2004-07-09 Ken Raeburn <raeburn@mit.edu> * kdb_db2.c (krb5_db2_db_get_principal): Rename local variable "try" to "trynum" because some systems (*cough*Tru64*cough*) turn on some exception handling support when thread support is enabled. 2004-06-04 Ken Raeburn <raeburn@mit.edu> * Makefile.in (LIBBASE): Renamed from LIB. 2004-05-25 Ezra Peisach <epeisach@mit.edu> * keytab.c (krb5_ktkdb_get_entry): Change local variable rom int to krb5_boolean to match prototype for as argument to krb5_c_enctype_compare. 2004-04-22 Ken Raeburn <raeburn@mit.edu> * libkdb5.exports: New file. 2004-04-02 Ken Raeburn <raeburn@mit.edu> * t_kdb.c (add_principal): Delete unused argument 'rseed'. (do_testing): Update callers. * keytab.c (krb5_ktkdb_get_entry): Don't use local variable "context" until after it's been set. 2003-12-13 Ken Raeburn <raeburn@mit.edu> * keytab.c (krb5_ktkdb_get_name): New function. (krb5_kt_kdb_ops): Add pointer to it. 2003-05-22 Ezra Peisach <epeisach@mit.edu> * keytab.c (is_xrealm_tgt): Use strncmp instead of strcmp - as principal and realm name do not need to be null terminated. 2003-04-01 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove $(SHLIB_DBLIB_DEPS) and related variables. (SHLIB_EXPDEPS): Remove $(SHLIB_DBLIB_DEPS). (SHLIB_EXPLIBS): Change $(DB_LIB) to $(KDB5_DB_LIB). (DBOBJLISTS, STOBJLISTS): Pull in object lists of in-tree libdb so we don't need to install libdb. Don't do this if building with system libdb, though, since we need to explicitly link against the system libdb in that case. 2003-03-18 Tom Yu <tlyu@mit.edu> * keytab.c (krb5_ktkdb_get_entry): Do not perform the enctype comparison if the requested enctype is a wildcard. 2003-03-16 Sam Hartman <hartmans@mit.edu> * keytab.c (krb5_ktkdb_get_entry): Match only against the first enctype for non-cross-realm tickets so we will only accept tickets that the current configuration would have issued. For cross-realm tickets be liberal and match against the specified enctype. 2003-03-05 Tom Yu <tlyu@mit.edu> * kdb_xdr.c (krb5_dbe_search_enctype): Check for ktype > 0 rather than ktype >= 0; file keytab uses ktype 0 to indicate "first match", as does acquire_cred. The kdc uses -1, though. * Makefile.in (LIBMAJOR): Bump major version due to change in krb5_ktkdb_resolve's signature. * keytab.c (krb5_ktkdb_resolve): Add NAME parameter, which is ignored, so that kdb keytab can be registered. (krb5_ktkdb_set_context): New function; allows caller to set a different context for use with ktkdb_get_entry(). This is primarily useful for kadmind, where the gssapi library context, which will be used for the keytab, will necessarily have a different context than that used by the kadm5 library to access the database for its own purposes. 2003-02-08 Tom Yu <tlyu@mit.edu> * keytab.c (krb5_ktkdb_get_entry): Fix comment; not going to redesign key storage architecture for 1.3. 2003-01-10 Ken Raeburn <raeburn@mit.edu> * configure.in: Don't explicitly invoke AC_PROG_ARCHIVE, AC_PROG_ARCHIVE_ADD, AC_PROG_RANLIB, AC_PROG_INSTALL. * Makefile.in: Add AC_SUBST_FILE marker for lib_frag and libobj_frag. 2002-12-23 Ezra Peisach <epeisach@bu.edu> * setup_mkey.c (krb5_db_setup_mkey_name): Use size_t instead of int for lengths. 2002-12-18 Ken Raeburn <raeburn@mit.edu> * Makefile.in (check): Remove test_db before running tests. 2002-12-16 Ezra Peisach <epeisach@bu.edu> * Makefile.in: Change to allow compilation with-system-db and shared libraries. 2002-09-13 Ken Raeburn <raeburn@mit.edu> * kdb_db2.c (krb5_db2_db_iterate_ext): Don't call bt_rseq if HAVE_BT_RSEQ is undefined; instead, just return an error. 2002-08-29 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Revert $(S)=>/ change, for Windows support. 2002-08-23 Ken Raeburn <raeburn@mit.edu> * Makefile.in: Change $(S)=>/ and $(U)=>.. globally. 2002-08-23 Tom Yu <tlyu@mit.edu> * kdb_db2.h: Add prototype and rename for krb5_db2_db_iterate_ext(). * kdb_db2.c (krb5_db2_db_iterate_ext): New function; allow optional backwards or recursive (if btree) traversal of the database. * Makefile.in (LIBMINOR): Bump due to addition of krb5_db_iterate_ext(). 2002-08-15 Tom Yu <tlyu@mit.edu> * keytab.c (krb5_ktkdb_get_entry): For consistency, check for DISALLOW_ALL_TIX and DISALLOW_SVR when looking up keys. 2002-08-09 Sam Hartman <hartmans@mit.edu> * kdb_xdr.c (krb5_dbe_search_enctype): Initialize ret to 0; thanks to Lubos Kejzlar <kejzlar@civ.zcu.cz> 2002-03-06 Ken Raeburn <raeburn@mit.edu> * Makefile.in (LIBMINOR): Bump due to some behavior changes regarding enctype similarity. (Importing Tom's change from 1.2.x branch.) 