1 2005-10-13 Ken Raeburn <raeburn@mit.edu>
3 * libkadm5srv.exports: Don't export internal error-table symbols,
4 or osa* symbols that no longer exist in this library.
6 2005-09-27 Tom Yu <tlyu@mit.edu>
8 * svr_iters.c (glob_to_regexp): Increment pointer, not character,
9 when handling backslash quoting. Patch from K.G. Gokulavasan.
11 2005-06-20 Ken Raeburn <raeburn@mit.edu>
14 * Makefile.in (SRCS, OBJS, STLIBOBJS): Remove adb_policy,
15 adb_free, and adb_openclose.
16 * adb_free.c: Deleted.
17 * adb_openclose.c, adb_policy.c: Moved to lib/kdb/kdb_db2.
18 * adb_xdr.c: Include server_internal.h; don't include adb.h.
19 (xdr_osa_policy_ent_rec): Function deleted.
20 (osa_free_princ_ent): Moved here from old adb_free.c.
21 * server_init.c (dup_db_args, free_db_args): New functions.
22 (kadm5_init_with_password, kadm5_init_with_creds,
23 kadm5_init_with_skey): Accept new db_args argument, and pass it to
25 (kadm5_init): Accept new db_args argument. Don't set the database
26 name; instead, set the default realm for the context. Call
27 krb5_db_open instead of krb5_db_init, requesting write access and
28 passing in the database arguments. Don't call adb_policy_init,
29 and don't set deleted field handle->lhandle->policy_db.
30 (kadm5_lock): Don't lock the policy database. Use
31 KRB5_DB_LOCKMODE_EXCLUSIVE flags instead of
32 KRB5_LOCKMODE_EXCLUSIVE.
33 (kadm5_unlock): Don't unlock the policy database.
34 (kadm5_flush): In the error case, use krb5_db_open instead of
35 krb5_db_set_name and krb5_db_init.
36 * server_kdb.c (kdb_init_master): Don't call krb5_db_init. Use
37 KADM5_XDR_FAILURE instead of OSA_ADB_XDR_FAILURE.
38 (kdb_iter_entry): Accept new string argument match_entry; pass it
40 * server_misc.c: Don't include adb.h.
41 (adb_policy_init): Don't call osa_adb_open_policy. If
42 krb5_db_inited is falso on the context, call krb5_db_open.
43 (adb_policy_close): Don't call osa_adb_close_policy; do nothing.
44 * svr_iters.c: Don't include adb.h.
45 (kadm5_get_either): Pass glob pattern ("*" if not specified) to
47 * svr_policy.c: Don't include adb.h.
48 (kadm5_create_policy, kadm5_delete_policy, kadm5_modify_policy,
49 kadm5_get_policy): Call krb5_db_clr_error. Call
50 krb5_db_create_policy etc instead of osa_adb_* versions, passing
51 the krb5 context instead of the policy database handle. For
52 krb5_db_get_policy, treat a returned count of zero as a not-found
54 (kadm5_modify_policy_internal): Don't translate the returned error
55 code from krb5_db_put_policy.
56 * svr_principal.c: Don't include adb.h.
57 (kadm5_copy_principal, kadm5_free_principal): New functions, using
58 krb5_db_alloc and krb5_db_free for storage.
59 (cleanup_key_data): Use krb5_db_free.
60 (kadm5_create_principal_3, kadm5_delete_principal,
61 kadm5_modify_principal, kadm5_rename_principal,
62 kadm5_get_principal, kadm5_chpass_principal_3,
63 kadm5_randkey_principal_3, kadm5_setv4key_principal,
64 kadm5_setkey_principal_3,
66 ): Call krb5_db_clr_error.
67 (kadm5_create_principal_3): Use kadm5_copy_principal instead of
68 krb5_copy_principal. If the KADM5_TL_DATA flag is set, call
69 krb5_dbe_update_tl_data on each element supplied, to augment
70 and/or replace the existing tl data with a copy of the supplied
71 data, instead of splicing the supplied list and the existing list
72 together. Use krb5_db_free_principal instead of
73 krb5_dbe_free_contents.
