1 Tue Oct 8 13:35:56 1996 Barry Jaspan <bjaspan@mit.edu>
3 * dump.c (load_db): rework the way policy database naming and
4 renaming is handled; the code no longer depends on being able to
5 specify admin_dbname specifically (which is no longer supported by
6 the libraries), uses osa_adb_rename_policy instead of doing it
7 directly, and will create a policy db if one does not already
8 exist. Automated testing is needed. [krb5-admin/62]
10 Thu Oct 3 18:17:36 1996 Barry Jaspan <bjaspan@mit.edu>
12 * kdb5_util.c (ARG_VAL): case second half of ?: operator to char *
13 to fix problem on AIX; this should have worked anyway because of
14 the , operator but it is easy enough to force the solution, too.
17 Tue Sep 10 14:16:40 1996 Tom Yu <tlyu@mit.edu>
19 * kdb5_edit.M: remove extra args from .TH
21 * kdb5_util.M: remove ".so man1/header.doc"
23 Mon Sep 9 11:06:29 1996 Theodore Y. Ts'o <tytso@mit.edu>
25 * loadv4.c: Don't call get_config_params again, since it's not
26 necessary, and breaks the policy database name if it is
29 Wed Sep 4 17:34:58 1996 Theodore Y. Ts'o <tytso@mit.edu>
31 * loadv4.c (load_v4db): Fix argument parsing so that it actually works!
32 Eliminated the -f option, as it is superfluous. Don't
33 create the policy database if using the -t option, since
36 * kdb5_util.c (usage): Fix usage message so that it's correct for
39 Tue Sep 3 22:12:54 1996 Theodore Y. Ts'o <tytso@mit.edu>
41 * Makefile.in (install): Fixed typo: ($PROG) -> $(PROG)
43 Thu Aug 29 11:57:09 1996 Barry Jaspan <bjaspan@mit.edu>
45 * dump.c (dump_db): don't compare apples and iguanas
47 Sat Aug 24 21:14:45 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
49 * loadv4.c, kdb5_stash.c: Removed unused variable rparams.
51 Fri Aug 16 12:00:56 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
53 * configure.in: Link with the GSSAPI library, since it's needed
56 Mon Aug 12 11:41:57 1996 Barry Jaspan <bjaspan@mit.edu>
58 * kdb5_util.c: make mkey_password non-static
60 * kdb5_create.c: use global mkey_password
62 Mon Aug 5 21:24:47 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
64 * kdb5_stash.c (kdb5_stash): Ignore (expected) failure in stashing
65 key when key not already present in returning exit status.
67 Mon Aug 5 14:36:47 1996 Barry Jaspan <bjaspan@DUN-DUN-NOODLES>
69 * all files: reworked for non-ss usage; kdb5_util_ct.ct and
70 ss_wrapper.c are now obsolete
72 Thu Aug 1 14:34:51 1996 Barry Jaspan <bjaspan@DUN-DUN-NOODLES>
74 * dump.c, kadm5_create.c, kdb5_create.c: create policy database
75 and kadm5 principals when loading a databas
77 * loadv4.c: create empty policy database after loading V4 dump file
79 * dumpv4.c (dump_v4db): use global_params.stash_file
81 * Makefile.in, Makefile.ov, configure.in, dump.c: add support for
82 dump/load of OV*Secure-compatible format.
84 Wed Jul 31 14:55:38 1996 Tom Yu <tlyu@mit.edu>
86 * kdb5_stash.c (kdb5_stash): Declare optind.
88 Tue Jul 30 17:51:24 1996 Samuel D Hartman (hartmans@vorlon)
90 * configure.in: Use gssapi library.
92 Sat Jul 27 02:16:01 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
93 * kdb5_create.c (kdb5_create): Ignore (expected) failure in
94 open_db_and_mkey when creating database in returning exit
97 Wed Jul 24 02:57:16 1996 Sam Hartman <hartmans@tertius.mit.edu>
99 * loadv4.cdumpv4.c : Fixes for Athena Kerberos
101 Wed Jul 24 02:47:07 1996 Sam Hartman <hartmans@mit.edu>
103 * configure.in: Check for kdc.h and krb_db.h for Athena Kerberos.
