12007-12-28  Love Hörnquist Åstrand  <lha@it.su.se>
2
3	* kdc/digest.c: Log probe message, add NTLM_TARGET_DOMAIN to the
4	type2 message.
5
62007-12-14  Love Hörnquist Åstrand  <lha@it.su.se>
7
8	* lib/hdb/dbinfo.c: Add hdb_default_db().
9
10	* Makefile.am: Add some extra cf/*.
11
122007-12-12  Love Hörnquist Åstrand  <lha@it.su.se>
13	
14	* kuser/kgetcred.c: Fix type of name-type. From Andy Polyakov.
15
162007-12-09  Love Hörnquist Åstrand  <lha@it.su.se>
17
18	* kdc/log.c: Use hdb_db_dir().
19
20	* kpasswd/kpasswdd.c: Use hdb_db_dir().
21
222007-12-08  Love Hörnquist Åstrand  <lha@it.su.se>
23	
24	* kdc/config.c: Use hdb_db_dir().
25
26	* kdc/kdc_locl.h: add KDC_LOG_FILE
27
28	* kdc/hpropd.c: Use hdb_default_db().
29
30	* kdc/kstash.c: Use hdb_db_dir().
31
32	* kdc/pkinit.c: Adapt to hx509 changes, use hdb_db_dir().
33
34	* lib/krb5/rd_req.c: Document krb5_rd_req_in_set_pac_check.
35
36	* lib/krb5/verify_krb5_conf.c: Check check_pac.
37
38	* lib/krb5/rd_req.c: use KRB5_CTX_F_CHECK_PAC to init check_pac
39	field in the krb5_rd_req_in_ctx
40
41	* lib/krb5/expand_hostname.c: Adapt to changing
42	dns_canonicalize_hostname into flags field.
43
44	* lib/krb5/context.c: Adapt to changing dns_canonicalize_hostname
45	into flags field, add check-pac as an libdefaults option.
46
47	* lib/krb5/pkinit.c: Adapt to changes in hx509 interface.
48
49	* doc: add doxygen documentation to hcrypto
50
51	* doc/doxytmpl.dxy: generate links
52	
532007-12-07  Love Hörnquist Åstrand  <lha@it.su.se>
54
55	* lib/krb5/Makefile.am: build_HEADERZ += heim_threads.h
56
57	* lib/hdb/dbinfo.c (hdb_db_dir): Return the directory where the
58	hdb database resides.
59
60	* configure.in: Add --with-hdbdir to specify where the database is
61	stored.
62
63	* lib/krb5/crypto.c: revert previous patch, the problem is located
64	in the RAND_file_name() function that will cause recursive nss
65	lookups, can't fix that here.
66
672007-12-06  Love Hörnquist Åstrand  <lha@it.su.se>
68
69	* lib/krb5/crypto.c (krb5_generate_random_block): try to avoid the
70	dead-lock in by not holding the lock while running
71	RAND_file_name. Prompted by Hai Zaar.
72
73	* lib/krb5/n-fold.c: spelling
74	
752007-12-04  Love Hörnquist Åstrand  <lha@it.su.se>
76
77	* kuser/kdigest.c (digest-probe): implement command.
78
79	* kuser/kdigest-commands.in (digest-probe): new command
80	
81	* kdc/digest.c: Implement supportedMechs request.
82
83	* lib/krb5/error_string.c: Make krb5_get_error_string return an
84	allocated string to make the function indempotent. From
85	Zeqing (Fred) Xia.
86
872007-12-03  Love Hörnquist Åstrand  <lha@it.su.se>
88
89	* lib/krb5/krb5_locl.h (krb5_context_data): Flag if
90	default_cc_name was set by the user.
91
92	* lib/krb5/fcache.c (fcc_move): make sure ->version is uptodate.
93
94	* kcm/acquire.c: use krb5_free_cred_contents
95
96	* kuser/kimpersonate.c: use krb5_free_cred_contents
97	
98	* kuser/kinit.c: Use krb5_cc_move to make an atomic switch of the
99	cred cache.
100
101	* lib/krb5/cache.c: Put back code that was needed, move gen_new
102	into new_unique.
103
104	* lib/krb5/mcache.c (mcc_default_name): Remove const
105
106	* lib/krb5/krb5_locl.h: Add KRB5_DEFAULT_CCNAME_KCM, redefine
107	KRB5_DEFAULT_CCNAME to KRB5_DEFAULT_CCTYPE
108
109	* lib/krb5/cache.c: Use krb5_cc_ops->default_name to get the
110	default name.
111
112	* lib/krb5/kcm.c: Implement krb5_cc_ops->default_name.
113
114	* lib/krb5/mcache.c: Implement krb5_cc_ops->default_name.
115
116	* lib/krb5/fcache.c: Implement krb5_cc_ops->default_name.
117
118	* lib/krb5/krb5.h: Add krb5_cc_ops->default_name.
119
120	* lib/krb5/acache.c: Free context when done, implement
121	krb5_cc_ops->default_name.
122
123	* lib/krb5/kcm.c: implement dummy kcm_move
124
125	* lib/krb5/mcache.c: Implement the move operation.
126
127	* lib/krb5/version-script.map: export krb5_cc_move
128
129	* lib/krb5/cache.c: New function krb5_cc_move().
130
131	* lib/krb5/fcache.c: Implement the move operation.
132
133	* lib/krb5/krb5.h: Add move to the krb5_cc_ops, causes major
134	version bump.
135
136	* lib/krb5/acache.c: Implement the move operation. Avoid using
137	cc_set_principal() since it broken on Mac OS X 10.5.0.
138	
1392007-12-02  Love Hörnquist Åstrand  <lha@it.su.se>
140
141	* lib/krb5/krb5_ccapi.h: Drop variable names to avoid -Wshadow.
142	
1432007-11-14  Love Hörnquist Åstrand  <lha@it.su.se>
144
145	* kdc/krb5tgs.c: Should pass different key usage constants
146	depending on whether or not optional sub-session key was passed by
147	the client for the check of authorization data. The constant is
148	used to derive "specific key" and its values are specified in
149	7.5.1 of RFC4120.
150	
151	Patch from Andy Polyakov.
152
153	* kdc/krb5tgs.c: Don't send auth data in referrals, microsoft
154	clients have started to not like that. Thanks to Andy Polyakov for
155	excellent research.
