1 2001-06-05 Ezra Peisach <epeisach@mit.edu>
3 * authorization.c, heuristic.c, krb_auth_su.c, main.c, setenv.c:
4 Cleanup assignments in conditionals.
6 2001-04-03 Tom Yu <tlyu@mit.edu>
8 * setenv.c: Add conditionals for compilation of setenv, unsetenv,
9 and getenv such that they only get compiled if they don't already
10 exist. [pullup from krb5-1-2-2-branch]
12 2000-10-17 Ezra Peisach <epeisach@mit.edu>
14 * krb_auth_su.c (krb5_get_tkt_via_passwd): Argument to
15 krb5_read_password now takes an unsigned int.
17 2000-10-03 Ezra Peisach <epeisach@mit.edu>
19 * ccache.c, heuristic.c, main.c: Return of krb5_cc_get_name() is
22 2000-05-22 Tom Yu <tlyu@mit.edu>
24 * Makefile.in (OBJS): Put @SETENVOBJ@ on same line as xmalloc.o to
25 avoid trailing backslash on the end of the variable.
27 2000-05-15 Ken Raeburn <raeburn@mit.edu>
29 * ccache.c (krb5_ccache_copy): Modify conditionalized code block
30 slightly to make automatic indentation work better.
32 * main.c (main): Complain and quit if prog_name is longer than 50
35 2000-04-26 Ken Raeburn <raeburn@mit.edu>
36 Nalin Dahyabhai <nalin@redhat.com>
38 * main.c (DEBUG): Don't define.
39 (usage): Remove -C option from description.
40 (sweep_up): Deleted second argument; all callers changed.
41 (main): Support -D option only if DEBUG is defined. Initialize
42 ruid on entry. Set effective uid to ruid before processing
43 argument list. Removed -C option from -z/-Z conflict messages.
44 Report errors trying to stat source ccache using com_err. Verify
45 that getpwuid's returned data for source user has correct uid.
46 Eliminate use_source_cache variable.
48 * ksu.M: Updates for removal of -C option.
50 2000-01-27 Ken Raeburn <raeburn@mit.edu>
52 * main.c (print_status): Now static. Add format attribute if
55 1999-12-02 Ken Raeburn <raeburn@mit.edu>
57 * krb_auth_su.c (krb5_get_tkt_via_passwd): Check length of
58 principal name before copying to fixed-size buffer.
60 * ccache.c (krb5_ccache_filter): Fix speling error.
61 (krb5_get_login_princ): Check length of home directory pathname.
63 * setenv.c: New file, copied from appl/bsd.
64 * Makefile.in (OBJS): Add @SETENVOBJ@.
67 * xmalloc.c: New file, providing versions of malloc, calloc,
68 realloc, and strdup that print messages and exit if memory
70 * ksu.h (xmalloc, xrealloc, xcalloc, xstrdup): Declare.
71 * Makefile.in (SRCS, OBJS): Use it.
72 * authorization.c, ccache.c, heuristic.c, main.c: Change all calls
73 to malloc, calloc, realloc, and strdup to call x* versions if the
74 return value is not checked before use.
76 * authorization.c (auth_cleanup): Ditch int arguments, check for
77 null pointers instead.
78 (krb5_authorization): Update calls. Initialize file pointers to
80 (init_auth_names): Check for buffer overflow.
81 (fcmd_resolve): Ensure enough buffer space is allocated.
82 (find_first_cmd_that_exists): Likewise. Use strcat instead of
83 sprintf'ing a buffer into itself.
85 * krb_auth_su.c (dump_principal, plain_dump_principal): Reformat
88 * main.c (cc_source_tag, cc_source_tag_tmp): Now point to const.
89 (main): Unset environment variable KRB5_CONFIG. Delete -C
90 option. Force an error if lifetime strings are over 14
91 characters. Fix error message string if setluid fails. Cast pid
92 to long for printing. Call krb5_init_secure_context instead of
93 krb5_init_context and krb5_secure_config_files.
94 (main): Fix speling error.
95 (ontty): Check string size.
96 (get_dir_of_file): Argument now points to const.
97 * ksu.h (get_dir_of_file): Update declaration.
99 1999-10-26 Wilfredo Sanchez <tritan@mit.edu>
101 * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
102 LOCAL_INCLUDES such that one can override CFLAGS from the command
103 line without losing CPP search patchs and defines. Some associated
106 1999-08-23 Ken Raeburn <raeburn@mit.edu>
108 * heuristic.c (find_ticket): Use flag KRB5_TC_SUPPORTED_KTYPES
109 when calling krb5_cc_retrieve_cred.
