* authorization.c, heuristic.c, krb_auth_su.c, main.c, setenv.c:

[krb5.git] / src / clients / ksu / ChangeLog

2001-06-05  Ezra Peisach  <epeisach@mit.edu>

        * authorization.c, heuristic.c, krb_auth_su.c, main.c, setenv.c:
        Cleanup assignments in conditionals.

2001-04-03  Tom Yu  <tlyu@mit.edu>

        * setenv.c: Add conditionals for compilation of setenv, unsetenv,
        and getenv such that they only get compiled if they don't already
        exist. [pullup from krb5-1-2-2-branch]

2000-10-17  Ezra Peisach  <epeisach@mit.edu>

        * krb_auth_su.c (krb5_get_tkt_via_passwd): Argument to
        krb5_read_password now takes an unsigned int.

2000-10-03  Ezra Peisach  <epeisach@mit.edu>

        * ccache.c, heuristic.c, main.c: Return of krb5_cc_get_name() is
        const char *.

2000-05-22  Tom Yu  <tlyu@mit.edu>

        * Makefile.in (OBJS): Put @SETENVOBJ@ on same line as xmalloc.o to
        avoid trailing backslash on the end of the variable.

2000-05-15  Ken Raeburn  <raeburn@mit.edu>

        * ccache.c (krb5_ccache_copy): Modify conditionalized code block
        slightly to make automatic indentation work better.

        * main.c (main): Complain and quit if prog_name is longer than 50
        characters.

2000-04-26  Ken Raeburn  <raeburn@mit.edu>
            Nalin Dahyabhai  <nalin@redhat.com>

        * main.c (DEBUG): Don't define.
        (usage): Remove -C option from description.
        (sweep_up): Deleted second argument; all callers changed.
        (main): Support -D option only if DEBUG is defined.  Initialize
        ruid on entry.  Set effective uid to ruid before processing
        argument list.  Removed -C option from -z/-Z conflict messages.
        Report errors trying to stat source ccache using com_err.  Verify
        that getpwuid's returned data for source user has correct uid.
        Eliminate use_source_cache variable.

        * ksu.M: Updates for removal of -C option.

2000-01-27  Ken Raeburn  <raeburn@mit.edu>

        * main.c (print_status): Now static.  Add format attribute if
        using GNU C.

1999-12-02  Ken Raeburn  <raeburn@mit.edu>

        * krb_auth_su.c (krb5_get_tkt_via_passwd): Check length of
        principal name before copying to fixed-size buffer.

        * ccache.c (krb5_ccache_filter): Fix speling error.
        (krb5_get_login_princ): Check length of home directory pathname.

        * setenv.c: New file, copied from appl/bsd.
        * Makefile.in (OBJS): Add @SETENVOBJ@.
        (SRCS): Add setenv.c.

        * xmalloc.c: New file, providing versions of malloc, calloc,
        realloc, and strdup that print messages and exit if memory
        allocation fails.
        * ksu.h (xmalloc, xrealloc, xcalloc, xstrdup): Declare.
        * Makefile.in (SRCS, OBJS): Use it.
        * authorization.c, ccache.c, heuristic.c, main.c: Change all calls
        to malloc, calloc, realloc, and strdup to call x* versions if the
        return value is not checked before use.

        * authorization.c (auth_cleanup): Ditch int arguments, check for
        null pointers instead.
        (krb5_authorization): Update calls.  Initialize file pointers to
        null.
        (init_auth_names): Check for buffer overflow.
        (fcmd_resolve): Ensure enough buffer space is allocated.
        (find_first_cmd_that_exists): Likewise.  Use strcat instead of
        sprintf'ing a buffer into itself.

        * krb_auth_su.c (dump_principal, plain_dump_principal): Reformat
        slightly.

        * main.c (cc_source_tag, cc_source_tag_tmp): Now point to const.
        (main): Unset environment variable KRB5_CONFIG.  Delete -C
        option.  Force an error if lifetime strings are over 14
        characters.  Fix error message string if setluid fails.  Cast pid
        to long for printing.  Call krb5_init_secure_context instead of
        krb5_init_context and krb5_secure_config_files.
        (main): Fix speling error.
        (ontty): Check string size.
        (get_dir_of_file): Argument now points to const.
        * ksu.h (get_dir_of_file): Update declaration.

1999-10-26  Wilfredo Sanchez  <tritan@mit.edu>

        * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
        LOCAL_INCLUDES such that one can override CFLAGS from the command
        line without losing CPP search patchs and defines. Some associated
        Makefile cleanup.

