From e73566996463fb1947cf80ad2e11fadce3dc0b66 Mon Sep 17 00:00:00 2001 From: Theodore Tso Date: Fri, 13 Dec 1996 19:28:16 +0000 Subject: [PATCH] Merge V1_0_FREEZE_3 into the mainline. (Note this merge does *not* include the doc subtree!!) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@9632 dc483132-0cff-0310-8789-dd5450dbe970 --- README | 277 ++++++++++++++++++----- src/ChangeLog | 20 ++ src/Makefile.in | 34 ++- src/appl/bsd/ChangeLog | 27 +++ src/appl/bsd/kcmd.c | 4 +- src/appl/bsd/login.M | 2 +- src/appl/bsd/login.c | 5 +- src/appl/bsd/loginpaths.h | 10 + src/appl/bsd/v4rcp.c | 3 +- src/appl/gss-sample/ChangeLog | 6 + src/appl/gss-sample/gss-client.c | 2 +- src/appl/gssftp/ftp/ChangeLog | 5 + src/appl/gssftp/ftp/ftp.c | 5 +- src/appl/sample/sserver/ChangeLog | 7 + src/appl/sample/sserver/sserver.M | 13 +- src/appl/simple/client/ChangeLog | 5 + src/appl/simple/client/sim_client.c | 4 +- src/appl/simple/server/ChangeLog | 5 + src/appl/simple/server/sim_server.c | 2 +- src/appl/telnet/telnet/ChangeLog | 22 ++ src/appl/telnet/telnet/commands.c | 26 ++- src/appl/telnet/telnet/configure.in | 2 +- src/appl/user_user/ChangeLog | 5 + src/appl/user_user/client.c | 3 +- src/clients/kinit/ChangeLog | 4 + src/clients/kinit/kinit.M | 2 +- src/clients/klist/ChangeLog | 4 + src/clients/klist/klist.M | 2 +- src/config-files/ChangeLog | 5 + src/config-files/kdc.conf | 8 +- src/include/ChangeLog | 5 + src/include/k5-int.h | 6 +- src/include/kerberosIV/ChangeLog | 4 + src/include/kerberosIV/Makefile.in | 3 +- src/kadmin.v4/server/ChangeLog | 6 + src/kadmin.v4/server/kadm_ser_wrap.c | 2 +- src/kadmin/cli/ChangeLog | 10 + src/kadmin/cli/kadmin.M | 17 +- src/kadmin/cli/kadmin.c | 2 +- src/kadmin/passwd/ChangeLog | 20 ++ src/kadmin/passwd/configure.in | 22 +- src/kadmin/passwd/kpasswd.c | 2 +- src/kadmin/passwd/unit-test/Makefile.in | 6 +- src/kadmin/server/ChangeLog | 4 + src/kadmin/server/ovsec_kadmd.c | 10 +- src/kadmin/testing/scripts/ChangeLog | 4 + src/kadmin/testing/scripts/save_files.sh | 2 +- src/kadmin/testing/util/ChangeLog | 13 ++ src/kadmin/testing/util/tcl_kadm5.c | 1 - src/kadmin/testing/util/tcl_ovsec_kadm.c | 1 - src/kadmin/testing/util/test.c | 4 +- src/kadmin/v4server/ChangeLog | 6 + src/kadmin/v4server/kadm_ser_wrap.c | 2 +- src/kdc/ChangeLog | 7 + src/kdc/main.c | 4 +- src/krb524/ChangeLog | 11 + src/krb524/cnv_tkt_skey.c | 2 +- src/krb524/krb524d.c | 2 +- src/lib/ChangeLog | 12 + src/lib/Makefile.in | 20 +- src/lib/crypto/ChangeLog | 14 ++ src/lib/crypto/configure.in | 68 +++--- src/lib/crypto/cryptoconf.c | 15 +- src/lib/des425/ChangeLog | 4 + src/lib/des425/configure.in | 2 +- src/lib/gssapi/ChangeLog | 4 + src/lib/gssapi/configure.in | 2 +- src/lib/gssapi/generic/ChangeLog | 9 + src/lib/gssapi/generic/Makefile.in | 8 +- src/lib/gssapi/krb5/ChangeLog | 24 ++ src/lib/gssapi/krb5/accept_sec_context.c | 34 ++- src/lib/gssapi/krb5/get_tkt_flags.c | 2 +- src/lib/gssapi/krb5/gssapiP_krb5.h | 2 +- src/lib/gssapi/krb5/init_sec_context.c | 75 +++--- src/lib/gssapi/krb5/ser_sctx.c | 4 +- src/lib/gssapi/mechglue/ChangeLog | 4 + src/lib/gssapi/mechglue/configure.in | 2 +- src/lib/kadm5/srv/ChangeLog | 12 + src/lib/kadm5/unit-test/ChangeLog | 4 + src/lib/kadm5/unit-test/Makefile.in | 5 +- src/lib/kdb/ChangeLog | 4 + src/lib/kdb/configure.in | 2 +- src/lib/krb4/ChangeLog | 4 + src/lib/krb4/configure.in | 2 +- src/lib/krb5/ChangeLog | 4 + src/lib/krb5/configure.in | 2 +- src/lib/krb5/error_tables/ChangeLog | 4 + src/lib/krb5/error_tables/krb5_err.et | 1 + src/lib/krb5/keytab/file/ChangeLog | 5 + src/lib/krb5/keytab/file/ktf_g_ent.c | 14 +- src/lib/krb5/krb/ChangeLog | 7 + src/lib/krb5/krb/recvauth.c | 13 +- src/lib/krb5_16.def | 65 ++++++ src/lib/rpc/ChangeLog | 15 ++ src/lib/rpc/clnt_generic.c | 2 +- src/lib/rpc/clnt_simple.c | 3 +- src/lib/rpc/configure.in | 6 +- src/lib/rpc/get_myaddress.c | 41 ++++ src/lib/rpc/getrpcport.c | 2 +- src/lib/rpc/types.hin | 4 +- src/lib/rpc/unit-test/ChangeLog | 4 + src/lib/rpc/unit-test/Makefile.in | 6 +- src/mac/ChangeLog | 8 + src/mac/Makefile.tmpl | 6 +- src/mac/SAP/GSSforSAP.r | 13 ++ src/mac/gss-sample/ChangeLog | 7 + src/mac/gss-sample/gss-client.c | 2 +- src/mac/libraries/ChangeLog | 6 + src/mac/libraries/KerberosHeaders.h | 6 +- src/mac/mkbindirs.sh | 13 ++ src/mac/version.r | 13 +- src/patchlevel.h | 3 +- src/slave/ChangeLog | 17 ++ src/slave/kprop.M | 8 +- src/slave/kprop.c | 2 +- src/slave/kpropd.M | 16 +- src/slave/kslave_update | 14 +- src/tests/dejagnu/ChangeLog | 4 + src/tests/dejagnu/Makefile.in | 5 +- src/tests/dejagnu/config/ChangeLog | 11 + src/tests/dejagnu/config/default.exp | 25 +- src/tests/misc/test_getsockname.c | 2 +- src/util/ChangeLog | 9 + src/util/db2/obj/ChangeLog | 4 + src/util/db2/obj/Makefile.in | 4 - src/util/et/ChangeLog | 4 + src/util/et/configure.in | 2 +- src/util/makeshlib.sh | 7 +- src/util/mkrel | 74 ++++-- src/util/pty/ChangeLog | 10 + src/util/pty/configure.in | 1 + src/util/pty/update_utmp.c | 6 + src/util/pty/update_wtmp.c | 4 +- src/util/send-pr/Makefile.in | 26 +-- src/windows/cns/ChangeLog | 8 + src/windows/cns/Makefile.in | 2 +- src/windows/gss/ChangeLog | 8 +- src/windows/gss/gss-client.c | 2 +- src/windows/wintel/ChangeLog | 8 + src/windows/wintel/Makefile.in | 2 +- 140 files changed, 1251 insertions(+), 344 deletions(-) create mode 100644 src/lib/krb5_16.def create mode 100644 src/mac/mkbindirs.sh diff --git a/README b/README index cc47bb5f0..43e70c938 100644 --- a/README +++ b/README @@ -1,51 +1,80 @@ -Beta test distribution READ-ME file. ------------------------------------ + Kerberos Version 5, Release 1.0 -THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR -IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED -WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + Release Notes -Files are copyright MIT, Cygnus Support, OpenVision, Oracle, Sun Soft, -and others. + The MIT Kerberos Team -The following copyright and permission notice applies to the -OpenVision Kerberos Administration system located in kadmin/create, -kadmin/dbutil, kadmin/server, lib/kadm, and portions of lib/rpc: +Unpacking the Source Distribution +--------------------------------- - Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved - - WARNING: Retrieving the OpenVision Kerberos Administration system - source code, as described below, indicates your acceptance of the - following terms. If you do not agree to the following terms, do not - retrieve the OpenVision Kerberos administration system. - - You may freely use and distribute the Source Code and Object Code - compiled from it, but this Source Code is provided to you "AS IS" - EXCLUSIVE OF ANY WARRANTY, INCLUDING, WITHOUT LIMITATION, ANY - WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, OR - ANY OTHER WARRANTY, WHETHER EXPRESS OR IMPLIED. IN NO EVENT WILL - OPENVISION HAVE ANY LIABILITY FOR ANY LOST PROFITS, LOSS OF DATA OR - COSTS OF PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, OR FOR ANY - SPECIAL, INDIRECT, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THIS - AGREEMENT, INCLUDING, WITHOUT LIMITATION, THOSE RESULTING FROM THE USE - OF THE SOURCE CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR - FOR ANY OTHER REASON. - - OpenVision retains all rights, title, and interest in the donated - Source Code. With respect to OpenVision's copyrights in the donated - Source Code, OpenVision also retains rights to derivative works - of the Source Code whether created by OpenVision or a third party. - - OpenVision Technologies, Inc. has donated this Kerberos - Administration system to MIT for inclusion in the standard - Kerberos 5 distribution. This donation underscores our - commitment to continuing Kerberos technology development - and our gratitude for the valuable work which has been - performed by MIT and the Kerberos community. +The source distribution of Kerberos 5 comes in three gzipped tarfiles, +krb5-1.0.src.tar.gz, krb5-1.0.doc.tar.gz, and krb5-1.0.crypto.tar.gz. +The krb5-1.0.doc.tar.gz contains the doc/ directory and this README +file. The krb5-1.0.src.tar.gz contains the src/ directory and this +README file, except for the crypto library sources, which are in +krb5-1.0.crypto.tar.gz. + +Instruction on how to extract the entire distribution follow. These +directions assume that you want to extract into a directory called +DIST. + +If you have the GNU tar program and gzip installed, you can simply do: + + mkdir DIST + cd DIST + gtar zxpf krb5-1.0.src.tar.gz + gtar zxpf krb5-1.0.crypto.tar.gz + gtar zxpf krb5-1.0.doc.tar.gz +If you don't have GNU tar, you will need to get the FSF gzip +distribution and use gzcat: + mkdir DIST + cd DIST + gzcat krb5-1.0.src.tar.gz | tar xpf - + gzcat krb5-1.0.crypto.tar.gz | tar xpf - + gzcat krb5-1.0.doc.tar.gz | tar xpf - -Now, with that out of the way, let me point you to a few things: +Both of these methods will extract the sources into DIST/krb5-1.0/src +and the documentation into DIST/krb5-1.0/doc. + +Unpacking the Binary Distribution +--------------------------------- + +Binary distributions of Kerberos V5 are provided merely as convenience +to those people who wish to try out Kerberos V5 without needing to do +a full compile of Kerberos. + +MIT and the MIT Kerberos V5 development team make no guarantees that +we will continue to supply binary distributions for future releases of +Kerberos V5, or for any operating system/platform in particular. +These binary distributions have been prepared by members of the MIT +Kerberos V5 development team, or by volunteers who have graciously +agreed to test the pre-release snapshot. Each binary build is PGP +signed by the person who prepared the binary distribution for that +particular platform. + +While the binary distribution is *supposed* to correspond exactly to +the 1.0 Kerberos V5 source release, you have no way of knowing whether +the person who prepared the binary release might have inserted a +trojan horse, or a trapdoor. For all you know, the binary +distribution might be mailing all of your Kerberos keys to +kremvax!boris. (The same is true for the source distribution, but at +least you can audit the code yourself!) + +For this reason, if you are planning on using Kerberos V5 in +production, we strongly suggest that you obtain the source +distribution and compile it from source yourself. + +The binary distributions have been compiled so that they will install +in /usr/local. To install, su to root and and type the command: + + cd /usr/local + gunzip < /tmp/krb5-1.0..tar.gz | tar xvf - + + +Building and Installing Kerberos 5 +---------------------------------- The first file you should look at is doc/install.ps; it contains the notes for building and installing Kerberos 5. The info file @@ -58,32 +87,168 @@ which contain the system administrator's guide, and the user's guide, respectively. They are also available as info files kerberos-admin.info and krb5-user.info, respectively. ->> << ->> Please report any problems/bugs/comments to 'krb5-bugs@mit.edu' << ->> << +Reporting Bugs +-------------- + +Please report any problems/bugs/comments using the krb5-send-pr +program. The krb5-send-pr program will be installed in the sbin +directory once you have successfully compiled and installed Kerberos +V5 (or if you have installed one of our binary distributions). + +If you are not able to use krb5-send-pr because you haven't been able +compile and install Kerberos V5 on any platform, you may send mail to +krb5-bugs@mit.edu. + +Notes and Major Changes +----------------------- + +* We are now using the GNATS system to track bug reports for Kerberos +V5. It is therefore helpful for people to use the krb5-send-pr +program when reporting bugs. The old interface of sending mail to +krb5-bugs@mit.edu will still work; however, bug reports sent in this +fashion may experience a delay in being processed. + +* The default keytab name has changed from /etc/v5srvtab to +/etc/krb5.keytab. + +* login.krb5 no longer defaults to getting krb4 tickets. + +* The Windows (win16) DLL, LIBKRB5.DLL, has been renamed to +KRB5_16.DLL. This change was necessary to distinguish it from the +win32 version, which will be named KRB5_32.DLL. Note that the +GSSAPI.DLL file has not been renamed, because this name was specified +in a draft standard for the Windows 16 GSSAPI bindings. (The 32-bit +version of the GSSAPI DLL will be named GSSAPI32.DLL.) + +* The directory structure used for installations has changed. In +particular, files previously located in $prefix/lib/krb5kdc are now +normally located in $sysconfdir/krb5kdc. With the normal configure +options, this means the KDC database goes in /usr/local/var/krb5kdc by +default. If you wish to have the old behavior, then you would use a +configure line like the following: + + configure --prefix=/usr/local --sysconfdir=/usr/local/lib +* kshd has been modified to accept krb4 encrypted rcp connections; for +this to work, the v4rcp program must be in the bin directory. +* The gssrpc library has symbol collisions with the rpc library in +some of the libcs in certain operating systems without shared +libraries, notably some ports of NetBSD and MkLinux. For those +platforms which have rpc in libc and also contain NIS in libc, +compiling with static libraries will not work because of this +conflict. NetBSD users can either upgrade to the current tree, which +includes shared libraries for more ports, choose not to build kadmind +or kadmin, or recompile NetBSD without NIS support. MkLinux users +must either recompile without NIS or not build the administration +system. + +Copyright Notice and Legal Administrivia +---------------------------------------- + +Copyright (C) 1996 by the Massachusetts Institute of Technology. + +All rights reserved. + +Export of this software from the United States of America may require +a specific license from the United States Government. It is the +responsibility of any person or organization contemplating export to +obtain such a license before exporting. + +WITHIN THAT CONSTRAINT, permission to use, copy, modify, and +distribute this software and its documentation for any purpose and +without fee is hereby granted, provided that the above copyright +notice appear in all copies and that both that copyright notice and +this permission notice appear in supporting documentation, and that +the name of M.I.T. not be used in advertising or publicity pertaining +to distribution of the software without specific, written prior +permission. M.I.T. makes no representations about the suitability of +this software for any purpose. It is provided "as is" without express +or implied warranty. + +THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR +IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED +WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + +Individual source code files are copyright MIT, Cygnus Support, +OpenVision, Oracle, Sun Soft, and others. + +Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, +and Zephyr are trademarks of the Massachusetts Institute of Technology +(MIT). No commercial use of these trademarks may be made without +prior written permission of MIT. + +"Commercial use" means use of a name in a product or other for-profit +manner. It does NOT prevent a commercial firm from referring to the +MIT trademarks