diff options
Diffstat (limited to 'src')
139 files changed, 1036 insertions, 282 deletions
diff --git a/src/ChangeLog b/src/ChangeLog index f89bb96bc8..aadb2fd38a 100644 --- a/src/ChangeLog +++ b/src/ChangeLog @@ -1,3 +1,23 @@ +Mon Nov 25 19:42:53 1996 Tom Yu <tlyu@mit.edu> + + * Makefile.in: Comment out distclean and realclean so no one will + be tempted to use them. [PR 222] + +Fri Nov 22 23:51:07 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * Makefile.in: All changes for the Macintosh port. Translate '%' + characters in Macfile.tmpl to '/' characters. Include the + mac/SAP directory in the kerbsrc.mac.tar tarball. Rename + the kerbsrc.tar tarball to kerbsrc.mac.tar, so that the + target name in the Makefile matches the taget which is + actually generated. Use mac/mkbindirs.sh to build the + binary hierarchy for the Macintosh build process. + +Wed Nov 20 13:28:00 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * Makefile.in (awk-windows-mac): Copy gssapi.hin to gssapi.h to + make Win16 build work. + Thu Nov 7 23:55:02 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu> * aclocal.m4 (LinkFileDir, LinkFile): AC_REQUIRE the AC_LN_S macro diff --git a/src/Makefile.in b/src/Makefile.in index 738aa40951..810ba1e11c 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -63,11 +63,14 @@ clean-unix:: mostlyclean: clean -distclean: clean - rm -f Makefile config.status - -realclean: distclean - rm -f TAGS +# This doesn't work; if you think you need it, you should use a +# separate build directory. +# +# distclean: clean +# rm -f Makefile config.status +# +# realclean: distclean +# rm -f TAGS dist: $(DISTFILES) echo cpio-`sed -e '/version_string/!d' \ @@ -220,7 +223,7 @@ FILES= ./* \ WINFILES= windows/* windows/cns/* windows/wintel/* windows/gss/* MACFILES= mac/* mac/kconfig/* mac/libraries/* mac/telnet-k5-auth/* \ - mac/gss-sample/* config/* include/* include/krb5/* \ + mac/gss-sample/* mac/SAP/* config/* include/* include/krb5/* \ include/krb5/asn.1/* include/krb5/stock/* include/sys/* \ ./patchlevel.h @@ -235,7 +238,8 @@ CLEANUP= util/profile/profile.h util/profile/prof_err.[ch] \ include/adm_err.h include/profile.h include/krb5.h \ include/krb5/osconf.h \ lib/gssapi/generic/gssapi_err_generic.[ch] \ - lib/gssapi/krb5/gssapi_err_krb5.[ch] winfile.list macfile.list + lib/gssapi/krb5/gssapi_err_krb5.[ch] winfile.list macfile.list \ + lib/gssapi/generic/gssapi.h kerbsrc.win: kerbsrc.zip @@ -299,13 +303,22 @@ Macfile: macfile.list Makefile.sav -e 's/^/:bin:PPC:/' macsrcsk5` >> Macfile echo INCLUDES = `sed -n -e 's/\(.*:\)[^:]*\.h$$/-i \1/p' macfile.maclist | sort -u` >> Macfile echo "" >> Macfile - tr '/:\\' ':\304\266'< mac/Makefile.tmpl >> Macfile + tr '%/:\\' '/:\304\266'< mac/Makefile.tmpl >> Macfile + +mac-bin-dirs: + rm -rf bin + mkdir bin bin/68K bin/CFM-68K bin/PPC + sh mac/mkbindirs.sh bin/68K $(MAC_SUBDIRS) + sh mac/mkbindirs.sh bin/CFM-68K $(MAC_SUBDIRS) + sh mac/mkbindirs.sh bin/PPC $(MAC_SUBDIRS) -kerbsrc.mac: awk-windows-mac macfile.list Macfile +kerbsrc.mac.tar: awk-windows-mac macfile.list Macfile cp mac/libraries/autoconf.h include/autoconf.h mv Macfile Makefile - tar cvf kerbsrc.tar Makefile include/autoconf.h `cat macfile.list` + tar cvf kerbsrc.mac.tar Makefile include/autoconf.h bin \ + `cat macfile.list` rm -f $(CLEANUP) + rm -rf bin rm -f include/autoconf.h Makefile macsrc* macfile.maclist mv Makefile.sav Makefile @@ -343,3 +356,4 @@ awk-windows-mac: cat $(PR)/profile.hin $(PR)prof_err.h > $(PR)profile.h cp $(PR)profile.h include/profile.h cp $(INC)/krb5/stock/osconf.h $(INC)/krb5 + cp $(GG)gssapi.hin $(GG)gssapi.h diff --git a/src/appl/bsd/ChangeLog b/src/appl/bsd/ChangeLog index f9aa5ad882..a0f9faf19c 100644 --- a/src/appl/bsd/ChangeLog +++ b/src/appl/bsd/ChangeLog @@ -1,3 +1,30 @@ +Fri Dec 6 00:53:08 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * v4rcp.c: Extend the platform-specific braindamage so that + FreeBSD works. This whole file is eventually going to + need serious rototilling to make it even vaguely correct. + [PR #284] + +Fri Dec 6 00:02:25 1996 Tom Yu <tlyu@mit.edu> + + * loginpaths.h: Add catch-all entries for LPATH and RPATH in case + we run across something that we haven't hardcoded paths for + yet. [267] + +Thu Dec 5 21:58:28 1996 Tom Yu <tlyu@mit.edu> + + * login.M: v5srvtab -> krb5.keytab [279] + +Sun Nov 24 