xref: /src/crypto/external/bsd/heimdal/dist/lib/kadm5/ChangeLog

2008-04-23  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_master.c: Only log "sending AYT" once, pointed out by Dr
	A V Le Blanc.
	

2008-01-21  Love Hrnquist strand  <lha (a] it.su.se>

	* default_keys.c: Use hdb_free_keys().

2008-01-11  Love Hrnquist strand  <lha (a] it.su.se>

	* Makefile.am: add check-cracklib.pl, flush.c,
	sample_passwd_check.c

2007-12-07  Love Hrnquist strand  <lha (a] it.su.se>

	* use hdb_db_dir() and hdb_default_db()

2007-10-18  Love  <lha (a] stacken.kth.se>

	* init_c.c: We are getting default_client, not client. this way
	the user can override the result.
	
2007-09-29  Love Hrnquist strand  <lha (a] it.su.se>

	* iprop.8: fix spelling, From Antoine Jacoutt.

2007-08-16  Love Hrnquist strand  <lha (a] it.su.se>

	* version-script.map: export _kadm5_unmarshal_params,
	_kadm5_acl_check_permission

	* version-script.map: export kadm5_log_ symbols.

	* log.c: Unexport the specific log replay operations.
	
2007-08-10  Love Hrnquist strand  <lha (a] it.su.se>

	* Makefile.am: build sample_passwd_check.la as part of noinst.

	* sample_passwd_check.c: Add missing prototype for check_length().

2007-08-07  Love Hrnquist strand  <lha (a] it.su.se>

	* log.c: Sprinkle krb5_set_error_string().

	* ipropd_slave.c: Provide better error why kadm5_log_replay
	failed.

2007-08-06  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_master.c: - don't push whole database to the new client
	every time.  - make slaves get the whole new database if they have
	a newer log the the master (and thus have them go back in time).

2007-08-03  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_slave.c: make more sane.

	* ipropd_slave.c: more paranoid check that the log entires are
	self consistant

	* log.c (kadm5_log_foreach): check that the postamble contains the
	right data.

	* ipropd_master.c: Sprinkle more info about what versions the
	master thinks about the client versions.

	* ipropd_master.c: Start the server at the current version, not 0.

2007-08-02  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_master.c: Add more logging, to figure out what is
	happening in the master.

2007-08-01  Love Hrnquist strand  <lha (a] it.su.se>

	* Makefile.am: add version-script for libkadm5srv.la

	* version-script.map: version script fro kadm5 server libary.

	* log.c: only free the orignal entries extentions if there was
	any.  Bug reported by Peter Meinecke.

	* add configuration for signal file and acl file, let user select
	hostname, catch signals and print why we are quiting, make nop
	cause one new version, not two

2007-07-30  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_master.c (send_diffs): make current slave's version
	uptodate when diff have been sent.
	
2007-07-27  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_slave.c: More comments and some more error checking.
	
2007-07-26  Love Hrnquist strand  <lha (a] it.su.se>

	* init_c.c (get_cache_principal): make sure id is reset if we
	fail. From Benjamin Bennet.

2007-07-10  Love Hrnquist strand  <lha (a] it.su.se>

	* context_s.c (find_db_spec): match realm-less as the default
	realm.

	* Makefile.am: New library version.

2007-07-05  Love Hrnquist strand  <lha (a] it.su.se>

	* context_s.c: Use hdb_get_dbinfo to pick up configuration.
	ctx->config.realm can be NULL, check for that, from Bjorn S.
	
2007-07-04  Love Hrnquist strand  <lha (a] it.su.se>

	* init_c.c: Try harder to use the right principal.

2007-06-20  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_slave.c: Catch return value from krb5_program_setup. From
	Steven Luo.
	
2007-05-08  Love Hrnquist strand  <lha (a] it.su.se>

	* delete_s.c: Write log entry after store is successful, rename
	out goto statments.

	* randkey_s.c: Write log entry after store is successful.

	* modify_s.c: Write log entry after store is successful.

	* rename_s.c: indent.

	* chpass_s.c: Write log entry after store is successful.

	* create_s.c: Write log entry after store is successful.
	
2007-05-07  Love Hrnquist strand  <lha (a] it.su.se>
	
	* iprop-commands.in: Add default values to make this working
	again.

	* iprop-log.c (iprop_replay): create the database with more
	liberal mode.

	* log.c: make it slightly more working.

	* iprop-log.8: Document last-version.

	* iprop-log.c: (last_version): print last version of the log.
	
	* iprop-commands.in: new command last-version: print last version
	of the log.

	* log.c (kadm5_log_previous): document assumptions and make less
	broken.  Bug report from Ronny Blomme.
	
2007-02-17  Love Hrnquist strand  <lha (a] it.su.se>

	* admin.h: add support to get aliases

	* get_s.c: add support to get aliases

2007-02-11  David Love  <fx (a] gnu.org>

	* iprop-log.8: Small fixes, from David Love.
	
2006-12-15  Love Hrnquist strand  <lha (a] it.su.se>

	* init_c.c: if the user have a kadmin/admin initial ticket, don't
	ask for password, just use the credential instead.
	