in order to convey information (although in doing so, +recognition of their trademark status should be given). + +The following copyright and permission notice applies to the +OpenVision Kerberos Administration system located in kadmin/create, +kadmin/dbutil, kadmin/passwd, kadmin/server, lib/kadm5, and portions +of lib/rpc: + + Copyright, OpenVision Technologies, Inc., 1996, All Rights Reserved + + WARNING: Retrieving the OpenVision Kerberos Administration system + source code, as described below, indicates your acceptance of the + following terms. If you do not agree to the following terms, do not + retrieve the OpenVision Kerberos administration system. + + You may freely use and distribute the Source Code and Object Code + compiled from it, with or without modification, but this Source + Code is provided to you "AS IS" EXCLUSIVE OF ANY WARRANTY, + INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY OR + FITNESS FOR A PARTICULAR PURPOSE, OR ANY OTHER WARRANTY, WHETHER + EXPRESS OR IMPLIED. IN NO EVENT WILL OPENVISION HAVE ANY LIABILITY + FOR ANY LOST PROFITS, LOSS OF DATA OR COSTS OF PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES, OR FOR ANY SPECIAL, INDIRECT, OR + CONSEQUENTIAL DAMAGES ARISING OUT OF THIS AGREEMENT, INCLUDING, + WITHOUT LIMITATION, THOSE RESULTING FROM THE USE OF THE SOURCE + CODE, OR THE FAILURE OF THE SOURCE CODE TO PERFORM, OR FOR ANY + OTHER REASON. + + OpenVision retains all copyrights in the donated Source Code. OpenVision + also retains copyright to derivative works of the Source Code, whether + created by OpenVision or by a third party. The OpenVision copyright + notice must be preserved if derivative works are made based on the + donated Source Code. + + OpenVision Technologies, Inc. has donated this Kerberos + Administration system to MIT for inclusion in the standard + Kerberos 5 distribution. This donation underscores our + commitment to continuing Kerberos technology development + and our gratitude for the valuable work which has been + performed by MIT and the Kerberos community. + +Acknowledgements +---------------- Appreciation Time!!!! There are far too many people to try to thank them all; many people have contributed to the development of Kerberos -V5. This is only a partial listing.... +V5. This is only a partial listing.... + +Thanks to Paul Vixie and the Internet Software Consortium for funding +the work of Barry Jaspan. This funding was invaluable for the OV +administration server integration, as well as the 1.0 release +preparation process. Thanks to John Linn, Scott Foote, and all of the folks at OpenVision Technologies, Inc., who donated their administration server for use in the MIT release of Kerberos. -Thanks to Paul Vixie and the Internet Software Consortium for -supporting the OV administration server integration work. - -Thanks to Jeff Bigler, Mark Eichin, Mark Horowitz, Nancy Gilman, Ken +Thanks to Jeff Bigler, Mark Eichin, Marc Horowitz, Nancy Gilman, Ken Raeburn, and all of the folks at Cygnus Support, who provided innumerable bug fixes and portability enhancements to the Kerberos V5 -tree. Thanks especially ot Jeff Bigler, for the new user and system +tree. Thanks especially to Jeff Bigler, for the new user and system administrator's documentation. Thanks to Doug Engert from ANL for providing many bug fixes, as well as testing to ensure DCE interoperability. +Thanks to Ken Hornstein at NRL for providing many bug fixes and +suggestions. + Thanks to Sean Mullan and Bill Sommerfeld from Hewlett Packard for their many suggestions and bug fixes. @@ -92,15 +257,3 @@ past and present: Jay Berkenbilt, Richard Basch, John Carr, Don Davis, Nancy Gilman, Sam Hartman, Marc Horowitz, Barry Jaspan, John Kohl, Cliff Neuman, Kevin Mitchell, Paul Park, Ezra Peisach, Chris Provenzano, Jon Rochlis, Jeff Schiller, Harry Tsai, Ted Ts'o, Tom Yu. - -Note: - -Project Athena, Athena, Athena MUSE, Discuss, Hesiod, Kerberos, Moira, and -Zephyr are trademarks of the Massachusetts Institute of Technology (MIT). No -commercial use of these trademarks may be made without prior written -permission of MIT. - -FYI, "commercial use" means use of a name in a product or other for-profit -manner. It does NOT prevent a commercial firm from referring to the MIT -trademarks in order to convey information (although in doing so, recognition -of their trademark status should be given). diff --git a/src/ChangeLog b/src/ChangeLog index f89bb96bc..aadb2fd38 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,23 @@ +Mon Nov 25 19:42:53 1996 Tom Yu + + * Makefile.in: Comment out distclean and realclean so no one will + be tempted to use them. [PR 222] + +Fri Nov 22 23:51:07 1996 Theodore Ts'o + + * Makefile.in: All changes for the Macintosh port. Translate '%' + characters in Macfile.tmpl to '/' characters. Include the + mac/SAP directory in the kerbsrc.mac.tar tarball. Rename + the kerbsrc.tar tarball to kerbsrc.mac.tar, so that the + target name in the Makefile matches the taget which is + actually generated. Use mac/mkbindirs.sh to build the + binary hierarchy for the Macintosh build process. + +Wed Nov 20 13:28:00 1996 Theodore Ts'o + + * Makefile.in (awk-windows-mac): Copy gssapi.hin to gssapi.h to + make Win16 build work. + Thu Nov 7 23:55:02 1996 Tom Yu * aclocal.m4 (LinkFileDir, LinkFile): AC_REQUIRE the AC_LN_S macro diff --git a/src/Makefile.in b/src/Makefile.in index 738aa4095..810ba1e11 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -63,11 +63,14 @@ clean-unix:: mostlyclean: clean -distclean: clean - rm -f Makefile config.status - -realclean: distclean - rm -f TAGS +# This doesn't work; if you think you need it, you should use a +# separate build directory. +# +# distclean: clean +# rm -f Makefile config.status +# +# realclean: distclean +# rm -f TAGS dist: $(DISTFILES) echo cpio-`sed -e '/version_string/!d' \ @@ -220,7 +223,7 @@ FILES= ./* \ WINFILES= windows/* windows/cns/* windows/wintel/* windows/gss/* MACFILES= mac/* mac/kconfig/* mac/libraries/* mac/telnet-k5-auth/* \ - mac/gss-sample/* config/* include/* include/krb5/* \ + mac/gss-sample/* mac/SAP/* config/* include/* include/krb5/* \ include/krb5/asn.1/* include/krb5/stock/* include/sys/* \ ./patchlevel.h @@ -235,7 +238,8 @@ CLEANUP= util/profile/profile.h util/profile/prof_err.[ch] \ include/adm_err.h include/profile.h include/krb5.h \ include/krb5/osconf.h \ lib/gssapi/generic/gssapi_err_generic.[ch] \ - lib/gssapi/krb5/gssapi_err_krb5.[ch] winfile.list macfile.list + lib/gssapi/krb5/gssapi_err_krb5.[ch] winfile.list macfile.list \ + lib/gssapi/generic/gssapi.h kerbsrc.win: kerbsrc.zip @@ -299,13 +303,22 @@ Macfile: macfile.list Makefile.sav -e 's/^/:bin:PPC:/' macsrcsk5` >> Macfile echo INCLUDES = `sed -n -e 's/\(.*:\)[^:]*\.h$$/-i \1/p' macfile.maclist | sort -u` >> Macfile echo "" >> Macfile - tr '/:\\' ':\304\266'< mac/Makefile.tmpl >> Macfile + tr '%/:\\' '/:\304\266'< mac/Makefile.tmpl >> Macfile + +mac-bin-dirs: + rm -rf bin + mkdir bin bin/68K bin/CFM-68K bin/PPC + sh mac/mkbindirs.sh bin/68K $(MAC_SUBDIRS) + sh mac/mkbindirs.sh bin/CFM-68K $(MAC_SUBDIRS) + sh mac/mkbindirs.sh bin/PPC $(MAC_SUBDIRS) -kerbsrc.mac: awk-windows-mac macfile.list Macfile +kerbsrc.mac.tar: awk-windows-mac macfile.list Macfile cp mac/libraries/autoconf.h include/autoconf.h mv Macfile Makefile - tar cvf kerbsrc.tar Makefile include/autoconf.h `cat macfile.list` + tar cvf kerbsrc.mac.tar Makefile include/autoconf.h bin \ + `cat macfile.list` rm -f $(CLEANUP) + rm -rf bin rm -f include/autoconf.h Makefile macsrc* macfile.maclist mv Makefile.sav Makefile @@ -343,3 +356,4 @@ awk-windows-mac: cat $(PR)/profile.hin $(PR)prof_err.h > $(PR)profile.h cp $(PR)profile.h include/profile.h cp $(INC)/krb5/stock/osconf.h $(INC)/krb5 + cp $(GG)gssapi.hin $(GG)gssapi.h diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index f9aa5ad88..a0f9faf19 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,30 @@ +Fri Dec 6 00:53:08 1996 Theodore Y. Ts'o + + * v4rcp.c: Extend the platform-specific braindamage so that + FreeBSD works. This whole file is eventually going to + need serious rototilling to make it even vaguely correct. + [PR #284] + +Fri Dec 6 00:02:25 1996 Tom Yu + + * loginpaths.h: Add catch-all entries for LPATH and RPATH in case + we run across something that we haven't hardcoded paths for + yet. [267] + +Thu Dec 5 21:58:28 1996 Tom Yu + + * login.M: v5srvtab -> krb5.keytab [279] + +Sun Nov 24 23:35:22 1996 Ezra Peisach + + * login.c (try_afscall): Change to take pointer to function + instead of only calling setpag(). [krb5-appl/190] + +Fri Nov 22 15:46:46 1996 unknown + + * kcmd.c (kcmd): use sizeof instead of h_length to determine + number of bytes of addr to copy from DNS response [krb5-misc/211] + Thu Nov 14 14:30:28 1996 Barry Jaspan * krcp.c: don't print our own error message if kcmd returns -1 (it diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 4b66c3795..6f4583596 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -180,7 +180,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, return (-1); } sin.sin_family = hp->h_addrtype; - memcpy((caddr_t)&sin.sin_addr,hp->h_addr, hp->h_length); + memcpy((caddr_t)&sin.sin_addr,hp->h_addr, sizeof(sin.sin_addr)); sin.sin_port = rport; if (connect(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0) break; @@ -200,7 +200,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, perror(0); hp->h_addr_list++; memcpy((caddr_t)&sin.sin_addr,hp->h_addr_list[0], - hp->h_length); + sizeof(sin.sin_addr)); fprintf(stderr, "Trying %s...\n", inet_ntoa(sin.sin_addr)); continue; diff --git a/src/appl/bsd/login.M b/src/appl/bsd/login.M index 0603d16bd..f48fd0c40 100644 --- a/src/appl/bsd/login.M +++ b/src/appl/bsd/login.M @@ -25,7 +25,7 @@ possible.) It will also attempt to run .I aklog to get \fIAFS\fP tokens for the user. The version 5 tickets will be tested against a local -.I v5srvtab +.I krb5.keytab if it is available, in order to verify the tickets, before letting the user in. However, if the password matches the entry in \fI/etc/passwd\fP the user will be unconditionally allowed (permitting diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index 7542a23a8..04045490d 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -1023,7 +1023,8 @@ static sigtype sigsys () siglongjmp(setpag_buf, 1); } -static int try_afscall () +static int try_afscall (scall) + int (*scall)(); { handler sa, osa; volatile int retval = 0; @@ -1032,7 +1033,7 @@ static int try_afscall () handler_init (sa, sigsys); handler_swap (SIGSYS, sa, osa); if (sigsetjmp(setpag_buf, 1) == 0) { - setpag (); + (*scall)(); retval = 1; } handler_set (SIGSYS, osa); diff --git a/src/appl/bsd/loginpaths.h b/src/appl/bsd/loginpaths.h index 2f2de0bb8..99d28b091 100644 --- a/src/appl/bsd/loginpaths.h +++ b/src/appl/bsd/loginpaths.h @@ -94,3 +94,13 @@ #define RPATH "/usr/bin:/bin" #endif #endif + +/* catch-all entries for operating systems we haven't looked up + hardcoded paths for */ +#ifndef LPATH +#define LPATH "/usr/bin:/bin" +#endif + +#ifndef RPATH +#define RPATH "/usr/bin:/bin" +#endif diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c index 0a1ad33a0..56db95c8d 100644 --- a/src/appl/bsd/v4rcp.c +++ b/src/appl/bsd/v4rcp.c @@ -310,7 +310,8 @@ void lostconn(); int lostconn(); #endif int errno; -#ifndef __NetBSD__ +/* Kludge!!!! */ +#if (!defined(__NetBSD__) && !defined(__FreeBSD__)) extern char *sys_errlist[]; #endif int iamremote, targetshouldbedirectory; diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 5da0236f0..110e7224a 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,3 +1,9 @@ +Fri Nov 22 15:48:02 1996 unknown + + * gss-client.c (connect_to_server): use sizeof instead of h_length + to determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Sun Oct 27 22:04:59 1996 Ezra Peisach * configure.in: Add USE_GSSAPI_LIBRARY diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index 170bc6340..b91ea87aa 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -79,7 +79,7 @@ int connect_to_server(host, port) } saddr.sin_family = hp->h_addrtype; - memcpy((char *)&saddr.sin_addr, hp->h_addr, hp->h_length); + memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr)); saddr.sin_port = htons(port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 3262141e9..9d39c10aa 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,8 @@ +Fri Nov 22 15:48:19 1996 unknown + + * ftp.c (hookup): use sizeof instead of h_length to determine + number of bytes of addr to copy from DNS response [krb5-misc/211] + Fri Sep 27 16:05:09 1996 Tom Yu * cmds.c (setpeer): Apply jik's fix so "-n" actually works as diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c index fb6a5632b..0641416bc 100644 --- a/src/appl/gssftp/ftp/ftp.c +++ b/src/appl/gssftp/ftp/ftp.c @@ -155,7 +155,7 @@ hookup(host, port) } hisctladdr.sin_family = hp->h_addrtype; memcpy((caddr_t)&hisctladdr.sin_addr, hp->h_addr_list[0], - hp->h_length); + sizeof(hisctladdr.sin_addr)); (void) strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf)); } hostname = hostnamebuf; @@ -177,7 +177,8 @@ hookup(host, port) perror((char *) 0); hp->h_addr_list++; memcpy((caddr_t)&hisctladdr.sin_addr, - hp->h_addr_list[0], hp->h_length); + hp->h_addr_list[0], + sizeof(hisctladdr.sin_addr)); fprintf(stdout, "Trying %s...