1999-08-23  Ken Raeburn  <raeburn@mit.edu>

        * heuristic.c (find_ticket): Use flag KRB5_TC_SUPPORTED_KTYPES
        when calling krb5_cc_retrieve_cred.
        * krb_auth_su.c (krb5_auth_check, krb5_fast_auth): Ditto.

Fri Mar 12 18:52:18 1999  Tom Yu  <tlyu@mit.edu>

        * main.c (main): Fix cleanup code for setluid() failure.

Thu Mar  4 18:46:55 1999  Tom Yu  <tlyu@mit.edu>

        * heuristic.c (get_authorized_princ_names): Fix to not call
        list_union() if cmd is NULL, otherwise freed memory gets
        referenced. [krb5-clients/698]

Thu Feb 18 22:26:30 1999  Tom Yu  <tlyu@mit.edu>

        * Makefile.in (ksu): Add $(KSU_LIBS) in case we need -lsecurity.

        * main.c (main): Add call to setluid() on systems that have it.

1998-11-13  Theodore Ts'o  <tytso@rsts-11.mit.edu>

        * Makefile.in: Set the myfulldir and mydir variables (which are
                relative to buildtop and thisconfigdir, respectively.)

1998-05-06  Theodore Ts'o  <tytso@rsts-11.mit.edu>

        * main.c (main): POSIX states that getopt returns -1 when it
                is done parsing options, not EOF.

Wed Feb 18 15:44:15 1998  Tom Yu  <tlyu@mit.edu>

        * Makefile.in: Remove trailing slash from thisconfigdir.  Fix up
        BUILDTOP for new conventions.

Mon Feb  2 17:02:29 1998  Theodore Ts'o  <tytso@rsts-11.mit.edu>

        * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile

Wed Feb  4 20:46:49 1998  Tom Yu  <tlyu@mit.edu>

        * krb_auth_su.c (krb5_verify_tkt_def): If using a pre-existing
        credential cache, ensure that the host ticket has not yet
        expired.  Patch from vwelch@ncsa.uiuc.edu [krb5-clients/545].

Mon Jan 27 16:56:07 1997  Tom Yu  <tlyu@mit.edu>

        * Makefile.in:
        * configure.in: Update to new program build procedure.

Sun Nov 10 20:10:53 1996  Sam Hartman  <hartmans@mit.edu>

        * krb_auth_su.c (path_passwd;): If you don't have a srvtab, always
        fail.

Thu Nov  7 15:41:19 1996  Theodore Ts'o  <tytso@rsts-11.mit.edu>

        * main.c (main): Check the error return from
                krb5_init_context(), and print an error message if
                necessary.

Wed Sep 18 15:54:41 1996  Theodore Y. Ts'o  <tytso@mit.edu>

        * krb_auth_su.c (krb5_get_tkt_via_passwd): Remove call to
                krb5_os_localaddr(), since get_in_tkt will default correctly.

Tue Sep 10 14:15:02 1996  Tom Yu  <tlyu@mit.edu>

        * ksu.M: remove ".so man1/header.doc"

Thu Aug  8 12:31:30 1996  Sam Hartman  <hartmans@mit.edu>

        * main.c (main): Close source cache before executing command.

Sat May 25 16:11:55 1996  Sam Hartman  <hartmans@mit.edu>

        * configure.in: Use aname db libs.

Tue May 21 19:14:27 1996  Sam Hartman  <hartmans@mit.edu>

        * Makefile.in (install): Ignore error return from installation of
        ksu; if we can't set the setuid bit (AFS or non-root), we should
        still continue.

Mon May 20 00:07:16 1996  Sam Hartman  <hartmans@tertius.mit.edu>

        * main.c (main):  Do not force source cache open if we are going to use it as the target.

Sun May 19 13:41:21 1996  Sam Hartman  <hartmans@mit.edu>

        * main.c: Force source ccache to stay open between transactions.

Sun May 19 03:24:26 1996  Sam Hartman  <hartmans@tertius.mit.edu>

        * krb_auth_su.c: Use target uid while creating ccache

        * ccache.c: Set uid to target before creating target cache.

        * ksu.h: Add target_uid to copy_ccache and copy_ccache_restricted

Sat May 18 16:39:15 1996  Sam Hartman  <hartmans@tertius.mit.edu>

        * configure.in: Use libkrb5util to get krb5_seteuid

        * heuristic.c (get_best_princ_for_target): Remove seteuid around stat call and insert call to krb5_seteuid before accessing .k5login or .k5users.

        * main.c (main): Insert appropriate calls to krb5_seteuid so that
        files are accessed as appropriate.  Also, remove code to copy
        tickets obtained while running ksu overthe source cache; this is
        not appropriate because it changes the ownership of the source
        cache.