105 Tue Jul 23 17:03:42 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
107 * Makefile.in: add dependency for kdb5_util_ct.o
109 Thu Jul 18 19:22:04 1996 Marc Horowitz <marc@mit.edu>
111 * configure.in: removed SS_RULES
113 Wed Jul 10 19:43:22 1996 Marc Horowitz <marc@mit.edu>
115 * dumpv4.c (configure.in, Makefile.in): make autoconf work after
118 Sun May 12 00:27:44 1996 Marc Horowitz <marc@mit.edu>
120 * loadv4.c (enter_in_v5_db, add_principal), kdb5_edit.c
121 (create_db_entry, modent), dumpv4.c (dump_v4_iterator), dump.c
122 (dump_k5beta_iterator, process_k5beta_record): convert to use new
123 krb5_dbe_* tl_data functions.
125 * cpw.c (enter_pwd_key): krb5_dbe_cpw() takes a kvno now.
127 Tue May 7 23:16:57 1996 Marc Horowitz <marc@mit.edu>
129 * configure.in: USE_KADM_LIBRARY replaced by USE_KADMSRV_LIBRARY
131 Thu Apr 11 19:32:36 1996 Richard Basch <basch@lehman.com>
133 * kdb5_edit.c (extract_v4_srvtab): Use the matching key_data's kvno;
134 don't assume that key_data[0]'s kvno is necessarily the matching
137 Wed Apr 10 19:17:58 1996 Richard Basch <basch@lehman.com>
139 * kdb5_edit.c (extract_v4_srvtab): Translate the principal name to
142 Tue Mar 19 18:00:58 1996 Richard Basch <basch@lehman.com>
144 * kdb5_edit.c (extract_v4_srvtab): do not test to make sure we
145 fetched a key of enctype 1 (des-cbc-crc), since we may have gotten
146 another des key from the database, which is just as useful in a
149 * dumpv4.c (dump_v4_iterator): use krb5_524_conv_principal to do the
150 v5 to v4 principal translation, instead of having yet another
153 Wed Mar 6 16:17:20 1996 Richard Basch <basch@lehman.com>
155 * dumpv4.c: The V4 master key & schedule was never initialized,
156 so the dump created by dump_v4db was garbage. Read the V4
157 master key from /.k or prompt for the V4 master key password.
158 If there is no V4-salt key in the database, but there is a DES
159 key, include it in the V4 dump, in case it is merely a random
160 service key for which there is no associated password.
161 Skip over K/M in the V5 database (use the entered V4 master key).
162 Both krbtgt and afs keys often have domain-qualifed instances.
164 Tue Mar 5 12:18:22 1996 Richard Basch <basch@lehman.com>
166 * dump.c: POSIX locking requires that the file be opened read-write.
168 Mon Feb 26 22:42:09 1996 Mark Eichin <eichin@cygnus.com>
170 * kdb5_edit.c: new command line option -f stashfile.
171 * kdb5_edit.M: document stashfile option.
173 Mon Feb 26 22:13:45 1996 Mark Eichin <eichin@cygnus.com>
175 * dump.c (process_k5beta_record): since V4 salt type has no data
176 either, only set key_data_ver to 1 for data_type 0 with 0-length
177 salt. Also, don't include alternate key if akey has all-zero type
178 and length in both fields.
180 Sat Feb 24 04:02:18 1996 Mark W. Eichin <eichin@cygnus.com>
182 * dump.c (process_k5beta_record): encrypted keys used to have 4
183 byte lengths in MSB order, need to convert to 2 byte LSB order
184 lengths before storing. Handle primary key and alternate key.
186 Fri Feb 23 18:44:10 1996 Mark Eichin <eichin@cygnus.com>
188 * kdb5_edit.c (kdb5_edit_Init): set manual_mkey for testing with -P
190 Wed Feb 14 09:52:18 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
192 * kdb5_edit.c (enter_master_key, set_dbname_help): If master key
193 enctype is unknown, set to DEFAULT_KDC_ENCTYPE.
195 Tue Feb 13 16:08:07 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
197 * kdb5_edit.c (extract_v4_srvtab): krb5_dbekd_decrypt_key_data
198 takes krb5_key_data *, not **.
200 Tue Jan 30 18:28:57 1996 Mark Eichin <eichin@cygnus.com>
202 * dump.c (load_db): dbrenerr_fmt prints "from" first, so pass it
203 to fprintf correctly.
205 Sun Jan 28 14:31:47 1996 Mark Eichin <eichin@cygnus.com>
207 * dump.c (process_k5_record): t2..t9 is only 8 vars, not 9.
209 Thu Jan 25 16:07:42 1996 Sam Hartman <hartmans@tertius.mit.edu>
211 * kdb5_edit.c (extract_srvtab): Extract *all* the keys in a
212 dbentry, not the first one.
213 (extract_v4_srvtab): Attempt to find the right v4 keys.
