2003-09-02 Alexandra Ellwood <lxs@mit.edu> * svr_principal.c: Added Apple password server support. 2003-06-13 Tom Yu <tlyu@mit.edu> * server_kdb.c (kdb_init_hist): Force history principal's key to be of the same enctype as the master key, as searches for it later on explicitly specify the enctype. 2003-04-01 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove $(SHLIB_DBLIB_DEPS) and related variables. (SHLIB_EXPDEPS): Remove $(SHLIB_DBLIB_DEPS). (SHLIB_EXPLIBS): Change $(DB_LIB) to $(KDB5_DB_LIB). 2003-01-12 Ezra Peisach <epeisach@bu.edu> * svr_iters.c (kadm5_get_either): For POSIX_REGEXPS (i.e. regcomp), call regfree() to cleanup memory. 2003-01-10 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Add AC_SUBST_FILE marker for lib_frag and libobj_frag. 2003-01-05 Sam Hartman <hartmans@mit.edu> * server_dict.c: Remove declaration of errno * adb_policy.c: Remove declaration of errno 2002-12-16 Ezra Peisach <epeisach@bu.edu> * Makefile.in: Change to allow compilation with-system-db and shared libraries. 2002-11-07 Tom Yu <tlyu@mit.edu> * svr_principal.c (kadm5_setkey_principal_3): Apply patch from Emily Ratliff to allow n_ks_tuple to be zero, which is the case if being called from kadmind answering a client's setkey_principal request. 2002-10-15 Ezra Peisach <epeisach@bu.edu> * server_init.c (kadm5_lock, kadm5_unlock): Return KADM5_OK instead of falling off end of function. 2002-10-08 Tom Yu <tlyu@mit.edu> * adb_openclose.c (osa_adb_init_db): Reset opencnt. (osa_adb_open_and_lock): Don't open multiple times; merely increment opencnt if already open. (osa_adb_close_and_unlock): Decrement opencnt instead of unconditionaly closing. * server_init.c (kadm5_lock, kadm5_unlock): New functions to support persistent exclusive locks across multiple API calls. 2002-08-29 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Revert $(S)=>/ change, for Windows support. 2002-08-23 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Change $(S)=>/ and $(U)=>.. globally. 2002-07-17 Ken Raeburn <raeburn@mit.edu> * svr_iters.c (struct iter_data): Replace DynObject "matches" with pointer, allocation size, current count, and error flag. (get_either_iter): Grow array if needed, noting failures. (kadm5_get_either): Set up the array before calling the iterator and use their values after. * Makefile.in (SHLIB_EXPDEPS, SHLIB_EXPLIBS): Drop libdyn references. 2002-03-06 Ken Raeburn <raeburn@mit.edu> * Makefile.in (LIBMAJOR): Bump to avoid Heimdal conflict. 2002-03-02 Sam Hartman <hartmans@mit.edu> * server_acl.c (acl_find_entry): Patch from sxw@sxw.org.uk: patch to correct handling of ACL targets. Previous patch from Matt Crawford seems to only work for * targets where it ignores the restrictions. This patch seems to work for all the semantics described in MATt's original message, at least as far as I tested. 2001-10-22 Tom Yu <tlyu@mit.edu> * svr_principal.c (kadm5_decrypt_key): For now, coerce enctype of output keyblock in case we got a match on a similar enctype. 2001-10-16 Mitchell Berger <mitchb@mit.edu> Matt Crawford <crawdad@fnal.gov> * svr_principal.c (add_to_history): If the policy a principal uses has been changed to hold a lesser number of history entries than it did before, extract the correct number and value of old keys from the history array into a newly allocated array of the proper size. Failing to do this made kadmind vulnerable to a crash upon changing such a principal's password. Original patch written by Matt Crawford, with a few changes. 2001-10-09 Ken Raeburn <raeburn@mit.edu> * server_acl.h: Make prototypes unconditional. 