2006-12-06  Love Hrnquist strand  <lha (a] it.su.se>
	
	* ipropd_master.c: Use strcspn to remove \n from string returned
	by fgets.  From Bjrn Sandell
	
2006-11-30  Love Hrnquist strand  <lha (a] it.su.se>

	* init_c.c (kadm_connect): clear error string before trying to
	print a errno, this way we don't pick up a random failure code
	
2006-11-20  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context
	argument.

	* init_c.c: Make krb5_get_init_creds_opt_free take a context
	argument.
	
2006-10-22  Love Hrnquist strand  <lha (a] it.su.se>
	
	* ent_setup.c: Try to not leak memory.
	
2006-10-07  Love Hrnquist strand  <lha (a] it.su.se>
	
	* Makefile.am: split build files into dist_ and noinst_ SOURCES
	
2006-08-24  Love Hrnquist strand  <lha (a] it.su.se>

	* get_s.c: Add KRB5_KDB_ALLOW_DIGEST

	* ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST

	* admin.h: Add KRB5_KDB_ALLOW_DIGEST
	
2006-06-16  Love Hrnquist strand  <lha (a] it.su.se>

	* check-cracklib.pl: Add password reuse checking. From Harald
	Barth.
	
2006-06-14  Love Hrnquist strand  <lha (a] it.su.se>
	
	* ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4

	* get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4

	* admin.h: Add KRB5_KDB_ALLOW_KERBEROS4
	
2006-06-06  Love Hrnquist strand  <lha (a] it.su.se>

	* ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION

2006-05-30  Love Hrnquist strand  <lha (a] it.su.se>

	* password_quality.c (kadm5_check_password_quality): set error
	message in context.
	
2006-05-13  Love Hrnquist strand  <lha (a] it.su.se>

	* iprop-log.c: Avoid shadowing.

	* rename_s.c: Avoid shadowing.

2006-05-08  Love Hrnquist strand  <lha (a] it.su.se>

	* privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it
	that way.
	
2006-05-05  Love Hrnquist strand  <lha (a] it.su.se>

	* Rename u_intXX_t to uintXX_t

2006-04-27  Love Hrnquist strand  <lha (a] it.su.se>

	* chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c:
	Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for

	* send_recv.c: set and clear error string

	* rename_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* randkey_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* modify_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* log.c: Break out the that we request from principal from the
	entry and pass it in as a separate argument.

	* get_s.c: Break out the that we request from principal from the
	entry and pass it in as a separate argument.

	* delete_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.

	* chpass_s.c: Break out the that we request from principal from
	the entry and pass it in as a separate argument.
	
2006-04-25  Love Hrnquist strand  <lha (a] it.su.se>

	* create_s.c (create_principal*): If client doesn't send kvno,
	make sure to set it to 1.
	
2006-04-10  Love Hrnquist strand  <lha (a] it.su.se>

	* log.c: (kadm5_log_rename): handle errors better
	Fixes Coverity, NetBSD CID#628

	* log.c (kadm5_log_delete): add error handling Coverity, NetBSD
	CID#626
	(kadm5_log_modify): add error handling Coverity, NetBSD CID#627

	* init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in
	case no client name was passed in. Coverity, NetBSD CID#919
	
	* init_c.c (_kadm5_c_get_cred_cache): Free client principal in
	case of error. Coverity NetBSD CID#1908
	
2006-02-02  Love Hrnquist strand  <lha (a] it.su.se>
	
	* kadm5_err.et: (PASS_REUSE): Spelling, 
	from Vclav H?la <ax (a] natur.cuni.cz>
	
2006-01-25  Love Hrnquist strand  <lha (a] it.su.se>

	* send_recv.c: Clear error-string when introducing new errors.

	* *_c.c: Clear error-string when introducing new errors.
	
2006-01-15  Love Hrnquist strand  <lha (a] it.su.se>

	* Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove
	dependency
	
2005-12-13  Love Hrnquist strand  <lha (a] it.su.se>

	* memset hdb_entry_ex before use
	
2005-12-12  Love Hrnquist strand  <lha (a] it.su.se>
	
	* Wrap hdb_entry with hdb_entry_ex, patch originally 
	from Andrew Bartlet

2005-11-30  Love Hrnquist strand  <lha (a] it.su.se>

	* context_s.c (set_field): try another way to calculate the path
	to the database/logfile/signal-socket

	* log.c (kadm5_log_init): set error string on failures
	
2005-09-08  Love Hrnquist strand  <lha (a] it.su.se>

	* Constify password.

	* admin.h: Add KRB5_TL_PKINIT_ACL.
	
	* marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings
	
	* get_s.c (kadm5_s_get_principal): clear error string
	
2005-08-25  Love Hrnquist strand  <lha (a] it.su.se>

	* iprop-log.8: More text about iprop-log.
	
2005-08-24  Love Hrnquist strand  <lha (a] it.su.se>

	* iprop.8: SEE ALSO iprop-log.

	* Makefile.am: man_MANS += iprop-log.8

	* iprop-log.8: Basic for documentation of iprop-log.
	
	* remove replay_log.c, dump_log.c, and truncate_log.c, folded into
	iprop-log.

	* log.c (kadm5_log_foreach): add a context variable and pass it
	down to `func.

	* iprop-commands.in: Move truncate_log and replay_log into
	iprop-log.

	* iprop-log.c: Move truncate_log and replay_log into iprop-log.
	
	* Makefile.am: Move truncate_log and replay_log into iprop-log.
	
