+2003-04-01 Nalin Dahyabhai <nalin@redhat.com>
+
+ * heuristic.c (get_closest_principal): Don't try to examine
+ principal name components after the last.
+ * krb_auth_su.c (get_best_principal): Check principal name length
+ before examining components.
+
+2002-12-23 Ezra Peisach <epeisach@bu.edu>
+
+ * authorization.c, heuristic.c, ksu.h: Use uid_t instead of int in
+ arguments to fowner() and get_best_princ_for_target(). Signed
+ vs. unsigned int cleanup.
+
+2002-08-29 Ken Raeburn <raeburn@mit.edu>
+
+ * Makefile.in: Revert $(S)=>/ change, for Windows support.
+
+2002-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * Makefile.in: Change $(S)=>/ and $(U)=>.. globally.
+
+2002-08-14 Jen Selby <jenselby@mit.edu>
+
+ * main.c: updated the usage function
+
+2002-06-25 Ken Raeburn <raeburn@mit.edu>
+
+ * Makefile.in (ksu): Don't use krb5util library.
+
+2002-06-21 Ezra Peisach <epeisach@bu.edu>
+
+ * ccache.c (printtime): Do not assume that krb5_timestamp and
+ time_t are the same size as an argument to localtime.
+
+ * heuristic.c (get_authorized_princ_names): If .k5login file
+ exists but is not owned by the user, do not attempt to fclose an
+ uninitialized FILE *.
+
+2001-10-30 Ezra Peisach <epeisach@mit.edu>
+
+ * main.c (main): Do not pass LOG_AUTH facility into openlog() as a
+ logopt.
+
+2001-10-18 Ken Raeburn <raeburn@mit.edu>
+
+ Don't crash if .k[5]login file ownership is wrong. Patch from
+ Emily Ratliff, ratliff@austin.ibm.com.
+ * authorization.c (fowner): Don't close the file even on error.
+ (krb5_authorization): Close the file if fowner returns FALSE.
+
+2001-10-09 Ken Raeburn <raeburn@mit.edu>
+
+ * authorization.c, heuristic.c, krb_auth_su.c, ksu.h, main.c: Make
+ prototypes unconditional.
+
+2001-10-07 Mitchell Berger <mitchb@mit.edu>
+
+ * krb_auth_su.c: Fix a call to plain_dump_principal() that had the
+ wrong number of arguments but was only compiled if GET_TGT_VIA_PASSWD
+ wasn't defined.
+
+2001-09-16 Mitchell Berger <mitchb@mit.edu>
+
+ * ksu.M: Correct a few typos.
+
+2001-07-23 Ezra Peisach <epeisach@mit.edu>
+
+ * setenv.c: Include stdlib.h, provide prototypes for setenv and
+ unsetenv before declaration.
+
+2001-06-26 Ezra Peisach <epeisach@mit.edu>
+
+ * authorization.c (find_first_cmd_that_exists): Change xmalloc()
+ to xcalloc() where was intented in code (two arguments to xmalloc).
+
+ * ksu.h: Provide full prototypes for xmalloc(), xrealloc(),
+ xcalloc(), and xstrdup().
+
+2001-06-21 Ezra Peisach <epeisach@mit.edu>
+
+ * main.c (get_params): Change optind to optindex to prevent
+ shadowing.
+
+2001-06-18 Ezra Peisach <epeisach@mit.edu>
+
+ * main.c (main): Cast arguments to print_status to be consitant
+ with format string.
+
+2001-06-11 Ezra Peisach <epeisach@mit.edu>
+
+ * setenv.c: Add prototype for _findenv to avoid inconsistancy of
+ static vs. extern.
+
+ * heuristic.c (find_either_ticket): Change krb5_tgtname() to
+ ksu_tgtname().
+
+ * ccache.c: Include <sys/types.h> and <sys/stat.h> for start()
+ prototype.
+
+ * krb_auth_su.c: Reindent for readability. Remove defunct
+ code. Change use of krb5_tgtname to ksu_tgtname().