74 (kadm5_modify_principal): Use krb5_dbe_update_tl_data to merge tl
76 (kadm5_rename_principal): Use kadm5_{copy,free}_principal.
77 (kadm5_chpass_principal_3): Use krb5_db_free_principal instead of
78 krb5_dbe_free_contents.
79 (kadm5_setv4key_principal): Use krb5_db_alloc, not malloc, for key
80 data to be returned. Use an automatic variable for the key data,
81 before copying out to the object so allocated.
82 (kadm5_setkey_principal_3): Likewise.
83 (decrypt_key_data): On error, clear and free any key storage that
84 might've been returned from previous calls
85 krb5_dbekd_decrypt_key_data.
87 2004-12-20 Tom Yu <tlyu@mit.edu>
89 * svr_principal.c (add_to_history): Rewrite somewhat, using
90 temporary variables to make things somewhat more readable. Fix
91 buffer overflow case where the next pointer points into
92 unallocated space but resizing wasn't done, i.e., when someone
93 decreases the policy history count to the exact "right" number.
94 Fix some memory leaks. To avoid losing entries, shift some
95 entries forward after growing the array.
97 2004-08-21 Tom Yu <tlyu@mit.edu>
99 * libkadm5srv.exports: Update for previous renaming.
101 2004-08-20 Alexandra Ellwood <lxs@mit.edu>
103 * server_acl.[ch]: renamed acl_* functions to kadm5int_acl_*
105 2004-06-16 Ken Raeburn <raeburn@mit.edu>
107 * Makefile.in (clean-mac): Target deleted.
109 2004-06-04 Ken Raeburn <raeburn@mit.edu>
111 * Makefile.in (LIBBASE): Renamed from LIB.
113 2004-04-22 Ken Raeburn <raeburn@mit.edu>
115 * libkadm5srv.exports: New file.
117 2003-09-02 Alexandra Ellwood <lxs@mit.edu>
119 * svr_principal.c: Added Apple password server support.
121 2003-06-13 Tom Yu <tlyu@mit.edu>
123 * server_kdb.c (kdb_init_hist): Force history principal's key to
124 be of the same enctype as the master key, as searches for it later
125 on explicitly specify the enctype.
127 2003-04-01 Tom Yu <tlyu@mit.edu>
129 * Makefile.in: Remove $(SHLIB_DBLIB_DEPS) and related variables.
130 (SHLIB_EXPDEPS): Remove $(SHLIB_DBLIB_DEPS).
131 (SHLIB_EXPLIBS): Change $(DB_LIB) to $(KDB5_DB_LIB).
133 2003-01-12 Ezra Peisach <epeisach@bu.edu>
135 * svr_iters.c (kadm5_get_either): For POSIX_REGEXPS
136 (i.e. regcomp), call regfree() to cleanup memory.
138 2003-01-10 Ken Raeburn <raeburn@mit.edu>
140 * Makefile.in: Add AC_SUBST_FILE marker for lib_frag and libobj_frag.
142 2003-01-05 Sam Hartman <hartmans@mit.edu>
144 * server_dict.c: Remove declaration of errno
146 * adb_policy.c: Remove declaration of errno
148 2002-12-16 Ezra Peisach <epeisach@bu.edu>
150 * Makefile.in: Change to allow compilation with-system-db and
153 2002-11-07 Tom Yu <tlyu@mit.edu>
155 * svr_principal.c (kadm5_setkey_principal_3): Apply patch from
156 Emily Ratliff to allow n_ks_tuple to be zero, which is the case if
157 being called from kadmind answering a client's setkey_principal
160 2002-10-15 Ezra Peisach <epeisach@bu.edu>
162 * server_init.c (kadm5_lock, kadm5_unlock): Return KADM5_OK
163 instead of falling off end of function.
165 2002-10-08 Tom Yu <tlyu@mit.edu>
167 * adb_openclose.c (osa_adb_init_db): Reset opencnt.
168 (osa_adb_open_and_lock): Don't open multiple times; merely
169 increment opencnt if already open.
170 (osa_adb_close_and_unlock): Decrement opencnt instead of
171 unconditionaly closing.
173 * server_init.c (kadm5_lock, kadm5_unlock): New functions to
174 support persistent exclusive locks across multiple API calls.