	* Makefile.am: Make this work with a clean directory.

	* ipropd_master.c: Make compile.

	* ipropd_master.c: Update to new signature of kadm5_log_previous.

	* log.c (kadm5_log_previous): catch errors instead of asserting
	and set error string.

	* iprop-commands.in: New program iprop-log that incorperates
	dump_log as a subcommand, truncate_log and replay_log soon to come
	after.
	
	* iprop-log.c: New program iprop-log that incorperates dump_log as
	a subcommand, truncate_log and replay_log soon to come after.

	* Makefile.am: New program iprop-log that incorperates dump_log as
	a subcommand, truncate_log and replay_log soon to come after.
	
2005-08-11 Love Hrnquist strand  <lha (a] it.su.se>

	* get_s.c: Implement KADM5_LAST_PWD_CHANGE.
	
	* set_keys.c: Set and clear password where appropriate.

	* randkey_s.c: Operation modifies tl_data.

	* log.c (kadm5_log_replay_modify): Check return values of
	malloc(), replace all extensions.

	* kadm5_err.et: Make BAD_TL_TYPE error more helpful.

	* get_s.c: Expose KADM5_TL_DATA options to the client.

	* ent_setup.c: Merge in KADM5_TL_DATA in the database.

	* chpass_s.c: Operations modify extensions, mark that with
	TL_DATA.

	* admin.h: Add more TL types (password and extension).

2005-06-17  Love Hrnquist strand  <lha (a] it.su.se>

	* constify

	* ipropd_slave.c: avoid shadowing

	* ipropd_master.c: rename local variable slave to s, optind ->
	optidx

	* get_princs_c.c: rename variable exp to expression
	
	* ad.c: rename variable exp to expression

	* log.c: rename shadowing len to num
	
	* get_princs_s.c: rename variable exp to expression

	* context_s.c: const poison

	* common_glue.c: rename variable exp to expression

2005-05-30  Love Hrnquist strand  <lha (a] it.su.se>

	* ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
	
	* get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE

	* admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags

2005-05-25  Love Hrnquist strand  <lha (a] it.su.se>

	* kadm5_pwcheck.3: please mdoclint

2005-05-25  Dave Love  <fx (a] gnu.org>

	* kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier,
	improve text

2005-05-24  Dave Love  <fx (a] gnu.org>

	* iprop.8: Added some info about defaults, fixed some markup.
	
2005-05-23  Dave Love  <fx (a] gnu.org>

	* ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it.

	* ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it.

2005-05-13  Love Hrnquist strand  <lha (a] it.su.se>

	* init_c.c (_kadm5_c_init_context): fix memory leak in case of
	failure

2005-05-09  Dave Love  <fx (a] gnu.org>

	* password_quality.c (find_func): Fix off-by-one and logic error.
	(external_passwd_quality): Improve messages.

	* test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check
	and kadm5_add_passwd_quality_verifier.

2005-04-30  Love Hrnquist strand  <lha (a] it.su.se>

	* default_keys.c: #include <err.h>, only print salt it its longer
	then 0, use krb5_err instead of errx where appropriate
	
2005-04-25  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_slave.c: add the documented option --port

	* ipropd_master.c: add the documented option --port
	
	* dump_log.c: use the newly generated units function

2005-04-24  Love Hrnquist strand  <lha (a] it.su.se>

	* dump_log.c: use strlcpy
	
	* password_quality.c: don't use sizeof(pointer)
	
2005-04-15  Love Hrnquist strand  <lha (a] it.su.se>

	* check-cracklib.pl: external password verifier sample

	* password_quality.c (kadm5_add_passwd_quality_verifier): if NULL
	is passed in, load defaults

2005-04-14  Love Hrnquist strand  <lha (a] it.su.se>

	* password_quality.c: add an end tag to the external password
	quality check protocol

2005-04-13  Love Hrnquist strand  <lha (a] it.su.se>

	* password_quality.c: add external passsword quality check builtin
	module
	
	[password_quality]
		policies = external-check
		external-program = /bin/false
	
	To approve password a, make the test program return APPROVED on
	stderr and fail with exit code 0.
	
2004-10-12  Love Hrnquist strand  <lha (a] it.su.se>

	* Makefile.am: bump version to 7:7:0 and 6:5:2
	
	* default_keys.c (parse_file): use hdb_generate_key_set
	
	* keys.c,set_keys.c: Move keyset parsing and password based keyset
	generation into hdb.  Requested by Andrew Bartlett <abartlet (a] samba.org>
	for hdb-ldb backend.
	
2004-09-23  Johan Danielsson  <joda (a] pdc.kth.se>

	* ipropd_master.c: add help strings to some options
	
2004-09-12  Love Hrnquist strand  <lha (a] it.su.se>

	* chpass_s.c: deal with changed prototype for _kadm5_free_keys
	
	* keys.c (_kadm5_free_keys): change prototype, make it use
	krb5_context instead of a kadm5_server_context
	
	* set_keys.c (parse_key_set): do way with static returning
	(function) static variable and returned allocated memory
	(_kadm5_generate_key_set): free enctypes returned by parse_key_set

2004-09-06  Love Hrnquist strand  <lha (a] it.su.se>

	* set_keys.c: Fix memory leak, don't return stack variables From
	Andrew Bartlett
	
	* set_keys.c: make all_etypes const and move outside function to
	avoid returning data on stack
	
2004-08-26  Love Hrnquist strand  <lha (a] it.su.se>

	* acl.c (fetch_acl): use " \t\n" instead of just "\n" for the
	delim of the third element, this is so we can match
	"foo@REALM<SPC>all<SPC><SPC>*@REALM", before it just matched
	"foo@REALM<SPC>all<SPC>*@REALM", but that is kind of lucky since
	what really happen was that the last <SPC> was stamped out, and
	the it never strtok_r never needed to parse over it.
	
