3 * configure.in (VERSION): bump to 1.0.5
7 * include/Makefile.in (HEADERS): add md4.h, md5.h, sha.h and rc4.h
8 * appl/kip/common.c (WCOREDUMP): add fallback definition
12 * lib/krb/dest_tkt.c (dest_tkt): only return valid error codes
15 * kadmin/admin_server.c: re-structure code to handle DoS attacks
16 better only allow a constant number of children (100 currently)
17 keep track of which children have gotten authentication
18 information and kill the non-authenticated children when there are
23 * server/kerberos.c: handle a fixed number (100) of TCP
24 connections and kill some randomly if all are busy to try to
25 mitigate the effects of DoS attacks
29 * lib/krb/send_to_kdc.c (send_recv): check that fds are not too
31 * kadmin/admin_server.c (kadm_listen): check that fds are not too
33 * appl/kip/common.c (*): check that fds are not too large to
35 * appl/bsd/rshd.c (doit): check that fds are not too large to
37 * appl/bsd/rsh.c (talk): check that fds are not too large to
39 * appl/bsd/rlogin.c (reader): check that fds are not too large to
41 * appl/bsd/kcmd.c (kcmd): check that fds are not too large to
46 * config.guess: update to version 2000-09-05 (aka 1.156) from
47 subversions.gnu.org plus some minor tweaks
48 * config.sub: update to version 2000-09-11 (aka 1.181) from
53 * appl/kip/kipd.c: add back droped slash in kip-control
57 * configure.in (getmsg): re-do so it possibly works on redhat 7.0
61 * kuser/klist.c (display_srvtab): do not call warn with a variable
64 * appl/bsd/rshd.c (doit): do not call warnx with a variable as
69 * doc/install.texi: say something about siacfg
73 * lib/krb/dest_tkt.c (dest_tkt): rewrite to lstat and compare
78 * appl/bsd: work-around setuid and capabilities bug fixed in Linux
83 * configure.in: do not use streams ptys on HP-UX 11
87 * lib/krb/rw.c (krb_get_nir): add explicit lengths to the
88 parameters. before this the function `knew'. change callers.
92 * appl/afsutil/aklog.c: look not only in /usr/vice/etc but also in
93 /usr/arla/etc for configuration files
97 * lib/krb/tf_util.c (tf_create): just remove the over-writing of
102 * lib/krb/getaddrs.c (k_get_all_addrs): apperently solaris can
103 return EINVAL when the buffer is too small. cope.
104 * appl/bsd/rshd.c (doit): exec the correct shell
108 * config.guess, config.sub: update to current version from
109 :pserver:anoncvs@subversions.gnu.org:/home/cvs
111 * appl/bsd/rlogind.c (rlogind_logout, logwtmp): make sure to
112 always call time and ctime with `time_t's. there were some types
113 (like in lastlog) that we believed to always be time_t. this has
114 proven wrong on Solaris 8 in 64-bit mode, where they are stored as
115 32-bit quantities but time_t has gone up to 64 bits
116 * appl/bsd/login.c: dito
120 * configure.in: add solaris2.8
124 * configure.in: on all versions of aix, add `-bnolibpath' to the
125 linker. otherwise ld will interpret -L as run-time path for where
126 to find shared libraries and looking in ../../foo is a bad idea.
127 bug report from Niklas Edmundsson <nikke@ing.umu.se>
137 * lib/krb/krb-protos.h (tf_get_cred_addr): add prototype
139 * lib/krb/tf_util.c (tf_get_cred_addr): new function for fetching
140 the NAT addresses stored in the ticket file. From
143 * kuser/klist.c (display_tktfile): dump the IP address being used
144 when in NAT-mode. From <thn@stacken.kth.se>
148 * appl/bsd/rlogind.c (main): getopt returns -1 and not EOF. From
151 * lib/krb/krb_ip_realm.c (krb_add_our_ip_for_realm): new function
152 for obtaining the IP address that the KDC sees us as coming from.
153 From <thn@stacken.kth.se>
155 * lib/krb/tf_util.c (tf_get_addr, tf_store_addr): new functions
156 for storing the NAT-ed address per realm
157 (tf_get_cred): make sure to ignore all magic credentials
159 * lib/krb/get_in_tkt.c (krb_get_pw_in_tkt2): if using NAT, store
160 the address the the KDC saw. (krb_add_our_ip_for_realm)
162 * lib/krb/send_to_kdc.c: rewrite some. Make sure that we do not
163 do any hostname lookups when using http through a proxy (the proxy
164 is supposed to do that in the `real' name-space).
168 * appl/bsd/rcmd_util.c (conv): add EXTA and EXTB
172 * lib/krb/defaults.c (krb_get_default_keyfile): Get value of
173 KEYFILE from /etc/krb.extra.
177 * **/*.c (main): getopt returns -1 not EOF. From
180 * configure.in: check for fields in `struct tm' and variable
181 `timezone', used by strftime
182 * configure.in (AC_BROKEN): strptime is a new function in roken
183 opt*: more header files for the tests
187 * lib/krb/krb.h (TKT_ROOT): Change the definition of TKT_ROOT to a
188 function call. The returned value is settable in /etc/krb.extra
189 with the construct krb_default_tkt_root = /tmp/tkt_.
193 * lib/krb/verify_user.c: remove ERICSSON_COMPAT, it's apparently
198 * appl/bsd/klogin.c (multiple_get_tkt): Must use appropiate realm
199 name when calling krb_get_pw_in_tkt or else you will receive an
204 * doc/problems.texi: add blurb about irix abi:s
208 * lib/krb/tf_util.c (tf_init): cygwin work-around
212 * configure.in: test for strlcpy, strlcat
214 * admin/kdb_util.c (main): support `-' as an alias for stdout.
215 originally from Fredrik Ljungberg <flag@astrogator.se>
219 * include/Makefile.in: remove duplicate parse_time.h
221 * kadmin/ksrvutil_get.c (get_srvtab_ent): better error messages
225 * configure.in: revert back awk test, now worked around in
230 * doc/problems.texi: document a really working fix for the xlc
235 * doc/problems.texi: comment about xlc -E brokenness
239 * lib/krb/get_krbrlm.c (krb_get_lrealm_f): treat n = 0 the same as
240 if it were 1 (this should make it backwards compatible with apps
245 * appl/bsd/login.c: surround SGI capability stuff with
246 `defined(HAVE_CAP_SET_PROC)'
250 * kadmin/kadmin.c (add_new_key): add missing space when printing
251 generated passwords. bug reported by Per Eriksson DMC
254 * lib/krb/verify_user.c (krb_verify_user_srvtab): return last
255 error instead of KFAILURE when everything fails.
257 * appl/bsd/klogin.c (multiple_get_tkt): return last error instead
258 of KFAILURE when everything fails.
262 * doc/problems.texi: some y2k stuff
264 * doc/kth-krb.texi: update copyright, and menu
266 * doc/intro.texi: remove unix-system section, since it's
267 impossible to keep up to date
271 * configure.in: test for inet_pton include <sys/types.h> in all
276 * configure.in: test for struct sockaddr_storage and sa_family
281 * kadmin/ksrvutil_get.c (get_srvtab_ent): try to print better
284 * configure.in (AC_PROG_AWK): disable. mawk seems to mishandle \#
285 in lib/roken/roken.awk
289 * acconfig.h (SunOS): remove definition
291 * configure.in: define SunOS to xy for SunOS x.y
295 * configure.in (AC_BROKEN): check for copyhostent, freehostent,
296 getipnodebyname, getipnodebyaddr
300 * configure.in: use AC_FUNC_GETLOGIN
304 * kadmin/admin_server.c (main): call krb_get_lrealm correctly
306 * appl/bsd/rlogind.c (lowtmp): fill in ut_id
310 * include/bits.c: move around __attribute__ to make it work with
313 * appl/bsd/rcp.c (rsource): remove trailing slashes which
314 otherwise makes us fail
318 * appl/afsutil/aklog.c (epxand_cell_name): terminate on #
320 * lib/kadm/kadm_cli_wrap.c (kadm_cli_send): free the right memory
321 (none) when kadm_cli_out fails. based on a patch by Buck Huppmann
322 <Charles-Huppmann@UIowa.edu>
326 * configure.in: check for sgi capability stuff
328 * appl/bsd/login.c: add some kind of sgi capability capability
332 * acconfig.h (HAVE_KRB_DISABLE_DEBUG): always define. this makes
333 the telnet code easier when building heimdal with an older krb4
335 * lib/krb/kuserok.c (krb_kuserok): add support for multiple local
336 realms and de-support entries without realm in ~/.klogin
340 * lib/krb/send_to_kdc.c: and a new variable `timeout' in krb.extra
341 instead of always having a timeout of four seconds. based on a
342 patch by Mattias Amnefelt <mattiasa@stacken.kth.se>
346 * appl/bsd/rshd.c: use DES_RW_MAXWRITE instead of BUFSIZ (for
349 * appl/bsd/rsh.c: use DES_RW_MAXWRITE instead of BUFSIZ.
350 Otherwise, des_enc_read might be buffering data to us and it can
351 get returned on a des_enc_read to another fd that the original one
354 * appl/bsd/bsd_locl.h: DES_RW_{MAXWRITE,BSIZE}
356 * appl/bsd/encrypt.c: move MAXWRITE and BSIZE to bsd_locl.h and
357 rename them to DES_RW_\1
361 * kuser/kdestroy.c: make unlog and tickets function correctly
363 * configure.in: correct variables used for socks includes and libs
366 * lib/krb/{debug_decl.c,krb-protos.h}: add krb_disable_debug
370 * kuser/klist.c (display_tokens): type correctness
372 * lib/krb/send_to_kdc.c (url_parse): always return the port in
373 network byte order (and be more careful when parsing the port
376 * lib/krb/send_to_kdc.c (http_recv): handle both HTTP/1.0 and
381 * configure.in: use KRB_CHECK_X
383 * kuser/kdestroy.c: use print_version
387 * kadmin/kadmin.c: use print_version; (mod_entry): add command
392 * appl/bsd/login.c: limit more stuff for crays; fix call to
397 * man/Makefile.in (install, uninstall): handle relative paths (fix
402 * appl/bsd/bsd_locl.h: update prototype for login_access; declare
403 `struct aud_rec' to keep AIX xlc happy
407 * appl/bsd/login_access.c: merge in more recent code
409 * configure.in (CHECK_NETINET_IP_AND_TCP): use
413 * lib/krb/get_host.c (parse_address): remove trailing slash
415 * lib/krb/send_to_kdc.c (prog): nuke
416 (send_to_kdc): restructure. make sure we have used all of the
417 addresses from gethostbyname before calling send_recv
418 (send_recv): removed unused parameters
419 (url_parse): remove trailing slash
420 (http_recv): make sure the http transaction was succesful
424 * configure.in: use the correct include files for the utmp tests
426 * appl/movemail/pop.c: rename getline -> pop_getline removed
429 * configure.in: db.h: test for
430 (getmsg): check for existence before checking if it works (otherwise
431 it fails with glibc2.1 that implements an always failing getmsg)
433 * acconfig.h (_GNU_SOURCE): define this to enable (used)
434 extensions on glibc-based systems such as linux
436 * configure.in: test for strndup
440 * configure.in: replace AC_TEST_PACKAGE with AC_TEST_PACKAGE_NEW
441 fix test for readline.h add test for four argument el_init
442 remember to link with $LIB_tgetent when trying linking with
447 * configure.in: check for prototype of strsep
451 * configure.in: fix readline logic
455 * man/Makefile.in: add editline and push. make install rules
460 * appl/movemail/Makefile.in: fix names of hesiod variables
462 * configure.in: fix readline flags
466 * appl/bsd/utmpx_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
468 * appl/bsd/utmp_login.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
470 * appl/bsd/rlogind.c: HAVE_UT_* -> HAVE_STRUCT_UTMP*_UT_*
472 * configure.in: include <sys/types.h> in test for ut_*; use
475 * configure.in: utmp{,x} -> struct utmp{,x}
479 * configure.in: AC_CHECK_OSFC2
483 * configure.in: use AC_SHARED_LIBS
485 * configure.in: remove AIX install hack (fixed in autoconf 2.13)
488 * server/kerberos.c: fix some printf format strings
492 * lib/krb/krb.h (KRB_VERIFY_NOT_SECURE): add for completeness
494 * lib/auth/sia/sia.c (common_auth): use KRB_VERIFY_SECURE instead
497 * lib/auth/pam/pam.c (doit): use KRB_VERIFY_SECURE instead of 1
499 * lib/auth/afskauthlib/verify.c (afs_verify): use
500 KRB_VERIFY_SECURE instead of 1
504 * lib/krb/verify_user.c (krb_verify_user): handle multiple local
506 (krb_verify_user_multiple): remove
508 * lib/krb/krb-protos.h (krb_verify_user_multiple): remove
510 * lib/auth/pam/pam.c: krb_verify_user_multiple -> krb_verify_user
512 * lib/auth/sia/sia.c: krb_verify_user_multiple -> krb_verify_user
514 * lib/auth/afskauthlib/verify.c: krb_verify_user_multiple ->
518 * lib/krb/getaddrs.c: SOCKADDR_HAS_SA_LEN ->
519 HAVE_STRUCT_SOCKADDR_SA_LEN
523 * lib/kadm/check_password.c (kadm_check_pw): cast when calling is*
524 to get rid of a warning
526 * lib/acl/acl_files.c (nuke_whitespace): cast when calling is* to
529 * kadmin/ksrvutil.c (usage): update. improve error messages
531 * appl/bsd/sysv_default.c (trim): cast when calling is* to get rid
534 * appl/bsd/rshd.c (doit): more parenthesis to make gcc happy
536 * appl/bsd/rsh.c: add `-p'
538 * appl/bsd/rlogin.c (main): more paranoid parsing of `-p'
540 * appl/bsd/rcp.c (sink): cast when calling is* to get rid of a
543 * appl/bsd/login_access.c (login_access): cast when calling
544 isspace to get rid of a warning
546 * include/bits.c (my_strupr): rename to strupr and ifdef
547 (try_signed, try_unsigned): add __attribute__ junk to get rid of two
550 * appl/bsd/Makefile.in (SOURCES): add osfc2.c
552 * admin/kdb_util.c (update_ok_file): add fallback utimes (some
553 systems seem to fail updating the timestamp with open(), close())
555 * server/kerberos.c (main): more paranoid parsing of `-a' and `-p'
559 * configure.in: AC_BROKEN innetgr
561 * lib/krb/send_to_kdc.c: fix types in format string
563 * lib/krb/get_host.c: add some if-braces to keep gcc happy
565 * lib/kadm/kadm_supp.c: fix types in format string
567 * lib/auth/sia/Makefile.in: WFLAGS
569 * include/bits.c: fix types in format string
571 * appl/bsd/su.c: add some if-braces to keep gcc happy
573 * appl/bsd/rlogind.c: add some if-braces to keep gcc happy
575 * appl/bsd/rlogin.c: add some if-braces to keep gcc happy
577 * appl/bsd/login.c: add some if-braces to keep gcc happy
579 * appl/afsutil/pagsh.c: fix types in format string
583 * server/kerberos.c: remove unused k_instance
585 * lib/krb/krb-protos.h (read_service_key): add some consts to
588 * lib/krb/read_service_key.c (read_service_key): add some consts
591 * appl/sample/sample_server.c: openlog -> roken_openlog
593 * appl/kip/kipd.c: openlog -> roken_openlog
595 * configure.in: use AC_WFLAGS
603 * Makefile.in: use aclocal
605 * Makefile.export: use aclocal
607 * configure.in: update to autoconf 2.13
609 * aclocal.m4.in: have-struct-field.m4, check-type-extra.m4
611 * acconfig.h: update to autoconf 2.13
613 * lib/auth/sia/sia.c: SIAENTITY_HAS_OUID -> HAVE_SIAENTITY_OUID
617 * configure.in: don't include afsl.exp in libkafs.a if building
618 with dynamic afs support (breaks egcs 1.1.1)
620 * configure.in: don't build rxkad if not building afs-support
624 * include/Makefile.in: clean up handling of missing system headers
626 * configure.in: clean up handling of missing system headers
628 * aclocal.m4.in: broken-snprintf.m4 broken-glob.m4
630 * acconfig.h: NEED_{SNPRINTF,GLOB}_PROTO
634 * configure.in (gethostname, mkstemp): test for prototype
636 * configure.in: homogenize broken detection with heimdal
640 * lib/krb/verify_user.c: If secure == KRB_VERIFY_SECURE_FAIL,
641 return ok if there isn't any service key (or if it can't be read).
643 * lib/krb/krb.h: KRB_VERIFY_SECURE, KRB_VERIFY_SECURE_FAIL
647 * kadmin/kadmin.c (add_new_key): enable the `-p password' option
648 and add the missing code.
650 * appl/bsd/login_fbtab.c (login_protect): remove `/*' from string
651 before reading the directory. From "Brandon S. Allbery"
652 <allbery@ece.cmu.edu>
656 * man/kadmin.8 (-t): add a note about using `kinit -p'
660 * lib/krb/name2name.c (krb_name_to_name): really verify we have an
661 alias before trying to use it as the primary name.
665 * lib/krb/send_to_kdc.c (url_parse): use correct length when
670 * configure.in, acconfig.h: NEED_HSTRERROR_PROTO
673 * configure.in: use AC_KRB_STRUCT_SPWD
675 * slave/Makefile.in (WFLAGS): set
677 * server/Makefile.in (WFLAGS): set
679 * lib/krb/send_to_kdc.c (send_recv): add `int'
681 * lib/krb/decomp_ticket.c (decomp_ticket): if the realm is empty,
684 * lib/krb/Makefile.in (WFLAGS): set
686 * lib/kdb/krb_lib.c (kerb_get_principal): correct test
687 (kerb_put_principal): remove unused variable
689 * lib/kdb/Makefile.in (WFLAGS): set
691 * lib/auth/pam/Makefile.in (WFLAGS): set
693 * lib/auth/afskauthlib/Makefile.in (WFLAGS): set
695 * lib/acl/Makefile.in (WFLAGS): set
697 * kuser/Makefile.in (WFLAGS): set
699 * kadmin/Makefile.in (WFLAGS): set
701 * include/Makefile.in (WFLAGS): set
703 * appl/sample/sample_client.c (main): remove unused variable
705 * appl/sample/Makefile.in (WFLAGS): set
707 * appl/movemail/Makefile.in (WFLAGS): set
709 * appl/kip/Makefile.in (WFLAGS): set
711 * appl/bsd/Makefile.in (WFLAGS): set
713 * appl/afsutil/pagsh.c (main): fall back to running /bin/sh if
716 * appl/afsutil/Makefile.in (WFLAGS): set
718 * admin/kdb_edit.c (change_principal): remove unused variable
720 * admin/Makefile.in (WFLAGS): set
722 * configure.in: check for crypt, environ and struct spwd
726 * appl/movemail/Makefile.in: link and include hesiod
728 * configure.in: test for hesiod
732 * kadmin/kadm_locl.h: include <arpa/inet.h>
734 * configure.in (freebsd3): seems to like symbolic links for the
739 * Makefile.export (ChangeLOG): handle emacs20-style changelog
742 * lib/kdb/krb_dbm.c (kerb_db_get_principal, kerb_db_iterate):
743 check return value from `dbm_open'
747 * lib/kadm/kadm.h: enable new extended kadmin fields by default
751 * lib/krb/get_host.c (read_file): add more kinds of whitespace
753 * lib/krb/lsb_addr_comp.c: fix(?) calculations regrding
756 * kadmin/kadmin.c: change timeout to 5 minutes, (sigarlm): only
757 print message if any tickets were actually destroyed, (main): less
758 noise, (add_new_key): some cleanup, (del_entry): allow more than
759 one principal on command line, (get_entry): set more flags
761 * lib/kadm/kadm.h: add code to get modification date, modifier and
764 * lib/kadm/kadm_supp.c: add code to get modification date,
765 modifier and key version number
767 * lib/kadm/kadm_stream.c: add code to get modification date,
768 modifier and key version number
772 * lib/kadm/Makefile.in: ROKEN_RENAME
774 * lib/krb/roken_rename.h: add strnlen
776 * lib/krb/Makefile.in: add strnlen
780 * doc/install.texi: add comment about afskauthlib being in the
781 correct object format
785 * kadmin/kadmin.c (change_admin_password): add `alarm(0)' to
786 prevent it from timing out
789 * lib/krb/time.c (krb_kdctimeofday): set `tv'. fix from Thomas
790 Nyström <thn@stacken.kth.se>
794 * appl/bsd/osfc2.c: lots of C2 magic
796 * appl/bsd/{rshd,rcp_util,rcp}.c: do C2 stuff
798 * appl/bsd/login.c: move C2 stuff to osfc2.c
800 * appl/bsd/login.c: call `set_auth_parameters' if OSFC2
804 * appl/bsd/login.c: add some code to call setluid
808 * appl/sample/sample_client.c (main): correct test
812 * configure.in (XauReadAuth): reverse test and check for -lX11
813 before -lXau, otherwise the test fails on Irix 6.5
817 * lib/krb/krb-protos.h: fix prototypes for krb_net_{read,write}
819 * lib/krb/krb_net_{read,write}.c: new files
821 * lib/krb/Makefile.in: add krb_net_{read,write}
825 * lib/auth/sia/sia.c (siad_ses_launch, siad_ses_reauthent): use
828 * lib/auth/pam/pam.c (pam_sm_open_session): use krb_afslog_home
830 * lib/auth/afskauthlib/verify.c (afs_verify): use
835 * lib/krb/get_host.c: patch from Derrick J Brashear
836 <shadow@dementia.org> for doing less DNS lookups
840 * lib/krb/ticket_memory.c (tf_save_cred): use memcpy to copy the
845 * kadmin/kadmin.c (change_password): add `--random'. From Love
846 Hörnquist-Åstrand <lha@elixir.e.kth.se>
850 * lib/kclient/KClient.c (KClientErrorText): copy the string.
