command. 113 114 * kuser/kdigest-commands.in (digest-probe): new command 115 116 * kdc/digest.c: Implement supportedMechs request. 117 118 * lib/krb5/error_string.c: Make krb5_get_error_string return an 119 allocated string to make the function indempotent. From 120 Zeqing (Fred) Xia. 121 1222007-12-03 Love H�rnquist �strand <lha@it.su.se> 123 124 * lib/krb5/krb5_locl.h (krb5_context_data): Flag if 125 default_cc_name was set by the user. 126 127 * lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate. 128 129 * kcm/acquire.c: use krb5_free_cred_contents 130 131 * kuser/kimpersonate.c: use krb5_free_cred_contents 132 133 * kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the 134 cred cache. 135 136 * lib/krb5/cache.c: Put back code that was needed, move gen_new 137 into new_unique. 138 139 * lib/krb5/mcache.c (mcc_default_name): Remove const 140 141 * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine 142 KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE 143 144 * lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the 145 default name. 146 147 * lib/krb5/kcm.c: Implement krb5_cc_ops->default_name. 148 149 * lib/krb5/mcache.c: Implement krb5_cc_ops->default_name. 150 151 * lib/krb5/fcache.c: Implement krb5_cc_ops->default_name. 152 153 * lib/krb5/krb5.h: Add krb5_cc_ops->default_name. 154 155 * lib/krb5/acache.c: Free context when done, implement 156 krb5_cc_ops->default_name. 157 158 * lib/krb5/kcm.c: implement dummy kcm_move 159 160 * lib/krb5/mcache.c: Implement the move operation. 161 162 * lib/krb5/version-script.map: export krb5_cc_move 163 164 * lib/krb5/cache.c: New function krb5_cc_move(). 165 166 * lib/krb5/fcache.c: Implement the move operation. 167 168 * lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major 169 version bump. 170 171 * lib/krb5/acache.c: Implement the move operation. Avoid using 172 cc_set_principal() since it broken on Mac OS X 10.5.0. 173 1742007-12-02 Love H�rnquist �strand <lha@it.su.se> 175 176 * lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow. 177 1782007-11-14 Love H�rnquist �strand <lha@it.su.se> 179 180 * kdc/krb5tgs.c: Should pass different key usage constants 181 depending on whether or not optional sub-session key was passed by 182 the client for the check of authorization data. The constant is 183 used to derive "specific key" and its values are specified in 184 7.5.1 of RFC4120. 185 186 Patch from Andy Polyakov. 187 188 * kdc/krb5tgs.c: Don't send auth data in referrals, microsoft 189 clients have started to not like that. Thanks to Andy Polyakov for 190 excellent research. 191 1922007-11-11 Love H�rnquist �strand <lha@it.su.se> 193 194 * lib/krb5/creds.c: use krb5_data_cmp 195 196 * lib/krb5/acache.c: use krb5_free_cred_contents 197 198 * lib/krb5/test_renew.c: use krb5_free_cred_contents 199 2002007-11-10 Love H�rnquist �strand <lha@it.su.se> 201 202 * lib/krb5/acl.c: doxygen documentation 203 204 * lib/krb5/addr_families.c: doxygen documentation 205 206 * doc: add doxygen 207 208 * lib/krb5/plugin.c: doxygen documentation 209 210 * lib/krb5/kcm.c: doxygen documentation 211 212 * lib/krb5/fcache.c: doxygen documentation 213 214 * lib/krb5/cache.c: doxygen documentations 215 216 * lib/krb5/doxygen.c: doxygen introduction 217 218 * lib/krb5/error_string.c: Doxygen documentation. 219 2202007-11-03 Love H�rnquist �strand <lha@it.su.se> 221 222 * lib/krb5/test_plugin.c: expose krb5_plugin_register 223 224 * lib/krb5/plugin.c: expose krb5_plugin_register 225 226 * lib/krb5/version-script.map: sort, expose krb5_plugin_register 227 2282007-10-24 Love H�rnquist �strand <lha@it.su.se> 229 230 * kdc/kerberos5.c: Adding same enctype is enough one time. From 231 Andy Polyakov and Bjorn Sandell. 232 2332007-10-18 Love <lha@stacken.kth.se> 234 235 * lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value 236 from krb5_cc_start_seq_get. From Zeqing (Fred) Xia 237 238 * lib/krb5/fcache.c (init_fcc): provide better error codes 239 240 * kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid 241 sending warning about pruned etypes. 242 243 * kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour 244 based) "old", this to support windows 2000 clients (unjoined to a 245 domain). From Andy Polyakov. 246 2472007-10-07 Love H�rnquist �strand <lha@it.su.se> 248 249 * doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell. 250 2512007-10-04 Love H�rnquist �strand <lha@it.su.se> 252 253 * kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA 254 Ken'ichi. 255 256 * lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is 257 NULL on failure. 258 2592007-10-03 Love H�rnquist �strand <lha@it.su.se> 260 261 * kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from 262 krb5_addr2sockaddr and igore thte test is that case. 263 2642007-09-29 Love H�rnquist �strand <lha@it.su.se> 265 266 * lib/krb5/context.c (krb5_free_context): free 267 default_cc_name_env, from Gunther Deschner. 