2002-02-22 Ken Raeburn <raeburn@mit.edu> * kdb_xdr.c (krb5_dbe_lookup_mod_princ_data): Use const instead of krb5_const. 2001-11-19 Ezra Peisach <epeisach@mit.edu> * t_kdb.c (do_testing): Invoke krb5_free_principal and krb5_free_keyblock_contents on master key to prevent minor memory leak. 2001-10-30 Ezra Peisach <epeisach@mit.edu> * kdb_cpw.c (cleanup_key_data): Do not free NULL pointer. 2001-10-26 Ezra Peisach <epeisach@mit.edu> * kdb_xdr.c (krb5_encode_princ_contents): Use krb5_ui_2 instead of krb5_int16 for key_data_length. 2001-10-22 Tom Yu <tlyu@mit.edu> * kdb_xdr.c (krb5_dbe_search_enctype): Filter out enctypes that aren't in permitted_enctypes. This prevents the KDC from issuing a ticket whose enctype that it won't accept. 2001-10-20 Tom Yu <tlyu@mit.edu> * keytab.c (krb5_ktkdb_get_entry): For now, coerce enctype of output keyblock in case we got a match on a similar enctype. 2001-10-09 Ken Raeburn <raeburn@mit.edu> * kdb_db2.c, kdb_db2.h, kdb_dbm.c, keytab.c, t_kdb.c: Make prototypes unconditional. 2001-07-26 Ezra Peisach <epeisach@mit.edu> * kdb_xdr.c (krb5_dbe_update_mod_princ_data, krb5_encode_princ_contents): Delcare local variable unsigned. * kdb_cpw.c (add_key_pwd): Declare local variable unsigned based on use. 2001-04-25 Ezra Peisach <epeisach@mit.edu> * kdb_dbm.c (destroy_file_suffix): Declare as static. 2001-03-10 Ezra Peisach <epeisach@kangaroo.mit.edu> * kdb_xdr.c: Change the variable index to idx to prevent function name shadowing. 2000-11-01 Ezra Peisach <epeisach@mit.edu> * configure.in: Use AC_CHECK_HEADERS instead of AC_HAVE_HEADERS. 2000-10-17 Ezra Peisach <epeisach@mit.edu> * fetch_mkey.c: Signed/unsigned int cleanup. * kdb_cpw.c (add_key_pwd): Change salt data length of -1 to SALT_TYPE_AFS_LENGTH. 2000-09-20 Ezra Peisach <epeisach@mit.edu> * kdb_xdr.c (krb5_dbe_free_contents): Clean up signedness warning. * fetch_mkey.c (krb5_db_fetch_mkey): Clean up signedness warnings. * kdb_db2.c (destroy_file_suffix): Declare function as static. Rewrite code to use off_t and unsigned ints to handle gcc warnings. (kdb5_context_internalize) Unmarshal boolean type properly. * store_mkey.c (krb5_db_store_mkey): Use mode_t instead of int in call to umask. * configure.in: Add AC_TYPE_MODE_T and AC_TYPE_OFF_T for mode_t and off_t declarations. 2000-07-04 Ezra Peisach <epeisach@mit.edu> * encrypt_key.c, kdb_cpw.c, kdb_xdr.c: Add parenthesis about assignment in conditional and remove unused variables. 2000-06-30 Tom Yu <tlyu@mit.edu> * Makefile.in (SHLIB_EXPDEPS): Add libdb, since we can build this shared now. (SHLIB_EXPLIBS): Add -ldb. 2000-05-11 Nalin Dahyabhai <nalin@redhat.com> * t_kdb.c (gen_principal): Don't overflow "pnamebuf" if bad data was passed in. 2000-05-03 Nalin Dahyabhai <nalin@redhat.com> * setup_mkey.c (krb5_db_setup_mkey_name): Use REALM_SEP_STRING when computing size of buffer that is to include it. * fetch_mkey.c (krb5_db_fetch_mkey): Make sure "defkeyfile" is null terminated after construction. * store_mkey.c (krb5_db_store_mkey): Likewise. 2000-04-27 Ken Raeburn <raeburn@mit.edu> Ezra Peisach <epeisach@mit.edu> * t_kdb.c (gen_principal): Force argument to isalnum to be in range 0..255. (do_testing): Cast pid_t to long before passing to fprintf, and use %ld format. Fix argument lists to find_principal and delete_principal. 2000-03-16 Ezra Peisach <epeisach@mit.edu> * kdb_xdr.c (krb5_dbe_lookup_mod_princ_data): Get rid of unused variable. 2000-03-12 Ezra Peisach <epeisach@mit.edu> * kdb_xdr.c (krb5_dbe_lookup_mod_princ_data): In casting argument to krb5_parse_name, use krb5_const not const. 2000-02-21 Bear Giles <bgiles@coyotesong.com> * fetch_mkey.c (krb5_db_fetch_mkey): Don't attempt to override type of key read from stash file. 2000-02-18 Tom Yu <tlyu@mit.edu> * kdb_cpw.c (krb5_dbe_crk): (krb5_dbe_cpw): Fix to actually save old keys. 1999-10-26 Wilfredo Sanchez <tritan@mit.edu> * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES, LOCAL_INCLUDES such that one can override CFLAGS from the command line without losing CPP search patchs and defines. Some associated Makefile cleanup. 