2003-02-08 Tom Yu <tlyu@mit.edu> * admin_server.c (kadm_listen): Zero sa_flags to avoid wonkiness. 2003-01-09 Ken Raeburn <raeburn@mit.edu> * admin_server.c (kadm_listen): Use socklen_t when passing address to socket functions. 2003-01-07 Ken Raeburn <raeburn@mit.edu> * Makefile.ov: Deleted. 2003-01-05 Sam Hartman <hartmans@mit.edu> * admin_server.c (kadm_listen): Remove declaration of errno * acl_files.c: Remove declaration of errno 2002-11-26 Tom Yu <tlyu@mit.edu> * Makefile.in (OBJS): Remove kadm_stream.o and kadm_err.o. Also, remove references to kadm_err.et. * kadm_err.et: Remove. It lives in lib/krb4 now. * kadm_server.h: Remove some prototypes that were moved to kadm.h. * kadm_stream.c: Remove. It lives in lib/krb4 now. 2002-11-01 Tom Yu <tlyu@mit.edu> * kadm_ser_wrap.c (kadm_ser_in): Apply fix for MITKRB5-SA-2002-002 buffer overflow. 2002-08-29 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Revert $(S)=>/ change, for Windows support. 2002-08-23 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Change $(S)=>/ and $(U)=>.. globally. 2002-08-13 Tom Yu <tlyu@mit.edu> * acl_files.c (canon;): Properly handle appending of the local realm, which was botched due to a buffer-overflow patch. 2001-11-19 Ezra Peisach <epeisach@mit.edu> * kadm_server.h: Update prototype for convert_kadm5_to_kadm. * admin_server.c (process_client): Do not assign negative value to unsigned variable. (convert_kadm5_to_kadm): Return krb5_int32 instead of krb5_ui_4 to be compatible with error codes. 2001-07-09 Ezra Peisach <epeisach@mit.edu> * admin_server.c: Provide prototype for do_child and declare static. 2001-07-01 Ezra Peisach <epeisach@mit.edu> * kadm_server.h: Add prototypes for missing acl_ functions. * admin_server.c, kadm_func.c: Declare functions static that are local to file. * acl_files.c: Include kadm_server.h for prototypes. Flush out static prototype for acl_abort. * kadm_supp.c: Include kadm_server.h for prototypes. 2001-06-21 Ezra Peisach <epeisach@mit.edu> * kadm_supp.c (prin_vals): Pass time_t * to localtime instead of long *. 2001-06-18 Ezra Peisach <epeisach@mit.edu> * kadm_funcs.c: Cast argument to isalnum()/isdigit() to int. * acl_files.c (nuke_whitespace): Cast argument to isspace() to int. 2001-06-11 Ezra Peisach <epeisach@rna.mit.edu> * kadm_supp.c: Include string.h for strncpy() prototype. 2001-06-08 Ezra Peisach <epeisach@mit.edu> * kadm_ser_wrap.c: Argument to quad_cksum is C_Block * - not C_Block. (kadm_ser_init): Declare as returning int. 2001-06-07 Ezra Peisach <epeisach@mit.edu> * acl_files.c, admin_server.c, kadm_funcs.c, kadm_ser_wrap.c: Explicitly declare function return types and cleanup assignments in conditionals. * kadm_server.c: Include kadm_server.h and cleanup assignments in conditionals. * kadm_server.h: Include kadm5/admin.h, kadm.h, krb_db.h for structure defintions so that many prototypes may be added to this file. * kadm_stream.c: Include kadm_server.h for prototypes. Explicitly declare functions as ints. (stream_to_vals) Assumption made that pointer to long the same size as krb5_ui_4 fixed. * kadm_supp.c: Include sys/param.h early so that MAXHOSTNAMELEN is not defined by kadm.h and later redefined. In prin_vals(), key_high and key_low elements of the Kadm_vals structure are longs - use an appropriate format to printf. 2001-06-04 Ezra Peisach <epeisach@rna.mit.edu> * kadm_ser_wrap.c, kadm_server.c: Cleanup assignments in conditionals. 2000-10-23 Tom Yu <tlyu@mit.edu> * kadm_ser_wrap.c (kadm_ser_in): Update call to mk_priv(). 2000-10-10 Tom Yu <tlyu@mit.edu> * kadm_funcs.c: Call life_to_time() and time_to_life() as appropriate. 