215 Wed Jan 24 18:48:38 1996 Tom Yu <tlyu@dragons-lair.MIT.EDU>
217 * Makefile.in: Remove spurious @DEFS@
220 Wed Dec 13 03:44:58 1995 Chris Provenzano (proven@mit.edu)
222 * dump.c, dumpv4.c, kdb5_edit.c, loadv4.c :
223 Remove mkvno from krb5_db_entry.
225 Sun Dec 10 11:07:51 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
227 * kdb5_edit.M: Document that modent exists
229 * kdb5_edit.c (modent): Add usage as suggested by jhawk@mit.edu.
231 Thu Nov 09 17:05:57 1995 Chris Provenzano (proven@mit.edu)
233 * kdb5_edit.c : Remove krb5_enctype from krb5_string_to_key() args.
235 Fri Oct 27 13:37:04 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
237 * dump.c (process_k5_record): Fix off by one in malloc.
239 Mon Oct 9 16:35:19 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
241 * kdb5_edit.c (extract_v4_srvtab): Extract a one byte version
242 number for v4 srvtabs (from warlord).
244 Thu Oct 5 10:35:35 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
246 * cpw.c: Declare std_ks_tuple as extern.
247 * kdb5_edit.h: Remove std_ks_tuple declaration as not all sources
248 include adm.h for structures
250 Tue Oct 3 23:10:57 1995 Theodore Y. Ts'o <tytso@dcl>
252 * cpw.c (enter_rnd_key, enter_pwd_key):
253 * kdb5_edit.c (kdb5_edit_Init): Use the kdc.conf file to determine
254 the default list of keysalt tuples to be used. This is
255 stored in std_ks_tuple, and is used by cpw.c for random
256 keys and when a list of keysalts is not specified.
258 Mon Sep 18 03:59:47 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
260 * kdb5_edit.c (show_principal): Show key version and last password
263 * cpw.c: Fix typo in below change in which list was terminated
264 after third entry. (extra } removed)
266 Fri Sep 15 14:21:25 1995 Theodore Y. Ts'o <tytso@dcl>
268 * cpw.c: Add DES_CBC_MD5 and DES_CBC_CRC with the V4 salt as
269 default key/salt tuples to be added. (Once proven's DES_*
270 folding code is implemented, we can shorten this list.)
271 Eventually, this list should be read in from kdc.conf.
273 Thu Sep 7 20:41:24 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
275 * loadv4.c (load_v4db): Provide a dummy routine if krb4
276 compatibility is not compiled in.
278 Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
280 * cpw.c, dump.c, dumpv4.c, kdb5_edit.c, loadv4.c :
281 s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
283 Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
285 * cpw.c, dump.c, dumpv4.c, kdb5_edit.c, loadv4.c : Remove krb5_enctype
286 references, and replace with krb5_keytype where appropriate.
288 Fri Aug 25 17:37:33 EDT 1995 Paul Park (pjpark@mit.edu)
289 * dumpv4.c - Fix handle_keys(). It was trying to recreate work that
290 has already been done.
291 * Makefile.in, .Sanitize, loadv4.c, kdb5_ed_ct.ct - Add lddb4, the
292 command to load a v4 dump file. This is basically, kdb5_
293 convert reconstituted to fit within the framework of kdb5_edit.
295 Thu Aug 24 19:28:39 1995 Theodore Y. Ts'o <tytso@dcl>
297 * .Sanitize: Update file list
299 Mon Aug 21 16:45:39 EDT 1995 Paul Park (pjpark@mit.edu)
300 * dump.c - Completely rework this logic to support old (e.g. Beta 5
301 and previous) dump format and new dump format using the same
302 commands. This is differentiated by using the "-old" command
305 * kdb5_edit.M - Add description of -R and -s. Remove "ascii represen-
306 tation of a decimal number". Remove "Bugs".
308 Fri Aug 18 17:06:06 EDT 1995 Paul Park (pjpark@mit.edu)
310 * ss_wrapper.c - Change sense of fgets() check so scripts work.
313 Tue Aug 15 14:22:50 EDT 1995 Paul Park (pjpark@mit.edu)
315 * kdb5_edit.c, ss_wrapper.c, cpw.c, kdb5_edit.h - Add support for
316 -s scriptfile and fix up assorted gcc -Wall complaints.
319 Mon Aug 7 17:32:31 EDT 1995 Paul Park (pjpark@mit.edu)
320 * cpw.c - Use krb5_string_to_keysalts() to generate a list of unique
321 key/salt pairs supplied in argv.