176 2002-08-29 Ken Raeburn <raeburn@mit.edu>
178 * Makefile.in: Revert $(S)=>/ change, for Windows support.
180 2002-08-23 Ken Raeburn <raeburn@mit.edu>
182 * Makefile.in: Change $(S)=>/ and $(U)=>.. globally.
184 2002-07-17 Ken Raeburn <raeburn@mit.edu>
186 * svr_iters.c (struct iter_data): Replace DynObject "matches" with
187 pointer, allocation size, current count, and error flag.
188 (get_either_iter): Grow array if needed, noting failures.
189 (kadm5_get_either): Set up the array before calling the iterator
190 and use their values after.
191 * Makefile.in (SHLIB_EXPDEPS, SHLIB_EXPLIBS): Drop libdyn
194 2002-03-06 Ken Raeburn <raeburn@mit.edu>
196 * Makefile.in (LIBMAJOR): Bump to avoid Heimdal conflict.
198 2002-03-02 Sam Hartman <hartmans@mit.edu>
200 * server_acl.c (acl_find_entry): Patch from sxw@sxw.org.uk:
201 patch to correct handling of ACL targets. Previous patch from
202 Matt Crawford seems to only work for * targets where it ignores
203 the restrictions. This patch seems to work for all the semantics
204 described in MATt's original message, at least as far as I tested.
206 2001-10-22 Tom Yu <tlyu@mit.edu>
208 * svr_principal.c (kadm5_decrypt_key): For now, coerce enctype of
209 output keyblock in case we got a match on a similar enctype.
211 2001-10-16 Mitchell Berger <mitchb@mit.edu>
212 Matt Crawford <crawdad@fnal.gov>
214 * svr_principal.c (add_to_history): If the policy a principal uses has
215 been changed to hold a lesser number of history entries than it did
216 before, extract the correct number and value of old keys from the
217 history array into a newly allocated array of the proper size. Failing
218 to do this made kadmind vulnerable to a crash upon changing such a
219 principal's password. Original patch written by Matt Crawford, with
222 2001-10-09 Ken Raeburn <raeburn@mit.edu>
224 * server_acl.h: Make prototypes unconditional.
226 2001-07-31 Ezra Peisach <epeisach@mit.edu>
228 * svr_principal.c (check_pw_reuse): Change argument for
229 n_pw_hist_data to unsigned to be consistant with calling convention.
231 2001-07-25 Ezra Peisach <epeisach@mit.edu>
233 * adb_xdr.c (xdr_krb5_key_data): Use xdr_krb5_ui_2 instead of
234 xdr_krb5_int16 for key_data_length field.
236 2001-07-06 Ezra Peisach <epeisach@mit.edu>
238 * svr_iters.c: Declare kadm5_get_either static
240 2001-06-20 Mitchell Berger <mitchb@mit.edu>
242 * server_dict.c: Silly typo fixed.
244 2001-06-18 Ezra Peisach <epeisach@mit.edu>
246 * server_misc.c (passwd_check): cast argument to
247 islower()/isupper(), isdigit(), ispunct() to int.
249 * server_acl.c (acl_parse_line): Cast argument to
250 isupper()/isspace() to int.
252 2001-06-08 Ezra Peisach <epeisach@mit.edu>
254 * svr_principal.c (check_pw_reuse): Cleanup assignment in conditional.
256 2001-06-04 Ezra Peisach <epeisach@mit.edu>
258 * svr_principal.c: Cleanup assignments in conditionals.
260 Sun Feb 18 17:40:23 2001 Ezra Peisach <epeisach@mit.edu>
262 * adb_openclose.c, adb_policy.c, server_acl.c, server_dict.c,
263 server_init.c, server_kdb.c, server_misc.c, svr_iters.c,
264 svr_principal.c: Cleanup assignments in conditionals, variables
265 sadowing one another, unused variables and declared some functions
268 2000-10-17 Ezra Peisach <epeisach@mit.edu>
270 * svr_chpass_util.c (kadm5_chpass_principal_util): Change msg_len
273 Tue Oct 10 03:09:27 2000 Ezra Peisach <epeisach@mit.edu>
275 * server_dict.c (init_dict): Change syslog() to krb5_klog_syslog()
276 so that errors go to the intended place as indicated by krb5.conf.
