+2003-04-01 Nalin Dahyabhai <nalin@redhat.com>
+
+ * heuristic.c (get_closest_principal): Don't try to examine
+ principal name components after the last.
+ * krb_auth_su.c (get_best_principal): Check principal name length
+ before examining components.
+
+2002-12-23 Ezra Peisach <epeisach@bu.edu>
+
+ * authorization.c, heuristic.c, ksu.h: Use uid_t instead of int in
+ arguments to fowner() and get_best_princ_for_target(). Signed
+ vs. unsigned int cleanup.
+
+2002-08-29 Ken Raeburn <raeburn@mit.edu>
+
+ * Makefile.in: Revert $(S)=>/ change, for Windows support.
+
+2002-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * Makefile.in: Change $(S)=>/ and $(U)=>.. globally.
+
+2002-08-14 Jen Selby <jenselby@mit.edu>
+
+ * main.c: updated the usage function
+
+2002-06-25 Ken Raeburn <raeburn@mit.edu>
+
+ * Makefile.in (ksu): Don't use krb5util library.
+
+2002-06-21 Ezra Peisach <epeisach@bu.edu>
+
+ * ccache.c (printtime): Do not assume that krb5_timestamp and
+ time_t are the same size as an argument to localtime.
+
+ * heuristic.c (get_authorized_princ_names): If .k5login file
+ exists but is not owned by the user, do not attempt to fclose an
+ uninitialized FILE *.
+
+2001-10-30 Ezra Peisach <epeisach@mit.edu>
+
+ * main.c (main): Do not pass LOG_AUTH facility into openlog() as a
+ logopt.
+
+2001-10-18 Ken Raeburn <raeburn@mit.edu>
+
+ Don't crash if .k[5]login file ownership is wrong. Patch from
+ Emily Ratliff, ratliff@austin.ibm.com.
+ * authorization.c (fowner): Don't close the file even on error.
+ (krb5_authorization): Close the file if fowner returns FALSE.
+
+2001-10-09 Ken Raeburn <raeburn@mit.edu>
+
+ * authorization.c, heuristic.c, krb_auth_su.c, ksu.h, main.c: Make
+ prototypes unconditional.
+
+2001-10-07 Mitchell Berger <mitchb@mit.edu>
+
+ * krb_auth_su.c: Fix a call to plain_dump_principal() that had the
+ wrong number of arguments but was only compiled if GET_TGT_VIA_PASSWD
+ wasn't defined.
+
+2001-09-16 Mitchell Berger <mitchb@mit.edu>
+
+ * ksu.M: Correct a few typos.
+
+2001-07-23 Ezra Peisach <epeisach@mit.edu>
+
+ * setenv.c: Include stdlib.h, provide prototypes for setenv and
+ unsetenv before declaration.
+
+2001-06-26 Ezra Peisach <epeisach@mit.edu>
+
+ * authorization.c (find_first_cmd_that_exists): Change xmalloc()
+ to xcalloc() where was intented in code (two arguments to xmalloc).
+
+ * ksu.h: Provide full prototypes for xmalloc(), xrealloc(),
+ xcalloc(), and xstrdup().
+
+2001-06-21 Ezra Peisach <epeisach@mit.edu>
+
+ * main.c (get_params): Change optind to optindex to prevent
+ shadowing.
+
+2001-06-18 Ezra Peisach <epeisach@mit.edu>
+
+ * main.c (main): Cast arguments to print_status to be consitant
+ with format string.
+
+2001-06-11 Ezra Peisach <epeisach@mit.edu>
+
+ * setenv.c: Add prototype for _findenv to avoid inconsistancy of
+ static vs. extern.
+
+ * heuristic.c (find_either_ticket): Change krb5_tgtname() to
+ ksu_tgtname().
+
+ * ccache.c: Include <sys/types.h> and <sys/stat.h> for start()
+ prototype.
+
+ * krb_auth_su.c: Reindent for readability. Remove defunct
+ code. Change use of krb5_tgtname to ksu_tgtname().
+
+ * ksu.h: Include k5-util.h for krb5_seteuid() prototype. Add
+ prototype for ksu_tgtname. Add prototype for unsetenv() if not
+ defined.
+
+ * main.c: Include grp.h for initgroups() prototype. Cleanup
+ assignment in conditional warning. Reindent for
+ readability. Arguments to print_status made consistant with regard
+ to long vs. int. Change krb5_tgtname to ksu_tgtname. (do not use
+ an internal krb5 function that is not advertised).
