2002-09-10 * Release 1.2 2002-09-09 * configure.in: set sysconfdir to /etc for now * lib/krb/Makefile.am: update des_quad build glue * lib/krb/krb_locl.h: prototype for _krb_des_quad_cksum * lib/krb/quad_cksum.c: include a copy of des_quad_cksum here; it's easier than using the one in ../des * configure.in: fix des_quad_cksum test to work with openssl * lib/krb/Makefile.am: fix des_quad_cksum filename * configure.in: re-add lost readline test * lib/krb/mk_safe.c: remove redundant decls (from NetBSD) * lib/krb/krb_locl.h: remove redundant decls (from NetBSD) * lib/krb/krb-archaeology.h: remove redundant decls (from NetBSD) * lib/krb/klog.h: remove redundant decls (from NetBSD) * lib/krb/get_krbrlm.c (krb_get_lrealm_f): take file FILE instead of filename; (krb_get_lrealm): add some unifdefed code to bail out if there are no krb.conf files; (krb_get_default_realm): check that there actually is a kdc for the returned realm (all from NetBSD) * lib/kdb/kdb_locl.h: remove redundant decls (from NetBSD) * lib/kadm/kadm_locl.h: remove redundant decls (from NetBSD) * appl/bsd/rlogind.c: don't use LOG_CONS (from NetBSD) * lib/krb/krb.equiv.5: remove reference to krb_equiv() * lib/acl/Makefile.am: INCLUDE_des * kuser/Makefile.am: INCLUDE_des 2002-08-28 * appl/movemail/pop.c: IRIX == 4 -> IRIX4 * configure.in: use rk_SUNOS, and define _GNU_SOURCE * configure.in: AC_TEST_PACKAGE_NEW -> rk_TEST_PACKAGE * configure.in: move some of acconfig.h here, and some other changes * appl/bsd/bsd_locl.h: don't define KERBEROS here * appl/bsd/klogin.c: KERBEROS -> KRB4 * appl/bsd/login.c: KERBEROS -> KRB4 2002-08-21 * lib/krb/roken_rename.h: more renaming 2002-08-20 * configure.in: use new AC_INIT interface * configure.in: test for broken des_quad_cksum 2002-08-15 * lib/krb/Makefile.am: remove concat.c * lib/krb/get_in_tkt.c: use asprintf instead of roken_mconcat * lib/krb/get_host.c: use asprintf instead of roken_mconcat * kadmin/ksrvutil_get.c: krb_err_base -> ERROR_TABLE_BASE_krb * kadmin/kadmin.c: krb_err_base -> ERROR_TABLE_BASE_krb * kadmin/kadm_ser_wrap.c: krb_err_base -> ERROR_TABLE_BASE_krb * lib/kadm/kadm_cli_wrap.c: krb_err_base -> ERROR_TABLE_BASE_krb 2002-06-28 * kuser/klist.c (display_tokens): don't bail out before we get EDOM (signaling the end of the tokens), the kernel can also return ENOTCONN, meaning that the index does not exist anymore (for example if the token has expired) 2002-06-07 * kadmin/ksrvutil.c: fix bogus argument to strlcpy, and some language; from Moritz Jodeit 2002-05-20 * lib/krb/Makefile.am: version number * NEWS: update * configure.in: depend on autoconf 2.53 * lib/kdb/krb_dbm.c: fix ndbm test 2002-05-19 * admin/kdb_util.8: convert to mdoc * admin/kdb_destroy.8: convert to mdoc * admin/kdb_init.8: convert to mdoc * admin/ext_srvtab.8: convert to mdoc * Makefile.am.common: remove stuff that moved to cf/Makefile.am.common * configure.in: use AC_HELP_STRING 2002-05-17 * configure.in: just check for db stuff once * tools/Makefile.am: expand DBLIBS * tools/krb4-config.in: reconise kdb and krb as library types * lib/kdb/Makefile.am: add hooks for ndbm_wrap * lib/kdb/krb_dbm.c: use ndbm_wrap 2002-05-02 * configure.in: remove some duplicate tests * include/Makefile.am: if we're using openssl, fake a des.h that includes openssl/des.h * lib/kadm/Makefile.am: OBJECTS doesn't seem to be defined by automake anymore * lib/acl/Makefile.am: OBJECTS doesn't seem to be defined by automake anymore 2002-04-26 * slave/Makefile.am: SBINDIR is now defined in config.h * appl/bsd/Makefile.am: BINDIR is now defined in config.h 2002-04-25 * configure.in: use rk_DESTDIRS 2002-02-14 * configure.in: find inttypes by CHECK_TYPES directly 2002-02-06 * tools/krb4-config.in: include the flgas to find des.h * tools/Makefile.am (INCLUDE_des): replace * slave/Makefile.am (INCLUDES): add flags to find des.h (if it's not in the standard include path) * lib/krb/Makefile.am (INCLUDES): add flags to find des.h (if it's not in the standard include path) * lib/kdb/Makefile.am (INCLUDES): add flags to find des.h * appl/sample/Makefile.am (INCLUDES): add flags for finding des.h * appl/kip/Makefile.am (INCLUDES): add flags to find des.h * configure.in (INCLUDE_krb4): add the flags for libcrypto 2002-02-04 * lib/krb/read_service_key.c: don't copy the instance before we know this is the key we're looking for 2002-02-01 * configure.in: check for tgetent before testing for readline 2002-01-14 * README: fix typo; from Rich Morin 2001-12-05 * kadmin/admin_server.c, kadmin/kadm_locl.h, kadmin/kadm_ser_wrap.c, kadmin/kadmind.8: add -p to enable kadmind to use a different port 2001-11-01 * appl/movemail/movemail.c (mbx_delimit_begin): add a LF here so that the last line before the next From_ is empty. noted by 2001-09-17 * Release 1.1 * lib/krb/*: adjust to openssl's des prototypes 2001-09-13 * lib/krb/Makefile.am (libkrb_la_LDFLAGS): set version to 2:0:1 (new interfaces added) * lib/kdb/Makefile.am (libkdb_la_LDFLAGS): set version to 1:10:0 (newer than any from 1.0-branch) * lib/kadm/Makefile.am (libkadm_la_LDFLAGS): set version to 1:10:0 (newer than any from 1.0-branch) * admin/kdb_destroy.c, lib/kdb/krb_dbm.c: test for the ndbm database really being a .db one and use it when moving/removing database files * tools/krb4-config.in: add 2001-09-10 * lib/kdb/Makefile.am: correct dependency on config.h, roken_rename.h * configure.in: add a prereq so it's clear this requires autoconf 2.52 use the macros for testing for compile_et and lib/auth 2001-09-04 * appl/bsd/rcp.c (allocbuf): do not leak memory on failure and zero re-used memory, from Markus Friedl 2001-09-03 * admin/ext_srvtab.c (main): handle atexit or on_exit 2001-08-28 * lib/krb/get_krbrlm.c (krb_get_lrealm_f): only set result if not an error * appl/bsd/su.c (kerberos): make sure krb_get_lrealm returns success 2001-08-26 * appl/afsutil/aklog.c: call krb_get_default_principal correctly * lib/krb/Makefile.am: always link libkrb against libdes (or libcrypto) add random_block.c * *: use socklen_t * appl/bsd/Makefile.am (rlogind_LDADD): remember logwtmp * lib/krb/krb.h: made it into a generated file * server/kerberos.c: adopt to new KRB_CRYPTO. remove variables that are just set and never used * configure.in: adopt to new rk_DB and new KRB_CRYPTO also generate lib/krb/krb.h 2001-07-19 * appl/bsd/rshd.c (error): use vsnprintf correctly 2001-06-19 * appl/bsd/rcp.c (run_err): call va_start - va_end for every use of va_list. from markus@openbsd.org 2001-06-04 * update copyright messages on Wietse Venema's code. 2001-05-04 * lib/krb/Makefile.am (libkrb_la_LIBADD): add a dependency on libdes on solaris * configure.in (arc4random, srandomdev): test for SOLARIS_LIBDES: set on solaris to add a dependency to libkrb 2001-05-03 * lib/krb/lsb_addr_comp.c (lsb_time): have the nat_in_use override firewall_address. from Ake Sandgren 2001-04-25 * kadmin/kadmin.c: remove non-used code for not converting the key to network byte order 2001-03-13 * lib/kadm/kadm_cli_wrap.c: initialize pointers to NULL and sizes to 0 to avoid freeing invalid memory 2001-02-26 * configure.in: no DCE here 2001-02-08 * appl/bsd/utmp_login.c, appl/bsd/utmpx_login.c: shrink hostname to be written into utmp in the same way as telnetd 2000-12-29 * lib/krb/krb-protos.h (krb_get_our_ip_for_realm): add prototype * lib/krb/logging.c (log_tty, log_with_timestamp_and_nl): add printf attributes, from sommerfeld@netbsd.org 2000-12-15 * lib/krb/verify_user.c (krb_verify_user_srvtab_exact): iterate over local relams when looking for a srvtab key to verify against 2000-12-13 * include/Makefile.am: rename protos.H -> protos.hin 2000-12-07 * configure.in (streamspty): try quoting glob pattern properly * lib/krb/getfile.c (get_file): do not support reading KRBCONFDIR for uid == 0 * lib/krb/extra.c: remove (obsolete) support for reading from environment variables * appl/bsd/su.c (kerberos): loop over all the local realms to find (the) one where the local rcmd exists 2000-12-04 * lib/krb/kdc_reply.c (kdc_reply_cipher): check the len for being sane. noted by Jouko Pynnönen 2000-11-30 * appl/bsd/su.c: add support for multiple local realms * lib/krb/krb-protos.h (krb_get_our_ip_for_realm): add prototype * lib/krb/tf_util.c (tf_store_addr): remove unused variables * lib/krb/send_to_kdc.c (send_to_kdc): remove unused variable * lib/krb/krb-protos.h (krb_get_credentials): add prototype * lib/krb/mk_req.c (krb_get_credentials): removed unused variable * configure.in: use rk_CHECK_MAN * configure.in: remove more roken duplicates 2000-11-29 * configure.in: don't test for glob and syslog here * configure.in: add roken/Makefile here, since it can't live in rk_ROKEN * admin/kdb_util.c: make it possible to change to a new master password without knowing the old 2000-11-15 * configure.in (LIB_des): set. fix users. 2000-11-05 * configure.in: switch to automake * acconfig.h: remove some automagically defined things 2000-10-23 * lib/krb/str2key.c: cast to des_cblock* * lib/krb/roken_rename.h: add more functions * lib/krb/rd_priv.c: cast to des_cblock* * lib/krb/mk_priv.c: cast to des_cblock* * lib/krb/krb.h: fix constness of krb4_version * lib/krb/encrypt_ktext.c: cast to des_cblock* * lib/krb/decomp_ticket.c: cast to des_cblock* * appl/bsd/rcp.c: HAVE_ST_BLKSIZE -> HAVE_STRUCT_STAT_ST_BLKSIZE 2000-10-19 * include/Makefile.in (HEADERS): add md4.h, md5.h, sha.h and rc4.h * appl/kip/common.c (WCOREDUMP): add fallback definition 2000-10-18 * lib/krb/dest_tkt.c (dest_tkt): only return valid error codes back * kadmin/admin_server.c: re-structure code to handle DoS attacks better only allow a constant number of children (100 currently) keep track of which children have gotten authentication information and kill the non-authenticated children when there are new connections 2000-10-16 * server/kerberos.c: handle a fixed number (100) of TCP connections and kill some randomly if all are busy to try to mitigate the effects of DoS attacks 2000-10-08 * lib/krb/send_to_kdc.c (send_recv): check that fds are not too large to select on * kadmin/admin_server.c (kadm_listen): check that fds are not too large to select on * appl/kip/common.c (*): check that fds are not too large to select on * appl/bsd/rshd.c (doit): check that fds are not too large to select on * appl/bsd/rsh.c (talk): check that fds are not too large to select on * appl/bsd/rlogin.c (reader): check that fds are not too large to select on * appl/bsd/kcmd.c (kcmd): check that fds are not too large to select on 2000-09-25 * config.guess: update to version 2000-09-05 (aka 1.156) from subversions.gnu.org plus some minor tweaks * config.sub: update to version 2000-09-11 (aka 1.181) from subversions.gnu.org 2000-09-09 * appl/kip/kipd.c: add back droped slash in kip-control 2000-08-16 * configure.in (VERSION): up to 1.0.3pre (getmsg): re-do so it possibly works on redhat 7.0 2000-08-09 * kuser/klist.c (display_srvtab): do not call warn with a variable as format string * appl/bsd/rshd.c (doit): do not call warnx with a variable as format string 2000-08-04 * kadmin/kadmin.c: add support for reading key in hex for ckey 2000-07-31 * configure.in: check for uint*_t 2000-07-30 * doc/install.texi: say something about siacfg 2000-06-28 * lib/krb/dest_tkt.c (dest_tkt): rewrite to lstat and compare numbers 2000-06-10 * appl/bsd: work-around setuid and capabilities bug fixed in Linux 2.2.16 2000-06-08 * configure.in: do not use streams ptys on HP-UX 11 2000-05-15 * lib/krb/rw.c (krb_get_nir): add explicit lengths to the parameters. before this the function `knew'. change callers. * appl/afsutil/aklog.c (__attribute__): remove, now in roken 2000-05-14 * appl/afsutil/aklog.c: look not only in /usr/vice/etc but also in /usr/arla/etc for configuration files 2000-04-25 * lib/krb/tf_util.c (tf_create): just remove the over-writing of the old ticket file. 2000-04-09 * lib/krb/getaddrs.c (k_get_all_addrs): apperently solaris can return EINVAL when the buffer is too small. cope. * appl/bsd/rshd.c (doit): exec the correct shell 2000-03-26 * config.guess, config.sub: update to current version from :pserver:anoncvs@subversions.gnu.org:/home/cvs * lib/krb/mk_req.c (krb_get_credentials): fill in `cred->pname' and `cred->pinst' from the ticket file. do not try again if the cred is expired - this produced a loop * appl/bsd/rlogind.c (rlogind_logout, logwtmp): make sure to always call time and ctime with `time_t's. there were some types (like in lastlog) that we believed to always be time_t. this has proven wrong on Solaris 8 in 64-bit mode, where they are stored as 32-bit quantities but time_t has gone up to 64 bits * appl/bsd/login.c: dito 2000-03-20 * configure.in: add solaris2.8 2000-03-16 * lib/krb/get_default_principal.c (krb_get_default_principal): use tkt_string instead of getenv 2000-03-15 * configure.in: on all versions of aix, add `-bnolibpath' to the linker. otherwise ld will interpret -L as run-time path for where to find shared libraries and looking in ../../foo is a bad idea. bug report from Niklas Edmundsson 2000-03-04 * man/Makefile.in: add pfrom. move cat-page of push to correct directory 2000-02-28 * appl/bsd/rshd.c (doit): send in home directory to kafs so that we can find out the cell where it's located and read the .TheseCells file 2000-01-09 * configure.in (APPL_KIP_DIR): remove setting. always build kip (sig_atomic_t): check for * appl/Makefile.in (SUBDIRS): always build kip * appl/kip/common.c (kip_exec): change to return error * appl/kip/Makefile.in (kip-join-network, kipd-control): add * appl/kip/kipd.c: rewrite. (main): use getarg (doit): run scripts when interface going up and down. * appl/kip/kip.h: make it work on all systems add new prototypes * appl/kip/kip.c: rewrite. (main): use getarg (doit): run scripts when interface going up and down. * appl/kip/common.c (copy_packets): allow termination. handle EINTR correctly. handle error messages. (tunnel_open): return if name (kip_exec): new function for runnning scripts (fatal): generic failing function based on patches from Love 2000-01-01 * configure.in: check for IPv6 so that we can find libraries that contain getnameinfo et al (which we actually use) 1999-12-27 * appl/movemail/movemail.c: changes from Lars Engebretsen for adding `-p' (preserve) and `-r' (reverse). also removed strerror. 1999-12-06 * lib/krb/krb_ip_realm.c (krb_add_our_ip_for_realm): no pointers to s_addr (fails on Crays where it's a bit-field) * kuser/klist.c: most casts and consts (display_tktfile): only display NAT address with `-l' * configure.in: conditionalize aix magic to only be performed on aix 4.1 * appl/bsd/rlogind.c (doit): type correctness * appl/bsd/rshd.c (doit): type correctness 1999-12-05 * configure.in: remove /lib/pse.exp stuff for AIX. It seems to give problems on modern version of AIX 4 and we don't have any older AIX 4 boxes to test on any longer. (netdb.h): ultrix test * include/netdb.x: new file * include/Makefile.in (netdb.h): add * appl/bsd/rshd.c: use getnameinfo_verified instead of plain getnameinfo * appl/bsd/rlogind.c: use getnameinfo_verified instead of plain getnameinfo * appl/bsd/rlogind.c: replace inaddr2str with getnameinfo * appl/bsd/rshd.c: replace inaddr2str with getnameinfo 1999-12-03 * configure.in (AC_BROKEN): add freeaddrinfo, gai_strerror, getaddrinfo, getnameinfo (socklen_t): check for 1999-12-02 * lib/krb/tf_util.c (tf_get_addr): support realm == NULL (any) 1999-11-29 * lib/krb/krb-protos.h (tf_get_cred_addr): add prototype * lib/krb/tf_util.c (tf_get_cred_addr): new function for fetching the NAT addresses stored in the ticket file. From * kuser/klist.c (display_tktfile): dump the IP address being used when in NAT-mode. From 1999-11-25 * appl/bsd/rlogind.c (main): getopt returns -1 and not EOF. From * lib/krb/krb_ip_realm.c (krb_add_our_ip_for_realm): new function for obtaining the IP address that the KDC sees us as coming from. From * lib/krb/tf_util.c (tf_get_addr, tf_store_addr): new functions for storing the NAT-ed address per realm (tf_get_cred): make sure to ignore all magic credentials * lib/krb/get_in_tkt.c (krb_get_pw_in_tkt2): if using NAT, store the address the the KDC saw. (krb_add_our_ip_for_realm) * lib/krb/send_to_kdc.c: rewrite some. Make sure that we do not do any hostname lookups when using http through a proxy (the proxy is supposed to do that in the `real' name-space). 1999-11-19 * appl/bsd/rcmd_util.c (conv): add EXTA and EXTB Tue Nov 16 1999 * lib/krb/defaults.c (krb_get_default_keyfile): Get value of KEYFILE from /etc/krb.extra. 1999-11-13 * **/*.c (main): getopt returns -1 not EOF. From * configure.in: check for fields in `struct tm' and variable `timezone', used by strftime * configure.in (AC_BROKEN): strptime is a new function in roken opt*: more header files for the tests Tue Nov 2 1999 * lib/krb/krb.h (TKT_ROOT): Change the definition of TKT_ROOT to a function call. The returned value is settable in /etc/krb.extra with the construct krb_default_tkt_root = /tmp/tkt_. 1999-10-06 * lib/krb/verify_user.c: remove ERICSSON_COMPAT, it's apparently no longer needed Mon Oct 4 1999 * appl/bsd/klogin.c (multiple_get_tkt): Must use appropiate realm name when calling krb_get_pw_in_tkt or else you will receive an inter-realm TGT. 1999-10-03 * doc/problems.texi: add blurb about irix abi:s 1999-09-27 * lib/krb/tf_util.c (tf_init): cygwin work-around 1999-09-16 * configure.in: test for strlcpy, strlcat * admin/kdb_util.c (main): support `-' as an alias for stdout. originally from Fredrik Ljungberg 1999-09-15 * include/Makefile.in: remove duplicate parse_time.h * kadmin/ksrvutil_get.c (get_srvtab_ent): better error messages 1999-09-12 * configure.in: revert back awk test, now worked around in roken.awk 1999-09-06 * doc/problems.texi: document a really working fix for the xlc -qnolm bug 1999-09-04 * doc/problems.texi: comment about xlc -E brokenness 1999-09-01 * lib/krb/get_krbrlm.c (krb_get_lrealm_f): treat n = 0 the same as if it were 1 (this should make it backwards compatible with apps that pass 0 for n) 1999-08-25 * appl/bsd/login.c: surround SGI capability stuff with `defined(HAVE_CAP_SET_PROC)' 1999-08-24 * kadmin/kadmin.c (add_new_key): add missing space when printing generated passwords. bug reported by Per Eriksson DMC * lib/krb/verify_user.c (krb_verify_user_srvtab): return last error instead of KFAILURE when everything fails. * appl/bsd/klogin.c (multiple_get_tkt): return last error instead of KFAILURE when everything fails. 