ChangeLog revision 120945 
12003-04-14  Love H�rquist �strand  <lha@it.su.se>
2
3	* util.c: cast argument to tolower to unsigned char, from
4	Christian Biere <christianbiere@gmx.de> via NetBSD
5	
62003-04-06  Love H�rquist �strand <lha@it.su.se>
7
8	* kadmind.8: s/kerberos/Kerberos/
9	
102003-03-31  Love H�rquist �strand  <lha@it.su.se>
11
12	* kadmin.8: initialises -> initializes, from Perry E. Metzger"
13	<perry@piermont.com>
14
15	* kadmin.c: principal, not pricipal. From Thomas Klausner
16	<wiz@netbsd.org>
17
182003-02-04  Love H�rquist �strand  <lha@it.su.se>
19
20	* kadmind.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
21	
22	* kadmin.8: spelling, from jmc <jmc@prioris.mini.pw.edu.pl>
23	
242003-01-29  Love H�rquist �strand  <lha@it.su.se>
25
26	* server.c (kadmind_dispatch): kadm_chpass: require the password
27	to pass the password quality check in case the user changes the
28	user's own password kadm_chpass_with_key: disallow the user to
29	change it own password to a key, since that password might violate
30	the password quality check.
31
322002-10-23  Assar Westerlund  <assar@kth.se>
33
34	* version4.c (decode_packet): check the length of the version
35	string and that rlen has a reasonable value
36
372002-10-21  Johan Danielsson  <joda@pdc.kth.se>
38
39	* version4.c: check size of rlen
40
412002-09-10  Johan Danielsson  <joda@pdc.kth.se>
42
43	* server.c: constify match_appl_version()
44
45	* version4.c: change some lingering krb_err_base
46
472002-09-09  Jacques Vidrine  <nectar@kth.se>
48
49	* server.c (kadmind_dispatch): while decoding arguments for
50	kadm_chpass_with_key, sanity check the number of keys given.
51	Potential problem pointed out by
52	Sebastian Krahmer <krahmer@suse.de>.
53
542002-09-04  Johan Danielsson  <joda@pdc.kth.se>
55
56	* load.c (parse_generation): return if there is no generation
57	(spotted by Daniel Kouril)
58
592002-06-07  Jacques Vidrine <n@nectar.com>
60
61	* ank.c: do not attempt to free uninitialized pointer when
62	kadm5_randkey_principal fails.
63
642002-06-07  Johan Danielsson  <joda@pdc.kth.se>
65
66	* util.c: remove unused variable; reported by Hans Insulander
67
682002-03-05  Johan Danielsson  <joda@pdc.kth.se>
69
70	* kadmind.8: clarify some acl wording, and add an example file
71
722002-02-11  Johan Danielsson  <joda@pdc.kth.se>
73
74	* ext.c: no need to use the "modify" keytab anymore
75
762001-09-20  Assar Westerlund  <assar@sics.se>
77
78	* add-random-users.c: allocate several buffers for the list of
79	words, instead of one strdup per word (running under efence does
80	not work very well otherwise)
81
822001-09-13  Assar Westerlund  <assar@sics.se>
83
84	* add-random-users.c: allow specifying the number of users to
85	create
86
872001-08-24  Assar Westerlund  <assar@sics.se>
88
89	* Makefile.am: rename variable name to avoid error from current
90	automake
91
922001-08-22  Assar Westerlund  <assar@sics.se>
93
94	* kadmin_locl.h: include libutil.h if it exists
95
962001-08-10  Johan Danielsson  <joda@pdc.kth.se>
97
98	* util.c: do something to handle C-c in prompts
99
100	* load.c: remove unused etypes code, and add parsing of the
101	generation field
102
103	* ank.c: add a --use-defaults option to just use default values
104	without questions
105
106	* kadmin.c: add "del" alias for delete
107
108	* cpw.c: call this operation "passwd" in usage
109
110	* kadmin_locl.h: prototype for set_defaults
111
112	* util.c (edit_entry): move setting of default values to a
113	separate function, set_defaults
114
1152001-08-01  Johan Danielsson  <joda@pdc.kth.se>
116
117	* kadmin.c: print help message on bad options
118
1192001-07-31  Assar Westerlund  <assar@sics.se>
120
121	* add-random-users.c (main): handle --version
122
1232001-07-30  Johan Danielsson  <joda@pdc.kth.se>
124
125	* load.c: increase line buffer to 8k
126
1272001-06-12  Assar Westerlund  <assar@sics.se>
128
129	* ext.c (ext_keytab): use the default modify keytab per default
130
1312001-05-17  Assar Westerlund  <assar@sics.se>
132
133	* kadm_conn.c (start_server): fix krb5_eai_to_heim_errno call
134
1352001-05-15  Assar Westerlund  <assar@sics.se>
136