268 2692007-08-27 Love H�rnquist �strand <lha@it.su.se> 270 271 * lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make 272 work with c++, reported by Hai Zaar 273 274 * lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar 275 2762007-08-20 Love H�rnquist �strand <lha@it.su.se> 277 278 * lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema 279 2802007-07-31 Love H�rnquist �strand <lha@it.su.se> 281 282 * check return value of alloc functions, from Charles Longeau 283 284 * lib/krb5/principal.c: spelling. 285 286 * kadmin/kadmin.8: spelling 287 288 * lib/krb5/crypto.c: Check return values from alloc 289 functions. Prompted by patch of Charles Longeau. 290 291 * lib/krb5/n-fold.c: Make _krb5_n_fold return a error 292 code. Prompted by patch of Charles Longeau. 293 2942007-07-27 Love H�rnquist �strand <lha@it.su.se> 295 296 * lib/krb5/init_creds.c: Always set the ticket options, use 297 KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset 298 tri-state not so useful. 299 3002007-07-24 Love H�rnquist �strand <lha@it.su.se> 301 302 * tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of 303 libraries. 304 305 * tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in 306 heimdal. 307 308 * tools/Makefile.am: Add heimdal-gssapi.pc and install it into 309 $(libdir)/pkgconfig 310 3112007-07-23 Love H�rnquist �strand <lha@it.su.se> 312 313 * lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default. 314 3152007-07-22 Love H�rnquist �strand <lha@it.su.se> 316 317 * lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as 318 key if the entry is a correct entry. 319 320 * lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from 321 Gunther Deschner. 322 323 * lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS. 324 325 * lib/krb5/test_renew.c: Test for krb5_get_renewed_creds. 326 3272007-07-21 Love H�rnquist �strand <lha@it.su.se> 328 329 * lib/hdb/keys.c: Make parse_key_set handle key set string "v5", 330 from Peter Meinecke. 331 332 * kdc/kaserver.c: Don't ovewrite the error code, from Peter 333 Meinecke. 334 3352007-07-18 Love H�rnquist �strand <lha@it.su.se> 336 337 * TODO-1.0: remove 338 339 * Makefile.am: remove TODO-1.0 340 3412007-07-17 Love H�rnquist �strand <lha@it.su.se> 342 343 * Heimdal 1.0 release branch cut here 344 345 * doc/hx509.texi: use version.texi 346 347 * doc/heimdal.texi: use version.texi 348 349 * doc/version.texi: version.texi 350 351 * lib/hdb/db3.c: avoid type-punned pointer warning. 352 353 * kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to 354 please OpenSSL and gcc. 355 356 * kdc/digest.c: Use unsigned char * as argument to MD5_Update to 357 please OpenSSL and gcc. 358 3592007-07-16 Love H�rnquist �strand <lha@it.su.se> 360 361 * include/Makefile.am: Add krb_err.h. 362 363 * kdc/set_dbinfo.c: Print acl file too. 364 365 * kdc/kerberos4.c: Error codes are just fine, remove XXX now. 366 367 * lib/krb5/krb5-v4compat.h: Drop duplicate error codes. 368 369 * kdc/kerberos4.c: switch to ET errors. 370 371 * lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ. 372 373 * lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the 374 et BASE. 375 3762007-07-15 Love H�rnquist �strand <lha@it.su.se> 377 378 * lib/krb5/krb5-v4compat.h: Include "krb_err.h". 379 380 * lib/krb5/v4_glue.c: return more interesting error codes. 381 382 * lib/krb5/plugin.c: Prefix enum plugin_type. 383 384 * lib/krb5/krb5_locl.h: Expose plugin structures. 385 386 * lib/krb5/krb5.h: Add plugin structures. 387 388 * lib/krb5/krb_err.et: V4 errors. 389 390 * lib/krb5/version-script.map: First version of version script. 391 3922007-07-13 Love H�rnquist �strand <lha@it.su.se> 393 394 * kdc/kerberos5.c: Java 1.6 expects the name to be the same type, 395 lets allow that for uncomplicated name-types. 396 3972007-07-12 Love H�rnquist �strand <lha@it.su.se> 398 399 * lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains 400 address 0, its ticket less and don't really care about 401 from_addr. return better error codes. 402 403 * kpasswd/kpasswdd.c: Fix pointer vs strict alias rules. 404 4052007-07-11 Love H�rnquist �strand <lha@it.su.se> 406 407 * lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding 408 more then one enctype 23 to krb5EncryptionType. 409 410 * lib/krb5/cache.c: Spelling. 411 412 * kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO. 413 (get_pa_etype_info2): return the enctypes as sorted in the 414 database 415 4162007-07-10 Love H�rnquist �strand <lha@it.su.se> 417 418 * kuser/kinit.c: krb5-v4compat.h defines prototypes for 419 v4 (semiprivate functions) in libkrb5, don't include 420 krb5-private.h any longer. 421 422 * lib/krb5/krbhst.c: Set error string when there is no KDC for a 423 realm. 424 425 * lib/krb5/Makefile.am: New library version. 