1999-08-18 * doc/problems.texi: some y2k stuff * doc/kth-krb.texi: update copyright, and menu * doc/intro.texi: remove unix-system section, since it's impossible to keep up to date 1999-08-13 * configure.in: test for inet_pton include in all utmp tests 1999-07-27 * configure.in: test for struct sockaddr_storage and sa_family brokenize inet_ntop 1999-07-24 * kadmin/ksrvutil_get.c (get_srvtab_ent): try to print better error messages * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \# in lib/roken/roken.awk 1999-07-22 * acconfig.h (SunOS): remove definition * configure.in: define SunOS to xy for SunOS x.y 1999-07-19 * configure.in (AC_BROKEN): check for copyhostent, freehostent, getipnodebyname, getipnodebyaddr 1999-07-13 * configure.in: use AC_FUNC_GETLOGIN 1999-07-07 * kadmin/admin_server.c (main): call krb_get_lrealm correctly * appl/bsd/rlogind.c (lowtmp): fill in ut_id 1999-07-06 * include/bits.c: move around __attribute__ to make it work with old gcc * appl/bsd/rcp.c (rsource): remove trailing slashes which otherwise makes us fail 1999-07-04 * appl/afsutil/aklog.c (epxand_cell_name): terminate on # * lib/kadm/kadm_cli_wrap.c (kadm_cli_send): free the right memory (none) when kadm_cli_out fails. based on a patch by Buck Huppmann 1999-06-24 * configure.in: check for sgi capability stuff * appl/bsd/login.c: add some kind of sgi capability capability 1999-06-23 * acconfig.h (HAVE_KRB_DISABLE_DEBUG): always define. this makes the telnet code easier when building heimdal with an older krb4 * lib/krb/kuserok.c (krb_kuserok): add support for multiple local realms and de-support entries without realm in ~/.klogin 1999-06-19 * lib/krb/send_to_kdc.c: and a new variable `timeout' in krb.extra instead of always having a timeout of four seconds. based on a patch by Mattias Amnefelt 1999-06-17 * appl/bsd/rshd.c: use DES_RW_MAXWRITE instead of BUFSIZ (for consistency) * appl/bsd/rsh.c: use DES_RW_MAXWRITE instead of BUFSIZ. Otherwise, des_enc_read might be buffering data to us and it can get returned on a des_enc_read to another fd that the original one :-( * appl/bsd/bsd_locl.h: DES_RW_{MAXWRITE,BSIZE} * appl/bsd/encrypt.c: move MAXWRITE and BSIZE to bsd_locl.h and rename them to DES_RW_\1 1999-06-16 * kuser/kdestroy.c: make unlog and tickets function correctly * configure.in: correct variables used for socks includes and libs * lib/krb/{debug_decl.c,krb-protos.h}: add krb_disable_debug 1999-06-15 * kuser/klist.c (display_tokens): type correctness * lib/krb/send_to_kdc.c (url_parse): always return the port in network byte order (and be more careful when parsing the port number) * lib/krb/send_to_kdc.c (http_recv): handle both HTTP/1.0 and HTTP/1.1 in reply 1999-06-06 * configure.in: use KRB_CHECK_X * kuser/kdestroy.c: use print_version Wed Jun 2 1999 * kadmin/kadmin.c: use print_version; (mod_entry): add command line options 1999-05-21 * appl/bsd/login.c: limit more stuff for crays; fix call to login_access 1999-05-19 * man/Makefile.in (install, uninstall): handle relative paths (fix editline) 1999-05-18 * appl/bsd/bsd_locl.h: update prototype for login_access; declare `struct aud_rec' to keep AIX xlc happy 1999-05-14 * appl/bsd/login_access.c: merge in more recent code * configure.in (CHECK_NETINET_IP_AND_TCP): use 1999-05-10 * lib/krb/get_host.c (parse_address): remove trailing slash * lib/krb/send_to_kdc.c (prog): nuke (send_to_kdc): restructure. make sure we have used all of the addresses from gethostbyname before calling send_recv (send_recv): removed unused parameters (url_parse): remove trailing slash (http_recv): make sure the http transaction was succesful 1999-05-08 * configure.in: use the correct include files for the utmp tests * appl/movemail/pop.c: rename getline -> pop_getline removed duplicate prototypes * configure.in: db.h: test for (getmsg): check for existence before checking if it works (otherwise it fails with glibc2.1 that implements an always failing getmsg) * acconfig.h (_GNU_SOURCE): define this to enable (used) extensions on glibc-based systems such as linux * configure.in: test for strndup 1999-04-21 * configure.in: replace AC_TEST_PACKAGE with AC_TEST_PACKAGE_NEW fix test for readline.h add test for four argument el_init remember to link with $LIB_tgetent when trying linking with readline 1999-04-16 * configure.in: check for prototype of strsep Sat Apr 10 1999 * configure.in: fix readline logic Fri Apr 9 1999 * man/Makefile.in: add editline and push. make install rules handle paths Wed Apr 7 1999 * appl/movemail/Makefile.in: fix names of hesiod variables * configure.in: fix readline flags Mon Mar 29 1999 * appl/bsd/utmpx_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_* * appl/bsd/utmp_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_* * appl/bsd/rlogind.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_* * configure.in: include in test for ut_*; use AC_CHECK_XAU * configure.in: utmp{,x} -> struct utmp{,x} Sat Mar 27 1999 * configure.in: AC_CHECK_OSFC2 Fri Mar 19 1999 * configure.in: use AC_SHARED_LIBS * configure.in: remove AIX install hack (fixed in autoconf 2.13) * server/kerberos.c: fix some printf format strings Wed Mar 17 1999 * lib/krb/krb.h (KRB_VERIFY_NOT_SECURE): add for completeness * lib/auth/sia/sia.c (common_auth): use KRB_VERIFY_SECURE instead of 1 * lib/auth/pam/pam.c (doit): use KRB_VERIFY_SECURE instead of 1 * lib/auth/afskauthlib/verify.c (afs_verify): use KRB_VERIFY_SECURE instead of 1 Tue Mar 16 1999 * lib/krb/verify_user.c (krb_verify_user): handle multiple local realms (krb_verify_user_multiple): remove * lib/krb/krb-protos.h (krb_verify_user_multiple): remove * lib/auth/pam/pam.c: krb_verify_user_multiple -> krb_verify_user * lib/auth/sia/sia.c: krb_verify_user_multiple -> krb_verify_user * lib/auth/afskauthlib/verify.c: krb_verify_user_multiple -> krb_verify_user * lib/krb/getaddrs.c: SOCKADDR_HAS_SA_LEN -> HAVE_STRUCT_SOCKADDR_SA_LEN Sat Mar 13 1999 * lib/kadm/check_password.c (kadm_check_pw): cast when calling is* to get rid of a warning * lib/acl/acl_files.c (nuke_whitespace): cast when calling is* to get rid of a warning * kadmin/ksrvutil.c (usage): update. improve error messages * appl/bsd/sysv_default.c (trim): cast when calling is* to get rid of a warning * appl/bsd/rshd.c (doit): more parenthesis to make gcc happy * appl/bsd/rsh.c: add `-p' * appl/bsd/rlogin.c (main): more paranoid parsing of `-p' * appl/bsd/rcp.c (sink): cast when calling is* to get rid of a warning * appl/bsd/login_access.c (login_access): cast when calling isspace to get rid of a warning * include/bits.c (my_strupr): rename to strupr and ifdef (try_signed, try_unsigned): add __attribute__ junk to get rid of two warnings * appl/bsd/Makefile.in (SOURCES): add osfc2.c * admin/kdb_util.c (update_ok_file): add fallback utimes (some systems seem to fail updating the timestamp with open(), close()) * server/kerberos.c (main): more paranoid parsing of `-a' and `-p' Thu Mar 11 1999 * configure.in: AC_BROKEN innetgr * lib/krb/send_to_kdc.c: fix types in format string * lib/krb/get_host.c: add some if-braces to keep gcc happy * lib/kadm/kadm_supp.c: fix types in format string * lib/auth/sia/Makefile.in: WFLAGS * include/bits.c: fix types in format string * appl/bsd/su.c: add some if-braces to keep gcc happy * appl/bsd/rlogind.c: add some if-braces to keep gcc happy * appl/bsd/rlogin.c: add some if-braces to keep gcc happy * appl/bsd/login.c: add some if-braces to keep gcc happy * appl/afsutil/pagsh.c: fix types in format string Wed Mar 10 1999 * server/kerberos.c: remove unused k_instance * lib/krb/krb-protos.h (read_service_key): add some consts to prototype * lib/krb/read_service_key.c (read_service_key): add some consts to prototype * appl/sample/sample_server.c: openlog -> roken_openlog * appl/kip/kipd.c: openlog -> roken_openlog * configure.in: use AC_WFLAGS Mon Mar 1 1999 * acinclude.m4: add * configure.in: typo * Makefile.in: use aclocal * Makefile.export: use aclocal * configure.in: update to autoconf 2.13 * aclocal.m4.in: have-struct-field.m4, check-type-extra.m4 * acconfig.h: update to autoconf 2.13 * lib/auth/sia/sia.c: SIAENTITY_HAS_OUID -> HAVE_SIAENTITY_OUID Tue Feb 23 1999 * configure.in: don't include afsl.exp in libkafs.a if building with dynamic afs support (breaks egcs 1.1.1) * configure.in: don't build rxkad if not building afs-support Mon Feb 22 1999 * include/Makefile.in: clean up handling of missing system headers * configure.in: clean up handling of missing system headers * aclocal.m4.in: broken-snprintf.m4 broken-glob.m4 * acconfig.h: NEED_{SNPRINTF,GLOB}_PROTO Mon Feb 15 1999 * configure.in (gethostname, mkstemp): test for prototype * configure.in: homogenize broken detection with heimdal Thu Feb 11 1999 * lib/krb/verify_user.c: If secure == KRB_VERIFY_SECURE_FAIL, return ok if there isn't any service key (or if it can't be read). * lib/krb/krb.h: KRB_VERIFY_SECURE, KRB_VERIFY_SECURE_FAIL Wed Jan 13 1999 * kadmin/kadmin.c (add_new_key): enable the `-p password' option and add the missing code. * appl/bsd/login_fbtab.c (login_protect): remove `/*' from string before reading the directory. From "Brandon S. Allbery" Fri Dec 18 1998 * man/kadmin.8 (-t): add a note about using `kinit -p' Mon Dec 14 1998 * lib/krb/name2name.c (krb_name_to_name): really verify we have an alias before trying to use it as the primary name. Fri Nov 27 1998 * lib/krb/send_to_kdc.c (url_parse): use correct length when copying the hostname Sun Nov 22 1998 * configure.in, acconfig.h: NEED_HSTRERROR_PROTO * configure.in: use AC_KRB_STRUCT_SPWD * slave/Makefile.in (WFLAGS): set * server/Makefile.in (WFLAGS): set * lib/krb/send_to_kdc.c (send_recv): add `int' * lib/krb/decomp_ticket.c (decomp_ticket): if the realm is empty, use the local realm. * lib/krb/Makefile.in (WFLAGS): set * lib/kdb/krb_lib.c (kerb_get_principal): correct test (kerb_put_principal): remove unused variable * lib/kdb/Makefile.in (WFLAGS): set * lib/auth/pam/Makefile.in (WFLAGS): set * lib/auth/afskauthlib/Makefile.in (WFLAGS): set * lib/acl/Makefile.in (WFLAGS): set * kuser/Makefile.in (WFLAGS): set * kadmin/Makefile.in (WFLAGS): set * include/Makefile.in (WFLAGS): set * appl/sample/sample_client.c (main): remove unused variable * appl/sample/Makefile.in (WFLAGS): set * appl/movemail/Makefile.in (WFLAGS): set * appl/kip/Makefile.in (WFLAGS): set * appl/bsd/Makefile.in (WFLAGS): set * appl/afsutil/pagsh.c (main): fall back to running /bin/sh if execvp fails. * appl/afsutil/Makefile.in (WFLAGS): set * admin/kdb_edit.c (change_principal): remove unused variable * admin/Makefile.in (WFLAGS): set * configure.in: check for crypt, environ and struct spwd Thu Nov 19 1998 * appl/movemail/Makefile.in: link and include hesiod * configure.in: test for hesiod Wed Nov 18 1998 * kadmin/kadm_locl.h: include * configure.in (freebsd3): seems to like symbolic links for the shared libraries 1998-11-07 * Makefile.export (ChangeLOG): handle emacs20-style changelog entries * lib/kdb/krb_dbm.c (kerb_db_get_principal, kerb_db_iterate): check return value from `dbm_open' Fri Oct 23 1998 * lib/kadm/kadm.h: enable new extended kadmin fields by default Thu Oct 22 1998 * lib/krb/get_host.c (read_file): add more kinds of whitespace * lib/krb/lsb_addr_comp.c: fix(?) calculations regrding `firewall_address' * kadmin/kadmin.c: change timeout to 5 minutes, (sigarlm): only print message if any tickets were actually destroyed, (main): less noise, (add_new_key): some cleanup, (del_entry): allow more than one principal on command line, (get_entry): set more flags * lib/kadm/kadm.h: add code to get modification date, modifier and key version number * lib/kadm/kadm_supp.c: add code to get modification date, modifier and key version number * lib/kadm/kadm_stream.c: add code to get modification date, modifier and key version number Tue Oct 13 1998 * lib/kadm/Makefile.in: ROKEN_RENAME * lib/krb/roken_rename.h: add strnlen * lib/krb/Makefile.in: add strnlen Sat Oct 3 1998 * doc/install.texi: add comment about afskauthlib being in the correct object format Thu Oct 1 1998 * kadmin/kadmin.c (change_admin_password): add `alarm(0)' to prevent it from timing out * lib/krb/time.c (krb_kdctimeofday): set `tv'. fix from Thomas Nyström Mon Sep 28 1998 * appl/bsd/osfc2.c: lots of C2 magic * appl/bsd/{rshd,rcp_util,rcp}.c: do C2 stuff * appl/bsd/login.c: move C2 stuff to osfc2.c * appl/bsd/login.c: call `set_auth_parameters' if OSFC2 Sun Sep 27 1998 * appl/bsd/login.c: add some code to call setluid Sat Sep 26 1998 * appl/sample/sample_client.c (main): correct test Sat Sep 12 1998 * configure.in (XauReadAuth): reverse test and check for -lX11 before -lXau, otherwise the test fails on Irix 6.5 Sun Sep 6 1998 * lib/krb/krb-protos.h: fix prototypes for krb_net_{read,write} * lib/krb/krb_net_{read,write}.c: new files * lib/krb/Makefile.in: add krb_net_{read,write} Fri Sep 4 1998 * lib/auth/sia/sia.c (siad_ses_launch, siad_ses_reauthent): use krb_afslog_home * lib/auth/pam/pam.c (pam_sm_open_session): use krb_afslog_home * lib/auth/afskauthlib/verify.c (afs_verify): use krb_afslog_uid_home Sun Aug 30 1998 * lib/krb/get_host.c: patch from Derrick J Brashear for doing less DNS lookups Sun Aug 23 1998 * lib/krb/ticket_memory.c (tf_save_cred): use memcpy to copy the session key. Tue Aug 18 1998 * kadmin/kadmin.c (change_password): add `--random'. From Love Hörnquist-Åstrand Thu Aug 13 1998 * lib/kclient/KClient.c (KClientErrorText): copy the string. Patch from Daniel Staaf Tue Jul 28 1998 * appl/bsd/rsh.c (main): make sure not to send `-K' before the hostname when re-execing * appl/bsd/su.c: openlog LOG_AUTH Fri Jul 24 1998 * lib/krb/create_ciph.c: typo: s/tmp/rem/ Wed Jul 22 1998 * lib/krb/send_to_kdc.c (send_recv): return FALSE if recv failed so that we try the next server * configure.in (*-*-sunos): no lib_deps * include/protos.H (utime): update prototype Thu Jul 16 1998 * acconfig.h (DBDIR, MATCH_SUBDOMAINS): added * configure.in (--enable-match-subdomains): added (--with-db-dir): added * lib/krb/getrealm.c (file_find_realm): fix MATCH_SUBDOMAINS code. Patch originally from R Lindsay Todd * lib/krb/dllmain.c: clean-up patch from * appl/krbmanager: patches from Mon Jul 13 1998 * appl/sample/sample_client.c (main): don't advance hostent->h_addr_list, use a copy instead * appl/bsd/kcmd.c (kcmd): don't advance hostent->h_addr_list, use a copy instead Fri Jul 10 1998 * lib/krb/net{read,write}.c: removed * lib/krb/Makefile.in: grab net_{read,write}.c from roken * lib/krb/roken_rename.h: add krb_net_{write,read} * lib/krb/create_ciph.c (create_ciph): return KFAILURE instead of NULL * lib/kadm/kadm_cli_wrap.c (kadm_get): return KADM_NOMEM, not NULL Wed Jul 8 1998 * server/kerberos.c (make_sockets): strdup the port specification before strtok_r:ing it * lib/krb/extra.c (define_variable): return 0 * kuser/klist.c (display_tktfile): only print time diff and newline if using the longform Tue Jun 30 1998 * lib/krb/send_to_kdc.c (send_to_kdc): be careful in not advancing the h_addr_list pointer in the hostent structure * lib/krb/time.c (krb_kdctimeofday): handle the case of `time_t' and the type of `tv_sec' being different. patch originally from * man/afslog.1: add refs to kafs and kauth * man/kauth.1: add refs to kafs * lib/krb/krb_get_in_tkt.c (krb_mk_as_req): remove old code laying around. * lib/krb/Makefile.in: add strcat_truncate.c * lib/auth/sia/krb4+c2_matrix.conf: fix broken lines and typos * kuser/klist.c (display_tokens): print expired for expired tokens Sat Jun 13 1998 * kadmin/kadm_ser_wrap.c (kadm_ser_init): new argument `addr' * kadmin/admin_server.c: new argument `-i' for listening on a single address Mon Jun 8 1998 * Release 0.9.9 Wed Jun 3 1998 * lib/krb/extra.c: implement read_extra_file() for Win32 Fri May 29 1998 * configure.in: removed duplicate crypt * lib/kdb/Makefile.in (roken_rename.h): remove dependency * lib/acl/Makefile.in (roken_rename.h): remove dependency * lib/krb/roken_rename.h: remove duplicate flock * appl/afsutil/aklog.c (createuser): fclose the file Wed May 27 1998 * lib/krb/Makefile.in (extra.c): add * slave/kpropd.c: k_flock -> flock * slave/kprop.c: k_flock -> flock * lib/krb/tf_util.c: k_flock -> flock * lib/krb/roken_rename.h: add base64* and flock * lib/krb/kntoln.c: k_flock -> flock * lib/kdb/krb_dbm.c: k_flock -> flock * lib/kdb/Makefile.in: use ROKEN_RENAME to get hold of renames symbols Tue May 26 1998 * lib/krb/extra.c: add read flag, so we don't have to look for non-existant files several times * lib/krb/send_to_kdc.c: use krb_get_config_string() * lib/krb/lsb_addr_comp.c: use krb_get_config_bool() * lib/krb/krb_get_in_tkt.c: use krb_get_config_bool() * lib/krb/extra.c: parse and use krb.extra file for special configurations, to lessen the number of environment variables used * lib/krb/getfile.c: cleanup and add `krb_get_krbextra' * lib/krb/debug_decl.c: add krb_enable_debug * lib/krb/lsb_addr_comp.c (lsb_time): if KRB_REVERSE_DIRECTION is set, negate time (fix for some firewalls) Mon May 25 1998 * lib/krb/Makefile.in (clean): try to remove shared library debris (LIBDES and LIB_DEPS): try to figure out dependencies * lib/kdb/Makefile.in (clean): try to remove shared library debris * lib/kadm/Makefile.in (clean): try to remove shared library debris * configure.in: make symlink magic work with libsl Mon May 18 1998 * appl/bsd/login.c: Hack for AIX 4.3. Thu May 14 1998 * configure.in: mips-api support. From Derrick J Brashear * configure.in: --enable-legacy-kdestroy: added. From Derrick J Brashear * kuser/kdestroy.c: LEGACY_KDESTROY: add Wed May 13 1998 * lib/krb/krb.h (const, signed): define when compiling with non-ANSI comilers. From Derrick J Brashear Mon May 11 1998 * kadmin/admin_server.c: Fix reallocation bug. Fri May 1 1998 * configure.in: don't test for winsock.h * slave/kprop.c: unifdef -DHAVE_H_ERRNO * appl/sample/sample_client.c: unifdef -DHAVE_H_ERRNO * appl/movemail/pop.c: unifdef -DHAVE_H_ERRNO * appl/kip/kip.c: unifdef -DHAVE_H_ERRNO Mon Apr 27 1998 * appl/ftp/ftpd/krb4.c (krb4_adat): applied patch from Love for checking address in krb_rd_req Sun Apr 26 1998 * appl/Makefile.in (SUBDIRS): add push Sun Apr 19 1998 * configure.in: fix for the symlink magic. From Gregory S. Stark * doc/Makefile.in (install): ignore failures from install-info. * lib/krb/Makefile.in (install): don't install include files with x bit * lib/kadm/Makefile.in (install): don't install include files with x bit * man/Makefile.in: don't install getusershell * lib/krb/Makefile.in: add symlink magic for linux. only link in com_err.o and error.o if building shared * lib/kdb/Makefile.in: add symlink magic for