add missing )

[heimdal.git] / lib / kadm5 / ChangeLog

2008-01-11  Love Hörnquist Åstrand  <lha@it.su.se>

        * Makefile.am: add check-cracklib.pl, flush.c,
        sample_passwd_check.c

2007-12-07  Love Hörnquist Åstrand  <lha@it.su.se>

        * use hdb_db_dir() and hdb_default_db()

2007-10-18  Love  <lha@stacken.kth.se>

        * init_c.c: We are getting default_client, not client. this way
        the user can override the result.
        
2007-09-29  Love Hörnquist Åstrand  <lha@it.su.se>

        * iprop.8: fix spelling, From Antoine Jacoutt.

2007-08-16  Love Hörnquist Åstrand  <lha@it.su.se>

        * version-script.map: export _kadm5_unmarshal_params,
        _kadm5_acl_check_permission

        * version-script.map: export kadm5_log_ symbols.

        * log.c: Unexport the specific log replay operations.
        
2007-08-10  Love Hörnquist Åstrand  <lha@it.su.se>

        * Makefile.am: build sample_passwd_check.la as part of noinst.

        * sample_passwd_check.c: Add missing prototype for check_length().

2007-08-07  Love Hörnquist Åstrand  <lha@it.su.se>

        * log.c: Sprinkle krb5_set_error_string().

        * ipropd_slave.c: Provide better error why kadm5_log_replay
        failed.

2007-08-06  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_master.c: - don't push whole database to the new client
        every time.  - make slaves get the whole new database if they have
        a newer log the the master (and thus have them go back in time).

2007-08-03  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_slave.c: make more sane.

        * ipropd_slave.c: more paranoid check that the log entires are
        self consistant

        * log.c (kadm5_log_foreach): check that the postamble contains the
        right data.

        * ipropd_master.c: Sprinkle more info about what versions the
        master thinks about the client versions.

        * ipropd_master.c: Start the server at the current version, not 0.

2007-08-02  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_master.c: Add more logging, to figure out what is
        happening in the master.

2007-08-01  Love Hörnquist Åstrand  <lha@it.su.se>

        * Makefile.am: add version-script for libkadm5srv.la

        * version-script.map: version script fro kadm5 server libary.

        * log.c: only free the orignal entries extentions if there was
        any.  Bug reported by Peter Meinecke.

        * add configuration for signal file and acl file, let user select
        hostname, catch signals and print why we are quiting, make nop
        cause one new version, not two

2007-07-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_master.c (send_diffs): make current slave's version
        uptodate when diff have been sent.
        
2007-07-27  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_slave.c: More comments and some more error checking.
        
2007-07-26  Love Hörnquist Åstrand  <lha@it.su.se>

        * init_c.c (get_cache_principal): make sure id is reset if we
        fail. From Benjamin Bennet.

2007-07-10  Love Hörnquist Åstrand  <lha@it.su.se>

        * context_s.c (find_db_spec): match realm-less as the default
        realm.

        * Makefile.am: New library version.

2007-07-05  Love Hörnquist Åstrand  <lha@it.su.se>

        * context_s.c: Use hdb_get_dbinfo to pick up configuration.
        ctx->config.realm can be NULL, check for that, from Bjorn S.
        
2007-07-04  Love Hörnquist Åstrand  <lha@it.su.se>

        * init_c.c: Try harder to use the right principal.

2007-06-20  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_slave.c: Catch return value from krb5_program_setup. From
        Steven Luo.
        
2007-05-08  Love Hörnquist Åstrand  <lha@it.su.se>

        * delete_s.c: Write log entry after store is successful, rename
        out goto statments.

        * randkey_s.c: Write log entry after store is successful.

        * modify_s.c: Write log entry after store is successful.

        * rename_s.c: indent.

        * chpass_s.c: Write log entry after store is successful.

        * create_s.c: Write log entry after store is successful.
        
2007-05-07  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * iprop-commands.in: Add default values to make this working
        again.

        * iprop-log.c (iprop_replay): create the database with more
        liberal mode.

        * log.c: make it slightly more working.

        * iprop-log.8: Document last-version.

        * iprop-log.c: (last_version): print last version of the log.
        
        * iprop-commands.in: new command last-version: print last version
        of the log.

        * log.c (kadm5_log_previous): document assumptions and make less
        broken.  Bug report from Ronny Blomme.
        
2007-02-17  Love Hörnquist Åstrand  <lha@it.su.se>

        * admin.h: add support to get aliases

        * get_s.c: add support to get aliases

2007-02-11  David Love  <fx@gnu.org>

        * iprop-log.8: Small fixes, from David Love.
        
2006-12-15  Love Hörnquist Åstrand  <lha@it.su.se>

        * init_c.c: if the user have a kadmin/admin initial ticket, don't
        ask for password, just use the credential instead.
        
2006-12-06  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * ipropd_master.c: Use strcspn to remove \n from string returned
        by fgets.  From Björn Sandell
        
2006-11-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * init_c.c (kadm_connect): clear error string before trying to
        print a errno, this way we don't pick up a random failure code
        
2006-11-20  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context
        argument.

        * init_c.c: Make krb5_get_init_creds_opt_free take a context
        argument.
        
2006-10-22  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * ent_setup.c: Try to not leak memory.
        
