Training courses

Kernel and Embedded Linux

Bootlin training courses

Embedded Linux, kernel,
Yocto Project, Buildroot, real-time,
graphics, boot time, debugging...

Bootlin logo

Elixir Cross Referencer

   1
   2
   3
   4
   5
   6
   7
   8
   9
  10
  11
  12
  13
  14
  15
  16
  17
  18
  19
  20
  21
  22
  23
  24
  25
  26
  27
  28
  29
  30
  31
  32
  33
  34
  35
  36
  37
  38
  39
  40
  41
  42
  43
  44
  45
  46
  47
  48
  49
  50
  51
  52
  53
  54
  55
  56
  57
  58
  59
  60
  61
  62
  63
  64
  65
  66
  67
  68
  69
  70
  71
  72
  73
  74
  75
  76
  77
  78
  79
  80
  81
  82
  83
  84
  85
  86
  87
  88
  89
  90
  91
  92
  93
  94
  95
  96
  97
  98
  99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
 146
 147
 148
 149
 150
 151
 152
 153
 154
 155
 156
 157
 158
 159
 160
 161
 162
 163
 164
 165
 166
 167
 168
 169
 170
 171
 172
 173
 174
 175
 176
 177
 178
 179
 180
 181
 182
 183
 184
 185
 186
 187
 188
 189
 190
 191
 192
 193
 194
 195
 196
 197
 198
 199
 200
 201
 202
 203
 204
 205
 206
 207
 208
 209
 210
 211
 212
 213
 214
 215
 216
 217
 218
 219
 220
 221
 222
 223
 224
 225
 226
 227
 228
 229
 230
 231
 232
 233
 234
 235
 236
 237
 238
 239
 240
 241
 242
 243
 244
 245
 246
 247
 248
 249
 250
 251
 252
 253
 254
 255
 256
 257
 258
 259
 260
 261
 262
 263
 264
 265
 266
 267
 268
 269
 270
 271
 272
 273
 274
 275
 276
 277
 278
 279
 280
 281
 282
 283
 284
 285
 286
 287
 288
 289
 290
 291
 292
 293
 294
 295
 296
 297
 298
 299
 300
 301
 302
 303
 304
 305
 306
 307
 308
 309
 310
 311
 312
 313
 314
 315
 316
 317
 318
 319
 320
 321
 322
 323
 324
 325
 326
 327
 328
 329
 330
 331
 332
 333
 334
 335
 336
 337
 338
 339
 340
 341
 342
 343
 344
 345
 346
 347
 348
 349
 350
 351
 352
 353
 354
 355
 356
 357
 358
 359
 360
 361
 362
 363
 364
 365
 366
 367
 368
 369
 370
 371
 372
 373
 374
 375
 376
 377
 378
 379
 380
 381
 382
 383
 384
 385
 386
 387
 388
 389
 390
 391
 392
 393
 394
 395
 396
 397
 398
 399
 400
 401
 402
 403
 404
 405
 406
 407
 408
 409
 410
 411
 412
 413
 414
 415
 416
 417
 418
 419
 420
 421
 422
 423
 424
 425
 426
 427
 428
 429
 430
 431
 432
 433
 434
 435
 436
 437
 438
 439
 440
 441
 442
 443
 444
 445
 446
 447
 448
 449
 450
 451
 452
 453
 454
 455
 456
 457
 458
 459
 460
 461
 462
 463
 464
 465
 466
 467
 468
 469
 470
 471
 472
 473
 474
 475
 476
 477
 478
 479
 480
 481
 482
 483
 484
 485
 486
 487
 488
 489
 490
 491
 492
 493
 494
 495
 496
 497
 498
 499
 500
 501
 502
 503
 504
 505
 506
 507
 508
 509
 510
 511
 512
 513
 514
 515
 516
 517
 518
 519
 520
 521
 522
 523
 524
 525
 526
 527
 528
 529
 530
 531
 532
 533
 534
 535
 536
 537
 538
 539
 540
 541
 542
 543
 544
 545
 546
 547
 548
 549
 550
 551
 552
 553
 554
 555
 556
 557
 558
 559
 560
 561
 562
 563
 564
 565
 566
 567
 568
 569
 570
 571
 572
 573
 574
 575
 576
 577
 578
 579
 580
 581
 582
 583
 584
 585
 586
 587
 588
 589
 590
 591
 592
 593
 594
 595
 596
 597
 598
 599
 600
 601
 602
 603
 604
 605
 606
 607
 608
 609
 610
 611
 612
 613
 614
 615
 616
 617
 618
 619
 620
 621
 622
 623
 624
 625
 626
 627
 628
 629
 630
 631
 632
 633
 634
 635
 636
 637
 638
 639
 640
 641
 642
 643
 644
 645
 646
 647
 648
 649
 650
 651
 652
 653
 654
 655
 656
 657
 658
 659
 660
 661
 662
 663
 664
 665
 666
 667
 668
 669
 670
 671
 672
 673
 674
 675
 676
 677
 678
 679
 680
 681
 682
 683
 684
 685
 686
 687
 688
 689
 690
 691
 692
 693
 694
 695
 696
 697
 698
 699
 700
 701
 702
 703
 704
 705
 706
 707
 708
 709
 710
 711
 712
 713
 714
 715
 716
 717
 718
 719
 720
 721
 722
 723
 724
 725
 726
 727
 728
 729
 730
 731
 732
 733
 734
 735
 736
 737
 738
 739
 740
 741
 742
 743
 744
 745
 746
 747
 748
 749
 750
 751
 752
 753
 754
 755
 756
 757
 758
 759
 760
 761
 762
 763
 764
 765
 766
 767
 768
 769
 770
 771
 772
 773
 774
 775
 776
 777
 778
 779
 780
 781
 782
 783
 784
 785
 786
 787
 788
 789
 790
 791
 792
 793
 794
 795
 796
 797
 798
 799
 800
 801
 802
 803
 804
 805
 806
 807
 808
 809
 810
 811
 812
 813
 814
 815
 816
 817
 818
 819
 820
 821
 822
 823
 824
 825
 826
 827
 828
 829
 830
 831
 832
 833
 834
 835
 836
 837
 838
 839
 840
 841
 842
 843
 844
 845
 846
 847
 848
 849
 850
 851
 852
 853
 854
 855
 856
 857
 858
 859
 860
 861
 862
 863
 864
 865
 866
 867
 868
 869
 870
 871
 872
 873
 874
 875
 876
 877
 878
 879
 880
 881
 882
 883
 884
 885
 886
 887
 888
 889
 890
 891
 892
 893
 894
 895
 896
 897
 898
 899
 900
 901
 902
 903
 904
 905
 906
 907
 908
 909
 910
 911
 912
 913
 914
 915
 916
 917
 918
 919
 920
 921
 922
 923
 924
 925
 926
 927
 928
 929
 930
 931
 932
 933
 934
 935
 936
 937
 938
 939
 940
 941
 942
 943
 944
 945
 946
 947
 948
 949
 950
 951
 952
 953
 954
 955
 956
 957
 958
 959
 960
 961
 962
 963
 964
 965
 966
 967
 968
 969
 970
 971
 972
 973
 974
 975
 976
 977
 978
 979
 980
 981
 982
 983
 984
 985
 986
 987
 988
 989
 990
 991
 992
 993
 994
 995
 996
 997
 998
 999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
2004-12-30  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/Makefile.am (CHECK_SYMBOLS): add heim_ and pkcs7_ for
	now (used in pkinit)