278 2000-06-30 Tom Yu <tlyu@mit.edu>
280 * adb_openclose.c (osa_adb_create_db): Default to btree.
281 (osa_adb_init_db): Set up btinfo as well.
282 (osa_adb_open_and_lock): Try btree, then hash.
284 * Makefile.in (SHLIB_EXPDEPS): Add libdb.
285 (SHLIB_EXPLIBS): Add -ldb.
287 2000-06-23 Nalin Dahyabhai <nalin@redhat.com>
289 * adb_openclose.c (osa_adb_create_db): Open lock files using O_EXCL
290 and fdopen() the descriptor instead of using fopen().
291 * svr_chpass_util.c (kadm5_chpass_principal_util): Adjust for new
292 length parameter in both kadm5_chpass_principal_util() and in
293 _kadm5_chpass_principal_util().
295 2000-05-31 Wilfredo Sanchez <tritan@mit.edu>
297 * adb_free.c, adb_xdr.c, server_dict.c: Check for existance
299 [from Nathan Neulinger <nneul@umr.edu>]
301 2000-03-16 Ken Raeburn <raeburn@mit.edu>
302 Matt Crawford <crawdad@fnal.gov>
304 * server_acl.c: Include kadm5/admin.h.
305 (struct _acl_entry): Add new fields for restrictions.
306 (struct _wildstate): New type.
307 (acl_parse_line): Input is const. Parse and save restrictions.
308 Allow backslash at end of line to indicate continuation.
309 (acl_parse_restrictions, acl_impose_restrictions): New functions.
310 (acl_free_entries): Free up restriction data if any.
311 (acl_load_acl_file): Don't use tmpbuf for catch-all entry.
312 (acl_match_data): Add new arguments for wildcard state.
313 (acl_find_entry): Support wildcard component matching.
314 Reorganized checks for bad ACL entries.
315 (acl_check): Add restrictions parameter.
316 * server_acl.h (struct _restriction): New type.
317 (acl_check): Update prototype.
318 (acl_impose_restrictions): Declare.
320 2000-02-26 Tom Yu <tlyu@mit.edu>
322 * svr_principal.c (kadm5_create_principal_3): Remove keepold
325 * Makefile.in (LIBMAJOR): Bump major number due to call signature
328 2000-02-25 Ken Raeburn <raeburn@mit.edu>
330 * server_acl.c (acl_get_line): Patch from Matt Crawford to permit
331 line continuation by ending a line with a backslash.
333 2000-02-13 Tom Yu <tlyu@mit.edu>
335 * svr_principal.c (kadm5_setkey_principal_3): New function.
337 1999-10-26 Wilfredo Sanchez <tritan@mit.edu>
339 * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
340 LOCAL_INCLUDES such that one can override CFLAGS from the command
341 line without losing CPP search patchs and defines. Some associated
344 1999-09-08 Ken Raeburn <raeburn@mit.edu>
346 * adb_openclose.c (osa_adb_fini_db): Don't fclose the lock file if
347 the lock is permanent, because it's already been done.
349 Mon Dec 7 15:19:11 1998 Ezra Peisach <epeisach@mit.edu>
351 * svr_principal.c (kadm5_randkey_principal_3): Fix typo in
352 arguments to krb5_dbe_crk().
354 1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
356 * Makefile.in: Set the myfulldir and mydir variables (which are
357 relative to buildtop and thisconfigdir, respectively.)
359 Fri Dec 4 23:10:32 1998 Tom Yu <tlyu@mit.edu>
361 * svr_principal.c (kadm5_create_principal): Modify to call
363 (kadm5_create_principal_3): New function including flag to keep
364 old keys and optional explicit keysalt_tuples.
365 (kadm5_chpass_principal): Modify to call chpass_principal_3.
366 (kadm5_chpass_principal_3): New function including flag to keep
367 old keys and optional explicit keysalt_tuples.
368 (kadm5_randkey_principal): Modify to call randkey_principal_3.
369 (kadm5_randkey_principal_3): New function including flag to keep
370 old keys and optional explicit keysalt_tuples.