2006-10-07  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * Makefile.am: split build files into dist_ and noinst_ SOURCES
        
2006-08-24  Love Hörnquist Åstrand  <lha@it.su.se>

        * get_s.c: Add KRB5_KDB_ALLOW_DIGEST

        * ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST

        * admin.h: Add KRB5_KDB_ALLOW_DIGEST
        
2006-06-16  Love Hörnquist Åstrand  <lha@it.su.se>

        * check-cracklib.pl: Add password reuse checking. From Harald
        Barth.
        
2006-06-14  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4

        * get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4

        * admin.h: Add KRB5_KDB_ALLOW_KERBEROS4
        
2006-06-06  Love Hörnquist Åstrand  <lha@it.su.se>

        * ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION

2006-05-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * password_quality.c (kadm5_check_password_quality): set error
        message in context.
        
2006-05-13  Love Hörnquist Åstrand  <lha@it.su.se>

        * iprop-log.c: Avoid shadowing.

        * rename_s.c: Avoid shadowing.

2006-05-08  Love Hörnquist Åstrand  <lha@it.su.se>

        * privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it
        that way.
        
2006-05-05  Love Hörnquist Åstrand  <lha@it.su.se>

        * Rename u_intXX_t to uintXX_t

2006-04-27  Love Hörnquist Åstrand  <lha@it.su.se>

        * chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c:
        Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for

        * send_recv.c: set and clear error string

        * rename_s.c: Break out the that we request from principal from
        the entry and pass it in as a separate argument.

        * randkey_s.c: Break out the that we request from principal from
        the entry and pass it in as a separate argument.

        * modify_s.c: Break out the that we request from principal from
        the entry and pass it in as a separate argument.

        * log.c: Break out the that we request from principal from the
        entry and pass it in as a separate argument.

        * get_s.c: Break out the that we request from principal from the
        entry and pass it in as a separate argument.

        * delete_s.c: Break out the that we request from principal from
        the entry and pass it in as a separate argument.

        * chpass_s.c: Break out the that we request from principal from
        the entry and pass it in as a separate argument.
        
2006-04-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * create_s.c (create_principal*): If client doesn't send kvno,
        make sure to set it to 1.
        
2006-04-10  Love Hörnquist Åstrand  <lha@it.su.se>

        * log.c: (kadm5_log_rename): handle errors better
        Fixes Coverity, NetBSD CID#628

        * log.c (kadm5_log_delete): add error handling Coverity, NetBSD
        CID#626
        (kadm5_log_modify): add error handling Coverity, NetBSD CID#627

        * init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in
        case no client name was passed in. Coverity, NetBSD CID#919
        
        * init_c.c (_kadm5_c_get_cred_cache): Free client principal in
        case of error. Coverity NetBSD CID#1908
        
2006-02-02  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * kadm5_err.et: (PASS_REUSE): Spelling, 
        from Václav H?la <ax@natur.cuni.cz>
        
2006-01-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * send_recv.c: Clear error-string when introducing new errors.

        * *_c.c: Clear error-string when introducing new errors.
        
2006-01-15  Love Hörnquist Åstrand  <lha@it.su.se>

        * Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove
        dependency
        
2005-12-13  Love Hörnquist Åstrand  <lha@it.su.se>

        * memset hdb_entry_ex before use
        
2005-12-12  Love Hörnquist Åstrand  <lha@it.su.se>
        
        * Wrap hdb_entry with hdb_entry_ex, patch originally 
        from Andrew Bartlet

2005-11-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * context_s.c (set_field): try another way to calculate the path
        to the database/logfile/signal-socket

        * log.c (kadm5_log_init): set error string on failures
        
2005-09-08  Love Hörnquist Åstrand  <lha@it.su.se>

        * Constify password.

        * admin.h: Add KRB5_TL_PKINIT_ACL.
        
        * marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings
        
        * get_s.c (kadm5_s_get_principal): clear error string
        
2005-08-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * iprop-log.8: More text about iprop-log.
        
2005-08-24  Love Hörnquist Åstrand  <lha@it.su.se>

        * iprop.8: SEE ALSO iprop-log.

        * Makefile.am: man_MANS += iprop-log.8

        * iprop-log.8: Basic for documentation of iprop-log.
        
        * remove replay_log.c, dump_log.c, and truncate_log.c, folded into
        iprop-log.

        * log.c (kadm5_log_foreach): add a context variable and pass it
        down to `func´.

        * iprop-commands.in: Move truncate_log and replay_log into
        iprop-log.

        * iprop-log.c: Move truncate_log and replay_log into iprop-log.
        
        * Makefile.am: Move truncate_log and replay_log into iprop-log.
        
        * Makefile.am: Make this work with a clean directory.

        * ipropd_master.c: Make compile.

        * ipropd_master.c: Update to new signature of kadm5_log_previous.

        * log.c (kadm5_log_previous): catch errors instead of asserting
        and set error string.

        * iprop-commands.in: New program iprop-log that incorperates
        dump_log as a subcommand, truncate_log and replay_log soon to come
        after.
        
        * iprop-log.c: New program iprop-log that incorperates dump_log as
        a subcommand, truncate_log and replay_log soon to come after.

        * Makefile.am: New program iprop-log that incorperates dump_log as
        a subcommand, truncate_log and replay_log soon to come after.
        