2004-12-29  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/Makefile.am: add CHECK_SYMBOLS

	* lib/hdb/keys.c: make all_etypes static

	* lib/krb5/Makefile.am: add CHECK_SYMBOLS, approve of: -com_err
	-version krb5_ _krb5_ __heimdal krb524_ krb4_fkt_ops

	* kdc/kerberos5.c: use private version of principalname

	* kdc/kerberos4.c: use private version of principalname

	* kdc/hpropd.c: use private version of principalname

	* kdc/524.c: use private version of principalname

	* lib/krb5/rd_req.c: use private version of principalname

	* lib/krb5/rd_cred.c: use private version of principalname

	* lib/krb5/init_creds_pw.c: use private version of principalname

	* lib/krb5/get_in_tkt.c: use private version of principalname

	* lib/krb5/asn1_glue.c: make principalname functions private

	* lib/krb5/krb5.h: add key usage for server referrals
	
2004-12-29  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/principal.c: make default_v4_name_convert static
	
	* lib/krb5/crypto.c: make lots of crypto related variables static
	
	* lib/krb5/acache.c: make default_acc_name static
	
2004-12-28  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/setup.texi: add some text about samba, use example.com
	
	* lib/hdb/hdb-ldap.c: Add account expiration for samba from James
	F.  Hranicky <jfh@cise.ufl.edu>.
	Add LDAP_addmod_integer and use it.

2004-12-27  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/{Makefile.am,setup.texi,win2k.texi}: spelling and text
	fixes, from Dave Love

2004-12-18  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/heim_threads.h: NetBSD 2.99.11 (any maybe 2.1) just
	needs pthread.h, threadlib is dead

2004-12-17  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/config.c (configure): check for deprecated
	enforce-transited-policy is set and fail if it is
	
	* lib/asn1/asn1_print.c: don't print garabage for octet strings
	
2004-12-13  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/main.c (main): catch sigpipe, we don't bother select()ing
	for errors

	* kdc/connect.c (handle_http_tcp): handle error from write(2)
	
	* doc/setup.texi: clarify credentials refreshing stuff
	
	* doc/setup.texi: add new node: Providing Kerberos credentials to
	servers and programs

	* doc/whatis.texi: fix spurious cross-reference makeinfo warning
	
	* lib/hdb/hdb-ldap.c (pos): uppercase in character

2004-12-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c (LDAP__bytes2hex,LDAP__hex2bytes): encode
	nibbels in the other order

	* lib/hdb/hdb-ldap.c: s/objectclass/objectClass/ check if
	attribute exists before we try to delete it LDAP__bytes2hex
	encodes in strange byte order, is this really right ?
	
2004-12-11  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c (LDAP_firstkey): When iterating over all
	entries, search for samba accounts too, From: "James F. Hranicky"
	<jfh@cise.ufl.edu>

	* lib/hdb/hdb-ldap.c (krb5kdcentry_attrs): ask for attribute uid
	too

	* lib/hdb/hdb-ldap.c (LDAP_message2entry): if the entry is missing
	both krb5PrincipalName and uid, it must be broken, ignore it and
	return it doesn't exists.

2004-12-10  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/hpropd.8: spelling, from OpenBSD
	
	* kdc/kdc.8: use keeps for options, From OpenBSD k
	
2004-12-09  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/setup.texi: document --random-key and the need to do backup
	of the master key

	* kdc/kstash.8: add --random-key
	
	* kdc/kstash.c: add --random-key
	
2004-12-08  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/verify_krb5_conf.8: spelling, from openbsd
	
	* lib/krb5/krb5_init_context.3: spelling, from openbsd
	
	* lib/krb5/krb5.conf.5: spelling, from openbsd
	
	* kuser/kdestroy.1: use keeps around options, spelling, from
	openbsd

	* kpasswd/kpasswdd.8: use ., use keeps around options, from OpenBSD
	
	* kdc/hpropd.8: use keeps around options, from OpenBSD
	
	* kdc/hprop.8: use keeps around options, from OpenBSD
	
2004-11-30  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/context.c (krb5_free_context): clear error string
	before destroying mutex
	(krb5_init_context): don't call krb5_free_context before there is a
	mutex initialized

2004-11-18  Love Hörnquist Åstrand  <lha@it.su.se>

	* kuser/kinit.c (get_new_tickets): only complain about ticket
	renewable lifetime when the user asked for a specific renewable
	lifetime

2004-11-15  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/kerberos5.c (find_keys): log what principal is missing
	enctypes

2004-11-13  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): clear pointer after
	freeing data

	* lib/krb5/init_creds_pw.c (change_password): handle old_options
	being NULL From Guenther Deschner on samba-technical.
	
2004-11-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5_get_init_creds.3: add more text describing the
	krb5_get_init_creds functions

2004-11-11  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/init_creds_pw.c: make krb5_get_init_creds_keytab work
	again

2004-11-10  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb.asn1: use constrained integers
	
2004-11-09  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5_get_init_creds.3: add description for opt_init,
	opt_alloc, opt_free

	* lib/krb5/pkinit.c: unexport krb5_get_init_creds_opt_free_pkinit
	
	* lib/krb5/init_creds.c: unexport
	krb5_get_init_creds_opt_free_pkinit

	* lib/krb5/init_creds_pw.c: fold init_init_creds_ctx into
	get_init_creds_common

	* lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if the in
	options NULL, just make a clean copy

2004-11-01  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/sendauth.c (krb5_rd_rep): free ap_rep message earlier
	so we don't leak it on error

2004-10-31  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5.conf.5: unbreak 2b entry
	
	* lib/krb5/acache.c (make_cred_from_ccred): the address isn't a
	sockaddr but rather a kerberos address, deal with that.  Based on
	bug report from Jakob Schlyter <jakob@rfc.se>.

2004-10-30  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/connect.c: Make sure argument passed to ctype isn't signed
	char

2004-10-14  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/pkinit.c: match new error names
	
	* lib/krb5/krb5_err.et: make error messages sane again
	
2004-10-13  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/keytab.c: use KRB5_KT_BADNAME

	* lib/krb5/krb5_err.et: sync with mit krb5_err.et (require major
	version bump) add KRB5_DELTAT_BADFORMAT
	
	* lib/krb5/krb5.conf.5: time defaults to "s"
	
	* lib/krb5/time.c (krb5_string_to_deltat): default to "s" again,
	MIT's behavior was actually that it failed to parse the number
	(and thus used the default). Even better, ticket_lifetime (that
	was a consumer supposed a of the interface) was documented but
	never implemented, when it was implemented, people configuraiton
	files started to fail.  Also, use KRB5_DELTAT_BADFORMAT as a
	failure code.