426 427 * kdc/Makefile.am: New library version. 428 429 * lib/krb5/krb5_locl.h: Add default_cc_name_env. 430 431 * lib/krb5/cache.c (enviroment_changed): return non-zero if 432 enviroment that will determine default krb5cc name has changed. 433 (krb5_cc_default_name): also check if cached value is uptodate. 434 435 * lib/krb5/krb5_locl.h: Drop pkinit_flags. 436 4372007-07-05 Love H�rnquist �strand <lha@it.su.se> 438 439 * configure.in: add tests/java/Makefile 440 441 * lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file. 442 4432007-07-04 Love H�rnquist �strand <lha@it.su.se> 444 445 * kdc/kerberos5.c: Improve the default salt detection to avoid 446 returning v4 password salting to java that doesn't look at the 447 returning padata for salting. 448 449 * kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett 450 4512007-07-02 Love H�rnquist �strand <lha@it.su.se> 452 453 * kdc/digest.c: Try harder to provide better error message for 454 digest messages. 455 456 * lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on 457 krb5-pr*.h, make -j finds this. 458 4592007-06-28 Love H�rnquist �strand <lha@it.su.se> 460 461 * kdc/digest.c: On success, print username, not ip-adress. 462 4632007-06-26 Love H�rnquist �strand <lha@it.su.se> 464 465 * lib/krb5/get_cred.c: Add krb5_get_renewed_creds. 466 467 * lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds 468 469 * lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo. 470 4712007-06-25 Love H�rnquist �strand <lha@it.su.se> 472 473 * doc/setup.texi: Add example for pkinit_win2k_require_binding 474 in [kdc] section. 475 476 * kdc/default_config.c: Rename require_binding to 477 win2k_require_binding to match client configuration. 478 479 * kdc/default_config.c: Add [kdc]pkinit_require_binding option. 480 481 * kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply 482 if its not required. 483 484 * kdc/default_config.c: rename pkinit_princ_in_cert and add 485 pkinit_require_binding 486 487 * kdc/kdc.h: rename pkinit_princ_in_cert and add 488 pkinit_require_binding 489 490 * kdc/pkinit.c: rename pkinit_princ_in_cert 491 4922007-06-24 Love H�rnquist �strand <lha@it.su.se> 493 494 * lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change. 495 4962007-06-21 Love H�rnquist �strand <lha@it.su.se> 497 498 * kdc/krb5tgs.c: Drop unused variable. 499 500 * kdc/krb5tgs.c: disable anonyous tgs requests 501 502 * kdc/krb5tgs.c: Don't check PAC on cross realm for now. 503 504 * kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse 505 nametypes. 506 507 * lib/krb5/krb5_principal.3: Document krb5_parse_nametype. 508 509 * lib/krb5/principal.c (krb5_parse_nametype): parse nametype and 510 return their integer values. 511 512 * lib/krb5/krb5.h (krb5_get_creds): Add 513 KRB5_GC_CONSTRAINED_DELEGATION. 514 515 * lib/krb5/get_cred.c (krb5_get_creds): if 516 KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous 517 and constrained_delegation. 518 5192007-06-20 Love H�rnquist �strand <lha@it.su.se> 520 521 * kdc/digest.c: Return an error message instead of dropping the 522 packet for more failure cases. 523 524 * lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY. 525 526 * appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more 527 gracefully 528 5292007-06-18 Love H�rnquist �strand <lha@it.su.se> 530 531 * lib/krb5/pac.c: make compile. 532 533 * lib/krb5/pac.c (verify_checksum): memset cksum to avoid using 534 pointer from stack. 535 536 * lib/krb5/plugin.c: Don't expose free pointer. 537 538 * lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first 539 calloc. 540 541 * lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory 542 543 * lib/krb5/krbhst.c: Host is static memory, don't free. 544 545 * lib/krb5/crypto.c (decrypt_internal_derived): make sure length 546 is longer then confounder + checksum. 547 548 * kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from 549 users. This to allows libkdc users to to specify their own 550 databases 551 552 * lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of 553 content data (and avoid leaking memory). 554 555 * kdc/misc.c (_kdc_db_fetch): set error string for failures. 556 5572007-06-15 Love H�rnquist �strand <lha@it.su.se> 558 559 * kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS. 560 5612007-06-13 Love H�rnquist �strand <lha@it.su.se> 562 563 * kdc/pkinit.c: tell user when they got a pk-init request with 564 pkinit disabled. 565 5662007-06-12 Love H�rnquist �strand <lha@it.su.se> 567 568 * lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to 569 UNPARSE_DISPLAY. 570 571 * lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY. 572 573 * lib/krb5/principal.c: Make no-quote mean replace strange chars 574 with space. 575 576 * lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. 