12007-12-28 Love Hörnquist Åstrand <lha@it.su.se> 2 3 * kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the 4 type2 message. 5 62007-12-14 Love Hörnquist Åstrand <lha@it.su.se> 7 8 * lib/hdb/dbinfo.c: Add hdb_default_db(). 9 10 * Makefile.am: Add some extra cf/*. 11 122007-12-12 Love Hörnquist Åstrand <lha@it.su.se> 13 14 * kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov. 15 162007-12-09 Love Hörnquist Åstrand <lha@it.su.se> 17 18 * kdc/log.c: Use hdb_db_dir(). 19 20 * kpasswd/kpasswdd.c: Use hdb_db_dir(). 21 222007-12-08 Love Hörnquist Åstrand <lha@it.su.se> 23 24 * kdc/config.c: Use hdb_db_dir(). 25 26 * kdc/kdc_locl.h: add KDC_LOG_FILE 27 28 * kdc/hpropd.c: Use hdb_default_db(). 29 30 * kdc/kstash.c: Use hdb_db_dir(). 31 32 * kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir(). 33 34 * lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check. 35 36 * lib/krb5/verify_krb5_conf.c: Check check_pac. 37 38 * lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac 39 field in the krb5_rd_req_in_ctx 40 41 * lib/krb5/expand_hostname.c: Adapt to changing 42 dns_canonicalize_hostname into flags field. 43 44 * lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname 45 into flags field, add check-pac as an libdefaults option. 46 47 * lib/krb5/pkinit.c: Adapt to changes in hx509 interface. 48 49 * doc: add doxygen documentation to hcrypto 50 51 * doc/doxytmpl.dxy: generate links 52 532007-12-07 Love Hörnquist Åstrand <lha@it.su.se> 54 55 * lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h 56 57 * lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the 58 hdb database resides. 59 60 * configure.in: Add --with-hdbdir to specify where the database is 61 stored. 62 63 * lib/krb5/crypto.c: revert previous patch, the problem is located 64 in the RAND_file_name() function that will cause recursive nss 65 lookups, can't fix that here. 66 672007-12-06 Love Hörnquist Åstrand <lha@it.su.se> 68 69 * lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the 70 dead-lock in by not holding the lock while running 71 RAND_file_name. Prompted by Hai Zaar. 72 73 * lib/krb5/n-fold.c: spelling 74 752007-12-04 Love Hörnquist Åstrand <lha@it.su.se> 76 77 * kuser/kdigest.c (digest-probe): implement command. 78 79 * kuser/kdigest-commands.in (digest-probe): new command 80 81 * kdc/digest.c: Implement supportedMechs request. 82 83 * lib/krb5/error_string.c: Make krb5_get_error_string return an 84 allocated string to make the function indempotent. From 85 Zeqing (Fred) Xia. 86 872007-12-03 Love Hörnquist Åstrand <lha@it.su.se> 88 89 * lib/krb5/krb5_locl.h (krb5_context_data): Flag if 90 default_cc_name was set by the user. 91 92 * lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate. 93 94 * kcm/acquire.c: use krb5_free_cred_contents 95 96 * kuser/kimpersonate.c: use krb5_free_cred_contents 97 98 * kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the 99 cred cache. 100 101 * lib/krb5/cache.c: Put back code that was needed, move gen_new 102 into new_unique. 103 104 * lib/krb5/mcache.c (mcc_default_name): Remove const 105 106 * lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine 107 KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE 108 109 * lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the 110 default name. 111 112 * lib/krb5/kcm.c: Implement krb5_cc_ops->default_name. 113 114 * lib/krb5/mcache.c: Implement krb5_cc_ops->default_name. 115 116 * lib/krb5/fcache.c: Implement krb5_cc_ops->default_name. 117 118 * lib/krb5/krb5.h: Add krb5_cc_ops->default_name. 119 120 * lib/krb5/acache.c: Free context when done, implement 121 krb5_cc_ops->default_name. 122 123 * lib/krb5/kcm.c: implement dummy kcm_move 124 125 * lib/krb5/mcache.c: Implement the move operation. 126 127 * lib/krb5/version-script.map: export krb5_cc_move 128 129 * lib/krb5/cache.c: New function krb5_cc_move(). 130 131 * lib/krb5/fcache.c: Implement the move operation. 132 133 * lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major 134 version bump. 135 136 * lib/krb5/acache.c: Implement the move operation. Avoid using 137 cc_set_principal() since it broken on Mac OS X 10.5.0. 138 1392007-12-02 Love Hörnquist Åstrand <lha@it.su.se> 140 141 * lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow. 142 1432007-11-14 Love Hörnquist Åstrand <lha@it.su.se> 144 145 * kdc/krb5tgs.c: Should pass different key usage constants 146 depending on whether or not optional sub-session key was passed by 147 the client for the check of authorization data. The constant is 148 used to derive "specific key" and its values are specified in 149 7.5.1 of RFC4120. 150 151 Patch from Andy Polyakov. 152 153 * kdc/krb5tgs.c: Don't send auth data in referrals, microsoft 154 clients have started to not like that. Thanks to Andy Polyakov for 155 excellent research. 