1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
|
2005-06-20 Ken Raeburn <raeburn@mit.edu>
* Makefile.in (KDB_DEP_LIB): Use DL_LIB and THREAD_LINKOPTS
instead of explicitly using -ldl and -lpthread.
Novell merge.
* Makefile.in:
* dump.c:
* kadm5_create.c:
* kdb5_create.c:
* kdb5_destroy.c:
* kdb5_stash.c:
* kdb5_util.c:
* kdb5_util.h:
* ovload.c:
2004-08-27 Ken Raeburn <raeburn@mit.edu>
* loadv4.c (enter_in_v5_db): Terminate argument list of
krb5_build_principal with NULL, not 0. Patch from Nalin
Dahyabhai.
2004-06-15 Tom Yu <tlyu@mit.edu>
* kadm5_create.c (add_admin_princs): Create kadmin/fqdn
principal.
2003-04-23 Ken Raeburn <raeburn@mit.edu>
* kdb5_destroy.c, kdb5_stash.c: Don't declare errno.
2003-01-07 Ken Raeburn <raeburn@mit.edu>
* Makefile.ov: Deleted.
2002-11-05 Tom Yu <tlyu@mit.edu>
* dumpv4.c (v4init):
* loadv4.c (dumpfile;): Remove trailing colon, as new implementation
of des_read_password() appends it.
2002-08-29 Ken Raeburn <raeburn@mit.edu>
* Makefile.in: Revert $(S)=>/ change, for Windows support.
2002-08-23 Ken Raeburn <raeburn@mit.edu>
* Makefile.in: Change $(S)=>/ and $(U)=>.. globally.
2002-08-23 Tom Yu <tlyu@mit.edu>
* dump.c (dump_db): Update usage comment. Add "-rev" and
"-recurse" flags to permit reverse and recursive dumping of the
database, respectively. Check for dump filename beginning with
"-" to avoid accidental dumps to such filenames.
* kdb5_util.c (usage): Update to match reality, primarily by
updating the "dump" usage, but also showing global options before
the command, which is how they were being interpreted anyway.
* kdb5_util.M: Update to match reality. Document "-mkey_convert",
"-new_mkey_file", "-rev", and "-recurse" options to "dump".
Document "dump to stdout" behavior. Show global options before
the command. Make some formatting fixes. s/binary tree/btree/
since the btree back end is actually an n-ary tree.
2002-08-14 Jen Selby <jenselby@mit.edu>
* dump.c: added -mkey_convert and -new_mkey_file to the usage
comment
2002-07-31 Tom Yu <tlyu@mit.edu>
* dump.c (master_key_convert): Iterate over freeing
key_data->key_data_contents[j] rather than attempting to free
key_data->key_data_contents.
2002-07-29 Jen Selby <jenselby@mit.edu>
* kdb5_util.M: added documentation for some options.
2002-07-15 Ezra Peisach <epeisach@bu.edu>
* dump.c (dump_ov_princ): Remove variable set but unused.
2002-04-05 Ken Raeburn <raeburn@mit.edu>
* kdb5_stash.c (kdb5_stash): Call krb5_c_valid_enctype instead of
valid_enctype.
* kdb5_util.c (main, open_db_and_mkey): Likewise.
* loadv4.c (load_v4db): Likewise.
2002-01-08 Sam Hartman <hartmans@mit.edu>
* kdb5_create.c (kdb5_create): Load strong random data
2001-10-26 Ezra Peisach <epeisach@mit.edu>
* dump.c (dump_db): Pass krb5_boolean instead of char * as
argument to kb5_db_fetch_mkey().
2001-10-23 Tom Yu <tlyu@mit.edu>
* loadv4.c (fixup_database): Don't set SUPPORT_DESMD5 anymore.
2001-10-09 Ken Raeburn <raeburn@mit.edu>
* dump.c, kdb5_create.c, kdb5_util.h, loadv4.c, tcl_wrapper.c:
Make prototypes unconditional.
2001-07-16 Ken Raeburn <raeburn@mit.edu>
* string_table.c (str_INITING_KCONTEXT): Variable deleted.
* string_table.h (str_INITING_KCONTEXT): Declaration deleted.
* kadm5_create.c (kadm5_create, kadm5_create_magic_princs): Don't
use str_INITING_KCONTEXT, instead provide (different!) messages
more appropriate to the actual code.
2001-06-29 Ezra Peisach <epeisach@mit.edu>
* nstrtok.h: New file with prototype for nstrtok.
* ovload.c: Include nstrtok.h
* strtok.c: Include nstrtok.h for prototype. Declare delim as
const char * argument. Delete rcsid.
