-Beta test distribution READ-ME file.
------------------------------------
+ Kerberos Version 5, Release 1.0
-THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
-IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
-WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+ Release Notes
-Files are copyright MIT, Cygnus Support, OpenVision, Oracle, Sun Soft,
-and others.
+ The MIT Kerberos Team
-The following copyright and permission notice applies to the
-OpenVision Kerberos Administration system located in kadmin/create,
-kadmin/dbutil, kadmin/server, lib/kadm, and portions of lib/rpc:
+Unpacking the Source Distribution
+---------------------------------
- Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
-
- WARNING: Retrieving the OpenVision Kerberos Administration system
- source code, as described below, indicates your acceptance of the
- following terms. If you do not agree to the following terms, do not
- retrieve the OpenVision Kerberos administration system.
-
- You may freely use and distribute the Source Code and Object Code
- compiled from it, but this Source Code is provided to you "AS IS"
- EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT LIMITATION, ANY
- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR
- ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED. IN NO EVENT WILL
- OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS, LOSS OF DATA OR
- COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY
- SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS
- AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE
- OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR
- FOR ANY OTHER REASON.
-
- OpenVision retains all rights, title, and interest in the donated
- Source Code. With respect to OpenVision's copyrights in the donated
- Source Code, OpenVision also retains rights to derivative works
- of the Source Code whether created by OpenVision or a third party.
-
- OpenVision Technologies, Inc. has donated this Kerberos
- Administration system to MIT for inclusion in the standard
- Kerberos 5 distribution. This donation underscores our
- commitment to continuing Kerberos technology development
- and our gratitude for the valuable work which has been
- performed by MIT and the Kerberos community.
+The source distribution of Kerberos 5 comes in three gzipped tarfiles,
+krb5-1.0.src.tar.gz, krb5-1.0.doc.tar.gz, and krb5-1.0.crypto.tar.gz.
+The krb5-1.0.doc.tar.gz contains the doc/ directory and this README
+file. The krb5-1.0.src.tar.gz contains the src/ directory and this
+README file, except for the crypto library sources, which are in
+krb5-1.0.crypto.tar.gz.
+
+Instruction on how to extract the entire distribution follow. These
+directions assume that you want to extract into a directory called
+DIST.
+
+If you have the GNU tar program and gzip installed, you can simply do:
+
+ mkdir DIST
+ cd DIST
+ gtar zxpf krb5-1.0.src.tar.gz
+ gtar zxpf krb5-1.0.crypto.tar.gz
+ gtar zxpf krb5-1.0.doc.tar.gz
+If you don't have GNU tar, you will need to get the FSF gzip
+distribution and use gzcat:
+ mkdir DIST
+ cd DIST
+ gzcat krb5-1.0.src.tar.gz | tar xpf -
+ gzcat krb5-1.0.crypto.tar.gz | tar xpf -
+ gzcat krb5-1.0.doc.tar.gz | tar xpf -
-Now, with that out of the way, let me point you to a few things:
+Both of these methods will extract the sources into DIST/krb5-1.0/src
+and the documentation into DIST/krb5-1.0/doc.
+
+Unpacking the Binary Distribution
+---------------------------------
+
+Binary distributions of Kerberos V5 are provided merely as convenience
+to those people who wish to try out Kerberos V5 without needing to do
+a full compile of Kerberos.
+
+MIT and the MIT Kerberos V5 development team make no guarantees that
+we will continue to supply binary distributions for future releases of
+Kerberos V5, or for any operating system/platform in particular.
+These binary distributions have been prepared by members of the MIT
+Kerberos V5 development team, or by volunteers who have graciously
+agreed to test the pre-release snapshot. Each binary build is PGP
+signed by the person who prepared the binary distribution for that
+particular platform.
+
+While the binary distribution is *supposed* to correspond exactly to
+the 1.0 Kerberos V5 source release, you have no way of knowing whether
+the person who prepared the binary release might have inserted a
+trojan horse, or a trapdoor. For all you know, the binary
+distribution might be mailing all of your Kerberos keys to
+kremvax!boris. (The same is true for the source distribution, but at
+least you can audit the code yourself!)
+
+For this reason, if you are planning on using Kerberos V5 in
+production, we strongly suggest that you obtain the source
+distribution and compile it from source yourself.
+
+The binary distributions have been compiled so that they will install
+in /usr/local. To install, su to root and and type the command:
+
+ cd /usr/local
+ gunzip < /tmp/krb5-1.0.<platform>.tar.gz | tar xvf -
+
+
+Building and Installing Kerberos 5
+----------------------------------
The first file you should look at is doc/install.ps; it contains the
notes for building and installing Kerberos 5. The info file
respectively. They are also available as info files
kerberos-admin.info and krb5-user.info, respectively.
->> <<
->> Please report any problems/bugs/comments to 'krb5-bugs@mit.edu' <<
->> <<
+Reporting Bugs
+--------------
+
+Please report any problems/bugs/comments using the krb5-send-pr
+program. The krb5-send-pr program will be installed in the sbin
+directory once you have successfully compiled and installed Kerberos
+V5 (or if you have installed one of our binary distributions).
+
+If you are not able to use krb5-send-pr because you haven't been able
+compile and install Kerberos V5 on any platform, you may send mail to
+krb5-bugs@mit.edu.
+
+Notes and Major Changes
+-----------------------
+
+* We are now using the GNATS system to track bug reports for Kerberos
+V5. It is therefore helpful for people to use the krb5-send-pr
+program when reporting bugs. The old interface of sending mail to
+krb5-bugs@mit.edu will still work; however, bug reports sent in this
+fashion may experience a delay in being processed.
+
+* The default keytab name has changed from /etc/v5srvtab to
+/etc/krb5.keytab.
+
+* login.krb5 no longer defaults to getting krb4 tickets.
+
+* The Windows (win16) DLL, LIBKRB5.DLL, has been renamed to
+KRB5_16.DLL. This change was necessary to distinguish it from the
+win32 version, which will be named KRB5_32.DLL. Note that the
+GSSAPI.DLL file has not been renamed, because this name was specified
+in a draft standard for the Windows 16 GSSAPI bindings. (The 32-bit
+version of the GSSAPI DLL will be named GSSAPI32.DLL.)
+
+* The directory structure used for installations has changed. In
+particular, files previously located in $prefix/lib/krb5kdc are now
+normally located in $sysconfdir/krb5kdc. With the normal configure
+options, this means the KDC database goes in /usr/local/var/krb5kdc by
+default. If you wish to have the old behavior, then you would use a
+configure line like the following:
+ configure --prefix=/usr/local --sysconfdir=/usr/local/lib
+* kshd has been modified to accept krb4 encrypted rcp connections; for
+this to work, the v4rcp program must be in the sbin directory.
+
+* The gssrpc library has symbol collisions with the rpc library in
+some of the libcs in certain operating systems without shared
+libraries, notably some ports of NetBSD and MkLinux. For those
+platforms which have rpc in libc and also contain NIS in libc,
+compiling with static libraries will not work because of this
+conflict. NetBSD users can either upgrade to the current tree, which
+includes shared libraries for more ports, choose not to build kadmind
+or kadmin, or recompile NetBSD without NIS support. MkLinux users
+must either recompile without NIS or not build the administration
+system.
+
+Copyright Notice and Legal Administrivia
+----------------------------------------
+
+Copyright (C) 1996 by the Massachusetts Institute of Technology.
+
+All rights reserved.
+
+Export of this software from the United States of America may require
+a specific license from the United States Government. It is the
+responsibility of any person or organization contemplating export to
+obtain such a license before exporting.
+
+WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
+distribute this software and its documentation for any purpose and
+without fee is hereby granted, provided that the above copyright
+notice appear in all copies and that both that copyright notice and
+this permission notice appear in supporting documentation, and that
+the name of M.I.T. not be used in advertising or publicity pertaining
+to distribution of the software without specific, written prior
+permission. M.I.T. makes no representations about the suitability of
+this software for any purpose. It is provided "as is" without express
+or implied warranty.
+
+THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+
+Individual source code files are copyright MIT, Cygnus Support,
+OpenVision, Oracle, Sun Soft, and others.
+
+Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira,
+and Zephyr are trademarks of the Massachusetts Institute of Technology
+(MIT). No commercial use of these trademarks may be made without
+prior written permission of MIT.
+
+"Commercial use" means use of a name in a product or other for-profit
+manner. It does NOT prevent a commercial firm from referring to the
+MIT trademarks in order to convey information (although in doing so,
+recognition of their trademark status should be given).
+
+The following copyright and permission notice applies to the
+OpenVision Kerberos Administration system located in kadmin/create,
+kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions
+of lib/rpc:
+
+ Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
+
+ WARNING: Retrieving the OpenVision Kerberos Administration system
+ source code, as described below, indicates your acceptance of the
+ following terms. If you do not agree to the following terms, do not
+ retrieve the OpenVision Kerberos administration system.
+
+ You may freely use and distribute the Source Code and Object Code
+ compiled from it, with or without modification, but this Source
+ Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY,
+ INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR
+ FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER
+ EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY
+ FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
+ CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING,
+ WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE
+ CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY
+ OTHER REASON.
+
+ OpenVision retains all copyrights in the donated Source Code. OpenVision
+ also retains copyright to derivative works of the Source Code, whether
+ created by OpenVision or by a third party. The OpenVision copyright
+ notice must be preserved if derivative works are made based on the
+ donated Source Code.
+
+ OpenVision Technologies, Inc. has donated this Kerberos
+ Administration system to MIT for inclusion in the standard
+ Kerberos 5 distribution. This donation underscores our
+ commitment to continuing Kerberos technology development
+ and our gratitude for the valuable work which has been
+ performed by MIT and the Kerberos community.
+
+Acknowledgements
+----------------
Appreciation Time!!!! There are far too many people to try to thank
them all; many people have contributed to the development of Kerberos
-V5. This is only a partial listing....
+V5. This is only a partial listing....
Thanks to John Linn, Scott Foote, and all of the folks at OpenVision
Technologies, Inc., who donated their administration server for use in
the MIT release of Kerberos.
Thanks to Paul Vixie and the Internet Software Consortium for
-supporting the OV administration server integration work.
+supporting the OV administration server integration work as well as
-Thanks to Jeff Bigler, Mark Eichin, Mark Horowitz, Nancy Gilman, Ken
+Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken
Raeburn, and all of the folks at Cygnus Support, who provided
innumerable bug fixes and portability enhancements to the Kerberos V5
-tree. Thanks especially ot Jeff Bigler, for the new user and system
+tree. Thanks especially to Jeff Bigler, for the new user and system
administrator's documentation.
Thanks to Doug Engert from ANL for providing many bug fixes, as well
as testing to ensure DCE interoperability.
+Thanks to Ken Hornstein at NRL for providing many bug fixes and
+suggestions.
+
Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for
their many suggestions and bug fixes.
Davis, Nancy Gilman, Sam Hartman, Marc Horowitz, Barry Jaspan, John
Kohl, Cliff Neuman, Kevin Mitchell, Paul Park, Ezra Peisach, Chris
Provenzano, Jon Rochlis, Jeff Schiller, Harry Tsai, Ted Ts'o, Tom Yu.
-
-Note:
-
-Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and
-Zephyr are trademarks of the Massachusetts Institute of Technology (MIT). No
-commercial use of these trademarks may be made without prior written
-permission of MIT.
-
-FYI, "commercial use" means use of a name in a product or other for-profit
-manner. It does NOT prevent a commercial firm from referring to the MIT
-trademarks in order to convey information (although in doing so, recognition
-of their trademark status should be given).
+Tue Nov 26 18:34:11 1996 Tom Yu <tlyu@mit.edu>
+
+ * install.texinfo: Fix a couple of references to "@value{COMPANY}"
+ so they don't commit MIT to doing user support; also fixed some
+ punctuation errors.
+
+Mon Nov 25 23:39:53 1996 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * copyright.texinfo: Change lib/kadm to lib/kadm5, and add the
+ kadmin/passwd to the list of directories containing OV
+ code.
+
+Sun Nov 24 23:55:52 1996 Ezra Peisach (epeisach@mit.edu)
+
+ * build.texinfo: Remove --with-kdb-db section as it does not
+ exist. Add --with-tcl info.
+
+Tue Nov 19 13:42:00 1996 Barry Jaspan <bjaspan@mit.edu>
+
+ * install.texinfo, build.texinfo: misc suggestions from jhawk
+ [krb5-doc/55]
+
Fri Nov 15 17:52:39 1996 Jeff Bigler <jcb@viola.cygnus.com>
* Makefile (krb425-guide): added section to make krb425 guide.
Most of the tests are setup to run as a non-privledged user. There are
two series of tests (@samp{rlogind} and @samp{telnetd}) which require
the ability to @samp{rlogin} as root to the local machine. Admittedly,
-this does require the use of a @file{.rhosts} file or some other
-authenticated means. @footnote{If you are fortunate enough to have a
-previous version of Kerberos V5 or V4 installed, and the Kerberos rlogin
-is first in your path, you can setup @file{.k5login} or @file{.klogin}
-respectively to allow you access.}
+this does require the use of a @file{.rhosts} file or some authenticated
+means. @footnote{If you are fortunate enough to have a previous version
+of Kerberos V5 or V4 installed, and the Kerberos rlogin is first in your
+path, you can setup @file{.k5login} or @file{.klogin} respectively to
+allow you access.}
If you cannot obtain root access to your machine, all the other tests
will still run. Note however, with DejaGnu 1.2, the "untested testcases"
@item --with-krb4=KRB4DIR
-This option enables Kerberos V4 backwards compatibility. The directory
-specified by @code{KRB4DIR} specifies where the V4 header files should
-be found (@file{/KRB4DIR/include}) as well as where the V4 Kerberos
-library should be found (@file{/KRB4DIR/lib}).
+This option enables Kerberos V4 backwards compatibility using a
+pre-existing Kerberos V4 installation. The directory specified by
+@code{KRB4DIR} specifies where the V4 header files should be found
+(@file{/KRB4DIR/include}) as well as where the V4 Kerberos library
+should be found (@file{/KRB4DIR/lib}).
@item --without-krb4
modified (and thus needing to be locked) frequently. Please note that
the implementors do not regularly test this feature.
-@item --with-kdb-db=database
-
-The configuration process will try to determine a working set of
-libraries required to implement the Kerberos database. Configure will
-look for interfaces that use or emulate a @samp{ndbm} or @samp{dbm}
-library. Failing that, a build in copy of the Berkeley DB code will be
-used. You may decide to compile a different interface than the default
-by specifying one of "ndbm", "dbm", or "db".
-
-An important note on platforms where the @samp{ndbm} implementation is
-based on @sc{GDBM} (such as the Linux Slackware distribution). @sc{GDBM}
-has its own built in file locking which prevents simultaneous access to
-the database from two separate processes in which one wants to modify
-the database while the otherone only wants to read. (i.e. the KDC and
-administrative servers). In this case, you will need to specify the use
-of the Berkeley DB.
+@item --with-tcl=TCLPATH
+
+Some of the unit-tests in the build tree rely upon using a program in
+Tcl. The directory specified by @code{TCLPATH} specifies where the Tcl
+header file (@file{/TCLPATH/include/tcl.h} as well as where the Tcl
+library should be found (@file{/TCLPATH/lib}).