324 Mon Aug 07 11:16:03 1995 Chris Provenzano (proven@mit.edu)
326 * cpw.c : Uses new kdb change password routines for ank, ark, cpw,
327 and crk. Also remove v4 variants of ank and cpw.
328 * krb5_edit.c : Deleted old variants of rotuines now in cpw.c
329 * kdb5_ed_ct.ct, kdb5_edit.M, tcl_wrapper.c:
330 Removed references to v4 variants of ank and cpw.
331 * kdb5_edit.h (enter_pwd_key()) : Removed proto, it's nolonger
332 necessary as it's a static routine in cpw.c
334 Thu Aug 03 12:13:50 1995 Chris Provenzano (proven@mit.edu)
336 * cpw.c : New change password code for kdb5_edit.
337 * dumpv4.c : Get it to compile with new kdb format.
339 Mon Jul 31 15:47:30 EDT 1995 Paul Park (pjpark@mit.edu)
340 * kdb5_edit.c - Use libkadm string conversion routines. These are
341 shared by all utilities.
342 * Makefile.in - Remove getdate.y.
343 * configure.in - Remove getdate.y dependency checks.
344 * getdate.y - Sayonara.
347 Thu Jul 27 15:01:01 EDT 1995 Paul Park (pjpark@mit.edu)
348 * configure.in - Add --with-dbm and check for already checking for dbm.
351 Thu Jul 27 02:59:05 1995 Chris Provenzano (proven@mit.edu)
353 * dump.c kdb5_edit.c kdb5_edit.h util.c : Use new kdb format.
355 Mon Jul 17 15:00:08 EDT 1995 Paul Park (pjpark@mit.edu)
356 * configure.in - Add KADM library.
357 * dumpv4.c - Change calling sequence to krb5_db_fetch_mkey().
358 * kdb5_edit.c - Change calling sequence to krb5_db_fetch_mkey() which
359 uses the stash file. Add KDC profile reading/handling as a
360 supplement to command line supplied arguments.
363 Wed Jul 12 12:01:04 EDT 1995 Paul Park (pjpark@mit.edu)
364 * configure.in - Temporarily add --with-kdb4 option. Default is without
365 kdb4. Without kdb4 enables a define. With kdb4 uses -lkdb4 and
367 * dumpv4.c - Conditionalize references to kdb4 routines with
368 KDB4_DISABLE. Replace two required routines:
369 kdb_encrypt_key -> pcbc_encrypt
370 kdb_get_master_key -> des_read_password/printf/key_sched
373 Fri Jul 7 15:38:00 EDT 1995 Paul Park (pjpark@mit.edu)
374 * Makefile.in - Remove all explicit library handling and LDFLAGS.
375 * configure.in - Add USE_<mumble> and KRB5_LIBRARIES.
378 Thu Jun 15 15:34:59 EDT 1995 Paul Park (pjpark@mit.edu)
379 * Makefile.in - Change explicit library names to -l<lib> form, and
380 change target link line to use $(LD) and associated flags.
381 Also, for K4, use KRB4_LIB and KRB4_CRYPTO_LIB, these wer
383 * configure.in - Add shared library usage check.
385 Fri Jun 9 18:14:43 1995 <tytso@rsx-11.mit.edu>
387 * configure.in: Remove standardized set of autoconf macros, which
388 are now handled by CONFIG_RULES.
390 * dumpv4.c: Change name of controlling #ifdef to be
391 KRB5_KRB4_COMPAT instead of KRB4.
393 Sun May 21 14:20:32 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
395 * dumpv4.c: Include k5-int.h before krb.h so that PROTOTYPE is not
398 Sun May 7 13:46:30 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
400 * configure.in: Add AC_HEADER_STDC to define STDC_HEADERS for
403 Mon May 1 13:36:41 1995 Theodore Y. Ts'o (tytso@dcl)
405 * kdb5_edit.c (kdb5_edit_Init): Check the return code from
408 Fri Apr 28 18:04:26 1995 Mark Eichin <eichin@cygnus.com>
410 * Makefile.in (LOCAL_LIBRARIES): put KRB4_LIB inside KLIB, and put
411 KDB4_LIB ahead of them both.
413 Thu Apr 27 13:47:23 1995 Mark Eichin <eichin@cygnus.com>
415 * Makefile.in (LOCAL_LIBRARIES): use KRB4_LIB and KDB4_LIB
417 * configure.in: just use WITH_KRB4.
419 Wed Apr 19 13:59:47 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
421 * kdb5_edit.c (kdb5_edit_Init): If a default realm is specified
422 (with -r), use krb5_set_default_realm so that created keys
423 will have the correct realm.