110 * krb_auth_su.c (krb5_auth_check, krb5_fast_auth): Ditto.
112 Fri Mar 12 18:52:18 1999 Tom Yu <tlyu@mit.edu>
114 * main.c (main): Fix cleanup code for setluid() failure.
116 Thu Mar 4 18:46:55 1999 Tom Yu <tlyu@mit.edu>
118 * heuristic.c (get_authorized_princ_names): Fix to not call
119 list_union() if cmd is NULL, otherwise freed memory gets
120 referenced. [krb5-clients/698]
122 Thu Feb 18 22:26:30 1999 Tom Yu <tlyu@mit.edu>
124 * Makefile.in (ksu): Add $(KSU_LIBS) in case we need -lsecurity.
126 * main.c (main): Add call to setluid() on systems that have it.
128 1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
130 * Makefile.in: Set the myfulldir and mydir variables (which are
131 relative to buildtop and thisconfigdir, respectively.)
133 1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
135 * main.c (main): POSIX states that getopt returns -1 when it
136 is done parsing options, not EOF.
138 Wed Feb 18 15:44:15 1998 Tom Yu <tlyu@mit.edu>
140 * Makefile.in: Remove trailing slash from thisconfigdir. Fix up
141 BUILDTOP for new conventions.
143 Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
145 * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
147 Wed Feb 4 20:46:49 1998 Tom Yu <tlyu@mit.edu>
149 * krb_auth_su.c (krb5_verify_tkt_def): If using a pre-existing
150 credential cache, ensure that the host ticket has not yet
151 expired. Patch from vwelch@ncsa.uiuc.edu [krb5-clients/545].
153 Mon Jan 27 16:56:07 1997 Tom Yu <tlyu@mit.edu>
156 * configure.in: Update to new program build procedure.
158 Sun Nov 10 20:10:53 1996 Sam Hartman <hartmans@mit.edu>
160 * krb_auth_su.c (path_passwd;): If you don't have a srvtab, always
163 Thu Nov 7 15:41:19 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
165 * main.c (main): Check the error return from
166 krb5_init_context(), and print an error message if
169 Wed Sep 18 15:54:41 1996 Theodore Y. Ts'o <tytso@mit.edu>
171 * krb_auth_su.c (krb5_get_tkt_via_passwd): Remove call to
172 krb5_os_localaddr(), since get_in_tkt will default correctly.
174 Tue Sep 10 14:15:02 1996 Tom Yu <tlyu@mit.edu>
176 * ksu.M: remove ".so man1/header.doc"
178 Thu Aug 8 12:31:30 1996 Sam Hartman <hartmans@mit.edu>
180 * main.c (main): Close source cache before executing command.
182 Sat May 25 16:11:55 1996 Sam Hartman <hartmans@mit.edu>
184 * configure.in: Use aname db libs.
186 Tue May 21 19:14:27 1996 Sam Hartman <hartmans@mit.edu>
188 * Makefile.in (install): Ignore error return from installation of
189 ksu; if we can't set the setuid bit (AFS or non-root), we should
192 Mon May 20 00:07:16 1996 Sam Hartman <hartmans@tertius.mit.edu>
194 * main.c (main): Do not force source cache open if we are going to use it as the target.
196 Sun May 19 13:41:21 1996 Sam Hartman <hartmans@mit.edu>
198 * main.c: Force source ccache to stay open between transactions.
200 Sun May 19 03:24:26 1996 Sam Hartman <hartmans@tertius.mit.edu>
202 * krb_auth_su.c: Use target uid while creating ccache
204 * ccache.c: Set uid to target before creating target cache.
206 * ksu.h: Add target_uid to copy_ccache and copy_ccache_restricted
208 Sat May 18 16:39:15 1996 Sam Hartman <hartmans@tertius.mit.edu>
210 * configure.in: Use libkrb5util to get krb5_seteuid
212 * heuristic.c (get_best_princ_for_target): Remove seteuid around stat call and insert call to krb5_seteuid before accessing .k5login or .k5users.
