Another minimal upgrade to kth-krb4-0.9.7.

7 files changed, 391 insertions, 343 deletions

diff --git a/kerberosIV/include/kerberosIV/kadm.h b/kerberosIV/include/kerberosIV/kadm.h
index 5098c390ca2..eee13687fb5 100644
--- a/kerberosIV/include/kerberosIV/kadm.h
+++ b/kerberosIV/include/kerberosIV/kadm.h
@@ -1,23 +1,11 @@
-/*	$Id: kadm.h,v 1.1 1995/12/14 06:52:34 tholo Exp $	*/
-
-/*-
- * Copyright 1987, 1988 by the Student Information Processing Board
- *	of the Massachusetts Institute of Technology
- *
- * Permission to use, copy, modify, and distribute this software
- * and its documentation for any purpose and without fee is
- * hereby granted, provided that the above copyright notice
- * appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation,
- * and that the names of M.I.T. and the M.I.T. S.I.P.B. not be
- * used in advertising or publicity pertaining to distribution
- * of the software without specific, written prior permission.
- * M.I.T. and the M.I.T. S.I.P.B. make no representations about
- * the suitability of this software for any purpose.  It is
- * provided "as is" without express or implied warranty.
- */
-
 /*
+ * $KTH: kadm.h,v 1.13 1997/08/17 07:30:24 assar Exp $
+ *
+ * Copyright 1988 by the Massachusetts Institute of Technology.
+ *
+ * For copying and distribution information, please see the file
+ * <mit-copyright.h>.
+ *
  * Definitions for Kerberos administration server & client
  */
 
@@ -30,6 +18,8 @@
  * Doug Church, December 28, 1989, MIT Project Athena
  */
 
+#include <kerberosIV/krb_db.h>
+
 /* The global structures for the client and server */
 typedef struct {
   struct sockaddr_in admin_addr;
@@ -48,6 +38,8 @@ typedef struct {		/* status of the server, i.e the parameters */
 
 /* Largest password length to be supported */
 #define MAX_KPW_LEN	128
+/* Minimum allowed password length */
+#define MIN_KPW_LEN	6
 
 /* Largest packet the admin server will ever allow itself to return */
 #define KADM_RET_MAX 2048
@@ -61,6 +53,7 @@ typedef struct {		/* status of the server, i.e the parameters */
 /* the lookups for the server instances */
 #define PWSERV_NAME  "changepw"
 #define KADM_SNAME   "kerberos_master"
+#define KADM_PORT    751
 #define KADM_SINST   "kerberos"
 
 /* Attributes fields constants and macros */
@@ -112,7 +105,9 @@ typedef struct {
 enum acl_types {
 ADDACL,
 GETACL,
-MODACL
+MODACL,
+STABACL, /* not used */
+DELACL
 };
 
 /* Various opcodes for the admin server's functions */
@@ -120,19 +115,30 @@ MODACL
 #define ADD_ENT      3
 #define MOD_ENT      4
 #define GET_ENT      5
+#define CHECK_PW     6 /* not used */
+#define CHG_STAB     7 /* not used */
+#define DEL_ENT	     8
 
 void prin_vals __P((Kadm_vals *));
 int stv_long __P((u_char *, u_int32_t *, int, int));
+int vts_long __P((u_int32_t, u_char **, int));
+int vts_string __P((char *, u_char **, int));
+int stv_string __P((u_char *, char *, int, int, int));
 
 int stream_to_vals __P((u_char *, Kadm_vals *, int));
 int vals_to_stream __P((Kadm_vals *, u_char **));
 
 int kadm_init_link __P((char *, char *, char *));
 int kadm_change_pw __P((unsigned char *));
+int kadm_change_pw_plain __P((unsigned char *, char *, char**));
+int kadm_change_pw2 __P((unsigned char *, char *, char**));
 int kadm_mod __P((Kadm_vals *, Kadm_vals *));
 int kadm_get __P((Kadm_vals *, u_char *));
 int kadm_add __P((Kadm_vals *));
+int kadm_del __P((Kadm_vals *));
 void kadm_vals_to_prin __P((u_char *, Principal *, Kadm_vals *));
 void kadm_prin_to_vals __P((u_char *, Kadm_vals *, Principal *));
 
+
+
 #endif /* KADM_DEFS */
diff --git a/kerberosIV/kadm/kadm_cli_wrap.c b/kerberosIV/kadm/kadm_cli_wrap.c
index 4a0155a54bb..214c32c0c23 100644
--- a/kerberosIV/kadm/kadm_cli_wrap.c
+++ b/kerberosIV/kadm/kadm_cli_wrap.c
@@ -1,25 +1,25 @@
-/*	$Id: kadm_cli_wrap.c,v 1.2 1996/09/16 03:16:27 tholo Exp $	*/
+/* $KTH: kadm_cli_wrap.c,v 1.22 1997/08/17 07:30:04 assar Exp $ */
 
-/*-
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- *
- */
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
 
 /*
  * Kerberos administration server client-side routines
@@ -29,7 +29,7 @@
  * kadm_cli_wrap.c the client side wrapping of the calls to the admin server 
  */
 
-#include "kadm_local.h"
+#include "kadm_locl.h"
 
 #ifndef NULL
 #define NULL 0
@@ -45,20 +45,20 @@ static des_cblock sess_key;	       /* to be filled in by kadm_cli_keyd */
 static des_key_schedule sess_sched;
 
 static void
-clear_secrets()
+clear_secrets(void)
 {
-	bzero((char *)sess_key, sizeof(sess_key));
-	bzero((char *)sess_sched, sizeof(sess_sched));
+	memset(sess_key, 0, sizeof(sess_key));
+	memset(sess_sched, 0, sizeof(sess_sched));
 	return;
 }
 
 static void (*opipe)();
 
 static void
-kadm_cli_disconn()
+kadm_cli_disconn(void)
 {
-    (void) close(client_parm.admin_fd);
-    (void) signal(SIGPIPE, opipe);
+    close(client_parm.admin_fd);
+    signal(SIGPIPE, opipe);
     return;
 }
 