2005-08-11 Love Hörnquist Åstrand  <lha@it.su.se>

        * get_s.c: Implement KADM5_LAST_PWD_CHANGE.
        
        * set_keys.c: Set and clear password where appropriate.

        * randkey_s.c: Operation modifies tl_data.

        * log.c (kadm5_log_replay_modify): Check return values of
        malloc(), replace all extensions.

        * kadm5_err.et: Make BAD_TL_TYPE error more helpful.

        * get_s.c: Expose KADM5_TL_DATA options to the client.

        * ent_setup.c: Merge in KADM5_TL_DATA in the database.

        * chpass_s.c: Operations modify extensions, mark that with
        TL_DATA.

        * admin.h: Add more TL types (password and extension).

2005-06-17  Love Hörnquist Åstrand  <lha@it.su.se>

        * constify

        * ipropd_slave.c: avoid shadowing

        * ipropd_master.c: rename local variable slave to s, optind ->
        optidx

        * get_princs_c.c: rename variable exp to expression
        
        * ad.c: rename variable exp to expression

        * log.c: rename shadowing len to num
        
        * get_princs_s.c: rename variable exp to expression

        * context_s.c: const poison

        * common_glue.c: rename variable exp to expression

2005-05-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE
        
        * get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE

        * admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags

2005-05-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * kadm5_pwcheck.3: please mdoclint

2005-05-25  Dave Love  <fx@gnu.org>

        * kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier,
        improve text

2005-05-24  Dave Love  <fx@gnu.org>

        * iprop.8: Added some info about defaults, fixed some markup.
        
2005-05-23  Dave Love  <fx@gnu.org>

        * ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it.

        * ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it.

2005-05-13  Love Hörnquist Åstrand  <lha@it.su.se>

        * init_c.c (_kadm5_c_init_context): fix memory leak in case of
        failure

2005-05-09  Dave Love  <fx@gnu.org>

        * password_quality.c (find_func): Fix off-by-one and logic error.
        (external_passwd_quality): Improve messages.

        * test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check
        and kadm5_add_passwd_quality_verifier.

2005-04-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * default_keys.c: #include <err.h>, only print salt it its longer
        then 0, use krb5_err instead of errx where appropriate
        
2005-04-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_slave.c: add the documented option --port

        * ipropd_master.c: add the documented option --port
        
        * dump_log.c: use the newly generated units function

2005-04-24  Love Hörnquist Åstrand  <lha@it.su.se>

        * dump_log.c: use strlcpy
        
        * password_quality.c: don't use sizeof(pointer)
        
2005-04-15  Love Hörnquist Åstrand  <lha@it.su.se>

        * check-cracklib.pl: external password verifier sample

        * password_quality.c (kadm5_add_passwd_quality_verifier): if NULL
        is passed in, load defaults

2005-04-14  Love Hörnquist Åstrand  <lha@it.su.se>

        * password_quality.c: add an end tag to the external password
        quality check protocol

2005-04-13  Love Hörnquist Åstrand  <lha@it.su.se>

        * password_quality.c: add external passsword quality check builtin
        module
        
        [password_quality]
                policies = external-check
                external-program = /bin/false
        
        To approve password a, make the test program return APPROVED on
        stderr and fail with exit code 0.
        
2004-10-12  Love Hörnquist Åstrand  <lha@it.su.se>

        * Makefile.am: bump version to 7:7:0 and 6:5:2
        
        * default_keys.c (parse_file): use hdb_generate_key_set
        
        * keys.c,set_keys.c: Move keyset parsing and password based keyset
        generation into hdb.  Requested by Andrew Bartlett <abartlet@samba.org>
        for hdb-ldb backend.
        
2004-09-23  Johan Danielsson  <joda@pdc.kth.se>

        * ipropd_master.c: add help strings to some options
        
2004-09-12  Love Hörnquist Åstrand  <lha@it.su.se>

        * chpass_s.c: deal with changed prototype for _kadm5_free_keys
        
        * keys.c (_kadm5_free_keys): change prototype, make it use
        krb5_context instead of a kadm5_server_context
        
        * set_keys.c (parse_key_set): do way with static returning
        (function) static variable and returned allocated memory
        (_kadm5_generate_key_set): free enctypes returned by parse_key_set

2004-09-06  Love Hörnquist Åstrand  <lha@it.su.se>

        * set_keys.c: Fix memory leak, don't return stack variables From
        Andrew Bartlett
        
        * set_keys.c: make all_etypes const and move outside function to
        avoid returning data on stack
        
2004-08-26  Love Hörnquist Åstrand  <lha@it.su.se>

        * acl.c (fetch_acl): use " \t\n" instead of just "\n" for the
        delim of the third element, this is so we can match
        "foo@REALM<SPC>all<SPC><SPC>*@REALM", before it just matched
        "foo@REALM<SPC>all<SPC>*@REALM", but that is kind of lucky since
        what really happen was that the last <SPC> was stamped out, and
        the it never strtok_r never needed to parse over it.
        
