1 2000-06-19 Tom Yu <tlyu@mit.edu>
3 * krshd.c (recvauth): Call krb5_recvauth_version() rather than
4 calling krb5_recvauth() with arguments intended for
5 krb5_recvauth_version().
7 * kcmd.c: Conditionalize krb_sendauth prototype based on sense of
10 2000-06-15 Tom Yu <tlyu@mit.edu>
12 * login.c (try_convert524): Add use_ccache argument. Handle case
13 where we have gotten v5 creds via password being entered and don't
14 crash in that case, since previous code was assuming that v5 creds
15 were always being provided. Adapted from patch by Bob Basch.
17 2000-06-10 Ken Raeburn <raeburn@mit.edu>
19 * krcp.c (main): Fix logic again, this time in the "success"
20 case. If there's a problem retrieving the new-protocol subkey,
21 print a message and exit, don't fall back.
22 * krsh.c (main): Ditto; don't look at enctype to try to guess
23 protocol version. Delete unused variable "similar".
25 2000-06-09 Ken Raeburn <raeburn@mit.edu>
27 * krlogin.c (main): Rework fallback logic. Fall back to k4cmd
28 unless encryption and the new protocol were both requested.
30 * krsh.c (main): Rework fallback logic. Fall back to k4cmd if new
31 protocol wasn't requested.
33 * krcp.c (main): Revert setting of AP_OPTS_MUTUAL_REQUIRED
34 unconditionally, which was added by mistake with last set of
35 patches. If kcmd fails and the new protocol is requested, don't
38 2000-05-31 Ken Raeburn <raeburn@mit.edu>
40 * Makefile.in (kcmd.o, krcp.o, krlogin.o, krlogind.o, krsh.o,
41 krshd.o): Depend on defines.h.
42 * krlogind.c: Include defines.h.
45 * defines.h (enum kcmd_proto): New type.
46 (rcmd_stream_read, rcmd_stream_write, getport,
47 rcmd_stream_init_krb5): Add prototypes.
49 * kcmd.c (use_ivecs): New variable.
50 (encivec_i, encivec_o): Each is now an array of two elements.
51 (input, output, twrite, krb5_write_message, krb5_net_read,
52 krb5_net_write, krb_sendauth): Add prototypes.
53 (kcmd): New argument PROTONUMP points to enum kcmd_proto. If
54 value is KCMD_PROTOCOL_COMPAT_HACK, set it to KCMD_NEW_PROTOCOL or
55 KCMD_OLD_PROTOCOL depending on session key type. Use subkeys for
56 new protocol. Callers updated.
57 (normal_read, v5_des_read, v4_des_read, twrite, v5_des_write,
58 v4_des_write, rcmd_stream_write, rcmd_stream_read): Take
59 additional argument indicating whether the fd is for the secondary
60 channel; ignored except in some v5 cases. Callers updated.
61 (rcmd_stream_init_krb5): New argument, kcmd protocol version. Set
62 up ivecs for secondary channel in each direction with values 0x2
63 ior primary channel value. Callers updated.
64 (v5_des_read, v5_des_write): For new protocol, plaintext now has
65 its length prepended but not counted.
67 * krcp.c (main): Set kcmd protocol version based on command line,
68 not on encryption type. Default to COMPAT_HACK.
69 * krsh.c (main): Ditto.
70 * krlogin.c (main): Ditto.
72 * krlogind.c (recvauth): Use new krb5_compat_recvauth_version
73 routine. Determine client's kcmd protocol version and initialize
75 * krshd.c (recvauth): Ditto.
77 2000-05-19 Nalin Dahyabhai <nalin@redhat.com>
78 Ken Raeburn <raeburn@mit.edu>
80 * krcp.c (sink): bail if the target directory/file name is too long
81 * krlogind.c (recvauth, krb4 compat): truncate user name if the
82 principal's root would be too long to be valid
83 * v4rcp.c (sink): bail if the target directory/file name is too long
85 2000-05-18 Tom Yu <tlyu@mit.edu>
87 * krshd.c: Shuffle inclusion of defines.h so that some krb5
88 structures are declared prior to the kcmd() prototype.
90 2000-05-16 Ken Raeburn <raeburn@mit.edu>
92 * defines.h (kcmd): Add prototype.
93 * krcp.c (main): Add extra arg to a kcmd call I missed yesterday.
95 2000-05-15 Ken Raeburn <raeburn@mit.edu>
97 * krcp.c (main): Fix some conditionalizations to make proper
100 * kcmd.c (encivec_i, encivec_o): New variables replace old single
102 (rcmd_stream_init_krb5): New argument am_client, used to
103 initialize both ivec values.
104 * krcp.c (main, answer_auth): Pass new argument.
105 * krlogin.c (main): Ditto.
106 * krlogind.c (recvauth): Ditto.
107 * krsh.c (main): Ditto.
108 * krshd.c (recvauth): Ditto.
110 * defines.h (OPTS_FORWARD_CREDS, OPTS_FORWARDABLE_CREDS): Change
111 numbers so they don't conflict with AP_OPTS_USE_SUBKEY.
112 * kcmd.c (kcmd): New argument authconp, used to return the auth
113 context to the caller if desired.
114 * krlogin.c (auth_context): New variable.
115 (main): Request a subkey from sendauth. Get the auth context from
116 kcmd so we can retrieve the subkey. If non-DES session key is
117 being used, pass the subkey to rcmd_stream_init_krb5 instead of
118 the session key; fail if no subkey is found and encryption is
120 * krlogind.c (recvauth): If a non-DES session key is being used,
121 pass the client-provided subkey to rcmd_stream_init_krb5.
122 * krcp.c (main): Set up and use subkey as above.
123 * krsh.c (main): Set up and use subkey as above.
124 * krshd.c (recvauth): Accept and use subkey as above.
126 2000-05-08 Ken Raeburn <raeburn@mit.edu>
128 * v4rcp.c (main, case 'k'): Make sure krb_realm is
131 2000-04-27 Nalin Dahyabhai <nalin@redhat.com>
133 * krlogin.c (main): Don't overflow buffer "term".
134 * krshd.c (doit): Don't overflow buffer "cmdbuf".
135 * login.c (afs_login): Don't overflow buffer "aklog_path".
137 2000-03-24 Ken Raeburn <raeburn@mit.edu>
139 * configure.in: Check for alpha*-dec-osf* instead of
142 2000-03-15 Ken Raeburn <raeburn@mit.edu>
143 Mark D. Roth <roth@uiuc.edu>
145 * login.c (update_ref_count): Copy passwd info before calling
146 getuserattr, to keep data from getting clobbered. Patch from Mark
149 2000-02-28 Ken Raeburn <raeburn@mit.edu>
151 * krlogin.c (main): Don't output debugging messages if debugging
154 2000-02-10 Ken Raeburn <raeburn@mit.edu>
156 * login.c (main): Only destroy xtra_creds if non-null. (Patch
159 2000-02-04 Tom Yu <tlyu@mit.edu>
161 * login.c (main): Reorder some control flow to avoid security hole
162 if KRB4_GET_TICKETS is not defined.
164 2000-01-27 Ken Raeburn <raeburn@mit.edu>
166 * krlogin.c (speeds): Added some comments from net recommending
167 not extending the list to higher values.
169 1999-11-23 Ken Raeburn <raeburn@mit.edu>
171 * login.c (k_init): Call krb5_init_secure_context instead of
172 krb5_init_context and krb5_secure_config_files.
174 1999-10-26 Tom Yu <tlyu@mit.edu>
176 * Makefile.in: Clean up usage of CFLAGS, CPPFLAGS, DEFS, DEFINES,
177 LOCAL_INCLUDES such that one can override CFLAGS from the command
178 line without losing CPP search patchs and defines. Some associated
179 Makefile cleanup. [from wsanchez@apple.com]
181 1999-09-01 Ken Raeburn <raeburn@mit.edu>
183 * krlogin.c (main): Error out if -D isn't followed by another
184 argument. Based on patch from Brad Thompson.
186 * krshd.c (v4_kdata, v4_ticket): Don't define if KRB5_KRB4_COMPAT
187 is not defined. Patch from Brad Thompson.
189 * kcmd.c (kcmd): If krb5_get_credentials returns a nonzero error
190 code, print an error message before returning.
192 * krlogin.c (main): If ospeed is outside of compiled-in table
193 index range but not high enough to be a baud rate, use the highest
196 1999-08-24 Tom Yu <tlyu@mit.edu>
198 * Makefile.in (kshd): Remove $(LOGINLIBS) from kshd dependencies.
200 1999-08-02 Ken Raeburn <raeburn@mit.edu>
201 and Brad Thompson <yak@mit.edu>
203 Patches from Brad Thompson for building without krb4
205 * krshd.c: Include sys/socket.h and netdb.h if KRB5_KRB4_COMPAT
207 (doit): Cast pointer argument to getsockname.
208 (recvauth): Do krb4 stuff only if KRB5_KRB4_COMPAT is defined;
209 otherwise, skip it and call krb5_recvauth.
210 * kcmd.c (do_lencheck): Define even if !KRB5_KRB4_COMPAT.
212 1999-07-26 Ken Raeburn <raeburn@mit.edu>
214 * login.c (main): Fix typo in computing strncpy length for shell
217 Sat Jul 24 08:50:39 1999 Ezra Peisach <epeisach@mit.edu>
219 * Makefile.in (kshd): Add $(LOGINLIBS).
221 1999-07-09 Ken Raeburn <raeburn@mit.edu>
223 AIX 4.3.2 changes based on bug report from Joshua Lackey,
224 lackeyj@austin.ibm.com:
225 * configure.in: Check for rmufile function.
226 * login.c (update_ref_count) [! HAVE_RMUFILE]: Call putgroupattr
227 with SEC_DELETE before SEC_COMMIT; don't call rmufile.
229 Fri Mar 12 19:01:35 1999 Tom Yu <tlyu@mit.edu>
231 * Makefile.in (kshd): Add $(LOGINLIBS).
233 Mon Mar 8 19:21:23 1999 Tom Yu <tlyu@mit.edu>
235 * kshd.M: Resync manpage.
237 * krshd.c: Rework hostname logging.
239 Wed Feb 24 20:05:40 1999 Tom Yu <tlyu@mit.edu>
241 * klogind.M: Resync manpage.
243 * krlogind.c: Rework flags for hostname logging.
245 Mon Feb 22 22:26:32 1999 Tom Yu <tlyu@mit.edu>
247 * kcmd.c (kcmd): Fix up to not call sname_to_principal until after
248 all the addresses in hp have been iterated through to avoid
249 smashing. [krb5-appl/516]
251 * kcmd.c (k4cmd): Move call to krb_realmofhost() to avoid smashing
254 Wed Feb 17 17:24:11 1999 Tom Yu <tlyu@mit.edu>
256 * klogind.M: Document things a little better, including new
257 options controlling hostname manipulation.
259 * krlogind.c: Make use of pty_make_sane_hostname() for purposes of
260 manipulating hostname to pass to login. Also unconditionally
261 syslog IP address and full hostname of remote host. Add command
262 line options to control such behavior.
264 * configure.in: Add arpa/nameser.h to CHECK_HEADERS.
266 Wed Jan 20 21:42:41 1999 Tom Yu <tlyu@mit.edu>
268 * login.c (main): Call setluid().
270 * krshd.c (doit): Call setluid().
272 * configure.in: Check for setluid() rather than main() in
275 1998-11-28 Sam Hartman <hartmans@mesas.com>
277 * krshd.c krsh.c: Use RCMD_BUFSIZ not RSH_BUFSIZE [krb5-appl/678]
279 * kcmd.c: Move RCMD_BUFSIZ into defines.h
281 1998-11-16 Geoffrey King <gjking@mit.edu>
283 * login.c (login_get_kconf): Also test whether *kconf_val is null
284 rather than just kconf_val before passing *kconf_val to
285 conf_affirmative (where strcasecmp will choke on it
286 if it is in fact null).
288 1998-11-13 Theodore Ts'o <tytso@rsts-11.mit.edu>
290 * Makefile.in: Set the myfulldir and mydir variables (which are
291 relative to buildtop and thisconfigdir, respectively.)
294 1998-10-24 Marc Horowitz <marc@mit.edu>
296 * login.c: update to new get_creds API
298 * krlogin.c (main, oob, server_message, control), krlogind.c
299 (sendoob, protocol, recvauth): If the enctype is not
300 similar to DES, use an inband signalling protocol instead
301 of MSG_OOB data to indicate status changes.