+
+ * ksu.h: Include k5-util.h for krb5_seteuid() prototype. Add
+ prototype for ksu_tgtname. Add prototype for unsetenv() if not
+ defined.
+
+ * main.c: Include grp.h for initgroups() prototype. Cleanup
+ assignment in conditional warning. Reindent for
+ readability. Arguments to print_status made consistant with regard
+ to long vs. int. Change krb5_tgtname to ksu_tgtname. (do not use
+ an internal krb5 function that is not advertised).
+
+2001-06-05 Ezra Peisach <epeisach@mit.edu>
+
+ * authorization.c, heuristic.c, krb_auth_su.c, main.c, setenv.c:
+ Cleanup assignments in conditionals.
+
+2001-04-03 Tom Yu <tlyu@mit.edu>
+
+ * setenv.c: Add conditionals for compilation of setenv, unsetenv,
+ and getenv such that they only get compiled if they don't already
+ exist. [pullup from krb5-1-2-2-branch]
+
+2000-10-17 Ezra Peisach <epeisach@mit.edu>
+
+ * krb_auth_su.c (krb5_get_tkt_via_passwd): Argument to
+ krb5_read_password now takes an unsigned int.
+
+2000-10-03 Ezra Peisach <epeisach@mit.edu>
+
+ * ccache.c, heuristic.c, main.c: Return of krb5_cc_get_name() is
+ const char *.
+
+2000-05-22 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in (OBJS): Put @SETENVOBJ@ on same line as xmalloc.o to
+ avoid trailing backslash on the end of the variable.
+
+2000-05-15 Ken Raeburn <raeburn@mit.edu>
+
+ * ccache.c (krb5_ccache_copy): Modify conditionalized code block
+ slightly to make automatic indentation work better.
+
+ * main.c (main): Complain and quit if prog_name is longer than 50
+ characters.
+
+2000-04-26 Ken Raeburn <raeburn@mit.edu>
+ Nalin Dahyabhai <nalin@redhat.com>
+
+ * main.c (DEBUG): Don't define.
+ (usage): Remove -C option from description.
+ (sweep_up): Deleted second argument; all callers changed.
+ (main): Support -D option only if DEBUG is defined. Initialize
+ ruid on entry. Set effective uid to ruid before processing
+ argument list. Removed -C option from -z/-Z conflict messages.
+ Report errors trying to stat source ccache using com_err. Verify
+ that getpwuid's returned data for source user has correct uid.
+ Eliminate use_source_cache variable.
+
+ * ksu.M: Updates for removal of -C option.
+
+2000-01-27 Ken Raeburn <raeburn@mit.edu>
+
+ * main.c (print_status): Now static. Add format attribute if
+ using GNU C.
+
+1999-12-02 Ken Raeburn <raeburn@mit.edu>
+
+ * krb_auth_su.c (krb5_get_tkt_via_passwd): Check length of
+ principal name before copying to fixed-size buffer.
+
+ * ccache.c (krb5_ccache_filter): Fix speling error.
+ (krb5_get_login_princ): Check length of home directory pathname.
+
+ * setenv.c: New file, copied from appl/bsd.
+ * Makefile.in (OBJS): Add @SETENVOBJ@.
+ (SRCS): Add setenv.c.
+
+ * xmalloc.c: New file, providing versions of malloc, calloc,
+ realloc, and strdup that print messages and exit if memory
+ allocation fails.
+ * ksu.h (xmalloc, xrealloc, xcalloc, xstrdup): Declare.
+ * Makefile.in (SRCS, OBJS): Use it.
+ * authorization.c, ccache.c, heuristic.c, main.c: Change all calls
+ to malloc, calloc, realloc, and strdup to call x* versions if the
+ return value is not checked before use.
+
+ * authorization.c (auth_cleanup): Ditch int arguments, check for
+ null pointers instead.
+ (krb5_authorization): Update calls. Initialize file pointers to
+ null.
+ (init_auth_names): Check for buffer overflow.