2004-08-25  Love Hörnquist Åstrand  <lha@it.su.se>

        * set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is
        without salting, some people tries to add the string
        "arcfour-hmac-md5" when they really should have used
        "arcfour-hmac-md5:pw-salt", help them and add glue for that
        
2004-08-18  Johan Danielsson  <joda@pdc.kth.se>

        * ipropd_slave.c: add --detach

2004-07-06  Love Hörnquist Åstrand  <lha@it.su.se>

        * ad.c: use new tsasl interface remove debug printf add upn to
        computer-accounts
        
2004-06-28  Love Hörnquist Åstrand  <lha@it.su.se>

        * ad.c: implement kadm5_ad_init_with_password_ctx set more error
        strings
        
2004-06-21  Love Hörnquist Åstrand  <lha@it.su.se>

        * Makefile.am: man_MANS = kadm5_pwcheck.3
        
        * kadm5_pwcheck.3: document new password quality api
        
        * password_quality.c: new password check interface (old still
        supported)
        
        * kadm5-pwcheck.h: new password check interface
        
2004-06-08  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_master.c (main): process all slaves, not just up to the
        last slave sending data
        (bug report from Björn Sandell <biorn@dce.chalmers.se>)
        (*): only send one ARE_YOU_THERE

2004-06-02  Love Hörnquist Åstrand  <lha@it.su.se>

        * ad.c: use krb5_set_password_using_ccache
        
2004-06-01  Love Hörnquist Åstrand  <lha@it.su.se>

        * ad.c: try handle spn's better
        
2004-05-31  Love Hörnquist Åstrand  <lha@it.su.se>

        * ad.c: add expiration time
        
        * ad.c: add modify operations
        
        * ad.c: handle create and delete
        
2004-05-27  Love Hörnquist Åstrand  <lha@it.su.se>

        * ad.c: more code for get, handle attributes
        
        * ad.c: more code for get, handle time stamps and bad password
        counter

        * ad.c: more code for get, only fetches kvno for now
        
2004-05-26  Love Hörnquist Åstrand  <lha@it.su.se>

        * ad.c: add support for tsasl
        
        * private.h: add kadm5_ad_context
        
        * ipropd_master.c (prop_one): store the opcode in the begining of
        the blob, not the end
        
        * ad.c: try all ldap servers in dns, generate a random password,
        base64(random_block(64)), XXX must make it support other then
        ARCFOUR
        
        * ad.c: framework for windows AD backend
        
2004-03-07  Love Hörnquist Åstrand  <lha@it.su.se>

        * create_s.c (kadm5_s_create_principal): remove old XXX command
        and related code, _kadm5_set_keys will do all this now
        
2004-02-29  Love Hörnquist Åstrand  <lha@it.su.se>

        * set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy
        enctype for des keys From: Andrew Bartlett <abartlet@samba.org>
        
        * create_s.c (kadm5_s_create_principal_with_key): don't call
        _kadm5_set_keys2, create_principal will do that for us. Set kvno
        to 1.

        * chpass_s.c (change): bump kvno
        (kadm5_s_chpass_principal_with_key): bump kvno

        * randkey_s.c (kadm5_s_randkey_principal): bump kvno
        
        * set_keys.c (_kadm5_set_*): don't change the kvno, let the callee
        to that

2003-12-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * chpass_s.c (change): fix same-password-again by decrypting keys
        and setting an error code From: Buck Huppmann <buckh@pobox.com>
        
2003-12-21  Love Hörnquist Åstrand  <lha@it.su.se>

        * init_c.c (_kadm5_c_init_context): catch errors from strdup and
        other krb5_ functions

2003-12-08  Love Hörnquist Åstrand  <lha@it.su.se>

        * rename_s.c (kadm5_s_rename_principal): allow principal to change
        realm From Panasas Inc
        
2003-12-07  Love Hörnquist Åstrand  <lha@it.su.se>

        * destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas,
        Inc

2003-11-23  Love Hörnquist Åstrand  <lha@it.su.se>

        * iprop.h: don't include <krb5-private.h>
        
        * ipropd_slave.c: stop using krb5 lib private byte-frobbing
        functions and replace them with with krb5_storage
        
        * ipropd_master.c: stop using krb5 lib private byte-frobbing
        functions and replace them with with krb5_storage
        
2003-11-19  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_slave.c (receive_loop): when seeking over the entries we
        already have, skip over the trailer.  From: Jeffrey Hutzelman
        <jhutz@cmu.edu>

        * dump_log.c,ipropd_master.c,ipropd_slave.c,
        replay_log.c,truncate_log.c: parse kdc.conf
        From: Jeffrey Hutzelman <jhutz@cmu.edu>

2003-10-10  Love Hörnquist Åstrand  <lha@it.su.se>

        * Makefile.am: += test_pw_quality
        
        * test_pw_quality.c: test program for verifying password quality
        function

2003-09-03  Love Hörnquist Åstrand  <lha@it.su.se>

        * Makefile.am: add and enable check program default_keys
        
        * default_keys.c: test program for _kadm5_generate_key_set
        
        * init_c.c: use
        krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free

2003-08-17  Love Hörnquist Åstrand  <lha@it.su.se>

        * set_keys.c (_kadm5_set_keys_randomly): remove dup return
        
        * ipropd_master.c (main): make sure current_version is initialized
        
2003-08-15  Love Hörnquist Åstrand  <lha@it.su.se>

        * set_keys.c: use default_keys for the both random keys and
        password derived keys if its defined
        
2003-07-24  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_slave.c (receive_everything): switch close and rename
        From: Alf Wachsmann <alfw@SLAC.Stanford.EDU>
        
2003-07-03  Love Hörnquist Åstrand  <lha@it.su.se>

        * iprop.h, ipropd_master.c, ipropd_slave.c:
        Add probing from the server that the client is still there, also
        make the client check that the server is probing.

