Wed Sep 13 22:08:56 1995 Theodore Y. Ts'o (tytso@dcl) * srv_key.c (key_string2key_keysalt and key_randomkey_keysalt): Install really ugly hack to prevent these routines from munging the master_encblock. This is not the correct fix. Proven will be making the correct fix which will involve removing these routines and using the corect libkdb functions. * srv_key.c (key_encrypt_keys): Remove equally errneous krb5_use_enctype() call from key_encrypt_keys(). * srv_key.c (key_decrypt_keys): Keys are encrypted in the key of the master key encryption type, not in the keytype of the key!!! Removed erroneous krb5_use_enctype() call. Fixed -Wall flames all over the file. Thu Sep 7 17:52:24 1995 Theodore Y. Ts'o * srv_key.c: Globally change use of ENCTYPE_DES_CBC_MD5 to DEFAULT_KDC_ENCTYPE, so that we use the same encryption type by default for all KDC server programs. * srv_main.c (main): Set the default realm from the -r argument, so that correct defaulting takes place for things like krb5_parse(). * srv_net.c (net_init): Use KRB5_ADM_SERVICE_INSTANCE to determine the service instance, instance of KRB5_ADMIN_SERVICE_NAME. Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) * admin.c, passwd.c, srv_key.c, srv_main.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) * admin.c, kadm5_defs.h, srv_key.c, srv_main.c : Remove krb5_enctype references, and replace with krb5_keytype where appropriate. Thu Aug 31 16:07:24 EDT 1995 Paul Park (pjpark@mit.edu) * srv_acl.c, kadm5_defs.h - Change operation of acl_op_permitted(). It now takes another argument which is the name of the target of the operation. This allows finer granularity of control over administrative operations for clients. * srv_acl.c - Change SIGALRM to SIGHUP under POSIX_SIGNALS. We want SIGHUP to reread the ACL file. * admin.c, passwd.c - Conform to new ACL operations. * kadmind5.M - Change description of ACL file. Fri Aug 25 17:40:52 EDT 1995 Paul Park (pjpark@mit.edu) * srv_key.c - Fix automatic generation of changepw service which got screwed up when the database changes went in. Thu Aug 17 13:50:28 EDT 1995 Paul Park (pjpark@mit.edu) * srv_key.c, kadm5_defs.h - Add key_{open,close}_db(). Close database after initialization. * proto_serv.c - Open the database after reading a command and close it before sending a response. Tue Aug 15 14:28:03 EDT 1995 Paul Park (pjpark@mit.edu) * kadm5_defs.h, admin.c, passwd.c, srv_key.c - Replace key_name_to_data with krb5_dbe_find_keytype(). Thu Aug 10 14:34:31 EDT 1995 Paul Park (pjpark@mit.edu) * srv_key.c - Consolidate handling of tagged database attributes here in key_update_tl_attrs(). Fix a bug which was never encountered * kadm5_defs.h - Add prototype for key_update_tl_attrs(). * admin.c, passwd.c - Use key_update_tl_attrs() where appropriate. Wed Aug 9 17:09:35 EDT 1995 Paul Park (pjpark@mit.edu) * admin.c - Add code to use kdb5's change-password interfaces under USE_KDB5_CPW for now until it's fully shaken out. - Fix a memory leak in admin_add_modify. - Handle null return from krb5_dbe_decode_mod_princ_data(). * passwd.c - Add code to use kdb5's change-password interfaces under USE_KDB5_CPW for now until it's fully shaken out. - Fix a memory leak in passwd_check_opass_ok() * proto_serv.c - Use krb5_auth_context_free() to free the auth_context instead of krb5_xfree(). * srv_acl.c - Fix Purify complaint about reading freed data. * srv_key.c - Add krb5_use_keytype() for each keytype. Add key_master_ encblock() for usage by kdb5's change-password interfaces. * srv_net.c - Change sense of test to mark slave entry freed. This allows us to work for a while while debugging and slave creation disable. * kadm5_defs.h - Add prototype for key_master_encblock(). Tue Aug 8 17:30:36 EDT 1995 Paul Park (pjpark@mit.edu) * admin.c - Allow multiple key/salt