@end table
@vskip 12pt
@end iftex
-The following copyright and permission notice applies to the
-OpenVision Kerberos Administration system located in kadmin/create,
-kadmin/dbutil, kadmin/server, lib/kadm, and portions of lib/rpc:
+The following copyright and permission notice applies to the OpenVision
+Kerberos Administration system located in kadmin/create, kadmin/dbutil,
+kadmin/passwd, kadmin/server, lib/kadm5, and portions of lib/rpc:
@quotation
Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved
OpenVision Kerberos administration system.
You may freely use and distribute the Source Code and Object Code
-compiled from it, but this Source Code is provided to you "AS IS"
-EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES
-OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER
-WARRANTY, WHETHER EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE
-ANY LIABILITY FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT
-OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR
-CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, WITHOUT
-LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE CODE, OR THE
-FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY OTHER REASON.
+compiled from it, with or without modification, but this Source Code is
+provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT
+LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A
+PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED.
+IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS,
+LOSS OF DATA OR COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR
+FOR ANY SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS
+AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE
+OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR
+ANY OTHER REASON.
-OpenVision retains all rights, title, and interest in the donated Source
-Code. With respect to OpenVision's copyrights in the donated Source
-Code, OpenVision also retains rights to derivative works of the Source
-Code whether created by OpenVision or a third party.
+OpenVision retains all copyrights in the donated Source Code. OpenVision
+also retains copyright to derivative works of the Source Code, whether
+created by OpenVision or by a third party. The OpenVision copyright
+notice must be preserved if derivative works are made based on the
+donated Source Code.
OpenVision Technologies, Inc. has donated this Kerberos Administration
system to MIT for inclusion in the standard Kerberos 5 distribution.
and planning. @value{COMPANY} has attempted to make this
@value{PRODUCT} Installation Guide as concise as possible, rather than
making it an exhaustive description of the details of Kerberos.
+@ifset cygnus
Consequently, everything in this guide appears because @value{COMPANY}
believes that it is important. Please read and follow these
instructions carefully, and if there is anything you do not understand
or are not sure of, please don't hesitate to call us.
+@end ifset
+@ifclear cygnus
+Consequently, everything in this guide appears because @value{COMPANY}
+believes that it is important. Please read and follow these
+instructions carefully.
+@end ifclear
@node Overview of This Guide, , Please Read the Documentation, Introduction
@section Overview of This Guide
down, is being upgraded, or is otherwise unavailable.
@item
-If your network is split such that a network outage is likely to cause
-some segment or segments of the network to become cut off or isolated,
-have a slave KDC accessible to each segment.
+If your network is split such that a network outage is likely to cause a
+network partition (some segment or segments of the network to become cut
+off or isolated from other segments), have a slave KDC accessible to
+each segment.
@item
If possible, have at least one slave KDC in a different building from
If the propagation time is longer than this maximum reasonable time
(@i{e.g.,} you have a particularly large database, you have a lot of
-slaves, and/or you experience frequent network delays), you may wish to
+slaves, or you experience frequent network delays), you may wish to
cut down on your propagation delay by performing the propagation in
parallel. To do this, have the master KDC propagate the database to one
set of slaves, and then have each of these slaves propagate the database
made on the master KDC.
Slave KDCs provide Kerberos ticket-granting services, but not database
-access. This allows clients to continue to obtain tickets when the
-master KDC is unavailable.
+administration. This allows clients to continue to obtain tickets when
+the master KDC is unavailable.
-@value{COMPANY}'s recommends that you install all of your KDCs to be
-able to function as either the master or one of the slaves. This will
-enable you to easily switch your master KDC with one of the slaves if
+@value{COMPANY} recommends that you install all of your KDCs to be able
+to function as either the master or one of the slaves. This will enable
+you to easily switch your master KDC with one of the slaves if
necessary. (@xref{Switching Master and Slave KDCs}.) This installation
procedure is based on that recommendation.
(@pxref{krb5.conf}) and @code{@value{ROOTDIR}/var/krb5kdc/kdc.conf}
(@pxref{kdc.conf}) to reflect the correct information (such as the
hostnames and realm name) for your realm. @value{COMPANY} recommends
-that you keep @code{krb5.conf} in @code{/etc}. The @code{krb5.conf}
-file may contain a pointer to @code{kdc.conf}, which you need to change
-if you want to move @code{kdc.conf} to another location.
+that you keep @code{krb5.conf} in @code{/etc}.
@node Create the Database, Add Administrators to the Acl File, Edit the Configuration Files, Install the Master KDC
@subsubsection Create the Database
especially a famous person (or cartoon character), your username in any
form (@i{e.g.}, forward, backward, repeated twice, @i{etc.}), and any of
the sample keys that appear in this manual. One example of a key which
-would be good if it did not appear in this manual is ``MITiys4K5!'',
-which represents the sentence ``@value{COMPANY} is your source for
-Kerberos 5!'' (It's the first letter of each word, substituting the
-numeral ``4'' for the word ``for'', and includes the punctuation mark at
-the end.)
+might be good if it did not appear in this manual is ``MITiys4K5!'',
+which represents the sentence ``MIT is your source for Kerberos 5!''
+(It's the first letter of each word, substituting the numeral ``4'' for
+the word ``for'', and includes the punctuation mark at the end.)
The following is an example of how to create a Kerberos database and
stash file on the master KDC, using the @code{kdb5_util} command. (The
kerberos 88/udp kdc # Kerberos authentication (udp)
kerberos 88/tcp kdc # Kerberos authentication (tcp)
krb5_prop 754/tcp # Kerberos slave propagation
-kerberos-adm 749/tcp # Kerberos 5 admin/changepw (tcp)
-kerberos-adm 749/udp # Kerberos 5 admin/changepw (udp)
+kerberos-adm 749/tcp # Kerberos 5 admin/changepw (tcp)
+kerberos-adm 749/udp # Kerberos 5 admin/changepw (udp)
eklogin 2105/tcp # Kerberos encrypted rlogin
@end group
@end smallexample
des-cbc-md5 3 8 0 8
<reserved> 4
des3-cbc-md5 5 8 0 8
+<reserved> 6
+des3-cbc-sha1 7 8 0 8
<reserved> 0x8003
-------------------------------+-------------------+-------------
rsa-md4-des-k 6 16
rsa-md5 7 16
rsa-md5-des 8 24
-rsa-md5-des3 9 24
+<reserved> 9
+<reserved> 10
+nist-sha1 11 20
+hmac-sha1-des3 12 20
-------------------------------+-----------------
padata type |padata-type value
PA-CYBERSAFE-SECUREID 9
PA-AFS3-SALT 10
PA-ETYPE-INFO 11
+PAM-SAM-CHALLENGE 12
+PAM-SAM-RESPONSE 13
-------------------------------+-------------
authorization data type |ad-type value
KDC_ERR_PREAUTH_FAILED 24 Pre-authentication information was invalid
KDC_ERR_PREAUTH_REQUIRED 25 Additional pre-authentication required*
KDC_ERR_SERVER_NOMATCH 26 Requested server and ticket don't match
+KDC_ERR_MUST_USE_USER2USER 27 Server principal valid for user2user only
KRB_AP_ERR_BAD_INTEGRITY 31 Integrity check on decrypted field failed
KRB_AP_ERR_TKT_EXPIRED 32 Ticket expired
KRB_AP_ERR_TKT_NYV 33 Ticket not yet valid
+Mon Nov 25 19:42:53 1996 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in: Comment out distclean and realclean so no one will
+ be tempted to use them. [PR 222]
+
+Fri Nov 22 23:51:07 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * Makefile.in: All changes for the Macintosh port. Translate '%'
+ characters in Macfile.tmpl to '/' characters. Include the
+ mac/SAP directory in the kerbsrc.mac.tar tarball. Rename
+ the kerbsrc.tar tarball to kerbsrc.mac.tar, so that the
+ target name in the Makefile matches the taget which is
+ actually generated. Use mac/mkbindirs.sh to build the
+ binary hierarchy for the Macintosh build process.
+
+Wed Nov 20 13:28:00 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * Makefile.in (awk-windows-mac): Copy gssapi.hin to gssapi.h to
+ make Win16 build work.
+
Thu Nov 7 23:55:02 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
* aclocal.m4 (LinkFileDir, LinkFile): AC_REQUIRE the AC_LN_S macro
mostlyclean: clean
-distclean: clean
- rm -f Makefile config.status
-
-realclean: distclean
- rm -f TAGS
+# This doesn't work; if you think you need it, you should use a
+# separate build directory.
+#
+# distclean: clean
+# rm -f Makefile config.status
+#
+# realclean: distclean
+# rm -f TAGS
dist: $(DISTFILES)
echo cpio-`sed -e '/version_string/!d' \
WINFILES= windows/* windows/cns/* windows/wintel/* windows/gss/*
MACFILES= mac/* mac/kconfig/* mac/libraries/* mac/telnet-k5-auth/* \
- mac/gss-sample/* config/* include/* include/krb5/* \
+ mac/gss-sample/* mac/SAP/* config/* include/* include/krb5/* \
include/krb5/asn.1/* include/krb5/stock/* include/sys/* \
./patchlevel.h
include/adm_err.h include/profile.h include/krb5.h \
include/krb5/osconf.h \
lib/gssapi/generic/gssapi_err_generic.[ch] \
- lib/gssapi/krb5/gssapi_err_krb5.[ch] winfile.list macfile.list
+ lib/gssapi/krb5/gssapi_err_krb5.[ch] winfile.list macfile.list \
+ lib/gssapi/generic/gssapi.h
kerbsrc.win: kerbsrc.zip
-e 's/^/:bin:PPC:/' macsrcsk5` >> Macfile
echo INCLUDES = `sed -n -e 's/\(.*:\)[^:]*\.h$$/-i \1/p' macfile.maclist | sort -u` >> Macfile
echo "" >> Macfile
- tr '/:\\' ':\304\266'< mac/Makefile.tmpl >> Macfile
+ tr '%/:\\' '/:\304\266'< mac/Makefile.tmpl >> Macfile
+
+mac-bin-dirs:
+ rm -rf bin
+ mkdir bin bin/68K bin/CFM-68K bin/PPC
+ sh mac/mkbindirs.sh bin/68K $(MAC_SUBDIRS)
+ sh mac/mkbindirs.sh bin/CFM-68K $(MAC_SUBDIRS)
+ sh mac/mkbindirs.sh bin/PPC $(MAC_SUBDIRS)
-kerbsrc.mac: awk-windows-mac macfile.list Macfile
+kerbsrc.mac.tar: awk-windows-mac macfile.list Macfile
cp mac/libraries/autoconf.h include/autoconf.h
mv Macfile Makefile
- tar cvf kerbsrc.tar Makefile include/autoconf.h `cat macfile.list`
+ tar cvf kerbsrc.mac.tar Makefile include/autoconf.h bin \
+ `cat macfile.list`
rm -f $(CLEANUP)
+ rm -rf bin
rm -f include/autoconf.h Makefile macsrc* macfile.maclist
mv Makefile.sav Makefile
cat $(PR)/profile.hin $(PR)prof_err.h > $(PR)profile.h
cp $(PR)profile.h include/profile.h
cp $(INC)/krb5/stock/osconf.h $(INC)/krb5
+ cp $(GG)gssapi.hin $(GG)gssapi.h
+Sun Nov 24 23:35:22 1996 Ezra Peisach <epeisach@mit.edu>
+
+ * login.c (try_afscall): Change to take pointer to function
+ instead of only calling setpag(). [krb5-appl/190]
+
+Fri Nov 22 15:46:46 1996 unknown <bjaspan@mit.edu>
+
+ * kcmd.c (kcmd): use sizeof instead of h_length to determine
+ number of bytes of addr to copy from DNS response [krb5-misc/211]
+
Thu Nov 14 14:30:28 1996 Barry Jaspan <bjaspan@mit.edu>
* krcp.c: don't print our own error message if kcmd returns -1 (it
return (-1);
}
sin.sin_family = hp->h_addrtype;
- memcpy((caddr_t)&sin.sin_addr,hp->h_addr, hp->h_length);
+ memcpy((caddr_t)&sin.sin_addr,hp->h_addr, sizeof(sin.sin_addr));
sin.sin_port = rport;
if (connect(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0)
break;
perror(0);
hp->h_addr_list++;
memcpy((caddr_t)&sin.sin_addr,hp->h_addr_list[0],
- hp->h_length);
+ sizeof(sin.sin_addr));
fprintf(stderr, "Trying %s...\n",
inet_ntoa(sin.sin_addr));
continue;
siglongjmp(setpag_buf, 1);
}
-static int try_afscall ()
+static int try_afscall (scall)
+ int (*scall)();
{
handler sa, osa;
volatile int retval = 0;
handler_init (sa, sigsys);
handler_swap (SIGSYS, sa, osa);
if (sigsetjmp(setpag_buf, 1) == 0) {
- setpag ();
+ (*scall)();
retval = 1;
}
handler_set (SIGSYS, osa);
+Fri Nov 22 15:48:02 1996 unknown <bjaspan@mit.edu>
+
+ * gss-client.c (connect_to_server): use sizeof instead of h_length
+ to determine number of bytes of addr to copy from DNS response
+ [krb5-misc/211]
+
Sun Oct 27 22:04:59 1996 Ezra Peisach <epeisach@mit.edu>
* configure.in: Add USE_GSSAPI_LIBRARY
}
saddr.sin_family = hp->h_addrtype;
- memcpy((char *)&saddr.sin_addr, hp->h_addr, hp->h_length);
+ memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
saddr.sin_port = htons(port);
if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+Fri Nov 22 15:48:19 1996 unknown <bjaspan@mit.edu>
+
+ * ftp.c (hookup): use sizeof instead of h_length to determine
+ number of bytes of addr to copy from DNS response [krb5-misc/211]
+
Fri Sep 27 16:05:09 1996 Tom Yu <tlyu@mit.edu>
* cmds.c (setpeer): Apply jik's fix so "-n" actually works as
}
hisctladdr.sin_family = hp->h_addrtype;
memcpy((caddr_t)&hisctladdr.sin_addr, hp->h_addr_list[0],
- hp->h_length);
+ sizeof(hisctladdr.sin_addr));
(void) strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf));
}
hostname = hostnamebuf;
perror((char *) 0);
hp->h_addr_list++;
memcpy((caddr_t)&hisctladdr.sin_addr,
- hp->h_addr_list[0], hp->h_length);
+ hp->h_addr_list[0],
+ sizeof(hisctladdr.sin_addr));
fprintf(stdout, "Trying %s...\n",
inet_ntoa(hisctladdr.sin_addr));
(void) close(s);
+++ /dev/null
-# $Source$
-# $Author$
-# $Id$
-#
-# Copyright 1991 by the Massachusetts Institute of Technology.
-# All Rights Reserved.
-#
-# Export of this software from the United States of America may
-# require a specific license from the United States Government.
-# It is the responsibility of any person or organization contemplating
-# export to obtain such a license before exporting.
-#
-# WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
-# distribute this software and its documentation for any purpose and
-# without fee is hereby granted, provided that the above copyright
-# notice appear in all copies and that both that copyright notice and
-# this permission notice appear in supporting documentation, and that
-# the name of M.I.T. not be used in advertising or publicity pertaining
-# to distribution of the software without specific, written prior
-# permission. M.I.T. makes no representations about the suitability of
-# this software for any purpose. It is provided "as is" without express
-# or implied warranty.
