1 2008-01-11 Love Hörnquist Åstrand <lha@it.su.se>
3 * Makefile.am: add check-cracklib.pl, flush.c,
6 2007-12-07 Love Hörnquist Åstrand <lha@it.su.se>
8 * use hdb_db_dir() and hdb_default_db()
10 2007-10-18 Love <lha@stacken.kth.se>
12 * init_c.c: We are getting default_client, not client. this way
13 the user can override the result.
15 2007-09-29 Love Hörnquist Åstrand <lha@it.su.se>
17 * iprop.8: fix spelling, From Antoine Jacoutt.
19 2007-08-16 Love Hörnquist Åstrand <lha@it.su.se>
21 * version-script.map: export _kadm5_unmarshal_params,
22 _kadm5_acl_check_permission
24 * version-script.map: export kadm5_log_ symbols.
26 * log.c: Unexport the specific log replay operations.
28 2007-08-10 Love Hörnquist Åstrand <lha@it.su.se>
30 * Makefile.am: build sample_passwd_check.la as part of noinst.
32 * sample_passwd_check.c: Add missing prototype for check_length().
34 2007-08-07 Love Hörnquist Åstrand <lha@it.su.se>
36 * log.c: Sprinkle krb5_set_error_string().
38 * ipropd_slave.c: Provide better error why kadm5_log_replay
41 2007-08-06 Love Hörnquist Åstrand <lha@it.su.se>
43 * ipropd_master.c: - don't push whole database to the new client
44 every time. - make slaves get the whole new database if they have
45 a newer log the the master (and thus have them go back in time).
47 2007-08-03 Love Hörnquist Åstrand <lha@it.su.se>
49 * ipropd_slave.c: make more sane.
51 * ipropd_slave.c: more paranoid check that the log entires are
54 * log.c (kadm5_log_foreach): check that the postamble contains the
57 * ipropd_master.c: Sprinkle more info about what versions the
58 master thinks about the client versions.
60 * ipropd_master.c: Start the server at the current version, not 0.
62 2007-08-02 Love Hörnquist Åstrand <lha@it.su.se>
64 * ipropd_master.c: Add more logging, to figure out what is
65 happening in the master.
67 2007-08-01 Love Hörnquist Åstrand <lha@it.su.se>
69 * Makefile.am: add version-script for libkadm5srv.la
71 * version-script.map: version script fro kadm5 server libary.
73 * log.c: only free the orignal entries extentions if there was
74 any. Bug reported by Peter Meinecke.
76 * add configuration for signal file and acl file, let user select
77 hostname, catch signals and print why we are quiting, make nop
78 cause one new version, not two
80 2007-07-30 Love Hörnquist Åstrand <lha@it.su.se>
82 * ipropd_master.c (send_diffs): make current slave's version
83 uptodate when diff have been sent.
85 2007-07-27 Love Hörnquist Åstrand <lha@it.su.se>
87 * ipropd_slave.c: More comments and some more error checking.
89 2007-07-26 Love Hörnquist Åstrand <lha@it.su.se>
91 * init_c.c (get_cache_principal): make sure id is reset if we
92 fail. From Benjamin Bennet.
94 2007-07-10 Love Hörnquist Åstrand <lha@it.su.se>
96 * context_s.c (find_db_spec): match realm-less as the default
99 * Makefile.am: New library version.
101 2007-07-05 Love Hörnquist Åstrand <lha@it.su.se>
103 * context_s.c: Use hdb_get_dbinfo to pick up configuration.
104 ctx->config.realm can be NULL, check for that, from Bjorn S.
106 2007-07-04 Love Hörnquist Åstrand <lha@it.su.se>
108 * init_c.c: Try harder to use the right principal.
110 2007-06-20 Love Hörnquist Åstrand <lha@it.su.se>
112 * ipropd_slave.c: Catch return value from krb5_program_setup. From
115 2007-05-08 Love Hörnquist Åstrand <lha@it.su.se>
117 * delete_s.c: Write log entry after store is successful, rename
120 * randkey_s.c: Write log entry after store is successful.
122 * modify_s.c: Write log entry after store is successful.
124 * rename_s.c: indent.
126 * chpass_s.c: Write log entry after store is successful.
128 * create_s.c: Write log entry after store is successful.
130 2007-05-07 Love Hörnquist Åstrand <lha@it.su.se>
132 * iprop-commands.in: Add default values to make this working
135 * iprop-log.c (iprop_replay): create the database with more
138 * log.c: make it slightly more working.
140 * iprop-log.8: Document last-version.
142 * iprop-log.c: (last_version): print last version of the log.
144 * iprop-commands.in: new command last-version: print last version
147 * log.c (kadm5_log_previous): document assumptions and make less
148 broken. Bug report from Ronny Blomme.
150 2007-02-17 Love Hörnquist Åstrand <lha@it.su.se>
152 * admin.h: add support to get aliases
154 * get_s.c: add support to get aliases
156 2007-02-11 David Love <fx@gnu.org>
158 * iprop-log.8: Small fixes, from David Love.
160 2006-12-15 Love Hörnquist Åstrand <lha@it.su.se>
162 * init_c.c: if the user have a kadmin/admin initial ticket, don't
163 ask for password, just use the credential instead.