strings to be parsed. Fix key merging logic. Fix some Purify complaints. * srv_key.c(key_string_to_key) - Don't deallocate key/salt tuples if supplied by caller. * proto_serv.c - Under POSIX_SETJMP use sigjmp_buf. * srv_main.c - Under POSIX_SETJMP, use sigjmp_buf. * srv_net.c - Under POSIX_SETJMP, use sigjmp_buf. * srv_output.c - Support new protocol error messages. Mon Aug 7 17:34:52 EDT 1995 Paul Park (pjpark@mit.edu) * admin.c - Fix key list merging so that key version numbers are generated and merged correctly. * srv_key.c - Handle V4 salttype correctly. Fri Aug 4 16:14:36 EDT 1995 Paul Park (pjpark@mit.edu) * admin.c - Add support for "ADD-KEY" and "DELETE-KEY" protocol requests as well as adding the ability to keep previous random keys lying around after change. * kadm5_defs.h - Update key handling prototypes and add prototypes for newly visible routines. * passwd.c - Make passwd_check_opass_ok() visible so that admin.c can use it to check the password against existing keys. Also, use macro to encode last_pwd_change and mod_date data. * proto_serv.c - Add support for "ADD-KEY" and "DELETE-KEY" protocol requests. Change KRB_ERR_GENERIC to KRB5KRB_ERR_GENERIC. * srv_key.c - Use krb5_keysalt_iterate() to iterate over the desired key/salt types for key_string_to_keys() and key_random_key(). Find the latest admin key instead of assuming that the first key is the one to use. Thu Aug 3 11:40:24 EDT 1995 Paul Park (pjpark@mit.edu) * kadm5_defs.h - Include adm.h, update prototypes. * admin,passwd.c - Rework database entry merge logic to use new database entry format. Use new callling sequences to key_{string_to, encrypt,decrypt,random}_keys. * srv_key.c - Rework database handling logic to use new database entry format. Store all admin keys and use the first one as the admin key for now. Rework key_{string_to,encrypt,decrypt, random}_keys. * srv_main.c - Handle the key/salt pair list and pass it to key_init. * srv_net.c - Clean up debugging messages. Thu Jul 27 15:08:29 EDT 1995 Paul Park (pjpark@mit.edu) * srv_key.c - Remove inclusion of "mit-des.h", it's no longer needed. Use KRB5_MIT_DES_KEYSIZE instead of sizeof(mit_des_cblock). Mon Jul 17 15:07:08 EDT 1995 Paul Park (pjpark@mit.edu) * srv_main.c - Add stash-file handling and supply appropriate value to krb5_db_fetch_mkey(). Add KDC profile reading/handling to supercede any values supplied on the command line. Add call to new admin_init() which initializes the admin module. * srv_key.c - Add stash-file handling. * admin.c - Add admin_init() which takes supplied per-realm defaults to initialize the default database entry. * kadm5_defs.h - Change PROTOTYPE to KRB5_PROTOTYPE. Update prototype for key_init and add admin_init. * kadmind5.M - Add description of -s stashfile. Fri Jul 7 16:01:37 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Remove all explicit library handling and LDFLAGS. * configure.in - Add USE_ and KRB5_LIBRARIES. Fri Jun 30 14:35:00 EDT 1995 Paul Park (pjpark@mit.edu) * srv_main.c - Instead of moving up the initialization and calls to key_init() before the call to daemon(), have daemon() not disassociate from the terminal if the -m flag is set. * configure.in - Add --with-dbm to select between Berkeley and DBM KDC database format. Tue Jun 27 18:14:33 1995 Sam Hartman * srv_main.c (main): Rearrange code so that we ask for the master key *before* we detach from the controlling terminal. This causes the Kerberos context to be initialized in the parent before the fork; I'm not sure if this is acceptable or not. Tue Jun 27 16:02:24 EDT 1995 Paul Park (pjpark@mit.edu) * srv_net.c, srv_acl.c, proto_serv.c - Add signal name parameter to signal handlers to conform to prototype. Thu Jun 15 17:54:31 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Change explicit library names