425 Thu Mar 23 23:28:26 1995 Theodore Y. Ts'o <tytso@dcl>
427 * kdb5_edit.c (show_principal, parse_princ_args): Add
428 "support_desmd5" flag.
430 Tue Mar 14 16:29:05 1995 <tytso@rsx-11.mit.edu>
432 * ss_wrapper.c (main): Set the return code from ss_execute_line(),
433 so that appropriate error checking is done.
435 Thu Mar 2 12:18:57 1995 Theodore Y. Ts'o <tytso@dcl>
437 * Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
439 Wed Mar 1 11:53:02 1995 Theodore Y. Ts'o <tytso@dcl>
441 * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket
442 and -lnsl with WITH_NETLIB check.
444 Tue Feb 28 02:06:26 1995 John Gilmore (gnu at toad.com)
446 * dump.c, dumpv4.c, kdb5_edit.c, ss_wrapper.c, tcl_wrapper.c,
447 util.c: Avoid <krb5/...> includes.
449 Thu Feb 23 19:52:35 1995 Mark Eichin (eichin@cygnus.com)
451 * kdb5_edit.c: add struct timeb and sys/timeb includes from
453 (ftime): new function, in case we don't HAVE_FTIME.
455 Tue Feb 14 17:55:47 1995 Tom Yu (tlyu@dragons-lair)
457 * kdb5_edit.c: add modent
458 * getdate.y: import get_date
459 * kdbt_ed_ct.ct: add modent
461 * Makefile.in: support for getdate.y
463 Wed Feb 8 20:08:36 1995 Tom Yu (tlyu@dragons-lair)
465 * kdb5_edit.c (show_principal): make sane and print all useful
468 Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu)
470 * Removed all narrow types and references to wide.h and narrow.h
472 Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
474 * Added krb5_context to all krb5_routines
476 Mon Dec 19 18:04:11 1994 Theodore Y. Ts'o (tytso@dcl)
480 * dumpv4.c (dump_v4db): Do the right thing if we are compiling
481 without V4 support. (The dump_v4db command is disabled.)
483 Wed Dec 7 00:07:46 1994 <tytso@rsx-11.mit.edu>
485 * dumpv4.c (v4_print_time): gmtime expects a pointer to a time_t,
486 not a long. On most systems these are the same, on
489 Wed Nov 16 01:03:42 1994 Mark Eichin (eichin@cygnus.com)
491 * dumpv4.c: new file. New command dump_v4db which creates a v4
492 slave dump out of a v5 database, leaving out any keys which aren't
493 using v4 salt, and any keys that aren't for the current
494 realm. Reencrypts using v4 master key, synthesizes arbitrary
495 master key version number.
496 * configure.in: use WITH_KRB4 for dump support.
497 * kdb5_ed_ct.ct: add new dump_v4 command.
498 * Makefile.in: link in dumpv4.
500 Fri Oct 14 23:31:49 1994 Theodore Y. Ts'o (tytso@dcl)
502 * dump.c (load_db): When scanning a database entry, read
503 fail_auth_count into a temporary integer variable, and
504 then copy that into entry.fail_auth_count, which is a
507 Fri Oct 7 00:01:40 1994 Theodore Y. Ts'o (tytso@dcl)
509 * kdb5_edit.c (kdb5_edit_Init): Don't let errors in
510 set_dbname_help initially cause the exit status to be set.
511 Commands like load_db don't need a valid database to be
514 * ss_wrapper.c (main): Clear code before ss_execute_line, since
515 ss_execute_line doesn't set code to 0 if there are no
518 * kdb5_edit.c (kdb5_edit_Init): Add a new option so that the
519 master key password can be entered on the command line ---
520 for testing only; not documented!!
522 Mon Oct 3 19:10:47 1994 Theodore Y. Ts'o (tytso@dcl)
524 * Makefile.in: Use $(srcdir) to find manual page for make install.
526 Thu Sep 29 15:52:22 1994 Theodore Y. Ts'o (tytso@dcl)
528 * dump.c (update_ok_file): Make sure mod time on the dump_ok file
529 is updated. (Some systems don't update the mod-time when
530 a file is opened for writing.)
532 * Makefile.in: Relink executable when libraries change.
534 * kdb5_edit.c (show_principal): Pass variable with correct type to
537 * tcl_wrapper.c (doquit):
540 dump.c: Exit with a non-zero exit status if there was an error
541 in a executed command.
543 Thu Sep 15 11:00:30 1994 Theodore Y. Ts'o (tytso@dcl)
545 * dump.c (load_db): Fix error string on failed fopen. ("for
546 writing" -> "for reading")