	* lib/asn1/k5.asn1: sync enctypes with pkinit branch
	
	* lib/asn1/parse.y (readd) support negative numbers
	
	* lib/asn1/lex.l: support hex numbers
	
2004-10-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/pkinit.c: use ETYPE_DES3_CBC_NONE_CMS
	
	* lib/krb5/crypto.c: add enctype_des3_cbc_none_cms add cms padding
	for rc2 don't to padding for blocksize 1
	
	* lib/hdb/{keys.c,Makefile.am},lib/kadm5/{keys,set_keys}.c:
	Move keyset parsing and password based keyset generation into hdb.
	Requested by Andrew Bartlett <abartlet@samba.org> for hdb-ldb
	backend.

2004-10-07  Love Hörnquist Åstrand  <lha@it.su.se>

	* kuser/kinit.c: adapt to new signature of
	krb5_get_init_creds_opt_set_pkinit
	
	* lib/krb5/pkinit.c: free openssl engine deal with
	RecipientIdentifier -> CMSIdentifier and heim_any -> name change
	improve error messages
	
	* kdc/pkinit.c: free openssl engine deal with RecipientIdentifier
	-> CMSIdentifier and heim_any -> name change
	
2004-10-04  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/klist.c: use rtbl_set_separator
	
2004-10-03  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/pkinit.c: filter out dup openssl engine keys, parse
	user options first

	* lib/krb5/pkinit.c: stop using AlgorithmIdentifierNonOpt, add
	openssl engine support for private key

	* lib/krb5/crypto.c: support padding as its done in CMS
	
	* kdc/pkinit.c: improve error logging
	
	* kdc/pkinit.c: stop using AlgorithmIdentifierNonOpt
	
2004-09-30  Love Hörnquist Åstrand <lha@it.su.se>

	* lib/krb5/krb5.conf.5: assume minutes for time

	* lib/krb5/config_file.c (krb5_config_vget_time_default): use
	krb5_string_to_deltat

	* lib/krb5/appdefault.c (krb5_appdefault_time): use
	krb5_string_to_deltat

	* lib/krb5/time.c (krb5_string_to_deltat): set default unit to
	minute for compatibility with MIT Kerberos.
	

2004-09-28  Love Hörnquist Åstrand <lha@it.su.se>

	* lib/krb5/get_cred.c (get_cred_kdc_usage): retry using "large
	message safe" transport if we get back
	KRB5KRB_ERR_RESPONSE_TOO_BIG error. Idea from Guenther Deschner
	<gd@sernet.de>

2004-09-23 Johan Danielsson <joda@pdc.kth.se>

	* admin/list.c: use rtbl
	
	* admin/ktutil-commands.in: slc source file
	
	* lib/krb5/constants.c: check
	/Library/Preferences/edu.mit.Kerberos on OSX

2004-09-21  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/time.c (krb5_format_time): check return value from
	localtime and strftime

2004-09-14  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/kinit.c: make sure we don't always get renewable creds
	
2004-09-11   Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/acache.c: use krb5_ccapi.h
	
	* lib/krb5/krb5_ccapi.h: break out krb5 api definitions to
	separate (not installed) file

	* lib/krb5/Makefile.am: add AM_CPPFLAGS to libkrb5_la_CPPFLAGS
	since AM_CPPFLAGS overridden by target specific _CPPFLAGS
	
2004-09-08  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/pkinit.c: make variable shorter, make error messages
	from pkinit, make freeing easier
	
2004-09-06  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/Makefile.am: link libkrb5 with LIB_dlopen
	
	* lib/krb5/crypto.c (seed_something): avoid poking at memory that
	is uninitialized, make valgrind unhappy. Pointd out by
	abartlet@samba.org. While where, plug the fd leak.
	
2004-09-05  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/asn1/der_get.c (decode_*): name all tag-length variables the
	same
	(decode_enumerated): check that the tag-length is not longer the length

	* lib/asn1/der_get.c (decode_boolean): fail if length of tag is
	larger then len

2004-08-31  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/init_creds_pw.c (krb5_get_init_creds): kdc_reply can be
	set in case of failure too, free unconditionally on exit to avoid
	memory leak

2004-08-23  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/get_cred.c (set_auth_data): set pointer to NULL after
	free

2004-08-20  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/context.c (krb5_get_err_text): if neither of com_right
	nor strerror finds the error-code, return Unknown error.
	
2004-08-19  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/krb5_kuserok.3: update to reality

	* lib/krb5/kuserok.c: if a .k5login file exist, don't give
	implicit rights to anyone; also check owner/mode of .k5login

2004-08-15  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/Makefile.am: man_MANS = krb5_getportbyname.3
	
	* lib/krb5/krb5_getportbyname.3: manpage for krb5_getportbyname
	
	* lib/krb5/krb5.3: add krb5_getportbyname
	
	* lib/krb5/krb5.3: krb5_free_salt and krb5_enctype_valid

	* lib/krb5/krb5_encrypt.3: document krb5_enctype_valid
	
2004-08-13  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/kerberos5.c (get_pa_etype_info{,2}): check for dup enctypes
	from the client and filter them out.
	
	* lib/krb5/krb5_string_to_key.3: document krb5_free_salt
	
2004-08-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5_ticket.3: data needs to be freed when using
	krb5_ticket_get_authorization_data_type

2004-08-11  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/test_cc.c: test variables in default_cc_name
	
	* lib/krb5/krb5.conf.5: explain support for varibles in
	[libdefaults]default_cc_name
	
	* lib/krb5/cache.c: drop ${time}, its not very useful
	
	* lib/krb5/cache.c: Add _krb5_expand_default_cc_name that expand
	variables in the default cc name. Supported variables now are:
	${time},${uid} and ${null}

	* lib/krb5/krb5.conf.5: document default_cc_name
	
	* lib/krb5/cache.c (krb5_cc_set_default_name):
	s/libdefault/libdefaults/

2004-08-06  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/acache.c: replace magic 3 with ccapi_version_3
	
	* lib/krb5/Makefile.am: libkrb5_la_SOURCES += acache.c
	
	* lib/krb5/krb5.h: add krb5_acc_ops
	
	* lib/krb5/acache.c: CCAPI v3 implementation, the read only
	support was from Magnus Ahltorp and then extended by me to support
	all other operations.  Tested with MIT kerberos cc cache
	implementation on MacOS 10.3.3

	* lib/krb5/cache.c (krb5_cc_set_default_name): allow setting the
	default cc name, this is not very useful for general purpose glue
	since its not possible to glue in user information (like uid), but
	for CCAPI it works just fine

2004-08-05  Love Hörnquist Åstrand  <lha@it.su.se>

	* kuser/kgetcred.1: document --cache/-c
	
	* kuser/kgetcred.c: allow to specify what credential cache to use
	
2004-08-03  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/Makefile.am: add krb5_eai_to_heim_errno.3
	