\n", inet_ntoa(hisctladdr.sin_addr)); (void) close(s); diff --git a/src/appl/sample/sserver/ChangeLog b/src/appl/sample/sserver/ChangeLog index ba1d2974f..be41b716c 100644 --- a/src/appl/sample/sserver/ChangeLog +++ b/src/appl/sample/sserver/ChangeLog @@ -1,3 +1,10 @@ +Thu Dec 5 19:44:05 1996 Tom Yu + + * sserver.M: remove ref's to "/krb5" [PR 279] + + * sserver.M: v5srvtab -> krb5.keytab; also kdb5_edit -> kadmin [PR + 279] + Thu Nov 7 15:24:43 1996 Theodore Ts'o * sserver.c (main): Check the error return from diff --git a/src/appl/sample/sserver/sserver.M b/src/appl/sample/sserver/sserver.M index f0ea721b0..e879067e6 100644 --- a/src/appl/sample/sserver/sserver.M +++ b/src/appl/sample/sserver/sserver.M @@ -44,9 +44,8 @@ The service name used by \fIsserver\fP and \fIsclient\fP is \fBsample\fP. Hence, \fIsserver\fP will require that there be a keytab entry for the service "sample/hostname.domain.name@REALM.NAME". This keytab is generated using the -.IR krb5_edit(8) -program. The keytab file is installed in whatever -directory is defined by V5Srvtabdir (usually /etc) as "v5srvtab". +.IR kadmin(8) +program. The keytab file is usually installed as "/etc/krb5.keytab". .PP The .B \-S @@ -57,7 +56,7 @@ option allows for a different keytab than the default. using a line in /etc/inetd.conf that looks like this: .PP -sample stream tcp nowait root /krb5/sbin/sserver sserver +sample stream tcp nowait root /usr/local/sbin/sserver sserver .PP Since \fBsample\fP is normally not a port defined in /etc/services, you will usually have to add a line to /etc/services which looks like this: @@ -66,7 +65,7 @@ sample 13135/tcp .PP When using \fIsclient,\fP you will first have to have an entry in the Kerberos database, by using -.IR kdb5_edit(8), +.IR kadmin(8), and then you have to get Kerberos tickets, by using .IR kinit(8). @@ -109,10 +108,10 @@ didn't restart \fIinetd\fP after editing inetd.conf. .PP 4) \fIsclient\fP returns the error: .PP -/krb5/bin/sclient: Server not found in Kerberos database while using sendauth +sclient: Server not found in Kerberos database while using sendauth .PP This means that the "sample/hostname@LOCAL.REALM" service was not -defined in the Kerberos database; it should be created using \fIkdb5_edit,\fP +defined in the Kerberos database; it should be created using \fIkadmin,\fP and a keytab file needs to be generated to make the key for that service principal available for \fIssclient\fP. .PP diff --git a/src/appl/simple/client/ChangeLog b/src/appl/simple/client/ChangeLog index 275d42bf2..db1136c43 100644 --- a/src/appl/simple/client/ChangeLog +++ b/src/appl/simple/client/ChangeLog @@ -1,3 +1,8 @@ +Fri Nov 22 15:48:30 1996 unknown + + * sim_client.c (main): use sizeof instead of h_length to determine + number of bytes of addr to copy from DNS response [krb5-misc/211] + Thu Nov 7 15:26:10 1996 Theodore Ts'o * sim_client.c (main): Check the error return from diff --git a/src/appl/simple/client/sim_client.c b/src/appl/simple/client/sim_client.c index 9def2603c..a573dfa54 100644 --- a/src/appl/simple/client/sim_client.c +++ b/src/appl/simple/client/sim_client.c @@ -163,7 +163,7 @@ main(argc, argv) /* Set server's address */ (void) memset((char *)&s_sock, 0, sizeof(s_sock)); - memcpy((char *)&s_sock.sin_addr, host->h_addr, host->h_length); + memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); #ifdef DEBUG printf("s_sock.sin_addr is %s\n", inet_ntoa(s_sock.sin_addr)); #endif @@ -198,7 +198,7 @@ main(argc, argv) fprintf(stderr, "%s: unknown host\n", hostname); exit(1); } - memcpy((char *)&c_sock.sin_addr, host->h_addr, host->h_length); + memcpy((char *)&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr)); #endif diff --git a/src/appl/simple/server/ChangeLog b/src/appl/simple/server/ChangeLog index 58042da37..6e30ce4a4 100644 --- a/src/appl/simple/server/ChangeLog +++ b/src/appl/simple/server/ChangeLog @@ -1,3 +1,8 @@ +Fri Nov 22 15:48:42 1996 unknown + + * sim_server.c (argv): use sizeof instead of h_length to determine + number of bytes of addr to copy from DNS response [krb5-misc/211] + Thu Nov 7 15:26:44 1996 Theodore Ts'o * sim_server.c (argv): Check the error return from diff --git a/src/appl/simple/server/sim_server.c b/src/appl/simple/server/sim_server.c index 551a4f36c..255d786f2 100644 --- a/src/appl/simple/server/sim_server.c +++ b/src/appl/simple/server/sim_server.c @@ -151,7 +151,7 @@ char *argv[]; fprintf(stderr, "%s: host unknown\n", full_hname); exit(1); } - memcpy((char *)&s_sock.sin_addr, host->h_addr, host->h_length); + memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); /* Open socket */ if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { diff --git a/src/appl/telnet/telnet/ChangeLog b/src/appl/telnet/telnet/ChangeLog index 8080dba47..f58e8955f 100644 --- a/src/appl/telnet/telnet/ChangeLog +++ b/src/appl/telnet/telnet/ChangeLog @@ -1,3 +1,25 @@ +Tue Nov 26 20:41:31 1996 Tom Yu + + * configure.in: Check for apra/inet.h + + * commands.c: Remove explicit declaration of inet_addr, and + declare INADDR_NONE to be 0xffffffff again, but mask off the lower + 32 bits while doing the compare. + +Sat Nov 23 00:33:58 1996 Sam Hartman + + * commands.c (tn): Patch from mycroft@mit.edu for Alpha NetBSD. + Comparing to -1 is not 64-bit clean. + [233] + (INADDR_NONE): Mycroft suggests using -1 not 0xffffffff if I have + to define it ourselves. [233] + + Fri Nov 22 15:48:57 1996 unknown + + * commands.c (sourceroute): use sizeof instead of h_length to + determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Thu Nov 14 14:25:51 1996 Theodore Ts'o * sys_bsd.c(intr): Added checks to intr_waiting and intr_happened diff --git a/src/appl/telnet/telnet/commands.c b/src/appl/telnet/telnet/commands.c index cfd975e2f..0b42efe62 100644 --- a/src/appl/telnet/telnet/commands.c +++ b/src/appl/telnet/telnet/commands.c @@ -44,6 +44,9 @@ #endif /* defined(unix) */ #include #include +#ifdef HAVE_ARPA_INET_H +#include +#endif /* HAVE_ARPA_INET_H */ #ifdef CRAY #include #endif /* CRAY */ @@ -89,6 +92,9 @@ #ifndef MAXDNAME #define MAXDNAME 256 /*per the rfc*/ #endif +#ifndef INADDR_NONE +#define INADDR_NONE 0xffffffff +#endif #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; @@ -2352,8 +2358,6 @@ ayt_status() } #endif -unsigned long inet_addr(); - int tn(argc, argv) int argc; @@ -2443,10 +2447,10 @@ tn(argc, argv) } else { #endif temp = inet_addr(hostp); - if (temp != (unsigned long) -1) { + if (temp & 0xffffffff != INADDR_NONE) { sin.sin_addr.s_addr = temp; sin.sin_family = AF_INET; - (void) strcpy(_hostname, hostp); + (void) strcpy(_hostname, hostp); hostname = _hostname; } else { host = gethostbyname(hostp); @@ -2454,9 +2458,10 @@ tn(argc, argv) sin.sin_family = host->h_addrtype; #if defined(h_addr) /* In 4.3, this is a #define */ memcpy((caddr_t)&sin.sin_addr, - host->h_addr_list[0], host->h_length); + host->h_addr_list[0], sizeof(sin.sin_addr)); #else /* defined(h_addr) */ - memcpy((caddr_t)&sin.sin_addr, host->h_addr, host->h_length); + memcpy((caddr_t)&sin.sin_addr, host->h_addr, + sizeof(sin.sin_addr)); #endif /* defined(h_addr) */ strncpy(_hostname, host->h_name, sizeof(_hostname)); _hostname[sizeof(_hostname)-1] = '\0'; @@ -2546,9 +2551,9 @@ tn(argc, argv) perror((char *)0); host->h_addr_list++; memcpy((caddr_t)&sin.sin_addr, - host->h_addr_list[0], host->h_length); + host->h_addr_list[0], sizeof(sin.sin_addr)); memcpy((caddr_t)&hostaddr, - host->h_addr_list[0], host->h_length); + host->h_addr_list[0], sizeof(sin.sin_addr)); (void) NetClose(net); continue; } @@ -3055,9 +3060,10 @@ sourceroute(arg, cpp, lenp) } else if (host = gethostbyname(cp)) { #if defined(h_addr) memcpy((caddr_t)&sin_addr, - host->h_addr_list[0], host->h_length); + host->h_addr_list[0], sizeof(sin_addr)); #else - memcpy((caddr_t)&sin_addr, host->h_addr, host->h_length); + memcpy((caddr_t)&sin_addr, host->h_addr, + sizeof(sin_addr)); #endif } else { *cpp = cp; diff --git a/src/appl/telnet/telnet/configure.in b/src/appl/telnet/telnet/configure.in index 619153f03..3d08e2f4a 100644 --- a/src/appl/telnet/telnet/configure.in +++ b/src/appl/telnet/telnet/configure.in @@ -3,7 +3,7 @@ CONFIG_RULES AC_PROG_INSTALL AC_VFORK AC_CHECK_HEADERS(string.h arpa/nameser.h) -AC_HAVE_HEADERS(unistd.h sys/select.h stdlib.h) +AC_HAVE_HEADERS(unistd.h sys/select.h stdlib.h arpa/inet.h) AC_CHECK_LIB(termcap,main,AC_DEFINE(TERMCAP) LIBS="$LIBS -ltermcap", AC_CHECK_LIB(curses,setupterm,LIBS="$LIBS -lcurses") diff --git a/src/appl/user_user/ChangeLog b/src/appl/user_user/ChangeLog index 62651d0cb..e00507592 100644 --- a/src/appl/user_user/ChangeLog +++ b/src/appl/user_user/ChangeLog @@ -1,3 +1,8 @@ +Fri Nov 22 15:49:09 1996 unknown + + * client.c (argv): use sizeof instead of h_length to determine + number of bytes of addr to copy from DNS response [krb5-misc/211] + Thu Nov 7 15:36:15 1996 Theodore Ts'o * client.c (argv): diff --git a/src/appl/user_user/client.c b/src/appl/user_user/client.c index 4bee7089c..2cf85ae94 100644 --- a/src/appl/user_user/client.c +++ b/src/appl/user_user/client.c @@ -128,7 +128,8 @@ char *argv[]; fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname); return 5; } - memcpy ((char *)&serv_net_addr.sin_addr, host->h_addr_list[i++], host->h_length); + memcpy ((char *)&serv_net_addr.sin_addr, host->h_addr_list[i++], + sizeof(serv_net_addr.sin_addr)); if (connect(s, (struct sockaddr *)&serv_net_addr, sizeof (serv_net_addr)) == 0) break; com_err ("uu-client", errno, "connecting to \"%s\" (%s).", diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog index c3bbbeb3f..f3d8f2d3f 100644 --- a/src/clients/kinit/ChangeLog +++ b/src/clients/kinit/ChangeLog @@ -1,3 +1,7 @@ +Thu Dec 5 21:59:08 1996 Tom Yu + + * kinit.M: v5srvtab -> krb5.keytab [279] + Wed Nov 6 09:31:35 1996 Theodore Y. Ts'o * kinit.c (main): Check the return code from krb5_init_context, diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M index 86465b9a0..6681967f4 100644 --- a/src/clients/kinit/kinit.M +++ b/src/clients/kinit/kinit.M @@ -130,7 +130,7 @@ Location of the credentials (ticket) cache. /tmp/krb5cc_[uid] default credentials cache ([uid] is the decimal UID of the user). .TP -/etc/v5srvtab +/etc/krb5.keytab default location for the local host's .B keytab file. diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index 8b0051b4c..f72ff09cd 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,3 +1,7 @@ +Thu Dec 5 21:59:34 1996 Tom Yu + + * klist.M: v5srvtab -> krb5.keytab [279] + Wed Nov 6 12:02:59 1996 Theodore Ts'o * klist.c (main): Check the error return from krb5_init_context(), diff --git a/src/clients/klist/klist.M b/src/clients/klist/klist.M index acf80ab46..99b42b985 100644 --- a/src/clients/klist/klist.M +++ b/src/clients/klist/klist.M @@ -107,7 +107,7 @@ Location of the credentials (ticket) cache. default location of the credentials cache ([uid] is the decimal UID of the user). .TP -/etc/v5srvtab +/etc/krb5.keytab default location of the .B keytab file. diff --git a/src/config-files/ChangeLog b/src/config-files/ChangeLog index 26edc4478..fd73b3e5e 100644 --- a/src/config-files/ChangeLog +++ b/src/config-files/ChangeLog @@ -1,3 +1,8 @@ +Tue Nov 26 19:24:34 1996 Theodore Y. Ts'o + + * kdc.conf: Fixed paths to use the GNU standard conventions. + [PR#246] + Thu Nov 14 23:08:37 1996 Tom Yu * krb5.conf.M: Note change in default_keytab_name. diff --git a/src/config-files/kdc.conf b/src/config-files/kdc.conf index c9856691d..cf8cbe1fd 100644 --- a/src/config-files/kdc.conf +++ b/src/config-files/kdc.conf @@ -3,10 +3,10 @@ [realms] ATHENA.MIT.EDU = { - database_name = /usr/local/lib/krb5kdc/principal - admin_keytab = FILE:/usr/local/lib/krb5kdc/kadm5.keytab - acl_file = /usr/local/lib/krb5kdc/kadm5.acl - key_stash_file = /usr/local/lib/krb5kdc/.k5stash + database_name = /usr/local/var/krb5kdc/principal + admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab + acl_file = /usr/local/var/krb5kdc/kadm5.acl + key_stash_file = /usr/local/var/krb5kdc/.k5.ATHENA.MIT.EDU kdc_ports = 750,88 max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 3a2976d58..8ff29d5b0 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,8 @@ +Sat Nov 23 00:16:46 1996 Theodore Ts'o + + * k5-int.h: Remove DES3 and SHA support, since what's there isn't + fully correct. [PR#231] + Wed Nov 13 14:28:08 1996 Tom Yu * k5-int.h, krb5.hin: Revert kt_default_name changes. diff --git a/src/include/k5-int.h b/src/include/k5-int.h index f6f30ef5c..02cb5c22f 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -145,12 +145,12 @@ #define PROVIDE_DES_CBC_CRC #define PROVIDE_DES_CBC_RAW #define PROVIDE_DES_CBC_CKSUM -#define PROVIDE_DES3_CBC_SHA -#define PROVIDE_DES3_CBC_RAW +/* #define PROVIDE_DES3_CBC_SHA */ +/* #define PROVIDE_DES3_CBC_RAW */ #define PROVIDE_CRC32 #define PROVIDE_RSA_MD4 #define PROVIDE_RSA_MD5 -#define PROVIDE_NIST_SHA +/* #define PROVIDE_NIST_SHA */ #ifndef _SIZE_T_DEFINED typedef unsigned int size_t; diff --git a/src/include/kerberosIV/ChangeLog b/src/include/kerberosIV/ChangeLog index 74755254d..694a6186b 100644 --- a/src/include/kerberosIV/ChangeLog +++ b/src/include/kerberosIV/ChangeLog @@ -1,3 +1,7 @@ +Fri Nov 22 11:34:46 1996 Sam Hartman + + * Makefile.in: Install krb_err.h [218] + Thu Oct 31 17:27:08 1996 Sam Hartman * Makefile.in (install): Start installing headers again [36] diff --git a/src/include/kerberosIV/Makefile.in b/src/include/kerberosIV/Makefile.in index 669e341c1..0e4705ff2 100644 --- a/src/include/kerberosIV/Makefile.in +++ b/src/include/kerberosIV/Makefile.in @@ -1,4 +1,5 @@ -KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h +KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h \ + krb_err.h all:: diff --git a/src/kadmin.v4/server/ChangeLog b/src/kadmin.v4/server/ChangeLog index 1bb368af3..b411bb8a1 100644 --- a/src/kadmin.v4/server/ChangeLog +++ b/src/kadmin.v4/server/ChangeLog @@ -1,3 +1,9 @@ +Fri Nov 22 15:49:35 1996 unknown + + * kadm_ser_wrap.c (kadm_ser_init): use sizeof instead of h_length + to determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Thu Jun 13 22:09:02 1996 Tom Yu * configure.in: remove ref to ET_RULES diff --git a/src/kadmin.v4/server/kadm_ser_wrap.c b/src/kadmin.v4/server/kadm_ser_wrap.c index 7c373b3d6..bc8f0b5de 100644 --- a/src/kadmin.v4/server/kadm_ser_wrap.c +++ b/src/kadmin.v4/server/kadm_ser_wrap.c @@ -72,7 +72,7 @@ kadm_ser_init(inter, realm) if ((hp = gethostbyname(hostname)) == NULL) return KADM_NO_HOSTNAME; memcpy((char *) &server_parm.admin_addr.sin_addr.s_addr, hp->h_addr, - hp->h_length); + sizeof(server_parm.admin_addr.sin_addr.s_addr)); server_parm.admin_addr.sin_port = sep->s_port; /* setting up the database */ mkey_name = KRB5_KDB_M_NAME; diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog index 9c28f25e1..3f8f2ec48 100644 --- a/src/kadmin/cli/ChangeLog +++ b/src/kadmin/cli/ChangeLog @@ -3,6 +3,16 @@ Tue Dec 3 15:39:11 1996 Barry Jaspan * kadmin.c (kadmin_addprinc): print warning/notice about no policy and default policy [krb5-admin/252] +Thu Dec 5 19:30:22 1996 Tom Yu + + * kadmin.M: Missed a ref to /krb5. [279] + + * kadmin.M: Change example to no longer use /krb5. [PR 279] + + * kadmin.M: v5srvtab -> krb5.keytab [PR 279] + + * kadmin.c (DEFAULT_KEYTAB): v5srvtab -> krb5.keytab [PR 278] + Wed Nov 13 14:29:02 1996 Tom Yu * Makefile.in (clean-unix): Remove getdate.c and kadmin_ct.c. diff --git a/src/kadmin/cli/kadmin.M b/src/kadmin/cli/kadmin.M index f0f8913f1..a74874ff9 100644 --- a/src/kadmin/cli/kadmin.M +++ b/src/kadmin/cli/kadmin.M @@ -676,7 +676,7 @@ is added, ignoring multiple keys with the same encryption type but different salt types. If the .B \-k argument is not specified, the default keytab -.I /etc/v5srvtab +.I /etc/krb5.keytab is used. If the .B \-q option is specified, less verbose status information is displayed. @@ -695,13 +695,10 @@ command. .RS .TP EXAMPLE: -kadmin: ktadd -k /krb5/kadmind.keytab kadmin/admin kadmin/changepw -Entry for principal kadmin/admin@ATHENA.MIT.EDU with +kadmin: ktadd -k /tmp/foo-new-keytab host/foo.mit.edu +Entry for principal host/foo.