1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
2001-02-05 Assar Westerlund <assar@assaris.sics.se>
* Release 0.3e
2001-01-30 Assar Westerlund <assar@sics.se>
* kdc/hprop.c (v4_get_masterkey): check kdb_verify_master_key
properly
(kdb_prop): decrypt key properly
* kdc/hprop.c: handle building with KRB4 always try to decrypt v4
data with the master key leave it up to the v5 how to encrypt with
that master key
* kdc/kstash.c: include file name in error messages
* kdc/hprop.c: fix a typo and check some more return values
* lib/hdb/hdb-ldap.c (LDAP__lookup_princ): call ldap_search_s
correctly. From Jacques Vidrine <n@nectar.com>
* kdc/misc.c (db_fetch): HDB_ERR_NOENTRY makes more sense than
ENOENT
* lib/krb5/Makefile.am (libkrb5_la_LDFLAGS): bump version to
15:0:0
* lib/hdb/Makefile.am (libhdb_la_LDFLAGS): bump version to 7:0:0
* lib/asn1/Makefile.am (libasn1_la_LDFLAGS): bump version to 4:0:2
* kdc/misc.c (db_fetch): return an error code. change callers to
look at this and try to print it in log messages
* lib/krb5/crypto.c (decrypt_internal_derived): check that there's
enough data
2001-01-29 Assar Westerlund <assar@sics.se>
* kdc/hprop.c (realm_buf): move it so it becomes properly
conditional on KRB4
* lib/hdb/mkey.c (hdb_unseal_keys_mkey, hdb_seal_keys_mkey,
hdb_unseal_keys, hdb_seal_keys): check that we have the correct
master key and that we manage to decrypt the key properly,
returning an error code. fix all callers to check return value.
* tools/krb5-config.in: use @LIB_des_appl@
* tools/Makefile.am (krb5-config): add LIB_des_appl
* configure.in (LIB_des): set correctly
(LIB_des_appl): add for the use by krb5-config.in
* lib/krb5/store_fd.c (fd_fetch, fd_store): use net_{read,write}
to make sure of not dropping data when doing it over a socket.
(this might break when used with ordinary files on win32)
* lib/hdb/hdb_err.et (NO_MKEY): add
* kdc/kerberos5.c (as_rep): be paranoid and check
krb5_enctype_to_string for failure, noted by <lha@stacken.kth.se>
* lib/krb5/krb5_init_context.3, lib/krb5/krb5_context.3,
lib/krb5/krb5_auth_context.3: add new man pages, contributed by
<lha@stacken.kth.se>
* use the openssl api for md4/md5/sha and handle openssl/*.h
* kdc/kaserver.c (do_getticket): check length of ticket. noted by
<lha@stacken.kth.se>
2001-01-28 Assar Westerlund <assar@sics.se>
* configure.in: send -R instead of -rpath to libtool to set
runtime library paths
* lib/krb5/Makefile.am: remove all dependencies on libkrb
2001-01-27 Assar Westerlund <assar@sics.se>
* appl/rcp: add port of bsd rcp changed to use existing rsh,
contributed by Richard Nyberg <rnyberg@it.su.se>
2001-01-27 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/get_port.c: don't warn if the port name can't be found,
nobody cares anyway
2001-01-26 Johan Danielsson <joda@pdc.kth.se>
* kdc/hprop.c: make it possible to convert a v4 dump file without
having any v4 libraries; the kdb backend still require them
* kdc/v4_dump.c: include shadow definition of kdb Principal, so we
don't have to depend on any v4 libraries
* kdc/hprop.h: include shadow definition of kdb Principal, so we
don't have to depend on any v4 libraries
* lib/hdb/print.c: reduce number of memory allocations
* lib/hdb/mkey.c: add support for reading krb4 /.k files
2001-01-19 Assar Westerlund <assar@sics.se>
* lib/krb5/krb5.conf.5: document admin_server and kpasswd_server
for realms document capath better
* lib/krb5/krbhst.c (krb5_get_krb_changepw_hst): preferably look
at kpasswd_server before admin_server
* lib/krb5/get_cred.c (get_cred_from_kdc_flags): look in
[libdefaults]capath for better hint of realm to send request to.
this allows the client to specify `realm routing information' in
case it cannot be done at the server (which is preferred)
* lib/krb5/rd_priv.c (krb5_rd_priv): handle no sequence number as
zero when we were expecting a sequence number. MIT krb5 cannot
generate a sequence number of zero, instead generating no sequence
number
* lib/krb5/rd_safe.c (krb5_rd_safe): dito
2001-01-11 Assar Westerlund <assar@sics.se>
* kpasswd/kpasswdd.c: add --port option
2001-01-10 Assar Westerlund <assar@sics.se>
* lib/krb5/appdefault.c (krb5_appdefault_string): fix condition
just before returning
2001-01-09 Assar Westerlund <assar@sics.se>
* appl/kf/kfd.c (proto): use krb5_rd_cred2 instead of krb5_rd_cred
2001-01-05 Johan Danielsson <joda@pdc.kth.se>
* kuser/kinit.c: call a time `time', and not `seconds'
* lib/krb5/init_creds.c: not much point in setting the anonymous
flag here
* lib/krb5/krb5_appdefault.3: document appdefault_time
2001-01-04 Johan Danielsson <joda@pdc.kth.se>
* lib/krb5/verify_user.c: use
krb5_get_init_creds_opt_set_default_flags
* kuser/kinit.c: use krb5_get_init_creds_opt_set_default_flags
* lib/krb5/init_creds.c: new function
krb5_get_init_creds_opt_set_default_flags to set options from
krb5.conf
* lib/krb5/rd_cred.c: make this match the MIT function
* lib/krb5/appdefault.c (krb5_appdefault_string): handle NULL
def_val
(krb5_appdefault_time): new function
2001-01-03 Assar Westerlund <assar@sics.se>
* kdc/hpropd.c (main): handle EOF when reading from stdin
|