-#
-#
-
-# Options are:
-# BIND43 - If you are using BSD 4.3 domain
-# name service.
-# DEBUG - Include the debugging code. Note: You
-# still have to use the -d or -t flag to
-# enable debugging.
-# HAVE_VSPRINTF - If the vsprintf functions are
-# available
-# on your system.
-# SYSLOG42 - For BSD 4.2 syslog (default is BSD 4.3
-# syslog).
-# STRNCASECMP - If you do not have strncasecmp()
-# KERBEROS - If you want authentication vis Kerberos
-# (tom)
-# KERBEROS_PASSWD_HACK - Use popper as passwd server
-# NOSTATUS - Don't create a Mail(1)-like
-# Status: header
-
-#if defined(OS_BSD_RENO) || defined(OS_Ultrix) || defined(OS_SunOS4) || defined(OS_BSD)
-BINDDEF=-DBIND43
-#else
-/* assume it's not there; not really critical since we are using Kerberos to
- beef up the normal IP-address checking stuff */
-BINDDEF=
-#endif
-
-#if 0
-
-/* Zephyr stuff not needed yet, since spop isn't done yet. */
-DEFINES = -DHAVE_VSPRINTF -DKERBEROS -DKRB5 -DNOSTATUS -DDEBUG $(BINDDEF) $(ZEPHDEFS)
-LOCAL_LIBRARIES = $(ZEPHLIBS) $(KLIB)
-DEP_LIBS= $(ZEPHDEPLIB) $(DEPKLIB)
-
-#else
-
-DEFINES = -DHAVE_VSPRINTF -DKERBEROS -DKRB5 -DNOSTATUS -DDEBUG $(BINDDEF)
-LOCAL_LIBRARIES = $(KLIB)
-DEP_LIBS= $(DEPKLIB)
-
-#endif
-OBJS = pop_dele.o pop_dropcopy.o pop_dropinfo.o \
- pop_get_command.o pop_get_subcommand.o pop_init.o \
- pop_last.o pop_list.o pop_log.o pop_lower.o \
- pop_msg.o pop_parse.o pop_pass.o pop_quit.o \
- pop_rset.o pop_send.o pop_stat.o pop_updt.o \
- pop_user.o pop_xtnd.o pop_xmit.o popper.o
-SRCS = pop_dele.c pop_dropcopy.c pop_dropinfo.c \
- pop_get_command.c pop_get_subcommand.c pop_init.c \
- pop_last.c pop_list.c pop_log.c pop_lower.c \
- pop_msg.c pop_parse.c pop_pass.c pop_quit.c \
- pop_rset.c pop_send.c pop_stat.c pop_updt.c \
- pop_user.c pop_xtnd.c pop_xmit.c popper.c $(SPOP_SRCS)
-#if 0
-SPOP_OBJS = pop_enter.o
-SPOP_SRCS = pop_enter.c
-#endif
-
-all:: popper
-
-NormalProgramTarget(popper,$(OBJS),$(DEP_LIBS),$(LOCAL_LIBRARIES),)
-Krb5InstallServerProgram(popper)
-
-#if 0
-NormalProgramTarget(spop,$(SPOP_OBJS),$(DEP_LIBS),$(LOCAL_LIBRARIES),)
-Krb5InstallServerProgram(spop)
-#endif
-
-DependTarget()
+Fri Nov 22 15:48:30 1996 unknown <bjaspan@mit.edu>
+
+ * sim_client.c (main): use sizeof instead of h_length to determine
+ number of bytes of addr to copy from DNS response [krb5-misc/211]
+
Thu Nov 7 15:26:10 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* sim_client.c (main): Check the error return from
/* Set server's address */
(void) memset((char *)&s_sock, 0, sizeof(s_sock));
- memcpy((char *)&s_sock.sin_addr, host->h_addr, host->h_length);
+ memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr));
#ifdef DEBUG
printf("s_sock.sin_addr is %s\n", inet_ntoa(s_sock.sin_addr));
#endif
fprintf(stderr, "%s: unknown host\n", hostname);
exit(1);
}
- memcpy((char *)&c_sock.sin_addr, host->h_addr, host->h_length);
+ memcpy((char *)&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr));
#endif
+Fri Nov 22 15:48:42 1996 unknown <bjaspan@mit.edu>
+
+ * sim_server.c (argv): use sizeof instead of h_length to determine
+ number of bytes of addr to copy from DNS response [krb5-misc/211]
+
Thu Nov 7 15:26:44 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* sim_server.c (argv): Check the error return from
fprintf(stderr, "%s: host unknown\n", full_hname);
exit(1);
}
- memcpy((char *)&s_sock.sin_addr, host->h_addr, host->h_length);
+ memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr));
/* Open socket */
if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+Tue Nov 26 20:41:31 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
+
+ * configure.in: Check for apra/inet.h
+
+ * commands.c: Remove explicit declaration of inet_addr, and
+ declare INADDR_NONE to be 0xffffffff again, but mask off the lower
+ 32 bits while doing the compare.
+
+Sat Nov 23 00:33:58 1996 Sam Hartman <hartmans@mit.edu>
+
+ * commands.c (tn): Patch from mycroft@mit.edu for Alpha NetBSD.
+ Comparing to -1 is not 64-bit clean.
+ [233]
+ (INADDR_NONE): Mycroft suggests using -1 not 0xffffffff if I have
+ to define it ourselves. [233]
+
+ Fri Nov 22 15:48:57 1996 unknown <bjaspan@mit.edu>
+
+ * commands.c (sourceroute): use sizeof instead of h_length to
+ determine number of bytes of addr to copy from DNS response
+ [krb5-misc/211]
+
Thu Nov 14 14:25:51 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* sys_bsd.c(intr): Added checks to intr_waiting and intr_happened
#endif /* defined(unix) */
#include <sys/socket.h>
#include <netinet/in.h>
+#ifdef HAVE_ARPA_INET_H
+#include <arpa/inet.h>
+#endif /* HAVE_ARPA_INET_H */
#ifdef CRAY
#include <fcntl.h>
#endif /* CRAY */
#ifndef MAXDNAME
#define MAXDNAME 256 /*per the rfc*/
#endif
+#ifndef INADDR_NONE
+#define INADDR_NONE 0xffffffff
+#endif
#if defined(IPPROTO_IP) && defined(IP_TOS)
int tos = -1;
}
#endif
-unsigned long inet_addr();
-
int
tn(argc, argv)
int argc;
} else {
#endif
temp = inet_addr(hostp);
- if (temp != (unsigned long) -1) {
+ if (temp & 0xffffffff != INADDR_NONE) {
sin.sin_addr.s_addr = temp;
sin.sin_family = AF_INET;
- (void) strcpy(_hostname, hostp);
+ (void) strcpy(_hostname, hostp);
hostname = _hostname;
} else {
host = gethostbyname(hostp);
sin.sin_family = host->h_addrtype;
#if defined(h_addr) /* In 4.3, this is a #define */
memcpy((caddr_t)&sin.sin_addr,
- host->h_addr_list[0], host->h_length);
+ host->h_addr_list[0], sizeof(sin.sin_addr));
#else /* defined(h_addr) */
- memcpy((caddr_t)&sin.sin_addr, host->h_addr, host->h_length);
+ memcpy((caddr_t)&sin.sin_addr, host->h_addr,
+ sizeof(sin.sin_addr));
#endif /* defined(h_addr) */
strncpy(_hostname, host->h_name, sizeof(_hostname));
_hostname[sizeof(_hostname)-1] = '\0';
perror((char *)0);
host->h_addr_list++;
memcpy((caddr_t)&sin.sin_addr,
- host->h_addr_list[0], host->h_length);
+ host->h_addr_list[0], sizeof(sin.sin_addr));
memcpy((caddr_t)&hostaddr,
- host->h_addr_list[0], host->h_length);
+ host->h_addr_list[0], sizeof(sin.sin_addr));
(void) NetClose(net);
continue;
}
} else if (host = gethostbyname(cp)) {
#if defined(h_addr)
memcpy((caddr_t)&sin_addr,
- host->h_addr_list[0], host->h_length);
+ host->h_addr_list[0], sizeof(sin_addr));
#else
- memcpy((caddr_t)&sin_addr, host->h_addr, host->h_length);
+ memcpy((caddr_t)&sin_addr, host->h_addr,
+ sizeof(sin_addr));
#endif
} else {
*cpp = cp;
AC_PROG_INSTALL
AC_VFORK
AC_CHECK_HEADERS(string.h arpa/nameser.h)
-AC_HAVE_HEADERS(unistd.h sys/select.h stdlib.h)
+AC_HAVE_HEADERS(unistd.h sys/select.h stdlib.h arpa/inet.h)
AC_CHECK_LIB(termcap,main,AC_DEFINE(TERMCAP)
LIBS="$LIBS -ltermcap",
AC_CHECK_LIB(curses,setupterm,LIBS="$LIBS -lcurses")
+Fri Nov 22 15:49:09 1996 unknown <bjaspan@mit.edu>
+
+ * client.c (argv): use sizeof instead of h_length to determine
+ number of bytes of addr to copy from DNS response [krb5-misc/211]
+
Thu Nov 7 15:36:15 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* client.c (argv):
fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname);
return 5;
}
- memcpy ((char *)&serv_net_addr.sin_addr, host->h_addr_list[i++], host->h_length);
+ memcpy ((char *)&serv_net_addr.sin_addr, host->h_addr_list[i++],
+ sizeof(serv_net_addr.sin_addr));
if (connect(s, (struct sockaddr *)&serv_net_addr, sizeof (serv_net_addr)) == 0)
break;
com_err ("uu-client", errno, "connecting to \"%s\" (%s).",
+Tue Nov 26 19:24:34 1996 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * kdc.conf: Fixed paths to use the GNU standard conventions.
+ [PR#246]
+
Thu Nov 14 23:08:37 1996 Tom Yu <tlyu@mit.edu>
* krb5.conf.M: Note change in default_keytab_name.
[realms]
ATHENA.MIT.EDU = {
- database_name = /usr/local/lib/krb5kdc/principal
- admin_keytab = FILE:/usr/local/lib/krb5kdc/kadm5.keytab
- acl_file = /usr/local/lib/krb5kdc/kadm5.acl
- key_stash_file = /usr/local/lib/krb5kdc/.k5stash
+ database_name = /usr/local/var/krb5kdc/principal
+ admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab
+ acl_file = /usr/local/var/krb5kdc/kadm5.acl
+ key_stash_file = /usr/local/var/krb5kdc/.k5.ATHENA.MIT.EDU
kdc_ports = 750,88
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
+Sat Nov 23 00:16:46 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * k5-int.h: Remove DES3 and SHA support, since what's there isn't
+ fully correct. [PR#231]
+
Wed Nov 13 14:28:08 1996 Tom Yu <tlyu@mit.edu>
* k5-int.h, krb5.hin: Revert kt_default_name changes.
#define PROVIDE_DES_CBC_CRC
#define PROVIDE_DES_CBC_RAW
#define PROVIDE_DES_CBC_CKSUM
-#define PROVIDE_DES3_CBC_SHA
-#define PROVIDE_DES3_CBC_RAW
+/* #define PROVIDE_DES3_CBC_SHA */
+/* #define PROVIDE_DES3_CBC_RAW */
#define PROVIDE_CRC32
#define PROVIDE_RSA_MD4
#define PROVIDE_RSA_MD5
-#define PROVIDE_NIST_SHA
+/* #define PROVIDE_NIST_SHA */
#ifndef _SIZE_T_DEFINED
typedef unsigned int size_t;
+Fri Nov 22 11:34:46 1996 Sam Hartman <hartmans@mit.edu>
+
+ * Makefile.in: Install krb_err.h [218]
+
Thu Oct 31 17:27:08 1996 Sam Hartman <hartmans@mit.edu>
* Makefile.in (install): Start installing headers again [36]
-KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h
+KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h \
+ krb_err.h
all::
+++ /dev/null
-/*
- * Copyright 1990,1991,1994,1995 by the Massachusetts Institute of Technology.
- * All Rights Reserved.
- *
- * Export of this software from the United States of America may
- * require a specific license from the United States Government.
- * It is the responsibility of any person or organization contemplating
- * export to obtain such a license before exporting.
- *
- * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
- * distribute this software and its documentation for any purpose and
- * without fee is hereby granted, provided that the above copyright
- * notice appear in all copies and that both that copyright notice and
- * this permission notice appear in supporting documentation, and that
- * the name of M.I.T. not be used in advertising or publicity pertaining
- * to distribution of the software without specific, written prior
- * permission. M.I.T. makes no representations about the suitability of
- * this software for any purpose. It is provided "as is" without express
- * or implied warranty.
- *
- * Configuration definition file.
- */
-
-
-#ifndef KRB5_CONFIG__
-#define KRB5_CONFIG__
-
-#ifdef _MSDOS
-/*
- * Machine-type definitions: PC Clone 386 running Microloss Windows
- */
-
-/* Kerberos Windows initialization file */
-#define KERBEROS_INI "kerberos.ini"
-#define INI_FILES "Files"
-#define INI_KRB_CCACHE "krb5cc" /* Location of the ccache */
-#define INI_KRB5_CONF "krb5.ini" /* Location of krb5.conf file */
-
-#define KRB5_DBM_COMPAT__ /* Don't load dbm.h */
-#define KRB5_KDB5__ /* Don't load kdb.h */
-#define KRB5_KDB5_DBM__ /* Don't load kdb_dbm.h */
-
-#define BITS16
-#define SIZEOF_INT 2
-#define SIZEOF_SHORT 2
-#define SIZEOF_LONG 4
-#define MAXHOSTNAMELEN 512
-#define MAXPATHLEN 256 /* Also for Windows temp files */
-
-#define KRB5_USE_INET
-#define MSDOS_FILESYSTEM
-#define USE_STRING_H
-#define HAVE_SRAND
-#define HAVE_ERRNO
-#define HAS_STRDUP
-#define NO_USERID
-#define NOFCHMOD
-#define NOCHMOD
-#define NO_PASSWORD
-#define WM_KERBEROS5_CHANGED "Kerberos5 Changed"
-
-#define HAS_ANSI_VOLATILE
-#define HAS_VOID_TYPE
-#define KRB5_PROVIDE_PROTOTYPES
-#define HAVE_STDARG_H
-#define HAVE_SYS_TYPES_H
-
-#ifndef _SIZE_T_DEFINED
-typedef unsigned int size_t;
-#define _SIZE_T_DEFINED
-#endif
-
-#ifndef KRB5_SYSTYPES__
-#define KRB5_SYSTYPES__
-#include <sys/types.h>
-typedef unsigned long u_long; /* Not part of sys/types.h on the pc */
-typedef unsigned int u_int;
-typedef unsigned short u_short;
-typedef unsigned char u_char;
-#endif /* KRB5_SYSTYPES__ */
-
-#ifndef INTERFACE
-#define INTERFACE __far __export __pascal
-#define INTERFACE_C __far __export __cdecl
-#endif
-
-/*
- * The following defines are needed to make <windows.h> work
- * in stdc mode (/Za flag). Winsock.h needs <windows.h>.