577 578 * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. 579 580 * lib/krb5/test_princ.c: Test quoteing. 581 582 * lib/krb5/pkinit.c: update (c) 583 584 * lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC. 585 586 * lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole 587 process needs to restart or just skip this KDC. 588 589 * lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to 590 KDC. 591 592 * lib/krb5/krb5.h: Add sendto hooks and opaque structure. 593 594 * lib/krb5/krb5_rd_error.3: Update prototype. 595 596 * lib/krb5/send_to_kdc.c: Add hooks for processing the reply from 597 the server. 598 5992007-06-11 Love H�rnquist �strand <lha@it.su.se> 600 601 * lib/krb5/krb5_err.et: Some new error codes from RFC 4120. 602 6032007-06-09 Love H�rnquist �strand <lha@it.su.se> 604 605 * kdc/krb5tgs.c: Constify. 606 607 * kdc/kerberos5.c: Constify. 608 609 * kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify. 610 6112007-06-08 Love H�rnquist �strand <lha@it.su.se> 612 613 * include/Makefile.am: Make krb5-types.h nodist_include_HEADERS. 614 615 * kdc/Makefile.am: EXTRA_DIST += version-script.map. 616 6172007-06-07 Love H�rnquist �strand <lha@it.su.se> 618 619 * Makefile.am (print-distdir): print name of dist 620 621 * kdc/pkinit.c: Break out loading of mappings file to a separate 622 function and remove warning that it can't open the mapping file, 623 there are now mappings in the db, maybe the users uses that 624 instead... 625 626 * lib/krb5/crypto.c: Require the raw key have the correct size and 627 do away with the minsize. Minsize was a thing that originated 628 from RC2, but since RC2 is done in the x509/cms subsystem now 629 there is no need to keep that around. 630 631 * lib/hdb/dbinfo.c: If there is no default dbname, also check for 632 unset mkey_file and set it default mkey name, make backward compat 633 stuff work. 634 635 * kdc/version-script.map: add new symbols 636 637 * kdc/kdc-replay.c: Also update krb5_context view of what the time 638 is. 639 640 * configure.in: add tests/can/Makefile 641 642 * kdc/kdc-replay.c: Add --[version|help]. 643 644 * kdc/pkinit.c: Push down the kdc time into the x509 library. 645 646 * kdc/connect.c: Move up krb5_kdc_save_request so we can catch the 647 reply data too. 648 649 * kdc/kdc-replay.c: verify reply by checking asn1 class, type and 650 tag of the reply if there is one. 651 652 * kdc/process.c: Save asn1 class, type and tag of the reply if 653 there is one. Used to verify the reply in kdc-replay. 654 6552007-06-06 Love H�rnquist �strand <lha@it.su.se> 656 657 * kdc/kdc_locl.h: extern for request_log. 658 659 * kdc/Makefile.am: Add kdc-replay. 660 661 * kdc/kdc-replay.c: Replay kdc messages to the KDC library. 662 663 * kdc/config.c: Pick up request_log from [kdc]kdc-request-log. 664 665 * kdc/connect.c: Option to save the request to disk. 666 667 * kdc/process.c (krb5_kdc_save_request): save request to file. 668 669 * kdc/process.c (krb5_kdc_process*): dont update _kdc_time 670 automagicly. 671 (krb5_kdc_update_time): set or get current kdc-time. 672 673 * kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and 674 pkauthdata as the signeddata oid 675 676 * kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong. 677 6782007-06-05 Love H�rnquist �strand <lha@it.su.se> 679 680 * kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to 681 match windows DC behavior better. 682 6832007-06-04 Love H�rnquist �strand <lha@it.su.se> 684 685 * configure.in: use test for -framework Security 686 687 * appl/test/uu_server.c: Print status to stdout. 688 689 * kdc/digest.c (digest ntlm): provide log entires by setting ret 690 to an error. 691 6922007-06-03 Love H�rnquist �strand <lha@it.su.se> 693 694 * doc/hx509.texi: Indent crl-sign. 695 696 * doc/hx509.texi: One more crl-sign example. 697 698 * lib/krb5/test_princ.c: plug memory leaks. 699 700 * lib/krb5/pac.c: plug memory leaks. 701 702 * lib/krb5/test_pac.c: plug memory leaks. 703 704 * lib/krb5/test_prf.c: plug memory leak. 705 706 * lib/krb5/test_cc.c: plug memory leaks. 707 708 * doc/hx509.texi: Simple blob about publishing CRLs. 709 710 * doc/win2k.texi: drop text about enctypes. 711 7122007-06-02 Love H�rnquist �strand <lha@it.su.se> 713 714 * kdc/pkinit.c: In case of OCSP verification failure, referash 715 every 5 min. In case of success, refreash 2 min before expiring or 716 faster. 717 7182007-05-31 Love H�rnquist �strand <lha@it.su.se> 719 720 * lib/krb5/krb5_err.et: add error 68, WRONG_REALM 721 722 * kdc/pkinit.c: Handle the ms san in a propper way, still cheat 723 with the realm name. 724 725 * kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out 726 directly and hand the error back to the client. 727 728 * lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE 729 and fix error message for CLIENT_NAME_MISMATCH. 730 731 * kdc/pkinit.c: More logging for pk-init client mismatch. 