851 Patch from Daniel Staaf <d96-dst@nada.kth.se>
855 * appl/bsd/rsh.c (main): make sure not to send `-K' before the
856 hostname when re-execing
858 * appl/bsd/su.c: openlog LOG_AUTH
862 * lib/krb/create_ciph.c: typo: s/tmp/rem/
866 * lib/krb/send_to_kdc.c (send_recv): return FALSE if recv failed
867 so that we try the next server
869 * configure.in (*-*-sunos): no lib_deps
871 * include/protos.H (utime): update prototype
875 * acconfig.h (DBDIR, MATCH_SUBDOMAINS): added
877 * configure.in (--enable-match-subdomains): added
878 (--with-db-dir): added
880 * lib/krb/getrealm.c (file_find_realm): fix MATCH_SUBDOMAINS code.
881 Patch originally from R Lindsay Todd <toddr@rpi.edu>
883 * lib/krb/dllmain.c: clean-up patch from <d96-dst@nada.kth.se>
885 * appl/krbmanager: patches from <d96-dst>
889 * appl/sample/sample_client.c (main): don't advance
890 hostent->h_addr_list, use a copy instead
892 * appl/bsd/kcmd.c (kcmd): don't advance hostent->h_addr_list, use
897 * lib/krb/net{read,write}.c: removed
899 * lib/krb/Makefile.in: grab net_{read,write}.c from roken
901 * lib/krb/roken_rename.h: add krb_net_{write,read}
903 * lib/krb/create_ciph.c (create_ciph): return KFAILURE instead of
906 * lib/kadm/kadm_cli_wrap.c (kadm_get): return KADM_NOMEM, not NULL
910 * server/kerberos.c (make_sockets): strdup the port specification
911 before strtok_r:ing it
913 * lib/krb/extra.c (define_variable): return 0
915 * kuser/klist.c (display_tktfile): only print time diff and
916 newline if using the longform
920 * lib/krb/send_to_kdc.c (send_to_kdc): be careful in not advancing
921 the h_addr_list pointer in the hostent structure
923 * lib/krb/time.c (krb_kdctimeofday): handle the case of `time_t'
924 and the type of `tv_sec' being different. patch originally from
927 * man/afslog.1: add refs to kafs and kauth
929 * man/kauth.1: add refs to kafs
931 * lib/krb/krb_get_in_tkt.c (krb_mk_as_req): remove old code laying
934 * lib/krb/Makefile.in: add strcat_truncate.c
936 * lib/auth/sia/krb4+c2_matrix.conf: fix broken lines and typos
938 * kuser/klist.c (display_tokens): print expired for expired tokens
942 * kadmin/kadm_ser_wrap.c (kadm_ser_init): new argument `addr'
944 * kadmin/admin_server.c: new argument `-i' for listening on a
953 * lib/krb/extra.c: implement read_extra_file() for Win32
957 * configure.in: removed duplicate crypt
959 * lib/kdb/Makefile.in (roken_rename.h): remove dependency
961 * lib/acl/Makefile.in (roken_rename.h): remove dependency
963 * lib/krb/roken_rename.h: remove duplicate flock
965 * appl/afsutil/aklog.c (createuser): fclose the file
969 * lib/krb/Makefile.in (extra.c): add
971 * slave/kpropd.c: k_flock -> flock
973 * slave/kprop.c: k_flock -> flock
975 * lib/krb/tf_util.c: k_flock -> flock
977 * lib/krb/roken_rename.h: add base64* and flock
979 * lib/krb/kntoln.c: k_flock -> flock
981 * lib/kdb/krb_dbm.c: k_flock -> flock
983 * lib/kdb/Makefile.in: use ROKEN_RENAME to get hold of renames
988 * lib/krb/extra.c: add read flag, so we don't have to look for
989 non-existant files several times
991 * lib/krb/send_to_kdc.c: use krb_get_config_string()
993 * lib/krb/lsb_addr_comp.c: use krb_get_config_bool()
995 * lib/krb/krb_get_in_tkt.c: use krb_get_config_bool()
997 * lib/krb/extra.c: parse and use krb.extra file for special
998 configurations, to lessen the number of environment variables used
1000 * lib/krb/getfile.c: cleanup and add `krb_get_krbextra'
1002 * lib/krb/debug_decl.c: add krb_enable_debug
1004 * lib/krb/lsb_addr_comp.c (lsb_time): if KRB_REVERSE_DIRECTION is
1005 set, negate time (fix for some firewalls)
1009 * lib/krb/Makefile.in (clean): try to remove shared library debris
1010 (LIBDES and LIB_DEPS): try to figure out dependencies
1012 * lib/kdb/Makefile.in (clean): try to remove shared library debris
1014 * lib/kadm/Makefile.in (clean): try to remove shared library
1017 * configure.in: make symlink magic work with libsl
1021 * appl/bsd/login.c: Hack for AIX 4.3.
1025 * configure.in: mips-api support. From Derrick J Brashear
1026 <shadow@dementia.org>
1028 * configure.in: --enable-legacy-kdestroy: added. From Derrick J
1029 Brashear <shadow@dementia.org>
1031 * kuser/kdestroy.c: LEGACY_KDESTROY: add
1035 * lib/krb/krb.h (const, signed): define when compiling with
1036 non-ANSI comilers. From Derrick J Brashear <shadow@dementia.org>
1040 * kadmin/admin_server.c: Fix reallocation bug.
1044 * configure.in: don't test for winsock.h
1046 * slave/kprop.c: unifdef -DHAVE_H_ERRNO
1048 * appl/sample/sample_client.c: unifdef -DHAVE_H_ERRNO
1050 * appl/movemail/pop.c: unifdef -DHAVE_H_ERRNO
1052 * appl/kip/kip.c: unifdef -DHAVE_H_ERRNO
1056 * appl/ftp/ftpd/krb4.c (krb4_adat): applied patch from Love
1057 <lha@elixir.e.kth.se> for checking address in krb_rd_req
1061 * appl/Makefile.in (SUBDIRS): add push
1065 * configure.in: fix for the symlink magic. From Gregory S. Stark
1068 * doc/Makefile.in (install): ignore failures from install-info.
1070 * lib/krb/Makefile.in (install): don't install include files with
1073 * lib/kadm/Makefile.in (install): don't install include files with
1076 * man/Makefile.in: don't install getusershell
1078 * lib/krb/Makefile.in: add symlink magic for linux.
1079 only link in com_err.o and error.o if building shared
1081 * lib/kdb/Makefile.in: add symlink magic for linux
1083 * lib/kadm/Makefile.in: add symlink magic for linux
1085 * configure.in: add symlink magic for Linux
1087 * appl/kx/common.c (connect_local_xsocket): update to try the list
1088 of potential socket pathnames
1092 * lib/krb/getaddrs.c: Don't bail out if various ioctl's fail.
1095 * doc/Makefile.in (kth-krb.info): use `--no-split'
1099 * configure.in: add --disable-cat-manpages
1101 * configure.in: call the shared libraries so.0.9.9 on linux
1105 * lib/Makefile.in (SUBDIRS): changed order so that editline is
1108 * lib/*/Makefile.in: shared library dependency information
1110 * doc/Makefile.in (clean): remove *.info*
1112 * merge in win32 changes from <flag@astrogator.se> and
1115 * Makefile.export: aux -> cf
1117 * Makefile.in: aux -> cf
1119 * appl/voodoo/TelnetEngine.cpp (TelnetEngine::Connect): check the
1120 return from `gethostbyname'
1122 * appl/bsd/bsd_locl.h: Check for <io.h> and conditionalize
1123 prepare_utmp. From <d96-mst@nada.kth.se>
1125 * acconfig.h (__EMX__): define MAIL_USE_SYSTEM_LOCK. From
1126 <d96-mst@nada.kth.se>
1128 * include/bits.c: renamed `strupr' to `my_strupr' not to conflict
1129 with any exiting strupr.
1133 * Makefile.in (install): use DESTDIR
1135 * include/Makefile.in (install): depend on all
1137 * man/Makefile.in (install, uninstall): use transform correctly
1141 * configure.in: don't look for dbopen. From Derrick J Brashear
1142 <shadow@dementia.org>
1143 (termcap.h): check for
1145 * lib/krb/Makefile.in: fix for LD options on solaris. From
1146 Derrick J Brashear <shadow@dementia.org>
1150 * appl/kx/common.c: Trying binding sockets in the special
1151 directories for some versions of Solaris and HP-UX
1154 * lib/krb/kdc_reply.c: Check for error code of zero in error
1159 * appl/kx/common.c (get_xsockets): try getting sockets in lots of
1162 * appl/kauth/kauth.c: return error code from child (plus shell
1166 * lib/krb/getrealm.c (krb_realmofhost), lib/krb/get_krbrlm.c
1167 (krb_get_lrealm, krb_get_default_realm): When figuring out a
1168 default local realm name avoid going into infinite loops.
1172 * configure.in: test for <term.h> and search for `tgetent' in
1173 ncurses. From Gregory S. Stark <gsstark@mit.edu>
1175 * **/Makefile.in: add DESTDIR support and .PHONY
1179 * kadmin/ksrvutil.c: Remove kvno zero restriction.
1181 * configure.in: Add option `--disable-dynamic-afs' do disable AIX
1182 dynamic loading of afs syscall library. This should hopefully also
1185 * kadmin/ksrvutil.c: Add `delete' function (from Chris Chiappa
1186 <griffon+@cmu.edu>).
1190 * kadmin/kadmin.c (do_init): fix check of return value from
1191 krb_get_default_principal
1193 * lib/kadm/kadm_stream.c (stv_string): use correct offset
1197 * include/Makefile.in: add parse_time.h
1199 * lib/krb/solaris_compat.c: new file with alternative entry points
1200 compatible with solaris's libkrb.
1204 * lib/krb/time.c: Various time related functions.
1208 * lib/krb/send_to_kdc.c: Add some more connection debug traces.
1212 * lib/krb/get_host.c (init_hosts): call k_getportbyname with proto
1213 == "udp" instead of NULL. NULL would be the right thing, but some
1214 libraries are not happy with that.
1216 * appl/bsd/rcp.c: renamed `{local,foreign}' to \1_addr to avoid
1217 conflicts with system header files on mklinux.
1220 * lib/kadm/Makefile.in: Fix rules for kadm_err.[ch].
1222 * lib/krb/krb_err.et: Fix for changes to compile_et.
1224 * lib/com_err/{error.c,com_err.h,com_right.h}: Rename error.h to
1227 * lib/com_err/{compile_et.c,compile_et.h,lex.l,parse.y}: Switch
1228 back to a yacc-based compile_et.
1232 * appl/kx/kxd.c (doit): fix stupid mistake when marshalling
1234 * lib/krb/Makefile.in: add strcpy_truncate
1238 * lib/krb/netwrite.c (krb_net_write): restart if errno == EINTR
1240 * lib/krb/netread.c (krb_net_read): restart if errno == EINTR
1242 * appl/kx/rxterm.in: redirect std{in,out,err} of xterm to make
1243 sure rshd does not hang.
1247 * lib/acl/acl_files.c (acl_canonicalize_principal): use
1251 * lib/krb/rw.c: add a parameter containting maximum size. Change
1254 * lots-of-files: replace {REALM_SZ, *_SZ, MaxPathLen,
1255 MaxHostNameLen} + 1 with \1
1257 * appl/bsd/rlogind.c (cleanup): logout -> rlogind_logout
1259 * lib/acl/acl_files.c (acl_canonicalize_principal): use
1262 * include/Makefile.in: fnmatch.h
1264 * appl/ftp/ftpd/ftpd.c: <fnmatch.h>
1266 * lib/kadm/kadm_stream.c (stv_string): don't use strncpy
1268 * lib/auth/sia/sia.c (siad_ses_suauthent): do ugly magic to make
1269 sure `entity->name' is long enough.
1271 * appl/ftp/ftpd/ftpcmd.y: HASSETPROCTITLE -> HAVE_SETPROCTITLE
1273 * appl/bsd/rlogind.c (logout): renamed to rlogind_logout to avoid
1274 conflict with logout() in libutil.
1275 (doit): use forkpty_truncate it there's one
1277 * appl/afsutil/kstring2key.c (krb5_string_to_key): don't use
1280 * configure.in: add lots of functions and headers that were used
1281 in the code but not tested for.
1283 * lib/krb/send_to_kdc.c (url_parse): re-structured
1285 * kadmin/kadm_locl.h: add prototype for random_password and remove
1288 * appl/bsd/forkpty.c (forkpty_truncate): new function.
1289 use strcpy_truncate instead of strcpy
1291 * appl/bsd/bsd_locl.h: include <libutil.h>.
1292 prototype for forkpty_truncate()
1294 * configure.in: test for <libutil.h>
1298 * kadmin/random_password.c: Random password generation.
1300 * kadmin/kadmin.c: Add some functionality to add_new_key, to make
1301 it more useful with batch creation.
1305 * appl/bsd/login.c (find_in_etc_securetty): new function
1306 (rootterm): call `find_in_etc_securetty'
1308 * appl/bsd/pathnames.h (_PATH_ETC_SECURETTY): add
1312 * kadmin/kadmin.c: Fix `-t' flag. Centralize the calling of
1313 alarm() to a modified sl_loop().
1315 * kadmin/kadmin.c: Add support for `batch' processing, taking a
1316 command from the command line. Remove the automatic destruction of
1317 tickets, instead add a timeout (initially set to 1 minute), after
1318 which any tickets will be destroyed. Option `-m' now sets this
1319 timeout to 0 (disabling timeout). Options `-p' takes a full
1320 principal, and `-u' takes a `username' that is used as the name of
1321 the admin principal to use.
1325 * lib/auth/sia/sia.c: Chown ticket file when doing reauth.
1329 * lib/auth/sia/sia.c: Add support for reauthentication.
1333 * appl/kauth/kauth.c (main): Add debug switch -d to kauth to aid
1334 in finding miss-configurations.
1338 * lib/krb/name2name.c: If inet_addr thinks host's a valid
1339 ip-address, assume it is, and don't call gethostbyname(). This
1340 should fix things like `rsh 1.2.3.4'.
1344 * lib/krb/get_host.c: Check for http-srv records.
1346 * lib/krb/get_host.c: Don't use getprotobyname. Check for `http'
1347 as well as `udp' and `tcp'.
1349 * lib/auth/sia/sia.c: Add password changing support.
1351 * kadmin/new_pwd.c: Use kadm_check_pw.
1353 * lib/kadm/check_password.c: Password quality check, moved from
1358 * kadmin/ksrvutil_get.c: Add `-u' flag to put each key in a
1363 * kadmin/admin_server.c: Fix broken realloc of pidarray.
1367 * rename logwtmp -> ftpd_logwtmp not to conflict with libc.
1371 * lib/krb/verify_user.c (krb_verify_user): new argument `srvtab'.
1372 Changed all callers.
1376 * lib/kdb/krb_dbm.c: check return value from dbm_store
1380 * lib/krb/k_flock.c (k_flock): Re-included an implementaion of
1381 k_flock. Changed all library and core application source to use
1386 * appl/kx/kxd.c,common.c: more error testing from Love
1387 Hörnquist-Åstrand <e96_lho@elixir.e.kth.se>
1388 Use the correct number of X for mkstemp.
1393 * Add `--disable-mmap' configure option, do disable all use of
1396 * Rename all k_afsklog to krb_afslog.
1400 * kuser/klist.c: Add a header for tokens.
1404 * lib/krb/krb.h: Moved prototypes to krb-protos.h, cruft to
1409 * appl/kauth/kauth.c: Use krb_get_pw_in_tkt2.
1411 * lib/krb/get_in_tkt.c: krb_get_pw_in_tkt2 that returns key.
1415 * configure.in: check for tgetent in libcurses
1419 * appl/krbmanager: incorporate patches from <d96-dst@nada.kth.se>
1420 for making sure there's only one instance of krbmanager.
1424 * admin/ext_srvtab.c: use atexit() to stamp out secrets.
1428 * server/kerberos.c: Log funny HTTP requests.
1430 * server/kerberos.c: Add comma to list of port separators for
1434 * appl/voodoo/TelnetEngine.cpp (TelnetEngine::Connect): better
1435 error message (from <d96-dst@nada.kth.se>)
1439 * kuser/klist.c (display_tokens): patch from <e96_lho@e.kth.se>
1446 * configure.in: test for ssize_t
1448 * appl/bsd/rlogind.c: Fill in ut_type, and ut_exit if they exist.
1450 * appl/kx/common.c (create_and_write_cookie): Create temp file
1454 * appl/ftp/ftpd/ftpd.c: conditionalize otp
1456 * appl/bsd/login.c: conditionalize otp
1458 * configure.in: add --disable-otp. update Makefile.in's
1460 * configure.in: define CANONICAL_HOST
1462 * configure.in, aclocal.m4: remove <bind/bitypes.h>. contains
1463 bogus information on Crays.
1465 * include/bits.c: stolen from Heimdal
1467 * include/Makefile.in: replace ktypes.c with bits.c
1469 * lib/krb/getaddrs.c (k_get_all_addrs): cray fix
1471 * configure.in: updated header files
1474 * slave/kpropd.c: Make sure it's the kprop service that tries to
1479 * configure.in: Added option --with-afsws=/usr/afsws.
1481 * lib/Makefile.in: Build lib/rxkad if we have include file rx/rx.h
1485 * appl/ftp/ftp/ftp.c (sendrequest, recvrequest): do correct tests
1488 * appl/ftp/ftp/cmds.c (getit): removed stupid goto
1491 * appl/kauth/kauth.c: Use krb_get_pw_in_tkt(), now that it is
1494 * appl/ftp/ftp/cmds.c: Don't retrieve files that start with `..'
1495 or `/' without asking. Reverse test in confirm() to check for `y'
1496 rather than not `n'. Use mkstemp.
1498 * appl/ftp/ftp/ftp.c: Add extra parameter to recvrequest,
1499 specifying if local filenames should be parsed as "-" and "|".
1503 * configure.in: updated broken list. add fclose for proto check.
1505 * kadmin/kadmin.c: updated functions to new style of sl
1507 * appl/bsd/rcp.c, rlogin.c, rsh.c: setuid before doing kerberos
1508 authentication. if that fails, exec ourselves with -K
1510 * appl/bsd/pathnames.h: add _PATH_RCP
1512 * configure.in: test for readv, writev
1516 * lib/krb/tkt_string.c (krb_set_tkt_string): const-ized
1518 * appl/ftp/ftp{,d}: new commands: kdestroy, krbtkfile and afslog.
1520 * appl/afsutil/aklog.c (expand_cell_name): fix parsing of
1525 * appl/telnet/telnetd/sys_term.c (start_login): moved `user' so it
1526 works even if !defined(HAVE_UTMPX_H)
1530 * lib/krb/send_to_kdc.c: Change send_recv* to use a lookup table
1531 indexed by protocol.