	* lib/krb5/krb5_eai_to_heim_errno.3: document
	krb5_eai_to_heim_errno, krb5_h_errno_to_heim_errno
	
	* lib/krb5/krb5.3: add krb5_eai_to_heim_errno,
	krb5_h_errno_to_heim_errno

2004-07-26  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5_expand_hostname.3: krb5_expand_hostname_realms
	result should be free with krb5_free_host_realm drop
	krb5_get_host_realm text

	* lib/krb5/krb5_set_default_realm.3: krb5_get_host_realm result
	should be free with krb5_free_host_realm
	
	* lib/krb5/krb5_get_in_cred.3: document krb5_free_kdc_rep
	
	* lib/krb5/krb5_get_init_creds.3: remove dup krb5_get_init_creds
	
	* lib/krb5/krb5_auth_context.3: sort, add krb5_free_authenticator
	
	* lib/krb5/Makefile.am: man_MANS += krb5_rd_error
	
	* lib/krb5/krb5_rd_error.3: krb5_rd_error and friends
	
	* lib/krb5/krb5_warn.3: clarify on what string
	krb5_free_error_string should operate on

	* lib/krb5/krb5_get_credentials.3: add krb5_get_kdc_cred
	
	* lib/krb5/Makefile.am: krb5_get_credentials,
	krb5_get_forwarded_creds and friends

	* lib/krb5/krb5_get_forwarded_creds.3: krb5_get_forwarded_creds
	and friends

	* lib/krb5/krb5_get_credentials.3: krb5_get_credentials and
	friends

2004-07-23  Love Hörnquist Åstrand  <lha@it.su.se>

	* kuser/klist.c (print_cred_verbose): keytypes are no longer, use
	enctype

2004-07-22  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c (LDAP_entry2mods): allow for pre-c99
	compilers, From metze at samba.org

2004-07-20  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/test_cc.c: more cc tests
	
	* lib/krb5/krb5_check_transited.3: document krb5_check_transited
	
2004-07-19  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/pkinit.c (pk_principal_from_X509): reverse test, makes
	principal in cert work From: Mayur Patel <patelm4@rpi.edu>
	
2004-07-18  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/Makefile.am: add krb5_verify_init_creds.3

	* lib/krb5/krb5_verify_init_creds.3: add krb5_verify_init_creds
	
2004-07-15  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5_set_password.3: spelling from wiz@netbsd.org
	description for krb5_passwd_result_to_string
	
2004-07-14  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5_set_password.3: Remove superfluous comma; grammar
	fixes; split sentence in two for better understanding.  From
	wiz@NetBSD.org. Describe krb5_set_password_using_ccache while here.

	* lib/krb5/krb5_set_password.3: nroff and spelling, from Jonathan
	Stone <jonathan@dsg.stanford.edu>

	* lib/krb5/changepw.c (process_reply): cast ssize_t to long and
	print that From NetBSD via Havard Eidnes.
	
2004-07-09  Love Hörnquist Åstrand  <lha@it.su.se>

	* configure.in: fix helpstring for hdb-openldap-module
	
	* lib/krb5/test_cc.c: don't use krb5_err on error code 0
	
2004-07-08  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c (LDAP_seq): try handling errors better
	
2004-07-02  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/get_in_tkt.c (set_ptypes): make ptypes const
	
2004-07-01  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c (LDAP__connect): call ldap_initialize with
	right argument

2004-06-27  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): if the
	krbtgt is without addresses, default to not sending our own
	addrport

	* lib/asn1/lex.l: add support for /* */ and partial line --
	comments

	* kuser/Makefile.am: don't install copy_cred_cache manpage
	
2004-06-24  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/init_creds.c (_krb5_get_init_creds_opt_copy): if
	copying a static opt, make sure to allocate the "private" field

2004-06-24  Love  <lha@stacken.kth.se>

	* kdc/config.c: add enable_pkinit_princ_in_cert
	
	* kdc/kdc_locl.h: enable_pkinit_princ_in_cert
	
	* kdc/pkinit.c: Check certificate for Kerberos Principal in
	OtherName of subjectAltName Based on patch from Mayur Patel
	<patelm4@rpi.edu>

2004-06-21  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/get_cred.c (init_tgs_req): if subkey not avaible, use
	session key for authorization-data

2004-06-15  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/connect.c (handle_tcp): note who is what that closed the
	connection on us

2004-06-09  Love Hörnquist Åstrand  <lha@it.su.se>

	* admin/get.c (kt_get): catch errors from krb5_parse_name
	
2004-06-05  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c: if its the entry just contains the
	structural object (no samba nor heimdal object), add an aux
	heimdal object on to it.
	
2004-06-02  Love Hörnquist Åstrand  <lha@it.su.se>

	* kpasswd/kpasswd.c: use krb5_set_password_using_ccache
	
	* lib/krb5/krb5_set_password.3: add krb5_set_password_using_ccache
	
	* lib/krb5/changepw.c: implement krb5_set_password_using_ccache
	
	* lib/hdb/hdb-ldap.c: Allow the objectClass to be
	"sambaSamAccount" or structural_object when searching for uid
	entries.

	* lib/krb5/krb5.conf.5: document [kdc]hdb-ldap-create-base
	
	* lib/hdb/hdb-ldap.c: add creation base that defaults to the
	search base

	* lib/hdb/hdb-ldap.c: indent like the rest of the code
	
2004-06-01  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c: check return values from ldap operations and
	close it we get back LDAP_SERVER_DOWN. stupid ldap client lib, you
	should retry by yourself.

	* lib/hdb/hdb-ldap.c: require search base to be configured, create
	local context structure
	
2004-05-31  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/setup.texi: more ldap text, partly from Tarjei Huse
	<tarjei@nu.no>

2004-05-28  Love Hörnquist Åstrand  <lha@it.su.se>
	
	* lib/hdb/hdb-ldap.c: clean, indent
	
	* lib/hdb/hdb-ldap.c (LDAP_entry2mods): make sure
	krb5KeyVersionNumber is added on new entires

2004-05-27  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/setup.texi: minor fixes, partly from Tarjei Huse
	<tarjei@nu.no>

	* lib/krb5/krb5.conf.5: some text about dbname and realm
	
	* lib/krb5/krb5.conf.5: default value for
	hdb-ldap-structural-object is account

2004-05-26  Love Hörnquist Åstrand  <lha@it.su.se>

	* tools/Makefile.am: use ! instead of , as sed delimiter
	
2004-05-25  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/*.c: add KRB5_LIB_FUNCTION to all exported functions

2004-05-23  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c: make samba_forwardable a krb5_boolean
	
	* lib/hdb/hdb-ldap.c: make samba forwarding a runtime configure
	option

	* lib/hdb/hdb-ldap.c (LDAP_message2entry): fix [] test From:
	Andrew Bartlett <abartlet@samba.org>
	
	* lib/hdb/hdb-ldap.c (LDAP_message2entry): remove bogus length
	check From: Andrew Bartlett <abartlet@samba.org>
	
