ChangeLog revision 120945
12003-04-16 Love H�rnquist �strand <lha@it.su.se> 2 3 * send_recv.c: check return values from krb5_data_alloc 4 * log.c: check return values from krb5_data_alloc 5 62003-04-16 Love H�rnquist �strand <lha@it.su.se> 7 8 * dump_log.c (print_entry): check return values from 9 krb5_data_alloc 10 112003-04-01 Love H�rnquist �strand <lha@it.su.se> 12 13 * init_c.c (kadm_connect): if a context realm was passed in, use 14 that to form the kadmin/admin principal 15 162003-03-19 Love H�rnquist �strand <lha@it.su.se> 17 18 * ipropd_master.c (main): make sure we don't consider dead slave 19 for select processing 20 (write_stats): use slave_stats_file variable, 21 check return value of strftime 22 (args): allow specifying slave stats file 23 (slave_dead): close the fd when the slave dies 24 252002-10-21 Johan Danielsson <joda@pdc.kth.se> 26 27 * ipropd_slave.c (from Derrick Brashear): Propagating a large 28 database without this means the slave kdcs can get erroneous 29 HDB_NOENTRY and return the resulting errors. This creates a new db 30 handle, populates it, and moves it into place. 31 322002-08-26 Assar Westerlund <assar@kth.se> 33 34 * ipropd_slave.c (receive_everything): type-correctness calling 35 _krb5_get_int 36 37 * context_s.c (find_db_spec): const-correctness in parameters to 38 krb5_config_get_next 39 402002-08-16 Johan Danielsson <joda@pdc.kth.se> 41 42 * private.h: rename header file flag macro 43 44 * Makefile.am: generate kadm5-{protos,private}.h 45 462002-08-15 Johan Danielsson <joda@pdc.kth.se> 47 48 * ipropd_master.c: check return value of krb5_sockaddr2address 49 502002-07-04 Johan Danielsson <joda@pdc.kth.se> 51 52 * ipropd_master.c: handle slaves that come and go; add status 53 reporting (both from Love) 54 55 * iprop.h: KADM5_SLAVE_STATS 56 572002-03-25 Jacques Vidrine <n@nectar.com> 58 59 * init_c.c (get_cred_cache): bug fix: the default credentials 60 cache was not being used if a client name was specified. 61 622002-03-25 Johan Danielsson <joda@pdc.kth.se> 63 64 * init_c.c (get_cred_cache): when getting the default_client from 65 the cred cache, make sure the instance part is "admin"; this 66 should require fewer uses of -p 67 682002-03-11 Assar Westerlund <assar@sics.se> 69 70 * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0 71 (libkadm5clnt_la_LDFLAGS): set version to 6:3:2 72 732002-02-08 Johan Danielsson <joda@pdc.kth.se> 74 75 * init_c.c: we have to create our own param struct before 76 marshaling 77 782001-09-05 Johan Danielsson <joda@pdc.kth.se> 79 80 * Makefile.am: link with LIB_pidfile 81 82 * iprop.h: include util.h for pidfile 83 842001-08-31 Assar Westerlund <assar@sics.se> 85 86 * ipropd_slave.c (main): syslog with the correct name 87 882001-08-30 Jacques Vidrine <n@nectar.com> 89 90 * ipropd_slave.c, ipropd_master.c (main): call pidfile 91 922001-08-28 Assar Westerlund <assar@sics.se> 93 94 * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0 95 962001-08-24 Assar Westerlund <assar@sics.se> 97 98 * acl.c (fetch_acl): do not return bogus flags and re-organize 99 function 100 101 * Makefile.am: rename variable name to avoid error from current 102 automake 103 1042001-08-13 Johan Danielsson <joda@pdc.kth.se> 105 106 * set_keys.c: add easier afs configuration, defaulting to the 107 local realm in lower case; also try to remove duplicate salts 108 1092001-07-12 Assar Westerlund <assar@sics.se> 110 111 * Makefile.am: add required library dependencies 112 1132001-07-03 Assar Westerlund <assar@sics.se> 114 115 * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2 116 1172001-06-29 Johan Danielsson <joda@pdc.kth.se> 118 119 * init_c.c: call krb5_get_init_creds_opt_set_default_flags 120 1212001-02-19 Johan Danielsson <joda@pdc.kth.se> 122 123 * replay_log.c: add --{start-end}-version flags to replay just 124 part of the log 125 1262001-02-15 Assar Westerlund <assar@sics.se> 127 128 * ipropd_master.c (main): fix select-loop to decrement ret 