303 * kcmd.c (rcmd_stream_init_krb5, v5_des_read, v5_des_write):
304 update to new crypto API. Add ivec chaining to
305 encryption when the enctype is not similar to DES as part
308 1998-10-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
310 * krshd.c (doit): Apply ghudson's patch so that rshd passes the
311 port numbers for the local and foreign addresses so that
312 the V4 encrypted RCP will work correctly. [krb5-appl/638]
313 * v4rcp.c (answer_auth): Apply ghudson's patch so that if
314 KRB5LOCALPORT and KRB5REMOTEPORT are set, use them to set
315 the foreign and local ports so that encrypted rcp for the
316 same machine. [krb5-appl/638]
318 Tue Aug 18 16:48:02 1998 Tom Yu <tlyu@mit.edu>
320 * krlogin.c: Add <sys/filio.h> for FIONREAD.
322 Sat Aug 15 00:01:15 1998 Geoffrey King <gjking@mit.edu>
324 * krcp.c (error): Don't call rcmd_stream_write if iamremote is not
325 set, because it expects a valid file descriptor [krb5-appl/359].
326 Also, remove mistakenly duplicated comment above the function.
328 Mon Jul 27 00:06:20 1998 Geoffrey King <gjking@mit.edu>
330 * krlogin.c (main): Apply ghudson's patch so that rlogin -a
331 no longer dumps core. [krb5-appl/612]
333 Sun Jul 26 23:46:36 1998 Sam Hartman <hartmans@utwig.mesas.com>
335 * login.c (main): Allow krb524 conversion for forwarded tickets
336 (try_convert524): Don't check to see if we have tickets here; caller does that and actually gets it right.
338 1998-05-26 Theodore Ts'o <tytso@rsts-11.mit.edu>
340 * login.c (dolastlog): BSD 4.4 systems don't have lastlog.h, but
341 still define struct lastlog somewhere. Included from Dima
342 Ruban's FreeBSD patches.
344 * krlogin.c: Include sys/ioctl_compat.h if it is present (instead
347 * loginpaths.h (LPATH): If the OS provides _PATH_DEFPATH, use it
348 to define LPATH and RPATH.
350 * login.c: #include paths.h if present, and use it to set the
351 pathnames for certain common files.
353 * configure.in (withval): Check for <sys/ioctl_compat.h> and
356 Sat May 16 16:07:42 1998 Tom Yu <tlyu@mit.edu>
358 * login.c: Replace strcpy with strncpy in places. Add nul
359 termination to some existing invocations of strncpy.
361 1998-05-06 Theodore Ts'o <tytso@rsts-11.mit.edu>
363 * configure.in: Add a check for the header file krb4-proto.h.
364 Replace file existence tests for /etc/environment and
365 /etc/TIMEZONE with K5_AC_CHECK_FILES.
369 * krlogind.c (main): POSIX states that getopt returns -1 when it
370 is done parsing options, not EOF.
372 Sat Feb 28 10:44:46 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
374 * configure.in: Clean up configure script. Check $cross_compiling
375 instead of (no longer correct) cache variable; remove
376 obsolete AC_C_CROSS. Use AC_CHECK_FUNCS instead of
377 individual AC_FUNC_CHECK calls for speed. Change checks
378 for strsave and utimes to use AC_CHECK_FUNCS
380 * krcp.c, v4rcp.c: Change usages of HAS_STRSAVE and HAS_UTIMES to
383 Tue Feb 24 14:52:33 1998 Tom Yu <tlyu@mit.edu>
385 * kcmd.c: Integrate ghudson's changes for client-side krb4
386 compatibility. [krb5-appl/483]
388 * krcp.c: Integrate ghudson's changes for client-side krb4
389 compatibility. [krb5-appl/483]
391 * krlogin.c: Integrate ghudson's changes for client-side krb4
392 compatibility. [krb5-appl/483]
394 * krlogind.c: Integrate ghudson's changes for client-side krb4
395 compatibility. [krb5-appl/483]
397 * krsh.c: Integrate ghudson's changes for client-side krb4
398 compatibility. [krb5-appl/483]
400 * krshd.c: Integrate ghudson's changes for client-side krb4
401 compatibility. [krb5-appl/483]
403 Sun Feb 22 19:16:12 1998 Tom Yu <tlyu@mit.edu>
405 * v4rcp.c: Punt nastiness to redefine setreuid, as we don't use
408 * krcp.c: Use krb5_seteuid(). [krb5-libs/505] Fix up inclusions
409 to use <> rather than "".
411 Wed Feb 18 15:26:52 1998 Tom Yu <tlyu@mit.edu>
413 * Makefile.in: Remove trailing slash from thisconfigdir. Fix up
414 BUILDTOP for new conventions.
416 Mon Feb 2 17:02:29 1998 Theodore Ts'o <tytso@rsts-11.mit.edu>
418 * Makefile.in: Define BUILDTOP and thisconfigdir in the Makefile
420 Tue Jan 20 21:42:06 1998 Tom Yu <tlyu@mit.edu>
422 * krlogind.c (protocol): Declare pibuf and fibuf as being BUFSIZ
423 bytes long, rather than 1024. Fixes an Irix bug. [krb5-appl/527]
425 Fri Dec 19 18:19:42 1997 Dan Winship <danw@mit.edu>
427 * login.c (try_afscall): try_afscall doesn't work / isn't needed
428 on systems without SIGSYS
430 Thu Dec 11 23:20:20 1997 Tom Yu <tlyu@mit.edu>
435 * v4rcp.c: Don't include netdb.h or sys/socket.h if krb.h is
436 included; this works around an Ultrix bug where those headers
437 aren't protected against multiple inclusion.
439 Thu Nov 20 16:42:54 1997 Tom Yu <tlyu@mit.edu>
441 * krlogind.c (recvauth): Fix args in call to
442 rd_and_store_for_creds. [krb5-appl/502]
444 Mon Nov 17 20:55:31 1997 Tom Yu <tlyu@mit.edu>
446 * krshd.c: Don't set checksum_ignored to 1 if checksum_required is
447 0; also, if a krb5 client passes in a checksum, check it
448 regardless of whether checksum_required is true. [krb5-appl/500]
450 Wed Nov 12 19:03:02 1997 Tom Yu <tlyu@mit.edu>
452 * forward.c (rd_and_store_for_creds): Don't do the chown. Avoids
453 a security hole. [krb5-appl/494]
455 * krshd.c (recvauth): chown the ccache explicitly, as
456 rd_and_store_for_creds no longer does so. [krb5-appl/494]
458 Thu Nov 6 22:04:26 1997 Theodore Y. Ts'o <tytso@mit.edu>
460 * v4rcp.c: Use error_message(errno) instead of using
461 sys_errlist[errno]. This avoids the hair of deciding
462 whether or not we need to declare sys_errlist or use
463 strerror(), etc., since com_err has all of that complexity
464 anyway. Also fixed lots of -Wall nits.
466 Mon Nov 3 15:25:48 1997 Tom Yu <tlyu@mit.edu>
468 * krlogind.c (doit): Fix up potential buffer overrun.
471 * krlogin.c (main): Fix up potential buffer overrun.
473 * krcp.c (hosteq): Fix up potential buffer overrun.
475 Tue Oct 7 18:01:15 1997 Theodore Y. Ts'o <tytso@mit.edu>
477 * v4rcp.M: Removed useless .so to a non-existent macro file.
479 Tue Sep 2 19:44:21 1997 Tom Yu <tlyu@mit.edu>
481 * krlogind.c (main): Changes to allow for standalone daemon
482 operation. Use the "-f" flag to enable. This automagically
483 figures out which port to bind to if you don't specify it.
485 Mon Jun 30 13:21:34 1997 Kevin L Mitchell <klmitch@mit.edu>
487 * login.c (dofork): Solaris 2.4 puts killpg in the bsd compatibility
488 libraries. Autoconf correctly determined that it wasn't
489 available, but it wasn't conditionalized out. Added the
490 conditional, using kill(-child, SIGHUP) as a replacement,
493 Thu Jun 5 15:56:54 1997 Theodore Ts'o <tytso@rsts-11.mit.edu>
495 * login.c: Always use the new tty line discpline. [krb5-appl/428]
497 * login.c: If a hangup signal is received, pass it onto the child.
500 Fri Mar 28 01:05:27 1997 Theodore Y. Ts'o <tytso@mit.edu>
502 * login.c (NO_MOTD): If we're on an SGI machine, don't do the MOTD
503 or MAILCHECK thing, since it's done by /etc/cshrc magic.
504 (SGI's don't define __SVR4, even though it's SVR4
505 derived). [krb5-appl/158]
507 * krlogin.c (try_normal): When falling back to the normal rlogin,
508 clear the signal mask, so that the child rlogin handles
509 SIGUSR1 (which is used for window size changes) correctly.
512 Tue Mar 18 12:34:03 1997 Sam Hartman <hartmans@luminous.MIT.EDU>
514 [326] * login.c(doit): Preserve terminal even without -p.
516 Thu Feb 27 10:58:07 1997 Sam Hartman <hartmans@luminous.MIT.EDU>
518 * krshd.c: Allow user to login with / as home directory if homedir
521 Sat Feb 22 00:54:06 1997 Sam Hartman <hartmans@luminous.MIT.EDU>
523 * krlogin.c (mode): Clean up Posix terminal handling for NetBSD.
525 Tue Feb 18 18:03:55 1997 Richard Basch <basch@lehman.com>
527 * krcp.c: Replace krb5_xfree with krb5_free_data_contents
528 * kcmd.c krlogind.c krshd.c: Use free instead of internal krb5_xfree
529 * krlogin.c: Fixed 8bit character flow under Solaris
530 * kcmd.c: getport() lets the OS pick the port rather than scanning
531 * krshd.c: Don't bother to set lport before calling getport(&lport)
533 Sat Dec 28 21:06:43 1996 Sam Hartman <hartmans@luminous.MIT.EDU>
535 * login.c: Force environment variables like HOME to be set even if
538 Wed Feb 5 20:56:03 1997 Tom Yu <tlyu@mit.edu>
541 * configure.in: Update to new program build procedure.
543 Tue Dec 24 16:08:41 1996 Tom Yu <tlyu@mit.edu>
545 * configure.in: Fix up "test $ac_cv_c_cross" to deal with
546 autoconf-2.12, since that variable can be set to a null string.
548 Fri Dec 6 00:53:08 1996 Theodore Y. Ts'o <tytso@mit.edu>
550 * v4rcp.c: Extend the platform-specific braindamage so that
551 FreeBSD works. This whole file is eventually going to
552 need serious rototilling to make it even vaguely correct.
555 Fri Dec 6 00:02:25 1996 Tom Yu <tlyu@mit.edu>
557 * loginpaths.h: Add catch-all entries for LPATH and RPATH in case
558 we run across something that we haven't hardcoded paths for
561 Thu Dec 5 21:58:28 1996 Tom Yu <tlyu@mit.edu>
563 * login.M: v5srvtab -> krb5.keytab [279]
565 Sun Nov 24 23:35:22 1996 Ezra Peisach <epeisach@mit.edu>
567 * login.c (try_afscall): Change to take pointer to function
568 instead of only calling setpag(). [krb5-appl/190]
570 Fri Nov 22 15:46:46 1996 unknown <bjaspan@mit.edu>
572 * kcmd.c (kcmd): use sizeof instead of h_length to determine
573 number of bytes of addr to copy from DNS response [krb5-misc/211]
575 Thu Nov 14 14:30:28 1996 Barry Jaspan <bjaspan@mit.edu>
577 * krcp.c: don't print our own error message if kcmd returns -1 (it
578 always printed something in that case, and error_message(-1)
579 prints a mess [krb5-appl/70]
581 Mon Nov 11 23:38:05 1996 Mark Eichin <eichin@cygnus.com>
583 * krshd "plumbing" fixes
585 Tue Jun 25 19:51:07 1996 Mark Eichin <eichin@cygnus.com>
587 * krshd.c (doit): ignore SIGPIPE in the child, check the return
588 status of write instead.
589 Added comments labelling the various file descriptors.
590 Cleaned up formatting somewhat.
591 Check for failure of write to child stdin pipe, and stop reading.
592 Check for output from child before checking for input from net, to
593 reduce potential for missed output.
594 (cleanup): moved before doit, to eliminate need for declaration.
595 Added an argument, to allow reporting of what signal kshd died
596 on, and report that the daemon terminated, not the shell.