2001-07-31 Ezra Peisach <epeisach@mit.edu> * svr_principal.c (check_pw_reuse): Change argument for n_pw_hist_data to unsigned to be consistant with calling convention. 2001-07-25 Ezra Peisach <epeisach@mit.edu> * adb_xdr.c (xdr_krb5_key_data): Use xdr_krb5_ui_2 instead of xdr_krb5_int16 for key_data_length field. 2001-07-06 Ezra Peisach <epeisach@mit.edu> * svr_iters.c: Declare kadm5_get_either static 2001-06-20 Mitchell Berger <mitchb@mit.edu> * server_dict.c: Silly typo fixed. 2001-06-18 Ezra Peisach <epeisach@mit.edu> * server_misc.c (passwd_check): cast argument to islower()/isupper(), isdigit(), ispunct() to int. * server_acl.c (acl_parse_line): Cast argument to isupper()/isspace() to int. 2001-06-08 Ezra Peisach <epeisach@mit.edu> * svr_principal.c (check_pw_reuse): Cleanup assignment in conditional. 2001-06-04 Ezra Peisach <epeisach@mit.edu> * svr_principal.c: Cleanup assignments in conditionals. Sun Feb 18 17:40:23 2001 Ezra Peisach <epeisach@mit.edu> * adb_openclose.c, adb_policy.c, server_acl.c, server_dict.c, server_init.c, server_kdb.c, server_misc.c, svr_iters.c, svr_principal.c: Cleanup assignments in conditionals, variables sadowing one another, unused variables and declared some functions as static. 2000-10-17 Ezra Peisach <epeisach@mit.edu> * svr_chpass_util.c (kadm5_chpass_principal_util): Change msg_len to unsigned int. Tue Oct 10 03:09:27 2000 Ezra Peisach <epeisach@mit.edu> * server_dict.c (init_dict): Change syslog() to krb5_klog_syslog() so that errors go to the intended place as indicated by krb5.conf. 2000-06-30 Tom Yu <tlyu@mit.edu> * adb_openclose.c (osa_adb_create_db): Default to btree. (osa_adb_init_db): Set up btinfo as well. (osa_adb_open_and_lock): Try btree, then hash. * Makefile.in (SHLIB_EXPDEPS): Add libdb. (SHLIB_EXPLIBS): Add -ldb. 2000-06-23 Nalin Dahyabhai <nalin@redhat.com> * adb_openclose.c (osa_adb_create_db): Open lock files using O_EXCL and fdopen() the descriptor instead of using fopen(). * svr_chpass_util.c (kadm5_chpass_principal_util): Adjust for new length parameter in both kadm5_chpass_principal_util() and in _kadm5_chpass_principal_util(). 2000-05-31 Wilfredo Sanchez <tritan@mit.edu> * adb_free.c, adb_xdr.c, server_dict.c: Check for existance of<memory.h>. [from Nathan Neulinger <nneul@umr.edu>] 2000-03-16 Ken Raeburn <raeburn@mit.edu> Matt Crawford <crawdad@fnal.gov> * server_acl.c: Include kadm5/admin.h. (struct _acl_entry): Add new fields for restrictions. (struct _wildstate): New type. (acl_parse_line): Input is const. Parse and save restrictions. Allow backslash at end of line to indicate continuation. (acl_parse_restrictions, acl_impose_restrictions): New functions. (acl_free_entries): Free up restriction data if any. (acl_load_acl_file): Don't use tmpbuf for catch-all entry. (acl_match_data): Add new arguments for wildcard state. (acl_find_entry): Support wildcard component matching. Reorganized checks for bad ACL entries. (acl_check): Add restrictions parameter. * server_acl.h (struct _restriction): New type. (acl_check): Update prototype. (acl_impose_restrictions): Declare. 2000-02-26 Tom Yu <tlyu@mit.edu> * svr_principal.c (kadm5_create_principal_3): Remove keepold argument. * Makefile.in (LIBMAJOR): Bump major number due to call signature changes. 2000-02-25 Ken Raeburn <raeburn@mit.edu> * server_acl.c (acl_get_line): Patch from Matt Crawford to permit line continuation by ending a line with a backslash. 2000-02-13 Tom Yu <tlyu@mit.edu> * svr_principal.c (kadm5_setkey_principal_3): New function. 1999-10-26 Wilfredo Sanchez <tritan@mit.edu> * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, LOCAL_INCLUDES such that one can override CFLAGS from the command line without losing CPP search patchs and defines. Some associated Makefile cleanup. 