156
1572007-11-11  Love Hörnquist Åstrand  <lha@it.su.se>
158
159	* lib/krb5/creds.c: use krb5_data_cmp
160
161	* lib/krb5/acache.c: use krb5_free_cred_contents
162
163	* lib/krb5/test_renew.c: use krb5_free_cred_contents
164	
1652007-11-10  Love Hörnquist Åstrand  <lha@it.su.se>
166
167	* lib/krb5/acl.c: doxygen documentation
168
169	* lib/krb5/addr_families.c: doxygen documentation
170
171	* doc: add doxygen
172
173	* lib/krb5/plugin.c: doxygen documentation
174
175	* lib/krb5/kcm.c: doxygen documentation
176
177	* lib/krb5/fcache.c: doxygen documentation
178
179	* lib/krb5/cache.c: doxygen documentations
180	
181	* lib/krb5/doxygen.c: doxygen introduction
182
183	* lib/krb5/error_string.c: Doxygen documentation.
184
1852007-11-03  Love Hörnquist Åstrand  <lha@it.su.se>
186
187	* lib/krb5/test_plugin.c: expose krb5_plugin_register
188
189	* lib/krb5/plugin.c: expose krb5_plugin_register
190
191	* lib/krb5/version-script.map: sort, expose krb5_plugin_register
192
1932007-10-24  Love Hörnquist Åstrand  <lha@it.su.se>
194
195	* kdc/kerberos5.c: Adding same enctype is enough one time. From
196	Andy Polyakov and Bjorn Sandell.
197	
1982007-10-18  Love  <lha@stacken.kth.se>
199
200	* lib/krb5/cache.c (krb5_cc_retrieve_cred): check return value
201	from krb5_cc_start_seq_get. From Zeqing (Fred) Xia
202	
203	* lib/krb5/fcache.c (init_fcc): provide better error codes
204
205	* kdc/kerberos5.c (get_pa_etype_info2): more paranoia, avoid
206	sending warning about pruned etypes.
207
208	* kdc/kerberos5.c (older_enctype): old windows enctypes (arcfour
209	based) "old", this to support windows 2000 clients (unjoined to a
210	domain). From Andy Polyakov.
211
2122007-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
213
214	* doc/setup.texi: Spelling, from Mark Peoples via Bjorn Sandell.
215	
2162007-10-04  Love Hörnquist Åstrand  <lha@it.su.se>
217
218	* kdc/krb5tgs.c: More prettier printing of enctype, from KAMADA
219	Ken'ichi.
220
221	* lib/krb5/crypto.c (krb5_enctype_to_string): make sure string is
222	NULL on failure.
223
2242007-10-03  Love Hörnquist Åstrand  <lha@it.su.se>
225
226	* kdc/kdc-replay.c: Catch KRB5_PROG_ATYPE_NOSUPP from
227	krb5_addr2sockaddr and igore thte test is that case.
228	
2292007-09-29  Love Hörnquist Åstrand  <lha@it.su.se>
230
231	* lib/krb5/context.c (krb5_free_context): free
232	default_cc_name_env, from Gunther Deschner.
233
2342007-08-27  Love Hörnquist Åstrand  <lha@it.su.se>
235
236	* lib/krb5/{krb5.h,pac.c,test_pac.c,send_to_kdc.c,rd_req.c}: Make
237	work with c++, reported by Hai Zaar
238
239	* lib/krb5/{digest.c,krb5.h}: Make work with c++, reported by Hai Zaar
240
2412007-08-20  Love Hörnquist Åstrand  <lha@it.su.se>
242
243	* lib/hdb/Makefile.am: EXTRA_DIST += hdb.schema
244
2452007-07-31  Love Hörnquist Åstrand  <lha@it.su.se>
246
247	* check return value of alloc functions, from Charles Longeau
248
249	* lib/krb5/principal.c: spelling.
250
251	* kadmin/kadmin.8: spelling
252
253	* lib/krb5/crypto.c: Check return values from alloc
254	functions. Prompted by patch of Charles Longeau.
255
256	* lib/krb5/n-fold.c: Make _krb5_n_fold return a error
257	code. Prompted by patch of Charles Longeau.
258
2592007-07-27  Love Hörnquist Åstrand  <lha@it.su.se>
260
261	* lib/krb5/init_creds.c: Always set the ticket options, use
262	KRB5_ADDRESSLESS_DEFAULT as the default value, this make the unset
263	tri-state not so useful.
264
2652007-07-24  Love Hörnquist Åstrand  <lha@it.su.se>
266
267	* tools/heimdal-gssapi.pc.in: Add LIB_pkinit to the list of
268	libraries.
269
270	* tools/heimdal-gssapi.pc.in: pkg-config file for libgssapi in
271	heimdal.
272
273	* tools/Makefile.am: Add heimdal-gssapi.pc and install it into
274	$(libdir)/pkgconfig
275
2762007-07-23  Love Hörnquist Åstrand  <lha@it.su.se>
277
278	* lib/krb5/pkinit.c: Add RFC3526 modp group14 as a default.
279
2802007-07-22  Love Hörnquist Åstrand  <lha@it.su.se>
281
282	* lib/hdb/dbinfo.c (get_dbinfo): use dbname instead of realm as
283	key if the entry is a correct entry.
284
285	* lib/krb5/get_cred.c: Make krb5_get_renewed_creds work, from
286	Gunther Deschner.
287
288	* lib/krb5/Makefile.am: Add test_renew to noinst_PROGRAMS.
289
290	* lib/krb5/test_renew.c: Test for krb5_get_renewed_creds.
291
2922007-07-21  Love Hörnquist Åstrand  <lha@it.su.se>
293
294	* lib/hdb/keys.c: Make parse_key_set handle key set string "v5",
295	from Peter Meinecke.
296
297	* kdc/kaserver.c: Don't ovewrite the error code, from Peter
298	Meinecke.
299
3002007-07-18  Love Hörnquist Åstrand  <lha@it.su.se>
301
302	* TODO-1.0: remove 
303
304	* Makefile.am: remove TODO-1.0
305
3062007-07-17  Love Hörnquist Åstrand  <lha@it.su.se>
307
308	* Heimdal 1.0 release branch cut here
309	
310	* doc/hx509.texi: use version.texi
311	
312	* doc/heimdal.texi: use version.texi
313	
314	* doc/version.texi: version.texi
315
316	* lib/hdb/db3.c: avoid type-punned pointer warning.
317
318	* kdc/kx509.c: Use unsigned char * as argument to HMAC_Update to
319	please OpenSSL and gcc.
320
321	* kdc/digest.c: Use unsigned char * as argument to MD5_Update to
322	please OpenSSL and gcc.
323
3242007-07-16  Love Hörnquist Åstrand  <lha@it.su.se>
325
326	* include/Makefile.am: Add krb_err.h.
327
328	* kdc/set_dbinfo.c: Print acl file too.
