2005-11-17 Ken Raeburn * server_init.c, svr_policy.c: Include errno.h. 2005-10-13 Ken Raeburn * libkadm5srv.exports: Don't export internal error-table symbols, or osa* symbols that no longer exist in this library. 2005-09-27 Tom Yu * svr_iters.c (glob_to_regexp): Increment pointer, not character, when handling backslash quoting. Patch from K.G. Gokulavasan. 2005-06-20 Ken Raeburn Novell merge. * Makefile.in (SRCS, OBJS, STLIBOBJS): Remove adb_policy, adb_free, and adb_openclose. * adb_free.c: Deleted. * adb_openclose.c, adb_policy.c: Moved to lib/kdb/kdb_db2. * adb_xdr.c: Include server_internal.h; don't include adb.h. (xdr_osa_policy_ent_rec): Function deleted. (osa_free_princ_ent): Moved here from old adb_free.c. * server_init.c (dup_db_args, free_db_args): New functions. (kadm5_init_with_password, kadm5_init_with_creds, kadm5_init_with_skey): Accept new db_args argument, and pass it to kadm5_init. (kadm5_init): Accept new db_args argument. Don't set the database name; instead, set the default realm for the context. Call krb5_db_open instead of krb5_db_init, requesting write access and passing in the database arguments. Don't call adb_policy_init, and don't set deleted field handle->lhandle->policy_db. (kadm5_lock): Don't lock the policy database. Use KRB5_DB_LOCKMODE_EXCLUSIVE flags instead of KRB5_LOCKMODE_EXCLUSIVE. (kadm5_unlock): Don't unlock the policy database. (kadm5_flush): In the error case, use krb5_db_open instead of krb5_db_set_name and krb5_db_init. * server_kdb.c (kdb_init_master): Don't call krb5_db_init. Use KADM5_XDR_FAILURE instead of OSA_ADB_XDR_FAILURE. (kdb_iter_entry): Accept new string argument match_entry; pass it to krb5_db_iterate. * server_misc.c: Don't include adb.h. (adb_policy_init): Don't call osa_adb_open_policy. If krb5_db_inited is falso on the context, call krb5_db_open. (adb_policy_close): Don't call osa_adb_close_policy; do nothing. * svr_iters.c: Don't include adb.h. (kadm5_get_either): Pass glob pattern ("*" if not specified) to kdb_iter_entry. * svr_policy.c: Don't include adb.h. (kadm5_create_policy, kadm5_delete_policy, kadm5_modify_policy, kadm5_get_policy): Call krb5_db_clr_error. Call krb5_db_create_policy etc instead of osa_adb_* versions, passing the krb5 context instead of the policy database handle. For krb5_db_get_policy, treat a returned count of zero as a not-found indication. (kadm5_modify_policy_internal): Don't translate the returned error code from krb5_db_put_policy. * svr_principal.c: Don't include adb.h. (kadm5_copy_principal, kadm5_free_principal): New functions, using krb5_db_alloc and krb5_db_free for storage. (cleanup_key_data): Use krb5_db_free. (kadm5_create_principal_3, kadm5_delete_principal, kadm5_modify_principal, kadm5_rename_principal, kadm5_get_principal, kadm5_chpass_principal_3, kadm5_randkey_principal_3, kadm5_setv4key_principal, kadm5_setkey_principal_3, ): Call krb5_db_clr_error. (kadm5_create_principal_3): Use kadm5_copy_principal instead of krb5_copy_principal. If the KADM5_TL_DATA flag is set, call krb5_dbe_update_tl_data on each element supplied, to augment and/or replace the existing tl data with a copy of the supplied data, instead of splicing the supplied list and the existing list together. Use krb5_db_free_principal instead of krb5_dbe_free_contents. (kadm5_modify_principal): Use krb5_dbe_update_tl_data to merge tl data records. (kadm5_rename_principal): Use kadm5_{copy,free}_principal. (kadm5_chpass_principal_3): Use krb5_db_free_principal instead of krb5_dbe_free_contents. (kadm5_setv4key_principal): Use