732 733 * kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for 734 windows pk-init (-9) to make MIT clients happy. 735 7362007-05-30 Love H�rnquist �strand <lha@it.su.se> 737 738 * kdc/pkinit.c: Force des3 for win2k. 739 740 * kdc/pkinit.c: Add wrapping to ContentInfo wrapping to 741 COMPAT_WIN2K. 742 743 * lib/krb5/keytab_keyfile.c: Spelling. 744 745 * kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta 746 doesn't deal with case of realm. 747 7482007-05-16 Love H�rnquist �strand <lha@it.su.se> 749 750 * lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead 751 of encryption. 752 7532007-05-10 Dave Love <fx@gnu.org> 754 755 * doc/win2k.texi: Update some URLs. 756 7572007-05-13 Love H�rnquist �strand <lha@it.su.se> 758 759 * kuser/kimpersonate.c: Fix version number of ticket, it should be 760 5 not the kvno. 761 7622007-05-08 Love H�rnquist �strand <lha@it.su.se> 763 764 * doc/setup.texi: Salting is really Encryption types and salting. 765 7662007-05-07 Love H�rnquist �strand <lha@it.su.se> 767 768 * doc/setup.texi: spelling, from Ronny Blomme 769 770 * doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny 771 Blomme 772 7732007-05-02 Love H�rnquist �strand <lha@it.su.se> 774 775 * lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database 776 specified, create one and let it use the defaults. 777 7782007-04-27 Love H�rnquist �strand <lha@it.su.se> 779 780 * lib/hdb/test_dbinfo.c: test acl file 781 782 * lib/hdb/test_dbinfo.c: test acl file 783 784 * lib/hdb/dbinfo.c: add acl file 785 786 * etc: ignore Makefile.in 787 788 * Makefile.am: SUBDIRS += etc 789 790 * configure.in: Add etc/Makefile. 791 792 * etc/Makefile.am: make sure services.append is distributed 793 7942007-04-24 Love H�rnquist �strand <lha@it.su.se> 795 796 * kdc: rename windc_init to krb5_kdc_windc_init 797 798 * kdc/version-script.map: version script for libkdc 799 800 * kdc/Makefile.am: version script for libkdc 801 8022007-04-23 Love H�rnquist �strand <lha@it.su.se> 803 804 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): 805 correct the order of the arguments. 806 807 * lib/hdb/Makefile.am: Add and test dbinfo. 808 809 * lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo; 810 811 * kdc/config.c: Use krb5_kdc_get_config and just fill in what the 812 users wanted differently. 813 814 * kdc/default_config.c: Make the default configuration fetch info 815 from the krb5.conf. 816 8172007-04-22 Love H�rnquist �strand <lha@it.su.se> 818 819 * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to 820 determine if to send the session-key, for the second place in the 821 function. 822 823 * tools/krb5-config.in: rename des to hcrypto 824 825 * kuser/Makefile.am: depend on libheimntlm 826 827 * kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for 828 this domain if the Kerberos password auth worked. 829 830 * kuser/klist.c: add new option --hidden that doesn't display 831 principal that starts with @ 832 833 * tools/krb5-config.in: Add heimntlm when we use gssapi. 834 835 * lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to 836 free 'cred' with. 837 838 * lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free 839 'cred' with. 840 8412007-04-21 Love H�rnquist �strand <lha@it.su.se> 842 843 * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to 844 determine if to send the session-key. 845 846 * kcm/client.c (kcm_ccache_new_client): make root be able to pass 847 the name constraints, not the opposite. From Bryan Jacobs. 848 8492007-04-20 Love H�rnquist �strand <lha@it.su.se> 850 851 * kcm/acl.c: make compile again. 852 853 * kcm/client.c: fix warning. 854 855 * kcm: First, it allows root to ignore the naming conventions. 856 Second, it allows root to always perform any operation on any 857 ccache. Note that root could do this anyway with FILE ccaches. 858 From Bryan Jacobs. 859 860 * Rename libdes to libhcrypto. 861 8622007-04-19 Love H�rnquist �strand <lha@it.su.se> 863 864 * kinit: remove code that depend on kerberos 4 library 865 866 * kdc: remove code that depend on kerberos 4 library 867 868 * configure.in: Drop kerberos 4 support. 869 870 * kdc/hpropd.c (main): free the message when done with it. 871 872 * lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit): 873 remember to free memory too. 874 875 * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when 876 done. 877 878 * configure.in: test rk_VERSIONSCRIPT 879 8802007-04-18 Love H�rnquist �strand <lha@it.su.se> 881 882 * fix-export: remove, all done by make dist now 883 8842007-04-15 Love H�rnquist �strand <lha@it.su.se> 885 886 * lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre 887 8882007-04-11 Love H�rnquist �strand <lha@it.su.se> 889 890 * kdc/kstash.8: Spelling, from raga <raga@comcast.net> 891 via Bjorn Sandell. 892 893 * lib/krb5/store_mem.c: indent. 