@@ -70,43 +70,37 @@ kadm_cli_disconn()
  * data about the connection between the server and client, the services 
  * used, the locations and other fun things 
  */
+
 int
-kadm_init_link(n, i, r)
-	char *n;
-	char *i;
-	char *r;
+kadm_init_link(char *n, char *i, char *r)
 {
-	struct servent *sep;	       /* service we will talk to */
 	struct hostent *hop;	       /* host we will talk to */
 	char adm_hostname[MAXHOSTNAMELEN];
 
-	(void) init_kadm_err_tbl();
-	(void) init_krb_err_tbl();
-	(void) strcpy(client_parm.sname, n);
-	(void) strcpy(client_parm.sinst, i);
-	(void) strcpy(client_parm.krbrlm, r);
+	init_kadm_err_tbl();
+	init_krb_err_tbl();
+	strcpy(client_parm.sname, n);
+	strcpy(client_parm.sinst, i);
+	strcpy(client_parm.krbrlm, r);
 	client_parm.admin_fd = -1;
 
 	/* set up the admin_addr - fetch name of admin host */
 	if (krb_get_admhst(adm_hostname, client_parm.krbrlm, 1) != KSUCCESS)
 		return KADM_NO_HOST;
 	if ((hop = gethostbyname(adm_hostname)) == NULL)
-		return KADM_UNK_HOST;  /* couldnt find the admin servers
-				        * address */
-	if ((sep = getservbyname(KADM_SNAME, "tcp")) == NULL)
-		return KADM_NO_SERV;   /* couldnt find the admin service */
-	bzero((char *) &client_parm.admin_addr,
-	      sizeof(client_parm.admin_addr));
+		return KADM_UNK_HOST;
+	memset(&client_parm.admin_addr, 0, sizeof(client_parm.admin_addr));
+	client_parm.admin_addr.sin_port = 
+	  k_getportbyname(KADM_SNAME, "tcp", htons(KADM_PORT));
 	client_parm.admin_addr.sin_family = hop->h_addrtype;
-	bcopy((char *) hop->h_addr, (char *) &client_parm.admin_addr.sin_addr,
-	      hop->h_length);
-	client_parm.admin_addr.sin_port = sep->s_port;
+	memcpy(&client_parm.admin_addr.sin_addr, hop->h_addr,
+	       sizeof(client_parm.admin_addr.sin_addr));
 
 	return KADM_SUCCESS;
-}				       /* procedure kadm_init_link */
+}
 
 static int
-kadm_cli_conn()
+kadm_cli_conn(void)
 {					/* this connects and sets my_addr */
     int on = 1;
 
@@ -116,7 +110,7 @@ kadm_cli_conn()
     if (connect(client_parm.admin_fd,
 		(struct sockaddr *) & client_parm.admin_addr,
 		sizeof(client_parm.admin_addr))) {
-	(void) close(client_parm.admin_fd);
+	close(client_parm.admin_fd);
 	client_parm.admin_fd = -1;
 	return KADM_NO_CONN;		/* couldnt get the connect */
     }
@@ -125,16 +119,17 @@ kadm_cli_conn()
     if (getsockname(client_parm.admin_fd,
 		    (struct sockaddr *) & client_parm.my_addr,
 		    &client_parm.my_addr_len) < 0) {
-	(void) close(client_parm.admin_fd);
+	close(client_parm.admin_fd);
 	client_parm.admin_fd = -1;
-	(void) signal(SIGPIPE, opipe);
+	signal(SIGPIPE, opipe);
 	return KADM_NO_HERE;		/* couldnt find out who we are */
     }
-    if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE, &on,
+    if (setsockopt(client_parm.admin_fd, SOL_SOCKET, SO_KEEPALIVE,
+		   (void *)&on,
 		   sizeof(on)) < 0) {
-	(void) close(client_parm.admin_fd);
+	close(client_parm.admin_fd);
 	client_parm.admin_fd = -1;
-	(void) signal(SIGPIPE, opipe);
+	signal(SIGPIPE, opipe);
 	return KADM_NO_CONN;		/* XXX */
     }
     return KADM_SUCCESS;
@@ -142,9 +137,9 @@ kadm_cli_conn()
 
 /* takes in the sess_key and key_schedule and sets them appropriately */
 static int
-kadm_cli_keyd(s_k, s_s)
-	des_cblock *s_k;	/* session key */
-	struct des_ks_struct *s_s; /* session key schedule */
+kadm_cli_keyd(des_cblock (*s_k), struct des_ks_struct *s_s)
+                			       /* session key */
+                     		       /* session key schedule */
 {
 	CREDENTIALS cred;	       /* to get key data */
 	int stat;
@@ -153,10 +148,10 @@ kadm_cli_keyd(s_k, s_s)
 	if ((stat = krb_get_cred(client_parm.sname, client_parm.sinst,
 				client_parm.krbrlm, &cred)))
 		return stat + krb_err_base;
-	bcopy((char *) cred.session, (char *) s_k, sizeof(des_cblock));
-	bzero((char *) cred.session, sizeof(des_cblock));
+	memcpy(s_k, cred.session, sizeof(des_cblock));
+	memset(cred.session, 0, sizeof(des_cblock));
 #ifdef NOENCRYPTION
-	bzero(s_s, sizeof(des_key_schedule));
+	memset(s_s, 0, sizeof(des_key_schedule));
 #else
 	if ((stat = des_key_sched(s_k,s_s)))
 		return(stat+krb_err_base);
@@ -165,43 +160,40 @@ kadm_cli_keyd(s_k, s_s)
 }				       /* This code "works" */
 
 static int
-kadm_cli_out(dat, dat_len, ret_dat, ret_siz)
-	u_char *dat;
-	int dat_len;
-	u_char **ret_dat;
-	int *ret_siz;
+kadm_cli_out(u_char *dat, int dat_len, u_char **ret_dat, int *ret_siz)
 {
-	u_short dlen;
+	u_int16_t dlen;
 	int retval;
+	char tmp[4];
 