165 2006-12-06 Love Hörnquist Åstrand <lha@it.su.se>
167 * ipropd_master.c: Use strcspn to remove \n from string returned
168 by fgets. From Björn Sandell
170 2006-11-30 Love Hörnquist Åstrand <lha@it.su.se>
172 * init_c.c (kadm_connect): clear error string before trying to
173 print a errno, this way we don't pick up a random failure code
175 2006-11-20 Love Hörnquist Åstrand <lha@it.su.se>
177 * ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context
180 * init_c.c: Make krb5_get_init_creds_opt_free take a context
183 2006-10-22 Love Hörnquist Åstrand <lha@it.su.se>
185 * ent_setup.c: Try to not leak memory.
187 2006-10-07 Love Hörnquist Åstrand <lha@it.su.se>
189 * Makefile.am: split build files into dist_ and noinst_ SOURCES
191 2006-08-24 Love Hörnquist Åstrand <lha@it.su.se>
193 * get_s.c: Add KRB5_KDB_ALLOW_DIGEST
195 * ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST
197 * admin.h: Add KRB5_KDB_ALLOW_DIGEST
199 2006-06-16 Love Hörnquist Åstrand <lha@it.su.se>
201 * check-cracklib.pl: Add password reuse checking. From Harald
204 2006-06-14 Love Hörnquist Åstrand <lha@it.su.se>
206 * ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4
208 * get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4
210 * admin.h: Add KRB5_KDB_ALLOW_KERBEROS4
212 2006-06-06 Love Hörnquist Åstrand <lha@it.su.se>
214 * ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION
216 2006-05-30 Love Hörnquist Åstrand <lha@it.su.se>
218 * password_quality.c (kadm5_check_password_quality): set error
221 2006-05-13 Love Hörnquist Åstrand <lha@it.su.se>
223 * iprop-log.c: Avoid shadowing.
225 * rename_s.c: Avoid shadowing.
227 2006-05-08 Love Hörnquist Åstrand <lha@it.su.se>
229 * privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it
232 2006-05-05 Love Hörnquist Åstrand <lha@it.su.se>
234 * Rename u_intXX_t to uintXX_t
236 2006-04-27 Love Hörnquist Åstrand <lha@it.su.se>
238 * chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c:
239 Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for
241 * send_recv.c: set and clear error string
243 * rename_s.c: Break out the that we request from principal from
244 the entry and pass it in as a separate argument.
246 * randkey_s.c: Break out the that we request from principal from
247 the entry and pass it in as a separate argument.
249 * modify_s.c: Break out the that we request from principal from
250 the entry and pass it in as a separate argument.
252 * log.c: Break out the that we request from principal from the
253 entry and pass it in as a separate argument.
255 * get_s.c: Break out the that we request from principal from the
256 entry and pass it in as a separate argument.
258 * delete_s.c: Break out the that we request from principal from
259 the entry and pass it in as a separate argument.
261 * chpass_s.c: Break out the that we request from principal from
262 the entry and pass it in as a separate argument.
264 2006-04-25 Love Hörnquist Åstrand <lha@it.su.se>
266 * create_s.c (create_principal*): If client doesn't send kvno,
267 make sure to set it to 1.
269 2006-04-10 Love Hörnquist Åstrand <lha@it.su.se>
271 * log.c: (kadm5_log_rename): handle errors better
272 Fixes Coverity, NetBSD CID#628
274 * log.c (kadm5_log_delete): add error handling Coverity, NetBSD
276 (kadm5_log_modify): add error handling Coverity, NetBSD CID#627
278 * init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in
279 case no client name was passed in. Coverity, NetBSD CID#919
281 * init_c.c (_kadm5_c_get_cred_cache): Free client principal in
282 case of error. Coverity NetBSD CID#1908
284 2006-02-02 Love Hörnquist Åstrand <lha@it.su.se>
286 * kadm5_err.et: (PASS_REUSE): Spelling,
287 from Václav H?la <ax@natur.cuni.cz>
289 2006-01-25 Love Hörnquist Åstrand <lha@it.su.se>
291 * send_recv.c: Clear error-string when introducing new errors.
293 * *_c.c: Clear error-string when introducing new errors.
295 2006-01-15 Love Hörnquist Åstrand <lha@it.su.se>
297 * Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove
300 2005-12-13 Love Hörnquist Åstrand <lha@it.su.se>
302 * memset hdb_entry_ex before use
304 2005-12-12 Love Hörnquist Åstrand <lha@it.su.se>
306 * Wrap hdb_entry with hdb_entry_ex, patch originally
309 2005-11-30 Love Hörnquist Åstrand <lha@it.su.se>
311 * context_s.c (set_field): try another way to calculate the path
312 to the database/logfile/signal-socket
314 * log.c (kadm5_log_init): set error string on failures
316 2005-09-08 Love Hörnquist Åstrand <lha@it.su.se>
320 * admin.h: Add KRB5_TL_PKINIT_ACL.
322 * marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings
324 * get_s.c (kadm5_s_get_principal): clear error string
326 2005-08-25 Love Hörnquist Åstrand <lha@it.su.se>
328 * iprop-log.8: More text about iprop-log.
330 2005-08-24 Love Hörnquist Åstrand <lha@it.su.se>
332 * iprop.8: SEE ALSO iprop-log.
334 * Makefile.am: man_MANS += iprop-log.8
336 * iprop-log.8: Basic for documentation of iprop-log.
338 * remove replay_log.c, dump_log.c, and truncate_log.c, folded into
341 * log.c (kadm5_log_foreach): add a context variable and pass it
344 * iprop-commands.in: Move truncate_log and replay_log into
347 * iprop-log.c: Move truncate_log and replay_log into iprop-log.
349 * Makefile.am: Move truncate_log and replay_log into iprop-log.
351 * Makefile.am: Make this work with a clean directory.