* string_table.c: Delete rcsid.
* kadm5_create.c (build_name_with_realm): Declare static.
2001-06-21 Ezra Peisach <epeisach@mit.edu>
* kdb5_util.c (main): Change optarg to koptarg to prevent
shadowing of getopt function.
2001-06-20 Ezra Peisach <epeisach@mit.edu>
* kdb5_create.c: Include <krb5/adm_proto.h> for
krb5_keysalt_iterate() prototype.
2001-06-20 Mitchell Berger <mitchb@mit.edu>
* kdb5_create.c (kdb5_create): Fixed typo in com_err message.
2001-06-18 Ezra Peisach <epeisach@mit.edu>
* dump.c (name_matches): Cleanup warning of assignments in
conditionals.
2001-06-18 Ezra Peisach <epeisach@mit.edu>
* dump.c: Include regex.h if exists and if HAVE_REGCOMP
defined. Preior to this, regex.h was never included.
2001-06-08 Ezra Peisach <epeisach@mit.edu>
* dumpv4.c: Pass C_Block * to des_read_password() as per prototype.
* loadv4.c: Include k5-int.h before des.h for des_read_password
prototype. Pass C_Block * to des_read_password() as per prototype.
* kdb5_util.h: Add prototype for usage.
* kdb5_create.c, kdb5_destroy.c, kdb5_stash.c: Include kdb5_util.h
for usage() prototype.
2001-06-04 Ezra Peisach <epeisach@mit.edu>
* kadm5_create.c: Add prototype for static
add_admin_princs(). Cleanup calling of add_admin_princs() to be
consistant with prototype.
* kdb5_create.c, kdb5_stash.c, kdb5_destroy.c: Cleanup assignments
in conditionals.
Mon Feb 26 15:01:27 2001 Ezra Peisach <epeisach@mit.edu>
* loadv4.c, ovload.c, kdb5_util.h, kdb5_util.c, kadm5_create.c,
dumpv4.c, dump.c: Compiler warning cleanup including prototypes,
assignments in conditionals, unused variables, varaibles shadowing
one-another.
2001-02-08 Tom Yu <tlyu@mit.edu>
* loadv4.c: Remove references to KRB_NEVERDATE.
2001-02-05 Tom Yu <tlyu@mit.edu>
* kdb5_util.M: Fix some formatting nits and document new flags
controlling dump formats.
2000-10-17 Ezra Peisach <epeisach@mit.edu>
* kdb5_create.c (kdb5_create): Argument to krb5_read_password
changed to unsigned int.
2000-10-16 Tom Yu <tlyu@mit.edu>
* kdb5_util.M: Update manpage.
* kdb5_util.c (usage): Update usage message.
* dumpv4.c (dump_v4_iterator): Add logic to deal with long
lifetimes, as well as optionally using short lifetimes.
* loadv4.c (load_v4db): Add logic to deal with long lifetimes, as
well as optionally using short lifetimes.
* kadm5_create.c (kadm5_create_magic_princs): Add calls to
krb5_klog_init() and krb5_klog_close() to avoid coredumping if
kadm5_init() calls krb5_klog_syslog().
2000-07-05 Ken Raeburn <raeburn@mit.edu>
* dump.c: Various message char arrays turned into macros, to
permit gcc to verify format strings and arguments match.
(k5beta6_dump_header, k5beta7_dump_header): Deleted.
(dump_ov_princ): Use %lx for aux_attributes.
2000-06-30 Tom Yu <tlyu@mit.edu>
* dump.c: Add a new dump version, r1_3_version, and make it the
default; it will be used in krb5-1.3 and will permit a principal's
kadm5 data to be dumped. This is an interim measure until we
redesign the dump format somewhat.
2000-05-31 Wilfredo Sanchez <tritan@mit.edu>
* ovload.c: Check for existance of <memory.h>.
[from Nathan Neulinger <nneul@umr.edu>]
1999-10-26 Wilfredo Sanchez <tritan@mit.edu>
* Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
LOCAL_INCLUDES such that one can override CFLAGS from the command
line without losing CPP search patchs and defines. Some associated
Makefile cleanup.
1999-07-06 Ken Raeburn <raeburn@mit.edu>
* kdb5_util.c (main): Do try using com_err in the case that
krb5_init_context fails, instead of fprintf of the error number.
1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Set the myfulldir and mydir variables (which are
relative to buildtop and thisconfigdir, respectively.)
Tue Nov 3 16:28:23 1998 Tom Yu <tlyu@mit.edu>
* dump.c: Fix up to work with new crypto API.