2004-08-25  Love Hrnquist strand  <lha (a] it.su.se>

	* set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is
	without salting, some people tries to add the string
	"arcfour-hmac-md5" when they really should have used
	"arcfour-hmac-md5:pw-salt", help them and add glue for that
	
2004-08-18  Johan Danielsson  <joda (a] pdc.kth.se>

	* ipropd_slave.c: add --detach

2004-07-06  Love Hrnquist strand  <lha (a] it.su.se>

	* ad.c: use new tsasl interface remove debug printf add upn to
	computer-accounts
	
2004-06-28  Love Hrnquist strand  <lha (a] it.su.se>

	* ad.c: implement kadm5_ad_init_with_password_ctx set more error
	strings
	
2004-06-21  Love Hrnquist strand  <lha (a] it.su.se>

	* Makefile.am: man_MANS = kadm5_pwcheck.3
	
	* kadm5_pwcheck.3: document new password quality api
	
	* password_quality.c: new password check interface (old still
	supported)
	
	* kadm5-pwcheck.h: new password check interface
	
2004-06-08  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_master.c (main): process all slaves, not just up to the
	last slave sending data
	(bug report from Bjrn Sandell <biorn (a] dce.chalmers.se>)
	(*): only send one ARE_YOU_THERE

2004-06-02  Love Hrnquist strand  <lha (a] it.su.se>

	* ad.c: use krb5_set_password_using_ccache
	
2004-06-01  Love Hrnquist strand  <lha (a] it.su.se>

	* ad.c: try handle spn's better
	
2004-05-31  Love Hrnquist strand  <lha (a] it.su.se>

	* ad.c: add expiration time
	
	* ad.c: add modify operations
	
	* ad.c: handle create and delete
	
2004-05-27  Love Hrnquist strand  <lha (a] it.su.se>

	* ad.c: more code for get, handle attributes
	
	* ad.c: more code for get, handle time stamps and bad password
	counter

	* ad.c: more code for get, only fetches kvno for now
	
2004-05-26  Love Hrnquist strand  <lha (a] it.su.se>

	* ad.c: add support for tsasl
	
	* private.h: add kadm5_ad_context
	
	* ipropd_master.c (prop_one): store the opcode in the begining of
	the blob, not the end
	
	* ad.c: try all ldap servers in dns, generate a random password,
	base64(random_block(64)), XXX must make it support other then
	ARCFOUR
	
	* ad.c: framework for windows AD backend
	
2004-03-07  Love Hrnquist strand  <lha (a] it.su.se>

	* create_s.c (kadm5_s_create_principal): remove old XXX command
	and related code, _kadm5_set_keys will do all this now
	
2004-02-29  Love Hrnquist strand  <lha (a] it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy
	enctype for des keys From: Andrew Bartlett <abartlet (a] samba.org>
	
	* create_s.c (kadm5_s_create_principal_with_key): don't call
	_kadm5_set_keys2, create_principal will do that for us. Set kvno
	to 1.

	* chpass_s.c (change): bump kvno
	(kadm5_s_chpass_principal_with_key): bump kvno

	* randkey_s.c (kadm5_s_randkey_principal): bump kvno
	
	* set_keys.c (_kadm5_set_*): don't change the kvno, let the callee
	to that

2003-12-30  Love Hrnquist strand  <lha (a] it.su.se>

	* chpass_s.c (change): fix same-password-again by decrypting keys
	and setting an error code From: Buck Huppmann <buckh (a] pobox.com>
	
2003-12-21  Love Hrnquist strand  <lha (a] it.su.se>

	* init_c.c (_kadm5_c_init_context): catch errors from strdup and
	other krb5_ functions

2003-12-08  Love Hrnquist strand  <lha (a] it.su.se>

	* rename_s.c (kadm5_s_rename_principal): allow principal to change
	realm From Panasas Inc
	
2003-12-07  Love Hrnquist strand  <lha (a] it.su.se>

	* destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas,
	Inc

2003-11-23  Love Hrnquist strand  <lha (a] it.su.se>

	* iprop.h: don't include <krb5-private.h>
	
	* ipropd_slave.c: stop using krb5 lib private byte-frobbing
	functions and replace them with with krb5_storage
	
	* ipropd_master.c: stop using krb5 lib private byte-frobbing
	functions and replace them with with krb5_storage
	
2003-11-19  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_slave.c (receive_loop): when seeking over the entries we
	already have, skip over the trailer.  From: Jeffrey Hutzelman
	<jhutz (a] cmu.edu>

	* dump_log.c,ipropd_master.c,ipropd_slave.c,
	replay_log.c,truncate_log.c: parse kdc.conf
	From: Jeffrey Hutzelman <jhutz (a] cmu.edu>