1533 Implement http proxy use, enabled via `krb4_proxy' environment
1538 * lib/krb/getrealm.c: Don't lookup top-level domains. Try files
1543 * appl/krbmanager: Turned into a ticket management program.
1545 * lib/krb/{dllmain,ticket_memory}.c: Add some KrbManager
1550 * appl/voodoo: Major fixes of terminal emulation, and other
1555 * server/kerberos.c: Cleanup socket-opening code. Add HTTP
1558 * lib/krb/send_to_kdc.c: Add Kerberos over HTTP.
1560 * lib/krb/get_host.c: Parse URL-style host-specifications.
1563 * include/win32: add `version.h' and `ktypes.h'
1565 * lib/kclient/KClient.def: rename kclnt32 to make Eudora
1566 happy. Add SendTicketForService
1568 * lib/kclient/KClient.c: implement SendTicketForService. Used by
1571 * appl/voodoo/voodoo.mak: kclient renamed as kclnt32
1575 * Moved various base64 implementations to roken.
1579 * appl/telnet/telnetd/telnetd.c: Move the call to startslave()
1580 into the telnet() loop. This way we'll maximise the chance that
1581 the transmission is encrypted before starting login. This will
1582 hopefully remove the irritating warning you would get with some
1583 macintosh telnet clients.
1587 * appl/telnet/telnetd/sys_term.c: Fix for duplicate `-- user'.
1591 * server/kerberos.c: More detailed logging
1595 * lib/kafs/afssysdefs.h: HP-UX 10.20 seems to use 48
1599 * lib/des/Makefile.in: quote the test for $(CC) correctly
1603 * include/ktypes.c: Move __BIT_TYPES_DEFINED__ to after including
1607 * lib/rxkad/rxk_locl.c (rxkad_calc_header_iv): Simplify header IV
1610 * lib/rxkad/osi_alloc.c (osi_Alloc): Memory allocation routines
1611 for user space. There is no longer any need for conditional
1612 compilation of user/kernel-space versions of librxkad.a.
1614 * lib/rxkad/rxk_clnt.c (rxkad_NewClientSecurityObject): Use
1615 Transarc FC-crypto to generate random numbers. We no longer need
1616 to link a DES library into the kernel.
1620 * appl/ftp/ftpd/ftpd.c (pass): chown the ticket file is logging in
1621 with clear-text passwords and using kerberos
1623 * lib/krb/krb_log.h: new file
1625 * lib/krb/krb.h: moved all logging functions to krb_log.h.
1626 Include krb_log.h in appropriate places. From
1627 <shadow@dementia.org>
1631 * appl/kx/kx.c: more intelligent check for passive mode new option
1632 `-P' to force passive mode
1636 * lib/krb/krb_get_in_tkt.c: rename krb_as_req -> krb_mk_as_req
1640 * lib/rxkad/rxkad.h, rxk_serv.c (server_CheckResponse): Increase
1641 limit of ticket lengths to 1024 at server end.
1643 * lib/rxkad/rxk_clnt.c (rxkad_NewClientSecurityObject): Support
1644 for almost arbitrary ticket lengths.
1648 * kadmin/ksrvutil_get.c: Make sure we're talking to the admin
1649 server when getting ticket.
1651 * lib/krb/send_to_kdc.c: Add flag to always use admin server.
1655 * appl/kx/rxtelnet.in: reverse the looking for xterm loops Use
1656 `-n' and not `-name' to xterm
1658 * server/kerberos.c: implement `-i' for only listening on one
1661 * lib/kadm/kadm_cli_wrap.c: Implement kadm_change_pw2 to be
1662 compatible with CNS. From <shadow@dementia.org>
1664 * appl/ftp/ftpd/ftpd.c: removed bogus reset of `debug'
1666 * appl/ftp/ftpd/extern.h: define NBBY if needed
1668 * configure.in: os2 fixes: -Zcrtdll and check for chroot
1672 * lib/krb/get_in_tkt.c: Use new get_in_tkt functions, and
1673 implement kerberos 5 salts.
1675 * lib/krb/krb_get_in_tkt.c: Split krb_get_in_tkt in two functions
1676 so it's possible to try several key-procs with just one request to
1681 * lib/rxkad/rxk_serv.c (decode_krb4_ticket): New functions
1682 decode_xxx_ticket so that it is possible to also decode kerberos
1687 * doc/Makefile.in: `test -f' is more portable than `test -e'
1691 * lib/kafs/kafs.h, lib/krb/krb.h: swap order of <sys/cdefs.h> and
1692 <ktypes.h>. Another fix form <shadow@dementia.org>
1696 * lib/krb/krb.h: non-ANSI fix from <shadow@dementia.org>
1700 * man/otp.1: `-o' option
1702 * appl/otp/otp.c: List lock-time with `-l'. New option `-o' to
1703 open an locked entry.
1705 * lib/otp/otp_db.c (otp_get_internal): Save lock_time in returned
1708 * lib/otp/otp.h: New field `lock_time' in OtpContext
1712 * man/otp.1, man/otpprint.1: Update changed default to `md5'
1714 * appl/bsd/rsh.c: Don't use a hard-coded constant in `select'
1716 * configure.in, include/ktypes.c: Handle the case of there being
1717 an old version of our `sys/bitypes.h'.
1721 * lib/des: Merge in changes from libdes 4.01. The optimizations
1722 written in assembler are not used since they in general wont't
1723 work with shared libraries.
1727 * lib/krb/netread.c, netwrite.c: Handle windows discrimation of
1732 * appl/kpopper/pop_init.c: Use `STDIN_FILENO' and `STDOUT_FILENO'
1733 instead of `sp'. OSF's libc isn't quite prepared to have two
1734 different FILEs refer to the same file descriptor.
1738 * doc/dir: Add dir template file.
1741 * appl/kauth/kauth.c (main): AFS style positional argument for -n
1744 * appl/xnlock/xnlock.c (verify): New resource destroyTickets and
1745 corresponding option -nodestroytickets. First try local
1746 authentication and if it fails try kerberos.
1750 * appl/ftp/ftpd/popen.c (ftpd_popen): Correct initialization of
1751 `foo' before call to `strtok_r'
1755 * doc/*.texi: Use @url.
1757 * doc/setup.texi: Added @ifinfo around @dircategory
1763 * appl/kx/rxtelnet.in, appl/kx/rxterm.in: new argument '-w
1764 term_emulator' for specifiying which terminal emulator to use.
1765 Based on a patch from <arve@nada.kth.se>.
1769 * appl/xnlock/Makefile.in, appl/kx/Makefile.in,
1770 lib/auth/Makefile.in: fix the Makefile to do the for loops the
1775 * appl/xnlock/Makefile.in, appl/kx/Makefile.in: do install
1776 correctly even if there are no programs to install
1778 * configure.in: Check for `h_nerr'.
1780 * lib/auth/pam/pam.c: Include <security/pam_appl.h> to make it
1781 compile on Solaris 2.6
1783 lib/sl/sl.c, lib/krb/realm_parse.c, appl/ftp/ftpd/popen.c,
1784 appl/ftp/ftpd/ftpd.c, appl/bsd/login_fbtab.c,
1785 appl/bsd/login_access.c: Initialize the `lasts' to NULL before
1786 calling strtok_r the first time. With our strtok_r it's not
1787 necessary, but the man-page on SGIs says it should be done.
1791 * lib/krb/mk_req.c (krb_mk_req, get_ad_tkt): Support for
1792 multi-realm ticket files by using the best matching TGT to define
1793 the realm of the ticket holder.
1796 * appl/bsd/utmpx_login.c (utmpx_update): Set `ut_id' if we're
1799 * appl/telnet/telnetd/sys_term.c (start_login): Set `ut_id' if
1804 * lib/roken/daemon.c: New file.
1806 * include/protos.H: <sys/types.h> needed on solaris 2.4
1810 * appl/bsd/su.c (kerberos): If kerberos password is zero length
1811 immediately try next scheme.
1814 * lib/kafs/afskrb.c (k_afsklog_uid): Token lifetime should be even
1815 if we don't know the proper ViceId.
1820 * man/Makefile.in: Install preformatted manual pages with correct
1825 * appl/kpopper/popper.h: Remove XTND, and XTND XMIT. Rename XTND
1829 * appl/telnet/telnetd/sys_term.c: Only include <utmp.h> and
1832 * fix-export: Also create cat manpages.
1834 * appl/ftp/ftpd/logwtmp.c: Check for `_PATH_WTMP'
1836 * appl/telnet/telnetd/sys_term.c: Ditto.
1837 Remove stupid macros.
1839 * appl/ftp/ftp/cmds.c (setpeer): Check for `__unix'. This is
1840 (apparently) a standard with many representations.
1842 * appl/ftp/ftpd/ftpcmd.y (SYST): Ditto.
1844 * appl/ftp/ftpd/ftpd.c (retrieve): file must exist to apply a
1847 * appl/ftp/ftpd/ftpd.c (retrieve): Generalise list of commands and
1850 * appl/ftp/ftpd/popen.c (ftpd_popen): Try standard binary if the
1853 * appl/telnet/telnetd/sys_term.c: Use `_getpty' if there's one
1855 * appl/bsd/forkpty.c: Use `_getpty' if there's one
1857 * configure.in: check for `_getpty'
1859 * acconfig.h: correct test for IRIX
1861 * lib/roken/snprintf.c: code for checking the correct functioning
1862 of *nprintf is now #ifdef PARANOIA
1864 * appl/bsd/rlogind.c: fix logging in wtmp and parsing of winsize
1866 * appl/bsd/rlogin.c: New option `-p'.
1868 * lib/des/fcrypt.c: removed `inline' from `des_set_key'
1872 * lib/des/md5.c (MD5Final): Made signature compliant with FreeBSD.
1874 * lib/des/md5.h: Remove digest from MD5_CTX, it is now an argument
1875 to MD5Final instead.
1877 * lib/des/fcrypt.c: Also support MD5 style crypt(2).
1881 * appl/telnet/telnetd/sys_term.c: utmp stuff now seems to be
1882 compatible with login
1884 * appl/ftp/ftpd/logwtmp.c: Add support for logging to wtmpx
1887 * (*/)*/Makefile.in:s (install): Avoid redundant multiple
1888 recursion in install targets.
1890 * Made things compile with socks5-v1.0r1.
1893 * appl/telnet/telnetd/sys_term.c: changed utmp-stuff not to use
1896 * appl/bsd/utmpx_login.c: handle case where there's no wtmpx (such
1899 * appl/bsd/rlogind.c: Added support for utmpx
1903 * lib/roken: removed herror, strchr, and strrchr
1905 * lib/krb/dest_tkt.c(dest_tkt): Only use `lstat' iff HAVE_LSTAT
1907 * lib/krb: snprintf, strdup, strtok_r, and strcasecmp always live
1908 in lib/roken and get linked here when needed.
1910 * lib/roken: removed strchr, strrchr.
1912 * appl/telnet/telnet/telnet.c: Always use our own `setupterm' for
1913 compatibility reasons.
1915 * appl/telnet/telnetd/telnetd.c: Removed <curses.h> and <term.h>.
1916 They doesn't seem to be used and breaks on fujitsu.
1918 * appl/kx/kx.c: try to give a better error message (than a core
1919 dump :-) when talking to an old kxd.
1921 * appl/kx/kxd.c, appl/kip/kipd.c, appl/kauth/kauthd.c: corrected
1922 fencepost error with KRB_SENDAUTH_VLEN.
1924 * appl/ftp/common/buffer.c: new file.
1926 * configure.in: cray hides their bitypes in <bind/bitypes.h>.
1927 Also check for this file.
1929 * appl/telnet/telnet/telnet_locl.h: moved termios.h before
1930 curses.h. This was needed to compile on cray, but will probably
1931 break on some other host.
1935 * server/kerberos.c: Implement changes to the tcp protocol, while
1936 being compatible with the old protocol.
1938 * lib/krb/send_to_kdc.c: The old method to signal end of
1939 transmission by closing the sending side of the socket does not
1940 work well through some firewalls. This is now changed so that the
1941 client instead sends the length of the request as a four byte
1942 integer (in network byte order) before sending the data.
1946 * appl/telnet/telnetd/sys_term.c: HAVE_UTMPX -> HAVE_UTMPX_H. Fix
1949 * appl/bsd/utmp_login.c: UTMPX_DOES_UTMP_LOGGING -> HAVE_UTMPX_H
1951 * appl/bsd/sysv_environ.c: Use k_concat rather than snprintf.
1955 * kuser/klist.c: updated usage string
1957 * lib/otp/otp_print.c: make word table and reverse word table
1962 * */*: Added some __attribute__ ((format (printf))) and fixes
1965 * appl/ftp/common/sockbuf.c: start probing at 4Mb
1967 * appl/ftp/ftpd/ftpd.c: use MAP_FAILED
1969 * appl/ftp/ftp/ftp.c: Use MAP_FAILED.
1970 (alloc_buffer): new function for allocating a buffer of size
1971 max(BUFSIZ, st.st_blksize) (Based on a patch from
1974 * appl/ftpd/ftpdcmd.y: hack for reget.
1976 * appl/kx/kxd.c: Give a error message to old-version kx.
1978 * replaced vsprintf with vsnprintf.
1980 * lib/roken/vsyslog.c: not used. removed.
1982 * Changed <sys/bitypes.h> -> <ktypes.h>
1984 * include/Makefile.in: Added ktypes.h
1986 * include/sys/Makefile.in: removed bitypes.h
1990 * appl/ftp/ftp/ftp.c: Open files in binary mode.
1992 * appl/ftp/ftpd/ftpd.c (checkaccess): Changed to make absent file
1993 mean `allow'. Added shell matching to names (if fnmatch is
1997 * appl/ftp/ftpd/kauth.c (kauth): Use `DEFAULT_TKT_LIFE'
1999 * appl/ftp/ftpd/ftpcmd.y, appl/ftp/ftpd/ftpd.c: always cast to
2000 (long) before printing out an `off_t'
2002 * lib/kdb/print_princ.c (krb_print_principal),
2003 lib/kdb/krb_lib.c (kerb_put_principal),
2004 admin/kdb_edit.c (change_principal),
2005 admin/kdb_util.c (print_time) : gmtime should never return
2008 * appl/ftp/ftpd/ftpcmd.y: Year 2000 fix
2010 * appl/telnet/telnetd/telnetd.c: removed code that used `getent'
2012 * lib/roken/getent.c: removed
2016 * appl/ftp/ftpd/ftpd.c: fix for mmap and restart_point
2018 * kadmin/ksrvutil_get.c (ksrvutil_get): get correct default realm
2022 * configure.in (REAL_PICFLAGS): Use `-fPIC' instead of `-fpic',
2023 otherwise it's not possible to make libotp on hpux.
2025 * configure.in: try sending picflags even when linking a shared
2028 * lib/roken/getent.c: remove getstr
2030 * configure.in: removed unneeded REAL_-variables working shared
2033 * appl/kip/kip.h: Added <net/if_var.h>
2035 * */Makefile.in: Use @LDSHARED@
2037 * configure.in: Fix shared libraries on HP/UX.
2039 check for `getstr' and `cgetstr' in curses
2041 * appl/telnet/telnet: clean-up
2043 * lib/kafs/afssys.c: ifdef-out the code that is not used to avoid
2044 referencing `syscall' on AIX.
2046 * lib/krb/et_list.c: s/WEAK_PRAGMA/PRAGMA_WEAK/
2048 * aclocal.m4 (AC_HAVE_PRAGMA_WEAK): redirect output
2050 * lib/roken/snprintf.c: fix for the case of max_sz == 0
2052 * doc/kth-krb.texi: Add @dircategory and @direntry to enable
2053 `install-info' to install this entry in `dir'.
2055 * appl/telnet/telnetd/Makefile.in: Don't link with getstr
2058 * lib/auth/sia/krb4_matrix.conf: Fix entries for ses_release and
2063 * lib/auth/sia/sia.c: Some cleanup.
2067 * configure.in: only link the programs that need it with the
2071 * lib/auth/sia/sia.c: Merge code for for normal and su
2075 * Replaced sprintf with snprintf and asprintf all over the place.
2077 * lib/roken/snprintf.c: Added asnprintf and vasnprintf
2079 * lib/roken/snprintf.c: implemented asprintf, vasprintf
2081 * lib/roken/snprintf.c: new file
2085 * lib/kafs/afskrb.c (k_afsklog_all_local_cells): Use `k_concat'
2089 * lib/krb/{get_host,get_krbrlm,getrealm,realm_parse}.c: Fix some
2090 potential buffer overruns.
2092 * lib/krb/k_concat.c: Safely concatenate two strings.
2096 * appl/telnet/libtelnet/kerberos.c: removed stupid #if 0
2098 * appl/bsd/rlogind.c (send_oob): different default for `last_oob'
2099 to avoid losing first OOB packet
2103 * appl/voodoo/AuthOption.cpp: provoke the telnetd in turning on
2108 * lib/kafs/afskrb.c (realm_of_cell): don't overflow buffer with
2109 result from `gethostbyaddr'
2111 * lib/krb/name2name.c (krb_name_to_name): new parameter
2112 `phost_size' to disable buffer overflowing. Changed all callers.
2114 * lib/krb/k_getsockinst.c: New parameter `inst_size' to disable
2115 buffer overflowing. Changed all callers.
2117 * appl/kpopper/Makefile.in: soriasis make stupidity
2119 * appl/kx/Makefile.in: don't include encdata.c in SOURCES_COMMON,
2120 otherwise DEC make gets upset.
2124 * lib/krb/k_getsockinst.c: Use same name as in krb_get_phost.
2127 * acconfig.h: hp-ux 10 also has `pututxline' that writes both to
2132 * include/win32/config.h: adapted to win95/NT
2134 * appl/voodoo: Merged in win32-telnet from <d93-jka@nada.kth.se>
2136 * lib/krb/tkt_string.c: dummy `getuid' function.
2138 * lib/krb/ticket_memory.c (tf_setup): implement
2140 * lib/roken/roken.mak, roken.def: new files
2142 * lib/des/des.def: Removed des_random_{seed,key}
2144 * lib/krb/dllmain.c: Rewrote `msg'.
2145 Better explanation when it fails to spawn `krbmanager'.
2147 * lib/krb/tf_util.c: backwards `in_tkt' added.
2149 * lib/krb/in_tkt.c: removed
2151 * lib/kclient/KClient: Reformatted and fixed.
2155 * appl/ftp/ftpd/ftpd.c: Incorporate /etc/ftpusers changes from
2158 * appl/ftp/ftpd/ftpd.c: Handle oob-stuff better.
2162 * appl/kpopper/pop_{dropinfo,send,updt}.c: Fix 'From ' line
2165 * appl/kpopper/pop_dropinfo.c: Add support for xover.
2167 * appl/kpopper/pop_xover.c: Add some kind of xover support.
2169 * appl/kpopper/pop_debug.c: New tiny popper debugging program.
2173 * lib/krb/kdc_reply.c (kdc_reply_cred): fix sanity checks.
2175 * appl/bsd/rshd.c: k_afsklog so that remote command gets a token.
2180 * appl/bsd/rcp.c (main): Rcp implements encrypted file transfer
2181 without using the kshell service.
2184 * lib/krb/mk_safe.c: Emit new checksum.
2186 * lib/krb/rd_safe.c: New code to handle both new and old
2189 * lib/des/qud_cksm.c: Fix compatibility with mit deslib.
2193 * lib/sl/sl.c (sl_match): initialize `partial_cmd'
2197 * lib/kafs/kafs.h: Ugly addition of `_P'
2199 * lib/kafs/afssys.c: <sys/socket.h> contains the definition of
2202 * appl/telnet/telnet/utilities.c: <sys/socket.h> needed by
2205 * doc/Makefile.in: always run $(MAKEINFO).
2207 * lib/otp/otp_md.c (sha_finito_little_endian): byte-swap
2210 * include/sys/bitypes.H: Added #ifndef for types
2212 * configure.in: test for types
2214 * aclocal.m4: Stolen AC_GROK_TYPES? from heimdal
2217 * appl/ftp/ftp/ftp.c: Fix passive mode.
2221 * appl/kauth/ksrvtgt.in: New ksrvtgt script.
2225 * lib/krb/kdc_reply.c: Add some range checking.
2228 * lib/otp/otptest.c: Updated tests from `draft-ietf-otp-01.txt'.