-	dlen = (u_short) dat_len;
+	dlen = (u_int16_t) dat_len;
 
 	if (dat_len != (int)dlen)
 		return (KADM_NO_ROOM);
 
-	dlen = htons(dlen);
-	if (krb_net_write(client_parm.admin_fd, (char *) &dlen,
-			  sizeof(u_short)) < 0)
-		return (errno);	       /* XXX */
+	tmp[0] = (dlen >> 8) & 0xff;
+	tmp[1] = dlen & 0xff;
+	if (krb_net_write(client_parm.admin_fd, tmp, 2) != 2)
+	    return (errno);	       /* XXX */
 
 	if (krb_net_write(client_parm.admin_fd, (char *) dat, dat_len) < 0)
 		return (errno);	       /* XXX */
 
-	if ((retval = krb_net_read(client_parm.admin_fd, (char *) &dlen,
-				  sizeof(u_short)) != sizeof(u_short))) {
+	
+	if ((retval = krb_net_read(client_parm.admin_fd, tmp, 2)) != 2){
 	    if (retval < 0)
 		return(errno);		/* XXX */
 	    else
 		return(EPIPE);		/* short read ! */
 	}
+	dlen = (tmp[0] << 8) | tmp[1];
 
-	dlen = ntohs(dlen);
 	*ret_dat = (u_char *)malloc((unsigned)dlen);
 	if (!*ret_dat)
 	    return(KADM_NOMEM);
 
-	if ((retval = krb_net_read(client_parm.admin_fd, (char *) *ret_dat,
-				  (int) dlen) != dlen)) {
+	if ((retval = krb_net_read(client_parm.admin_fd,  *ret_dat,
+				  dlen) != dlen)) {
 	    if (retval < 0)
 		return(errno);		/* XXX */
 	    else
@@ -230,11 +222,11 @@ kadm_cli_out(dat, dat_len, ret_dat, ret_siz)
  * then it sends the data and waits for a reply. 
  */
 static int
-kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz)
-	u_char *st_dat;		/* the actual data */
-	int st_siz;		/* length of said data */
-	u_char **ret_dat;	/* to give return info */
-	int *ret_siz;		/* length of returned info */
+kadm_cli_send(u_char *st_dat, int st_siz, u_char **ret_dat, int *ret_siz)
+               				/* the actual data */
+           				/* length of said data */
+                 			/* to give return info */
+             				/* length of returned info */
 {
 	int act_len, retdat;	       /* current offset into packet, return
 				        * data */
@@ -247,11 +239,11 @@ kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz)
 	u_char *return_dat;
 
 	act_st = (u_char *) malloc(KADM_VERSIZE); /* verstr stored first */
-	(void) strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE);
+	strncpy((char *)act_st, KADM_VERSTR, KADM_VERSIZE);
 	act_len = KADM_VERSIZE;
 
-	if ((retdat = kadm_cli_keyd((des_cblock *)&sess_key, sess_sched)) != KADM_SUCCESS) {
-		free((char *)act_st);
+	if ((retdat = kadm_cli_keyd(&sess_key, sess_sched)) != KADM_SUCCESS) {
+		free(act_st);
 		return retdat;	       /* couldnt get key working */
 	}
 	priv_pak = (u_char *) malloc((unsigned)(st_siz + 200));
@@ -273,40 +265,37 @@ kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz)
 			   &sess_key);
 #endif
 	if ((retdat = krb_mk_req(&authent, client_parm.sname, client_parm.sinst,
-				client_parm.krbrlm, (long)cksum))) {
+				client_parm.krbrlm, cksum))) {
 	    /* authenticator? */
 	    RET_N_FREE(retdat + krb_err_base);
 	}
 
-	act_st = (u_char *) realloc((char *) act_st,
-				    (unsigned) (act_len + authent.length
-						+ priv_len));
+	act_st = (u_char *) realloc(act_st,
+				    act_len + authent.length + priv_len);
 	if (!act_st) {
 	    clear_secrets();
-	    free((char *)priv_pak);
+	    free(priv_pak);
 	    return(KADM_NOMEM);
 	}
-	bcopy((char *) authent.dat, (char *) act_st + act_len, authent.length);
-	bcopy((char *) priv_pak, (char *) act_st + act_len + authent.length,
-	      priv_len);
-	free((char *)priv_pak);
+	memcpy((char *)act_st + act_len, authent.dat, authent.length);
+	memcpy((char *)act_st + act_len + authent.length, priv_pak, priv_len);
+	free(priv_pak);
 	if ((retdat = kadm_cli_out(act_st,
 				   act_len + authent.length + priv_len,
 				   ret_dat, ret_siz)) != KADM_SUCCESS)
 	    RET_N_FREE(retdat);
-	free((char *)act_st);
-#define RET_N_FREE2(r) {free((char *)*ret_dat); clear_secrets(); return(r);}
+	free(act_st);
+#define RET_N_FREE2(r) {free(*ret_dat); clear_secrets(); return(r);}
 