156 1572007-11-11 Love Hörnquist Åstrand <lha@it.su.se> 158 159 * lib/krb5/creds.c: use krb5_data_cmp 160 161 * lib/krb5/acache.c: use krb5_free_cred_contents 162 163 * lib/krb5/test_renew.c: use krb5_free_cred_contents 164 1652007-11-10 Love Hörnquist Åstrand <lha@it.su.se> 166 167 * lib/krb5/acl.c: doxygen documentation 168 169 * lib/krb5/addr_families.c: doxygen documentation 170 171 * doc: add doxygen 172 173 * lib/krb5/plugin.c: doxygen documentation 174 175 * lib/krb5/kcm.c: doxygen documentation 176 177 * lib/krb5/fcache.c: doxygen documentation 178 179 * lib/krb5/cache.c: doxygen documentations 180 181 * lib/krb5/doxygen.c: doxygen introduction 182 183 * lib/krb5/error_string.c: Doxygen documentation. 184 1852007-11-03 Love Hörnquist Åstrand <lha@it.su.se> 186 187 * lib/krb5/test_plugin.c: expose krb5_plugin_register 188 189 * lib/krb5/plugin.c: expose krb5_plugin_register 190 191 * lib/krb5/version-script.map: sort, expose krb5_plugin_register 192 1932007-10-24 Love Hörnquist Åstrand <lha@it.su.se> 194 195 * kdc/kerberos5.c: Adding same enctype is enough one time. From 196 Andy Polyakov and Bjorn Sandell. 197 1982007-10-18 Love <lha@stacken.kth.se> 199 200 * lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value 201 from krb5_cc_start_seq_get. From Zeqing (Fred) Xia 202 203 * lib/krb5/fcache.c (init_fcc): provide better error codes 204 205 * kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid 206 sending warning about pruned etypes. 207 208 * kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour 209 based) "old", this to support windows 2000 clients (unjoined to a 210 domain). From Andy Polyakov. 211 2122007-10-07 Love Hörnquist Åstrand <lha@it.su.se> 213 214 * doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell. 215 2162007-10-04 Love Hörnquist Åstrand <lha@it.su.se> 217 218 * kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA 219 Ken'ichi. 220 221 * lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is 222 NULL on failure. 223 2242007-10-03 Love Hörnquist Åstrand <lha@it.su.se> 225 226 * kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from 227 krb5_addr2sockaddr and igore thte test is that case. 228 2292007-09-29 Love Hörnquist Åstrand <lha@it.su.se> 230 231 * lib/krb5/context.c (krb5_free_context): free 232 default_cc_name_env, from Gunther Deschner. 233 2342007-08-27 Love Hörnquist Åstrand <lha@it.su.se> 235 236 * lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make 237 work with c++, reported by Hai Zaar 238 239 * lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar 240 2412007-08-20 Love Hörnquist Åstrand <lha@it.su.se> 242 243 * lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema 244 2452007-07-31 Love Hörnquist Åstrand <lha@it.su.se> 246 247 * check return value of alloc functions, from Charles Longeau 248 249 * lib/krb5/principal.c: spelling. 250 251 * kadmin/kadmin.8: spelling 252 253 * lib/krb5/crypto.c: Check return values from alloc 254 functions. Prompted by patch of Charles Longeau. 255 256 * lib/krb5/n-fold.c: Make _krb5_n_fold return a error 257 code. Prompted by patch of Charles Longeau. 258 2592007-07-27 Love Hörnquist Åstrand <lha@it.su.se> 260 261 * lib/krb5/init_creds.c: Always set the ticket options, use 262 KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset 263 tri-state not so useful. 264 2652007-07-24 Love Hörnquist Åstrand <lha@it.su.se> 266 267 * tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of 268 libraries. 269 270 * tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in 271 heimdal. 272 273 * tools/Makefile.am: Add heimdal-gssapi.pc and install it into 274 $(libdir)/pkgconfig 275 2762007-07-23 Love Hörnquist Åstrand <lha@it.su.se> 277 278 * lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default. 279 2802007-07-22 Love Hörnquist Åstrand <lha@it.su.se> 281 282 * lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as 283 key if the entry is a correct entry. 284 285 * lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from 286 Gunther Deschner. 287 288 * lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS. 289 290 * lib/krb5/test_renew.c: Test for krb5_get_renewed_creds. 291 2922007-07-21 Love Hörnquist Åstrand <lha@it.su.se> 293 294 * lib/hdb/keys.c: Make parse_key_set handle key set string "v5", 295 from Peter Meinecke. 296 297 * kdc/kaserver.c: Don't ovewrite the error code, from Peter 298 Meinecke. 299 3002007-07-18 Love Hörnquist Åstrand <lha@it.su.se> 301 302 * TODO-1.0: remove 303 304 * Makefile.am: remove TODO-1.0 305 3062007-07-17 Love Hörnquist Åstrand <lha@it.su.se> 307 308 * Heimdal 1.0 release branch cut here 309 310 * doc/hx509.texi: use version.texi 311 312 * doc/heimdal.texi: use version.texi 313 314 * doc/version.texi: version.texi 315 316 * lib/hdb/db3.c: avoid type-punned pointer warning. 317 318 * kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to 319 please OpenSSL and gcc. 320 321 * kdc/digest.c: Use unsigned char * as argument to MD5_Update to 322 please OpenSSL and gcc. 323 3242007-07-16 Love Hörnquist Åstrand <lha@it.su.se> 325 326 * include/Makefile.am: Add krb_err.h. 327 328 * kdc/set_dbinfo.c: Print acl file too. 329 330 * kdc/kerberos4.c: Error codes are just fine, remove XXX now. 331 332 * lib/krb5/krb5-v4compat.h: Drop duplicate error codes. 333 334 * kdc/kerberos4.c: switch to ET errors. 335 336 * lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ. 