894 895 * lib/krb5/recvauth.c: Set error string. 896 897 * lib/krb5/rd_req.c: clear error strings. 898 899 * lib/krb5/rd_cred.c: clear error string. 900 901 * lib/krb5/pkinit.c: Set error strings. 902 903 * lib/krb5/get_cred.c: Tell what principal we are not finding for 904 all KRB5_CC_NOTFOUND. 905 9062007-02-22 Love H�rnquist �strand <lha@it.su.se> 907 908 * kdc/kerberos5.c: Return the same error codes as a windows KDC. 909 910 * kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password 911 failed. 912 913 * kdc/kerberos5.c: Make handling of replying e_data more generic, 914 from metze. 915 916 * kdc/kerberos5.c: Fix (string const and shadow) warnings, from 917 metze. 918 919 * lib/krb5/pac.c: Create the PAC element in the same order as 920 w2k3, maybe there's some broken code in windows which relies on 921 this... From metze. 922 923 * kdc/kerberos5.c: Select a session enctype from the list of the 924 crypto systems supported enctype, is supported by the client and 925 is one of the enctype of the enctype of the krbtgt. 926 927 The later is used as a hint what enctype all KDC are supporting to 928 make sure a newer version of KDC wont generate a session enctype 929 that and older version of a KDC in the same realm can't decrypt. 930 931 But if the KDC admin is paranoid and doesn't want to have "no the 932 best" enctypes on the krbtgt, lets save the best pick from the 933 client list and hope that that will work for any other KDCs. 934 935 Reported by metze. 936 937 * kdc/hprop.c (propagate_database): on any failure, drop the 938 connection to the peer and try next one. 939 9402007-02-18 Love H�rnquist �strand <lha@it.su.se> 941 942 * lib/krb5/krb5_get_init_creds.3: document new options. 943 944 * kdc/krb5tgs.c: Only check service key for cross realm PACs. 945 946 * lib/krb5/init_creds.c: use the new merged flags field. 947 (krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k 948 compat flags. 949 950 * lib/krb5/init_creds_pw.c: use the new merged flags field. 951 952 * lib/krb5/krb5_locl.h: merge all flags into one entity 953 9542007-02-11 Dave Love <fx@gnu.org> 955 956 * lib/krb5/krb5_aname_to_localname.3: Small fixes 957 958 * lib/krb5/krb5_digest.3: Small fixes 959 960 * kuser/kimpersonate.1: Small fixes 961 9622007-02-17 Love H�rnquist �strand <lha@it.su.se> 963 964 * lib/krb5/init_creds_pw.c (find_pa_data): if there is no list, 965 there is no entry. 966 967 * kdc/krb5tgs.c: Don't check PACs on cross realm requests. 968 969 * lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES. 970 971 * lib/krb5/init_creds_pw.c: Verify client referral data. 972 973 * kdc/kerberos5.c: switch some "return ret" to "goto out". 974 975 * kdc/kerberos5.c: Pass down canonicalize request to hdb layer, 976 sign client referrals. 977 978 * lib/hdb/hdb.h: Add HDB_F_CANON. 979 980 * lib/hdb: add simple alias support to the database backends 981 9822007-02-16 Love H�rnquist �strand <lha@it.su.se> 983 984 * kuser/kinit.c: Add canonicalize flag. 985 986 * lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support 987 canonicalize. 988 989 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize): 990 new function. 991 992 * lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags. 993 994 * lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags. 995 996 * lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags. 997 9982007-02-15 Love H�rnquist �strand <lha@it.su.se> 999 1000 * lib/krb5/test_princ.c: test parsing enterprise-names. 1001 1002 * lib/krb5/principal.c: Add support for parsing enterprise-names. 1003 1004 * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE. 1005 1006 * lib/hdb/hdb-ldap.c: Make work again. 1007 10082007-02-11 Dave Love <fx@gnu.org> 1009 1010 * kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value. 1011 10122007-02-10 Love H�rnquist �strand <lha@it.su.se> 1013 1014 * doc/setup.texi: prune trailing space 1015 1016 * lib/hdb/db.c: Be better at setting and clearing error string. 1017 1018 * lib/hdb/hdb.c: Be better at setting and clearing error string. 1019 10202007-02-09 Love H�rnquist �strand <lha@it.su.se> 1021 1022 * lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name 1023 to print out the keytab name. 1024 1025 * doc/setup.texi: Spelling, from Guido Guenther 1026 10272007-02-08 Love H�rnquist �strand <lha@it.su.se> 1028 1029 * lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen. 1030 10312007-02-06 Love H�rnquist �strand <lha@it.su.se> 1032 1033 * lib/krb5/test_store.c (test_uint16): unsigned ints can't be 1034 negative 1035 10362007-02-03 Love H�rnquist �strand <lha@it.su.se> 1037 1038 * kdc/pkinit.c: pass extra flags for detached signatures. 1039 1040 * lib/krb5/pkinit.c: pass extra flags for detached signatures. 1041 1042 * kdc/digest.c: Remove debug output. 1043 1044 * kuser/kdigest.c: Add support for ms-chap-v2 client. 