linux * lib/kadm/Makefile.in: add symlink magic for linux * configure.in: add symlink magic for Linux * appl/kx/common.c (connect_local_xsocket): update to try the list of potential socket pathnames Tue Apr 7 1998 * lib/krb/getaddrs.c: Don't bail out if various ioctl's fail. * doc/Makefile.in (kth-krb.info): use `--no-split' Mon Apr 6 1998 * configure.in: add --disable-cat-manpages * configure.in: call the shared libraries so.0.9.9 on linux Sat Apr 4 1998 * lib/Makefile.in (SUBDIRS): changed order so that editline is built before sl * lib/*/Makefile.in: shared library dependency information * doc/Makefile.in (clean): remove *.info* * merge in win32 changes from and * Makefile.export: aux -> cf * Makefile.in: aux -> cf * appl/voodoo/TelnetEngine.cpp (TelnetEngine::Connect): check the return from `gethostbyname' * appl/bsd/bsd_locl.h: Check for and conditionalize prepare_utmp. From * acconfig.h (__EMX__): define MAIL_USE_SYSTEM_LOCK. From * include/bits.c: renamed `strupr' to `my_strupr' not to conflict with any exiting strupr. Sat Mar 28 1998 * Makefile.in (install): use DESTDIR * include/Makefile.in (install): depend on all * man/Makefile.in (install, uninstall): use transform correctly Fri Mar 27 1998 * configure.in: don't look for dbopen. From Derrick J Brashear (termcap.h): check for * lib/krb/Makefile.in: fix for LD options on solaris. From Derrick J Brashear Thu Mar 19 1998 * appl/kx/common.c: Trying binding sockets in the special directories for some versions of Solaris and HP-UX * lib/krb/kdc_reply.c: Check for error code of zero in error packet from KDC. Wed Mar 18 1998 * appl/kx/common.c (get_xsockets): try getting sockets in lots of places * appl/kauth/kauth.c: return error code from child (plus shell magic) * lib/krb/getrealm.c (krb_realmofhost), lib/krb/get_krbrlm.c (krb_get_lrealm, krb_get_default_realm): When figuring out a default local realm name avoid going into infinite loops. Sun Mar 15 1998 * configure.in: test for and search for `tgetent' in ncurses. From Gregory S. Stark * **/Makefile.in: add DESTDIR support and .PHONY Sat Mar 7 1998 * kadmin/ksrvutil.c: Remove kvno zero restriction. * configure.in: Add option `--disable-dynamic-afs' do disable AIX dynamic loading of afs syscall library. This should hopefully also work with AIX 3. * kadmin/ksrvutil.c: Add `delete' function (from Chris Chiappa ). Thu Feb 26 1998 * kadmin/kadmin.c (do_init): fix check of return value from krb_get_default_principal * lib/kadm/kadm_stream.c (stv_string): use correct offset Sat Feb 21 1998 * include/Makefile.in: add parse_time.h * lib/krb/solaris_compat.c: new file with alternative entry points compatible with solaris's libkrb. Thu Feb 19 1998 * lib/krb/time.c: Various time related functions. Tue Feb 17 1998 * lib/krb/send_to_kdc.c: Add some more connection debug traces. Sun Feb 15 1998 * lib/krb/get_host.c (init_hosts): call k_getportbyname with proto == "udp" instead of NULL. NULL would be the right thing, but some libraries are not happy with that. * appl/bsd/rcp.c: renamed `{local,foreign}' to \1_addr to avoid conflicts with system header files on mklinux. * lib/kadm/Makefile.in: Fix rules for kadm_err.[ch]. * lib/krb/krb_err.et: Fix for changes to compile_et. * lib/com_err/{error.c,com_err.h,com_right.h}: Rename error.h to com_right.h. * lib/com_err/{compile_et.c,compile_et.h,lex.l,parse.y}: Switch back to a yacc-based compile_et. Tue Feb 10 1998 * appl/kx/kxd.c (doit): fix stupid mistake when marshalling * lib/krb/Makefile.in: add strcpy_truncate Sun Feb 8 1998 * lib/krb/netwrite.c (krb_net_write): restart if errno == EINTR * lib/krb/netread.c (krb_net_read): restart if errno == EINTR * appl/kx/rxterm.in: redirect std{in,out,err} of xterm to make sure rshd does not hang. Sat Feb 7 1998 * lib/acl/acl_files.c (acl_canonicalize_principal): use krb_parse_name * lib/krb/rw.c: add a parameter containting maximum size. Change all callers. * lots-of-files: replace {REALM_SZ, *_SZ, MaxPathLen, MaxHostNameLen} + 1 with \1 * appl/bsd/rlogind.c (cleanup): logout -> rlogind_logout * lib/acl/acl_files.c (acl_canonicalize_principal): use strcpy_truncate * include/Makefile.in: fnmatch.h * appl/ftp/ftpd/ftpd.c: * lib/kadm/kadm_stream.c (stv_string): don't use strncpy * lib/auth/sia/sia.c (siad_ses_suauthent): do ugly magic to make sure `entity->name' is long enough. * appl/ftp/ftpd/ftpcmd.y: HASSETPROCTITLE -> HAVE_SETPROCTITLE * appl/bsd/rlogind.c (logout): renamed to rlogind_logout to avoid conflict with logout() in libutil. (doit): use forkpty_truncate it there's one * appl/afsutil/kstring2key.c (krb5_string_to_key): don't use strcat * configure.in: add lots of functions and headers that were used in the code but not tested for. * lib/krb/send_to_kdc.c (url_parse): re-structured * kadmin/kadm_locl.h: add prototype for random_password and remove __P * appl/bsd/forkpty.c (forkpty_truncate): new function. use strcpy_truncate instead of strcpy * appl/bsd/bsd_locl.h: include . prototype for forkpty_truncate() * configure.in: test for Fri Feb 6 1998 * kadmin/random_password.c: Random password generation. * kadmin/kadmin.c: Add some functionality to add_new_key, to make it more useful with batch creation. Wed Feb 4 1998 * appl/bsd/login.c (find_in_etc_securetty): new function (rootterm): call `find_in_etc_securetty' * appl/bsd/pathnames.h (_PATH_ETC_SECURETTY): add Tue Feb 3 1998 * kadmin/kadmin.c: Fix `-t' flag. Centralize the calling of alarm() to a modified sl_loop(). * kadmin/kadmin.c: Add support for `batch' processing, taking a command from the command line. Remove the automatic destruction of tickets, instead add a timeout (initially set to 1 minute), after which any tickets will be destroyed. Option `-m' now sets this timeout to 0 (disabling timeout). Options `-p' takes a full principal, and `-u' takes a `username' that is used as the name of the admin principal to use. Sat Jan 31 1998 * lib/auth/sia/sia.c: Chown ticket file when doing reauth. Thu Jan 29 1998 * lib/auth/sia/sia.c: Add support for reauthentication. Mon Jan 26 1998 * appl/kauth/kauth.c (main): Add debug switch -d to kauth to aid in finding miss-configurations. Mon Jan 19 1998 * lib/krb/name2name.c: If inet_addr thinks host's a valid ip-address, assume it is, and don't call gethostbyname(). This should fix things like `rsh 1.2.3.4'. Sat Jan 17 1998 * lib/krb/get_host.c: Check for http-srv records. * lib/krb/get_host.c: Don't use getprotobyname. Check for `http' as well as `udp' and `tcp'. * lib/auth/sia/sia.c: Add password changing support. * kadmin/new_pwd.c: Use kadm_check_pw. * lib/kadm/check_password.c: Password quality check, moved from kpasswd.c. Fri Jan 16 1998 * kadmin/ksrvutil_get.c: Add `-u' flag to put each key in a separate file. Mon Jan 12 1998 * kadmin/admin_server.c: Fix broken realloc of pidarray. Fri Jan 9 1998 * rename logwtmp -> ftpd_logwtmp not to conflict with libc. Sun Dec 21 1997 * lib/krb/verify_user.c (krb_verify_user): new argument `srvtab'. Changed all callers. Sat Dec 13 1997 * lib/kdb/krb_dbm.c: check return value from dbm_store Thu Dec 11 1997 * lib/krb/k_flock.c (k_flock): Re-included an implementaion of k_flock. Changed all library and core application source to use k_flock. Tue Dec 9 1997 * appl/kx/kxd.c,common.c: more error testing from Love Hörnquist-Åstrand Use the correct number of X for mkstemp. * Release 0.9.8 * Add `--disable-mmap' configure option, do disable all use of mmap. * Rename all k_afsklog to krb_afslog. Mon Dec 8 1997 * kuser/klist.c: Add a header for tokens. Fri Dec 5 1997 * lib/krb/krb.h: Moved prototypes to krb-protos.h, cruft to krb-archaeology.h. Thu Dec 4 1997 * appl/kauth/kauth.c: Use krb_get_pw_in_tkt2. * lib/krb/get_in_tkt.c: krb_get_pw_in_tkt2 that returns key. Sun Nov 30 1997 * configure.in: check for tgetent in libcurses Mon Nov 24 1997 * appl/krbmanager: incorporate patches from for making sure there's only one instance of krbmanager. Fri Nov 21 1997 * admin/ext_srvtab.c: use atexit() to stamp out secrets. Thu Nov 20 1997 * server/kerberos.c: Log funny HTTP requests. * server/kerberos.c: Add comma to list of port separators for `-P'. * appl/voodoo/TelnetEngine.cpp (TelnetEngine::Connect): better error message (from ) Wed Nov 12 1997 * kuser/klist.c (display_tokens): patch from Sun Nov 9 1997 * Release 0.9.7 * configure.in: test for ssize_t * appl/bsd/rlogind.c: Fill in ut_type, and ut_exit if they exist. * appl/kx/common.c (create_and_write_cookie): Create temp file with mkstemp. * appl/ftp/ftpd/ftpd.c: conditionalize otp * appl/bsd/login.c: conditionalize otp * configure.in: add --disable-otp. update Makefile.in's * configure.in: define CANONICAL_HOST * configure.in, aclocal.m4: remove . contains bogus information on Crays. * include/bits.c: stolen from Heimdal * include/Makefile.in: replace ktypes.c with bits.c * lib/krb/getaddrs.c (k_get_all_addrs): cray fix * configure.in: updated header files * slave/kpropd.c: Make sure it's the kprop service that tries to send data. Fri Nov 7 1997 * configure.in: Added option --with-afsws=/usr/afsws. * lib/Makefile.in: Build lib/rxkad if we have include file rx/rx.h Thu Nov 6 1997 * appl/ftp/ftp/ftp.c (sendrequest, recvrequest): do correct tests for `-' * appl/ftp/ftp/cmds.c (getit): removed stupid goto * appl/kauth/kauth.c: Use krb_get_pw_in_tkt(), now that it is fixed. * appl/ftp/ftp/cmds.c: Don't retrieve files that start with `..' or `/' without asking. Reverse test in confirm() to check for `y' rather than not `n'. Use mkstemp. * appl/ftp/ftp/ftp.c: Add extra parameter to recvrequest, specifying if local filenames should be parsed as "-" and "|". Mon Nov 3 1997 * configure.in: updated broken list. add fclose for proto check. * kadmin/kadmin.c: updated functions to new style of sl * appl/bsd/rcp.c, rlogin.c, rsh.c: setuid before doing kerberos authentication. if that fails, exec ourselves with -K * appl/bsd/pathnames.h: add _PATH_RCP * configure.in: test for readv, writev Fri Oct 24 1997 * lib/krb/tkt_string.c (krb_set_tkt_string): const-ized * appl/ftp/ftp{,d}: new commands: kdestroy, krbtkfile and afslog. * appl/afsutil/aklog.c (expand_cell_name): fix parsing of CellServDB Sat Oct 11 1997 * appl/telnet/telnetd/sys_term.c (start_login): moved `user' so it works even if !defined(HAVE_UTMPX_H) Fri Oct 10 1997 * lib/krb/send_to_kdc.c: Change send_recv* to use a lookup table indexed by protocol. Implement http proxy use, enabled via `krb4_proxy' environment variable. Thu Oct 9 1997 * lib/krb/getrealm.c: Don't lookup top-level domains. Try files before doing DNS. Thu Oct 2 1997 * appl/krbmanager: Turned into a ticket management program. * lib/krb/{dllmain,ticket_memory}.c: Add some KrbManager interaction. Sat Sep 27 1997 * appl/voodoo: Major fixes of terminal emulation, and other things. Fri Sep 26 1997 * server/kerberos.c: Cleanup socket-opening code. Add HTTP support. * lib/krb/send_to_kdc.c: Add Kerberos over HTTP. * lib/krb/get_host.c: Parse URL-style host-specifications. * include/win32: add `version.h' and `ktypes.h' * lib/kclient/KClient.def: rename kclnt32 to make Eudora happy. Add SendTicketForService * lib/kclient/KClient.c: implement SendTicketForService. Used by Eudora. * appl/voodoo/voodoo.mak: kclient renamed as kclnt32 Thu Sep 25 1997 * Moved various base64 implementations to roken. Thu Sep 18 1997 * appl/telnet/telnetd/telnetd.c: Move the call to startslave() into the telnet() loop. This way we'll maximise the chance that the transmission is encrypted before starting login. This will hopefully remove the irritating warning you would get with some macintosh telnet clients. Wed Sep 17 1997 * appl/telnet/telnetd/sys_term.c: Fix for duplicate `-- user'. Tue Sep 9 1997 * server/kerberos.c: More detailed logging Fri Sep 5 1997 * lib/kafs/afssysdefs.h: HP-UX 10.20 seems to use 48 Thu Sep 4 1997 * lib/des/Makefile.in: quote the test for $(CC) correctly Wed Sep 3 1997 * include/ktypes.c: Move __BIT_TYPES_DEFINED__ to after including other stuff. * lib/rxkad/rxk_locl.c (rxkad_calc_header_iv): Simplify header IV calculation. * lib/rxkad/osi_alloc.c (osi_Alloc): Memory allocation routines for user space. There is no longer any need for conditional compilation of user/kernel-space versions of librxkad.a. * lib/rxkad/rxk_clnt.c (rxkad_NewClientSecurityObject): Use Transarc FC-crypto to generate random numbers. We no longer need to link a DES library into the kernel. Tue Sep 2 1997 * appl/ftp/ftpd/ftpd.c (pass): chown the ticket file is logging in with clear-text passwords and using kerberos * lib/krb/krb_log.h: new file * lib/krb/krb.h: moved all logging functions to krb_log.h. Include krb_log.h in appropriate places. From Mon Sep 1 1997 * appl/kx/kx.c: more intelligent check for passive mode new option `-P' to force passive mode Sat Aug 23 1997 * lib/krb/krb_get_in_tkt.c: rename krb_as_req -> krb_mk_as_req Wed Aug 20 1997 * lib/rxkad/rxkad.h, rxk_serv.c (server_CheckResponse): Increase limit of ticket lengths to 1024 at server end. * lib/rxkad/rxk_clnt.c (rxkad_NewClientSecurityObject): Support for almost arbitrary ticket lengths. Tue Aug 19 1997 * kadmin/ksrvutil_get.c: Make sure we're talking to the admin server when getting ticket. * lib/krb/send_to_kdc.c: Add flag to always use admin server. Sun Aug 17 1997 * appl/kx/rxtelnet.in: reverse the looking for xterm loops Use `-n' and not `-name' to xterm * server/kerberos.c: implement `-i' for only listening on one address * lib/kadm/kadm_cli_wrap.c: Implement kadm_change_pw2 to be compatible with CNS. From * appl/ftp/ftpd/ftpd.c: removed bogus reset of `debug' * appl/ftp/ftpd/extern.h: define NBBY if needed * configure.in: os2 fixes: -Zcrtdll and check for chroot Wed Aug 13 1997 * lib/krb/get_in_tkt.c: Use new get_in_tkt functions, and implement kerberos 5 salts. * lib/krb/krb_get_in_tkt.c: Split krb_get_in_tkt in two functions so it's possible to try several key-procs with just one request to the KDC. Wed Jul 23 1997 * lib/rxkad/rxk_serv.c (decode_krb4_ticket): New functions decode_xxx_ticket so that it is possible to also decode kerberos version 5 tickets. Sat Jul 19 1997 * doc/Makefile.in: `test -f' is more portable than `test -e' Tue Jul 15 1997 * lib/kafs/kafs.h, lib/krb/krb.h: swap order of and . Another fix form Fri Jul 11 1997 * lib/krb/krb.h: non-ANSI fix from Fri Jun 27 1997 * man/otp.1: `-o' option * appl/otp/otp.c: List lock-time with `-l'. New option `-o' to open an locked entry. * lib/otp/otp_db.c (otp_get_internal): Save lock_time in returned struct. * lib/otp/otp.h: New field `lock_time' in OtpContext Thu Jun 26 1997 * man/otp.1, man/otpprint.1: Update changed default to `md5' * appl/bsd/rsh.c: Don't use a hard-coded constant in `select' * configure.in, include/ktypes.c: Handle the case of there being an old version of our `sys/bitypes.h'. Sun Jun 22 1997 * lib/des: Merge in changes from libdes 4.01. The optimizations written in assembler are not used since they in general wont't work with shared libraries. Fri Jun 20 1997 * lib/krb/netread.c, netwrite.c: Handle windows discrimation of sockets. Sun Jun 15 1997 * appl/kpopper/pop_init.c: Use `STDIN_FILENO' and `STDOUT_FILENO' instead of `sp'. OSF's libc isn't quite prepared to have two different FILEs refer to the same file descriptor. Thu Jun 12 1997 * doc/dir: Add dir template file. * appl/kauth/kauth.c (main): AFS style positional argument for -n option. * appl/xnlock/xnlock.c (verify): New resource destroyTickets and corresponding option -nodestroytickets. First try local authentication and if it fails try kerberos. Sun Jun 8 1997 * appl/ftp/ftpd/popen.c (ftpd_popen): Correct initialization of `foo' before call to `strtok_r' Wed Jun 4 1997 * doc/*.texi: Use @url. * doc/setup.texi: Added @ifinfo around @dircategory Tue Jun 3 1997 * Release 0.9.6 * appl/kx/rxtelnet.in, appl/kx/rxterm.in: new argument '-w term_emulator' for specifiying which terminal emulator to use. Based on a patch from . Mon Jun 2 1997 * appl/xnlock/Makefile.in, appl/kx/Makefile.in, lib/auth/Makefile.in: fix the Makefile to do the for loops the automake way. Sun Jun 1 1997 * appl/xnlock/Makefile.in, appl/kx/Makefile.in: do install correctly even if there are no programs to install * configure.in: Check for `h_nerr'. * lib/auth/pam/pam.c: Include to make it compile on Solaris 2.6 lib/sl/sl.c, lib/krb/realm_parse.c, appl/ftp/ftpd/popen.c, appl/ftp/ftpd/ftpd.c, appl/bsd/login_fbtab.c, appl/bsd/login_access.c: Initialize the `lasts' to NULL before calling strtok_r the first time. With our strtok_r it's not necessary, but the man-page on SGIs says it should be done. Fri May 30 1997 * lib/krb/mk_req.c (krb_mk_req, get_ad_tkt): Support for multi-realm ticket files by using the best matching TGT to define the realm of the ticket holder. * appl/bsd/utmpx_login.c (utmpx_update): Set `ut_id' if we're using utmpx * appl/telnet/telnetd/sys_term.c (start_login): Set `ut_id' if we're using utmpx Wed May 28 1997 * lib/roken/daemon.c: New file. * include/protos.H: needed on solaris 2.4 Mon May 26 1997 * appl/bsd/su.c (kerberos): If kerberos password is zero length immediately try next scheme. * lib/kafs/afskrb.c (k_afsklog_uid): Token lifetime should be even if we don't know the proper ViceId. * Release 0.9.5 * man/Makefile.in: Install preformatted manual pages with correct suffix on *BSD. Sun May 25 1997 * appl/kpopper/popper.h: Remove XTND, and XTND XMIT. Rename XTND XOVER to XOVER. * appl/telnet/telnetd/sys_term.c: Only include and once * fix-export: Also create cat manpages. * appl/ftp/ftpd/logwtmp.c: Check for `_PATH_WTMP' * appl/telnet/telnetd/sys_term.c: Ditto. Remove stupid macros. * appl/ftp/ftp/cmds.c (setpeer): Check for `__unix'. This is (apparently) a standard with many representations. * appl/ftp/ftpd/ftpcmd.y (SYST): Ditto. * appl/ftp/ftpd/ftpd.c (retrieve): file must exist to apply a command to it. * appl/ftp/ftpd/ftpd.c (retrieve): Generalise list of commands and basename argument. * appl/ftp/ftpd/popen.c (ftpd_popen): Try standard binary if the one in ~ftp fails. * appl/telnet/telnetd/sys_term.c: Use `_getpty' if there's one * appl/bsd/forkpty.c: Use `_getpty' if there's one * configure.in: check for `_getpty' * acconfig.h: correct test for IRIX * lib/roken/snprintf.c: code for checking the correct functioning of *nprintf is now #ifdef PARANOIA * appl/bsd/rlogind.c: fix logging in wtmp and parsing of winsize * appl/bsd/rlogin.c: New option `-p'. * lib/des/fcrypt.c: removed `inline' from `des_set_key' Thu May 22 1997 * lib/des/md5.c (MD5Final): Made signature compliant with FreeBSD. * lib/des/md5.h: Remove digest from