337 338 * lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the 339 et BASE. 340 3412007-07-15 Love Hörnquist Åstrand <lha@it.su.se> 342 343 * lib/krb5/krb5-v4compat.h: Include "krb_err.h". 344 345 * lib/krb5/v4_glue.c: return more interesting error codes. 346 347 * lib/krb5/plugin.c: Prefix enum plugin_type. 348 349 * lib/krb5/krb5_locl.h: Expose plugin structures. 350 351 * lib/krb5/krb5.h: Add plugin structures. 352 353 * lib/krb5/krb_err.et: V4 errors. 354 355 * lib/krb5/version-script.map: First version of version script. 356 3572007-07-13 Love Hörnquist Åstrand <lha@it.su.se> 358 359 * kdc/kerberos5.c: Java 1.6 expects the name to be the same type, 360 lets allow that for uncomplicated name-types. 361 3622007-07-12 Love Hörnquist Åstrand <lha@it.su.se> 363 364 * lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains 365 address 0, its ticket less and don't really care about 366 from_addr. return better error codes. 367 368 * kpasswd/kpasswdd.c: Fix pointer vs strict alias rules. 369 3702007-07-11 Love Hörnquist Åstrand <lha@it.su.se> 371 372 * lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding 373 more then one enctype 23 to krb5EncryptionType. 374 375 * lib/krb5/cache.c: Spelling. 376 377 * kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO. 378 (get_pa_etype_info2): return the enctypes as sorted in the 379 database 380 3812007-07-10 Love Hörnquist Åstrand <lha@it.su.se> 382 383 * kuser/kinit.c: krb5-v4compat.h defines prototypes for 384 v4 (semiprivate functions) in libkrb5, don't include 385 krb5-private.h any longer. 386 387 * lib/krb5/krbhst.c: Set error string when there is no KDC for a 388 realm. 389 390 * lib/krb5/Makefile.am: New library version. 391 392 * kdc/Makefile.am: New library version. 393 394 * lib/krb5/krb5_locl.h: Add default_cc_name_env. 395 396 * lib/krb5/cache.c (enviroment_changed): return non-zero if 397 enviroment that will determine default krb5cc name has changed. 398 (krb5_cc_default_name): also check if cached value is uptodate. 399 400 * lib/krb5/krb5_locl.h: Drop pkinit_flags. 401 4022007-07-05 Love Hörnquist Åstrand <lha@it.su.se> 403 404 * configure.in: add tests/java/Makefile 405 406 * lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file. 407 4082007-07-04 Love Hörnquist Åstrand <lha@it.su.se> 409 410 * kdc/kerberos5.c: Improve the default salt detection to avoid 411 returning v4 password salting to java that doesn't look at the 412 returning padata for salting. 413 414 * kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett 415 4162007-07-02 Love Hörnquist Åstrand <lha@it.su.se> 417 418 * kdc/digest.c: Try harder to provide better error message for 419 digest messages. 420 421 * lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on 422 krb5-pr*.h, make -j finds this. 423 4242007-06-28 Love Hörnquist Åstrand <lha@it.su.se> 425 426 * kdc/digest.c: On success, print username, not ip-adress. 427 4282007-06-26 Love Hörnquist Åstrand <lha@it.su.se> 429 430 * lib/krb5/get_cred.c: Add krb5_get_renewed_creds. 431 432 * lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds 433 434 * lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo. 435 4362007-06-25 Love Hörnquist Åstrand <lha@it.su.se> 437 438 * doc/setup.texi: Add example for pkinit_win2k_require_binding 439 in [kdc] section. 440 441 * kdc/default_config.c: Rename require_binding to 442 win2k_require_binding to match client configuration. 443 444 * kdc/default_config.c: Add [kdc]pkinit_require_binding option. 445 446 * kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply 447 if its not required. 448 449 * kdc/default_config.c: rename pkinit_princ_in_cert and add 450 pkinit_require_binding 451 452 * kdc/kdc.h: rename pkinit_princ_in_cert and add 453 pkinit_require_binding 454 455 * kdc/pkinit.c: rename pkinit_princ_in_cert 456 4572007-06-24 Love Hörnquist Åstrand <lha@it.su.se> 458 459 * lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change. 460 4612007-06-21 Love Hörnquist Åstrand <lha@it.su.se> 462 463 * kdc/krb5tgs.c: Drop unused variable. 464 465 * kdc/krb5tgs.c: disable anonyous tgs requests 466 467 * kdc/krb5tgs.c: Don't check PAC on cross realm for now. 468 469 * kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse 470 nametypes. 471 472 * lib/krb5/krb5_principal.3: Document krb5_parse_nametype. 473 474 * lib/krb5/principal.c (krb5_parse_nametype): parse nametype and 475 return their integer values. 476 477 * lib/krb5/krb5.h (krb5_get_creds): Add 478 KRB5_GC_CONSTRAINED_DELEGATION. 479 480 * lib/krb5/get_cred.c (krb5_get_creds): if 481 KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous 482 and constrained_delegation. 483 4842007-06-20 Love Hörnquist Åstrand <lha@it.su.se> 485 486 * kdc/digest.c: Return an error message instead of dropping the 487 packet for more failure cases. 488 489 * lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY. 490 491 * appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more 492 gracefully 493 4942007-06-18 Love Hörnquist Åstrand <lha@it.su.se> 495 496 * lib/krb5/pac.c: make compile. 497 498 * lib/krb5/pac.c (verify_checksum): memset cksum to avoid using 499 pointer from stack. 