2000-07-03 Ezra Peisach <epeisach@mit.edu> * Makefile.in: kadmin4d depends on the kdb5 lib. 2000-05-23 Ken Raeburn <raeburn@mit.edu> * admin_server.c (main, case 'r'): Reject realm name that's too long. * acl_files.c (acl_load): Return error if name too long. * kadm_err.et (KADM_REALM_TOO_LONG): New error code. * kadm_ser_wrap.c (kadm_ser_init): Return it instead of truncating a too-long realm name. 2000-05-23 Nalin Dahyabhai <nalin@redhat.com> * acl_files.c (acl_canonicalize_principal): If the principal name would be too long, return a zero-length string to mark it as invalid. (acl_load): Don't add the principal to the hash if it's invalid. (acl_add): Don't check the principal if it's invalid. (acl_delete): Don't try to delete the principal if it's invalid. * kadm_ser_wrap.c (kadm_ser_init): Truncate "server_parm.krbrlm" if "realm" is too long. 2000-05-23 Tom Yu <tlyu@mit.edu> * kadm_server.c (kadm_ser_cpw): Add new arg to call to chpass_principal_util(). 1999-10-26 Wilfredo Sanchez <tritan@mit.edu> * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, LOCAL_INCLUDES such that one can override CFLAGS from the command line without losing CPP search patchs and defines. Some associated Makefile cleanup. Tue Jan 12 18:26:48 1999 Tom Yu <tlyu@mit.edu> * Makefile.in (CFLAGS): PW_CHECK functionality now in DEFS. 1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Set the myfulldir and mydir variables (which are relative to buildtop and thisconfigdir, respectively.) 1998-10-27 Marc Horowitz <marc@mit.edu> * admin_server.c, kadm_funcs.c, kadm_ser_wrap.c, kadm_server.h: convert to new crypto api Fri Jul 31 18:17:16 1998 Tom Yu <tlyu@mit.edu> * kadm_ser_wrap.c (kadm_ser_init): Remove references to master_encblock, as it's no longer needed in the new crypto API, adjusting kdb calls accordingly. Also punt calls to use_enctype, process_key, etc. * admin_server.c (clear_secrets): Remove references to master_encblock, due to new crypto API. Mon Jul 20 11:20:32 1998 Ezra Peisach <epeisach@mit.edu> * acl_files.c: Include stdlib.h if present. Thu Jul 9 21:52:41 1998 Tom Yu <tlyu@mit.edu> * kadm_server.c (kadm_ser_cpw): Re-enable "old-style" password changing. Yes, it's potentially a problem due to lack of quality checking, but we'll live with that because we can use key-hash-based checks too. Wed Jul 8 01:32:52 1998 Theodore Y. Ts'o <tytso@mit.edu> * kadm_ser_wrap.c (kadm_ser_init): Use krb5_425_conv_principal instead of krb5_build_principal to create the changepw sprinc principal. Fri Jul 3 18:17:48 1998 Theodore Y. Ts'o <tytso@mit.edu> * Makefile.in (build_pwfile): Add rule to build the build_pwfile program. * kadm_server.c (kadm_ser_cpw): Put the call to the kadm_approve_pw in the common code, so it's executed even if KADM5 is defined. Add appropriate syslogs to the change password processing. * kadm_funcs.c (pwstring;): If NDBM_PW_CHECK is defined, then do the NDBM-based dictionary check. Build kadmind4 using the make option PW_CHECK=-DNDBM_PW_CHECK if this feature is desired. 1998-05-08 Theodore Ts'o <tytso@rsts-11.mit.edu> * kadm_server.c (krb_log): Print the year using 4 digit to avoid Y2K issues. 1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu> * admin_server.c (argv): POSIX states that getopt returns -1 when it is done parsing options, not EOF. Fri Feb 27 23:32:38 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Changed thisconfigdir to point at the kadmin directory, since we've moved all of the configure.in tests to the toplevel kadmin configure.in Wed Feb 18 16:00:59 1998 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove trailing slash from thisconfigdir. Fix up BUILDTOP for new conventions. Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile Thu Oct 23 13:07:01 1997 Ezra Peisach <epeisach@mit.edu> * kadm_server.h: Declare kadm_context as extern so it will not be multiply defined in all source files. Wed Aug 6 20:27:27 1997 Tom Yu <tlyu@mit.edu> * Makefile.in: Add support for compiling with Hesiod. Fri Jul 25 15:49:58 1997 Tom Yu <tlyu@mit.edu> * kadm_funcs.c: Remove mention of dbm for now. It should probably be added back later to deal with dbm-hashed passwd files. Tue Jul 1 02:38:50 1997 Tom Yu <tlyu@mit.edu> * kadm_funcs.c, kadm_server.c, kadm_ser_wrap.c: Reenable mod and check_pw. * kadm_funcs.c, kadm_server.c, kadm_ser_wrap.c: Reenable get and add. Wed Jun 18 18:38:45 1997 Tom Yu <tlyu@mit.edu> * kadm_funcs.c (kadm_chg_srvtab): Remove extraneous macros that were elaborate contortions to avoid using goto. Mon May 26 22:44:21 1997 Tom Yu <tlyu@mit.edu> * Makefile.in (OBJS): Build kadm_funcs.c again. * kadm_funcs.c: Re-enable kadm_chg_srvtab() and update it to use the new kadm5 interface. * kadm_ser_wrap.c: Re-enable kadm_ser_stab(). * kadm_server.c: Re-enable kadm_ser_stab(). Tue May 13 20:21:21 1997 Tom Yu <tlyu@mit.edu> * Makefile.in: * admin_server.c: * kadm_server.c: * kadm_ser_wrap.c: Convert to use new kadm5 API; this still needs work to remove references to krb5_db and to regain full v4 kadmind functionality (or as much as is possible). Tue Feb 18 09:59:59 1997 Ezra Peisach <epeisach@mit.edu> * acl_files.c: Do not declare malloc() or calloc() if stdlib.h exists. Thu Feb 6 14:49:45 1997 Tom Yu <tlyu@voltage-multiplier.mit.edu> * Makefile.in (LOCALINCLUDE): Repair lack of -I. and -I$(srcdir) Tue Feb 4 21:23:16 1997 Tom Yu <tlyu@mit.edu> * Makefile.in: * configure.in: Update to new program build procedure. Fri Nov 22 15:49:27 1996 unknown <bjaspan@mit.edu> * kadm_ser_wrap.c (endif ): use sizeof instead of h_length to determine number of bytes of addr to copy from DNS response [krb5-misc/211] Wed Nov 13 19:24:00 1996 Tom Yu <tlyu@mit.edu> * Makefile.in (clean): Remove kadm_err.h and kadm_err.c. Fri Nov 8 17:27:20 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * admin_server.c (argv): Check the error return from krb5_init_context(), and print an error message if necessary. Mon Oct 21 17:20:32 1996 Barry Jaspan <bjaspan@mit.edu> * admin_server.c: use params.admin_keytab instead of a hard-coded value [krb5-admin/30] Thu Sep 26 17:54:33 1996 Barry Jaspan <bjaspan@mit.edu> * admin_server.c (process_client): allow keytab to be specified on command line; default is still wrong Mon Sep 23 15:36:41 1996 Barry Jaspan <bjaspan@mit.edu> * configure.in: add unit-test subdir Wed Jul 31 17:53:45 1996 Tom Yu <tlyu@mit.edu> * kadm_ser_wrap.c: Remove #include <sys/socket.h>, <netdb.h> because k5-int.h already grabs it if NEED_SOCKETS is defined. * admin_server.c: Remove #include <sys/socket.h> because k5-int.h already grabs it if NEED_SOCKETS is defined. Thu Jul 18 19:46:49 1996 Marc Horowitz <marc@mit.edu> * configure.in: removed ET_RULES, replaced with AC_PROG_AWK Tue Jul 9 17:18:56 1996 Marc Horowitz <marc@mit.edu> * kadm_stream.c: rename HAS_STDLIB_H to HAVE_STDLIB_H to conform to the autoconf convention * configure.in: the old configure.in seemed to be written for some other directory. Now it's right. * admin_server.c, kadm_ser_wrap.c, kadm_server.c: renamed <ovsec_admin/foo.h> to <kadm5/foo.h> * Makefile.in: complete rewrite. Thu Mar 21 20:33:43 1996 Richard Basch <basch@lehman.com> * kadm_funcs.c: new principals were being created with two keys, one of which the key_data_ver=0 and had no valid data. Tue Mar 19 19:42:37 1996 Richard Basch <basch@lehman.com> * kadm_funcs.c: changed all references of des-cbc-md5 to des-cbc-crc fixed uninitialized variable set kvno modulo 256 in database Wed Feb 21 23:34:31 1996 Richard Basch <basch@lehman.com> * kadm_funcs.c: Initialize the length element of the krb5_db_entry structure in kadm_princ2entry (add_entry was failing). Wed Dec 13 03:51:53 1995 Chris Provenzano (proven@mit.edu) * kadm_funcs.c : Remove mkvno for krb5_db_entry Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) * admin_server.c, kadm_funcs.c kadm_ser_wrap.