214 * main.c (main): Insert appropriate calls to krb5_seteuid so that
215 files are accessed as appropriate. Also, remove code to copy
216 tickets obtained while running ksu overthe source cache; this is
217 not appropriate because it changes the ownership of the source
220 Mon May 13 06:50:12 1996 Richard Basch <basch@lehman.com>
222 * authorization.c: users in the .k5login were not permitted to use
223 the '-e command' flag; the man page does not indicate this should fail.
224 All users in .k5login, and those in .k5users (for the specified cmd)
225 are now allowed to execute commands.
226 Also, a lot of indentation cleanup was done.
228 * configure.in heuristic.c:
229 Before getting the best principal from the ccache, reset the euid;
230 we don't want to use someone else's ccache.
231 Also, a lot of indentation cleanup was done.
233 Wed Apr 10 20:24:49 1996 Richard Basch <basch@lehman.com>
235 * main.c, krb_auth_su.c: Mostly cosmetic cleanup of output
236 statements. Also, rather than computing the default host key,
237 let the library routine do it.
239 Sun Mar 31 16:48:29 1996 Chris Provenzano <proven@cygnus.com>
241 * main.c (main): Handle suspend/fg properly.
243 Fri Mar 29 23:35:53 1996 Chris Provenzano <proven@cygnus.com>
245 * ccache.c main.c: Remove krb5_ccache_refresh(). All this functionality
246 is is done in the krb5_ccache_copy(), and the way refresh() was
247 implemented it was generating a new ccache owner by root (ksu is suid)
248 over the old ccache, thereby making it possible that programs
249 accessing the ccache during this time would fail.
251 Wed Mar 13 17:45:11 1996 Ken Raeburn <raeburn@cygnus.com>
253 * configure.in: Use AC_HEADER_STDARG.
255 Wed Nov 8 17:54:11 1995 Theodore Y. Ts'o <tytso@dcl>
257 * ccache.c (krb5_check_exp): Change use of krb5_clockskew to be
260 Mon Oct 9 23:14:33 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
262 * main.c (main): Handle case when ticket cache name does not
265 Thu Oct 5 11:23:21 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
267 * ksu.M: Document authorization changes.
269 * ksu.1: Remove as was out of date.
271 * Makefile.in (DEFINES): Remove LOCAL_REALM definition.
273 * ksu.h: Remove local_realm from krb5_authorization.
275 * authorization.c (krb5_authorization): Remove old copied code
276 that is in krb5 library and is out of date. Use the
277 configurable aname to localname methods.
279 * main.c (main): Add krb5_secure_config_files so that users cannot
280 override system config files.
283 Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
285 * krb_auth_su.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
287 Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
289 * krb_auth_su.c : Remove krb5_enctype references, and replace with
290 krb5_keytype where appropriate.
292 Mon Aug 21 16:53:40 EDT 1995 Paul Park (pjpark@mit.edu)
293 * ksu.h - Change lifetime types to krb5_deltat.
294 * main.c - Use string_to_deltat() to parse lifetimes. Fix gcc -Wall.
295 * krb_auth_su.c - Fix gcc -Wall. Remove krb5_parse_lifetime() and
296 convtime(). No longer needed.
297 * ccache.c - Remove English-specific months and let timestamp_to_
298 sfstring() handle it. Fix gcc -Wall.
299 * configure.in - Add -lkadm.
301 Sat Jul 29 04:41:07 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU>
303 * configure.in: Don't link with -lkadm.
305 Tue Jul 11 11:10:13 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
307 * main.c (main): Remove extraneous argument to call to
308 krb5_parse_lifetime. Add context argument to call to
309 plain_dump_principal.
311 * authorization.c, heuristic.c, krb_auth_su.c: Add prototypes
312 for static functions. Add missing arguments to
315 * ccache.c: Remove prototype declaration of function now defined
318 * ksu.h: Add full prototypes for all functions in program.
320 Fri Jul 7 15:55:14 EDT 1995 Paul Park (pjpark@mit.edu)
321 * Makefile.in - Remove explicit library handling and LDFLAGS.
322 * configure.in - Add USE_KADM_LIBRARY and KRB5_LIBRARIES.
324 Thu Jul 6 17:30:49 1995 Tom Yu <tlyu@lothlorien.MIT.EDU>
326 * krb_auth_su.c (krb5_get_tkt_via_passwd): Pass context to
329 Tue Jun 20 14:32:46 1995 Tom Yu (tlyu@dragons-lair)
331 * main.c: HAS_GETUSERSHELL -> HAVE_GETUSERSHELL
333 * configure.in: add test for getusershell()
335 Thu Jun 15 17:46:22 EDT 1995 Paul Park (pjpark@mit.edu)
336 * Makefile.in - Change explicit library names to -l<lib> form, and
337 change target link line to use $(LD) and associated flags.