2229 Passes verification examples from appendix C.
2231 * admin/kdb_util.c: All usage strings are now consistent (and even
2236 * lib/kafs/afssys.c (k_pioctl): Separate syscall functionality and
2237 kerberos convenience routines into afssys.c and afskrb.c. This to
2238 make it possible to use k_pioctl() without linking in all
2239 libraries in the world.
2243 * appl/telnet/telnet/commands.c: Rename suspend to telnetsuspend,
2244 since Unicos has one of its own.
2248 * appl/bsd/{rsh,rlogin}.c: Don't look at argv[0].
2251 * man/tenletxr.1: new file
2253 * appl/kx/rxtelnet.in, appl/kx/rxterm.in, appl/kx/tenletxr.in:
2256 * appl/kx/tenletxr.in: new script for running kx in backwards
2259 * appl/kx: New version of protocol.
2261 * appl/kauth: Use err & c:o
2263 * appl/kauth/encdata.c (read_encrypted): Give better return code
2267 * appl/ftp/ftp/krb4.c: Use stdout rather than stderr. Add newlines
2270 * kuser/kdestroy.c: Use set_progname, make -q equal to -f, remove
2273 * lib/roken/warnerr.c: New function set_progname.
2274 * aclocal.m4: Invert test of AC_NEED_DECLARATION and rename it to
2275 AC_CHECK_DECLARATION. Add new function AC_CHECK_VAR, that looks
2276 for a variable, including a declaration.
2278 * lib/roken/roken.h: Add optional declaration for __progname.
2280 * lib/roken/*{err,warn}.c: Restructure err and warn functions.
2284 * appl/telnet/telnet/sys_bsd.c: Maybe-fix for HP-UX 10: Ifdef
2285 SO_OOBINLINE, don't even select for exceptional conditions.
2287 * lib/otp/otp_md.c: always downcase the seed.
2288 byte-swap the SHA result.
2292 * appl/otp/otp.c: removed bad free of global data
2296 * configure.in: moved version.h and config.h to include
2299 * acconfig.h: Fix utmp/utmpx stuff on OSF/1.
2302 * appl/bsd/rlogind.c (control): Rewritten to handle the case of
2303 there being no `ws_xpixel' and `ws_ypixel'
2305 * appl/bsd/rlogin.c (sendwindow): Rewritten to handle the case of
2306 there being no `ws_xpixel' and `ws_ypixel'
2308 * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): Also test for `ws_xpixel'
2311 * lib/otp/otp.h: Change default global timeout
2313 * lib/krb/tf_util.c (tf_setup): Also take `pname' and `pinst'
2315 * appl/telnet/telnetd/sys_term.c, appl/bsd/utmpx_login.c: Do
2316 gettimeofday and then copy the data for the sake of those systems
2317 like SGI that can have different timevals in file and memory.
2319 * configure.in: Allow `--with-readline'
2321 * lib/editline/edit_compat.c (readline): strdup data before
2325 * appl/telnet/telnetd/state.c: Change size of subbuffer to 2k.
2329 * lib/krb/decomp_ticket.c: Add some range checking.
2331 * appl/ftp/ftpd/krb4.c: Check return value from krb_net_write.
2333 * appl/ftp/ftp/ftp.c: Fix hash mark printing.
2337 * appl/kauth/kauthd.c: more logging
2339 * man/kx.1, man/kxd.8: Updated.
2341 * appl/kx/kx.c, kxd.c: Hacked so that all TCP-connections are kx
2345 * lib/editline/edit_compat.c: BSD libedit comatibility.
2349 * appl/ftp/ftpd/ftpd.c: Set `byte_count' even when using mmap.
2350 Log foreign IP address together with hostname.
2354 * server/kerberos.c: Fix log file muddle.
2358 * appl/bsd/kcmd.c (kcmd): check malloc for failure.
2362 * man/ftpd.8: Documented the `-g' option.
2364 * appl/ftp/ftpd/ftpd.c: New option `-g umask' for specifying the
2365 umask for anonymous users.
2367 * appl/ftp/ftpd/ftpd.c: conditionalize SIGURG
2369 * appl/otp/otp.c: More fixes from Fabien COELHO
2370 <coelho@cri.ensmp.fr>. Check for current OTP before allowing the
2375 * appl/otp/otp.c: updated help string
2377 * appl/bsd/Makefile.in: Fixed installation of suid programs.
2379 * appl/telnet/libtelnet/kerberos.c: fix some stuff to get
2380 forwarding code to compile
2382 * lib/otp/otp_db.c: fix for signed char overflow.
2385 * lib/krb/resolve.c: Patch from Jörgen Wahlsten
2386 <wahlsten@pathfinder.com>: Zero out resource record, and send
2387 correct length to dn_expand.
2391 * lib/roken/roken.h: Check for `_setsid'
2393 * appl/ftp/ftp/ftp.c: s/__CYGWIN32__/HAVE_H_ERRNO/
2395 * include/Makefile.in: Generete krb_err.h and kadm_err.h before
2396 linking/copying them
2398 * aclocal.m4: AC_FIND_FUNC: Add the library at the beginning of
2401 * configure.in: Use AC_PROG_RANLIB
2402 Always use EMXOMF under OS/2
2403 Check for sys/termio.h and _setsid
2406 * configure.in: A preliminary fix for editline.
2408 * appl/telnet/libtelnet/kerberos.c: Include ticket forwarding
2411 * lib/krb/krb_get_in_tkt.c: Use tf_setup.
2413 * lib/krb/krb_get_in_tkt.c: New function tf_setup.
2417 * man/otp.1: updated
2419 * appl/otp/otp.c: New options `-d' and `-r'. From Fabien COELHO
2420 <coelho@cri.ensmp.fr>
2422 * lib/otp/otp.h: Changed default from md4 to md5
2423 * lib/otp/otp_db.c (otp_get, otp_simple_get): New functions.
2427 * appl/kx/rxtelnet.in: allow specification of port number
2429 * appl/otp/otp.c: Add `-u' option
2433 * appl/ftp/common/glob.c: Rename FOO -> CHAR_FOO to avoid
2434 collision with symbol in sys/ioctl.h
2438 * man/kpropd.8: updated
2440 * appl/bsd/rcmd_util.c: warning needs to know what program is
2443 * slave/kpropd.c: New explicit flag `-i' for interactive. Don't
2444 use AI to figure out if we have been started by inetd or not.
2448 * appl/kx/rxtelnet.in, appl/kx/rxterm.in: Patch for sending -l to
2449 kx. From <map@stacken.kth.se>
2451 * kuser/klist.c: corrected alignment of `expired'
2453 * appl/telnet/telnet/commands.c: replaced lots of \n by \r\n
2457 * configure.in (socket, gethostbyname, getsockopt, setsockopt):
2459 (HAVE_H_ERRNO): New test
2461 * lib/roken/herror.c (herror): Check HAVE_H_ERRNO
2462 lots of other files as well.
2466 * appl/bsd/rcp.c: Work around the non-working getpw* in cygwin32
2468 * lib/krb/logging.c: Init function for `std_log´
2470 * appl/telnet/telnet/utilities.c: Remove `upcase´
2471 Check HAVE_SETSOCKOPT
2473 * appl/telnet/telnet/telnet.c: Use `strupr´ instead of `upcase´
2475 * appl/telnet/telnet/commands.c, appl/movemail/pop.c,
2476 appl/kauth/rkinit.c, appl/ftp/ftp/ftp.c,
2477 appl/sample/sample_client.c: Ifdef around for the non-existence of
2478 `h_errno' in cygwin32.
2480 * lib/des/read_pwd.c: work-around for cygwin32
2482 * appl/telnet/telnet/sys_bsd.c: work-around for cygwin32
2486 * lib/krb/tf_util.c: gnu-win32 needs to open files with O_BINARY.
2490 * configure.in: removed duplicate of initgroups and lstat
2491 Use AC_KRB_STRUCT_WINSIZE
2493 * aclocal.m4 (AC_KRB_STRUCT_WINSIZE): New test
2495 * lib/krb/getaddrs.c: Check for SIOCGIFFLAGS and SIOCGIFADDR
2497 * appl/bsd/rlogin.c: conditional on SIGWINCH
2499 * appl/bsd/rcmd_util.c et al: conditional getsockopt
2501 * configure.in (cygwin32): New target
2502 (getsockopt, getsockopt): Test for
2503 (herror, hstrerror): Better tests
2505 * aclocal.m4 (AC_FIND_IF_NOT_BROKEN): Pass arguments to
2510 * configure.in: Add EXECSUFFIX
2512 * appl/kx/rxterm.in: rsh -n
2514 * lib/krb/unparse_name.c (krb_unparse_name_long_r): new function
2517 * lib/auth/sia/sia.c: Fix a bug with ticket filename. Add afs
2520 * lib/krb/get_host.c: Use KRB_SERVICE.
2524 * lib/auth/sia/Makefile.in: Add linker magic fix for broken,
2525 conflicting kerberos code in xdm.
2529 * appl/xnlock/xnlock.c (verify): Change the "LOGOUT" password to
2530 be manageable as X-resource XNlock*logoutPasswd. The password is
2531 stored in UNIX crypt format so that it can be stored in a global
2532 resource file for sites that whish to keep it a secret.
2535 * configure.in: Check for winsize in sys/ioctl.h also.
2539 * lib/krb/get_default_principal.c: Use principal from
2540 KRB4PRINCIPAL before using uid.
2544 * appl/telnet/telnet/sys_bsd.c: Use `get_window_size'
2546 * lib/roken/get_window_size.c: New file
2548 * appl/bsd/rlogin.c: Use `get_window_size'
2550 * appl/bsd/forkpty.c, appl/bsd/rlogind.c: conditionalize on
2553 * configure.in: Check for `_scrsize' and `struct winsize'
2557 * Makefile.in (install-strip, travelkit-strip): New targets.
2561 * */Makefile.in: Use @foo_prefix@ and @program_transform_name@
2562 Add code to uninstall target
2566 * configure.in: Set LIBPREFIX
2568 * config.sub: Add os2 as a system
2570 * config.guess: Try to recognize i386-pc-os2_emx
2572 * configure.in: case for *-*-os2_emx
2573 NEED_PROTO for `strtok_r'
2575 * aclocal.m4: ranlib is apparently calld EMXOMF on OS/2
2576 (AC_KRB_PROG_LN_S): New test that uses cp if ln fails
2580 * appl/bsd/login.c (main): First try to verify password using
2581 standard UNIX method and if it fails try kerberos authentication.
2585 * appl/bsd/rcp.c: consider case of no fchmod
2587 * appl/kpopper/pop_init.c: Use k_getsockinst.
2589 * lib/roken/{strupr,strlwr,strchr,strrchr,lstat,initgroups,chown,
2590 fchown,rcmd}.c: new files
2592 * appl/kpopper/pop_lower.c: Removed.
2594 * Makefile.in (travelkit): New target.
2598 * lib/krb/parse_name.c (kname_parse): Only copy realm if it is
2601 * lib/krb/get_host.c (krb_get_host): Treat no realm as local
2606 * appl/ftp/ftpd/ftpd.c: Get afs-tokens when logging in with
2610 * slave/kprop.c: flock with K_LOCK_SH
2614 * appl/telnet/telnet/commands.c: Also export XAUTHORITY
2618 * kadmin/ksrvutil.c: If realm is not specified, use the local one.
2622 * appl/kauth/kauthd.c: Use KAUTH_VERSION. Try to give correct
2623 error messages back to kauth.
2625 * config.sub, config.guess: Merged in changes from autoconf 2.12
2627 * appl/bsd/rsh.c: quick hack to make `-n' to the right thing.
2629 * kadmin/kadm_locl.h: Add prototype for FascistCheck.
2633 * man/afslog.1: Documented `-createuser'
2635 * appl/afsutil/aklog.c: removed `cell_of_file' Added option
2636 `-createuser' to run pts to create a foreign principal.
2640 * lib/otp/otp_challenge.c: Initialize error string and check for
2643 * lib/roken/mini_inetd.c: Initialize `sin_family'
2645 * appl/kpopper/pop_init.c: Add `-p' option and make `-a'
2648 * appl/bsd/rshd.c: Add `-p' option.
2650 * appl/bsd/rlogind.c: Handle `-p' correctly.
2652 * appl/bsd/login.c: Removed confusing initialization of
2655 * appl/kpopper/pop_dropinfo.c: Remove white-space at the beginning
2664 * kadmin/ksrvutil_get.c: Use `krb_unparse_name_long' Better
2667 * lib/krb/krb.h: Added *_to_key
2669 * lib/krb/get_svc_in_tkt.c (srvtab_to_key): Make public
2671 * kadmin/kadmin.c (do_init): `-p' is a synonym for `-u'
2672 (do_init): more logical defaults
2673 (help): removed old code
2674 better error messages
2676 * lib/krb/get_in_tkt.c (passwd_to_key, passwd_to_afskey): Export
2677 and remove functionality for reading passwords.
2679 * lib/sl/sl.c: Nicer help output.
2681 * lib/otp/otp_challenge.c: Initialize `challengep'
2683 * lib/krb/Makefile.in: Removed get_pw_tkt.c
2687 * lib/auth/sia/sia.c: Now compiles under Digital UNIX 4.0.
2691 * lib/auth/pam/pam.c: Chown ticketfile to correct GID.
2695 * appl/kx/rxtelnet.in: Try to set the screen number as well.
2697 * Be careful not to thrust `h_length' from gethostby{name,addr}
2699 * appl/bsd/rcmd_util.c (ip_options_and_die): New function.
2701 * configure.in: moved headers before functions.
2702 call AC_PATH_XTRA_XTRA.
2703 Add strchr, index, rindex, and strrchr to AC_CHECK_FUNCS.
2704 remove strchr and strrchr, add strtok_r from/to AC_BROKEN.
2706 * aclocal.m4 (AC_PATH_XTRA_XTRA): New macro.
2708 * aclocal.m4 (AC_FIND_FUNC, AC_FIND_FUNC_NO_LIBS): Two new
2709 arguments: includes and arguments)
2711 * configure.in: Need to supply arguments and includes to test for
2712 `res_search' and `dn_expand'
2714 * lib/kafs/afssys.c (k_setpag): Handle AFS_SYSCALL3
2716 * Use `k_getpw{nam,uid}' instead of getpw{nam,uid}.
2718 * Replace lots of `strtok' with `strtok_r'.
2720 * lib/sl/sl.c: Allow unlimited number of arguments. Use
2721 `strtok_r' to divide up string into arguments.
2723 * lib/roken/roken.h: Added `strtok_r'
2725 * configure.in: Test for `strtok_r'
2727 * include/Makefile.in: Don't build in ss
2729 * Makefile.export: Fixed ChangeLog-generation
2731 * lib/sl/sl.c: Let `readline' to the \n-removal. Handle empty
2732 lines. Don't store empty lines in the history.
2736 * lib/sl/sl.c: Use readline compatible i/o.
2739 * lib/otp/otp_locl.h: Changed location of otp database to /etc
2741 * appl/otp/Makefile.in: Install otp setuid root.
2743 * util/Makefile.in: don't build SS
2745 * lib/sl: New directory.
2747 * kadmin/kadmin.c: Replaced SS by SL.
2751 * kadmin/kadm_funcs.c: Improved log messages.
2754 * Use KRB_TICKET_GRANTING_TICKET.
2757 * server/kerberos.c: Don't do any special logging when running as
2761 * Lots of files: remove unnecessary `(void)'
2763 * Lots of files: remove unnecessary `register' declaration.
2766 * lib/krb/get_host.c: Only keep list of hosts from requested
2770 * man/otpprint.1, otp.1: New files.
2772 * appl/otp/otp.c: `-s' is now default.
2774 * appl/otp/otp.c: removed count
2776 * lib/des/destest.c: more general quad_cksum test.
2778 * lib/otp/otp_print.c (otp_print_stddict_extended,
2779 otp_print_hex_extended): New functions.
2781 * lib/otp/otptest.c: New file.
2784 * appl/ftp/ftpd/ftpd.c: Change default auth level to what was
2785 formerly known as `user'.
2787 * appl/ftp/ftpd/ftpd.c: Orthogonalize arguments to -a
2790 * appl/kip/kip.c: Try all addresses we get back from the name
2793 * kadmin/kpasswd.c: updated to new functions.
2795 * lib/otp/otp_db.c (otp_db_open): Do a few retries. Unlock in
2796 case this file cannot be opened.
2798 * doc/kth-krb.texi: New chapter about OTPs.
2800 * appl/otp/otpprint.c, appl/otp/otp.c: Use OTP_ALG_DEFAULT.
2801 Consistent language Check return value from des_read_pw_string.
2803 * lib/otp/otp.h: Add OTP_ALG_DEFAULT
2806 * lib/krb/parse_name.c: New function krb_parse_name
2810 * appl/bsd/login.c: removed S/Key.
2811 Added OTP with option `-a otp'
2812 Reorganized verification loop.
2814 * appl/bsd/Makefile.in (login): Remove skey and add OTP
2816 * configure.in: Test for `uid_t' and `off_t'
2818 * appl/telnet/telnetd/telnetd.c: Removed `-s' for securID and
2819 added `-a otp' for OTP.
2821 * appl/kpopper: removed s/key and added OTP support. Updated
2824 * lib/otp/otp.h: more fields in the struct and a new function.
2826 * appl/ftp/ftpd/ftpd.c: Full OTP support.
2828 * appl/kx/rxterm.in: Add options: -l username, -r args_to_rsh, and
2831 * appl/kx/rxtelnet.in: Add options: -l username, -t
2832 args_to_telnet, and -x args_to_xterm
2834 * man/kx.cat1: regenerated
2836 * man/kx.1: Added `-l' option.
2838 * appl/kx/kxd.c: Accept username from `kx'
2840 * appl/kx/kx.c: Introduced option `-l user' to be able to login as
2845 * appl/kx/kx.c: Print out display and not display_nr
2847 * lib/auth/Makefile.in: Fix the case with empty SUBDIRS.
2849 * */Makefile.in: Use $(LN_S) instead of ln -s
2851 * */Makefile.in: Add @SET_MAKE@
2853 * doc/latin1.tex: New file.
2855 * doc/kth-krb.texi: Use latin1.tex to be able to use one letter
2856 that some bear seem to think is important.
2858 * doc/kth-krb.texi: Added acknowledgements.
2860 * lib/auth/Makefile.in: Only build relevant subdirectories.
2862 * configure.in: Set @LIB_AUTH_SUBDIRS@ to the subdirectories of
2863 lib/auth that should be built.
2866 * lib/kafs/afssys.c: Only get tokens for each cell once.
2870 * man: Added man pages for movemail(1) and kerberos(8).
2873 * kadmin/kadmin_cmds.ct: Add `add' for add_new_key and `passwd'
2874 for change_password.
2877 * lib/krb/logging.c: Now actually compiles!
2880 * config.{guess,sub}: Merge changes from Autoconf
2883 * lib/krb/{recv,send}auth.c: Don't return errno if there is a
2888 * util/ss/Makefile.in: Now even compiles with BSD make!
2890 * appl/kx: Now send the complete display from `kxd' to `kx'. This
2891 should enable it to work better with Xlibraries that don't support
2894 * kuser/klist.c: conditionally include <sys/ioctl.h> and
2895 <sys/ioccom.h> before <kafs.h>
2897 * lib/krb/resolve.h: Add fallback for `T_TXT'.
2899 * appl/otp/otp.c: removed print-functionality.
2901 * appl/otp/otpprint.c: New file.
2903 * appl/otp/Makefile.in: New program `otpprint'
2905 * lots of Makefile.in: Now should be possible to build with makes
2906 that have broken VPATH-handling.
2908 * configure.in: Always replace REAL_SHARED & c:o so that some
2909 libraries may be built as shared.
2910 Removed unused AC_SUBST.
2911 Only build afskauthlib on irix.
2913 * lib/auth/afskauthlib/Makefile.in, lib/auth/sia/Makefile.in,
2914 lib/auth/pam/Makefile.in: Always build as a shared library.
2916 * appl/kx/rxtelnet.in, appl/kx/rxterm.in: export PATH (from
2920 * lib/krb/{pkt_cipher,fgetst}.c: Removed
2922 * lib/krb/name2name.c: Renamed k_name_to_name to krb_name_to_name
2926 * appl/telnet/telnetd/sys_term.c: Really remove bad stuff from
2931 * appl/bsd/rlogind.c (main): `portnum' should be int.