krb5_db_alloc, not malloc, for key data to be returned. Use an automatic variable for the key data, before copying out to the object so allocated. (kadm5_setkey_principal_3): Likewise. (decrypt_key_data): On error, clear and free any key storage that might've been returned from previous calls krb5_dbekd_decrypt_key_data. 2004-12-20 Tom Yu * svr_principal.c (add_to_history): Rewrite somewhat, using temporary variables to make things somewhat more readable. Fix buffer overflow case where the next pointer points into unallocated space but resizing wasn't done, i.e., when someone decreases the policy history count to the exact "right" number. Fix some memory leaks. To avoid losing entries, shift some entries forward after growing the array. 2004-08-21 Tom Yu * libkadm5srv.exports: Update for previous renaming. 2004-08-20 Alexandra Ellwood * server_acl.[ch]: renamed acl_* functions to kadm5int_acl_* 2004-06-16 Ken Raeburn * Makefile.in (clean-mac): Target deleted. 2004-06-04 Ken Raeburn * Makefile.in (LIBBASE): Renamed from LIB. 2004-04-22 Ken Raeburn * libkadm5srv.exports: New file. 2003-09-02 Alexandra Ellwood * svr_principal.c: Added Apple password server support. 2003-06-13 Tom Yu * server_kdb.c (kdb_init_hist): Force history principal's key to be of the same enctype as the master key, as searches for it later on explicitly specify the enctype. 2003-04-01 Tom Yu * Makefile.in: Remove $(SHLIB_DBLIB_DEPS) and related variables. (SHLIB_EXPDEPS): Remove $(SHLIB_DBLIB_DEPS). (SHLIB_EXPLIBS): Change $(DB_LIB) to $(KDB5_DB_LIB). 2003-01-12 Ezra Peisach * svr_iters.c (kadm5_get_either): For POSIX_REGEXPS (i.e. regcomp), call regfree() to cleanup memory. 2003-01-10 Ken Raeburn * Makefile.in: Add AC_SUBST_FILE marker for lib_frag and libobj_frag. 2003-01-05 Sam Hartman * server_dict.c: Remove declaration of errno * adb_policy.c: Remove declaration of errno 2002-12-16 Ezra Peisach * Makefile.in: Change to allow compilation with-system-db and shared libraries. 2002-11-07 Tom Yu * svr_principal.c (kadm5_setkey_principal_3): Apply patch from Emily Ratliff to allow n_ks_tuple to be zero, which is the case if being called from kadmind answering a client's setkey_principal request. 2002-10-15 Ezra Peisach * server_init.c (kadm5_lock, kadm5_unlock): Return KADM5_OK instead of falling off end of function. 2002-10-08 Tom Yu * adb_openclose.c (osa_adb_init_db): Reset opencnt. (osa_adb_open_and_lock): Don't open multiple times; merely increment opencnt if already open. (osa_adb_close_and_unlock): Decrement opencnt instead of unconditionaly closing. * server_init.c (kadm5_lock, kadm5_unlock): New functions to support persistent exclusive locks across multiple API calls. 2002-08-29 Ken Raeburn * Makefile.in: Revert $(S)=>/ change, for Windows support. 2002-08-23 Ken Raeburn * Makefile.in: Change $(S)=>/ and $(U)=>.. globally. 2002-07-17 Ken Raeburn * svr_iters.c (struct iter_data): Replace DynObject "matches" with pointer, allocation size, current count, and error flag. (get_either_iter): Grow array if needed, noting failures. (kadm5_get_either): Set up the array before calling the iterator and use their values after. * Makefile.in (SHLIB_EXPDEPS, SHLIB_EXPLIBS): Drop libdyn references. 2002-03-06 Ken Raeburn * Makefile.in (LIBMAJOR): Bump to avoid Heimdal conflict. 2002-03-02 Sam Hartman * server_acl.c (acl_find_entry): Patch from sxw@sxw.org.uk: patch to correct handling of ACL targets. Previous patch from Matt Crawford seems to only work for * targets where it ignores the restrictions. This patch seems to work for all the semantics described in MATt's original message, at least as far as I tested. 