353 * ipropd_master.c: Make compile.
355 * ipropd_master.c: Update to new signature of kadm5_log_previous.
357 * log.c (kadm5_log_previous): catch errors instead of asserting
358 and set error string.
360 * iprop-commands.in: New program iprop-log that incorperates
361 dump_log as a subcommand, truncate_log and replay_log soon to come
364 * iprop-log.c: New program iprop-log that incorperates dump_log as
365 a subcommand, truncate_log and replay_log soon to come after.
367 * Makefile.am: New program iprop-log that incorperates dump_log as
368 a subcommand, truncate_log and replay_log soon to come after.
370 2005-08-11 Love Hörnquist Åstrand <lha@it.su.se>
372 * get_s.c: Implement KADM5_LAST_PWD_CHANGE.
374 * set_keys.c: Set and clear password where appropriate.
376 * randkey_s.c: Operation modifies tl_data.
378 * log.c (kadm5_log_replay_modify): Check return values of
379 malloc(), replace all extensions.
381 * kadm5_err.et: Make BAD_TL_TYPE error more helpful.
383 * get_s.c: Expose KADM5_TL_DATA options to the client.
385 * ent_setup.c: Merge in KADM5_TL_DATA in the database.
387 * chpass_s.c: Operations modify extensions, mark that with
390 * admin.h: Add more TL types (password and extension).
392 2005-06-17 Love Hörnquist Åstrand <lha@it.su.se>
396 * ipropd_slave.c: avoid shadowing
398 * ipropd_master.c: rename local variable slave to s, optind ->
401 * get_princs_c.c: rename variable exp to expression
403 * ad.c: rename variable exp to expression
405 * log.c: rename shadowing len to num
407 * get_princs_s.c: rename variable exp to expression
409 * context_s.c: const poison
411 * common_glue.c: rename variable exp to expression
413 2005-05-30 Love Hörnquist Åstrand <lha@it.su.se>
415 * ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
417 * get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE
419 * admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags
421 2005-05-25 Love Hörnquist Åstrand <lha@it.su.se>
423 * kadm5_pwcheck.3: please mdoclint
425 2005-05-25 Dave Love <fx@gnu.org>
427 * kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier,
430 2005-05-24 Dave Love <fx@gnu.org>
432 * iprop.8: Added some info about defaults, fixed some markup.
434 2005-05-23 Dave Love <fx@gnu.org>
436 * ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it.
438 * ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it.
440 2005-05-13 Love Hörnquist Åstrand <lha@it.su.se>
442 * init_c.c (_kadm5_c_init_context): fix memory leak in case of
445 2005-05-09 Dave Love <fx@gnu.org>
447 * password_quality.c (find_func): Fix off-by-one and logic error.
448 (external_passwd_quality): Improve messages.
450 * test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check
451 and kadm5_add_passwd_quality_verifier.
453 2005-04-30 Love Hörnquist Åstrand <lha@it.su.se>
455 * default_keys.c: #include <err.h>, only print salt it its longer
456 then 0, use krb5_err instead of errx where appropriate
458 2005-04-25 Love Hörnquist Åstrand <lha@it.su.se>
460 * ipropd_slave.c: add the documented option --port
462 * ipropd_master.c: add the documented option --port
464 * dump_log.c: use the newly generated units function
466 2005-04-24 Love Hörnquist Åstrand <lha@it.su.se>
468 * dump_log.c: use strlcpy
470 * password_quality.c: don't use sizeof(pointer)
472 2005-04-15 Love Hörnquist Åstrand <lha@it.su.se>
474 * check-cracklib.pl: external password verifier sample
476 * password_quality.c (kadm5_add_passwd_quality_verifier): if NULL
477 is passed in, load defaults
479 2005-04-14 Love Hörnquist Åstrand <lha@it.su.se>
481 * password_quality.c: add an end tag to the external password
482 quality check protocol
484 2005-04-13 Love Hörnquist Åstrand <lha@it.su.se>
486 * password_quality.c: add external passsword quality check builtin
490 policies = external-check
491 external-program = /bin/false
493 To approve password a, make the test program return APPROVED on
494 stderr and fail with exit code 0.
496 2004-10-12 Love Hörnquist Åstrand <lha@it.su.se>
498 * Makefile.am: bump version to 7:7:0 and 6:5:2
500 * default_keys.c (parse_file): use hdb_generate_key_set
502 * keys.c,set_keys.c: Move keyset parsing and password based keyset
503 generation into hdb. Requested by Andrew Bartlett <abartlet@samba.org>
506 2004-09-23 Johan Danielsson <joda@pdc.kth.se>
508 * ipropd_master.c: add help strings to some options
510 2004-09-12 Love Hörnquist Åstrand <lha@it.su.se>
512 * chpass_s.c: deal with changed prototype for _kadm5_free_keys
514 * keys.c (_kadm5_free_keys): change prototype, make it use
515 krb5_context instead of a kadm5_server_context
517 * set_keys.c (parse_key_set): do way with static returning
518 (function) static variable and returned allocated memory
519 (_kadm5_generate_key_set): free enctypes returned by parse_key_set
521 2004-09-06 Love Hörnquist Åstrand <lha@it.su.se>
523 * set_keys.c: Fix memory leak, don't return stack variables From
526 * set_keys.c: make all_etypes const and move outside function to
527 avoid returning data on stack
529 2004-08-26 Love Hörnquist Åstrand <lha@it.su.se>
531 * acl.c (fetch_acl): use " \t\n" instead of just "\n" for the
532 delim of the third element, this is so we can match
533 "foo@REALM<SPC>all<SPC><SPC>*@REALM", before it just matched
534 "foo@REALM<SPC>all<SPC>*@REALM", but that is kind of lucky since
535 what really happen was that the last <SPC> was stamped out, and
536 the it never strtok_r never needed to parse over it.
