summaryrefslogtreecommitdiffstats
path: root/crypto/heimdal/ChangeLog
blob: 8f3f512dfa43492f0aecfbf47bd41ee740c03e3a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
2001-02-05  Assar Westerlund  <assar@assaris.sics.se>

	* Release 0.3e

2001-01-30  Assar Westerlund  <assar@sics.se>

	* kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
	properly
	(kdb_prop): decrypt key properly
	* kdc/hprop.c: handle building with KRB4 always try to decrypt v4
	data with the master key leave it up to the v5 how to encrypt with
	that master key

	* kdc/kstash.c: include file name in error messages
	* kdc/hprop.c: fix a typo and check some more return values
	* lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
	correctly.  From Jacques Vidrine <n@nectar.com>
	* kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
	ENOENT

	* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
	15:0:0
	* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
	* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
	* kdc/misc.c (db_fetch): return an error code.  change callers to
	look at this and try to print it in log messages

	* lib/krb5/crypto.c (decrypt_internal_derived): check that there's
	enough data

2001-01-29  Assar Westerlund  <assar@sics.se>

	* kdc/hprop.c (realm_buf): move it so it becomes properly
	conditional on KRB4

	* lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
	hdb_unseal_keys, hdb_seal_keys): check that we have the correct
	master key and that we manage to decrypt the key properly,
	returning an error code.  fix all callers to check return value.

	* tools/krb5-config.in: use @LIB_des_appl@
	* tools/Makefile.am (krb5-config): add LIB_des_appl
	* configure.in (LIB_des): set correctly
	(LIB_des_appl): add for the use by krb5-config.in

	* lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
	to make sure of not dropping data when doing it over a socket.
	(this might break when used with ordinary files on win32)

	* lib/hdb/hdb_err.et (NO_MKEY): add

	* kdc/kerberos5.c (as_rep): be paranoid and check
	krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>

	* lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
	lib/krb5/krb5_auth_context.3: add new man pages, contributed by
	<lha@stacken.kth.se>

	* use the openssl api for md4/md5/sha and handle openssl/*.h

	* kdc/kaserver.c (do_getticket): check length of ticket.  noted by
 	<lha@stacken.kth.se>

2001-01-28  Assar Westerlund  <assar@sics.se>

	* configure.in: send -R instead of -rpath to libtool to set
	runtime library paths

	* lib/krb5/Makefile.am: remove all dependencies on libkrb

2001-01-27  Assar Westerlund  <assar@sics.se>

	* appl/rcp: add port of bsd rcp changed to use existing rsh,
	contributed by Richard Nyberg <rnyberg@it.su.se>

2001-01-27  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/get_port.c: don't warn if the port name can't be found,
	nobody cares anyway

2001-01-26  Johan Danielsson  <joda@pdc.kth.se>

	* kdc/hprop.c: make it possible to convert a v4 dump file without
	having any v4 libraries; the kdb backend still require them

	* kdc/v4_dump.c: include shadow definition of kdb Principal, so we
	don't have to depend on any v4 libraries

	* kdc/hprop.h: include shadow definition of kdb Principal, so we
	don't have to depend on any v4 libraries

	* lib/hdb/print.c: reduce number of memory allocations

	* lib/hdb/mkey.c: add support for reading krb4 /.k files

2001-01-19  Assar Westerlund  <assar@sics.se>

	* lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
	for realms document capath better

	* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
	at kpasswd_server before admin_server

	* lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
	[libdefaults]capath for better hint of realm to send request to.
	this allows the client to specify `realm routing information' in
	case it cannot be done at the server (which is preferred)

	* lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
	zero when we were expecting a sequence number.  MIT krb5 cannot
	generate a sequence number of zero, instead generating no sequence
	number
	* lib/krb5/rd_safe.c (krb5_rd_safe): dito

2001-01-11  Assar Westerlund  <assar@sics.se>

	* kpasswd/kpasswdd.c: add --port option

2001-01-10  Assar Westerlund  <assar@sics.se>

	* lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
	just before returning

2001-01-09  Assar Westerlund  <assar@sics.se>

	* appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred

2001-01-05  Johan Danielsson  <joda@pdc.kth.se>

	* kuser/kinit.c: call a time `time', and not `seconds'

	* lib/krb5/init_creds.c: not much point in setting the anonymous
	flag here

	* lib/krb5/krb5_appdefault.3: document appdefault_time

2001-01-04  Johan Danielsson  <joda@pdc.kth.se>

	* lib/krb5/verify_user.c: use
	krb5_get_init_creds_opt_set_default_flags

	* kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags

	* lib/krb5/init_creds.c: new function
	krb5_get_init_creds_opt_set_default_flags to set options from
	krb5.conf

	* lib/krb5/rd_cred.c: make this match the MIT function
	
	* lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
	def_val
	(krb5_appdefault_time): new function

2001-01-03  Assar Westerlund  <assar@sics.se>

	* kdc/hpropd.c (main): handle EOF when reading from stdin

OpenPOWER on IntegriCloud