1 2000-01-27 Ken Raeburn <raeburn@mit.edu>
3 * main.c (print_status): Now static. Add format attribute if
6 1999-12-02 Ken Raeburn <raeburn@mit.edu>
8 * krb_auth_su.c (krb5_get_tkt_via_passwd): Check length of
9 principal name before copying to fixed-size buffer.
11 * ccache.c (krb5_ccache_filter): Fix speling error.
12 (krb5_get_login_princ): Check length of home directory pathname.
14 * setenv.c: New file, copied from appl/bsd.
15 * Makefile.in (OBJS): Add @SETENVOBJ@.
18 * xmalloc.c: New file, providing versions of malloc, calloc,
19 realloc, and strdup that print messages and exit if memory
21 * ksu.h (xmalloc, xrealloc, xcalloc, xstrdup): Declare.
22 * Makefile.in (SRCS, OBJS): Use it.
23 * authorization.c, ccache.c, heuristic.c, main.c: Change all calls
24 to malloc, calloc, realloc, and strdup to call x* versions if the
25 return value is not checked before use.
27 * authorization.c (auth_cleanup): Ditch int arguments, check for
28 null pointers instead.
29 (krb5_authorization): Update calls. Initialize file pointers to
31 (init_auth_names): Check for buffer overflow.
32 (fcmd_resolve): Ensure enough buffer space is allocated.
33 (find_first_cmd_that_exists): Likewise. Use strcat instead of
34 sprintf'ing a buffer into itself.
36 * krb_auth_su.c (dump_principal, plain_dump_principal): Reformat
39 * main.c (cc_source_tag, cc_source_tag_tmp): Now point to const.
40 (main): Unset environment variable KRB5_CONFIG. Delete -C
41 option. Force an error if lifetime strings are over 14
42 characters. Fix error message string if setluid fails. Cast pid
43 to long for printing. Call krb5_init_secure_context instead of
44 krb5_init_context and krb5_secure_config_files.
45 (main): Fix speling error.
46 (ontty): Check string size.
47 (get_dir_of_file): Argument now points to const.
48 * ksu.h (get_dir_of_file): Update declaration.
50 1999-10-26 Wilfredo Sanchez <tritan@mit.edu>
52 * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
53 LOCAL_INCLUDES such that one can override CFLAGS from the command
54 line without losing CPP search patchs and defines. Some associated
57 1999-08-23 Ken Raeburn <raeburn@mit.edu>
59 * heuristic.c (find_ticket): Use flag KRB5_TC_SUPPORTED_KTYPES
60 when calling krb5_cc_retrieve_cred.
61 * krb_auth_su.c (krb5_auth_check, krb5_fast_auth): Ditto.
63 Fri Mar 12 18:52:18 1999 Tom Yu <tlyu@mit.edu>
65 * main.c (main): Fix cleanup code for setluid() failure.
67 Thu Mar 4 18:46:55 1999 Tom Yu <tlyu@mit.edu>
69 * heuristic.c (get_authorized_princ_names): Fix to not call
70 list_union() if cmd is NULL, otherwise freed memory gets
71 referenced. [krb5-clients/698]
73 Thu Feb 18 22:26:30 1999 Tom Yu <tlyu@mit.edu>
75 * Makefile.in (ksu): Add $(KSU_LIBS) in case we need -lsecurity.
77 * main.c (main): Add call to setluid() on systems that have it.
79 1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
81 * Makefile.in: Set the myfulldir and mydir variables (which are
82 relative to buildtop and thisconfigdir, respectively.)
84 1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
86 * main.c (main): POSIX states that getopt returns -1 when it
87 is done parsing options, not EOF.