500 501 * lib/krb5/plugin.c: Don't expose free pointer. 502 503 * lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first 504 calloc. 505 506 * lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory 507 508 * lib/krb5/krbhst.c: Host is static memory, don't free. 509 510 * lib/krb5/crypto.c (decrypt_internal_derived): make sure length 511 is longer then confounder + checksum. 512 513 * kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from 514 users. This to allows libkdc users to to specify their own 515 databases 516 517 * lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of 518 content data (and avoid leaking memory). 519 520 * kdc/misc.c (_kdc_db_fetch): set error string for failures. 521 5222007-06-15 Love Hörnquist Åstrand <lha@it.su.se> 523 524 * kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS. 525 5262007-06-13 Love Hörnquist Åstrand <lha@it.su.se> 527 528 * kdc/pkinit.c: tell user when they got a pk-init request with 529 pkinit disabled. 530 5312007-06-12 Love Hörnquist Åstrand <lha@it.su.se> 532 533 * lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to 534 UNPARSE_DISPLAY. 535 536 * lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY. 537 538 * lib/krb5/principal.c: Make no-quote mean replace strange chars 539 with space. 540 541 * lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. 542 543 * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE. 544 545 * lib/krb5/test_princ.c: Test quoteing. 546 547 * lib/krb5/pkinit.c: update (c) 548 549 * lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC. 550 551 * lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole 552 process needs to restart or just skip this KDC. 553 554 * lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to 555 KDC. 556 557 * lib/krb5/krb5.h: Add sendto hooks and opaque structure. 558 559 * lib/krb5/krb5_rd_error.3: Update prototype. 560 561 * lib/krb5/send_to_kdc.c: Add hooks for processing the reply from 562 the server. 563 5642007-06-11 Love Hörnquist Åstrand <lha@it.su.se> 565 566 * lib/krb5/krb5_err.et: Some new error codes from RFC 4120. 567 5682007-06-09 Love Hörnquist Åstrand <lha@it.su.se> 569 570 * kdc/krb5tgs.c: Constify. 571 572 * kdc/kerberos5.c: Constify. 573 574 * kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify. 575 5762007-06-08 Love Hörnquist Åstrand <lha@it.su.se> 577 578 * include/Makefile.am: Make krb5-types.h nodist_include_HEADERS. 579 580 * kdc/Makefile.am: EXTRA_DIST += version-script.map. 581 5822007-06-07 Love Hörnquist Åstrand <lha@it.su.se> 583 584 * Makefile.am (print-distdir): print name of dist 585 586 * kdc/pkinit.c: Break out loading of mappings file to a separate 587 function and remove warning that it can't open the mapping file, 588 there are now mappings in the db, maybe the users uses that 589 instead... 590 591 * lib/krb5/crypto.c: Require the raw key have the correct size and 592 do away with the minsize. Minsize was a thing that originated 593 from RC2, but since RC2 is done in the x509/cms subsystem now 594 there is no need to keep that around. 595 596 * lib/hdb/dbinfo.c: If there is no default dbname, also check for 597 unset mkey_file and set it default mkey name, make backward compat 598 stuff work. 599 600 * kdc/version-script.map: add new symbols 601 602 * kdc/kdc-replay.c: Also update krb5_context view of what the time 603 is. 604 605 * configure.in: add tests/can/Makefile 606 607 * kdc/kdc-replay.c: Add --[version|help]. 608 609 * kdc/pkinit.c: Push down the kdc time into the x509 library. 610 611 * kdc/connect.c: Move up krb5_kdc_save_request so we can catch the 612 reply data too. 613 614 * kdc/kdc-replay.c: verify reply by checking asn1 class, type and 615 tag of the reply if there is one. 616 617 * kdc/process.c: Save asn1 class, type and tag of the reply if 618 there is one. Used to verify the reply in kdc-replay. 619 6202007-06-06 Love Hörnquist Åstrand <lha@it.su.se> 621 622 * kdc/kdc_locl.h: extern for request_log. 623 624 * kdc/Makefile.am: Add kdc-replay. 625 626 * kdc/kdc-replay.c: Replay kdc messages to the KDC library. 627 628 * kdc/config.c: Pick up request_log from [kdc]kdc-request-log. 629 630 * kdc/connect.c: Option to save the request to disk. 631 632 * kdc/process.c (krb5_kdc_save_request): save request to file. 633 634 * kdc/process.c (krb5_kdc_process*): dont update _kdc_time 635 automagicly. 636 (krb5_kdc_update_time): set or get current kdc-time. 637 638 * kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and 639 pkauthdata as the signeddata oid 640 641 * kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong. 642 6432007-06-05 Love Hörnquist Åstrand <lha@it.su.se> 644 645 * kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to 646 match windows DC behavior better. 647 6482007-06-04 Love Hörnquist Åstrand <lha@it.su.se> 649 650 * configure.in: use test for -framework Security 651 652 * appl/test/uu_server.c: Print status to stdout. 653 654 * kdc/digest.c (digest ntlm): provide log entires by setting ret 655 to an error. 656 6572007-06-03 Love Hörnquist Åstrand <lha@it.su.se> 658 659 * doc/hx509.texi: Indent crl-sign. 660 661 * doc/hx509.texi: One more crl-sign example. 