Mon May 13 06:50:12 1996  Richard Basch  <basch@lehman.com>

        * authorization.c: users in the .k5login were not permitted to use
        the '-e command' flag; the man page does not indicate this should fail.
        All users in .k5login, and those in .k5users (for the specified cmd)
        are now allowed to execute commands.
        Also, a lot of indentation cleanup was done.

        * configure.in heuristic.c:
        Before getting the best principal from the ccache, reset the euid;
        we don't want to use someone else's ccache.
        Also, a lot of indentation cleanup was done.

Wed Apr 10 20:24:49 1996  Richard Basch  <basch@lehman.com>

        * main.c, krb_auth_su.c: Mostly cosmetic cleanup of output
        statements.  Also, rather than computing the default host key,
        let the library routine do it.

Sun Mar 31 16:48:29 1996  Chris Provenzano  <proven@cygnus.com>

        * main.c (main): Handle suspend/fg properly.

Fri Mar 29 23:35:53 1996  Chris Provenzano  <proven@cygnus.com>

        * ccache.c main.c: Remove krb5_ccache_refresh(). All this functionality
        is is done in the krb5_ccache_copy(), and the way refresh() was
        implemented it was generating a new ccache owner by root (ksu is suid)
        over the old ccache, thereby making it possible that programs 
        accessing the ccache during this time would fail.

Wed Mar 13 17:45:11 1996  Ken Raeburn  <raeburn@cygnus.com>

        * configure.in: Use AC_HEADER_STDARG.

Wed Nov  8 17:54:11 1995  Theodore Y. Ts'o  <tytso@dcl>

        * ccache.c (krb5_check_exp): Change use of krb5_clockskew to be
                context->clockskew.

Mon Oct  9 23:14:33 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>

        * main.c (main): Handle case when ticket cache name does not
                include ':'

Thu Oct  5 11:23:21 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>

        * ksu.M: Document authorization changes.

        * ksu.1: Remove as was out of date.

        * Makefile.in (DEFINES): Remove LOCAL_REALM definition.

        * ksu.h: Remove local_realm from krb5_authorization.

        * authorization.c (krb5_authorization): Remove old copied code
                that is in krb5 library and is out of date. Use the
                configurable aname to localname methods.

        * main.c (main): Add krb5_secure_config_files so that users cannot
                override system config files.
        

Wed Sep 06 14:20:57 1995   Chris Provenzano (proven@mit.edu)

        * krb_auth_su.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g

Tue Sep 05 22:10:34 1995   Chris Provenzano (proven@mit.edu)

        * krb_auth_su.c : Remove krb5_enctype references, and replace with
                krb5_keytype where appropriate.

Mon Aug 21 16:53:40 EDT 1995    Paul Park       (pjpark@mit.edu)
        * ksu.h - Change lifetime types to krb5_deltat.
        * main.c - Use string_to_deltat() to parse lifetimes.  Fix gcc -Wall.
        * krb_auth_su.c - Fix gcc -Wall.  Remove krb5_parse_lifetime() and
                convtime().  No longer needed.
        * ccache.c - Remove English-specific months and let timestamp_to_
                sfstring() handle it.  Fix gcc -Wall.
        * configure.in - Add -lkadm.

Sat Jul 29 04:41:07 1995  Tom Yu  <tlyu@dragons-lair.MIT.EDU>

        * configure.in: Don't link with -lkadm.

Tue Jul 11 11:10:13 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>

        * main.c (main): Remove extraneous argument to call to
                krb5_parse_lifetime. Add context argument to call to
                plain_dump_principal. 

        * authorization.c, heuristic.c, krb_auth_su.c: Add prototypes
                for static functions. Add missing arguments to
                _dbm_an_to_ln call. 

        * ccache.c: Remove prototype declaration of function now defined
                in ksu.h

        * ksu.h: Add full prototypes for all functions in program.

Fri Jul 7 15:55:14 EDT 1995     Paul Park       (pjpark@mit.edu)
        * Makefile.in - Remove explicit library handling and LDFLAGS.
        * configure.in - Add USE_KADM_LIBRARY and KRB5_LIBRARIES.

Thu Jul  6 17:30:49 1995  Tom Yu  <tlyu@lothlorien.MIT.EDU>

        * krb_auth_su.c (krb5_get_tkt_via_passwd): Pass context to
                os_localaddr.

