158 lines
5.1 KiB
Plaintext
158 lines
5.1 KiB
Plaintext
2001-02-05 Assar Westerlund <assar@assaris.sics.se>
|
|
|
|
* Release 0.3e
|
|
|
|
2001-01-30 Assar Westerlund <assar@sics.se>
|
|
|
|
* kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
|
|
properly
|
|
(kdb_prop): decrypt key properly
|
|
* kdc/hprop.c: handle building with KRB4 always try to decrypt v4
|
|
data with the master key leave it up to the v5 how to encrypt with
|
|
that master key
|
|
|
|
* kdc/kstash.c: include file name in error messages
|
|
* kdc/hprop.c: fix a typo and check some more return values
|
|
* lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
|
|
correctly. From Jacques Vidrine <n@nectar.com>
|
|
* kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
|
|
ENOENT
|
|
|
|
* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
|
|
15:0:0
|
|
* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
|
|
* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
|
|
* kdc/misc.c (db_fetch): return an error code. change callers to
|
|
look at this and try to print it in log messages
|
|
|
|
* lib/krb5/crypto.c (decrypt_internal_derived): check that there's
|
|
enough data
|
|
|
|
2001-01-29 Assar Westerlund <assar@sics.se>
|
|
|
|
* kdc/hprop.c (realm_buf): move it so it becomes properly
|
|
conditional on KRB4
|
|
|
|
* lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
|
|
hdb_unseal_keys, hdb_seal_keys): check that we have the correct
|
|
master key and that we manage to decrypt the key properly,
|
|
returning an error code. fix all callers to check return value.
|
|
|
|
* tools/krb5-config.in: use @LIB_des_appl@
|
|
* tools/Makefile.am (krb5-config): add LIB_des_appl
|
|
* configure.in (LIB_des): set correctly
|
|
(LIB_des_appl): add for the use by krb5-config.in
|
|
|
|
* lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
|
|
to make sure of not dropping data when doing it over a socket.
|
|
(this might break when used with ordinary files on win32)
|
|
|
|
* lib/hdb/hdb_err.et (NO_MKEY): add
|
|
|
|
* kdc/kerberos5.c (as_rep): be paranoid and check
|
|
krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>
|
|
|
|
* lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
|
|
lib/krb5/krb5_auth_context.3: add new man pages, contributed by
|
|
<lha@stacken.kth.se>
|
|
|
|
* use the openssl api for md4/md5/sha and handle openssl/*.h
|
|
|
|
* kdc/kaserver.c (do_getticket): check length of ticket. noted by
|
|
<lha@stacken.kth.se>
|
|
|
|
2001-01-28 Assar Westerlund <assar@sics.se>
|
|
|
|
* configure.in: send -R instead of -rpath to libtool to set
|
|
runtime library paths
|
|
|
|
* lib/krb5/Makefile.am: remove all dependencies on libkrb
|
|
|
|
2001-01-27 Assar Westerlund <assar@sics.se>
|
|
|
|
* appl/rcp: add port of bsd rcp changed to use existing rsh,
|
|
contributed by Richard Nyberg <rnyberg@it.su.se>
|
|
|
|
2001-01-27 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/get_port.c: don't warn if the port name can't be found,
|
|
nobody cares anyway
|
|
|
|
2001-01-26 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kdc/hprop.c: make it possible to convert a v4 dump file without
|
|
having any v4 libraries; the kdb backend still require them
|
|
|
|
* kdc/v4_dump.c: include shadow definition of kdb Principal, so we
|
|
don't have to depend on any v4 libraries
|
|
|
|
* kdc/hprop.h: include shadow definition of kdb Principal, so we
|
|
don't have to depend on any v4 libraries
|
|
|
|
* lib/hdb/print.c: reduce number of memory allocations
|
|
|
|
* lib/hdb/mkey.c: add support for reading krb4 /.k files
|
|
|
|
2001-01-19 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
|
|
for realms document capath better
|
|
|
|
* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
|
|
at kpasswd_server before admin_server
|
|
|
|
* lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
|
|
[libdefaults]capath for better hint of realm to send request to.
|
|
this allows the client to specify `realm routing information' in
|
|
case it cannot be done at the server (which is preferred)
|
|
|
|
* lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
|
|
zero when we were expecting a sequence number. MIT krb5 cannot
|
|
generate a sequence number of zero, instead generating no sequence
|
|
number
|
|
* lib/krb5/rd_safe.c (krb5_rd_safe): dito
|
|
|
|
2001-01-11 Assar Westerlund <assar@sics.se>
|
|
|
|
* kpasswd/kpasswdd.c: add --port option
|
|
|
|
2001-01-10 Assar Westerlund <assar@sics.se>
|
|
|
|
* lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
|
|
just before returning
|
|
|
|
2001-01-09 Assar Westerlund <assar@sics.se>
|
|
|
|
* appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
|
|
|
|
2001-01-05 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* kuser/kinit.c: call a time `time', and not `seconds'
|
|
|
|
* lib/krb5/init_creds.c: not much point in setting the anonymous
|
|
flag here
|
|
|
|
* lib/krb5/krb5_appdefault.3: document appdefault_time
|
|
|
|
2001-01-04 Johan Danielsson <joda@pdc.kth.se>
|
|
|
|
* lib/krb5/verify_user.c: use
|
|
krb5_get_init_creds_opt_set_default_flags
|
|
|
|
* kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
|
|
|
|
* lib/krb5/init_creds.c: new function
|
|
krb5_get_init_creds_opt_set_default_flags to set options from
|
|
krb5.conf
|
|
|
|
* lib/krb5/rd_cred.c: make this match the MIT function
|
|
|
|
* lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
|
|
def_val
|
|
(krb5_appdefault_time): new function
|
|
|
|
2001-01-03 Assar Westerlund <assar@sics.se>
|
|
|
|
* kdc/hpropd.c (main): handle EOF when reading from stdin
|
|
|