1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
|
Wed Sep 13 22:08:56 1995 Theodore Y. Ts'o (tytso@dcl)
* srv_key.c (key_string2key_keysalt and key_randomkey_keysalt):
Install really ugly hack to prevent these routines from munging
the master_encblock. This is not the correct fix. Proven
will be making the correct fix which will involve removing
these routines and using the corect libkdb functions.
* srv_key.c (key_encrypt_keys): Remove equally errneous
krb5_use_enctype() call from key_encrypt_keys().
* srv_key.c (key_decrypt_keys): Keys are encrypted in the key of
the master key encryption type, not in the keytype of the
key!!! Removed erroneous krb5_use_enctype() call.
Fixed -Wall flames all over the file.
Thu Sep 7 17:52:24 1995 Theodore Y. Ts'o <tytso@dcl>
* srv_key.c: Globally change use of ENCTYPE_DES_CBC_MD5 to
DEFAULT_KDC_ENCTYPE, so that we use the same encryption
type by default for all KDC server programs.
* srv_main.c (main): Set the default realm from the -r argument,
so that correct defaulting takes place for things like
krb5_parse().
* srv_net.c (net_init): Use KRB5_ADM_SERVICE_INSTANCE to determine
the service instance, instance of KRB5_ADMIN_SERVICE_NAME.
Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
* admin.c, passwd.c, srv_key.c, srv_main.c :
s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
* admin.c, kadm5_defs.h, srv_key.c, srv_main.c : Remove krb5_enctype
references, and replace with krb5_keytype where appropriate.
Thu Aug 31 16:07:24 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_acl.c, kadm5_defs.h - Change operation of acl_op_permitted(). It
now takes another argument which is the name of the target of
the operation. This allows finer granularity of control over
administrative operations for clients.
* srv_acl.c - Change SIGALRM to SIGHUP under POSIX_SIGNALS. We want
SIGHUP to reread the ACL file.
* admin.c, passwd.c - Conform to new ACL operations.
* kadmind5.M - Change description of ACL file.
Fri Aug 25 17:40:52 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_key.c - Fix automatic generation of changepw service which got
screwed up when the database changes went in.
Thu Aug 17 13:50:28 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_key.c, kadm5_defs.h - Add key_{open,close}_db(). Close database
after initialization.
* proto_serv.c - Open the database after reading a command and close
it before sending a response.
Tue Aug 15 14:28:03 EDT 1995 Paul Park (pjpark@mit.edu)
* kadm5_defs.h, admin.c, passwd.c, srv_key.c - Replace key_name_to_data
with krb5_dbe_find_keytype().
Thu Aug 10 14:34:31 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_key.c - Consolidate handling of tagged database attributes here
in key_update_tl_attrs(). Fix a bug which was never encountered
* kadm5_defs.h - Add prototype for key_update_tl_attrs().
* admin.c, passwd.c - Use key_update_tl_attrs() where appropriate.
Wed Aug 9 17:09:35 EDT 1995 Paul Park (pjpark@mit.edu)
* admin.c - Add code to use kdb5's change-password interfaces under
USE_KDB5_CPW for now until it's fully shaken out.
- Fix a memory leak in admin_add_modify.
- Handle null return from krb5_dbe_decode_mod_princ_data().
* passwd.c - Add code to use kdb5's change-password interfaces under
USE_KDB5_CPW for now until it's fully shaken out.
- Fix a memory leak in passwd_check_opass_ok()
* proto_serv.c - Use krb5_auth_context_free() to free the auth_context
instead of krb5_xfree().
* srv_acl.c - Fix Purify complaint about reading freed data.
* srv_key.c - Add krb5_use_keytype() for each keytype. Add key_master_
encblock() for usage by kdb5's change-password interfaces.
* srv_net.c - Change sense of test to mark slave entry freed. This
allows us to work for a while while debugging and slave creation
disable.
* kadm5_defs.h - Add prototype for key_master_encblock().
Tue Aug 8 17:30:36 EDT 1995 Paul Park (pjpark@mit.edu)
* admin.c - Allow multiple key/salt strings to be parsed. Fix key
merging logic. Fix some Purify complaints.