- */
-#define FAR _far
-#define NEAR _near
-#define _far __far
-#define _near __near
-#define _pascal __pascal
-#define _cdecl __cdecl
-#define _huge __huge
-
-#ifdef NEED_WINDOWS
-#include <windows.h>
-#endif
-
-#ifdef NEED_LOWLEVEL_IO
-/* Ugly. Microsoft, in stdc mode, doesn't support the low-level i/o
- * routines directly. Rather, they only export the _<function> version.
- * The following defines works around this problem.
- */
-#include <sys\types.h>
-#include <sys\stat.h>
-#include <fcntl.h>
-#include <io.h>
-#include <process.h>
-#define O_RDONLY _O_RDONLY
-#define O_WRONLY _O_WRONLY
-#define O_RDWR _O_RDWR
-#define O_APPEND _O_APPEND
-#define O_CREAT _O_CREAT
-#define O_TRUNC _O_TRUNC
-#define O_EXCL _O_EXCL
-#define O_TEXT _O_TEXT
-#define O_BINARY _O_BINARY
-#define O_NOINHERIT _O_NOINHERIT
-#define stat _stat
-#define unlink _unlink
-#define lseek _lseek
-#define write _write
-#define open _open
-#define close _close
-#define read _read
-#define fstat _fstat
-#define mktemp _mktemp
-#define dup _dup
-
-#define getpid _getpid
-#endif
-
-#ifdef NEED_SYSERROR
-/* Only needed by util/et/error_message.c but let's keep the source clean */
-#define sys_nerr _sys_nerr
-#define sys_errlist _sys_errlist
-#endif
-
-/* XXX these should be parameterized soon... */
-#define PROVIDE_DES_CBC_MD5
-#define PROVIDE_DES_CBC_CRC
-#define PROVIDE_RAW_DES_CBC
-#define PROVIDE_CRC32
-#define PROVIDE_DES_CBC_CKSUM
-#define PROVIDE_RSA_MD4
-#define PROVIDE_RSA_MD5
-#define DEFAULT_PWD_STRING1 "Enter password:"
-#define DEFAULT_PWD_STRING2 "Re-enter password for verification:"
-
-/* Functions with slightly different names on the PC
-*/
-#define strcasecmp _stricmp
-#define strdup _strdup
-#define off_t _off_t
-
-#else /* Rest of include file is for non-Microloss-Windows */
-
-#if defined(_MACINTOSH)
-#include <stddef.h>
-
-typedef struct {
- int dummy;
-} datum;
-
-#include <stddef.h>
-
-#ifdef NEED_LOWLEVEL_IO
-#include <fcntl.h>
-#endif
-
-#ifndef _MWERKS
-/* there is no <stat.h> for mpw */
-typedef unsigned long mode_t;
-typedef unsigned long ino_t;
-typedef unsigned long dev_t;
-typedef short nlink_t;
-typedef unsigned long uid_t;
-typedef unsigned long gid_t;
-typedef long off_t;
-struct stat
-{
- mode_t st_mode; /* File mode; see #define's below */
- ino_t st_ino; /* File serial number */
- dev_t st_dev; /* ID of device containing this file */
- nlink_t st_nlink; /* Number of links */
- uid_t st_uid; /* User ID of the file's owner */
- gid_t st_gid; /* Group ID of the file's group */
- dev_t st_rdev; /* Device type */
- off_t st_size; /* File size in bytes */
- unsigned long st_atime; /* Time of last access */
- unsigned long st_mtime; /* Time of last data modification */
- unsigned long st_ctime; /* Time of last file status change */
- long st_blksize; /* Optimal blocksize */
- long st_blocks; /* blocks allocated for file */
-};
-
-int stat(const char *path, struct stat *buf);
-int fstat(int fildes, struct stat *buf);
-
-#endif /* _MWERKS */
-
-#define EFBIG 1000
-
-#define NOFCHMOD 1
-#define NOCHMOD 1
-#define _MACSOCKAPI_
-
-#define THREEPARAMOPEN(x,y,z) open(x,y)
-#define MAXPATHLEN 255
-
-/* protocol families same as address families */
-#define PF_INET AF_INET
-
-/* XXX these should be parameterized soon... */
-#define PROVIDE_DES_CBC_MD5
-#define PROVIDE_DES_CBC_CRC
-#define PROVIDE_RAW_DES_CBC
-#define PROVIDE_CRC32
-#define PROVIDE_DES_CBC_CKSUM
-#define PROVIDE_RSA_MD4
-#define PROVIDE_RSA_MD5
-
-#else /* _MACINTOSH */
-#define THREEPARAMOPEN(x,y,z) open(x,y,z)
-#endif /* _MACINTOSH */
-
-#ifndef KRB5_AUTOCONF__
-#define KRB5_AUTOCONF__
-#include "autoconf.h"
-#endif
-
-#ifndef KRB5_SYSTYPES__
-#define KRB5_SYSTYPES__
-
-#ifdef HAVE_SYS_TYPES_H /* From autoconf.h */
-#include <sys/types.h>
-#else /* HAVE_SYS_TYPES_H */
-typedef unsigned long u_long;
-typedef unsigned int u_int;
-typedef unsigned short u_short;
-typedef unsigned char u_char;
-#endif /* HAVE_SYS_TYPES_H */
-#endif /* KRB5_SYSTYPES__ */
-
-#ifdef SYSV
-/* Change srandom and random to use rand and srand */
-/* Taken from the Sandia changes. XXX We should really just include */
-/* srandom and random into Kerberos release, since rand() is a really */
-/* bad random number generator.... [tytso:19920616.2231EDT] */
-#define random() rand()
-#define srandom(a) srand(a)
-#ifndef unicos61
-#define utimes(a,b) utime(a,b)
-#endif /* unicos61 */
-#endif /* SYSV */
-
-/* XXX these should be parameterized soon... */
-#define PROVIDE_DES_CBC_MD5
-#define PROVIDE_DES_CBC_CRC
-#define PROVIDE_RAW_DES_CBC
-#define PROVIDE_CRC32
-#define PROVIDE_DES_CBC_CKSUM
-#define PROVIDE_RSA_MD4
-#define PROVIDE_RSA_MD5
-
-#define DEFAULT_PWD_STRING1 "Enter password:"
-#define DEFAULT_PWD_STRING2 "Re-enter password for verification:"
-
-#define KRB5_KDB_MAX_LIFE (60*60*24) /* one day */
-#define KRB5_KDB_MAX_RLIFE (60*60*24*7) /* one week */
-#define KRB5_KDB_EXPIRATION 2145830400 /* Thu Jan 1 00:00:00 2038 UTC */
-
-/*
- * For paranoid DOE types that don't want to give helpful error
- * messages to the client....er, attacker
- */
-#undef KRBCONF_VAGUE_ERRORS
-
-/*
- * Define this if you want the KDC to modify the Kerberos database;
- * this allows the last request information to be updated, as well as
- * the failure count information.
- *
- * Note that this doesn't work if you're using slave servers!!! It
- * also causes the database to be modified (and thus need to be
- * locked) frequently.
- */
-#undef KRBCONF_KDC_MODIFIES_KDB
-
-/*
- * Windows requires a different api interface to each function. Here
- * just define it as NULL.
- */
-#define INTERFACE
-#define INTERFACE_C
-#define FAR
-#define NEAR
-#ifndef O_BINARY
-#define O_BINARY 0
-#endif
-
-#ifndef HAS_LABS
-#define labs(x) abs(x)
-#endif
-
-#endif /* _MSDOS */
-#endif /* KRB5_CONFIG__ */
+Fri Nov 22 15:49:35 1996 unknown <bjaspan@mit.edu>
+
+ * kadm_ser_wrap.c (kadm_ser_init): use sizeof instead of h_length
+ to determine number of bytes of addr to copy from DNS response
+ [krb5-misc/211]
+
Thu Jun 13 22:09:02 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu>
* configure.in: remove ref to ET_RULES
if ((hp = gethostbyname(hostname)) == NULL)
return KADM_NO_HOSTNAME;
memcpy((char *) &server_parm.admin_addr.sin_addr.s_addr, hp->h_addr,
- hp->h_length);
+ sizeof(server_parm.admin_addr.sin_addr.s_addr));
server_parm.admin_addr.sin_port = sep->s_port;
/* setting up the database */
mkey_name = KRB5_KDB_M_NAME;
+Wed Nov 27 13:50:03 1996 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * configure.in: Link against kdb5 explicitly on all systems except
+ BSD systems, due to hairy shared library issues. [PR#257]
+ n.b., this is only a short-term fix for the 1.0 release.
+ The correct long-term fix is to not require kadm5 clients
+ to need to link against libkdb5 at all.
+
+Fri Nov 22 18:42:02 1996 Sam Hartman <hartmans@planet-zorp.MIT.EDU>
+
+ * configure.in: Do not link against kdb5 because this causes
+ NetBSD getpwuid to fail. [228]
+
+ * kpasswd.c (kpasswd): Remove cast from uid_t to int. [228]
+
+Wed Nov 20 16:00:49 1996 Barry Jaspan <bjaspan@mit.edu>
+
+ * unit-test/Makefile.in (unit-test-): warn more loudly about unrun
+ tests
+
Wed Nov 13 19:23:15 1996 Tom Yu <tlyu@mit.edu>
* unit-test/Makefile.in (clean): Remove logfiles.
USE_KADMCLNT_LIBRARY
USE_GSSAPI_LIBRARY
USE_GSSRPC_LIBRARY
-USE_KDB5_LIBRARY
USE_DYN_LIBRARY
+
+dnl
+dnl The following is a kludge to get around a shared library problem
+dnl for NetBSD and Linux. We have to include -lkdb5 under Linux, and
+dnl we can't include -lkdb5 under NetBSD, due to various breakages in
+dnl each system's shared library implementation
+dnl
+AC_MSG_CHECKING([for build host])
+AC_CACHE_VAL(krb5_cv_host, [export CC
+AC_CANONICAL_HOST
+krb5_cv_host=$host])
+AC_MSG_RESULT($krb5_cv_host)
+case $krb5_cv_host in
+*-*-*bsd*)
+ echo "Skipping USE KDB5 LIBRARY on BSD to avoid libdb incompatibilites"
+ ;;
+*)
+ USE_KDB5_LIBRARY
+ ;;
+esac
+
KRB5_LIBRARIES
V5_USE_SHARED_LIB
V5_AC_OUTPUT_MAKEFILE
/* if either krb5_cc failed check the passwd file */
if (code != 0) {
- pw = getpwuid((int) getuid());
+ pw = getpwuid( getuid());
if (pw == NULL) {
com_err(whoami, 0, string_text(KPW_STR_NOT_IN_PASSWD_FILE));
return(MISC_EXIT_STATUS);
check unit-test:: unit-test-@DO_TEST@
unit-test-:
- @echo "The kpasswd tests require Perl, Tcl, and runtest"
- @echo "No tests run here"
+ @echo "+++"
+ @echo "+++ WARNING: kpasswd unit tests not run."
+ @echo "+++ Either tcl, runtest, or Perl is unavailable."
+ @echo "+++"
unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup
+Tue Nov 19 16:48:50 1996 Barry Jaspan <bjaspan@mit.edu>
+
+ * ovsec_kadmd.c: don't syslog \n's
+
Wed Nov 13 14:29:34 1996 Tom Yu <tlyu@mit.edu>
* ovsec_kadmd.c (main): Note that krb5_defkeyname is an internal
if (ret = kadm5_get_config_params(context, NULL, NULL, ¶ms,
¶ms)) {
- krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting\n",
+ krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting",
whoami, error_message(ret));
fprintf(stderr, "%s: %s while initializing, aborting\n",
whoami, error_message(ret));
if ((params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) {
krb5_klog_syslog(LOG_ERR, "%s: Missing required configuration values "
- "while initializing, aborting\n", whoami,
+ "while initializing, aborting", whoami,
(params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS);
fprintf(stderr, "%s: Missing required configuration values "
"(%x) while initializing, aborting\n", whoami,
krb5_klog_syslog(LOG_NOTICE, "Authentication attempt failed: %s, GSS-API "
"error strings are:", a);
log_badauth_display_status(" ", major, minor);
- krb5_klog_syslog(LOG_NOTICE, " GSS-API error strings complete.\n");
+ krb5_klog_syslog(LOG_NOTICE, " GSS-API error strings complete.");
}
void log_badauth_display_status(char *msg, OM_uint32 major, OM_uint32 minor)
GSS_C_MECH_CODE, 1);
} else
krb5_klog_syslog(LOG_ERR, "GSS-API authentication error %s: "
- "recursive failure!\n", msg);
+ "recursive failure!", msg);
return;
}
- krb5_klog_syslog(LOG_NOTICE, "%s %s\n", m, (char *)msg.value);
+ krb5_klog_syslog(LOG_NOTICE, "%s %s", m, (char *)msg.value);
(void) gss_release_buffer(&minor_stat, &msg);
if (!msg_ctx)
+Fri Nov 22 15:49:27 1996 unknown <bjaspan@mit.edu>
+
+ * kadm_ser_wrap.c (endif ): use sizeof instead of h_length to
+ determine number of bytes of addr to copy from DNS response
+ [krb5-misc/211]
+
Wed Nov 13 19:24:00 1996 Tom Yu <tlyu@mit.edu>
* Makefile.in (clean): Remove kadm_err.h and kadm_err.c.
if ((hp = gethostbyname(hostname)) == NULL)
return KADM_NO_HOSTNAME;
memcpy((char *) &server_parm.admin_addr.sin_addr.s_addr, hp->h_addr,
- hp->h_length);
+ sizeof(server_parm.admin_addr.sin_addr.s_addr));
server_parm.admin_addr.sin_port = sep->s_port;
/* setting up the database */
mkey_name = KRB5_KDB_M_NAME;
+Sat Nov 23 17:26:22 1996 Mark Eichin <eichin@kitten.gen.ma.us>
+
+ * [krb5-libs/149] only generate requests that you can actually
+ handle.
+
+ Tue Sep 3 22:53:56 1996 Mark Eichin <eichin@cygnus.com>
+
+ * kdc_preauth.c (get_preauth_hint_list): detect ap->get_edata
+ return status and don't pass back hint if it failed.
+ (get_etype_info): malloc one more word in entry for end marker.
+
+Wed Nov 20 11:25:05 1996 Barry Jaspan <bjaspan@mit.edu>
+
+ * main.c (initialize_realms): krb5_aprof_init can succeed while
+ leaving aprof == NULL, but krb5_aprof_finish will fail. This is
+ just more grossness that needs to be redone when the kdc.conf
+ interface is reworked.