MD5_CTX, it is now an argument to MD5Final instead. * lib/des/fcrypt.c: Also support MD5 style crypt(2). Tue May 20 1997 * appl/telnet/telnetd/sys_term.c: utmp stuff now seems to be compatible with login * appl/ftp/ftpd/logwtmp.c: Add support for logging to wtmpx * (*/)*/Makefile.in:s (install): Avoid redundant multiple recursion in install targets. * Made things compile with socks5-v1.0r1. * appl/telnet/telnetd/sys_term.c: changed utmp-stuff not to use ut_id at all * appl/bsd/utmpx_login.c: handle case where there's no wtmpx (such as HP-UX 10) * appl/bsd/rlogind.c: Added support for utmpx Sun May 18 1997 * lib/roken: removed herror, strchr, and strrchr * lib/krb/dest_tkt.c(dest_tkt): Only use `lstat' iff HAVE_LSTAT * lib/krb: snprintf, strdup, strtok_r, and strcasecmp always live in lib/roken and get linked here when needed. * lib/roken: removed strchr, strrchr. * appl/telnet/telnet/telnet.c: Always use our own `setupterm' for compatibility reasons. * appl/telnet/telnetd/telnetd.c: Removed and . They doesn't seem to be used and breaks on fujitsu. * appl/kx/kx.c: try to give a better error message (than a core dump :-) when talking to an old kxd. * appl/kx/kxd.c, appl/kip/kipd.c, appl/kauth/kauthd.c: corrected fencepost error with KRB_SENDAUTH_VLEN. * appl/ftp/common/buffer.c: new file. * configure.in: cray hides their bitypes in . Also check for this file. * appl/telnet/telnet/telnet_locl.h: moved termios.h before curses.h. This was needed to compile on cray, but will probably break on some other host. Thu May 15 1997 * server/kerberos.c: Implement changes to the tcp protocol, while being compatible with the old protocol. * lib/krb/send_to_kdc.c: The old method to signal end of transmission by closing the sending side of the socket does not work well through some firewalls. This is now changed so that the client instead sends the length of the request as a four byte integer (in network byte order) before sending the data. Wed May 14 1997 * appl/telnet/telnetd/sys_term.c: HAVE_UTMPX -> HAVE_UTMPX_H. Fix for OSF1. * appl/bsd/utmp_login.c: UTMPX_DOES_UTMP_LOGGING -> HAVE_UTMPX_H * appl/bsd/sysv_environ.c: Use k_concat rather than snprintf. Tue May 13 1997 * kuser/klist.c: updated usage string * lib/otp/otp_print.c: make word table and reverse word table constant Sun May 11 1997 * */*: Added some __attribute__ ((format (printf))) and fixes where needed. * appl/ftp/common/sockbuf.c: start probing at 4Mb * appl/ftp/ftpd/ftpd.c: use MAP_FAILED * appl/ftp/ftp/ftp.c: Use MAP_FAILED. (alloc_buffer): new function for allocating a buffer of size max(BUFSIZ, st.st_blksize) (Based on a patch from ) * appl/ftpd/ftpdcmd.y: hack for reget. * appl/kx/kxd.c: Give a error message to old-version kx. * replaced vsprintf with vsnprintf. * lib/roken/vsyslog.c: not used. removed. * Changed -> * include/Makefile.in: Added ktypes.h * include/sys/Makefile.in: removed bitypes.h Wed May 7 1997 * appl/ftp/ftp/ftp.c: Open files in binary mode. * appl/ftp/ftpd/ftpd.c (checkaccess): Changed to make absent file mean `allow'. Added shell matching to names (if fnmatch is available). * appl/ftp/ftpd/kauth.c (kauth): Use `DEFAULT_TKT_LIFE' * appl/ftp/ftpd/ftpcmd.y, appl/ftp/ftpd/ftpd.c: always cast to (long) before printing out an `off_t' * lib/kdb/print_princ.c (krb_print_principal), lib/kdb/krb_lib.c (kerb_put_principal), admin/kdb_edit.c (change_principal), admin/kdb_util.c (print_time) : gmtime should never return tm_year > 1900 * appl/ftp/ftpd/ftpcmd.y: Year 2000 fix * appl/telnet/telnetd/telnetd.c: removed code that used `getent' * lib/roken/getent.c: removed Mon May 5 1997 * appl/ftp/ftpd/ftpd.c: fix for mmap and restart_point * kadmin/ksrvutil_get.c (ksrvutil_get): get correct default realm Sun May 4 1997 * configure.in (REAL_PICFLAGS): Use `-fPIC' instead of `-fpic', otherwise it's not possible to make libotp on hpux. * configure.in: try sending picflags even when linking a shared library with $CC * lib/roken/getent.c: remove getstr * configure.in: removed unneeded REAL_-variables working shared libraries on *bsd* * appl/kip/kip.h: Added * */Makefile.in: Use @LDSHARED@ * configure.in: Fix shared libraries on HP/UX. check for curses.h check for `getstr' and `cgetstr' in curses * appl/telnet/telnet: clean-up * lib/kafs/afssys.c: ifdef-out the code that is not used to avoid referencing `syscall' on AIX. * lib/krb/et_list.c: s/WEAK_PRAGMA/PRAGMA_WEAK/ * aclocal.m4 (AC_HAVE_PRAGMA_WEAK): redirect output * lib/roken/snprintf.c: fix for the case of max_sz == 0 * doc/kth-krb.texi: Add @dircategory and @direntry to enable `install-info' to install this entry in `dir'. * appl/telnet/telnetd/Makefile.in: Don't link with getstr * lib/auth/sia/krb4_matrix.conf: Fix entries for ses_release and chk_user. Sat May 3 1997 * lib/auth/sia/sia.c: Some cleanup. Fri May 2 1997 * configure.in: only link the programs that need it with the db/dbm library * lib/auth/sia/sia.c: Merge code for for normal and su authentication. * Replaced sprintf with snprintf and asprintf all over the place. * lib/roken/snprintf.c: Added asnprintf and vasnprintf * lib/roken/snprintf.c: implemented asprintf, vasprintf * lib/roken/snprintf.c: new file Thu May 1 1997 * lib/kafs/afskrb.c (k_afsklog_all_local_cells): Use `k_concat' Wed Apr 30 1997 * lib/krb/{get_host,get_krbrlm,getrealm,realm_parse}.c: Fix some potential buffer overruns. * lib/krb/k_concat.c: Safely concatenate two strings. Sat Apr 26 1997 * appl/telnet/libtelnet/kerberos.c: removed stupid #if 0 * appl/bsd/rlogind.c (send_oob): different default for `last_oob' to avoid losing first OOB packet Fri Apr 25 1997 * appl/voodoo/AuthOption.cpp: provoke the telnetd in turning on encryption Wed Apr 23 1997 * lib/kafs/afskrb.c (realm_of_cell): don't overflow buffer with result from `gethostbyaddr' * lib/krb/name2name.c (krb_name_to_name): new parameter `phost_size' to disable buffer overflowing. Changed all callers. * lib/krb/k_getsockinst.c: New parameter `inst_size' to disable buffer overflowing. Changed all callers. * appl/kpopper/Makefile.in: soriasis make stupidity * appl/kx/Makefile.in: don't include encdata.c in SOURCES_COMMON, otherwise DEC make gets upset. Tue Apr 22 1997 * lib/krb/k_getsockinst.c: Use same name as in krb_get_phost. * acconfig.h: hp-ux 10 also has `pututxline' that writes both to utmp and utmpx. Sun Apr 20 1997 * include/win32/config.h: adapted to win95/NT * appl/voodoo: Merged in win32-telnet from * lib/krb/tkt_string.c: dummy `getuid' function. * lib/krb/ticket_memory.c (tf_setup): implement * lib/roken/roken.mak, roken.def: new files * lib/des/des.def: Removed des_random_{seed,key} * lib/krb/dllmain.c: Rewrote `msg'. Better explanation when it fails to spawn `krbmanager'. * lib/krb/tf_util.c: backwards `in_tkt' added. * lib/krb/in_tkt.c: removed * lib/kclient/KClient: Reformatted and fixed. Sat Apr 19 1997 * appl/ftp/ftpd/ftpd.c: Incorporate /etc/ftpusers changes from NetBSD. * appl/ftp/ftpd/ftpd.c: Handle oob-stuff better. Fri Apr 18 1997 * appl/kpopper/pop_{dropinfo,send,updt}.c: Fix 'From ' line parsing bug. * appl/kpopper/pop_dropinfo.c: Add support for xover. * appl/kpopper/pop_xover.c: Add some kind of xover support. * appl/kpopper/pop_debug.c: New tiny popper debugging program. Tue Apr 15 1997 * lib/krb/kdc_reply.c (kdc_reply_cred): fix sanity checks. * appl/bsd/rshd.c: k_afsklog so that remote command gets a token. fix usage string. Sat Apr 12 1997 * appl/bsd/rcp.c (main): Rcp implements encrypted file transfer without using the kshell service. * lib/krb/mk_safe.c: Emit new checksum. * lib/krb/rd_safe.c: New code to handle both new and old checksums. * lib/des/qud_cksm.c: Fix compatibility with mit deslib. Fri Apr 11 1997 * lib/sl/sl.c (sl_match): initialize `partial_cmd' Sun Apr 6 1997 * lib/kafs/kafs.h: Ugly addition of `_P' * lib/kafs/afssys.c: contains the definition of `_IOW' on cygwin32. * appl/telnet/telnet/utilities.c: needed by cygwin32 * doc/Makefile.in: always run $(MAKEINFO). * lib/otp/otp_md.c (sha_finito_little_endian): byte-swap correctly. * include/sys/bitypes.H: Added #ifndef for types * configure.in: test for types * aclocal.m4: Stolen AC_GROK_TYPES? from heimdal * appl/ftp/ftp/ftp.c: Fix passive mode. Sat Apr 5 1997 * appl/kauth/ksrvtgt.in: New ksrvtgt script. Fri Apr 4 1997 * lib/krb/kdc_reply.c: Add some range checking. * lib/otp/otptest.c: Updated tests from `draft-ietf-otp-01.txt'. Passes verification examples from appendix C. * admin/kdb_util.c: All usage strings are now consistent (and even with the code)! Thu Apr 3 1997 * lib/kafs/afssys.c (k_pioctl): Separate syscall functionality and kerberos convenience routines into afssys.c and afskrb.c. This to make it possible to use k_pioctl() without linking in all libraries in the world. Tue Apr 1 1997 * appl/telnet/telnet/commands.c: Rename suspend to telnetsuspend, since Unicos has one of its own. Sun Mar 30 1997 * appl/bsd/{rsh,rlogin}.c: Don't look at argv[0]. * man/tenletxr.1: new file * appl/kx/rxtelnet.in, appl/kx/rxterm.in, appl/kx/tenletxr.in: Support `-k' * appl/kx/tenletxr.in: new script for running kx in backwards mode. * appl/kx: New version of protocol. * appl/kauth: Use err & c:o * appl/kauth/encdata.c (read_encrypted): Give better return code for EOF * appl/ftp/ftp/krb4.c: Use stdout rather than stderr. Add newlines to many strings. * kuser/kdestroy.c: Use set_progname, make -q equal to -f, remove bell. * lib/roken/warnerr.c: New function set_progname. * aclocal.m4: Invert test of AC_NEED_DECLARATION and rename it to AC_CHECK_DECLARATION. Add new function AC_CHECK_VAR, that looks for a variable, including a declaration. * lib/roken/roken.h: Add optional declaration for __progname. * lib/roken/*{err,warn}.c: Restructure err and warn functions. Sat Mar 29 1997 * appl/telnet/telnet/sys_bsd.c: Maybe-fix for HP-UX 10: Ifdef SO_OOBINLINE, don't even select for exceptional conditions. * lib/otp/otp_md.c: always downcase the seed. byte-swap the SHA result. Thu Mar 27 1997 * appl/otp/otp.c: removed bad free of global data Sun Mar 23 1997 * configure.in: moved version.h and config.h to include * acconfig.h: Fix utmp/utmpx stuff on OSF/1. * appl/bsd/rlogind.c (control): Rewritten to handle the case of there being no `ws_xpixel' and `ws_ypixel' * appl/bsd/rlogin.c (sendwindow): Rewritten to handle the case of there being no `ws_xpixel' and `ws_ypixel' * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): Also test for `ws_xpixel' and `ws_ypixel' * lib/otp/otp.h: Change default global timeout * lib/krb/tf_util.c (tf_setup): Also take `pname' and `pinst' * appl/telnet/telnetd/sys_term.c, appl/bsd/utmpx_login.c: Do gettimeofday and then copy the data for the sake of those systems like SGI that can have different timevals in file and memory. * configure.in: Allow `--with-readline' * lib/editline/edit_compat.c (readline): strdup data before returning it. * appl/telnet/telnetd/state.c: Change size of subbuffer to 2k. Thu Mar 20 1997 * lib/krb/decomp_ticket.c: Add some range checking. * appl/ftp/ftpd/krb4.c: Check return value from krb_net_write. * appl/ftp/ftp/ftp.c: Fix hash mark printing. Wed Mar 19 1997 * appl/kauth/kauthd.c: more logging * man/kx.1, man/kxd.8: Updated. * appl/kx/kx.c, kxd.c: Hacked so that all TCP-connections are kx -> kxd * lib/editline/edit_compat.c: BSD libedit comatibility. Wed Mar 12 1997 * appl/ftp/ftpd/ftpd.c: Set `byte_count' even when using mmap. Log foreign IP address together with hostname. Mon Mar 10 1997 * server/kerberos.c: Fix log file muddle. Sun Mar 9 1997 * appl/bsd/kcmd.c (kcmd): check malloc for failure. Tue Feb 25 1997 * man/ftpd.8: Documented the `-g' option. * appl/ftp/ftpd/ftpd.c: New option `-g umask' for specifying the umask for anonymous users. * appl/ftp/ftpd/ftpd.c: conditionalize SIGURG * appl/otp/otp.c: More fixes from Fabien COELHO . Check for current OTP before allowing the update. Wed Feb 19 1997 * appl/otp/otp.c: updated help string * appl/bsd/Makefile.in: Fixed installation of suid programs. * appl/telnet/libtelnet/kerberos.c: fix some stuff to get forwarding code to compile * lib/otp/otp_db.c: fix for signed char overflow. * lib/krb/resolve.c: Patch from Jörgen Wahlsten : Zero out resource record, and send correct length to dn_expand. Mon Feb 17 1997 * lib/roken/roken.h: Check for `_setsid' * appl/ftp/ftp/ftp.c: s/__CYGWIN32__/HAVE_H_ERRNO/ * include/Makefile.in: Generete krb_err.h and kadm_err.h before linking/copying them * aclocal.m4: AC_FIND_FUNC: Add the library at the beginning of the list. * configure.in: Use AC_PROG_RANLIB Always use EMXOMF under OS/2 Check for sys/termio.h and _setsid * configure.in: A preliminary fix for editline. * appl/telnet/libtelnet/kerberos.c: Include ticket forwarding stuff. * lib/krb/krb_get_in_tkt.c: Use tf_setup. * lib/krb/krb_get_in_tkt.c: New function tf_setup. Sat Feb 15 1997 * man/otp.1: updated * appl/otp/otp.c: New options `-d' and `-r'. From Fabien COELHO * lib/otp/otp.h: Changed default from md4 to md5 * lib/otp/otp_db.c (otp_get, otp_simple_get): New functions. Thu Feb 13 1997 * appl/kx/rxtelnet.in: allow specification of port number * appl/otp/otp.c: Add `-u' option Sun Feb 9 1997 * appl/ftp/common/glob.c: Rename FOO -> CHAR_FOO to avoid collision with symbol in sys/ioctl.h Fri Feb 7 1997 * man/kpropd.8: updated * appl/bsd/rcmd_util.c: warning needs to know what program is used. * slave/kpropd.c: New explicit flag `-i' for interactive. Don't use AI to figure out if we have been started by inetd or not. Thu Feb 6 1997 * appl/kx/rxtelnet.in, appl/kx/rxterm.in: Patch for sending -l to kx. From * kuser/klist.c: corrected alignment of `expired' * appl/telnet/telnet/commands.c: replaced lots of \n by \r\n Mon Feb 3 1997 * configure.in (socket, gethostbyname, getsockopt, setsockopt): Better tests. (HAVE_H_ERRNO): New test * lib/roken/herror.c (herror): Check HAVE_H_ERRNO lots of other files as well. Sat Feb 1 1997 * appl/bsd/rcp.c: Work around the non-working getpw* in cygwin32 * lib/krb/logging.c: Init function for `std_log´ * appl/telnet/telnet/utilities.c: Remove `upcase´ Check HAVE_SETSOCKOPT * appl/telnet/telnet/telnet.c: Use `strupr´ instead of `upcase´ * appl/telnet/telnet/commands.c, appl/movemail/pop.c, appl/kauth/rkinit.c, appl/ftp/ftp/ftp.c, appl/sample/sample_client.c: Ifdef around for the non-existence of `h_errno' in cygwin32. * lib/des/read_pwd.c: work-around for cygwin32 * appl/telnet/telnet/sys_bsd.c: work-around for cygwin32 Fri Jan 31 1997 * lib/krb/tf_util.c: gnu-win32 needs to open files with O_BINARY. Sun Jan 26 1997 * configure.in: removed duplicate of initgroups and lstat Use AC_KRB_STRUCT_WINSIZE * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): New test * lib/krb/getaddrs.c: Check for SIOCGIFFLAGS and SIOCGIFADDR * appl/bsd/rlogin.c: conditional on SIGWINCH * appl/bsd/rcmd_util.c et al: conditional getsockopt * configure.in (cygwin32): New target (getsockopt, getsockopt): Test for (herror, hstrerror): Better tests * aclocal.m4 (AC_FIND_IF_NOT_BROKEN): Pass arguments to AC_FIND_FUNC Thu Jan 23 1997 * configure.in: Add EXECSUFFIX * appl/kx/rxterm.in: rsh -n * lib/krb/unparse_name.c (krb_unparse_name_long_r): new function * lib/auth/sia/sia.c: Fix a bug with ticket filename. Add afs support. * lib/krb/get_host.c: Use KRB_SERVICE. Wed Jan 22 1997 * lib/auth/sia/Makefile.in: Add linker magic fix for broken, conflicting kerberos code in xdm. Tue Jan 21 1997 * appl/xnlock/xnlock.c (verify): Change the "LOGOUT" password to be manageable as X-resource XNlock*logoutPasswd. The password is stored in UNIX crypt format so that it can be stored in a global resource file for sites that whish to keep it a secret. * configure.in: Check for winsize in sys/ioctl.h also. Sat Jan 18 1997 * lib/krb/get_default_principal.c: Use principal from KRB4PRINCIPAL before using uid. Wed Jan 15 1997 * appl/telnet/telnet/sys_bsd.c: Use `get_window_size' * lib/roken/get_window_size.c: New file * appl/bsd/rlogin.c: Use `get_window_size' * appl/bsd/forkpty.c, appl/bsd/rlogind.c: conditionalize on TIOCSWINSZ * configure.in: Check for `_scrsize' and `struct winsize' Tue Jan 14 1997 * Makefile.in (install-strip, travelkit-strip): New targets. Thu Jan 9 1997 * */Makefile.in: Use @foo_prefix@ and @program_transform_name@ Add code to uninstall target Thu Dec 19 1996 * configure.in: Set LIBPREFIX * config.sub: Add os2 as a system * config.guess: Try to recognize i386-pc-os2_emx * configure.in: case for *-*-os2_emx NEED_PROTO for `strtok_r' * aclocal.m4: ranlib is apparently calld EMXOMF on OS/2 (AC_KRB_PROG_LN_S): New test that uses cp if ln fails Wed Dec 18 1996 * appl/bsd/login.c (main): First try to verify password using standard UNIX method and if it fails try kerberos authentication. Sat Dec 14 1996 * appl/bsd/rcp.c: consider case of no fchmod * appl/kpopper/pop_init.c: Use k_getsockinst. * lib/roken/{strupr,strlwr,strchr,strrchr,lstat,initgroups,chown, fchown,rcmd}.c: new files * appl/kpopper/pop_lower.c: Removed. * Makefile.in (travelkit): New target. Tue Dec 10 1996 * lib/krb/parse_name.c (kname_parse): Only copy realm if it is specified. * lib/krb/get_host.c (krb_get_host): Treat no realm as local realm. Mon Dec 9 1996 * appl/ftp/ftpd/ftpd.c: Get afs-tokens when logging in with password. * slave/kprop.c: flock with K_LOCK_SH Wed Dec 4 1996 * appl/telnet/telnet/commands.c: Also export XAUTHORITY Sun Dec 1 1996 * kadmin/ksrvutil.c: If realm is not specified, use the local one. Sat Nov 30 1996 * appl/kauth/kauthd.c: Use KAUTH_VERSION. Try to give correct error messages back to kauth. * config.sub, config.guess: Merged in changes from autoconf 2.12 * appl/bsd/rsh.c: quick hack to make `-n' to the right thing. * kadmin/kadm_locl.h: Add prototype for FascistCheck. Thu Nov 28 1996 * man/afslog.1: Documented `-createuser' * appl/afsutil/aklog.c: removed `cell_of_file' Added option `-createuser' to run pts to create a foreign principal. Tue Nov 26 1996 * lib/otp/otp_challenge.c: Initialize error string and check for NULL from strdup. * lib/roken/mini_inetd.c: Initialize `sin_family' * appl/kpopper/pop_init.c: Add `-p' option and make `-a' auth-style * appl/bsd/rshd.c: Add `-p' option. * appl/bsd/rlogind.c: Handle `-p' correctly. * appl/bsd/login.c: Removed confusing initialization of `login_timeout' * appl/kpopper/pop_dropinfo.c: Remove white-space at the beginning of UIDL-string. Sun Nov 24 1996 * Release 0.9.3 Sat Nov 23 1996 * kadmin/ksrvutil_get.c: Use `krb_unparse_name_long' Better defaults. * lib/krb/krb.h: Added *_to_key * lib/krb/get_svc_in_tkt.c (srvtab_to_key): Make public * kadmin/kadmin.c (do_init): `-p' is a synonym for `-u' (do_init): more logical defaults (help): removed old code better error messages * lib/krb/get_in_tkt.c (passwd_to_key, passwd_to_afskey): Export and remove functionality for reading passwords. * lib/sl/sl.c: Nicer help output. * lib/otp/otp_challenge.c: Initialize `challengep' * lib/krb/Makefile.in: Removed get_pw_tkt.c Fri Nov 22 1996 * lib/auth/sia/sia.c: Now compiles under Digital UNIX 4.0. Wed Nov 20 1996 * lib/auth/pam/pam.c: Chown ticketfile to correct GID. Tue Nov 19 1996 * appl/kx/rxtelnet.in: Try to set the screen number as well. * Be careful not to thrust `h_length' from gethostby{name,addr} * appl/bsd/rcmd_util.c (ip_options_and_die): New function. * configure.in: moved headers before functions. call AC_PATH_XTRA_XTRA. Add strchr, index, rindex, and strrchr to AC_CHECK_FUNCS. remove strchr and strrchr, add strtok_r from/to AC_BROKEN. * aclocal.m4 (AC_PATH_XTRA_XTRA): New macro. * aclocal.m4 (AC_FIND_FUNC, AC_FIND_FUNC_NO_LIBS): Two new arguments: includes and arguments) * configure.in: Need to supply arguments and includes to test for `res_search' and `dn_expand' * lib/kafs/afssys.c (k_setpag): Handle AFS_SYSCALL3 * Use `k_getpw{nam,uid}' instead of getpw{nam,uid}. * Replace lots of `strtok' with `strtok_r'. * lib/sl/sl.c: Allow unlimited number of arguments. Use `strtok_r' to divide up string into arguments. * lib/roken/roken.h: Added `strtok_r' * configure.in: Test for `strtok_r' * include/Makefile.in: Don't build in ss * Makefile.export: Fixed ChangeLog-generation * lib/sl/sl.c: Let `readline' to the \n-removal. Handle empty lines. Don't store empty lines in the history. Mon Nov 18 1996 * lib/sl/sl.c: Use readline compatible i/o. * lib/otp/otp_locl.h: Changed location of otp database to /etc * appl/otp/Makefile.in: Install otp setuid root. * util/Makefile.in: don't build SS * lib/sl: New directory. * kadmin/kadmin.c: Replaced SS by SL. Sun Nov 17 1996 * kadmin/kadm_funcs.c: Improved log messages. * Use KRB_TICKET_GRANTING_TICKET. * server/kerberos.c: Don't do any special logging when running as slave. * Lots of files: remove unnecessary `(void)' * Lots of files: remove unnecessary `register' declaration. * lib/krb/get_host.c: Only keep list of hosts from requested realm. * man/otpprint.1, otp.1: New files. * appl/otp/otp.c: `-s' is now default. * appl/otp/otp.c: removed count * lib/des/destest.c: more general quad_cksum test. * lib/otp/otp_print.c (otp_print_stddict_extended, otp_print_hex_extended): New functions. * lib/otp/otptest.c: New file. * appl/ftp/ftpd/ftpd.c: Change default auth level to what was formerly known as `user'. * appl/ftp/ftpd/ftpd.c: Orthogonalize arguments to -a * appl/kip/kip.c: Try all addresses we get back from the name server. * kadmin/kpasswd.c: updated to new functions. * lib/otp/otp_db.c (otp_db_open): Do a few retries. Unlock in case this file cannot be opened. * doc/kth-krb.texi: New chapter about OTPs. * appl/otp/otpprint.c, appl/otp/otp.c: Use OTP_ALG_DEFAULT. Consistent language Check return value from des_read_pw_string. * lib/otp/otp.h: Add OTP_ALG_DEFAULT * lib/krb/parse_name.c: New function krb_parse_name Sat Nov 16 1996 * appl/bsd/login.c: removed S/Key. Added OTP with option `-a otp' Reorganized verification loop. * appl/bsd/Makefile.in (login): Remove skey and add OTP * configure.in: Test for `uid_t' and `off_t' * appl/telnet/telnetd/telnetd.c: Removed `-s' for securID and added `-a otp' for OTP. * appl/kpopper: removed s/key and added OTP support. Updated man-page. * lib/otp/otp.h: more fields in the struct and a new function. * appl/ftp/ftpd/ftpd.c: Full OTP support. * appl/kx/rxterm.in: Add options: -l username, -r args_to_rsh, and -x args_to_xterm * appl/kx/rxtelnet.in: Add options: -l username, -t args_to_telnet, and -x args_to_xterm * man/kx.cat1: regenerated * man/kx.1: Added `-l' option. * appl/kx/kxd.c: Accept username from `kx' * appl/kx/kx.c: Introduced option `-l user' to be able to login as some other user. Fri Nov 15 1996 * appl/kx/kx.c: Print out display and not display_nr * lib/auth/Makefile.in: Fix the case with empty SUBDIRS. * */Makefile.in: Use $(LN_S) instead of ln -s * */Makefile.in: Add @SET_MAKE@ * doc/latin1.tex: New file. * doc/kth-krb.texi: Use latin1.tex to be able to use one letter that some bear seem to think is important. * doc/kth-krb.texi: Added acknowledgements. * lib/auth/Makefile.in: Only build relevant subdirectories. * configure.in: Set @LIB_AUTH_SUBDIRS@ to the subdirectories of lib/auth that should be built. * lib/kafs/afssys.c: Only get tokens for each cell once. Thu Nov 14 1996 * man: Added man pages for movemail(1) and kerberos(8). * kadmin/kadmin_cmds.ct: Add `add' for add_new_key and `passwd' for change_password. * lib/krb/logging.c: Now actually compiles! * config.{guess,sub}: Merge changes from Autoconf * lib/krb/{recv,send}auth.c: Don't return errno if there is a system error. Wed Nov 13 1996 * util/ss/Makefile.in: Now even compiles with BSD make! * appl/kx: Now send the complete display from `kxd' to `kx'. This should enable it to work better with Xlibraries that don't support unix sockets. * kuser/klist.c: conditionally include and before * lib/krb/resolve.h: Add fallback for `T_TXT'. * appl/otp/otp.c: removed print-functionality. * appl/otp/otpprint.c: New file. * appl/otp/Makefile.in: New program `otpprint' * lots of Makefile.in: Now should be possible to build with makes that have broken VPATH-handling. * configure.in: Always replace REAL_SHARED & c:o so that some libraries may be built as shared. Removed unused AC_SUBST. Only build afskauthlib on irix. * lib/auth/afskauthlib/Makefile.in, lib/auth/sia/Makefile.in, lib/auth/pam/Makefile.in: Always build as a shared library. * appl/kx/rxtelnet.in, appl/kx/rxterm.in: export PATH (from ). * lib/krb/{pkt_cipher,fgetst}.c: Removed * lib/krb/name2name.c: Renamed k_name_to_name to krb_name_to_name Mon Nov 11 1996 * appl/telnet/telnetd/sys_term.c: Really remove bad stuff from environment. Fri Nov 8 1996 * appl/bsd/rlogind.c (main): `portnum' should be int. * appl/bsd/sysv_environ.c: Use _PATH_ETC_ENVIRONMENT * appl/bsd/pathnames.h: _PATH_ETC_ENVIRONMENT: new * lib/krb/get_host.c (srv_find_realm): New parameter `service' * lib/krb/unparse_name.c: New function. Tue Nov 5 1996 * lib/auth/pam/pam.c: Add PAM Kerberos module. Mon Nov 4 1996 * configure.in: configure in lib/auth/afskauthlib * lib/kafs/afssys.c: New function `k_afsklog_uid'. * lib/auth/afskauthlib: New library that works like `afskauthlib.so' from Transarc. *lib/krb/get_host.c, lib/krb/getrealm.c, lib/kafs/afssys.c: Use dns_lookup(). * lib/krb/resolve.c (dns_lookup): Replaced several different resolver functions with one more generalized. Sun Nov 3 1996 * Add check target in lib/krb. * appl/bsd/login.c (main): Sleep 10 seconds before bailing out so that there is a chance of reading the error message. * appl/bsd/rsh.c (main): When invoked as rlogin equivalent change to real uid before execing rlogin. Sat Nov 2 1996 * appl/bsd/utmp_login.c: Do the right thing on systems where UTMPX_DOES_UTMP_LOGGING is defined. * lib/krb/krb.h: names for `krb_kuserok' prototype * lib/krb/get_host.c: Add tcp/kerberos.REALM as well. * appl/bsd/su.c: Replace call to `kuserok' by `krb_kuserok'. * lib/otp/otp_parse.c: Add support for parsing extended responses (draft-ietf-otp-ext-01). * lib/otp/otp.h: Define OTP_HEXPREFIX and OTP_WORDPREFIX. * appl/otp/otp.c: Add option `-e' for printing responses in extended mode (according to draft-ietf-otp-ext-01.txt). * lib/krb/kuserok.c: Function krb_kuserok now takes name, instance, realm rather than an AUTH_DAT. Fri Nov 1 1996 * lib/auth/sia: Add SIA Kerberos module. * lib/roken/roken.h: Need to include signal.h prior to defining SIG_ERR. * appl/bsd/utmpx_login.c (utmpx_update): Minor restructuring for simplified maintainability. * appl/bsd/utmp_login.c (utmp_login): Even when there are utmpx files on this system we should also log to the utmp files. If there are no utmp files we of course don't have to log to them. * Makefile.export: now generate PROBLEMS and COPYRIGHT as well. * PROBLEMS, COPYRIGHT, doc/kth-krb.info: removed * doc/kth-krb.texi: Put copyrights in marketing order. * appl/kpopper/popper.h: client and ipaddr should be char [] so that we can store the names there. * appl/kpopper/pop_init.c: save copies of addresses that otherwise get overwritten. Mon Oct 28 1996 * lib/krb/send_to_kdc.c (send_recv_it): Use `recv' not `recvfrom' to make winsock happy. Also don't care anymore about from which address we got the answer since we do a `connect'. * admin/adm_locl.h, lib/kdb/kdb_locl.h, kadmin/kadm_locl.h, lib/krb/krb_locl.h, lib/roken/strftime.c, server/kerberos.c: Do not use #if, use #ifdef. * configure.in: Test for `rand' and `getuid' * slave/kprop.c: Don't terminate on trivial errors in slaves-file. Sun Oct 27 1996 * doc/Makefile.in: Install from source directory if necessary. * lib/krb/kuserok.c: Do not use `k_getpwnam' in libkrb. * configure.in: You can't even use `unset', Ultrix sh does not have it. * several files: Check status from des_read_pw_string. * server/kerberos.c: Make sure all data is recieved on a tcp socket before trying to reply. * lib/krb/krb.h: Add for `struct tm' * appl/kx/Makefile.in: Both kx and kxd requires @XauWriteAuth@ * configure.in: Fix test for `XauReadAuth' Fri Oct 25 1996 * lib/krb/get_host.c (init_hosts): Must ntohs(KRB_PORT) on machines running backwards. * More consistent use of CRLF in telnet and telnetd. * Removed redundant -I$(srcsdir)/../../include from compiler args. * appl/ftp/ftpd/ftpd.c: New option `-a otp' to allow OTPs but no ordinary passwords in cleartext. * appl/ftp/ftpd/Makefile.in: Link `ftpd' with -lotp * lib/Makefile.in: Add otp * include/Makefile.in: Add otp.h * configure.in: Test for ndbm.h Generate Makefiles in lib/otp and appl/otp * appl/otp: New program to set up and generate OTPs. * lib/otp: New library for one-time passwords (RFC1938). * lib/krb/get_host.c (srv_find_realm): Added parameter `proto' * lib/des/Makefile.in: Add md4 and sha. run `mdtest' from check. * lib/des/md4.h, lib/des/md4.c, lib/des/sha.c, lib/des/sha.h, lib/des/mdtest.c: New files. * appl/kauth/Makefile.in: Make $(libexedir) as well. Thu Oct 24 1996 * appl/bsd/rlogind.c (setup_term): Actually set the speed of the terminal. * appl/bsd/rlogin.c (main): Do a `speed_t2int' before putting the speed in the TERM variable. * appl/bsd/rcmd_util.c: New functions: `speed_t2int' and `int2speed_t'. * appl/bsd/bsd_locl.h: Added prototype of `speed_t2int' and `int2speed_t'. Sun Oct 20 1996 * appl/bsd/login.c: Do `getspnam' before change the UID. Also call `endspent' * appl/krbmanager: New program used on PCs by kclient. * lib/kclient: New library. * lib/des, lib/krb: Added some PC-specific files. * doc/kth-krb.info: Regenerated. * doc/Makefile.in (kth-krb.info): Some stupid makes don't understand $< (kth-krb.html): New rule. * doc/kth-krb.texi (Compiling from source): Added some references about Socks. Sat Oct 19 1996 * doc/kth-krb.texi: Added text about ``--with-socks''. * configure.in: Use `AC_TEST_PACKAGE' for skey and socks. * aclocal.m4: Replaced `AC_TEST_SOCKS' and `AC_TEST_SKEY' with the more general `AC_TEST_PACKAGE'. Fri Oct 18 1996 * configure.in: call AC_TEST_SOCKS * acconfig.h: SOCKS * aclocal.m4: Added AC_TEST_SOCKS * lib/krb/send_to_kdc.c (send_to_kdc): Removed unused `f' and close. Thu Oct 17 1996 * man/popper.8: Option `-i' * appl/kpopper/pop_send.c: clean-up * appl/kpopper/popper.h: Removed old garbage and added SKEY. * appl/kpopper/pop_xmit.c: clean up * appl/kpopper/pop_user.c: SKEY-support * appl/kpopper/pop_pass.c: Added support for spaces in passwords and S/Key. * appl/kpopper/pop_init.c: Moved some variables into struct pop (main): Added support for `-i' * appl/kpopper/pop_get_command.c: New command "HELP". * appl/kpopper/Makefile.in: Add SKEY-stuff. * lib/krb/get_host.c: Use `k_getportbyname(KRB_SERVICE,...)' as a default instead of KRB_PORT * lib/krb/getaddrs.c (k_get_all_addrs): Add gethostbyname(k_gethostname()) as a fallback. * lib/krb/k_getport.c (k_getportbyname): proto can be NULL * lib/krb/krb.h: Only include if HAVE_SYS_TYPES_H * lib/krb/prot.h: KRB_SERVICE: Added * server/kerberos.c: Replaced linked list with a vector. Wed Oct 16 1996 * server/kerberos.c: Add support for TCP connections. * lib/krb/send_to_kdc.c: On stream sockets, use krb_net_read rather than recvfrom. Mon Oct 14 1996 * doc/kth-krb.texi: Only use `kdb_edit' to add the initial `nisse.admin'. Add all other users with `kadmin'. * doc/kth-krb.info: new file. * doc/kth-krb.texi: Added some text about kx and ftp. * appl/ftp/ftpd/ftpcmd.y, util/ss/ct.y, util/et/error_table.y : Added code for handling the case of using `bison' and having no `alloca'. Alloca is usually never called anyway, so we just use `malloc'. * appl/kx/kxd.c: All static variables are now global and in common.c. (doit_conn, doit): Turn on TCP_NODELAY. (create_and_write_cookie, suspicious_address): Moved to common.c * appl/kx/kx.c (connect_host): Try all addresses of `host'. Turn on TCP_NODELAY. (doit): prepare for TCP-only hosts. (usage,main): add `-t' (main): Passive mode is possible again. * appl/kx/kx.h: More #ifdefs for include files. Declarations for global variables. * appl/kx/common.c (get_xsockets): Try to chmod dirname(`X_UNIX_PATH') (get_xsockets): Turn on TCP_NODELAY on TCP connections. * doc/Makefile.in: New file * Makefile.in: Added `doc' to `SUBDIRS' * configure.in: Generate `doc/Makefile' Sun Oct 13 1996 * appl/bsd/rcp.c (main): Made rcp AFS aware. * lib/krb/kuserok.c (kuserok): Act as if luser@LOCALREALM is always an entry of .klogin. Sat Oct 12 1996 * appl/kx/rxtelnet.in: Start the `xterm' process correctly. * lib/des/rnd_keys.c (sumFile): consider the case that `res' is not longword-aligned. * lib/krb/get_host.c (parse_address): `getservbyname' should really get proto = NULL * lib/krb/send_to_kdc.c (krb_udp_port): removed (send_to_kdc): removed `addrlist' * lib/krb/send_to_kdc.c: Support not only UDP. * lib/krb/get_host.c (krb_get_admhst): Really ask for a admin host if that's what we want. Thu Oct 10 1996 * lib/krb/get_host.c: Simplified some code. Added stub-support for SRV-records. Wed Oct 9 1996 * appl/kx/rxtelnet.in, appl/kx/rxterm.in: PDC are unable to give correct instructions to their users and therefore we have to add strange directories to the PATH. * appl/kx/rxtelnet.in: Support sending arguments to telnet. * appl/kx/rxterm.in: rsh can reside in path or %bindir% support extra arguments to xterm (from ). * appl/kx/rxtelnet.in: Try to find some kind of terminal emulator for X. * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Look for kx in $PATH and %bindir%. * appl/kx/common.c (get_xsockets): `mkdir' the correct directory. From * lib/krb/send_to_kdc.c: Changes to allow other than udp port 750 connections. * lib/krb/get_host.c: rewrite of krb_get_{adm,krb}hst. Sun Oct 6 1996 * appl/ftp/ftpd/ftpd.c (retrieve): Got rid of `sprintf'. * configure.in: Fix order for x libs. From . Check for `fcntl', `alloca', `winsock.h', and `io.h'. * lib/krb/krb_locl.h: Check for and * lib/krb/krb.h: Check for winsock.h * lib/krb/k_flock.c: Better test for `fcntl' with locking. * lib/krb/et_list.c: Hopefully correct pragma this time. From Thu Oct 3 1996 * lib/krb/klog.c (klog): Do not forget to print the text. * lib/krb/log.c (krb_log): Print space after time in log. Wed Oct 2 1996 * appl/kpopper/popper.h: Add field msg_id to hold Message-Id for UIDL command. * appl/kpopper/pop_dropinfo.c (pop_dropinfo): Support for UIDL command. Saves Message-Id to be used as unique id. Everything is #ifdef:ed UIDL. * appl/kpopper/pop_get_command.c: Recognize UIDL command. * appl/kpopper/pop_uidl.c (pop_uidl): POP3 UIDL command implementation. * appl/kpopper/Makefile.in: New file pop_uidl.c. * configure.in: Made some of the tests into macros defined in aclocal.m4 * appl/telnet/libtelnet/kerberos.c: Given better error message when user is not authorized to login. * lib/roken/k_getpwuid.c, lib/roken/k_getpwnam.c: Call `endpwent'. If we are using a BSD-kind of system we should not leave the shadow password database open. * appl/xnlock/xnlock.c: Got rid of all `register' declarations. * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Use `set --' Mon Sep 30 1996 * lib/roken/k_getpwnam.c, lib/roken_k_getpwuid.c: Call `endspent' to try to close the shadow password file. * appl/ftp/ftpd/ftpd.c (retrieve): Cut the argument to the command and the first character of the extension. * lib/krb/send_to_kdc.c: Sun doesn't have any strerror so we can't use that here. We are only printing debug messages anyway, so just print errno for now. * appl/kx/rxtelnet.in: Now using SIGUSR2. * appl/kx/kx.c: Now using SIGUSR1 to mean `exit when number of children goes down to zero'. SIGUSR2 is `exit when number of children is equal to zero'. * appl/xnlock/xnlock.c: More fixup of old code. * appl/ftp/ftpd/ftpd.c: Only call `filename_check' for guest users. * configure.in: Added tests for more header files. Also added more ifdefs when actually including those files. * appl/kx/Makefile.in: Do not build programs if we have no X11. Sun Sep 29 1996 * appl/xnlock/xnlock.c (main): Support for shadow passwords. * lib/roken/k_getpwuid.c: New file, better support for shadow passwords. * appl/telnet/Makefile.in: Use SET_MAKE * appl/ftp/ftpd/ftpcmd.y: Remove access to several commands for anonymous users. * lib/krb/get_krbhst.c: Look for kerberos-#.realm. * appl/ftp/ftpd/popen.c: Execute files from ~ftp if possible. * appl/ftp/ftpd/ftpd.c: Add find site command. * appl/ftp/ftpd/ftpd.c: Add special handling of nonexistant files with extensions {,.tar}{,.gz,Z}. Sat Sep 28 1996 * configure.in: Check for sys/times.h, sys/param.h, and sys/timeb.h * lib/des: autoconfed a little to make it compile. * lib/roken/roken.h: Add `max', `min', and definitions for broken syslogs. * appl/bsd/bsd_locl.h: Removed SYSLOG-garbage and max. * appl/kx/kx.h: Remove prototype of childhandler. * appl/kx/common.c: Remove childhandler. Not common any more. * appl/kx/rxterm.in: Send SIGUSR1 to kx before starting xterm. * appl/kx/rxtelnet.in: Send USR1 to kx at appropriate moment. * appl/kx/kx.c: Die after receiving SIGUSR1 and when number of children goes to zero. * lib/roken/roken.h: Add STDERR_FILENO * lib/roken/mini_inetd.c (mini_inetd): Also dup onto stderr. * lib/kafs/Makefile.in (afslib.so): Change argument so they work with `ld' instead of `cc' * appl/kx/kxd.c: writeauth.c