2003-10-10  Love Hrnquist strand  <lha (a] it.su.se>

	* Makefile.am: += test_pw_quality
	
	* test_pw_quality.c: test program for verifying password quality
	function

2003-09-03  Love Hrnquist strand  <lha (a] it.su.se>

	* Makefile.am: add and enable check program default_keys
	
	* default_keys.c: test program for _kadm5_generate_key_set
	
	* init_c.c: use
	krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free

2003-08-17  Love Hrnquist strand  <lha (a] it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): remove dup return
	
	* ipropd_master.c (main): make sure current_version is initialized
	
2003-08-15  Love Hrnquist strand  <lha (a] it.su.se>

	* set_keys.c: use default_keys for the both random keys and
	password derived keys if its defined
	
2003-07-24  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_slave.c (receive_everything): switch close and rename
	From: Alf Wachsmann <alfw (a] SLAC.Stanford.EDU>
	
2003-07-03  Love Hrnquist strand  <lha (a] it.su.se>

	* iprop.h, ipropd_master.c, ipropd_slave.c:
	Add probing from the server that the client is still there, also
	make the client check that the server is probing.

2003-07-02  Love Hrnquist strand  <lha (a] it.su.se>

	* truncate_log.c (main): add missing ``if (ret)''
	
2003-06-26  Love Hrnquist strand  <lha (a] it.su.se>

	* set_keys.c (make_keys): add AES support
	
	* set_keys.c: fix off by one in the aes case, pointed out by Ken
	Raeburn

2003-04-30  Love Hrnquist strand  <lha (a] it.su.se>

	* set_keys.c (_kadm5_set_keys_randomly): add
	ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes
	support

2003-04-16  Love Hrnquist strand  <lha (a] it.su.se>

	* send_recv.c: check return values from krb5_data_alloc
	* log.c: check return values from krb5_data_alloc
	
2003-04-16  Love Hrnquist strand  <lha (a] it.su.se>

	* dump_log.c (print_entry): check return values from
	krb5_data_alloc

2003-04-01  Love Hrnquist strand  <lha (a] it.su.se>

	* init_c.c (kadm_connect): if a context realm was passed in, use
	that to form the kadmin/admin principal
	
2003-03-19  Love Hrnquist strand  <lha (a] it.su.se>

	* ipropd_master.c (main): make sure we don't consider dead slave
	for select processing
	(write_stats): use slave_stats_file variable, 
	check return value of strftime
	(args): allow specifying slave stats file
	(slave_dead): close the fd when the slave dies

2002-10-21  Johan Danielsson  <joda (a] pdc.kth.se>

	* ipropd_slave.c (from Derrick Brashear): Propagating a large
	database without this means the slave kdcs can get erroneous
	HDB_NOENTRY and return the resulting errors. This creates a new db
	handle, populates it, and moves it into place.

2002-08-26  Assar Westerlund  <assar (a] kth.se>

	* ipropd_slave.c (receive_everything): type-correctness calling
	_krb5_get_int

	* context_s.c (find_db_spec): const-correctness in parameters to
	krb5_config_get_next

2002-08-16  Johan Danielsson  <joda (a] pdc.kth.se>

	* private.h: rename header file flag macro

	* Makefile.am: generate kadm5-{protos,private}.h

2002-08-15  Johan Danielsson  <joda (a] pdc.kth.se>

	* ipropd_master.c: check return value of krb5_sockaddr2address

2002-07-04  Johan Danielsson  <joda (a] pdc.kth.se>

	* ipropd_master.c: handle slaves that come and go; add status
	reporting (both from Love)

	* iprop.h: KADM5_SLAVE_STATS

2002-03-25  Jacques Vidrine  <n (a] nectar.com>

	* init_c.c (get_cred_cache): bug fix: the default credentials
	cache was not being used if a client name was specified.

2002-03-25  Johan Danielsson  <joda (a] pdc.kth.se>

	* init_c.c (get_cred_cache): when getting the default_client from
	the cred cache, make sure the instance part is "admin"; this
	should require fewer uses of -p

2002-03-11  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
	(libkadm5clnt_la_LDFLAGS): set version to 6:3:2

2002-02-08  Johan Danielsson  <joda (a] pdc.kth.se>

	* init_c.c: we have to create our own param struct before
	marshaling

2001-09-05  Johan Danielsson  <joda (a] pdc.kth.se>

	* Makefile.am: link with LIB_pidfile

	* iprop.h: include util.h for pidfile

2001-08-31  Assar Westerlund  <assar (a] sics.se>

	* ipropd_slave.c (main): syslog with the correct name

2001-08-30  Jacques Vidrine <n (a] nectar.com>

	* ipropd_slave.c, ipropd_master.c (main): call pidfile

2001-08-28  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0

2001-08-24  Assar Westerlund  <assar (a] sics.se>

	* acl.c (fetch_acl): do not return bogus flags and re-organize
	function

	* Makefile.am: rename variable name to avoid error from current
	automake

2001-08-13  Johan Danielsson  <joda (a] pdc.kth.se>

	* set_keys.c: add easier afs configuration, defaulting to the
	local realm in lower case; also try to remove duplicate salts

2001-07-12  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am: add required library dependencies

