diff options
Diffstat (limited to 'third_party/heimdal/lib/kadm5/ChangeLog')
-rw-r--r-- | third_party/heimdal/lib/kadm5/ChangeLog | 1389 |
1 files changed, 1389 insertions, 0 deletions
diff --git a/third_party/heimdal/lib/kadm5/ChangeLog b/third_party/heimdal/lib/kadm5/ChangeLog new file mode 100644 index 0000000..5016827 --- /dev/null +++ b/third_party/heimdal/lib/kadm5/ChangeLog @@ -0,0 +1,1389 @@ +2008-04-23 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_master.c: Only log "sending AYT" once, pointed out by Dr + A V Le Blanc. + + +2008-01-21 Love Hörnquist Åstrand <lha@it.su.se> + + * default_keys.c: Use hdb_free_keys(). + +2008-01-11 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: add check-cracklib.pl, flush.c, + sample_passwd_check.c + +2007-12-07 Love Hörnquist Åstrand <lha@it.su.se> + + * use hdb_db_dir() and hdb_default_db() + +2007-10-18 Love <lha@stacken.kth.se> + + * init_c.c: We are getting default_client, not client. this way + the user can override the result. + +2007-09-29 Love Hörnquist Åstrand <lha@it.su.se> + + * iprop.8: fix spelling, From Antoine Jacoutt. + +2007-08-16 Love Hörnquist Åstrand <lha@it.su.se> + + * version-script.map: export _kadm5_unmarshal_params, + _kadm5_acl_check_permission + + * version-script.map: export kadm5_log_ symbols. + + * log.c: Unexport the specific log replay operations. + +2007-08-10 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: build sample_passwd_check.la as part of noinst. + + * sample_passwd_check.c: Add missing prototype for check_length(). + +2007-08-07 Love Hörnquist Åstrand <lha@it.su.se> + + * log.c: Sprinkle krb5_set_error_string(). + + * ipropd_slave.c: Provide better error why kadm5_log_replay + failed. + +2007-08-06 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_master.c: - don't push whole database to the new client + every time. - make slaves get the whole new database if they have + a newer log the the master (and thus have them go back in time). + +2007-08-03 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_slave.c: make more sane. + + * ipropd_slave.c: more paranoid check that the log entires are + self consistant + + * log.c (kadm5_log_foreach): check that the postamble contains the + right data. + + * ipropd_master.c: Sprinkle more info about what versions the + master thinks about the client versions. + + * ipropd_master.c: Start the server at the current version, not 0. + +2007-08-02 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_master.c: Add more logging, to figure out what is + happening in the master. + +2007-08-01 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: add version-script for libkadm5srv.la + + * version-script.map: version script fro kadm5 server libary. + + * log.c: only free the orignal entries extentions if there was + any. Bug reported by Peter Meinecke. + + * add configuration for signal file and acl file, let user select + hostname, catch signals and print why we are quiting, make nop + cause one new version, not two + +2007-07-30 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_master.c (send_diffs): make current slave's version + uptodate when diff have been sent. + +2007-07-27 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_slave.c: More comments and some more error checking. + +2007-07-26 Love Hörnquist Åstrand <lha@it.su.se> + + * init_c.c (get_cache_principal): make sure id is reset if we + fail. From Benjamin Bennet. + +2007-07-10 Love Hörnquist Åstrand <lha@it.su.se> + + * context_s.c (find_db_spec): match realm-less as the default + realm. + + * Makefile.am: New library version. + +2007-07-05 Love Hörnquist Åstrand <lha@it.su.se> + + * context_s.c: Use hdb_get_dbinfo to pick up configuration. + ctx->config.realm can be NULL, check for that, from Bjorn S. + +2007-07-04 Love Hörnquist Åstrand <lha@it.su.se> + + * init_c.c: Try harder to use the right principal. + +2007-06-20 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_slave.c: Catch return value from krb5_program_setup. From + Steven Luo. + +2007-05-08 Love Hörnquist Åstrand <lha@it.su.se> + + * delete_s.c: Write log entry after store is successful, rename + out goto statments. + + * randkey_s.c: Write log entry after store is successful. + + * modify_s.c: Write log entry after store is successful. + + * rename_s.c: indent. + + * chpass_s.c: Write log entry after store is successful. + + * create_s.c: Write log entry after store is successful. + +2007-05-07 Love Hörnquist Åstrand <lha@it.su.se> + + * iprop-commands.in: Add default values to make this working + again. + + * iprop-log.c (iprop_replay): create the database with more + liberal mode. + + * log.c: make it slightly more working. + + * iprop-log.8: Document last-version. + + * iprop-log.c: (last_version): print last version of the log. + + * iprop-commands.in: new command last-version: print last version + of the log. + + * log.c (kadm5_log_previous): document assumptions and make less + broken. Bug report from Ronny Blomme. + +2007-02-17 Love Hörnquist Åstrand <lha@it.su.se> + + * admin.h: add support to get aliases + + * get_s.c: add support to get aliases + +2007-02-11 David Love <fx@gnu.org> + + * iprop-log.8: Small fixes, from David Love. + +2006-12-15 Love Hörnquist Åstrand <lha@it.su.se> + + * init_c.c: if the user have a kadmin/admin initial ticket, don't + ask for password, just use the credential instead. + +2006-12-06 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_master.c: Use strcspn to remove \n from string returned + by fgets. From Björn Sandell + +2006-11-30 Love Hörnquist Åstrand <lha@it.su.se> + + * init_c.c (kadm_connect): clear error string before trying to + print a errno, this way we don't pick up a random failure code + +2006-11-20 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_slave.c: Make krb5_get_init_creds_opt_free take a context + argument. + + * init_c.c: Make krb5_get_init_creds_opt_free take a context + argument. + +2006-10-22 Love Hörnquist Åstrand <lha@it.su.se> + + * ent_setup.c: Try to not leak memory. + +2006-10-07 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: split build files into dist_ and noinst_ SOURCES + +2006-08-24 Love Hörnquist Åstrand <lha@it.su.se> + + * get_s.c: Add KRB5_KDB_ALLOW_DIGEST + + * ent_setup.c: Add KRB5_KDB_ALLOW_DIGEST + + * admin.h: Add KRB5_KDB_ALLOW_DIGEST + +2006-06-16 Love Hörnquist Åstrand <lha@it.su.se> + + * check-cracklib.pl: Add password reuse checking. From Harald + Barth. + +2006-06-14 Love Hörnquist Åstrand <lha@it.su.se> + + * ent_setup.c (attr_to_flags): Add KRB5_KDB_ALLOW_KERBEROS4 + + * get_s.c (kadm5_s_get_principal): Add KRB5_KDB_ALLOW_KERBEROS4 + + * admin.h: Add KRB5_KDB_ALLOW_KERBEROS4 + +2006-06-06 Love Hörnquist Åstrand <lha@it.su.se> + + * ent_setup.c (attr_to_flags): Add KRB5_KDB_TRUSTED_FOR_DELEGATION + +2006-05-30 Love Hörnquist Åstrand <lha@it.su.se> + + * password_quality.c (kadm5_check_password_quality): set error + message in context. + +2006-05-13 Love Hörnquist Åstrand <lha@it.su.se> + + * iprop-log.c: Avoid shadowing. + + * rename_s.c: Avoid shadowing. + +2006-05-08 Love Hörnquist Åstrand <lha@it.su.se> + + * privs_c.c (kadm5_c_get_privs): privs is a uint32_t, let copy it + that way. + +2006-05-05 Love Hörnquist Åstrand <lha@it.su.se> + + * Rename u_intXX_t to uintXX_t + +2006-04-27 Love Hörnquist Åstrand <lha@it.su.se> + + * chpass_s.c,delete_s.c,get_s.c,log.c,modify_s.c,randkey_s.c,rename_s.c: + Pass in HDB_F_GET_ANY to all ->hdb fetch to hint what entries we are looking for + + * send_recv.c: set and clear error string + + * rename_s.c: Break out the that we request from principal from + the entry and pass it in as a separate argument. + + * randkey_s.c: Break out the that we request from principal from + the entry and pass it in as a separate argument. + + * modify_s.c: Break out the that we request from principal from + the entry and pass it in as a separate argument. + + * log.c: Break out the that we request from principal from the + entry and pass it in as a separate argument. + + * get_s.c: Break out the that we request from principal from the + entry and pass it in as a separate argument. + + * delete_s.c: Break out the that we request from principal from + the entry and pass it in as a separate argument. + + * chpass_s.c: Break out the that we request from principal from + the entry and pass it in as a separate argument. + +2006-04-25 Love Hörnquist Åstrand <lha@it.su.se> + + * create_s.c (create_principal*): If client doesn't send kvno, + make sure to set it to 1. + +2006-04-10 Love Hörnquist Åstrand <lha@it.su.se> + + * log.c: (kadm5_log_rename): handle errors better + Fixes Coverity, NetBSD CID#628 + + * log.c (kadm5_log_delete): add error handling Coverity, NetBSD + CID#626 + (kadm5_log_modify): add error handling Coverity, NetBSD CID#627 + + * init_c.c (_kadm5_c_get_cred_cache): handle ccache case better in + case no client name was passed in. Coverity, NetBSD CID#919 + + * init_c.c (_kadm5_c_get_cred_cache): Free client principal in + case of error. Coverity NetBSD CID#1908 + +2006-02-02 Love Hörnquist Åstrand <lha@it.su.se> + + * kadm5_err.et: (PASS_REUSE): Spelling, + from Václav H?la <ax@natur.cuni.cz> + +2006-01-25 Love Hörnquist Åstrand <lha@it.su.se> + + * send_recv.c: Clear error-string when introducing new errors. + + * *_c.c: Clear error-string when introducing new errors. + +2006-01-15 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am (libkadm5clnt.la) doesn't depend on libhdb, remove + dependency + +2005-12-13 Love Hörnquist Åstrand <lha@it.su.se> + + * memset hdb_entry_ex before use + +2005-12-12 Love Hörnquist Åstrand <lha@it.su.se> + + * Wrap hdb_entry with hdb_entry_ex, patch originally + from Andrew Bartlet + +2005-11-30 Love Hörnquist Åstrand <lha@it.su.se> + + * context_s.c (set_field): try another way to calculate the path + to the database/logfile/signal-socket + + * log.c (kadm5_log_init): set error string on failures + +2005-09-08 Love Hörnquist Åstrand <lha@it.su.se> + + * Constify password. + + * admin.h: Add KRB5_TL_PKINIT_ACL. + + * marshall.c (_kadm5_unmarshal_params): avoid signed-ness warnings + + * get_s.c (kadm5_s_get_principal): clear error string + +2005-08-25 Love Hörnquist Åstrand <lha@it.su.se> + + * iprop-log.8: More text about iprop-log. + +2005-08-24 Love Hörnquist Åstrand <lha@it.su.se> + + * iprop.8: SEE ALSO iprop-log. + + * Makefile.am: man_MANS += iprop-log.8 + + * iprop-log.8: Basic for documentation of iprop-log. + + * remove replay_log.c, dump_log.c, and truncate_log.c, folded into + iprop-log. + + * log.c (kadm5_log_foreach): add a context variable and pass it + down to `func´. + + * iprop-commands.in: Move truncate_log and replay_log into + iprop-log. + + * iprop-log.c: Move truncate_log and replay_log into iprop-log. + + * Makefile.am: Move truncate_log and replay_log into iprop-log. + + * Makefile.am: Make this work with a clean directory. + + * ipropd_master.c: Make compile. + + * ipropd_master.c: Update to new signature of kadm5_log_previous. + + * log.c (kadm5_log_previous): catch errors instead of asserting + and set error string. + + * iprop-commands.in: New program iprop-log that incorperates + dump_log as a subcommand, truncate_log and replay_log soon to come + after. + + * iprop-log.c: New program iprop-log that incorperates dump_log as + a subcommand, truncate_log and replay_log soon to come after. + + * Makefile.am: New program iprop-log that incorperates dump_log as + a subcommand, truncate_log and replay_log soon to come after. + +2005-08-11 Love Hörnquist Åstrand <lha@it.su.se> + + * get_s.c: Implement KADM5_LAST_PWD_CHANGE. + + * set_keys.c: Set and clear password where appropriate. + + * randkey_s.c: Operation modifies tl_data. + + * log.c (kadm5_log_replay_modify): Check return values of + malloc(), replace all extensions. + + * kadm5_err.et: Make BAD_TL_TYPE error more helpful. + + * get_s.c: Expose KADM5_TL_DATA options to the client. + + * ent_setup.c: Merge in KADM5_TL_DATA in the database. + + * chpass_s.c: Operations modify extensions, mark that with + TL_DATA. + + * admin.h: Add more TL types (password and extension). + +2005-06-17 Love Hörnquist Åstrand <lha@it.su.se> + + * constify + + * ipropd_slave.c: avoid shadowing + + * ipropd_master.c: rename local variable slave to s, optind -> + optidx + + * get_princs_c.c: rename variable exp to expression + + * ad.c: rename variable exp to expression + + * log.c: rename shadowing len to num + + * get_princs_s.c: rename variable exp to expression + + * context_s.c: const poison + + * common_glue.c: rename variable exp to expression + +2005-05-30 Love Hörnquist Åstrand <lha@it.su.se> + + * ent_setup.c (attr_to_flags): check for KRB5_KDB_OK_AS_DELEGATE + + * get_s.c (kadm5_s_get_principal): set KRB5_KDB_OK_AS_DELEGATE + + * admin.h: add KRB5_KDB_OK_AS_DELEGATE, sync KRB5_TL_ flags + +2005-05-25 Love Hörnquist Åstrand <lha@it.su.se> + + * kadm5_pwcheck.3: please mdoclint + +2005-05-25 Dave Love <fx@gnu.org> + + * kadm5_pwcheck.3: document kadm5_add_passwd_quality_verifier, + improve text + +2005-05-24 Dave Love <fx@gnu.org> + + * iprop.8: Added some info about defaults, fixed some markup. + +2005-05-23 Dave Love <fx@gnu.org> + + * ipropd_slave.c: Don't test HAVE_DAEMON since roken supplies it. + + * ipropd_master.c: Don't test HAVE_DAEMON since roken supplies it. + +2005-05-13 Love Hörnquist Åstrand <lha@it.su.se> + + * init_c.c (_kadm5_c_init_context): fix memory leak in case of + failure + +2005-05-09 Dave Love <fx@gnu.org> + + * password_quality.c (find_func): Fix off-by-one and logic error. + (external_passwd_quality): Improve messages. + + * test_pw_quality.c (main): Call kadm5_setup_passwd_quality_check + and kadm5_add_passwd_quality_verifier. + +2005-04-30 Love Hörnquist Åstrand <lha@it.su.se> + + * default_keys.c: #include <err.h>, only print salt it its longer + then 0, use krb5_err instead of errx where appropriate + +2005-04-25 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_slave.c: add the documented option --port + + * ipropd_master.c: add the documented option --port + + * dump_log.c: use the newly generated units function + +2005-04-24 Love Hörnquist Åstrand <lha@it.su.se> + + * dump_log.c: use strlcpy + + * password_quality.c: don't use sizeof(pointer) + +2005-04-15 Love Hörnquist Åstrand <lha@it.su.se> + + * check-cracklib.pl: external password verifier sample + + * password_quality.c (kadm5_add_passwd_quality_verifier): if NULL + is passed in, load defaults + +2005-04-14 Love Hörnquist Åstrand <lha@it.su.se> + + * password_quality.c: add an end tag to the external password + quality check protocol + +2005-04-13 Love Hörnquist Åstrand <lha@it.su.se> + + * password_quality.c: add external passsword quality check builtin + module + + [password_quality] + policies = external-check + external-program = /bin/false + + To approve password a, make the test program return APPROVED on + stderr and fail with exit code 0. + +2004-10-12 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: bump version to 7:7:0 and 6:5:2 + + * default_keys.c (parse_file): use hdb_generate_key_set + + * keys.c,set_keys.c: Move keyset parsing and password based keyset + generation into hdb. Requested by Andrew Bartlett <abartlet@samba.org> + for hdb-ldb backend. + +2004-09-23 