598 Thu Jun 20 18:54:04 1996 Mark Eichin <eichin@cygnus.com>
600 * krshd.c: fix global-change typo in !KERBEROS branch.
602 Mon Nov 11 15:00:25 1996 Mark Eichin <eichin@cygnus.com>
604 * Makefile.in, configure.in, krshd.c, v4rcp.M, v4rcp.c: added
605 kerberos V4 rcp -x support from Cygnus tree.
606 * Makefile.in, configure.in: added support for not building v4rcp
607 if --without-krb4 is used.
609 Sun Aug 11 17:30:39 1996 Chris Provenzano <proven@cygnus.com>
611 * v4rcp.c : #include <fcntl.h> for O_* flags.
613 Mon Jul 8 13:44:39 1996 Mark Eichin <eichin@cygnus.com>
615 * v4rcp.c (getdtablesize): eliminate local copy.
616 (kstream_write): eliminate srandom/random in favor of
617 krb5_random_confounder.
618 Add sys/socket.h to includes (v4 had it internal to krb.h.)
619 (utimes): clone utimes-emulation from v5 krcp.c (should perhaps be
620 changed to use AC_REPLACE_FUNC...)
623 Sat Jul 6 16:39:28 1996 Mark W. Eichin <eichin@kitten.gen.ma.us>
625 * v4rcp.c (answer_auth): use inet_aton only if we have it;
626 otherwise fake it with inet_addr.
627 * configure.in: check_func for inet_aton.
629 Tue Jul 2 19:37:52 1996 Mark Eichin <eichin@cygnus.com>
631 * krshd.c (envinit): clarified initializations, labeled all slot
632 reservations (SAVEENVPAD, KRBPAD, ADDRPAD are lists of zeroes.)
633 Move TZ to always be slot 5, even on the cray. Added space for the
634 local and remote addresses.
635 (doit): add a getsockname to save the correct local address for
636 the child. Set KRB5LOCALADDR and KRB5REMOTEADDR to literal IP
637 addresses since the child is on the wrong side of a pipe and can't
638 recover them directly.
639 * v4rcp.c (kstream): add common "writelen" field for the length of
641 (kstream_create_rcp_from_fd): initialze new fields.
642 (kstream_write): grab a big enough buffer (since this is called
643 with chunks that may correspond to the *filesystem* blocksize,
644 which is usually larger than BUFSIZ.) Also skip the first four
645 bytes of outbuf so that the encryption is done on an 8 byte
646 boundary (if malloc is correctly aligned, malloc+8 should also
648 (answer_auth): don't try to getpeername or getsockname, since
649 we're run under a pipe; just use KRB5LOCALADDR and KRB5REMOTEADDR
650 which are now provided by kshd (and fail if they are not present.)
651 This is safe because if they're wrong, it just means that the
652 mutual authentication will fail.
654 Thu Jun 27 23:32:41 1996 Mark Eichin <eichin@cygnus.com>
656 * Makefile.in (all, clean, install, v4rcp): add v4rcp installation
658 * krshd.c: if we got a V4 connection and the command is rcp, use
659 the v4rcp backend to handle encryption.
660 * v4rcp.c: based on Cygnus CNS V4 rcp, stripped down to eliminate
661 user commands (and truncated usage message.) Includes a fake
662 subset of the kstream interface that only handles "rcp -x" mode.
663 * v4rcp.M: new file, documents v4rcp support.
665 Sat Nov 9 10:49:36 1996 Sam Hartman <hartmans@mit.edu>
667 * login.c: Re-arrange to deal with compiling without krb4 support. [148]
669 Fri Nov 8 20:59:27 1996 Tom Yu <tlyu@mit.edu>
671 * login.c (k_init): Set up KRBTKFILE if converting krb5 tickets to
672 krb4 but not getting them via password.
674 Wed Nov 6 11:32:36 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
676 * login.c (destroy_tickets): Just use global kcontext instead
677 of creating a new krb5 context for no good reason.
683 * krcp.c(main): Check the error return from krb5_init_context(),
684 and print an error message if necessary.
686 Fri Nov 1 23:11:21 1996 Sam Hartman <hartmans@planet-zorp.MIT.EDU>
688 * login.c: print out system error if -1 returns.
689 (destroy_tickets): Destroy krb4 tickets if we are converting as
690 well as just for initial tickets.
692 Fri Nov 1 21:00:01 1996 Sam Hartman <hartmans@mit.edu>
694 * login.c: Have the this call must succeed comment before setuid,
695 not the AIX login uid setting.
697 Thu Oct 31 22:14:00 1996 Sam Hartman <hartmans@planet-zorp.MIT.EDU>
699 * krlogind.c (doit): Remove tab3 because it isn't very useful and
700 isn't always present.
702 Thu Oct 31 19:19:54 1996 Sam Hartman <hartmans@mit.edu>
704 * klogind.M kshd.M: document -r goes away [138]
706 * krshd.c (doit): Do not support rhosts authentication. This was
707 never used by any clients and the cruft in kcmd.c was creating
710 * krlogind.c (do_krb_login): Remove broken rhosts support. [138]
712 * kcmd.c: Remove ruserok and associated cruft along with killpg. [138]
714 Tue Oct 29 10:09:39 1996 Theodore Y. Ts'o <tytso@mit.edu>
716 * login.c: Make the defaults be to *not* to get Kerberos V4
717 tickets. There are currently bad interactions between
718 defaulting and the default Kerberos V4 realm (which is
719 still hard-coded to be ATHENA.MIT.EDU).
720 Also added some miscellaneous code cleanups.
722 Mon Oct 21 13:44:53 1996 Barry Jaspan <bjaspan@mit.edu>
724 * kcmd.c: don't retry (and waste 7 seconds) on ECONNREFUSED, just
725 fail immediately [krb5-appl/120]
727 Fri Oct 18 17:26:51 1996 Barry Jaspan <bjaspan@mit.edu>
729 * krsh.c, krlogin.c: don't print our own error message if kcmd
730 returns -1 (it always printed something in that case, and
731 error_message(-1) prints a mess [krb5-appl/70]
733 Mon Sep 30 17:15:14 1996 Sam Hartman <hartmans@mit.edu>
735 * login.c: Allow login -f to let you log in as root.
737 Mon Sep 30 16:22:48 1996 Sam Hartman <hartmans@tertius.mit.edu>
739 * login.c (stypeof): If TERM environment variable set, use it.
741 * krlogind.c (doit): Do not use login -E; no one supports it
742 besides login.krb5which also supports -f.
744 Sun Sep 29 20:49:47 1996 Sam Hartman <hartmans@mit.edu>
746 * login.c: Fix so it works with --without-krb4 option
748 Fri Sep 20 18:23:53 1996 Sam Hartman <hartmans@planet-zorp.MIT.EDU>
750 * login.c: Update so that we try to convert krb524 tickets after
751 we setuid(), and so that we don't hard fail if cache writeout
754 Fri Sep 20 17:35:22 1996 Sam Hartman <hartmans@mit.edu>
756 * login.c: Check to see if we got krb5 tickets at all times,
757 regardless of wether we are converting to krb4. This helps us
758 know when to kdestroy.
760 Wed Sep 11 17:27:02 1996 Barry Jaspan <bjaspan@mit.edu>
762 * login.c: fix a security-threating race condition: chown'ing the
763 ccache to the user can be bad if the user can delete the file
764 first and make it a symlink to something else. The solution is to
765 re-create the ccache after login as setuid() to the user.
767 Tue Sep 10 14:03:53 1996 Tom Yu <tlyu@mit.edu>
769 * klogind.M, kshd.M, login.M, rcp.M, rlogin.M, rsh.M: remove ".so
772 Fri Sep 6 13:22:46 1996 Theodore Y. Ts'o <tytso@mit.edu>
774 * login.M: Document that login_krb4_convert is off by default.
776 * login.c: Turn login_krb4_convert off by default, since it causes
777 problems if you don't have krb524d running on the KDC.
778 This is necessary because a Solaris socket bug causes
779 login to hang for 45 seconds if krb524d isn't present on
782 Mon Sep 2 12:03:53 1996 Sam Hartman <hartmans@mit.edu>
784 * krlogind.c rlogin.c (v5_des_write): Write out length plus
785 encrypted data as one packet; this reduces latency by one RTT for
786 interactive traffic with kernels that support schemes similar to
787 RFC896, and reduces the number of packets with most other TCP
790 Sat Aug 10 16:22:34 1996 Sam Hartman <hartmans@mit.edu>
792 * krcp.c (source): Cast stb.st_size to a long before printing it.
793 On NetBSD, it's a quad, so the following pointer is ignored and
794 all files look null. We could special case NetBSD, but casting is
795 somewhat cleaner if we aren't dealing with 2g+ files.
797 Mon Jun 24 09:48:11 1996 Theodore Ts'o <tytso@rsts-11.mit.edu>
799 * krsh.c (main): Fix typo so that krsh doesn't exit when using the
802 Fri Jun 21 21:12:52 1996 Sam Hartman <hartmans@mit.edu>
804 * configure.in : Make sure it works with the built-in libkrb4.a again.
806 Fri Jun 14 13:19:30 1996 Sam Hartman <hartmans@mit.edu>
808 * login.c: Add define to deal with krb_save_credentials possibly
809 being called save_credentials, and to define krb_get_err_text if
810 it is not defined by the krb4 library.
812 * configure.in : check for krb_save_credentials and krb_get_err_text
814 Thu Jun 13 14:24:50 1996 Sam Hartman <hartmans@mit.edu>
816 * krlogind.c (doit): If using vendor login, make sure output flags
820 Sat Jun 15 04:03:32 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
822 * configure.in: Cleanup of tests whose results are not longer used
823 with the pty library in place.
825 Mon Jun 3 21:26:34 1996 Tom Yu <tlyu@mit.edu>
827 * login.c: Ezra's patches to trim unsed arg from
828 verify_krb_v5_tgt, etc.
830 * Makefile.in,configure.in: allow compilation w/o krb4 (Ezra's
833 Sun May 19 15:22:06 1996 Sam Hartman <hartmans@mit.edu>
835 * login.c (destroy_tickets main): Use a secure context
837 Wed May 22 22:46:40 1996 Richard Basch <basch@lehman.com>
839 * login.c (k_init): Set the default KRB5CCNAME environment variable
840 consistently with other applications - FILE:/tmp/krb5cc_p<pid>
842 Thu May 9 00:09:14 1996 Richard Basch <basch@lehman.com>
844 * krlogind.c krshd.c:
845 Use the replay cache associated with the default server name
846 (rc_host*), like telnetd does.
848 Mon May 6 14:06:21 1996 Richard Basch <basch@lehman.com>
850 * login.c: SVR4 logins do not do motd or mailcheck normally; that
851 is a function of /etc/profile. login.krb should act the same...
853 Mon Apr 29 17:02:44 1996 Ken Raeburn <raeburn@cygnus.com>
855 Merge with Cygnus sources, changes from Mark Eichin, Marc
856 Horowitz, Chris Provenzano and me:
858 * Makefile.in (install): Install correct set of man pages, and
860 * kshd.M, klogind.M: Renamed from kr*.M versions.
861 * login.M: New file. Man page for login with some description of
864 * rlogin.M: Remove references to using program with target
866 * rsh.M: Ditto. Also document -f, -F, -x options.
868 * login.c: Massive changes. Split much functionality out of main
869 and into separate file sections: terminal flag settings, Kerberos
870 4 and 5 support, UNIX password support, mail check, signal handler
871 handling, some other support routines. Revamp controlling tty and
872 process group handling. For AFS configuration, use setpag and run
873 aklog. Try validating password using krb5. Always set tty flags,
874 not just for rlogin session. When validating tickets, treat an
875 existing key file that doesn't contain the key we think we want
876 (possibly because DNS was spoofed) as an error condition.
877 * Makefile.in (LOGINLIBS): List libkrb524.a here.
879 (login.krb5): Reverse the order of LIBOBJS and LOGINLIBS.
880 * configure.in: Check for --with-afs. Add AFS libs and define
883 * login.c (KRB5_GET_TICKETS, KRB4_GET_TICKETS, KRB_RUN_AKLOG): new
884 macros selecting single signon options. krb5.conf profile support
885 for control over authentication options, above the compile time
887 (conf_affirmative): new function, recognize yes/no in profile
889 (login_get_kconf): new function, look for all [login] flags and
890 set them in appropriate globals (via login_conf_set array.)
891 (main, sleepexit, destroy_tickets): Check the new login_* flags.