as separate file. * appl/kx/kx.c: `-d' option to disable forking. * appl/kx/Makefile.in: Compile and link writeauth.c if necessary. For some stupid reason $< does not work correctly in BSD make. Use $(srcdir) instead. * appl/ftp/ftp/ftp_locl.h: Only include once. * configure.in: Use strange X flags when looking for XauReadAuth. Add XauWriteAuth if we need to include it. Fri Sep 27 1996 * appl/sample: Sample programs work again. * appl/kx/kxd.c (main): use `mini_inetd' * appl/kx/kx.c: Use KX_PORT * appl/kx/kx.h: Remove SOMAXCONN and add KX_PORT * appl/kauth/kauthd.c (main): use `mini_inetd' * appl/ftp/ftpd/ftpd.c: Removed `conn_wait' and use `mini_inetd' instead. * appl/bsd/bsd_locl.h: Prototypes for `get_shell_port' and `get_login_port' * appl/bsd/rcmd_util.c: New file. * appl/bsd/Makefile.in: Added rcmd_util.c * appl/bsd/rcp.c: Moved `get_shell_port' to rcmd_util.c * appl/bsd/rsh.c: Moved `get_shell_port' to rcmd_util.c * appl/bsd/rlogind.c (main): Use `mini_inetd' * appl/bsd/rshd.c (main): Add support for interactive mode with `-i'. * appl/telnet/telnetd/telnetd.c (main): use `mini_inetd' * lib/roken/roken.h: Added prototype for `mini_inetd', and fallback definitions for SOMAXCONN, STDIN_FILENO, and STDOUT_FILENO. * lib/roken/Makefile.in: Added mini_inetd.o * lib/roken/mini_inetd.c: New file. Thu Sep 26 1996 * appl/kx/kxd.c (doit): read port number in ascii. * appl/kx/kx.c (doit): write port number in ascii. * appl/kauth/rkinit.c (doit_host): Check return value from `read_encrypted'. * appl/kauth/kauthd.c (doit): Removed unnecessary sprintf's before syslog. * lib/krb/krb_get_in_tkt.c (krb_get_in_tkt): Return error code from `tf_create' and not always INTK_ERR. * lib/krb/tf_util.c (tf_create): Correct check for return value from `open'. * lib/des/rnd_keys.c (des_rand_data): Try /dev/urandom as well. Wed Sep 25 1996 * appl/afsutil/pagsh.c (main): One-of error hopefully fixed this time. * configure.in: Add test for * kadmin/Makefile.in: Add back $(CRACKLIB) Mon Sep 16 1996 * appl/kx/Makefile.in: Create rxterm and rxtelnet at compile time. * kstring2key moved to appl/afsutil. Sun Sep 15 1996 * appl/kx/kx.c (main): For now always use passive mode. That's the only thing that has been tested and not a lot of people are going to use non-passive anyways. * appl/kx/kx.c (connect_host): write display_number in ascii. * appl/kx/kxd.c (doit): read display_number in ascii. * appl/kx/common.c (get_local_xsocket): Generate the /tmp/.X11-unix directory with the sticky bit set. * configure.in: Generate appl/kx/rxterm and appl/kx/rxtelnet. * appl/kx/Makefile.in: Install rxterm and rxtelnet. * appl/kx/rxterm.in, appl/kx/rxtelnet.in: New files. * appl/kx/common.c (get_local_xsocket): try to bind the socket instead of checking for existence with lstat. * appl/kx/kxd.c: Detect remote termination and cleanup on exit. Sat Sep 14 1996 * lib/des/rnd_keys.c: Hack for systems that lack setitimer (like crays). * appl/kx/kxd.c (doit): Send over the display number and the authority file actually used to kx. (create_and_write_cookie): New function to generate and write into a file a local cookie used between this pseudo-server and the clients on this host. (start_session): New function to check and remove the local cookie before the data is sent over to `kx'. * appl/kx/kx.c (display_num, xauthfile): New variables. Now `kx' prints out the values of those two variables and then goes to the background to enable some script to set these on the other host. (start_session): New function that adds a local cookie before sending the rest of the connection to the local X-server. (main): Also recognize "unix" as a local DISPLAY. * appl/kx/kx.h: used. (get_local_xsocket): Changed parameter. * appl/kx/common.c (get_local_xsocket): Now try to allocate the first free socket in /tmp/.X11-unix. Also `mkdir' this directory first. Return the number of the display opened. * appl/kx/Makefile.in: Added X libraries. * lib/des/des.h: Added prototype for `des_rand_data'. * lib/des/rnd_keys.c: Made `des_rand_data' non-static. This function is useful and now even used. Wed Sep 11 1996 * appl/bsd/login.c: Use k_afs_cell_of_file() to get tokens for the cell of the home catalog rather than the local cell. * lib/kafs/afssys.c: Add k_afs_cell_of_file. Tue Sep 10 1996 * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c: Removed all convex code. Mon Sep 9 1996 * appl/telnet/telnetd/termstat.c: UNICOS5: removed * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c: NEWINIT, UNICOS7x, UNICOS5: removed STREAMSPTY: added variable `really_stream' Now able to handle the case where the OS supports stream ptys but we run out of them and start using ordinary BSD ones. * appl/telnet/telnetd/state.c: UNICOS5: removed * appl/telnet/telnetd/pathnames.h: BFTPPATH: removed * appl/telnet/telnetd/ext.h, appl/telnet/telnetd/global.c: BFTPDAEMON: removed. UNICOS5: removed. * appl/telnet/telnetd/ext.h: STREAMSPTY: added variable `really_stream'. * lib/krb/stime.c (krb_stime): argument should be `time_t'. lib/krb/krb_locl.h: changed prototype. Sun Sep 8 1996 * configure.in: Also generate `appl/sample/Makefile' * appl/Makefile.in: Use @SET_MAKE@. Include sample * lib/krb/Makefile.in: Add krb_stime, krb_mk_auth, and krb_check_auth. * util/et/compile_et.c (main): Include in foo.c * slave/kprop.c: exit with return code == 1 to indicate failure. * server/kerberos.c (usage): Fixed usage string. * lib/krb/tkt_string.c (tkt_string): Removed bogus extern declaration of `getuid'. * lib/krb/tf_util.c (tf_save_cred): Removed bogus extern declaration of `lseek'. * lib/krb/stime.c (stime): Renamed to `krb_stime' * lib/krb/sendauth.c (krb_sendauth): reimplemented using `krb_mk_auth' and `krb_check_auth'. * lib/krb/send_to_kdc.c (send_recv): Removed stupid cast. * lib/krb/recvauth.c: Removed KRB_SENDAUTH_VERS * lib/krb/prot.h: create_auth_reply: correct prototype. krb_create_death_packet: ditto. KRB_SENDAUTH_VERS: moved here from sendauth.c and recvauth.c * lib/krb/month_sname.c: Made `month_sname' const. * lib/krb/mk_req.c: Remove stupid `register' * lib/krb/log.c (krb_log): Use `krb_stime' * lib/krb/kuserok.c (kuserok): Nightmare Filesystem might return ESTALE. Treat it the same way as ENOENT. * lib/krb/krb_locl.h: Added prototype for `krb_stime' * lib/krb/krb_check_auth.c: New file with `krb_check_auth', implemented for compatibility with CNS. lib/krb/krb_mk_auth.c: Ditto. * lib/krb/krb.h: Removed duplicate declarations of `get_request' and `krb_get_admhst'. Added declarations for `krb_mk_auth' and `krb_check_auth'. * lib/krb/kparse.h: removed prototype for `strsave' * lib/krb/kparse.c (fGetParameterSet): Use `strdup' instead of `strsave'. (strsave): Removed. * lib/krb/kname_parse.c: Removed stupid `register' declarations. * lib/krb/klog.c (klog): Use `krb_stime' * lib/krb/get_phost.c: Handle the case where the name has no dots in it by just returning it as-is. * lib/knet/Imakefile, lib/knet/getkdata.c, lib/knet/phost.c, lib/knet/sendkdata.c: removed unused files. * lib/kadm/kadm_cli_wrap.c (kadm_init_link): use `k_getportbyname' * kadmin/ksrvutil_get.c (get_srvtab_ent): Erase the key if something goes wrong. Include realm in the message when writing a key. (parseinput): New function that removes quotes and backslashes from input. (ksrvutil_get): Use `parseinput' to read input. * kadmin/ksrvutil.c (safe_read_stdin): Correct use of printf. Removed bogus casts and fflush of stdin. (main): Use `return' instead of `exit'. * kadmin/kpasswd.c (main): Use `return' instead of `exit'. * kadmin/admin_server.c: exit with return code == 1 to indicate failure. * appl/sample/sample_server.c: Rewrote to use all new functions. * appl/sample/sample_client.c: Rewrote to use all new functions. * appl/sample/sample.h: new file. * appl/sample/Makefile.in: new file. * appl/movemail/pop.c (socket_connection): use `k_getportbyname' * appl/kpopper/pop_init.c: exit with return code == 1 to indicate failure. * appl/kauth/kauth.c (doexec): new-style definition. ret should be a `pid_t'. (main): new-style definition. Use `prog' instead of `argv[0]' * appl/ftp/ftp/extern.h: Removed unused `abortsend' * appl/ftp/Makefile.in: Use @SET_MAKE@ * appl/bsd/rsh.c: get_shell_port: use `k_getportbyname' * appl/bsd/rlogin.c: get_login_port: use `k_getportbyname' * appl/bsd/kcmd.c: Removed bogus casts to `caddr_t' * admin/kstash.c: Removed bogus flushing of stderr. Replaced lots of `exit(-1)' by `return 1' * admin/kdb_util.c: Removed unused variable `aprinc'. Removed bogus flushing of stderr. Replaced lots of `exit(-1)' by `return 1'. * admin/kdb_edit.c, admin/kdb_init.c: use `return' instead of calling `exit' and use 1, not -1, for failure. * Makefile.in: Use @SET_MAKE@ * aclocal.m4: AC_NEED_PROTO: need macro to determine if we need to define a prototype for a function. * configure.in: Reordered. Removed unused stuff. Start using AC_NEED_PROTO. * config.guess: merged in FSF version from 960908. Tue Sep 3 1996 * include/protos.H: Added optarg, opterr, optind, optopt and (fclose under Sunos 4). Removed these declarations from lots of other files. * acconfig.h: Add undefs for h_errno, h_errlist, optarg, optind, opterr, and optopt. * configure.in: Use `AC_NEED_DECLARATION' for h_errno, h_errlist, optarg, optind, opterr, and optopt. * aclocal.m4: New macro `AC_NEED_DECLARATION' to figure out if we need to have an external declaration of a variable. Mon Sep 2 1996 * lib/krb/krb.h: Removed unused `req_act_vno' and `k_log'. Changed all callers. * lib/krb/krb.h: Removed definition of `MAX_HSTNM'. * lib/krb/send_to_kdc.c: Removed use of `MAX_HSTNM'. * appl/afsutil/pagsh.c: Some reformatting and fixed the off-by-one args bug. Sat Aug 31 1996 * lib/krb/{send_to_kdc.c, getrealm.c}, appl/xnlock/xnlock.c, appl/kauthkauth.c, appl/bsd/{rshd.c,rlogind.c}: Removed '#if 0'-ed code. * lib/krb/get_in_tkt.c: Removed '#if 0'-ed code and now compiles with NOENCRYPTION. * kadmin/ksrvutil.c: Now compiles with NOENCRYPTION. * appl/ftp/ftpd/ftpcmd.y: Throw away passwd after use. * appl/ftp/ftpd/ftpd.c: Fixed old comment. * slave/kpropd.c: s/sa_len/salen/ Irix has a #define for sa_len. * lib/kdb/krb_dbm.c: If key->dptr is not a `char *' we have to cast it before adding to it. * configure.in: Old test for `sa_len' in `struct sockaddr' fails on IRIX 6.2. Try to compile a program refering to that field instead of grepping for it in . * appl/bsd/kcmd.c: Removed old and broken code. * configure.in: Check for `gethostname', `uname', and * lib/krb/k_gethostname.c: Try to use `uname' if we have no `gethostname'. * appl/ftp/ftpd/klogin.c: Incorrect use of `gethostname' replaced by correct use of `k_gethostname'. * lib/roken/verify.c: Change name verify_unix_user -> unix_verify_user in analogy with krb_verify_user. Fri Aug 30 1996 * appl/xnlock/Makefile.in: Install man-page. * configure.in, */Makefile.in: Replace `-shared' with some other option when not using gcc. * lib/kafs/afssys.c: Do not start by checking if we have AFS in `k_afsklog'. * appl/bsd/rlogin.c: More kludges to make it work with rlogin on linux: Do not select for an exceptional condition on `rem' after having received EINVAL. Also rewrote ifndef NOENCRYPTION stuff. * appl/bsd/rlogind.c: More kludges to make it work with rlogin on linux: Only send oob data just after having sent normal data to make sure we never send two consecutive bytes of oob data. Also rewrote ifndef NOENCRYPTION stuff. Thu Aug 29 1996 * lib/kafs/Makefile.in: Use `ld' instead of `cc' for linking afslib.so. Not everybody has cc. Wed Aug 28 1996 * Release 0.9.2a Mon Aug 26 1996 * appl/bsd/login.c: Clean-up. Made static a lot of functions and variables. Rewrote some function definitions to ANSI-style. * appl/bsd/sysv_environ.c: KRB4_MAILDIR may and may not contain a trailing slash. We need to be very careful to make sure the contents of $MAIL does not contain two, because RMAIL in emacs uses it and emacs is no friend with double slashing. * lib/kafs/afssys.c (k_afsklog_all_local_cells): Now should return correct value. Sun Aug 25 1996 * Release 0.9.2. Sat Aug 24 1996 * lib/roken/hstrerror.c: Check for h_errlist prototype. Thu Aug 22 1996 * lib/krb/send_to_kdc.c, etc/services.append, server/kerberos.c: Changed `kerberos' to `kerberos-iv' now that it has been registered with IANA. * man/rshd.8, man/rlogind.8: updated documentation of `-a' * lib/roken/roken.h: Added declaration of `h_errno' * kuser/Makefile.in: Link kdestroy with KRB_KAFS_LIB * appl/kauth/kauth.h: Stupid declarations for syslog. * appl/kauth/kauthd.c: syslog errors and success. * include/protos.H: Removed `h_errno', now in roken.h Declare `getusershell' under solaris. * configure.in, acconfig.h: Figure out if we have to declare `h_errno'. * appl/ftp/ftp/kauth.c: Added support for afs_string_to_key. Wed Aug 21 1996 * lib/kafs/afssys.c: Look for AFS database servers in dns also. * lib/kafs/afssys.c: Add support for a ~/.TheseCells-file. Sun Aug 18 1996 * appl/bsd/rlogind.c: Removed unused `check_all' variable. Use `inaddr2str'. * appl/bsd/rshd.c: Use `inaddr2str'. * appl/bsd/iruserok.c: Removed potential buffer overrun after `gethostbyaddr'. * lib/roken/inet_aton.c: Some const-ness. * lib/roken/Makefile.in: Add `inaddr2str.o'. * appl/ftp/ftpd/ftpd.c: Use `inaddr2str'. * lib/roken/inaddr2str.c, lib/roken/roken.h: New function `inaddr2str' to convert an IP address into a verified hostname or a string of the form x.y.z.a * lib/krb/{krb_locl.h, krb.h, k_name_to_name.c, k_getsockinst.c, getrealm.c}: Some const-ness. * appl/bsd/bsd_locl.h: Removed another prototype for `crypt'. * appl/kpopper/popper.h: Some const-ness to get rid of a warning. * appl/bsd/rshd.c: Always check reverse mapping. Removed `local_domain' and `top_domain'. Added some const-ness. Sat Aug 17 1996 * include/Makefile.in: Removed VPATH. With it this makefile does not work correctly. * lib/krb/rw.c, lib/krb/krb_locl.h: Changed parameters to `krb_{get,put}'-functions to void *. * include/protos.H: Add `getusershell' in solaris. * appl/kauth/kauthd.c, appl/bsd/{rlogin.c,rlogind.c}: Less warnings because of arguments to `setsockopt'. * lib/roken/roken.h: Fixed prototype of `inet_aton' Wed Aug 14 1996 * lib/roken/verify.c: Use if there is one. * lib/kafs/Makefile.in: AFS_EXTRA_LIBS is always called `afslib.so'. Otherwise some makes get upset when there is no such library to be made. * appl/telnet/telnetd/telnetd.h: are needed to get prototype for `ptsname'. * appl/bsd/rlogind.c, appl/kpopper/pop_dropinfo.c, appl/telnet/libtelnet/{auth.h,enc_des.c,kerberos.c}, appl/telnet/telnet/utilities.c, appl/telnet/telnetd/{sys_term.c, telnetd.h, kadmin/admin_server.c, kuser/klist.c, lib/kdb/{krb_cache.c, krb_dbm.c}, lib/krb/{fgetst.c, getst.c, log.c, tf_util.c}: Include type `int' on all definitions and remove unnecessary `register'. * appl/bsd/login_access.c: Fix parameter declaration to `netgroup_match'. * appl/bsd/forkpty.c, include/protos.h: s/__sgi__/__sgi//g * admin/kdb_util.c: Use `errno' for error message instead of uninitialized variable. Tue Aug 13 1996 * appl/kauth/rkinit.c: Default port should be the same in kauth and kauthd. Sun Aug 11 1996 * configure.in: Added `AC_REVISION' * slave/kpropd.c: Cleaned up structure. Now returns useful value. * lib/roken/verify.c: Broken OSes need declartion of `crypt'. * lib/roken/roken.h: Added prototype for `verify_unix_user'. * lib/krb/lsb_addr_comp.h: Added prototype for `lsb_time'. * lib/krb/{get_admhst.c, get_default_principal.c, get_krbhst.c, get_krbrlm.c, getrealm.c, realm_parse.c} : Check for buffer overwrite correctly. * lib/krb/rw.c, lib/krb/krb_locl.h: Prepended `krb_' to `get_int', `put_int', `get_address', `put_address', `put_string', `get_string', `get_nir', and `put_nir'. Changed all callers. * lib/kdb/krb_db.h: Added prototype for `kerb_delete_principal' and `kerb_db_delete_principal'. * lib/kadm/kadm_cli_wrap.c: Removed unused variable. * appl/telnet/telnetd/telnetd.c: Changed bogus `strncpy' to `strcpy'. * appl/bsd/su.c: Fixed error messages from execv. * appl/bsd/rlogin.c: Fixed potential buffer overrun when reading "TERM". Thu Aug 8 1996 * appl/telnet/telnet/commands.c, appl/kauth/rkinit.c: Replaced `herror' by `hstrerror'. * appl/bsd/login.c: chmod the tty so that it is writable for group tty. * configure.in: Use AC_FIND_IF_NOT_BROKEN for herror and hstrerror. * aclocal.m4: New macro `AC_FIND_IF_NOT_BROKEN' * config.guess: Add 686 Tue Aug 6 1996 * lib/krb/getrealm.c: Fallback for `T_TXT' * configure.in: Look for `res_search' and `dn_expand' in libresolv. Mon Aug 5 1996 * */Makefile.in: Add Id to those missing it. * configure.in: Small fix in comment. * Release 0.9.1. * appl/ftp/ftpd/ftpcmd.y: s/timeout/ftpd_timeout/ * appl/kstring2key/kstring2key.c: `usage' changed to void. * lib/krb/mk_req.c: `build_request' changed to void. * appl/ftp/ftp/ftp_locl.h: Changed order of includes. * appl/bsd/login.c, appl/ftp/ftpd/*: s/timeout/login_timeout/ * lib/kafs/afssysdefs.h: undef AFS_SYSCALL if we are defining it. Sun Aug 4 1996 * lib/kafs/afssys.c: AIX systems will now correctly (I hope) detect whether AFS is loaded or not. This is currently a bit kludgy, and involves loading an external shared library, afslib.so, which can be put in athena/lib or pointed to with environment variable AFSLIBPATH. This is only tested on AIX 4 (due to lack of an AIX 3 system). * lib/krb/getrealm.c: Range-check the result from the DNS. * lib/krb/get_krbrlm.c: Try to use the DNS to find out which realm this host belongs to. * kadmin/ksrvutil_get.c: Fixed error message. * lib/kafs/*: Fix aix/afs brokenness. * lib/kadm/kadm_stream.c (stv_string): Range check. Fri Jul 26 1996 * appl/ftp/common/{ftp,ruserpass}.c: Less bogus domain name handling. Mon Jul 22 1996 * lib/krb/mk_req.c: Use encrypt_ktext() * configure.in, lib/kafs/afssys.c: Add option to exclude AFS support (this is useful only on AIX systems that doesn't have AFS). * configure.in: Removed configuration from subdirectories. Sat Jul 13 1996 * appl/ftp/ftp/extern.h, appl/ftp/ftp/ftp.c: Substitute `struct fd_set' with `fd_set'. Mon Jul 8 1996 * Makefile.in: install should depend on all. Sun Jul 7 1996 * appl/bsd/su.c: Allow root to set the uid without entering a password. Fri Jul 5 1996 * lib/krb/getrealm.c: Add automatic dns realm search. Thu Jul 4 1996 * lib/krb/log.c (krb_log): Renamed k_log(...) to krb_log(...) for compatibility with CNS. There is still a #define k_log krb_log. * util/et/et_list.c: Hack to resolve _et_list in shared libraries. Fri Jun 28 1996 * appl/bsd/rlogin.c (reader): If after a