x

[metze/heimdal/wip.git] / ChangeLog

2008-03-22  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/get_in_tkt.c: check no server referral, don't use
        stringent length tests since encryption layer does padding for
        us...

        * kdc/kerberos5.c: Match name in ClientCanonicalizedNames with -10

        * lib/krb5/principal.c (_krb5_principal_compare_PrincipalName):
        new function to compare a principal to a PrincipalName.

        * lib/krb5/init_creds_pw.c: Move client referral checking to
        _krb5_extract_ticket().

        * lib/krb5/get_in_tkt.c: More bits for server referral.

        * lib/krb5/get_in_tkt.c: Make working with client referrals.

        * lib/krb5/get_cred.c: Try moving referrals checking into
        _krb5_extract_ticket().

        * lib/krb5/get_in_tkt.c: Try moving referrals checking into
        _krb5_extract_ticket().

2008-03-21  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * kdc/krb5tgs.c: Send SERVER-REFERRAL data in rep.padata instead
        of auth_data in ticket.

2008-03-20  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/init_creds_pw.c: remove lost bits from using
        krb5_principal_set_realm
        
        * kdc/krb5tgs.c: Better referrals support, use canonicalize flag.

        * kdc/hprop.c: use krb5_principal_set_realm

        * lib/krb5/init_creds_pw.c: use krb5_principal_set_realm

        * lib/krb5/verify_user.c: use krb5_principal_set_realm

        * lib/krb5/version-script.map: add krb5_principal_set_realm

        * lib/krb5/principal.c: add krb5_principal_set_realm

        * lib/krb5/get_cred.c: Insecure tgs referrals.

        * lib/krb5/get_cred.c: Dont try key usage KRB5_KU_AP_REQ_AUTH for
        TGS-REQ. This drop compatibility with pre 0.3d KDCs.
        
        * lib/krb5/get_cred.c: catch KRB5_GC_CANONICALIZE.

        * lib/krb5/krb5.h: set KRB5_GC_CANONICALIZE.

        * kuser/kgetcred.c: set KRB5_GC_CANONICALIZE.

        * kuser/kgetcred.c: Add stub --canonicalize implementation.

2008-03-19  Love Hörnquist Åstrand  <lha@it.su.se>

        * doc/setup.texi: Fix sasl-regexp, from Howard Chu.

2008-03-14  Love Hörnquist Åstrand  <lha@it.su.se>

        * kdc/kx509.c: Adapt to hx509_env changes.
        
2008-03-10  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/pkinit.c: Try searchin the key by to use by first
        looking for for PK-INIT EKU, then the Microsoft smart card EKU and
        last, no special EKU at all.

2008-03-09  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/acache.c: Create a new credential cache is ->get_name
        is called, make acc_initialize() reset the existing credential
        cache if needed.

        * lib/krb5/acache.c (acc_get_name): just return the cache_name
        directly instead of trying to resolve it.

2008-02-23  Love Hörnquist Åstrand  <lha@it.su.se>

        * include/Makefile.am (CLEANFILES): add wind.h and wind_err.h and
        sort.

2008-02-11  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/hdb/hdb-ldap.c: Use malloc() instead of static buffer.

        * lib/hdb/hdb-ldap.c: Use ldap_get_values_len, from LaMont Jones
        via Brian May and Debian.

        * doc/Makefile.am: add libwind

2008-02-05  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/test_renew.c: Remove extra ;, From Dennis Davis.

        * lib/krb5/store_emem.c: Make compile on-pre c99 compilers. From
        Dennis Davis.

2008-02-03  Love Hörnquist Åstrand  <lha@it.su.se>

        * tools/heimdal-gssapi.pc.in: Add wind.

        * tools/krb5-config.in: Add wind.

        * lib/krb5/pac.c: Use libwind.

2008-02-01  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/Makefile.am: SUBDIRS: add wind

2008-01-29  Love Hörnquist Åstrand  <lha@it.su.se>

        * doc/programming.texi: See the Kerberos 5 API introduction and
        documentation on the Heimdal webpage.
        
2008-01-27  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5: better error strings for the keytab fetching functions

        * lib/krb5/verify_krb5_conf.c: Catch deprecated entries.

        * lib/krb5/get_cred.c: Remove support
        for [libdefaults]capath (not [libdefaults] capaths though).

2008-01-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * tools/heimdal-gssapi.pc.in: Fix caps of prefix, from Joakim
        Fallsjo.

2008-01-24  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * lib/krb5/fcache.c (fcc_move): more explict why the fcc_move
        failes, handle cross device moves.
        
2008-01-21  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/get_for_creds.c: Use on variable less.

        * lib/krb5/get_for_creds.c: Try to handle ticket full and
        ticketless tickets better. Add doxygen comments while here.

        * lib/krb5/test_forward.c: Used for testing
        krb5_get_forwarded_creds().
        
        * lib/krb5/Makefile.am: noinst_PROGRAMS += test_forward

        * lib/krb5/Makefile.am: drop CHECK_SYMBOLS

        * lib/hdb/Makefile.am: drop CHECK_SYMBOLS

        * kdc/Makefile.am: drop CHECK_SYMBOLS

2008-01-18  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/version-script.map: Add krb5_digest_probe.
        
2008-01-13  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * lib/krb5/pkinit.c: Replace hx509_name_to_der_name with
        hx509_name_binary.

2008-01-12  Love Hörnquist Åstrand  <lha@it.su.se>

        * lib/krb5/Makefile.am: add missing files

        * Happy new year.