2933 * appl/bsd/sysv_environ.c: Use _PATH_ETC_ENVIRONMENT
2935 * appl/bsd/pathnames.h: _PATH_ETC_ENVIRONMENT: new
2937 * lib/krb/get_host.c (srv_find_realm): New parameter `service'
2940 * lib/krb/unparse_name.c: New function.
2944 * lib/auth/pam/pam.c: Add PAM Kerberos module.
2948 * configure.in: configure in lib/auth/afskauthlib
2950 * lib/kafs/afssys.c: New function `k_afsklog_uid'.
2952 * lib/auth/afskauthlib: New library that works like
2953 `afskauthlib.so' from Transarc.
2956 *lib/krb/get_host.c, lib/krb/getrealm.c, lib/kafs/afssys.c: Use
2959 * lib/krb/resolve.c (dns_lookup): Replaced several different
2960 resolver functions with one more generalized.
2964 * Add check target in lib/krb.
2966 * appl/bsd/login.c (main): Sleep 10 seconds before bailing out so
2967 that there is a chance of reading the error message.
2969 * appl/bsd/rsh.c (main): When invoked as rlogin equivalent change
2970 to real uid before execing rlogin.
2974 * appl/bsd/utmp_login.c: Do the right thing on systems where
2975 UTMPX_DOES_UTMP_LOGGING is defined.
2978 * lib/krb/krb.h: names for `krb_kuserok' prototype
2980 * lib/krb/get_host.c: Add tcp/kerberos.REALM as well.
2982 * appl/bsd/su.c: Replace call to `kuserok' by `krb_kuserok'.
2984 * lib/otp/otp_parse.c: Add support for parsing extended responses
2985 (draft-ietf-otp-ext-01).
2987 * lib/otp/otp.h: Define OTP_HEXPREFIX and OTP_WORDPREFIX.
2989 * appl/otp/otp.c: Add option `-e' for printing responses in
2990 extended mode (according to draft-ietf-otp-ext-01.txt).
2993 * lib/krb/kuserok.c: Function krb_kuserok now takes name,
2994 instance, realm rather than an AUTH_DAT.
2998 * lib/auth/sia: Add SIA Kerberos module.
3001 * lib/roken/roken.h: Need to include signal.h prior to defining
3004 * appl/bsd/utmpx_login.c (utmpx_update): Minor restructuring for
3005 simplified maintainability.
3007 * appl/bsd/utmp_login.c (utmp_login): Even when there are utmpx
3008 files on this system we should also log to the utmp files. If
3009 there are no utmp files we of course don't have to log to them.
3012 * Makefile.export: now generate PROBLEMS and COPYRIGHT as well.
3014 * PROBLEMS, COPYRIGHT, doc/kth-krb.info: removed
3016 * doc/kth-krb.texi: Put copyrights in marketing order.
3018 * appl/kpopper/popper.h: client and ipaddr should be char [] so
3019 that we can store the names there.
3021 * appl/kpopper/pop_init.c: save copies of addresses that otherwise
3026 * lib/krb/send_to_kdc.c (send_recv_it): Use `recv' not `recvfrom'
3027 to make winsock happy. Also don't care anymore about from which
3028 address we got the answer since we do a `connect'.
3030 * admin/adm_locl.h, lib/kdb/kdb_locl.h, kadmin/kadm_locl.h,
3031 lib/krb/krb_locl.h, lib/roken/strftime.c, server/kerberos.c: Do
3032 not use #if, use #ifdef.
3034 * configure.in: Test for `rand' and `getuid'
3037 * slave/kprop.c: Don't terminate on trivial errors in slaves-file.
3041 * doc/Makefile.in: Install from source directory if necessary.
3043 * lib/krb/kuserok.c: Do not use `k_getpwnam' in libkrb.
3045 * configure.in: You can't even use `unset', Ultrix sh does not
3049 * several files: Check status from des_read_pw_string.
3052 * server/kerberos.c: Make sure all data is recieved on a tcp
3053 socket before trying to reply.
3056 * lib/krb/krb.h: Add <time.h> for `struct tm'
3058 * appl/kx/Makefile.in: Both kx and kxd requires @XauWriteAuth@
3060 * configure.in: Fix test for `XauReadAuth'
3064 * lib/krb/get_host.c (init_hosts): Must ntohs(KRB_PORT) on
3065 machines running backwards.
3067 * More consistent use of CRLF in telnet and telnetd.
3069 * Removed redundant -I$(srcsdir)/../../include from compiler args.
3072 * appl/ftp/ftpd/ftpd.c: New option `-a otp' to allow OTPs but no
3073 ordinary passwords in cleartext.
3075 * appl/ftp/ftpd/Makefile.in: Link `ftpd' with -lotp
3077 * lib/Makefile.in: Add otp
3079 * include/Makefile.in: Add otp.h
3081 * configure.in: Test for ndbm.h
3082 Generate Makefiles in lib/otp and appl/otp
3084 * appl/otp: New program to set up and generate OTPs.
3086 * lib/otp: New library for one-time passwords (RFC1938).
3088 * lib/krb/get_host.c (srv_find_realm): Added parameter `proto'
3090 * lib/des/Makefile.in: Add md4 and sha. run `mdtest' from check.
3092 * lib/des/md4.h, lib/des/md4.c, lib/des/sha.c, lib/des/sha.h,
3093 lib/des/mdtest.c: New files.
3095 * appl/kauth/Makefile.in: Make $(libexedir) as well.
3099 * appl/bsd/rlogind.c (setup_term): Actually set the speed of the
3102 * appl/bsd/rlogin.c (main): Do a `speed_t2int' before putting the
3103 speed in the TERM variable.
3105 * appl/bsd/rcmd_util.c: New functions: `speed_t2int' and
3108 * appl/bsd/bsd_locl.h: Added prototype of `speed_t2int' and
3113 * appl/bsd/login.c: Do `getspnam' before change the UID. Also call
3116 * appl/krbmanager: New program used on PCs by kclient.
3118 * lib/kclient: New library.
3120 * lib/des, lib/krb: Added some PC-specific files.
3122 * doc/kth-krb.info: Regenerated.
3124 * doc/Makefile.in (kth-krb.info): Some stupid makes don't
3126 (kth-krb.html): New rule.
3128 * doc/kth-krb.texi (Compiling from source): Added some references
3133 * doc/kth-krb.texi: Added text about ``--with-socks''.
3135 * configure.in: Use `AC_TEST_PACKAGE' for skey and socks.
3137 * aclocal.m4: Replaced `AC_TEST_SOCKS' and `AC_TEST_SKEY' with the
3138 more general `AC_TEST_PACKAGE'.
3142 * configure.in: call AC_TEST_SOCKS
3146 * aclocal.m4: Added AC_TEST_SOCKS
3148 * lib/krb/send_to_kdc.c (send_to_kdc): Removed unused `f' and
3153 * man/popper.8: Option `-i'
3155 * appl/kpopper/pop_send.c: clean-up
3157 * appl/kpopper/popper.h: Removed old garbage and added SKEY.
3159 * appl/kpopper/pop_xmit.c: clean up
3161 * appl/kpopper/pop_user.c: SKEY-support
3163 * appl/kpopper/pop_pass.c: Added support for spaces in passwords
3166 * appl/kpopper/pop_init.c: Moved some variables into struct pop
3167 (main): Added support for `-i'
3169 * appl/kpopper/pop_get_command.c: New command "HELP".
3171 * appl/kpopper/Makefile.in: Add SKEY-stuff.
3173 * lib/krb/get_host.c: Use `k_getportbyname(KRB_SERVICE,...)' as a
3174 default instead of KRB_PORT
3176 * lib/krb/getaddrs.c (k_get_all_addrs): Add
3177 gethostbyname(k_gethostname()) as a fallback.
3179 * lib/krb/k_getport.c (k_getportbyname): proto can be NULL
3181 * lib/krb/krb.h: Only include <sys/types.h> if HAVE_SYS_TYPES_H
3183 * lib/krb/prot.h: KRB_SERVICE: Added
3186 * server/kerberos.c: Replaced linked list with a vector.
3190 * server/kerberos.c: Add support for TCP connections.
3192 * lib/krb/send_to_kdc.c: On stream sockets, use krb_net_read
3193 rather than recvfrom.
3197 * doc/kth-krb.texi: Only use `kdb_edit' to add the initial
3198 `nisse.admin'. Add all other users with `kadmin'.
3200 * doc/kth-krb.info: new file.
3202 * doc/kth-krb.texi: Added some text about kx and ftp.
3204 * appl/ftp/ftpd/ftpcmd.y,
3206 util/et/error_table.y :
3207 Added code for handling the case of using `bison' and having no
3208 `alloca'. Alloca is usually never called anyway, so we just use
3211 * appl/kx/kxd.c: All static variables are now global and in
3213 (doit_conn, doit): Turn on TCP_NODELAY.
3214 (create_and_write_cookie, suspicious_address): Moved to common.c
3216 * appl/kx/kx.c (connect_host): Try all addresses of `host'. Turn
3218 (doit): prepare for TCP-only hosts.
3219 (usage,main): add `-t'
3220 (main): Passive mode is possible again.
3222 * appl/kx/kx.h: More #ifdefs for include files. Declarations for
3225 * appl/kx/common.c (get_xsockets): Try to chmod
3226 dirname(`X_UNIX_PATH')
3227 (get_xsockets): Turn on TCP_NODELAY on TCP connections.
3229 * doc/Makefile.in: New file
3231 * Makefile.in: Added `doc' to `SUBDIRS'
3233 * configure.in: Generate `doc/Makefile'
3237 * appl/bsd/rcp.c (main): Made rcp AFS aware.
3239 * lib/krb/kuserok.c (kuserok): Act as if luser@LOCALREALM is
3240 always an entry of .klogin.
3244 * appl/kx/rxtelnet.in: Start the `xterm' process correctly.
3246 * lib/des/rnd_keys.c (sumFile): consider the case that `res' is
3247 not longword-aligned.
3249 * lib/krb/get_host.c (parse_address): `getservbyname' should
3250 really get proto = NULL
3252 * lib/krb/send_to_kdc.c (krb_udp_port): removed
3253 (send_to_kdc): removed `addrlist'
3255 * lib/krb/send_to_kdc.c: Support not only UDP.
3257 * lib/krb/get_host.c (krb_get_admhst): Really ask for a admin host
3258 if that's what we want.
3262 * lib/krb/get_host.c: Simplified some code. Added stub-support for
3267 * appl/kx/rxtelnet.in, appl/kx/rxterm.in: PDC are unable to give
3268 correct instructions to their users and therefore we have to add
3269 strange directories to the PATH.
3271 * appl/kx/rxtelnet.in: Support sending arguments to telnet.
3273 * appl/kx/rxterm.in: rsh can reside in path or %bindir% support
3274 extra arguments to xterm (from <jas@pdc.kth.se>).
3276 * appl/kx/rxtelnet.in: Try to find some kind of terminal emulator
3279 * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Look for kx in $PATH and
3282 * appl/kx/common.c (get_xsockets): `mkdir' the correct directory.
3283 From <jas@pdc.kth.se>
3286 * lib/krb/send_to_kdc.c: Changes to allow other than udp port 750
3289 * lib/krb/get_host.c: rewrite of krb_get_{adm,krb}hst.
3293 * appl/ftp/ftpd/ftpd.c (retrieve): Got rid of `sprintf'.
3295 * configure.in: Fix order for x libs. From <jas@pdc.kth.se>.
3296 Check for `fcntl', `alloca', `winsock.h', and `io.h'.
3298 * lib/krb/krb_locl.h: Check for <io.h> and <winsock.h>
3300 * lib/krb/krb.h: Check for winsock.h
3302 * lib/krb/k_flock.c: Better test for `fcntl' with locking.
3304 * lib/krb/et_list.c: Hopefully correct pragma this time. From
3309 * lib/krb/klog.c (klog): Do not forget to print the text.
3311 * lib/krb/log.c (krb_log): Print space after time in log.
3315 * appl/kpopper/popper.h: Add field msg_id to hold Message-Id for
3318 * appl/kpopper/pop_dropinfo.c (pop_dropinfo): Support for UIDL
3319 command. Saves Message-Id to be used as unique id. Everything is
3322 * appl/kpopper/pop_get_command.c: Recognize UIDL command.
3324 * appl/kpopper/pop_uidl.c (pop_uidl): POP3 UIDL command
3327 * appl/kpopper/Makefile.in: New file pop_uidl.c.
3330 * configure.in: Made some of the tests into macros defined in
3333 * appl/telnet/libtelnet/kerberos.c: Given better error message
3334 when user is not authorized to login.
3336 * lib/roken/k_getpwuid.c, lib/roken/k_getpwnam.c: Call `endpwent'.
3337 If we are using a BSD-kind of system we should not leave the
3338 shadow password database open.
3340 * appl/xnlock/xnlock.c: Got rid of all `register' declarations.
3342 * appl/kx/rxterm.in, appl/kx/rxtelnet.in: Use `set --'
3346 * lib/roken/k_getpwnam.c, lib/roken_k_getpwuid.c: Call `endspent'
3347 to try to close the shadow password file.
3349 * appl/ftp/ftpd/ftpd.c (retrieve): Cut the argument to the command
3350 and the first character of the extension.
3352 * lib/krb/send_to_kdc.c: Sun doesn't have any strerror so we can't
3353 use that here. We are only printing debug messages anyway, so
3354 just print errno for now.
3356 * appl/kx/rxtelnet.in: Now using SIGUSR2.
3358 * appl/kx/kx.c: Now using SIGUSR1 to mean `exit when number of
3359 children goes down to zero'. SIGUSR2 is `exit when number of
3360 children is equal to zero'.
3362 * appl/xnlock/xnlock.c: More fixup of old code.
3364 * appl/ftp/ftpd/ftpd.c: Only call `filename_check' for guest
3367 * configure.in: Added tests for more header files. Also added
3368 more ifdefs when actually including those files.
3370 * appl/kx/Makefile.in: Do not build programs if we have no X11.
3374 * appl/xnlock/xnlock.c (main): Support for shadow passwords.
3376 * lib/roken/k_getpwuid.c: New file, better support for shadow
3380 * appl/telnet/Makefile.in: Use SET_MAKE
3383 * appl/ftp/ftpd/ftpcmd.y: Remove access to several commands for
3386 * lib/krb/get_krbhst.c: Look for kerberos-#.realm.
3388 * appl/ftp/ftpd/popen.c: Execute files from ~ftp if possible.
3390 * appl/ftp/ftpd/ftpd.c: Add find site command.
3392 * appl/ftp/ftpd/ftpd.c: Add special handling of nonexistant files
3393 with extensions {,.tar}{,.gz,Z}.
3397 * configure.in: Check for sys/times.h, sys/param.h, and
3400 * lib/des: autoconfed a little to make it compile.
3402 * lib/roken/roken.h: Add `max', `min', and definitions for broken
3405 * appl/bsd/bsd_locl.h: Removed SYSLOG-garbage and max.
3407 * appl/kx/kx.h: Remove prototype of childhandler.
3409 * appl/kx/common.c: Remove childhandler. Not common any more.
3411 * appl/kx/rxterm.in: Send SIGUSR1 to kx before starting xterm.
3413 * appl/kx/rxtelnet.in: Send USR1 to kx at appropriate moment.
3415 * appl/kx/kx.c: Die after receiving SIGUSR1 and when number of
3416 children goes to zero.
3418 * lib/roken/roken.h: Add STDERR_FILENO
3420 * lib/roken/mini_inetd.c (mini_inetd): Also dup onto stderr.
3422 * lib/kafs/Makefile.in (afslib.so): Change argument so they work
3423 with `ld' instead of `cc'
3425 * appl/kx/kxd.c: writeauth.c as separate file.
3427 * appl/kx/kx.c: `-d' option to disable forking.
3429 * appl/kx/Makefile.in: Compile and link writeauth.c if necessary.
3430 For some stupid reason $< does not work correctly in BSD make.
3431 Use $(srcdir) instead.
3433 * appl/ftp/ftp/ftp_locl.h: Only include <roken.h> once.
3435 * configure.in: Use strange X flags when looking for XauReadAuth.
3436 Add XauWriteAuth if we need to include it.
3440 * appl/sample: Sample programs work again.
3443 * appl/kx/kxd.c (main): use `mini_inetd'
3445 * appl/kx/kx.c: Use KX_PORT
3447 * appl/kx/kx.h: Remove SOMAXCONN and add KX_PORT
3449 * appl/kauth/kauthd.c (main): use `mini_inetd'
3451 * appl/ftp/ftpd/ftpd.c: Removed `conn_wait' and use `mini_inetd'
3454 * appl/bsd/bsd_locl.h: Prototypes for `get_shell_port' and
3457 * appl/bsd/rcmd_util.c: New file.
3459 * appl/bsd/Makefile.in: Added rcmd_util.c
3461 * appl/bsd/rcp.c: Moved `get_shell_port' to rcmd_util.c
3463 * appl/bsd/rsh.c: Moved `get_shell_port' to rcmd_util.c
3465 * appl/bsd/rlogind.c (main): Use `mini_inetd'
3467 * appl/bsd/rshd.c (main): Add support for interactive mode with
3470 * appl/telnet/telnetd/telnetd.c (main): use `mini_inetd'
3472 * lib/roken/roken.h: Added prototype for `mini_inetd', and
3473 fallback definitions for SOMAXCONN, STDIN_FILENO, and
3476 * lib/roken/Makefile.in: Added mini_inetd.o
3478 * lib/roken/mini_inetd.c: New file.
3482 * appl/kx/kxd.c (doit): read port number in ascii.
3484 * appl/kx/kx.c (doit): write port number in ascii.
3486 * appl/kauth/rkinit.c (doit_host): Check return value from
3489 * appl/kauth/kauthd.c (doit): Removed unnecessary sprintf's before
3492 * lib/krb/krb_get_in_tkt.c (krb_get_in_tkt): Return error code
3493 from `tf_create' and not always INTK_ERR.
3495 * lib/krb/tf_util.c (tf_create): Correct check for return value
3498 * lib/des/rnd_keys.c (des_rand_data): Try /dev/urandom as well.
3502 * appl/afsutil/pagsh.c (main): One-of error hopefully fixed this
3505 * configure.in: Add test for <sys/un.h>
3507 * kadmin/Makefile.in: Add back $(CRACKLIB)
3511 * appl/kx/Makefile.in: Create rxterm and rxtelnet at compile time.
3513 * kstring2key moved to appl/afsutil.
3517 * appl/kx/kx.c (main): For now always use passive mode. That's
3518 the only thing that has been tested and not a lot of people are
3519 going to use non-passive anyways.
3521 * appl/kx/kx.c (connect_host): write display_number in ascii.
3523 * appl/kx/kxd.c (doit): read display_number in ascii.
3525 * appl/kx/common.c (get_local_xsocket): Generate the
3526 /tmp/.X11-unix directory with the sticky bit set.
3528 * configure.in: Generate appl/kx/rxterm and appl/kx/rxtelnet.
3530 * appl/kx/Makefile.in: Install rxterm and rxtelnet.
3532 * appl/kx/rxterm.in, appl/kx/rxtelnet.in: New files.
3534 * appl/kx/common.c (get_local_xsocket): try to bind the socket
3535 instead of checking for existence with lstat.
3538 * appl/kx/kxd.c: Detect remote termination and cleanup on exit.
3542 * lib/des/rnd_keys.c: Hack for systems that lack setitimer (like
3546 * appl/kx/kxd.c (doit): Send over the display number and the
3547 authority file actually used to kx.
3549 (create_and_write_cookie): New function to generate and write into a
3550 file a local cookie used between this pseudo-server and the
3551 clients on this host.
3553 (start_session): New function to check and remove the local cookie
3554 before the data is sent over to `kx'.
3556 * appl/kx/kx.c (display_num, xauthfile): New variables. Now `kx'
3557 prints out the values of those two variables and then goes to the
3558 background to enable some script to set these on the other host.
3560 (start_session): New function that adds a local cookie before sending
3561 the rest of the connection to the local X-server.
3563 (main): Also recognize "unix" as a local DISPLAY.
3565 * appl/kx/kx.h: <X11/Xauth.h> used.
3566 (get_local_xsocket): Changed parameter.
3568 * appl/kx/common.c (get_local_xsocket): Now try to allocate the
3569 first free socket in /tmp/.X11-unix. Also `mkdir' this directory
3570 first. Return the number of the display opened.
3572 * appl/kx/Makefile.in: Added X libraries.