329
330	* kdc/kerberos4.c: Error codes are just fine, remove XXX now.
331
332	* lib/krb5/krb5-v4compat.h: Drop duplicate error codes.
333
334	* kdc/kerberos4.c: switch to ET errors.
335
336	* lib/krb5/Makefile.am: Add krb_err.h to build_HEADERZ.
337
338	* lib/krb5/v4_glue.c: If its a Kerberos 4 error-code, remove the
339	et BASE.
340
3412007-07-15  Love Hörnquist Åstrand  <lha@it.su.se>
342
343	* lib/krb5/krb5-v4compat.h: Include "krb_err.h".
344
345	* lib/krb5/v4_glue.c: return more interesting error codes.
346
347	* lib/krb5/plugin.c: Prefix enum plugin_type.
348
349	* lib/krb5/krb5_locl.h: Expose plugin structures.
350	
351	* lib/krb5/krb5.h: Add plugin structures.
352
353	* lib/krb5/krb_err.et: V4 errors.
354
355	* lib/krb5/version-script.map: First version of version script.
356
3572007-07-13  Love Hörnquist Åstrand  <lha@it.su.se>
358
359	* kdc/kerberos5.c: Java 1.6 expects the name to be the same type,
360	lets allow that for uncomplicated name-types.
361
3622007-07-12  Love Hörnquist Åstrand  <lha@it.su.se>
363
364	* lib/krb5/v4_glue.c (_krb5_krb_rd_req): if ticket contains
365	address 0, its ticket less and don't really care about
366	from_addr. return better error codes.
367
368	* kpasswd/kpasswdd.c: Fix pointer vs strict alias rules.
369
3702007-07-11  Love Hörnquist Åstrand  <lha@it.su.se>
371
372	* lib/hdb/hdb-ldap.c: When using sambaNTPassword, avoid adding
373	more then one enctype 23 to krb5EncryptionType.
374
375	* lib/krb5/cache.c: Spelling.
376
377	* kdc/kerberos5.c: Don't send newer enctypes in ETYPE-INFO.
378	(get_pa_etype_info2): return the enctypes as sorted in the
379	database
380
3812007-07-10  Love Hörnquist Åstrand  <lha@it.su.se>
382
383	* kuser/kinit.c: krb5-v4compat.h defines prototypes for
384	v4 (semiprivate functions) in libkrb5, don't include
385	krb5-private.h any longer.
386
387	* lib/krb5/krbhst.c: Set error string when there is no KDC for a
388	realm.
389
390	* lib/krb5/Makefile.am: New library version.
391
392	* kdc/Makefile.am: New library version.
393
394	* lib/krb5/krb5_locl.h: Add default_cc_name_env.
395
396	* lib/krb5/cache.c (enviroment_changed): return non-zero if
397	enviroment that will determine default krb5cc name has changed.
398	(krb5_cc_default_name): also check if cached value is uptodate.
399
400	* lib/krb5/krb5_locl.h: Drop pkinit_flags.
401
4022007-07-05  Love Hörnquist Åstrand  <lha@it.su.se>
403
404	* configure.in: add tests/java/Makefile
405
406	* lib/hdb/dbinfo.c: Add hdb_dbinfo_get_log_file.
407
4082007-07-04  Love Hörnquist Åstrand  <lha@it.su.se>
409
410	* kdc/kerberos5.c: Improve the default salt detection to avoid
411	returning v4 password salting to java that doesn't look at the
412	returning padata for salting.
413
414	* kdc: Split out krb5_kdc_set_dbinfo, From Andrew Bartlett
415
4162007-07-02  Love Hörnquist Åstrand  <lha@it.su.se>
417
418	* kdc/digest.c: Try harder to provide better error message for
419	digest messages.
420
421	* lib/krb5/Makefile.am: verify_krb5_conf_OBJECTS depends on
422	krb5-pr*.h, make -j finds this.
423	
4242007-06-28  Love Hörnquist Åstrand  <lha@it.su.se>
425
426	* kdc/digest.c: On success, print username, not ip-adress.
427
4282007-06-26  Love Hörnquist Åstrand  <lha@it.su.se>
429
430	* lib/krb5/get_cred.c: Add krb5_get_renewed_creds.
431
432	* lib/krb5/krb5_get_credentials.3: add krb5_get_renewed_creds
433
434	* lib/krb5/pkinit.c: Use hx509_cms_unwrap_ContentInfo.
435	
4362007-06-25  Love Hörnquist Åstrand  <lha@it.su.se>
437
438	* doc/setup.texi: Add example for pkinit_win2k_require_binding
439	in [kdc] section.
440
441	* kdc/default_config.c: Rename require_binding to
442	win2k_require_binding to match client configuration.
443
444	* kdc/default_config.c: Add [kdc]pkinit_require_binding option.
445
446	* kdc/pkinit.c (pk_mk_pa_reply_enckey): only allow non-bound reply
447	if its not required.
448
449	* kdc/default_config.c: rename pkinit_princ_in_cert and add
450	pkinit_require_binding
451
452	* kdc/kdc.h: rename pkinit_princ_in_cert and add
453	pkinit_require_binding
454
455	* kdc/pkinit.c: rename pkinit_princ_in_cert
456
4572007-06-24  Love Hörnquist Åstrand  <lha@it.su.se>
458
459	* lib/krb5/pkinit.c: Adapt to hx509_verify_hostname change.
460
4612007-06-21  Love Hörnquist Åstrand  <lha@it.su.se>
462
463	* kdc/krb5tgs.c: Drop unused variable.
464
465	* kdc/krb5tgs.c: disable anonyous tgs requests
466
467	* kdc/krb5tgs.c: Don't check PAC on cross realm for now.
468
469	* kuser/kgetcred.c: Set KRB5_GC_CONSTRAINED_DELEGATION and parse
470	nametypes.
471
472	* lib/krb5/krb5_principal.3: Document krb5_parse_nametype.
473
474	* lib/krb5/principal.c (krb5_parse_nametype): parse nametype and
475	return their integer values.
476
477	* lib/krb5/krb5.h (krb5_get_creds): Add
478	KRB5_GC_CONSTRAINED_DELEGATION.
479
480	* lib/krb5/get_cred.c (krb5_get_creds): if
481	KRB5_GC_CONSTRAINED_DELEGATION is set, set both request_anonymous
482	and constrained_delegation.
483
4842007-06-20  Love Hörnquist Åstrand  <lha@it.su.se>
485
486	* kdc/digest.c: Return an error message instead of dropping the
487	packet for more failure cases.
488
489	* lib/krb5/krb5_principal.3: Add KRB5_PRINCIPAL_UNPARSE_DISPLAY.