662 663 * lib/krb5/test_princ.c: plug memory leaks. 664 665 * lib/krb5/pac.c: plug memory leaks. 666 667 * lib/krb5/test_pac.c: plug memory leaks. 668 669 * lib/krb5/test_prf.c: plug memory leak. 670 671 * lib/krb5/test_cc.c: plug memory leaks. 672 673 * doc/hx509.texi: Simple blob about publishing CRLs. 674 675 * doc/win2k.texi: drop text about enctypes. 676 6772007-06-02 Love Hörnquist Åstrand <lha@it.su.se> 678 679 * kdc/pkinit.c: In case of OCSP verification failure, referash 680 every 5 min. In case of success, refreash 2 min before expiring or 681 faster. 682 6832007-05-31 Love Hörnquist Åstrand <lha@it.su.se> 684 685 * lib/krb5/krb5_err.et: add error 68, WRONG_REALM 686 687 * kdc/pkinit.c: Handle the ms san in a propper way, still cheat 688 with the realm name. 689 690 * kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out 691 directly and hand the error back to the client. 692 693 * lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE 694 and fix error message for CLIENT_NAME_MISMATCH. 695 696 * kdc/pkinit.c: More logging for pk-init client mismatch. 697 698 * kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for 699 windows pk-init (-9) to make MIT clients happy. 700 7012007-05-30 Love Hörnquist Åstrand <lha@it.su.se> 702 703 * kdc/pkinit.c: Force des3 for win2k. 704 705 * kdc/pkinit.c: Add wrapping to ContentInfo wrapping to 706 COMPAT_WIN2K. 707 708 * lib/krb5/keytab_keyfile.c: Spelling. 709 710 * kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta 711 doesn't deal with case of realm. 712 7132007-05-16 Love Hörnquist Åstrand <lha@it.su.se> 714 715 * lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead 716 of encryption. 717 7182007-05-10 Dave Love <fx@gnu.org> 719 720 * doc/win2k.texi: Update some URLs. 721 7222007-05-13 Love Hörnquist Åstrand <lha@it.su.se> 723 724 * kuser/kimpersonate.c: Fix version number of ticket, it should be 725 5 not the kvno. 726 7272007-05-08 Love Hörnquist Åstrand <lha@it.su.se> 728 729 * doc/setup.texi: Salting is really Encryption types and salting. 730 7312007-05-07 Love Hörnquist Åstrand <lha@it.su.se> 732 733 * doc/setup.texi: spelling, from Ronny Blomme 734 735 * doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny 736 Blomme 737 7382007-05-02 Love Hörnquist Åstrand <lha@it.su.se> 739 740 * lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database 741 specified, create one and let it use the defaults. 742 7432007-04-27 Love Hörnquist Åstrand <lha@it.su.se> 744 745 * lib/hdb/test_dbinfo.c: test acl file 746 747 * lib/hdb/test_dbinfo.c: test acl file 748 749 * lib/hdb/dbinfo.c: add acl file 750 751 * etc: ignore Makefile.in 752 753 * Makefile.am: SUBDIRS += etc 754 755 * configure.in: Add etc/Makefile. 756 757 * etc/Makefile.am: make sure services.append is distributed 758 7592007-04-24 Love Hörnquist Åstrand <lha@it.su.se> 760 761 * kdc: rename windc_init to krb5_kdc_windc_init 762 763 * kdc/version-script.map: version script for libkdc 764 765 * kdc/Makefile.am: version script for libkdc 766 7672007-04-23 Love Hörnquist Åstrand <lha@it.su.se> 768 769 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error): 770 correct the order of the arguments. 771 772 * lib/hdb/Makefile.am: Add and test dbinfo. 773 774 * lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo; 775 776 * kdc/config.c: Use krb5_kdc_get_config and just fill in what the 777 users wanted differently. 778 779 * kdc/default_config.c: Make the default configuration fetch info 780 from the krb5.conf. 781 7822007-04-22 Love Hörnquist Åstrand <lha@it.su.se> 783 784 * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to 785 determine if to send the session-key, for the second place in the 786 function. 787 788 * tools/krb5-config.in: rename des to hcrypto 789 790 * kuser/Makefile.am: depend on libheimntlm 791 792 * kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for 793 this domain if the Kerberos password auth worked. 794 795 * kuser/klist.c: add new option --hidden that doesn't display 796 principal that starts with @ 797 798 * tools/krb5-config.in: Add heimntlm when we use gssapi. 799 800 * lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to 801 free 'cred' with. 802 803 * lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free 804 'cred' with. 805 8062007-04-21 Love Hörnquist Åstrand <lha@it.su.se> 807 808 * lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to 809 determine if to send the session-key. 810 811 * kcm/client.c (kcm_ccache_new_client): make root be able to pass 812 the name constraints, not the opposite. From Bryan Jacobs. 813 8142007-04-20 Love Hörnquist Åstrand <lha@it.su.se> 815 816 * kcm/acl.c: make compile again. 817 818 * kcm/client.c: fix warning. 819 820 * kcm: First, it allows root to ignore the naming conventions. 821 Second, it allows root to always perform any operation on any 822 ccache. Note that root could do this anyway with FILE ccaches. 823 From Bryan Jacobs. 824 825 * Rename libdes to libhcrypto. 