372 Tue Nov 17 18:20:48 1998 Tom Yu <tlyu@mit.edu>
374 * svr_principal.c (kadm5_create_principal):
375 (kadm5_chpass_principal):
376 (kadm5_randkey_principal): Fix up for new calling conventions of
379 1998-10-27 Marc Horowitz <marc@mit.edu>
381 * server_kdb.c, svr_principal.c: convert to new crypto api
383 Sun Jul 26 18:09:55 1998 Sam Hartman <hartmans@utwig.mesas.com>
385 * Makefile.in (LIBMAJOR): bump libmajor
387 Wed Apr 15 18:06:14 1998 Tom Yu <tlyu@mit.edu>
389 * Makefile.in (SHLIB_EXPDEPS):
390 (SHLIB_EXPLIBS): Rename libcrypto -> libk5crypto.
392 Fri Feb 27 22:33:05 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
394 * Makefile.in: Changed thisconfigdir to point at the lib/kadm5
395 directory, since we've moved all of the configure.in
396 tests to the toplevel lib/kadm5 configure.in.
397 Instead of adding @LIBS@ to the list of libraries which
398 should be linked as shared library dependencies, add
399 @GEN_LIB@ and @AIX_DB_LIB@ which will get expanded if
402 Wed Feb 18 16:15:22 1998 Tom Yu <tlyu@mit.edu>
404 * Makefile.in: Remove trailing slash from thisconfigdir. Fix up
405 BUILDTOP for new conventions.
407 Fri Feb 13 21:30:58 1998 Tom Yu <tlyu@mit.edu>
409 * adb_xdr.c: Update header locations.
411 * Makefile.in (LIBMAJOR): Bump major version to reflect change in
414 Wed Jan 28 16:32:36 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
416 * configure.in, Makefile.in: Remove the CopySrcHeader macro
417 from configure.in and substitute equivalent
418 functionality in Makefile.in
420 Mon Oct 13 10:59:22 1997 Ezra Peisach <epeisach@mit.edu>
422 * server_init.c (kadm5_destroy): Call kadm5_free_config_params.
424 * server_acl.c: Include <ctype.h> for tolower().
425 (acl_load_acl_file): Close acl file, even when acl_catchall_entry is
428 Wed Aug 6 20:22:23 1997 Tom Yu <tlyu@mit.edu>
430 * Makefile.in: Add flags to conditionally compile with Hesiod.
432 * server_misc.c: Add support for checking GECOS field of Hesiod
435 Fri Jul 25 15:37:08 1997 Tom Yu <tlyu@mit.edu>
437 * server_init.c: Change a few calls to align with the new kdb
440 * Makefile.in: Bump version.
442 Tue Jul 1 02:32:49 1997 Tom Yu <tlyu@mit.edu>
444 * server_acl.h: Fix ACL_ALL_MASK to include ACL_SETKEY.
446 * svr_principal.c: Fix setv4key_principal.
448 Sun Jun 29 14:52:51 1997 Tom Yu <tlyu@mit.edu>
450 * svr_principal.c: Add new function kadm5_setv4key_principal.
452 Mon Mar 31 17:40:24 1997 Barry Jaspan <bjaspan@mit.edu>
454 * server_acl.c, server_acl.h, svr_pricipal.c: add support for
457 Sun Mar 9 13:40:33 1997 Tom Yu <tlyu@mit.edu>
459 * svr_principal.c (add_to_history): Don't call realloc() on a NULL
460 pointer, lest non-ANSI compliant systems like SunOS fail.
462 Sat Feb 22 01:34:08 1997 Sam Hartman <hartmans@tertius.mit.edu>
464 * Makefile.in (SHLIB_EXPDEPS): s/.so/$(SHLIBEXT)
466 Wed Jan 15 20:59:11 1997 Tom Yu <tlyu@mit.edu>
469 * configure.in: Update to new library build procedure.
