Major projects: 1. Run a V5 KDC on the master KDC. * audit code in v4 kadmind server DONE * convert syslog -> log (to real file) DONE * save versus deletion of rcache file (HIGH PRIORITY) DONE * Use dbm as the default database. (HIGH PRIORITY) DONE * KDC does not notice new databases after new db loads (HIGH PRIORITY) * KDC returns wrong starttime if queried too quickly with a TGS req. after a TGT request. * v4kadmind: convert syslog -> log (to real file) DONE * v4kadmind: should store (kvno++ % 256) in database, or there should be a mechanism in ktutil to query the server for the kvno because V4 and V5 kvno's have different limits/wraps. (currently, it is set to store kvno++ % 256) 2. API changes DONE * context changes (mostly done) DONE * narrow types (done) DONE * get_in_tkt for salt support, multi encryption DONE * keytab lookup (for multi-encryption) DONE * oracle forwarding support DONE * Remove krb5_enctype argument from string_to_key(). (HIGH) * Functionalize krb5.h (HIGH) 3. Multi-encryption support DONE * kdb5_edit support (show princal, set attributes) DONE * test DES-MD5 DONE * make DES-MD5 default, fall back to DES-CRC DONE * DES_CBC_* are not being properly treated. Requesting one type does not always return a key of the same type (even if there is another DES key in the db). 4. Better Kerberos Database DONE * Design encoders/decoders DONE * Added keytab routines to access to database. * A krb5_db_context is necessary for all the db access routines. Eg put_principal(), get_principal(), etc... The API on these routines needs to be modified and the current db_context needs to be removed from the krb5_context to better support multiple databases/realms. (POST 1.0) 5. Configuration file DONE * write configuration file library 6. Misc Cleanup * check file vs stdio ccache code; replace file code with stdio * rewrite rcache code DONE * fold in krb4 library DONE * kdc support automatic fallback (done) * DES glue code rewrite DONE * don't need NEED_SYS_FCNTL.H; just always include * utmp configure cleanup * telnet portability DONE * CONFIG_RULES should include more standard rules (WITH_KRB4, etc.) stuff that's in every single configure.in file. * klist and kdestroy drags in the entire libcrypto library unnecessarily; this is because init_ctx references krb5_csarray (via valid_etype) and krb5_max_crypto_system, which drags in cryptoconf.c DONE * Make kinit not delete the credcache before tickets are successfully obtained. * Telnet/rlogin bug --- must do gethostbyname()/gethostbyaddr() to get a real DNS name so that we don't get bitten by athena.dialup.mit.edu and resolvers which shuffle DNS records. (HIGH) * GSSAPI V2 calls: gss_export_name(), gss_canonicalize_name(), gss_inquire_mech_for_names() * GSSAPI mechglue: gss_inquire_cred() not quite right for default credential. Fix for Mech-Spec names. * GSSAPI mechglue: gss_acquire_cred is really kinda broken... Fix for mech-spec names. * krb5 bugs 7. Future development * support for realm name changes (POST 1.0) * telnet rsh support (POST 1.0) * Make routines for updating the master key in a database. Thinking about this I think its easier to have the routines update the master key and then update every principal in the database. Doing this will also allow us to remove the mkvno field saving 2 bytes per entry. DONE * Fix preauthentication code DONE * Save the time offset between the kerberos server and the current host in the credential cache. (Just need to actually get and save the time.) * Make a keysalt to salt function that takes keysalt info and principal and returns a salt. Routines: krb5_keysalt_to_salt(krb5_context, krb5_keysalt, krb5_principal) * Implement krb5_cc_remove_cred() (LOW) * Implement tl_data for server keys supported by the server for client-server communications. (LOW) * Add profile entries for (HIGH) default enctype (and salttype?) list for kinit and AS requests. default enctype list for TGS requests in krb library default enctype/salttype list for change password requests. default enctype for change random key requests. 8. New applications * POP (POST 1.0) * discuss (POST 1.0) DONE * FTP (POST 1.0?) * Zephyr (POST 1.0) * Proper encrypted telnet (POST 1.0) 9. Kadmin DONE * Password changing protocol. * kadmin --- Have ank, ark, cpw, crk use new protocol. (HIGH) * kadmind (HIGH) Finish work on modify entry command. Make sure that db opens log before becoming a daemon. 