3574 * lib/des/des.h: Added prototype for `des_rand_data'.
3576 * lib/des/rnd_keys.c: Made `des_rand_data' non-static. This
3577 function is useful and now even used.
3581 * appl/bsd/login.c: Use k_afs_cell_of_file() to get tokens for the
3582 cell of the home catalog rather than the local cell.
3584 * lib/kafs/afssys.c: Add k_afs_cell_of_file.
3588 * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c:
3589 Removed all convex code.
3593 * appl/telnet/telnetd/termstat.c: UNICOS5: removed
3595 * appl/telnet/telnetd/telnetd.c, appl/telnet/telnetd/sys_term.c:
3596 NEWINIT, UNICOS7x, UNICOS5: removed
3598 STREAMSPTY: added variable `really_stream' Now able to handle the
3599 case where the OS supports stream ptys but we run out of them and
3600 start using ordinary BSD ones.
3602 * appl/telnet/telnetd/state.c: UNICOS5: removed
3604 * appl/telnet/telnetd/pathnames.h: BFTPPATH: removed
3606 * appl/telnet/telnetd/ext.h, appl/telnet/telnetd/global.c:
3607 BFTPDAEMON: removed.
3610 * appl/telnet/telnetd/ext.h: STREAMSPTY: added variable
3613 * lib/krb/stime.c (krb_stime): argument should be `time_t'.
3614 lib/krb/krb_locl.h: changed prototype.
3618 * configure.in: Also generate `appl/sample/Makefile'
3620 * appl/Makefile.in: Use @SET_MAKE@.
3623 * lib/krb/Makefile.in: Add krb_stime, krb_mk_auth, and
3626 * util/et/compile_et.c (main): Include <foo.h> in foo.c
3628 * slave/kprop.c: exit with return code == 1 to indicate failure.
3630 * server/kerberos.c (usage): Fixed usage string.
3632 * lib/krb/tkt_string.c (tkt_string): Removed bogus extern
3633 declaration of `getuid'.
3635 * lib/krb/tf_util.c (tf_save_cred): Removed bogus extern
3636 declaration of `lseek'.
3638 * lib/krb/stime.c (stime): Renamed to `krb_stime'
3640 * lib/krb/sendauth.c (krb_sendauth): reimplemented using
3641 `krb_mk_auth' and `krb_check_auth'.
3643 * lib/krb/send_to_kdc.c (send_recv): Removed stupid cast.
3645 * lib/krb/recvauth.c: Removed KRB_SENDAUTH_VERS
3647 * lib/krb/prot.h: create_auth_reply: correct prototype.
3648 krb_create_death_packet: ditto.
3649 KRB_SENDAUTH_VERS: moved here from sendauth.c and recvauth.c
3651 * lib/krb/month_sname.c: Made `month_sname' const.
3653 * lib/krb/mk_req.c: Remove stupid `register'
3655 * lib/krb/log.c (krb_log): Use `krb_stime'
3657 * lib/krb/kuserok.c (kuserok): Nightmare Filesystem might return
3658 ESTALE. Treat it the same way as ENOENT.
3660 * lib/krb/krb_locl.h: Added prototype for `krb_stime'
3662 * lib/krb/krb_check_auth.c: New file with `krb_check_auth',
3663 implemented for compatibility with CNS.
3664 lib/krb/krb_mk_auth.c: Ditto.
3666 * lib/krb/krb.h: Removed duplicate declarations of `get_request'
3667 and `krb_get_admhst'.
3668 Added declarations for `krb_mk_auth' and `krb_check_auth'.
3670 * lib/krb/kparse.h: removed prototype for `strsave'
3672 * lib/krb/kparse.c (fGetParameterSet): Use `strdup' instead of
3676 * lib/krb/kname_parse.c: Removed stupid `register' declarations.
3678 * lib/krb/klog.c (klog): Use `krb_stime'
3680 * lib/krb/get_phost.c: Handle the case where the name has no dots
3681 in it by just returning it as-is.
3683 * lib/knet/Imakefile, lib/knet/getkdata.c, lib/knet/phost.c,
3684 lib/knet/sendkdata.c: removed unused files.
3686 * lib/kadm/kadm_cli_wrap.c (kadm_init_link): use `k_getportbyname'
3688 * kadmin/ksrvutil_get.c (get_srvtab_ent): Erase the key if
3689 something goes wrong. Include realm in the message when writing a
3691 (parseinput): New function that removes quotes and backslashes
3693 (ksrvutil_get): Use `parseinput' to read input.
3695 * kadmin/ksrvutil.c (safe_read_stdin): Correct use of printf.
3696 Removed bogus casts and fflush of stdin.
3697 (main): Use `return' instead of `exit'.
3699 * kadmin/kpasswd.c (main): Use `return' instead of `exit'.
3701 * kadmin/admin_server.c: exit with return code == 1 to indicate
3704 * appl/sample/sample_server.c: Rewrote to use all new functions.
3706 * appl/sample/sample_client.c: Rewrote to use all new functions.
3708 * appl/sample/sample.h: new file.
3710 * appl/sample/Makefile.in: new file.
3712 * appl/movemail/pop.c (socket_connection): use `k_getportbyname'
3714 * appl/kpopper/pop_init.c: exit with return code == 1 to indicate
3717 * appl/kauth/kauth.c (doexec): new-style definition. ret should
3719 (main): new-style definition. Use `prog' instead of `argv[0]'
3721 * appl/ftp/ftp/extern.h: Removed unused `abortsend'
3723 * appl/ftp/Makefile.in: Use @SET_MAKE@
3725 * appl/bsd/rsh.c: get_shell_port: use `k_getportbyname'
3727 * appl/bsd/rlogin.c: get_login_port: use `k_getportbyname'
3729 * appl/bsd/kcmd.c: Removed bogus casts to `caddr_t'
3731 * admin/kstash.c: Removed bogus flushing of stderr. Replaced lots
3732 of `exit(-1)' by `return 1'
3734 * admin/kdb_util.c: Removed unused variable `aprinc'.
3735 Removed bogus flushing of stderr.
3736 Replaced lots of `exit(-1)' by `return 1'.
3738 * admin/kdb_edit.c, admin/kdb_init.c: use `return' instead of
3739 calling `exit' and use 1, not -1, for failure.
3741 * Makefile.in: Use @SET_MAKE@
3743 * aclocal.m4: AC_NEED_PROTO: need macro to determine if we need to
3744 define a prototype for a function.
3746 * configure.in: Reordered. Removed unused stuff. Start using
3749 * config.guess: merged in FSF version from 960908.
3753 * include/protos.H: Added optarg, opterr, optind, optopt and
3754 (fclose under Sunos 4). Removed these declarations from lots of
3757 * acconfig.h: Add undefs for h_errno, h_errlist, optarg, optind,
3760 * configure.in: Use `AC_NEED_DECLARATION' for h_errno, h_errlist,
3761 optarg, optind, opterr, and optopt.
3763 * aclocal.m4: New macro `AC_NEED_DECLARATION' to figure out if we
3764 need to have an external declaration of a variable.
3768 * lib/krb/krb.h: Removed unused `req_act_vno' and `k_log'.
3769 Changed all callers.
3771 * lib/krb/krb.h: Removed definition of `MAX_HSTNM'.
3773 * lib/krb/send_to_kdc.c: Removed use of `MAX_HSTNM'.
3775 * appl/afsutil/pagsh.c: Some reformatting and fixed the off-by-one
3780 * lib/krb/{send_to_kdc.c, getrealm.c}, appl/xnlock/xnlock.c,
3781 appl/kauthkauth.c, appl/bsd/{rshd.c,rlogind.c}: Removed '#if 0'-ed
3784 * lib/krb/get_in_tkt.c: Removed '#if 0'-ed code and now compiles
3787 * kadmin/ksrvutil.c: Now compiles with NOENCRYPTION.
3789 * appl/ftp/ftpd/ftpcmd.y: Throw away passwd after use.
3791 * appl/ftp/ftpd/ftpd.c: Fixed old comment.
3793 * slave/kpropd.c: s/sa_len/salen/ Irix has a #define for sa_len.
3795 * lib/kdb/krb_dbm.c: If key->dptr is not a `char *' we have to
3796 cast it before adding to it.
3798 * configure.in: Old test for `sa_len' in `struct sockaddr' fails
3799 on IRIX 6.2. Try to compile a program refering to that field
3800 instead of grepping for it in <sys/socket.h>.
3802 * appl/bsd/kcmd.c: Removed old and broken code.
3804 * configure.in: Check for `gethostname', `uname', and
3807 * lib/krb/k_gethostname.c: Try to use `uname' if we have no
3810 * appl/ftp/ftpd/klogin.c: Incorrect use of `gethostname' replaced
3811 by correct use of `k_gethostname'.
3814 * lib/roken/verify.c: Change name verify_unix_user ->
3815 unix_verify_user in analogy with krb_verify_user.
3819 * appl/xnlock/Makefile.in: Install man-page.
3821 * configure.in, */Makefile.in: Replace `-shared' with some other
3822 option when not using gcc.
3824 * lib/kafs/afssys.c: Do not start by checking if we have AFS in
3827 * appl/bsd/rlogin.c: More kludges to make it work with rlogin on
3828 linux: Do not select for an exceptional condition on `rem' after
3829 having received EINVAL.
3831 Also rewrote ifndef NOENCRYPTION stuff.
3833 * appl/bsd/rlogind.c: More kludges to make it work with rlogin on
3834 linux: Only send oob data just after having sent normal data to
3835 make sure we never send two consecutive bytes of oob data.
3837 Also rewrote ifndef NOENCRYPTION stuff.
3841 * lib/kafs/Makefile.in: Use `ld' instead of `cc' for linking
3842 afslib.so. Not everybody has cc.
3850 * appl/bsd/login.c: Clean-up. Made static a lot of functions and
3851 variables. Rewrote some function definitions to ANSI-style.
3853 * appl/bsd/sysv_environ.c: KRB4_MAILDIR may and may not contain a
3854 trailing slash. We need to be very careful to make sure the
3855 contents of $MAIL does not contain two, because RMAIL in emacs
3856 uses it and emacs is no friend with double slashing.
3859 * lib/kafs/afssys.c (k_afsklog_all_local_cells): Now should return
3868 * lib/roken/hstrerror.c: Check for h_errlist prototype.
3872 * lib/krb/send_to_kdc.c, etc/services.append, server/kerberos.c:
3873 Changed `kerberos' to `kerberos-iv' now that it has been
3874 registered with IANA.
3876 * man/rshd.8, man/rlogind.8: updated documentation of `-a'
3878 * lib/roken/roken.h: Added declaration of `h_errno'
3880 * kuser/Makefile.in: Link kdestroy with KRB_KAFS_LIB
3882 * appl/kauth/kauth.h: Stupid declarations for syslog.
3884 * appl/kauth/kauthd.c: syslog errors and success.
3886 * include/protos.H: Removed `h_errno', now in roken.h Declare
3887 `getusershell' under solaris.
3889 * configure.in, acconfig.h: Figure out if we have to declare
3892 * appl/ftp/ftp/kauth.c: Added support for afs_string_to_key.
3896 * lib/kafs/afssys.c: Look for AFS database servers in dns also.
3898 * lib/kafs/afssys.c: Add support for a ~/.TheseCells-file.
3902 * appl/bsd/rlogind.c: Removed unused `check_all' variable. Use
3905 * appl/bsd/rshd.c: Use `inaddr2str'.
3907 * appl/bsd/iruserok.c: Removed potential buffer overrun after
3910 * lib/roken/inet_aton.c: Some const-ness.
3912 * lib/roken/Makefile.in: Add `inaddr2str.o'.
3914 * appl/ftp/ftpd/ftpd.c: Use `inaddr2str'.
3916 * lib/roken/inaddr2str.c, lib/roken/roken.h: New function
3917 `inaddr2str' to convert an IP address into a verified hostname or
3918 a string of the form x.y.z.a
3920 * lib/krb/{krb_locl.h, krb.h, k_name_to_name.c, k_getsockinst.c,
3921 getrealm.c}: Some const-ness.
3923 * appl/bsd/bsd_locl.h: Removed another prototype for `crypt'.
3925 * appl/kpopper/popper.h: Some const-ness to get rid of a warning.
3927 * appl/bsd/rshd.c: Always check reverse mapping. Removed
3928 `local_domain' and `top_domain'. Added some const-ness.
3932 * include/Makefile.in: Removed VPATH. With it this makefile does
3935 * lib/krb/rw.c, lib/krb/krb_locl.h: Changed parameters to
3936 `krb_{get,put}'-functions to void *.
3938 * include/protos.H: Add `getusershell' in solaris.
3940 * appl/kauth/kauthd.c, appl/bsd/{rlogin.c,rlogind.c}: Less
3941 warnings because of arguments to `setsockopt'.
3943 * lib/roken/roken.h: Fixed prototype of `inet_aton'
3947 * lib/roken/verify.c: Use <crypt.h> if there is one.
3949 * lib/kafs/Makefile.in: AFS_EXTRA_LIBS is always called
3950 `afslib.so'. Otherwise some makes get upset when there is no such
3953 * appl/telnet/telnetd/telnetd.h: <protos.h> are needed to get
3954 prototype for `ptsname'.
3956 * appl/bsd/rlogind.c, appl/kpopper/pop_dropinfo.c,
3957 appl/telnet/libtelnet/{auth.h,enc_des.c,kerberos.c},
3958 appl/telnet/telnet/utilities.c, appl/telnet/telnetd/{sys_term.c,
3959 telnetd.h, kadmin/admin_server.c, kuser/klist.c,
3960 lib/kdb/{krb_cache.c, krb_dbm.c}, lib/krb/{fgetst.c, getst.c,
3961 log.c, tf_util.c}: Include type `int' on all definitions and
3962 remove unnecessary `register'.
3964 * appl/bsd/login_access.c: Fix parameter declaration to
3967 * appl/bsd/forkpty.c, include/protos.h: s/__sgi__/__sgi//g
3969 * admin/kdb_util.c: Use `errno' for error message instead of
3970 uninitialized variable.
3974 * appl/kauth/rkinit.c: Default port should be the same in kauth
3979 * configure.in: Added `AC_REVISION'
3981 * slave/kpropd.c: Cleaned up structure. Now returns useful value.
3983 * lib/roken/verify.c: Broken OSes need declartion of `crypt'.
3985 * lib/roken/roken.h: Added prototype for `verify_unix_user'.
3987 * lib/krb/lsb_addr_comp.h: Added prototype for `lsb_time'.
3989 * lib/krb/{get_admhst.c, get_default_principal.c, get_krbhst.c,
3990 get_krbrlm.c, getrealm.c, realm_parse.c} : Check for buffer
3991 overwrite correctly.
3993 * lib/krb/rw.c, lib/krb/krb_locl.h: Prepended `krb_' to `get_int',
3994 `put_int', `get_address', `put_address', `put_string',
3995 `get_string', `get_nir', and `put_nir'. Changed all callers.
3997 * lib/kdb/krb_db.h: Added prototype for `kerb_delete_principal'
3998 and `kerb_db_delete_principal'.
4000 * lib/kadm/kadm_cli_wrap.c: Removed unused variable.
4002 * appl/telnet/telnetd/telnetd.c: Changed bogus `strncpy' to
4005 * appl/bsd/su.c: Fixed error messages from execv.
4007 * appl/bsd/rlogin.c: Fixed potential buffer overrun when reading
4012 * appl/telnet/telnet/commands.c, appl/kauth/rkinit.c: Replaced
4013 `herror' by `hstrerror'.
4015 * appl/bsd/login.c: chmod the tty so that it is writable for group
4018 * configure.in: Use AC_FIND_IF_NOT_BROKEN for herror and
4021 * aclocal.m4: New macro `AC_FIND_IF_NOT_BROKEN'
4023 * config.guess: Add 686
4027 * lib/krb/getrealm.c: Fallback for `T_TXT'
4029 * configure.in: Look for `res_search' and `dn_expand' in
4034 * */Makefile.in: Add Id to those missing it.
4036 * configure.in: Small fix in comment.
4042 * appl/ftp/ftpd/ftpcmd.y: s/timeout/ftpd_timeout/
4044 * appl/kstring2key/kstring2key.c: `usage' changed to void.
4046 * lib/krb/mk_req.c: `build_request' changed to void.
4048 * appl/ftp/ftp/ftp_locl.h: Changed order of includes.
4050 * appl/bsd/login.c, appl/ftp/ftpd/*: s/timeout/login_timeout/
4052 * lib/kafs/afssysdefs.h: undef AFS_SYSCALL if we are defining it.
4056 * lib/kafs/afssys.c: AIX systems will now correctly (I hope)
4057 detect whether AFS is loaded or not. This is currently a bit
4058 kludgy, and involves loading an external shared library,
4059 afslib.so, which can be put in athena/lib or pointed to with
4060 environment variable AFSLIBPATH. This is only tested on AIX 4
4061 (due to lack of an AIX 3 system).
4064 * lib/krb/getrealm.c: Range-check the result from the DNS.
4066 * lib/krb/get_krbrlm.c: Try to use the DNS to find out which realm
4067 this host belongs to.
4069 * kadmin/ksrvutil_get.c: Fixed error message.
4072 * lib/kafs/*: Fix aix/afs brokenness.
4074 * lib/kadm/kadm_stream.c (stv_string): Range check.
4078 * appl/ftp/common/{ftp,ruserpass}.c: Less bogus domain name
4083 * lib/krb/mk_req.c: Use encrypt_ktext()
4085 * configure.in, lib/kafs/afssys.c: Add option to exclude AFS
4086 support (this is useful only on AIX systems that doesn't have
4089 * configure.in: Removed configuration from subdirectories.
4093 * appl/ftp/ftp/extern.h, appl/ftp/ftp/ftp.c: Substitute `struct
4094 fd_set' with `fd_set'.
4098 * Makefile.in: install should depend on all.
4102 * appl/bsd/su.c: Allow root to set the uid without entering a
4107 * lib/krb/getrealm.c: Add automatic dns realm search.
4111 * lib/krb/log.c (krb_log): Renamed k_log(...) to krb_log(...) for
4112 compatibility with CNS. There is still a #define k_log krb_log.
4114 * util/et/et_list.c: Hack to resolve _et_list in shared libraries.
4118 * appl/bsd/rlogin.c (reader): If after a select rlogin fails to
4119 read expected OOB data try to read ordinary data before continuing.
4121 * appl/bsd/rlogin.c (oob_real): SunOS5 tty race kludge.
4123 * appl/bsd/rlogind.c: Cleanup oobdata stuff.
4127 * appl/bsd/login.c (main): Also check for complete tty name with
4130 * lib/krb/check_time.c: New function `krb_check_tm'.
4132 * lib/roken/tm2time.c: New function `tm2time', mktime generalized
4133 to local timezone and UTC.
4135 * kadmin, admin: Use `tm2time' and `krb_check_time' instead of
4140 * lib/krb/mk_priv.c (krb_mk_priv): Send correct address.
4142 * appl/kauth/kauthd.c: Set ticket file to some sane default, and
4143 add -i debugging switch.
4147 * appl/xnlock, appl/kauth, appl/telnet/telnetd: Use BINDIR and not
4152 * appl/bsd/rlogin.c: consistent usage of oob_real.
4154 * appl/bsd/rlogind.c: Do not send oob garbage when running
4155 solaris? Seems that linux is unable to handle the duplicate
4156 urgent data that is the result.
4158 * appl/bsd/rlogind.c: Fix usage.
4160 * appl/bsd/kcmd.c: Don't F_SETOWN.
4164 * lib/krb/rw.c: Add get_address() and put_address().
4167 * appl/telnet/telnetd/telnetd.c: updated usage
4169 * appl/bsd/su.c: Replaced getpass by des_read_pw_string
4171 * appl/bsd/forkpty.c (ptym_open): Removed unused `ptr2'.
4173 * appl/bsd/rlogind.c: Removed unused functions and made others
4181 * appl/ftp/ftpd/ftpd.c: Don't just send data in plain when doing
4185 * configure.in: test for setresgid.
4187 * kadmin/ksrvutil_get.c: Fixed byte manipulations of keys.
4191 * lib/des/rnd_keys.c (des_rand_data): At least `srandom'.
4193 * appl/ftp/ftp/cmds.c: Support longer passwords when retrying
4196 * kadmin/admin_server.c, man/kadmind.8, kth-krb.texi: Reading key
4197 file from file is now the default. Use `-m' to enter it manually.