select rlogin fails to read expected OOB data try to read ordinary data before continuing. * appl/bsd/rlogin.c (oob_real): SunOS5 tty race kludge. * appl/bsd/rlogind.c: Cleanup oobdata stuff. Thu Jun 27 1996 * appl/bsd/login.c (main): Also check for complete tty name with `rootterm'. * lib/krb/check_time.c: New function `krb_check_tm'. * lib/roken/tm2time.c: New function `tm2time', mktime generalized to local timezone and UTC. * kadmin, admin: Use `tm2time' and `krb_check_time' instead of `maketime'. Tue Jun 25 1996 * lib/krb/mk_priv.c (krb_mk_priv): Send correct address. * appl/kauth/kauthd.c: Set ticket file to some sane default, and add -i debugging switch. Mon Jun 24 1996 * appl/xnlock, appl/kauth, appl/telnet/telnetd: Use BINDIR and not `/usr/athena/bin'. Wed Jun 19 1996 * appl/bsd/rlogin.c: consistent usage of oob_real. * appl/bsd/rlogind.c: Do not send oob garbage when running solaris? Seems that linux is unable to handle the duplicate urgent data that is the result. * appl/bsd/rlogind.c: Fix usage. * appl/bsd/kcmd.c: Don't F_SETOWN. Mon Jun 17 1996 * lib/krb/rw.c: Add get_address() and put_address(). * appl/telnet/telnetd/telnetd.c: updated usage * appl/bsd/su.c: Replaced getpass by des_read_pw_string * appl/bsd/forkpty.c (ptym_open): Removed unused `ptr2'. * appl/bsd/rlogind.c: Removed unused functions and made others static. Sun Jun 16 1996 * Release 0.9. * appl/ftp/ftpd/ftpd.c: Don't just send data in plain when doing NLST. * configure.in: test for setresgid. * kadmin/ksrvutil_get.c: Fixed byte manipulations of keys. Sat Jun 15 1996 * lib/des/rnd_keys.c (des_rand_data): At least `srandom'. * appl/ftp/ftp/cmds.c: Support longer passwords when retrying login. * kadmin/admin_server.c, man/kadmind.8, kth-krb.texi: Reading key file from file is now the default. Use `-m' to enter it manually. `-n' is currently a no-op. * appl/ftp/ftpd/ftpd.c: Add S/Key support. * appl/ftp/ftpd/Makefile.in: Link with S/Key. * appl/ftp/configure.in: Test for S/key. * configure.in, aclocal.m4: Moved skey test to aclocal.m4. * appl/bsd/login.c: Correct argument to `skeyaccess'. Fri Jun 14 1996 * lib/krb/verify_user.c: New parameter to specify service key instance, NULL means "rcmd". * lots of files: All ticket filenames uses `TKT_ROOT'. * appl/bsd/rlogind.c: Check for uid == 0 and user != "root". Tue Jun 11 1996 * appl/kpopper/pop_init.c(pop_init): Got rid of some old ifdef'ed code. * lib/kdb/krb_dbm.c: Add macro for `dbm_delete' for the people that are ndbm challenged. Mon Jun 10 1996 * lib/krb/kname_parse.c: Got rid of duplicate defintions. * appl/ftp/ftp/ruserpass.c: Get hostname even if user has no '.netrc' file. * lib/kadm, lib/kdb, kadmin: Add database delete operation. * lib/krb/kname_parse.c: Allow dots in instances. * appl/bsd/rlogind.c (logwtmp): Only define `logwtmp' if it does not exist. Log more garbage. Sun Jun 9 1996 * appl/telnet/configure.in: Check for `logwtmp'. * appl/ftp/configure.in: Use `AC_FUNC_MMAP' * appl/bsd/forkpty.c: Removed all ugly pty search stuff from ptym_open(). * configure.in: Modified the creation of version.h, now actually shows up with ident.It is now also slightly more keen on creating a new version.h. Sat Jun 8 1996 * lib/roken/verify.c: for NULL. * appl/xnlock/xnlock.c (leave): Call XCloseDisplay, otherwise screen saver changes are not updated before closing the X connection. * appl/bsd/utmp_login.c: Remove tty-prefix from ut_id; this field is usually very short. Fri Jun 7 1996 * slave/kpropd.c: Add option -m to merge rather than load database. Thu Jun 6 1996 * admin/kdb_util.c: Add a merge operation. (One day it might be used to propagate only patches to the database) Wed Jun 5 1996 * appl/kpopper: Support both POP3 and KPOP3. * appl/xnlock/xnlock.c: Use `verify_unix_user' * lib/roken/verify.c: verify_unix_user: New function from xnlock for checking passwd in `/etc/passwd'. * appl/telnet/telnetd/sys_term.c: gettimeofday buglet * slave/kpropd.c: Rewrite of kpropd. * admin/kdb_util.c: Sanity check on input to load_db. * slave/kpropd.c: Use default value for fname. * slave/kprop.c: Use some sane default values for data_file and slaves_file. * admin/kdb_util.c: If there isn't any database when loading, create an empty one. Mon Jun 3 1996 * appl/telnet/telnetd/sys_term.c: Somewhat changed the way utmpx entries are created. It should now work on both Solaris and IRIX, without stale login information. Sat Jun 1 1996 * lib/krb/k_gethostname.c (k_gethostname): Fallback. * lib/krb/send_to_kdc.c (send_to_kdc), kadmin/kadm_ser_wrap.c (kadm_ser_init), slave/kprop.c (prop_to_slaves), slave/kpropd.c (main): Use `k_getportbyname'. Fri May 31 1996 * Lots of files: more #includes ifdefad and cleaned up. Thu May 30 1996 * Lots of files: Replaced bcopy/bzero/bcmp with memcpy/memset/memcmp. * lib/krb/get_default_principal.c: Use getlogin() if it is the BSD variant that actually gives some information. * lib/krb/create_ticket.c: Write correct address byteorder. * lib/kadm/kadm_stream.c,kadm_cli_wrap.c: Don't assume int32_t is four bytes. * kadmin/kpasswd.c: Allow principal without -n. * kadmin/kadmin.c: Use krb_get_default_principal. * appl/ftp/ftpd/ftpd.c: Fix bare newline bug. * appl/bsd/rlogind.c: Add -i and -p options to start rlogind from command line (for debugging). * INSTALL: Rewritten. Wed May 29 1996 * appl/ftp/ftp/krb4.c: Handle different sizes of returned checksum. * appl/bsd/Makefile.in: Don't install login setuid. Fri May 24 1996 * appl/bsd/rsh.c: Don't run away yelling if someone calls you `remsh'. Sun May 19 1996 * lib/krb/kdc_reply.c: Remove unused function decrypt_tkt. Sanity check on decrypted ticket. Wed May 15 1996 * server/kerberos.c: Should work with the new libkrb * appl/kip: Support more than one tunnel device. * lib/krb/*.c: All functions that create or decode kerberos packets have been rewritten. Hopefully, everything still works. This is to eliminate problems with wierd systems, like Crays, that doesn't have any two or four byte integers. Some of these changes could be a lot more pretty, and *many* assumptions that sizeof(int32) == 4 still exist in the rest of the code, though. As a side effect, all packets sent are now in network byte order. Mon May 13 1996 * configure.in: Shared libraries for Irix * Several fixes for UNICOS. * appl/ftp/ftp/krb4.c: Allow default data protection level through a "prot level" in .netrc. This really should be done in a more useful manner. Sun May 12 1996 * appl/xnlock/xnlock.c: Cleaned up user verification code. Now uses new function krb_verify_user. Also fixed a few problems with the password prompt box. * lib/krb/verify_user.c: New function krb_verify_user to verify a user with kerberos. * appl/kip: New program for forwarding IP packets over kerberised connections using tunnel devices. * appl/kauth/kauth.c, kadmin/ksrvutil.c: Use krb_get_default_principal * appl/bsd/rlogind.c: Do not change portnumber to host order if using kerberos. This will cause the magic `reverse-time-if-port-is-less-than' to fail. * lib/des/GNUmakefile: Removed file. This file causes problem when building in the source directory and when using GNU make which prefers this file to the generated Makefile. * appl/bsd/login.c: More careful when handling returned value from `getspnam'. Sat May 11 1996 * lib/krb/realm_parse.c: New function to expand a non-complete realm to its official name, e.g nada -> NADA.KTH.SE. * lib/krb/get_default_principal.c: New function to guess the default principal to use. Looks at any existing ticket file first, then at uid/logname etc. * kadmin/kadmin.c: Use kname_parse and allow different instances and realms. * lib/roken/k_getpwnam.c: New function k_getpwnam that should work with and without shadow passwords. * Lots of files: s/getpwnam/k_&/g. Tue May 7 1996 * lib/des/des_locl.h: DES library updated to version 3.23, des_locl.h now includes configure.h to get HAVE_TERMIOS etc. * lib/des/des.h: On the alpha define DES_LONG to unsigned int. * kuser/kinit.c: Handle passwords longer than 16 characters. * appl/xnlock/xnlock.c (GetPasswd): Handle longer passwords than 16 characters. Sun May 5 1996 * Release 0.8. * appl/ftp/ftpd/kauth.c: Klist command. * appl/ftp/ftpd: Removed `-g' from calls to ls. * appl/ftp/ftp/cmds.c (setpeer): Fix so that opening a second connection to a specified port works. * appl/telnet/telnet: Default is binary. * appl: Now build under Ultrix. * appl/kx: Now even builds on AIX. Sat May 4 1996 * lib/des: Now merged in libdes 3.21 on main branch. * appl/ftp/ftpd/logwtmp.c: Slightly different functionality. Works on systems that has more fields in struct utmp such as OSF/1. Still some questions about Solaris. * lib/krb/lsb_addr_comp.c: Now byteorder independent. * appl/kx: Rewrote kx & kxd to share more code. They are also now able to talk both ways. * lib/kdb/krb_dbm.c (kerb_db_rename): Now works properly when using berkeley DB. Thu Apr 25 1996 * lib/krb/get_krbrlm.c (krb_get_default_realm): New function for SunOS5 compat. * When building shared libraries link libkrb with libdes to be compatible with SunOS5. * Move lib/krb/krb_err.et to lib/kadm since it is only used there, no longer need to link libkrb against libcom_err. Wed Apr 24 1996 * lib/krb/lsb_addr_comp.h: Renamed ugly lsb_addr_comp. * Some porting to UNICOS. Tue Apr 23 1996 * Moved some junk from appl/bsd to libroken. * lib/roken/Makefile.in (LIBNAME): Added header file roken.h for library libroken.a. * Add kerberized ftp. * Add libroken. Mon Apr 22 1996 * appl/kauth/kauth.c: When commands are given to kauth, a new ticket file is used. Sat Apr 20 1996 * appl/xnlock/xnlock.c: Fixed a potential overwrite bug. Also works with more than one screen, only fancy stuff on screen 0, though. Fri Apr 19 1996 * appl/bsd/login.c, su.c, rshd.c, rlogind.c: Syslog and abort when getpwnam returns uid == 0 but user is not root. This is usually the result of an attack on NIS (former YP). Wed Apr 17 1996 * kadmin/ksrvutil.c (get_key_from_password): Support for generating AFS keys. From Sun Apr 14 1996 * appl/kx: New program for forwarding a X connection. Mon Apr 8 1996 * appl/bsd/rsh.c (get_shell_port): Default port number for ekshell changed from 2106 to 545. * appl/bsd/login.c (doremotelogin): Remove terminal speed from the value of $TERM in the case of an ancient rlogind being used. Thu Apr 4 1996 * lib/kafs/afssys.c (k_afsklog): Try to read from /usr/vice/etc/TheseCells for list of cells we should try to obtain tokens for. * appl/kauth/kauth.c (renew): Use cell even when renewing. * appl/kauth/kauth.c, appl/xnlock/xnlock.c: Always call k_afsklog with realm == NULL. * lib/kafs/afssys.c: More thorough guessing of what realm a cell belongs to. Wed Apr 3 1996 * appl/bsd/login.c: If setuid() failes and not logging in as root, exit. Tue Apr 2 1996 * server/kerberos.c: Set name, inst, and realm to NULL in APPL_REQUEST, error replies tend to look a bit funny otherwise. Thu Mar 28 1996 * appl/bsd/iruserok.c (iruserok): Imported iruserok() FreeBSD. Tue Mar 26 1996 * lib/des/Makefile.in: Removed enc_read.c enc_writ.c. * appl/bsd/Makefile.in: New file with the old functions from libdes. * appl/bsd/utmp_login.c: Fixed (hopefully) double utmp-entries in Solaris. Only put entries in one of utmp/utmpx, since they both get updated by putut*ent() anyway. Mon Mar 25 1996 * kuser/klist.c (main): Use verbose option (-v) to list key version numbers. * Release 0.7. Sun Mar 24 1996 * appl/bsd/rlogin.c (doit): Moved signal junk (as far as possible) to doit(). * configure.in: Check for getmsg with AC_TRY_RUN instead. Otherwise it fails under AIx 3.2. Now rlogind works on this so-called OS. Also cache value of berkeley db check. * lib/kdb/krb_kdb_utils.c: New experimental masterkey generation, enabled with --enable-random-mkey. This makes kdb_init et al generate random master keys, based on random input from the user. This comes in a package with auto-kstash, and possibility to enter lost master keys as base64. Moved default master key file from /.k to /var/kerberos/master-key, override with --with-mkey=file. * kadmin/kadmin.c (do_init): Handle the `-t' option to kadmin, meaning do not get a new ticket file. (From CNS). Fri Mar 22 1996 * appl/xnlock/xnlock.c: Removed some dead code, and a few unused header files. * kadmin/pw_check.c (kadm_pw_check): If kadm_pw_check() fails *pw_msg can't be 0! At the very least use the empty string but a descriptive error-message is preferred. * libtelnet: add nonbroken signal() function. Wed Mar 20 1996 * appl/kpopper/pop_pass.c (pop_pass): Use kuserok to determine if user is allowed to fetch mail. * appl/kpopper/*. Got rid of some ugly codes and some warnings. * appl/bsd/Makefile.in: signal.o was not included in OBJECTS, which made strange makes not doing what they should. * configure.in, appl/kpopper/popper.h, appl/bsd/pathnames.h: Now should work on systems that do not have mail spool files in /var/spool/mail. Looks for MAILDIR or _PATH_MAILDIR, usually from or . Defaults to /var/spool/mail. Mon Mar 18 1996 * appl/bsd/bsd_locl.h: TIOCPKT for those systems missing it. Fri Mar 15 1996 * lib/kafs/kafs.h: Use instead of * appl/bsd/rshd.c (doit): Don't set environ, send it as an argument to execle instead. * lib/kafs/kafs.h: Find definition of _IOW. * configure.in: Check for random. * appl/bsd/bsd_locl.h: Including gives too many conflicts. * appl/afsutil/pagsh.c: Check for random. Thu Mar 14 1996 * appl/bsd/bsd_locl.h, appl/telnet/telnetd/defs.h: Default values of `TIOCPKT_FLUSHWRITE' & c:o. * appl/telnet/telnet{,d}/Makefile.in (telnetd): Change order of linking in libraries. * configure.in: Check for interesting functions in libsocket and libnsl and not strange soriasis inventions. Wed Mar 13 1996 * appl/bsd/bsd_locl.h (fatal): Only use prototype or iruserok if the function does not exist. Mon Mar 11 1996 * lib/krb/krb_err_txt.c (krb_get_err_text): Changed name of krb_err_msg to krb_get_err_text(int) to be compatible with the CNS distribution. This function is used for instance by CVS-1.7. Sun Mar 10 1996 * configure.in, appl/Makefile.in: removed rkinit * etc/inetd.conf.changes, etc/services.append: Added kauth. * appl/kauth: Integrated rkinit into kauth. * appl/kauth/kauth.c (main): Only look for principal name if no -p has been given. * lots of files: prototypes and other small fixes. * appl/bsd/sysv_shadow.h: spwd multiple defined. * appl/bsd/bsd_locl.h: include * configure.in: Added afsutil and rkinit. * */Makefile.in: Do cd $$i && $(MAKE). Otherwise, if cd fails you end up with an infinite recursion. * kuser/klist.c (display_tktfile): Another warning removed. Tue Mar 5 1996 * appl/bsd/forkpty.c (forkpty): Kludge for Ultrix, rlogind now works properly also under this system. * appl/afsutil: New aklog and pagsh * lib/krb/krb_equiv.c (krb_equiv): Fix bugs with '\\'. * lib/des/rnd_keys.c: Include . Mon Mar 4 1996 * appl/kauth/kauth.c (main): Handle name when given after options. Sun Mar 3 1996 * appl/rkinit/rkinit.c (getalladdrs): Check for herror. Solaris apparently does not have any. (main): Use memset instead of bzero. * appl/rkinit/rkinitd.c (decrypt_remote_tkt): bcopy -> memcpy. * kuser/kinit.c (main): Corrected lifetime. * lib/krb/krb_equiv.c (krb_equiv): Now handles longer lines, continuation lines and addresses of the form 193.10.156.0/24. * kuser/Makefile.in (kdestroy): Link kdestroy with libkafs. Wed Feb 28 1996 * Replaced all occurencies of krb_err_txt[] with new function krb_err_msg(), that does some sanity checks before indexing krb_err_txt. Mon Feb 26 1996 * appl/telnet/telnetd: Added flags -z to have telnetd log unauthenticated logins, such as when using an old telnet client. Unfortunately in most of these cases, the user name is not known. There should also be a way to tell the difference between bad authentication (such as with expired tickets) and no attempt to provide authentication (such as with an old client). Sun Feb 25 1996 * kuser/kdestroy.c: Remove afs-tokens as well as tickets, -t flags added to prevent this. Thu Feb 22 1996 * appl/rkinit/rkinitd.c (doit): Use k_getsockinst to make it work correctly for multi-homed hosts. * appl/rkinit: New program with rkinit functionality. * lib/krb/k_getport.c: Function for finding port in /etc/services with fallback. * lib/krb/netread.c,netwrite.c (krb_net_{read,write}): Now correct prototype with void * and size_t. Wed Feb 21 1996 * kadmin/new_pwd.c (get_pw_new_pwd): Moved get_pw_new_pwd to seperate file. Now called both from kadmin and kpasswd. * kadmin/pw_check.c (kadm_pw_check): Handle the case of no password provided. This is really a policy decision. The server should be able to say `use a client that sends the password'. * appl/bsd/rlogind.c (local_domain): MAXHOSTNAMELEN -> MaxHostNameLen. Sun Feb 18 1996 * appl/bsd/rcp.c (answer_auth): Made rcp multihome aware. * appl/bsd/rlogind.c (do_krb_login): Made rlogind multihome aware. * appl/bsd/rshd.c (doit): Made rshd multihome aware. * lib/krb/k_getsockinst.c (k_getsockinst): New function to figure out the instance name of interfaces on multihomed hosts. Use this function when making daemons multihome aware. * appl/telnet/libtelnet/kerberos.c (kerberos4_is): Made telnetd multihome aware. Mon Feb 12 1996 * Release 0.6. Sun Feb 11 1996 * lots of files: hacks to make it all compile. * configure.in, appl/telnet/configure.in: More broken AIX. * appl/bsd/bsd_locl.h: Fix for old syslogs (as in Ultrix). * appl/telnet/libtelnet/encrypt.c: encrypt_verbose by default. * appl/telnet/libtelnet/kerberos.c: Show difference between MUTUAL and ONE_WAY KERBEROS4. * appl/telnet/libtelnet/encrypt.c: Print message about not encrypting when receiving WONT or DONT encrypt. * configure.in: Automatic check for HAVE_NEW_DB. * lib/krb/getaddrs.c (k_get_all_addrs): Fixed for systems with SOCKADDR_HAS_SA_LEN, aka 4.4BSD-based. * appl/telnet/telnetd/global.c: Removed some multiple defined variables. * appl/bsd/rlogind.c (cleanup): ifndef HAVE_VHANGUP. * appl/bsd/sysv_shadow.h: Add DAY and DAY_NOW ifndef. * configure.in: Check if `struct sockaddr' has `sa_len'. Sat Feb 10 1996 * appl/telnet/telnetd/telnetd.c (recv_ayt): pty -> ourpty. * appl/bsd/bsd_locl.h: More include-files: and * appl/kpopper/popper.c (catchSIGHUP): Got rid of some warnings. * lib/krb/log.c (new_log): Yet another year 2000. * appl/bsd/sysv_environ.c (read_etc_environment): Support setting environment variables from /etc/environment. * appl/bsd/bsd_locl.h: * configure.in: check for setpcred, libs.a and . * appl/bsd/login.c (main): setpcred is used on AIX. * appl/bsd/rshd.c (doit): Added setpcred for AIX. * lib/krb/getaddrs.c: is sometimes needed. * admin/kdb_init.c (main): Now verifies master key. * lib/kdb/krb_kdb_utils.c (kdb_get_master_key): Added possibility of asking for verfication. * appl/bsd/bsd_locl.h: Try to include * appl/telnet/telnetd/utility.c (printsub): Mismatch arguments. * lib/krb/send_to_kdc.c (send_to_kdc): Send to all A records and accept an answer from anything we have sent to. * appl/kauth/kauth.c (renew): Use strange return types for strange OSes. (doexec): Remove tokens. * server/kerberos.c (main): Uses k_get_all_addrs and binds to each of these addresses. * kadmin/ksrvutil_get.c (ksrvutil_get): Added support for specifying key to create on command line to get. Wed Feb 7 1996 * lib/krb/log.c (k_log): Now using YYYY for years. * lib/krb/klog.c (klog): Preparing for the year 2000. * kuser/kinit.c (main): Added option -p to get changepw-tickets. * lib/krb/getaddrs.c: New file to get all the addresses of all the interfaces on this machine. Tue Feb 6 1996 * configure.in: Support for S/Key in login.c. Use --with-skeylib switch to configure. The code assumes that the skeylib.a comes from logdaemon. * General support for shadow password files if there is an shadow.h. * appl/bsd/su.c: Arrange so that it supports shadow passords. Sun Feb 4 1996 * appl/telnet/*: Hacks to make it work on strange OSes. * appl/bsd/bsd_locl.h: Check for sys/ptyvar.h * appl/telnet/configure.in (telnet_msg): sys/str_tty.h, sys/uio.h * configure.in: test for crypt.h and sys/ptyvar.h * appl/telnet/telnetd/*.c: pty -> ourpty. * telnetd: Changes to make more systems work better, specifically AIX 4. Hopefully this will work on both STREAM and BSD systems. Not tested on some systems, like CRAY and Linux. * util/ss/mk_cmds.c: Generating cleaner code. * lib/krb/krb_err_txt.c (krb_err_txt): Clarification. * kadmin/admin_server.c: Less varnings. * appl/xnlock/xnlock.c: Changed some types and added some casts. * appl/movemail/movemail.c: Not using syswait.h anymore. * appl/xnlock/xnlock.c: God rid of some warnings. * util/ss/*.