+
Thu Nov 7 12:27:21 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* kdc_preauth.c (check_padata): Fixed error handling; in order for
memset(*pa, 0, sizeof(krb5_pa_data));
(*pa)->magic = KV5M_PA_DATA;
(*pa)->pa_type = ap->type;
- if (ap->get_edata)
- (ap->get_edata)(kdc_context, request, client, server, *pa);
+ if (ap->get_edata) {
+ retval = (ap->get_edata)(kdc_context, request, client, server, *pa);
+ if (retval) {
+ /* just failed on this type, continue */
+ free(*pa);
+ *pa = 0;
+ continue;
+ }
+ }
pa++;
}
retval = encode_krb5_padata_sequence((const krb5_pa_data **) pa_data,
salt.data = 0;
- entry = malloc((client->n_key_data * 2) * sizeof(krb5_etype_info_entry *));
+ entry = malloc((client->n_key_data * 2 + 1) * sizeof(krb5_etype_info_entry *));
if (entry == NULL)
return ENOMEM;
entry[0] = NULL;
hierarchy[2] = (char *) NULL;
if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_ports))
default_ports = 0;
- krb5_aprof_finish(aprof);
+ /* aprof_init can return 0 with aprof == NULL */
+ if (aprof)
+ krb5_aprof_finish(aprof);
}
if (default_ports == 0)
default_ports = strdup(DEFAULT_KDC_PORTLIST);
+Sat Nov 23 00:25:25 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * libkrb5.def: Renamed to krb5_16.def [PR#204]
+
+ * Makefile.in (all-windows): Change name of dll from krb5_16.dll,
+ which will be the final name of the DLL. [PR#204]
+
+Wed Nov 20 18:28:47 1996 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * Makefile.in (clean-windows): Change the name of the Windows (16)
+ dll to be krb516.dll, instead of libkrb5.dll
+
Fri Jul 12 20:32:29 1996 Theodore Y. Ts'o <tytso@mit.edu>
* win_glue.c: Added TIMEBOMB_INFO string which tells the user the
$(RM) $(CLEANLIBS)
clean-windows::
- $(RM) libkrb5.dll libkrb5.lib libkrb5.bak libkrb5.map winsock.lib
+ $(RM) krb5_16.dll krb5_16.lib krb5_16.bak krb5_16.map winsock.lib
$(RM) gssapi.dll gssapi.lib gssapi.bak gssapi.map
#
-# Windows stuff to make libkrb5.dll and libkrb5.lib. Currently it
+# Windows stuff to make krb5_16.dll and krb5_16.lib. Currently it
# combines crypto, krb5, kadm and the util/et directories.
#
ALIB = kadm\kadm.lib
WLIB = .\winsock.lib
LIBS = $(ALIB) $(CLIB) $(KLIB) $(GLIB) $(ETLIB) $(PLIB) $(WLIB)
-lib-windows: winsock.lib libkrb5.lib gssapi.lib
+lib-windows: winsock.lib krb5_16.lib gssapi.lib
gssapi.lib:: gssapi.dll
implib /nologo gssapi.lib gssapi.dll
$(LIBS) ldllcew libw oldnames, gssapi.def
rc /nologo /p /k gssapi.dll
-libkrb5.lib:: libkrb5.dll
- implib /nologo libkrb5.lib libkrb5.dll
+krb5_16.lib:: krb5_16.dll
+ implib /nologo krb5_16.lib krb5_16.dll
-libkrb5.dll:: $(LIBS) libkrb5.def win_glue.obj
- link /co /seg:400 /noe /nod /nol win_glue, libkrb5.dll, libkrb5.map, \
- $(LIBS) ldllcew libw oldnames, libkrb5.def
- rc /nologo /p /k libkrb5.dll
+krb5_16.dll:: $(LIBS) krb5_16.def win_glue.obj
+ link /co /seg:400 /noe /nod /nol win_glue, krb5_16.dll, krb5_16.map, \
+ $(LIBS) ldllcew libw oldnames, krb5_16.def
+ rc /nologo /p /k krb5_16.dll
sap_glue.obj: win_glue.c
$(CC) $(CFLAGS) -DSAP_TIMEBOMB -I$(VERS_DIR) /c \
@echo Making in lib
cd ..
-all-windows:: libkrb5.lib gssapi.lib
+all-windows:: krb5_16.lib gssapi.lib
clean-windows::
@echo Making clean in lib\crypto
+Sat Nov 23 00:22:20 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * cryptoconf.c: Also zero out the entries in cryptoconf, to make
+ sure no one tries to use triple DES and SHA.
+
+Fri Nov 22 20:49:13 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * configure.in (enableval): Disable triple DES and SHA, since
+ what's there isn't the final triple DES. [PR#231]
+
+Mon Nov 18 20:38:24 1996 Ezra Peisach <epeisach@mit.edu>
+ [krb5-libs/201]
+ * configure.in: Set shared library version to 1.0.
+
Thu Jun 6 00:04:38 1996 Theodore Y. Ts'o <tytso@mit.edu>
* Makefile.in (all-windows): Don't pass $(LIBCMD) on the command
else
AC_MSG_RESULT(Disabling DES_CBC_MD5)
fi
-AC_ARG_ENABLE([des3-cbc-sha],
-[ --enable-des3-cbc-sha enable DES3_CBC_SHA (DEFAULT).
- --disable-des3-cbc-sha disable DES3_CBC_SHA.],
-,
-enableval=yes)dnl
-if test "$enableval" = yes; then
- AC_MSG_RESULT(Enabling DES3_CBC_SHA)
- AC_DEFINE(PROVIDE_DES3_CBC_SHA)
-else
- AC_MSG_RESULT(Disabling DES3_CBC_SHA)
-fi
+dnl AC_ARG_ENABLE([des3-cbc-sha],
+dnl [ --enable-des3-cbc-sha enable DES3_CBC_SHA (DEFAULT).
+dnl --disable-des3-cbc-sha disable DES3_CBC_SHA.],
+dnl ,
+dnl enableval=yes)dnl
+dnl if test "$enableval" = yes; then
+dnl AC_MSG_RESULT(Enabling DES3_CBC_SHA)
+dnl AC_DEFINE(PROVIDE_DES3_CBC_SHA)
+dnl else
+dnl AC_MSG_RESULT(Disabling DES3_CBC_SHA)
+dnl fi
AC_ARG_WITH([des-cbc-crc],
[ --enable-des-cbc-crc enable DES_CBC_CRC (DEFAULT).
--disable-des-cbc-crc disable DES_CBC_CRC.],
else
AC_MSG_RESULT(Disabling DES_CBC_RAW)
fi
-AC_ARG_WITH([des3-cbc-raw],
-[ --enable-des3-cbc-raw enable DES3_CBC_RAW (DEFAULT).
- --disable-des3-cbc-raw disable DES3_CBC_RAW.],
-,
-enableval=yes)dnl
-if test "$enableval" = yes; then
- AC_MSG_RESULT(Enabling DES3_CBC_RAW)
- AC_DEFINE(PROVIDE_DES3_CBC_RAW)
-else
- AC_MSG_RESULT(Disabling DES3_CBC_RAW)
-fi
+dnl AC_ARG_WITH([des3-cbc-raw],
+dnl [ --enable-des3-cbc-raw enable DES3_CBC_RAW (DEFAULT).
+dnl --disable-des3-cbc-raw disable DES3_CBC_RAW.],
+dnl ,
+dnl enableval=yes)dnl
+dnl if test "$enableval" = yes; then
+dnl AC_MSG_RESULT(Enabling DES3_CBC_RAW)
+dnl AC_DEFINE(PROVIDE_DES3_CBC_RAW)
+dnl else
+dnl AC_MSG_RESULT(Disabling DES3_CBC_RAW)
+dnl fi
AC_ARG_WITH([des-cbc-cksum],
[ --enable-des-cbc-cksum enable DES_CBC_CKSUM (DEFAULT).
--disable-des-cbc-cksum disable DES_CBC_CKSUM.],
else
AC_MSG_RESULT(Disabling RSA_MD5)
fi
-AC_ARG_WITH([nist-sha],
-[ --enable-nist-sha enable NIST_SHA (DEFAULT).
- --disable-nist-sha disable NIST_SHA.],
-,
-enableval=yes)dnl
-if test "$enableval" = yes; then
- AC_MSG_RESULT(Enabling NIST_SHA)
- AC_DEFINE(PROVIDE_NIST_SHA)
-else
- AC_MSG_RESULT(Disabling NIST_SHA)
-fi
+dnl AC_ARG_WITH([nist-sha],
+dnl [ --enable-nist-sha enable NIST_SHA (DEFAULT).
+dnl --disable-nist-sha disable NIST_SHA.],
+dnl ,
+dnl enableval=yes)dnl
+dnl if test "$enableval" = yes; then
+dnl AC_MSG_RESULT(Enabling NIST_SHA)
+dnl AC_DEFINE(PROVIDE_NIST_SHA)
+dnl else
+dnl AC_MSG_RESULT(Disabling NIST_SHA)
+dnl fi
V5_SHARED_LIB_OBJS
SubdirLibraryRule([${OBJS}])
DO_SUBDIRS
-V5_MAKE_SHARED_LIB(libcrypto,0.1,.., ./crypto)
+V5_MAKE_SHARED_LIB(libcrypto,1.0,.., ./crypto)
V5_AC_OUTPUT_MAKEFILE
#ifdef PROVIDE_NIST_SHA
#include "shs.h"
-#define SHA_CKENTRY &nist_sha_cksumtable_entry
-#define HMAC_SHA_CKENTRY &hmac_sha_cksumtable_entry
+/* #define SHA_CKENTRY &nist_sha_cksumtable_entry */
+/* #define HMAC_SHA_CKENTRY &hmac_sha_cksumtable_entry */
+#define SHA_CKENTRY 0
+#define HMAC_SHA_CKENTRY 0
#else
#define SHA_CKENTRY 0
#define HMAC_SHA_CKENTRY 0
#include "des_int.h"
#define _DES_DONE__
#endif
-#define DES3_CBC_SHA_CSENTRY &krb5_des3_sha_cst_entry
+/* Don't try to enable triple DES unless you know what you are doing; */
+/* the current implementation of triple DES is NOT the final and */
+/* correct implementation.!!! */
+/* #define DES3_CBC_SHA_CSENTRY &krb5_des3_sha_cst_entry */
+#define DES3_CBC_SHA_CSENTRY 0
#else
#define DES3_CBC_SHA_CSENTRY 0
#endif
#include "des_int.h"
#define _DES_DONE__
#endif
-#define DES3_CBC_RAW_CSENTRY &krb5_des3_raw_cst_entry
+/* #define DES3_CBC_RAW_CSENTRY &krb5_des3_raw_cst_entry */
+#define DES3_CBC_RAW_CSENTRY 0
#else
#define DES3_CBC_RAW_CSENTRY 0
#endif
+Mon Nov 18 20:39:02 1996 Ezra Peisach <epeisach@mit.edu>
+
+ * configure.in: Set shared library version to 1.0. [krb5-libs/201]
+
Wed Aug 7 12:50:36 1996 Ezra Peisach <epeisach@mit.edu>
* new_rnd_key.c (des_set_sequence_number): Change cast to
KRB5_SH_VERS=$krb5_cv_shlib_version_libkrb5
AC_SUBST(KRB5_SH_VERS)
KRB5_RUN_FLAGS
-V5_MAKE_SHARED_LIB(libdes425,0.1,.., ./des425)
+V5_MAKE_SHARED_LIB(libdes425,1.0,.., ./des425)
V5_AC_OUTPUT_MAKEFILE
+Mon Nov 18 20:39:41 1996 Ezra Peisach <epeisach@mit.edu>
+
+ * configure.in: Set shared library version to 1.0. [krb5-libs/201]
+
Tue Jul 23 22:50:22 1996 Theodore Y. Ts'o <tytso@mit.edu>
* Makefile.in (MAC_SUBDIRS): Remove mechglue from the list of
AC_PROG_RANLIB
AC_PROG_INSTALL
DO_SUBDIRS
-V5_MAKE_SHARED_LIB(libgssapi_krb5,0.1,.., ./gssapi)
+V5_MAKE_SHARED_LIB(libgssapi_krb5,1.0,.., ./gssapi)
CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto
AC_SUBST(CRYPTO_SH_VERS)
COMERR_SH_VERS=$krb5_cv_shlib_version_libcom_err
+Wed Nov 20 13:59:58 1996 Ezra Peisach <epeisach@mit.edu>
+
+ * Makefile.in (install): Install gssapi.h from the build tree.
+
+Tue Nov 19 16:43:16 1996 Tom Yu <tlyu@mit.edu>
+
+ * Makefile.in (gssapi.h): grep USE_.*_H out from autoconf.h as
+ well (some stuff was depending on USE_STRING_H).
+
Mon Nov 18 12:38:34 1996 Tom Yu <tlyu@mit.edu>
*gssapi.h: Renamed to gssapi.hin.
echo "/* It contains some choice pieces of autoconf.h */" >> $@
grep SIZEOF $(BUILDTOP)/include/krb5/autoconf.h >> $@
grep 'HAVE_.*_H' $(BUILDTOP)/include/krb5/autoconf.h >> $@
+ grep 'USE_.*_H' $(BUILDTOP)/include/krb5/autoconf.h >> $@
echo "/* End of gssapi.h prologue. */"
cat $(srcdir)/gssapi.hin >> $@
$(OBJS): $(HDRS) $(ETHDRS)
-EXPORTED_HEADERS= gssapi.h gssapi_generic.h
+EXPORTED_HEADERS= gssapi_generic.h
+EXPORTED_BUILT_HEADERS= gssapi.h
all-unix:: shared $(SRCS) $(ETHDRS) $(OBJS)
do $(INSTALL_DATA) $(srcdir)/$$f \
$(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \
done
+ @set -x; for f in $(EXPORTED_BUILT_HEADERS) ; \
+ do $(INSTALL_DATA) $$f \
+ $(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \
+ done
depend:: $(ETSRCS)
+Wed Nov 20 19:55:29 1996 Marc Horowitz <marc@cygnus.com>
+
+ * init_sec_context.c (make_ap_rep, krb5_gss_init_sec_context),
+ accept_sec_context.c (krb5_gss_accept_sec_context): fix up use of
+ gss flags. under some circumstances, the context would not have
+ checked for replay or sequencing, even if those features were
+ requested.
+
+ * init_sec_context.c (make_ap_req), (krb5_gss_init_sec_context):
+ If delegation is requested, but forwarding the credentials fails,
+ instead of aborting the context setup, just don't forward
+ credentials.
+
+ * gssapiP_krb5.h (krb5_gss_ctx_id_t), ser_sctx.c
+ (kg_ctx_externalize, kg_ctx_internalize), init_sec_context.c
+ (krb5_gss_init_sec_context), get_tkt_flags.c
+ (gss_krb5_get_tkt_flags), accept_sec_context.c
+ (krb5_gss_accept_sec_context): rename ctx->flags to
+ ctx->krb_flags, to disambiguate it from ctx->gss_flags
+
+ * accept_sec_context.c (krb5_gss_accept_sec_context): If the subkey
+ isn't present in the authenticator, then use the session key
+ instead.