1998-10-27 Marc Horowitz <marc@mit.edu>
* dumpv4, loadv4.c, kdb5_create.c, kdb5_stash.c, kdb5_util.c,
kadm5_create.c: convert to new crypto api
Wed Sep 30 00:02:01 1998 Theodore Y. Ts'o <tytso@mit.edu>
* dump.c: Add support for changing the master key for a database
as part of creating a dump of the database.
Thu Aug 20 16:50:00 1998 Tom Yu <tlyu@mit.edu>
* kdb5_util.c (add_random_key): Fixes to deal with absence of "-e"
flag.
Wed Aug 19 14:52:40 1998 Tom Yu <tlyu@mit.edu>
* kdb5_util.c (add_random_key): New function to create a new
random key for a principal while retaining the previous kvno's
keys. This is only temporary until a reasonable kadm5 interface
is made.
1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
* kdb5_stash.c (argv):
* kdb5_destroy.c (kdb5_destroy):
* kdb5_create.c (kdb5_create): POSIX states that getopt returns -1
when it is done parsing options, not EOF.
Fri Feb 27 23:32:38 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Changed thisconfigdir to point at the kadmin
directory, since we've moved all of the configure.in
tests to the toplevel kadmin configure.in
Wed Feb 18 15:55:06 1998 Tom Yu <tlyu@mit.edu>
* Makefile.in: Remove trailing slash from thisconfigdir. Fix up
BUILDTOP for new conventions.
Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
Sun Nov 2 19:09:17 1997 Ezra Peisach <epeisach@mit.edu>
* kdb5_util.c: Add flag indicating that policy db is to be closed.
Change '-f" option to "-sf" to indicate stash file on
command line.
* kdb5_stash.c (kdb5_stash): Indicate that policy db should be
closed, free context when done.
* kadm5_create.c (kadm5_create): Fix up memory leaks.
Wed Oct 22 15:39:38 1997 Ezra Peisach <epeisach@mit.edu>
* tcl_wrapper.c: Include either tcl.h or tcl/tcl.h
Fri Jul 25 15:46:24 1997 Tom Yu <tlyu@mit.edu>
* loadv4.c:
* kdb5_create.c:
* kdb5_destroy.c:
* dump.c: Update to new kdb API.
Thu Jul 17 12:25:41 1997 Ezra Peisach <epeisach@mit.edu>
* dump.c (process_k5beta_record): Change variables from char to
krb5_octet to match types in krb5_key_data.
* ovload.c (process_ov_principal): Change "more" variable to
krb5_boolean as argument to krb5_db_get_principal.
Wed Mar 12 01:19:51 1997 Theodore Y. Ts'o <tytso@mit.edu>
* loadv4.c (argv): Check to see if the global_param's stash file
is non-NULL before trying to strdup() it. [PR#341, PR#394]
Tue Feb 4 21:17:09 1997 Tom Yu <tlyu@mit.edu>
* Makefile.in:
* configure.in: Update to new program build procedure.
Tue Dec 3 16:04:24 1996 Barry Jaspan <bjaspan@mit.edu>
* kdb5_util.c: fix multiply defined globals [krb5-admin/260]
Wed Nov 13 00:06:40 1996 Mark Eichin <eichin@cygnus.com>
* dump.c (load_db): lock the database directly (having fixed the
lock/unlock code) to avoid reopening on every record.
Mon Nov 11 16:50:25 1996 Mark Eichin <eichin@cygnus.com>
* kadmin/dbutil dumpv4 expiration ("never") fixes
* kadmin/dbutil loadv4 stashfile, default fixes
Fri Sep 27 18:45:43 1996 Mark Eichin <eichin@cygnus.com>
* dump.c (read_string): fgetc doesn't return char.
Wed Sep 11 23:45:11 1996 Mark Eichin <eichin@cygnus.com>
* loadv4.c (enter_in_v5_db): set last_pwd_change from the
mod_time, not only the mod_princ_data.
Wed Sep 11 00:02:33 1996 Mark Eichin <eichin@cygnus.com>
* dumpv4.c (dump_v4_iterator): detect expiration time of "never"
and fill in a reasonable default (namely, the Cygnus 96q1 default
of 12/31/2009.)
* loadv4.c (v4_dump_find_default): New function. Scans a dumpfile
for a "default" entry, which was probably created at kdb_init time
and probably hasn't changed from either the MIT default of
12/31/1999 or the Cygnus 96q1 default of 12/31/2009. Check for
either value, and replace it with 0, which is understood as
"never" in V5. If verbose is set (-v flag), log either the match
or the non-matching value.