2003-07-02  Love Hörnquist Åstrand  <lha@it.su.se>

        * truncate_log.c (main): add missing ``if (ret)''
        
2003-06-26  Love Hörnquist Åstrand  <lha@it.su.se>

        * set_keys.c (make_keys): add AES support
        
        * set_keys.c: fix off by one in the aes case, pointed out by Ken
        Raeburn

2003-04-30  Love Hörnquist Åstrand  <lha@it.su.se>

        * set_keys.c (_kadm5_set_keys_randomly): add
        ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes
        support

2003-04-16  Love Hörnquist Åstrand  <lha@it.su.se>

        * send_recv.c: check return values from krb5_data_alloc
        * log.c: check return values from krb5_data_alloc
        
2003-04-16  Love Hörnquist Åstrand  <lha@it.su.se>

        * dump_log.c (print_entry): check return values from
        krb5_data_alloc

2003-04-01  Love Hörnquist Åstrand  <lha@it.su.se>

        * init_c.c (kadm_connect): if a context realm was passed in, use
        that to form the kadmin/admin principal
        
2003-03-19  Love Hörnquist Åstrand  <lha@it.su.se>

        * ipropd_master.c (main): make sure we don't consider dead slave
        for select processing
        (write_stats): use slave_stats_file variable, 
        check return value of strftime
        (args): allow specifying slave stats file
        (slave_dead): close the fd when the slave dies

2002-10-21  Johan Danielsson  <joda@pdc.kth.se>

        * ipropd_slave.c (from Derrick Brashear): Propagating a large
        database without this means the slave kdcs can get erroneous
        HDB_NOENTRY and return the resulting errors. This creates a new db
        handle, populates it, and moves it into place.

2002-08-26  Assar Westerlund  <assar@kth.se>

        * ipropd_slave.c (receive_everything): type-correctness calling
        _krb5_get_int

        * context_s.c (find_db_spec): const-correctness in parameters to
        krb5_config_get_next

2002-08-16  Johan Danielsson  <joda@pdc.kth.se>

        * private.h: rename header file flag macro

        * Makefile.am: generate kadm5-{protos,private}.h

2002-08-15  Johan Danielsson  <joda@pdc.kth.se>

        * ipropd_master.c: check return value of krb5_sockaddr2address

2002-07-04  Johan Danielsson  <joda@pdc.kth.se>

        * ipropd_master.c: handle slaves that come and go; add status
        reporting (both from Love)

        * iprop.h: KADM5_SLAVE_STATS

2002-03-25  Jacques Vidrine  <n@nectar.com>

        * init_c.c (get_cred_cache): bug fix: the default credentials
        cache was not being used if a client name was specified.

2002-03-25  Johan Danielsson  <joda@pdc.kth.se>

        * init_c.c (get_cred_cache): when getting the default_client from
        the cred cache, make sure the instance part is "admin"; this
        should require fewer uses of -p

2002-03-11  Assar Westerlund  <assar@sics.se>

        * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0
        (libkadm5clnt_la_LDFLAGS): set version to 6:3:2

2002-02-08  Johan Danielsson  <joda@pdc.kth.se>

        * init_c.c: we have to create our own param struct before
        marshaling

2001-09-05  Johan Danielsson  <joda@pdc.kth.se>

        * Makefile.am: link with LIB_pidfile

        * iprop.h: include util.h for pidfile

2001-08-31  Assar Westerlund  <assar@sics.se>

        * ipropd_slave.c (main): syslog with the correct name

2001-08-30  Jacques Vidrine <n@nectar.com>

        * ipropd_slave.c, ipropd_master.c (main): call pidfile

2001-08-28  Assar Westerlund  <assar@sics.se>

        * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0

2001-08-24  Assar Westerlund  <assar@sics.se>

        * acl.c (fetch_acl): do not return bogus flags and re-organize
        function

        * Makefile.am: rename variable name to avoid error from current
        automake

2001-08-13  Johan Danielsson  <joda@pdc.kth.se>

        * set_keys.c: add easier afs configuration, defaulting to the
        local realm in lower case; also try to remove duplicate salts

2001-07-12  Assar Westerlund  <assar@sics.se>

        * Makefile.am: add required library dependencies

2001-07-03  Assar Westerlund  <assar@sics.se>

        * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2

2001-06-29  Johan Danielsson  <joda@pdc.kth.se>

        * init_c.c: call krb5_get_init_creds_opt_set_default_flags

2001-02-19  Johan Danielsson  <joda@pdc.kth.se>

        * replay_log.c: add --{start-end}-version flags to replay just
        part of the log

2001-02-15  Assar Westerlund  <assar@sics.se>

        * ipropd_master.c (main): fix select-loop to decrement ret
        correctly.  from "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu>

2001-01-30  Assar Westerlund  <assar@sics.se>

        * Makefile.am: bump versions

2000-12-31  Assar Westerlund  <assar@sics.se>

        * init_s.c (*): handle krb5_init_context failure consistently
        * init_c.c (init_context): handle krb5_init_context failure
        consistently

