Configuration bug-fixes and making it easier to deploy on
Instead of compile-time debug levels and output, start using a
run-time configuration file. (Existing methods of setting debug
level and file are retained, although they are overridden by the
configuration file contents).
This is documented in
The location of the file is a compile-time constant set in
, defaulting to
This makes it much easier to submit bug reports.
Fully comply to the RFC for
parsing. Newer versions of Thunderbird (or possibly just the
newer time-zone specifications used by Thunderbird) caused
kcaldav to fail in parsing uploaded
calendar entries for this reason.
Significant upgrades to the source code, although none of it
Most effort went toward restructuring the code to be more readable
and friendly to contribution, especially as regards layering.
The layout is briefly described in the README file.
Messaging has been overhauled.
All web application access now uses
's logging routines,
while the local
The only front-facing change here is that command-line output is as
one would expect—output was all tailored to web application
The only maintainer update is that the
compile time, which used to be settable to
verbose output and
(database operations as well), or
(network as well).
A value of
(or less than zero), or not specifying the
variable, results in only errors being reported.
One-liner fix to respect the logfile name.
Even better parsing of iCalendar (RFC 5545) dates and times.
This is from more work contributed by Olivier Taïbi, thanks!
Significantly increase the iCalendar regression suite with a set of
valid calendar files from
Essentially re-write the
Significantly improve its code-base as well, most notably using
always unset -n
Be much clearer about verbosity.
This now allows
to not spam the
operator with underlying errors, warnings, and information.
Document the -b
Fix for RFC 5545 section 126.96.36.199, which stipulates a more
complicated date setup than initially parsed.
Found by and patched with Olivier Taïbi, thanks!
Bump to newest
Update to newest and safest
Bump to newest
No code change otherwise.
First, handle non-numeric ETag values.
This has several steps.
First, not parsing the values as numbers and aborting otherwise.
Second, using randomly-generated ETag values internally instead of
monotonically increasing numbers.
Third, outputting as opaque strings instead of numbers.
This was originally reported by stsp@, thanks!
Next, HTTP conditionals.
If-Match, make sure to properly handle quoted
values as well as the
Do the same for
Lastly, clean up the manpages and the www material.
Handle out-of-order iCal files, which is technically allowed by the
This was raised by stsp@ and others on GitHub, with a patch as well!
While there, fix handling of dates prior to 1900, which happens with
some time zones.
Also handle some negatively-valued recurrence values.
Merge fixes from mk-f@
, which requires the newest
version of kcgi
He was also awesome in fixing another subtle bug (in kcgi
) in parsing the
value when performing certain types of validation.
An awesome set of fixes, thank you!
First release in a long time!
This brings us up to date with kcgi(3)
along with some simplifications.
First, kick out the GNUmakefile
in favour of a simple Makefile
Then, bring in oconfigure
Lastly, relegate per-system changes to a Makefile.local
, making it easier for maintainers.
Don't break multi-byte (UTF-8) streams.
For the time being, this assumes that we're going to be encoded with UTF-8
Also migrate to a GNUmakefile instead of a Makefile, which
allows easier portability between systems. Use a LOGFILE directive instead of logging to stderr.
This small version allows integration with new kcgi(3)
0.7.5 facilities for
This makes it easier to debug new CalDAV clients: see the Makefile
pre-processor options to
If you have issues with a client, please enable full debugging and send me the exchange between the client and server.
I've removed the options parsed by kcaldav(8)
, instead relying on compile-time options as
defined (and documented) in the Makefile
Fix some small nits found with scan-build
Add to GitHub
and check with
Properly URL-encode and decode calendar entities.
This arises when some calendar systems (e.g., Google) use non-alphanumerics in their Calendar names.
Also relax an overly-strict rule when parsing the recursive rules as found by Reyk Floeter.
(Right now, the system doesn't use the recursive rule, so it's safe to have insane dates.)
Warning: you'll need to dump your
database and regenerate it with the included schema
New columns and constraints have been added to support delegation as described below.
Added proxy functionality (see caldav-proxy.txt
This has been tested with Apple's iCal, but not with other systems.
Delegation can be set from the client or from the web interface.
Make web-interface access to the
null directory (e.g., /cgi-bin/kcaldav) automatically redirect to the root directory
instead of crashing the system.
probe requests (
PROPFIND on the script root) properly redirect to the authenticated principal.
This makes it easier to extend or replace.
Updated the underlying database routines to better handle failure conditions and added more documentation to the code
and explanations of error conditions.
Sandbox the entire running process with sandbox_init(3)
(only applicable on Mac OS X).
Split out the CalDAV and iCalendar parsing routines into their own library, which is installed but not yet properly documented.