2001-07-03  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2

2001-06-29  Johan Danielsson  <joda (a] pdc.kth.se>

	* init_c.c: call krb5_get_init_creds_opt_set_default_flags

2001-02-19  Johan Danielsson  <joda (a] pdc.kth.se>

	* replay_log.c: add --{start-end}-version flags to replay just
	part of the log

2001-02-15  Assar Westerlund  <assar (a] sics.se>

	* ipropd_master.c (main): fix select-loop to decrement ret
	correctly.  from "Brandon S. Allbery KF8NH" <allbery (a] ece.cmu.edu>

2001-01-30  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am: bump versions

2000-12-31  Assar Westerlund  <assar (a] sics.se>

	* init_s.c (*): handle krb5_init_context failure consistently
	* init_c.c (init_context): handle krb5_init_context failure
	consistently

2000-12-11  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0

2000-11-16  Assar Westerlund  <assar (a] sics.se>

	* set_keys.c (make_keys): clean-up salting loop and try not to
	leak memory

	* ipropd_master.c (main): check for fd's being too large to select
	on

2000-08-16  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0

2000-08-10  Assar Westerlund  <assar (a] sics.se>

	* acl.c (fetch_acl): fix wrong cases, use krb5_principal_match

2000-08-07  Assar Westerlund  <assar (a] sics.se>

	* ipropd_master.c (main): ignore SIGPIPE

2000-08-06  Assar Westerlund  <assar (a] sics.se>

	* ipropd_slave.c (receive_everything): make `fd' an int instead of
	a pointer.  From Derrick J Brashear <shadow (a] dementia.org>

2000-08-04  Johan Danielsson  <joda (a] pdc.kth.se>

	* admin.h: change void** to void*

2000-07-25  Johan Danielsson  <joda (a] pdc.kth.se>

	* Makefile.am: bump versions to 7:0:0 and 6:0:2

2000-07-24  Assar Westerlund  <assar (a] sics.se>

	* log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
	and make a new that takes a context
	(kadm5_log_nop): add logging of missing lengths
	(kadm5_log_truncate): new function

	* dump_log.c (print_entry): update and correct
	* randkey_s.c: call _kadm5_bump_pw_expire
	* truncate_log.c: new program for truncating the log
	* Makefile.am (sbin_PROGRAMS): add truncate_log
	(C_SOURCES): add bump_pw_expire.c
	* bump_pw_expire.c: new function for extending password expiration

2000-07-22  Assar Westerlund  <assar (a] sics.se>

	* keys.c: new file with _kadm5_free_keys, _kadm5_init_keys

	* set_keys.c (free_keys, init_keys): elevate to internal kadm5
	functions

	* chpass_s.c (kadm5_s_chpass_principal_cond): new function
	* Makefile.am (C_SOURCES): add keys.c
	* init_c.c: remove unused variable and handle some parameters
	being NULL

2000-07-22  Johan Danielsson  <joda (a] pdc.kth.se>

	* ipropd_slave.c: use krb5_read_priv_message

	* ipropd_master.c: use krb5_{read,write}_priv_message

	* init_c.c: use krb5_write_priv_message

2000-07-11  Johan Danielsson  <joda (a] pdc.kth.se>

	* ipropd_slave.c: no need to call gethostname, since
	sname_to_principal will

	* send_recv.c: assert that we have a connected socket

	* get_princs_c.c: call _kadm5_connect

	* rename_c.c: call _kadm5_connect

	* randkey_c.c: call _kadm5_connect

	* privs_c.c: call _kadm5_connect

	* modify_c.c: call _kadm5_connect

	* get_c.c: call _kadm5_connect

	* delete_c.c: call _kadm5_connect

	* create_c.c: call _kadm5_connect

	* chpass_c.c: call _kadm5_connect

	* private.h: add more fields to client context; remove prototypes

	* admin.h: remove prototypes

	* kadm5-protos.h: move public prototypes here

	* kadm5-private.h: move private prototypes here

	* init_c.c: break out connection code to separate function, and
	defer calling it until we actually do something

2000-07-07  Assar Westerlund  <assar (a] sics.se>

	* set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
	backwards compatability

2000-06-26  Johan Danielsson  <joda (a] pdc.kth.se>

	* set_keys.c (_kadm5_set_keys): rewrite this to be more easily
	adaptable to different salts
	
2000-06-19  Johan Danielsson  <joda (a] pdc.kth.se>

	* get_s.c: pa_* -> KRB5_PADATA_*

2000-06-16  Assar Westerlund  <assar (a] sics.se>

	* ipropd_slave.c: change default keytab to default keytab (as in
	typically FILE:/etc/krb5.keytab)

2000-06-08  Assar Westerlund  <assar (a] sics.se>

	* ipropd_slave.c: bug fixes, for actually writing the full dump to
	the database.  based on a patch from Love <lha (a] stacken.kth.se>

2000-06-07  Assar Westerlund  <assar (a] sics.se>

	* acl.c: add support for patterns of principals
	* log.c (kadm5_log_replay_create): handle more NULL pointers
	(should they really happen?)
	* log.c (kadm5_log_replay_modify): handle max_life == NULL and
	max_renew == NULL

	* ipropd_master.c: use syslog.  be less verbose
	* ipropd_slave.c: use syslog

2000-06-05  Assar Westerlund  <assar (a] sics.se>

	* private.h (kadm_ops): add kadm_nop more prototypes
	* log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
	kadm5_log_replay_nop): add
	* ipropd_slave.c: and some more improvements
	* ipropd_master.c: lots of improvements
	* iprop.h (IPROP_PORT, IPROP_SERVICE): add
	(iprop_cmd): add new commands