to -l form, and change target link line to use $(LD) and associated flags. Also, remove DBMLIB, it was not used. * configure.in - Remove dbm library checks, these are no longer needed with the Berkeley database code. Also, add shared library usage check. Wed Jun 14 17:19:09 1995 Sam Hartman * srv_acl.c (acl_get_line): Check to make sure we haven't exceeded the buffer size before overwriting the newline we may have just read. If the newline is clobbered, there is no way of distinguishing between a line that uses the full buffer from a line longer than the full buffer. Also, cast EOF to a char, so that it works on unsigned char systems. This means you can't distinguish reading 0xff at the beginning of a line from EOF, but the only other option is to introduce an intermediate variable. Tue Jun 13 11:36:52 1995 Sam Hartman * srv_net.c: Include sys/select.h if it is found. * configure.in: Check for sys/select.h; needed under AIX to define fd_set and associated macros. Sat Jun 10 23:04:00 1995 Tom Yu (tlyu@dragons-lair) * kadm5_defs.h, passwd.c, proto_serv.c: krb5_auth_context redefinitions Fri Jun 9 19:06:04 1995 * configure.in: Remove standardized set of autoconf macros, which are now handled by CONFIG_RULES. Thu Jun 8 14:46:05 EDT 1995 Paul Park (pjpark@mit.edu) * admin.c, passwd.c, srv_acl.c - Supply severities for error messages. * proto_serv.c, srv_net.c - Supply severities for error messages and change DLOG to DPRINT. * srv_main.c - Supply severities for error messages. Remove com_err handling and syslog() logic for routines in libkadm. Wed Jun 7 12:03:10 1995 * Makefile.in (CFLAGS), srv_acl.c (acl_init): Use KRB5_DEFAULT_ADMIN_ACL defined in osconf.h Tue Jun 6 19:42:18 1995 Ezra Peisach * srv_key.c (key_decrypt_keys): On error, when clearing keyblocks, set contents to null. (key_get_admin_entry): Allocate enough memory for admin_princ_name. Initialize akey and pkey to zero. Cannot use krb5_free_keyblock on stack based keyblock. (key_finish): Cannot use krb5_free_keyblock on bss based keyblock. Mon Jun 5 14:14:10 EDT 1995 Paul Park (pjpark@mit.edu) * srv_key.c(key_get_admin_entry) - When adding database entry for changepw principal, supply a maximum life and maximum renewable lifetime so that it doesn't end up being zero. Thu Jun 1 14:34:41 EDT 1995 Paul Park (pjpark@mit.edu) * srv_acl.c: Change default acl file name to be a #define. If it is not defined, then default to /krb5/krb5_adm.acl. * srv_key.c: Add logic to retrieve or create the database entry for the password changing service. Subsequently, squirrel away the key so that we do not need a srvtab. * proto_serv.c: If no srvtab is specified, then use the squirreled admin key so that we can live without a srvtab. * kadm5_defs.h: Add prototype for admin key routine. * Makefile.in: Set the default acl file to be $(KRB5ROOT)/krb5_adm.acl. * kadmind5.M: Add description of missing flags. Removed file names. Sun May 28 15:58:15 1995 Ezra Peisach * srv_main.c (main): Use exit instead of return from main. Otherwise may return to a signal interrupt on shutdown. On shutdown - do not output message as stdout may be closed on receivers end. Fri May 26 17:50:13 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Add KDBLIB to dependency list. Mon May 22 09:46:53 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Install kadmind5 in $(SERVER_BINDIR), install manpage in $(SERVER_MANDIR). * kadmind5.M - Change section to section 8. Tue May 16 10:31:12 EDT 1995 Paul Park (pjpark@mit.edu) * proto_serv.c - Don't destroy the replay cache when done. Fri May 12 16:06:24 EDT 1995 Paul Park (pjpark@mit.edu) * admin.c - Change for Ultrix: howmany->how_many because howmany is a macro used to count how many elements in an array. * kadm5_defs.h, srv_net.c - Use DEBUG_NOSLAVES to determine when to create