538 2004-08-25 Love Hörnquist Åstrand <lha@it.su.se>
540 * set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is
541 without salting, some people tries to add the string
542 "arcfour-hmac-md5" when they really should have used
543 "arcfour-hmac-md5:pw-salt", help them and add glue for that
545 2004-08-18 Johan Danielsson <joda@pdc.kth.se>
547 * ipropd_slave.c: add --detach
549 2004-07-06 Love Hörnquist Åstrand <lha@it.su.se>
551 * ad.c: use new tsasl interface remove debug printf add upn to
554 2004-06-28 Love Hörnquist Åstrand <lha@it.su.se>
556 * ad.c: implement kadm5_ad_init_with_password_ctx set more error
559 2004-06-21 Love Hörnquist Åstrand <lha@it.su.se>
561 * Makefile.am: man_MANS = kadm5_pwcheck.3
563 * kadm5_pwcheck.3: document new password quality api
565 * password_quality.c: new password check interface (old still
568 * kadm5-pwcheck.h: new password check interface
570 2004-06-08 Love Hörnquist Åstrand <lha@it.su.se>
572 * ipropd_master.c (main): process all slaves, not just up to the
573 last slave sending data
574 (bug report from Björn Sandell <biorn@dce.chalmers.se>)
575 (*): only send one ARE_YOU_THERE
577 2004-06-02 Love Hörnquist Åstrand <lha@it.su.se>
579 * ad.c: use krb5_set_password_using_ccache
581 2004-06-01 Love Hörnquist Åstrand <lha@it.su.se>
583 * ad.c: try handle spn's better
585 2004-05-31 Love Hörnquist Åstrand <lha@it.su.se>
587 * ad.c: add expiration time
589 * ad.c: add modify operations
591 * ad.c: handle create and delete
593 2004-05-27 Love Hörnquist Åstrand <lha@it.su.se>
595 * ad.c: more code for get, handle attributes
597 * ad.c: more code for get, handle time stamps and bad password
600 * ad.c: more code for get, only fetches kvno for now
602 2004-05-26 Love Hörnquist Åstrand <lha@it.su.se>
604 * ad.c: add support for tsasl
606 * private.h: add kadm5_ad_context
608 * ipropd_master.c (prop_one): store the opcode in the begining of
609 the blob, not the end
611 * ad.c: try all ldap servers in dns, generate a random password,
612 base64(random_block(64)), XXX must make it support other then
615 * ad.c: framework for windows AD backend
617 2004-03-07 Love Hörnquist Åstrand <lha@it.su.se>
619 * create_s.c (kadm5_s_create_principal): remove old XXX command
620 and related code, _kadm5_set_keys will do all this now
622 2004-02-29 Love Hörnquist Åstrand <lha@it.su.se>
624 * set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy
625 enctype for des keys From: Andrew Bartlett <abartlet@samba.org>
627 * create_s.c (kadm5_s_create_principal_with_key): don't call
628 _kadm5_set_keys2, create_principal will do that for us. Set kvno
631 * chpass_s.c (change): bump kvno
632 (kadm5_s_chpass_principal_with_key): bump kvno
634 * randkey_s.c (kadm5_s_randkey_principal): bump kvno
636 * set_keys.c (_kadm5_set_*): don't change the kvno, let the callee
639 2003-12-30 Love Hörnquist Åstrand <lha@it.su.se>
641 * chpass_s.c (change): fix same-password-again by decrypting keys
642 and setting an error code From: Buck Huppmann <buckh@pobox.com>
644 2003-12-21 Love Hörnquist Åstrand <lha@it.su.se>
646 * init_c.c (_kadm5_c_init_context): catch errors from strdup and
647 other krb5_ functions
649 2003-12-08 Love Hörnquist Åstrand <lha@it.su.se>
651 * rename_s.c (kadm5_s_rename_principal): allow principal to change
652 realm From Panasas Inc
654 2003-12-07 Love Hörnquist Åstrand <lha@it.su.se>
656 * destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas,
659 2003-11-23 Love Hörnquist Åstrand <lha@it.su.se>
661 * iprop.h: don't include <krb5-private.h>
663 * ipropd_slave.c: stop using krb5 lib private byte-frobbing
664 functions and replace them with with krb5_storage
666 * ipropd_master.c: stop using krb5 lib private byte-frobbing
667 functions and replace them with with krb5_storage
669 2003-11-19 Love Hörnquist Åstrand <lha@it.su.se>
671 * ipropd_slave.c (receive_loop): when seeking over the entries we
672 already have, skip over the trailer. From: Jeffrey Hutzelman
675 * dump_log.c,ipropd_master.c,ipropd_slave.c,
676 replay_log.c,truncate_log.c: parse kdc.conf
677 From: Jeffrey Hutzelman <jhutz@cmu.edu>
679 2003-10-10 Love Hörnquist Åstrand <lha@it.su.se>
681 * Makefile.am: += test_pw_quality
683 * test_pw_quality.c: test program for verifying password quality
686 2003-09-03 Love Hörnquist Åstrand <lha@it.su.se>
688 * Makefile.am: add and enable check program default_keys
690 * default_keys.c: test program for _kadm5_generate_key_set
693 krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free
695 2003-08-17 Love Hörnquist Åstrand <lha@it.su.se>
697 * set_keys.c (_kadm5_set_keys_randomly): remove dup return
699 * ipropd_master.c (main): make sure current_version is initialized
701 2003-08-15 Love Hörnquist Åstrand <lha@it.su.se>
703 * set_keys.c: use default_keys for the both random keys and
704 password derived keys if its defined
706 2003-07-24 Love Hörnquist Åstrand <lha@it.su.se>
708 * ipropd_slave.c (receive_everything): switch close and rename
709 From: Alf Wachsmann <alfw@SLAC.Stanford.EDU>
711 2003-07-03 Love Hörnquist Åstrand <lha@it.su.se>
713 * iprop.h, ipropd_master.c, ipropd_slave.c:
714 Add probing from the server that the client is still there, also
715 make the client check that the server is probing.