1999-08-30 Ken Raeburn <raeburn@mit.edu> * t_kdb.c (add_principal): Free only contents of a generated key, since the keyblock structure itself is on the stack. 1999-08-17 Ken Raeburn <raeburn@mit.edu> * t_kdb.c (add_principal): Update for new calling sequence to krb5_dbekd_encrypt_key_data. (do_testing): Update calls. 1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Set the myfulldir and mydir variables (which are relative to buildtop and thisconfigdir, respectively.) Tue Nov 17 18:19:41 1998 Tom Yu <tlyu@mit.edu> * kdb_cpw.c (krb5_dbe_crk): (krb5_dbe_cpw): Add "keepold" boolean argument to indicate whether to retain old keys. 1998-10-27 Marc Horowitz <marc@mit.edu> * kdb_xdr.c, kdb_cpw.c: remove the special knowledge of ENCTYPE string-to-key equivalances. the crypto api has a function for this now. * decrypt_key.c, encrypt_key.c, fetch_mkey.c, kdb_cpw.c, kdb_db2.c, kdb_db2.h, kdb_dbm.c, keytab.c, verify_mky.c: change or remove all the places krb5_encrypt_block was used (this is mostly relevant to kdb manipulations). It was usually used to specify an enctype (which is now implied by the keyblock), or to store or pass in a processed key (now the api just takes a key directly, so these structures and functions do, too). The kdb key manuipulation functions also need to be made to use the new api. Fri Sep 25 19:42:10 1998 Tom Yu <tlyu@mit.edu> * kdb_xdr.c (krb5_dbe_search_enctype): Re-order booleans so that similar doesn't get checked unless (ktype >= 0) to avoid it being stack garbage. Sun Aug 16 16:52:10 1998 Sam Hartman <hartmans@utwig.mesas.com> * Makefile.in (SHLIB_EXPLIBS): Include $(LIBS) so building on AIX works Sun Jul 26 18:12:22 1998 Sam Hartman <hartmans@utwig.mesas.com> * Makefile.in (LIBMAJOR): bump libmajor 1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu> * t_kdb.c (main): POSIX states that getopt returns -1 when it is done parsing options, not EOF. Wed Apr 15 18:06:34 1998 Tom Yu <tlyu@mit.edu> * Makefile.in (SHLIB_EXPDEPS): (SHLIB_EXPLIBS): Rename libcrypto -> libk5crypto. Fri Feb 27 21:21:03 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> * configure.in: Remove check for the regular expression functions, since they aren't used in lib/kdb. Wed Feb 18 16:16:35 1998 Tom Yu <tlyu@mit.edu> * Makefile.in: Remove trailing slash from thisconfigdir. Fix up BUILDTOP for new conventions. Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile Tue Oct 28 10:18:10 1997 Ezra Peisach <epeisach@mit.edu> * kdb_cpw.c (add_key_pwd): For KRB5_KDB_SALTTYPE_AFS3, the salt key for afs_mit_string_to_key mut be null terminated. Mon Oct 13 10:18:19 1997 Ezra Peisach <epeisach@mit.edu> * t_kdb.c (do_testing): Add krb5_free_context. Mon Sep 15 15:05:30 1997 Ezra Peisach <epeisach@mit.edu> * keytab.c: (krb5_ktkdb_get_entry): Incoming principal is const. * kdb_dbm.c (krb5_dbm_db_get_principal, krb5_dbm_db_delete_principal): Incoming principal is const. * kdb_xdr.c (krb5_dbe_update_mod_princ_data, krb5_encode_princ_dbkey): Incoming principal is const. * kdb_db2.h (krb5_db2_db_get_principal): Change prototype to const principal. * kdb_db2.c (krb5_db2_db_get_principal, krb5_db2_db_delete_principal): The search for principal is const. Thu Jul 31 14:54:10 1997 Ezra Peisach <epeisach@mit.edu> * kdb_db2.c (krb5_db2_db_delete_principal): Fix switch statement so that all cases have one statement. Tue Jul 29 02:35:09 1997 Tom Yu <tlyu@mit.edu> * kdb_db2.c (krb5_db2_db_set_hashfirst): Don't cast a krb5_context * to a krb5_db2_context *. Fri Jul 25 15:29:03 1997 Tom Yu <tlyu@mit.edu> * kdb_db2.c: Fix typo; also, tweak page size in attempt to speed things up. * kdb_db2.h: Fix typo. * t_kdb.c: Reflect changes in the API, mostly db_create. * Makefile.in: Bump version due to major reworking. * kdb_db2.h: * kdb_db2.c: Add Berkely DB backend. * keytab.c: Add support for new kdb API; delete dead arguments. * kdb_xdr.c: Remove dependencies on dbm; encode things to krb5_datas rather than datums. Mon Mar 24 12:19:03 1997 Theodore Ts'o <tytso@rsts-11.mit.edu> * t_kdb.c (do_testing): Clean up error handling for krb5_init_context. * Makefile.in (check): Define and use KRB5_CONFIG_SETUP which sets up the environment variables appropriately. Sun Mar 16 21:20:00 1997 Tom Yu <tlyu@mit.edu> * keytab.c: Don't assume dbm_db_get_mkey() and dbe_find_enctype won't error out. Also, some gcc -Wall warning cleanups. [krb5-kdc/361] Sat Feb 22 01:15:30 1997 Sam Hartman <hartmans@tertius.mit.edu> * Makefile.in (SHLIB_EXPLIBS): depend on -lcrypto Thu Feb 6 15:33:34 1997 Tom Yu <tlyu@mit.edu> * Makefile.in: * configure.in: Update to new program build procedure. Wed Jan 8 01:59:15 1997 Ezra Peisach <epeisach@mit.edu> * Makefile.in, configure.in: Convert to new build procedure for libs. Mon Nov 18 20:40:12 1996 Ezra Peisach <epeisach@mit.edu> * configure.in: Set shared library version to 1.0. [krb5-libs/201] Tue Nov 12 23:41:55 1996 Mark Eichin <eichin@cygnus.com> * kdb_dbm.c: Ditch DB_OPENCLOSE conditionals, and fix the real problem. Like the policy db, the main db is now opened on first lock and closed on last unlock. Set db_dbm_ctx to NULL after closing it, to help detect dangling references. (krb5_dbm_db_put_principal, krb5_dbm_db_delete_principal): KDBM_STORE can fail (in case of database corruption, for example) *without* causing errno to be set. If errno is zero, use KRB5_KDB_DB_CORRUPT instead. (If it is non-zero, it may still be wrong, but at least something gets reported. This will be properly fixed by ditching KDBM_* altogether, and using the non-lossy db interfaces, so it's a good enough fix for now.) (krb5_dbm_db_rename): grab errno from rename *before* calling krb5_dbm_db_end_update, to avoid "not a typewriter" syndrome. (krb5_dbm_db_unlock): only close on zero refcount. Mon Nov 11 20:21:02 1996 Mark Eichin <eichin@cygnus.com> * kdb_cpw.c (add_key_pwd): set length to -1 so krb5_string_to_key handles the AFS3 salttype, but then replace it with the actual length for later processing. Mon Nov 11 17:03:16 1996 Barry Jaspan <bjaspan@mit.edu> * kdb_cpw.c (cleanup_key_data): fix memory leak [krb5-kdc/163] (add_key_pwd): fix memory leak [krb5-kdc/164] Sat Nov 9 15:57:50 1996 Ezra Peisach <epeisach@mit.edu> * t_krb5.conf: Dummy krb5.conf file from the krb5 library. * Makefile.in (check): Set KRB5_CONFIG to a valid krb5.conf file. * t_kdb.c (do_testing): Check return value from krb5_init_context. Thu Oct 31 11:10:56 1996 Ezra Peisach <epeisach@trane.rose.brandeis.edu> * Makefile.in (t_kdb): Link with $(TOPLIBD)/libdb.a Wed Sep 4 19:29:57 1996 Tom Yu <tlyu@mit.edu> * Makefile.in (t_kdb): Fix up dependencies of t_kdb so it will build on non-shared architectures; also ensure that libs get linked after the objects. Fri Aug 23 16:34:45 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in (t_kdb): Fix Makefile so that t_kdb is linked correctly with the appropriate libraries. Thu Aug 22 16:22:01 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * kdb_dbm.c: Remove vestigal code which was using BERK_DB_DBM define. Still need to remove kludgey database "switch" code and recode to use the db interface. * t_kdb.c: Update t_kdb to use the new libkdb interface. Mon Aug 12 14:11:29 1996 Barry Jaspan <bjaspan@mit.edu> * kdb_dbm.c (krb5_dbm_db_rename): rename should not insist that the target database not already exist Fri Aug 9 15:21:34 1996 Ezra Peisach <epeisach@dumpster.rose.brandeis.edu> * Makefile.in (shared): Convert shared:: to shared: so will not always be called upon. Thu Aug 8 20:26:47 1996 Tom Yu <tlyu@mit.edu> * Makefile.in (shared): Always mkdir shared; test -d shared || mkdir shared breaks under Ultrix sh (grrr...). Thu Aug 8 18:29:15 1996 Sam Hartman <hartmans@mit.edu> * keytab.c (krb5_ktkdb_get_entry): Return KRB5_KT_NOTFOUND if the principal doesn't exist instead of dereferencing a null pointer. Fri Aug 2 14:08:03 1996 Sam Hartman <hartmans@mit.edu> * configure.in(LIBS): AIX wants to link against -ldb when building the shared lib. Mon Jul 29 23:07:14 1996 Samuel D Hartman (hartmans@vorlon) * kdb_dbm.c: Don't bother referencing dbm_pagfno, because we don't actually use it; same for dbm_dirfno. Tue Jul 23 11:09:08 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * Makefile.in: libkdb5.so needs to be built with libcrypto and libkrb5. * configure.in: Pass version numbers of teh crypto and krb5 shared libraries. Fri Jul 12 15:32:26 1996 Marc Horowitz <marc@mit.edu> * kdb_cpw.c (add_key_pwd): initialize retval = 0, in case the function is called with ks_tuple_count == 0. Wed Jul 10 16:22:14 1996 Marc Horowitz <marc@mit.edu> * configure.in (USE_KDB5_LIBRARY): removed. the library does not need itself to build, and in fact fails to do so if I try. * Makefile.in (clean-unix): remove the shared/ subdir Tue Jul 9 17:55:30 1996 Marc Horowitz <marc@mit.edu> * configure.in, Makefile.in: added rules and macros to do shared library creation Mon Jul 8 17:06:00 1996 Barry Jaspan <bjaspan@mit.edu> * kdb_dbm.c: Create DB_OPENCLOSE, which opens and closes the databases for each lock. This is slower than the previous method, but unlike the previous method it works. Tue Jun 11 19:27:22 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * keytab.c (krb5_ktkdb_close): Free memory allocated by krb5_ktkdb_resolve. Mon May 20 18:02:07 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * kdb_dbm.c (krb5_dbm_db_create): Remove vestigal ODBM support. Sat May 18 15:07:09 1996 Ezra Peisach (epeisach@paris) * kdb_dbm.c: Do not provide prototypes for dbm_error or dbm_clearerr if they are really macros. Sun May 12 01:03:07 1996 Marc Horowitz <marc@mit.edu> * kdb_xdr.c: reworked all of the krb5_dbe_* tl_data functions. This was necessary so that the admin system could store it's own tl_data, without needing code here. This has the side-effect of eliminating some structures which added no value, therefore changing about a half-dozen files elsewhere in the tree. * kdb_cpw.c (add_key_rnd): handle kvno incrementing in the caller, not here. (krb5_dbe_crk): increment the kvno here, not in add_key_rnd (krb5_dbe_ark): increment the kvno here, not in add_key_rnd (add_key_pwd): handle kvno incrementing in the caller, not here. (krb5_dbe_cpw): take an arg to specify the new kvno. if it's <= the old kvno, just increment. Otherwise, pass it to add_key_pwd. This is why all the code in this revision was changed. (krb5_dbe_apw): increment the kvno here, not in add_key_pwd Tue May 7 19:48:57 1996 Ezra Peisach <epeisach@dumpster.rose.brandeis.edu> * t_kdb.c (do_testing): Compile if using BERK_DB and dbm is not available on system. Thu Mar 21 20:38:38 1996 Richard Basch <basch@lehman.com> * decrypt_key.c (krb5_dbekd_decrypt_key_data): bullet-proofing the code -- if the data contents are NULL, do not coredump. Mon Mar 18 21:46:39 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * configure.in: Add KRB5_RUN_FLAGS * Makefile.in: Use the run flags. Sun Mar 17 20:55:41 1996 Ezra Peisach <epeisach@dumpster.rose.brandeis.edu> * configure.in: Change WITH_KDB_DB to USE_KDB5_LIBRARIES and add KRB5_LIBRARIES. * Makefile.in: Use libraries as specified by configure. Set LD_LIBRARY_PATH for tests. Sun Mar 3 10:41:04 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * configure.in: Change WITH_DB to WITH_KDB_DB Fri Feb 23 19:39:52 1996 Mark Eichin <eichin@cygnus.com> * keytab.c (krb5_ktkdb_close): new function, non-optional. (krb5_kt_kdb_ops): include _close method, comment what the other slots are. Tue Feb 13 21:33:03 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * kdb_dbm.c (krb5_dbm_db_rename): Initialize pointer before use for case where new db does not exist. Tue Jan 30 18:26:38 1996 Mark Eichin <eichin@cygnus.com> * kdb_dbm.c (krb5_dbm_db_rename): O_EXCL is meaningless without O_CREAT. Sat Jan 27 01:01:17 1996 Mark Eichin <eichin@cygnus.com> * t_kdb.c: wrap db_dbm decls and berkely_dispatch in ifdefs BERK_DB_DBM. (do_testing): wrap references as well. * keytab.c (krb5_ktkdb_get_entry): use KRB5_PROTOTYPE. Wed Dec 13 09:28:33 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> * keytab.c (krb5_ktkdb_resolve): Fix casting * t_kdb.c (add_principal): Remove mkvno Wed Dec 13 07:09:30 1995 Chris Provenzano (proven@mit.edu) * Makefile.in, keytab.c : Move db keytab routines here. Wed Dec 13 03:51:53 1995 Chris Provenzano (proven@mit.edu) * kdb_xdr.c : Remove mkvno for krb5_db_entry Tue Dec 12 01:20:02 1995 Chris Provenzano (proven@mit.edu) * kdb_dbm.c : Move the krb5_db_context to include/krb5/kdb_dbc.h. * kdb_dbm.c krb5_dbm_db_set_mkey(), krb5_dbm_db_get_mkey(): Functions for associating a master key (krb5_encrypt_block *) to a krb5_db_context. Currently it associates it to the krb5_context and will be fixed once the krb5_db_context is better defined (Post 1.0). Thu Nov 09 17:05:57 1995 Chris Provenzano (proven@mit.edu) * fetch_mkey.c, kdb_cpw.c, t_kdb.c : Remove krb5_enctype from krb5_string_to_key() args. Tue Nov 7 16:35:03 1995 Theodore Y. Ts'o <tytso@dcl> * kdb_xdr.c (krb5_dbe_search_enctype): Make a more general version of kdb5_dbe_find_enctype() which allows you to search the keylist looking for multiple keys that fit your criteria. Eventually we should convert all programs to use