The documentation will be fleshed out as libkcaldav(3)
Also re-renamed the Makefile rule
This doesn't feature any updates to system functionality.
Migrate to using SQLite
to store everything: nonces, collections, resources, configuration,
and so on.
This completely replaces the existing file-system based infrastructure, which was too brittle, with a single database file.
All existing functionality is preserved, but there are some changes to be aware of if you're already using kcaldav
Foremost, you can now have multiple calendars.
To effect this change, all user calendars are now within subdirectories of the calendar root, e.g.,
instead of directly in
iOS and iCal clients deal with this properly, but Thunderbird will need to point directly to the calendar collection.
Use the on-line interface or kcaldav.passwd(1)
to add calendars and calendar files.
To migrate an existing installation, you'll need to create a new database file with kcaldav.passwd(1)
Make sure that it's read-writable by the web server process.
You'll then need to add your iCalendar files using the same tool.
To migrate this server, I simply re-created my principal, then added the calendar files.
% cd /var/www/caldav
% kcaldav.passwd -f . -C
% kcaldav.passwd -f . -n `find kristaps -name \*.ics`
The unabridged form consists of using
For testing, note that the kcaldav.db file can live alongside an existing installation.
So if you want to make sure it works, both can run alongside each other.
Consolidate all properties into a single structure, allowing for flexible addition and removal of properties and property
This also removes a lot of conditional logic when responding to
method has been cleaned up.
All HTTP methods are now described in kcaldav(8)
, including available properties.
Lots of internal support has been added for iCalendar recurrence
computation, which is the major stepping stone for processing iCalendar dates, but this is not hooked into
active use (yet).
Allow web-based viewing of collection data.
This works because GET isn't defined in calendar collections (according to RFC
, section 9.4), so we can send all GET requests for collections to an HTML dynamic handler.
bits so that clients can (conditionally) set certain properties, e.g., iCal setting the
calendar display name and colour.
Add a framework for field-specific validation in the CalDAV parser to do so.
Add a flag to kcaldav.passwd(1)
to create new principal's home directories and populate them
with a simple kcaldav.conf(5)
Completely re-write the internal iCalendar parser to get ready for handling iCalendar dates.
Add a handler for the default time-zone, encouraging GMT use, and minimum accepted date (epoch).
Lastly, document each property we support (in the source) with a pointer to the RFC section.
When accessing the server from a web browser (i.e., for HTML content), respond by printing the logged-in user's information and
allow for changing of passwords or e-mail if the principal database has the correct permissions.
This allows new users to perform simple administrative tasks without needing to log into the underlying UNIX server.
Implement a nonce database to prevent replay attacks for digest authentication.
This follows RFC 2617
in maintaining a (bounded) database of nonce values and
On first authentication, a new nonce field is created for the principal (possibly evicting the oldest nonce).
Subsequent authentication must use this nonce as well as an increasing nonce-count.
The methods are described in kcaldav(8)
Also, have the gecos field in kcaldav.passwd(5)
contain the user's email address, then remove the
email address field from kcaldav.conf(5)
Migrate the RFC 2617
handling directly into kcgi
, making the parse sequence just a little safer.
A small fix for some clients who aren't smart enough to resend HTTP OPTIONS after receiving a code 403 for the same.
Fitted the XML (CalDAV, DAV, etc.) parser with proper namespace support via the libexpat
Parsed documents are now properly checked for namespace and name of matching elements (e.g.,
), not just
the name itself.
Run the XML parsing routines through AFL
for quite some time to shake out
Add the ability to detect iCalendar
, etc.) and properties (
, etc.) during parse and
stash references to them in linked component lists.
This paves the way for filtering capabilities in later versions.
Fully implement RFC 2617
This includes the
Verify that all
invocations use advisory locks.
Simplify re-opening locked files with
into its own utility function.
Disallow symbolic links everywhere.
(This may be relaxed in the future...)
Drop privileges in kcaldav.passwd(1)
, making it sensitive to the setuid
Linux support thanks to a lot of compatibility glue.
I'm especially displeased with Linux while doing this project: it doesn't even have
I'm just using libbsd
to prevent code duplication.
While refactoring, consolidate logging functions and add kcaldav.passwd(1)
Run the principal parsing routines through the American fuzzy lop
Use the American fuzzy lop
to ferret out crashes and hangs in the iCalendar
Also move this parser to internally use a non-nil terminated buffer; thus, there's no additional copy necessary to a
object for when the iPhone4 retrieves resources.
Simple CalDAV access using Lightning and Mac OS X 10.7 (
The usual PUT, GET, and DELETE methods are supported, and a minimal (but functional) subset of PROPFIND and REPORT properties.
See the kcaldav(8)
manual for details.
Initial public release.
This features only direct iCalendar access, tested on Mozilla