a new slave for handling connections. Also, change max slaves to 2*SOMAXCONN and reduce sleep wait to 2 seconds. * configure.in, proto_serv.c, srv_acl.c, srv_main.c, srv_net.c - Use POSIX signals/setjmp/longjmp when present. Thu May 11 12:20:58 EDT 1995 Paul Park (pjpark@mit.edu) * srv_key.c - Defer setting keyb and encb init flags until we have successfully verified the master key. Avoids a core dump if we don't enter it correctly. * srv_net.c - Set SO_REUSEADDR on the socket if we're not binding to the standard port. Also remove logic which retried bind if bind failed. Sat May 9 17:46:31 1995 Ezra Peisach * srv_output.c (lang_error_message): Local variable is assigned from error_message() which returns a const char *. Should be assigned to same. * srv_acl.c: Added const to acl_acl_file definition. default_acl_file is a const char * and gets assigned to it. Tue May 9 15:29:10 EDT 1995 Paul Park (pjpark@mit.edu) Add new administrative protocol support functions and fix bugs. * kadm5_defs.h - Add extract operation. Move error subcodes to adm.h. Update prototypes. * kadmind5.M - Add descriptions of -n, -p and -T options. Change name of -i to -m option. Add description of 'e' acl entry. * passwd.c - Make passwd_check_npass_ok a global routine. * proto_serv.c - Use keytab supplied with -T option. Support new administrative protocol functions. Destroy replay cache when done with request. * srv_acl.c - Add catchall entry which allows principals to change their own passwords. This is the last entry inserted and can be overridden with an entry in the ACL file. By default, we now deny operations unless there is an entry. * srv_key.c - Use keytab supplied with -T option. Actually set the default realm to be the specified realm. Return salt values from key_string_to_keys(). Add random key generator. * srv_main.c - Add support for -T option. Change -i to -m. Add daemon() call if -n option is not specified. Add support for -p option. * srv_net.c - Close connected socket in parent. This was causing the connection to remain open even when the child was finished with it. Add support for -p option. Determine our port otherwise from the profile, and then the /etc/services entry. * srv_output.c - Add support for new error codes. Fri May 5 11:11:39 EDT 1995 Paul Park (pjpark@mit.edu) #ifdef out language flags. Remove description from manpage. Fri Apr 28 17:58:11 EDT 1995 Paul Park (pjpark@mit.edu) * proto_serv.c - ifdef-out commands which are not fully supported. Fri Apr 28 17:38:36 EDT 1995 Paul Park (pjpark@mit.edu) * srv_net.c, proto_serv.c - re-include for signal name definitions. Removal of them was over-zealous. Fri Apr 28 16:38:18 EDT 1995 Paul Park (pjpark@mit.edu) * srv_output.c - slight cleanup to allow output_lang_supported() to function correctly. Fri Apr 28 10:13:21 EDT 1995 Paul Park (pjpark@mit.edu) Add new library libkadm. * configure.in - Check for presence of vsprintf. * passwd.c - Use size_t for sizes. * proto_serv.c - Allow for case-insensitivity of commands. - Remove socket-dependent includes and add NEED_SOCKETS * srv_key.c - Use size_t for sizes. * srv_main.c - Check for presence of vsprintf. * srv_net.c - Remove socket-dependent includes and add NEED_SOCKETS - Use size_t for sizes. - Return success if bind succeeds. * srv_output.c - Add language name recoginition. Fri Apr 28 13:06:18 1995 Theodore Y. Ts'o * srv_net.c: Linux doesn't have SOMAXCONN, assume 5 if not defined. Fri Apr 28 07:32:55 1995 Theodore Y. Ts'o * configure.in: Add check for -ldbm and -lndbm. Thu Apr 27 17:05:54 EDT 1995 Paul Park (pjpark@mit.edu) Update last_pwd_change, mod_name and kvno when changing password successfully. Wed Apr 26 16:00:00 EDT 1995 Paul Park (pjpark@mit.edu) Add new administrative protocol server which only responds to password requests for now.