2000-12-11  Assar Westerlund  <assar@sics.se>

        * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0

2000-11-16  Assar Westerlund  <assar@sics.se>

        * set_keys.c (make_keys): clean-up salting loop and try not to
        leak memory

        * ipropd_master.c (main): check for fd's being too large to select
        on

2000-08-16  Assar Westerlund  <assar@sics.se>

        * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0

2000-08-10  Assar Westerlund  <assar@sics.se>

        * acl.c (fetch_acl): fix wrong cases, use krb5_principal_match

2000-08-07  Assar Westerlund  <assar@sics.se>

        * ipropd_master.c (main): ignore SIGPIPE

2000-08-06  Assar Westerlund  <assar@sics.se>

        * ipropd_slave.c (receive_everything): make `fd' an int instead of
        a pointer.  From Derrick J Brashear <shadow@dementia.org>

2000-08-04  Johan Danielsson  <joda@pdc.kth.se>

        * admin.h: change void** to void*

2000-07-25  Johan Danielsson  <joda@pdc.kth.se>

        * Makefile.am: bump versions to 7:0:0 and 6:0:2

2000-07-24  Assar Westerlund  <assar@sics.se>

        * log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd
        and make a new that takes a context
        (kadm5_log_nop): add logging of missing lengths
        (kadm5_log_truncate): new function

        * dump_log.c (print_entry): update and correct
        * randkey_s.c: call _kadm5_bump_pw_expire
        * truncate_log.c: new program for truncating the log
        * Makefile.am (sbin_PROGRAMS): add truncate_log
        (C_SOURCES): add bump_pw_expire.c
        * bump_pw_expire.c: new function for extending password expiration

2000-07-22  Assar Westerlund  <assar@sics.se>

        * keys.c: new file with _kadm5_free_keys, _kadm5_init_keys

        * set_keys.c (free_keys, init_keys): elevate to internal kadm5
        functions

        * chpass_s.c (kadm5_s_chpass_principal_cond): new function
        * Makefile.am (C_SOURCES): add keys.c
        * init_c.c: remove unused variable and handle some parameters
        being NULL

2000-07-22  Johan Danielsson  <joda@pdc.kth.se>

        * ipropd_slave.c: use krb5_read_priv_message

        * ipropd_master.c: use krb5_{read,write}_priv_message

        * init_c.c: use krb5_write_priv_message

2000-07-11  Johan Danielsson  <joda@pdc.kth.se>

        * ipropd_slave.c: no need to call gethostname, since
        sname_to_principal will

        * send_recv.c: assert that we have a connected socket

        * get_princs_c.c: call _kadm5_connect

        * rename_c.c: call _kadm5_connect

        * randkey_c.c: call _kadm5_connect

        * privs_c.c: call _kadm5_connect

        * modify_c.c: call _kadm5_connect

        * get_c.c: call _kadm5_connect

        * delete_c.c: call _kadm5_connect

        * create_c.c: call _kadm5_connect

        * chpass_c.c: call _kadm5_connect

        * private.h: add more fields to client context; remove prototypes

        * admin.h: remove prototypes

        * kadm5-protos.h: move public prototypes here

        * kadm5-private.h: move private prototypes here

        * init_c.c: break out connection code to separate function, and
        defer calling it until we actually do something

2000-07-07  Assar Westerlund  <assar@sics.se>

        * set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for
        backwards compatability

2000-06-26  Johan Danielsson  <joda@pdc.kth.se>

        * set_keys.c (_kadm5_set_keys): rewrite this to be more easily
        adaptable to different salts
        
2000-06-19  Johan Danielsson  <joda@pdc.kth.se>

        * get_s.c: pa_* -> KRB5_PADATA_*

2000-06-16  Assar Westerlund  <assar@sics.se>

        * ipropd_slave.c: change default keytab to default keytab (as in
        typically FILE:/etc/krb5.keytab)

2000-06-08  Assar Westerlund  <assar@sics.se>

        * ipropd_slave.c: bug fixes, for actually writing the full dump to
        the database.  based on a patch from Love <lha@stacken.kth.se>

2000-06-07  Assar Westerlund  <assar@sics.se>

        * acl.c: add support for patterns of principals
        * log.c (kadm5_log_replay_create): handle more NULL pointers
        (should they really happen?)
        * log.c (kadm5_log_replay_modify): handle max_life == NULL and
        max_renew == NULL

        * ipropd_master.c: use syslog.  be less verbose
        * ipropd_slave.c: use syslog

2000-06-05  Assar Westerlund  <assar@sics.se>

        * private.h (kadm_ops): add kadm_nop more prototypes
        * log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop,
        kadm5_log_replay_nop): add
        * ipropd_slave.c: and some more improvements
        * ipropd_master.c: lots of improvements
        * iprop.h (IPROP_PORT, IPROP_SERVICE): add
        (iprop_cmd): add new commands

        * dump_log.c: add nop

2000-05-15  Assar Westerlund  <assar@sics.se>

        * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1

2000-05-12  Assar Westerlund  <assar@sics.se>

        * get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a
        fallback.  handle not having any creator.
        * destroy_s.c (kadm5_s_destroy): free all allocated memory
        * context_s.c (set_field): free variable if it's already set
        (find_db_spec): malloc space for all strings