1045 10462007-02-02 Love H�rnquist �strand <lha@it.su.se> 1047 1048 * kdc/digest.c: Fix ms-chap-v2 get_masterkey 1049 1050 * kdc/digest.c: Fix ms-chap-v2 mutual response auth code. 1051 1052 * kuser/kdigest.c: Print session key if there is one. 1053 1054 * lib/krb5/digest.c: rename hash-a1 to session key 1055 1056 * kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2 1057 1058 * kuser/kdigest.c: print rsp if there is one, from Klas. 1059 1060 * kdc/digest.c: Use right size, from Klas Lindfors. 1061 1062 * kuser/kdigest.c: Set client nonce if avaible, from Klas. 1063 1064 * kdc/digest.c: First version from kllin. 1065 1066 * kuser/kdigest.c: Don't restrict the type. 1067 10682007-02-01 Love H�rnquist �strand <lha@it.su.se> 1069 1070 * kuser/kdigest-commands.in: add --client-response 1071 1072 * kuser/kdigest.c: Print status instead of response. 1073 1074 * kdc/digest.c: Better logging and return status = FALSE when 1075 checksum doesn't match. 1076 1077 * kdc/digest.c: Check the digest response in the KDC. 1078 1079 * lib/krb5/digest.c: New functions to send in requestResponse to 1080 KDC and get status of the request. 1081 1082 * kdc/digest.c: Add support for MS-CHAP v2. 1083 1084 * lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap. 1085 10862007-01-31 Love H�rnquist �strand <lha@it.su.se> 1087 1088 * fix-export: Make hx509.info too 1089 1090 * kdc/digest.c: don't verify identifier in CHAP, its the client 1091 that chooses it. 1092 10932007-01-23 Love H�rnquist �strand <lha@it.su.se> 1094 1095 * lib/krb5/Makefile.am: Basic test of prf. 1096 1097 * lib/krb5/test_prf.c: Basic test of prf. 1098 1099 * lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF 1100 functions. 1101 1102 * lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions. 1103 1104 * lib/krb5/krb5_data.3: Document krb5_data_cmp. 1105 1106 * lib/krb5/data.c: Add krb5_data_cmp. 1107 11082007-01-20 Love H�rnquist �strand <lha@it.su.se> 1109 1110 * kdc/kx509.c: Don't use C99 syntax. 1111 11122007-01-17 Love H�rnquist �strand <lha@it.su.se> 1113 1114 * configure.in: its LIBADD_roken (and shouldn't really exist, our 1115 libtool usage it broken) 1116 1117 * configure.in: Add an extra variable for roken, LIBADD, that 1118 should be used for library depencies. 1119 1120 * lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer. 1121 1122 * lib/krb5/krb5_init_context.3: fix mdoc errors 1123 1124 * Heimdal 0.8 branch cut today 1125 1126 * doc/hx509.texi: Spelling and more about proxy certificates. 1127 1128 * configure.in: check for arc4random 1129 11302007-01-16 Love H�rnquist �strand <lha@it.su.se> 1131 1132 * lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data 1133 before starting 1134 1135 * tools/heimdal-build.sh: make cvs keep quiet 1136 1137 * kuser/kverify.c: Use argument as principal if passed an 1138 argument. Bug report from Douglas E. Engert 1139 11402007-01-15 Love H�rnquist �strand <lha@it.su.se> 1141 1142 * lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider 1143 the enc_tkt_in_skey case, from Douglas E. Engert. 1144 1145 * kdc/kx509.c: Issue certificates. 1146 1147 * kdc/config.c: Parse kx509/kca configuration. 1148 1149 * kdc/kdc.h: add kx509 config 1150 11512007-01-14 Love H�rnquist �strand <lha@it.su.se> 1152 1153 * kdc/kerberos5.c (_kdc_find_padata): if there is not padata, 1154 there is nothing find. 1155 1156 * doc/hx509.texi: Examples for pk-init. 1157 1158 * doc/hx509.texi: About extending ca lifetime and sub cas. 1159 11602007-01-13 Love H�rnquist �strand <lha@it.su.se> 1161 1162 * doc/hx509.texi: More about certificates. 1163 11642007-01-12 Love H�rnquist �strand <lha@it.su.se> 1165 1166 * doc/hx509.texi: add Application requirements and write about 1167 xmpp/jabber. 1168 11692007-01-11 Love H�rnquist �strand <lha@it.su.se> 1170 1171 * doc/hx509.texi: More about issuing certificates. 1172 1173 * doc/hx509.texi: Start of a x.509 manual. 1174 1175 * include/Makefile.am: remove install headerfiles 1176 1177 * lib/krb5/test_pac.c: Use more interesting data to cause more 1178 errors. 1179 1180 * include/Makefile.am: remove install headerfiles 1181 1182 * lib/krb5/mcache.c: MCC_CURSOR not used, remove. 1183 1184 * lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used 1185 1186 * lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to 1187 allocate data 1188 11892007-01-10 Love H�rnquist �strand <lha@it.su.se> 1190 1191 * doc/setup.texi: Hint about hxtool validate. 1192 1193 * appl/test/uu_server.c: print both "server" and "client" 1194 1195 * kdc/krb5tgs.c: Rename keys to be more obvious what they do. 1196 1197 * kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew 1198 Bartlett 1199 1200 * kdc/windc.c: ident, spelling. 1201 1202 * kdc/windc_plugin.h: indent. 1203 1204 * kdc/krb5tgs.c: Pass down server entry to verify_pac function. 