338 * configure.in - Add shared library usage check.
340 Fri Jun 9 18:37:43 1995 <tytso@rsx-11.mit.edu>
342 * configure.in: Remove standardized set of autoconf macros, which
343 are now handled by CONFIG_RULES.
345 Tue May 9 15:52:15 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
347 * krb_auth_su.c (krb5_auth_check): Add missing context
350 * ccache.c (krb5_get_nonexp_tkts): Add missing context
353 * heuristic.c (get_best_princ_for_target): Missing context cuased
355 (get_best_princ_for_target): Missing contexts in call to
357 (find_either_ticket): Missing context in call of find_ticket
358 (get_best_princ_for_target): Add missing context
360 Thu Mar 16 20:50:32 1995 John Gilmore (gnu at toad.com)
362 * configure.in: Replace CHECK_STDARG with AC_CHECK_HEADERS.
363 * main.c (print_status): Use HAVE_STDARG_H to control whether to
364 declare with ", ..."; not STDARG_PROTOTYPES.
365 * ksu.h: Don't include <stdarg.h> or <varargs.h>, since they
366 are already included by "com_err.h".
368 Thu Mar 2 12:32:17 1995 Theodore Y. Ts'o <tytso@dcl>
370 * Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
372 Wed Mar 1 16:28:36 1995 Theodore Y. Ts'o <tytso@dcl>
374 * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket
375 and -lnsl with WITH_NETLIB check.
377 Tue Feb 28 02:11:21 1995 John Gilmore (gnu at toad.com)
379 * ksu.h: Avoid <krb5/...> and <com_err.h> includes.
381 Fri Feb 17 18:10:04 1995 Chris Provenzano (proven@mit.edu)
383 * krb_auth_su.c krb5_auth_check()) Call krb5_get_cred_from_kdc()
384 with new calling convention.
386 Mon Feb 06 17:19:04 1995 Chris Provenzano (proven@mit.edu)
388 * krb_auth_su.c Removed krb5_keytype, changed krb5_enctype to
389 krb5_enctype *, changed krb5_preauthtype to krb5_preauthtype *
390 for krb5_get_in_tkt_with_password() rotuine.
392 Sat Jan 28 14:45:55 1995 Chris Provenzano (proven@mit.edu)
394 * krb_auth_su.c (krb5_verify_tkt_def()) use new API for
397 Wed Jan 18 12:21:30 1995 <tytso@rsx-11.mit.edu>
399 * main.c (main): If gethostbyname returns an error, exit after
400 printing an error message.
402 Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
404 * Added krb5_context to all krb5_routines
406 Mon Oct 3 19:15:28 1994 Theodore Y. Ts'o (tytso@dcl)
408 * Makefile.in: Use $(srcdir) to find manual page for make install.
410 Fri Sep 30 22:14:41 1994 Theodore Y. Ts'o (tytso@dcl)
412 * krb_auth_su.c: Add magic number placeholder to structures.
414 Tue Aug 9 20:29:47 1994 Tom Yu (tlyu@dragons-lair)
416 * *.c: "upgrade" to C Classic :-)
418 Tue Aug 9 00:11:07 1994 Mark Eichin (eichin@cygnus.com)
420 * main.c: define MAXHOSTNAMELEN if it isn't there already
421 (print_status): use varargs form as well
422 * configure.in: check for stdarg.h
424 Thu Aug 4 03:38:03 1994 Tom Yu (tlyu@dragons-lair)
426 * Makefile.in: make install fixes
428 Mon Jul 25 01:23:36 1994 Tom Yu (tlyu@dragons-lair)
430 * configure.in: check for ndbm/dbm
432 Thu Jul 21 01:01:20 1994 Tom Yu (tlyu at dragons-lair)
435 * configure.in: attempt to autoconf
437 Sat Jul 16 03:02:17 1994 Tom Yu (tlyu at dragons-lair)
439 * ksu.c: frob error codes
441 Fri Jul 15 23:45:34 1994 Theodore Y. Ts'o (tytso at tsx-11)
443 * ksu.c (get_dir_of_file): Change to use POSIX getcwd() function.