+
+2001-06-05 Ezra Peisach <epeisach@mit.edu>
+
+ * authorization.c, heuristic.c, krb_auth_su.c, main.c, setenv.c:
+ Cleanup assignments in conditionals.
+
+2001-04-03 Tom Yu <tlyu@mit.edu>
+
+ * setenv.c: Add conditionals for compilation of setenv, unsetenv,
+ and getenv such that they only get compiled if they don't already
+ exist. [pullup from krb5-1-2-2-branch]
+
+2000-10-17 Ezra Peisach <epeisach@mit.edu>
+
+ * krb_auth_su.c (krb5_get_tkt_via_passwd): Argument to
+ krb5_read_password now takes an unsigned int.
+
+2000-10-03 Ezra Peisach <epeisach@mit.edu>
+
+ * ccache.c, heuristic.c, main.c: Return of krb5_cc_get_name() is
+ const char *.
+
+2000-05-22 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in (OBJS): Put @SETENVOBJ@ on same line as xmalloc.o to
+ avoid trailing backslash on the end of the variable.
+
+2000-05-15 Ken Raeburn <raeburn@mit.edu>
+
+ * ccache.c (krb5_ccache_copy): Modify conditionalized code block
+ slightly to make automatic indentation work better.
+
+ * main.c (main): Complain and quit if prog_name is longer than 50
+ characters.
+
+2000-04-26 Ken Raeburn <raeburn@mit.edu>
+ Nalin Dahyabhai <nalin@redhat.com>
+
+ * main.c (DEBUG): Don't define.
+ (usage): Remove -C option from description.
+ (sweep_up): Deleted second argument; all callers changed.
+ (main): Support -D option only if DEBUG is defined. Initialize
+ ruid on entry. Set effective uid to ruid before processing
+ argument list. Removed -C option from -z/-Z conflict messages.
+ Report errors trying to stat source ccache using com_err. Verify
+ that getpwuid's returned data for source user has correct uid.
+ Eliminate use_source_cache variable.
+
+ * ksu.M: Updates for removal of -C option.
+
+2000-01-27 Ken Raeburn <raeburn@mit.edu>
+
+ * main.c (print_status): Now static. Add format attribute if
+ using GNU C.
+
+1999-12-02 Ken Raeburn <raeburn@mit.edu>
+
+ * krb_auth_su.c (krb5_get_tkt_via_passwd): Check length of
+ principal name before copying to fixed-size buffer.
+
+ * ccache.c (krb5_ccache_filter): Fix speling error.
+ (krb5_get_login_princ): Check length of home directory pathname.
+
+ * setenv.c: New file, copied from appl/bsd.
+ * Makefile.in (OBJS): Add @SETENVOBJ@.
+ (SRCS): Add setenv.c.
+
+ * xmalloc.c: New file, providing versions of malloc, calloc,
+ realloc, and strdup that print messages and exit if memory
+ allocation fails.
+ * ksu.h (xmalloc, xrealloc, xcalloc, xstrdup): Declare.
+ * Makefile.in (SRCS, OBJS): Use it.
+ * authorization.c, ccache.c, heuristic.c, main.c: Change all calls
+ to malloc, calloc, realloc, and strdup to call x* versions if the
+ return value is not checked before use.
+
+ * authorization.c (auth_cleanup): Ditch int arguments, check for
+ null pointers instead.
+ (krb5_authorization): Update calls. Initialize file pointers to
+ null.
+ (init_auth_names): Check for buffer overflow.
+ (fcmd_resolve): Ensure enough buffer space is allocated.
+ (find_first_cmd_that_exists): Likewise. Use strcat instead of
+ sprintf'ing a buffer into itself.
+
+ * krb_auth_su.c (dump_principal, plain_dump_principal): Reformat
+ slightly.
+
+ * main.c (cc_source_tag, cc_source_tag_tmp): Now point to const.
+ (main): Unset environment variable KRB5_CONFIG. Delete -C
+ option. Force an error if lifetime strings are over 14
+ characters. Fix error message string if setluid fails. Cast pid
+ to long for printing. Call krb5_init_secure_context instead of
+ krb5_init_context and krb5_secure_config_files.
+ (main): Fix speling error.
+ (ontty): Check string size.
+ (get_dir_of_file): Argument now points to const.
+ * ksu.h (get_dir_of_file): Update declaration.