	* lib/hdb/hdb-ldap.c (LDAP_message2entry): in the sambaNTPassword
	case, make sure ent->etypes are allocated, From: Andrew Bartlett
	<abartlet@samba.org>

2004-05-14  Love Hörnquist Åstrand  <lha@it.su.se>

	* kuser/kinit.c: move "setpag if (argc < 1)" to common path
	
2004-05-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/verify_krb5_conf.c: pacify pre c99 compilers
	
	* fix-export: use right argument for -E

2004-05-06  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/kinit.c: print some diagnostics if the exec fails
	
2004-04-29  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/pkinit.c (pk_rd_pa_reply_dh): use krb5_random_to_key
	From: Luke Howard <lukeh@padl.com>
	
	* lib/krb5/rd_req.c (krb5_verify_ap_req2): clear the whole ticket,
	not just a pointer size of it From: Luke Howard <lukeh@padl.com>
	
2004-04-28  Love Hörnquist Åstrand  <lha@it.su.se>

	* fix-export: add -E flag where needed to make-proto
	
2004-04-26  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/crypto.c: add set_param for RC2
	
	* lib/krb5/pkinit.c: use krb5_oid_to_enctype and remove all oids
	that are no longer needed

	* kdc/pkinit.c: use krb5_enctype_to_oid
	
	* lib/krb5/crypto.c (krb5_oid_to_enctype): make sure oid exists
	before we compare with it

	* lib/krb5/crypto.c (krb5_crypto_get_params): check ivec length
	before returning it add aes-oids
	
	* lib/krb5/crypto.c: add krb5_enctype_to_oid and
	krb5_oid_to_enctype

	* kdc/pkinit.c: use krb5_crypto_set_params
	
	* lib/krb5/crypto.c: add krb5_crypto_set_params, add aes-NNN-cbc-none

	* lib/krb5/krb5.h: add KEYTYPE_AES192
	
	* lib/krb5/pkinit.c: use krb5_crypto_get_params to implement
	kcrypto RC2 support

	* lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
	rc2-cbc XXX RC2CBCParameter is wrong because the compiler is
	broken

	* lib/krb5/krb5.h: add KEYTYPE_RC2
	
	* lib/krb5/crypto.c: add partial CMS parameter handling, this is
	needed for RC2
	
	* lib/asn1/der_cmp.c: add heim_oid_cmp and heim_octet_string_cmp
	
	* lib/asn1/Makefile.am (libasn1_la_SOURCES) += der_cmp.c
	
	* lib/asn1/der.h: add heim_oid_cmp and heim_octet_string_cmp
	
	* lib/asn1/k5.asn1: add ETYPE_AESNNN_CBC_NONE
	
	* lib/asn1/k5.asn1: add CMS symmetrical parameters here, enctype
	rc2-cbc, XXX RC2CBCParameter is wrong because the compiler is broken

2004-04-26  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/config_file.c: allow parsing directly from strings with
	krb5_config_parse_string_multi
	
	* lib/krb5/verify_krb5_conf.c: try to resolve hostnames
	
2004-04-25  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/store_fd.c (krb5_storage_from_fd): dup the file
	descriptor so we don't have to keep track of it in two places
	
	* kuser/copy_cred_cache.c: krb5_cc_copy_cache_match now lives in
	libkrb5

	* lib/krb5/krb5_{,compare_}creds.3: move krb5_compare_creds to its
	own manpage
	
	* replace krb5_free_creds_contents by krb5_free_cred_contents
	
	* lib/krb5/cache.c: add krb5_cc_next_cred_match() and
	krb5_cc_copy_cred_match()
	
	* lib/krb5/creds.c (krb5_compare_creds): add more matching options
	
	* lib/krb5/krb5.h: add more creds match flags
	
	* kuser/copy_cred_cache: add --valid-for option
	
	* lib/krb5/store.c (krb5_store_creds): set is_skey flag if length
	of second ticket is > 0

2004-04-25  Love Hörnquist Åstrand  <lha@it.su.se>
	
	* lib/krb5/pkinit.c: use the right oid for pkauthdata
	
	* lib/krb5/pkinit.c: always send both win2k compat version and the
	ietf draft one, this is possible since microsoft use
	wrong/diffrent PA number.  Make the configuration flag boolean
	configuring if NOT to send the win2k compat glue.
	
	* lib/krb5/krb5_encrypt.3: document krb5_{de,en}crypt_ivec

	* kuser/copy_cred_cache.1: pacify mdoclint
	
	* kdc/pkinit.c: use IV for envelopeddata encryption, patch
	originally from Luke Howard <lukeh@padl.com>, tweeked by me.
	
	* lib/krb5/krb5_storage.3: document
	KRB5_STORAGE_CREDS_FLAGS_WRONG_BITORDER

	* lib/krb5/krb5_data.3: document that krb5_data_free cleans the
	structure too

	* lib/krb5/pkinit.c: use IV for envelopeddata encryption, patch
	originally from Luke Howard <lukeh@padl.com>, tweeked by me.
	
2004-04-24  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/copy_cred_cache.{c,1}: add cred cache copy tool
	
	* configure.in: use rk_SYS_LARGEFILE
	
	* lib/krb5/{krb5.h,store.c,fcache.c}: Fix the cache flags bitorder
	issue with a storage flag instead of a separate function.
	
2004-04-24  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/pkinit.c: move out the oid check from get_reply_key

	* lib/krb5/pkinit.c: uniquify error messages
	
	* lib/krb5/init_creds_pw.c: make the pkinit nonce same os the
	plain nonce for now

	* lib/krb5/pkinit.c: more w2k compat from Luke Howard
	<lukeh@padl.com> add RC2 support, clean up error messages
	
	* lib/krb5/pkinit.c: remove more dependency on
	krb5_config->pkinit_flags

	* lib/krb5/pkinit.c (_krb5_pk_convert_rep): convert microsoft
	style answer to IETF, From Luke Howard <lukeh@padl.com>
	(_krb5_pk_create_sign): ms handles NULL in param, so always send it
	(_krb5_pk_mk_padata): look for [realms]REALM = { win2k_pkinit = bool }

	* lib/krb5/pkinit.c (_krb5_pk_create_sign): always set the
	digestAlgorithm to sha1 (both for SignerInfo and SignedData, add
	new function _set_digest_alg to set it

2004-04-23  Love Hörnquist Åstrand  <lha@it.su.se>

	* include/make_crypto.c: include rc2.h, and when I'm here, make
	aes mandatory

	* lib/krb5/krb5.h: add ENCTYPE_ARCFOUR_HMAC as compat glue for MIT
	kerberos

	* lib/krb5/crypto.c (krb5_crypto_init): clear return pointer on
	failure

	* lib/krb5/crypto.c (DES3_random_to_key): make it produce the
	right result
	(DES3_postproc): use DES3_random_to_key
	(krb5_random_to_key): check the required number of bits (not the size
	of the key)

	* lib/krb5/aes-test.c: test random to key function

	* lib/krb5/string-to-key-test.c: comment out the "@"/"" test for
	now

2004-04-22  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5_string_to_key.3: document that
	krb5_string_to_key_derived is broken for non 3des enctypes and
	thus deprecated

	* kdc/pkinit.c (generate_dh_keyblock): use the new function
	krb5_random_to_key

	* lib/krb5/crypto.c: add des and DES3 random_to_key hooks, they
	need special processing

	* lib/krb5/crypto.c (krb5_random_to_key): new function
	
	* lib/krb5/krb5_keyblock.3: document krb5_random_to_key
	
2004-04-21  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/pkinit.c: use the first proposed enable enctype
	
	* lib/krb5/context.c (krb5_set_default_in_tkt_etypes): use the
	return from krb5_enctype_valid

	* kdc/pkinit.c: at least try to handle diffrent enveloped enctypes
	
2004-04-21  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/asn1/der_get.c: 1.28.2.16: (der_get_oid): handle all oid
	components being smaller then 127 and allocate one extra element
	since first byte is split to to elements.
	