1999-09-08 Ken Raeburn <raeburn@mit.edu> * adb_openclose.c (osa_adb_fini_db): Don't fclose the lock file if the lock is permanent, because it's already been done. Mon Dec 7 15:19:11 1998 Ezra Peisach <epeisach@mit.edu> * svr_principal.c (kadm5_randkey_principal_3): Fix typo in arguments to krb5_dbe_crk(). 1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Set the myfulldir and mydir variables (which are relative to buildtop and thisconfigdir, respectively.) Fri Dec 4 23:10:32 1998 Tom Yu <tlyu@mit.edu> * svr_principal.c (kadm5_create_principal): Modify to call create_principal_3. (kadm5_create_principal_3): New function including flag to keep old keys and optional explicit keysalt_tuples. (kadm5_chpass_principal): Modify to call chpass_principal_3. (kadm5_chpass_principal_3): New function including flag to keep old keys and optional explicit keysalt_tuples. (kadm5_randkey_principal): Modify to call randkey_principal_3. (kadm5_randkey_principal_3): New function including flag to keep old keys and optional explicit keysalt_tuples. Tue Nov 17 18:20:48 1998 Tom Yu <tlyu@mit.edu> * svr_principal.c (kadm5_create_principal): (kadm5_chpass_principal): (kadm5_randkey_principal): Fix up for new calling conventions of dbe_crk and dbe_cpw. 1998-10-27 Marc Horowitz <marc@mit.edu> * server_kdb.c, svr_principal.c: convert to new crypto api Sun Jul 26 18:09:55 1998 Sam Hartman <hartmans@utwig.mesas.com> * Makefile.in (LIBMAJOR): bump libmajor Wed Apr 15 18:06:14 1998 Tom Yu <tlyu@mit.edu> * Makefile.in (SHLIB_EXPDEPS): (SHLIB_EXPLIBS): Rename libcrypto -> libk5crypto. Fri Feb 27 22:33:05 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Changed thisconfigdir to point at the lib/kadm5 directory, since we've moved all of the configure.in tests to the toplevel lib/kadm5 configure.in. Instead of adding @LIBS@ to the list of libraries which should be linked as shared library dependencies, add @GEN_LIB@ and @AIX_DB_LIB@ which will get expanded if necessary. Wed Feb 18 16:15:22 1998 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove trailing slash from thisconfigdir. Fix up BUILDTOP for new conventions. Fri Feb 13 21:30:58 1998 Tom Yu <tlyu@mit.edu> * adb_xdr.c: Update header locations. * Makefile.in (LIBMAJOR): Bump major version to reflect change in rpc library. Wed Jan 28 16:32:36 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> * configure.in, Makefile.in: Remove the CopySrcHeader macro from configure.in and substitute equivalent functionality in Makefile.in Mon Oct 13 10:59:22 1997 Ezra Peisach <epeisach@mit.edu> * server_init.c (kadm5_destroy): Call kadm5_free_config_params. * server_acl.c: Include <ctype.h> for tolower(). (acl_load_acl_file): Close acl file, even when acl_catchall_entry is not set. Wed Aug 6 20:22:23 1997 Tom Yu <tlyu@mit.edu> * Makefile.in: Add flags to conditionally compile with Hesiod. * server_misc.c: Add support for checking GECOS field of Hesiod passwd entry. Fri Jul 25 15:37:08 1997 Tom Yu <tlyu@mit.edu> * server_init.c: Change a few calls to align with the new kdb API. * Makefile.in: Bump version. Tue Jul 1 02:32:49 1997 Tom Yu <tlyu@mit.edu> * server_acl.h: Fix ACL_ALL_MASK to include ACL_SETKEY. * svr_principal.c: Fix setv4key_principal. Sun Jun 29 14:52:51 1997 Tom Yu <tlyu@mit.edu> * svr_principal.c: Add new function kadm5_setv4key_principal. Mon Mar 31 17:40:24 1997 Barry Jaspan <bjaspan@mit.edu> * server_acl.c, server_acl.h, svr_pricipal.c: add support for setkey_principal Sun Mar 9 13:40:33 1997 Tom Yu <tlyu@mit.edu> * svr_principal.c (add_to_history): Don't call realloc() on a NULL