137	* kadmin.c (main): some error cleaning required
138
1392001-05-14  Assar Westerlund  <assar@sics.se>
140
141	* kadmind.c: new krb5_config_parse_file
142	* kadmin.c: new krb5_config_parse_file
143	* kadm_conn.c: update to new krb5_sockaddr2address
144
1452001-05-07  Assar Westerlund  <assar@sics.se>
146
147	* kadmin_locl.h (foreach_principal): update prototype
148	* get.c (getit): new foreach_principal
149	* ext.c (ext_keytab): new foreach_principal
150	* del.c (del_entry): new foreach_principal
151	* cpw.c (cpw_entry): new foreach_principal
152	* util.c (foreach_principal): add `funcname' and try printing the
153	error string
154
1552001-05-04  Johan Danielsson  <joda@pdc.kth.se>
156
157	* rename.c: fix argument number test
158	
1592001-04-19  Johan Danielsson  <joda@pdc.kth.se>
160
161	* del_enctype.c: fix argument count check after getarg change;
162	spotted by mark@MCS.VUW.AC.NZ
163
1642001-02-15  Assar Westerlund  <assar@sics.se>
165
166	* kadmind.c (main): use a `struct sockaddr_storage' to be able to
167	store all types of addresses
168
1692001-02-07  Assar Westerlund  <assar@sics.se>
170
171	* kadmin.c: add --keytab / _K, from Leif Johansson
172	<leifj@it.su.se>
173
1742001-01-29  Assar Westerlund  <assar@sics.se>
175
176	* kadm_conn.c (spawn_child): close the newly created socket in the
177	packet, it's not used.  from <shadow@dementia.org>
178	* version4.c (decode_packet): check success of
179	krb5_425_conv_principal.  from <shadow@dementia.org>
180
1812001-01-12  Assar Westerlund  <assar@sics.se>
182
183	* util.c (parse_attributes): make empty string mean no attributes,
184	specifying the empty string at the command line should give you no
185	attributes, but just pressing return at the prompt gives you
186	default attributes
187	(edit_entry): only pick up values from the default principal if they
188	aren't set in the principal being edited
189
1902001-01-04  Assar Westerlund  <assar@sics.se>
191
192	* load.c (doit): print an error and bail out if storing an entry
193	in the database fails.  The most likely reason for it failing is
194	out-of-space.
195
1962000-12-31  Assar Westerlund  <assar@sics.se>
197
198	* kadmind.c (main): handle krb5_init_context failure consistently
199	* kadmin.c (main): handle krb5_init_context failure consistently
200	* add-random-users.c (add_user): handle krb5_init_context failure
201	consistently
202
203	* kadm_conn.c (spawn_child): use a struct sockaddr_storage
204
2052000-12-15  Johan Danielsson  <joda@pdc.kth.se>
206
207	* get.c: avoid asprintf'ing NULL strings
208
2092000-12-14  Johan Danielsson  <joda@pdc.kth.se>
210
211	* load.c: fix option parsing
212
2132000-11-16  Assar Westerlund  <assar@sics.se>
214
215	* kadm_conn.c (wait_for_connection): check for fd's being too
216	large to select on
217
2182000-11-09  Johan Danielsson  <joda@pdc.kth.se>
219
220	* get.c: don't try to print modifier name if it isn't set (from
221	Jacques A. Vidrine" <n@nectar.com>)
222
2232000-09-19  Assar Westerlund  <assar@sics.se>
224
225	* server.c (kadmind_loop): send in keytab to v4 handling function
226	* version4.c: allow the specification of what keytab to use
227
228	* get.c (print_entry_long): actually print the actual saltvalue
229	used if it's not the default
230
2312000-09-10  Johan Danielsson  <joda@pdc.kth.se>
232
233	* kadmin.c: add option parsing, and add `privs' as an alias for
234	`privileges'
235
236	* init.c: complain if there's no realm name specified
237
238	* rename.c: add option parsing
239
240	* load.c: add option parsing
241
242	* get.c: make `get' and `list' aliases to each other, but with
243	different defaults
244
245	* del_enctype.c: add option parsing
246
247	* del.c: add option parsing
248
249	* ank.c: calling the command `add' make more sense from an english
250	pov
251
252	* Makefile.am: add kadmin manpage
253
254	* kadmin.8: short manpage
255
256	* kadmin.c: `quit' should be a alias for `exit', not `help'
257
2582000-08-27  Assar Westerlund  <assar@sics.se>
259
260	* server.c (handle_v5): do not try to perform stupid stunts when
261	printing errors
262
2632000-08-19  Assar Westerlund  <assar@sics.se>
264
265	* util.c (str2time_t): add alias for `now'.