2004-04-20  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/asn1/k5.asn1: ETYPE_DIGEST_MD5_NONE, ETYPE_CRAM_MD5_NONE:
	private use, lukeh@padl.com

2004-04-19  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/pkinit.c (build_auth_pack): use heim_integer to encode
	DH public key

2004-04-18  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5_init_context.3: add krb5_context to so its added
	as manpage-link too

2004-04-17  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/fcache.c (fcc_remove_cred): simplistic implementation,
	XXX add locking

	* kuser/kdestroy.c: add --credential argument that just remove one
	credential entry out of the cache specified
	
	* kdc/pkinit.c: replace the krb5.conf configuration option that
	describes the mapping between principals and subject names with a
	file, default /var/heimdal/pki-mapping. XXX this should be pushed
	into HDB. XXX should add issuer too
	
	* kdc/config.c: merge certificate/private_key to a user_id
	
2004-04-16  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/kdc_locl.h: update prototype for pk_initialize
	
	* kuser/kinit.c: merge certificate/private_key to a user_id
	
	* kdc/pkinit.c: adapt to heim_integer changes
	
	* lib/krb5/pkinit.c: merge certificate/private_key to a user_id
	
	* kdc/pkinit.c: adapt to heim_integer changes,
	merge certificate/private_key to a user_id
	
2004-04-15  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/pkinit.c: use KRB5_PADATA_PK_AS_REQ_WIN free X509_STORE
	
2004-04-13  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/Makefile.am: define BUILD_KRB5_LIB when building
	libkrb5.la, add KRB5_LIB_FUNCTION proto

	* lib/krb5/add_et_list.c: add KRB5_LIB_FUNCTION
	
	* configure.in: export KRB5_LIB_FUNCTION when building with
	BUILD_KRB5_LIB

	* lib/krb5/ticket.c (krb5_ticket_get_authorization_data_type): add
	error strings

	* lib/krb5/prompter_posix.c (krb5_prompter_posix): if some thing
	is printed on stderr, fflush it

	* lib/krb5/krb5_keyblock.3: free functions also zeros out the key
	
	* lib/krb5/krb5_get_init_creds.3: some text about
	krb5_prompter_posix

	* lib/krb5/krb5.conf.5: document hdb-ldap-structural-object
	
	* lib/krb5/cache.c: add krb5_cc_get_prefix_ops
	
	* lib/krb5/krb5_ccache.3: add krb5_cc_get_prefix_ops
	
2004-04-05  Love Hörnquist Åstrand  <lha@it.su.se>

	* appl/test/http_client.c: support GSS_C_DELEG_FLAG and
	GSS_C_MUTUAL_FLAG

	* appl/test/http_client.c: verbose logging
	
2004-04-02  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/connect.c: case size_t to unsigned long for LP64 platforms
	
2004-04-01  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c (hdb_ldap_create): allow configuration of
	default structural object

	* tools/Makefile.am: handle sed expression breaking
	
2004-03-31  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krbhst.c: also lookup _kpasswd._tcp SRV-rr
	
	* lib/krb5/changepw.c: add tcp support to the set protocol, should
	be cleaned up to enable sharing code with krb5_sendto
	
	* kpasswd/kpasswd.c (change_password): remove extra free
	
	* lib/krb5/krb5_acl_match_file.3: try to pacify mdoc macros on
	osf/1

2004-03-30  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/init_creds_pw.c (pa_data_add_pac_request): don't
	increase md->len, krb5_padata_add already does that
	
	* lib/krb5/init_creds.c: its PAC not PAQ
	
	* kuser/kinit.c: its PAC not PAQ
	
	* kdc/kerberos4.c: stop the client from renewing tickets into the
	future From: Jeffrey Hutzelman <jhutz@cmu.edu>

2004-03-29  Love Hörnquist Åstrand  <lha@it.su.se>

	* configure.in: try to handle sys/strtty.h needing sys/stream.h
	
2004-03-23  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/send_to_kdc.c: remove function krb5_sendto_kdc2, its no
	longer used
	
	* kdc/kerberos5.c: s/krb5_get_host_realm_int/_&/
	
	* lib/krb5/get_host_realm.c: unexport krb5_get_host_realm_int to
	external users by prefixing it with _

	* lib/krb5/get_cred.c: s/krb5_mk_req_internal/_&/
	
	* lib/krb5/mk_req_ext.c: unexport krb5_mk_req_internal to external
	users by prefixing it with _

2004-03-22  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/pkinit.c: add missing }
	
2004-03-21  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/pkinit.c: adapt to change of signature of
	_krb5_pk_load_openssl_id

	* lib/krb5/pkinit.c: (krb5_get_init_creds_opt_set_pkinit): add
	prompter argument and use it

	* kuser/kinit.c: adapt to signature change of
	krb5_get_init_creds_opt_set_pkinit
	
	* lib/krb5/krb5.3: add more stuff, 105 functions to go

	* lib/krb5/krb5_rcache.3: add krb5_get_server_rcache
	
	* lib/krb5/krb5_rcache.3: framework for replay cache manpage
	
	* lib/krb5/krb5_string_to_key.3: document string to key functions
	
	* lib/krb5/Makefile.am: man_MANS += krb5_expand_hostname.3
	krb5_find_padata.3 krb5_generate_random_block.3

	* lib/krb5/krb5_encrypt.3: document krb5_get_wrapped_length
	
	* lib/krb5/krb5.3: add some more, 137 to go
	
	* lib/krb5/krb5_principal.3: document krb5_get_default_principal
	
	* lib/krb5/krb5_keyblock.3: document krb5_generate_subkey
	
	* lib/krb5/krb5_generate_random_block.3: document
	krb5_generate_random_block
	
	* lib/krb5/krb5_find_padata.3: document padata functions
	
	* lib/krb5/krb5.3: add some more, 142 to go
	
	* lib/krb5/krb5_creds.3: drop .Pp before .Sh
	
	* lib/krb5/krb5_set_default_realm.3: document krb5_copy_host_realm
	
	* lib/krb5/krb5_expand_hostname.3: document krb5_expand_hostname
	and krb5_expand_hostname_realms