 	/* first see if it's a YOULOUSE */
 	if ((*ret_siz >= KADM_VERSIZE) &&
 	    !strncmp(KADM_ULOSE, (char *)*ret_dat, KADM_VERSIZE)) {
-	    u_int32_t errcode;
+	    unsigned char *p;
 	    /* it's a youlose packet */
-	    if (*ret_siz < KADM_VERSIZE + sizeof(u_int32_t))
+	    if (*ret_siz < KADM_VERSIZE + 4)
 		RET_N_FREE2(KADM_BAD_VER);
-	    bcopy((char *)(*ret_dat) + KADM_VERSIZE, (char *)&errcode,
-		  sizeof(u_int32_t));
-	    retdat = (int) ntohl(errcode);
+	    p = (*ret_dat)+KADM_VERSIZE;
+	    retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
 	    RET_N_FREE2(retdat);
 	}
 	/* need to decode the ret_dat */
@@ -320,39 +309,42 @@ kadm_cli_send(st_dat, st_siz, ret_dat, ret_siz)
 	if (strncmp((char *)mdat.app_data, KADM_VERSTR, KADM_VERSIZE))
 	    /* bad version */
 	    RET_N_FREE2(KADM_BAD_VER);
-	bcopy((char *)mdat.app_data+KADM_VERSIZE,
-	      (char *)&retdat, sizeof(u_int32_t));
-	retdat = ntohl((u_int32_t)retdat);
-	if (!(return_dat = (u_char *)malloc((unsigned)(mdat.app_length -
-					    KADM_VERSIZE - sizeof(u_int32_t)))))
+	{
+	    unsigned char *p = mdat.app_data+KADM_VERSIZE;
+	    retdat = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
+	}
+	{
+	  int s=mdat.app_length - KADM_VERSIZE - 4;
+	  if(s<=0) s=1;
+	  if (!(return_dat = (u_char *)malloc(s)))
 	    RET_N_FREE2(KADM_NOMEM);
-	bcopy((char *) mdat.app_data + KADM_VERSIZE + sizeof(u_int32_t),
-	      (char *)return_dat,
-	      (int)mdat.app_length - KADM_VERSIZE - sizeof(u_int32_t));
-	free((char *)*ret_dat);
+	}
+	memcpy(return_dat,
+	       (char *) mdat.app_data + KADM_VERSIZE + 4,
+	       mdat.app_length - KADM_VERSIZE - 4);
+	free(*ret_dat);
 	clear_secrets();
 	*ret_dat = return_dat;
-	*ret_siz = mdat.app_length - KADM_VERSIZE - sizeof(u_int32_t);
+	*ret_siz = mdat.app_length - KADM_VERSIZE - 4;
 	return retdat;
 }
 
-/*
- * kadm_change_pw
- * recieves    : key 
+
+
+/* 
+ * kadm_change_pw_plain
+ *
+ * see kadm_change_pw
  *
- * Replaces the password (i.e. des key) of the caller with that specified in
- * key. Returns no actual data from the master server, since this is called
- * by a user 
  */
-int
-kadm_change_pw(newkey)
-	unsigned char *newkey;	/* The DES form of the users key */
+int kadm_change_pw_plain(unsigned char *newkey, char *password, char **pw_msg)
 {
 	int stsize, retc;	       /* stream size and return code */
 	u_char *send_st;	       /* send stream */
 	u_char *ret_st;
 	int ret_sz;
-	u_int32_t keytmp;
+	int status;
+	static char msg[128];
 
 	if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
 	    return(retc);
@@ -364,24 +356,57 @@ kadm_change_pw(newkey)
 
 	/* change key to stream */
 
-	bcopy((char *) (((long *) newkey) + 1), (char *) &keytmp, 4);
-	keytmp = htonl(keytmp);
-	stsize += vts_long(keytmp, &send_st, stsize);
-
-	bcopy((char *) newkey, (char *) &keytmp, 4);
-	keytmp = htonl(keytmp);
-	stsize += vts_long(keytmp, &send_st, stsize);
+	send_st = realloc(send_st, stsize + 8);
+	memcpy(send_st + stsize + 4, newkey, 4); /* yes, this is backwards */
+	memcpy(send_st + stsize, newkey + 4, 4);
+	stsize += 8;
 	
+	if(password && *password)
+	  stsize += vts_string(password, &send_st, stsize);
+
 	retc = kadm_cli_send(send_st, stsize, &ret_st, &ret_sz);
-	free((char *)send_st);
-	if (retc == KADM_SUCCESS) {
-	    free((char *)ret_st);
+	free(send_st);
+	
+	if(retc != KADM_SUCCESS){
+	  status = stv_string(ret_st, msg, 0, sizeof(msg), ret_sz);
+	  if(status<0)
+	    msg[0]=0;
+	  *pw_msg=msg;
 	}
+
+	if (ret_st)
+	    free(ret_st);
+	
 	kadm_cli_disconn();
 	return(retc);
 }
 