129 correctly. from "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> 130 1312001-01-30 Assar Westerlund <assar@sics.se> 132 133 * Makefile.am: bump versions 134 1352000-12-31 Assar Westerlund <assar@sics.se> 136 137 * init_s.c (*): handle krb5_init_context failure consistently 138 * init_c.c (init_context): handle krb5_init_context failure 139 consistently 140 1412000-12-11 Assar Westerlund <assar@sics.se> 142 143 * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0 144 1452000-11-16 Assar Westerlund <assar@sics.se> 146 147 * set_keys.c (make_keys): clean-up salting loop and try not to 148 leak memory 149 150 * ipropd_master.c (main): check for fd's being too large to select 151 on 152 1532000-08-16 Assar Westerlund <assar@sics.se> 154 155 * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0 156 1572000-08-10 Assar Westerlund <assar@sics.se> 158 159 * acl.c (fetch_acl): fix wrong cases, use krb5_principal_match 160 1612000-08-07 Assar Westerlund <assar@sics.se> 162 163 * ipropd_master.c (main): ignore SIGPIPE 164 1652000-08-06 Assar Westerlund <assar@sics.se> 166 167 * ipropd_slave.c (receive_everything): make `fd' an int instead of 168 a pointer. From Derrick J Brashear <shadow@dementia.org> 169 1702000-08-04 Johan Danielsson <joda@pdc.kth.se> 171 172 * admin.h: change void** to void* 173 1742000-07-25 Johan Danielsson <joda@pdc.kth.se> 175 176 * Makefile.am: bump versions to 7:0:0 and 6:0:2 177 1782000-07-24 Assar Westerlund <assar@sics.se> 179 180 * log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd 181 and make a new that takes a context 182 (kadm5_log_nop): add logging of missing lengths 183 (kadm5_log_truncate): new function 184 185 * dump_log.c (print_entry): update and correct 186 * randkey_s.c: call _kadm5_bump_pw_expire 187 * truncate_log.c: new program for truncating the log 188 * Makefile.am (sbin_PROGRAMS): add truncate_log 189 (C_SOURCES): add bump_pw_expire.c 190 * bump_pw_expire.c: new function for extending password expiration 191 1922000-07-22 Assar Westerlund <assar@sics.se> 193 194 * keys.c: new file with _kadm5_free_keys, _kadm5_init_keys 195 196 * set_keys.c (free_keys, init_keys): elevate to internal kadm5 197 functions 198 199 * chpass_s.c (kadm5_s_chpass_principal_cond): new function 200 * Makefile.am (C_SOURCES): add keys.c 201 * init_c.c: remove unused variable and handle some parameters 202 being NULL 203 2042000-07-22 Johan Danielsson <joda@pdc.kth.se> 205 206 * ipropd_slave.c: use krb5_read_priv_message 207 208 * ipropd_master.c: use krb5_{read,write}_priv_message 209 210 * init_c.c: use krb5_write_priv_message 211 2122000-07-11 Johan Danielsson <joda@pdc.kth.se> 213 214 * ipropd_slave.c: no need to call gethostname, since 215 sname_to_principal will 216 217 * send_recv.c: assert that we have a connected socket 218 219 * get_princs_c.c: call _kadm5_connect 220 221 * rename_c.c: call _kadm5_connect 222 223 * randkey_c.c: call _kadm5_connect 224 225 * privs_c.c: call _kadm5_connect 226 227 * modify_c.c: call _kadm5_connect 228 229 * get_c.c: call _kadm5_connect 230 231 * delete_c.c: call _kadm5_connect 232 233 * create_c.c: call _kadm5_connect 234 235 * chpass_c.c: call _kadm5_connect 236 237 * private.h: add more fields to client context; remove prototypes 238 239 * admin.h: remove prototypes 240 241 * kadm5-protos.h: move public prototypes here 242 243 * kadm5-private.h: move private prototypes here 244 245 * init_c.c: break out connection code to separate function, and 246 defer calling it until we actually do something 247 2482000-07-07 Assar Westerlund <assar@sics.se> 249 250 * set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for 251 backwards compatability 252 2532000-06-26 Johan Danielsson <joda@pdc.kth.se> 254 255 * set_keys.c (_kadm5_set_keys): rewrite this to be more easily 256 adaptable to different salts 257 2582000-06-19 Johan Danielsson <joda@pdc.kth.se> 259 260 * get_s.c: pa_* -> KRB5_PADATA_* 261 2622000-06-16 Assar Westerlund <assar@sics.se> 263 264 * ipropd_slave.c: change default keytab to default keytab (as in 265 typically FILE:/etc/krb5.keytab) 266 2672000-06-08 Assar Westerlund <assar@sics.se> 268 269 * ipropd_slave.c: bug fixes, for actually writing the full dump to 270 the database. based on a patch from Love <lha@stacken.kth.se> 271 2722000-06-07 Assar Westerlund <assar@sics.se> 273 274 * acl.c: add support for patterns of principals 275 * log.c (kadm5_log_replay_create): handle more NULL pointers 276 (should they really happen?) 