892 (main): rename KRB4_USE_524 to KRB4_CONVERT.
894 * configure.in: Added checks for tcsetpgrp, tcgetpgrp, setpgid.
895 * krlogind.c (control): Use tcgetpgrp if it's available.
897 * loginpaths.h (RPATH, LPATH, LPATH_root): Define HP/UX 9.04
898 versions, conditionalized on __hpux and !hpux.
900 * login.c and configure.in: instead of checking _IBMR2 and
901 __sgi__, write configure tests to check for the existence of
902 /etc/environment and /etc/TIMEZONE files, respectively.
904 * forward.c (rd_and_store_for_creds) : If chown fails then only
905 pass failure back if owner is different than intended owner. This
906 is to make rsh.exp test work without requiring root privlidges.
908 * login.c (main): Don't set TERM to an empty value.
909 (stypeof) [__hpux]: Return null if unknown.
911 * krlogin.c (catchild): remove hp/ux kludge because of aclocal.m4 fix.
912 (speeds): test __hpux for hpux speed list.
913 (main): test __hpux for use of FIOSSAIOSTAT and FIOSSAIOOWN
914 (USE_TERMIO): test __hpux for bsdtty/ptyio headers.
915 * krlogind.c: test __hpux for bsdtty/ptyio headers.
916 (doit): test __hpux for use of setpgrp2.
917 * krcp.c (main): test __hpux as well for remsh vs. rsh.
919 * krcp.c (des_write): Make sure the buffer for the encrypted data
920 is large enough. Only return an error in malloc fails.
922 * krsh.c (main): Always turn on anyport -A option.
924 * krlogind.c (ptsname): Declare if it's going to be used.
926 * krshd.c (main): Use basename of argv[0] for progname.
928 * login.c (dofork): On linux, TIOCNOTTY causes us to die on a
929 SIGHUP, so don't even try it.
931 Sun Apr 21 12:52:35 1996 Richard Basch <basch@lehman.com>
933 * krshd.c: If checksumming is required & ALWAYS_V5_KUSEROK is
934 defined, incorrect messages were being displayed for V4 clients.
935 Additionally, various errors were not being displayed with the
937 Also, one could not specify -c in inetd.conf, because of the
938 variable initialization; initialization has been corrected to
939 allow either checksumming or ignoring the checksum.
941 Sun Apr 21 00:30:28 1996 Sam Hartman <hartmans@mit.edu>
943 * krshd.c krlogind.c: Implement -i. Rewrite error message having
944 to do with checksums.
946 * krshd.Mkrlogind.M : Document -i, remove documentation about
947 taking options from name of daemon. Clean up checksum
950 * krlogind.c (do_krb_login): Fix up error messages for checksums.
951 Configuration errors are presented for situations where -c and -i
952 are used together, or where -4 and -c are used together.
954 Thu Apr 18 19:48:47 1996 Sam Hartman <hartmans@mit.edu>
956 * Makefile.in: Fix spaces by converting to tabs.
958 * krlogind.c: Take patches from Doug Engert <deengert@anl.gov> to
959 allow login to work with vendor logins. Also, fix packet-mode
960 bug; we have some hope of working on non-Solaris streams pty code.
963 Wed Apr 17 13:46:57 1996 Theodore Y. Ts'o <tytso@mit.edu>
965 * configure.in (LOGINLIBS): Remove DECLARE_SYS_ERRLIST since it's
968 * krcp.c (verifydir, allocbuf, rsource, source, sink): Don't use
969 sys_errlist[]; just call error_message() instead, since we
970 depend on com_err anyway.
972 * krshd.c (recvauth):
973 * krlogind.c (recvauth): Don't actually check the checksum unless
974 it is required. Old (pre-beta 5) clients sent a checksum
975 of random garbage (such as their pid) which is impossible to
976 actually check on the server side. (Grad student stupidity
978 (fatalperror): Don't use sys_errlist[] to get the right
979 error message; just depend on com_err instead, since we're
983 * krlogind.c (do_krb_login): Fix logic so that if checksums are
984 required, and the checksum is valid, don't syslog the
985 stupid warning message about "Checksums are only required
988 * krcp.c, krshd.c, krlogind.c: Miscellaneous -Wall cleanups
990 * krlogind.c (getpty): Removed dead code.
993 Tue Apr 16 11:33:33 1996 Sam Hartman <hartmans@mit.edu>
995 * krlogind.c kshd.c (main): Drop support for handling options in
998 Sun Apr 14 03:41:49 1996 Sam Hartman <hartmans@zygorthian-space-raiders.MIT.EDU>
1000 * krlogind.c (fatalperror): Only declar sys_errlist if needed.
1003 Sat Apr 13 17:47:36 1996 Sam Hartman <hartmans@mit.edu>
1005 * krshd.c (doit): Use setsid instead of setpgrp if you have it.
1006 Note this doesn't work for Ultrix.
1008 * krlogind.c (doit): Don't call setpgrp or setsid; let pty library do
1011 Fri Apr 12 23:38:25 1996 Richard Basch <basch@lehman.com>
1013 * krlogind.c (cleanup): Destroy any forwarded credentials at the
1014 end of the login session (they were placed in an unusual location
1015 anyway, so the chance that someone will be trying to reuse those
1016 credentials is minimal)
1018 Thu Apr 11 00:22:51 1996 Richard Basch <basch@lehman.com>
1020 * kcmd.c: Cleaned up whitespace and removed commented & unused cruft
1022 * krlogind.c, krshd.c: Allow the recvauth routine to find any key
1023 in the keytab for which the user is trying to login. The host may
1024 be known as many names. Additionally, for krlogind, clean up the
1025 error handling for bad authentication (potential null dereference
1026 and a misleading message because of the wrong authentication system
1029 Sun Apr 7 22:46:07 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
1031 * krshd.c: Add an option -L to pass certain environment variables
1034 Wed Apr 3 17:09:19 1996 Richard Basch <basch@lehman.com>
1036 * krlogind.c: Under Solaris, when the connection pipe goes away,
1037 zero bytes are returned. Since we are using blocking
1038 read calls, and the net_read function deals with
1039 interrupted/resumed reads, consider zero bytes to be
1040 be a terminated connection, so as not to spin.
1042 Mon Apr 1 10:12:44 1996 Richard Basch <basch@lehman.com>
1044 * loginpaths.h: Leading/trailing colons should not be there based
1045 on the variable usage in the code. Also, the tests for Solaris
1048 Fri Mar 29 16:22:18 1996 Richard Basch <basch@lehman.com>
1050 * kcmd.c, krlogin.c, krsh.c, krcp.c:
1051 Allow for a proxy forwarder to be specified
1053 Sat Mar 23 17:20:00 1996 Sam Hartman <hartmans@tertius.mit.edu>
1055 * krcp.c (des_write): Use krb5_net_write instead of write, because
1056 most parts of rcp that call this code ignore the return value and
1057 we want to reblock properly.
1059 * krshd.c (doit): Don't use non-blocking IO; it is unnecessary and
1062 Fri Mar 22 13:27:40 1996 Richard Basch <basch@lehman.com>
1064 * krshd.c: use the library routines to do v4 to v5
1065 principal translation, for a more accurate representation.
1067 Wed Mar 20 19:36:21 1996 Richard Basch <basch@lehman.com>
1069 * krlogind.c: use the library routines to do v4 to v5
1070 principal translation, for a more accurate representation.
1072 Tue Mar 19 20:11:28 1996 Richard Basch <basch@lehman.com>
1074 * kcmd.c (ruserok): declare the function as taking const char *
1075 instead of char * (Solaris 2.5 refuses to compile it, otherwise).
1077 Tue Mar 12 23:42:50 1996 Ken Raeburn <raeburn@cygnus.com>
1079 * configure.in: Use AC_HEADER_STDARG.
1081 Tue Mar 12 17:52:08 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
1083 * krshd.c (doit): For encrypted rcp, fix logic in determining
1086 Mon Feb 26 03:28:44 1996 Sam Hartman <hartmans@tertius.mit.edu>
1088 * configure.in: call USE_ANAME.
1090 Sun Feb 25 18:50:45 1996 Sam Hartman <hartmans@tertius.mit.edu>
1092 * krlogind.c (v5_des_read): Fix server side of bug in detecing eof
1093 on the network connection. Same as client change: v5_des_read
1094 needs to return 0 if read returns <= 0, notjust a strict
1097 Mon Feb 12 22:41:06 1996 Theodore Y. Ts'o <tytso@dcl>
1099 * kcmd.c (kcmd): Fix lint flame (added missing cast).
1101 Fri Feb 9 21:43:50 1996 Sam Hartman <hartmans@hartman.mit.edu>
1103 * krsh.c (main): Only print secure_message if encrypt_flag set.
1105 Fri Feb 9 20:18:48 1996 <hartmans@mit.edu>
1107 * krlogind.c (recvauth): Fix v4 incompatability created by
1108 checksum code; if using v4, don't try to verify a v5 checksum.
1110 Fri Feb 2 16:10:56 1996 Sam Hartman <hartmans@tertius.mit.edu>
1112 * configure.in (save_path): Look for "ucb" varients in
1113 /usr/athena/bin if --enable-athena specified.
1115 * krsh.c krlogin.c krcp.c (try_normal): If --enable-athena, don't
1116 quit just because we are encrypted.
1118 Thu Feb 1 00:09:13 1996 Sam Hartman <hartmans@tertius.mit.edu>
1122 * krcp.c (des_write): If rcp tries to write to stdin, redirect it
1123 to stdout. That way it works with pipes; the right thing is for
1124 rcp to not try and do this, but introducing remread and remwrite
1125 as variables is significantly more work for only slightly better
1127 (main): Use rsh encryption; not user-to-user. Note that we still
1128 support the answer_auth mechanism for incoming connections
1129 so older clients work, but this is depricated.
1130 (send_auth): expunged with pleasure; answer_auth should go in a
1133 Wed Jan 31 16:24:50 1996 Sam Hartman <hartmans@tertius.mit.edu>
1135 * krsh.c (main): Print SECURE_MESSAGE when appropriate.
1137 * krshd.c (doit): Fork and handle pipes either if stderr signal
1138 processing is enabled *or* encryption is enabled. Rsh always
1139 enables stderr, but rcp won't.
1140 (SECURE_MESSAGE): Moving to client where it belongs, so the stderr
1141 channel doesn't get corrupted for rcp. Besides, the client can
1142 determine if it is talking to a tty and only print this message to
1145 * krlogind.c (recvauth): Pas ccache to rd_and_store_for_creds
1147 * krshd.c (recvauth): Pass address of ccache to rd_and_store_for_creds
1148 (ccache): new global variable.
1149 (cleanup): Destroy ccache if we have one.
1150 (doit): Destroy cache on normal terination.
1152 * forward.c (rd_and_store_for_creds): Take a pointer to a ccache;
1153 we should provide the caller with a way of destroying forwarded
1156 Tue Jan 30 17:56:49 1996 Sam Hartman <hartmans@tertius.mit.edu>
1158 * krshd.c (envinit): Expand to have space KRB5_CCNAME
1159 (doit): Put krb5_ccname at the end of envinit; this is
1160 handled differently that other variables, because TZ may or may not
1161 beset, so our position cannot be fixed.
1164 Sat Jan 27 18:40:31 1996 Sam Hartman <hartmans@tertius.mit.edu>
1166 * kcmd.c (kcmd): We no longer need F_SETOWN as nothing in appl/bsd
1167 handles oob data with signals any more.
1169 Fri Jan 26 00:37:23 1996 Sam Hartman <hartmans@tertius.mit.edu>
1171 * krlogin.c (reader): Deal with exceptions even while writing.
1172 (reader): Fix bogus select bug; actually select on writing
1174 Wed Jan 24 00:34:42 1996 Sam Hartman <hartmans@tertius.mit.edu>
1176 * krlogind.M krshd.M: Update to document new options.
1178 * Makefile.in (install): Install as kshd and klogind not krshd and
1181 * krshd.c (main): Use krlogind-style options (-54kce)
1183 * krlogind.c (main): Change option parsing to support new format.
1184 (do_krb_login): Use auth_ok and auth_sent masks instead of passed_*
1186 Tue Jan 23 18:10:55 1996 Sam Hartman <hartmans@tertius.mit.edu>
1188 * krshd.c (recvauth): Use the correct username in strlen call for
1189 allocating chksumbuf.
1191 * krlogind.c (recvauth): Code to copy checksum verification code.