2001-10-22 Tom Yu * svr_principal.c (kadm5_decrypt_key): For now, coerce enctype of output keyblock in case we got a match on a similar enctype. 2001-10-16 Mitchell Berger Matt Crawford * svr_principal.c (add_to_history): If the policy a principal uses has been changed to hold a lesser number of history entries than it did before, extract the correct number and value of old keys from the history array into a newly allocated array of the proper size. Failing to do this made kadmind vulnerable to a crash upon changing such a principal's password. Original patch written by Matt Crawford, with a few changes. 2001-10-09 Ken Raeburn * server_acl.h: Make prototypes unconditional. 2001-07-31 Ezra Peisach * svr_principal.c (check_pw_reuse): Change argument for n_pw_hist_data to unsigned to be consistant with calling convention. 2001-07-25 Ezra Peisach * adb_xdr.c (xdr_krb5_key_data): Use xdr_krb5_ui_2 instead of xdr_krb5_int16 for key_data_length field. 2001-07-06 Ezra Peisach * svr_iters.c: Declare kadm5_get_either static 2001-06-20 Mitchell Berger * server_dict.c: Silly typo fixed. 2001-06-18 Ezra Peisach * server_misc.c (passwd_check): cast argument to islower()/isupper(), isdigit(), ispunct() to int. * server_acl.c (acl_parse_line): Cast argument to isupper()/isspace() to int. 2001-06-08 Ezra Peisach * svr_principal.c (check_pw_reuse): Cleanup assignment in conditional. 2001-06-04 Ezra Peisach * svr_principal.c: Cleanup assignments in conditionals. Sun Feb 18 17:40:23 2001 Ezra Peisach * adb_openclose.c, adb_policy.c, server_acl.c, server_dict.c, server_init.c, server_kdb.c, server_misc.c, svr_iters.c, svr_principal.c: Cleanup assignments in conditionals, variables sadowing one another, unused variables and declared some functions as static. 2000-10-17 Ezra Peisach * svr_chpass_util.c (kadm5_chpass_principal_util): Change msg_len to unsigned int. Tue Oct 10 03:09:27 2000 Ezra Peisach * server_dict.c (init_dict): Change syslog() to krb5_klog_syslog() so that errors go to the intended place as indicated by krb5.conf. 2000-06-30 Tom Yu * adb_openclose.c (osa_adb_create_db): Default to btree. (osa_adb_init_db): Set up btinfo as well. (osa_adb_open_and_lock): Try btree, then hash. * Makefile.in (SHLIB_EXPDEPS): Add libdb. (SHLIB_EXPLIBS): Add -ldb. 2000-06-23 Nalin Dahyabhai * adb_openclose.c (osa_adb_create_db): Open lock files using O_EXCL and fdopen() the descriptor instead of using fopen(). * svr_chpass_util.c (kadm5_chpass_principal_util): Adjust for new length parameter in both kadm5_chpass_principal_util() and in _kadm5_chpass_principal_util(). 2000-05-31 Wilfredo Sanchez * adb_free.c, adb_xdr.c, server_dict.c: Check for existance of. [from Nathan Neulinger ] 2000-03-16 Ken Raeburn Matt Crawford * server_acl.c: Include kadm5/admin.h. (struct _acl_entry): Add new fields for restrictions. (struct _wildstate): New type. (acl_parse_line): Input is const. Parse and save restrictions. Allow backslash at end of line to indicate continuation. (acl_parse_restrictions, acl_impose_restrictions): New functions. (acl_free_entries): Free up restriction data if any. (acl_load_acl_file): Don't use tmpbuf for catch-all entry. (acl_match_data): Add new arguments for wildcard state. (acl_find_entry): Support wildcard component matching. Reorganized checks for bad ACL entries. (acl_check): Add restrictions parameter. * server_acl.h (struct _restriction): New type. (acl_check): Update prototype. (acl_impose_restrictions): Declare. 