+
+1999-10-26 Wilfredo Sanchez <tritan@mit.edu>
+
+ * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
+ LOCAL_INCLUDES such that one can override CFLAGS from the command
+ line without losing CPP search patchs and defines. Some associated
+ Makefile cleanup.
+
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * heuristic.c (find_ticket): Use flag KRB5_TC_SUPPORTED_KTYPES
+ when calling krb5_cc_retrieve_cred.
+ * krb_auth_su.c (krb5_auth_check, krb5_fast_auth): Ditto.
+
+Fri Mar 12 18:52:18 1999 Tom Yu <tlyu@mit.edu>
+
+ * main.c (main): Fix cleanup code for setluid() failure.
+
+Thu Mar 4 18:46:55 1999 Tom Yu <tlyu@mit.edu>
+
+ * heuristic.c (get_authorized_princ_names): Fix to not call
+ list_union() if cmd is NULL, otherwise freed memory gets
+ referenced. [krb5-clients/698]
+
+Thu Feb 18 22:26:30 1999 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in (ksu): Add $(KSU_LIBS) in case we need -lsecurity.
+
+ * main.c (main): Add call to setluid() on systems that have it.
+
+1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * Makefile.in: Set the myfulldir and mydir variables (which are
+ relative to buildtop and thisconfigdir, respectively.)
+
+1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * main.c (main): POSIX states that getopt returns -1 when it
+ is done parsing options, not EOF.
+
+Wed Feb 18 15:44:15 1998 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in: Remove trailing slash from thisconfigdir. Fix up
+ BUILDTOP for new conventions.
+
+Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
+
+Wed Feb 4 20:46:49 1998 Tom Yu <tlyu@mit.edu>
+
+ * krb_auth_su.c (krb5_verify_tkt_def): If using a pre-existing
+ credential cache, ensure that the host ticket has not yet
+ expired. Patch from vwelch@ncsa.uiuc.edu [krb5-clients/545].
+
+Mon Jan 27 16:56:07 1997 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in:
+ * configure.in: Update to new program build procedure.
+
+Sun Nov 10 20:10:53 1996 Sam Hartman <hartmans@mit.edu>
+
+ * krb_auth_su.c (path_passwd;): If you don't have a srvtab, always
+ fail.
+
+Thu Nov 7 15:41:19 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * main.c (main): Check the error return from
+ krb5_init_context(), and print an error message if
+ necessary.
+
+Wed Sep 18 15:54:41 1996 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * krb_auth_su.c (krb5_get_tkt_via_passwd): Remove call to
+ krb5_os_localaddr(), since get_in_tkt will default correctly.
+
+Tue Sep 10 14:15:02 1996 Tom Yu <tlyu@mit.edu>
+
+ * ksu.M: remove ".so man1/header.doc"
+
+Thu Aug 8 12:31:30 1996 Sam Hartman <hartmans@mit.edu>
+
+ * main.c (main): Close source cache before executing command.
+
+Sat May 25 16:11:55 1996 Sam Hartman <hartmans@mit.edu>
+
+ * configure.in: Use aname db libs.
+
+Tue May 21 19:14:27 1996 Sam Hartman <hartmans@mit.edu>
+
+ * Makefile.in (install): Ignore error return from installation of
+ ksu; if we can't set the setuid bit (AFS or non-root), we should
+ still continue.
+
+Mon May 20 00:07:16 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * main.c (main): Do not force source cache open if we are going to use it as the target.
+
+Sun May 19 13:41:21 1996 Sam Hartman <hartmans@mit.edu>
+
+ * main.c: Force source ccache to stay open between transactions.
+
+Sun May 19 03:24:26 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * krb_auth_su.c: Use target uid while creating ccache
+
+ * ccache.c: Set uid to target before creating target cache.
+
+ * ksu.h: Add target_uid to copy_ccache and copy_ccache_restricted
+
+Sat May 18 16:39:15 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * configure.in: Use libkrb5util to get krb5_seteuid
+
+ * heuristic.c (get_best_princ_for_target): Remove seteuid around stat call and insert call to krb5_seteuid before accessing .k5login or .k5users.
+
+ * main.c (main): Insert appropriate calls to krb5_seteuid so that
+ files are accessed as appropriate. Also, remove code to copy
+ tickets obtained while running ksu overthe source cache; this is
+ not appropriate because it changes the ownership of the source
+ cache.
+
+Mon May 13 06:50:12 1996 Richard Basch <basch@lehman.com>
+
+ * authorization.c: users in the .k5login were not permitted to use
+ the '-e command' flag; the man page does not indicate this should fail.