490
491	* appl/gssmask/gssmask.c (AcquirePKInitCreds): fail more
492	gracefully
493	
4942007-06-18  Love Hörnquist Åstrand  <lha@it.su.se>
495
496	* lib/krb5/pac.c: make compile.
497	
498	* lib/krb5/pac.c (verify_checksum): memset cksum to avoid using
499	pointer from stack.
500
501	* lib/krb5/plugin.c: Don't expose free pointer.
502
503	* lib/krb5/pkinit.c (_krb5_pk_load_id): fail directoy for first
504	calloc.
505	
506	* lib/krb5/pkinit.c (get_reply_key*): don't expose freed memory
507
508	* lib/krb5/krbhst.c: Host is static memory, don't free.
509
510	* lib/krb5/crypto.c (decrypt_internal_derived): make sure length
511	is longer then confounder + checksum.
512
513	* kdc: export get_dbinfo as krb5_kdc_set_dbinfo and call from
514	users. This to allows libkdc users to to specify their own
515	databases
516
517	* lib/krb5/pkinit.c (pk_rd_pa_reply_enckey): simplify handling of
518	content data (and avoid leaking memory).
519
520	* kdc/misc.c (_kdc_db_fetch): set error string for failures.
521	
5222007-06-15  Love Hörnquist Åstrand  <lha@it.su.se>
523
524	* kdc/pkinit.c: Use KRB5_AUTHDATA_INITIAL_VERIFIED_CAS.
525
5262007-06-13  Love Hörnquist Åstrand  <lha@it.su.se>
527
528	* kdc/pkinit.c: tell user when they got a pk-init request with
529	pkinit disabled.
530
5312007-06-12  Love Hörnquist Åstrand  <lha@it.su.se>
532	
533	* lib/krb5/principal.c: Rename UNPARSE_NO_QUOTE to
534	UNPARSE_DISPLAY.
535
536	* lib/krb5/krb5.h: Rename UNPARSE_NO_QUOTE to UNPARSE_DISPLAY.
537
538	* lib/krb5/principal.c: Make no-quote mean replace strange chars
539	with space.
540
541	* lib/krb5/principal.c: Support KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
542
543	* lib/krb5/krb5.h: Add KRB5_PRINCIPAL_UNPARSE_NO_QUOTE.
544
545	* lib/krb5/test_princ.c: Test quoteing.
546
547	* lib/krb5/pkinit.c: update (c)
548	
549	* lib/krb5/get_cred.c: use krb5_sendto_context to talk to the KDC.
550
551	* lib/krb5/send_to_kdc.c (_krb5_kdc_retry): check if the whole
552	process needs to restart or just skip this KDC.
553
554	* lib/krb5/init_creds_pw.c: Use krb5_sendto_context to talk to
555	KDC.
556
557	* lib/krb5/krb5.h: Add sendto hooks and opaque structure.
558
559	* lib/krb5/krb5_rd_error.3: Update prototype.
560
561	* lib/krb5/send_to_kdc.c: Add hooks for processing the reply from
562	the server.
563	
5642007-06-11  Love Hörnquist Åstrand  <lha@it.su.se>
565
566	* lib/krb5/krb5_err.et: Some new error codes from RFC 4120.
567	
5682007-06-09  Love Hörnquist Åstrand  <lha@it.su.se>
569
570	* kdc/krb5tgs.c: Constify.
571
572	* kdc/kerberos5.c: Constify.
573
574	* kdc/pkinit.c: Check for KRB5-PADATA-PK-AS-09-BINDING. Constify.
575
5762007-06-08  Love Hörnquist Åstrand  <lha@it.su.se>
577
578	* include/Makefile.am: Make krb5-types.h nodist_include_HEADERS.
579
580	* kdc/Makefile.am: EXTRA_DIST += version-script.map.
581	
5822007-06-07  Love Hörnquist Åstrand  <lha@it.su.se>
583	
584	* Makefile.am (print-distdir): print name of dist
585
586	* kdc/pkinit.c: Break out loading of mappings file to a separate
587	function and remove warning that it can't open the mapping file,
588	there are now mappings in the db, maybe the users uses that
589	instead...
590
591	* lib/krb5/crypto.c: Require the raw key have the correct size and
592	do away with the minsize.  Minsize was a thing that originated
593	from RC2, but since RC2 is done in the x509/cms subsystem now
594	there is no need to keep that around.
595
596	* lib/hdb/dbinfo.c: If there is no default dbname, also check for
597	unset mkey_file and set it default mkey name, make backward compat
598	stuff work.
599
600	* kdc/version-script.map: add new symbols
601
602	* kdc/kdc-replay.c: Also update krb5_context view of what the time
603	is.
604
605	* configure.in: add tests/can/Makefile
606
607	* kdc/kdc-replay.c: Add --[version|help].
608
609	* kdc/pkinit.c: Push down the kdc time into the x509 library.
610
611	* kdc/connect.c: Move up krb5_kdc_save_request so we can catch the
612	reply data too.
613
614	* kdc/kdc-replay.c: verify reply by checking asn1 class, type and
615	tag of the reply if there is one.
616
617	* kdc/process.c: Save asn1 class, type and tag of the reply if
618	there is one. Used to verify the reply in kdc-replay.
619
6202007-06-06  Love Hörnquist Åstrand  <lha@it.su.se>
621
622	* kdc/kdc_locl.h: extern for request_log.
623
624	* kdc/Makefile.am: Add kdc-replay.
625
626	* kdc/kdc-replay.c: Replay kdc messages to the KDC library.
627
628	* kdc/config.c: Pick up request_log from [kdc]kdc-request-log.
629
630	* kdc/connect.c: Option to save the request to disk.
631
632	* kdc/process.c (krb5_kdc_save_request): save request to file.
633
634	* kdc/process.c (krb5_kdc_process*): dont update _kdc_time
635	automagicly.
636	(krb5_kdc_update_time): set or get current kdc-time.
637
638	* kdc/pkinit.c (_kdc_pk_rd_padata): accept both pkcs-7 and
639	pkauthdata as the signeddata oid
640	
641	* kdc/pkinit.c (_kdc_pk_rd_padata): Try to log what went wrong.
642
6432007-06-05  Love Hörnquist Åstrand  <lha@it.su.se>
644	
645	* kdc/pkinit.c: Use oid_id_pkcs7_data for pkinit-9 encKey reply to
646	match windows DC behavior better.
647	
6482007-06-04  Love Hörnquist Åstrand  <lha@it.su.se>
649
650	* configure.in: use test for -framework Security
651
652	* appl/test/uu_server.c: Print status to stdout.