826 8272007-04-19 Love Hörnquist Åstrand <lha@it.su.se> 828 829 * kinit: remove code that depend on kerberos 4 library 830 831 * kdc: remove code that depend on kerberos 4 library 832 833 * configure.in: Drop kerberos 4 support. 834 835 * kdc/hpropd.c (main): free the message when done with it. 836 837 * lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit): 838 remember to free memory too. 839 840 * lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when 841 done. 842 843 * configure.in: test rk_VERSIONSCRIPT 844 8452007-04-18 Love Hörnquist Åstrand <lha@it.su.se> 846 847 * fix-export: remove, all done by make dist now 848 8492007-04-15 Love Hörnquist Åstrand <lha@it.su.se> 850 851 * lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre 852 8532007-04-11 Love Hörnquist Åstrand <lha@it.su.se> 854 855 * kdc/kstash.8: Spelling, from raga <raga@comcast.net> 856 via Bjorn Sandell. 857 858 * lib/krb5/store_mem.c: indent. 859 860 * lib/krb5/recvauth.c: Set error string. 861 862 * lib/krb5/rd_req.c: clear error strings. 863 864 * lib/krb5/rd_cred.c: clear error string. 865 866 * lib/krb5/pkinit.c: Set error strings. 867 868 * lib/krb5/get_cred.c: Tell what principal we are not finding for 869 all KRB5_CC_NOTFOUND. 870 8712007-02-22 Love Hörnquist Åstrand <lha@it.su.se> 872 873 * kdc/kerberos5.c: Return the same error codes as a windows KDC. 874 875 * kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password 876 failed. 877 878 * kdc/kerberos5.c: Make handling of replying e_data more generic, 879 from metze. 880 881 * kdc/kerberos5.c: Fix (string const and shadow) warnings, from 882 metze. 883 884 * lib/krb5/pac.c: Create the PAC element in the same order as 885 w2k3, maybe there's some broken code in windows which relies on 886 this... From metze. 887 888 * kdc/kerberos5.c: Select a session enctype from the list of the 889 crypto systems supported enctype, is supported by the client and 890 is one of the enctype of the enctype of the krbtgt. 891 892 The later is used as a hint what enctype all KDC are supporting to 893 make sure a newer version of KDC wont generate a session enctype 894 that and older version of a KDC in the same realm can't decrypt. 895 896 But if the KDC admin is paranoid and doesn't want to have "no the 897 best" enctypes on the krbtgt, lets save the best pick from the 898 client list and hope that that will work for any other KDCs. 899 900 Reported by metze. 901 902 * kdc/hprop.c (propagate_database): on any failure, drop the 903 connection to the peer and try next one. 904 9052007-02-18 Love Hörnquist Åstrand <lha@it.su.se> 906 907 * lib/krb5/krb5_get_init_creds.3: document new options. 908 909 * kdc/krb5tgs.c: Only check service key for cross realm PACs. 910 911 * lib/krb5/init_creds.c: use the new merged flags field. 912 (krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k 913 compat flags. 914 915 * lib/krb5/init_creds_pw.c: use the new merged flags field. 916 917 * lib/krb5/krb5_locl.h: merge all flags into one entity 918 9192007-02-11 Dave Love <fx@gnu.org> 920 921 * lib/krb5/krb5_aname_to_localname.3: Small fixes 922 923 * lib/krb5/krb5_digest.3: Small fixes 924 925 * kuser/kimpersonate.1: Small fixes 926 9272007-02-17 Love Hörnquist Åstrand <lha@it.su.se> 928 929 * lib/krb5/init_creds_pw.c (find_pa_data): if there is no list, 930 there is no entry. 931 932 * kdc/krb5tgs.c: Don't check PACs on cross realm requests. 933 934 * lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES. 935 936 * lib/krb5/init_creds_pw.c: Verify client referral data. 937 938 * kdc/kerberos5.c: switch some "return ret" to "goto out". 939 940 * kdc/kerberos5.c: Pass down canonicalize request to hdb layer, 941 sign client referrals. 942 943 * lib/hdb/hdb.h: Add HDB_F_CANON. 944 945 * lib/hdb: add simple alias support to the database backends 946 9472007-02-16 Love Hörnquist Åstrand <lha@it.su.se> 948 949 * kuser/kinit.c: Add canonicalize flag. 950 951 * lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support 952 canonicalize. 953 954 * lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize): 955 new function. 956 957 * lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags. 958 959 * lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags. 960 961 * lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags. 962 9632007-02-15 Love Hörnquist Åstrand <lha@it.su.se> 964 965 * lib/krb5/test_princ.c: test parsing enterprise-names. 966 967 * lib/krb5/principal.c: Add support for parsing enterprise-names. 968 969 * lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE. 970 971 * lib/hdb/hdb-ldap.c: Make work again. 972 9732007-02-11 Dave Love <fx@gnu.org> 974 975 * kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value. 976 9772007-02-10 Love Hörnquist Åstrand <lha@it.su.se> 978 979 * doc/setup.texi: prune trailing space 980 981 * lib/hdb/db.c: Be better at setting and clearing error string. 982 983 * lib/hdb/hdb.c: Be better at setting and clearing error string. 