kdb5_dbe_search_enctype() instead of kdb5_dbe_find_enctype(). Fri Nov 03 04:49:58 1995 Chris Provenzano (proven@mit.edu) * decrypt_key.c (krb5_dbekd_decrypt_key_data()) : If key salt length is 0 then set keysalt->data.data to NULL. * kdb_cpw.c (add_key_rnd(), add_key_pwd()) : When creating new keys for a new kvno and there are multiple enctypes that use a common keytype, then set the enctype in the key to the first specified enctype and skip all other enctypes that use the same keytype. (This assumes the salt type is the same too.) This way when the kdc needs to get the server key it doesn't need to gues what enctypes the server supports. * kdb_xdr.c (krb5_dbe_find_enctype()): Match keys that use common keytypes but different enctypes. Eg. ENCTYPE_DES_CBC_MD5 matches ENCTYPE_DES_CBC_CRC and vice versa. * kdb_xdr.c krb5_dbe_find_enctype()): If kvno = 0 then determine maxkvno for all the keys and then search keys for a key that matches enctype salttype and has kvno == maxkvno. This is different than when kvno = -1 which searches the keys for THE key with the greatest kvno which also matches enctype and salttype. * kdb_kdr.c (krb5_dbe_find_enctype()): If kvno = ktype = stype = -1 then set kvno = 0. The first doesn't make a lot of sense. * kdb_xdr.c (krb5_dbe_encode_last_pwd_change(), krb5_dbe_decode_last_pwd_change()) : Added. * kdb_xdr.c (krb5_decode_princ_contents()) : Don't try to allocate space for keys if n_key_data = 0. Mon Sep 25 17:31:02 1995 Theodore Y. Ts'o <tytso@dcl> * Makefile.in: Removed "foo:: foo-$(WHAT)" lines from the Makefile. Wed Sep 13 15:19:17 1995 Theodore Y. Ts'o <tytso@dcl> * kdb_xdr.c (krb5_dbe_encode_mod_princ_data): Fix memory leaks. Fix lint flames. * fetch_mkey.c (krb5_db_fetch_mkey): This routine now sets the master encblock's crypto system using krb5_use_enctype() from the stored keytype of the master key. * decrypt_key.c (krb5_dbekd_decrypt_key_data): Remove the encryption type; the master_encblock should always be set correctly. Sat Sep 9 14:53:39 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> * decrypt_key.c (krb5_dbekd_decrypt_key_data): Set the encryption type before decrypting. Fri Sep 8 19:52:34 1995 Ezra Peisach (epeisach@dcl) * decrypt_key.c: Upon error, after freeing contents field, set to null to indicate to upper levels that it is really empty. Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu) * decrypt_key.c, encrypt_key.c, fetch_mkey.c, kdb_compat.c, * kdb_cpw.c, kdb_xdr.c, store_mkey.c, t_kdb.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu) * decrypt_key.c, fetch_mkey.c, t_kdb.c : Remove krb5_enctype references, and replace with krb5_keytype where appropriate Tue Aug 29 13:34:23 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_dbm.c - Add routines to support serialization of the database context. Clean up gcc -Wall complaints. Thu Aug 24 18:54:51 1995 Theodore Y. Ts'o <tytso@dcl> * .Sanitize: Update file list Fri Aug 18 17:27:20 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_dbm.c - Bump timestamp to the future if we can't discriminate between updates within a second. Fix database rename. Reopen database after put or delete. * t_kdb.c - Add test code to fork off a few processes to beat on the database. Thu Aug 17 13:46:29 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_dbm.c - Remove argument from dbm_db_end_update(). It was never used. Remove gen_dbsuffix() logic from dbm_db_end_update() and dbm_db_get_age(). This logic was incorrect (end_update) or unused (get_age). Reorg db_init() to reflect change in dbm_db_get_age(). Wed Aug 16 03:10:57 1995 Chris Provenzano <proven@mit.edu> * decrypt_key.c, encrypt_key.c Only save the salt data if salt type != 0. * kdb_dbm.c : Rewritten to NOT open/close the db for every transaction. Tue Aug 15 14:25:42 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_xdr.c - Add krb5_dbe_find_keytype() and clean up gcc -Wall complaints. Wed Aug 9 17:17:36 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_cpw.c - Add check for uniqueness of key or key/salt combo. Don't generate a new key_data entry if one already exists. Also, fill in the key_data list at the end so as not to overwrite already present data. - Free krbtgt_keyblock contents in add_key_rnd(). - Put a "break" at the end of the KRB5_KDB_SALTTYPE_ONLYREALM in add_key_pwd(). Also pass in key_salt to encrypt_key_data