717 2003-07-02 Love Hörnquist Åstrand <lha@it.su.se>
719 * truncate_log.c (main): add missing ``if (ret)''
721 2003-06-26 Love Hörnquist Åstrand <lha@it.su.se>
723 * set_keys.c (make_keys): add AES support
725 * set_keys.c: fix off by one in the aes case, pointed out by Ken
728 2003-04-30 Love Hörnquist Åstrand <lha@it.su.se>
730 * set_keys.c (_kadm5_set_keys_randomly): add
731 ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes
734 2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
736 * send_recv.c: check return values from krb5_data_alloc
737 * log.c: check return values from krb5_data_alloc
739 2003-04-16 Love Hörnquist Åstrand <lha@it.su.se>
741 * dump_log.c (print_entry): check return values from
744 2003-04-01 Love Hörnquist Åstrand <lha@it.su.se>
746 * init_c.c (kadm_connect): if a context realm was passed in, use
747 that to form the kadmin/admin principal
749 2003-03-19 Love Hörnquist Åstrand <lha@it.su.se>
751 * ipropd_master.c (main): make sure we don't consider dead slave
752 for select processing
753 (write_stats): use slave_stats_file variable,
754 check return value of strftime
755 (args): allow specifying slave stats file
756 (slave_dead): close the fd when the slave dies
758 2002-10-21 Johan Danielsson <joda@pdc.kth.se>
760 * ipropd_slave.c (from Derrick Brashear): Propagating a large
761 database without this means the slave kdcs can get erroneous
762 HDB_NOENTRY and return the resulting errors. This creates a new db
763 handle, populates it, and moves it into place.
765 2002-08-26 Assar Westerlund <assar@kth.se>
767 * ipropd_slave.c (receive_everything): type-correctness calling
770 * context_s.c (find_db_spec): const-correctness in parameters to
773 2002-08-16 Johan Danielsson <joda@pdc.kth.se>
775 * private.h: rename header file flag macro
777 * Makefile.am: generate kadm5-{protos,private}.h
779 2002-08-15 Johan Danielsson <joda@pdc.kth.se>
781 * ipropd_master.c: check return value of krb5_sockaddr2address
783 2002-07-04 Johan Danielsson <joda@pdc.kth.se>
785 * ipropd_master.c: handle slaves that come and go; add status
786 reporting (both from Love)
788 * iprop.h: KADM5_SLAVE_STATS
790 2002-03-25 Jacques Vidrine <n@nectar.com>
792 * init_c.c (get_cred_cache): bug fix: the default credentials
793 cache was not being used if a client name was specified.
795 2002-03-25 Johan Danielsson <joda@pdc.kth.se>
797 * init_c.c (get_cred_cache): when getting the default_client from
798 the cred cache, make sure the instance part is "admin"; this
799 should require fewer uses of -p
801 2002-03-11 Assar Westerlund <assar@sics.se>
803 * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
804 (libkadm5clnt_la_LDFLAGS): set version to 6:3:2
806 2002-02-08 Johan Danielsson <joda@pdc.kth.se>
808 * init_c.c: we have to create our own param struct before
811 2001-09-05 Johan Danielsson <joda@pdc.kth.se>
813 * Makefile.am: link with LIB_pidfile
815 * iprop.h: include util.h for pidfile
817 2001-08-31 Assar Westerlund <assar@sics.se>
819 * ipropd_slave.c (main): syslog with the correct name
821 2001-08-30 Jacques Vidrine <n@nectar.com>
823 * ipropd_slave.c, ipropd_master.c (main): call pidfile
825 2001-08-28 Assar Westerlund <assar@sics.se>
827 * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0
829 2001-08-24 Assar Westerlund <assar@sics.se>
831 * acl.c (fetch_acl): do not return bogus flags and re-organize
834 * Makefile.am: rename variable name to avoid error from current
837 2001-08-13 Johan Danielsson <joda@pdc.kth.se>
839 * set_keys.c: add easier afs configuration, defaulting to the
840 local realm in lower case; also try to remove duplicate salts
842 2001-07-12 Assar Westerlund <assar@sics.se>
844 * Makefile.am: add required library dependencies
846 2001-07-03 Assar Westerlund <assar@sics.se>
848 * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2
850 2001-06-29 Johan Danielsson <joda@pdc.kth.se>
852 * init_c.c: call krb5_get_init_creds_opt_set_default_flags
854 2001-02-19 Johan Danielsson <joda@pdc.kth.se>
856 * replay_log.c: add --{start-end}-version flags to replay just
859 2001-02-15 Assar Westerlund <assar@sics.se>
861 * ipropd_master.c (main): fix select-loop to decrement ret
862 correctly. from "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>
864 2001-01-30 Assar Westerlund <assar@sics.se>
866 * Makefile.am: bump versions
868 2000-12-31 Assar Westerlund <assar@sics.se>
870 * init_s.c (*): handle krb5_init_context failure consistently
871 * init_c.c (init_context): handle krb5_init_context failure
874 2000-12-11 Assar Westerlund <assar@sics.se>
876 * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0