23:35:22 1996 Ezra Peisach <epeisach@mit.edu> + + * login.c (try_afscall): Change to take pointer to function + instead of only calling setpag(). [krb5-appl/190] + +Fri Nov 22 15:46:46 1996 unknown <bjaspan@mit.edu> + + * kcmd.c (kcmd): use sizeof instead of h_length to determine + number of bytes of addr to copy from DNS response [krb5-misc/211] + Thu Nov 14 14:30:28 1996 Barry Jaspan <bjaspan@mit.edu> * krcp.c: don't print our own error message if kcmd returns -1 (it diff --git a/src/appl/bsd/kcmd.c b/src/appl/bsd/kcmd.c index 4b66c37953..6f4583596d 100644 --- a/src/appl/bsd/kcmd.c +++ b/src/appl/bsd/kcmd.c @@ -180,7 +180,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, return (-1); } sin.sin_family = hp->h_addrtype; - memcpy((caddr_t)&sin.sin_addr,hp->h_addr, hp->h_length); + memcpy((caddr_t)&sin.sin_addr,hp->h_addr, sizeof(sin.sin_addr)); sin.sin_port = rport; if (connect(s, (struct sockaddr *)&sin, sizeof (sin)) >= 0) break; @@ -200,7 +200,7 @@ kcmd(sock, ahost, rport, locuser, remuser, cmd, fd2p, service, realm, perror(0); hp->h_addr_list++; memcpy((caddr_t)&sin.sin_addr,hp->h_addr_list[0], - hp->h_length); + sizeof(sin.sin_addr)); fprintf(stderr, "Trying %s...\n", inet_ntoa(sin.sin_addr)); continue; diff --git a/src/appl/bsd/login.M b/src/appl/bsd/login.M index 0603d16bd2..f48fd0c40b 100644 --- a/src/appl/bsd/login.M +++ b/src/appl/bsd/login.M @@ -25,7 +25,7 @@ possible.) It will also attempt to run .I aklog to get \fIAFS\fP tokens for the user. The version 5 tickets will be tested against a local -.I v5srvtab +.I krb5.keytab if it is available, in order to verify the tickets, before letting the user in. However, if the password matches the entry in \fI/etc/passwd\fP the user will be unconditionally allowed (permitting diff --git a/src/appl/bsd/login.c b/src/appl/bsd/login.c index 7542a23a89..04045490d1 100644 --- a/src/appl/bsd/login.c +++ b/src/appl/bsd/login.c @@ -1023,7 +1023,8 @@ static sigtype sigsys () siglongjmp(setpag_buf, 1); } -static int try_afscall () +static int try_afscall (scall) + int (*scall)(); { handler sa, osa; volatile int retval = 0; @@ -1032,7 +1033,7 @@ static int try_afscall () handler_init (sa, sigsys); handler_swap (SIGSYS, sa, osa); if (sigsetjmp(setpag_buf, 1) == 0) { - setpag (); + (*scall)(); retval = 1; } handler_set (SIGSYS, osa); diff --git a/src/appl/bsd/loginpaths.h b/src/appl/bsd/loginpaths.h index 2f2de0bb81..99d28b091a 100644 --- a/src/appl/bsd/loginpaths.h +++ b/src/appl/bsd/loginpaths.h @@ -94,3 +94,13 @@ #define RPATH "/usr/bin:/bin" #endif #endif + +/* catch-all entries for operating systems we haven't looked up + hardcoded paths for */ +#ifndef LPATH +#define LPATH "/usr/bin:/bin" +#endif + +#ifndef RPATH +#define RPATH "/usr/bin:/bin" +#endif diff --git a/src/appl/bsd/v4rcp.c b/src/appl/bsd/v4rcp.c index 0a1ad33a0e..56db95c8d4 100644 --- a/src/appl/bsd/v4rcp.c +++ b/src/appl/bsd/v4rcp.c @@ -310,7 +310,8 @@ void lostconn(); int lostconn(); #endif int errno; -#ifndef __NetBSD__ +/* Kludge!!!! */ +#if (!defined(__NetBSD__) && !defined(__FreeBSD__)) extern char *sys_errlist[]; #endif int iamremote, targetshouldbedirectory; diff --git a/src/appl/gss-sample/ChangeLog b/src/appl/gss-sample/ChangeLog index 5da0236f05..110e7224ad 100644 --- a/src/appl/gss-sample/ChangeLog +++ b/src/appl/gss-sample/ChangeLog @@ -1,3 +1,9 @@ +Fri Nov 22 15:48:02 1996 unknown <bjaspan@mit.edu> + + * gss-client.c (connect_to_server): use sizeof instead of h_length + to determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Sun Oct 27 22:04:59 1996 Ezra Peisach <epeisach@mit.edu> * configure.in: Add USE_GSSAPI_LIBRARY diff --git a/src/appl/gss-sample/gss-client.c b/src/appl/gss-sample/gss-client.c index 170bc63405..b91ea87aa5 100644 --- a/src/appl/gss-sample/gss-client.c +++ b/src/appl/gss-sample/gss-client.c @@ -79,7 +79,7 @@ int connect_to_server(host, port) } saddr.sin_family = hp->h_addrtype; - memcpy((char *)&saddr.sin_addr, hp->h_addr, hp->h_length); + memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr)); saddr.sin_port = htons(port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { diff --git a/src/appl/gssftp/ftp/ChangeLog b/src/appl/gssftp/ftp/ChangeLog index 3262141e90..9d39c10aad 100644 --- a/src/appl/gssftp/ftp/ChangeLog +++ b/src/appl/gssftp/ftp/ChangeLog @@ -1,3 +1,8 @@ +Fri Nov 22 15:48:19 1996 unknown <bjaspan@mit.edu> + + * ftp.c (hookup): use sizeof instead of h_length to determine + number of bytes of addr to copy from DNS response [krb5-misc/211] + Fri Sep 27 16:05:09 1996 Tom Yu <tlyu@mit.edu> * cmds.c (setpeer): Apply jik's fix so "-n" actually works as diff --git a/src/appl/gssftp/ftp/ftp.c b/src/appl/gssftp/ftp/ftp.c index fb6a5632b5..0641416bc8 100644 --- a/src/appl/gssftp/ftp/ftp.c +++ b/src/appl/gssftp/ftp/ftp.c @@ -155,7 +155,7 @@ hookup(host, port) } hisctladdr.sin_family = hp->h_addrtype; memcpy((caddr_t)&hisctladdr.sin_addr, hp->h_addr_list[0], - hp->h_length); + sizeof(hisctladdr.sin_addr)); (void) strncpy(hostnamebuf, hp->h_name, sizeof(hostnamebuf)); } hostname = hostnamebuf; @@ -177,7 +177,8 @@ hookup(host, port) perror((char *) 0); hp->h_addr_list++; memcpy((caddr_t)&hisctladdr.sin_addr, - hp->h_addr_list[0], hp->h_length); + hp->h_addr_list[0], + sizeof(hisctladdr.sin_addr)); fprintf(stdout, "Trying %s...\n", inet_ntoa(hisctladdr.sin_addr)); (void) close(s); diff --git a/src/appl/sample/sserver/ChangeLog b/src/appl/sample/sserver/ChangeLog index ba1d2974fe..be41b716c3 100644 --- a/src/appl/sample/sserver/ChangeLog +++ b/src/appl/sample/sserver/ChangeLog @@ -1,3 +1,10 @@ +Thu Dec 5 19:44:05 1996 Tom Yu <tlyu@mit.edu> + + * sserver.M: remove ref's to "/krb5" [PR 279] + + * sserver.M: v5srvtab -> krb5.keytab; also kdb5_edit -> kadmin [PR + 279] + Thu Nov 7 15:24:43 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * sserver.c (main): Check the error return from diff --git a/src/appl/sample/sserver/sserver.M b/src/appl/sample/sserver/sserver.M index f0ea721b07..e879067e68 100644 --- a/src/appl/sample/sserver/sserver.M +++ b/src/appl/sample/sserver/sserver.M @@ -44,9 +44,8 @@ The service name used by \fIsserver\fP and \fIsclient\fP is \fBsample\fP. Hence, \fIsserver\fP will require that there be a keytab entry for the service "sample/hostname.domain.name@REALM.NAME". This keytab is generated using the -.IR krb5_edit(8) -program. The keytab file is installed in whatever -directory is defined by V5Srvtabdir (usually /etc) as "v5srvtab". +.IR kadmin(8) +program. The keytab file is usually installed as "/etc/krb5.keytab". .PP The .B \-S @@ -57,7 +56,7 @@ option allows for a different keytab than the default. using a line in /etc/inetd.conf that looks like this: .PP -sample stream tcp nowait root /krb5/sbin/sserver sserver +sample stream tcp nowait root /usr/local/sbin/sserver sserver .PP Since \fBsample\fP is normally not a port defined in /etc/services, you will usually have to add a line to /etc/services which looks like this: @@ -66,7 +65,7 @@ sample 13135/tcp .PP When using \fIsclient,\fP you will first have to have an entry in the Kerberos database, by using -.IR kdb5_edit(8), +.IR kadmin(8), and then you have to get Kerberos tickets, by using .IR kinit(8). @@ -109,10 +108,10 @@ didn't restart \fIinetd\fP after editing inetd.conf. .PP 4) \fIsclient\fP returns the error: .PP -/krb5/bin/sclient: Server not found in Kerberos database while using sendauth +sclient: Server not found in Kerberos database while using sendauth .PP This means that the "sample/hostname@LOCAL.REALM" service was not -defined in the Kerberos database; it should be created using \fIkdb5_edit,\fP +defined in the Kerberos database; it should be created using \fIkadmin,\fP and a keytab file needs to be generated to make the key for that service principal available for \fIssclient\fP. .PP diff --git a/src/appl/simple/client/ChangeLog b/src/appl/simple/client/ChangeLog index 275d42bf20..db1136c43a 100644 --- a/src/appl/simple/client/ChangeLog +++ b/src/appl/simple/client/ChangeLog @@ -1,3 +1,8 @@ +Fri Nov 22 15:48:30 1996 unknown <bjaspan@mit.edu> + + * sim_client.c (main): use sizeof instead of h_length to determine + number of bytes of addr to copy from DNS response [krb5-misc/211] + Thu Nov 7 15:26:10 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * sim_client.c (main): Check the error return from diff --git a/src/appl/simple/client/sim_client.c b/src/appl/simple/client/sim_client.c index 9def2603ce..a573dfa54a 100644 --- a/src/appl/simple/client/sim_client.c +++ b/src/appl/simple/client/sim_client.c @@ -163,7 +163,7 @@ main(argc, argv) /* Set server's address */ (void) memset((char *)&s_sock, 0, sizeof(s_sock)); - memcpy((char *)&s_sock.sin_addr, host->h_addr, host->h_length); + memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); #ifdef DEBUG printf("s_sock.sin_addr is %s\n", inet_ntoa(s_sock.sin_addr)); #endif @@ -198,7 +198,7 @@ main(argc, argv) fprintf(stderr, "%s: unknown host\n", hostname); exit(1); } - memcpy((char *)&c_sock.sin_addr, host->h_addr, host->h_length); + memcpy((char *)&c_sock.sin_addr, host->h_addr, sizeof(c_sock.sin_addr)); #endif diff --git a/src/appl/simple/server/ChangeLog b/src/appl/simple/server/ChangeLog index 58042da37f..6e30ce4a4c 100644 --- a/src/appl/simple/server/ChangeLog +++ b/src/appl/simple/server/ChangeLog @@ -1,3 +1,8 @@ +Fri Nov 22 15:48:42 1996 unknown <bjaspan@mit.edu> + + * sim_server.c (argv): use sizeof instead of h_length to determine + number of bytes of addr to copy from DNS response [krb5-misc/211] + Thu Nov 7 15:26:44 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * sim_server.c (argv): Check the error return from diff --git a/src/appl/simple/server/sim_server.c b/src/appl/simple/server/sim_server.c index 551a4f36cd..255d786f25 100644 --- a/src/appl/simple/server/sim_server.c +++ b/src/appl/simple/server/sim_server.c @@ -151,7 +151,7 @@ char *argv[]; fprintf(stderr, "%s: host unknown\n", full_hname); exit(1); } - memcpy((char *)&s_sock.sin_addr, host->h_addr, host->h_length); + memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); /* Open socket */ if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { diff --git a/src/appl/telnet/telnet/ChangeLog b/src/appl/telnet/telnet/ChangeLog index 8080dba471..f58e8955f8 100644 --- a/src/appl/telnet/telnet/ChangeLog +++ b/src/appl/telnet/telnet/ChangeLog @@ -1,3 +1,25 @@ +Tue Nov 26 20:41:31 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu> + + * configure.in: Check for apra/inet.h + + * commands.c: Remove explicit declaration of inet_addr, and + declare INADDR_NONE to be 0xffffffff again, but mask off the lower + 32 bits while doing the compare. + +Sat Nov 23 00:33:58 1996 Sam Hartman <hartmans@mit.edu> + + * commands.c (tn): Patch from mycroft@mit.edu for Alpha NetBSD. + Comparing to -1 is not 64-bit clean. + [233] + (INADDR_NONE): Mycroft suggests using -1 not 0xffffffff if I have + to define it ourselves. [233] + + Fri Nov 22 15:48:57 1996 unknown <bjaspan@mit.edu> + + * commands.c (sourceroute): use sizeof instead of h_length to + determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Thu Nov 14 14:25:51 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * sys_bsd.c(intr): Added checks to intr_waiting and intr_happened diff --git a/src/appl/telnet/telnet/commands.c b/src/appl/telnet/telnet/commands.c index cfd975e2fb..0b42efe621 100644 --- a/src/appl/telnet/telnet/commands.c +++ b/src/appl/telnet/telnet/commands.c @@ -44,6 +44,9 @@ #endif /* defined(unix) */ #include <sys/socket.h> #include <netinet/in.h> +#ifdef HAVE_ARPA_INET_H +#include <arpa/inet.h> +#endif /* HAVE_ARPA_INET_H */ #ifdef CRAY #include <fcntl.h> #endif /* CRAY */ @@ -89,6 +92,9 @@ #ifndef MAXDNAME #define MAXDNAME 256 /*per the rfc*/ #endif +#ifndef INADDR_NONE +#define INADDR_NONE 0xffffffff +#endif #if defined(IPPROTO_IP) && defined(IP_TOS) int tos = -1; @@ -2352,8 +2358,6 @@ ayt_status() } #endif -unsigned long inet_addr(); - int tn(argc, argv) int argc; @@ -2443,10 +2447,10 @@ tn(argc, argv) } else { #endif temp = inet_addr(hostp); - if (temp != (unsigned long) -1) { + if (temp & 0xffffffff != INADDR_NONE) { sin.sin_addr.s_addr = temp; sin.sin_family = AF_INET; - (void) strcpy(_hostname, hostp); + (void) strcpy(_hostname, hostp); hostname = _hostname; } else { host = gethostbyname(hostp); @@ -2454,9 +2458,10 @@ tn(argc, argv) sin.sin_family = host->h_addrtype; #if defined(h_addr) /* In 4.3, this is a #define */ memcpy((caddr_t)&sin.sin_addr, - host->h_addr_list[0], host->h_length); + host->h_addr_list[0], sizeof(sin.sin_addr)); #else /* defined(h_addr) */ - memcpy((caddr_t)&sin.sin_addr, host->h_addr, host->h_length); + memcpy((caddr_t)&sin.sin_addr, host->h_addr, + sizeof(sin.sin_addr)); #endif /* defined(h_addr) */ strncpy(_hostname, host->h_name, sizeof(_hostname)); _hostname[sizeof(_hostname)-1] = '\0'; @@ -2546,9 +2551,9 @@ tn(argc, argv) perror((char *)0); host->h_addr_list++; memcpy((caddr_t)&sin.sin_addr, - host->h_addr_list[0], host->h_length); + host->h_addr_list[0], sizeof(sin.sin_addr)); memcpy((caddr_t)&hostaddr, - host->h_addr_list[0], host->h_length); + host->h_addr_list[0], sizeof(sin.sin_addr)); (void) NetClose(net); continue; } @@ -3055,9 +3060,10 @@ sourceroute(arg, cpp, lenp) } else if (host = gethostbyname(cp)) { #if defined(h_addr) memcpy((caddr_t)&sin_addr, - host->h_addr_list[0], host->h_length); + host->h_addr_list[0], sizeof(sin_addr)); #else - memcpy((caddr_t)&sin_addr, host->h_addr, host->h_length); + memcpy((caddr_t)&sin_addr, host->h_addr, + sizeof(sin_addr)); #endif } else { *cpp = cp; diff --git a/src/appl/telnet/telnet/configure.in b/src/appl/telnet/telnet/configure.in index 619153f037..3d08e2f4a8 100644 --- a/src/appl/telnet/telnet/configure.in +++ b/src/appl/telnet/telnet/configure.in @@ -3,7 +3,7 @@ CONFIG_RULES AC_PROG_INSTALL AC_VFORK AC_CHECK_HEADERS(string.h arpa/nameser.h) -AC_HAVE_HEADERS(unistd.h sys/select.h stdlib.h) +AC_HAVE_HEADERS(unistd.h sys/select.h stdlib.h arpa/inet.h) AC_CHECK_LIB(termcap,main,AC_DEFINE(TERMCAP) LIBS="$LIBS -ltermcap", AC_CHECK_LIB(curses,setupterm,LIBS="$LIBS -lcurses") diff --git a/src/appl/user_user/ChangeLog b/src/appl/user_user/ChangeLog index 62651d0cbc..e00507592d 100644 --- a/src/appl/user_user/ChangeLog +++ b/src/appl/user_user/ChangeLog @@ -1,3 +1,8 @@ +Fri Nov 22 15:49:09 1996 unknown <bjaspan@mit.edu> + + * client.c (argv): use sizeof instead of h_length to determine + number of bytes of addr to copy from DNS response [krb5-misc/211] + Thu Nov 7 15:36:15 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * client.c (argv): diff --git a/src/appl/user_user/client.c b/src/appl/user_user/client.c index 4bee7089cd..2cf85ae941 100644 --- a/src/appl/user_user/client.c +++ b/src/appl/user_user/client.c @@ -128,7 +128,8 @@ char *argv[]; fprintf (stderr, "uu-client: unable to connect to \"%s\"\n", hname); return 5; } - memcpy ((char *)&serv_net_addr.sin_addr, host->h_addr_list[i++], host->h_length); + memcpy ((char *)&serv_net_addr.sin_addr, host->h_addr_list[i++], + sizeof(serv_net_addr.sin_addr)); if (connect(s, (struct sockaddr *)&serv_net_addr, sizeof (serv_net_addr)) == 0) break; com_err ("uu-client", errno, "connecting to \"%s\" (%s).", diff --git a/src/clients/kinit/ChangeLog b/src/clients/kinit/ChangeLog index c3bbbeb3f9..f3d8f2d3f2 100644 --- a/src/clients/kinit/ChangeLog +++ b/src/clients/kinit/ChangeLog @@ -1,3 +1,7 @@ +Thu Dec 5 21:59:08 1996 Tom Yu <tlyu@mit.edu> + + * kinit.M: v5srvtab -> krb5.keytab [279] + Wed Nov 6 09:31:35 1996 Theodore Y. Ts'o <tytso@mit.edu> * kinit.c (main): Check the return code from krb5_init_context, diff --git a/src/clients/kinit/kinit.M b/src/clients/kinit/kinit.M index 86465b9a0e..6681967f4c 100644 --- a/src/clients/kinit/kinit.M +++ b/src/clients/kinit/kinit.M @@ -130,7 +130,7 @@ Location of the credentials (ticket) cache. /tmp/krb5cc_[uid] default credentials cache ([uid] is the decimal UID of the user). .TP -/etc/v5srvtab +/etc/krb5.keytab default location for the local host's .B keytab file. diff --git a/src/clients/klist/ChangeLog b/src/clients/klist/ChangeLog index 8b0051b4cf..f72ff09cd4 100644 --- a/src/clients/klist/ChangeLog +++ b/src/clients/klist/ChangeLog @@ -1,3 +1,7 @@ +Thu Dec 5 21:59:34 1996 Tom Yu <tlyu@mit.edu> + + * klist.M: v5srvtab -> krb5.keytab [279] + Wed Nov 6 12:02:59 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * klist.c (main): Check the error return from krb5_init_context(), diff --git a/src/clients/klist/klist.M b/src/clients/klist/klist.M index acf80ab465..99b42b985d 100644 --- a/src/clients/klist/klist.M +++ b/src/clients/klist/klist.M @@ -107,7 +107,7 @@ Location of the credentials (ticket) cache. default location of the credentials cache ([uid] is the decimal UID of the user). .TP -/etc/v5srvtab +/etc/krb5.keytab default location of the .B keytab file. diff --git a/src/config-files/ChangeLog b/src/config-files/ChangeLog index 26edc44787..fd73b3e5e3 100644 --- a/src/config-files/ChangeLog +++ b/src/config-files/ChangeLog @@ -1,3 +1,8 @@ +Tue Nov 26 19:24:34 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * kdc.conf: Fixed paths to use the GNU standard conventions. + [PR#246] + Thu Nov 14 23:08:37 1996 Tom Yu <tlyu@mit.edu> * krb5.conf.M: Note change in default_keytab_name. diff --git a/src/config-files/kdc.conf b/src/config-files/kdc.conf index c9856691d7..cf8cbe1fd9 100644 --- a/src/config-files/kdc.conf +++ b/src/config-files/kdc.conf @@ -3,10 +3,10 @@ [realms] ATHENA.MIT.EDU = { - database_name = /usr/local/lib/krb5kdc/principal - admin_keytab = FILE:/usr/local/lib/krb5kdc/kadm5.keytab - acl_file = /usr/local/lib/krb5kdc/kadm5.acl - key_stash_file = /usr/local/lib/krb5kdc/.k5stash + database_name = /usr/local/var/krb5kdc/principal + admin_keytab = FILE:/usr/local/var/krb5kdc/kadm5.keytab + acl_file = /usr/local/var/krb5kdc/kadm5.acl + key_stash_file = /usr/local/var/krb5kdc/.k5.ATHENA.MIT.EDU kdc_ports = 750,88 max_life = 10h 0m 0s max_renewable_life = 7d 0h 0m 0s diff --git a/src/include/ChangeLog b/src/include/ChangeLog index 3a2976d586..8ff29d5b08 100644 --- a/src/include/ChangeLog +++ b/src/include/ChangeLog @@ -1,3 +1,8 @@ +Sat Nov 23 00:16:46 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * k5-int.h: Remove DES3 and SHA support, since what's there isn't + fully correct. [PR#231] + Wed Nov 13 14:28:08 1996 Tom Yu <tlyu@mit.edu> * k5-int.h, krb5.hin: Revert kt_default_name changes. diff --git a/src/include/k5-int.h b/src/include/k5-int.h index f6f30ef5c9..02cb5c22ff 100644 --- a/src/include/k5-int.h +++ b/src/include/k5-int.h @@ -145,12 +145,12 @@ #define PROVIDE_DES_CBC_CRC #define PROVIDE_DES_CBC_RAW #define PROVIDE_DES_CBC_CKSUM -#define PROVIDE_DES3_CBC_SHA -#define PROVIDE_DES3_CBC_RAW +/* #define PROVIDE_DES3_CBC_SHA */ +/* #define PROVIDE_DES3_CBC_RAW */ #define PROVIDE_CRC32 #define PROVIDE_RSA_MD4 #define PROVIDE_RSA_MD5 -#define PROVIDE_NIST_SHA +/* #define PROVIDE_NIST_SHA */ #ifndef _SIZE_T_DEFINED typedef unsigned int size_t; diff --git a/src/include/kerberosIV/ChangeLog b/src/include/kerberosIV/ChangeLog index 74755254d3..694a6186bc 100644 --- a/src/include/kerberosIV/ChangeLog +++ b/src/include/kerberosIV/ChangeLog @@ -1,3 +1,7 @@ +Fri Nov 22 11:34:46 1996 Sam Hartman <hartmans@mit.edu> + + * Makefile.in: Install krb_err.h [218] + Thu Oct 31 17:27:08 1996 Sam Hartman <hartmans@mit.edu> * Makefile.in (install): Start installing headers again [36] diff --git a/src/include/kerberosIV/Makefile.in b/src/include/kerberosIV/Makefile.in index 669e341c18..0e4705ff2c 100644 --- a/src/include/kerberosIV/Makefile.in +++ b/src/include/kerberosIV/Makefile.in @@ -1,4 +1,5 @@ -KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h +KRB4_HEADERS=krb.h des.h kadm.h mit-copyright.h \ + krb_err.h all:: diff --git a/src/kadmin.v4/server/ChangeLog b/src/kadmin.v4/server/ChangeLog index 1bb368af31..b411bb8a18 100644 --- a/src/kadmin.v4/server/ChangeLog +++ b/src/kadmin.v4/server/ChangeLog @@ -1,3 +1,9 @@ +Fri Nov 22 15:49:35 1996 unknown <bjaspan@mit.edu> + + * kadm_ser_wrap.c (kadm_ser_init): use sizeof instead of h_length + to determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Thu Jun 13 22:09:02 1996 Tom Yu <tlyu@voltage-multiplier.mit.edu> * configure.in: remove ref to ET_RULES diff --git a/src/kadmin.v4/server/kadm_ser_wrap.c b/src/kadmin.v4/server/kadm_ser_wrap.c index 7c373b3d6b..bc8f0b5de7 100644 --- a/src/kadmin.v4/server/kadm_ser_wrap.c +++ b/src/kadmin.v4/server/kadm_ser_wrap.c @@ -72,7 +72,7 @@ kadm_ser_init(inter, realm) if ((hp = gethostbyname(hostname)) == NULL) return KADM_NO_HOSTNAME; memcpy((char *) &server_parm.admin_addr.sin_addr.s_addr, hp->h_addr, - hp->h_length); + sizeof(server_parm.admin_addr.sin_addr.s_addr)); server_parm.admin_addr.sin_port = sep->s_port; /* setting up the database */ mkey_name = KRB5_KDB_M_NAME; diff --git a/src/kadmin/cli/ChangeLog b/src/kadmin/cli/ChangeLog index 9c28f25e1d..3f8f2ec48e 100644 --- a/src/kadmin/cli/ChangeLog +++ b/src/kadmin/cli/ChangeLog @@ -3,6 +3,16 @@ Tue Dec 3 15:39:11 1996 Barry Jaspan <bjaspan@mit.edu> * kadmin.c (kadmin_addprinc): print warning/notice about no policy and default policy [krb5-admin/252] +Thu Dec 5 19:30:22 1996 Tom Yu <tlyu@mit.edu> + + * kadmin.M: Missed a ref to /krb5. [279] + + * kadmin.M: Change example to no longer use /krb5. [PR 279] + + * kadmin.M: v5srvtab -> krb5.keytab [PR 279] + + * kadmin.c (DEFAULT_KEYTAB): v5srvtab -> krb5.keytab [PR 278] + Wed Nov 13 14:29:02 1996 Tom Yu <tlyu@mit.edu> * Makefile.in (clean-unix): Remove getdate.c and kadmin_ct.c. diff --git a/src/kadmin/cli/kadmin.M b/src/kadmin/cli/kadmin.M index f0f8913f15..a74874ff96 100644 --- a/src/kadmin/cli/kadmin.M +++ b/src/kadmin/cli/kadmin.M @@ -676,7 +676,7 @@ is added, ignoring multiple keys with the same encryption type but different