1205 from Andrew Bartlett 1206 1207 * kdc/windc.c: pass down server entry to verify_pac function, from 1208 Andrew Bartlett 1209 1210 * kdc/windc_plugin.h: pass down server entry to verify_pac 1211 function, from Andrew Bartlett 1212 1213 * configure.in: Provide a automake symbol ENABLE_SHARED if shared 1214 libraries are built. 1215 1216 * lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock 1217 when verifying the PAC. From Andrew Bartlett. 1218 12192007-01-09 Love H�rnquist �strand <lha@it.su.se> 1220 1221 * lib/krb5/test_pac.c: move around to code test on real PAC. 1222 1223 * lib/krb5/pac.c: A tiny 2 char diffrence that make the code work 1224 for real. 1225 1226 * lib/krb5/test_pac.c: Test more PAC (note that the values used in 1227 this test is wrong, they have to be fixed when the pac code is 1228 fixed). 1229 1230 * doc/setup.texi: Update to new hxtool issue-certificate usage 1231 1232 * lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS 1233 and PK-INIT pa data, no need to expose our password protecting our 1234 PKCS12 key. 1235 1236 * kuser/klist.c (print_cred_verbose): include ticket length in the 1237 verbose output 1238 12392007-01-08 Love H�rnquist �strand <lha@it.su.se> 1240 1241 * lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without 1242 it linux is unhappy. 1243 1244 * lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without 1245 it linux is unhappy. 1246 1247 * lib/krb5/name-45-test.c: One of the hosts I sometimes uses is 1248 named "bar.domain", this make one of the tests pass when it 1249 shouldn't. 1250 12512007-01-05 Love H�rnquist �strand <lha@it.su.se> 1252 1253 * doc/setup.texi: Change --key argument to --out-key. 1254 1255 * kuser/kimpersonate.1: mangle my name 1256 12572007-01-04 Love H�rnquist �strand <lha@it.su.se> 1258 1259 * doc/setup.texi: describe how to use hx509 to create 1260 certificates. 1261 1262 * tools/heimdal-build.sh: Add --distcheck. 1263 1264 * kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check 1265 if we should include the PAC in the krbtgt. 1266 1267 * kdc/pkinit.c (_kdc_as_rep): check if 1268 krb5_generate_random_keyblock failes. 1269 1270 * kdc/kerberos5.c (_kdc_as_rep): check if 1271 krb5_generate_random_keyblock failes. 1272 1273 * kdc/krb5tgs.c (tgs_build_reply): check if 1274 krb5_generate_random_keyblock failes. 1275 1276 * kdc/krb5tgs.c: Scope etype. 1277 1278 * lib/krb5/rd_req.c: Make it possible to turn off PAC check, its 1279 default on. 1280 1281 * lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify 1282 its server signature. 1283 1284 * kdc/kerberos5.c (_kdc_as_rep): call windc client access hook. 1285 (_kdc_tkt_add_if_relevant_ad): constify in data argument. 1286 1287 * kdc/windc_plugin.h: More comments add a client_access hook. 1288 1289 * kdc/windc.c: Add _kdc_windc_client_access. 1290 1291 * kdc/krb5tgs.c: rename functions after export some more pac 1292 functions. 1293 1294 * lib/krb5/test_pac.c: export some more pac functions. 1295 1296 * lib/krb5/pac.c: export some more pac functions. 1297 1298 * kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC. 1299 1300 * configure.in: add tests/plugin/Makefile 1301 13022007-01-03 Love H�rnquist �strand <lha@it.su.se> 1303 1304 * kdc/krb5tgs.c: Get right key for PAC krbtgt verification. 1305 1306 * kdc/config.c: spelling 1307 1308 * lib/krb5/krb5.h: typedef for krb5_pac. 1309 1310 * kdc/headers.h: Include <windc_plugin.h>. 1311 1312 * kdc/Makefile.am: Include windc.c and use windc_plugin.h 1313 1314 * kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain 1315 Controller. 1316 1317 * kdc/kerberos5.c: Call callbacks for emulating a Windows Domain 1318 Controller. Move the some of the log related stuff to its own 1319 function. 1320 1321 * kdc/config.c: Init callbacks for emulating a Windows Domain 1322 Controller. 1323 1324 * kdc/windc.c: Rename the init function to windc instead of pac. 1325 1326 * kdc/windc.c: Callbacks specific to emulating a Windows Domain 1327 Controller. 1328 1329 * kdc/windc_plugin.h: Callbacks specific to emulating a Windows 1330 Domain Controller. 1331 1332 * lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ 1333 1334 * lib/krb5/pac.c: Support all keyed checksum types. 1335 13362007-01-02 Love H�rnquist �strand <lha@it.su.se> 1337 1338 * lib/krb5/pac.c (krb5_pac_get_types): Return list of types. 1339 1340 * lib/krb5/test_pac.c: test krb5_pac_get_types 1341 1342 * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA. 1343 1344 * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA. 1345 1346 * lib/krb5/krb5.h: Add KRB5_KRBHST_KCA. 1347 1348 * lib/krb5/test_pac.c: test Add/remove pac buffer functions. 1349 1350 * lib/krb5/pac.c: Add/remove pac buffer functions. 1351 1352 * lib/krb5/pac.c: sprinkle const 1353 1354 * lib/krb5/pac.c: rename DCHECK to CHECK 1355 1356 * Happy New Year. 1357