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type DES-CBC-CRC added to keytab - WRFILE:/krb5/kadmind.keytab. -Entry for principal kadmin/changepw@ATHENA.MIT.EDU - with kvno 3, encryption type DES-CBC-CRC added to keytab - WRFILE:/krb5/kadmind.keytab. + WRFILE:/tmp/foo-new-keytab kadmin: .RE .fi @@ -716,7 +713,7 @@ parsed as an integer, and all entries whose kvno match that integer are removed. If the .B \-k argument is not specifeid, the default keytab -.I /etc/v5srvtab +.I /etc/krb5.keytab is used. If the .B \-q option is specified, less verbose status information is displayed. @@ -725,9 +722,9 @@ option is specified, less verbose status information is displayed. .RS .TP EXAMPLE: -kadmin: ktremove -k /krb5/kadmind.keytab kadmin/admin +kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin Entry for principal kadmin/admin with kvno 3 removed - from keytab WRFILE:/krb5/kadmind.keytab. + from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab. kadmin: .RE .fi diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index a684a2e58..b881681d2 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -428,7 +428,7 @@ char *kadmin_startup(argc, argv) exit(1); } { -#define DEFAULT_KEYTAB "WRFILE:/etc/v5srvtab" +#define DEFAULT_KEYTAB "WRFILE:/etc/krb5.keytab" /* XXX krb5_defkeyname is an internal library global and should go away */ extern char *krb5_defkeyname; diff --git a/src/kadmin/passwd/ChangeLog b/src/kadmin/passwd/ChangeLog index 5b5039315..2436ec681 100644 --- a/src/kadmin/passwd/ChangeLog +++ b/src/kadmin/passwd/ChangeLog @@ -1,3 +1,23 @@ +Wed Nov 27 13:50:03 1996 Theodore Y. Ts'o + + * configure.in: Link against kdb5 explicitly on all systems except + BSD systems, due to hairy shared library issues. [PR#257] + n.b., this is only a short-term fix for the 1.0 release. + The correct long-term fix is to not require kadm5 clients + to need to link against libkdb5 at all. + +Fri Nov 22 18:42:02 1996 Sam Hartman + + * configure.in: Do not link against kdb5 because this causes + NetBSD getpwuid to fail. [228] + + * kpasswd.c (kpasswd): Remove cast from uid_t to int. [228] + +Wed Nov 20 16:00:49 1996 Barry Jaspan + + * unit-test/Makefile.in (unit-test-): warn more loudly about unrun + tests + Wed Nov 13 19:23:15 1996 Tom Yu * unit-test/Makefile.in (clean): Remove logfiles. diff --git a/src/kadmin/passwd/configure.in b/src/kadmin/passwd/configure.in index 2331e44d0..874f3385b 100644 --- a/src/kadmin/passwd/configure.in +++ b/src/kadmin/passwd/configure.in @@ -7,8 +7,28 @@ AC_PROG_AWK USE_KADMCLNT_LIBRARY USE_GSSAPI_LIBRARY USE_GSSRPC_LIBRARY -USE_KDB5_LIBRARY USE_DYN_LIBRARY + +dnl +dnl The following is a kludge to get around a shared library problem +dnl for NetBSD and Linux. We have to include -lkdb5 under Linux, and +dnl we can't include -lkdb5 under NetBSD, due to various breakages in +dnl each system's shared library implementation +dnl +AC_MSG_CHECKING([for build host]) +AC_CACHE_VAL(krb5_cv_host, [export CC +AC_CANONICAL_HOST +krb5_cv_host=$host]) +AC_MSG_RESULT($krb5_cv_host) +case $krb5_cv_host in +*-*-*bsd*) + echo "Skipping USE KDB5 LIBRARY on BSD to avoid libdb incompatibilites" + ;; +*) + USE_KDB5_LIBRARY + ;; +esac + KRB5_LIBRARIES V5_USE_SHARED_LIB V5_AC_OUTPUT_MAKEFILE diff --git a/src/kadmin/passwd/kpasswd.c b/src/kadmin/passwd/kpasswd.c index e425280b6..48cb4ccc5 100644 --- a/src/kadmin/passwd/kpasswd.c +++ b/src/kadmin/passwd/kpasswd.c @@ -137,7 +137,7 @@ kpasswd(context, argc, argv) /* if either krb5_cc failed check the passwd file */ if (code != 0) { - pw = getpwuid((int) getuid()); + pw = getpwuid( getuid()); if (pw == NULL) { com_err(whoami, 0, string_text(KPW_STR_NOT_IN_PASSWD_FILE)); return(MISC_EXIT_STATUS); diff --git a/src/kadmin/passwd/unit-test/Makefile.in b/src/kadmin/passwd/unit-test/Makefile.in index f2192df94..8ffc57f2c 100644 --- a/src/kadmin/passwd/unit-test/Makefile.in +++ b/src/kadmin/passwd/unit-test/Makefile.in @@ -1,8 +1,10 @@ check unit-test:: unit-test-@DO_TEST@ unit-test-: - @echo "The kpasswd tests require Perl, Tcl, and runtest" - @echo "No tests run here" + @echo "+++" + @echo "+++ WARNING: kpasswd unit tests not run." + @echo "+++ Either tcl, runtest, or Perl is unavailable." + @echo "+++" unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index a8b9acdbd..23897964a 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -3,6 +3,10 @@ Wed Dec 4 15:29:30 1996 Barry Jaspan * ovsec_kadmd.c (main): fix duplicated error strings [krb5-admin/234] +Tue Nov 19 16:48:50 1996 Barry Jaspan + + * ovsec_kadmd.c: don't syslog \n's + Wed Nov 13 14:29:34 1996 Tom Yu * ovsec_kadmd.c (main): Note that krb5_defkeyname is an internal diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 0a0ff8002..bcacd72ce 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -183,7 +183,7 @@ int main(int argc, char *argv[]) if (ret = kadm5_get_config_params(context, NULL, NULL, ¶ms, ¶ms)) { - krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting\n", + krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting", whoami, error_message(ret)); fprintf(stderr, "%s: %s while initializing, aborting\n", whoami, error_message(ret)); @@ -197,7 +197,7 @@ int main(int argc, char *argv[]) if ((params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { krb5_klog_syslog(LOG_ERR, "%s: Missing required configuration values " - "while initializing, aborting\n", whoami, + "while initializing, aborting", whoami, (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS); fprintf(stderr, "%s: Missing required configuration values " "(%x) while initializing, aborting\n", whoami, @@ -726,7 +726,7 @@ void log_badauth(OM_uint32 major, OM_uint32 minor, krb5_klog_syslog(LOG_NOTICE, "Authentication attempt failed: %s, GSS-API " "error strings are:", a); log_badauth_display_status(" ", major, minor); - krb5_klog_syslog(LOG_NOTICE, " GSS-API error strings complete.\n"); + krb5_klog_syslog(LOG_NOTICE, " GSS-API error strings complete."); } void log_badauth_display_status(char *msg, OM_uint32 major, OM_uint32 minor) @@ -754,11 +754,11 @@ void log_badauth_display_status_1(char *m, OM_uint32 code, int type, GSS_C_MECH_CODE, 1); } else krb5_klog_syslog(LOG_ERR, "GSS-API authentication error %s: " - "recursive failure!\n", msg); + "recursive failure!", msg); return; } - krb5_klog_syslog(LOG_NOTICE, "%s %s\n", m, (char *)msg.value); + krb5_klog_syslog(LOG_NOTICE, "%s %s", m, (char *)msg.value); (void) gss_release_buffer(&minor_stat, &msg); if (!msg_ctx) diff --git a/src/kadmin/testing/scripts/ChangeLog b/src/kadmin/testing/scripts/ChangeLog index 73dcd5a80..bfc97a89e 100644 --- a/src/kadmin/testing/scripts/ChangeLog +++ b/src/kadmin/testing/scripts/ChangeLog @@ -3,6 +3,10 @@ Tue Dec 3 15:28:53 1996 Barry Jaspan * init_db: be verbose when $SRVTCL doesn't exist, instead of just failing [krb5-admin/245] +Thu Dec 5 19:34:09 1996 Tom Yu + + * save_files.sh (files): Also save /etc/krb5.keytab. [PR 278] + Thu Nov 14 15:28:16 1996 Barry Jaspan * env-setup.shin, init_db, save_files.sh, start_servers, diff --git a/src/kadmin/testing/scripts/save_files.sh b/src/kadmin/testing/scripts/save_files.sh index 14fe892d4..72182036f 100644 --- a/src/kadmin/testing/scripts/save_files.sh +++ b/src/kadmin/testing/scripts/save_files.sh @@ -15,7 +15,7 @@ done # /.secure/etc/passwd /etc/athena/inetd.conf" files="/etc/krb.conf /etc/krb.realms /etc/athena/krb.conf \ - /etc/athena/krb.realms /etc/v5srvtab" + /etc/athena/krb.realms /etc/v5srvtab /etc/krb5.keytab" name=`basename $0` diff --git a/src/kadmin/testing/util/ChangeLog b/src/kadmin/testing/util/ChangeLog index e324ed6e6..698414ab2 100644 --- a/src/kadmin/testing/util/ChangeLog +++ b/src/kadmin/testing/util/ChangeLog @@ -1,3 +1,16 @@ +Fri Dec 6 00:04:10 1996 Theodore Y. Ts'o + + * test.c: Change test looking for tcl 7.05 and greater to be tcl + 7.04 and greater, since BSDI ships with tcl 7.04, and + needs this change. [PR#282] + +Thu Dec 5 22:47:27 1996 Theodore Y. Ts'o + + * tcl_ovsec_kadm.c: + * tcl_kadm5.c: Remove #include of , which is not + guaranteed to be there. #include of is all you + need for malloc(), per ANSI. [PR#281] + Wed Nov 13 09:55:05 1996 Ezra Peisach * Makefile.in (clean): Remove built programs. diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c index 2aa36636d..409f02396 100644 --- a/src/kadmin/testing/util/tcl_kadm5.c +++ b/src/kadmin/testing/util/tcl_kadm5.c @@ -4,7 +4,6 @@ #define USE_KADM5_API_VERSION 2 #include #include -#include #include #include #include diff --git a/src/kadmin/testing/util/tcl_ovsec_kadm.c b/src/kadmin/testing/util/tcl_ovsec_kadm.c index 0c6aaac9c..40a854e95 100644 --- a/src/kadmin/testing/util/tcl_ovsec_kadm.c +++ b/src/kadmin/testing/util/tcl_ovsec_kadm.c @@ -4,7 +4,6 @@ #define USE_KADM5_API_VERSION 1 #include #include -#include #include #include #include diff --git a/src/kadmin/testing/util/test.c b/src/kadmin/testing/util/test.c index 75a0fc25f..f9da05238 100644 --- a/src/kadmin/testing/util/test.c +++ b/src/kadmin/testing/util/test.c @@ -1,8 +1,8 @@ #include -#define IS_TCL_7_5 ((TCL_MAJOR_VERSION * 100 + TCL_MINOR_VERSION) >= 705) +#define _TCL_MAIN ((TCL_MAJOR_VERSION * 100 + TCL_MINOR_VERSION) >= 704) -#if IS_TCL_7_5 +#if _TCL_MAIN int main(argc, argv) int argc; /* Number of command-line arguments. */ diff --git a/src/kadmin/v4server/ChangeLog b/src/kadmin/v4server/ChangeLog index 7572a6380..2966ad100 100644 --- a/src/kadmin/v4server/ChangeLog +++ b/src/kadmin/v4server/ChangeLog @@ -1,3 +1,9 @@ +Fri Nov 22 15:49:27 1996 unknown + + * kadm_ser_wrap.c (endif ): use sizeof instead of h_length to + determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Wed Nov 13 19:24:00 1996 Tom Yu * Makefile.in (clean): Remove kadm_err.h and kadm_err.c. diff --git a/src/kadmin/v4server/kadm_ser_wrap.c b/src/kadmin/v4server/kadm_ser_wrap.c index 3d4c045ed..7ea289f24 100644 --- a/src/kadmin/v4server/kadm_ser_wrap.c +++ b/src/kadmin/v4server/kadm_ser_wrap.c @@ -82,7 +82,7 @@ kadm_ser_init(inter, realm) if ((hp = gethostbyname(hostname)) == NULL) return KADM_NO_HOSTNAME; memcpy((char *) &server_parm.admin_addr.sin_addr.s_addr, hp->h_addr, - hp->h_length); + sizeof(server_parm.admin_addr.sin_addr.s_addr)); server_parm.admin_addr.sin_port = sep->s_port; /* setting up the database */ mkey_name = KRB5_KDB_M_NAME; diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index c2b2074f3..190c4f3c5 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -9,6 +9,13 @@ Sat Nov 23 17:26:22 1996 Mark Eichin return status and don't pass back hint if it failed. (get_etype_info): malloc one more word in entry for end marker. +Wed Nov 20 11:25:05 1996 Barry Jaspan + + * main.c (initialize_realms): krb5_aprof_init can succeed while + leaving aprof == NULL, but krb5_aprof_finish will fail. This is + just more grossness that needs to be redone when the kdc.conf + interface is reworked. + Thu Nov 7 12:27:21 1996 Theodore Ts'o * kdc_preauth.c (check_padata): Fixed error handling; in order for diff --git a/src/kdc/main.c b/src/kdc/main.c index dd4ae7687..bc7a2fee1 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -721,7 +721,9 @@ initialize_realms(kcontext, argc, argv) hierarchy[2] = (char *) NULL; if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_ports)) default_ports = 0; - krb5_aprof_finish(aprof); + /* aprof_init can return 0 with aprof == NULL */ + if (aprof) + krb5_aprof_finish(aprof); } if (default_ports == 0) default_ports = strdup(DEFAULT_KDC_PORTLIST); diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index dbc3c841d..7f5856dbb 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,14 @@ +Thu Dec 5 23:27:00 1996 Tom Yu + + * krb524d.c (main): Ignore SIGHUP for now. [27] + +Thu Dec 5 23:12:29 1996 Theodore Y. Ts'o + + * cnv_tkt_skey.c (krb524_convert_tkt_skey): Change the issue time + of the V4 ticket to be the current time (since the + lifetime of the V4 ticket was calculated assuming that the + issue time would be the current time). [PR#283,PR#22] + Mon Nov 11 16:23:32 1996 Mark Eichin * krb524d.c (do_connection): only free v4/v5 keyblock contents and diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c index a7d5e54ed..19bb386f3 100644 --- a/src/krb524/cnv_tkt_skey.c +++ b/src/krb524/cnv_tkt_skey.c @@ -161,7 +161,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey) (char *) v5etkt->session->contents, lifetime, /* issue_data */ - v5etkt->times.starttime, + server_time, sname, sinst, v4_skey->contents); diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index 2c4d3f839..7d6e9ba16 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -119,7 +119,7 @@ int main(argc, argv) } signal(SIGINT, request_exit); - signal(SIGHUP, request_exit); + signal(SIGHUP, SIG_IGN); signal(SIGTERM, request_exit); if (use_keytab) diff --git a/src/lib/ChangeLog b/src/lib/ChangeLog index c7e7fb6b1..791ed2b99 100644 --- a/src/lib/ChangeLog +++ b/src/lib/ChangeLog @@ -1,3 +1,15 @@ +Sat Nov 23 00:25:25 1996 Theodore Ts'o + + * libkrb5.def: Renamed to krb5_16.def [PR#204] + + * Makefile.in (all-windows): Change name of dll from krb5_16.dll, + which will be the final name of the DLL. [PR#204] + +Wed Nov 20 18:28:47 1996 Theodore Y. Ts'o + + * Makefile.in (clean-windows): Change the name of the Windows (16) + dll to be krb516.dll, instead of libkrb5.dll + Fri Jul 12 20:32:29 1996 Theodore Y. Ts'o * win_glue.c: Added TIMEBOMB_INFO string which tells the user the diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index f0eaef89f..b8cd3980a 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -19,10 +19,10 @@ clean-unix:: $(RM) $(CLEANLIBS) clean-windows:: - $(RM) libkrb5.dll libkrb5.lib libkrb5.bak libkrb5.map winsock.lib + $(RM) krb5_16.dll krb5_16.lib krb5_16.bak krb5_16.map winsock.lib $(RM) gssapi.dll gssapi.lib gssapi.bak gssapi.map # -# Windows stuff to make libkrb5.dll and libkrb5.lib. Currently it +# Windows stuff to make krb5_16.dll and krb5_16.lib. Currently it # combines crypto, krb5, kadm and the util/et directories. # ALIB = kadm\kadm.lib @@ -34,7 +34,7 @@ PLIB = $(BUILDTOP)\util\profile\profile.lib WLIB = .\winsock.lib LIBS = $(ALIB) $(CLIB) $(KLIB) $(GLIB) $(ETLIB) $(PLIB) $(WLIB) -lib-windows: winsock.lib libkrb5.lib gssapi.lib +lib-windows: winsock.lib krb5_16.lib gssapi.lib gssapi.lib:: gssapi.dll implib /nologo gssapi.lib gssapi.dll @@ -44,13 +44,13 @@ gssapi.dll:: $(GLIB) $(LIBS) gssapi.def win_glue.obj $(LIBS) ldllcew libw oldnames, gssapi.def rc /nologo /p /k gssapi.dll -libkrb5.lib:: libkrb5.dll - implib /nologo libkrb5.lib libkrb5.dll +krb5_16.lib:: krb5_16.dll + implib /nologo krb5_16.lib krb5_16.dll -libkrb5.dll:: $(LIBS) libkrb5.def win_glue.obj - link /co /seg:400 /noe /nod /nol win_glue, libkrb5.dll, libkrb5.map, \ - $(LIBS) ldllcew libw oldnames, libkrb5.def - rc /nologo /p /k libkrb5.dll +krb5_16.dll:: $(LIBS) krb5_16.def win_glue.obj + link /co /seg:400 /noe /nod /nol win_glue, krb5_16.dll, krb5_16.map, \ + $(LIBS) ldllcew libw oldnames, krb5_16.def + rc /nologo /p /k krb5_16.dll sap_glue.obj: win_glue.c $(CC) $(CFLAGS) -DSAP_TIMEBOMB -I$(VERS_DIR) /c \ @@ -83,7 +83,7 @@ all-windows:: @echo Making in lib cd .. -all-windows:: libkrb5.lib gssapi.lib +all-windows:: krb5_16.lib gssapi.lib clean-windows:: @echo Making clean in lib\crypto diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index 680319932..ecdb1d41e 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,17 @@ +Sat Nov 23 00:22:20 1996 Theodore Ts'o + + * cryptoconf.c: Also zero out the entries in cryptoconf, to make + sure no one tries to use triple DES and SHA. + +Fri Nov 22 20:49:13 1996 Theodore Ts'o + + * configure.in (enableval): Disable triple DES and SHA, since + what's there isn't the final triple DES. [PR#231] + +Mon Nov 18 20:38:24 1996 Ezra Peisach + [krb5-libs/201] + * configure.in: Set shared library version to 1.0. + Thu Jun 6 00:04:38 1996 Theodore Y. Ts'o * Makefile.in (all-windows): Don't pass $(LIBCMD) on the command diff --git a/src/lib/crypto/configure.in b/src/lib/crypto/configure.in index 9e0451004..53f9fcc39 100644 --- a/src/lib/crypto/configure.in +++ b/src/lib/crypto/configure.in @@ -19,17 +19,17 @@ if test "$enableval" = yes; then else AC_MSG_RESULT(Disabling DES_CBC_MD5) fi -AC_ARG_ENABLE([des3-cbc-sha], -[ --enable-des3-cbc-sha enable DES3_CBC_SHA (DEFAULT). - --disable-des3-cbc-sha disable DES3_CBC_SHA.