	* lib/krb5/krb5.3: add more functions, 147 to go
	
	* lib/krb5/krb5_creds.3: document krb5_creds
	
	* lib/krb5/krb5_get_init_creds.3: add more functions, some more
	text

	* lib/krb5/krb5_ticket.3: document
	krb5_ticket_get_authorization_data_type

2004-03-20  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/aes-test.c: remove #if 0'ed code
	
	* lib/krb5/krb5.3: add keyblock functions, 177 functions to go
	
	* lib/krb5/krb5_verify_user.3: add krb5_verify_opt_set_ccache
	
	* lib/krb5/krb5_encrypt.3: document krb5_decrypt_ticket
	
	* lib/krb5/krb5_config.3: document krb5_config_free_strings and
	krb5_config_file_free

	* lib/krb5/krb5_create_checksum.3: add krb5_hmac
	
	* lib/krb5/krb5.3: add keyblock functions, 190 functions to go

	* lib/krb5/krb5_keyblock.3: update .Dd
	
	* lib/krb5/krb5_keyblock.3: document krb5_copy_keyblock and
	krb5_generate_random_keyblock

	* lib/krb5/krb5_init_context.3: add krb5_init_ets
	
	* lib/krb5/krb5_config.3: add more krb5_config_ functions and
	prototypes

	* lib/krb5/krb5_init_context.3: document context modifcation
	functions: address list, config file, use admin kdc, fcc version
	
	* lib/krb5/krb5_storage.3: document krb5_storage and related
	functions

	* lib/krb5/Makefile.am: add acl and krb524_convert_creds_kdc
	manpages and test_acl test program

	* lib/krb5/krb5.3: add error string functions and sort
	
	* lib/krb5/krb5_warn.3: document krb5_abort and error string
	functions

	* lib/krb5/krb5.3: add missing functions, only 285 left to
	document

	* lib/krb5/krb5_crypto_init.3: remove various enctype related
	function

	* lib/krb5/krb5_encrypt.3: add various enctype related function
	here

	* lib/krb5/krb5_create_checksum.3: add krb5_cksumtype_valid
	krb5_cksumtype_valid

	* lib/krb5/crypto.c: real return values for
	krb5_{enctype,cksumtype}_valid

	* lib/krb5/krb5_create_checksum.3: add some functions and
	descriptions

	* lib/krb5/krb5_c_make_checksum.3: move out non krb5_c functions
	
	* lib/krb5/krb5_auth_context.3: document
	krb5_auth_con_generatelocalsubkey

	* lib/krb5/krb5_krbhst_init.3: document krb5_krbhst_init_flags
	
	* lib/krb5/krb5_keytab.3: document krb5_kt_default_modify_name
	
	* lib/krb5/krb5_init_context.3: document krb5_add_et_list
	
	* lib/krb5/krb524_convert_creds_kdc.3: document
	krb524_convert_creds_kdc, krb524_convert_creds_kdc_ccache

	* lib/krb5/krb5_acl_match_file.3: document krb5_acl_match_*
	
	* lib/krb5/test_acl.c: test for generic acl code

	* lib/krb5/acl.c: plug memory leak on file matching, 
	make it not fall over when no non matching acl,
	make fnmatch matching useful by switching arguments
	
2004-03-19  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/config.c: add --builtin-hdb command
	
	* lib/hdb/hdb.c (hdb_list_builtin): return a list of builtin
	backends

	* doc/setup.texi: include Luke Howard of PADL.COM ldap hdb
	documentation

	* doc/win2k.texi: fix bugs in examples, add more restrictions, use
	example.com as an example. From: Pavel Ferdan
	<xferdan@informatics.muni.cz>

2004-03-18  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/krb5.conf.5: add a bunch of Li and document [kadmin]
	password_lifetime; from Henry B. Hotz

2004-03-14  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/mk_rep.c (krb5_mk_rep): if KRB5_AUTH_CONTEXT_USE_SUBKEY
	is set send subkey
	(generate if needed)

	* lib/krb5/krb5.h: add KRB5_AUTH_CONTEXT_USE_SUBKEY
	
2004-03-14  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c: clean up error handling, plug memory leaks,
	and free memory in error path, assume realloc(NULL, ...) works,
	factor out common code, indent

2004-03-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/verify_krb5_conf.c: understand [password_quality]
	spelling
	
	* kuser/kgetcred.1: document --canonicalize
	
	* kuser/kgetcred.c: add --canonicalize
	
2004-03-10  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/fcache.c (fcc_store_cred): NULL terminate
	krb5_config_get_bool_default' arglist
	
2004-03-09  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/kerberos5.c: add missing req argument to pk_mk_pa_reply
	
	* kdc/pkinit.c (pk_mk_pa_reply): add hdb_entry
	
	* kdc/pkinit.c: pass client hdb_entry to pk_check_client
	
	* kdc/kdc_locl.h: pass client hdb_entry to pk_check_client
	
	* kuser/kinit.c: rename ca_dir to pkinit/x509_anchors since its
	more like that language in RFC3280
	
	* lib/krb5/pkinit.c: rename ca_dir to pkinit/x509_anchors since
	its more like that language in RFC3280
	
	* lib/krb5/krb5.conf.5: document
	[libdefaults]fcc-mit-ticketflags=boolean

	* lib/krb5/fcache.c (fcc_store_cred): use
	[libdefaults]fcc-mit-ticketflags=boolean to decide what format to
	write the fcc in. Default to mit version (aka heimdal 0.7)
	
	* lib/krb5/store.c: add _krb5_store_creds_heimdal_0_7 and
	_krb5_store_creds_heimdal_pre_0_7 that store the creds in just
	that format make krb5_store_creds default to mit format
	
	* lib/krb5/store.c (krb5_ret_creds): Runtime detect the what is
	the higher bits of the bitfield
	
2004-03-08  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/store.c (krb5_store_creds): add disabled code that
	store the ticket flags in reverse order
	(bitswap32): new function

	* lib/krb5/store.c (krb5_ret_creds): if the higher ticket flags
	are set, its a mit cache, reverse the bits, bug pointed out by
	Sergio Gelato <Sergio.Gelato@astro.su.se>

2004-03-07  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/hdb-ldap.c: use macro for HDB * -> LDAP *
	
	* kuser/kinit.c: when running kinit with a subprocess, fetch new
	tickets after half the tickets lifetime
	
	* lib/hdb/hdb.c: spelling
	
	* lib/hdb/hdb-ldap.c: Intergrate Heimdal's hdb-ldap and the Samba
	password database.  From: Andrew Bartlett <abartlet@samba.org>