2000-04-05  Assar Westerlund  <assar@sics.se>

        * Makefile.am (LDADD): add LIB_openldap

2000-04-03  Assar Westerlund  <assar@sics.se>

        * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1
        (libkadm5clnt_la_LDFLAGS): set version to 5:0:1

2000-03-24  Assar Westerlund  <assar@sics.se>

        * set_keys.c (_kadm5_set_keys2): rewrite
        (_kadm5_set_keys3): add

        * private.h (struct kadm_func): add chpass_principal_with_key
        * init_c.c (set_funcs): add chpass_principal_with_key

2000-03-23  Assar Westerlund  <assar@sics.se>

        * context_s.c (set_funcs): add chpass_principal_with_key
        * common_glue.c (kadm5_chpass_principal_with_key): add
        * chpass_s.c: comment-ize and change calling convention for
        _kadm5_set_keys*
        * chpass_c.c (kadm5_c_chpass_principal_with_key): add

2000-02-07  Assar Westerlund  <assar@sics.se>

        * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0

2000-01-28  Assar Westerlund  <assar@sics.se>

        * init_c.c (get_new_cache): make sure to request non-forwardable,
        non-proxiable

2000-01-06  Assar Westerlund  <assar@sics.se>

        * Makefile.am (libkadm5srv.la): bump version to 5:1:0

        * context_s.c (_kadm5_s_init_context): handle params == NULL

1999-12-26  Assar Westerlund  <assar@sics.se>

        * get_s.c (kadm5_s_get_principal): handle modified_by->principal
        == NULL

1999-12-20  Assar Westerlund  <assar@sics.se>

        * Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0

        * init_c.c (_kadm5_c_init_context): handle getting back port
        number from admin host
        (kadm5_c_init_with_context): remove `proto/' part before doing
        getaddrinfo()

1999-12-06  Assar Westerlund  <assar@sics.se>

        * Makefile.am: bump version to 5:0:0 and 4:0:0

        * init_c.c (kadm5_c_init_with_context): don't use unitialized
        stuff

1999-12-04  Assar Westerlund  <assar@sics.se>

        * replay_log.c: adapt to changed kadm5_log_foreach

        * log.c (kadm5_log_foreach): change to take a
        `kadm5_server_context'

        * init_c.c: use krb5_warn{,x}

        * dump_log.c: adapt to changed kadm5_log_foreach

        * init_c.c: re-write to use getaddrinfo
        * Makefile.am (install-build-headers): add dependency
        
1999-12-03  Johan Danielsson  <joda@pdc.kth.se>

        * log.c (kadm5_log_foreach): pass context

        * dump_log.c: print more interesting things

1999-12-02  Johan Danielsson  <joda@pdc.kth.se>

        * ipropd_master.c (process_msg): check for short reads

1999-11-25  Assar Westerlund  <assar@sics.se>

        * modify_s.c (kadm5_s_modify_principal): support key_data
        (kadm5_s_modify_principal_with_key): remove

        * admin.h (kadm5_s_modify_principal_with_key): remove

1999-11-20  Assar Westerlund  <assar@sics.se>

        * context_s.c (find_db_spec): ugly cast work-around.

1999-11-14  Assar Westerlund  <assar@sics.se>

        * context_s.c (_kadm5_s_init_context): call krb5_add_et_list so
        that we aren't dependent on the layout of krb5_context_data
        * init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that
        we aren't dependent on the layout of krb5_context_data

1999-11-13  Assar Westerlund  <assar@sics.se>

        * password_quality.c (kadm5_setup_passwd_quality_check): use
        correct types for function pointers
        
1999-11-09  Johan Danielsson  <joda@pdc.kth.se>

        * randkey_s.c: always bail out if the fetch fails

        * admin.h (kadm5_config_params): remove fields we're not using

        * ipropd_slave.c: allow passing a realm

        * ipropd_master.c: allow passing a realm

        * dump_log.c: allow passing a realm

        * acl.c: correctly get acl file

        * private.h (kadm5_server_context): add config_params struct and
        remove acl_file; bump protocol version number

        * marshall.c: marshalling of config parameters

        * init_c.c (kadm5_c_init_with_context): try to cope with old
        servers

        * init_s.c (kadm5_s_init_with_context): actually use some passed
        values

        * context_s.c (_kadm5_s_init_context): get dbname, acl_file, and
        stash_file from the config parameters, try to figure out these if
        they're not provided

1999-11-05  Assar Westerlund  <assar@sics.se>

        * Makefile.am (install-build-headers): use `cp' instead of
        INSTALL_DATA

1999-11-04  Assar Westerlund  <assar@sics.se>

        * Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields
        directly in libkrb5's context - bad functions)

        * set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in
        the copied keys

1999-10-20  Assar Westerlund  <assar@sics.se>

        * Makefile.am: set version of kadm5srv to 3:0:2 (new password
        quality functions).
        set version of kdam5clnt to 2:1:1 (no interface changes)

        * Makefile.am (LDADD): add $(LIB_dlopen)

1999-10-17  Assar Westerlund  <assar@sics.se>

        * randkey_s.c (kadm5_s_randkey_principal): use
        _kadm5_set_keys_randomly

        * set_keys.c (free_keys): free more memory
        (_kadm5_set_keys): a little bit more generic
        (_kadm5_set_keys_randomly): new function for setting random keys.