653
654	* kdc/digest.c (digest ntlm): provide log entires by setting ret
655	to an error.
656	
6572007-06-03  Love Hörnquist Åstrand  <lha@it.su.se>
658
659	* doc/hx509.texi: Indent crl-sign.
660
661	* doc/hx509.texi: One more crl-sign example.
662
663	* lib/krb5/test_princ.c: plug memory leaks.
664
665	* lib/krb5/pac.c: plug memory leaks.
666
667	* lib/krb5/test_pac.c: plug memory leaks.
668
669	* lib/krb5/test_prf.c: plug memory leak.
670
671	* lib/krb5/test_cc.c: plug memory leaks.
672
673	* doc/hx509.texi: Simple blob about publishing CRLs.
674
675	* doc/win2k.texi: drop text about enctypes.
676	
6772007-06-02  Love Hörnquist Åstrand  <lha@it.su.se>
678
679	* kdc/pkinit.c: In case of OCSP verification failure, referash
680	every 5 min. In case of success, refreash 2 min before expiring or
681	faster.
682	
6832007-05-31  Love Hörnquist Åstrand  <lha@it.su.se>
684	
685	* lib/krb5/krb5_err.et: add error 68, WRONG_REALM
686
687	* kdc/pkinit.c: Handle the ms san in a propper way, still cheat
688	with the realm name.
689
690	* kdc/kerberos5.c: If _kdc_pk_check_client failes, bail out
691	directly and hand the error back to the client.
692
693	* lib/krb5/krb5_err.et: Add missing REVOCATION_STATUS_UNAVAILABLE
694	and fix error message for CLIENT_NAME_MISMATCH.
695
696	* kdc/pkinit.c: More logging for pk-init client mismatch.
697
698	* kdc/kerberos5.c: Also add a KRB5_PADATA_PK_AS_REQ_WIN for
699	windows pk-init (-9) to make MIT clients happy.
700	
7012007-05-30  Love Hörnquist Åstrand  <lha@it.su.se>
702	
703	* kdc/pkinit.c: Force des3 for win2k.
704
705	* kdc/pkinit.c: Add wrapping to ContentInfo wrapping to
706	COMPAT_WIN2K.
707
708	* lib/krb5/keytab_keyfile.c: Spelling.
709
710	* kdc/pkinit.c: Allow matching by MS UPN SAN, note that this delta
711	doesn't deal with case of realm.
712	
7132007-05-16  Love Hörnquist Åstrand  <lha@it.su.se>
714
715	* lib/krb5/crypto.c (krb5_crypto_overhead): return static overhead
716	of encryption.
717	
7182007-05-10  Dave Love  <fx@gnu.org>
719	
720	* doc/win2k.texi: Update some URLs.
721
7222007-05-13  Love Hörnquist Åstrand  <lha@it.su.se>
723
724	* kuser/kimpersonate.c: Fix version number of ticket, it should be
725	5 not the kvno.
726	
7272007-05-08  Love Hörnquist Åstrand  <lha@it.su.se>
728
729	* doc/setup.texi: Salting is really Encryption types and salting.
730	
7312007-05-07  Love Hörnquist Åstrand  <lha@it.su.se>
732	
733	* doc/setup.texi: spelling, from Ronny Blomme
734
735	* doc/win2k.texi: Fix ksetup /SetComputerPassword, from Ronny
736	Blomme
737	
7382007-05-02  Love Hörnquist Åstrand  <lha@it.su.se>
739
740	* lib/hdb/dbinfo.c (hdb_get_dbinfo) If there are no database
741	specified, create one and let it use the defaults.
742	
7432007-04-27  Love Hörnquist Åstrand  <lha@it.su.se>
744	
745	* lib/hdb/test_dbinfo.c: test acl file
746
747	* lib/hdb/test_dbinfo.c: test acl file
748
749	* lib/hdb/dbinfo.c: add acl file
750
751	* etc: ignore Makefile.in
752
753	* Makefile.am: SUBDIRS += etc
754
755	* configure.in: Add etc/Makefile.
756
757	* etc/Makefile.am: make sure services.append is distributed
758
7592007-04-24  Love Hörnquist Åstrand  <lha@it.su.se>
760
761	* kdc: rename windc_init to krb5_kdc_windc_init
762
763	* kdc/version-script.map: version script for libkdc
764	
765	* kdc/Makefile.am: version script for libkdc
766	
7672007-04-23  Love Hörnquist Åstrand  <lha@it.su.se>
768
769	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_get_error):
770	correct the order of the arguments.
771
772	* lib/hdb/Makefile.am: Add and test dbinfo.
773
774	* lib/hdb/hdb.h: Forward declaration for struct hdb_dbinfo;
775
776	* kdc/config.c: Use krb5_kdc_get_config and just fill in what the
777	users wanted differently.
778
779	* kdc/default_config.c: Make the default configuration fetch info
780	from the krb5.conf.
781	
7822007-04-22  Love Hörnquist Åstrand  <lha@it.su.se>
783
784	* lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
785	determine if to send the session-key, for the second place in the
786	function.
787
788	* tools/krb5-config.in: rename des to hcrypto
789
790	* kuser/Makefile.am: depend on libheimntlm
791
792	* kuser/kinit.c: Add --ntlm-domain that store the ntlm cred for
793	this domain if the Kerberos password auth worked.
794
795	* kuser/klist.c: add new option --hidden that doesn't display
796	principal that starts with @
797
798	* tools/krb5-config.in: Add heimntlm when we use gssapi.
799
800	* lib/krb5/krb5_ccache.3 (krb5_cc_retrieve_cred): document what to
801	free 'cred' with.
802
803	* lib/krb5/cache.c (krb5_cc_retrieve_cred): document what to free
804	'cred' with.
805	
8062007-04-21  Love Hörnquist Åstrand  <lha@it.su.se>
807
808	* lib/krb5/store.c (krb5_store_creds_tag): use session.keytype to
809	determine if to send the session-key.
810
811	* kcm/client.c (kcm_ccache_new_client): make root be able to pass
812	the name constraints, not the opposite. From Bryan Jacobs.
813	
8142007-04-20  Love Hörnquist Åstrand  <lha@it.su.se>
815
816	* kcm/acl.c: make compile again.
817
818	* kcm/client.c: fix warning.
819	
820	* kcm: First, it allows root to ignore the naming conventions.
821	Second, it allows root to always perform any operation on any
822	ccache.  Note that root could do this anyway with FILE ccaches.
823	From Bryan Jacobs.
824
825	* Rename libdes to libhcrypto.