277 * log.c (kadm5_log_replay_modify): handle max_life == NULL and 278 max_renew == NULL 279 280 * ipropd_master.c: use syslog. be less verbose 281 * ipropd_slave.c: use syslog 282 2832000-06-05 Assar Westerlund <assar@sics.se> 284 285 * private.h (kadm_ops): add kadm_nop more prototypes 286 * log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop, 287 kadm5_log_replay_nop): add 288 * ipropd_slave.c: and some more improvements 289 * ipropd_master.c: lots of improvements 290 * iprop.h (IPROP_PORT, IPROP_SERVICE): add 291 (iprop_cmd): add new commands 292 293 * dump_log.c: add nop 294 2952000-05-15 Assar Westerlund <assar@sics.se> 296 297 * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1 298 2992000-05-12 Assar Westerlund <assar@sics.se> 300 301 * get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a 302 fallback. handle not having any creator. 303 * destroy_s.c (kadm5_s_destroy): free all allocated memory 304 * context_s.c (set_field): free variable if it's already set 305 (find_db_spec): malloc space for all strings 306 3072000-04-05 Assar Westerlund <assar@sics.se> 308 309 * Makefile.am (LDADD): add LIB_openldap 310 3112000-04-03 Assar Westerlund <assar@sics.se> 312 313 * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1 314 (libkadm5clnt_la_LDFLAGS): set version to 5:0:1 315 3162000-03-24 Assar Westerlund <assar@sics.se> 317 318 * set_keys.c (_kadm5_set_keys2): rewrite 319 (_kadm5_set_keys3): add 320 321 * private.h (struct kadm_func): add chpass_principal_with_key 322 * init_c.c (set_funcs): add chpass_principal_with_key 323 3242000-03-23 Assar Westerlund <assar@sics.se> 325 326 * context_s.c (set_funcs): add chpass_principal_with_key 327 * common_glue.c (kadm5_chpass_principal_with_key): add 328 * chpass_s.c: comment-ize and change calling convention for 329 _kadm5_set_keys* 330 * chpass_c.c (kadm5_c_chpass_principal_with_key): add 331 3322000-02-07 Assar Westerlund <assar@sics.se> 333 334 * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0 335 3362000-01-28 Assar Westerlund <assar@sics.se> 337 338 * init_c.c (get_new_cache): make sure to request non-forwardable, 339 non-proxiable 340 3412000-01-06 Assar Westerlund <assar@sics.se> 342 343 * Makefile.am (libkadm5srv.la): bump version to 5:1:0 344 345 * context_s.c (_kadm5_s_init_context): handle params == NULL 346 3471999-12-26 Assar Westerlund <assar@sics.se> 348 349 * get_s.c (kadm5_s_get_principal): handle modified_by->principal 350 == NULL 351 3521999-12-20 Assar Westerlund <assar@sics.se> 353 354 * Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0 355 356 * init_c.c (_kadm5_c_init_context): handle getting back port 357 number from admin host 358 (kadm5_c_init_with_context): remove `proto/' part before doing 359 getaddrinfo() 360 3611999-12-06 Assar Westerlund <assar@sics.se> 362 363 * Makefile.am: bump version to 5:0:0 and 4:0:0 364 365 * init_c.c (kadm5_c_init_with_context): don't use unitialized 366 stuff 367 3681999-12-04 Assar Westerlund <assar@sics.se> 369 370 * replay_log.c: adapt to changed kadm5_log_foreach 371 372 * log.c (kadm5_log_foreach): change to take a 373 `kadm5_server_context' 374 375 * init_c.c: use krb5_warn{,x} 376 377 * dump_log.c: adapt to changed kadm5_log_foreach 378 379 * init_c.c: re-write to use getaddrinfo 380 * Makefile.am (install-build-headers): add dependency 381 3821999-12-03 Johan Danielsson <joda@pdc.kth.se> 383 384 * log.c (kadm5_log_foreach): pass context 385 386 * dump_log.c: print more interesting things 387 3881999-12-02 Johan Danielsson <joda@pdc.kth.se> 389 390 * ipropd_master.c (process_msg): check for short reads 391 3921999-11-25 Assar Westerlund <assar@sics.se> 393 394 * modify_s.c (kadm5_s_modify_principal): support key_data 395 (kadm5_s_modify_principal_with_key): remove 396 397 * admin.h (kadm5_s_modify_principal_with_key): remove 398 3991999-11-20 Assar Westerlund <assar@sics.se> 400 401 * context_s.c (find_db_spec): ugly cast work-around. 