1999-10-14  Assar Westerlund  <assar@sics.se>

        * set_keys.c (_kadm5_set_keys): ignore old keys when setting new
        ones and always add 3 DES keys and one 3DES key

1999-10-03  Assar Westerlund  <assar@sics.se>

        * init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'.
        check return value from strdup

1999-09-26  Assar Westerlund  <assar@sics.se>

        * acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate ->
        strlcpy

1999-09-24  Johan Danielsson  <joda@pdc.kth.se>

        * dump_log.c: remove unused `optind'

        * replay_log.c: remove unused `optind'

1999-09-13  Assar Westerlund  <assar@sics.se>

        * chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv

        * send_recv.c (_kadm5_client_recv): return result in a `krb5_data'
        so that we avoid copying it and don't need to dimension in
        advance.  change all callers.

1999-09-10  Assar Westerlund  <assar@sics.se>

        * password_quality.c: new file

        * admin.h
        (kadm5_setup_passwd_quality_check,kadm5_check_password_quality):
        add prototypes

        * Makefile.am (S_SOURCES): add password_quality.c

1999-07-26  Assar Westerlund  <assar@sics.se>

        * Makefile.am: update versions to 2:0:1

1999-07-24  Assar Westerlund  <assar@sics.se>

        * ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0
        and pw_expiration == 0 mean never

1999-07-22  Assar Westerlund  <assar@sics.se>

        * log.c (kadm5_log_flush): extra cast

1999-07-07  Assar Westerlund  <assar@sics.se>

        * marshall.c (store_principal_ent): encoding princ_expire_time and
        pw_expiration in correct order

1999-06-28  Assar Westerlund  <assar@sics.se>

        * randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno,
        otherwise hdb will think that the new random keys are already
        encrypted which will cause lots of confusion later.

1999-06-23  Assar Westerlund  <assar@sics.se>

        * ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited
        correctly.  From Michal Vocu <michal@karlin.mff.cuni.cz>

1999-06-15  Assar Westerlund  <assar@sics.se>

        * init_c.c (get_cred_cache): use get_default_username

1999-05-23  Assar Westerlund  <assar@sics.se>

        * create_s.c (create_principal): if there's no default entry the
        mask should be zero.

1999-05-21  Assar Westerlund  <assar@sics.se>

        * init_c.c (get_cred_cache): use $USERNAME

1999-05-17  Johan Danielsson  <joda@pdc.kth.se>

        * init_c.c (get_cred_cache): figure out principal

1999-05-05  Johan Danielsson  <joda@pdc.kth.se>

        * send_recv.c: cleanup _kadm5_client_{send,recv}

1999-05-04  Assar Westerlund  <assar@sics.se>

        * set_keys.c (_kadm5_set_keys2): don't check the recently created
        memory for NULL pointers

        * private.h (_kadm5_setup_entry): change prototype

        * modify_s.c: call new _kadm5_setup_entry

        * ent_setup.c (_kadm5_setup_entry): change so that it takes three
        masks, one for what bits to set and one for each of principal and
        def containing the bits that are set there.

        * create_s.c: call new _kadm5_setup_entry

        * create_s.c (get_default): check return value
        (create_principal): send wider mask to _kadm5_setup_entry

1999-05-04  Johan Danielsson  <joda@pdc.kth.se>

        * send_recv.c (_kadm5_client_recv): handle arbitrarily sized
        packets, check for errors

        * get_c.c: check for failure from _kadm5_client_{send,recv}

1999-05-04  Assar Westerlund  <assar@sics.se>

        * init_c.c (get_new_cache): don't abort when interrupted from
        password prompt
        
        * destroy_c.c (kadm5_c_destroy): check if we should destroy the
        auth context

1999-05-03  Johan Danielsson  <joda@pdc.kth.se>

        * chpass_s.c: fix arguments to _kadm5_set_keys2

        * private.h: proto

        * set_keys.c: clear mkvno

        * rename_s.c: add flags to fetch and store; seal keys before
        logging

        * randkey_s.c: add flags to fetch and store; seal keys before
        logging

        * modify_s.c: add flags to fetch and store; seal keys before
        logging

        * log.c: add flags to fetch and store; seal keys before logging

        * get_s.c: add flags to fetch and store; seal keys before logging

        * get_princs_s.c: add flags to fetch and store; seal keys before
        logging

        * delete_s.c: add flags to fetch and store; seal keys before
        logging

        * create_s.c: add flags to fetch and store; seal keys before
        logging

        * chpass_s.c: add flags to fetch and store; seal keys before
        logging

        * Makefile.am: remove server.c

        * admin.h: add prototypes

        * ent_setup.c (_kadm5_setup_entry): set key_data

        * set_keys.c: add _kadm5_set_keys2 to sey keys from key_data

        * modify_s.c: add kadm5_s_modify_principal_with_key

        * create_s.c: add kadm5_s_create_principal_with_key

        * chpass_s.c: add kadm5_s_chpass_principal_with_key

        * kadm5_locl.h: move stuff to private.h

        * private.h: move stuff from kadm5_locl.h