826
8272007-04-19  Love Hörnquist Åstrand  <lha@it.su.se>
828
829	* kinit: remove code that depend on kerberos 4 library
830	
831	* kdc: remove code that depend on kerberos 4 library
832	
833	* configure.in: Drop kerberos 4 support.
834
835	* kdc/hpropd.c (main): free the message when done with it.
836
837	* lib/krb5/pkinit.c (_krb5_get_init_creds_opt_free_pkinit):
838	remember to free memory too.
839
840	* lib/krb5/pkinit.c (pk_rd_pa_reply_dh): free content-type when
841	done.
842
843	* configure.in: test rk_VERSIONSCRIPT
844	
8452007-04-18  Love Hörnquist Åstrand  <lha@it.su.se>
846
847	* fix-export: remove, all done by make dist now
848
8492007-04-15  Love Hörnquist Åstrand  <lha@it.su.se>
850
851	* lib/krb5/krb5_get_credentials.3: spelling, from Jason McIntyre
852
8532007-04-11  Love Hörnquist Åstrand  <lha@it.su.se>
854
855	* kdc/kstash.8: Spelling, from raga <raga@comcast.net> 
856	via Bjorn Sandell.
857
858	* lib/krb5/store_mem.c: indent.
859
860	* lib/krb5/recvauth.c: Set error string.
861
862	* lib/krb5/rd_req.c: clear error strings.
863
864	* lib/krb5/rd_cred.c: clear error string.
865
866	* lib/krb5/pkinit.c: Set error strings.
867
868	* lib/krb5/get_cred.c: Tell what principal we are not finding for
869	all KRB5_CC_NOTFOUND.
870	
8712007-02-22  Love Hörnquist Åstrand  <lha@it.su.se>
872	
873	* kdc/kerberos5.c: Return the same error codes as a windows KDC.
874
875	* kuser/kinit.c: KRB5KDC_ERR_PREAUTH_FAILED is also a password
876	failed.
877	
878	* kdc/kerberos5.c: Make handling of replying e_data more generic,
879	from metze.
880
881	* kdc/kerberos5.c: Fix (string const and shadow) warnings, from
882	metze.
883
884	* lib/krb5/pac.c: Create the PAC element in the same order as
885	w2k3, maybe there's some broken code in windows which relies on
886	this... From metze.
887
888	* kdc/kerberos5.c: Select a session enctype from the list of the
889	crypto systems supported enctype, is supported by the client and
890	is one of the enctype of the enctype of the krbtgt.
891	
892	The later is used as a hint what enctype all KDC are supporting to
893	make sure a newer version of KDC wont generate a session enctype
894	that and older version of a KDC in the same realm can't decrypt.
895	
896	But if the KDC admin is paranoid and doesn't want to have "no the
897	best" enctypes on the krbtgt, lets save the best pick from the
898	client list and hope that that will work for any other KDCs.
899	
900	Reported by metze.
901
902	* kdc/hprop.c (propagate_database): on any failure, drop the
903	connection to the peer and try next one.
904	
9052007-02-18  Love Hörnquist Åstrand  <lha@it.su.se>
906
907	* lib/krb5/krb5_get_init_creds.3: document new options.
908
909	* kdc/krb5tgs.c: Only check service key for cross realm PACs.
910
911	* lib/krb5/init_creds.c: use the new merged flags field.
912	(krb5_get_init_creds_opt_set_win2k): new function, turn on all w2k
913	compat flags.
914
915	* lib/krb5/init_creds_pw.c: use the new merged flags field.
916
917	* lib/krb5/krb5_locl.h: merge all flags into one entity
918	
9192007-02-11  Dave Love  <fx@gnu.org>
920	
921	* lib/krb5/krb5_aname_to_localname.3: Small fixes
922	
923	* lib/krb5/krb5_digest.3: Small fixes
924	
925	* kuser/kimpersonate.1: Small fixes
926
9272007-02-17  Love Hörnquist Åstrand  <lha@it.su.se>
928
929	* lib/krb5/init_creds_pw.c (find_pa_data): if there is no list,
930	there is no entry.
931
932	* kdc/krb5tgs.c: Don't check PACs on cross realm requests.
933
934	* lib/krb5/krb5.h: add KRB5_KU_CANONICALIZED_NAMES.
935
936	* lib/krb5/init_creds_pw.c: Verify client referral data.
937
938	* kdc/kerberos5.c: switch some "return ret" to "goto out".
939	
940	* kdc/kerberos5.c: Pass down canonicalize request to hdb layer,
941	sign client referrals.
942	
943	* lib/hdb/hdb.h: Add HDB_F_CANON.
944
945	* lib/hdb: add simple alias support to the database backends
946
9472007-02-16  Love Hörnquist Åstrand  <lha@it.su.se>
948
949	* kuser/kinit.c: Add canonicalize flag.
950
951	* lib/krb5/init_creds_pw.c: Use EXTRACT_TICKET_* flags, support
952	canonicalize.
953
954	* lib/krb5/init_creds.c (krb5_get_init_creds_opt_set_canonicalize):
955	new function.
956	
957	* lib/krb5/get_cred.c: Use EXTRACT_TICKET_* flags.
958
959	* lib/krb5/get_in_tkt.c: Use EXTRACT_TICKET_* flags.
960
961	* lib/krb5/krb5_locl.h: Add EXTRACT_TICKET_* flags.
962	
9632007-02-15  Love Hörnquist Åstrand  <lha@it.su.se>
964
965	* lib/krb5/test_princ.c: test parsing enterprise-names.
966
967	* lib/krb5/principal.c: Add support for parsing enterprise-names.
968
969	* lib/krb5/krb5.h: Add KRB5_PRINCIPAL_PARSE_ENTERPRISE.
970
971	* lib/hdb/hdb-ldap.c: Make work again.
972	
9732007-02-11  Dave Love  <fx@gnu.org>
974
975	* kcm/client.c (kcm_ccache_new_client): Cast snprintf'ed value.
976	
9772007-02-10  Love Hörnquist Åstrand  <lha@it.su.se>
978	
979	* doc/setup.texi: prune trailing space
980
981	* lib/hdb/db.c: Be better at setting and clearing error string.
982
983	* lib/hdb/hdb.c: Be better at setting and clearing error string.
984
9852007-02-09  Love Hörnquist Åstrand  <lha@it.su.se>
986
987	* lib/krb5/keytab.c (krb5_kt_get_entry): Use krb5_kt_get_full_name
988	to print out the keytab name.
989
990	* doc/setup.texi: Spelling, from Guido Guenther
991	
9922007-02-08  Love Hörnquist Åstrand  <lha@it.su.se>
993
994	* lib/krb5/rd_cred.c: Plug memory leak, from Michael B Allen.