	* kdc/config.c: add --disable-DES
	
	* kdc/kdc.8: document --detach and --disable-DES
	
	* kdc/kerberos5.c: check if enctype is disabled before using it
	
	* lib/krb5/crypto.c: add support for disabling checksum/encryption
	types

	* tools/kdc-log-analyze.pl: add more cases
	
	* kdc/connect.c: on strange tcp error; log local port number and
	socket type
	
	* lib/asn1/der.h: fix prototype of encode_utf8string
	
	* lib/asn1/gen.c: catch CHOICE and generate dummy placeholder
	
	* lib/asn1/lex.l: added dummy parsing of CHOICE
	
	* lib/asn1/parse.y: added dummy parsing of CHOICE
	
	* lib/asn1/k5.asn1: drop SMTP_NAME
	
2004-03-06  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/hdb/Makefile.am: support building ldap backend as module
	sort asn1 hdb files
	
	* lib/hdb/hdb.c: when building ldap as a shared module, don't
	include it in the list

	* configure.in: add --enable-hdb-openldap-module
	
	* lib/hdb/hdb-ldap.c: make ldap possible to build as a shared
	module

	* lib/hdb/mkey.c: add hdb_{,un}seal_key{,_mkey} from Andrew
	Bartlett <abartlet@samba.org>

	* lib/krb5/crypto.c (decrypt_internal_special): do not not modify
	the original data test case from Ronnie Sahlberg
	<ronnie_sahlberg@ozemail.com.au>

2004-03-03  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/test_cc.c: more cc tests, mostly related to mcc
	behavior

	* lib/krb5/mcache.c (mcc_get_principal): also check for
	primary_principal == NULL now that that isn't used as dead flag
	
	* lib/krb5/mcache.c: don't overload the primary_principal == NULL
	as dead since that doesn't always work. Based on patch from
	Jeffrey Hutzelman <jhutz@cmu.edu>, tweeked by me
	
2004-02-22  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
	
	* lib/krb5/pkinit.c: adapt to rename of oid_cmp to heim_oid_cmp
	
	* lib/hdb/db3.c: fix all db >= 4.1 cases
	
	* doc/setup.texi: add text about hostname to realm mapping using
	DNS

2004-02-20  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/pkinit.c: update error codes
	
	* lib/krb5/krb5_err.et: prefix pkinit error codes with KRB5_

	* lib/krb5/pkinit.c: update error codes
	
2004-02-19  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/pkinit.c: indent, use krb5_abortx() instead of abort()
	
	* lib/krb5/init_creds_pw.c (process_pa_data_to_key): spelling
	
	* lib/krb5/store.c: handle memory allocate errors

	* lib/krb5/fcache.c (_krb5_xlock): handle that everything was ok,
	and don't put an error in the error strings then
	
2004-02-13  Love Hörnquist Åstrand  <lha@it.su.se>

	* kdc/pkinit.c: s/heim_big_integer/heim_integer/
	
	* lib/krb5/pkinit.c: s/heim_big_integer/heim_integer/
	
	* kdc/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT errors
	
	* lib/krb5/pkinit.c: adapt to asn1 bignum code, use HEIM_PKINIT
	errors
	
	* lib/krb5/heim_err.et: add HEIM_PKINIT specific errors
	
2004-02-12  Love Hörnquist Åstrand  <lha@it.su.se>

	* configure.in: rename AC_WFLAGS to rk_WFLAGS
	
	* acinclude.m4: use m4_define, over-quote string
	
2004-02-11  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/init_creds_pw.c (change_password): handle that
	printf("%.*s", 0, (void*)NULL); doesn't work on solaris
	
2004-02-10  Love Hörnquist Åstrand  <lha@it.su.se>

	* kpasswd/kpasswd.c (change_password): handle that printf("%.*s",
	0, (void*)NULL); doesn't work on solaris
	
	* lib/krb5/krb5.conf.5: don't use path's in first .Nm, it confuses
	some locate.updatedb, use FILES section to describe where the file
	is instead.

2004-02-07  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/asn1/check-der.c: test for "der_length.c: Fix len_unsigned
	for certain negative integers, it got the length wrong" , from
	Panasas, Inc.

	* lib/asn1/der_length.c: Fix len_unsigned for certain negative
	integers, it got the length wrong, fix from Panasas, Inc.
	
	rename len_int and len_unsigned to _heim_\&
	
	* lib/asn1/der_locl.h: add _heim_len_unsigned, _heim_len_int
	
2004-02-06  Dave Love  <d.love@dl.ac.uk>

	* configure.in: Check for sys/socket.h, net/if.h.  Modify term.h,
	security/pam_appl.h tests.
	
2004-02-03  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/asn1/check-gen.c: test for: (length_type): TSequenceOf: add
	up the size of all the elements, don't use just the size of the
	last element.

	* lib/krb5/aes-test.c: add "next iv" test for aes128, check
	decryption case too

	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
	the next to last block, fix decryption case too
	
	* lib/krb5/aes-test.c: add "next iv" test for aes128
	
	* lib/krb5/crypto.c (_krb5_aes_cts_encrypt): out iv is the iv of
	the next to last block

	* lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
	error
	
	* lib/krb5/mk_rep.c (krb5_mk_rep): abort on internal asn1 encode
	error

	* lib/krb5/get_in_tkt.c (krb5_get_in_cred): abort on internal asn1
	encode error

	* lib/krb5/mk_priv.c (krb5_mk_priv): abort on internal asn1 encode
	error

	* lib/krb5/get_cred.c (make_pa_tgs_req): abort on internal asn1
	encode error

	* lib/krb5/build_auth.c (krb5_build_authenticator): abort on
	internal asn1 encode error

	* lib/krb5/build_ap_req.c (krb5_build_ap_req): abort on internal
	asn1 encode error

2004-01-30  Love Hörnquist Åstrand  <lha@it.su.se>

	* doc/setup.texi: some text about order of [capaths] realms
	
2004-01-25  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/context.c: register WRFILE ops
	
	* lib/krb5/keytab_file.c: add krb5_wrfkt_ops/WRFILE (same as FILE)
	
	* lib/krb5/krb5.h: add krb5_wrfkt_ops
	
	* kpasswd/kpasswdd.c (change): use the right password when
	changing the password

2004-01-21  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/fcache.c (_krb5_xlock): catch EINVAL and assume that it
	means that the filesystem doesn't support locking
	
	* lib/krb5/keytab.c: remove #if 0 out file locking code
	
2004-01-19  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/asn1/gen_length.c (length_type): TSequenceOf: add up the
	size of all the elements, don't use just the size of the last
	element.

2004-01-13  Love Hörnquist Åstrand  <lha@it.su.se>

	* kuser/kinit.c (renew_validate): if renewable_flag and not time
	specifed, use "1 month"

2004-01-08  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/krb5_keyblock.3: add prototypes, describe
	krb5_keyblock_zero

2004-01-05  Love Hörnquist Åstrand  <lha@it.su.se>

	* lib/krb5/get_for_creds.c (add_addrs): don't add same address
	multiple times

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): try to
	handle errors better for previous commit

	* lib/krb5/get_for_creds.c (krb5_get_forwarded_creds): If tickets
	are address-less, forward address-less tickets.
	
	* lib/krb5/get_cred.c: rename get_krbtgt to _krb5_get_krbtgt and
	export it