89 Wed Feb 18 15:44:15 1998 Tom Yu <tlyu@mit.edu>
91 * Makefile.in: Remove trailing slash from thisconfigdir. Fix up
92 BUILDTOP for new conventions.
94 Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
96 * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
98 Wed Feb 4 20:46:49 1998 Tom Yu <tlyu@mit.edu>
100 * krb_auth_su.c (krb5_verify_tkt_def): If using a pre-existing
101 credential cache, ensure that the host ticket has not yet
102 expired. Patch from vwelch@ncsa.uiuc.edu [krb5-clients/545].
104 Mon Jan 27 16:56:07 1997 Tom Yu <tlyu@mit.edu>
107 * configure.in: Update to new program build procedure.
109 Sun Nov 10 20:10:53 1996 Sam Hartman <hartmans@mit.edu>
111 * krb_auth_su.c (path_passwd;): If you don't have a srvtab, always
114 Thu Nov 7 15:41:19 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
116 * main.c (main): Check the error return from
117 krb5_init_context(), and print an error message if
120 Wed Sep 18 15:54:41 1996 Theodore Y. Ts'o <tytso@mit.edu>
122 * krb_auth_su.c (krb5_get_tkt_via_passwd): Remove call to
123 krb5_os_localaddr(), since get_in_tkt will default correctly.
125 Tue Sep 10 14:15:02 1996 Tom Yu <tlyu@mit.edu>
127 * ksu.M: remove ".so man1/header.doc"
129 Thu Aug 8 12:31:30 1996 Sam Hartman <hartmans@mit.edu>
131 * main.c (main): Close source cache before executing command.
133 Sat May 25 16:11:55 1996 Sam Hartman <hartmans@mit.edu>
135 * configure.in: Use aname db libs.
137 Tue May 21 19:14:27 1996 Sam Hartman <hartmans@mit.edu>
139 * Makefile.in (install): Ignore error return from installation of
140 ksu; if we can't set the setuid bit (AFS or non-root), we should
143 Mon May 20 00:07:16 1996 Sam Hartman <hartmans@tertius.mit.edu>
145 * main.c (main): Do not force source cache open if we are going to use it as the target.
147 Sun May 19 13:41:21 1996 Sam Hartman <hartmans@mit.edu>
149 * main.c: Force source ccache to stay open between transactions.
151 Sun May 19 03:24:26 1996 Sam Hartman <hartmans@tertius.mit.edu>
153 * krb_auth_su.c: Use target uid while creating ccache
155 * ccache.c: Set uid to target before creating target cache.
157 * ksu.h: Add target_uid to copy_ccache and copy_ccache_restricted
159 Sat May 18 16:39:15 1996 Sam Hartman <hartmans@tertius.mit.edu>
161 * configure.in: Use libkrb5util to get krb5_seteuid
163 * heuristic.c (get_best_princ_for_target): Remove seteuid around stat call and insert call to krb5_seteuid before accessing .k5login or .k5users.
165 * main.c (main): Insert appropriate calls to krb5_seteuid so that
166 files are accessed as appropriate. Also, remove code to copy
167 tickets obtained while running ksu overthe source cache; this is
168 not appropriate because it changes the ownership of the source
171 Mon May 13 06:50:12 1996 Richard Basch <basch@lehman.com>
173 * authorization.c: users in the .k5login were not permitted to use
174 the '-e command' flag; the man page does not indicate this should fail.
175 All users in .k5login, and those in .k5users (for the specified cmd)
176 are now allowed to execute commands.
177 Also, a lot of indentation cleanup was done.
179 * configure.in heuristic.c:
180 Before getting the best principal from the ccache, reset the euid;
181 we don't want to use someone else's ccache.
182 Also, a lot of indentation cleanup was done.
184 Wed Apr 10 20:24:49 1996 Richard Basch <basch@lehman.com>
186 * main.c, krb_auth_su.c: Mostly cosmetic cleanup of output
187 statements. Also, rather than computing the default host key,
188 let the library routine do it.
190 Sun Mar 31 16:48:29 1996 Chris Provenzano <proven@cygnus.com>
192 * main.c (main): Handle suspend/fg properly.