* srv_key.c(key_string_to_key) - Don't deallocate key/salt tuples if
supplied by caller.
* proto_serv.c - Under POSIX_SETJMP use sigjmp_buf.
* srv_main.c - Under POSIX_SETJMP, use sigjmp_buf.
* srv_net.c - Under POSIX_SETJMP, use sigjmp_buf.
* srv_output.c - Support new protocol error messages.
Mon Aug 7 17:34:52 EDT 1995 Paul Park (pjpark@mit.edu)
* admin.c - Fix key list merging so that key version numbers are
generated and merged correctly.
* srv_key.c - Handle V4 salttype correctly.
Fri Aug 4 16:14:36 EDT 1995 Paul Park (pjpark@mit.edu)
* admin.c - Add support for "ADD-KEY" and "DELETE-KEY" protocol requests
as well as adding the ability to keep previous random keys
lying around after change.
* kadm5_defs.h - Update key handling prototypes and add prototypes for
newly visible routines.
* passwd.c - Make passwd_check_opass_ok() visible so that admin.c can
use it to check the password against existing keys. Also, use
macro to encode last_pwd_change and mod_date data.
* proto_serv.c - Add support for "ADD-KEY" and "DELETE-KEY" protocol
requests. Change KRB_ERR_GENERIC to KRB5KRB_ERR_GENERIC.
* srv_key.c - Use krb5_keysalt_iterate() to iterate over the desired
key/salt types for key_string_to_keys() and key_random_key().
Find the latest admin key instead of assuming that the first
key is the one to use.
Thu Aug 3 11:40:24 EDT 1995 Paul Park (pjpark@mit.edu)
* kadm5_defs.h - Include adm.h, update prototypes.
* admin,passwd.c - Rework database entry merge logic to use new database
entry format. Use new callling sequences to key_{string_to,
encrypt,decrypt,random}_keys.
* srv_key.c - Rework database handling logic to use new database entry
format. Store all admin keys and use the first one as the
admin key for now. Rework key_{string_to,encrypt,decrypt,
random}_keys.
* srv_main.c - Handle the key/salt pair list and pass it to key_init.
* srv_net.c - Clean up debugging messages.
Thu Jul 27 15:08:29 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_key.c - Remove inclusion of "mit-des.h", it's no longer needed.
Use KRB5_MIT_DES_KEYSIZE instead of sizeof(mit_des_cblock).
Mon Jul 17 15:07:08 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_main.c - Add stash-file handling and supply appropriate value to
krb5_db_fetch_mkey(). Add KDC profile reading/handling to
supercede any values supplied on the command line. Add call
to new admin_init() which initializes the admin module.
* srv_key.c - Add stash-file handling.
* admin.c - Add admin_init() which takes supplied per-realm defaults to
initialize the default database entry.
* kadm5_defs.h - Change PROTOTYPE to KRB5_PROTOTYPE. Update prototype
for key_init and add admin_init.
* kadmind5.M - Add description of -s stashfile.
Fri Jul 7 16:01:37 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Remove all explicit library handling and LDFLAGS.
* configure.in - Add USE_<mumble> and KRB5_LIBRARIES.
Fri Jun 30 14:35:00 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_main.c - Instead of moving up the initialization and calls to
key_init() before the call to daemon(), have daemon() not
disassociate from the terminal if the -m flag is set.
* configure.in - Add --with-dbm to select between Berkeley and DBM
KDC database format.
Tue Jun 27 18:14:33 1995 Sam Hartman <hartmans@tardis.MIT.EDU>
* srv_main.c (main): Rearrange code so that we ask for the master key *before* we detach from the controlling terminal. This causes the Kerberos context to be initialized in the parent before the fork; I'm not sure if this is acceptable or not.
Tue Jun 27 16:02:24 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_net.c, srv_acl.c, proto_serv.c - Add signal name parameter to
signal handlers to conform to prototype.
Thu Jun 15 17:54:31 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Change explicit library names to -l<lib> form, and
change target link line to use $(LD) and associated flags.
Also, remove DBMLIB, it was not used.