+ All users in .k5login, and those in .k5users (for the specified cmd)
+ are now allowed to execute commands.
+ Also, a lot of indentation cleanup was done.
+
+ * configure.in heuristic.c:
+ Before getting the best principal from the ccache, reset the euid;
+ we don't want to use someone else's ccache.
+ Also, a lot of indentation cleanup was done.
+
+Wed Apr 10 20:24:49 1996 Richard Basch <basch@lehman.com>
+
+ * main.c, krb_auth_su.c: Mostly cosmetic cleanup of output
+ statements. Also, rather than computing the default host key,
+ let the library routine do it.
+
+Sun Mar 31 16:48:29 1996 Chris Provenzano <proven@cygnus.com>
+
+ * main.c (main): Handle suspend/fg properly.
+
+Fri Mar 29 23:35:53 1996 Chris Provenzano <proven@cygnus.com>
+
+ * ccache.c main.c: Remove krb5_ccache_refresh(). All this functionality
+ is is done in the krb5_ccache_copy(), and the way refresh() was
+ implemented it was generating a new ccache owner by root (ksu is suid)
+ over the old ccache, thereby making it possible that programs
+ accessing the ccache during this time would fail.
+
+Wed Mar 13 17:45:11 1996 Ken Raeburn <raeburn@cygnus.com>
+
+ * configure.in: Use AC_HEADER_STDARG.
+
+Wed Nov 8 17:54:11 1995 Theodore Y. Ts'o <tytso@dcl>
+
+ * ccache.c (krb5_check_exp): Change use of krb5_clockskew to be
+ context->clockskew.
+
+Mon Oct 9 23:14:33 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
+
+ * main.c (main): Handle case when ticket cache name does not
+ include ':'
+
+Thu Oct 5 11:23:21 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
+
+ * ksu.M: Document authorization changes.
+
+ * ksu.1: Remove as was out of date.
+
+ * Makefile.in (DEFINES): Remove LOCAL_REALM definition.
+
+ * ksu.h: Remove local_realm from krb5_authorization.
+
+ * authorization.c (krb5_authorization): Remove old copied code
+ that is in krb5 library and is out of date. Use the
+ configurable aname to localname methods.
+
+ * main.c (main): Add krb5_secure_config_files so that users cannot
+ override system config files.
+
+
+Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
+
+ * krb_auth_su.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
+
+Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
+
+ * krb_auth_su.c : Remove krb5_enctype references, and replace with
+ krb5_keytype where appropriate.
+
+Mon Aug 21 16:53:40 EDT 1995 Paul Park (pjpark@mit.edu)
+ * ksu.h - Change lifetime types to krb5_deltat.
+ * main.c - Use string_to_deltat() to parse lifetimes. Fix gcc -Wall.
+ * krb_auth_su.c - Fix gcc -Wall. Remove krb5_parse_lifetime() and
+ convtime(). No longer needed.
+ * ccache.c - Remove English-specific months and let timestamp_to_
+ sfstring() handle it. Fix gcc -Wall.
+ * configure.in - Add -lkadm.
+
+Sat Jul 29 04:41:07 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU>
+
+ * configure.in: Don't link with -lkadm.
+
+Tue Jul 11 11:10:13 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
+
+ * main.c (main): Remove extraneous argument to call to
+ krb5_parse_lifetime. Add context argument to call to
+ plain_dump_principal.
+
+ * authorization.c, heuristic.c, krb_auth_su.c: Add prototypes
+ for static functions. Add missing arguments to
+ _dbm_an_to_ln call.
+
+ * ccache.c: Remove prototype declaration of function now defined
+ in ksu.h
+
+ * ksu.h: Add full prototypes for all functions in program.
+
+Fri Jul 7 15:55:14 EDT 1995 Paul Park (pjpark@mit.edu)
+ * Makefile.in - Remove explicit library handling and LDFLAGS.
+ * configure.in - Add USE_KADM_LIBRARY and KRB5_LIBRARIES.
+
+Thu Jul 6 17:30:49 1995 Tom Yu <tlyu@lothlorien.MIT.EDU>
+
+ * krb_auth_su.c (krb5_get_tkt_via_passwd): Pass context to
+ os_localaddr.
+
+Tue Jun 20 14:32:46 1995 Tom Yu (tlyu@dragons-lair)
+
+ * main.c: HAS_GETUSERSHELL -> HAVE_GETUSERSHELL
+
+ * configure.in: add test for getusershell()
+
+Thu Jun 15 17:46:22 EDT 1995 Paul Park (pjpark@mit.edu)
+ * Makefile.in - Change explicit library names to -l<lib> form, and
+ change target link line to use $(LD) and associated flags.