1194 Mon Jan 22 15:14:11 1996 Sam Hartman <hartmans@tertius.mit.edu>
1196 * krshd.c (recvauth): Update to expect port in checksum.
1198 * kcmd.c (kcmd): Include port in string of checksumed data to
1199 distinguish between encrypted and unencrypted rlogin.
1202 Mon Jan 22 18:14:05 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
1204 * krcp.c: Use KRB5_STDARG_P.
1206 * configure.in: Add KRB5_CHECK_PROTOS for prototyps definitions.
1209 Fri Jan 19 10:45:29 1996 Sam Hartman <hartmans@tertius.mit.edu>
1211 * krshd.c (recvauth): Verify checksum against command line and
1213 (recvauth): Fix accidental memory leak with authenticator and fix
1214 include correct username in checksum
1216 * kcmd.c: Send authenticator with checksum of command line and
1219 * krlogin.c (des_read): Return 0 or -1 on close/error respectively.
1221 Wed Jan 17 15:14:33 1996 Sam Hartman <hartmans@tertius.mit.edu>
1223 * krlogin.c (reader): Use select to find out-of-band data, not signals.
1224 (oob): No longer a signal handler; just a function.
1225 (writer): get rid of copytochild setup as sigurg no longer needed
1226 (main): Don't block SIGURG
1227 * configure.in : Include sys/time.h check
1229 Mon Jan 15 16:16:07 1996 Sam Hartman <hartmans@tertius.mit.edu>
1231 * login.c (main): ttyslot usable here as well
1233 * krlogind.c (doit): update_utmp can use ttyslot.
1235 Thu Jan 11 12:40:08 1996 Ezra Peisach (epeisach@paris)
1237 * krsh.c, krlogin.c: (main): Ultrix cc does not support automatic
1238 aggregate initiailzation of structures.
1240 Thu Jan 11 11:27:04 1996 Ezra Peisach <epeisach@kangaroo.mit.edu>
1242 * krcp.c (error): Convert to use varargs.
1244 * configure.in: Check for stdarg.h
1246 Wed Jan 10 21:26:20 1996 Theodore Y. Ts'o <tytso@dcl>
1248 * kcmd.c (getport): Clear the sin structure to be zero. (From
1251 * krsh.c (main): Added code to default port to 544 if service not
1252 found. (From Doug Engert.)
1254 * krlogin.c (main): Added code to default port to 543 or 2105 if
1255 service not found. (From Doug Engert.)
1257 * login.c (main): Save KRB5CCNAME environment variable, which may
1258 have been set by forward.c. Add code for SGI to set
1259 environment for its /etc/TIMEZONE (untested). Don't print
1260 MOTD twice on Suns, added #ifdef NO_MOTD. (Patches from
1263 * kcmd.c: Removed extern global of krb5_kdc_req_sumtype, which
1264 wasn't being used anyway.
1266 Tue Jan 9 22:51:16 1996 Theodore Y. Ts'o <tytso@dcl>
1268 * forward.c (get_for_creds): Removed no longer used function.
1270 * kcmd.c (kcmd): Convert from using get_for_creds() from forward.c
1271 to using the official library routine, krb5_fwd_tgt_creds().
1273 Fri Dec 22 17:42:11 1995 Theodore Y. Ts'o <tytso@dcl>
1275 * login.c (main): If HAVE_SHADOW is defined, and no shadow
1276 password entry is availble, try using the password entry
1277 in the password file.
1279 Tue Dec 19 17:11:37 1995 Theodore Y. Ts'o <tytso@dcl>
1281 * kcmd.c: Also include unistd.h, if it's available.
1283 Tue Dec 5 20:44:39 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
1285 * configure.in: Use krb5util library.
1287 * login.c (main): Change two-argument call to syslog to three
1288 arguments to handle screw cases in hostnames.
1290 Fri Dec 1 17:25:02 1995 Theodore Y. Ts'o <tytso@dcl>
1292 * login.c (main, dofork): Applied patch from Scott Schwartz
1293 <schwartz@galapagos.cse.psu.edu>
1295 Under SunOS, and maybe other systems, there is a a problem
1296 with krlogind.c and a similar problem with login.c as
1297 distributed with K5.5.
1299 The bug is that rlogind forks a child but retains a
1300 controlling tty. If the child is in the same process
1301 group as the parent, which is will if you don't use a job
1302 control shell (chsh /bin/rc), keyboard signals will kill
1303 the daemon. telnetd dissociates itself properly, but then
1304 login.krb5 waits for the shell to finish, but login.krb5
1305 has the same ctty as the shell and is in the same process
1306 group, so it has the same problem.
1308 In BSD you used to be able to give up your ctty at will,
1309 but SunOS seems to have setsid as the only mechanism to
1310 perform that action, and setsid can only succeed in
1311 limited circumstances. Rlogind ought to be fixed to
1312 behave more like telnetd, but independent of that,
1313 login.krb5 needs to be patched if kerberos is to work
1314 properly under SunOS.
1316 Sun Nov 12 12:39:23 1995 Sam Hartman <hartmans@tertius.mit.edu>
1318 * krlogind.c (doit): Clear iextn for NetBSD and other 4.4-based
1319 systems so that ctrl-o isn't special.
1321 Sat Oct 21 17:33:37 1995 Sam Hartman <hartmans@tertius.mit.edu>
1323 * login.c (main): Don't set LOGNAME twice.
1325 Sun Nov 12 04:44:50 1995 Mark W. Eichin <eichin@cygnus.com>
1327 * krshd.c (doit): drag TZ= from parent environment into envinit to
1329 (envinit, TZENV): add one more slot for optional TZ, and mark it.
1331 Thu Nov 2 16:16:47 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
1333 * krlogin.c, krcp.c, krsh.c (main): If invoked with -D port, do
1334 not die if entry is missing from /etc/services.
1336 Mon Oct 16 17:27:43 1995 Sam Hartman <hartmans@tertius.mit.edu>
1338 * login.c (main): Don't print warning about no tickets obtained if
1339 we didn't ask for a password. Also, define LOGNAME for so sysvish
1340 systems are happy. Patch from ramus@nersc.gov.
1342 Wed Sep 06 14:20:57 1995 Chris Provenzano (proven@mit.edu)
1344 * krcp.c, krlogin.c, krlogind.c, krsh.c, krshd.c :
1345 s/keytype/enctype/g, s/KEYTYPE/ENCTYPE/g
1347 Sun Aug 27 15:35:04 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
1349 * rlogin.M: Document -f and -F options.
1351 Mon Aug 7 17:32:29 1995 Sam Hartman <hartmans@tertius.mit.edu>
1353 * krlogind.c: Close the write side of the syncpipe in the parent
1354 so we get SIGPIPE if child dies.
1356 * login.c (main): Use new interface to pty_update_utmp
1358 * configure.in (LOGINLIBS): Check for utmp.h and utmpx.h.
1360 * krlogind.c (doit): Use new format for pty_update_utmp
1361 * Include utmp.h because libpty.h no longer does.
1363 Fri Aug 4 00:50:41 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU>
1365 * krlogind.c: don't include utmp.h, since libty.h grabs it.
1367 Wed Aug 2 13:06:02 1995 Sam Hartman <hartmans@tertius.mit.edu>
1369 * krlogind.c (main): call pty_init()call pty_init()
1371 Tue Aug 1 08:43:22 1995 Sam Hartman <hartmans@tertius.mit.edu>
1373 * Makefile.in : Remove references to logutil.c and logutil.o
1376 * krshd.c (doit): Replace logwtmp with pty_logwtmp
1378 * login.c (main): use pty_update_utmp not update_utmp
1380 * logutil.c: Removed because all its functionality is incorperated
1383 * krlogind.c (doit): Pass length of line to pty_getpty
1385 Mon Jul 31 17:07:59 1995 Sam Hartman <hartmans@tertius.mit.edu>
1387 * login.c (main): Don't call TIOCSETD under Posix.
1388 * Include iexten in terminal flags.
1391 * krlogin.c: Don't include termio.h here either.
1393 * login.c: Remove special casing of AIX to include termio.h; it
1394 breaks almost all terminal handling, because it's the
1395 compatibility file for applications written for the RT. Instead,
1396 just define CNUL if not already defined by ttychars.h
1399 Sat Jul 29 04:37:33 1995 Tom Yu <tlyu@dragons-lair.MIT.EDU>
1401 * configure.in: Don't link with -lkadm
1404 Fri Jul 28 16:49:02 1995 Sam Hartman <hartmans@tertius.mit.edu>
1406 * Makefile.in (LOCAL_LIBRARIES): include -lpty; also included in
1409 * krlogind.c (doit): Use pipe for synchronization so pty can be
1410 opened in slave. Use libpty for pty handling.
1411 (cleanup): Use pty_cleanup to do most work.
1413 Thu Jul 27 15:02:03 EDT 1995 Paul Park (pjpark@mit.edu)
1414 * krshd.c - Check for interrupted select. Should fix bug #1555.
1417 Thu Jul 13 17:49:54 1995 Sam Hartman <hartmans@tertius.mit.edu>
1419 * configure.in : Short circuit the streams test for AIX to false
1420 because AIX strops.h trashes definition of _IO from sys/ioctl.h.
1421 I think this is fixed in AIX4, so the test is only bypassed for
1424 Tue Jul 11 12:50:16 1995 Sam Hartman <hartmans@tertius.mit.edu>
1426 * krlogind.c (getpty): Use ptsname before ttyname; it has a higher
1427 chance of doing what we want.
1429 Fri Jul 7 15:40:42 EDT 1995 Paul Park (pjpark@mit.edu)
1430 * Makefile.in - Remove all explcitit library handling.
1431 * configure.in - Add USE_<mumble> and KRB5_LIBRARIES.
1433 Wed Jul 5 20:03:37 1995 Theodore Y. Ts'o (tytso@dcl)
1435 * krcp.c, krlogin.c, krlogind.c, krshd.c, login.c: Remove
1436 declaration of errno altoghether. "extern int errno;" is
1439 * login.c (main): Don't use the TIOCLSET ioctl unless we're not
1440 using POSIX_TERMIOS. Don't just blindly set the file
1441 status flags to 0. Instead, do a fcntl(0, F_GETFL), and
1442 then reset the nonblocking flags.
1444 Sun Jul 2 19:48:27 1995 Sam Hartman <hartmans@tertius.mit.edu>
1446 * krcp.c: make errno extern
1448 * krshd.c: errno should be extern so it doesn't mask the libc
1451 Tue Jun 27 23:50:56 1995 Tom Yu (tlyu@dragons-lair)
1453 * krlogin.c: don't redeclare noltc, defltc if we happen to have
1454 TIOCGLTC in addition to POSIX_TERMIOS
1456 Tue Jun 27 16:18:49 EDT 1995 Paul Park (pjpark@mit.edu)
1457 * configure.in - When checking number/type of arguments to {get,set}pgrp
1458 attempt to set __STDC__ in a vain attempt to ensure that we
1459 get function prototype checking turned on. OSF/1's native
1460 compiler didn't really care what's passed as arguments unless
1462 * krcp.c - Change usage of BUFSIZ to RCP_BUFSIZ. Remove & from in
1463 front of array. It's redundant.
1464 * krlogin.c - Change usage of BUFSIZ to RLOGIN_BUFSIZ. Add signal
1465 name parameter to signal handlers to conform to prototype.
1466 * krlogind.c - Change usage of BUFSIZ to RLOGIND_BUFSIZ. Cast 4th
1467 argument to setsockopt(2) to be const char *.
1468 * krsh.c - Change usage of BUFSIZ to RSH_BUFSIZ. Cast 4th argument
1469 to setsockopt(2) to be const char *.
1470 * krshd.c - Change usage of BUFSIZ to RSHD_BUFSIZ.
1472 Thu Jun 22 14:36:46 1995 Theodore Y. Ts'o <tytso@dcl>
1474 * configure.in: Change AC_HAVE_HEADERS with AC_CHECK_HEADERS, and
1475 check for string.h as well.
1477 * krsh.c: Don't include ext-proto.h; move the #include of the
1478 header files which we actually needed into krsh.c, using
1479 the autoconf standard define's.
1481 Wed Jun 21 17:29:27 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
1483 * login.c: Change RETSIGTYPE to krb5_sigtype to be consistant.
1485 * configure.in (LOGINLIBS): Add KRB5_SIGTYPE to declare krb5_sigtype.