Tue Jun 20 14:32:46 1995  Tom Yu  (tlyu@dragons-lair)

        * main.c: HAS_GETUSERSHELL -> HAVE_GETUSERSHELL

        * configure.in: add test for getusershell()

Thu Jun 15 17:46:22 EDT 1995    Paul Park       (pjpark@mit.edu)
        * Makefile.in - Change explicit library names to -l<lib> form, and
                change target link line to use $(LD) and associated flags.
        * configure.in - Add shared library usage check.

Fri Jun  9 18:37:43 1995    <tytso@rsx-11.mit.edu>

        * configure.in: Remove standardized set of autoconf macros, which
                are now handled by CONFIG_RULES.

Tue May  9 15:52:15 1995  Ezra Peisach  <epeisach@kangaroo.mit.edu>

        * krb_auth_su.c (krb5_auth_check): Add missing context
                (wolfgang@wsrcc.com) 

        * ccache.c (krb5_get_nonexp_tkts): Add missing context
                (wolfgang@wsrcc.com) 

        * heuristic.c (get_best_princ_for_target): Missing context cuased
                coredump. 
                (get_best_princ_for_target): Missing contexts in call to
                                find_either_ticket. 
                (find_either_ticket): Missing context in call of find_ticket
                (get_best_princ_for_target): Add missing context

Thu Mar 16 20:50:32 1995  John Gilmore  (gnu at toad.com)

        * configure.in:  Replace CHECK_STDARG with AC_CHECK_HEADERS.
        * main.c (print_status):  Use HAVE_STDARG_H to control whether to
        declare with ", ..."; not STDARG_PROTOTYPES.
        * ksu.h:  Don't include <stdarg.h> or <varargs.h>, since they
        are already included by "com_err.h".

Thu Mar  2 12:32:17 1995  Theodore Y. Ts'o  <tytso@dcl>

        * Makefile.in (ISODELIB): Remove reference to $(ISODELIB).

Wed Mar  1 16:28:36 1995  Theodore Y. Ts'o  <tytso@dcl>

        * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket
                and -lnsl with WITH_NETLIB check.

Tue Feb 28 02:11:21 1995  John Gilmore  (gnu at toad.com)

        * ksu.h:  Avoid <krb5/...> and <com_err.h> includes.

Fri Feb 17 18:10:04 1995 Chris Provenzano  (proven@mit.edu)

        * krb_auth_su.c krb5_auth_check()) Call krb5_get_cred_from_kdc()
                with new calling convention.

Mon Feb 06 17:19:04 1995 Chris Provenzano  (proven@mit.edu)

        * krb_auth_su.c Removed krb5_keytype, changed krb5_enctype to
                krb5_enctype *, changed krb5_preauthtype to krb5_preauthtype *
                for krb5_get_in_tkt_with_password() rotuine.

Sat Jan 28 14:45:55 1995  Chris Provenzano (proven@mit.edu)

        * krb_auth_su.c (krb5_verify_tkt_def()) use new API for 
                krb5_kt_get_entry.

Wed Jan 18 12:21:30 1995    <tytso@rsx-11.mit.edu>

        * main.c (main): If gethostbyname returns an error, exit after
                printing an error message.

Fri Jan 13 15:23:47 1995  Chris Provenzano (proven@mit.edu)

    * Added krb5_context to all krb5_routines

Mon Oct  3 19:15:28 1994  Theodore Y. Ts'o  (tytso@dcl)

        * Makefile.in: Use $(srcdir) to find manual page for make install.

Fri Sep 30 22:14:41 1994  Theodore Y. Ts'o  (tytso@dcl)

        * krb_auth_su.c: Add magic number placeholder to structures.

Tue Aug  9 20:29:47 1994  Tom Yu  (tlyu@dragons-lair)

        * *.c: "upgrade" to C Classic :-)

Tue Aug  9 00:11:07 1994  Mark Eichin  (eichin@cygnus.com)

        * main.c: define MAXHOSTNAMELEN if it isn't there already
        (print_status): use varargs form as well
        * configure.in: check for stdarg.h

Thu Aug  4 03:38:03 1994  Tom Yu  (tlyu@dragons-lair)

        * Makefile.in: make install fixes

Mon Jul 25 01:23:36 1994  Tom Yu  (tlyu@dragons-lair)

        * configure.in: check for ndbm/dbm

Thu Jul 21 01:01:20 1994  Tom Yu  (tlyu at dragons-lair)

        * Makefile.in:
        * configure.in: attempt to autoconf

Sat Jul 16 03:02:17 1994  Tom Yu  (tlyu at dragons-lair)

        * ksu.c: frob error codes

Fri Jul 15 23:45:34 1994  Theodore Y. Ts'o  (tytso at tsx-11)

        * ksu.c (get_dir_of_file): Change to use POSIX getcwd() function.