+ * configure.in - Add shared library usage check.
+
+Fri Jun 9 18:37:43 1995 <tytso@rsx-11.mit.edu>
+
+ * configure.in: Remove standardized set of autoconf macros, which
+ are now handled by CONFIG_RULES.
+
+Tue May 9 15:52:15 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
+
+ * krb_auth_su.c (krb5_auth_check): Add missing context
+ (wolfgang@wsrcc.com)
+
+ * ccache.c (krb5_get_nonexp_tkts): Add missing context
+ (wolfgang@wsrcc.com)
+
+ * heuristic.c (get_best_princ_for_target): Missing context cuased
+ coredump.
+ (get_best_princ_for_target): Missing contexts in call to
+ find_either_ticket.
+ (find_either_ticket): Missing context in call of find_ticket
+ (get_best_princ_for_target): Add missing context
+
+Thu Mar 16 20:50:32 1995 John Gilmore (gnu at toad.com)
+
+ * configure.in: Replace CHECK_STDARG with AC_CHECK_HEADERS.
+ * main.c (print_status): Use HAVE_STDARG_H to control whether to
+ declare with ", ..."; not STDARG_PROTOTYPES.
+ * ksu.h: Don't include <stdarg.h> or <varargs.h>, since they
+ are already included by "com_err.h".
+
+Thu Mar 2 12:32:17 1995 Theodore Y. Ts'o <tytso@dcl>
+
+ * Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
+
+Wed Mar 1 16:28:36 1995 Theodore Y. Ts'o <tytso@dcl>
+
+ * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket
+ and -lnsl with WITH_NETLIB check.
+
+Tue Feb 28 02:11:21 1995 John Gilmore (gnu at toad.com)
+
+ * ksu.h: Avoid <krb5/...> and <com_err.h> includes.
+
+Fri Feb 17 18:10:04 1995 Chris Provenzano (proven@mit.edu)
+
+ * krb_auth_su.c krb5_auth_check()) Call krb5_get_cred_from_kdc()
+ with new calling convention.
+
+Mon Feb 06 17:19:04 1995 Chris Provenzano (proven@mit.edu)
+
+ * krb_auth_su.c Removed krb5_keytype, changed krb5_enctype to
+ krb5_enctype *, changed krb5_preauthtype to krb5_preauthtype *
+ for krb5_get_in_tkt_with_password() rotuine.
+
+Sat Jan 28 14:45:55 1995 Chris Provenzano (proven@mit.edu)
+
+ * krb_auth_su.c (krb5_verify_tkt_def()) use new API for
+ krb5_kt_get_entry.
+
+Wed Jan 18 12:21:30 1995 <tytso@rsx-11.mit.edu>
+
+ * main.c (main): If gethostbyname returns an error, exit after
+ printing an error message.
+
+Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
+
+ * Added krb5_context to all krb5_routines
+
+Mon Oct 3 19:15:28 1994 Theodore Y. Ts'o (tytso@dcl)
+
+ * Makefile.in: Use $(srcdir) to find manual page for make install.
+
+Fri Sep 30 22:14:41 1994 Theodore Y. Ts'o (tytso@dcl)
+
+ * krb_auth_su.c: Add magic number placeholder to structures.
+
+Tue Aug 9 20:29:47 1994 Tom Yu (tlyu@dragons-lair)
+
+ * *.c: "upgrade" to C Classic :-)
+
+Tue Aug 9 00:11:07 1994 Mark Eichin (eichin@cygnus.com)
+
+ * main.c: define MAXHOSTNAMELEN if it isn't there already
+ (print_status): use varargs form as well
+ * configure.in: check for stdarg.h
+
+Thu Aug 4 03:38:03 1994 Tom Yu (tlyu@dragons-lair)
+
+ * Makefile.in: make install fixes
+
+Mon Jul 25 01:23:36 1994 Tom Yu (tlyu@dragons-lair)
+
+ * configure.in: check for ndbm/dbm
+
+Thu Jul 21 01:01:20 1994 Tom Yu (tlyu at dragons-lair)
+
+ * Makefile.in:
+ * configure.in: attempt to autoconf
+
Sat Jul 16 03:02:17 1994 Tom Yu (tlyu at dragons-lair)
* ksu.c: frob error codes