194 Fri Mar 29 23:35:53 1996 Chris Provenzano <proven@cygnus.com>
196 * ccache.c main.c: Remove krb5_ccache_refresh(). All this functionality
197 is is done in the krb5_ccache_copy(), and the way refresh() was
198 implemented it was generating a new ccache owner by root (ksu is suid)
199 over the old ccache, thereby making it possible that programs
200 accessing the ccache during this time would fail.
202 Wed Mar 13 17:45:11 1996 Ken Raeburn <raeburn@cygnus.com>
204 * configure.in: Use AC_HEADER_STDARG.
206 Wed Nov 8 17:54:11 1995 Theodore Y. Ts'o <tytso@dcl>
208 * ccache.c (krb5_check_exp): Change use of krb5_clockskew to be
211 Mon Oct 9 23:14:33 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
213 * main.c (main): Handle case when ticket cache name does not
216 Thu Oct 5 11:23:21 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
218 * ksu.M: Document authorization changes.
220 * ksu.1: Remove as was out of date.
222 * Makefile.in (DEFINES): Remove LOCAL_REALM definition.
224 * ksu.h: Remove local_realm from krb5_authorization.
226 * authorization.c (krb5_authorization): Remove old copied code
227 that is in krb5 library and is out of date. Use the
228 configurable aname to localname methods.
230 * main.c (main): Add krb5_secure_config_files so that users cannot
231 override system config files.
234 Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
236 * krb_auth_su.c : s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
238 Tue Sep 05 22:10:34 1995 Chris Provenzano (proven@mit.edu)
240 * krb_auth_su.c : Remove krb5_enctype references, and replace with
241 krb5_keytype where appropriate.
243 Mon Aug 21 16:53:40 EDT 1995 Paul Park (pjpark@mit.edu)
244 * ksu.h - Change lifetime types to krb5_deltat.
245 * main.c - Use string_to_deltat() to parse lifetimes. Fix gcc -Wall.
246 * krb_auth_su.c - Fix gcc -Wall. Remove krb5_parse_lifetime() and
247 convtime(). No longer needed.
248 * ccache.c - Remove English-specific months and let timestamp_to_
249 sfstring() handle it. Fix gcc -Wall.
250 * configure.in - Add -lkadm.
252 Sat Jul 29 04:41:07 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU>
254 * configure.in: Don't link with -lkadm.
256 Tue Jul 11 11:10:13 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
258 * main.c (main): Remove extraneous argument to call to
259 krb5_parse_lifetime. Add context argument to call to
260 plain_dump_principal.
262 * authorization.c, heuristic.c, krb_auth_su.c: Add prototypes
263 for static functions. Add missing arguments to
266 * ccache.c: Remove prototype declaration of function now defined
269 * ksu.h: Add full prototypes for all functions in program.
271 Fri Jul 7 15:55:14 EDT 1995 Paul Park (pjpark@mit.edu)
272 * Makefile.in - Remove explicit library handling and LDFLAGS.
273 * configure.in - Add USE_KADM_LIBRARY and KRB5_LIBRARIES.
275 Thu Jul 6 17:30:49 1995 Tom Yu <tlyu@lothlorien.MIT.EDU>
277 * krb_auth_su.c (krb5_get_tkt_via_passwd): Pass context to
280 Tue Jun 20 14:32:46 1995 Tom Yu (tlyu@dragons-lair)
282 * main.c: HAS_GETUSERSHELL -> HAVE_GETUSERSHELL
284 * configure.in: add test for getusershell()
286 Thu Jun 15 17:46:22 EDT 1995 Paul Park (pjpark@mit.edu)
287 * Makefile.in - Change explicit library names to -l<lib> form, and
288 change target link line to use $(LD) and associated flags.
289 * configure.in - Add shared library usage check.
291 Fri Jun 9 18:37:43 1995 <tytso@rsx-11.mit.edu>
293 * configure.in: Remove standardized set of autoconf macros, which
294 are now handled by CONFIG_RULES.