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling DES3_CBC_SHA) - AC_DEFINE(PROVIDE_DES3_CBC_SHA) -else - AC_MSG_RESULT(Disabling DES3_CBC_SHA) -fi +dnl AC_ARG_ENABLE([des3-cbc-sha], +dnl [ --enable-des3-cbc-sha enable DES3_CBC_SHA (DEFAULT). +dnl --disable-des3-cbc-sha disable DES3_CBC_SHA.], +dnl , +dnl enableval=yes)dnl +dnl if test "$enableval" = yes; then +dnl AC_MSG_RESULT(Enabling DES3_CBC_SHA) +dnl AC_DEFINE(PROVIDE_DES3_CBC_SHA) +dnl else +dnl AC_MSG_RESULT(Disabling DES3_CBC_SHA) +dnl fi AC_ARG_WITH([des-cbc-crc], [ --enable-des-cbc-crc enable DES_CBC_CRC (DEFAULT). --disable-des-cbc-crc disable DES_CBC_CRC.], @@ -52,17 +52,17 @@ if test "$enableval" = yes; then else AC_MSG_RESULT(Disabling DES_CBC_RAW) fi -AC_ARG_WITH([des3-cbc-raw], -[ --enable-des3-cbc-raw enable DES3_CBC_RAW (DEFAULT). - --disable-des3-cbc-raw disable DES3_CBC_RAW.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling DES3_CBC_RAW) - AC_DEFINE(PROVIDE_DES3_CBC_RAW) -else - AC_MSG_RESULT(Disabling DES3_CBC_RAW) -fi +dnl AC_ARG_WITH([des3-cbc-raw], +dnl [ --enable-des3-cbc-raw enable DES3_CBC_RAW (DEFAULT). +dnl --disable-des3-cbc-raw disable DES3_CBC_RAW.], +dnl , +dnl enableval=yes)dnl +dnl if test "$enableval" = yes; then +dnl AC_MSG_RESULT(Enabling DES3_CBC_RAW) +dnl AC_DEFINE(PROVIDE_DES3_CBC_RAW) +dnl else +dnl AC_MSG_RESULT(Disabling DES3_CBC_RAW) +dnl fi AC_ARG_WITH([des-cbc-cksum], [ --enable-des-cbc-cksum enable DES_CBC_CKSUM (DEFAULT). --disable-des-cbc-cksum disable DES_CBC_CKSUM.], @@ -107,20 +107,20 @@ if test "$enableval" = yes; then else AC_MSG_RESULT(Disabling RSA_MD5) fi -AC_ARG_WITH([nist-sha], -[ --enable-nist-sha enable NIST_SHA (DEFAULT). - --disable-nist-sha disable NIST_SHA.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling NIST_SHA) - AC_DEFINE(PROVIDE_NIST_SHA) -else - AC_MSG_RESULT(Disabling NIST_SHA) -fi +dnl AC_ARG_WITH([nist-sha], +dnl [ --enable-nist-sha enable NIST_SHA (DEFAULT). +dnl --disable-nist-sha disable NIST_SHA.], +dnl , +dnl enableval=yes)dnl +dnl if test "$enableval" = yes; then +dnl AC_MSG_RESULT(Enabling NIST_SHA) +dnl AC_DEFINE(PROVIDE_NIST_SHA) +dnl else +dnl AC_MSG_RESULT(Disabling NIST_SHA) +dnl fi V5_SHARED_LIB_OBJS SubdirLibraryRule([${OBJS}]) DO_SUBDIRS -V5_MAKE_SHARED_LIB(libcrypto,0.1,.., ./crypto) +V5_MAKE_SHARED_LIB(libcrypto,1.0,.., ./crypto) V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/crypto/cryptoconf.c b/src/lib/crypto/cryptoconf.c index 768c6cf3c..62be74581 100644 --- a/src/lib/crypto/cryptoconf.c +++ b/src/lib/crypto/cryptoconf.c @@ -53,8 +53,10 @@ #ifdef PROVIDE_NIST_SHA #include "shs.h" -#define SHA_CKENTRY &nist_sha_cksumtable_entry -#define HMAC_SHA_CKENTRY &hmac_sha_cksumtable_entry +/* #define SHA_CKENTRY &nist_sha_cksumtable_entry */ +/* #define HMAC_SHA_CKENTRY &hmac_sha_cksumtable_entry */ +#define SHA_CKENTRY 0 +#define HMAC_SHA_CKENTRY 0 #else #define SHA_CKENTRY 0 #define HMAC_SHA_CKENTRY 0 @@ -109,7 +111,11 @@ #include "des_int.h" #define _DES_DONE__ #endif -#define DES3_CBC_SHA_CSENTRY &krb5_des3_sha_cst_entry +/* Don't try to enable triple DES unless you know what you are doing; */ +/* the current implementation of triple DES is NOT the final and */ +/* correct implementation.!!! */ +/* #define DES3_CBC_SHA_CSENTRY &krb5_des3_sha_cst_entry */ +#define DES3_CBC_SHA_CSENTRY 0 #else #define DES3_CBC_SHA_CSENTRY 0 #endif @@ -119,7 +125,8 @@ #include "des_int.h" #define _DES_DONE__ #endif -#define DES3_CBC_RAW_CSENTRY &krb5_des3_raw_cst_entry +/* #define DES3_CBC_RAW_CSENTRY &krb5_des3_raw_cst_entry */ +#define DES3_CBC_RAW_CSENTRY 0 #else #define DES3_CBC_RAW_CSENTRY 0 #endif diff --git a/src/lib/des425/ChangeLog b/src/lib/des425/ChangeLog index c0c8faa43..8b1457e07 100644 --- a/src/lib/des425/ChangeLog +++ b/src/lib/des425/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:39:02 1996 Ezra Peisach + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Wed Aug 7 12:50:36 1996 Ezra Peisach * new_rnd_key.c (des_set_sequence_number): Change cast to diff --git a/src/lib/des425/configure.in b/src/lib/des425/configure.in index 08126b06c..07072c9f2 100644 --- a/src/lib/des425/configure.in +++ b/src/lib/des425/configure.in @@ -29,5 +29,5 @@ AC_SUBST(CRYPTO_SH_VERS) KRB5_SH_VERS=$krb5_cv_shlib_version_libkrb5 AC_SUBST(KRB5_SH_VERS) KRB5_RUN_FLAGS -V5_MAKE_SHARED_LIB(libdes425,0.1,.., ./des425) +V5_MAKE_SHARED_LIB(libdes425,1.0,.., ./des425) V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/gssapi/ChangeLog b/src/lib/gssapi/ChangeLog index 505b5d355..b29cc371b 100644 --- a/src/lib/gssapi/ChangeLog +++ b/src/lib/gssapi/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:39:41 1996 Ezra Peisach + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Tue Jul 23 22:50:22 1996 Theodore Y. Ts'o * Makefile.in (MAC_SUBDIRS): Remove mechglue from the list of diff --git a/src/lib/gssapi/configure.in b/src/lib/gssapi/configure.in index 164582c64..f2bb70429 100644 --- a/src/lib/gssapi/configure.in +++ b/src/lib/gssapi/configure.in @@ -7,7 +7,7 @@ AC_PROG_ARCHIVE_ADD AC_PROG_RANLIB AC_PROG_INSTALL DO_SUBDIRS -V5_MAKE_SHARED_LIB(libgssapi_krb5,0.1,.., ./gssapi) +V5_MAKE_SHARED_LIB(libgssapi_krb5,1.0,.., ./gssapi) CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto AC_SUBST(CRYPTO_SH_VERS) COMERR_SH_VERS=$krb5_cv_shlib_version_libcom_err diff --git a/src/lib/gssapi/generic/ChangeLog b/src/lib/gssapi/generic/ChangeLog index 993470825..30fd1c3c2 100644 --- a/src/lib/gssapi/generic/ChangeLog +++ b/src/lib/gssapi/generic/ChangeLog @@ -1,3 +1,12 @@ +Wed Nov 20 13:59:58 1996 Ezra Peisach + + * Makefile.in (install): Install gssapi.h from the build tree. + +Tue Nov 19 16:43:16 1996 Tom Yu + + * Makefile.in (gssapi.h): grep USE_.*_H out from autoconf.h as + well (some stuff was depending on USE_STRING_H). + Mon Nov 18 12:38:34 1996 Tom Yu *gssapi.h: Renamed to gssapi.hin. diff --git a/src/lib/gssapi/generic/Makefile.in b/src/lib/gssapi/generic/Makefile.in index 1e1aa7ebb..87b414f47 100644 --- a/src/lib/gssapi/generic/Makefile.in +++ b/src/lib/gssapi/generic/Makefile.in @@ -37,6 +37,7 @@ gssapi.h: gssapi.hin echo "/* It contains some choice pieces of autoconf.h */" >> $@ grep SIZEOF $(BUILDTOP)/include/krb5/autoconf.h >> $@ grep 'HAVE_.*_H' $(BUILDTOP)/include/krb5/autoconf.h >> $@ + grep 'USE_.*_H' $(BUILDTOP)/include/krb5/autoconf.h >> $@ echo "/* End of gssapi.h prologue. */" cat $(srcdir)/gssapi.hin >> $@ @@ -84,7 +85,8 @@ OBJS = \ $(OBJS): $(HDRS) $(ETHDRS) -EXPORTED_HEADERS= gssapi.h gssapi_generic.h +EXPORTED_HEADERS= gssapi_generic.h +EXPORTED_BUILT_HEADERS= gssapi.h all-unix:: shared $(SRCS) $(ETHDRS) $(OBJS) @@ -116,5 +118,9 @@ install:: do $(INSTALL_DATA) $(srcdir)/$$f \ $(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \ done + @set -x; for f in $(EXPORTED_BUILT_HEADERS) ; \ + do $(INSTALL_DATA) $$f \ + $(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \ + done depend:: $(ETSRCS) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index e1c1d9849..8f9ac2c0d 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -4,6 +4,30 @@ Wed Dec 4 13:06:13 1996 Barry Jaspan instead of scanning through keytab to find matching principal [krb5-libs/210] +Wed Nov 20 19:55:29 1996 Marc Horowitz + + * init_sec_context.c (make_ap_rep, krb5_gss_init_sec_context), + accept_sec_context.c (krb5_gss_accept_sec_context): fix up use of + gss flags. under some circumstances, the context would not have + checked for replay or sequencing, even if those features were + requested. + + * init_sec_context.c (make_ap_req), (krb5_gss_init_sec_context): + If delegation is requested, but forwarding the credentials fails, + instead of aborting the context setup, just don't forward + credentials. + + * gssapiP_krb5.h (krb5_gss_ctx_id_t), ser_sctx.c + (kg_ctx_externalize, kg_ctx_internalize), init_sec_context.c + (krb5_gss_init_sec_context), get_tkt_flags.c + (gss_krb5_get_tkt_flags), accept_sec_context.c + (krb5_gss_accept_sec_context): rename ctx->flags to + ctx->krb_flags, to disambiguate it from ctx->gss_flags + + * accept_sec_context.c (krb5_gss_accept_sec_context): If the subkey + isn't present in the authenticator, then use the session key + instead. + Sat Oct 19 00:38:22 1996 Theodore Y. Ts'o * ser_sctx.c (kg_oid_externalize, kg_oid_internalize, diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 234606921..158983557 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -384,8 +384,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, ctx->mech_used = mech_used; ctx->auth_context = auth_context; ctx->initiate = 0; - ctx->gss_flags = GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | - (gss_flags & (GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG)); + ctx->gss_flags = KG_IMPLFLAGS(gss_flags); ctx->seed_init = 0; ctx->big_endian = bigend; @@ -417,6 +416,29 @@ krb5_gss_accept_sec_context(minor_status, context_handle, return(GSS_S_FAILURE); } + /* use the session key if the subkey isn't present */ + + if (ctx->subkey == NULL) { + if ((code = krb5_auth_con_getkey(context, auth_context, + &ctx->subkey))) { + krb5_free_principal(context, ctx->there); + krb5_free_principal(context, ctx->here); + xfree(ctx); + *minor_status = code; + return(GSS_S_FAILURE); + } + } + + if (ctx->subkey == NULL) { + krb5_free_principal(context, ctx->there); + krb5_free_principal(context, ctx->here); + xfree(ctx); + /* this isn't a very good error, but it's not clear to me this + can actually happen */ + *minor_status = KRB5KDC_ERR_NULL_KEY; + return(GSS_S_FAILURE); + } + switch(ctx->subkey->enctype) { case ENCTYPE_DES_CBC_MD5: case ENCTYPE_DES_CBC_CRC: @@ -464,7 +486,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, } ctx->endtime = ticket->enc_part2->times.endtime; - ctx->flags = ticket->enc_part2->flags; + ctx->krb_flags = ticket->enc_part2->flags; krb5_free_ticket(context, ticket); /* Done with ticket */ @@ -487,8 +509,8 @@ krb5_gss_accept_sec_context(minor_status, context_handle, } g_order_init(&(ctx->seqstate), ctx->seq_recv, - (gss_flags & GSS_C_REPLAY_FLAG) != 0, - (gss_flags & GSS_C_SEQUENCE_FLAG) != 0); + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0); /* at this point, the entire context structure is filled in, so it can be released. */ @@ -545,7 +567,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, *time_rec = ctx->endtime - now; if (ret_flags) - *ret_flags = KG_IMPLFLAGS(gss_flags); + *ret_flags = ctx->gss_flags; ctx->established = 1; diff --git a/src/lib/gssapi/krb5/get_tkt_flags.c b/src/lib/gssapi/krb5/get_tkt_flags.c index 5dd91064f..eebf06d81 100644 --- a/src/lib/gssapi/krb5/get_tkt_flags.c +++ b/src/lib/gssapi/krb5/get_tkt_flags.c @@ -48,7 +48,7 @@ gss_krb5_get_tkt_flags(minor_status, context_handle, ticket_flags) } if (ticket_flags) - *ticket_flags = ctx->flags; + *ticket_flags = ctx->krb_flags; *minor_status = 0; return(GSS_S_COMPLETE); diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index ee327baf6..97f2d51d5 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -113,7 +113,7 @@ typedef struct _krb5_gss_ctx_id_rec { krb5_gss_enc_desc enc; krb5_gss_enc_desc seq; krb5_timestamp endtime; - krb5_flags flags; + krb5_flags krb_flags; krb5_int32 seq_send; krb5_int32 seq_recv; void *seqstate; diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 690d5af2b..3b8935fff 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -30,15 +30,15 @@ static krb5_error_code make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, - req_flags, flags, mech_type, token) + req_flags, krb_flags, mech_type, token) krb5_context context; krb5_auth_context * auth_context; krb5_gss_cred_id_t cred; krb5_principal server; krb5_timestamp *endtime; gss_channel_bindings_t chan_bindings; - OM_uint32 req_flags; - krb5_flags *flags; + OM_uint32 *req_flags; + krb5_flags *krb_flags; gss_OID mech_type; gss_buffer_t token; { @@ -74,8 +74,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, /* build the checksum field */ - if(*flags && GSS_C_DELEG_FLAG) { - + if (*req_flags & GSS_C_DELEG_FLAG) { /* first get KRB_CRED message, so we know its length */ /* clear the time check flag that was set in krb5_auth_con_init() */ @@ -83,20 +82,27 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, krb5_auth_con_setflags(context, *auth_context, con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME); - if ((code = krb5_fwd_tgt_creds(context, *auth_context, 0, + code = krb5_fwd_tgt_creds(context, *auth_context, 0, cred->princ, server, cred->ccache, 1, - &credmsg))) - return(code); + &credmsg); /* turn KRB5_AUTH_CONTEXT_DO_TIME back on */ krb5_auth_con_setflags(context, *auth_context, con_flags); - if(credmsg.length+28 > KRB5_INT16_MAX) { - krb5_xfree(credmsg.data); - return(KRB5KRB_ERR_FIELD_TOOLONG); - } + if (code) { + /* don't fail here; just don't accept/do the delegation + request */ + *req_flags &= ~GSS_C_DELEG_FLAG; - checksum_data.length = 28+credmsg.length; + checksum_data.length = 24; + } else { + if (credmsg.length+28 > KRB5_INT16_MAX) { + krb5_xfree(credmsg.data); + return(KRB5KRB_ERR_FIELD_TOOLONG); + } + + checksum_data.length = 28+credmsg.length; + } } else { checksum_data.length = 24; } @@ -115,7 +121,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, TWRITE_INT(ptr, md5.length, 0); TWRITE_STR(ptr, (unsigned char *) md5.contents, md5.length); - TWRITE_INT(ptr, KG_IMPLFLAGS(req_flags), 0); + TWRITE_INT(ptr, *req_flags, 0); /* done with this, free it */ xfree(md5.contents); @@ -151,7 +157,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, mk_req_flags = AP_OPTS_USE_SUBKEY; - if (req_flags & GSS_C_MUTUAL_FLAG) + if (*req_flags & GSS_C_MUTUAL_FLAG) mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED; if ((code = krb5_mk_req_extended(context, auth_context, mk_req_flags, @@ -160,7 +166,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, /* store the interesting stuff from creds and authent */ *endtime = out_creds->times.endtime; - *flags = out_creds->ticket_flags; + *krb_flags = out_creds->ticket_flags; /* build up the token */ @@ -264,15 +270,15 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, err = 0; if (mech_type == GSS_C_NULL_OID) { - mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old; - } else if (g_OID_equal(mech_type, gss_mech_krb5)) { - if (!cred->rfc_mech) - err = 1; - } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) { - if (!cred->prerfc_mech) - err = 1; - } else - err = 1; + mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old; + } else if (g_OID_equal(mech_type, gss_mech_krb5)) { + if (!cred->rfc_mech) + err = 1; + } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) { + if (!cred->prerfc_mech) + err = 1; + } else + err = 1; if (err) { *minor_status = 0; @@ -318,9 +324,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, ctx->mech_used = mech_type; ctx->auth_context = NULL; ctx->initiate = 1; - ctx->gss_flags = ((req_flags & (GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG)) | - GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG); - ctx->flags = req_flags & GSS_C_DELEG_FLAG; + ctx->gss_flags = KG_IMPLFLAGS(req_flags); ctx->seed_init = 0; ctx->big_endian = 0; /* all initiators do little-endian, as per spec */ ctx->seqstate = 0; @@ -352,7 +356,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if ((code = make_ap_req(context, &(ctx->auth_context), cred, ctx->there, &ctx->endtime, input_chan_bindings, - req_flags, &ctx->flags, mech_type, &token))) { + &ctx->gss_flags, &ctx->krb_flags, mech_type, + &token))) { krb5_free_principal(context, ctx->here); krb5_free_principal(context, ctx->there); xfree(ctx); @@ -438,7 +443,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, *output_token = token; if (ret_flags) - *ret_flags = KG_IMPLFLAGS(req_flags); + *ret_flags = ctx->gss_flags; if (actual_mech_type) *actual_mech_type = mech_type; @@ -452,8 +457,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, } else { ctx->seq_recv = ctx->seq_send; g_order_init(&(ctx->seqstate), ctx->seq_recv, - (req_flags & GSS_C_REPLAY_FLAG) != 0, - (req_flags & GSS_C_SEQUENCE_FLAG) != 0); + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0); ctx->established = 1; /* fall through to GSS_S_COMPLETE */ } @@ -477,7 +482,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if ((ctx->established) || (((gss_cred_id_t) cred) != claimant_cred_handle) || - ((req_flags & GSS_C_MUTUAL_FLAG) == 0)) { + ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) { (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); /* XXX this minor status is wrong if an arg was changed */ @@ -534,8 +539,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* store away the sequence number */ ctx->seq_recv = ap_rep_data->seq_number; g_order_init(&(ctx->seqstate), ctx->seq_recv, - (req_flags & GSS_C_REPLAY_FLAG) != 0, - (req_flags & GSS_C_SEQUENCE_FLAG) !