1487 Tue Jun 20 13:00:25 1995 Tom Yu (tlyu@dragons-lair)
1489 * krlogin.c: HAS_STDLIB_H -> HAVE_STDLIB_H
1491 Mon Jun 19 13:34:23 EDT 1995 Paul Park (pjpark@mit.edu)
1492 * login.c - Change setluid call to check for luid and then set it if
1493 it fails, also make this logic conditional under HAVE_SETLUID.
1494 * configure.in - For OSF/1 systems where libsecurity is present, set
1495 HAVE_SETLUID. We'll need to determine similar tests for other
1496 extended security systems that we are to support in the future.
1499 Thu Jun 15 17:32:20 EDT 1995 Paul Park (pjpark@mit.edu)
1500 * Makefile.in - Change explicit library names to -l<lib> form, and
1501 change target link line to use $(LD) and associated flags.
1502 Also, remove DBMLIB, it was not used. Also, for K4, use
1503 KRB4_LIB and KRB4_CRYPTO_LIB, these were
1505 * configure.in - Remove dbm library checks, these are no longer needed
1506 with the Berkeley database code. Also, add shared library
1509 Sat Jun 10 22:56:10 1995 Tom Yu (tlyu@dragons-lair)
1511 * forward.c, kcmd.c, krcp.c, krlogind.c, krshd.c:
1512 krb5_auth_context redefinitions
1514 Fri Jun 9 18:26:30 1995 <tytso@rsx-11.mit.edu>
1516 * configure.in: Remove standardized set of autoconf macros, which
1517 are now handled by CONFIG_RULES.
1519 Wed May 31 17:16:44 1995 Tom Yu (tlyu@dragons-lair)
1521 * loginpaths.h: #ifdef ultrix => #ifdef __ultrix
1523 Sun May 21 16:36:39 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
1525 * loginpaths.h: Add NetBSD paths.
1527 * login.c: Define TAB3 to 0 if non existant
1529 * krlogin.c (mode): ifdef code based on TABDLY existing on
1530 machine. (netbsd lacks this).
1532 * krcp.c: Declare sys_errlist only if needed by the OS.
1534 * configure.in: Add DECLARE_SYS_ERRLIST
1535 Check for libcrypt defining the function crypt
1537 Mon May 15 10:43:30 1995 <tytso@rsx-11.mit.edu>
1539 * login.c (main): Only try to use TIOCSETD if it is defined
1540 (instead of relying on _IBMR2 *not* being defined).
1542 Only try to use TIOCNXCL if it is defined.
1544 * krcp.c: If setreuid() is emulated using setresuid(),
1545 #define HAVE_SETREUID so it gets used.
1547 Sat May 13 08:59:38 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
1549 * krshd.c (recvauth): Use krb5_auth_con_genaddrs to set the port
1550 on the connection so that credential forwarding works.
1552 Tue May 9 08:17:18 1995 Ezra Peisach (epeisach@kangaroo.mit.edu)
1554 * krshd.c (main): Cast a sockaddr_in * to sockaddr * in call to
1557 * kcmd.c: Add <stdlib.h>
1559 * krcp.c: Add <stdlib.h>.
1561 Sat May 6 18:12:37 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
1563 * krcp.c (answer_auth): Added const declaration to filenames.
1565 Fri May 05 09:16:16 1995 Chris Provenzano (proven@mit.edu)
1567 * krcp.c (answer_auth()): Requires two new args that are passed
1568 from the command line. The first -c is to pass the filename
1569 of the remote credential cache. The second -C is to pass
1570 the filename of the remote krb5.conf file.
1572 Thu May 04 23:53:23 1995 Chris Provenzano (proven@mit.edu)
1574 * krcp.c (answer_auth()): Don't destroy the credential cache.
1576 Wed May 03 20:10:39 1995 Chris Provenzano (proven@mit.edu)
1578 * krcp.c (answer_auth()): Set auth_context = NULL before using it.
1580 Wed May 03 03:30:51 1995 Chris Provenzano (proven@mit.edu)
1582 * krlogind.c, krshd.c: (krb5_compat_recvauth()):
1583 No longer needs the rc_type arg.
1585 Tue May 2 22:12:39 1995 Theodore Y. Ts'o (tytso@dcl)
1587 * krcp.c (main): Don't try to play uid swapping games if the
1588 effective uid is not zero.
1590 * kcmd.c (kcmd): Bug fix to jik's bug fix. (Caused by our code
1591 drift since jik's changes went in, and not sufficiently
1592 careful checking of jik's patches before applying it.)
1594 Mon May 01 15:56:32 1995 Chris Provenzano
1596 * kcmd.c (kcmd()): Bug fixes from jik.
1598 * krlogind.c (recvauth()): Changes to auth_context to better
1599 support full addresses, for rd_cred() and friends.
1601 Sat Apr 29 01:26:06 1995 Theodore Y. Ts'o <tytso@dcl>
1603 * Makefile.in (login.krb5): Link the libraries twice due to
1604 circular dependency in the libraries. (read_password in
1605 libdes425.a depends on krb5_read_password in libkrb5.a)
1607 Fri Apr 28 20:33:06 1995 Theodore Y. Ts'o <tytso@dcl>
1609 * login.c (main): Don't use setreuid() to play games with the real
1610 uid, since not all systems have setreuid(). This method
1611 of communicating to in_tkt what the correct owner of the
1612 ticket file is completely broken, anyway. We skip the
1613 setreuid() entirely, and then chown the ticket file to the
1614 correct owner and group afterwards.
1616 Fri Apr 28 17:59:19 1995 Mark Eichin <eichin@cygnus.com>
1618 * Makefile.in (KLIB): include KRB4_LIB directly, to satisfy both
1619 versions of the dependencies.
1621 Fri Apr 28 16:55:14 EDT 1995 Paul Park (pjpark@mit.edu)
1622 * Makefile.in - change position of KRB4_LIB for krshd and krlogind
1623 so that it links correctly for both --with-krb4
1624 and --with-krb4=/usr/athena.
1626 Fri Apr 28 16:12:57 1995 Mark Eichin <eichin@cygnus.com>
1628 * configure.in (PATH): use internal AC_PROG_ECHO_N because change
1629 in path might change behavior of echo (example: solaris, native
1630 shell, with GNU echo (-n) in user path, but only Solaris echo (\c)
1633 Fri Apr 28 07:52:45 1995 Theodore Y. Ts'o <tytso@lurch.mit.edu>
1635 * login.c: Lots of lint cleanup; declare functions before they
1636 are used, add appropriate return types (int or void)
1637 to functions as necessary, etc.
1639 Thu Apr 27 21:44:17 1995 Ezra Peisach (epeisach@kangaroo.mit.edu)
1641 * login.c: Remove definition of krb_err_txt. krb.h defines it.
1643 Thu Apr 27 17:41:06 1995 Mark Eichin <eichin@cygnus.com>
1645 * Makefile.in (krshd, login.krb5, krlogind): KRB4_LIB needs to
1646 appear before KLIB since it uses des425.
1648 Thu Apr 27 14:36:54 1995 Mark Eichin <eichin@cygnus.com>
1650 * Makefile.in (LOCALINCLUDE): get kerberosIV headers for login.c
1651 (login.krb): link against krb4 libs.
1652 * configure.in: check AC_CONST so it works.
1654 Thu Apr 27 13:54:21 1995 Mark Eichin <eichin@cygnus.com>
1656 * configure.in: use WITH_KRB4 as-is.
1657 * Makefile.in (krshd, krlogind): use KRB4_LIB directly.
1659 Thu Apr 27 01:09:19 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
1661 * krcp.c (answer_auth): Should not call krb5_cc_close after
1662 krb5_cc_destroy. (encrypted rcp failed).
1664 * krlogind.c (main): -S option was not getting a keytab. (passing
1665 a char * to krb5_compat_recvauth).
1667 * krshd.c (recvauth): extract the client principal from ticket
1668 before calling krb5_kuserok on a NULL principal.
1669 (main): -S option was not getting a keytab (passing a char *).
1671 * krcp.c: (main): Missing htons on port number when specified on
1674 Wed Apr 26 21:09:34 1995 Chris Provenzano (proven@mit.edu)
1676 * kcmd.c (kcmd()) : Don't use hp->h_name use host_save instead.
1678 Wed Apr 26 17:43:08 1995 Mark Eichin <eichin@cygnus.com>
1680 * logutil.c (EMPTY): linux has UT_UNKNOWN, not EMPTY.
1682 Wed Apr 26 09:41:35 1995 Ezra Peisach <epeisach@kangaroo.mit.edu>
1684 * krlogind.c (main): LOG_AUTH in openlog arguments in wrong place.
1685 (recvauth): Do not copy principal on a V4 request. The
1686 ticket portion is not set by krb5_compat_recvauth for these.
1688 * configure.in: Check for libutil. Under OSF/1, logwtmp is stored
1691 Wed Apr 26 07:19:18 1995 Chris Provenzano (proven@mit.edu)
1693 * krlogind.c (doit()) : If TIOCOTTY is defined unset the
1694 controlling tty before setting it to another tty.
1696 Tue Apr 25 21:23:28 1995 Chris Provenzano (proven@mit.edu)
1698 * forward.c (rd_and_store_for_creds()) : Rewritten to use
1699 auth_context and the new krb5_rd_creds().
1700 * forward.c (get_for_creds()) : New function replacing
1701 krb5_get_for_creds() and uses auth_context and new
1702 krb5_mk_creds() routine.
1703 * kcmd.c (kcmd()): Use new get_for_creds() routine.
1704 * krlogind.c (recvauth()): Use new rd_and_store_for_creds() routine.
1706 Sat Apr 22 00:42:22 1995 Theodore Y. Ts'o (tytso@dcl)
1708 * rlogind (main, doit): The variable krb5_override_default_realm
1709 is obsolete. Use the krb5_set_default_realm function instead.
1711 * krshd.c (main, doit): The variable krb5_override_default_realm
1712 is obsolete. Use the krb5_set_default_realm function instead.
1714 Fri Apr 21 21:11:17 1995 Theodore Y. Ts'o (tytso@dcl)
1716 * krshd.c: Add #include for <sys/stat.h>, which is now needed.
1718 Fri Apr 21 17:18:57 1995 Mark Eichin <eichin@cygnus.com>
1720 rlogin testing changes from ian@cygnus.com.
1722 Fri Apr 21 17:13:48 1995 Mark Eichin <eichin@cygnus.com>
1724 More changes from ian@cygnus.com to support testing.
1726 Fri Apr 21 14:07:15 1995 Mark Eichin <eichin@cygnus.com>
1728 Added Ian's changes with minor tweaks. These are used by the testsuite.
1730 Fri Apr 07 15:46:54 1995 Chris Provenzano (proven@mit.edu)
1732 * configure.in, krlogind.c, krsh.c, krshd.c, login.c, logutil.c.
1733 A bunch of patches from Ezra to get BSD to work on
1734 The Alpha that looked reasonable.
1736 Mon Mar 27 07:56:26 1995 Chris Provenzano (proven@mit.edu)
1738 * krcp.c (send_auth()): Use new calling convention for krb5_rd_req().
1740 * krshd.c (recvauth()): Use new calling convention for
1741 krb5_compat_recvauth().
1743 * krlogind.c (recvauth()): Use new calling convention for
1744 krb5_compat_recvauth().
1746 Fri Mar 24 15:04:25 1995 Ian Lance Taylor <ian@cygnus.com>
1748 * krlogind.c (srvtab): New global variable.
1749 (krb5_override_default_realm): Declare.
1750 (ARGSTR): Add "S:M:L:" to Kerberos version.
1751 (login_program): New global variable.
1752 (main): Handle -S, -M, and -L arguments. Call SO_REUSEADDR on
1753 socket if debug_port set.
1754 (doit): Use login_program instead of LOGIN_PROGRAM.
1755 (recvauth): Pass srvtab to krb5_compat_recvauth.
1756 * krlogind.M: Document -S, -M, and -L.
1758 Fri Mar 24 15:04:25 1995 Ian Lance Taylor <ian@cygnus.com>
1760 * krcp.c (forcenet): New global vraiable.
1761 (main): Accept -D and -N arguments. Pass Kerberos realm to remote
1763 (hosteq): If -N specified, always return 0.
1764 * rcp.M: Document -D and -N.
1765 * krshd.c (ARGSTR): Add "P:" to KERBEROS version.
1766 (kprogdir): New global variable.
1768 (path): Remove global variable.
1769 (path_rest): Remove explicit size.
1770 (envinit): Use 0 instead of path.