+
Sat Oct 19 00:38:22 1996 Theodore Y. Ts'o <tytso@mit.edu>
* ser_sctx.c (kg_oid_externalize, kg_oid_internalize,
ctx->mech_used = mech_used;
ctx->auth_context = auth_context;
ctx->initiate = 0;
- ctx->gss_flags = GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG |
- (gss_flags & (GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG));
+ ctx->gss_flags = KG_IMPLFLAGS(gss_flags);
ctx->seed_init = 0;
ctx->big_endian = bigend;
return(GSS_S_FAILURE);
}
+ /* use the session key if the subkey isn't present */
+
+ if (ctx->subkey == NULL) {
+ if ((code = krb5_auth_con_getkey(context, auth_context,
+ &ctx->subkey))) {
+ krb5_free_principal(context, ctx->there);
+ krb5_free_principal(context, ctx->here);
+ xfree(ctx);
+ *minor_status = code;
+ return(GSS_S_FAILURE);
+ }
+ }
+
+ if (ctx->subkey == NULL) {
+ krb5_free_principal(context, ctx->there);
+ krb5_free_principal(context, ctx->here);
+ xfree(ctx);
+ /* this isn't a very good error, but it's not clear to me this
+ can actually happen */
+ *minor_status = KRB5KDC_ERR_NULL_KEY;
+ return(GSS_S_FAILURE);
+ }
+
switch(ctx->subkey->enctype) {
case ENCTYPE_DES_CBC_MD5:
case ENCTYPE_DES_CBC_CRC:
}
ctx->endtime = ticket->enc_part2->times.endtime;
- ctx->flags = ticket->enc_part2->flags;
+ ctx->krb_flags = ticket->enc_part2->flags;
krb5_free_ticket(context, ticket); /* Done with ticket */
}
g_order_init(&(ctx->seqstate), ctx->seq_recv,
- (gss_flags & GSS_C_REPLAY_FLAG) != 0,
- (gss_flags & GSS_C_SEQUENCE_FLAG) != 0);
+ (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
+ (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0);
/* at this point, the entire context structure is filled in,
so it can be released. */
*time_rec = ctx->endtime - now;
if (ret_flags)
- *ret_flags = KG_IMPLFLAGS(gss_flags);
+ *ret_flags = ctx->gss_flags;
ctx->established = 1;
}
if (ticket_flags)
- *ticket_flags = ctx->flags;
+ *ticket_flags = ctx->krb_flags;
*minor_status = 0;
return(GSS_S_COMPLETE);
krb5_gss_enc_desc enc;
krb5_gss_enc_desc seq;
krb5_timestamp endtime;
- krb5_flags flags;
+ krb5_flags krb_flags;
krb5_int32 seq_send;
krb5_int32 seq_recv;
void *seqstate;
static krb5_error_code
make_ap_req(context, auth_context, cred, server, endtime, chan_bindings,
- req_flags, flags, mech_type, token)
+ req_flags, krb_flags, mech_type, token)
krb5_context context;
krb5_auth_context * auth_context;
krb5_gss_cred_id_t cred;
krb5_principal server;
krb5_timestamp *endtime;
gss_channel_bindings_t chan_bindings;
- OM_uint32 req_flags;
- krb5_flags *flags;
+ OM_uint32 *req_flags;
+ krb5_flags *krb_flags;
gss_OID mech_type;
gss_buffer_t token;
{
/* build the checksum field */
- if(*flags && GSS_C_DELEG_FLAG) {
-
+ if (*req_flags & GSS_C_DELEG_FLAG) {
/* first get KRB_CRED message, so we know its length */
/* clear the time check flag that was set in krb5_auth_con_init() */
krb5_auth_con_setflags(context, *auth_context,
con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME);
- if ((code = krb5_fwd_tgt_creds(context, *auth_context, 0,
+ code = krb5_fwd_tgt_creds(context, *auth_context, 0,
cred->princ, server, cred->ccache, 1,
- &credmsg)))
- return(code);
+ &credmsg);
/* turn KRB5_AUTH_CONTEXT_DO_TIME back on */
krb5_auth_con_setflags(context, *auth_context, con_flags);
- if(credmsg.length+28 > KRB5_INT16_MAX) {
- krb5_xfree(credmsg.data);
- return(KRB5KRB_ERR_FIELD_TOOLONG);
- }
+ if (code) {
+ /* don't fail here; just don't accept/do the delegation
+ request */
+ *req_flags &= ~GSS_C_DELEG_FLAG;
- checksum_data.length = 28+credmsg.length;
+ checksum_data.length = 24;
+ } else {
+ if (credmsg.length+28 > KRB5_INT16_MAX) {
+ krb5_xfree(credmsg.data);
+ return(KRB5KRB_ERR_FIELD_TOOLONG);
+ }
+
+ checksum_data.length = 28+credmsg.length;
+ }
} else {
checksum_data.length = 24;
}
TWRITE_INT(ptr, md5.length, 0);
TWRITE_STR(ptr, (unsigned char *) md5.contents, md5.length);
- TWRITE_INT(ptr, KG_IMPLFLAGS(req_flags), 0);
+ TWRITE_INT(ptr, *req_flags, 0);
/* done with this, free it */
xfree(md5.contents);
mk_req_flags = AP_OPTS_USE_SUBKEY;
- if (req_flags & GSS_C_MUTUAL_FLAG)
+ if (*req_flags & GSS_C_MUTUAL_FLAG)
mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED;
if ((code = krb5_mk_req_extended(context, auth_context, mk_req_flags,
/* store the interesting stuff from creds and authent */
*endtime = out_creds->times.endtime;
- *flags = out_creds->ticket_flags;
+ *krb_flags = out_creds->ticket_flags;
/* build up the token */
err = 0;
if (mech_type == GSS_C_NULL_OID) {
- mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old;
- } else if (g_OID_equal(mech_type, gss_mech_krb5)) {
- if (!cred->rfc_mech)
- err = 1;
- } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) {
- if (!cred->prerfc_mech)
- err = 1;
- } else
- err = 1;
+ mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old;
+ } else if (g_OID_equal(mech_type, gss_mech_krb5)) {
+ if (!cred->rfc_mech)
+ err = 1;
+ } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) {
+ if (!cred->prerfc_mech)
+ err = 1;
+ } else
+ err = 1;
if (err) {
*minor_status = 0;
ctx->mech_used = mech_type;
ctx->auth_context = NULL;
ctx->initiate = 1;
- ctx->gss_flags = ((req_flags & (GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG)) |
- GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG);
- ctx->flags = req_flags & GSS_C_DELEG_FLAG;
+ ctx->gss_flags = KG_IMPLFLAGS(req_flags);
ctx->seed_init = 0;
ctx->big_endian = 0; /* all initiators do little-endian, as per spec */
ctx->seqstate = 0;
if ((code = make_ap_req(context, &(ctx->auth_context), cred,
ctx->there, &ctx->endtime, input_chan_bindings,
- req_flags, &ctx->flags, mech_type, &token))) {
+ &ctx->gss_flags, &ctx->krb_flags, mech_type,
+ &token))) {
krb5_free_principal(context, ctx->here);
krb5_free_principal(context, ctx->there);
xfree(ctx);
*output_token = token;
if (ret_flags)
- *ret_flags = KG_IMPLFLAGS(req_flags);
+ *ret_flags = ctx->gss_flags;
if (actual_mech_type)
*actual_mech_type = mech_type;
} else {
ctx->seq_recv = ctx->seq_send;
g_order_init(&(ctx->seqstate), ctx->seq_recv,
- (req_flags & GSS_C_REPLAY_FLAG) != 0,
- (req_flags & GSS_C_SEQUENCE_FLAG) != 0);
+ (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
+ (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0);
ctx->established = 1;
/* fall through to GSS_S_COMPLETE */
}
if ((ctx->established) ||
(((gss_cred_id_t) cred) != claimant_cred_handle) ||
- ((req_flags & GSS_C_MUTUAL_FLAG) == 0)) {
+ ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) {
(void)krb5_gss_delete_sec_context(minor_status,
context_handle, NULL);
/* XXX this minor status is wrong if an arg was changed */
/* store away the sequence number */
ctx->seq_recv = ap_rep_data->seq_number;
g_order_init(&(ctx->seqstate), ctx->seq_recv,
- (req_flags & GSS_C_REPLAY_FLAG) != 0,
- (req_flags & GSS_C_SEQUENCE_FLAG) !=0);
+ (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0,
+ (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0);
/* free the ap_rep_data */
krb5_free_ap_rep_enc_part(context, ap_rep_data);
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) ctx->endtime,
&bp, &remain);
- (void) krb5_ser_pack_int32((krb5_int32) ctx->flags,
+ (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags,
&bp, &remain);
(void) krb5_ser_pack_int32((krb5_int32) ctx->seq_send,
&bp, &remain);
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
ctx->endtime = (krb5_timestamp) ibuf;
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
- ctx->flags = (krb5_flags) ibuf;
+ ctx->krb_flags = (krb5_flags) ibuf;
(void) krb5_ser_unpack_int32(&ctx->seq_send, &bp, &remain);
(void) krb5_ser_unpack_int32(&ctx->seq_recv, &bp, &remain);
(void) krb5_ser_unpack_int32(&ibuf, &bp, &remain);
+Mon Nov 18 20:43:54 1996 Ezra Peisach <epeisach@mit.edu>
+
+ * configure.in: Shared library version number to 1.0. [krb5-libs/201]
+
Wed Jun 12 00:50:32 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* Makefile.in: Remove include of config/windows.in; that's done
*-*-aix*) # don't build libgssapi.a on AIX
;;
*)
- V5_MAKE_SHARED_LIB(libgssapi,0.1,.., ./mechglue)
+ V5_MAKE_SHARED_LIB(libgssapi,1.0,.., ./mechglue)
AppendRule([install:: libgssapi.[$](LIBEXT)
[$](INSTALL_DATA) libgssapi.[$](LIBEXT) [$](DESTDIR)[$](KRB5_LIBDIR)[$](S)libgssapi.[$](LIBEXT)])
LinkFileDir([$](TOPLIBD)/libgssapi.[$](LIBEXT),libgssapi.[$](LIBEXT),./gssapi/mechglue)
+Tue Nov 26 03:04:04 1996 Sam Hartman <hartmans@mit.edu>
+
+ * server_acl.c (acl_load_acl_file): Fix coredump by allowing
+ catchall_entry to be null, but do not reference it if it is.
+ Thanks to marc. [242]
+
+Mon Nov 25 17:53:20 1996 Barry Jaspan <bjaspan@mit.edu>
+
+ * server_acl.c: set acl_catchall_entry to "" instead of NULL,
+ since it is presumed to contain something, but we don't want any
+ default entry [krb5-admin/237]
+
Wed Nov 13 19:20:36 1996 Tom Yu <tlyu@mit.edu>
* Makefile.in (clean-unix): Remove shared/*.
}
else {
com_err(acl_acl_file, errno, acl_cantopen_msg);
- if (acl_list_head = acl_parse_line(acl_catchall_entry)) {
+ if (acl_catchall_entry &&
+ (acl_list_head = acl_parse_line(acl_catchall_entry))) {
acl_list_tail = acl_list_head;
}
else {
+Wed Nov 20 15:59:34 1996 Barry Jaspan <bjaspan@mit.edu>
+
+ * Makefile.in (check-): warn more loudly about unrun tests
+
Mon Nov 11 20:51:27 1996 Tom Yu <tlyu@mit.edu>
* configure.in: Add AC_CANONICAL_HOST to deal with new pre.in.
check:: check-@DO_TEST@
check-::
- @echo "Either tcl, runtest, or Perl is unavailable. Kadm5 unit tests not run"
+ @echo "+++"
+ @echo "+++ WARNING: lib/kadm5 unit tests not run."
+ @echo "+++ Either tcl, runtest, or Perl is unavailable."
+ @echo "+++"
check-ok unit-test:: unit-test-client unit-test-server
+Mon Nov 18 20:40:12 1996 Ezra Peisach <epeisach@mit.edu>
+
+ * configure.in: Set shared library version to 1.0. [krb5-libs/201]
+
Tue Nov 12 23:41:55 1996 Mark Eichin <eichin@cygnus.com>
* kdb_dbm.c: Ditch DB_OPENCLOSE conditionals, and fix the real
V5_USE_SHARED_LIB
KRB5_LIBRARIES
V5_SHARED_LIB_OBJS
-V5_MAKE_SHARED_LIB(libkdb5,0.1,.., ./kdb)
+V5_MAKE_SHARED_LIB(libkdb5,1.0,.., ./kdb)
AppendRule([all-unix:: ../libkdb5.a])
KRB5_SH_VERS=$krb5_cv_shlib_version_libkrb5
AC_SUBST(KRB5_SH_VERS)
+Mon Nov 18 20:40:39 1996 Ezra Peisach <epeisach@mit.edu>
+
+ * configure.in: Set shared library version to 1.0. [krb5-libs/201]
+
Thu Nov 7 12:33:06 1996 Theodore Y. Ts'o <tytso@mit.edu>
* g_in_tkt.c:
AC_PROG_AWK
V5_SHARED_LIB_OBJS
SubdirLibraryRule([$(OBJS)])
-V5_MAKE_SHARED_LIB(libkrb4,0.1,.., ./krb4)
+V5_MAKE_SHARED_LIB(libkrb4,1.0,.., ./krb4)
CopyHeader(krb_err.h,$(EHDRDIR))
CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto
AC_SUBST(CRYPTO_SH_VERS)
+Mon Nov 18 20:42:39 1996 Ezra Peisach <epeisach@mit.edu>
+
+ * configure.in: Set shared library version to 1.0. [krb5-libs/201]
+
Wed Oct 23 01:15:40 1996 Theodore Y. Ts'o <tytso@mit.edu>
* configure.in, Makefile.in: Check to see if the -lgen library
AC_CHECK_LIB(gen,compile,SHLIB_GEN=-lgen,SHLIB_GEN='')
AC_SUBST(SHLIB_GEN)
dnl
-V5_MAKE_SHARED_LIB(libkrb5,0.1,.., ./krb5)
+V5_MAKE_SHARED_LIB(libkrb5,1.0,.., ./krb5)
CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto
AC_SUBST(CRYPTO_SH_VERS)
COMERR_SH_VERS=$krb5_cv_shlib_version_libcom_err
+Tue Nov 19 17:06:26 1996 Barry Jaspan <bjaspan@mit.edu>
+
+ * krb5_err.et: add KRB5_KT_KVNONOTFOUND [krb5-libs/198]
+
Wed Nov 6 11:15:32 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* krb5_err.et: Make the KRB5_CONFIG_CANTOPEN and
error_code KRB5_SAM_UNSUPPORTED, "Bad SAM flags in obtain_sam_padata"
error_code KRB5_KT_NAME_TOOLONG, "Keytab name too long"
+error_code KRB5_KT_KVNONOTFOUND, "Key version number for principal in key table is incorrect"
end
+Tue Nov 19 17:06:59 1996 Barry Jaspan <bjaspan@mit.edu>
+
+ * ktf_g_ent.c (krb5_ktfile_get_entry): return KRB5_KT_KVNONOTFOUND
+ when appropriate [krb5-libs/198]
+
Wed Jul 24 17:10:11 1996 Theodore Y. Ts'o <tytso@mit.edu>
* ktf_g_name.c (krb5_ktfile_get_name): Use the error code
{
krb5_keytab_entry cur_entry, new_entry;
krb5_error_code kerror = 0;
+ int found_wrong_kvno = 0;
/* Open the keyfile for reading */
if ((kerror = krb5_ktfileint_openr(context, id)))
krb5_kt_free_entry(context, &cur_entry);
cur_entry = new_entry;
break;
- }
+ } else
+ found_wrong_kvno++;
}
} else {
krb5_kt_free_entry(context, &new_entry);
}
}
- if (kerror == KRB5_KT_END)
- kerror = cur_entry.principal ? 0 : KRB5_KT_NOTFOUND;
+ if (kerror == KRB5_KT_END) {
+ if (cur_entry.principal)
+ kerror = 0;
+ else if (found_wrong_kvno)
+ kerror = KRB5_KT_KVNONOTFOUND;
+ else
+ kerror = KRB5_KT_NOTFOUND;
+ }
if (kerror) {
(void) krb5_ktfileint_close(context, id);
krb5_kt_free_entry(context, &cur_entry);
+Thu Nov 21 13:54:01 1996 Ezra Peisach <epeisach@mit.edu>
+
+ * recvauth.c (krb5_recvauth): If there is an error, and the server
+ argument to krb5_recvauth is NULL, create a dummy server
+ entry for the krb5_error structure so that krb5_mk_error
+ will not die with missing required fields. [krb5-libs/209]
+
Wed Nov 13 14:30:47 1996 Tom Yu <tlyu@mit.edu>
* init_ctx.c: Revert previous kt_default_name changes.