=0); + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0); /* free the ap_rep_data */ krb5_free_ap_rep_enc_part(context, ap_rep_data); diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c index 259cce5b8..22b5c367c 100644 --- a/src/lib/gssapi/krb5/ser_sctx.c +++ b/src/lib/gssapi/krb5/ser_sctx.c @@ -515,7 +515,7 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain) &bp, &remain); (void) krb5_ser_pack_int32((krb5_int32) ctx->endtime, &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->flags, + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags, &bp, &remain); (void) krb5_ser_pack_int32((krb5_int32) ctx->seq_send, &bp, &remain); @@ -632,7 +632,7 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain) (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->endtime = (krb5_timestamp) ibuf; (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->flags = (krb5_flags) ibuf; + ctx->krb_flags = (krb5_flags) ibuf; (void) krb5_ser_unpack_int32(&ctx->seq_send, &bp, &remain); (void) krb5_ser_unpack_int32(&ctx->seq_recv, &bp, &remain); (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); diff --git a/src/lib/gssapi/mechglue/ChangeLog b/src/lib/gssapi/mechglue/ChangeLog index 97558b1a2..9f8fb1bc4 100644 --- a/src/lib/gssapi/mechglue/ChangeLog +++ b/src/lib/gssapi/mechglue/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:43:54 1996 Ezra Peisach + + * configure.in: Shared library version number to 1.0. [krb5-libs/201] + Wed Jun 12 00:50:32 1996 Theodore Ts'o * Makefile.in: Remove include of config/windows.in; that's done diff --git a/src/lib/gssapi/mechglue/configure.in b/src/lib/gssapi/mechglue/configure.in index 73cf30efd..bd9b4db21 100644 --- a/src/lib/gssapi/mechglue/configure.in +++ b/src/lib/gssapi/mechglue/configure.in @@ -13,7 +13,7 @@ case $host in *-*-aix*) # don't build libgssapi.a on AIX ;; *) - V5_MAKE_SHARED_LIB(libgssapi,0.1,.., ./mechglue) + V5_MAKE_SHARED_LIB(libgssapi,1.0,.., ./mechglue) AppendRule([install:: libgssapi.[$](LIBEXT) [$](INSTALL_DATA) libgssapi.[$](LIBEXT) [$](DESTDIR)[$](KRB5_LIBDIR)[$](S)libgssapi.[$](LIBEXT)]) LinkFileDir([$](TOPLIBD)/libgssapi.[$](LIBEXT),libgssapi.[$](LIBEXT),./gssapi/mechglue) diff --git a/src/lib/kadm5/srv/ChangeLog b/src/lib/kadm5/srv/ChangeLog index d9c5b76bd..0a65eff00 100644 --- a/src/lib/kadm5/srv/ChangeLog +++ b/src/lib/kadm5/srv/ChangeLog @@ -9,6 +9,18 @@ Fri Nov 22 11:11:34 1996 Sam Hartman * Makefile.in (SHLIB_LIBS): Do not link shared against -ldb [224] +Tue Nov 26 03:04:04 1996 Sam Hartman + + * server_acl.c (acl_load_acl_file): Fix coredump by allowing + catchall_entry to be null, but do not reference it if it is. + Thanks to marc. [242] + +Mon Nov 25 17:53:20 1996 Barry Jaspan + + * server_acl.c: set acl_catchall_entry to "" instead of NULL, + since it is presumed to contain something, but we don't want any + default entry [krb5-admin/237] + Wed Nov 13 19:20:36 1996 Tom Yu * Makefile.in (clean-unix): Remove shared/*. diff --git a/src/lib/kadm5/unit-test/ChangeLog b/src/lib/kadm5/unit-test/ChangeLog index 0f95d8138..2fe5fb96d 100644 --- a/src/lib/kadm5/unit-test/ChangeLog +++ b/src/lib/kadm5/unit-test/ChangeLog @@ -3,6 +3,10 @@ Mon Dec 9 15:57:55 1996 Barry Jaspan * api.0/init.exp, api.2/init.exp: use spawn/expect instead of exec so tests don't fail when kadmin.local produces output +Wed Nov 20 15:59:34 1996 Barry Jaspan + + * Makefile.in (check-): warn more loudly about unrun tests + Mon Nov 11 20:51:27 1996 Tom Yu * configure.in: Add AC_CANONICAL_HOST to deal with new pre.in. diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in index 455f42880..333c663e5 100644 --- a/src/lib/kadm5/unit-test/Makefile.in +++ b/src/lib/kadm5/unit-test/Makefile.in @@ -49,7 +49,10 @@ server-iter-test: iter-test.o $(SRVDEPLIBS) check:: check-@DO_TEST@ check-:: - @echo "Either tcl, runtest, or Perl is unavailable. Kadm5 unit tests not run" + @echo "+++" + @echo "+++ WARNING: lib/kadm5 unit tests not run." + @echo "+++ Either tcl, runtest, or Perl is unavailable." + @echo "+++" check-ok unit-test:: unit-test-client unit-test-server diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index 3f74707fb..ca9b83089 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:40:12 1996 Ezra Peisach + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Tue Nov 12 23:41:55 1996 Mark Eichin * kdb_dbm.c: Ditch DB_OPENCLOSE conditionals, and fix the real diff --git a/src/lib/kdb/configure.in b/src/lib/kdb/configure.in index 75c4e40c8..8f04d9824 100644 --- a/src/lib/kdb/configure.in +++ b/src/lib/kdb/configure.in @@ -20,7 +20,7 @@ KRB5_RUN_FLAGS V5_USE_SHARED_LIB KRB5_LIBRARIES V5_SHARED_LIB_OBJS -V5_MAKE_SHARED_LIB(libkdb5,0.1,.., ./kdb) +V5_MAKE_SHARED_LIB(libkdb5,1.0,.., ./kdb) AppendRule([all-unix:: ../libkdb5.a]) KRB5_SH_VERS=$krb5_cv_shlib_version_libkrb5 AC_SUBST(KRB5_SH_VERS) diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index 27ab65fe1..1c7296b8c 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:40:39 1996 Ezra Peisach + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Thu Nov 7 12:33:06 1996 Theodore Y. Ts'o * g_in_tkt.c: diff --git a/src/lib/krb4/configure.in b/src/lib/krb4/configure.in index 4e3dd8c0f..2a4c8b3a7 100644 --- a/src/lib/krb4/configure.in +++ b/src/lib/krb4/configure.in @@ -44,7 +44,7 @@ AC_HAVE_FUNCS(strsave seteuid setreuid setresuid) AC_PROG_AWK V5_SHARED_LIB_OBJS SubdirLibraryRule([$(OBJS)]) -V5_MAKE_SHARED_LIB(libkrb4,0.1,.., ./krb4) +V5_MAKE_SHARED_LIB(libkrb4,1.0,.., ./krb4) CopyHeader(krb_err.h,$(EHDRDIR)) CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto AC_SUBST(CRYPTO_SH_VERS) diff --git a/src/lib/krb5/ChangeLog b/src/lib/krb5/ChangeLog index 00b17c7d8..e77f6b970 100644 --- a/src/lib/krb5/ChangeLog +++ b/src/lib/krb5/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:42:39 1996 Ezra Peisach + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Wed Oct 23 01:15:40 1996 Theodore Y. Ts'o * configure.in, Makefile.in: Check to see if the -lgen library diff --git a/src/lib/krb5/configure.in b/src/lib/krb5/configure.in index c612ed7c9..2ac53bdfe 100644 --- a/src/lib/krb5/configure.in +++ b/src/lib/krb5/configure.in @@ -16,7 +16,7 @@ dnl AC_CHECK_LIB(gen,compile,SHLIB_GEN=-lgen,SHLIB_GEN='') AC_SUBST(SHLIB_GEN) dnl -V5_MAKE_SHARED_LIB(libkrb5,0.1,.., ./krb5) +V5_MAKE_SHARED_LIB(libkrb5,1.0,.., ./krb5) CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto AC_SUBST(CRYPTO_SH_VERS) COMERR_SH_VERS=$krb5_cv_shlib_version_libcom_err diff --git a/src/lib/krb5/error_tables/ChangeLog b/src/lib/krb5/error_tables/ChangeLog index 0b60e42c5..6eff8a21a 100644 --- a/src/lib/krb5/error_tables/ChangeLog +++ b/src/lib/krb5/error_tables/ChangeLog @@ -1,3 +1,7 @@ +Tue Nov 19 17:06:26 1996 Barry Jaspan + + * krb5_err.et: add KRB5_KT_KVNONOTFOUND [krb5-libs/198] + Wed Nov 6 11:15:32 1996 Theodore Ts'o * krb5_err.et: Make the KRB5_CONFIG_CANTOPEN and diff --git a/src/lib/krb5/error_tables/krb5_err.et b/src/lib/krb5/error_tables/krb5_err.et index 06af95541..1b4223242 100644 --- a/src/lib/krb5/error_tables/krb5_err.et +++ b/src/lib/krb5/error_tables/krb5_err.et @@ -300,5 +300,6 @@ error_code KRB5_CONFIG_NODEFREALM, "Configuration file does not specify default error_code KRB5_SAM_UNSUPPORTED, "Bad SAM flags in obtain_sam_padata" error_code KRB5_KT_NAME_TOOLONG, "Keytab name too long" +error_code KRB5_KT_KVNONOTFOUND, "Key version number for principal in key table is incorrect" end diff --git a/src/lib/krb5/keytab/file/ChangeLog b/src/lib/krb5/keytab/file/ChangeLog index c37f70950..f14e2a030 100644 --- a/src/lib/krb5/keytab/file/ChangeLog +++ b/src/lib/krb5/keytab/file/ChangeLog @@ -1,3 +1,8 @@ +Tue Nov 19 17:06:59 1996 Barry Jaspan + + * ktf_g_ent.c (krb5_ktfile_get_entry): return KRB5_KT_KVNONOTFOUND + when appropriate [krb5-libs/198] + Wed Jul 24 17:10:11 1996 Theodore Y. Ts'o * ktf_g_name.c (krb5_ktfile_get_name): Use the error code diff --git a/src/lib/krb5/keytab/file/ktf_g_ent.c b/src/lib/krb5/keytab/file/ktf_g_ent.c index 4805d5c69..e42dcdbd4 100644 --- a/src/lib/krb5/keytab/file/ktf_g_ent.c +++ b/src/lib/krb5/keytab/file/ktf_g_ent.c @@ -40,6 +40,7 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) { krb5_keytab_entry cur_entry, new_entry; krb5_error_code kerror = 0; + int found_wrong_kvno = 0; /* Open the keyfile for reading */ if ((kerror = krb5_ktfileint_openr(context, id))) @@ -92,14 +93,21 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) krb5_kt_free_entry(context, &cur_entry); cur_entry = new_entry; break; - } + } else + found_wrong_kvno++; } } else { krb5_kt_free_entry(context, &new_entry); } } - if (kerror == KRB5_KT_END) - kerror = cur_entry.principal ? 0 : KRB5_KT_NOTFOUND; + if (kerror == KRB5_KT_END) { + if (cur_entry.principal) + kerror = 0; + else if (found_wrong_kvno) + kerror = KRB5_KT_KVNONOTFOUND; + else + kerror = KRB5_KT_NOTFOUND; + } if (kerror) { (void) krb5_ktfileint_close(context, id); krb5_kt_free_entry(context, &cur_entry); diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index c702d0aa9..18bf88594 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +Thu Nov 21 13:54:01 1996 Ezra Peisach + + * recvauth.c (krb5_recvauth): If there is an error, and the server + argument to krb5_recvauth is NULL, create a dummy server + entry for the krb5_error structure so that krb5_mk_error + will not die with missing required fields. [krb5-libs/209] + Wed Nov 13 14:30:47 1996 Tom Yu * init_ctx.c: Revert previous kt_default_name changes. diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c index d6d6772de..d5e7b5fc5 100644 --- a/src/lib/krb5/krb/recvauth.c +++ b/src/lib/krb5/krb/recvauth.c @@ -57,6 +57,7 @@ krb5_recvauth(context, auth_context, krb5_rcache rcache = 0; krb5_octet response; krb5_data null_server; + int need_error_free = 0; /* * Zero out problem variable. If problem is set at the end of @@ -173,7 +174,14 @@ krb5_recvauth(context, auth_context, memset((char *)&error, 0, sizeof(error)); krb5_us_timeofday(context, &error.stime, &error.susec); - error.server = server; + if(server) + error.server = server; + else { + /* If this fails - ie. ENOMEM we are hosed + we cannot even send the error if we wanted to... */ + (void) krb5_parse_name(context, "????", &error.server); + need_error_free = 1; + } error.error = problem - ERROR_TABLE_BASE_krb5; if (error.error > 127) @@ -190,6 +198,9 @@ krb5_recvauth(context, auth_context, goto cleanup; } free(error.text.data); + if(need_error_free) + krb5_free_principal(context, error.server); + } else { outbuf.length = 0; outbuf.data = 0; diff --git a/src/lib/krb5_16.def b/src/lib/krb5_16.def new file mode 100644 index 000000000..9d9d5e5ef --- /dev/null +++ b/src/lib/krb5_16.def @@ -0,0 +1,65 @@ +;---------------------------------------------------- +; LIBKRB5.DEF - LIBKRB5.DLL module definition file +;---------------------------------------------------- + +LIBRARY LIBKRB5 +DESCRIPTION 'DLL for Kerberos 5' +EXETYPE WINDOWS +CODE PRELOAD MOVEABLE DISCARDABLE +DATA PRELOAD MOVEABLE SINGLE +HEAPSIZE 8192 + +EXPORTS + WEP @1001 RESIDENTNAME + LIBMAIN @1002 + GSS_ACQUIRE_CRED @1 + GSS_RELEASE_CRED @2 + GSS_INIT_SEC_CONTEXT @3 + GSS_ACCEPT_SEC_CONTEXT @4 + GSS_PROCESS_CONTEXT_TOKEN @5 + GSS_DELETE_SEC_CONTEXT @6 + GSS_CONTEXT_TIME @7 + GSS_SIGN @8 + GSS_VERIFY @9 + GSS_SEAL @10 + GSS_UNSEAL @11 + GSS_DISPLAY_STATUS @12 + GSS_INDICATE_MECHS @13 + GSS_COMPARE_NAME @14 + GSS_DISPLAY_NAME @15 + GSS_IMPORT_NAME @16 + GSS_RELEASE_NAME @17 + GSS_RELEASE_BUFFER @18 + GSS_RELEASE_OID_SET @19 + GSS_INQUIRE_CRED @20 +; Kerberos 5 + _krb5_build_principal_ext + KRB5_CC_DEFAULT + KRB5_FREE_ADDRESSES + KRB5_FREE_AP_REP_ENC_PART + KRB5_FREE_CRED_CONTENTS + KRB5_FREE_CREDS + KRB5_FREE_PRINCIPAL + KRB5_GET_CREDENTIALS + KRB5_GET_DEFAULT_REALM + KRB5_GET_IN_TKT_WITH_PASSWORD + KRB5_GET_NOTIFICATION_MESSAGE + KRB5_INIT_CONTEXT + KRB5_INIT_ETS + KRB5_MK_REQ_EXTENDED + KRB5_OS_LOCALADDR + KRB5_PARSE_NAME + KRB5_RD_REP + KRB5_SNAME_TO_PRINCIPAL + KRB5_TIMEOFDAY + KRB5_US_TIMEOFDAY + KRB5_UNPARSE_NAME +;Kadm routines + KRB5_ADM_CONNECT + KRB5_ADM_DISCONNECT + KRB5_FREE_ADM_DATA + KRB5_READ_ADM_REPLY + KRB5_SEND_ADM_CMD +;Com_err routines + _com_err + ERROR_MESSAGE diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog index 1f815211b..904ca169b 100644 --- a/src/lib/rpc/ChangeLog +++ b/src/lib/rpc/ChangeLog @@ -19,6 +19,21 @@ Wed Dec 4 12:42:49 1996 Barry Jaspan recvfrom in order to determine both source and dest address on unconnected UDP socket, set xp_laddr and xp_laddrlen +Fri Nov 22 15:50:42 1996 unknown + + * get_myaddress.c (get_myaddress): use krb5_os_localaddr instead + of ioctl() to get local IP addresses [krb5-libs/227] + + * clnt_generic.c, clnt_simple.c, getrpcport.c: use sizeof instead + of h_length to determine number of bytes of addr to copy from DNS + response [krb5-misc/211] + +Fri Nov 22 11:49:43 1996 Sam Hartman + + * types.hin: Include stdlib.h if found at config time [203] + + * configure.in: Substitute STDLIB_INCLUDE into types.h. [203] + Tue Nov 12 16:27:27 1996 Barry Jaspan * auth_gssapi.c (auth_gssapi_create): handle channel bindings diff --git a/src/lib/rpc/clnt_generic.c b/src/lib/rpc/clnt_generic.c index f111c2e14..9eeabe152 100644 --- a/src/lib/rpc/clnt_generic.c +++ b/src/lib/rpc/clnt_generic.c @@ -73,7 +73,7 @@ clnt_create(hostname, prog, vers, proto) sin.sin_family = h->h_addrtype; sin.sin_port = 0; memset(sin.sin_zero, 0, sizeof(sin.sin_zero)); - memmove((char*)&sin.sin_addr, h->h_addr, h->h_length); + memmove((char*)&sin.sin_addr, h->h_addr, sizeof(sin.sin_addr)); p = getprotobyname(proto); if (p == NULL) { rpc_createerr.cf_stat = RPC_UNKNOWNPROTO; diff --git a/src/lib/rpc/clnt_simple.c b/src/lib/rpc/clnt_simple.c index 0d8f7a4df..9b5ba9fa6 100644 --- a/src/lib/rpc/clnt_simple.c +++ b/src/lib/rpc/clnt_simple.c @@ -88,7 +88,8 @@ callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out) return ((int) RPC_UNKNOWNHOST); timeout.tv_usec = 0; timeout.tv_sec = 5; - memmove((char *)&server_addr.sin_addr, hp->h_addr, hp->h_length); + memmove((char *)&server_addr.sin_addr, hp->h_addr, + sizeof(server_addr.sin_addr)); server_addr.sin_family = AF_INET; server_addr.sin_port = 0; if ((crp->client = clntudp_create(&server_addr, (rpc_u_int32)prognum, diff --git a/src/lib/rpc/configure.in b/src/lib/rpc/configure.in index c2217044f..dde9d53fa 100644 --- a/src/lib/rpc/configure.in +++ b/src/lib/rpc/configure.in @@ -6,7 +6,11 @@ AC_PROG_ARCHIVE AC_PROG_ARCHIVE_ADD AC_PROG_RANLIB AC_PROG_INSTALL - +dnl Arrange for types.hin to include stdlib.h +AC_CHECK_HEADER(stdlib.h, [ + STDLIB_INCLUDE="#include "], + [STDLIB_INCLUDE=""]) +AC_SUBST(STDLIB_INCLUDE) dnl ### Check where struct rpcent is declared. # # This is necessary to determine: diff --git a/src/lib/rpc/get_myaddress.c b/src/lib/rpc/get_myaddress.c index fa4c54e78..7986a384c 100644 --- a/src/lib/rpc/get_myaddress.c +++ b/src/lib/rpc/get_myaddress.c @@ -38,6 +38,46 @@ static char sccsid[] = "@(#)get_myaddress.c 1.4 87/08/11 Copyr 1984 Sun Micro"; * Copyright (C) 1984, Sun Microsystems, Inc. */ +#ifdef GSSAPI_KRB5 +#include +#include +#include +#include +#include +/* + * don't use gethostbyname, which would invoke yellow pages + */ +get_myaddress(addr) + struct sockaddr_in *addr; +{ + krb5_address **addrs, **a; + int ret; + + /* Hack! krb5_os_localaddr does not use the context arg! */ + if (ret = krb5_os_localaddr(NULL, &addrs)) { + com_err("get_myaddress", ret, "calling krb5_os_localaddr"); + exit(1); + } + a = addrs; + while (*a) { + if ((*a)->addrtype == ADDRTYPE_INET) { + memset(addr, 0, sizeof(*addr)); + addr->sin_family = AF_INET; + addr->sin_port = htons(PMAPPORT); + memcpy(&addr->sin_addr, (*a)->contents, sizeof(addr->sin_addr)); + break; + } + a++; + } + if (*a == NULL) { + com_err("get_myaddress", 0, "no local AF_INET address"); + exit(1); + } + /* Hack! krb5_free_addresses does not use the context arg! */ + krb5_free_addresses(NULL, addrs); +} + +#else /* !GSSAPI_KRB5 */ #include #include #include @@ -93,3 +133,4 @@ get_myaddress(addr) } (void) close(s); } +#endif /* !GSSAPI_KRB5 */ diff --git a/src/lib/rpc/getrpcport.c b/src/lib/rpc/getrpcport.c index d209a1527..1bc239f94 100644 --- a/src/lib/rpc/getrpcport.c +++ b/src/lib/rpc/getrpcport.c @@ -48,7 +48,7 @@ getrpcport(host, prognum, versnum, proto) if ((hp = gethostbyname(host)) == NULL) return (0); - memmove((char *) &addr.sin_addr, hp->h_addr, hp->h_length); + memmove((char *) &addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr)); addr.sin_family = AF_INET; addr.sin_port = 0; return (pmap_getport(&addr, prognum, versnum, proto)); diff --git a/src/lib/rpc/types.hin b/src/lib/rpc/types.hin index 9bd357d70..8722759cc 100644 --- a/src/lib/rpc/types.hin +++ b/src/lib/rpc/types.hin @@ -61,9 +61,7 @@ typedef unsigned long rpc_u_int32; # define NULL 0 #endif -#if defined(__osf__) -#include -#endif +@STDLIB_INCLUDE@ #define mem_alloc(bsize) (char *) malloc(bsize) #define mem_free(ptr, bsize) free(ptr) diff --git a/src/lib/rpc/unit-test/ChangeLog b/src/lib/rpc/unit-test/ChangeLog index 05a3de540..0303efb29 100644 --- a/src/lib/rpc/unit-test/ChangeLog +++ b/src/lib/rpc/unit-test/ChangeLog @@ -1,3 +1,7 @@ +Wed Nov 20 16:00:21 1996 Barry Jaspan + + * Makefile.in (unit-test-): warn more loudly about unrun tests + Thu Nov 14 22:27:05 1996 Tom Yu * server.c (main): Add declaration of optind for systems that diff --git a/src/lib/rpc/unit-test/Makefile.in b/src/lib/rpc/unit-test/Makefile.in index 3690dc349..26c10c79d 100644 --- a/src/lib/rpc/unit-test/Makefile.in +++ b/src/lib/rpc/unit-test/Makefile.in @@ -29,8 +29,10 @@ client.o server.o: rpc_test.h check unit-test:: unit-test-@DO_TEST@ unit-test-: - @echo "The rpc tests require Perl, Tcl, and runtest" - @echo "No tests run here" + @echo "+++" + @echo "+++ WARNING: lib/rpc unit tests not run." + @echo "+++ Either tcl, runtest, or Perl is unavailable." + @echo "+++" unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup diff --git a/src/mac/ChangeLog b/src/mac/ChangeLog index 654a0a8d9..b3be53fc8 100644 --- a/src/mac/ChangeLog +++ b/src/mac/ChangeLog @@ -1,3 +1,11 @@ +Fri Nov 22 07:54:57 1996 Theodore Ts'o + + * Makefile.tmpl: Use '%' in Makefiles where you really want a '/' + character in the mpw Makefile. (Translation in + src/Makefile.in) + + * version.r: Fix typos, and set version resource for 1.0 release. + Fri Nov 8 17:44:10 1996 Theodore Y. Ts'o * Makefile.tmpl: Add in version resource diff --git a/src/mac/Makefile.tmpl b/src/mac/Makefile.tmpl index 84ebae4fd..5a42dd4ae 100644 --- a/src/mac/Makefile.tmpl +++ b/src/mac/Makefile.tmpl @@ -3,11 +3,11 @@ KH68K = {KH}KerberosHeaders68K KHCFM-68K = {KH}KerberosHeadersCFM-68K KHPPC = {KH}KerberosHeadersPPC -GSSRTLCFM68K = "{MW68KLibraries}ANSI (4i/8d) C.CFM68K.Lib" \ +GSSRTLCFM68K = "{MW68KLibraries}ANSI (4i%8d) C.CFM68K.Lib" \ {MW68KLibraries}SIOUX.CFM68K.Lib \ {MW68KLibraries}InterfaceLib \ {MW68KLibraries}MWCFM68KRuntime.Lib \ - "{MW68KLibraries}MathLibCFM68K (4i/8d).Lib" + "{MW68KLibraries}MathLibCFM68K (4i%8d).Lib" GSSRTLCFMPPC = "{MWPPCLibraries}ANSI C.PPC.Lib" \ {MWPPCLibraries}SIOUX.PPC.Lib {MWPPCLibraries}MWCRuntime.Lib \ @@ -113,7 +113,6 @@ link-68KCFM-SAP : -sym fullpath -map libgss.68K.MAP -o GSSLibrarySAP.68K \ {GSSRTLCFM68K} {GSSOBJS68KCFM-SAP} {GSSOBJS68KCFM} Rez "/mac/SAP/GSSforSAP.r" -a -o GSSLibrarySAP.68K - Rez "/mac/version.r" -a -o GSSLibrarySAP.68K link-PPC-SAP : MWLinkPPC -sharedlibrary -name GSSLibrary -m "" \ @@ -122,7 +121,6 @@ link-PPC-SAP : -sym fullpath -map libgss.PPC.MAP -o GSSLibrarySAP.PPC \ {GSSRTLCFMPPC} {GSSOBJSPPC-SAP} {GSSOBJSPPC} Rez "/mac/SAP/GSSforSAP.r" -a -o GSSLibrarySAP.PPC - Rez "/mac/version.r" -a -o GSSLibrarySAP.PPC link-CFMFAT-SAP : Duplicate -y GSSLibrarySAP.68K GSSLibSAP diff --git a/src/mac/SAP/GSSforSAP.r b/src/mac/SAP/GSSforSAP.r index ca25a8384..8910dd756 100644 --- a/src/mac/SAP/GSSforSAP.r +++ b/src/mac/SAP/GSSforSAP.r @@ -1,4 +1,17 @@ +#ifdef mw_rez +#include +#include +#else +#include "SysTypes.r" #include "Types.r" +#endif + +resource 'vers' (1) { + 0x01, 0x00, final, 0x00, + verUS, + "1.0", + "1.0(SAP), Copyright 1996 Massachusetts Institute of Technology" +}; resource 'DITL' (135, nonpurgeable) { { /* array DITLarray: 2 elements */ diff --git a/src/mac/gss-sample/ChangeLog b/src/mac/gss-sample/ChangeLog index 63f061256..9975f8a92 100644 --- a/src/mac/gss-sample/ChangeLog +++ b/src/mac/gss-sample/ChangeLog @@ -1,3 +1,10 @@ +Fri Nov 22 15:51:55 1996 unknown + + * gss-client.c (connect_to_server): use sizeof instead of h_length + to determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + + Thu 26 12:00:00 1995 John Rivlin * Created GSS Sample program diff --git a/src/mac/gss-sample/gss-client.c b/src/mac/gss-sample/gss-client.c index d7dd26eba..b2be7c84c 100644 --- a/src/mac/gss-sample/gss-client.c +++ b/src/mac/gss-sample/gss-client.c @@ -336,7 +336,7 @@ SOCKET connect_to_server(char *host, u_short port) } saddr.sin_family = hp->h_addrtype; - memcpy((char *)&saddr.sin_addr, hp->h_addr, hp->h_length); + memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr)); saddr.sin_port = htons(port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) == (SOCKET) -1) { diff --git a/src/mac/libraries/ChangeLog b/src/mac/libraries/ChangeLog index 1a8d737a8..4388c5e7f 100644 --- a/src/mac/libraries/ChangeLog +++ b/src/mac/libraries/ChangeLog @@ -1,3 +1,9 @@ +Sat Nov 23 00:18:20 1996 Theodore Ts'o + + * KerberosHeaders.h: Remove DES3 and SHA support for 1.0, since + what's there isn't the correct final algorithm. (They + will be re-added later.) [PR #231] + Tue Apr 30 14:53:54 1996 * KerberosHeaders.h: Removed PROVIDE_SNEFRU (shouldn't be there) diff --git a/src/mac/libraries/KerberosHeaders.h b/src/mac/libraries/KerberosHeaders.h index ac4e62da6..a25d00157 100644 --- a/src/mac/libraries/KerberosHeaders.h +++ b/src/mac/libraries/KerberosHeaders.h @@ -35,9 +35,9 @@ typedef unsigned int size_t; #define PROVIDE_DES_CBC_CRC #define PROVIDE_DES_CBC_MD5 #define PROVIDE_DES_CBC_RAW -#define PROVIDE_DES3_CBC_MD5 -#define PROVIDE_DES3_CBC_RAW - +/* #define PROVIDE_DES3_CBC_MD5 */ +/* #define PROVIDE_DES3_CBC_RAW */ +/* #define PROVIDE_NIST_SHA */ #define NO_SYS_TYPES_H #define NO_SYS_STAT_H diff --git a/src/mac/mkbindirs.sh b/src/mac/mkbindirs.sh new file mode 100644 index 000000000..cdc2af202 --- /dev/null +++ b/src/mac/mkbindirs.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# This shell script creates the Macintosh binary hierarchies. + +topbin=$1 +shift + +for DIR do + mkdir $topbin/$DIR + for SDIR in `sed -n -e 's/MAC_SUBDIRS.*=//p' $DIR/Makefile.in`; do + /bin/sh mac/mkbindirs.sh $topbin $DIR/$SDIR; + done +done diff --git a/src/mac/version.r b/src/mac/version.r index 85ece8583..a83d10ff2 100644 --- a/src/mac/version.r +++ b/src/mac/version.r @@ -1,9 +1,14 @@ +#ifdef mw_rez #include #include +#else +#include "SysTypes.r" +#include "Types.r" +#endif resource 'vers' (1) { - 0x00, 0x07, beta, 0x01, - verUS - "Beta 7 Build 1", - "Beta 7 Build 1, Copyright 1996 Massachusetts Institute of Technology" + 0x01, 0x00, final, 0x00, + verUS, + "1.0", + "1.0, Copyright 1996 Massachusetts Institute of Technology" }; diff --git a/src/patchlevel.h b/src/patchlevel.h index ab2b4e215..45d84f194 100644 --- a/src/patchlevel.h +++ b/src/patchlevel.h @@ -1,2 +1,3 @@ -#define KRB5_MAJOR_RELEASE BETA_7 +#define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 0 +#define KRB5_PATCHLEVEL 0 diff --git a/src/slave/ChangeLog b/src/slave/ChangeLog index 60673e1dc..acaeb8a3d 100644 --- a/src/slave/ChangeLog +++ b/src/slave/ChangeLog @@ -1,3 +1,20 @@ +Thu Dec 5 21:15:27 1996 Tom Yu + + * kslave_update: Update script for new filename conventions. [PR + 280] + + * kprop.M: Update outdated references to kdb5_edit and /krb5 [PR + 279] + + * kpropd.M: Update outdated references to kdb5_edit and /krb5 [PR + 279] + +Fri Nov 22 15:52:07 1996 unknown + + * kprop.c (open_connection): use sizeof instead of h_length to + determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Thu Nov 7 15:18:01 1996 Theodore Ts'o * kprop.c (main): diff --git a/src/slave/kprop.M b/src/slave/kprop.M index 7a25db6df..a0b5ac840 100644 --- a/src/slave/kprop.M +++ b/src/slave/kprop.M @@ -35,8 +35,8 @@ Kerberos server to a slave Kerberos server, which is specfied by .IR slave_host . This is done by transmitting the dumped database file to the slave server over an encrypted, secure channel. The dump file must be created -by kdb5_edit, and is normally KPROP_DEFAULT_FILE -(/krb5/slave_datatrans). +by kdb5_util, and is normally KPROP_DEFAULT_FILE +(/usr/local/var/krb5kdc/slave_datatrans). .SH OPTIONS .TP \fB\-r\fP \fIrealm\fP @@ -48,7 +48,7 @@ is used. \fB\-f\fP \fIfile\fP specifies the filename where the dumped principal database file is to be found; by default the dumped database file is KPROP_DEFAULT_FILE -(normally /krb5/slave_datatrans). +(normally /usr/local/var/krb5kdc/slave_datatrans). .TP \fB\-P\fP \fIport\fP specifies the port to use to contact the @@ -61,4 +61,4 @@ prints debugging information. \fB\-s\fP \fIkeytab\fP specifies the location of the keytab file. .SH SEE ALSO -kpropd(8), kdb5_edit(8), krb5kdc(8) +kpropd(8), kdb5_util(8), krb5kdc(8) diff --git a/src/slave/kprop.c b/src/slave/kprop.c index 3c4848135..0ddcc2fb1 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -324,7 +324,7 @@ open_connection(host, fd, Errmsg) return(0); } sin.sin_family = hp->h_addrtype; - memcpy((char *)&sin.sin_addr, hp->h_addr, hp->h_length); + memcpy((char *)&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr)); if(!port) { sp = getservbyname(KPROP_SERVICE, "tcp"); if (sp == 0) { diff --git a/src/slave/kpropd.M b/src/slave/kpropd.M index 3228ed953..e037a1121 100644 --- a/src/slave/kpropd.M +++ b/src/slave/kpropd.M @@ -35,7 +35,7 @@ kpropd \- Kerberos V5 slave KDC update server .I principal_database ] [ .B \-p -.I kdb5_edit_prog +.I kdb5_util_prog ] [ .B \-d ] [ @@ -52,7 +52,7 @@ is the server which accepts connections from the program. .I kpropd accepts the dumped KDC database and places it in a file, and then runs -.IR kdb5_edit (8) +.IR kdb5_util (8) to load the dumped database into the active database which is used by .IR krb5kdc (8). Thus, the master Kerberos server can use @@ -66,7 +66,7 @@ Normally, kpropd is invoked out of This is done by adding a line to the inetd.conf file which looks like this: -kprop stream tcp nowait root /krb5/bin/kpropd kpropd +kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd However, kpropd can also run as a standalone deamon, if the .B \-S @@ -84,13 +84,13 @@ is used. \fB\-f\fP \fIfile\fP specifies the filename where the dumped principal database file is to be stored; by default the dumped database file is KPROPD_DEFAULT_FILE -(normally /krb5/from_master). +(normally /usr/local/var/krb5kdc/from_master). .TP .B \-p allows the user to specify the pathname to the -.IR kdb5_edit (8) -program; by default the pathname used is KPROPD_DEFAULT_KDB5_EDIT -(normally /krb5/bin/kdb5_edit). +.IR kdb5_util (8) +program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL +(normally /usr/local/sbin/kdb5_util). .TP .B \-S turn on standalone mode. Normally, kpropd is invoked out of @@ -124,4 +124,4 @@ Access file for Each entry is a line containing the principal of a host from which the local machine will allow Kerberos database propagation via kprop. .SH SEE ALSO -kprop(8), kdb5_edit(8), krb5kdc(8), inetd(8) +kprop(8), kdb5_util(8), krb5kdc(8), inetd(8) diff --git a/src/slave/kslave_update b/src/slave/kslave_update index d6207de60..a4da274ff 100644 --- a/src/slave/kslave_update +++ b/src/slave/kslave_update @@ -1,16 +1,16 @@ #!