pointer, lest non-ANSI compliant systems like SunOS fail. Sat Feb 22 01:34:08 1997 Sam Hartman <hartmans@tertius.mit.edu> * Makefile.in (SHLIB_EXPDEPS): s/.so/$(SHLIBEXT) Wed Jan 15 20:59:11 1997 Tom Yu <tlyu@mit.edu> * Makefile.in: * configure.in: Update to new library build procedure. Tue Dec 3 15:14:29 1996 Barry Jaspan <bjaspan@mit.edu> * server_acl.c (acl_load_acl_file): log errors via krb5_klog_syslog, not fprintf and com_err [krb5-admin/238]; don't coredump when an acl line is too long; handle catchall_entry == NULL Fri Nov 22 11:11:34 1996 Sam Hartman <hartmans@mit.edu> * Makefile.in (SHLIB_LIBS): Do not link shared against -ldb [224] Tue Nov 26 03:04:04 1996 Sam Hartman <hartmans@mit.edu> * server_acl.c (acl_load_acl_file): Fix coredump by allowing catchall_entry to be null, but do not reference it if it is. Thanks to marc. [242] Mon Nov 25 17:53:20 1996 Barry Jaspan <bjaspan@mit.edu> * server_acl.c: set acl_catchall_entry to "" instead of NULL, since it is presumed to contain something, but we don't want any default entry [krb5-admin/237] Wed Nov 13 19:20:36 1996 Tom Yu <tlyu@mit.edu> * Makefile.in (clean-unix): Remove shared/*. Mon Nov 11 17:01:00 1996 Barry Jaspan <bjaspan@mit.edu> * svr_principal.c (kadm5_modify_principal): fix memory leak handling tl_data Thu Nov 7 16:42:38 1996 Barry Jaspan <bjaspan@mit.edu> * svr_iters.c (glob_to_regexp): a principal glob with no @ defaults to @*, not @LOCAL.REAM [krb5-admin/161] Wed Nov 6 10:45:12 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * server_init.c (kadm5_init): Use a more fined grained error code, KADM5_MISSING_CONF_PARAMS instead of KRB5_CONFIG_BADFORMAT Wed Nov 6 16:22:05 1996 Barry Jaspan <bjaspan@mit.edu> * svr_principal.c (kadm5_modify_principal): don't free the caller's tl_data (oops) Fri Nov 1 13:18:40 1996 Barry Jaspan <bjaspan@mit.edu> * svr_principal.c (kadm5_modify_principal): update for new tl_data semantics [krb5-admin/140] Mon Oct 21 16:28:52 1996 Barry Jaspan <bjaspan@mit.edu> * svr_principal.c (kadm5_modify_principal): fix modify_principal's handling of KADM5_TL_DATA [krb5-admin/20] Fri Oct 18 14:24:12 1996 Barry Jaspan <bjaspan@mit.edu> * svr_misc_free.c, server_dict.c, adb_policy.c, adb_free.c: include stdlib.h instead of malloc.h [krb5-admin/35] * adb_openclose.c (osa_adb_rename_db): create the destination database if necessary before renaming [krb5-admin/58] Thu Oct 17 16:22:07 1996 Barry Jaspan <bjaspan@mit.edu> * svr_principal.c: update for new pw_expiration semantics [krb5-admin/87] Tue Oct 8 13:33:48 1996 Barry Jaspan <bjaspan@mit.edu> * adb_policy.c (osa_adb_rename_policy_db): rename osa_adb_rename_policy to *_db * adb_openclose.c, adb_policy.c: implement database renaming; also, only create a db lockfile after the database has been successfully created [krb5-admin/62] Fri Oct 4 08:40:21 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * svr_principal.c (kadm5_get_principal): Do not assume malloc(0) returns non-NULL. [krb5-admin/29] Fri Aug 2 14:07:31 1996 Barry Jaspan <bjaspan@DUN-DUN-NOODLES> * svr_principal.c: remove krb5_free_keyblock_contents (moved to libkrb5.a) Fri Jul 26 17:48:14 1996 Sam Hartman <hartmans@mit.edu> * svr_principal.c (krb5_copy_key_data_contents): If key_data_length[i] == 0, don't complain if malloc(0) returns 0; this is allowed by ANSI. Thu Jul 25 18:42:47 1996 Sam Hartman <hartmans@mit.edu> * configure.in (LIBS): Link against -ldb under AIX for shared library construction; we should eventually make libdb a shared library. Wed Jul 24 18:21:28 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu> * Makefile.in, configure.in: break out server lib into a subdirectory