266
2672000-08-18  Assar Westerlund  <assar@sics.se>
268
269	* server.c (handle_v5): accept any kadmin/admin@* principal as the
270	server
271	* kadmind.c: remove extra prototype of kadmind_loop
272	* kadmin_locl.h (kadmind_loop): add prototype
273	
274	* init.c (usage): print init-usage and not add-dito
275	
2762000-08-07  Johan Danielsson  <joda@pdc.kth.se>
277
278	* kadmind.c: use roken_getsockname
279
2802000-08-07  Assar Westerlund  <assar@sics.se>
281
282	* kadmind.c, kadm_conn.c: use socklen_t instead of int where
283	appropriate.  From <thorpej@netbsd.org>
284
2852000-08-04  Johan Danielsson  <joda@pdc.kth.se>
286
287	* Makefile.am: link with pidfile library
288
289	* kadmind.c: write a pid file, and setup password quality
290	functions
291
292	* kadmin_locl.h: util.h
293
2942000-07-27  Assar Westerlund  <assar@sics.se>
295
296	* version4.c (decode_packet): be totally consistent with the
297	prototype of des_cbc_cksum
298	* kadmind.c: use sa_size instead of sa_len, some systems define
299	this to emulate anonymous unions
300	* kadm_conn.c: use sa_size instead of sa_len, some systems define
301	this to emulate anonymous unions
302
3032000-07-24  Assar Westerlund  <assar@sics.se>
304
305	* kadmin.c (commands): add quit
306	* load.c (doit): truncate the log since there's no way of knowing
307	what changes are going to be added
308
3092000-07-23  Assar Westerlund  <assar@sics.se>
310
311	* util.c (str2time_t): be more careful with strptime that might
312	zero out the `struct tm'
313
3142000-07-22  Johan Danielsson  <joda@pdc.kth.se>
315
316	* kadm_conn.c: make the parent process wait for children and
317	terminate after receiving a signal, also terminate on SIGINT
318
3192000-07-22  Assar Westerlund  <assar@sics.se>
320
321	* version4.c: map both princ_expire_time and pw_expiration to v4
322	principal expiration
323
3242000-07-22  Johan Danielsson  <joda@pdc.kth.se>
325
326	* version4.c (handle_v4): check for termination
327
328	* server.c (v5_loop): check for termination
329
330	* kadm_conn.c (wait_term): if we're doing something, set just set
331	a flag otherwise exit rightaway
332
333	* server.c: use krb5_read_priv_message; (v5_loop): check for EOF
334
3352000-07-21  Assar Westerlund  <assar@sics.se>
336
337	* kadm_conn.c: remove sys/select.h.  make signal handlers
338	type-correct and static
339
340	* kadmin_locl.h: add limits.h and sys/select.h
341
3422000-07-20  Assar Westerlund  <assar@sics.se>
343
344	* init.c (init): also create `kadmin/hprop'
345	* kadmind.c: ports is a string argument
346	* kadm_conn.c (start_server): fix printf format
347
348	* kadmin_locl.h: add <sys/select.h>
349	* kadm_conn.c: remove sys/select.h.  make signal handlers
350	type-correct and static
351
352	* kadmin_locl.h: add limits.h and sys/select.h
353
3542000-07-17  Johan Danielsson  <joda@pdc.kth.se>
355
356	* kadm_conn.c: put all processes in a new process group
357
358	* server.c (v5_loop): use krb5_{read,write}_priv_message
359
3602000-07-11  Johan Danielsson  <joda@pdc.kth.se>
361
362	* version4.c: change log strings to match the v5 counterparts
363
364	* mod.c: allow setting kvno
365
366	* kadmind.c: if stdin is not a socket create and listen to sockets
367
368	* kadm_conn.c: socket creation functions
369
370	* util.c (deltat2str): treat 0 and INT_MAX as never
371
3722000-07-08  Assar Westerlund  <assar@sics.se>
373
374	* Makefile.am (INCLUDES): add ../lib/krb5
375	* kadmin_locl.h: add krb5_locl.h (since we just use some stuff
376	from there)
377
3782000-06-07  Assar Westerlund  <assar@sics.se>
379
380	* add-random-users.c: new testing program that adds a number of
381	randomly generated users
382
3832000-04-12  Assar Westerlund  <assar@sics.se>
384
385	* cpw.c (do_cpw_entry): call set_password if no argument is given,
386	it will prompt for the password.