 /*
+ * This function is here for compatibility with CNS
+ */
+
+int kadm_change_pw2(unsigned char *newkey, char *password, char **pw_msg)
+{
+    return kadm_change_pw_plain (newkey, password, pw_msg);
+}
+
+
+/*
+ * kadm_change_pw
+ * recieves    : key 
+ *
+ * Replaces the password (i.e. des key) of the caller with that specified in
+ * key. Returns no actual data from the master server, since this is called
+ * by a user 
+ */
+
+int kadm_change_pw(unsigned char *newkey)
+{
+  char *pw_msg;
+  return kadm_change_pw_plain(newkey, "", &pw_msg);
+}
+
+/*
  * kadm_add
  * 	receives    : vals
  * 	returns     : vals 
@@ -391,8 +416,7 @@ kadm_change_pw(newkey)
  * the default values they are set to 
  */
 int
-kadm_add(vals)
-	Kadm_vals *vals;
+kadm_add(Kadm_vals *vals)
 {
 	u_char *st, *st2;	       /* st will hold the stream of values */
 	int st_len;		       /* st2 the final stream with opcode */
@@ -405,15 +429,15 @@ kadm_add(vals)
 	st_len = vals_to_stream(vals, &st);
 	st2 = (u_char *) malloc((unsigned)(1 + st_len));
 	*st2 = (u_char) ADD_ENT;       /* here's the opcode */
-	bcopy((char *) st, (char *) st2 + 1, st_len);	/* append st on */
+	memcpy((char *) st2 + 1, st, st_len);	/* append st on */
 	retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
-	free((char *)st);
-	free((char *)st2);
+	free(st);
+	free(st2);
 	if (retc == KADM_SUCCESS) {
 	    /* ret_st has vals */
 	    if (stream_to_vals(ret_st, vals, ret_sz) < 0)
 		retc = KADM_LENGTH_ERROR;
-	    free((char *)ret_st);
+	    free(ret_st);
 	}
 	kadm_cli_disconn();
 	return(retc);
@@ -429,9 +453,7 @@ kadm_add(vals)
  * second values. returns the values for the changed entries in vals2
  */
 int
-kadm_mod(vals1, vals2)
-	Kadm_vals *vals1;
-	Kadm_vals *vals2;
+kadm_mod(Kadm_vals *vals1, Kadm_vals *vals2)
 {
 	u_char *st, *st2;	       /* st will hold the stream of values */
 	int st_len, nlen;	       /* st2 the final stream with opcode */
@@ -447,24 +469,48 @@ kadm_mod(vals1, vals2)
 	st_len = vals_to_stream(vals1, &st);
 	st2 = (u_char *) malloc((unsigned)(1 + st_len));
 	*st2 = (u_char) MOD_ENT;       /* here's the opcode */
-	bcopy((char *) st, (char *) st2 + 1, st_len++);	/* append st on */
-	free((char *)st);
+	memcpy((char *)st2 + 1, st, st_len++); /* append st on */
+	free(st);
 	nlen = vals_to_stream(vals2, &st);
 	st2 = (u_char *) realloc((char *) st2, (unsigned)(st_len + nlen));
-	bcopy((char *) st, (char *) st2 + st_len, nlen); /* append st on */
+	memcpy((char *) st2 + st_len, st, nlen); /* append st on */
 	retc = kadm_cli_send(st2, st_len + nlen, &ret_st, &ret_sz);
-	free((char *)st);
-	free((char *)st2);
+	free(st);
+	free(st2);
 	if (retc == KADM_SUCCESS) {
 	    /* ret_st has vals */
 	    if (stream_to_vals(ret_st, vals2, ret_sz) < 0)
 		retc = KADM_LENGTH_ERROR;
-	    free((char *)ret_st);
+	    free(ret_st);
 	}
 	kadm_cli_disconn();
 	return(retc);
 }
 
+
+int
+kadm_del(Kadm_vals *vals)
+{
+    unsigned char *st, *st2;	       /* st will hold the stream of values */
+    int st_len;		       /* st2 the final stream with opcode */
+    int retc;		       /* return code from call */
+    u_char *ret_st;
+    int ret_sz;
+    
+    if ((retc = kadm_cli_conn()) != KADM_SUCCESS)
+	return(retc);
+    st_len = vals_to_stream(vals, &st);
+    st2 = (unsigned char *) malloc(st_len + 1);
+    *st2 = DEL_ENT;       /* here's the opcode */
+    memcpy(st2 + 1, st, st_len);	/* append st on */
+    retc = kadm_cli_send(st2, st_len + 1, &ret_st, &ret_sz);
+    free(st);
+    free(st2);
+    kadm_cli_disconn();
+    return(retc);
+}
+
+
 /*
  * kadm_get
  * 	receives   : KTEXT, {values, flags} 
@@ -476,9 +522,7 @@ kadm_mod(vals1, vals2)
  * matches there were 
  */
 int
-kadm_get(vals, fl)
-	Kadm_vals *vals;
-	u_char *fl;
+kadm_get(Kadm_vals *vals, u_char *fl)
 {
 	int loop;		       /* for copying the fields data */
 	u_char *st, *st2;	       /* st will hold the stream of values */
@@ -492,17 +536,17 @@ kadm_get(vals, fl)
 	st_len = vals_to_stream(vals, &st);
 	st2 = (u_char *) malloc((unsigned)(1 + st_len + FLDSZ));
 	*st2 = (u_char) GET_ENT;       /* here's the opcode */
-	bcopy((char *) st, (char *) st2 + 1, st_len);	/* append st on */
+	memcpy((char *)st2 + 1, st, st_len); /* append st on */
 	for (loop = FLDSZ - 1; loop >= 0; loop--)
 		*(st2 + st_len + FLDSZ - loop) = fl[loop]; /* append the flags */
 	retc = kadm_cli_send(st2, st_len + 1 + FLDSZ,  &ret_st, &ret_sz);
-	free((char *)st);
-	free((char *)st2);
+	free(st);
+	free(st2);
 	if (retc == KADM_SUCCESS) {
 	    /* ret_st has vals */
 	    if (stream_to_vals(ret_st, vals, ret_sz) < 0)
 		retc = KADM_LENGTH_ERROR;
-	    free((char *)ret_st);
+	    free(ret_st);
 	}
 	kadm_cli_disconn();
 	return(retc);
diff --git a/kerberosIV/kadm/kadm_err.et b/kerberosIV/kadm/kadm_err.et
index fb1c47dbdf6..450d2f6e5db 100644
--- a/kerberosIV/kadm/kadm_err.et
+++ b/kerberosIV/kadm/kadm_err.et
@@ -1,5 +1,6 @@
-#	$Id: kadm_err.et,v 1.1 1995/12/14 06:52:45 tholo Exp $
-
+#	$OpenBSD: kadm_err.et,v 1.2 1997/12/01 04:46:58 art Exp $
+#	$KTH: kadm_err.et,v 1.4 1996/06/12 08:01:34 bg Exp $
+#
 # Copyright 1988 by the Massachusetts Institute of Technology.
 #
 # For copying and distribution information, please see the file
@@ -11,7 +12,7 @@
 