	* dump_log.c: add nop

2000-05-15  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1

2000-05-12  Assar Westerlund  <assar (a] sics.se>

	* get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
	fallback.  handle not having any creator.
	* destroy_s.c (kadm5_s_destroy): free all allocated memory
	* context_s.c (set_field): free variable if it's already set
	(find_db_spec): malloc space for all strings

2000-04-05  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (LDADD): add LIB_openldap

2000-04-03  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
	(libkadm5clnt_la_LDFLAGS): set version to 5:0:1

2000-03-24  Assar Westerlund  <assar (a] sics.se>

	* set_keys.c (_kadm5_set_keys2): rewrite
	(_kadm5_set_keys3): add

	* private.h (struct kadm_func): add chpass_principal_with_key
	* init_c.c (set_funcs): add chpass_principal_with_key

2000-03-23  Assar Westerlund  <assar (a] sics.se>

	* context_s.c (set_funcs): add chpass_principal_with_key
	* common_glue.c (kadm5_chpass_principal_with_key): add
	* chpass_s.c: comment-ize and change calling convention for
	_kadm5_set_keys*
	* chpass_c.c (kadm5_c_chpass_principal_with_key): add

2000-02-07  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0

2000-01-28  Assar Westerlund  <assar (a] sics.se>

	* init_c.c (get_new_cache): make sure to request non-forwardable,
	non-proxiable

2000-01-06  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (libkadm5srv.la): bump version to 5:1:0

	* context_s.c (_kadm5_s_init_context): handle params == NULL

1999-12-26  Assar Westerlund  <assar (a] sics.se>

	* get_s.c (kadm5_s_get_principal): handle modified_by->principal
 	== NULL

1999-12-20  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0

	* init_c.c (_kadm5_c_init_context): handle getting back port
 	number from admin host
	(kadm5_c_init_with_context): remove `proto/' part before doing
	getaddrinfo()

1999-12-06  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am: bump version to 5:0:0 and 4:0:0

	* init_c.c (kadm5_c_init_with_context): don't use unitialized
 	stuff

1999-12-04  Assar Westerlund  <assar (a] sics.se>

	* replay_log.c: adapt to changed kadm5_log_foreach

	* log.c (kadm5_log_foreach): change to take a
 	`kadm5_server_context'

	* init_c.c: use krb5_warn{,x}

	* dump_log.c: adapt to changed kadm5_log_foreach

	* init_c.c: re-write to use getaddrinfo
	* Makefile.am (install-build-headers): add dependency
	
1999-12-03  Johan Danielsson  <joda (a] pdc.kth.se>

	* log.c (kadm5_log_foreach): pass context

	* dump_log.c: print more interesting things

1999-12-02  Johan Danielsson  <joda (a] pdc.kth.se>

	* ipropd_master.c (process_msg): check for short reads

1999-11-25  Assar Westerlund  <assar (a] sics.se>

	* modify_s.c (kadm5_s_modify_principal): support key_data
	(kadm5_s_modify_principal_with_key): remove

	* admin.h (kadm5_s_modify_principal_with_key): remove

1999-11-20  Assar Westerlund  <assar (a] sics.se>

	* context_s.c (find_db_spec): ugly cast work-around.

1999-11-14  Assar Westerlund  <assar (a] sics.se>

	* context_s.c (_kadm5_s_init_context): call krb5_add_et_list so
 	that we aren't dependent on the layout of krb5_context_data
	* init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that
 	we aren't dependent on the layout of krb5_context_data

1999-11-13  Assar Westerlund  <assar (a] sics.se>

	* password_quality.c (kadm5_setup_passwd_quality_check): use
	correct types for function pointers
	
1999-11-09  Johan Danielsson  <joda (a] pdc.kth.se>

	* randkey_s.c: always bail out if the fetch fails

	* admin.h (kadm5_config_params): remove fields we're not using

	* ipropd_slave.c: allow passing a realm

	* ipropd_master.c: allow passing a realm

	* dump_log.c: allow passing a realm

	* acl.c: correctly get acl file

	* private.h (kadm5_server_context): add config_params struct and
	remove acl_file; bump protocol version number

	* marshall.c: marshalling of config parameters

	* init_c.c (kadm5_c_init_with_context): try to cope with old
	servers

	* init_s.c (kadm5_s_init_with_context): actually use some passed
	values

	* context_s.c (_kadm5_s_init_context): get dbname, acl_file, and
	stash_file from the config parameters, try to figure out these if
	they're not provided

1999-11-05  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am (install-build-headers): use `cp' instead of
 	INSTALL_DATA

1999-11-04  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields
 	directly in libkrb5's context - bad functions)

	* set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in
 	the copied keys

1999-10-20  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am: set version of kadm5srv to 3:0:2 (new password
 	quality functions).
 	set version of kdam5clnt to 2:1:1 (no interface changes)

	* Makefile.am (LDADD): add $(LIB_dlopen)

1999-10-17  Assar Westerlund  <assar (a] sics.se>

	* randkey_s.c (kadm5_s_randkey_principal): use
 	_kadm5_set_keys_randomly

	* set_keys.c (free_keys): free more memory
	(_kadm5_set_keys): a little bit more generic
	(_kadm5_set_keys_randomly): new function for setting random keys.