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) * admin_server.c, kadm_funcs.c, kadm_ser_wrap.c : Remove krb5_enctype references, and replace with krb5_keytype where appropriate. Tue Aug 15 14:31:37 EDT 1995 Paul Park (pjpark@mit.edu) * admin_server,kadm_funcs,kadm_ser_wrap.c - Replace kadm_find_keytype() with krb5_dbe_find_keytype(). Thu Aug 10 14:48:26 EDT 1995 Paul Park (pjpark@mit.edu) * kadm_funcs.c - Add kadm_find_keytype() to find a particular key/salt pair. Use this to find keys instead of assuming that the right one's in the first slot. Fix transposed arguments to strncpy(). Handle mod_princ_data stuff. Supply saltblock to encrypt_key_data(). * admin_server, kadm_ser_wrap.c - Use kadm_find_keytype() to find keys. Mon Aug 7 13:30:46 EDT 1995 Paul Park (pjpark@mit.edu) * admin_server,kadm_funcs,kadm_ser_wrap.c - Brute force substitutions to get this to compile. Mon Jul 17 15:12:30 EDT 1995 Paul Park (pjpark@mit.edu) * kadm_ser_wrap.c - Add NULL stash file argument to krb5_db_fetch_mkey. Fri Jul 7 16:05:11 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Remove all explicit library handling and LDFLAGS. * configure.in - Add USE_<mumble> and KRB5_LIBRARIES. Tue Jun 27 16:05:27 EDT 1995 Paul Park (pjpark@mit.edu) * acl_files.c - Change check for return value from fputs(3) from NULL to EOF. That's what's returned on error. * admin_server.c - Cast 4th argument of setsockopt(2) to be const char * * kadm_funcs.c - Cast argument to ctime(3) * kadm_server.c - Cast first argument to strcpy(3) and strcat(3). Tue Jun 20 14:44:54 1995 Tom Yu (tlyu@dragons-lair) * configure.in: add tests for TIME_WITH_SYS_TIME and sys/time.h Thu Jun 15 17:52:29 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Change explicit library names to -l<lib> form, and change target link line to use $(LD) and associated flags. Also, for K4, use KRB4_LIB and KRB4_CRYPTO_LIB, these were split out. * configure.in - Add shared library usage check. Fri Jun 9 19:07:25 1995 <tytso@rsx-11.mit.edu> * configure.in: Remove standardized set of autoconf macros, which are now handled by CONFIG_RULES. Fri Jun 9 06:49:36 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> * kadm_stream.c (vts_long, stv_long): Change u_long to krb5_ui_4 * kadm_server.c (kadm_ser_ckpw): Change u_long to krb5_ui_4 * kadm_ser_wrap.c (errpkt, kadm_ser_in): Change u_long to krb5_ui_4 * kadm_funcs.c (kadm_add_entry): Change u_long to krb5_ui_4 * admin_server.c (process_client): Change u_long to krb5_ui_4 Sat May 20 22:33:58 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> * kadm_stream.c: Based on presence of stdlib.h, include or declare malloc. * configure.in: Check for stdlib.h Sun May 7 13:49:54 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> * admin_server.c: Avoid warning of redeclaring POSIX_SIGNALS if already defined. Sat Apr 29 00:34:01 1995 Theodore Y. Ts'o <tytso@dcl> * admin_server.c (kadm_listen): Use Posix sigaction() instead of signal() to set signal handlers. This allows us not to worry about System V signal semantics. Make the code use POSIX_SIGNALS by default. Fri Apr 28 18:08:05 1995 Mark Eichin <eichin@cygnus.com> * Makefile.in (KLIB): put KRB4_LIB inside KLIB. Thu Apr 27 13:53:41 1995 Mark Eichin <eichin@cygnus.com> * Makefile.in (v4kadmind): use KRB4_LIB directly. Thu Apr 20 23:21:42 1995 Theodore Y. Ts'o (tytso@dcl) * kadm_funcs.c: Don't #include <ndbm.h>, since that's automatically included by k5-config.h Thu Apr 20 15:26:48 1995 Ezra Peisach (epeisach@kangaroo.mit.edu) * kadm_server.c (kadm_ser_cpw, kadm_ser_ckpw): krb_int32 should be krb5_int32. * acl_files.c: Declare acl_abort as static at top of file. Sun Apr 16 19:10:17 1995 Mark Eichin <eichin@cygnus.com> * kadm_server.c (kadm_ser_cpw, kadm_ser_ckpw): use krb_int32, not long, for network 4 byte quantities. Should get rid of the use of memcpy at some point. Sat Mar 25 16:59:55 1995 Mark Eichin <eichin@cygnus.com> * kadm_funcs.c (kadm_entry2princ): pass kadm_context in to krb5_524_conv_principal. Tue Mar 14 16:45:18 1995 <tytso@rsx-11.mit.edu> * Makefile.in: Don't link in the V4 DES library; use the des425 library to avoid linking the DES code in twice. Thu Mar 2 12:25:13 1995 Theodore Y. Ts'o <tytso@dcl> * Makefile.in (ISODELIB): Remove reference to $(ISODELIB). Wed Mar 1 16:30:08 1995 Theodore Y. Ts'o <tytso@dcl> * kadm_server.c: Remove declataions of malloc(); should be done by header files. * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket and -lnsl with WITH_NETLIB check. Tue Feb 28 02:24:56 1995 John Gilmore (gnu at toad.com) * admin_server.c, kadm_server.c, kadm-server.h: Avoid <krb5/...> includes. Tue Feb 7 16:42:54 1995 Mark Eichin <eichin@cygnus.com> * kadm_funcs.c (kadm_del_entry): fixed call to db_delete_principal. Wed Jan 25 18:42:42 1995 Mark Eichin (eichin@tweedledumber.cygnus.com) * kadm_server.h (DEL_ACL_FILE): new define, acl file for V4 delete function. * kadm_server.c (kadm_ser_add): new function, wrapper for V4 delete. * kadm_funcs.c (check_access): declare int; add DEL. (kadm_del_entry): new function, V4 delete from CNS. (failadd): fix spelling error in log entry. Mon Dec 12 13:21:48 1994 Mark Eichin (eichin@cygnus.com) * kadm_funcs.c (kadm_entry2princ, kadm_princ2entry, kadm_chg_srvtab): V4 and V5 max_life are in *different units* so use the 60*5 conversion factor. Fri Nov 18 15:51:11 1994 Theodore Y. Ts'o (tytso@dcl) * kadm_funcs.c (kadm_add_entry, kadm_mod_entry, kadm_change): Add magic numbers of keyblock structre. Fri Nov 18 01:11:58 1994 Mark Eichin <eichin@cygnus.com> * configure.in: use CHECK_SIGNALS instead of expansion (from epeisach). Wed Oct 19 18:53:45 1994 Theodore Y. Ts'o (tytso@dcl) * kadm_ser_wrap.c (kadm_ser_init): Use krb5_use_cstype() to initialize the master_encblock structure. Thu Sep 29 22:41:20 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: relink executable if libraries change Thu Sep 15 10:53:37 1994 Theodore Y. Ts'o (tytso@dcl) * admin_server.c (close_syslog, byebye): Move these two functions before main(), so that they get declared properly. Otherwise suncc will refuse to compile the file. * kadm_funcs.c (kadm_add_entry, kadm_mod_entry, kadm_change, kadm_chg_srvtab): use krb5_timeofday instead of time(0). Thu Aug 4 16:37:33 1994 Tom Yu (tlyu@dragons-lair) * admin_server.c: pick up <sys/time.h> (needed to get FD_SET, etc.) Sat Jul 16 09:21:22 1994 Tom Yu (tlyu at dragons-lair) * Makefile.in: no longer trying to install v4kadmind as krb5kdc :-) * configure.in: another try at making dbm libs dtrt Wed Jun 29 00:24:28 1994 Tom Yu (tlyu at dragons-lair) * admin_server.c: fixed calls that should have invoked krb5_init_ets Sat Jun 25 09:07:48 1994 Tom Yu (tlyu at dragons-lair) * kadm_ser_wrap.c: fixed lack of a terminal 0 in a call to krb5_build_principal