[ch]: cleanup * util/et/*.[ch]: cleanup * appl/bsd/rcp.c: Less warnings. * kadmin/admin_server.c (kadm_listen): Get rid of another warning. * kadmin/pw_check.c (kadm_pw_check): Support for letting cracklib check the quality of the password. * kadmin/pw_check.h (kadm_pw_check): New argument to kadm_pw_check: list of useful strings to check for. * kadmin/kadm_server.c (kadm_ser_cpw): Send a few `useful' strings to kadm_pw_check (name, instance, and realm). * kadmin/Makefile.in (kadmind): Linking with -lcrack. * configure.in: Support for --with-cracklib and --with-dictpath. * kadmin/ksrvutil_get.c: Now seems to be working. * kadmin/ksrvutil.h: Some new parameters. * kadmin/ksrvutil.c: Some reorganisation and uses a working ksrvutil_get. * appl/movemail/movemail.c: Some more include-files. * appl/bsd/rlogind.c: Testing for the existence of vhangup. Wed Jan 31 1996 * configure.in: Massaged the configure files so that we can build under NEXTSTEP 3.3. Some kludges to prevent cpp bugs and link errors where also neccessary. Tue Jan 30 1996 * appl/xnlock/xnlock.c (main): Improved user feedback on password input. * appl/xnlock/xnlock.c: Applied patch made by flag@it.kth.se that enables C-u to erase the password field. * lib/krb/lifetime.c: configure now creates a version string which is referenced here. Use what and grep version to figure out where, when and by whom binaries where created. * appl/bsd/forkpty.c (ptys_open): Call revoke before pty slave is opened. Add revoke using vhangup for those system lacking revoke. Also call vhangup when rlogind exits. Mon Jan 29 1996 * lib/krb/send_to_kdc.c (send_to_kdc): Removed kludge for SunOS 3.2 and Ultrix 2.2 that prevented multihomed kerberos servers to operate correctly. * kadmin/kadmin.c (change_key): Add new subcommand change_key so that it is possible to enter keys in the DB on binary form. Most usefull for sites running AFS. Fri Jan 26 1996 * appl/bsd/su.c (koktologin): New option -i root-instance. If you want a user.afs ticket in a root shell and user.afs is on root's ACL then do a "su -i afs". * Makefile.in: Rearrange the order of object files to make shared libraries slightly more efficient. * appl/kauth/kauth.c (main): Always up case realm. Better error messages on failed exec. Mon Jan 22 1996 * appl/bsd/rshd.c (main): New option -P to prevent rshd from using a new PAG. Expert use only! * appl/bsd/rlogind.c (doit): Avoid race when setting tty size. * appl/bsd/rlogin.c (reader): Use select rather than horrible signal hacks to handle OOB data. * appl/bsd/login.c (main) sysv_environ.c (sysv_newenv): Login does now honor the -p switch when invoked by root. This is used by telnetd to export environment variables. Fri Jan 5 1996 * appl/bsd/signal.c (signal): New BSD compatible signal function. Most r* applications assume reliable signals. * appl/bsd/login.c (main): Check HAVE_ULIMIT. * appl/bsd/bsd_locl.h: Include sys/ioctl.h. * configure.in: Check for ulimit. * admin/kdb_edit.c: Flush stdout after printing prompts. * appl/kpopper/pop_xmit.c: Remember to include config.h. Tue Jan 2 1996 * appl/bsd/login.c (main): New function stty_default to setup default tty settings. Fri Dec 29 1995 * appl/kstring2key/kstring2key.c (main): New program that converts passwords to DES keys, either using des_string_to_key or afs_string_to_key. * server/kerberos.c: Kerberos server now listen on 2 ports, kerberos/udp and kerberos-sec/udp. Wed Dec 27 1995 * appl/bsd/rcp.c (main): Integrated -x option to rcp. This required some real horrible hacks in lib/des/enc_{read,write}.c * acconfig.h: Enabled MULTIHOMED_KADMIN in acconfig.h. * Add RCSID stuff to telnet files. Fri Dec 22 1995 * appl/bsd/login.c (main): The login program does now by default read /etc/default/login, even on non Psoriasis systems. Unifdef SYSV4, this was essentially only for prompting. Mon Dec 18 1995 * appl/kpopper/popper.c (main): Integrate default timeout of 120 seconds from Qualcomm popper. Timeout is also set able with -T seconds. * lib/kadm/kadm_cli_wrap.c (kadm_change_pw_plain): If there's no password, don't even send the empty string. Thu Dec 7 1995 * lots of files: all debug messages now printed to stderr (from ) * lib/krb/tf_util.c (tf_create): New method for creating a new ticket file. Remove the old old and then open with O_CREAT and O_EXCL. * server/kerberos.c, slave/kpropd.c: Some casts to get rid of warnings. * configure.in: Added checks for unistd.h, memmove and const. * appl/telnet/telnet/commands.c: Changed types of functions to confirm with struct Command. * appl/telnet/configure.in: Check for setpgid. * appl/bsd/rlogin.c: Get rid of another warning. * appl/bsd/bsd_locl.h, appl/telnet/acconfig.h: New synonym for solaris. Wed Dec 6 1995 * (movemail): Now from emacs-19.30. If you have a newish emacs there is no reason to use this movemail. * (kadm): Added support for server side password checks. Hopefully this is compatible with kerberos 4.10. Old kpasswd:s will give funny error messages. For examples of checks, see kadmin/pw_check.c. Since this is mostly political matters, kadm_pw_check() should probably return KADM_SUCCESS by default. Mon Nov 27 1995 * appl/telnet/telnetd/telnetd.c (main): Kludge to fix encryption problem with Mac NCSA telnet 2.6. * lib/krb/stime.c: Now using YYYY for years. (2000 is soon here). * appl/bsd/rsh.c, rcp.c, rlogin.c: Fixed fallback for port number (added missing ntohs). Sun Nov 12 1995 * (many files): More ANSI/ISO 9899-1990 to the people! Now actually builds (not including util) with DEC "cc -std1" and Sun "acc -Xc". There are still major prototype conflicts, but there isn't much to do about this. Sat Oct 28 1995 * lib/kadm/kadm_cli_wrap.c: Fallback for kerberos and kerberos_master services. Fri Oct 27 1995 * Released version 0.5 * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the same code is used both for posix termios and others. * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when set to "yes" make warnings about "rlogin: warning, using standard rlogin: remote host doesn't support Kerberos." go away. Tue Oct 24 1995 * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update): Optimized so that it can handle large databases, previously a 10000 entry DB would take *many* minutes, this can now be done in under a minute. Sat Oct 21 1995 * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64 bit machines. Source should now be free of 64 bit assumptions. * admin/copykey.c (copy_from_key): New functions for copying to and from keys. Neccessary to solve som problems with longs on 64 bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab. * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems with longs on 64 bit machines. Mon Oct 16 1995 * appl/bsd/login.c (main): Lots of stuff to support Psoriasis login. Courtesy of gertz@lysator.liu.se. * configure.in, all Makefile.in's: Support for Linux shared libraries. Courtesy of svedja@lysator.liu.se. * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno = KRB_PROT_VERSION; from server kode to libkrb where it really belongs. * appl/bsd/forkpty.c (forkpty): New function that allocates master and slave ptys in a portable way. Used by rlogind. * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the same utmpx slot got used by sevral sessions. Courtesy of gertz@lysator.liu.se. Wed Oct 4 1995 * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of svedja@lysator.liu.se. * Fix the above Makefiles to work around bugs in Solaris and OSF/1 make rules that was triggered by VPATH functionality in the yacc and lex rules. Mon Oct 2 1995 * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg): Use stdarg instead of varargs. The code is still broken though, you'll realize that on a machine with 64 bit pointers and 32 bit int:s and no vsprintf, let's hope there will be no such beasts ;-). * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems have (or need) modules ttcompat and pckt so don't flag it as a fatal error if they don't exist. Mon Sep 25 1995 * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c (kadm_listen): Add kludge for kadmind running on a multihomed server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h if you need this feature. * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper and xnlock. Wed Sep 20 1995 * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not implemented yet though. Wed Sep 13 1995 * appl/xnlock/Makefile.in: Some stubs for X11 programs in configure.in as well as a kerberized version of xnlock. * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback port numbers if they can not be found using getservbyname. Tue Sep 12 1995 * appl/bsd/klogin.c (klogin): Use differnet ticket files for each login so that a malicous user won't be able to destroy our tickets with a failed login attempt. * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if there is no such thing try afs@CELL instead. There is now two arguments to k_afslog(char *cell, char *realm). Mon Sep 11 1995 * kadmin/admin_server.c (kadm_listen): If we are multihomed we need to figure out which local address that is used this time since it is used in "direction" comparison. Wed Sep 6 1995 * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default port number. * lib/krb/send_to_kdc.c (send_to_kdc): Default port number (KRB_PORT) was not in network byte order. Tue Sep 5 1995 * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct when selecting. Mon Sep 4 1995 * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c: Now does fallback if there isn't any entries in /etc/services for klogin/kshell. This also made the code a bit more pretty. * appl/bsd/login.c: Added support for lots of more struct utmp fields. If there is no ttyslot() use setutent and friends. * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c: Added extern iruserok(). * appl/bsd/iruserok.c: Initial revision * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis. * appl/bsd/Makefile.in: New install * appl/bsd/pathnames.h: Fix default path, rsh and rlogin. * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp. * appl/bsd/login.c (login): If there is no ttyslot use setutent and friends. Added support for lots of more struct utmp fields. * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros. * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than _PATH_DEF. * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if running as root. * appl/bsd/su.c (main): Update usage message to reflect that '-' option must come after the ordinary options and before login-id. Sat Sep 2 1995 * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to long to fit into utmp try to remove domain part if it does match our local domain. (main): Add new option -L /bin/login so that it is possible to specify an alternate login program. * appl/telnet/telnet/commands.c (env_init): When exporting variable DISPLAY and if hostname is not the full name, try to get the full name from DNS. * appl/telnet/telnet/main.c (main): Option -k realm was broken due to a bogous external declaration. Fri Sep 1 1995 * kadmin/kadmin.c (add_new_key): Kadmin now properly sets lifetime, expiration date and attributes in add_new_key command. Wed Aug 30 1995 * appl/bsd/su.c (main): Don't handle '-' option with getopt. * appl/telnet/telnet/externs.h: Removed protection for multiple inclusions of termio(s).h since it broke definition of termio macro on POSIX systems. Tue Aug 29 1995 * lib/krb/lifetime.c (krb_life_to_time): If you want to disable AFS compatible long lifetimes set krb_no_long_lifetimes = 1. Please note that the long lifetimes are 100% compatible up to 10h so this should rarely be necessary. * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use ipaddress protection of tickets set krb_ignore_ip_address. This makes it possible for an intruder to steal a ticket and then use it from som other machine anywhere on the net. Mon Aug 28 1995 * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one local address. Accept request on all interfaces. * admin/kdb_edit.c (change_principal): Don't accept illegal dates. Courtesy of gertz@lysator.liu.se. Sat Aug 26 1995 * configure.in: AIX specific libraries needed when using standard libc routine getttyent, IBM should be ashamed! * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t problem. * Added strdup for su and rlogin. * Fix for old syslog macros in appl/bsd/bsd_locl. Fri Aug 25 1995 * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New ifdef HAVE_NEW_DB for new databases residing in one file only. * appl/bsd/rlogin.c (oob): Add workaround for Linux. Mon Aug 21 1995 * appl/bsd/getpass.c: New routine that reads up to 127 char passwords. Used in su.c and login.c. Tue Aug 15 1995 * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY should not be used on HP-UX. Mon Aug 14 1995 * appl/bsd/rlogin.c (main): Added dummy rlogind that tells user to rather use telnet. Thu Aug 10 1995 * lib/krb/ krb.h, decomp_ticket.c, getrealm.c, get_krbhst.c, get_krbrlm.c, get_admhst.c: Use multiple configuration directories for krb.conf and krb.realms, KRB_CONF and KRB_REALM_TRANS macros substituted with KRB_CNF_FILES and KRB_RLM_FILES. Currently /etc and /etc/kerberosIV are searched. Directory specified by envioronment variable KRBCONFDIR is searched first if set. No hardcoded realmname or kerberos server. Instead use domainname for deafult realm and kerberos.domain as kerberos server if they are not listed in krb.conf and/or krb.realms. In the normal case there should be no need for configuration files if administrators add a CNAME pointing to the kerberos server. * appl/bsd/Makefile.in and friends: GNU make should no longer be neccessary unless building with VPATH. Wed Aug 9 1995 * appl/bsd/klogin.c (klogin): Old ticket file need to be removed before we call krb_get_pw_in_tkt or we might get a Kerberos intkt error because the wrong user owns the file. Tue Aug 8 1995 * configure.in : Telnet.beta2 is now official and has been moved to appl/telnet. * appl/bsd/su.c (main): Reenable -K flag, won't work if not PASSWD_FALLBACK is enabled. Cosmetics for Password prompt. Fri Aug 4 1995 * appl/bsd/su.c (kerberos): Don't allow su from possibly bogous kerberos server. Controlled by #ifdef KLOGIN_PARANOID. * lib/kafs/afssys.c (SIGSYS_handler): Need to reinstall handler on SYSV. Mon Jul 24 1995 * lib/kafs/afssys.c (k_afsklog): Use default realm on null argument. * appl/bsd/rlogin.c, login.c: New programs. Fri Jul 21 1995 * appl/bsd/kcmd.c rsh.c rlogin.c: Use POSIX signals. * appl/telnet.95.05.31.NE/telnetd/sys_term.c, telnetd.c: Port to IRIX. Tue Jul 11 1995 * admin/kdb_init.c (main): Use new random generator. Dito in admin/kdb_edit.c. Use master key to initialize random sequence. Mon Jul 10 1995 * kadmin/kadmin.c (get_password): Fix for random passwords. Dito for admin/kdb_edit.c * appl/kauth/kauth.c (main): Updated for krb distribution, now uses new library libkafs. * appl/telnet.beta/telnet/main.c (main): New telnet with encryption hacks from ftp.funet.fi:/pub/unix/security/esrasrc-1.0. Encryption does not currently work though. Tue Jun 20 1995 * New library to support AFS. Routines: int k_hasafs(void); int k_afsklog(...); int k_setpag(void); int k_unlog(void); int k_pioctl(char *, int, struct ViceIoctl *, int); Modified it to support more than one single entry point AFS syscalls (needed by HPUX and OSF/1 when running DFS). Don't rely on transarc headers or library code. This has not been tested and will most probably need some serious violence to get working under AIX. (AIX has since been fixed to. /bg) Fri Jun 16 1995 * lib/krb/krb_equiv.c (krb_equiv): Compare IP adresses using krb_equiv() to allow for hosts with more than one address in files rd_priv.c rd_req.c and rd_safe.c. * slave/kpropd.c (main): Fix uninitialized variables and rewind file in kprop.c. Thu Jun 15 1995 * appl/bsd/rcp.c (allocbuf): Fix various bugs. * slave/kpropd.c (main): Responder uses KPROP_SERVICE_NAME.`hostname' and requestor always uses KPROP_SERVICE_NAME.KRB_MASTER, i.e rcmd.kerberos in kprop/kpropd protocol. Wed Jun 14 1995 * appl/bsd/rshd.c (doit): Encryption should now work both ways. Tue Jun 13 1995 * appl/bsd/pathnames.h: Fixup paths. * server/Makefile.in and friends (install): Install daemons in in libexec and administrator programs in sbin. * Makefile.in: Joda (d91-jda) added install target Wed Jun 7 1995 * lib/krb/k_strerror.c: New function k_strerror() to use instead of the non portable sys_errlist[].