 # KADM_SUCCESS, as all success codes should be, is zero
 
-ec KADM_RCSID,		"$Header: /cvs/OpenBSD/src/kerberosIV/kadm/Attic/kadm_err.et,v 1.1 1995/12/14 06:52:45 tholo Exp $"
+ec KADM_RCSID,		"$Header: /cvs/OpenBSD/src/kerberosIV/kadm/Attic/kadm_err.et,v 1.2 1997/12/01 04:46:58 art Exp $"
 # /* Building and unbuilding the packet errors */
 ec KADM_NO_REALM,	"Cannot fetch local realm"
 ec KADM_NO_CRED,	"Unable to fetch credentials"
@@ -49,4 +50,10 @@ ec KADM_LENGTH_ERROR,	"Length mismatch problem"
 ec KADM_ILL_WILDCARD,	"Illegal use of wildcard"
 
 ec KADM_DB_INUSE,	"Database is locked or in use--try again later"
+
+ec KADM_INSECURE_PW,    "Insecure password rejected"
+ec KADM_PW_MISMATCH,    "Cleartext password and DES key did not match"
+
+ec KADM_NOT_SERV_PRINC, "Invalid principal for change srvtab request"
+ec KADM_IMMUTABLE,	"Attempt do delete immutable principal"
 end
diff --git a/kerberosIV/kadm/kadm_local.h b/kerberosIV/kadm/kadm_local.h
index 4c7d9fe99ac..829f43c5444 100644
--- a/kerberosIV/kadm/kadm_local.h
+++ b/kerberosIV/kadm/kadm_local.h
@@ -1,4 +1,4 @@
-/*	$Id: kadm_local.h,v 1.2 1997/06/29 10:56:14 provos Exp $	*/
+/*	$Id: kadm_local.h,v 1.3 1997/12/01 04:46:59 art Exp $	*/
 
 #include <stdio.h>
 #include <stdlib.h>
@@ -8,6 +8,7 @@
 #include <time.h>
 #include <errno.h>
 
+#include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/param.h>
 #include <netinet/in.h>
diff --git a/kerberosIV/kadm/kadm_stream.c b/kerberosIV/kadm/kadm_stream.c
index 50aae668868..e06d0fefd0a 100644
--- a/kerberosIV/kadm/kadm_stream.c
+++ b/kerberosIV/kadm/kadm_stream.c
@@ -1,24 +1,25 @@
-/*	$Id: kadm_stream.c,v 1.1 1995/12/14 06:52:45 tholo Exp $	*/
+/* $KTH: kadm_stream.c,v 1.11 1997/05/02 10:28:05 joda Exp $ */
 
-/*-
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
 
 /*
  * Stream conversion functions for Kerberos administration server
@@ -36,96 +37,107 @@
     fatal: prints out a kadm fatal error message, exits
 */
 
-#include "kadm_local.h"
-
-#define min(a,b) (((a) < (b)) ? (a) : (b))
+#include "kadm_locl.h"
 
 static int
-build_field_header(cont, st)
-	u_char *cont;		/* container for fields data */
-	u_char **st;		/* stream */
+build_field_header(u_char *cont, u_char **st)
+             			/* container for fields data */
+            			/* stream */
 {
   *st = (u_char *) malloc (4);
-  bcopy((char *) cont, (char *) *st, 4);
+  memcpy(*st, cont, 4);
   return 4;			/* return pointer to current stream location */
 }
 
 static int
-check_field_header(st, cont, maxlen)
-	u_char *st;		/* stream */
-	u_char *cont;		/* container for fields data */
-	int maxlen;
+check_field_header(u_char *st, u_char *cont, int maxlen)
+           			/* stream */
+             			/* container for fields data */
+           
 {
   if (4 > maxlen)
       return(-1);
-  bcopy((char *) st, (char *) cont, 4);
+  memcpy(cont, st, 4);
   return 4;			/* return pointer to current stream location */
 }
 
-static int
-vts_string(dat, st, loc)
-	char *dat;		/* a string to put on the stream */
-	u_char **st;		/* base pointer to the stream */
-	int loc;		/* offset into the stream for current data */
+int
+vts_string(char *dat, u_char **st, int loc)
+          			/* a string to put on the stream */
+            			/* base pointer to the stream */
+        			/* offset into the stream for current data */
 {
-  *st = (u_char *) realloc ((char *)*st, (unsigned) (loc + strlen(dat) + 1));
-  bcopy(dat, (char *)(*st + loc), strlen(dat)+1);
+  *st = (u_char *) realloc (*st, (unsigned) (loc + strlen(dat) + 1));
+  memcpy(*st + loc, dat, strlen(dat)+1);
   return strlen(dat)+1;
 }
 
 
 static int
-vts_short(dat, st, loc)
-	u_int16_t dat;		/* the attributes field */
-	u_char **st;		/* a base pointer to the stream */
-	int loc;		/* offset into the stream for current data */
+vts_short(u_int16_t dat, u_char **st, int loc)
+            			/* the attributes field */
+            			/* a base pointer to the stream */
+        			/* offset into the stream for current data */
 {
-  u_int16_t temp;			/* to hold the net order short */
-
-  temp = htons(dat);		/* convert to network order */
-  *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_int16_t)));
-  bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_int16_t));
-  return sizeof(u_int16_t);
+    unsigned char *p;
+    p = realloc(*st, loc + 2);
+    if(p == NULL){
+	abort();
+    }
+    p[loc] = (dat >> 8) & 0xff;
+    p[loc+1] = dat & 0xff;
+    *st = p;
+    return 2;
 }
 