402 4031999-11-14 Assar Westerlund <assar@sics.se> 404 405 * context_s.c (_kadm5_s_init_context): call krb5_add_et_list so 406 that we aren't dependent on the layout of krb5_context_data 407 * init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that 408 we aren't dependent on the layout of krb5_context_data 409 4101999-11-13 Assar Westerlund <assar@sics.se> 411 412 * password_quality.c (kadm5_setup_passwd_quality_check): use 413 correct types for function pointers 414 4151999-11-09 Johan Danielsson <joda@pdc.kth.se> 416 417 * randkey_s.c: always bail out if the fetch fails 418 419 * admin.h (kadm5_config_params): remove fields we're not using 420 421 * ipropd_slave.c: allow passing a realm 422 423 * ipropd_master.c: allow passing a realm 424 425 * dump_log.c: allow passing a realm 426 427 * acl.c: correctly get acl file 428 429 * private.h (kadm5_server_context): add config_params struct and 430 remove acl_file; bump protocol version number 431 432 * marshall.c: marshalling of config parameters 433 434 * init_c.c (kadm5_c_init_with_context): try to cope with old 435 servers 436 437 * init_s.c (kadm5_s_init_with_context): actually use some passed 438 values 439 440 * context_s.c (_kadm5_s_init_context): get dbname, acl_file, and 441 stash_file from the config parameters, try to figure out these if 442 they're not provided 443 4441999-11-05 Assar Westerlund <assar@sics.se> 445 446 * Makefile.am (install-build-headers): use `cp' instead of 447 INSTALL_DATA 448 4491999-11-04 Assar Westerlund <assar@sics.se> 450 451 * Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields 452 directly in libkrb5's context - bad functions) 453 454 * set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in 455 the copied keys 456 4571999-10-20 Assar Westerlund <assar@sics.se> 458 459 * Makefile.am: set version of kadm5srv to 3:0:2 (new password 460 quality functions). 461 set version of kdam5clnt to 2:1:1 (no interface changes) 462 463 * Makefile.am (LDADD): add $(LIB_dlopen) 464 4651999-10-17 Assar Westerlund <assar@sics.se> 466 467 * randkey_s.c (kadm5_s_randkey_principal): use 468 _kadm5_set_keys_randomly 469 470 * set_keys.c (free_keys): free more memory 471 (_kadm5_set_keys): a little bit more generic 472 (_kadm5_set_keys_randomly): new function for setting random keys. 473 4741999-10-14 Assar Westerlund <assar@sics.se> 475 476 * set_keys.c (_kadm5_set_keys): ignore old keys when setting new 477 ones and always add 3 DES keys and one 3DES key 478 4791999-10-03 Assar Westerlund <assar@sics.se> 480 481 * init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'. 482 check return value from strdup 483 4841999-09-26 Assar Westerlund <assar@sics.se> 485 486 * acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate -> 487 strlcpy 488 4891999-09-24 Johan Danielsson <joda@pdc.kth.se> 490 491 * dump_log.c: remove unused `optind' 492 493 * replay_log.c: remove unused `optind' 494 4951999-09-13 Assar Westerlund <assar@sics.se> 496 497 * chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv 498 499 * send_recv.c (_kadm5_client_recv): return result in a `krb5_data' 500 so that we avoid copying it and don't need to dimension in 501 advance. change all callers. 