salt types. If the .B \-k argument is not specified, the default keytab -.I /etc/v5srvtab +.I /etc/krb5.keytab is used. If the .B \-q option is specified, less verbose status information is displayed. @@ -695,13 +695,10 @@ command. .RS .TP EXAMPLE: -kadmin: ktadd -k /krb5/kadmind.keytab kadmin/admin kadmin/changepw -Entry for principal kadmin/admin@ATHENA.MIT.EDU with +kadmin: ktadd -k /tmp/foo-new-keytab host/foo.mit.edu +Entry for principal host/foo.mit.edu@ATHENA.MIT.EDU with kvno 3, encryption type DES-CBC-CRC added to keytab - WRFILE:/krb5/kadmind.keytab. -Entry for principal kadmin/changepw@ATHENA.MIT.EDU - with kvno 3, encryption type DES-CBC-CRC added to keytab - WRFILE:/krb5/kadmind.keytab. + WRFILE:/tmp/foo-new-keytab kadmin: .RE .fi @@ -716,7 +713,7 @@ parsed as an integer, and all entries whose kvno match that integer are removed. If the .B \-k argument is not specifeid, the default keytab -.I /etc/v5srvtab +.I /etc/krb5.keytab is used. If the .B \-q option is specified, less verbose status information is displayed. @@ -725,9 +722,9 @@ option is specified, less verbose status information is displayed. .RS .TP EXAMPLE: -kadmin: ktremove -k /krb5/kadmind.keytab kadmin/admin +kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin Entry for principal kadmin/admin with kvno 3 removed - from keytab WRFILE:/krb5/kadmind.keytab. + from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab. kadmin: .RE .fi diff --git a/src/kadmin/cli/kadmin.c b/src/kadmin/cli/kadmin.c index a684a2e58a..b881681d24 100644 --- a/src/kadmin/cli/kadmin.c +++ b/src/kadmin/cli/kadmin.c @@ -428,7 +428,7 @@ char *kadmin_startup(argc, argv) exit(1); } { -#define DEFAULT_KEYTAB "WRFILE:/etc/v5srvtab" +#define DEFAULT_KEYTAB "WRFILE:/etc/krb5.keytab" /* XXX krb5_defkeyname is an internal library global and should go away */ extern char *krb5_defkeyname; diff --git a/src/kadmin/passwd/ChangeLog b/src/kadmin/passwd/ChangeLog index 5b50393154..2436ec681a 100644 --- a/src/kadmin/passwd/ChangeLog +++ b/src/kadmin/passwd/ChangeLog @@ -1,3 +1,23 @@ +Wed Nov 27 13:50:03 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * configure.in: Link against kdb5 explicitly on all systems except + BSD systems, due to hairy shared library issues. [PR#257] + n.b., this is only a short-term fix for the 1.0 release. + The correct long-term fix is to not require kadm5 clients + to need to link against libkdb5 at all. + +Fri Nov 22 18:42:02 1996 Sam Hartman <hartmans@planet-zorp.MIT.EDU> + + * configure.in: Do not link against kdb5 because this causes + NetBSD getpwuid to fail. [228] + + * kpasswd.c (kpasswd): Remove cast from uid_t to int. [228] + +Wed Nov 20 16:00:49 1996 Barry Jaspan <bjaspan@mit.edu> + + * unit-test/Makefile.in (unit-test-): warn more loudly about unrun + tests + Wed Nov 13 19:23:15 1996 Tom Yu <tlyu@mit.edu> * unit-test/Makefile.in (clean): Remove logfiles. diff --git a/src/kadmin/passwd/configure.in b/src/kadmin/passwd/configure.in index 2331e44d0d..874f3385b5 100644 --- a/src/kadmin/passwd/configure.in +++ b/src/kadmin/passwd/configure.in @@ -7,8 +7,28 @@ AC_PROG_AWK USE_KADMCLNT_LIBRARY USE_GSSAPI_LIBRARY USE_GSSRPC_LIBRARY -USE_KDB5_LIBRARY USE_DYN_LIBRARY + +dnl +dnl The following is a kludge to get around a shared library problem +dnl for NetBSD and Linux. We have to include -lkdb5 under Linux, and +dnl we can't include -lkdb5 under NetBSD, due to various breakages in +dnl each system's shared library implementation +dnl +AC_MSG_CHECKING([for build host]) +AC_CACHE_VAL(krb5_cv_host, [export CC +AC_CANONICAL_HOST +krb5_cv_host=$host]) +AC_MSG_RESULT($krb5_cv_host) +case $krb5_cv_host in +*-*-*bsd*) + echo "Skipping USE KDB5 LIBRARY on BSD to avoid libdb incompatibilites" + ;; +*) + USE_KDB5_LIBRARY + ;; +esac + KRB5_LIBRARIES V5_USE_SHARED_LIB V5_AC_OUTPUT_MAKEFILE diff --git a/src/kadmin/passwd/kpasswd.c b/src/kadmin/passwd/kpasswd.c index e425280b64..48cb4ccc59 100644 --- a/src/kadmin/passwd/kpasswd.c +++ b/src/kadmin/passwd/kpasswd.c @@ -137,7 +137,7 @@ kpasswd(context, argc, argv) /* if either krb5_cc failed check the passwd file */ if (code != 0) { - pw = getpwuid((int) getuid()); + pw = getpwuid( getuid()); if (pw == NULL) { com_err(whoami, 0, string_text(KPW_STR_NOT_IN_PASSWD_FILE)); return(MISC_EXIT_STATUS); diff --git a/src/kadmin/passwd/unit-test/Makefile.in