10. Install Cleanup DONE * krb5.h still #include's the com_err error include files. krb5.h should be constructed from krb5.hin, and those include files should be inlined, so that we only need to install the single krb5.h file. DONE * We shouldn't be installing into /krb5. Should use the Gnu coding standard prefix and exec_prefic setup, with the kerberos database living in /prefix/lib/kdb5. (People can symlink that off to another partition if they feel the need.) 11. Testing * Test the new kdb locking code (HIGH) * test cross realm authentication (HIGH) * Test that db key_data crunching of enctypes actually works. (HIGH) Routines in kdb_cpw.c: add_key_pwd(), add_key_rnd() Routines in kdb_xdr.c: krb5_dbe_find_enctype() * Test that krb5_dbm_db_put_principal() doesn't save a krb5_db_entry with any keys with kvno = 0. (HIGH) 12. Integration * Merge in new GSSAPI code from OV. (HIGH) 13. Post 1.0 items * Incremental kprop * Change krb5_enctype and krb5_checksumtype to be unsigned ints. * Secure Network Key preauthentication. * If configuring with --enable-athena, Athena-environment setup for login. ---------------------------------------------------------------------------- I believe these are done but a double check would be nice. ---------------------------------------------------------------------------- Make sure kdb code doesn't save salt type KRB5_KDB_SALTTYPE_NORMAL (0) into the db. Routines: krb5_dbekd_decrypt_key_data(), krb5_dbekd_encrypt_key_data() Check that dump/restore actually works Each entry needs to have a version, length, and each integer entry needs to be saved with a hexidecimal encoding. The principals should use parse/unparse routines. (Paul did the work but nobody has checked it) ----------------------------------------------------- OLD TODO ITEMS (to be vetted later) needed before beta4-patch2: 940802 stdargs/varargs breakage of ksu under SunOS not-quite-critical bug fixes: 940802 double-check telnet problems, e.g. solaris pty grabbing 940802 rethink using compile check for fopen() binary mode future development: 940808 check file vs stdio ccache code; replace file code with stdio 940808 rewrite rcache code 940808 fold in krb4 library 940808 support for realm name changes 940808 configuration file for krb5 clients to replace compile-time constants cleanup for later: 940802 realloc lossage made more reasonable; requires a compile and run type of check, then use REALLOC everywhere, #defined to check if argument is NULL first, if realloc(NULL) returns NULL. This is to guard against lossage like SunOS. 940802 yank isode from tree, insert tcl subset 940802 sanity check API doc 940802 deja gnu, testing framework 940808 make depend 940808 make sure we're using $(MAKE) everywhere %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% OLD TODO LIST. To be vetted later.... look at sandia changes (contact gmachin@somnet.sandia.gov): admin server BSD applications kdc/v4 changes specific coding items: ---------------------- new protocol revision telnet client address checking (hard to get hold of the addr?) uuserver adds a ticket to the credentials cache each time it runs, even if the client is using the same ticket. KDC bulletproofing (after beta) KDC statistic gathering (after beta) admin server (after beta) applications nfs discuss (?) X11 realm "quality" code and/or hooks (tytso) (after beta?) alloca/tempalloc (after beta) test suites (after beta) KDC transited field comma quoting verify that memcpy/memcmp is in use for principal names Make sure that all comparisons of principal components (realms, etc.) use memcmp instead of strcmp --- principal components can have nulls in them! (Don't blame me, blame OSI!) --> kdc realm transiting code boiling between scc_ and fcc_ (after beta) remove 32 bit dependencies (esp. in md4 and md5) (after beta) documentation issues: -------------------- manual pages (programs, library) Manual pages for appl/bsd need to be fixed!!!! what we depend on in the system (kprop, kdc: sockets; etc) build/installation doc: document expected "warnings", how to build it, configuration options picking up ss, com_err, makedepend, imake separately unifdef: ftp.uu.net:/bsd-sources/pgrm/unifdef/ operation doc interrealm gotchas RFC DES bit ordering ap_rep vs. subsession keys assign "no meaning" #s for others? byte-wise comparison for principal names DER, "Zulu" format timestamps bug list testing issues: -------------- mprof/mnemosyne error paths DCE interoperability ---------------------------------------------------------------- library name problems: with shared libraries cryptoconf.o can't be replaced. Change docs to require static linking. ---------------------------------------------------------------- Document new functions: krb5_free_address krb5_append_addresses krb5_gc_via_2tgt -------------------------------------------------------------- Bad comment message in KRB5-aux.h (KRB5-types.c should be KRB5_tables.c)