(process_v4_dump): new argument default_exp_time, the value found
by v4_dump_find_default, actually performs the replacement of
matching entries.
(load_v4db): call v4_dump_find_default to get the default
expiration time.
* kdb5_util.M: document the above changes.
Sun Sep 8 01:02:47 1996 Mark W. Eichin <eichin@kitten.gen.ma.us>
* kdb5_util.c (usage): document load_v4 -s stashfile.
(main): fix typo in usage message.
* kdb5_util.M: document load_v4, including new options, removing
previously eliminated -f option.
* loadv4.c (load_v4db): support -s stashfile option.
Thu Nov 7 20:53:17 1996 Tom Yu <tlyu@mit.edu>
* configure.in: Remove spurious WITH_KRB4.
Tue Nov 5 16:16:53 1996 Barry Jaspan <bjaspan@mit.edu>
* dump.c (load_db): minor fix to code that verifies the specified
load version matches the file (autodetect worked anyway)
Fri Oct 18 14:23:41 1996 Barry Jaspan <bjaspan@mit.edu>
* dump.c (load_db): osa_adb_rename_policy_db will create the db,
so this function doesn't have to [krb5-admin/58]
* dump.c (dump_k5beta6_iterator): don't dump tl types that are
special to us and the previous version did not understand
[krb5-admin/89]
Tue Oct 8 13:35:56 1996 Barry Jaspan <bjaspan@mit.edu>
* dump.c (load_db): rework the way policy database naming and
renaming is handled; the code no longer depends on being able to
specify admin_dbname specifically (which is no longer supported by
the libraries), uses osa_adb_rename_policy instead of doing it
directly, and will create a policy db if one does not already
exist. Automated testing is needed. [krb5-admin/62]
* dump.c (load_db): rename osa_adb_rename_policy to *_db
Thu Oct 3 18:17:36 1996 Barry Jaspan <bjaspan@mit.edu>
* kdb5_util.c (ARG_VAL): case second half of ?: operator to char *
to fix problem on AIX; this should have worked anyway because of
the , operator but it is easy enough to force the solution, too.
[krb5-admin/41]
Tue Sep 10 14:16:40 1996 Tom Yu <tlyu@mit.edu>
* kdb5_edit.M: remove extra args from .TH
* kdb5_util.M: remove ".so man1/header.doc"
Mon Sep 9 11:06:29 1996 Theodore Y. Ts'o <tytso@mit.edu>
* loadv4.c: Don't call get_config_params again, since it's not
necessary, and breaks the policy database name if it is
manually set.
Wed Sep 4 17:34:58 1996 Theodore Y. Ts'o <tytso@mit.edu>
* loadv4.c (load_v4db): Fix argument parsing so that it actually works!
Eliminated the -f option, as it is superfluous. Don't
create the policy database if using the -t option, since
it'll already exist.
* kdb5_util.c (usage): Fix usage message so that it's correct for
load_v4.
Tue Sep 3 22:12:54 1996 Theodore Y. Ts'o <tytso@mit.edu>
* Makefile.in (install): Fixed typo: ($PROG) -> $(PROG)
Thu Aug 29 11:57:09 1996 Barry Jaspan <bjaspan@mit.edu>
* dump.c (dump_db): don't compare apples and iguanas
Sat Aug 24 21:14:45 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* loadv4.c, kdb5_stash.c: Removed unused variable rparams.
Fri Aug 16 12:00:56 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* configure.in: Link with the GSSAPI library, since it's needed
for shared libraries.
Mon Aug 12 11:41:57 1996 Barry Jaspan <bjaspan@mit.edu>
* kdb5_util.c: make mkey_password non-static
* kdb5_create.c: use global mkey_password
Mon Aug 5 21:24:47 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* kdb5_stash.c (kdb5_stash): Ignore (expected) failure in stashing
key when key not already present in returning exit status.
Mon Aug 5 14:36:47 1996 Barry Jaspan <bjaspan@DUN-DUN-NOODLES>
* all files: reworked for non-ss usage; kdb5_util_ct.ct and
ss_wrapper.c are now obsolete
Thu Aug 1 14:34:51 1996 Barry Jaspan <bjaspan@DUN-DUN-NOODLES>
* dump.c, kadm5_create.c, kdb5_create.c: create policy database
and kadm5 principals when loading a databas
* loadv4.c: create empty policy database after loading V4 dump file
* dumpv4.c (dump_v4db): use global_params.stash_file
* Makefile.in, Makefile.ov, configure.in, dump.c: add support for
dump/load of OV*Secure-compatible format.