984 9852007-02-09 Love Hörnquist Åstrand <lha@it.su.se> 986 987 * lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name 988 to print out the keytab name. 989 990 * doc/setup.texi: Spelling, from Guido Guenther 991 9922007-02-08 Love Hörnquist Åstrand <lha@it.su.se> 993 994 * lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen. 995 9962007-02-06 Love Hörnquist Åstrand <lha@it.su.se> 997 998 * lib/krb5/test_store.c (test_uint16): unsigned ints can't be 999 negative 1000 10012007-02-03 Love Hörnquist Åstrand <lha@it.su.se> 1002 1003 * kdc/pkinit.c: pass extra flags for detached signatures. 1004 1005 * lib/krb5/pkinit.c: pass extra flags for detached signatures. 1006 1007 * kdc/digest.c: Remove debug output. 1008 1009 * kuser/kdigest.c: Add support for ms-chap-v2 client. 1010 10112007-02-02 Love Hörnquist Åstrand <lha@it.su.se> 1012 1013 * kdc/digest.c: Fix ms-chap-v2 get_masterkey 1014 1015 * kdc/digest.c: Fix ms-chap-v2 mutual response auth code. 1016 1017 * kuser/kdigest.c: Print session key if there is one. 1018 1019 * lib/krb5/digest.c: rename hash-a1 to session key 1020 1021 * kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2 1022 1023 * kuser/kdigest.c: print rsp if there is one, from Klas. 1024 1025 * kdc/digest.c: Use right size, from Klas Lindfors. 1026 1027 * kuser/kdigest.c: Set client nonce if avaible, from Klas. 1028 1029 * kdc/digest.c: First version from kllin. 1030 1031 * kuser/kdigest.c: Don't restrict the type. 1032 10332007-02-01 Love Hörnquist Åstrand <lha@it.su.se> 1034 1035 * kuser/kdigest-commands.in: add --client-response 1036 1037 * kuser/kdigest.c: Print status instead of response. 1038 1039 * kdc/digest.c: Better logging and return status = FALSE when 1040 checksum doesn't match. 1041 1042 * kdc/digest.c: Check the digest response in the KDC. 1043 1044 * lib/krb5/digest.c: New functions to send in requestResponse to 1045 KDC and get status of the request. 1046 1047 * kdc/digest.c: Add support for MS-CHAP v2. 1048 1049 * lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap. 1050 10512007-01-31 Love Hörnquist Åstrand <lha@it.su.se> 1052 1053 * fix-export: Make hx509.info too 1054 1055 * kdc/digest.c: don't verify identifier in CHAP, its the client 1056 that chooses it. 1057 10582007-01-23 Love Hörnquist Åstrand <lha@it.su.se> 1059 1060 * lib/krb5/Makefile.am: Basic test of prf. 1061 1062 * lib/krb5/test_prf.c: Basic test of prf. 1063 1064 * lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF 1065 functions. 1066 1067 * lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions. 1068 1069 * lib/krb5/krb5_data.3: Document krb5_data_cmp. 1070 1071 * lib/krb5/data.c: Add krb5_data_cmp. 1072 10732007-01-20 Love Hörnquist Åstrand <lha@it.su.se> 1074 1075 * kdc/kx509.c: Don't use C99 syntax. 1076 10772007-01-17 Love Hörnquist Åstrand <lha@it.su.se> 1078 1079 * configure.in: its LIBADD_roken (and shouldn't really exist, our 1080 libtool usage it broken) 1081 1082 * configure.in: Add an extra variable for roken, LIBADD, that 1083 should be used for library depencies. 1084 1085 * lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer. 1086 1087 * lib/krb5/krb5_init_context.3: fix mdoc errors 1088 1089 * Heimdal 0.8 branch cut today 1090 1091 * doc/hx509.texi: Spelling and more about proxy certificates. 1092 1093 * configure.in: check for arc4random 1094 10952007-01-16 Love Hörnquist Åstrand <lha@it.su.se> 1096 1097 * lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data 1098 before starting 1099 1100 * tools/heimdal-build.sh: make cvs keep quiet 1101 1102 * kuser/kverify.c: Use argument as principal if passed an 1103 argument. Bug report from Douglas E. Engert 1104 11052007-01-15 Love Hörnquist Åstrand <lha@it.su.se> 1106 1107 * lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider 1108 the enc_tkt_in_skey case, from Douglas E. Engert. 1109 1110 * kdc/kx509.c: Issue certificates. 1111 1112 * kdc/config.c: Parse kx509/kca configuration. 1113 1114 * kdc/kdc.h: add kx509 config 1115 11162007-01-14 Love Hörnquist Åstrand <lha@it.su.se> 1117 1118 * kdc/kerberos5.c (_kdc_find_padata): if there is not padata, 1119 there is nothing find. 1120 1121 * doc/hx509.texi: Examples for pk-init. 1122 1123 * doc/hx509.texi: About extending ca lifetime and sub cas. 1124 11252007-01-13 Love Hörnquist Åstrand <lha@it.su.se> 1126 1127 * doc/hx509.texi: More about certificates. 1128 11292007-01-12 Love Hörnquist Åstrand <lha@it.su.se> 1130 1131 * doc/hx509.texi: add Application requirements and write about 1132 xmpp/jabber. 1133 11342007-01-11 Love Hörnquist Åstrand <lha@it.su.se> 1135 1136 * doc/hx509.texi: More about issuing certificates. 1137 1138 * doc/hx509.texi: Start of a x.509 manual. 1139 1140 * include/Makefile.am: remove install headerfiles 1141 1142 * lib/krb5/test_pac.c: Use more interesting data to cause more 1143 errors. 1144 1145 * include/Makefile.am: remove install headerfiles 1146 1147 * lib/krb5/mcache.c: MCC_CURSOR not used, remove. 1148 1149 * lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used 1150 1151 * lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to 1152 allocate data 1153 11542007-01-10 Love Hörnquist Åstrand <lha@it.su.se> 1155 1156 * doc/setup.texi: Hint about hxtool validate. 