2000-02-26 Tom Yu * svr_principal.c (kadm5_create_principal_3): Remove keepold argument. * Makefile.in (LIBMAJOR): Bump major number due to call signature changes. 2000-02-25 Ken Raeburn * server_acl.c (acl_get_line): Patch from Matt Crawford to permit line continuation by ending a line with a backslash. 2000-02-13 Tom Yu * svr_principal.c (kadm5_setkey_principal_3): New function. 1999-10-26 Wilfredo Sanchez * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, LOCAL_INCLUDES such that one can override CFLAGS from the command line without losing CPP search patchs and defines. Some associated Makefile cleanup. 1999-09-08 Ken Raeburn * adb_openclose.c (osa_adb_fini_db): Don't fclose the lock file if the lock is permanent, because it's already been done. Mon Dec 7 15:19:11 1998 Ezra Peisach * svr_principal.c (kadm5_randkey_principal_3): Fix typo in arguments to krb5_dbe_crk(). 1998-11-13 Theodore Ts'o * Makefile.in: Set the myfulldir and mydir variables (which are relative to buildtop and thisconfigdir, respectively.) Fri Dec 4 23:10:32 1998 Tom Yu * svr_principal.c (kadm5_create_principal): Modify to call create_principal_3. (kadm5_create_principal_3): New function including flag to keep old keys and optional explicit keysalt_tuples. (kadm5_chpass_principal): Modify to call chpass_principal_3. (kadm5_chpass_principal_3): New function including flag to keep old keys and optional explicit keysalt_tuples. (kadm5_randkey_principal): Modify to call randkey_principal_3. (kadm5_randkey_principal_3): New function including flag to keep old keys and optional explicit keysalt_tuples. Tue Nov 17 18:20:48 1998 Tom Yu * svr_principal.c (kadm5_create_principal): (kadm5_chpass_principal): (kadm5_randkey_principal): Fix up for new calling conventions of dbe_crk and dbe_cpw. 1998-10-27 Marc Horowitz * server_kdb.c, svr_principal.c: convert to new crypto api Sun Jul 26 18:09:55 1998 Sam Hartman * Makefile.in (LIBMAJOR): bump libmajor Wed Apr 15 18:06:14 1998 Tom Yu * Makefile.in (SHLIB_EXPDEPS): (SHLIB_EXPLIBS): Rename libcrypto -> libk5crypto. Fri Feb 27 22:33:05 1998 Theodore Ts'o * Makefile.in: Changed thisconfigdir to point at the lib/kadm5 directory, since we've moved all of the configure.in tests to the toplevel lib/kadm5 configure.in. Instead of adding @LIBS@ to the list of libraries which should be linked as shared library dependencies, add @GEN_LIB@ and @AIX_DB_LIB@ which will get expanded if necessary. Wed Feb 18 16:15:22 1998 Tom Yu * Makefile.in: Remove trailing slash from thisconfigdir. Fix up BUILDTOP for new conventions. Fri Feb 13 21:30:58 1998 Tom Yu * adb_xdr.c: Update header locations. * Makefile.in (LIBMAJOR): Bump major version to reflect change in rpc library. Wed Jan 28 16:32:36 1998 Theodore Ts'o * configure.in, Makefile.in: Remove the CopySrcHeader macro from configure.in and substitute equivalent functionality in Makefile.in Mon Oct 13 10:59:22 1997 Ezra Peisach * server_init.c (kadm5_destroy): Call kadm5_free_config_params. * server_acl.c: Include for tolower(). (acl_load_acl_file): Close acl file, even when acl_catchall_entry is not set. Wed Aug 6 20:22:23 1997 Tom Yu * Makefile.in: Add flags to conditionally compile with Hesiod. * server_misc.c: Add support for checking GECOS field of Hesiod passwd entry. Fri Jul 25 15:37:08 1997 Tom Yu * server_init.c: Change a few calls to align with the new kdb API. * Makefile.in: Bump version. Tue Jul 1 02:32:49 1997 Tom Yu * server_acl.h: Fix ACL_ALL_MASK to include ACL_SETKEY. * svr_principal.c: Fix setv4key_principal. Sun Jun 29 14:52:51 1997 Tom Yu * svr_principal.c: Add new function kadm5_setv4key_principal. Mon Mar 31 17:40:24 1997 Barry Jaspan * server_acl.c, server_acl.h, svr_pricipal.c: add support for setkey_principal Sun Mar 9 13:40:33 1997 Tom Yu * svr_principal.c (add_to_history): Don't call realloc() on a NULL pointer, lest non-ANSI compliant systems like SunOS fail. Sat Feb 22 01:34:08 1997 Sam Hartman * Makefile.in (SHLIB_EXPDEPS): s/.so/$(SHLIBEXT) Wed Jan 15 20:59:11 1997 Tom Yu * Makefile.in: * configure.in: Update to new library build procedure. Tue Dec 3 15:14:29 1996 Barry Jaspan * server_acl.c (acl_load_acl_file): log errors via krb5_klog_syslog, not fprintf and com_err [krb5-admin/238]; don't coredump when an acl line is too long; handle catchall_entry == NULL Fri Nov 22 11:11:34 1996 Sam Hartman * Makefile.in (SHLIB_LIBS): Do not link shared against -ldb [224] Tue Nov 26 03:04:04 1996 Sam Hartman * server_acl.c (acl_load_acl_file): Fix coredump by allowing catchall_entry to be null, but do not reference it if it is. Thanks to marc. [242] Mon Nov 25 17:53:20 1996 Barry Jaspan * server_acl.c: set acl_catchall_entry to "" instead of NULL, since it is presumed to contain something, but we don't want any default entry [krb5-admin/237] Wed Nov 13 19:20:36 1996 Tom Yu * Makefile.in (clean-unix): Remove shared/*. Mon Nov 11 17:01:00 1996 Barry Jaspan * svr_principal.c (kadm5_modify_principal): fix memory leak handling tl_data Thu Nov 7 16:42:38 1996 Barry Jaspan * svr_iters.c (glob_to_regexp): a principal glob with no @ defaults to @*, not @LOCAL.REAM [krb5-admin/161] Wed Nov 6 10:45:12 1996 Theodore Ts'o * server_init.c (kadm5_init): Use a more fined grained error code, KADM5_MISSING_CONF_PARAMS instead of KRB5_CONFIG_BADFORMAT Wed Nov 6 16:22:05 1996 Barry Jaspan * svr_principal.c (kadm5_modify_principal): don't free the caller's tl_data (oops) Fri Nov 1 13:18:40 1996 Barry Jaspan * svr_principal.c (kadm5_modify_principal): update for new tl_data semantics [krb5-admin/140] Mon Oct 21 16:28:52 1996 Barry Jaspan * svr_principal.c (kadm5_modify_principal): fix modify_principal's handling of KADM5_TL_DATA [krb5-admin/20] Fri Oct 18 14:24:12 1996 Barry Jaspan * svr_misc_free.c, server_dict.c, adb_policy.c, adb_free.c: include stdlib.h instead of malloc.h [krb5-admin/35] * adb_openclose.c (osa_adb_rename_db): create the destination database if necessary before renaming [krb5-admin/58] Thu Oct 17 16:22:07 1996 Barry Jaspan * svr_principal.c: update for new pw_expiration semantics [krb5-admin/87] Tue Oct 8 13:33:48 1996 Barry Jaspan * adb_policy.c (osa_adb_rename_policy_db): rename osa_adb_rename_policy to *_db * adb_openclose.c, adb_policy.c: implement database renaming; also, only create a db lockfile after the database has been successfully created [krb5-admin/62] Fri Oct 4 08:40:21 1996 Ezra Peisach * svr_principal.c (kadm5_get_principal): Do not assume malloc(0) returns non-NULL. [krb5-admin/29] Fri Aug 2 14:07:31 1996 Barry Jaspan * svr_principal.c: remove krb5_free_keyblock_contents (moved to libkrb5.a) Fri Jul 26 17:48:14 1996 Sam Hartman * svr_principal.c (krb5_copy_key_data_contents): If key_data_length[i] == 0, don't complain if malloc(0) returns 0; this is allowed by ANSI. Thu Jul 25 18:42:47 1996 Sam Hartman * configure.in (LIBS): Link against -ldb under AIX for shared library construction; we should eventually make libdb a shared library. Wed Jul 24 18:21:28 1996 Tom Yu * Makefile.in, configure.in: break out server lib into a subdirectory