387	* kadmin.c: make help only print the commands that are actually
388	available.
389
3902000-04-03  Assar Westerlund  <assar@sics.se>
391
392	* del_enctype.c (del_enctype): set ignore correctly
393
3942000-04-02  Assar Westerlund  <assar@sics.se>
395
396	* kadmin.c (main): make parse errors a fatal error
397	* init.c (init): create changepw/kerberos with disallow-tgt and
398	pwchange attributes
399
4002000-03-23  Assar Westerlund  <assar@sics.se>
401
402	* util.c (hex2n, parse_des_key): add
403	* server.c (kadmind_dispatch): add kadm_chpass_with_key
404	* cpw.c: add --key
405	* ank.c: add --key
406
4072000-02-16  Assar Westerlund  <assar@sics.se>
408
409	* load.c (doit): check return value from parse_hdbflags2int
410	correctly
411
4122000-01-25  Assar Westerlund  <assar@sics.se>
413
414	* load.c: checking all parsing for errors and all memory
415	allocations also
416
4172000-01-02  Assar Westerlund  <assar@sics.se>
418
419	* server.c: check initial flag in ticket and allow users to change
420	their own password if it's set
421	* ext.c (do_ext_keytab): set timestamp
422
4231999-12-14  Assar Westerlund  <assar@sics.se>
424
425	* del_enctype.c (usage): don't use arg_printusage
426
4271999-11-25  Assar Westerlund  <assar@sics.se>
428
429	* del_enctype.c (del_enctype): try not to leak memory
430
431	* version4.c (kadm_ser_mod): use kadm5_s_modify_principal (no
432 	_with_key)
433
434	* kadmin.c: add `del_enctype'
435
436	* del_enctype.c (del_enctype): new function for deleting enctypes
437	from a principal
438
439	* Makefile.am (kadmin_SOURCES): add del_enctype.c
440
4411999-11-09  Johan Danielsson  <joda@pdc.kth.se>
442
443	* server.c: cope with old clients
444
445	* kadmin_locl.h: remove version string
446
4471999-10-17  Assar Westerlund  <assar@sics.se>
448
449	* Makefile.am (kadmin_LDADD): add LIB_dlopen
450
4511999-10-01  Assar Westerlund  <assar@sics.se>
452
453	* ank.c (add_one_principal): `password' can cactually be NULL in
454 	the overwrite code, check for it.
455
4561999-09-20  Assar Westerlund  <assar@sics.se>
457
458	* mod.c (mod_entry): print the correct principal name in error
459 	messages.  From Love <lha@e.kth.se>
460
4611999-09-10  Assar Westerlund  <assar@sics.se>
462
463	* init.c (init): also create `changepw/kerberos'
464
465	* version4.c: only create you loose packets when we fail decoding
466 	and not when an operation is not performed for some reason
467	(decode_packet): read the service key from the hdb
468	(dispatch, decode_packet): return proper error messages
469
470	* version4.c (kadm_ser_cpw): add password quality functions
471
4721999-08-27  Johan Danielsson  <joda@pdc.kth.se>
473
474	* server.c (handle_v5): give more informative message if
475	KRB5_KT_NOTFOUND
476
4771999-08-26  Johan Danielsson  <joda@pdc.kth.se>
478
479	* kadmind.c: use HDB keytabs
480
4811999-08-25  Assar Westerlund  <assar@sics.se>
482
483	* cpw.c (set_password): use correct variable.  From Love
484 	<lha@e.kth.se>
485
486	* server.c (v5_loop): use correct error code
487
488	* ank.c (add_one_principal): initialize `default_ent'
489
4901999-08-21  Assar Westerlund  <assar@sics.se>
491
492	* random_password.c: new file, stolen from krb4
493
494	* kadmin_locl.h: add prototype for random_password
495
496	* cpw.c: add support for --random-password
497
498	* ank.c: add support for --random-password
499
500	* Makefile.am (kadmin_SOURCES): add random_password.c
501
5021999-08-19  Assar Westerlund  <assar@sics.se>
503
504	* util.c (edit_timet): break when we manage to parse the time not
505 	the inverse.