296 Tue May 9 15:52:15 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
298 * krb_auth_su.c (krb5_auth_check): Add missing context
301 * ccache.c (krb5_get_nonexp_tkts): Add missing context
304 * heuristic.c (get_best_princ_for_target): Missing context cuased
306 (get_best_princ_for_target): Missing contexts in call to
308 (find_either_ticket): Missing context in call of find_ticket
309 (get_best_princ_for_target): Add missing context
311 Thu Mar 16 20:50:32 1995 John Gilmore (gnu at toad.com)
313 * configure.in: Replace CHECK_STDARG with AC_CHECK_HEADERS.
314 * main.c (print_status): Use HAVE_STDARG_H to control whether to
315 declare with ", ..."; not STDARG_PROTOTYPES.
316 * ksu.h: Don't include <stdarg.h> or <varargs.h>, since they
317 are already included by "com_err.h".
319 Thu Mar 2 12:32:17 1995 Theodore Y. Ts'o <tytso@dcl>
321 * Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
323 Wed Mar 1 16:28:36 1995 Theodore Y. Ts'o <tytso@dcl>
325 * configure.in: Remove ISODE_INCLUDE, replace check for -lsocket
326 and -lnsl with WITH_NETLIB check.
328 Tue Feb 28 02:11:21 1995 John Gilmore (gnu at toad.com)
330 * ksu.h: Avoid <krb5/...> and <com_err.h> includes.
332 Fri Feb 17 18:10:04 1995 Chris Provenzano (proven@mit.edu)
334 * krb_auth_su.c krb5_auth_check()) Call krb5_get_cred_from_kdc()
335 with new calling convention.
337 Mon Feb 06 17:19:04 1995 Chris Provenzano (proven@mit.edu)
339 * krb_auth_su.c Removed krb5_keytype, changed krb5_enctype to
340 krb5_enctype *, changed krb5_preauthtype to krb5_preauthtype *
341 for krb5_get_in_tkt_with_password() rotuine.
343 Sat Jan 28 14:45:55 1995 Chris Provenzano (proven@mit.edu)
345 * krb_auth_su.c (krb5_verify_tkt_def()) use new API for
348 Wed Jan 18 12:21:30 1995 <tytso@rsx-11.mit.edu>
350 * main.c (main): If gethostbyname returns an error, exit after
351 printing an error message.
353 Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
355 * Added krb5_context to all krb5_routines
357 Mon Oct 3 19:15:28 1994 Theodore Y. Ts'o (tytso@dcl)
359 * Makefile.in: Use $(srcdir) to find manual page for make install.
361 Fri Sep 30 22:14:41 1994 Theodore Y. Ts'o (tytso@dcl)
363 * krb_auth_su.c: Add magic number placeholder to structures.
365 Tue Aug 9 20:29:47 1994 Tom Yu (tlyu@dragons-lair)
367 * *.c: "upgrade" to C Classic :-)
369 Tue Aug 9 00:11:07 1994 Mark Eichin (eichin@cygnus.com)
371 * main.c: define MAXHOSTNAMELEN if it isn't there already
372 (print_status): use varargs form as well
373 * configure.in: check for stdarg.h
375 Thu Aug 4 03:38:03 1994 Tom Yu (tlyu@dragons-lair)
377 * Makefile.in: make install fixes
379 Mon Jul 25 01:23:36 1994 Tom Yu (tlyu@dragons-lair)
381 * configure.in: check for ndbm/dbm
383 Thu Jul 21 01:01:20 1994 Tom Yu (tlyu at dragons-lair)
386 * configure.in: attempt to autoconf
388 Sat Jul 16 03:02:17 1994 Tom Yu (tlyu at dragons-lair)
390 * ksu.c: frob error codes
392 Fri Jul 15 23:45:34 1994 Theodore Y. Ts'o (tytso at tsx-11)
394 * ksu.c (get_dir_of_file): Change to use POSIX getcwd() function.