502 5031999-09-10 Assar Westerlund <assar@sics.se> 504 505 * password_quality.c: new file 506 507 * admin.h 508 (kadm5_setup_passwd_quality_check,kadm5_check_password_quality): 509 add prototypes 510 511 * Makefile.am (S_SOURCES): add password_quality.c 512 5131999-07-26 Assar Westerlund <assar@sics.se> 514 515 * Makefile.am: update versions to 2:0:1 516 5171999-07-24 Assar Westerlund <assar@sics.se> 518 519 * ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0 520 and pw_expiration == 0 mean never 521 5221999-07-22 Assar Westerlund <assar@sics.se> 523 524 * log.c (kadm5_log_flush): extra cast 525 5261999-07-07 Assar Westerlund <assar@sics.se> 527 528 * marshall.c (store_principal_ent): encoding princ_expire_time and 529 pw_expiration in correct order 530 5311999-06-28 Assar Westerlund <assar@sics.se> 532 533 * randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno, 534 otherwise hdb will think that the new random keys are already 535 encrypted which will cause lots of confusion later. 536 5371999-06-23 Assar Westerlund <assar@sics.se> 538 539 * ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited 540 correctly. From Michal Vocu <michal@karlin.mff.cuni.cz> 541 5421999-06-15 Assar Westerlund <assar@sics.se> 543 544 * init_c.c (get_cred_cache): use get_default_username 545 5461999-05-23 Assar Westerlund <assar@sics.se> 547 548 * create_s.c (create_principal): if there's no default entry the 549 mask should be zero. 550 5511999-05-21 Assar Westerlund <assar@sics.se> 552 553 * init_c.c (get_cred_cache): use $USERNAME 554 5551999-05-17 Johan Danielsson <joda@pdc.kth.se> 556 557 * init_c.c (get_cred_cache): figure out principal 558 5591999-05-05 Johan Danielsson <joda@pdc.kth.se> 560 561 * send_recv.c: cleanup _kadm5_client_{send,recv} 562 5631999-05-04 Assar Westerlund <assar@sics.se> 564 565 * set_keys.c (_kadm5_set_keys2): don't check the recently created 566 memory for NULL pointers 567 568 * private.h (_kadm5_setup_entry): change prototype 569 570 * modify_s.c: call new _kadm5_setup_entry 571 572 * ent_setup.c (_kadm5_setup_entry): change so that it takes three 573 masks, one for what bits to set and one for each of principal and 574 def containing the bits that are set there. 575 576 * create_s.c: call new _kadm5_setup_entry 577 578 * create_s.c (get_default): check return value 579 (create_principal): send wider mask to _kadm5_setup_entry 580 5811999-05-04 Johan Danielsson <joda@pdc.kth.se> 582 583 * send_recv.c (_kadm5_client_recv): handle arbitrarily sized 584 packets, check for errors 585 586 * get_c.c: check for failure from _kadm5_client_{send,recv} 587 5881999-05-04 Assar Westerlund <assar@sics.se> 589 590 * init_c.c (get_new_cache): don't abort when interrupted from 591 password prompt 592 593 * destroy_c.c (kadm5_c_destroy): check if we should destroy the 594 auth context 595 5961999-05-03 Johan Danielsson <joda@pdc.kth.se> 597 598 * chpass_s.c: fix arguments to _kadm5_set_keys2 599 600 * private.h: proto 601 602 * set_keys.c: clear mkvno 603 604 * rename_s.c: add flags to fetch and store; seal keys before 605 logging 606 607 * randkey_s.c: add flags to fetch and store; seal keys before 608 logging 609 610 * modify_s.c: add flags to fetch and store; seal keys before 611 logging 612 613 * log.c: add flags to fetch and store; seal keys before logging 614 615 * get_s.c: add flags to fetch and store; seal keys before logging 616 617 * get_princs_s.c: add flags to fetch and store; seal keys before 618 logging 619 620 * delete_s.c: add flags to fetch and store; seal keys before 621 logging 622 623 * create_s.c: add flags to fetch and store; seal keys before 624 logging 625 626 * chpass_s.c: add flags to fetch and store; seal keys before 627 logging 628 629 * Makefile.am: remove server.c 630 631 * admin.h: add prototypes 632 633 * ent_setup.c (_kadm5_setup_entry): set key_data 634 635 * set_keys.c: add _kadm5_set_keys2 to sey keys from key_data 636 637 * modify_s.c: add kadm5_s_modify_principal_with_key 638 639 * create_s.c: add kadm5_s_create_principal_with_key 640 641 * chpass_s.c: add kadm5_s_chpass_principal_with_key 642 643 * kadm5_locl.h: move stuff to private.h 644 645 * private.h: move stuff from kadm5_locl.h 646 647