/bin/sh # -# Propagate if database (principal.pag) has been modified since last dump +# Propagate if database (principal.db) has been modified since last dump # (dumpfile.dump_ok) or if database has been dumped since last successful # propagation (dumpfile..last_prop) -KDB_DIR=/krb5 +KDB_DIR=/usr/local/var/krb5kdc -KDB_FILE=$KDB_DIR/principal.page +KDB_FILE=$KDB_DIR/principal.db DUMPFILE=$KDB_DIR/slave_datatrans -KDB5_EDIT=/krb5/sbin/kdb5_edit -KPROP=/krb5/sbin/kprop - +KDB5_UTIL=/usr/local/sbin/kdb5_util +KPROP=/usr/local/sbin/kprop + SLAVE=$1 if [ -z "${SLAVE}" ] then @@ -23,7 +23,7 @@ if [ "`ls -t $DUMPFILE.dump_ok $KDB_FILE | sed -n 1p`" = "$KDB_FILE" -o \ then date - $KDB5_EDIT -R "ddb $DUMPFILE" >/dev/null + $KDB5_EDIT dump $DUMPFILE > /dev/null $KPROP -d -f $DUMPFILE ${SLAVE} rm $DUMPFILE diff --git a/src/tests/dejagnu/ChangeLog b/src/tests/dejagnu/ChangeLog index 52b0d0d13..619475c72 100644 --- a/src/tests/dejagnu/ChangeLog +++ b/src/tests/dejagnu/ChangeLog @@ -1,3 +1,7 @@ +Wed Nov 20 16:01:34 1996 Barry Jaspan + + * Makefile.in (check-): warn more loudly about unrun tests + Mon Oct 7 15:46:47 1996 Ezra Peisach * Makefile.in (HAVE_RUNTEST): Renamed from RUNTEST as diff --git a/src/tests/dejagnu/Makefile.in b/src/tests/dejagnu/Makefile.in index bab9ca766..50b97e7d4 100644 --- a/src/tests/dejagnu/Makefile.in +++ b/src/tests/dejagnu/Makefile.in @@ -7,7 +7,10 @@ all install:: check:: check-$(HAVE_RUNTEST) check-:: - @echo "Dejagnu is not installed on this system. No tests run." + @echo "+++" + @echo "+++ WARNING: tests/dejagnu tests not run." + @echo "+++ runtest is unavailable." + @echo "+++" check-runtest:: t_inetd site.exp $(HAVE_RUNTEST) --tool krb --srcdir $(srcdir) $(RUNTESTFLAGS) diff --git a/src/tests/dejagnu/config/ChangeLog b/src/tests/dejagnu/config/ChangeLog index 5416b6a5d..a03733756 100644 --- a/src/tests/dejagnu/config/ChangeLog +++ b/src/tests/dejagnu/config/ChangeLog @@ -1,3 +1,14 @@ +Mon Nov 25 14:23:06 1996 Theodore Y. Ts'o + + * defualt.exp: Ezra's fix so that the dejagnu tests don't bomb out + if KRB5_KTNAME is set for some reason. + +Tue Nov 19 15:13:30 1996 Tom Yu + + * default.exp (check_k5login): Check for principal + $env(USER)@$REALMNAME rather than simply $env(USER), so that + kuser_ok dtrt, hopefully. + Mon Nov 11 20:52:27 1996 Mark Eichin * dejagnu: set env(TERM) dumb, find ktutil diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 4e3ebeb07..9e728ca5b 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -134,6 +134,7 @@ if ![info exists SHELL_PROMPT] { proc check_k5login { testname } { global env + global REALMNAME if ![file exists ~/.k5login] { return 1 @@ -141,7 +142,7 @@ proc check_k5login { testname } { set file [open ~/.k5login r] while { [gets $file principal] != -1 } { - if { $principal == $env(USER) } { + if { $principal == "$env(USER)@$REALMNAME" } { close $file return 1 } @@ -760,6 +761,7 @@ proc start_kerberos_daemons { standalone } { global kadmind_pid global kadmind_spawn_id global tmppwd + global env if ![setup_kerberos_db 0] { return 0 @@ -818,6 +820,17 @@ proc start_kerberos_daemons { standalone } { # Give the kerberos daemon a few seconds to get set up. sleep 2 + + # + # Save setting of KRB5_KTNAME. We do not want to override kdc.conf + # file during kadmind startup. (this is in case user has KRB5_KTNAME + # set before starting make check) + # + if [info exists env(KRB5_KTNAME)] { + set start_save_ktname $env(KRB5_KTNAME) + } + catch "unset env(KRB5_KTNAME)" + if ![file exists $kadmind_lfile] then { catch [touch $kadmind_lfile] sleep 1 @@ -841,10 +854,20 @@ proc start_kerberos_daemons { standalone } { if {$count >= $retry} { fail "kadmin5 (starting)" + if [info exists start_save_ktname] { + set env(KRB5_KTNAME) $start_save_ktname + unset start_save_ktname + } stop_kerberos_daemons return 0 } + # Restore KRB5_KTNAME + if [info exists start_save_ktname] { + set env(KRB5_KTNAME) $start_save_ktname + unset start_save_ktname + } + switch -regexp [tail1 $kadmind_lfile] { "cannot initialize network" { fail "kadmind (network init)" diff --git a/src/tests/misc/test_getsockname.c b/src/tests/misc/test_getsockname.c index 12efa0641..b4f6cb44d 100644 --- a/src/tests/misc/test_getsockname.c +++ b/src/tests/misc/test_getsockname.c @@ -46,7 +46,7 @@ main(argc, argv) /* Set server's address */ (void) memset((char *)&s_sock, 0, sizeof(s_sock)); - memcpy((char *)&s_sock.sin_addr, host->h_addr, host->h_length); + memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); #ifdef DEBUG printf("s_sock.sin_addr is %s\n", inet_ntoa(s_sock.sin_addr)); #endif diff --git a/src/util/ChangeLog b/src/util/ChangeLog index 9a3cb27f8..4c5f1c633 100644 --- a/src/util/ChangeLog +++ b/src/util/ChangeLog @@ -1,3 +1,12 @@ +Mon Nov 25 21:00:24 1996 Tom Yu + + * mkrel: Add support for --srconly, --doconly, --nocheckout, + --repository, etc. They do the obvious things. + +Fri Nov 22 11:08:16 1996 Sam Hartman + + * makeshlib.sh (VERSION): Fix SunOS shared libs [226] + Tue Nov 12 17:32:08 1996 Barry Jaspan * send-pr/send-pr.sh (MAIL_AGENT): change "[-x" to "[ -x" diff --git a/src/util/db2/obj/ChangeLog b/src/util/db2/obj/ChangeLog index d2c8bb808..6f09fcd60 100644 --- a/src/util/db2/obj/ChangeLog +++ b/src/util/db2/obj/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 25 16:20:35 1996 Sam Hartman + + * Makefile.in (check): Remove install rule to fix pmake problem. [236] + Wed Sep 11 18:55:38 1996 Tom Yu * Makefile.in (memmove.o): add -DMEMMOVE to compile as memmove diff --git a/src/util/db2/obj/Makefile.in b/src/util/db2/obj/Makefile.in index 4445e37c6..0c022e273 100644 --- a/src/util/db2/obj/Makefile.in +++ b/src/util/db2/obj/Makefile.in @@ -56,10 +56,6 @@ check:: dbtest TMPDIR=$(TMPDIR) $(FCTSH) $(top_srcdir)/test/run.test install:: - cp $(LIBDB) $(libdir) - $(RANLIB) $(libdir)/$(LIBDB) - cp $(top_srcdir)/include/db.h $(includedir) - cp ../db-config.h $(includedir) clean:: rm -f $(ALL_OBJS) $(LIBDB) \ diff --git a/src/util/et/ChangeLog b/src/util/et/ChangeLog index 38d80eb7a..227dc7caf 100644 --- a/src/util/et/ChangeLog +++ b/src/util/et/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:37:19 1996 Ezra Peisach + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Wed Nov 13 19:19:08 1996 Tom Yu * Makefile.in (clean-unix): Remove shared/*. diff --git a/src/util/et/configure.in b/src/util/et/configure.in index 7b0cf00f7..15fd8d84d 100644 --- a/src/util/et/configure.in +++ b/src/util/et/configure.in @@ -25,5 +25,5 @@ AC_HEADER_STDARG AC_HAVE_HEADERS(stdlib.h) CopySrcHeader(com_err.h,$(BUILDTOP)/include) V5_SHARED_LIB_OBJS -V5_MAKE_SHARED_LIB(libcom_err,0.1,[$](TOPLIBD), ../util/et) +V5_MAKE_SHARED_LIB(libcom_err,1.0,[$](TOPLIBD), ../util/et) V5_AC_OUTPUT_MAKEFILE diff --git a/src/util/makeshlib.sh b/src/util/makeshlib.sh index 74c73b705..a8afb3b11 100644 --- a/src/util/makeshlib.sh +++ b/src/util/makeshlib.sh @@ -96,15 +96,16 @@ mips-sni-sysv4) optflags="" if test "$HAVE_GCC"x = "x" ; then - optflags="-h $library" + optflags="" + CC=ld else # XXX assumes that we're either using # recent gld (binutils 2.7?) or else using native ld - optflags="-Wl,-h -Wl,$library" + optflags="" fi echo ld -dp -assert pure-text $ldflags -o $library $optflags $FILES $libdirfl - ld -dp -assert pure-text $ldflags -o $library $optflags $FILES $libdirfl +ld -dp -assert pure-text $ldflags -o $library $optflags $FILES $libdirfl stat=$? ;; *-*-aix*) diff --git a/src/util/mkrel b/src/util/mkrel index 20b61a3af..d072dfc7f 100644 --- a/src/util/mkrel +++ b/src/util/mkrel @@ -1,12 +1,25 @@ #!/bin/sh -: ${repository=/afs/athena.mit.edu/astaff/project/krbdev/.cvsroot} -case $# in -2);; -*) - echo "usage: $0 release-tag release-dir" +repository=/afs/athena.mit.edu/astaff/project/krbdev/.cvsroot +dodoc=t +dosrc=t +checkout=t +while test $# -gt 2; do + case $1 in + --srconly) + dodoc=nil;; + --doconly) + dosrc=nil;; + --repository) + shift; repository=$1;; + --nocheckout) + checkout=nil;; + esac + shift +done +if test $# -lt 2; then + echo "usage: $0 [opts] release-tag release-dir" exit 1 - ;; -esac +fi reltag=$1 reldir=$2 @@ -24,37 +37,48 @@ if test ! -d $reldir; then fi echo "Checking out krb5 with tag $reltag into directory $reldir..." -(cd $reldir; cvs -q -d $repository export -r$reltag krb5) +if test $checkout = t; then + (cd $reldir; cvs -q -d $repository export -r$reltag krb5) +fi -echo "Building autoconf..." -(cd $reldir/src/util/autoconf - M4=gm4 ./configure - make) +if test $dosrc = t; then + echo "Building autoconf..." + (cd $reldir/src/util/autoconf + M4=gm4 ./configure + make) -echo "Creating configure scripts..." -(cd $reldir/src; util/reconf) + echo "Creating configure scripts..." + (cd $reldir/src; util/reconf) -echo "Cleaning src/util/autoconf..." -(cd $reldir/src/util/autoconf; make distclean) + echo "Cleaning src/util/autoconf..." + (cd $reldir/src/util/autoconf; make distclean) +fi echo "Nuking unneeded files..." find $reldir \( -name TODO -o -name todo -o -name .cvsignore \ -o -name BADSYMS -o -name .Sanitize \) -print \ | xargs rm -f -echo "Building doc..." -(cd $reldir/doc; make) +if test $dodoc = t; then + echo "Building doc..." + (cd $reldir/doc; make) +fi echo "Generating tarfiles..." -gtar --exclude $reldir/src/lib/crypto \ - --exclude $reldir/src/lib/des425 \ - -zcf ${reldir}.src.tar.gz $reldir +if test $dosrc = t; then + gtar --exclude $reldir/src/lib/crypto \ + --exclude $reldir/src/lib/des425 \ + --exclude $reldir/doc \ + -zcf ${reldir}.src.tar.gz $reldir -gtar zcf ${reldir}.crypto.tar.gz \ - $reldir/src/lib/crypto \ - $reldir/src/lib/des425 + gtar zcf ${reldir}.crypto.tar.gz \ + $reldir/src/lib/crypto \ + $reldir/src/lib/des425 +fi -gtar zcf ${reldir}.doc.tar.gz $reldir/doc $reldir/README +if test $dodoc = t; then + gtar zcf ${reldir}.doc.tar.gz $reldir/doc $reldir/README +fi ls -l ${reldir}.*.tar.gz diff --git a/src/util/pty/ChangeLog b/src/util/pty/ChangeLog index 8816ca86b..6482c6c23 100644 --- a/src/util/pty/ChangeLog +++ b/src/util/pty/ChangeLog @@ -1,3 +1,13 @@ +Thu Dec 5 22:43:35 1996 Theodore Y. Ts'o + + * update_utmp.c (pty_update_utmp): Apply platform specific patch + so that HPUX works. (Kludge for 1.0 release) [PR#40] + +Fri Nov 22 11:52:52 1996 Sam Hartman + + * configure.in : Make sure time_t is define [203] + * update_wtmp.c (ptyint_update_wtmp): Use time_t for call to time(2). [203] + Fri Nov 15 08:33:54 1996 Ezra Peisach * update_utmp.c (pty_update_utmp): Handle case where utmp uses diff --git a/src/util/pty/configure.in b/src/util/pty/configure.in index 2394debbe..3c6386af7 100644 --- a/src/util/pty/configure.in +++ b/src/util/pty/configure.in @@ -50,6 +50,7 @@ dnl AC_SUBST(LOGINLIBS) dnl AC_TYPE_MODE_T +AC_CHECK_TYPE(time_t, int) AC_FUNC_CHECK(strsave,AC_DEFINE(HAS_STRSAVE)) AC_HAVE_FUNCS(getutent setreuid gettosbyname setsid ttyname line_push ptsname grantpt openpty logwtmp getutmpx) AC_CHECK_HEADERS(unistd.h stdlib.h string.h utmpx.h utmp.h sys/filio.h sys/sockio.h sys/label.h sys/tty.h ttyent.h lastlog.h sys/select.h sys/ptyvar.h) diff --git a/src/util/pty/update_utmp.c b/src/util/pty/update_utmp.c index 9effab134..3b1f74185 100644 --- a/src/util/pty/update_utmp.c +++ b/src/util/pty/update_utmp.c @@ -137,8 +137,14 @@ long pty_update_utmp (process_type, pid, username, line, host, flags) utx.ut_type = ent.ut_type; #ifdef UT_EXIT_STRUCTURE_DIFFER utx.ut_exit.ut_exit = ent.ut_exit.e_exit; +#else +/* KLUDGE for now; eventually this will be a feature test... See PR#[40] */ +#ifdef __hpux + utx.ut_exit.__e_termination = ent.ut_exit.e_termination; + utx.ut_exit.__e_exit = ent.ut_exit.e_exit; #else utx.ut_exit = ent.ut_exit; +#endif #endif utx.ut_tv.tv_sec = ent.ut_time; utx.ut_tv.tv_usec = 0; diff --git a/src/util/pty/update_wtmp.c b/src/util/pty/update_wtmp.c index c2f9461ec..7f6890230 100644 --- a/src/util/pty/update_wtmp.c +++ b/src/util/pty/update_wtmp.c @@ -40,6 +40,7 @@ long ptyint_update_wtmp (ent , host, user) struct utmp ut; struct stat statb; int fd; + time_t uttime; #ifdef HAVE_UPDWTMPX struct utmpx utx; @@ -71,7 +72,8 @@ long ptyint_update_wtmp (ent , host, user) #ifndef NO_UT_HOST (void)strncpy(ut.ut_host, ent->ut_host, sizeof(ut.ut_host)); #endif - (void)time(&ut.ut_time); + (void)time(&uttime); + ut.ut_time = uttime; #if defined(HAVE_GETUTENT) && defined(USER_PROCESS) if (ent->ut_name) { if (!ut.ut_pid) diff --git a/src/util/send-pr/Makefile.in b/src/util/send-pr/Makefile.in index c2fc7eb49..82e6c79a2 100644 --- a/src/util/send-pr/Makefile.in +++ b/src/util/send-pr/Makefile.in @@ -1,4 +1,4 @@ -# +#l # Makefile for building a standalone send-pr. # RELEASE=1.0 @@ -24,19 +24,19 @@ install-sid: install-sid.sh sed -e 's,@ADMIN_BINDIR@,$(ADMIN_BINDIR),g' $(srcdir)/install-sid.sh > install-sid install:: all - if [ -d $(prefix) ]; then true ; else mkdir $(prefix) ; fi - if [ -d $(ADMIN_BINDIR) ]; then true ; else mkdir $(ADMIN_BINDIR) ; fi - cp send-pr $(ADMIN_BINDIR)/$(sendprname) - chmod 755 $(ADMIN_BINDIR)/$(sendprname) - if [ -d $(datadir) ] ; then true ; else mkdir $(datadir) ; fi - if [ -d $(datadir)/gnats ] ; then true ; else mkdir $(datadir)/gnats ; fi - cp $(srcdir)/categories $(datadir)/gnats/mit - chmod 644 $(datadir)/gnats/mit - -parent=`echo $(man1dir)|sed -e 's@/[^/]*$$@@'`; \ + if [ -d $(DESTDIR)$(prefix) ]; then true ; else mkdir $(DESTDIR)$(prefix) ; fi + if [ -d $(DESTDIR)$(ADMIN_BINDIR) ]; then true ; else mkdir $(DESTDIR)$(ADMIN_BINDIR) ; fi + cp send-pr $(DESTDIR)$(ADMIN_BINDIR)/$(sendprname) + chmod 755 $(DESTDIR)$(ADMIN_BINDIR)/$(sendprname) + if [ -d $(DESTDIR)$(datadir) ] ; then true ; else mkdir $(DESTDIR)$(datadir) ; fi + if [ -d $(DESTDIR)$(datadir)/gnats ] ; then true ; else mkdir $(DESTDIR)$(datadir)/gnats ; fi + cp $(srcdir)/categories $(DESTDIR)$(datadir)/gnats/mit + chmod 644 $(DESTDIR)$(datadir)/gnats/mit + -parent=`echo $(DESTDIR)$(man1dir)|sed -e 's@/[^/]*$$@@'`; \ if [ -d $$parent ] ; then true ; else mkdir $$parent ; fi - if [ -d $(man1dir) ] ; then true ; else mkdir $(man1dir) ; fi - cp $(srcdir)/send-pr.1 $(man1dir)/$(sendprname).1 - chmod 644 $(man1dir)/$(sendprname).1 + if [ -d $(DESTDIR)$(man1dir) ] ; then true ; else mkdir $(DESTDIR)$(man1dir) ; fi + cp $(srcdir)/send-pr.1 $(DESTDIR)$(man1dir)/$(sendprname).1 + chmod 644 $(DESTDIR)$(man1dir)/$(sendprname).1 clean:: rm -f install-sid send-pr send-pr.el* diff --git a/src/windows/cns/ChangeLog b/src/windows/cns/ChangeLog index 3ca9e9607..6526c65e0 100644 --- a/src/windows/cns/ChangeLog +++ b/src/windows/cns/ChangeLog @@ -1,3 +1,11 @@ +Sat Nov 23 00:26:44 1996 Theodore Ts'o + + * Makefile.in (KLIB): Change krb516.dll to krb5_16.dll. [PR#204] + +Wed Nov 20 18:32:06 1996 Theodore Y. Ts'o + + * Makefile.in (KLIB): Change libkrb5.dll to be krb516.dll + Wed Jun 12 00:20:08 1996 Theodore Ts'o * makefile: Renamed to Makefile.in, so that we can do WIN16/WIN32 diff --git a/src/windows/cns/Makefile.in b/src/windows/cns/Makefile.in index 3fae32b43..6ef265c03 100644 --- a/src/windows/cns/Makefile.in +++ b/src/windows/cns/Makefile.in @@ -23,7 +23,7 @@ XOBJS = !if $(KVERSION) == 5 BUILDTOP =..\.. LIBDIR = $(BUILDTOP)\lib -KLIB = $(LIBDIR)\libkrb5.lib +KLIB = $(LIBDIR)\krb5_16.lib WLIB = $(LIBDIR)\winsock.lib INCLUDES = /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5 XOBJS = kpasswd.obj diff --git a/src/windows/gss/ChangeLog b/src/windows/gss/ChangeLog index 5681c50fa..b2fa4d7b3 100644 --- a/src/windows/gss/ChangeLog +++ b/src/windows/gss/ChangeLog @@ -1,7 +1,13 @@ +Fri Nov 22 15:52:55 1996 unknown + + * gss-client.c (connect_to_server): use sizeof instead of h_length + to determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Tue Oct 29 10:17:25 1996 Theodore Y. Ts'o * gss-client.c (client_establish_context): Fix typo; service_name - really should be nt_service_name. + really should be nt_service_name. Thu Jul 25 02:16:56 1996 Theodore Y. Ts'o diff --git a/src/windows/gss/gss-client.c b/src/windows/gss/gss-client.c index 0a98774b4..d5e8972b3 100644 --- a/src/windows/gss/gss-client.c +++ b/src/windows/gss/gss-client.c @@ -154,7 +154,7 @@ connect_to_server (char *host, u_short port) } saddr.sin_family = hp->h_addrtype; - memcpy((char *)&saddr.sin_addr, hp->h_addr, hp->h_length); + memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr)); saddr.sin_port = htons(port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { diff --git a/src/windows/wintel/ChangeLog b/src/windows/wintel/ChangeLog index 521c68f58..ea8b75ff9 100644 --- a/src/windows/wintel/ChangeLog +++ b/src/windows/wintel/ChangeLog @@ -1,3 +1,11 @@ +Sat Nov 23 00:27:45 1996 Theodore Ts'o + + * Makefile.in (KLIB): Change krb516.dll to krb5_16.dll. [PR#204] + +Wed Nov 20 18:32:26 1996 Theodore Y. Ts'o + + * Makefile.in (KLIB): Change libkrb5.dll to be krb516.dll + Wed Jun 12 00:22:02 1996 Theodore Ts'o * makefile: Renamed to Makefile.in, so that we can do WIN16/WIN32 diff --git a/src/windows/wintel/Makefile.in b/src/windows/wintel/Makefile.in index 7134945df..5f49bcf6e 100644 --- a/src/windows/wintel/Makefile.in +++ b/src/windows/wintel/Makefile.in @@ -24,7 +24,7 @@ XOBJS = !if $(KVERSION) == 5 BUILDTOP =..\.. LIBDIR = $(BUILDTOP)\lib -KLIB = $(LIBDIR)\libkrb5.lib +KLIB = $(LIBDIR)\krb5_16.lib WLIB = $(LIBDIR)\winsock.lib INCLUDES = /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5 \ /I$(BUILDTOP)\lib\crypto\des -- 2.26.2