 static int
-vts_char(dat, st, loc)
-	u_char dat;		/* the attributes field */
-	u_char **st;		/* a base pointer to the stream */
-	int loc;		/* offset into the stream for current data */
+vts_char(u_char dat, u_char **st, int loc)
+           			/* the attributes field */
+            			/* a base pointer to the stream */
+        			/* offset into the stream for current data */
 {
-  *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_char)));
-  (*st)[loc] = (u_char) dat;
-  return 1;
+    unsigned char *p = realloc(*st, loc + 1);
+    if(p == NULL){
+	abort();
+    }
+    p[loc] = dat;
+    *st = p;
+    return 1;
 }
 
 int
-vts_long(dat, st, loc)
-	u_int32_t dat;		/* the attributes field */
-	u_char **st;		/* a base pointer to the stream */
-	int loc;		/* offset into the stream for current data */
+vts_long(u_int32_t dat, u_char **st, int loc)
+           			/* the attributes field */
+            			/* a base pointer to the stream */
+        			/* offset into the stream for current data */
 {
-  u_int32_t temp;			/* to hold the net order short */
-
-  temp = htonl(dat);		/* convert to network order */
-  *st = (u_char *) realloc ((char *)*st, (unsigned)(loc + sizeof(u_int32_t)));
-  bcopy((char *) &temp, (char *)(*st + loc), sizeof(u_int32_t));
-  return sizeof(u_int32_t);
+    unsigned char *p = realloc(*st, loc + 4);
+    if(p == NULL){
+	abort();
+    }
+    p[loc] = (dat >> 24) & 0xff;
+    p[loc+1] = (dat >> 16) & 0xff;
+    p[loc+2] = (dat >> 8) & 0xff;
+    p[loc+3] = dat & 0xff;
+    *st = p;
+    return 4;
 }
     
-static int
-stv_string(st, dat, loc, stlen, maxlen)
-	register u_char *st;	/* base pointer to the stream */
-	char *dat;		/* a string to read from the stream */
-	register int loc;	/* offset into the stream for current data */
-	int stlen;		/* max length of string to copy in */
-	int maxlen;		/* max length of input stream */
+int
+stv_string(u_char *st,		/* base pointer to the stream */
+	   char *dat,		/* a string to read from the stream */
+	   int loc,		/* offset into the stream for current data */
+	   int stlen,		/* max length of string to copy in */
+	   int maxlen)		/* max length of input stream */
 {
   int maxcount;				/* max count of chars to copy */
 
   maxcount = min(maxlen - loc, stlen);
 
-  (void) strncpy(dat, (char *)st + loc, maxcount);
+  if(maxcount <= 0)
+      return -1;
+
+  strncpy(dat, (char *)st + loc, maxcount);
 
   if (dat[maxcount-1]) /* not null-term --> not enuf room */
       return(-1);
@@ -133,49 +145,44 @@ stv_string(st, dat, loc, stlen, maxlen)
 }
 
 static int
-stv_short(st, dat, loc, maxlen)
-	u_char *st;		/* a base pointer to the stream */
-        u_int16_t *dat;		/* the attributes field */
-	int loc;		/* offset into the stream for current data */
-	int maxlen;
+stv_short(u_char *st, u_int16_t *dat, int loc, int maxlen)
+           			/* a base pointer to the stream */
+             			/* the attributes field */
+        			/* offset into the stream for current data */
+           
 {
-  u_int16_t temp;			/* to hold the net order short */
-
-  if (loc + sizeof(temp) > maxlen)
-      return(-1);
-  /*bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_short));*/
-  bcopy(st + loc, (char *) &temp, sizeof(temp));
-  *dat = ntohs(temp);		/* convert to network order */
-  return sizeof(temp);
+  if (maxlen - loc < 2)
+      return -1;
+  
+  *dat = (st[loc] << 8) | st[loc + 1];
+  return 2;
 }
 
 int
-stv_long(st, dat, loc, maxlen)
-	u_char *st;		/* a base pointer to the stream */
-	u_int32_t *dat;		/* the attributes field */
-	int loc;		/* offset into the stream for current data */
-	int maxlen;		/* maximum length of st */
+stv_long(u_char *st, u_int32_t *dat, int loc, int maxlen)
+           			/* a base pointer to the stream */
+            			/* the attributes field */
+        			/* offset into the stream for current data */
+           			/* maximum length of st */
 {
-  u_int32_t temp;			/* to hold the net order short */
-
-  if (loc + sizeof(temp) > maxlen)
-      return(-1);
-  /*bcopy((char *)((u_long)st+(u_long)loc), (char *) &temp, sizeof(u_long));*/
-  bcopy(st + loc, (char *) &temp, sizeof(temp));
-  *dat = ntohl(temp);		/* convert to network order */
-  return sizeof(temp);
+  if (maxlen - loc < 4)
+      return -1;
+  
+  *dat = (st[loc] << 24) | (st[loc+1] << 16) | (st[loc+2] << 8) | st[loc+3];
+  return 4;
 }
     
 static int
-stv_char(st, dat, loc, maxlen)
-	u_char *st;		/* a base pointer to the stream */
-	u_char *dat;		/* the attributes field */
-	int loc;		/* offset into the stream for current data */
-	int maxlen;
+stv_char(u_char *st, u_char *dat, int loc, int maxlen)
+           			/* a base pointer to the stream */
+            			/* the attributes field */
+        			/* offset into the stream for current data */
+           
 {
-  if (loc + 1 > maxlen)
-      return(-1);
-  *dat = *(st + loc);
+  if (maxlen - loc < 1)
+      return -1;
+  
+  *dat = st[loc];
   return 1;
 }
 
@@ -187,9 +194,7 @@ vals_to_stream
 this function creates a byte-stream representation of the kadm_vals structure
 */
 int
-vals_to_stream(dt_in, dt_out)
-	Kadm_vals *dt_in;
-	u_char **dt_out;
+vals_to_stream(Kadm_vals *dt_in, u_char **dt_out)
 {
   int vsloop, stsize;		/* loop counter, stream size */
 