Wed Jul 31 14:55:38 1996 Tom Yu <tlyu@mit.edu>
* kdb5_stash.c (kdb5_stash): Declare optind.
Tue Jul 30 17:51:24 1996 Samuel D Hartman (hartmans@vorlon)
* configure.in: Use gssapi library.
Sat Jul 27 02:16:01 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* kdb5_create.c (kdb5_create): Ignore (expected) failure in
open_db_and_mkey when creating database in returning exit
status.
Wed Jul 24 02:57:16 1996 Sam Hartman <hartmans@tertius.mit.edu>
* loadv4.cdumpv4.c : Fixes for Athena Kerberos
Wed Jul 24 02:47:07 1996 Sam Hartman <hartmans@mit.edu>
* configure.in: Check for kdc.h and krb_db.h for Athena Kerberos.
Tue Jul 23 17:03:42 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
* Makefile.in: add dependency for kdb5_util_ct.o
Thu Jul 18 19:22:04 1996 Marc Horowitz <marc@mit.edu>
* configure.in: removed SS_RULES
Wed Jul 10 19:43:22 1996 Marc Horowitz <marc@mit.edu>
* dumpv4.c (configure.in, Makefile.in): make autoconf work after
barry's carnage
Sun May 12 00:27:44 1996 Marc Horowitz <marc@mit.edu>
* loadv4.c (enter_in_v5_db, add_principal), kdb5_edit.c
(create_db_entry, modent), dumpv4.c (dump_v4_iterator), dump.c
(dump_k5beta_iterator, process_k5beta_record): convert to use new
krb5_dbe_* tl_data functions.
* cpw.c (enter_pwd_key): krb5_dbe_cpw() takes a kvno now.
Tue May 7 23:16:57 1996 Marc Horowitz <marc@mit.edu>
* configure.in: USE_KADM_LIBRARY replaced by USE_KADMSRV_LIBRARY
Thu Apr 11 19:32:36 1996 Richard Basch <basch@lehman.com>
* kdb5_edit.c (extract_v4_srvtab): Use the matching key_data's kvno;
don't assume that key_data[0]'s kvno is necessarily the matching
key_data's kvno.
Wed Apr 10 19:17:58 1996 Richard Basch <basch@lehman.com>
* kdb5_edit.c (extract_v4_srvtab): Translate the principal name to
the common V4 name.
Tue Mar 19 18:00:58 1996 Richard Basch <basch@lehman.com>
* kdb5_edit.c (extract_v4_srvtab): do not test to make sure we
fetched a key of enctype 1 (des-cbc-crc), since we may have gotten
another des key from the database, which is just as useful in a
v4 srvtab
* dumpv4.c (dump_v4_iterator): use krb5_524_conv_principal to do the
v5 to v4 principal translation, instead of having yet another
hard-coded table.
Wed Mar 6 16:17:20 1996 Richard Basch <basch@lehman.com>
* dumpv4.c: The V4 master key & schedule was never initialized,
so the dump created by dump_v4db was garbage. Read the V4
master key from /.k or prompt for the V4 master key password.
If there is no V4-salt key in the database, but there is a DES
key, include it in the V4 dump, in case it is merely a random
service key for which there is no associated password.
Skip over K/M in the V5 database (use the entered V4 master key).
Both krbtgt and afs keys often have domain-qualifed instances.
Tue Mar 5 12:18:22 1996 Richard Basch <basch@lehman.com>
* dump.c: POSIX locking requires that the file be opened read-write.
Mon Feb 26 22:42:09 1996 Mark Eichin <eichin@cygnus.com>
* kdb5_edit.c: new command line option -f stashfile.
* kdb5_edit.M: document stashfile option.
Mon Feb 26 22:13:45 1996 Mark Eichin <eichin@cygnus.com>
* dump.c (process_k5beta_record): since V4 salt type has no data
either, only set key_data_ver to 1 for data_type 0 with 0-length
salt. Also, don't include alternate key if akey has all-zero type
and length in both fields.
Sat Feb 24 04:02:18 1996 Mark W. Eichin <eichin@cygnus.com>
* dump.c (process_k5beta_record): encrypted keys used to have 4
byte lengths in MSB order, need to convert to 2 byte LSB order
lengths before storing. Handle primary key and alternate key.
Fri Feb 23 18:44:10 1996 Mark Eichin <eichin@cygnus.com>
* kdb5_edit.c (kdb5_edit_Init): set manual_mkey for testing with -P
Wed Feb 14 09:52:18 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* kdb5_edit.c (enter_master_key, set_dbname_help): If master key
enctype is unknown, set to DEFAULT_KDC_ENCTYPE.