878 2000-11-16 Assar Westerlund <assar@sics.se>
880 * set_keys.c (make_keys): clean-up salting loop and try not to
883 * ipropd_master.c (main): check for fd's being too large to select
886 2000-08-16 Assar Westerlund <assar@sics.se>
888 * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0
890 2000-08-10 Assar Westerlund <assar@sics.se>
892 * acl.c (fetch_acl): fix wrong cases, use krb5_principal_match
894 2000-08-07 Assar Westerlund <assar@sics.se>
896 * ipropd_master.c (main): ignore SIGPIPE
898 2000-08-06 Assar Westerlund <assar@sics.se>
900 * ipropd_slave.c (receive_everything): make `fd' an int instead of
901 a pointer. From Derrick J Brashear <shadow@dementia.org>
903 2000-08-04 Johan Danielsson <joda@pdc.kth.se>
905 * admin.h: change void** to void*
907 2000-07-25 Johan Danielsson <joda@pdc.kth.se>
909 * Makefile.am: bump versions to 7:0:0 and 6:0:2
911 2000-07-24 Assar Westerlund <assar@sics.se>
913 * log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
914 and make a new that takes a context
915 (kadm5_log_nop): add logging of missing lengths
916 (kadm5_log_truncate): new function
918 * dump_log.c (print_entry): update and correct
919 * randkey_s.c: call _kadm5_bump_pw_expire
920 * truncate_log.c: new program for truncating the log
921 * Makefile.am (sbin_PROGRAMS): add truncate_log
922 (C_SOURCES): add bump_pw_expire.c
923 * bump_pw_expire.c: new function for extending password expiration
925 2000-07-22 Assar Westerlund <assar@sics.se>
927 * keys.c: new file with _kadm5_free_keys, _kadm5_init_keys
929 * set_keys.c (free_keys, init_keys): elevate to internal kadm5
932 * chpass_s.c (kadm5_s_chpass_principal_cond): new function
933 * Makefile.am (C_SOURCES): add keys.c
934 * init_c.c: remove unused variable and handle some parameters
937 2000-07-22 Johan Danielsson <joda@pdc.kth.se>
939 * ipropd_slave.c: use krb5_read_priv_message
941 * ipropd_master.c: use krb5_{read,write}_priv_message
943 * init_c.c: use krb5_write_priv_message
945 2000-07-11 Johan Danielsson <joda@pdc.kth.se>
947 * ipropd_slave.c: no need to call gethostname, since
948 sname_to_principal will
950 * send_recv.c: assert that we have a connected socket
952 * get_princs_c.c: call _kadm5_connect
954 * rename_c.c: call _kadm5_connect
956 * randkey_c.c: call _kadm5_connect
958 * privs_c.c: call _kadm5_connect
960 * modify_c.c: call _kadm5_connect
962 * get_c.c: call _kadm5_connect
964 * delete_c.c: call _kadm5_connect
966 * create_c.c: call _kadm5_connect
968 * chpass_c.c: call _kadm5_connect
970 * private.h: add more fields to client context; remove prototypes
972 * admin.h: remove prototypes
974 * kadm5-protos.h: move public prototypes here
976 * kadm5-private.h: move private prototypes here
978 * init_c.c: break out connection code to separate function, and
979 defer calling it until we actually do something
981 2000-07-07 Assar Westerlund <assar@sics.se>
983 * set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
984 backwards compatability
986 2000-06-26 Johan Danielsson <joda@pdc.kth.se>
988 * set_keys.c (_kadm5_set_keys): rewrite this to be more easily
989 adaptable to different salts
991 2000-06-19 Johan Danielsson <joda@pdc.kth.se>
993 * get_s.c: pa_* -> KRB5_PADATA_*
995 2000-06-16 Assar Westerlund <assar@sics.se>
997 * ipropd_slave.c: change default keytab to default keytab (as in
998 typically FILE:/etc/krb5.keytab)
1000 2000-06-08 Assar Westerlund <assar@sics.se>
1002 * ipropd_slave.c: bug fixes, for actually writing the full dump to
1003 the database. based on a patch from Love <lha@stacken.kth.se>
1005 2000-06-07 Assar Westerlund <assar@sics.se>
1007 * acl.c: add support for patterns of principals
1008 * log.c (kadm5_log_replay_create): handle more NULL pointers
1009 (should they really happen?)
1010 * log.c (kadm5_log_replay_modify): handle max_life == NULL and
1013 * ipropd_master.c: use syslog. be less verbose
1014 * ipropd_slave.c: use syslog
1016 2000-06-05 Assar Westerlund <assar@sics.se>
1018 * private.h (kadm_ops): add kadm_nop more prototypes
1019 * log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
1020 kadm5_log_replay_nop): add
1021 * ipropd_slave.c: and some more improvements
1022 * ipropd_master.c: lots of improvements
1023 * iprop.h (IPROP_PORT, IPROP_SERVICE): add
1024 (iprop_cmd): add new commands
1026 * dump_log.c: add nop
1028 2000-05-15 Assar Westerlund <assar@sics.se>
1030 * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1
1032 2000-05-12 Assar Westerlund <assar@sics.se>
1034 * get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
1035 fallback. handle not having any creator.