@@ -231,15 +236,15 @@ stream_to_vals
 this decodes a byte stream represntation of a vals struct into kadm_vals
 */
 int
-stream_to_vals(dt_in, dt_out, maxlen)
-	u_char *dt_in;
-	Kadm_vals *dt_out;
-	int maxlen;		/* max length to use */
+stream_to_vals(u_char *dt_in, Kadm_vals *dt_out, int maxlen)
+              
+                  
+           				/* max length to use */
 {
-  register int vsloop, stsize;		/* loop counter, stream size */
-  register int status;
+  int vsloop, stsize;		/* loop counter, stream size */
+  int status;
 
-  bzero((char *) dt_out, sizeof(*dt_out));
+  memset(dt_out, 0, sizeof(*dt_out));
 
   stsize = check_field_header(dt_in, dt_out->fields, maxlen);
   if (stsize < 0)
diff --git a/kerberosIV/kadm/kadm_supp.c b/kerberosIV/kadm/kadm_supp.c
index 8882b06d422..4a771ff5fca 100644
--- a/kerberosIV/kadm/kadm_supp.c
+++ b/kerberosIV/kadm/kadm_supp.c
@@ -1,24 +1,25 @@
-/*	$Id: kadm_supp.c,v 1.1 1995/12/14 06:52:46 tholo Exp $	*/
+/* $KTH: kadm_supp.c,v 1.8 1997/05/02 10:27:58 joda Exp $ */
 
-/*-
- * Copyright (C) 1989 by the Massachusetts Institute of Technology
- *
- * Export of this software from the United States of America is assumed
- * to require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission.  M.I.T. makes no representations about the suitability of
- * this software for any purpose.  It is provided "as is" without express
- * or implied warranty.
- */
+/* 
+  Copyright (C) 1989 by the Massachusetts Institute of Technology
+
+   Export of this software from the United States of America is assumed
+   to require a specific license from the United States Government.
+   It is the responsibility of any person or organization contemplating
+   export to obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission.  M.I.T. makes no representations about the suitability of
+this software for any purpose.  It is provided "as is" without express
+or implied warranty.
+
+  */
 
 /*
  * Support functions for Kerberos administration server & clients
@@ -34,52 +35,39 @@
            structure
 */
 
-#include "kadm_local.h"
+#include "kadm_locl.h"
     
 /*
 prin_vals:
   recieves    : a vals structure
 */
 void
-prin_vals(vals)
-	Kadm_vals *vals;
+prin_vals(Kadm_vals *vals)
 {
    printf("Info in Database for %s.%s:\n", vals->name, vals->instance);
    printf("   Max Life: %d (%s)   Exp Date: %s\n",
 	  vals->max_life,
 	  krb_life_to_atime(vals->max_life), 
 	  asctime(k_localtime(&vals->exp_date)));
-   printf("   Attribs: %.2x  key: %lu %lu\n",
+   printf("   Attribs: %.2x  key: %#lx %#lx\n",
 	  vals->attributes,
 	  (long)vals->key_low, (long)vals->key_high);
 }
 
-#ifdef notdef
-nierror(s)
-int s;
-{
-    printf("Kerberos admin server loses..... %s\n",error_message(s));
-    return(s);
-}
-#endif
-
 /* kadm_prin_to_vals takes a fields arguments, a Kadm_vals and a Principal,
    it copies the fields in Principal specified by fields into Kadm_vals, 
    i.e from old to new */
 
 void
-kadm_prin_to_vals(fields, new, old)
-	u_char *fields;
-	Kadm_vals *new;
-	Principal *old;
+kadm_prin_to_vals(u_char *fields, Kadm_vals *new, Principal *old)
 {
-  bzero((char *)new, sizeof(*new));
+  memset(new, 0, sizeof(*new));
   if (IS_FIELD(KADM_NAME,fields)) {
-      (void) strncpy(new->name, old->name, ANAME_SZ); 
+      strncpy(new->name, old->name, ANAME_SZ); 
       SET_FIELD(KADM_NAME, new->fields);
   }
   if (IS_FIELD(KADM_INST,fields)) {
-      (void) strncpy(new->instance, old->instance, INST_SZ); 
+      strncpy(new->instance, old->instance, INST_SZ); 
       SET_FIELD(KADM_INST, new->fields);
   }      
   if (IS_FIELD(KADM_EXPDATE,fields)) {
@@ -102,17 +90,14 @@ kadm_prin_to_vals(fields, new, old)
 }
 
 void
-kadm_vals_to_prin(fields, new, old)
-	u_char *fields;
-	Principal *new;
-	Kadm_vals *old;
+kadm_vals_to_prin(u_char *fields, Principal *new, Kadm_vals *old)
 {
 
-  bzero((char *)new, sizeof(*new));
+  memset(new, 0, sizeof(*new));
   if (IS_FIELD(KADM_NAME,fields))
-    (void) strncpy(new->name, old->name, ANAME_SZ); 
+    strncpy(new->name, old->name, ANAME_SZ); 
   if (IS_FIELD(KADM_INST,fields))
-    (void) strncpy(new->instance, old->instance, INST_SZ); 
+    strncpy(new->instance, old->instance, INST_SZ); 
   if (IS_FIELD(KADM_EXPDATE,fields))
     new->exp_date   = old->exp_date; 
   if (IS_FIELD(KADM_ATTR,fields))
diff --git a/kerberosIV/kadm/shlib_version b/kerberosIV/kadm/shlib_version
index d9961ea9fef..3066b9771e7 100644
--- a/kerberosIV/kadm/shlib_version
+++ b/kerberosIV/kadm/shlib_version
@@ -1,2 +1,2 @@
-major=4
+major=5
 minor=0