Tue Feb 13 16:08:07 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* kdb5_edit.c (extract_v4_srvtab): krb5_dbekd_decrypt_key_data
takes krb5_key_data *, not **.
Tue Jan 30 18:28:57 1996 Mark Eichin <eichin@cygnus.com>
* dump.c (load_db): dbrenerr_fmt prints "from" first, so pass it
to fprintf correctly.
Sun Jan 28 14:31:47 1996 Mark Eichin <eichin@cygnus.com>
* dump.c (process_k5_record): t2..t9 is only 8 vars, not 9.
Thu Jan 25 16:07:42 1996 Sam Hartman <hartmans@tertius.mit.edu>
* kdb5_edit.c (extract_srvtab): Extract *all* the keys in a
dbentry, not the first one.
(extract_v4_srvtab): Attempt to find the right v4 keys.
Wed Jan 24 18:48:38 1996 Tom Yu <tlyu@dragons-lair.MIT.EDU>
* Makefile.in: Remove spurious @DEFS@
Wed Dec 13 03:44:58 1995 Chris Provenzano (proven@mit.edu)
* dump.c, dumpv4.c, kdb5_edit.c, loadv4.c :
Remove mkvno from krb5_db_entry.
Sun Dec 10 11:07:51 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* kdb5_edit.M: Document that modent exists
* kdb5_edit.c (modent): Add usage as suggested by jhawk@mit.edu.
Thu Nov 09 17:05:57 1995 Chris Provenzano (proven@mit.edu)
* kdb5_edit.c : Remove krb5_enctype from krb5_string_to_key() args.
Fri Oct 27 13:37:04 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* dump.c (process_k5_record): Fix off by one in malloc.
Mon Oct 9 16:35:19 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* kdb5_edit.c (extract_v4_srvtab): Extract a one byte version
number for v4 srvtabs (from warlord).
Thu Oct 5 10:35:35 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* cpw.c: Declare std_ks_tuple as extern.
* kdb5_edit.h: Remove std_ks_tuple declaration as not all sources
include adm.h for structures
Tue Oct 3 23:10:57 1995 Theodore Y. Ts'o <tytso@dcl>
* cpw.c (enter_rnd_key, enter_pwd_key):
* kdb5_edit.c (kdb5_edit_Init): Use the kdc.conf file to determine
the default list of keysalt tuples to be used. This is
stored in std_ks_tuple, and is used by cpw.c for random
keys and when a list of keysalts is not specified.
Mon Sep 18 03:59:47 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* kdb5_edit.c (show_principal): Show key version and last password
change.
* cpw.c: Fix typo in below change in which list was terminated
after third entry. (extra } removed)
Fri Sep 15 14:21:25 1995 Theodore Y. Ts'o <tytso@dcl>
* cpw.c: Add DES_CBC_MD5 and DES_CBC_CRC with the V4 salt as
default key/salt tuples to be added. (Once proven's DES_*
folding code is implemented, we can shorten this list.)
Eventually, this list should be read in from kdc.conf.
Thu Sep 7 20:41:24 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* loadv4.c (load_v4db): Provide a dummy routine if krb4
compatibility is not compiled in.
Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
* cpw.c, dump.c, dumpv4.c, kdb5_edit.c, loadv4.c :
s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
* cpw.c, dump.c, dumpv4.c, kdb5_edit.c, loadv4.c : Remove krb5_enctype
references, and replace with krb5_keytype where appropriate.
Fri Aug 25 17:37:33 EDT 1995 Paul Park (pjpark@mit.edu)
* dumpv4.c - Fix handle_keys(). It was trying to recreate work that
has already been done.
* Makefile.in, .Sanitize, loadv4.c, kdb5_ed_ct.ct - Add lddb4, the
command to load a v4 dump file. This is basically, kdb5_
convert reconstituted to fit within the framework of kdb5_edit.
Thu Aug 24 19:28:39 1995 Theodore Y. Ts'o <tytso@dcl>
* .Sanitize: Update file list
Mon Aug 21 16:45:39 EDT 1995 Paul Park (pjpark@mit.edu)
* dump.c - Completely rework this logic to support old (e.g. Beta 5
and previous) dump format and new dump format using the same
commands. This is differentiated by using the "-old" command
qualifier.
* kdb5_edit.M - Add description of -R and -s. Remove "ascii represen-
tation of a decimal number". Remove "Bugs".
Fri Aug 18 17:06:06 EDT 1995 Paul Park (pjpark@mit.edu)
* ss_wrapper.c - Change sense of fgets() check so scripts work.