4198 `-n' is currently a no-op.
4200 * appl/ftp/ftpd/ftpd.c: Add S/Key support.
4202 * appl/ftp/ftpd/Makefile.in: Link with S/Key.
4204 * appl/ftp/configure.in: Test for S/key.
4206 * configure.in, aclocal.m4: Moved skey test
4209 * appl/bsd/login.c: Correct argument to `skeyaccess'.
4213 * lib/krb/verify_user.c: New parameter to specify service key
4214 instance, NULL means "rcmd".
4216 * lots of files: All ticket filenames uses `TKT_ROOT'.
4218 * appl/bsd/rlogind.c: Check for uid == 0 and user != "root".
4222 * appl/kpopper/pop_init.c(pop_init): Got rid of some old ifdef'ed
4225 * lib/kdb/krb_dbm.c: Add macro for `dbm_delete' for the people
4226 that are ndbm challenged.
4230 * lib/krb/kname_parse.c: Got rid of duplicate defintions.
4232 * appl/ftp/ftp/ruserpass.c: Get hostname even if user has no
4236 * lib/kadm, lib/kdb, kadmin: Add database delete operation.
4238 * lib/krb/kname_parse.c: Allow dots in instances.
4241 * appl/bsd/rlogind.c (logwtmp): Only define `logwtmp' if it does
4242 not exist. Log more garbage.
4246 * appl/telnet/configure.in: Check for `logwtmp'.
4248 * appl/ftp/configure.in: Use `AC_FUNC_MMAP'
4251 * appl/bsd/forkpty.c: Removed all ugly pty search stuff from
4254 * configure.in: Modified the creation of version.h, now actually
4255 shows up with ident.It is now also slightly more keen on creating
4260 * lib/roken/verify.c: <stdio.h> for NULL.
4262 * appl/xnlock/xnlock.c (leave): Call XCloseDisplay, otherwise
4263 screen saver changes are not updated before closing the X
4267 * appl/bsd/utmp_login.c: Remove tty-prefix from ut_id; this field
4268 is usually very short.
4272 * slave/kpropd.c: Add option -m to merge rather then load
4277 * admin/kdb_util.c: Add a merge operation. (One day it might be
4278 used to propagate only patches to the database)
4282 * appl/kpopper: Support both POP3 and KPOP3.
4284 * appl/xnlock/xnlock.c: Use `verify_unix_user'
4286 * lib/roken/verify.c: verify_unix_user: New function from xnlock
4287 for checking passwd in `/etc/passwd'.
4289 * appl/telnet/telnetd/sys_term.c: gettimeofday buglet
4292 * slave/kpropd.c: Rewrite of kpropd.
4294 * admin/kdb_util.c: Sanity check on input to load_db.
4296 * slave/kpropd.c: Use default value for fname.
4298 * slave/kprop.c: Use some sane default values for data_file and
4301 * admin/kdb_util.c: If there isn't any database when loading,
4302 create an empty one.
4306 * appl/telnet/telnetd/sys_term.c: Somewhat changed the way utmpx
4307 entries are created. It should now work on both Solaris and IRIX,
4308 without stale login information.
4312 * lib/krb/k_gethostname.c (k_gethostname): Fallback.
4314 * lib/krb/send_to_kdc.c (send_to_kdc),
4315 kadmin/kadm_ser_wrap.c (kadm_ser_init),
4316 slave/kprop.c (prop_to_slaves),
4317 slave/kpropd.c (main): Use `k_getportbyname'.
4321 * Lots of files: more #includes ifdefad and cleaned up.
4325 * Lots of files: Replaced bcopy/bzero/bcmp with
4326 memcpy/memset/memcmp.
4329 * lib/krb/get_default_principal.c: Use getlogin() if it is the BSD
4330 variant that actually gives some information.
4332 * lib/krb/create_ticket.c: Write correct address byteorder.
4334 * lib/kadm/kadm_stream.c,kadm_cli_wrap.c: Don't assume int32_t is
4337 * kadmin/kpasswd.c: Allow principal without -n.
4339 * kadmin/kadmin.c: Use krb_get_default_principal.
4341 * appl/ftp/ftpd/ftpd.c: Fix bare newline bug.
4343 * appl/bsd/rlogind.c: Add -i and -p options to start rlogind from
4344 command line (for debugging).
4346 * INSTALL: Rewritten.
4350 * appl/ftp/ftp/krb4.c: Handle different sizes of returned
4354 * appl/bsd/Makefile.in: Don't install login setuid.
4358 * appl/bsd/rsh.c: Don't run away yelling if someone calls you
4363 * lib/krb/kdc_reply.c: Remove unused function decrypt_tkt. Sanity
4364 check on decrypted ticket.
4368 * server/kerberos.c: Should work with the new libkrb
4370 * appl/kip: Support more than one tunnel device.
4373 * lib/krb/*.c: All functions that create or decode kerberos
4374 packets have been rewritten. Hopefully, everything still
4375 works. This is to eliminate problems with wierd systems, like
4376 Crays, that doesn't have any two or four byte integers. Some of
4377 these changes could be a lot more pretty, and *many* assumptions
4378 that sizeof(int32) == 4 still exist in the rest of the code,
4381 As a side effect, all packets sent are now in network byte order.
4385 * configure.in: Shared libraries for Irix
4388 * Several fixes for UNICOS.
4390 * appl/ftp/ftp/krb4.c: Allow default data protection level through
4391 a "prot level" in .netrc. This really should be done in a more
4396 * appl/xnlock/xnlock.c: Cleaned up user verification code. Now
4397 uses new function krb_verify_user. Also fixed a few problems with
4398 the password prompt box.
4400 * lib/krb/verify_user.c: New function krb_verify_user to verify a
4404 * appl/kip: New program for forwarding IP packets over kerberised
4405 connections using tunnel devices.
4407 * appl/kauth/kauth.c, kadmin/ksrvutil.c: Use
4408 krb_get_default_principal
4410 * appl/bsd/rlogind.c: Do not change portnumber to host order if
4411 using kerberos. This will cause the magic
4412 `reverse-time-if-port-is-less-than' to fail.
4414 * lib/des/GNUmakefile: Removed file. This file causes problem
4415 when building in the source directory and when using GNU make
4416 which prefers this file to the generated Makefile.
4418 * appl/bsd/login.c: More careful when handling returned value from
4423 * lib/krb/realm_parse.c: New function to expand a non-complete
4424 realm to its official name, e.g nada -> NADA.KTH.SE.
4426 * lib/krb/get_default_principal.c: New function to guess the
4427 default principal to use. Looks at any existing ticket file first,
4428 then at uid/logname etc.
4431 * kadmin/kadmin.c: Use kname_parse and allow different instances
4434 * lib/roken/k_getpwnam.c: New function k_getpwnam that should work
4435 with and without shadow passwords.
4437 * Lots of files: s/getpwnam/k_&/g.
4441 * lib/des/des_locl.h: DES library updated to version 3.23,
4442 des_locl.h now includes configure.h to get HAVE_TERMIOS etc.
4444 * lib/des/des.h: On the alpha define DES_LONG to unsigned int.
4447 * kuser/kinit.c: Handle passwords longer than 16 characters.
4449 * appl/xnlock/xnlock.c (GetPasswd): Handle longer passwords than
4457 * appl/ftp/ftpd/kauth.c: Klist command.
4460 * appl/ftp/ftpd: Removed `-g' from calls to ls.
4462 * appl/ftp/ftp/cmds.c (setpeer): Fix so that opening a second
4463 connection to a specified port works.
4465 * appl/telnet/telnet: Default is binary.
4467 * appl: Now build under Ultrix.
4469 * appl/kx: Now even builds on AIX.
4473 * lib/des: Now merged in libdes 3.21 on main branch.
4476 * appl/ftp/ftpd/logwtmp.c: Slightly different functionality. Works
4477 on systems that has more fields in struct utmp such as OSF/1.
4478 Still some questions about Solaris.
4480 * lib/krb/lsb_addr_comp.c: Now byteorder independent.
4483 * appl/kx: Rewrote kx & kxd to share more code. They are also now
4484 able to talk both ways.
4486 * lib/kdb/krb_dbm.c (kerb_db_rename): Now works properly when
4491 * lib/krb/get_krbrlm.c (krb_get_default_realm): New function for
4494 * When building shared libraries link libkrb with libdes to be
4495 compatible with SunOS5.
4497 * Move lib/krb/krb_err.et to lib/kadm since it is only used there,
4498 no longer need to link libkrb against libcom_err.
4502 * lib/krb/lsb_addr_comp.h: Renamed ugly lsb_addr_comp.
4504 * Some porting to UNICOS.
4508 * Moved some junk from appl/bsd to libroken.
4510 * lib/roken/Makefile.in (LIBNAME): Added header file roken.h for
4514 * Add kerberized ftp.
4520 * appl/kauth/kauth.c: When commands are given to kauth, a new
4521 ticket file is used.
4525 * appl/xnlock/xnlock.c: Fixed a potential overwrite bug. Also
4526 works with more than one screen, only fancy stuff on screen 0,
4531 * appl/bsd/login.c, su.c, rshd.c, rlogind.c: Syslog and abort when
4532 getpwnam returns uid == 0 but user is not root. This is usually
4533 the result of an attack on NIS (former YP).
4537 * kadmin/ksrvutil.c (get_key_from_password): Support for
4538 generating AFS keys. From <flag@it.kth.se>
4542 * appl/kx: New program for forwarding a X connection.
4546 * appl/bsd/rsh.c (get_shell_port): Default port number for ekshell
4547 changed from 2106 to 545.
4549 * appl/bsd/login.c (doremotelogin): Remove terminal speed from the
4550 value of $TERM in the case of an ancient rlogind being used.
4554 * lib/kafs/afssys.c (k_afsklog): Try to read from
4555 /usr/vice/etc/TheseCells for list of cells we should try to obtain
4558 * appl/kauth/kauth.c (renew): Use cell even when renewing.
4560 * appl/kauth/kauth.c, appl/xnlock/xnlock.c: Always call k_afsklog
4564 * lib/kafs/afssys.c: More thorough guessing of what realm a cell
4569 * appl/bsd/login.c: If setuid() failes and not logging in as root,
4574 * server/kerberos.c: Set name, inst, and realm to NULL in
4575 APPL_REQUEST, error replies tend to look a bit funny otherwise.
4579 * appl/bsd/iruserok.c (iruserok): Imported iruserok() FreeBSD.
4583 * lib/des/Makefile.in: Removed enc_read.c enc_writ.c.
4585 * appl/bsd/Makefile.in: New file with the old functions from
4589 * appl/bsd/utmp_login.c: Fixed (hopefully) double utmp-entries in
4590 Solaris. Only put entries in one of utmp/utmpx, since they both
4591 get updated by putut*ent() anyway.
4595 * kuser/klist.c (main): Use verbose option (-v) to list key
4603 * appl/bsd/rlogin.c (doit): Moved signal junk (as far as possible)
4607 * configure.in: Check for getmsg with AC_TRY_RUN instead.
4608 Otherwise it fails under AIx 3.2. Now rlogind works on this
4609 so-called OS. Also cache value of berkeley db check.
4612 * lib/kdb/krb_kdb_utils.c: New experimental masterkey generation,
4613 enabled with --enable-random-mkey. This makes kdb_init et al
4614 generate random master keys, based on random input from the
4615 user. This comes in a package with auto-kstash, and possibility to
4616 enter lost master keys as base64.
4618 Moved default master key file from /.k to
4619 /var/kerberos/master-key, override with --with-mkey=file.
4622 * kadmin/kadmin.c (do_init): Handle the `-t' option to kadmin,
4623 meaning do not get a new ticket file. (From CNS).
4627 * appl/xnlock/xnlock.c: Removed some dead code, and a few unused
4631 * kadmin/pw_check.c (kadm_pw_check): If kadm_pw_check()
4632 fails *pw_msg can't be 0! At the very least use the
4633 empty string but a descriptive error-message is preferred.
4635 * libtelnet: add nonbroken signal() function.
4639 * appl/kpopper/pop_pass.c (pop_pass): Use kuserok to determine if
4640 user is allowed to fetch mail.
4642 * appl/kpopper/*. Got rid of some ugly codes and some warnings.
4644 * appl/bsd/Makefile.in: signal.o was not included in OBJECTS,
4645 which made strange makes not doing what they should.
4647 * configure.in, appl/kpopper/popper.h, appl/bsd/pathnames.h: Now
4648 should work on systems that do not have mail spool files in
4649 /var/spool/mail. Looks for MAILDIR or _PATH_MAILDIR, usually from
4650 <paths.h> or <maillock.h>. Defaults to /var/spool/mail.
4654 * appl/bsd/bsd_locl.h: TIOCPKT for those systems missing it.
4658 * lib/kafs/kafs.h: Use <sys/ioctl.h> instead of <sys/ioccom.h>
4660 * appl/bsd/rshd.c (doit): Don't set environ, send it as an
4661 argument to execle instead.
4663 * lib/kafs/kafs.h: Find definition of _IOW.
4665 * configure.in: Check for random.
4667 * appl/bsd/bsd_locl.h: Including <crypt.h> gives too many conflicts.
4669 * appl/afsutil/pagsh.c: Check for random.
4673 * appl/bsd/bsd_locl.h, appl/telnet/telnetd/defs.h: Default values
4674 of `TIOCPKT_FLUSHWRITE' & c:o.
4676 * appl/telnet/telnet{,d}/Makefile.in (telnetd): Change order of
4677 linking in libraries.
4679 * configure.in: Check for interesting functions in libsocket and
4680 libnsl and not strange soriasis inventions.
4684 * appl/bsd/bsd_locl.h (fatal): Only use prototype or iruserok if
4685 the function does not exist.
4689 * lib/krb/krb_err_txt.c (krb_get_err_text): Changed name of
4690 krb_err_msg to krb_get_err_text(int) to be compatible with the CNS
4691 distribution. This function is used for instance by CVS-1.7.
4695 * configure.in, appl/Makefile.in: removed rkinit
4697 * etc/inetd.conf.changes, etc/services.append: Added kauth.
4699 * appl/kauth: Integrated rkinit into kauth.
4701 * appl/kauth/kauth.c (main): Only look for principal name if no -p
4704 * lots of files: prototypes and other small fixes.
4706 * appl/bsd/sysv_shadow.h: spwd multiple defined.
4708 * appl/bsd/bsd_locl.h: include <crypt.h>
4710 * configure.in: Added afsutil and rkinit.
4712 * */Makefile.in: Do cd $$i && $(MAKE). Otherwise, if cd fails you
4713 end up with an infinite recursion.
4715 * kuser/klist.c (display_tktfile): Another warning removed.
4719 * appl/bsd/forkpty.c (forkpty): Kludge for Ultrix, rlogind now
4720 works properly also under this system.
4723 * appl/afsutil: New aklog and pagsh
4726 * lib/krb/krb_equiv.c (krb_equiv): Fix bugs with '\\'.
4728 * lib/des/rnd_keys.c: Include <sys/time.h>.
4732 * appl/kauth/kauth.c (main): Handle name when given after options.
4736 * appl/rkinit/rkinit.c (getalladdrs): Check for herror. Solaris
4737 apparently does not have any.
4738 (main): Use memset instead of bzero.
4740 * appl/rkinit/rkinitd.c (decrypt_remote_tkt): bcopy -> memcpy.
4742 * kuser/kinit.c (main): Corrected lifetime.
4744 * lib/krb/krb_equiv.c (krb_equiv): Now handles longer lines,
4745 continuation lines and addresses of the form 193.10.156.0/24.
4748 * kuser/Makefile.in (kdestroy): Link kdestroy with libkafs.
4752 * Replaced all occurencies of krb_err_txt[] with new function
4753 krb_err_msg(), that does some sanity checks before indexing
4758 * appl/telnet/telnetd: Added flags -z to have telnetd log
4759 unauthenticated logins, such as when using an old telnet
4760 client. Unfortunately in most of these cases, the user name is not
4763 There should also be a way to tell the difference between bad
4764 authentication (such as with expired tickets) and no attempt to
4765 provide authentication (such as with an old client).
4769 * kuser/kdestroy.c: Remove afs-tokens as well as tickets, -t flags
4770 added to prevent this.
4774 * appl/rkinit/rkinitd.c (doit): Use k_getsockinst to make it work
4775 correctly for multi-homed hosts.
4777 * appl/rkinit: New program with rkinit functionality.
4779 * lib/krb/k_getport.c: Function for finding port in /etc/services
4782 * lib/krb/netread.c,netwrite.c (krb_net_{read,write}): Now correct
4783 prototype with void * and size_t.
4787 * kadmin/new_pwd.c (get_pw_new_pwd): Moved get_pw_new_pwd to
4788 seperate file. Now called both from kadmin and kpasswd.
4790 * kadmin/pw_check.c (kadm_pw_check): Handle the case of no
4791 password provided. This is really a policy decision. The server
4792 should be able to say `use a client that sends the password'.
4794 * appl/bsd/rlogind.c (local_domain): MAXHOSTNAMELEN -> MaxHostNameLen.
4798 * appl/bsd/rcp.c (answer_auth): Made rcp multihome aware.
4800 * appl/bsd/rlogind.c (do_krb_login): Made rlogind multihome aware.
4802 * appl/bsd/rshd.c (doit): Made rshd multihome aware.
4804 * lib/krb/k_getsockinst.c (k_getsockinst): New function to figure
4805 out the instance name of interfaces on multihomed hosts. Use this
4806 function when making daemons multihome aware.
4808 * appl/telnet/libtelnet/kerberos.c (kerberos4_is): Made telnetd
4817 * lots of files: hacks to make it all compile.
4819 * configure.in, appl/telnet/configure.in: More broken AIX.
4822 * appl/bsd/bsd_locl.h: Fix for old syslogs (as in Ultrix).
4825 * appl/telnet/libtelnet/encrypt.c: encrypt_verbose by default.
4828 * appl/telnet/libtelnet/kerberos.c: Show difference between
4829 MUTUAL and ONE_WAY KERBEROS4.
4831 * appl/telnet/libtelnet/encrypt.c:
4832 Print message about not encrypting when receiving WONT or DONT encrypt.
4835 * configure.in: Automatic check for HAVE_NEW_DB.
4838 * lib/krb/getaddrs.c (k_get_all_addrs): Fixed for systems with
4839 SOCKADDR_HAS_SA_LEN, aka 4.4BSD-based.
4841 * appl/telnet/telnetd/global.c: Removed some multiple defined
4844 * appl/bsd/rlogind.c (cleanup): ifndef HAVE_VHANGUP.
4846 * appl/bsd/sysv_shadow.h: Add DAY and DAY_NOW ifndef.
4848 * configure.in: Check if `struct sockaddr' has `sa_len'.
4852 * appl/telnet/telnetd/telnetd.c (recv_ayt): pty -> ourpty.
4854 * appl/bsd/bsd_locl.h: More include-files: <sys/uio.h> and <userpw.h>
4856 * appl/kpopper/popper.c (catchSIGHUP): Got rid of some warnings.
4858 * lib/krb/log.c (new_log): Yet another year 2000.
4860 * appl/bsd/sysv_environ.c (read_etc_environment): Support setting
4861 environment variables from /etc/environment.
4863 * appl/bsd/bsd_locl.h: <usersec.h>
4865 * configure.in: check for setpcred, libs.a and <usersec.h>.
4867 * appl/bsd/login.c (main): setpcred is used on AIX.
4869 * appl/bsd/rshd.c (doit): Added setpcred for AIX.
4871 * lib/krb/getaddrs.c: <sys/sockio.h> is sometimes needed.
4873 * admin/kdb_init.c (main): Now verifies master key.
4875 * lib/kdb/krb_kdb_utils.c (kdb_get_master_key): Added possibility
4876 of asking for verfication.
4878 * appl/bsd/bsd_locl.h: Try to include <sys/stream.h>
4880 * appl/telnet/telnetd/utility.c (printsub): Mismatch arguments.
4882 * lib/krb/send_to_kdc.c (send_to_kdc): Send to all A records and
4883 accept an answer from anything we have sent to.
4885 * appl/kauth/kauth.c (renew): Use strange return types for strange
4887 (doexec): Remove tokens.
4889 * server/kerberos.c (main): Uses k_get_all_addrs and binds to each
4892 * kadmin/ksrvutil_get.c (ksrvutil_get): Added support for
4893 specifying key to create on command line to get.
4897 * lib/krb/log.c (k_log): Now using YYYY for years.