+ (fcmd_resolve): Ensure enough buffer space is allocated.
+ (find_first_cmd_that_exists): Likewise. Use strcat instead of
+ sprintf'ing a buffer into itself.
+
+ * krb_auth_su.c (dump_principal, plain_dump_principal): Reformat
+ slightly.
+
+ * main.c (cc_source_tag, cc_source_tag_tmp): Now point to const.
+ (main): Unset environment variable KRB5_CONFIG. Delete -C
+ option. Force an error if lifetime strings are over 14
+ characters. Fix error message string if setluid fails. Cast pid
+ to long for printing. Call krb5_init_secure_context instead of
+ krb5_init_context and krb5_secure_config_files.
+ (main): Fix speling error.
+ (ontty): Check string size.
+ (get_dir_of_file): Argument now points to const.
+ * ksu.h (get_dir_of_file): Update declaration.
+
+1999-10-26 Wilfredo Sanchez <tritan@mit.edu>
+
+ * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
+ LOCAL_INCLUDES such that one can override CFLAGS from the command
+ line without losing CPP search patchs and defines. Some associated
+ Makefile cleanup.
+
+1999-08-23 Ken Raeburn <raeburn@mit.edu>
+
+ * heuristic.c (find_ticket): Use flag KRB5_TC_SUPPORTED_KTYPES
+ when calling krb5_cc_retrieve_cred.
+ * krb_auth_su.c (krb5_auth_check, krb5_fast_auth): Ditto.
+
+Fri Mar 12 18:52:18 1999 Tom Yu <tlyu@mit.edu>
+
+ * main.c (main): Fix cleanup code for setluid() failure.
+
+Thu Mar 4 18:46:55 1999 Tom Yu <tlyu@mit.edu>
+
+ * heuristic.c (get_authorized_princ_names): Fix to not call
+ list_union() if cmd is NULL, otherwise freed memory gets
+ referenced. [krb5-clients/698]
+
+Thu Feb 18 22:26:30 1999 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in (ksu): Add $(KSU_LIBS) in case we need -lsecurity.
+
+ * main.c (main): Add call to setluid() on systems that have it.
+
+1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * Makefile.in: Set the myfulldir and mydir variables (which are
+ relative to buildtop and thisconfigdir, respectively.)
+
+1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * main.c (main): POSIX states that getopt returns -1 when it
+ is done parsing options, not EOF.
+
+Wed Feb 18 15:44:15 1998 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in: Remove trailing slash from thisconfigdir. Fix up
+ BUILDTOP for new conventions.
+
+Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
+
+Wed Feb 4 20:46:49 1998 Tom Yu <tlyu@mit.edu>
+
+ * krb_auth_su.c (krb5_verify_tkt_def): If using a pre-existing
+ credential cache, ensure that the host ticket has not yet
+ expired. Patch from vwelch@ncsa.uiuc.edu [krb5-clients/545].
+
+Mon Jan 27 16:56:07 1997 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in:
+ * configure.in: Update to new program build procedure.
+
+Sun Nov 10 20:10:53 1996 Sam Hartman <hartmans@mit.edu>
+
+ * krb_auth_su.c (path_passwd;): If you don't have a srvtab, always
+ fail.
+
+Thu Nov 7 15:41:19 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * main.c (main): Check the error return from
+ krb5_init_context(), and print an error message if
+ necessary.
+
+Wed Sep 18 15:54:41 1996 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * krb_auth_su.c (krb5_get_tkt_via_passwd): Remove call to
+ krb5_os_localaddr(), since get_in_tkt will default correctly.
+
+Tue Sep 10 14:15:02 1996 Tom Yu <tlyu@mit.edu>
+
+ * ksu.M: remove ".so man1/header.doc"
+
+Thu Aug 8 12:31:30 1996 Sam Hartman <hartmans@mit.edu>
+
+ * main.c (main): Close source cache before executing command.
+
Sat May 25 16:11:55 1996 Sam Hartman <hartmans@mit.edu>
* configure.in: Use aname db libs.