506
507	* mod.c: add parsing of lots of options.  From Love
508 	<lha@stacken.kth.se>
509
510	* ank.c: add setting of expiration and password expiration
511
512	* kadmin_locl.h: update util.c prototypes
513
514	* util.c: move-around.  clean-up, rename, make consistent (and
515 	some other weird stuff).  based on patches from Love
516 	<lha@stacken.kth.se>
517
518	* version4.c (kadm_ser_cpw): initialize password
519	(handle_v4): remove unused variable `ret'
520
5211999-08-16  Assar Westerlund  <assar@sics.se>
522
523	* version4.c (handle_v4): more error checking and more correct
524 	error messages
525
526	* server.c (v5_loop, kadmind_loop): more error checking and more
527 	correct error messages
528
5291999-07-24  Assar Westerlund  <assar@sics.se>
530
531	* util.c (str2timeval, edit_time): functions for parsing and
532 	editing times.  Based on patches from Love <lha@stacken.kth.se>.
533	(edit_entry): call new functions
534
535	* mod.c (mod_entry): allow modifying expiration times
536
537	* kadmin_locl.h (str2timeval): add prototype
538
539	* ank.c (add_one_principal): allow setting expiration times
540
5411999-07-03  Assar Westerlund  <assar@sics.se>
542
543	* server.c (v5_loop): handle data allocation with krb5_data_alloc
544 	and check return value
545
5461999-06-23  Assar Westerlund  <assar@sics.se>
547
548	* version4.c (kadm_ser_cpw): read the key in the strange order
549 	it's sent
550
551	* util.c (edit_entry): look at default
552	(edit_time): always set mask even if value == 0
553
554	* kadmin_locl.h (edit_entry): update
555
556	* ank.c: make ank use the values of the default principal for
557 	prompting
558
559	* version4.c (values_to_ent): convert key data correctly
560
5611999-05-23  Assar Westerlund  <assar@sics.se>
562
563	* init.c (create_random_entry): more correct setting of mask
564
5651999-05-21  Assar Westerlund  <assar@sics.se>
566
567	* server.c (handle_v5): read sendauth version correctly.
568
5691999-05-14  Assar Westerlund  <assar@sics.se>
570
571	* version4.c (error_code): try to handle really old krb4
572 	distributions
573
5741999-05-11  Assar Westerlund  <assar@sics.se>
575
576	* init.c (init): initialize realm_max_life and realm_max_rlife
577
5781999-05-07  Assar Westerlund  <assar@sics.se>
579
580	* ank.c (add_new_key): initialize more variables
581
5821999-05-04  Assar Westerlund  <assar@sics.se>
583
584	* version4.c (kadm_ser_cpw): always allow a user to change her
585 	password
586	(kadm_ser_*): make logging work
587	clean-up and restructure
588	
589	* kadmin_locl.h (set_entry): add prototype
590
591	* kadmin.c (usage): update usage string
592
593	* init.c (init): new arguments realm-max-ticket-life and
594 	realm-max-renewable-life
595
596	* util.c (edit_time, edit_attributes): don't do anything if it's
597 	already set
598	(set_entry): new function
599
600	* ank.c (add_new_key): new options for setting max-ticket-life,
601 	max-renewable-life, and attributes
602
603	* server.c (v5_loop): remove unused variable
604
605	* kadmin_locl.h: add prototypes
606
607	* version4.c: re-insert krb_err.h and other miss
608
609	* server.c (kadmind_loop): break-up and restructure
610
611	* version4.c: add ACL checks more error code checks restructure
612	
6131999-05-03  Johan Danielsson  <joda@pdc.kth.se>
614
615	* load.c: check for (un-)encrypted keys
616
617	* dump.c: use hdb_print_entry
618	
619	* version4.c: version 4 support
620
621	* Makefile.am: link with krb4
622
623	* kadmin_locl.h: include <sys/un.h>
624
625	* server.c: move from lib/kadm5, and add basic support for krb4
626	kadmin protocol
627
628	* kadmind.c: move recvauth to kadmind_loop()
629