1999-10-14  Assar Westerlund  <assar (a] sics.se>

	* set_keys.c (_kadm5_set_keys): ignore old keys when setting new
 	ones and always add 3 DES keys and one 3DES key

1999-10-03  Assar Westerlund  <assar (a] sics.se>

	* init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'.
  	check return value from strdup

1999-09-26  Assar Westerlund  <assar (a] sics.se>

	* acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate ->
 	strlcpy

1999-09-24  Johan Danielsson  <joda (a] pdc.kth.se>

	* dump_log.c: remove unused `optind'

	* replay_log.c: remove unused `optind'

1999-09-13  Assar Westerlund  <assar (a] sics.se>

	* chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv

	* send_recv.c (_kadm5_client_recv): return result in a `krb5_data'
 	so that we avoid copying it and don't need to dimension in
 	advance.  change all callers.

1999-09-10  Assar Westerlund  <assar (a] sics.se>

	* password_quality.c: new file

	* admin.h
 	(kadm5_setup_passwd_quality_check,kadm5_check_password_quality):
 	add prototypes

	* Makefile.am (S_SOURCES): add password_quality.c

1999-07-26  Assar Westerlund  <assar (a] sics.se>

	* Makefile.am: update versions to 2:0:1

1999-07-24  Assar Westerlund  <assar (a] sics.se>

	* ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0
 	and pw_expiration == 0 mean never

1999-07-22  Assar Westerlund  <assar (a] sics.se>

	* log.c (kadm5_log_flush): extra cast

1999-07-07  Assar Westerlund  <assar (a] sics.se>

	* marshall.c (store_principal_ent): encoding princ_expire_time and
 	pw_expiration in correct order

1999-06-28  Assar Westerlund  <assar (a] sics.se>

	* randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno,
 	otherwise hdb will think that the new random keys are already
 	encrypted which will cause lots of confusion later.

1999-06-23  Assar Westerlund  <assar (a] sics.se>

	* ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited
 	correctly.  From Michal Vocu <michal (a] karlin.mff.cuni.cz>

1999-06-15  Assar Westerlund  <assar (a] sics.se>

	* init_c.c (get_cred_cache): use get_default_username

1999-05-23  Assar Westerlund  <assar (a] sics.se>

	* create_s.c (create_principal): if there's no default entry the
	mask should be zero.

1999-05-21  Assar Westerlund  <assar (a] sics.se>

	* init_c.c (get_cred_cache): use $USERNAME

1999-05-17  Johan Danielsson  <joda (a] pdc.kth.se>

	* init_c.c (get_cred_cache): figure out principal

1999-05-05  Johan Danielsson  <joda (a] pdc.kth.se>

	* send_recv.c: cleanup _kadm5_client_{send,recv}

1999-05-04  Assar Westerlund  <assar (a] sics.se>

	* set_keys.c (_kadm5_set_keys2): don't check the recently created
 	memory for NULL pointers

	* private.h (_kadm5_setup_entry): change prototype

	* modify_s.c: call new _kadm5_setup_entry

	* ent_setup.c (_kadm5_setup_entry): change so that it takes three
 	masks, one for what bits to set and one for each of principal and
 	def containing the bits that are set there.

	* create_s.c: call new _kadm5_setup_entry

	* create_s.c (get_default): check return value
	(create_principal): send wider mask to _kadm5_setup_entry

1999-05-04  Johan Danielsson  <joda (a] pdc.kth.se>

	* send_recv.c (_kadm5_client_recv): handle arbitrarily sized
	packets, check for errors

	* get_c.c: check for failure from _kadm5_client_{send,recv}

1999-05-04  Assar Westerlund  <assar (a] sics.se>

	* init_c.c (get_new_cache): don't abort when interrupted from
 	password prompt
	
	* destroy_c.c (kadm5_c_destroy): check if we should destroy the
 	auth context

1999-05-03  Johan Danielsson  <joda (a] pdc.kth.se>

	* chpass_s.c: fix arguments to _kadm5_set_keys2

	* private.h: proto

	* set_keys.c: clear mkvno

	* rename_s.c: add flags to fetch and store; seal keys before
	logging

	* randkey_s.c: add flags to fetch and store; seal keys before
	logging

	* modify_s.c: add flags to fetch and store; seal keys before
	logging

	* log.c: add flags to fetch and store; seal keys before logging

	* get_s.c: add flags to fetch and store; seal keys before logging

	* get_princs_s.c: add flags to fetch and store; seal keys before
	logging

	* delete_s.c: add flags to fetch and store; seal keys before
	logging

	* create_s.c: add flags to fetch and store; seal keys before
	logging

	* chpass_s.c: add flags to fetch and store; seal keys before
	logging

	* Makefile.am: remove server.c

	* admin.h: add prototypes

	* ent_setup.c (_kadm5_setup_entry): set key_data

	* set_keys.c: add _kadm5_set_keys2 to sey keys from key_data

	* modify_s.c: add kadm5_s_modify_principal_with_key

	* create_s.c: add kadm5_s_create_principal_with_key

	* chpass_s.c: add kadm5_s_chpass_principal_with_key

	* kadm5_locl.h: move stuff to private.h

	* private.h: move stuff from kadm5_locl.h