471 Tue Dec 3 15:14:29 1996 Barry Jaspan <bjaspan@mit.edu>
473 * server_acl.c (acl_load_acl_file): log errors via
474 krb5_klog_syslog, not fprintf and com_err [krb5-admin/238]; don't
475 coredump when an acl line is too long; handle catchall_entry ==
478 Fri Nov 22 11:11:34 1996 Sam Hartman <hartmans@mit.edu>
480 * Makefile.in (SHLIB_LIBS): Do not link shared against -ldb [224]
482 Tue Nov 26 03:04:04 1996 Sam Hartman <hartmans@mit.edu>
484 * server_acl.c (acl_load_acl_file): Fix coredump by allowing
485 catchall_entry to be null, but do not reference it if it is.
486 Thanks to marc. [242]
488 Mon Nov 25 17:53:20 1996 Barry Jaspan <bjaspan@mit.edu>
490 * server_acl.c: set acl_catchall_entry to "" instead of NULL,
491 since it is presumed to contain something, but we don't want any
492 default entry [krb5-admin/237]
494 Wed Nov 13 19:20:36 1996 Tom Yu <tlyu@mit.edu>
496 * Makefile.in (clean-unix): Remove shared/*.
498 Mon Nov 11 17:01:00 1996 Barry Jaspan <bjaspan@mit.edu>
500 * svr_principal.c (kadm5_modify_principal): fix memory leak
503 Thu Nov 7 16:42:38 1996 Barry Jaspan <bjaspan@mit.edu>
505 * svr_iters.c (glob_to_regexp): a principal glob with no @
506 defaults to @*, not @LOCAL.REAM [krb5-admin/161]
508 Wed Nov 6 10:45:12 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
510 * server_init.c (kadm5_init): Use a more fined grained error
511 code, KADM5_MISSING_CONF_PARAMS instead of
512 KRB5_CONFIG_BADFORMAT
514 Wed Nov 6 16:22:05 1996 Barry Jaspan <bjaspan@mit.edu>
516 * svr_principal.c (kadm5_modify_principal): don't free the
517 caller's tl_data (oops)
519 Fri Nov 1 13:18:40 1996 Barry Jaspan <bjaspan@mit.edu>
521 * svr_principal.c (kadm5_modify_principal): update for new tl_data
522 semantics [krb5-admin/140]
524 Mon Oct 21 16:28:52 1996 Barry Jaspan <bjaspan@mit.edu>
526 * svr_principal.c (kadm5_modify_principal): fix modify_principal's
527 handling of KADM5_TL_DATA [krb5-admin/20]
529 Fri Oct 18 14:24:12 1996 Barry Jaspan <bjaspan@mit.edu>
531 * svr_misc_free.c, server_dict.c, adb_policy.c, adb_free.c:
532 include stdlib.h instead of malloc.h [krb5-admin/35]
534 * adb_openclose.c (osa_adb_rename_db): create the destination
535 database if necessary before renaming [krb5-admin/58]
537 Thu Oct 17 16:22:07 1996 Barry Jaspan <bjaspan@mit.edu>
539 * svr_principal.c: update for new pw_expiration semantics
542 Tue Oct 8 13:33:48 1996 Barry Jaspan <bjaspan@mit.edu>
544 * adb_policy.c (osa_adb_rename_policy_db): rename
545 osa_adb_rename_policy to *_db
547 * adb_openclose.c, adb_policy.c: implement database renaming;
548 also, only create a db lockfile after the database has been
549 successfully created [krb5-admin/62]
551 Fri Oct 4 08:40:21 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
553 * svr_principal.c (kadm5_get_principal): Do not assume malloc(0)
554 returns non-NULL. [krb5-admin/29]
556 Fri Aug 2 14:07:31 1996 Barry Jaspan <bjaspan@DUN-DUN-NOODLES>
558 * svr_principal.c: remove krb5_free_keyblock_contents (moved to
561 Fri Jul 26 17:48:14 1996 Sam Hartman <hartmans@mit.edu>
563 * svr_principal.c (krb5_copy_key_data_contents): If
564 key_data_length[i] == 0, don't complain if malloc(0) returns 0;
565 this is allowed by ANSI.
567 Thu Jul 25 18:42:47 1996 Sam Hartman <hartmans@mit.edu>
569 * configure.in (LIBS): Link against -ldb under AIX for shared
570 library construction; we should eventually make libdb a shared
573 Wed Jul 24 18:21:28 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
575 * Makefile.in, configure.in: break out server lib into a