1772 (doit): Use kprogdir variable instead of KPROGDIR macro when
1773 setting path. Build path in allocated memory rather than using a
1774 fixed size array. If the command starts with "rcp ", force use of
1775 kprogdir/rcp if it exists.
1776 * krshd.M: Document -P.
1778 Thu Mar 23 18:18:31 1995 Ian Lance Taylor <ian@cygnus.com>
1780 * krshd.c (ARGSTR): Add S:M:A to KERBEROS version.
1781 (srvtab): New global variable.
1782 (krb5_override_default_realm): Declare.
1783 (main): Handle -S, -M and -A arguments. Call SO_REUSEADDR on
1784 socket if debug_port set.
1785 (doit): If -A used, allocate a random port for the stderr stream,
1786 rather than allocating a reserved port. Don't call initgroups if
1787 not changing the uid.
1788 (recvauth): Pass srvtab to krb5_compat_recvauth.
1789 * krshd.M: Document -S, -M, and -A.
1790 * krsh.c (main): Accept -A, and pass it to kcmd.
1791 * rsh.M: Document -A.
1792 * kcmd.c (kcmd): Add new argument anyport. If it is set, permit
1793 any port for the stderr stream, rather than requiring a reserved
1794 port. Initialize ret_cred to NULL.
1795 * krcp.c (main): Pass 0 for anyport to kcmd.
1796 * krlogin.c (main): Pass 0 for anyport to kcmd.
1798 Thu Mar 23 23:23:25 1995 Theodore Y. Ts'o <tytso@dcl>
1800 * Makefile.in (krshd): Move $(K4LIB) after $(KLIB) so that if
1801 we're using des425, the V5 crypto library can be picked up.
1803 * configure.in: Use the correct path to find libdes425
1805 Thu Mar 23 20:22:57 1995 Mark Eichin <eichin@cygnus.com>
1807 * logutil.c (update_wtmp): initialize ut from ent the way the V4
1808 code did. Appears to handle SunOS case (when nearly all of the
1809 ifdef's are off) correctly now.
1811 Tue Mar 14 16:08:08 1995 <tytso@rsx-11.mit.edu>
1813 * Makefile.in, configure.in: Use the libdes425 library so that the
1814 DES code doesn't get dragged in twice.
1816 * krlogind.c: Include <sys/time.h> so that Linux can get the
1819 * kcmd.c (kcmd): Close the credentials cache when you're done with
1822 * krlogind.c (doit): Always initialize the Krb5 error table.
1824 * krlogind.c (main, doit): Minor type fixes to gethostbyname(),
1827 Tue Mar 14 12:30:23 1995 Chris Provenzano (proven@mit.edu)
1829 * kcmd.c (kcmd()): Don't pass any data to sendauth() to be
1830 checksummed. The remote side doesn't check it anyway.
1832 Fri Mar 10 18:32:22 1995 Theodore Y. Ts'o <tytso@dcl>
1834 * kcmd.c (kcmd): Initialize ret_cred to zero so that in case of an
1835 error, we don't try to free stack garbage.
1837 Fri Mar 10 11:09:34 1995 Chris Provenzano (proven@mit.edu)
1839 * kcmd.c (kcmd()) Use new calling convention for krb5_sendauth().
1840 * krcp.c () Use new calling convention for krb5_mk_req_extended().
1842 Thu Mar 2 12:26:29 1995 Theodore Y. Ts'o <tytso@dcl>
1844 * Makefile.in (ISODELIB): Remove reference to $(ISODELIB).
1846 Wed Mar 1 11:54:50 1995 Theodore Y. Ts'o <tytso@dcl>
1848 * configure.in: Remove ISODE_INCLUDE and ISODE_DEFS, replace check
1849 for -lsocket and -lnsl with WITH_NETLIB check.
1851 Tue Feb 28 01:41:04 1995 John Gilmore (gnu at toad.com)
1853 * forward.c, kcmd.c, krcp.c, krlogin.c, krlogind.c, krsh.c,
1854 krshd.c: Avoid <krb5/...> and <com_err.h> includes.
1856 Tue Feb 14 15:30:55 1995 Chris Provenzano (proven@mit.edu)
1858 * kcmd.c Call krb5_sendauth() and krb5_get_credentials() with
1859 new calling convention.
1861 * krcp.c (answer_auth()) Call krb5_mk_req_extended90 with new
1864 Fri Feb 3 11:51:55 1995 Theodore Y. Ts'o (tytso@dcl)
1866 * krcp.c (tgt_keyproc): Add keytype parameter to field.
1868 Mon Jan 30 07:58:16 1995 Chris Provenzano (proven@mit.edu)
1870 * Removed all #include <krb5/crc-32.h>
1872 * Removed krb5_enctype argument passed to krb5_get_for_creds()
1874 Wed Jan 25 16:54:40 1995 Chris Provenzano (proven@mit.edu)
1876 * Removed all narrow types and references to wide.h and narrow.h
1878 Wed Jan 18 14:33:50 1995 Mark Eichin <eichin@cygnus.com>
1880 * krlogind.c (v4_des_read, v5_des_read): When reading length,
1881 ignore everything before a leading zero (MSB first "reasonable"
1882 value) to compensate for rlogin (mis)use of BSD-OOB data.
1883 * krlogin.c (des_read): same code (in both versions of des_read.)
1885 Wed Jan 18 01:07:56 1995 Mark Eichin <eichin@cygnus.com>
1887 * configure.in: undo streams test. It turns out that we want sunos
1888 to *fail* that test, since it doesn't have a streams PTEM module
1890 * krlogind.c: don't include sys/tty.h and sys/ptyvar.h if we don't
1891 HAVE_STREAMS already.
1892 * krlogin.c: do the same thing.
1894 Fri Jan 13 15:23:47 1995 Chris Provenzano (proven@mit.edu)
1896 * Added krb5_context to all krb5_routines
1898 * krsh.c (main): Use htons(debug_port).
1900 Wed Jan 11 01:25:09 1995 Mark Eichin <eichin@cygnus.com>
1902 * logutil.c (update_wtmp): declare missing variables if
1903 HAVE_SETUTENT isn't set.
1904 (update_utmp): declare tty at top of function.
1906 Tue Jan 10 19:43:18 1995 Mark Eichin (eichin@cygnus.com)
1908 * krlogin.c (doit): use exit_handler for signal exits, don't use
1910 (exit_handler): new function, avoids type collision from misusing
1911 exit directly as a signal handler.
1913 Tue Jan 10 15:23:31 1995 Richard Basch (probe@tardis)
1915 * configure.in: Streams test needs to include sys/types.h
1917 * krsh.c: Include sys/time.h (linux)
1919 Mon Jan 9 21:48:54 1995 Theodore Y. Ts'o (tytso@dcl)
1921 * kcmd.c, krlogin.c, krcp.c: Always include fcntl.h, and never
1924 * krshd.c: Always define the Kerberos V4 data structures.
1926 Tue Jan 3 16:54:02 1995 Richard Basch (probe@tardis)
1932 Removed debugging statement
1935 Removed old sgi code (it has POSIX_SIGNALS).
1937 Mon Jan 2 12:35:18 1995 Richard Basch (probe@tardis)
1941 Added encrypted rsh support.
1942 It still isn't entirely secure; as the command-line could
1943 be spoofed by an active attack, but the data sharing is...
1946 Ultrix doesn't have a fully functional POSIX termios.
1949 Cleaned up some of the #ifdef's and code duplication.
1950 Fixed decl. of return variable for getopt() [int not char]
1952 Fri Dec 30 18:35:50 1994 Richard Basch (probe@tardis)
1955 Don't need: #ifdef _AIX, #undef _BSD, #endif
1958 Fixed man page installation when build tree != source tree
1961 No need to do the fcntl check
1962 Changed GETPGRP_ONEARG detection (and assign it when it
1963 takes one argument, not void).
1967 Tidied up the code a bit.
1968 Do not rely on NO_UT_TYPE (it has problems with AIX headers)
1971 Tidied up the code a bit.
1972 Set the controlling tty for Ultrix
1973 Do not rely on NO_UT_TYPE (it has problems with AIX headers)
1975 Thu Dec 29 10:12:48 1994 Richard Basch (probe@tardis)
1978 Conditionalize grantpt/unlockpt on HAVE_GRANTPT (not just Sun)
1979 Conditionalized references to ut_type and ut_pid.
1980 Try all the methods for getting a pty...
1983 Conditionalized references to ut_type and ut_pid.
1986 Conditionalize grantpt/unlockpt on HAVE_GRANTPT
1987 Corrected a minor syntactical error with extraneous "],"
1989 Thu Dec 29 01:38:17 1994 Richard Basch <probe@k9>
1992 Error checks for Solaris tty setup routines (grantpt/unlockpt)
1993 Commented out the OOB code, as it causes problems currently.
1994 Cleaned up some of the #ifdef's for logging incoming users
1995 Removed extraneous declaration of malloc()
1996 Pass a "" for the hostname rather than NULL to update_utmp.
1997 Some additional cosmetic changes.
1998 Included/excluded SYSV code (SYSV is not defined anywhere)
2000 Wed Dec 28 14:59:58 1994 Richard Basch (probe@tardis)
2006 Corrected the arguments to select, based on sizeof fd_set.
2007 Converted what remained to use FD_* macros, instead of bitshift
2010 Changed uid_type to uid_t, gid_type to gid_t
2011 Added shadow password support
2012 Always use cfset*speed when POSIX_TERMIOS is defined
2015 Changed the PATH for looking for BSD r* commands
2016 Use AC_TRY_LINK instead of AC_TRY_COMPILE for the setenv test.
2017 Cache results of compile/link tests.
2018 Added shadow password support.
2019 Don't bother checking for sys/stream.h; done elsewhere
2020 Look for the function ptsname.
2023 Search to the proper position in the utmp/utmpx files.
2024 Corrected arguments for the utmpx routines.
2027 Revamped the tty setup routines.
2029 Tue Dec 27 14:42:15 1994 Richard Basch (probe@tardis)
2032 Cleaned up some of the includes
2038 Revamped the utmp/wtmp handling routines
2041 Fixed the "krlogin" program define for "krsh"
2044 Changed the HAVE_STREAMS macro to not try <sys/tty.h>
2045 Corrected the text for the setpgrp arguments check
2047 Tue Dec 27 06:15:42 1994 Richard Basch (probe@tardis)
2050 Use the file descriptor macros (eg. FD_SET) to handle fd arrays
2051 Change #ifdef STREAMS to #ifdef HAVE_STREAMS
2052 Started to add SYS-V utmp handling
2053 Ripped out the old termio code.
2054 Include <unistd.h> and <stdlib.h> where available.
2057 Combined KRB5_UT* macros into CHECK_UTMP, with more checks.
2058 Changed obsolete AC_COMPILE_CHECK to use newer macros.
2060 Mon Dec 26 13:51:20 1994 Richard Basch (probe@tardis)
2067 Removed the hard-coded paths for the BSD rlogin/rcp/rsh programs.
2068 Let "configure" find the programs for us...
2070 Mon Dec 19 15:09:57 1994 Theodore Y. Ts'o (tytso@dcl)
2072 * krcp.c (des_write):
2073 * krlogin.c (des_write):
2074 * krlogind.c (v5_des_write): Fix byte swapping code (Missing shift
2077 * krlogind.c (v4_des_read, v4_des_write): Fixed byte swapping code
2078 so that V4 des compatibility works on 64 bit
2081 Fri Nov 18 01:19:13 1994 Mark Eichin <eichin@cygnus.com>
2083 * Makefile.in (install): add install rules for krlogind.M,
2084 krshd.M, rlogin.M, rcp.M, rsh.M. (Section numbers are explicit,
2085 and this should probably be changed.)
2086 (from Ted Lemon <mellon@ipd.wellsfargo.com>
2088 Fri Nov 18 01:10:34 1994 Mark Eichin <eichin@cygnus.com>
2090 * configure.in: use new macros KRB5_UTPID, KRB5_UTTYPE, and
2091 KRB5_UTHOST (from epeisach).
2093 Wed Nov 16 11:45:01 1994 Richard Basch (probe@tardis)
2096 If the system includes a SA_RESTART signal flag, use it.
2097 We want to be able to resume the read() system call after
2100 Fri Nov 11 00:53:57 1994 Theodore Y. Ts'o (tytso@dcl)
2102 * forward.c (mk_cred, rd_cred): Move mk_cred and rd_cred to
2105 Tue Nov 8 23:52:58 1994 Theodore Y. Ts'o (tytso@dcl)
2107 * krshd.c (setpgrp): Defining setpgrp(a,b) to setpgrp() if
2108 SETPGRP_TWOARG is not set can cause infinite macro
2109 recursion on some C preprocessors. Fix by putting the
2110 #ifdef for SETPGRP_TWOARG where setpgrp is actually
2111 called, instead of trying to redefine setpgrp().