995
9962007-02-06  Love Hörnquist Åstrand  <lha@it.su.se>
997
998	* lib/krb5/test_store.c (test_uint16): unsigned ints can't be
999	negative
1000	
10012007-02-03  Love Hörnquist Åstrand  <lha@it.su.se>
1002
1003	* kdc/pkinit.c: pass extra flags for detached signatures.
1004
1005	* lib/krb5/pkinit.c: pass extra flags for detached signatures.
1006
1007	* kdc/digest.c: Remove debug output.
1008
1009	* kuser/kdigest.c: Add support for ms-chap-v2 client.
1010	
10112007-02-02  Love Hörnquist Åstrand  <lha@it.su.se>
1012		
1013	* kdc/digest.c: Fix ms-chap-v2 get_masterkey
1014
1015	* kdc/digest.c: Fix ms-chap-v2 mutual response auth code.
1016
1017	* kuser/kdigest.c: Print session key if there is one.
1018
1019	* lib/krb5/digest.c: rename hash-a1 to session key
1020
1021	* kdc/digest.c: Add get_master from RFC 3079 3.4 for MS-CHAP-V2
1022
1023	* kuser/kdigest.c: print rsp if there is one, from Klas.
1024
1025	* kdc/digest.c: Use right size, from Klas Lindfors.
1026
1027	* kuser/kdigest.c: Set client nonce if avaible, from Klas.
1028
1029	* kdc/digest.c: First version from kllin.
1030
1031	* kuser/kdigest.c: Don't restrict the type.
1032	
10332007-02-01  Love Hörnquist Åstrand  <lha@it.su.se>
1034	
1035	* kuser/kdigest-commands.in: add --client-response
1036
1037	* kuser/kdigest.c: Print status instead of response.
1038
1039	* kdc/digest.c: Better logging and return status = FALSE when
1040	checksum doesn't match.
1041
1042	* kdc/digest.c: Check the digest response in the KDC.
1043
1044	* lib/krb5/digest.c: New functions to send in requestResponse to
1045	KDC and get status of the request.
1046
1047	* kdc/digest.c: Add support for MS-CHAP v2.
1048
1049	* lib/hdb/hdb-ldap.c: Set hdb->hdb_db for ldap.
1050	
10512007-01-31  Love Hörnquist Åstrand  <lha@it.su.se>
1052
1053	* fix-export: Make hx509.info too
1054
1055	* kdc/digest.c: don't verify identifier in CHAP, its the client
1056	that chooses it.
1057	
10582007-01-23  Love Hörnquist Åstrand  <lha@it.su.se>
1059
1060	* lib/krb5/Makefile.am: Basic test of prf.
1061
1062	* lib/krb5/test_prf.c: Basic test of prf.
1063
1064	* lib/krb5/mit_glue.c: Add MIT glue for Kerberos RFC 3961 PRF
1065	functions.
1066
1067	* lib/krb5/crypto.c: Add Kerberos RFC 3961 PRF functions.
1068
1069	* lib/krb5/krb5_data.3: Document krb5_data_cmp.
1070
1071	* lib/krb5/data.c: Add krb5_data_cmp.
1072	
10732007-01-20  Love Hörnquist Åstrand  <lha@it.su.se>
1074
1075	* kdc/kx509.c: Don't use C99 syntax.
1076	
10772007-01-17  Love Hörnquist Åstrand  <lha@it.su.se>
1078	
1079	* configure.in: its LIBADD_roken (and shouldn't really exist, our
1080	libtool usage it broken)
1081
1082	* configure.in: Add an extra variable for roken, LIBADD, that
1083	should be used for library depencies.
1084
1085	* lib/krb5/send_to_kdc.c (krb5_sendto): zero out receive buffer.
1086
1087	* lib/krb5/krb5_init_context.3: fix mdoc errors
1088
1089	* Heimdal 0.8 branch cut today
1090
1091	* doc/hx509.texi: Spelling and more about proxy certificates.
1092
1093	* configure.in: check for arc4random
1094	
10952007-01-16  Love Hörnquist Åstrand  <lha@it.su.se>
1096	
1097	* lib/krb5/send_to_kdc.c (krb5_sendto): zero receive krb5_data
1098	before starting
1099
1100	* tools/heimdal-build.sh: make cvs keep quiet
1101
1102	* kuser/kverify.c: Use argument as principal if passed an
1103	argument. Bug report from Douglas E. Engert
1104	
11052007-01-15  Love Hörnquist Åstrand  <lha@it.su.se>
1106	
1107	* lib/krb5/rd_req.c (krb5_rd_req_ctx): The code failed to consider
1108	the enc_tkt_in_skey case, from Douglas E. Engert.
1109
1110	* kdc/kx509.c: Issue certificates.
1111
1112	* kdc/config.c: Parse kx509/kca configuration.
1113
1114	* kdc/kdc.h: add kx509 config
1115	
11162007-01-14  Love Hörnquist Åstrand  <lha@it.su.se>
1117	
1118	* kdc/kerberos5.c (_kdc_find_padata): if there is not padata,
1119	there is nothing find.
1120
1121	* doc/hx509.texi: Examples for pk-init.
1122
1123	* doc/hx509.texi: About extending ca lifetime and sub cas.
1124	
11252007-01-13  Love Hörnquist Åstrand <lha@it.su.se>
1126	
1127	* doc/hx509.texi: More about certificates.
1128	
11292007-01-12  Love Hörnquist Åstrand  <lha@it.su.se>
1130
1131	* doc/hx509.texi: add Application requirements and write about
1132	xmpp/jabber.
1133	
11342007-01-11  Love Hörnquist Åstrand  <lha@it.su.se>
1135
1136	* doc/hx509.texi: More about issuing certificates.
1137
1138	* doc/hx509.texi: Start of a x.509 manual.
1139
1140	* include/Makefile.am: remove install headerfiles
1141
1142	* lib/krb5/test_pac.c: Use more interesting data to cause more
1143	errors.
1144
1145	* include/Makefile.am: remove install headerfiles
1146
1147	* lib/krb5/mcache.c: MCC_CURSOR not used, remove.
1148
1149	* lib/krb5/crypto.c: macro kcrypto_oid_enc now longer used
1150
1151	* lib/krb5/rd_safe.c (krb5_rd_safe): set length before trying to
1152	allocate data
1153	
11542007-01-10  Love Hörnquist Åstrand  <lha@it.su.se>
1155	
1156	* doc/setup.texi: Hint about hxtool validate.
1157
1158	* appl/test/uu_server.c: print both "server" and "client"
1159
1160	* kdc/krb5tgs.c: Rename keys to be more obvious what they do.