Tue Aug 15 14:22:50 EDT 1995 Paul Park (pjpark@mit.edu)
* kdb5_edit.c, ss_wrapper.c, cpw.c, kdb5_edit.h - Add support for
-s scriptfile and fix up assorted gcc -Wall complaints.
Mon Aug 7 17:32:31 EDT 1995 Paul Park (pjpark@mit.edu)
* cpw.c - Use krb5_string_to_keysalts() to generate a list of unique
key/salt pairs supplied in argv.
Mon Aug 07 11:16:03 1995 Chris Provenzano (proven@mit.edu)
* cpw.c : Uses new kdb change password routines for ank, ark, cpw,
and crk. Also remove v4 variants of ank and cpw.
* krb5_edit.c : Deleted old variants of rotuines now in cpw.c
* kdb5_ed_ct.ct, kdb5_edit.M, tcl_wrapper.c:
Removed references to v4 variants of ank and cpw.
* kdb5_edit.h (enter_pwd_key()) : Removed proto, it's nolonger
necessary as it's a static routine in cpw.c
Thu Aug 03 12:13:50 1995 Chris Provenzano (proven@mit.edu)
* cpw.c : New change password code for kdb5_edit.
* dumpv4.c : Get it to compile with new kdb format.
Mon Jul 31 15:47:30 EDT 1995 Paul Park (pjpark@mit.edu)
* kdb5_edit.c - Use libkadm string conversion routines. These are
shared by all utilities.
* Makefile.in - Remove getdate.y.
* configure.in - Remove getdate.y dependency checks.
* getdate.y - Sayonara.
Thu Jul 27 15:01:01 EDT 1995 Paul Park (pjpark@mit.edu)
* configure.in - Add --with-dbm and check for already checking for dbm.
Thu Jul 27 02:59:05 1995 Chris Provenzano (proven@mit.edu)
* dump.c kdb5_edit.c kdb5_edit.h util.c : Use new kdb format.
Mon Jul 17 15:00:08 EDT 1995 Paul Park (pjpark@mit.edu)
* configure.in - Add KADM library.
* dumpv4.c - Change calling sequence to krb5_db_fetch_mkey().
* kdb5_edit.c - Change calling sequence to krb5_db_fetch_mkey() which
uses the stash file. Add KDC profile reading/handling as a
supplement to command line supplied arguments.
Wed Jul 12 12:01:04 EDT 1995 Paul Park (pjpark@mit.edu)
* configure.in - Temporarily add --with-kdb4 option. Default is without
kdb4. Without kdb4 enables a define. With kdb4 uses -lkdb4 and
-l[n]dbm libraries.
* dumpv4.c - Conditionalize references to kdb4 routines with
KDB4_DISABLE. Replace two required routines:
kdb_encrypt_key -> pcbc_encrypt
kdb_get_master_key -> des_read_password/printf/key_sched
Fri Jul 7 15:38:00 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Remove all explicit library handling and LDFLAGS.
* configure.in - Add USE_<mumble> and KRB5_LIBRARIES.
Thu Jun 15 15:34:59 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Change explicit library names to -l<lib> form, and
change target link line to use $(LD) and associated flags.
Also, for K4, use KRB4_LIB and KRB4_CRYPTO_LIB, these wer
split out.
* configure.in - Add shared library usage check.
Fri Jun 9 18:14:43 1995 <tytso@rsx-11.mit.edu>
* configure.in: Remove standardized set of autoconf macros, which
are now handled by CONFIG_RULES.
* dumpv4.c: Change name of controlling #ifdef to be
KRB5_KRB4_COMPAT instead of KRB4.
Sun May 21 14:20:32 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* dumpv4.c: Include k5-int.h before krb.h so that PROTOTYPE is not
redefined.
Sun May 7 13:46:30 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* configure.in: Add AC_HEADER_STDC to define STDC_HEADERS for
getdate.y.
Mon May 1 13:36:41 1995 Theodore Y. Ts'o (tytso@dcl)
* kdb5_edit.c (kdb5_edit_Init): Check the return code from
kdb5_init_context().
Fri Apr 28 18:04:26 1995 Mark Eichin <eichin@cygnus.com>
* Makefile.in (LOCAL_LIBRARIES): put KRB4_LIB inside KLIB, and put
KDB4_LIB ahead of them both.
Thu Apr 27 13:47:23 1995 Mark Eichin <eichin@cygnus.com>
* Makefile.in (LOCAL_LIBRARIES): use KRB4_LIB and KDB4_LIB
directly.
* configure.in: just use WITH_KRB4.
Wed Apr 19 13:59:47 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* kdb5_edit.c (kdb5_edit_Init): If a default realm is specified
(with -r), use krb5_set_default_realm so that created keys
will have the correct realm.