always. * kdb_xdr.c - initialize retval to 0 in decode_mod_princ data. This is questionable whether we should return an error if there's no mod_princ data. Also, free the allocated mod_princ only if we allocated it and there's a failure. Wed Aug 9 09:47:08 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_cpw.c(add_key_rnd) - Terminate the variable length argument list to krb5_build_principal_ext() with a zero. Tue Aug 8 21:32:30 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU> * kdb_cpw.c (add_key_rnd): remove bletcherous aggregate initializer stuff and use build_principal_ext like we should have in the first place to build the tgt principal. Tue Aug 8 17:35:58 EDT 1995 Paul Park (pjpark@mit.edu) * encrypt_key.c - When allocating the actual key_data_contents use the correct length (e.g. containing the two length bytes). * kdb_xdr.c - Clean the each key_data structure so that unfilled data becomes zero. Mon Aug 7 17:40:10 EDT 1995 Paul Park (pjpark@mit.edu) * encrypt_key.c - Handle keysalt specification with null data length. * decrypt_key.c - Handle salttypes with zero salt length. Also, copy out stored salt. Mon Aug 7 14:15:59 EDT 1995 Paul Park (pjpark@mit.edu) * decrypt_key.c - Deserialize key length into a 16 bit integer, then jam it into the keyblock. Mon Aug 7 13:05:53 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_cpw.c(add_key_rnd) - Manually initialize krbtgt_princ.data to point to krbtgt_princ_entries since some compilers do not support dynamic initializers. Mon Aug 07 11:27:37 1995 Chris Provenzano (proven@mit.edu) * kdb_cpw.c: New routines for changing passwords of db_entried. Fri Aug 4 23:26:22 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU> * setup_mkey.c (krb5_db_setup_mkey_name), * fetch_mkey.c (krb5_db_fetch_mkey), * verify_mky.c (krb5_db_verify_master_key), * decrypt_key.c (krb5_dbekd_decrypt_key_data), * encrypt_key.c (krb5_dbekd_encrypt_key_data), * kdb_xdr.c, kdb_dbm.c, Add parens to shut up gcc -Wall Fri Aug 4 16:22:46 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_xdr,{de,en}crypt_key.c - Use encode/decode macros to [de]serialize data going in and out of the database. Thu Aug 3 11:52:40 EDT 1995 Paul Park (pjpark@mit.edu) * encrypt_key.c - Actually copy in the salt data which we allocated space for in krb5_dbekd_encrypt_key_data(). * kdb_xdr.c - Correctly generate the tl_data list in krb5_decode_princ_ contents(). Also allow for key_data_ver to be KRB5_KDB_V1_DATA_ ARRAY. Mon Jul 31 15:55:46 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_xdr.c - Correctly parenthesize realloc() expression in create_key _data(). Thu Jul 27 15:28:41 EDT 1995 Paul Park (pjpark@mit.edu) * kdbint.h - Obsolete. Thu Jul 27 02:59:05 1995 Chris Provenzano (proven@mit.edu) * decrypt_key.c, encrypt_key.c, kdb_dbm.c, kdb_xdr.c: Rewritten for new kdb format. * kdb_cpw.c : New password changing routines for new kdb format. * verify_mky.c, t_kdb.c : Use new kdb format. Tue Jul 25 14:06:50 1995 Tom Yu <tlyu@lothlorien.MIT.EDU> * kdb_dbm.c, t_kdb.c: Add prototype for dbm_error and dbm_clearerr in case they're not prototyped in the header files. * configure.in: Add test for missing prototypes for dbm_error and dbm_clearerr. Thu Jul 20 23:59:18 1995 Mark Eichin <eichin@cygnus.com> * kdb_dbm.c (krb5_dbm_db_create): move dirname, pagname declarations to the top of function, so it compiles... Mon Jul 17 15:17:53 EDT 1995 Paul Park (pjpark@mit.edu) * fetch_mkey.c - Remove inclusion of kdbint.h and add handling of stash file argument. * store_mkey.c - Remove inclusion of kdbint.h. The default name of the stash file is in osconf.h now. Sat Jul 8 22:37:14 1995 Theodore Y. Ts'o (tytso@dcl) * kdb_dbm.c (kdb5_kdbm_db_create): Make sure the dbm context is initialized before we start. Fri Jul 7 16:29:22 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Remove LDFLAGS, find com_err in TOPLIBD. Fri Jun 30 14:39:45 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_dbm.c - Add function dispatch table to context and use it to perform database accesses. Add kdb5_db_set_dbops() to set a context's function dispatch table. * Makefile.in - Remove Berkeley database object modules from this library. They're now in libkrb5 since we use them in other places. * t_kdb.c - Add ability to test both DBM and Berkeley database format. Thu Jun 29 06:54:00 1995 Mark Eichin <eichin@cygnus.com> * configure.in (--with-dbm): new option, allows easy building of normal dbm support for compatibility. * Makefile.in (DBFLAGS): variable to hold substitution of flags to enable Berkeley db support. Thu Jun 22 11:59:28 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_dbm.c - Replace static kdb context with context which is attached to krb5 context. This allows for multiple open databases within the same process. Thu Jun 15 18:04:58 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in - Remove explicit copying of archive library to library directory. Add dependency on all-$(WHAT) * configure.in - Create symlink for archive when we build it. Wed Jun 14 12:37:51 1995 Sam Hartman <hartmans@tardis.MIT.EDU> * configure.in: Check for umask being defined. * store_mkey.c (krb5_db_store_mkey): Use HAVE_UMASK instead of unix as a preprocessor define for setting the umask. AIX doesn't define unix. * t_kdb.c (main): Declare option as int, not char. When char is unsigned, the comparison to EOF fails and it loops forever. Sun Jun 11 09:26:48 1995 Ezra Peisach <epeisach@kangaroo.mit.edu> * Makefile.in (clean): Remove t_kdb and t_kdb.o Fri Jun 9 19:26:49 1995 <tytso@rsx-11.mit.edu> * configure.in: Remove standardized set of autoconf macros, which are now handled by CONFIG_RULES. Tue May 30 12:31:26 EDT 1995 Paul Park (pjpark@mit.edu) * Makefile.in: ranlib the library again after doing $(LIBUPDATE). Some archivers don't do this. Fri May 26 17:52:03 EDT 1995 Paul Park (pjpark@mit.edu) * kdb_dbm.c - Change usage of dbm package or Berkeley db package based on setting of BERK_DB_DBM. Also, conditionalize implicit knowledge of dbm/Berkeley db filename extensions. * Makefile.in - Set BERK_DB_DBM when compiling. Update from Berkeley db build directory. * configure.in - Check for random number generators. * t_kdb.c - New tester for kdb code. Fri Mar 24 21:59:34 1995 Theodore Y. Ts'o <tytso@dcl> * store_mkey.c (krb5_db_store_mkey): * fetch_mkey.c (krb5_db_fetch_mkey): Hardcode the size of the keytype field in the file format, to be compatible with what was used in the Beta 4 release (before we changed the size of a krb5_keytype type). Fri Mar 24 15:13:53 1995 <tytso@rsx-11.mit.edu> * kdb_dbm.c: Don't cast dbm_close() to void, because dbm_close is already void. Tue Feb 28 00:30:10 1995 John Gilmore (gnu at toad.com) * decrypt_key.c, encrypt_key.c, fetch_mkey.c, kdb_dbm.c, setup_mkey.c, store-mkey.c, verify_mky.c: Avoid <krb5/...> includes. Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu) * Added krb5_context to all krb5_routines Thu Nov 17 19:22:16 1994 Mark Eichin (eichin@cygnus.com) * kdb_dbm.c (krb5_dbm_db_unlock): Use krb5_lock_file. (krb5_dbm_db_lock): Same. (Changes from jtkohl@mit.edu.) Thu Nov 10 17:20:42 1994 Theodore Y. Ts'o (tytso@dcl) * decrypt_key.c (krb5_kdb_decrypt_key): Set the keyblock's magic number and ecryption type information appropriately. Tue Nov 8 18:03:23 1994 Theodore Y. Ts'o (tytso@dcl) * fetch_mkey.c (krb5_db_fetch_mkey): Set the keyblock's magic number and encryption type information appropriately. Sat Oct 22 10:13:25 1994 (tytso@rsx-11) * kdb_dbm.c: Don't need to define POSIX_FILE_LOCKS; just include config.h instead. Wed Oct 19 12:15:36 1994 Theodore Y. Ts'o (tytso@dcl) * Makefile.in: make install obey $(DESTDIR) completely Fri Oct 14 00:57:33 1994 Theodore Y. Ts'o (tytso@dcl) * configure.in: Add test for unistd.h * lock_file.c: Use POSIX_FILE_LOCKS if _POSIX_VERSION is defined in unistd.h Tue Oct 4 15:08:03 1994 Theodore Y. Ts'o (tytso@dcl) * kdb_dbm.c (decode_princ_contents): Add backwards compatibility for version numbers 1.0 and 2.0. Mon Oct 3 22:47:49 1994 Theodore Y. Ts'o (tytso@dcl) * kdb_dbm.c (decode_princ_contents): Force an incompatible version number change to the database --- we are now at database entry version 2.0. Unfortunately, the way we encode the database is completely broken, and any structure changes change the encoding format. We will need to redo this completely at some point, so we don't have to make people go through this again. * Makefile.in: make install obey $(DESTDIR) Thu Aug 4 03:41:44 1994 Tom Yu (tlyu@dragons-lair) * configure.in: look for install program * Makefile.in: make install fixes Fri Jul 15 14:54:10 1994 Theodore Y. Ts'o (tytso at tsx-11) * kdb_dbm.c (krb5_dbm_db_end_update): Change use of utimes() to the POSIX utime() function.