krb5_rcache rcache = 0;
krb5_octet response;
krb5_data null_server;
+ int need_error_free = 0;
/*
* Zero out problem variable. If problem is set at the end of
memset((char *)&error, 0, sizeof(error));
krb5_us_timeofday(context, &error.stime, &error.susec);
- error.server = server;
+ if(server)
+ error.server = server;
+ else {
+ /* If this fails - ie. ENOMEM we are hosed
+ we cannot even send the error if we wanted to... */
+ (void) krb5_parse_name(context, "????", &error.server);
+ need_error_free = 1;
+ }
error.error = problem - ERROR_TABLE_BASE_krb5;
if (error.error > 127)
goto cleanup;
}
free(error.text.data);
+ if(need_error_free)
+ krb5_free_principal(context, error.server);
+
} else {
outbuf.length = 0;
outbuf.data = 0;
+Fri Nov 22 15:50:42 1996 unknown <bjaspan@mit.edu>
+
+ * get_myaddress.c (get_myaddress): use krb5_os_localaddr instead
+ of ioctl() to get local IP addresses [krb5-libs/227]
+
+ * clnt_generic.c, clnt_simple.c, getrpcport.c: use sizeof instead
+ of h_length to determine number of bytes of addr to copy from DNS
+ response [krb5-misc/211]
+
+Fri Nov 22 11:49:43 1996 Sam Hartman <hartmans@mit.edu>
+
+ * types.hin: Include stdlib.h if found at config time [203]
+
+ * configure.in: Substitute STDLIB_INCLUDE into types.h. [203]
+
Tue Nov 12 16:27:27 1996 Barry Jaspan <bjaspan@mit.edu>
* auth_gssapi.c (auth_gssapi_create): handle channel bindings
sin.sin_family = h->h_addrtype;
sin.sin_port = 0;
memset(sin.sin_zero, 0, sizeof(sin.sin_zero));
- memmove((char*)&sin.sin_addr, h->h_addr, h->h_length);
+ memmove((char*)&sin.sin_addr, h->h_addr, sizeof(sin.sin_addr));
p = getprotobyname(proto);
if (p == NULL) {
rpc_createerr.cf_stat = RPC_UNKNOWNPROTO;
return ((int) RPC_UNKNOWNHOST);
timeout.tv_usec = 0;
timeout.tv_sec = 5;
- memmove((char *)&server_addr.sin_addr, hp->h_addr, hp->h_length);
+ memmove((char *)&server_addr.sin_addr, hp->h_addr,
+ sizeof(server_addr.sin_addr));
server_addr.sin_family = AF_INET;
server_addr.sin_port = 0;
if ((crp->client = clntudp_create(&server_addr, (rpc_u_int32)prognum,
AC_PROG_ARCHIVE_ADD
AC_PROG_RANLIB
AC_PROG_INSTALL
-
+dnl Arrange for types.hin to include stdlib.h
+AC_CHECK_HEADER(stdlib.h, [
+ STDLIB_INCLUDE="#include <stdlib.h>"],
+ [STDLIB_INCLUDE=""])
+AC_SUBST(STDLIB_INCLUDE) dnl
### Check where struct rpcent is declared.
#
# This is necessary to determine:
* Copyright (C) 1984, Sun Microsystems, Inc.
*/
+#ifdef GSSAPI_KRB5
+#include <rpc/types.h>
+#include <rpc/pmap_prot.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <krb5.h>
+/*
+ * don't use gethostbyname, which would invoke yellow pages
+ */
+get_myaddress(addr)
+ struct sockaddr_in *addr;
+{
+ krb5_address **addrs, **a;
+ int ret;
+
+ /* Hack! krb5_os_localaddr does not use the context arg! */
+ if (ret = krb5_os_localaddr(NULL, &addrs)) {
+ com_err("get_myaddress", ret, "calling krb5_os_localaddr");
+ exit(1);
+ }
+ a = addrs;
+ while (*a) {
+ if ((*a)->addrtype == ADDRTYPE_INET) {
+ memset(addr, 0, sizeof(*addr));
+ addr->sin_family = AF_INET;
+ addr->sin_port = htons(PMAPPORT);
+ memcpy(&addr->sin_addr, (*a)->contents, sizeof(addr->sin_addr));
+ break;
+ }
+ a++;
+ }
+ if (*a == NULL) {
+ com_err("get_myaddress", 0, "no local AF_INET address");
+ exit(1);
+ }
+ /* Hack! krb5_free_addresses does not use the context arg! */
+ krb5_free_addresses(NULL, addrs);
+}
+
+#else /* !GSSAPI_KRB5 */
#include <rpc/types.h>
#include <rpc/pmap_prot.h>
#include <sys/socket.h>
}
(void) close(s);
}
+#endif /* !GSSAPI_KRB5 */
if ((hp = gethostbyname(host)) == NULL)
return (0);
- memmove((char *) &addr.sin_addr, hp->h_addr, hp->h_length);
+ memmove((char *) &addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr));
addr.sin_family = AF_INET;
addr.sin_port = 0;
return (pmap_getport(&addr, prognum, versnum, proto));
# define NULL 0
#endif
-#if defined(__osf__)
-#include <stdlib.h>
-#endif
+@STDLIB_INCLUDE@
#define mem_alloc(bsize) (char *) malloc(bsize)
#define mem_free(ptr, bsize) free(ptr)
+Wed Nov 20 16:00:21 1996 Barry Jaspan <bjaspan@mit.edu>
+
+ * Makefile.in (unit-test-): warn more loudly about unrun tests
+
Thu Nov 14 22:27:05 1996 Tom Yu <tlyu@mit.edu>
* server.c (main): Add declaration of optind for systems that
check unit-test:: unit-test-@DO_TEST@
unit-test-:
- @echo "The rpc tests require Perl, Tcl, and runtest"
- @echo "No tests run here"
+ @echo "+++"
+ @echo "+++ WARNING: lib/rpc unit tests not run."
+ @echo "+++ Either tcl, runtest, or Perl is unavailable."
+ @echo "+++"
unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup
+Fri Nov 22 07:54:57 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * Makefile.tmpl: Use '%' in Makefiles where you really want a '/'
+ character in the mpw Makefile. (Translation in
+ src/Makefile.in)
+
+ * version.r: Fix typos, and set version resource for 1.0 release.
+
Fri Nov 8 17:44:10 1996 Theodore Y. Ts'o <tytso@mit.edu>
* Makefile.tmpl: Add in version resource
KHCFM-68K = {KH}KerberosHeadersCFM-68K
KHPPC = {KH}KerberosHeadersPPC
-GSSRTLCFM68K = "{MW68KLibraries}ANSI (4i/8d) C.CFM68K.Lib" \
+GSSRTLCFM68K = "{MW68KLibraries}ANSI (4i%8d) C.CFM68K.Lib" \
{MW68KLibraries}SIOUX.CFM68K.Lib \
{MW68KLibraries}InterfaceLib \
{MW68KLibraries}MWCFM68KRuntime.Lib \
- "{MW68KLibraries}MathLibCFM68K (4i/8d).Lib"
+ "{MW68KLibraries}MathLibCFM68K (4i%8d).Lib"
GSSRTLCFMPPC = "{MWPPCLibraries}ANSI C.PPC.Lib" \
{MWPPCLibraries}SIOUX.PPC.Lib {MWPPCLibraries}MWCRuntime.Lib \
-sym fullpath -map libgss.68K.MAP -o GSSLibrarySAP.68K \
{GSSRTLCFM68K} {GSSOBJS68KCFM-SAP} {GSSOBJS68KCFM}
Rez "/mac/SAP/GSSforSAP.r" -a -o GSSLibrarySAP.68K
- Rez "/mac/version.r" -a -o GSSLibrarySAP.68K
link-PPC-SAP :
MWLinkPPC -sharedlibrary -name GSSLibrary -m "" \
-sym fullpath -map libgss.PPC.MAP -o GSSLibrarySAP.PPC \
{GSSRTLCFMPPC} {GSSOBJSPPC-SAP} {GSSOBJSPPC}
Rez "/mac/SAP/GSSforSAP.r" -a -o GSSLibrarySAP.PPC
- Rez "/mac/version.r" -a -o GSSLibrarySAP.PPC
link-CFMFAT-SAP :
Duplicate -y GSSLibrarySAP.68K GSSLibSAP
+#ifdef mw_rez
+#include <SysTypes.r>
+#include <Types.r>
+#else
+#include "SysTypes.r"
#include "Types.r"
+#endif
+
+resource 'vers' (1) {
+ 0x01, 0x00, final, 0x00,
+ verUS,
+ "1.0",
+ "1.0(SAP), Copyright 1996 Massachusetts Institute of Technology"
+};
resource 'DITL' (135, nonpurgeable) {
{ /* array DITLarray: 2 elements */
+Fri Nov 22 15:51:55 1996 unknown <bjaspan@mit.edu>
+
+ * gss-client.c (connect_to_server): use sizeof instead of h_length
+ to determine number of bytes of addr to copy from DNS response
+ [krb5-misc/211]
+
+
Thu 26 12:00:00 1995 John Rivlin <jrivlin@fusion.com>
* Created GSS Sample program
}
saddr.sin_family = hp->h_addrtype;
- memcpy((char *)&saddr.sin_addr, hp->h_addr, hp->h_length);
+ memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
saddr.sin_port = htons(port);
if ((s = socket(AF_INET, SOCK_STREAM, 0)) == (SOCKET) -1) {
+Sat Nov 23 00:18:20 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * KerberosHeaders.h: Remove DES3 and SHA support for 1.0, since
+ what's there isn't the correct final algorithm. (They
+ will be re-added later.) [PR #231]
+
Tue Apr 30 14:53:54 1996 <tytso@rsts-11.mit.edu>
* KerberosHeaders.h: Removed PROVIDE_SNEFRU (shouldn't be there)
#define PROVIDE_DES_CBC_CRC
#define PROVIDE_DES_CBC_MD5
#define PROVIDE_DES_CBC_RAW
-#define PROVIDE_DES3_CBC_MD5
-#define PROVIDE_DES3_CBC_RAW
-
+/* #define PROVIDE_DES3_CBC_MD5 */
+/* #define PROVIDE_DES3_CBC_RAW */
+/* #define PROVIDE_NIST_SHA */
#define NO_SYS_TYPES_H
#define NO_SYS_STAT_H
--- /dev/null
+#!/bin/sh
+#
+# This shell script creates the Macintosh binary hierarchies.
+
+topbin=$1
+shift
+
+for DIR do
+ mkdir $topbin/$DIR
+ for SDIR in `sed -n -e 's/MAC_SUBDIRS.*=//p' $DIR/Makefile.in`; do
+ /bin/sh mac/mkbindirs.sh $topbin $DIR/$SDIR;
+ done
+done
+#ifdef mw_rez
#include <SysTypes.r>
#include <Types.r>
+#else
+#include "SysTypes.r"
+#include "Types.r"
+#endif
resource 'vers' (1) {
- 0x00, 0x07, beta, 0x01,
- verUS
- "Beta 7 Build 1",
- "Beta 7 Build 1, Copyright 1996 Massachusetts Institute of Technology"
+ 0x01, 0x00, final, 0x00,
+ verUS,
+ "1.0",
+ "1.0, Copyright 1996 Massachusetts Institute of Technology"
};
-#define KRB5_MAJOR_RELEASE BETA_7
+#define KRB5_MAJOR_RELEASE 1
#define KRB5_MINOR_RELEASE 0
+#define KRB5_PATCHLEVEL 0
+Fri Nov 22 15:52:07 1996 unknown <bjaspan@mit.edu>
+
+ * kprop.c (open_connection): use sizeof instead of h_length to
+ determine number of bytes of addr to copy from DNS response
+ [krb5-misc/211]
+
Thu Nov 7 15:18:01 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* kprop.c (main):
return(0);
}
sin.sin_family = hp->h_addrtype;
- memcpy((char *)&sin.sin_addr, hp->h_addr, hp->h_length);
+ memcpy((char *)&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr));
if(!port) {
sp = getservbyname(KPROP_SERVICE, "tcp");
if (sp == 0) {
+Wed Nov 20 16:01:34 1996 Barry Jaspan <bjaspan@mit.edu>
+
+ * Makefile.in (check-): warn more loudly about unrun tests
+
Mon Oct 7 15:46:47 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
* Makefile.in (HAVE_RUNTEST): Renamed from RUNTEST as
check:: check-$(HAVE_RUNTEST)
check-::
- @echo "Dejagnu is not installed on this system. No tests run."
+ @echo "+++"
+ @echo "+++ WARNING: tests/dejagnu tests not run."
+ @echo "+++ runtest is unavailable."
+ @echo "+++"
check-runtest:: t_inetd site.exp
$(HAVE_RUNTEST) --tool krb --srcdir $(srcdir) $(RUNTESTFLAGS)
+Mon Nov 25 14:23:06 1996 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * defualt.exp: Ezra's fix so that the dejagnu tests don't bomb out
+ if KRB5_KTNAME is set for some reason.
+
+Tue Nov 19 15:13:30 1996 Tom Yu <tlyu@mit.edu>
+
+ * default.exp (check_k5login): Check for principal
+ $env(USER)@$REALMNAME rather than simply $env(USER), so that
+ kuser_ok dtrt, hopefully.