1036 * destroy_s.c (kadm5_s_destroy): free all allocated memory
1037 * context_s.c (set_field): free variable if it's already set
1038 (find_db_spec): malloc space for all strings
1040 2000-04-05 Assar Westerlund <assar@sics.se>
1042 * Makefile.am (LDADD): add LIB_openldap
1044 2000-04-03 Assar Westerlund <assar@sics.se>
1046 * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
1047 (libkadm5clnt_la_LDFLAGS): set version to 5:0:1
1049 2000-03-24 Assar Westerlund <assar@sics.se>
1051 * set_keys.c (_kadm5_set_keys2): rewrite
1052 (_kadm5_set_keys3): add
1054 * private.h (struct kadm_func): add chpass_principal_with_key
1055 * init_c.c (set_funcs): add chpass_principal_with_key
1057 2000-03-23 Assar Westerlund <assar@sics.se>
1059 * context_s.c (set_funcs): add chpass_principal_with_key
1060 * common_glue.c (kadm5_chpass_principal_with_key): add
1061 * chpass_s.c: comment-ize and change calling convention for
1063 * chpass_c.c (kadm5_c_chpass_principal_with_key): add
1065 2000-02-07 Assar Westerlund <assar@sics.se>
1067 * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0
1069 2000-01-28 Assar Westerlund <assar@sics.se>
1071 * init_c.c (get_new_cache): make sure to request non-forwardable,
1074 2000-01-06 Assar Westerlund <assar@sics.se>
1076 * Makefile.am (libkadm5srv.la): bump version to 5:1:0
1078 * context_s.c (_kadm5_s_init_context): handle params == NULL
1080 1999-12-26 Assar Westerlund <assar@sics.se>
1082 * get_s.c (kadm5_s_get_principal): handle modified_by->principal
1085 1999-12-20 Assar Westerlund <assar@sics.se>
1087 * Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0
1089 * init_c.c (_kadm5_c_init_context): handle getting back port
1090 number from admin host
1091 (kadm5_c_init_with_context): remove `proto/' part before doing
1094 1999-12-06 Assar Westerlund <assar@sics.se>
1096 * Makefile.am: bump version to 5:0:0 and 4:0:0
1098 * init_c.c (kadm5_c_init_with_context): don't use unitialized
1101 1999-12-04 Assar Westerlund <assar@sics.se>
1103 * replay_log.c: adapt to changed kadm5_log_foreach
1105 * log.c (kadm5_log_foreach): change to take a
1106 `kadm5_server_context'
1108 * init_c.c: use krb5_warn{,x}
1110 * dump_log.c: adapt to changed kadm5_log_foreach
1112 * init_c.c: re-write to use getaddrinfo
1113 * Makefile.am (install-build-headers): add dependency
1115 1999-12-03 Johan Danielsson <joda@pdc.kth.se>
1117 * log.c (kadm5_log_foreach): pass context
1119 * dump_log.c: print more interesting things
1121 1999-12-02 Johan Danielsson <joda@pdc.kth.se>
1123 * ipropd_master.c (process_msg): check for short reads
1125 1999-11-25 Assar Westerlund <assar@sics.se>
1127 * modify_s.c (kadm5_s_modify_principal): support key_data
1128 (kadm5_s_modify_principal_with_key): remove
1130 * admin.h (kadm5_s_modify_principal_with_key): remove
1132 1999-11-20 Assar Westerlund <assar@sics.se>
1134 * context_s.c (find_db_spec): ugly cast work-around.
1136 1999-11-14 Assar Westerlund <assar@sics.se>
1138 * context_s.c (_kadm5_s_init_context): call krb5_add_et_list so
1139 that we aren't dependent on the layout of krb5_context_data
1140 * init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that
1141 we aren't dependent on the layout of krb5_context_data
1143 1999-11-13 Assar Westerlund <assar@sics.se>
1145 * password_quality.c (kadm5_setup_passwd_quality_check): use
1146 correct types for function pointers
1148 1999-11-09 Johan Danielsson <joda@pdc.kth.se>
1150 * randkey_s.c: always bail out if the fetch fails
1152 * admin.h (kadm5_config_params): remove fields we're not using
1154 * ipropd_slave.c: allow passing a realm
1156 * ipropd_master.c: allow passing a realm
1158 * dump_log.c: allow passing a realm
1160 * acl.c: correctly get acl file
1162 * private.h (kadm5_server_context): add config_params struct and
1163 remove acl_file; bump protocol version number
1165 * marshall.c: marshalling of config parameters
1167 * init_c.c (kadm5_c_init_with_context): try to cope with old
1170 * init_s.c (kadm5_s_init_with_context): actually use some passed
1173 * context_s.c (_kadm5_s_init_context): get dbname, acl_file, and
1174 stash_file from the config parameters, try to figure out these if
1175 they're not provided
1177 1999-11-05 Assar Westerlund <assar@sics.se>
1179 * Makefile.am (install-build-headers): use `cp' instead of
1182 1999-11-04 Assar Westerlund <assar@sics.se>
1184 * Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields
1185 directly in libkrb5's context - bad functions)
1187 * set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in
1190 1999-10-20 Assar Westerlund <assar@sics.se>
1192 * Makefile.am: set version of kadm5srv to 3:0:2 (new password
1194 set version of kdam5clnt to 2:1:1 (no interface changes)
1196 * Makefile.am (LDADD): add $(LIB_dlopen)
1198 1999-10-17 Assar Westerlund <assar@sics.se>
1200 * randkey_s.c (kadm5_s_randkey_principal): use
1201 _kadm5_set_keys_randomly
1203 * set_keys.c (free_keys): free more memory
1204 (_kadm5_set_keys): a little bit more generic
1205 (_kadm5_set_keys_randomly): new function for setting random keys.