1157 1158 * appl/test/uu_server.c: print both "server" and "client" 1159 1160 * kdc/krb5tgs.c: Rename keys to be more obvious what they do. 1161 1162 * kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew 1163 Bartlett 1164 1165 * kdc/windc.c: ident, spelling. 1166 1167 * kdc/windc_plugin.h: indent. 1168 1169 * kdc/krb5tgs.c: Pass down server entry to verify_pac function. 1170 from Andrew Bartlett 1171 1172 * kdc/windc.c: pass down server entry to verify_pac function, from 1173 Andrew Bartlett 1174 1175 * kdc/windc_plugin.h: pass down server entry to verify_pac 1176 function, from Andrew Bartlett 1177 1178 * configure.in: Provide a automake symbol ENABLE_SHARED if shared 1179 libraries are built. 1180 1181 * lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock 1182 when verifying the PAC. From Andrew Bartlett. 1183 11842007-01-09 Love Hörnquist Åstrand <lha@it.su.se> 1185 1186 * lib/krb5/test_pac.c: move around to code test on real PAC. 1187 1188 * lib/krb5/pac.c: A tiny 2 char diffrence that make the code work 1189 for real. 1190 1191 * lib/krb5/test_pac.c: Test more PAC (note that the values used in 1192 this test is wrong, they have to be fixed when the pac code is 1193 fixed). 1194 1195 * doc/setup.texi: Update to new hxtool issue-certificate usage 1196 1197 * lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS 1198 and PK-INIT pa data, no need to expose our password protecting our 1199 PKCS12 key. 1200 1201 * kuser/klist.c (print_cred_verbose): include ticket length in the 1202 verbose output 1203 12042007-01-08 Love Hörnquist Åstrand <lha@it.su.se> 1205 1206 * lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without 1207 it linux is unhappy. 1208 1209 * lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without 1210 it linux is unhappy. 1211 1212 * lib/krb5/name-45-test.c: One of the hosts I sometimes uses is 1213 named "bar.domain", this make one of the tests pass when it 1214 shouldn't. 1215 12162007-01-05 Love Hörnquist Åstrand <lha@it.su.se> 1217 1218 * doc/setup.texi: Change --key argument to --out-key. 1219 1220 * kuser/kimpersonate.1: mangle my name 1221 12222007-01-04 Love Hörnquist Åstrand <lha@it.su.se> 1223 1224 * doc/setup.texi: describe how to use hx509 to create 1225 certificates. 1226 1227 * tools/heimdal-build.sh: Add --distcheck. 1228 1229 * kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check 1230 if we should include the PAC in the krbtgt. 1231 1232 * kdc/pkinit.c (_kdc_as_rep): check if 1233 krb5_generate_random_keyblock failes. 1234 1235 * kdc/kerberos5.c (_kdc_as_rep): check if 1236 krb5_generate_random_keyblock failes. 1237 1238 * kdc/krb5tgs.c (tgs_build_reply): check if 1239 krb5_generate_random_keyblock failes. 1240 1241 * kdc/krb5tgs.c: Scope etype. 1242 1243 * lib/krb5/rd_req.c: Make it possible to turn off PAC check, its 1244 default on. 1245 1246 * lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify 1247 its server signature. 1248 1249 * kdc/kerberos5.c (_kdc_as_rep): call windc client access hook. 1250 (_kdc_tkt_add_if_relevant_ad): constify in data argument. 1251 1252 * kdc/windc_plugin.h: More comments add a client_access hook. 1253 1254 * kdc/windc.c: Add _kdc_windc_client_access. 1255 1256 * kdc/krb5tgs.c: rename functions after export some more pac 1257 functions. 1258 1259 * lib/krb5/test_pac.c: export some more pac functions. 1260 1261 * lib/krb5/pac.c: export some more pac functions. 1262 1263 * kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC. 1264 1265 * configure.in: add tests/plugin/Makefile 1266 12672007-01-03 Love Hörnquist Åstrand <lha@it.su.se> 1268 1269 * kdc/krb5tgs.c: Get right key for PAC krbtgt verification. 1270 1271 * kdc/config.c: spelling 1272 1273 * lib/krb5/krb5.h: typedef for krb5_pac. 1274 1275 * kdc/headers.h: Include <windc_plugin.h>. 1276 1277 * kdc/Makefile.am: Include windc.c and use windc_plugin.h 1278 1279 * kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain 1280 Controller. 1281 1282 * kdc/kerberos5.c: Call callbacks for emulating a Windows Domain 1283 Controller. Move the some of the log related stuff to its own 1284 function. 1285 1286 * kdc/config.c: Init callbacks for emulating a Windows Domain 1287 Controller. 1288 1289 * kdc/windc.c: Rename the init function to windc instead of pac. 1290 1291 * kdc/windc.c: Callbacks specific to emulating a Windows Domain 1292 Controller. 1293 1294 * kdc/windc_plugin.h: Callbacks specific to emulating a Windows 1295 Domain Controller. 1296 1297 * lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ 1298 1299 * lib/krb5/pac.c: Support all keyed checksum types. 1300 13012007-01-02 Love Hörnquist Åstrand <lha@it.su.se> 1302 1303 * lib/krb5/pac.c (krb5_pac_get_types): Return list of types. 1304 1305 * lib/krb5/test_pac.c: test krb5_pac_get_types 1306 1307 * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA. 1308 1309 * lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA. 1310 1311 * lib/krb5/krb5.h: Add KRB5_KRBHST_KCA. 1312 1313 * lib/krb5/test_pac.c: test Add/remove pac buffer functions. 1314 1315 * lib/krb5/pac.c: Add/remove pac buffer functions. 1316 1317 * lib/krb5/pac.c: sprinkle const 1318 1319 * lib/krb5/pac.c: rename DCHECK to CHECK 1320 1321 * Happy New Year. 1322