* configure.in - Remove dbm library checks, these are no longer needed
with the Berkeley database code. Also, add shared library
usage check.
Wed Jun 14 17:19:09 1995 Sam Hartman <hartmans@tardis.MIT.EDU>
* srv_acl.c (acl_get_line): Check to make sure we haven't exceeded
the buffer size before overwriting the newline we may have just
read. If the newline is clobbered, there is no way of
distinguishing between a line that uses the full buffer from a
line longer than the full buffer. Also, cast EOF to a char, so
that it works on unsigned char systems. This means you can't
distinguish reading 0xff at the beginning of a line from EOF, but
the only other option is to introduce an intermediate variable.
Tue Jun 13 11:36:52 1995 Sam Hartman <hartmans@tardis.MIT.EDU>
* srv_net.c: Include sys/select.h if it is found.
* configure.in: Check for sys/select.h; needed under AIX to define fd_set and associated macros.
Sat Jun 10 23:04:00 1995 Tom Yu (tlyu@dragons-lair)
* kadm5_defs.h, passwd.c, proto_serv.c: krb5_auth_context
redefinitions
Fri Jun 9 19:06:04 1995 <tytso@rsx-11.mit.edu>
* configure.in: Remove standardized set of autoconf macros, which
are now handled by CONFIG_RULES.
Thu Jun 8 14:46:05 EDT 1995 Paul Park (pjpark@mit.edu)
* admin.c, passwd.c, srv_acl.c - Supply severities for error messages.
* proto_serv.c, srv_net.c - Supply severities for error messages and
change DLOG to DPRINT.
* srv_main.c - Supply severities for error messages. Remove com_err
handling and syslog() logic for routines in libkadm.
Wed Jun 7 12:03:10 1995 <tytso@rsx-11.mit.edu>
* Makefile.in (CFLAGS), srv_acl.c (acl_init): Use
KRB5_DEFAULT_ADMIN_ACL defined in osconf.h
Tue Jun 6 19:42:18 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* srv_key.c (key_decrypt_keys): On error, when clearing keyblocks,
set contents to null.
(key_get_admin_entry): Allocate enough memory for
admin_princ_name.
Initialize akey and pkey to zero.
Cannot use krb5_free_keyblock on stack
based keyblock.
(key_finish): Cannot use krb5_free_keyblock on bss based
keyblock.
Mon Jun 5 14:14:10 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_key.c(key_get_admin_entry) - When adding database entry for
changepw principal, supply a maximum life and maximum renewable
lifetime so that it doesn't end up being zero.
Thu Jun 1 14:34:41 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_acl.c: Change default acl file name to be a #define. If it
is not defined, then default to /krb5/krb5_adm.acl.
* srv_key.c: Add logic to retrieve or create the database entry for
the password changing service. Subsequently, squirrel away
the key so that we do not need a srvtab.
* proto_serv.c: If no srvtab is specified, then use the squirreled
admin key so that we can live without a srvtab.
* kadm5_defs.h: Add prototype for admin key routine.
* Makefile.in: Set the default acl file to be $(KRB5ROOT)/krb5_adm.acl.
* kadmind5.M: Add description of missing flags. Removed file names.
Sun May 28 15:58:15 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* srv_main.c (main): Use exit instead of return from
main. Otherwise may return to a signal interrupt on
shutdown.
On shutdown - do not output message as stdout may
be closed on receivers end.
Fri May 26 17:50:13 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Add KDBLIB to dependency list.
Mon May 22 09:46:53 EDT 1995 Paul Park (pjpark@mit.edu)
* Makefile.in - Install kadmind5 in $(SERVER_BINDIR), install
manpage in $(SERVER_MANDIR).
* kadmind5.M - Change section to section 8.
Tue May 16 10:31:12 EDT 1995 Paul Park (pjpark@mit.edu)
* proto_serv.c - Don't destroy the replay cache when done.
Fri May 12 16:06:24 EDT 1995 Paul Park (pjpark@mit.edu)
* admin.c - Change for Ultrix: howmany->how_many because howmany
is a macro used to count how many elements in an
array.