1207 1999-10-14 Assar Westerlund <assar@sics.se>
1209 * set_keys.c (_kadm5_set_keys): ignore old keys when setting new
1210 ones and always add 3 DES keys and one 3DES key
1212 1999-10-03 Assar Westerlund <assar@sics.se>
1214 * init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'.
1215 check return value from strdup
1217 1999-09-26 Assar Westerlund <assar@sics.se>
1219 * acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate ->
1222 1999-09-24 Johan Danielsson <joda@pdc.kth.se>
1224 * dump_log.c: remove unused `optind'
1226 * replay_log.c: remove unused `optind'
1228 1999-09-13 Assar Westerlund <assar@sics.se>
1230 * chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv
1232 * send_recv.c (_kadm5_client_recv): return result in a `krb5_data'
1233 so that we avoid copying it and don't need to dimension in
1234 advance. change all callers.
1236 1999-09-10 Assar Westerlund <assar@sics.se>
1238 * password_quality.c: new file
1241 (kadm5_setup_passwd_quality_check,kadm5_check_password_quality):
1244 * Makefile.am (S_SOURCES): add password_quality.c
1246 1999-07-26 Assar Westerlund <assar@sics.se>
1248 * Makefile.am: update versions to 2:0:1
1250 1999-07-24 Assar Westerlund <assar@sics.se>
1252 * ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0
1253 and pw_expiration == 0 mean never
1255 1999-07-22 Assar Westerlund <assar@sics.se>
1257 * log.c (kadm5_log_flush): extra cast
1259 1999-07-07 Assar Westerlund <assar@sics.se>
1261 * marshall.c (store_principal_ent): encoding princ_expire_time and
1262 pw_expiration in correct order
1264 1999-06-28 Assar Westerlund <assar@sics.se>
1266 * randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno,
1267 otherwise hdb will think that the new random keys are already
1268 encrypted which will cause lots of confusion later.
1270 1999-06-23 Assar Westerlund <assar@sics.se>
1272 * ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited
1273 correctly. From Michal Vocu <michal@karlin.mff.cuni.cz>
1275 1999-06-15 Assar Westerlund <assar@sics.se>
1277 * init_c.c (get_cred_cache): use get_default_username
1279 1999-05-23 Assar Westerlund <assar@sics.se>
1281 * create_s.c (create_principal): if there's no default entry the
1282 mask should be zero.
1284 1999-05-21 Assar Westerlund <assar@sics.se>
1286 * init_c.c (get_cred_cache): use $USERNAME
1288 1999-05-17 Johan Danielsson <joda@pdc.kth.se>
1290 * init_c.c (get_cred_cache): figure out principal
1292 1999-05-05 Johan Danielsson <joda@pdc.kth.se>
1294 * send_recv.c: cleanup _kadm5_client_{send,recv}
1296 1999-05-04 Assar Westerlund <assar@sics.se>
1298 * set_keys.c (_kadm5_set_keys2): don't check the recently created
1299 memory for NULL pointers
1301 * private.h (_kadm5_setup_entry): change prototype
1303 * modify_s.c: call new _kadm5_setup_entry
1305 * ent_setup.c (_kadm5_setup_entry): change so that it takes three
1306 masks, one for what bits to set and one for each of principal and
1307 def containing the bits that are set there.
1309 * create_s.c: call new _kadm5_setup_entry
1311 * create_s.c (get_default): check return value
1312 (create_principal): send wider mask to _kadm5_setup_entry
1314 1999-05-04 Johan Danielsson <joda@pdc.kth.se>
1316 * send_recv.c (_kadm5_client_recv): handle arbitrarily sized
1317 packets, check for errors
1319 * get_c.c: check for failure from _kadm5_client_{send,recv}
1321 1999-05-04 Assar Westerlund <assar@sics.se>
1323 * init_c.c (get_new_cache): don't abort when interrupted from
1326 * destroy_c.c (kadm5_c_destroy): check if we should destroy the
1329 1999-05-03 Johan Danielsson <joda@pdc.kth.se>
1331 * chpass_s.c: fix arguments to _kadm5_set_keys2
1335 * set_keys.c: clear mkvno
1337 * rename_s.c: add flags to fetch and store; seal keys before
1340 * randkey_s.c: add flags to fetch and store; seal keys before
1343 * modify_s.c: add flags to fetch and store; seal keys before
1346 * log.c: add flags to fetch and store; seal keys before logging
1348 * get_s.c: add flags to fetch and store; seal keys before logging
1350 * get_princs_s.c: add flags to fetch and store; seal keys before
1353 * delete_s.c: add flags to fetch and store; seal keys before
1356 * create_s.c: add flags to fetch and store; seal keys before
1359 * chpass_s.c: add flags to fetch and store; seal keys before
1362 * Makefile.am: remove server.c
1364 * admin.h: add prototypes
1366 * ent_setup.c (_kadm5_setup_entry): set key_data
1368 * set_keys.c: add _kadm5_set_keys2 to sey keys from key_data
1370 * modify_s.c: add kadm5_s_modify_principal_with_key
1372 * create_s.c: add kadm5_s_create_principal_with_key
1374 * chpass_s.c: add kadm5_s_chpass_principal_with_key
1376 * kadm5_locl.h: move stuff to private.h
1378 * private.h: move stuff from kadm5_locl.h