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_master.c: add help strings to some options + +2004-09-12 Love Hörnquist Åstrand <lha@it.su.se> + + * chpass_s.c: deal with changed prototype for _kadm5_free_keys + + * keys.c (_kadm5_free_keys): change prototype, make it use + krb5_context instead of a kadm5_server_context + + * set_keys.c (parse_key_set): do way with static returning + (function) static variable and returned allocated memory + (_kadm5_generate_key_set): free enctypes returned by parse_key_set + +2004-09-06 Love Hörnquist Åstrand <lha@it.su.se> + + * set_keys.c: Fix memory leak, don't return stack variables From + Andrew Bartlett + + * set_keys.c: make all_etypes const and move outside function to + avoid returning data on stack + +2004-08-26 Love Hörnquist Åstrand <lha@it.su.se> + + * acl.c (fetch_acl): use " \t\n" instead of just "\n" for the + delim of the third element, this is so we can match + "foo@REALM<SPC>all<SPC><SPC>*@REALM", before it just matched + "foo@REALM<SPC>all<SPC>*@REALM", but that is kind of lucky since + what really happen was that the last <SPC> was stamped out, and + the it never strtok_r never needed to parse over it. + +2004-08-25 Love Hörnquist Åstrand <lha@it.su.se> + + * set_keys.c (_kadm5_generate_key_set): since arcfour-hmac-md5 is + without salting, some people tries to add the string + "arcfour-hmac-md5" when they really should have used + "arcfour-hmac-md5:pw-salt", help them and add glue for that + +2004-08-18 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_slave.c: add --detach + +2004-07-06 Love Hörnquist Åstrand <lha@it.su.se> + + * ad.c: use new tsasl interface remove debug printf add upn to + computer-accounts + +2004-06-28 Love Hörnquist Åstrand <lha@it.su.se> + + * ad.c: implement kadm5_ad_init_with_password_ctx set more error + strings + +2004-06-21 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: man_MANS = kadm5_pwcheck.3 + + * kadm5_pwcheck.3: document new password quality api + + * password_quality.c: new password check interface (old still + supported) + + * kadm5-pwcheck.h: new password check interface + +2004-06-08 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_master.c (main): process all slaves, not just up to the + last slave sending data + (bug report from Björn Sandell <biorn@dce.chalmers.se>) + (*): only send one ARE_YOU_THERE + +2004-06-02 Love Hörnquist Åstrand <lha@it.su.se> + + * ad.c: use krb5_set_password_using_ccache + +2004-06-01 Love Hörnquist Åstrand <lha@it.su.se> + + * ad.c: try handle spn's better + +2004-05-31 Love Hörnquist Åstrand <lha@it.su.se> + + * ad.c: add expiration time + + * ad.c: add modify operations + + * ad.c: handle create and delete + +2004-05-27 Love Hörnquist Åstrand <lha@it.su.se> + + * ad.c: more code for get, handle attributes + + * ad.c: more code for get, handle time stamps and bad password + counter + + * ad.c: more code for get, only fetches kvno for now + +2004-05-26 Love Hörnquist Åstrand <lha@it.su.se> + + * ad.c: add support for tsasl + + * private.h: add kadm5_ad_context + + * ipropd_master.c (prop_one): store the opcode in the begining of + the blob, not the end + + * ad.c: try all ldap servers in dns, generate a random password, + base64(random_block(64)), XXX must make it support other then + ARCFOUR + + * ad.c: framework for windows AD backend + +2004-03-07 Love Hörnquist Åstrand <lha@it.su.se> + + * create_s.c (kadm5_s_create_principal): remove old XXX command + and related code, _kadm5_set_keys will do all this now + +2004-02-29 Love Hörnquist Åstrand <lha@it.su.se> + + * set_keys.c (_kadm5_set_keys_randomly): make sure enctype to copy + enctype for des keys From: Andrew Bartlett <abartlet@samba.org> + + * create_s.c (kadm5_s_create_principal_with_key): don't call + _kadm5_set_keys2, create_principal will do that for us. Set kvno + to 1. + + * chpass_s.c (change): bump kvno + (kadm5_s_chpass_principal_with_key): bump kvno + + * randkey_s.c (kadm5_s_randkey_principal): bump kvno + + * set_keys.c (_kadm5_set_*): don't change the kvno, let the callee + to that + +2003-12-30 Love Hörnquist Åstrand <lha@it.su.se> + + * chpass_s.c (change): fix same-password-again by decrypting keys + and setting an error code From: Buck Huppmann <buckh@pobox.com> + +2003-12-21 Love Hörnquist Åstrand <lha@it.su.se> + + * init_c.c (_kadm5_c_init_context): catch errors from strdup and + other krb5_ functions + +2003-12-08 Love Hörnquist Åstrand <lha@it.su.se> + + * rename_s.c (kadm5_s_rename_principal): allow principal to change + realm From Panasas Inc + +2003-12-07 Love Hörnquist Åstrand <lha@it.su.se> + + * destroy_c.c (kadm5_c_destroy): fix memory leaks, From Panasas, + Inc + +2003-11-23 Love Hörnquist Åstrand <lha@it.su.se> + + * iprop.h: don't include <krb5-private.h> + + * ipropd_slave.c: stop using krb5 lib private byte-frobbing + functions and replace them with with krb5_storage + + * ipropd_master.c: stop using krb5 lib private byte-frobbing + functions and replace them with with krb5_storage + +2003-11-19 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_slave.c (receive_loop): when seeking over the entries we + already have, skip over the trailer. From: Jeffrey Hutzelman + <jhutz@cmu.edu> + + * dump_log.c,ipropd_master.c,ipropd_slave.c, + replay_log.c,truncate_log.c: parse kdc.conf + From: Jeffrey Hutzelman <jhutz@cmu.edu> + +2003-10-10 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: += test_pw_quality + + * test_pw_quality.c: test program for verifying password quality + function + +2003-09-03 Love Hörnquist Åstrand <lha@it.su.se> + + * Makefile.am: add and enable check program default_keys + + * default_keys.c: test program for _kadm5_generate_key_set + + * init_c.c: use + krb5_get_init_creds_opt_alloc/krb5_get_init_creds_opt_free + +2003-08-17 Love Hörnquist Åstrand <lha@it.su.se> + + * set_keys.c (_kadm5_set_keys_randomly): remove dup return + + * ipropd_master.c (main): make sure current_version is initialized + +2003-08-15 Love Hörnquist Åstrand <lha@it.su.se> + + * set_keys.c: use default_keys for the both random keys and + password derived keys if its defined + +2003-07-24 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_slave.c (receive_everything): switch close and rename + From: Alf Wachsmann <alfw@SLAC.Stanford.EDU> + +2003-07-03 Love Hörnquist Åstrand <lha@it.su.se> + + * iprop.h, ipropd_master.c, ipropd_slave.c: + Add probing from the server that the client is still there, also + make the client check that the server is probing. + +2003-07-02 Love Hörnquist Åstrand <lha@it.su.se> + + * truncate_log.c (main): add missing ``if (ret)'' + +2003-06-26 Love Hörnquist Åstrand <lha@it.su.se> + + * set_keys.c (make_keys): add AES support + + * set_keys.c: fix off by one in the aes case, pointed out by Ken + Raeburn + +2003-04-30 Love Hörnquist Åstrand <lha@it.su.se> + + * set_keys.c (_kadm5_set_keys_randomly): add + ETYPE_AES256_CTS_HMAC_SHA1_96 key when configuried with aes + support + +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * send_recv.c: check return values from krb5_data_alloc + * log.c: check return values from krb5_data_alloc + +2003-04-16 Love Hörnquist Åstrand <lha@it.su.se> + + * dump_log.c (print_entry): check return values from + krb5_data_alloc + +2003-04-01 Love Hörnquist Åstrand <lha@it.su.se> + + * init_c.c (kadm_connect): if a context realm was passed in, use + that to form the kadmin/admin principal + +2003-03-19 Love Hörnquist Åstrand <lha@it.su.se> + + * ipropd_master.c (main): make sure we don't consider dead slave + for select processing + (write_stats): use slave_stats_file variable, + check return value of strftime + (args): allow specifying slave stats file + (slave_dead): close the fd when the slave dies + +2002-10-21 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_slave.c (from Derrick Brashear): Propagating a large + database without this means the slave kdcs can get erroneous + HDB_NOENTRY and return the resulting errors. This creates a new db + handle, populates it, and moves it into place. + +2002-08-26 Assar Westerlund <assar@kth.se> + + * ipropd_slave.c (receive_everything): type-correctness calling + _krb5_get_int + + * context_s.c (find_db_spec): const-correctness in parameters to + krb5_config_get_next + +2002-08-16 Johan Danielsson <joda@pdc.kth.se> + + * private.h: rename header file flag macro + + * Makefile.am: generate kadm5-{protos,private}.h + +2002-08-15 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_master.c: check return value of krb5_sockaddr2address + +2002-07-04 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_master.c: handle slaves that come and go; add status + reporting (both from Love) + + * iprop.h: KADM5_SLAVE_STATS + +2002-03-25 Jacques Vidrine <n@nectar.com> + + * init_c.c (get_cred_cache): bug fix: the default credentials + cache was not being used if a client name was specified. + +2002-03-25 Johan Danielsson <joda@pdc.kth.se> + + * init_c.c (get_cred_cache): when getting the default_client from + the cred cache, make sure the instance part is "admin"; this + should require fewer uses of -p + +2002-03-11 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:5:0 + (libkadm5clnt_la_LDFLAGS): set version to 6:3:2 + +2002-02-08 Johan Danielsson <joda@pdc.kth.se> + + * init_c.c: we have to create our own param struct before + marshaling + +2001-09-05 Johan Danielsson <joda@pdc.kth.se> + + * Makefile.am: link with LIB_pidfile + + * iprop.h: include util.h for pidfile + +2001-08-31 Assar Westerlund <assar@sics.se> + + * ipropd_slave.c (main): syslog with the correct name + +2001-08-30 Jacques Vidrine <n@nectar.com> + + * ipropd_slave.c, ipropd_master.c (main): call pidfile + +2001-08-28 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 7:4:0 + +2001-08-24 Assar Westerlund <assar@sics.se> + + * acl.c (fetch_acl): do not return bogus flags and re-organize + function + + * Makefile.am: rename variable name to avoid error from current + automake + +2001-08-13 Johan Danielsson <joda@pdc.kth.se> + + * set_keys.c: add easier afs configuration, defaulting to the + local realm in lower case; also try to remove duplicate salts + +2001-07-12 Assar Westerlund <assar@sics.se> + + * Makefile.am: add required library dependencies + +2001-07-03 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 6:2:2 + +2001-06-29 Johan Danielsson <joda@pdc.kth.se> + + * init_c.c: call krb5_get_init_creds_opt_set_default_flags + +2001-02-19 Johan Danielsson <joda@pdc.kth.se> + + * replay_log.c: add --{start-end}-version flags to replay just + part of the log + +2001-02-15 Assar Westerlund <assar@sics.se> + + * ipropd_master.c (main): fix select-loop to decrement ret + correctly. from "Brandon S. Allbery KF8NH" <allbery@ece.cmu.edu> + +2001-01-30 Assar Westerlund <assar@sics.se> + + * Makefile.am: bump versions + +2000-12-31 Assar Westerlund <assar@sics.se> + + * init_s.c (*): handle krb5_init_context failure consistently + * init_c.c (init_context): handle krb5_init_context failure + consistently + +2000-12-11 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:2:0 + +2000-11-16 Assar Westerlund <assar@sics.se> + + * set_keys.c (make_keys): clean-up salting loop and try not to + leak memory + + * ipropd_master.c (main): check for fd's being too large to select + on + +2000-08-16 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5srv_la_LDFLAGS): bump version to 7:1:0 + +2000-08-10 Assar Westerlund <assar@sics.se> + + * acl.c (fetch_acl): fix wrong cases, use krb5_principal_match + +2000-08-07 Assar Westerlund <assar@sics.se> + + * ipropd_master.c (main): ignore SIGPIPE + +2000-08-06 Assar Westerlund <assar@sics.se> + + * ipropd_slave.c (receive_everything): make `fd' an int instead of + a pointer. From Derrick J Brashear <shadow@dementia.org> + +2000-08-04 Johan Danielsson <joda@pdc.kth.se> + + * admin.h: change void** to void* + +2000-07-25 Johan Danielsson <joda@pdc.kth.se> + + * Makefile.am: bump versions to 7:0:0 and 6:0:2 + +2000-07-24 Assar Westerlund <assar@sics.se> + + * log.c (kadm5_log_get_version): rename kadm5_log_get_version_fd + and make a new that takes a context + (kadm5_log_nop): add logging of missing lengths + (kadm5_log_truncate): new function + + * dump_log.c (print_entry): update and correct + * randkey_s.c: call _kadm5_bump_pw_expire + * truncate_log.c: new program for truncating the log + * Makefile.am (sbin_PROGRAMS): add truncate_log + (C_SOURCES): add bump_pw_expire.c + * bump_pw_expire.c: new function for extending password expiration + +2000-07-22 Assar Westerlund <assar@sics.se> + + * keys.c: new file with _kadm5_free_keys, _kadm5_init_keys + + * set_keys.c (free_keys, init_keys): elevate to internal kadm5 + functions + + * chpass_s.c (kadm5_s_chpass_principal_cond): new function + * Makefile.am (C_SOURCES): add keys.c + * init_c.c: remove unused variable and handle some parameters + being NULL + +2000-07-22 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_slave.c: use krb5_read_priv_message + + * ipropd_master.c: use krb5_{read,write}_priv_message + + * init_c.c: use krb5_write_priv_message + +2000-07-11 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_slave.c: no need to call gethostname, since + sname_to_principal will + + * send_recv.c: assert that we have a connected socket + + * get_princs_c.c: call _kadm5_connect + + * rename_c.c: call _kadm5_connect + + * randkey_c.c: call _kadm5_connect + + * privs_c.c: call _kadm5_connect + + * modify_c.c: call _kadm5_connect + + * get_c.c: call _kadm5_connect + + * delete_c.c: call _kadm5_connect + + * create_c.c: call _kadm5_connect + + * chpass_c.c: call _kadm5_connect + + * private.h: add more fields to client context; remove prototypes + + * admin.h: remove prototypes + + * kadm5-protos.h: move public prototypes here + + * kadm5-private.h: move private prototypes here + + * init_c.c: break out connection code to separate function, and + defer calling it until we actually do something + +2000-07-07 Assar Westerlund <assar@sics.se> + + * set_keys.c (make_keys): also support `[kadmin]use_v4_salt' for + backwards compatability + +2000-06-26 Johan Danielsson <joda@pdc.kth.se> + + * set_keys.c (_kadm5_set_keys): rewrite this to be more easily + adaptable to different salts + +2000-06-19 Johan Danielsson <joda@pdc.kth.se> + + * get_s.c: pa_* -> KRB5_PADATA_* + +2000-06-16 Assar Westerlund <assar@sics.se> + + * ipropd_slave.c: change default keytab to default keytab (as in + typically FILE:/etc/krb5.keytab) + +2000-06-08 Assar Westerlund <assar@sics.se> + + * ipropd_slave.c: bug fixes, for actually writing the full dump to + the database. based on a patch from Love <lha@stacken.kth.se> + +2000-06-07 Assar Westerlund <assar@sics.se> + + * acl.c: add support for patterns of principals + * log.c (kadm5_log_replay_create): handle more NULL pointers + (should they really happen?) + * log.c (kadm5_log_replay_modify): handle max_life == NULL and + max_renew == NULL + + * ipropd_master.c: use syslog. be less verbose + * ipropd_slave.c: use syslog + +2000-06-05 Assar Westerlund <assar@sics.se> + + * private.h (kadm_ops): add kadm_nop more prototypes + * log.c (kadm5_log_set_version, kadm5_log_reinit, kadm5_log_nop, + kadm5_log_replay_nop): add + * ipropd_slave.c: and some more improvements + * ipropd_master.c: lots of improvements + * iprop.h (IPROP_PORT, IPROP_SERVICE): add + (iprop_cmd): add new commands + + * dump_log.c: add nop + +2000-05-15 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 5:1:1 + +2000-05-12 Assar Westerlund <assar@sics.se> + + * get_s.c (kadm5_s_get_principal): set life, rlife to INT_MAX as a + fallback. handle not having any creator. + * destroy_s.c (kadm5_s_destroy): free all allocated memory + * context_s.c (set_field): free variable if it's already set + (find_db_spec): malloc space for all strings + +2000-04-05 Assar Westerlund <assar@sics.se> + + * Makefile.am (LDADD): add LIB_openldap + +2000-04-03 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5srv_la_LDFLAGS): set version to 6:0:1 + (libkadm5clnt_la_LDFLAGS): set version to 5:0:1 + +2000-03-24 Assar Westerlund <assar@sics.se> + + * set_keys.c (_kadm5_set_keys2): rewrite + (_kadm5_set_keys3): add + + * private.h (struct kadm_func): add chpass_principal_with_key + * init_c.c (set_funcs): add chpass_principal_with_key + +2000-03-23 Assar Westerlund <assar@sics.se> + + * context_s.c (set_funcs): add chpass_principal_with_key + * common_glue.c (kadm5_chpass_principal_with_key): add + * chpass_s.c: comment-ize and change calling convention for + _kadm5_set_keys* + * chpass_c.c (kadm5_c_chpass_principal_with_key): add + +2000-02-07 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5clnt_la_LDFLAGS): set version to 4:2:0 + +2000-01-28 Assar Westerlund <assar@sics.se> + + * init_c.c (get_new_cache): make sure to request non-forwardable, + non-proxiable + +2000-01-06 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5srv.la): bump version to 5:1:0 + + * context_s.c (_kadm5_s_init_context): handle params == NULL + +1999-12-26 Assar Westerlund <assar@sics.se> + + * get_s.c (kadm5_s_get_principal): handle modified_by->principal + == NULL + +1999-12-20 Assar Westerlund <assar@sics.se> + + * Makefile.am (libkadm5clnt_la_LDFLAGS): bump version to 4:1:0 + + * init_c.c (_kadm5_c_init_context): handle getting back port + number from admin host + (kadm5_c_init_with_context): remove `proto/' part before doing + getaddrinfo() + +1999-12-06 Assar Westerlund <assar@sics.se> + + * Makefile.am: bump version to 5:0:0 and 4:0:0 + + * init_c.c (kadm5_c_init_with_context): don't use unitialized + stuff + +1999-12-04 Assar Westerlund <assar@sics.se> + + * replay_log.c: adapt to changed kadm5_log_foreach + + * log.c (kadm5_log_foreach): change to take a + `kadm5_server_context' + + * init_c.c: use krb5_warn{,x} + + * dump_log.c: adapt to changed kadm5_log_foreach + + * init_c.c: re-write to use getaddrinfo + * Makefile.am (install-build-headers): add dependency + +1999-12-03 Johan Danielsson <joda@pdc.kth.se> + + * log.c (kadm5_log_foreach): pass context + + * dump_log.c: print more interesting things + +1999-12-02 Johan Danielsson <joda@pdc.kth.se> + + * ipropd_master.c (process_msg): check for short reads + +1999-11-25 Assar Westerlund <assar@sics.se> + + * modify_s.c (kadm5_s_modify_principal): support key_data + (kadm5_s_modify_principal_with_key): remove + + * admin.h (kadm5_s_modify_principal_with_key): remove + +1999-11-20 Assar Westerlund <assar@sics.se> + + * context_s.c (find_db_spec): ugly cast work-around. + +1999-11-14 Assar Westerlund <assar@sics.se> + + * context_s.c (_kadm5_s_init_context): call krb5_add_et_list so + that we aren't dependent on the layout of krb5_context_data + * init_c.c (_kadm5_c_init_context): call krb5_add_et_list so that + we aren't dependent on the layout of krb5_context_data + +1999-11-13 Assar Westerlund <assar@sics.se> + + * password_quality.c (kadm5_setup_passwd_quality_check): use + correct types for function pointers + +1999-11-09 Johan Danielsson <joda@pdc.kth.se> + + * randkey_s.c: always bail out if the fetch fails + + * admin.h (kadm5_config_params): remove fields we're not using + + * ipropd_slave.c: allow passing a realm + + * ipropd_master.c: allow passing a realm + + * dump_log.c: allow passing a realm + + * acl.c: correctly get acl file + + * private.h (kadm5_server_context): add config_params struct and + remove acl_file; bump protocol version number + + * marshall.c: marshalling of config parameters + + * init_c.c (kadm5_c_init_with_context): try to cope with old + servers + + * init_s.c (kadm5_s_init_with_context): actually use some passed + values + + * context_s.c (_kadm5_s_init_context): get dbname, acl_file, and + stash_file from the config parameters, try to figure out these if + they're not provided + +1999-11-05 Assar Westerlund <assar@sics.se> + + * Makefile.am (install-build-headers): use `cp' instead of + INSTALL_DATA + +1999-11-04 Assar Westerlund <assar@sics.se> + + * Makefile.am: bump version to 4:0:0 and 3:0:0 (they access fields + directly in libkrb5's context - bad functions) + + * set_keys.c (_kadm5_set_keys_randomly): set enctypes correctly in + the copied keys + +1999-10-20 Assar Westerlund <assar@sics.se> + + * Makefile.am: set version of kadm5srv to 3:0:2 (new password + quality functions). + set version of kdam5clnt to 2:1:1 (no interface changes) + + * Makefile.am (LDADD): add $(LIB_dlopen) + +1999-10-17 Assar Westerlund <assar@sics.se> + + * randkey_s.c (kadm5_s_randkey_principal): use + _kadm5_set_keys_randomly + + * set_keys.c (free_keys): free more memory + (_kadm5_set_keys): a little bit more generic + (_kadm5_set_keys_randomly): new function for setting random keys. + +1999-10-14 Assar Westerlund <assar@sics.se> + + * set_keys.c (_kadm5_set_keys): ignore old keys when setting new + ones and always add 3 DES keys and one 3DES key + +1999-10-03 Assar Westerlund <assar@sics.se> + + * init_c.c (_kadm5_c_init_context): use `krb5_get_krb_admin_hst'. + check return value from strdup + +1999-09-26 Assar Westerlund <assar@sics.se> + + * acl.c (_kadm5_privs_to_string): forgot one strcpy_truncate -> + strlcpy + +1999-09-24 Johan Danielsson <joda@pdc.kth.se> + + * dump_log.c: remove unused `optind' + + * replay_log.c: remove unused `optind' + +1999-09-13 Assar Westerlund <assar@sics.se> + + * chpass_c.c (kadm5_c_chpass_principal): new _kadm5_client_recv + + * send_recv.c (_kadm5_client_recv): return result in a `krb5_data' + so that we avoid copying it and don't need to dimension in + advance. change all callers. + +1999-09-10 Assar Westerlund <assar@sics.se> + + * password_quality.c: new file + + * admin.h + (kadm5_setup_passwd_quality_check,kadm5_check_password_quality): + add prototypes + + * Makefile.am (S_SOURCES): add password_quality.c + +1999-07-26 Assar Westerlund <assar@sics.se> + + * Makefile.am: update versions to 2:0:1 + +1999-07-24 Assar Westerlund <assar@sics.se> + + * ent_setup.c (_kadm5_setup_entry): make princ_expire_time == 0 + and pw_expiration == 0 mean never + +1999-07-22 Assar Westerlund <assar@sics.se> + + * log.c (kadm5_log_flush): extra cast + +1999-07-07 Assar Westerlund <assar@sics.se> + + * marshall.c (store_principal_ent): encoding princ_expire_time and + pw_expiration in correct order + +1999-06-28 Assar Westerlund <assar@sics.se> + + * randkey_s.c (kadm5_s_randkey_principal): nuke old mkvno, + otherwise hdb will think that the new random keys are already + encrypted which will cause lots of confusion later. + +1999-06-23 Assar Westerlund <assar@sics.se> + + * ent_setup.c (_kadm5_setup_entry): handle 0 == unlimited + correctly. From Michal Vocu <michal@karlin.mff.cuni.cz> + +1999-06-15 Assar Westerlund <assar@sics.se> + + * init_c.c (get_cred_cache): use get_default_username + +1999-05-23 Assar Westerlund <assar@sics.se> + + * create_s.c (create_principal): if there's no default entry the + mask should be zero. + +1999-05-21 Assar Westerlund <assar@sics.se> + + * init_c.c (get_cred_cache): use $USERNAME + +1999-05-17 Johan Danielsson <joda@pdc.kth.se> + + * init_c.c (get_cred_cache): figure out principal + +1999-05-05 Johan Danielsson <joda@pdc.kth.se> + + * send_recv.c: cleanup _kadm5_client_{send,recv} + +1999-05-04 Assar Westerlund <assar@sics.se> + + * set_keys.c (_kadm5_set_keys2): don't check the recently created + memory for NULL pointers + + * private.h (_kadm5_setup_entry): change prototype + + * modify_s.c: call new _kadm5_setup_entry + + * ent_setup.c (_kadm5_setup_entry): change so that it takes three + masks, one for what bits to set and one for each of principal and + def containing the bits that are set there. + + * create_s.c: call new _kadm5_setup_entry + + * create_s.c (get_default): check return value + (create_principal): send wider mask to _kadm5_setup_entry + +1999-05-04 Johan Danielsson <joda@pdc.kth.se> + + * send_recv.c (_kadm5_client_recv): handle arbitrarily sized + packets, check for errors + + * get_c.c: check for failure from _kadm5_client_{send,recv} + +1999-05-04 Assar Westerlund <assar@sics.se> + + * init_c.c (get_new_cache): don't abort when interrupted from + password prompt + + * destroy_c.c (kadm5_c_destroy): check if we should destroy the + auth context + +1999-05-03 Johan Danielsson <joda@pdc.kth.se> + + * chpass_s.c: fix arguments to _kadm5_set_keys2 + + * private.h: proto + + * set_keys.c: clear mkvno + + * rename_s.c: add flags to fetch and store; seal keys before + logging + + * randkey_s.c: add flags to fetch and store; seal keys before + logging + + * modify_s.c: add flags to fetch and store; seal keys before + logging + + * log.c: add flags to fetch and store; seal keys before logging + + * get_s.c: add flags to fetch and store; seal keys before logging + + * get_princs_s.c: add flags to fetch and store; seal keys before + logging + + * delete_s.c: add flags to fetch and store; seal keys before + logging + + * create_s.c: add flags to fetch and store; seal keys before + logging + + * chpass_s.c: add flags to fetch and store; seal keys before + logging + + * Makefile.am: remove server.c + + * admin.h: add prototypes + + * ent_setup.c (_kadm5_setup_entry): set key_data + + * set_keys.c: add _kadm5_set_keys2 to sey keys from key_data + + * modify_s.c: add kadm5_s_modify_principal_with_key + + * create_s.c: add kadm5_s_create_principal_with_key + + * chpass_s.c: add kadm5_s_chpass_principal_with_key + + * kadm5_locl.h: move stuff to private.h + + * private.h: move stuff from kadm5_locl.h + |