1161
1162	* kdc/kerberos5.c: Use other keys to sign PAC with. From Andrew
1163	Bartlett
1164	
1165	* kdc/windc.c: ident, spelling.
1166
1167	* kdc/windc_plugin.h: indent.
1168
1169	* kdc/krb5tgs.c: Pass down server entry to verify_pac function.
1170	from Andrew Bartlett
1171
1172	* kdc/windc.c: pass down server entry to verify_pac function, from
1173	Andrew Bartlett
1174
1175	* kdc/windc_plugin.h: pass down server entry to verify_pac
1176	function, from Andrew Bartlett
1177
1178	* configure.in: Provide a automake symbol ENABLE_SHARED if shared
1179	libraries are built.
1180
1181	* lib/krb5/rd_req.c (krb5_rd_req_ctx): Use the correct keyblock
1182	when verifying the PAC.  From Andrew Bartlett.
1183	
11842007-01-09  Love Hörnquist Åstrand  <lha@it.su.se>
1185
1186	* lib/krb5/test_pac.c: move around to code test on real PAC.
1187
1188	* lib/krb5/pac.c: A tiny 2 char diffrence that make the code work
1189	for real.
1190
1191	* lib/krb5/test_pac.c: Test more PAC (note that the values used in
1192	this test is wrong, they have to be fixed when the pac code is
1193	fixed).
1194
1195	* doc/setup.texi: Update to new hxtool issue-certificate usage
1196
1197	* lib/krb5/init_creds_pw.c: Make sure we don't sent both ENC-TS
1198	and PK-INIT pa data, no need to expose our password protecting our
1199	PKCS12 key.
1200
1201	* kuser/klist.c (print_cred_verbose): include ticket length in the
1202	verbose output
1203	
12042007-01-08  Love Hörnquist Åstrand  <lha@it.su.se>
1205	
1206	* lib/krb5/acache.c (loadlib): pass RTLD_LAZY to dlopen, without
1207	it linux is unhappy.
1208
1209	* lib/krb5/plugin.c (loadlib): pass RTLD_LAZY to dlopen, without
1210	it linux is unhappy.
1211
1212	* lib/krb5/name-45-test.c: One of the hosts I sometimes uses is
1213	named "bar.domain", this make one of the tests pass when it
1214	shouldn't.
1215
12162007-01-05  Love Hörnquist Åstrand  <lha@it.su.se>
1217
1218	* doc/setup.texi: Change --key argument to --out-key.
1219
1220	* kuser/kimpersonate.1: mangle my name
1221	
12222007-01-04  Love Hörnquist Åstrand  <lha@it.su.se>
1223	
1224	* doc/setup.texi: describe how to use hx509 to create
1225	certificates.
1226
1227	* tools/heimdal-build.sh: Add --distcheck.
1228
1229	* kdc/kerberos5.c: Check for KRB5_PADATA_PA_PAC_REQUEST to check
1230	if we should include the PAC in the krbtgt.
1231
1232	* kdc/pkinit.c (_kdc_as_rep): check if
1233	krb5_generate_random_keyblock failes.
1234
1235	* kdc/kerberos5.c (_kdc_as_rep): check if
1236	krb5_generate_random_keyblock failes.
1237
1238	* kdc/krb5tgs.c (tgs_build_reply): check if
1239	krb5_generate_random_keyblock failes.
1240
1241	* kdc/krb5tgs.c: Scope etype.
1242
1243	* lib/krb5/rd_req.c: Make it possible to turn off PAC check, its
1244	default on.
1245
1246	* lib/krb5/rd_req.c (krb5_rd_req_ctx): If there is a PAC, verify
1247	its server signature.
1248
1249	* kdc/kerberos5.c (_kdc_as_rep): call windc client access hook.
1250	(_kdc_tkt_add_if_relevant_ad): constify in data argument.
1251
1252	* kdc/windc_plugin.h: More comments add a client_access hook.
1253
1254	* kdc/windc.c: Add _kdc_windc_client_access.
1255
1256	* kdc/krb5tgs.c: rename functions after export some more pac
1257	functions.
1258
1259	* lib/krb5/test_pac.c: export some more pac functions.
1260
1261	* lib/krb5/pac.c: export some more pac functions.
1262
1263	* kdc/krb5tgs.c: Resign the PAC in tgsreq if we have a PAC.
1264
1265	* configure.in: add tests/plugin/Makefile
1266	
12672007-01-03  Love Hörnquist Åstrand  <lha@it.su.se>
1268
1269	* kdc/krb5tgs.c: Get right key for PAC krbtgt verification.
1270
1271	* kdc/config.c: spelling
1272
1273	* lib/krb5/krb5.h: typedef for krb5_pac.
1274
1275	* kdc/headers.h: Include <windc_plugin.h>.
1276
1277	* kdc/Makefile.am: Include windc.c and use windc_plugin.h
1278
1279	* kdc/krb5tgs.c: Call callbacks for emulating a Windows Domain
1280	Controller.
1281
1282	* kdc/kerberos5.c: Call callbacks for emulating a Windows Domain
1283	Controller.  Move the some of the log related stuff to its own
1284	function.
1285
1286	* kdc/config.c: Init callbacks for emulating a Windows Domain
1287	Controller.
1288
1289	* kdc/windc.c: Rename the init function to windc instead of pac.
1290
1291	* kdc/windc.c: Callbacks specific to emulating a Windows Domain
1292	Controller.
1293
1294	* kdc/windc_plugin.h: Callbacks specific to emulating a Windows
1295	Domain Controller.
1296
1297	* lib/krb5/Makefile.am: add krb5_HEADERS to build_HEADERZ
1298
1299	* lib/krb5/pac.c: Support all keyed checksum types.
1300	
13012007-01-02  Love Hörnquist Åstrand  <lha@it.su.se>
1302	
1303	* lib/krb5/pac.c (krb5_pac_get_types): Return list of types.
1304	
1305	* lib/krb5/test_pac.c: test krb5_pac_get_types
1306
1307	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
1308
1309	* lib/krb5/krbhst.c: Add KRB5_KRBHST_KCA.
1310
1311	* lib/krb5/krb5.h: Add KRB5_KRBHST_KCA.
1312
1313	* lib/krb5/test_pac.c: test Add/remove pac buffer functions.
1314
1315	* lib/krb5/pac.c: Add/remove pac buffer functions.
1316
1317	* lib/krb5/pac.c: sprinkle const
1318
1319	* lib/krb5/pac.c: rename DCHECK to CHECK
1320	
1321	* Happy New Year.
1322