+
Mon Nov 11 20:52:27 1996 Mark Eichin <eichin@cygnus.com>
* dejagnu: set env(TERM) dumb, find ktutil
proc check_k5login { testname } {
global env
+ global REALMNAME
if ![file exists ~/.k5login] {
return 1
set file [open ~/.k5login r]
while { [gets $file principal] != -1 } {
- if { $principal == $env(USER) } {
+ if { $principal == "$env(USER)@$REALMNAME" } {
close $file
return 1
}
global kadmind_pid
global kadmind_spawn_id
global tmppwd
+ global env
if ![setup_kerberos_db 0] {
return 0
# Give the kerberos daemon a few seconds to get set up.
sleep 2
+
+ #
+ # Save setting of KRB5_KTNAME. We do not want to override kdc.conf
+ # file during kadmind startup. (this is in case user has KRB5_KTNAME
+ # set before starting make check)
+ #
+ if [info exists env(KRB5_KTNAME)] {
+ set start_save_ktname $env(KRB5_KTNAME)
+ }
+ catch "unset env(KRB5_KTNAME)"
+
if ![file exists $kadmind_lfile] then {
catch [touch $kadmind_lfile]
sleep 1
if {$count >= $retry} {
fail "kadmin5 (starting)"
+ if [info exists start_save_ktname] {
+ set env(KRB5_KTNAME) $start_save_ktname
+ unset start_save_ktname
+ }
stop_kerberos_daemons
return 0
}
+ # Restore KRB5_KTNAME
+ if [info exists start_save_ktname] {
+ set env(KRB5_KTNAME) $start_save_ktname
+ unset start_save_ktname
+ }
+
switch -regexp [tail1 $kadmind_lfile] {
"cannot initialize network" {
fail "kadmind (network init)"
/* Set server's address */
(void) memset((char *)&s_sock, 0, sizeof(s_sock));
- memcpy((char *)&s_sock.sin_addr, host->h_addr, host->h_length);
+ memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr));
#ifdef DEBUG
printf("s_sock.sin_addr is %s\n", inet_ntoa(s_sock.sin_addr));
#endif
+Mon Nov 25 21:00:24 1996 Tom Yu <tlyu@mit.edu>
+
+ * mkrel: Add support for --srconly, --doconly, --nocheckout,
+ --repository, etc. They do the obvious things.
+
+Fri Nov 22 11:08:16 1996 Sam Hartman <hartmans@tertius.mit.edu>
+
+ * makeshlib.sh (VERSION): Fix SunOS shared libs [226]
+
Tue Nov 12 17:32:08 1996 Barry Jaspan <bjaspan@mit.edu>
* send-pr/send-pr.sh (MAIL_AGENT): change "[-x" to "[ -x"
+Mon Nov 25 16:20:35 1996 Sam Hartman <hartmans@mit.edu>
+
+ * Makefile.in (check): Remove install rule to fix pmake problem. [236]
+
Wed Sep 11 18:55:38 1996 Tom Yu <tlyu@mit.edu>
* Makefile.in (memmove.o): add -DMEMMOVE to compile as memmove
TMPDIR=$(TMPDIR) $(FCTSH) $(top_srcdir)/test/run.test
install::
- cp $(LIBDB) $(libdir)
- $(RANLIB) $(libdir)/$(LIBDB)
- cp $(top_srcdir)/include/db.h $(includedir)
- cp ../db-config.h $(includedir)
clean::
rm -f $(ALL_OBJS) $(LIBDB) \
+Mon Nov 18 20:37:19 1996 Ezra Peisach <epeisach@mit.edu>
+
+ * configure.in: Set shared library version to 1.0. [krb5-libs/201]
+
Wed Nov 13 19:19:08 1996 Tom Yu <tlyu@mit.edu>
* Makefile.in (clean-unix): Remove shared/*.
AC_HAVE_HEADERS(stdlib.h)
CopySrcHeader(com_err.h,$(BUILDTOP)/include)
V5_SHARED_LIB_OBJS
-V5_MAKE_SHARED_LIB(libcom_err,0.1,[$](TOPLIBD), ../util/et)
+V5_MAKE_SHARED_LIB(libcom_err,1.0,[$](TOPLIBD), ../util/et)
V5_AC_OUTPUT_MAKEFILE
optflags=""
if test "$HAVE_GCC"x = "x" ; then
- optflags="-h $library"
+ optflags=""
+ CC=ld
else
# XXX assumes that we're either using
# recent gld (binutils 2.7?) or else using native ld
- optflags="-Wl,-h -Wl,$library"
+ optflags=""
fi
echo ld -dp -assert pure-text $ldflags -o $library $optflags $FILES $libdirfl
- ld -dp -assert pure-text $ldflags -o $library $optflags $FILES $libdirfl
+ld -dp -assert pure-text $ldflags -o $library $optflags $FILES $libdirfl
stat=$?
;;
*-*-aix*)
#!/bin/sh
-: ${repository=/afs/athena.mit.edu/astaff/project/krbdev/.cvsroot}
-case $# in
-2);;
-*)
- echo "usage: $0 release-tag release-dir"
+repository=/afs/athena.mit.edu/astaff/project/krbdev/.cvsroot
+dodoc=t
+dosrc=t
+checkout=t
+while test $# -gt 2; do
+ case $1 in
+ --srconly)
+ dodoc=nil;;
+ --doconly)
+ dosrc=nil;;
+ --repository)
+ shift; repository=$1;;
+ --nocheckout)
+ checkout=nil;;
+ esac
+ shift
+done
+if test $# -lt 2; then
+ echo "usage: $0 [opts] release-tag release-dir"
exit 1
- ;;
-esac
+fi
reltag=$1
reldir=$2
fi
echo "Checking out krb5 with tag $reltag into directory $reldir..."
-(cd $reldir; cvs -q -d $repository export -r$reltag krb5)
+if test $checkout = t; then
+ (cd $reldir; cvs -q -d $repository export -r$reltag krb5)
+fi
-echo "Building autoconf..."
-(cd $reldir/src/util/autoconf
- M4=gm4 ./configure
- make)
+if test $dosrc = t; then
+ echo "Building autoconf..."
+ (cd $reldir/src/util/autoconf
+ M4=gm4 ./configure
+ make)
-echo "Creating configure scripts..."
-(cd $reldir/src; util/reconf)
+ echo "Creating configure scripts..."
+ (cd $reldir/src; util/reconf)
-echo "Cleaning src/util/autoconf..."
-(cd $reldir/src/util/autoconf; make distclean)
+ echo "Cleaning src/util/autoconf..."
+ (cd $reldir/src/util/autoconf; make distclean)
+fi
echo "Nuking unneeded files..."
find $reldir \( -name TODO -o -name todo -o -name .cvsignore \
-o -name BADSYMS -o -name .Sanitize \) -print \
| xargs rm -f
-echo "Building doc..."
-(cd $reldir/doc; make)
+if test $dodoc = t; then
+ echo "Building doc..."
+ (cd $reldir/doc; make)
+fi
echo "Generating tarfiles..."
-gtar --exclude $reldir/src/lib/crypto \
- --exclude $reldir/src/lib/des425 \
- -zcf ${reldir}.src.tar.gz $reldir
+if test $dosrc = t; then
+ gtar --exclude $reldir/src/lib/crypto \
+ --exclude $reldir/src/lib/des425 \
+ --exclude $reldir/doc \
+ -zcf ${reldir}.src.tar.gz $reldir
-gtar zcf ${reldir}.crypto.tar.gz \
- $reldir/src/lib/crypto \
- $reldir/src/lib/des425
+ gtar zcf ${reldir}.crypto.tar.gz \
+ $reldir/src/lib/crypto \
+ $reldir/src/lib/des425
+fi
-gtar zcf ${reldir}.doc.tar.gz $reldir/doc $reldir/README
+if test $dodoc = t; then
+ gtar zcf ${reldir}.doc.tar.gz $reldir/doc $reldir/README
+fi
ls -l ${reldir}.*.tar.gz
+Fri Nov 22 11:52:52 1996 Sam Hartman <hartmans@mit.edu>
+
+ * configure.in : Make sure time_t is define [203]
+ * update_wtmp.c (ptyint_update_wtmp): Use time_t for call to time(2). [203]
+
Fri Nov 15 08:33:54 1996 Ezra Peisach <epeisach@mit.edu>
* update_utmp.c (pty_update_utmp): Handle case where utmp uses
AC_SUBST(LOGINLIBS)
dnl
AC_TYPE_MODE_T
+AC_CHECK_TYPE(time_t, int)
AC_FUNC_CHECK(strsave,AC_DEFINE(HAS_STRSAVE))
AC_HAVE_FUNCS(getutent setreuid gettosbyname setsid ttyname line_push ptsname grantpt openpty logwtmp getutmpx)
AC_CHECK_HEADERS(unistd.h stdlib.h string.h utmpx.h utmp.h sys/filio.h sys/sockio.h sys/label.h sys/tty.h ttyent.h lastlog.h sys/select.h sys/ptyvar.h)
struct utmp ut;
struct stat statb;
int fd;
+ time_t uttime;
#ifdef HAVE_UPDWTMPX
struct utmpx utx;
#ifndef NO_UT_HOST
(void)strncpy(ut.ut_host, ent->ut_host, sizeof(ut.ut_host));
#endif
- (void)time(&ut.ut_time);
+ (void)time(&uttime);
+ ut.ut_time = uttime;
#if defined(HAVE_GETUTENT) && defined(USER_PROCESS)
if (ent->ut_name) {
if (!ut.ut_pid)
sed -e 's,@ADMIN_BINDIR@,$(ADMIN_BINDIR),g' $(srcdir)/install-sid.sh > install-sid
install:: all
- if [ -d $(prefix) ]; then true ; else mkdir $(prefix) ; fi
- if [ -d $(ADMIN_BINDIR) ]; then true ; else mkdir $(ADMIN_BINDIR) ; fi
- cp send-pr $(ADMIN_BINDIR)/$(sendprname)
- chmod 755 $(ADMIN_BINDIR)/$(sendprname)
- cp install-sid $(ADMIN_BINDIR)
- chmod 755 $(ADMIN_BINDIR)/install-sid
- if [ -d $(datadir) ] ; then true ; else mkdir $(datadir) ; fi
- if [ -d $(datadir)/gnats ] ; then true ; else mkdir $(datadir)/gnats ; fi
- cp $(srcdir)/categories $(datadir)/gnats/mit
- chmod 644 $(datadir)/gnats/mit
- -parent=`echo $(man1dir)|sed -e 's@/[^/]*$$@@'`; \
+ if [ -d $(DESTDIR)$(prefix) ]; then true ; else mkdir $(DESTDIR)$(prefix) ; fi
+ if [ -d $(DESTDIR)$(ADMIN_BINDIR) ]; then true ; else mkdir $(DESTDIR)$(ADMIN_BINDIR) ; fi
+ cp send-pr $(DESTDIR)$(ADMIN_BINDIR)/$(sendprname)
+ chmod 755 $(DESTDIR)$(ADMIN_BINDIR)/$(sendprname)
+ cp install-sid $(DESTDIR)$(ADMIN_BINDIR)
+ chmod 755 $(DESTDIR)$(ADMIN_BINDIR)/install-sid
+ if [ -d $(DESTDIR)$(datadir) ] ; then true ; else mkdir $(DESTDIR)$(datadir) ; fi
+ if [ -d $(DESTDIR)$(datadir)/gnats ] ; then true ; else mkdir $(DESTDIR)$(datadir)/gnats ; fi
+ cp $(srcdir)/categories $(DESTDIR)$(datadir)/gnats/mit
+ chmod 644 $(DESTDIR)$(datadir)/gnats/mit
+ -parent=`echo $(DESTDIR)$(man1dir)|sed -e 's@/[^/]*$$@@'`; \
if [ -d $$parent ] ; then true ; else mkdir $$parent ; fi
- if [ -d $(man1dir) ] ; then true ; else mkdir $(man1dir) ; fi
- cp $(srcdir)/send-pr.1 $(man1dir)/$(sendprname).1
- chmod 644 $(man1dir)/$(sendprname).1
+ if [ -d $(DESTDIR)$(man1dir) ] ; then true ; else mkdir $(DESTDIR)$(man1dir) ; fi
+ cp $(srcdir)/send-pr.1 $(DESTDIR)$(man1dir)/$(sendprname).1
+ chmod 644 $(DESTDIR)$(man1dir)/$(sendprname).1
clean::
rm -f install-sid send-pr send-pr.el*
GNATS_ROOT=
# The default mail address for PR submissions.
-GNATS_ADDR=krb5-bugs@mit.edu
+GNATS_ADDR=bugs
# Where the gnats category tree lives.
DATADIR=@DATADIR@
# What mailer to use. This must come after the config file, since it is
# host-dependent.
-MAIL_AGENT="/usr/sbin/sendmail -oi -t"
-if [ ! -x `echo $MAIL_AGENT|sed 's/ .*//'` ] ; then
- ( [ -x /usr/lib/sendmail ] && MAIL_AGENT="/usr/lib/sendmail -oi -t" ) || \
- ( [ -x /usr/sbin/sendmail ] && MAIL_AGENT="/usr/sbin/sendmail -oi -t " ) || \
+MAIL_AGENT="/usr/lib/sendmail -oi -t"
+if [ ! -r `echo $MAIL_AGENT|sed 's/ .*//'` ] ; then
+ ( [ -r /usr/lib/sendmail ] && MAIL_AGENT="/usr/lib/sendmail -oi -t" ) || \
+ ( [ -r /usr/sbin/sendmail ] && MAIL_AGENT="/usr/sbin/sendmail -oi -t " ) || \
MAIL_AGENT="sendmail -oi -t "
fi
# How to read the passwd database.
PASSWD="cat /etc/passwd"
-ECHON=bsd
+ECHON=sysv
if [ $ECHON = bsd ] ; then
ECHON1="echo -n"
+Sat Nov 23 00:26:44 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * Makefile.in (KLIB): Change krb516.dll to krb5_16.dll. [PR#204]
+
+Wed Nov 20 18:32:06 1996 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * Makefile.in (KLIB): Change libkrb5.dll to be krb516.dll
+
Wed Jun 12 00:20:08 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* makefile: Renamed to Makefile.in, so that we can do WIN16/WIN32
!if $(KVERSION) == 5
BUILDTOP =..\..
LIBDIR = $(BUILDTOP)\lib
-KLIB = $(LIBDIR)\libkrb5.lib
+KLIB = $(LIBDIR)\krb5_16.lib
WLIB = $(LIBDIR)\winsock.lib
INCLUDES = /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5
XOBJS = kpasswd.obj
+Fri Nov 22 15:52:55 1996 unknown <bjaspan@mit.edu>
+
+ * gss-client.c (connect_to_server): use sizeof instead of h_length
+ to determine number of bytes of addr to copy from DNS response
+ [krb5-misc/211]
+
Tue Oct 29 10:17:25 1996 Theodore Y. Ts'o <tytso@mit.edu>
* gss-client.c (client_establish_context): Fix typo; service_name
- really should be nt_service_name.
+ really should be nt_service_name.
Thu Jul 25 02:16:56 1996 Theodore Y. Ts'o <tytso@mit.edu>
}
saddr.sin_family = hp->h_addrtype;
- memcpy((char *)&saddr.sin_addr, hp->h_addr, hp->h_length);
+ memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr));
saddr.sin_port = htons(port);
if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
+Sat Nov 23 00:27:45 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
+
+ * Makefile.in (KLIB): Change krb516.dll to krb5_16.dll. [PR#204]
+
+Wed Nov 20 18:32:26 1996 Theodore Y. Ts'o <tytso@mit.edu>
+
+ * Makefile.in (KLIB): Change libkrb5.dll to be krb516.dll
+
Wed Jun 12 00:22:02 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
* makefile: Renamed to Makefile.in, so that we can do WIN16/WIN32
!if $(KVERSION) == 5
BUILDTOP =..\..
LIBDIR = $(BUILDTOP)\lib
-KLIB = $(LIBDIR)\libkrb5.lib
+KLIB = $(LIBDIR)\krb5_16.lib
WLIB = $(LIBDIR)\winsock.lib
INCLUDES = /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5 \
/I$(BUILDTOP)\lib\crypto\des
projects / krb5.git / commitdiff