Thu Mar 23 23:28:26 1995 Theodore Y. Ts'o <tytso@dcl>
* kdb5_edit.c (show_principal, parse_princ_args): Add
"support_desmd5" flag.
Tue Mar 14 16:29:05 1995 <tytso@rsx-11.mit.edu>
* ss_wrapper.c (main): Set the return code from ss_execute_line(),
so that appropriate error checking is done.
Thu Mar 2 12:18:57 1995 Theodore Y. Ts'o <tytso@dcl>
* Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
Wed Mar 1 11:53:02 1995 Theodore Y. Ts'o <tytso@dcl>
* configure.in: Remove ISODE_INCLUDE, replace check for -lsocket
and -lnsl with WITH_NETLIB check.
Tue Feb 28 02:06:26 1995 John Gilmore (gnu at toad.com)
* dump.c, dumpv4.c, kdb5_edit.c, ss_wrapper.c, tcl_wrapper.c,
util.c: Avoid <krb5/...> includes.
Thu Feb 23 19:52:35 1995 Mark Eichin (eichin@cygnus.com)
* kdb5_edit.c: add struct timeb and sys/timeb includes from
getdate.y.
(ftime): new function, in case we don't HAVE_FTIME.
Tue Feb 14 17:55:47 1995 Tom Yu (tlyu@dragons-lair)
* kdb5_edit.c: add modent
* getdate.y: import get_date
* kdbt_ed_ct.ct: add modent
* configure.in:
* Makefile.in: support for getdate.y
Wed Feb 8 20:08:36 1995 Tom Yu (tlyu@dragons-lair)
* kdb5_edit.c (show_principal): make sane and print all useful
fields
Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu)
* Removed all narrow types and references to wide.h and narrow.h
Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
* Added krb5_context to all krb5_routines
Mon Dec 19 18:04:11 1994 Theodore Y. Ts'o (tytso@dcl)
* configure.in:
* Makefile.in:
* dumpv4.c (dump_v4db): Do the right thing if we are compiling
without V4 support. (The dump_v4db command is disabled.)
Wed Dec 7 00:07:46 1994 <tytso@rsx-11.mit.edu>
* dumpv4.c (v4_print_time): gmtime expects a pointer to a time_t,
not a long. On most systems these are the same, on
others....
Wed Nov 16 01:03:42 1994 Mark Eichin (eichin@cygnus.com)
* dumpv4.c: new file. New command dump_v4db which creates a v4
slave dump out of a v5 database, leaving out any keys which aren't
using v4 salt, and any keys that aren't for the current
realm. Reencrypts using v4 master key, synthesizes arbitrary
master key version number.
* configure.in: use WITH_KRB4 for dump support.
* kdb5_ed_ct.ct: add new dump_v4 command.
* Makefile.in: link in dumpv4.
Fri Oct 14 23:31:49 1994 Theodore Y. Ts'o (tytso@dcl)
* dump.c (load_db): When scanning a database entry, read
fail_auth_count into a temporary integer variable, and
then copy that into entry.fail_auth_count, which is a
char.
Fri Oct 7 00:01:40 1994 Theodore Y. Ts'o (tytso@dcl)
* kdb5_edit.c (kdb5_edit_Init): Don't let errors in
set_dbname_help initially cause the exit status to be set.
Commands like load_db don't need a valid database to be
opened.
* ss_wrapper.c (main): Clear code before ss_execute_line, since
ss_execute_line doesn't set code to 0 if there are no
problems.
* kdb5_edit.c (kdb5_edit_Init): Add a new option so that the
master key password can be entered on the command line ---
for testing only; not documented!!
Mon Oct 3 19:10:47 1994 Theodore Y. Ts'o (tytso@dcl)
* Makefile.in: Use $(srcdir) to find manual page for make install.
Thu Sep 29 15:52:22 1994 Theodore Y. Ts'o (tytso@dcl)
* dump.c (update_ok_file): Make sure mod time on the dump_ok file
is updated. (Some systems don't update the mod-time when
a file is opened for writing.)
* Makefile.in: Relink executable when libraries change.
* kdb5_edit.c (show_principal): Pass variable with correct type to
ctime().
* tcl_wrapper.c (doquit):
ss_wrapper.c (main):
kdb5_edit.c:
dump.c: Exit with a non-zero exit status if there was an error
in a executed command.
Thu Sep 15 11:00:30 1994 Theodore Y. Ts'o (tytso@dcl)
* dump.c (load_db): Fix error string on failed fopen. ("for
writing" -> "for reading")
|