4899 * lib/krb/klog.c (klog): Preparing for the year 2000.
4901 * kuser/kinit.c (main): Added option -p to get changepw-tickets.
4903 * lib/krb/getaddrs.c: New file to get all the addresses of all the
4904 interfaces on this machine.
4908 * configure.in: Support for S/Key in login.c. Use --with-skeylib
4909 switch to configure. The code assumes that the skeylib.a comes
4912 * General support for shadow password files if there is an
4915 * appl/bsd/su.c: Arrange so that it supports shadow passords.
4919 * appl/telnet/*: Hacks to make it work on strange OSes.
4921 * appl/bsd/bsd_locl.h: Check for sys/ptyvar.h
4923 * appl/telnet/configure.in (telnet_msg): sys/str_tty.h, sys/uio.h
4925 * configure.in: test for crypt.h and sys/ptyvar.h
4927 * appl/telnet/telnetd/*.c: pty -> ourpty.
4930 * telnetd: Changes to make more systems work better, specifically
4931 AIX 4. Hopefully this will work on both STREAM and BSD
4932 systems. Not tested on some systems, like CRAY and Linux.
4935 * util/ss/mk_cmds.c: Generating cleaner code.
4937 * lib/krb/krb_err_txt.c (krb_err_txt): Clarification.
4939 * kadmin/admin_server.c: Less varnings.
4941 * appl/xnlock/xnlock.c: Changed some types and added some casts.
4943 * appl/movemail/movemail.c: Not using syswait.h anymore.
4945 * appl/xnlock/xnlock.c: God rid of some warnings.
4947 * util/ss/*.[ch]: cleanup
4949 * util/et/*.[ch]: cleanup
4951 * appl/bsd/rcp.c: Less warnings.
4953 * kadmin/admin_server.c (kadm_listen): Get rid of another warning.
4955 * kadmin/pw_check.c (kadm_pw_check): Support for letting cracklib
4956 check the quality of the password.
4958 * kadmin/pw_check.h (kadm_pw_check): New argument to
4959 kadm_pw_check: list of useful strings to check for.
4961 * kadmin/kadm_server.c (kadm_ser_cpw): Send a few `useful' strings
4962 to kadm_pw_check (name, instance, and realm).
4964 * kadmin/Makefile.in (kadmind): Linking with -lcrack.
4966 * configure.in: Support for --with-cracklib and --with-dictpath.
4968 * kadmin/ksrvutil_get.c: Now seems to be working.
4970 * kadmin/ksrvutil.h: Some new parameters.
4972 * kadmin/ksrvutil.c: Some reorganisation and uses a working
4975 * appl/movemail/movemail.c: Some more include-files.
4977 * appl/bsd/rlogind.c: Testing for the existence of vhangup.
4981 * configure.in: Massaged the configure files so that we can build
4982 under NEXTSTEP 3.3. Some kludges to prevent cpp bugs and link
4983 errors where also neccessary.
4987 * appl/xnlock/xnlock.c (main): Improved user feedback on password
4990 * appl/xnlock/xnlock.c: Applied patch made by flag@it.kth.se that
4991 enables C-u to erase the password field.
4993 * lib/krb/lifetime.c: configure now creates a version string which
4994 is referenced here. Use what and grep version to figure out where,
4995 when and by whom binaries where created.
4997 * appl/bsd/forkpty.c (ptys_open): Call revoke before pty slave is
4998 opened. Add revoke using vhangup for those system lacking revoke.
4999 Also call vhangup when rlogind exits.
5003 * lib/krb/send_to_kdc.c (send_to_kdc): Removed kludge for SunOS
5004 3.2 and Ultrix 2.2 that prevented multihomed kerberos servers to
5007 * kadmin/kadmin.c (change_key): Add new subcommand change_key so
5008 that it is possible to enter keys in the DB on binary form. Most
5009 usefull for sites running AFS.
5013 * appl/bsd/su.c (koktologin): New option -i root-instance. If you
5014 want a user.afs ticket in a root shell and user.afs is on root's
5015 ACL then do a "su -i afs".
5017 * Makefile.in: Rearrange the order of object files to make shared
5018 libraries slightly more efficient.
5020 * appl/kauth/kauth.c (main): Always up case realm. Better error
5021 messages on failed exec.
5025 * appl/bsd/rshd.c (main): New option -P to prevent rshd from using
5026 a new PAG. Expert use only!
5028 * appl/bsd/rlogind.c (doit): Avoid race when setting tty size.
5030 * appl/bsd/rlogin.c (reader): Use select rather than horrible
5031 signal hacks to handle OOB data.
5033 * appl/bsd/login.c (main) sysv_environ.c (sysv_newenv): Login does
5034 now honor the -p switch when invoked by root. This is used by
5035 telnetd to export environment variables.
5039 * appl/bsd/signal.c (signal): New BSD compatible signal
5040 function. Most r* applications assume reliable signals.
5043 * appl/bsd/login.c (main): Check HAVE_ULIMIT.
5045 * appl/bsd/bsd_locl.h: Include sys/ioctl.h.
5047 * configure.in: Check for ulimit.
5049 * admin/kdb_edit.c: Flush stdout after printing prompts.
5051 * appl/kpopper/pop_xmit.c: Remember to include config.h.
5055 * appl/bsd/login.c (main): New function stty_default to setup
5056 default tty settings.
5060 * appl/kstring2key/kstring2key.c (main): New program that converts
5061 passwords to DES keys, either using des_string_to_key or
5064 * server/kerberos.c: Kerberos server now listen on 2 ports,
5065 kerberos/udp and kerberos-sec/udp.
5069 * appl/bsd/rcp.c (main): Integrated -x option to rcp. This
5070 required some real horrible hacks in lib/des/enc_{read,write}.c
5072 * acconfig.h: Enabled MULTIHOMED_KADMIN in acconfig.h.
5074 * Add RCSID stuff to telnet files.
5078 * appl/bsd/login.c (main): The login program does now by default
5079 read /etc/default/login, even on non Psoriasis systems. Unifdef
5080 SYSV4, this was essentially only for prompting.
5084 * appl/kpopper/popper.c (main): Integrate default timeout of 120
5085 seconds from Qualcomm popper. Timeout is also set able with -T
5089 * lib/kadm/kadm_cli_wrap.c (kadm_change_pw_plain): If there's no
5090 password, don't even send the empty string.
5094 * lots of files: all debug messages now printed to stderr (from
5097 * lib/krb/tf_util.c (tf_create): New method for creating a new
5098 ticket file. Remove the old old and then open with O_CREAT and
5101 * server/kerberos.c, slave/kpropd.c: Some casts to get rid of warnings.
5103 * configure.in: Added checks for unistd.h, memmove and const.
5105 * appl/telnet/telnet/commands.c: Changed types of functions to
5106 confirm with struct Command.
5108 * appl/telnet/configure.in: Check for setpgid.
5110 * appl/bsd/rlogin.c: Get rid of another warning.
5112 * appl/bsd/bsd_locl.h, appl/telnet/acconfig.h: New synonym for
5117 * (movemail): Now from emacs-19.30. If you have a newish emacs
5118 there is no reason to use this movemail.
5120 * (kadm): Added support for server side password checks. Hopefully
5121 this is compatible with kerberos 4.10. Old kpasswd:s will give
5122 funny error messages. For examples of checks, see
5123 kadmin/pw_check.c. Since this is mostly political matters,
5124 kadm_pw_check() should probably return KADM_SUCCESS by default.
5128 * appl/telnet/telnetd/telnetd.c (main): Kludge to fix encryption
5129 problem with Mac NCSA telnet 2.6.
5132 * lib/krb/stime.c: Now using YYYY for years. (2000 is soon here).
5134 * appl/bsd/rsh.c, rcp.c, rlogin.c: Fixed fallback for port number
5135 (added missing ntohs).
5139 * (many files): More ANSI/ISO 9899-1990 to the people!
5140 Now actually builds (not including util) with DEC "cc -std1" and
5141 Sun "acc -Xc". There are still major prototype conflicts, but
5142 there isn't much to do about this.
5146 * lib/kadm/kadm_cli_wrap.c: Fallback for kerberos and
5147 kerberos_master services.
5151 * Released version 0.5
5154 * lib/des/read_pwd.c: Redifine TIOCGETP and TIOCSETP so that the
5155 same code is used both for posix termios and others.
5157 * rsh, rlogin: Add environment variable RSTAR_NO_WARN which when
5158 set to "yes" make warnings about "rlogin: warning, using standard
5159 rlogin: remote host doesn't support Kerberos." go away.
5163 * admin/kdb_util.c (load_db) lib/kdb/krb_dbm.c (kerb_db_update):
5164 Optimized so that it can handle large databases, previously a
5165 10000 entry DB would take *many* minutes, this can now be done in
5170 * Changes in server/kerberos.c, kadmin/*.c slave/*.c to support 64
5171 bit machines. Source should now be free of 64 bit assumptions.
5173 * admin/copykey.c (copy_from_key): New functions for copying to
5174 and from keys. Neccessary to solve som problems with longs on 64
5175 bit machines in kdb_init, kdb_edit, kdb_util and ext_srvtab.
5177 * lib/kdb/krb_kdb_utils.c (kdb_verify_master_key): More problems
5178 with longs on 64 bit machines.
5182 * appl/bsd/login.c (main): Lots of stuff to support Psoriasis
5183 login. Courtesy of gertz@lysator.liu.se.
5185 * configure.in, all Makefile.in's: Support for Linux shared
5186 libraries. Courtesy of svedja@lysator.liu.se.
5188 * lib/krb/cr_err_reply.c server/kerberos.c: Moved int req_act_vno
5189 = KRB_PROT_VERSION; from server kode to libkrb where it really
5192 * appl/bsd/forkpty.c (forkpty): New function that allocates master
5193 and slave ptys in a portable way. Used by rlogind.
5195 * appl/telnet/telnetd/sys_term.c (start_login): Under SunOS5 the
5196 same utmpx slot got used by sevral sessions. Courtesy of
5197 gertz@lysator.liu.se.
5201 * util/{ss, et}/Makefile.in (LEX): Use flex or lex. Courtesy of
5202 svedja@lysator.liu.se.
5204 * Fix the above Makefiles to work around bugs in Solaris and OSF/1
5205 make rules that was triggered by VPATH functionality in the yacc
5210 * appl/kpopper/pop_log.c (pop_log) appl/kpopper/pop_msg.c (pop_msg):
5211 Use stdarg instead of varargs. The code is still broken though,
5212 you'll realize that on a machine with 64 bit pointers and 32 bit
5213 int:s and no vsprintf, let's hope there will be no such beasts ;-).
5215 * appl/telnet/telnetd/sys_term.c (getptyslave): Not all systems
5216 have (or need) modules ttcompat and pckt so don't flag it as a
5217 fatal error if they don't exist.
5221 * kadmin/admin_server.c (kadm_listen) kadmind/kadm_ser_wrap.c
5222 (kadm_listen): Add kludge for kadmind running on a multihomed
5223 server. #ifdef:ed under MULTIHOMED_KADMIN. Change in acconfig.h
5224 if you need this feature.
5226 * appl/Makefile.in (SUBDIRS): Add applications movemail kpopper
5231 * appl/bsd/rlogin.c (main): New rlogind.c, forkpty() is not
5232 implemented yet though.
5236 * appl/xnlock/Makefile.in: Some stubs for X11 programs in
5237 configure.in as well as a kerberized version of xnlock.
5239 * appl/bsd/{rlogin.c, rsh.c, rcp.c}: Add code to support fallback
5240 port numbers if they can not be found using getservbyname.
5244 * appl/bsd/klogin.c (klogin): Use differnet ticket files for each
5245 login so that a malicous user won't be able to destroy our tickets
5246 with a failed login attempt.
5248 * lib/kafs/afssys.c (k_afsklog): First we try afs.cell@REALM, if
5249 there is no such thing try afs@CELL instead. There is now two
5250 arguments to k_afslog(char *cell, char *realm).
5254 * kadmin/admin_server.c (kadm_listen): If we are multihomed we
5255 need to figure out which local address that is used this time
5256 since it is used in "direction" comparison.
5260 * kadmin/kadm_ser_wrap.c (kadm_ser_init): Fallback to use default
5263 * lib/krb/send_to_kdc.c (send_to_kdc): Default port number
5264 (KRB_PORT) was not in network byte order.
5268 * lib/krb/send_to_kdc.c (send_recv): Linux clears timeout struct
5274 * appl/bsd/rcp.c, appl/bsd/rlogin.c, appl/bsd/rsh.c:
5275 Now does fallback if there isn't any entries in /etc/services for
5276 klogin/kshell. This also made the code a bit more pretty.
5279 * appl/bsd/login.c: Added support for lots of more struct utmp fields.
5280 If there is no ttyslot() use setutent and friends.
5282 * appl/bsd/Makefile.in, appl/bsd/rlogind.c, appl/bsd/rshd.c:
5283 Added extern iruserok().
5285 * appl/bsd/iruserok.c: Initial revision
5287 * appl/bsd/bsd_locl.h: Must include sys/filio.h on Psoriasis.
5289 * appl/bsd/Makefile.in: New install
5291 * appl/bsd/pathnames.h: Fix default path, rsh and rlogin.
5293 * appl/bsd/rshd.c: Extend default PATH with bindir to find rcp.
5296 * appl/bsd/login.c (login): If there is no ttyslot use setutent
5297 and friends. Added support for lots of more struct utmp fields.
5299 * server/kerberos.c (main) lib/kafs/afssys.c appl/bsd/bsd_locl.h:
5300 Must include sys/filio.h on Psoriasis to find _IOW and FIO* macros.
5302 * appl/bsd/rlogind.c (doit): Use _PATH_DEFPATH rather than
5305 * appl/bsd/login.c, su.c (main): Use fallback to bourne shell if
5308 * appl/bsd/su.c (main): Update usage message to reflect that '-'
5309 option must come after the ordinary options and before login-id.
5313 * appl/telnet/telnetd/telnetd.c (doit): If remote host name is to
5314 long to fit into utmp try to remove domain part if it does match
5317 (main): Add new option -L /bin/login so that it is possible to
5318 specify an alternate login program.
5320 * appl/telnet/telnet/commands.c (env_init): When exporting
5321 variable DISPLAY and if hostname is not the full name, try to get
5322 the full name from DNS.
5324 * appl/telnet/telnet/main.c (main): Option -k realm was broken due
5325 to a bogous external declaration.
5329 * kadmin/kadmin.c (add_new_key): Kadmin now properly sets
5330 lifetime, expiration date and attributes in add_new_key command.
5334 * appl/bsd/su.c (main): Don't handle '-' option with getopt.
5336 * appl/telnet/telnet/externs.h: Removed protection for multiple
5337 inclusions of termio(s).h since it broke definition of termio
5338 macro on POSIX systems.
5342 * lib/krb/lifetime.c (krb_life_to_time): If you want to disable
5343 AFS compatible long lifetimes set krb_no_long_lifetimes = 1.
5345 Please note that the long lifetimes are 100% compatible up to
5346 10h so this should rarely be necessary.
5348 * lib/krb/krb_equiv.c (krb_equiv): If you don't want to use
5349 ipaddress protection of tickets set krb_ignore_ip_address. This
5350 makes it possible for an intruder to steal a ticket and then use
5351 it from som other machine anywhere on the net.
5355 * kadmin/kadm_ser_wrap.c (kadm_ser_init): Don't bind to only one
5356 local address. Accept request on all interfaces.
5358 * admin/kdb_edit.c (change_principal): Don't accept illegal
5359 dates. Courtesy of gertz@lysator.liu.se.
5363 * configure.in: AIX specific libraries needed when using standard
5364 libc routine getttyent, IBM should be ashamed!
5366 * lib/krb/recvauth.c (krb_recvauth): Long that should be int32_t
5369 * Added strdup for su and rlogin.
5371 * Fix for old syslog macros in appl/bsd/bsd_locl.
5375 * lib/kdb/krb_dbm.c (kerb_db_rename) admin/kdb_destroy.c: New
5376 ifdef HAVE_NEW_DB for new databases residing in one file only.
5378 * appl/bsd/rlogin.c (oob): Add workaround for Linux.
5382 * appl/bsd/getpass.c: New routine that reads up to 127 char
5383 passwords. Used in su.c and login.c.
5387 * appl/telnet/telnetd/sys_term.c (login_tty): Ioctl TIOCSCTTY
5388 should not be used on HP-UX.
5392 * appl/bsd/rlogin.c (main): Added dummy rlogind that tells user to
5397 * lib/krb/ krb.h, decomp_ticket.c, getrealm.c, get_krbhst.c,
5398 get_krbrlm.c, get_admhst.c:
5400 Use multiple configuration directories for krb.conf and
5401 krb.realms, KRB_CONF and KRB_REALM_TRANS macros substituted with
5402 KRB_CNF_FILES and KRB_RLM_FILES. Currently /etc and
5403 /etc/kerberosIV are searched. Directory specified by envioronment
5404 variable KRBCONFDIR is searched first if set. No hardcoded
5405 realmname or kerberos server. Instead use domainname for deafult
5406 realm and kerberos.domain as kerberos server if they are not
5407 listed in krb.conf and/or krb.realms. In the normal case there
5408 should be no need for configuration files if administrators add a
5409 CNAME pointing to the kerberos server.
5411 * appl/bsd/Makefile.in and friends: GNU make should no longer be
5412 neccessary unless building with VPATH.
5416 * appl/bsd/klogin.c (klogin): Old ticket file need to be removed
5417 before we call krb_get_pw_in_tkt or we might get a Kerberos intkt
5418 error because the wrong user owns the file.
5422 * configure.in : Telnet.beta2 is now official and has been moved
5425 * appl/bsd/su.c (main): Reenable -K flag, won't work if not
5426 PASSWD_FALLBACK is enabled. Cosmetics for Password prompt.
5430 * appl/bsd/su.c (kerberos): Don't allow su from possibly bogous
5431 kerberos server. Controlled by #ifdef KLOGIN_PARANOID.
5433 * lib/kafs/afssys.c (SIGSYS_handler): Need to reinstall handler on
5438 * lib/kafs/afssys.c (k_afsklog): Use default realm on null argument.
5440 * appl/bsd/rlogin.c, login.c: New programs.
5444 * appl/bsd/kcmd.c rsh.c rlogin.c: Use POSIX signals.
5446 * appl/telnet.95.05.31.NE/telnetd/sys_term.c, telnetd.c: Port to
5451 * admin/kdb_init.c (main): Use new random generator. Dito in
5452 admin/kdb_edit.c. Use master key to initialize random sequence.
5456 * kadmin/kadmin.c (get_password): Fix for random passwords.
5457 Dito for admin/kdb_edit.c
5459 * appl/kauth/kauth.c (main): Updated for krb distribution, now
5460 uses new library libkafs.
5462 * appl/telnet.beta/telnet/main.c (main): New telnet with
5463 encryption hacks from ftp.funet.fi:/pub/unix/security/esrasrc-1.0.
5464 Encryption does not currently work though.
5468 * New library to support AFS. Routines:
5474 int k_pioctl(char *, int, struct ViceIoctl *, int);
5476 Modified it to support more than one single entry point AFS
5477 syscalls (needed by HPUX and OSF/1 when running DFS). Don't rely
5478 on transarc headers or library code.
5480 This has not been tested and will most probably need some
5481 serious violence to get working under AIX. (AIX has since been
5486 * lib/krb/krb_equiv.c (krb_equiv): Compare IP adresses using
5487 krb_equiv() to allow for hosts with more than one address in files
5488 rd_priv.c rd_req.c and rd_safe.c.
5490 * slave/kpropd.c (main): Fix uninitialized variables and rewind
5495 * appl/bsd/rcp.c (allocbuf): Fix various bugs.
5497 * slave/kpropd.c (main): Responder uses
5498 KPROP_SERVICE_NAME.`hostname' and requestor always uses
5499 KPROP_SERVICE_NAME.KRB_MASTER, i.e rcmd.kerberos in kprop/kpropd
5504 * appl/bsd/rshd.c (doit): Encryption should now work both ways.
5508 * appl/bsd/pathnames.h: Fixup paths.
5510 * server/Makefile.in and friends (install): Install daemons in in
5511 libexec and administrator programs in sbin.
5514 * Makefile.in: Joda (d91-jda) added install target
5518 * lib/krb/k_strerror.c: New function k_strerror() to use instead
5519 of the non portable sys_errlist[].