2113 Mon Nov 7 21:22:00 1994 Theodore Y. Ts'o (tytso@dcl)
2115 * configure.in: Add check for stdlib.h
2117 * configure.in: Remove unused check for HAVE_GETDTABLESIZE
2118 (especially since we replace it with AC_REPLACE_FUNCS
2121 * getdtablesize.c: Use POSIX method of obtaining fd table size,
2124 Wed Nov 02 22:21:00 1994 Richard Basch (probe@tardis)
2127 Moved POSIX signal check to aclocal.m4, and calls it (CHECK_SIGNALS)
2128 Added POSIX setjmp check (CHECK_SETJMP).
2129 Added checks for waitpid and setsid functions.
2132 Include <signal.h> not <sys/signal.h>.
2133 Don't bother declaring sigmask when POSIX_SIGNALS is set.
2136 Replaced the conditionalized BITS64 code with more portable code.
2137 Use mode_t instead of int, for file modes.
2138 Use waitpid, instead of wait, where available (HAVE_WAITPID).
2139 Added POSIX signal handling (POSIX_SIGNALS).
2142 Include <unistd.h> and <stdlib.h> if available
2143 Replaced the conditionalized BITS64 code with more portable code.
2144 Use cfgetospeed() if POSIX_TERMIOS is defined. It was already being
2145 used, so there is no need to use two methods.
2146 Use waitpid, instead of wait, where available (HAVE_WAITPID).
2147 Added POSIX setjmp handling (POSIX_SETJMP)
2148 Added POSIX signal handling (POSIX_SIGNALS).
2151 Added POSIX signal handling (POSIX_SIGNALS).
2152 Corrected an error in the arguments to chmod().
2153 Call setsid() if HAVE_SETSID is defined.
2154 Try not conditionalizing on __alpha; use other #ifdef's.
2155 Replaced the conditionalized BITS64 code with more portable code.
2158 Added POSIX signal handling (POSIX_SIGNALS)
2161 Declare and manipulate the file descriptor arrays properly,
2162 rather than bit shifting and passing them to select as
2163 (long *). Some systems (eg. AIX) declare them to be structs.
2164 Added POSIX signal handling (POSIX_SIGNALS)
2167 Include <unistd.h> and <stdlib.h> if available
2168 Added POSIX setjmp handling (POSIX_SETJMP)
2169 Added POSIX signal handling (POSIX_SIGNALS)
2170 Use waitpid, instead of wait, where available (HAVE_WAITPID).
2173 Don't redeclare time(); it may conflict with the system header files.
2174 Include <unistd.h> first.
2176 Thu Oct 27 20:07:03 1994 Mark Eichin (eichin@cygnus.com)
2178 * login.c (main): if CSTATUS is missing, don't set c_cc[VSTATUS]
2181 Thu Oct 27 16:12:19 1994 Mark Eichin (eichin@cygnus.com)
2183 * krlogin.c (des_write): get rid of srandom, since seeding is done
2184 directly in krb5_random_confounder. get rid of unused variables.
2185 * krlogind.c (v4_des_write): use krb5_random_confounder
2186 directly. get rid of unused variables.
2188 Thu Oct 27 14:50:40 1994 Mark Eichin (eichin@cygnus.com)
2190 * login.c (main): if CDISCARD is missing, use CFLUSH instead.
2192 Thu Oct 27 14:47:41 1994 Mark Eichin (eichin@cygnus.com)
2194 * configure.in: fix typo in "use streams interface" test (ttold.h
2197 Thu Oct 27 14:31:17 1994 Mark Eichin (eichin@cygnus.com)
2199 * configure.in: check for srand48, srand, and srandom.
2200 * krlogind.c (v4_des_write): use the best available of the three
2201 random number systems for padding (based on code from
2202 lib/crypto/os/rnd_confoun.c.)
2204 Wed Oct 26 00:04:02 1994 Theodore Y. Ts'o (tytso@dcl)
2207 * krlogind.c (protocol, v5_des_read): Check for both EAGAIN in
2208 addition to EWOULDBLOCK.
2210 Mon Oct 24 14:46:07 1994 (tytso@rsx-11)
2212 * Makefile.in: The Kerberos V4 libraries must be linked in after
2213 the V5 libraries; compat_recvauth pulls in the V4 routines.
2215 * kcmd.c (kcmd): Don't free host_save; it's supposed to be
2216 returned by kcmd to the caller!
2219 * krlogin.c (des_write): Don't check for srand48 and then try to
2220 define srandom to be srand48. This breaks on machines
2221 which have both srandom and srand48. Instead, use
2222 krb5_random_confounder; it will do the right thing.
2224 Wed Oct 19 12:36:47 1994 Theodore Y. Ts'o (tytso@dcl)
2226 * krlogind.c (protocol): Change yet another variable to be an
2229 * login.c (main): Add other termios c_cc initializations for the
2232 * krlogind.c (protocol): Make protocol buffers be unsigned, since
2233 we're comparing against unsigned data.
2235 Tue Oct 18 15:48:37 1994 Mark Eichin (eichin@cygnus.com)
2237 * configure.in (HAVE_STREAMS): test for streams interface headers
2238 in a way that fails on sunos but works on solaris.
2239 * krlogin.c: use HAVE_STREAMS.
2240 * krlogind.c: use HAVE_STREAMS, fix TIOCPKT_* test.
2242 Tue Oct 4 17:14:38 1994 Theodore Y. Ts'o (tytso@dcl)
2244 * krcp.c (tgt_keyproc): Add widen.h and narrow.h around
2245 declaration so that argument types are widened.
2247 Mon Oct 3 13:21:51 1994 Theodore Y. Ts'o (tytso@dcl)
2249 * logutil.c (logwtmp): Remove declaration for strncpy().
2251 Fri Sep 30 17:04:24 1994 Theodore Y. Ts'o (tytso@dcl)
2253 * krshd.c: Use ifdef for SETPGRP_TWOARG and HAVE_KILLPG
2255 * krlogind.c: Use ifdef include of HAVE_SYS_TTY_H and
2256 HAVE_SYS_PTYVAR_H (suncc doesn't #define solaris).
2258 Thu Sep 29 22:50:05 1994 Theodore Y. Ts'o (tytso@dcl)
2260 * Makefile.in: "make clean" should remove the executables
2262 * Makefile.in: Relink executables if libraries change
2264 Thu Sep 29 17:55:57 1994 Mark Eichin (eichin@tweedledumber.cygnus.com)
2266 * krlogin.c (mode): ifdef VLNEXT instead of svr4 for ^V fixing.
2268 krlogin.c, configure.in: include sys/tty.h and sys/ttold.h only if
2272 Wed Sep 28 20:57:24 1994 Mark Eichin (eichin@tweedledumber.cygnus.com)
2274 * configure.in (srand48): check for srand48, and if it exists,
2275 substitute it for srandom (and lrand48 for random.)
2276 (K4LIB): add libdes.a, needed for des_pcbc_encrypt.
2278 Wed Sep 28 14:36:29 1994 Mark Eichin (eichin@rtl.cygnus.com)
2280 * Makefile.in: always put $(K4LIB) before $(KLIB) so that
2281 references to libcrypto.a get resolved.
2283 Thu Aug 18 18:57:44 1994 Theodore Y. Ts'o (tytso at tsx-11)
2286 * configure.in: Fix KRB4 handling; do it here in configure.in
2287 instead of in Makefile.in
2289 Thu Aug 18 18:55:36 1994 Mark Eichin (eichin@perdiem)
2291 * configure.in (LOGINLIBS): always substitute it, even if it isn't
2294 Thu Aug 18 17:09:36 1994 Theodore Y. Ts'o (tytso at tsx-11)
2296 * forward.c (get_for_creds): Fix bug to allow cross-realm
2297 forwarded credentials to work.
2299 * forward.c (rd_and_store_for_creds): Store the forwarded
2300 credentials in a file which is PID dependent, to allow for
2301 different sessions in an rlogin session.
2303 * Makefile: Add $(SETENVOBJ) to all programs that use forward.c
2305 Tue Aug 16 22:41:25 1994 Mark Eichin (eichin@cygnus.com)
2307 * krlogind.c: add sys/ioctl.h.
2309 Tue Aug 16 22:36:29 1994 Mark Eichin (eichin@cygnus.com)
2311 * configure.in: set LOGINLIBS to -lodm -ls -lcfg if the system has
2312 all three (and is probably an AIX system.)
2313 * Makefile.in: use LOGINLIBS for login.krb5.
2314 * krshd.c: use HAVE_SYS_SELECT_H.
2316 Tue Aug 16 17:58:09 1994 Mark Eichin (eichin@cygnus.com)
2318 * krcp.c: check HAVE_VFORK_H
2319 * configure.in: use AC_VFORK (runtime test -- consider just using
2322 Sat Aug 13 02:04:37 1994 Mark Eichin (eichin@perdiem)
2324 * Makefile.in (DEFINES): set LOGIN_PROGRAM correctly.
2326 Thu Aug 11 23:16:31 1994 Mark Eichin (eichin@perdiem)
2328 * krsh.c: Don't (mis)declare getpwuid ever.
2330 Sun Aug 7 04:43:24 1994 Mark Eichin (eichin@cygnus.com)
2332 * krlogin.c (oob): FWRITE (and out) not needed w/POSIX_TERMIOS
2333 * logutil.c: if EMPTY is missing, use UT_UNKNOWN instead.
2334 * login.c (main): some systems just don't have TIOCLSET
2336 Fri Aug 5 18:47:00 1994 Mark Eichin (eichin@cygnus.com)
2338 * configure.in: test for sigprocmask and sigset_t to set POSIX_SIGNALS.
2339 * krlogin.c, kcmd.c: use POSIX_SIGNALS.
2341 Fri Aug 5 15:35:54 1994 Mark Eichin (eichin@cygnus.com)
2343 * configure.in, logutil.c: check for NO_UT_PID, use it.
2345 Wed Jul 27 12:52:04 1994 Mark Eichin (eichin@cygnus.com)
2347 * krlogind.c, krlogin.c, krcp.c: define roundup if needed.
2349 * Makefile.in: add LIBOBJS, dependency for getdtablesize.o.
2350 * getdtablesize.c: new file.
2351 * configure.in: build getdtablesize.c if needed.
2353 * login.c: HAVE_TTYENT_H.
2354 * configure.in: add ttyent.h to HEADERS test.
2356 * krshd.c: HAVE_SYS_LABEL_H, which seems to be SunOS 4 specific.
2357 * krlogind.c: ditto.
2358 * configure.in: test for add sys/label.h to HEADERS test.
2360 * krcp.c (rsource): USE_DIRENT_H.
2362 * configure.in: test for HAVE_UNISTD_H.
2363 * logutil.c: use HAVE_UNISTD_H.
2365 Tue Jul 26 00:25:57 1994 Mark Eichin (eichin@cygnus.com)
2367 * krlogin.c: include <fcntl.h>
2369 * configure.in: Added tests for NO_UT_HOST, NO_UT_EXIT.
2370 * logutil.c: use them.
2372 * configure.in: add CHECK_DIRENT, CHECK_FCNTL.
2374 * configure.in: Added tests for HAVE_SETOWN, HAVE_SYS_FILIO_H.
2375 * krlogin.c, krsh.c, krshd.c, krlogin.c, krlogind.c: use them.
2377 Sat Jul 23 08:48:50 1994 Tom Yu (tlyu@dragons-lair)
2380 * krshd.c: include ext-proto.h to avoid type warnings
2382 Sat Jul 16 02:24:31 1994 Theodore Y. Ts'o (tytso at tsx-11)
2385 * krsh.c: index->strchr, rindex->strrchr, add (char *) cast to
2386 malloc, have proper include for the string functions.
2388 Fri Jul 15 15:03:11 1994 Theodore Y. Ts'o (tytso at tsx-11)
2390 * krcp.c: add utimes() emulation for systems that only have the
2393 Mon Jun 27 22:03:48 1994 Theodore Y. Ts'o (tytso at tsx-11)
2395 * krlogind.c: remove spurious debugging #undef of KRB5_KRB4_COMPAT