* kadm5_defs.h, srv_net.c
- Use DEBUG_NOSLAVES to determine when to create a
new slave for handling connections. Also, change
max slaves to 2*SOMAXCONN and reduce sleep wait to
2 seconds.
* configure.in, proto_serv.c, srv_acl.c, srv_main.c, srv_net.c
- Use POSIX signals/setjmp/longjmp when present.
Thu May 11 12:20:58 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_key.c - Defer setting keyb and encb init flags until we
have successfully verified the master key. Avoids
a core dump if we don't enter it correctly.
* srv_net.c - Set SO_REUSEADDR on the socket if we're not binding
to the standard port. Also remove logic which
retried bind if bind failed.
Sat May 9 17:46:31 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
* srv_output.c (lang_error_message): Local variable is assigned
from error_message() which returns a const char *. Should
be assigned to same.
* srv_acl.c: Added const to acl_acl_file
definition. default_acl_file is a const char * and gets
assigned to it.
Tue May 9 15:29:10 EDT 1995 Paul Park (pjpark@mit.edu)
Add new administrative protocol support functions and fix bugs.
* kadm5_defs.h - Add extract operation. Move error subcodes
to adm.h. Update prototypes.
* kadmind5.M - Add descriptions of -n, -p and -T options. Change
name of -i to -m option. Add description of
'e' acl entry.
* passwd.c - Make passwd_check_npass_ok a global routine.
* proto_serv.c - Use keytab supplied with -T option. Support
new administrative protocol functions. Destroy
replay cache when done with request.
* srv_acl.c - Add catchall entry which allows principals to
change their own passwords. This is the last entry
inserted and can be overridden with an entry in
the ACL file. By default, we now deny operations
unless there is an entry.
* srv_key.c - Use keytab supplied with -T option. Actually set
the default realm to be the specified realm. Return
salt values from key_string_to_keys(). Add random
key generator.
* srv_main.c - Add support for -T option. Change -i to -m. Add
daemon() call if -n option is not specified. Add
support for -p option.
* srv_net.c - Close connected socket in parent. This was causing
the connection to remain open even when the child
was finished with it. Add support for -p option.
Determine our port otherwise from the profile, and
then the /etc/services entry.
* srv_output.c - Add support for new error codes.
Fri May 5 11:11:39 EDT 1995 Paul Park (pjpark@mit.edu)
#ifdef out language flags. Remove description from manpage.
Fri Apr 28 17:58:11 EDT 1995 Paul Park (pjpark@mit.edu)
* proto_serv.c - ifdef-out commands which are not fully supported.
Fri Apr 28 17:38:36 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_net.c, proto_serv.c - re-include <signal.h> for signal name
definitions. Removal of them was over-zealous.
Fri Apr 28 16:38:18 EDT 1995 Paul Park (pjpark@mit.edu)
* srv_output.c - slight cleanup to allow output_lang_supported()
to function correctly.
Fri Apr 28 10:13:21 EDT 1995 Paul Park (pjpark@mit.edu)
Add new library libkadm.
* configure.in - Check for presence of vsprintf.
* passwd.c - Use size_t for sizes.
* proto_serv.c - Allow for case-insensitivity of commands.
- Remove socket-dependent includes and add NEED_SOCKETS
* srv_key.c - Use size_t for sizes.
* srv_main.c - Check for presence of vsprintf.
* srv_net.c - Remove socket-dependent includes and add NEED_SOCKETS
- Use size_t for sizes.
- Return success if bind succeeds.
* srv_output.c - Add language name recoginition.
Fri Apr 28 13:06:18 1995 Theodore Y. Ts'o <tytso@dcl>
* srv_net.c: Linux doesn't have SOMAXCONN, assume 5 if not defined.
Fri Apr 28 07:32:55 1995 Theodore Y. Ts'o <tytso@lurch.mit.edu>
* configure.in: Add check for -ldbm and -lndbm.
Thu Apr 27 17:05:54 EDT 1995 Paul Park (pjpark@mit.edu)
Update last_pwd_change, mod_name and kvno when changing password
successfully.
Wed Apr 26 16:00:00 EDT 1995 Paul Park (pjpark@mit.edu)
Add new administrative protocol server which only responds to
password requests for now.
|