b/src/kadmin/passwd/unit-test/Makefile.in index f2192df942..8ffc57f2cc 100644 --- a/src/kadmin/passwd/unit-test/Makefile.in +++ b/src/kadmin/passwd/unit-test/Makefile.in @@ -1,8 +1,10 @@ check unit-test:: unit-test-@DO_TEST@ unit-test-: - @echo "The kpasswd tests require Perl, Tcl, and runtest" - @echo "No tests run here" + @echo "+++" + @echo "+++ WARNING: kpasswd unit tests not run." + @echo "+++ Either tcl, runtest, or Perl is unavailable." + @echo "+++" unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup diff --git a/src/kadmin/server/ChangeLog b/src/kadmin/server/ChangeLog index a8b9acdbd5..23897964a5 100644 --- a/src/kadmin/server/ChangeLog +++ b/src/kadmin/server/ChangeLog @@ -3,6 +3,10 @@ Wed Dec 4 15:29:30 1996 Barry Jaspan <bjaspan@mit.edu> * ovsec_kadmd.c (main): fix duplicated error strings [krb5-admin/234] +Tue Nov 19 16:48:50 1996 Barry Jaspan <bjaspan@mit.edu> + + * ovsec_kadmd.c: don't syslog \n's + Wed Nov 13 14:29:34 1996 Tom Yu <tlyu@mit.edu> * ovsec_kadmd.c (main): Note that krb5_defkeyname is an internal diff --git a/src/kadmin/server/ovsec_kadmd.c b/src/kadmin/server/ovsec_kadmd.c index 0a0ff80020..bcacd72cec 100644 --- a/src/kadmin/server/ovsec_kadmd.c +++ b/src/kadmin/server/ovsec_kadmd.c @@ -183,7 +183,7 @@ int main(int argc, char *argv[]) if (ret = kadm5_get_config_params(context, NULL, NULL, ¶ms, ¶ms)) { - krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting\n", + krb5_klog_syslog(LOG_ERR, "%s: %s while initializing, aborting", whoami, error_message(ret)); fprintf(stderr, "%s: %s while initializing, aborting\n", whoami, error_message(ret)); @@ -197,7 +197,7 @@ int main(int argc, char *argv[]) if ((params.mask & REQUIRED_PARAMS) != REQUIRED_PARAMS) { krb5_klog_syslog(LOG_ERR, "%s: Missing required configuration values " - "while initializing, aborting\n", whoami, + "while initializing, aborting", whoami, (params.mask & REQUIRED_PARAMS) ^ REQUIRED_PARAMS); fprintf(stderr, "%s: Missing required configuration values " "(%x) while initializing, aborting\n", whoami, @@ -726,7 +726,7 @@ void log_badauth(OM_uint32 major, OM_uint32 minor, krb5_klog_syslog(LOG_NOTICE, "Authentication attempt failed: %s, GSS-API " "error strings are:", a); log_badauth_display_status(" ", major, minor); - krb5_klog_syslog(LOG_NOTICE, " GSS-API error strings complete.\n"); + krb5_klog_syslog(LOG_NOTICE, " GSS-API error strings complete."); } void log_badauth_display_status(char *msg, OM_uint32 major, OM_uint32 minor) @@ -754,11 +754,11 @@ void log_badauth_display_status_1(char *m, OM_uint32 code, int type, GSS_C_MECH_CODE, 1); } else krb5_klog_syslog(LOG_ERR, "GSS-API authentication error %s: " - "recursive failure!\n", msg); + "recursive failure!", msg); return; } - krb5_klog_syslog(LOG_NOTICE, "%s %s\n", m, (char *)msg.value); + krb5_klog_syslog(LOG_NOTICE, "%s %s", m, (char *)msg.value); (void) gss_release_buffer(&minor_stat, &msg); if (!msg_ctx) diff --git a/src/kadmin/testing/scripts/ChangeLog b/src/kadmin/testing/scripts/ChangeLog index 73dcd5a80e..bfc97a89ea 100644 --- a/src/kadmin/testing/scripts/ChangeLog +++ b/src/kadmin/testing/scripts/ChangeLog @@ -3,6 +3,10 @@ Tue Dec 3 15:28:53 1996 Barry Jaspan <bjaspan@mit.edu> * init_db: be verbose when $SRVTCL doesn't exist, instead of just failing [krb5-admin/245] +Thu Dec 5 19:34:09 1996 Tom Yu <tlyu@mit.edu> + + * save_files.sh (files): Also save /etc/krb5.keytab. [PR 278] + Thu Nov 14 15:28:16 1996 Barry Jaspan <bjaspan@mit.edu> * env-setup.shin, init_db, save_files.sh, start_servers, diff --git a/src/kadmin/testing/scripts/save_files.sh b/src/kadmin/testing/scripts/save_files.sh index 14fe892d48..72182036f7 100644 --- a/src/kadmin/testing/scripts/save_files.sh +++ b/src/kadmin/testing/scripts/save_files.sh @@ -15,7 +15,7 @@ done # /.secure/etc/passwd /etc/athena/inetd.conf" files="/etc/krb.conf /etc/krb.realms /etc/athena/krb.conf \ - /etc/athena/krb.realms /etc/v5srvtab" + /etc/athena/krb.realms /etc/v5srvtab /etc/krb5.keytab" name=`basename $0` diff --git a/src/kadmin/testing/util/ChangeLog b/src/kadmin/testing/util/ChangeLog index e324ed6e6c..698414ab25 100644 --- a/src/kadmin/testing/util/ChangeLog +++ b/src/kadmin/testing/util/ChangeLog @@ -1,3 +1,16 @@ +Fri Dec 6 00:04:10 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * test.c: Change test looking for tcl 7.05 and greater to be tcl + 7.04 and greater, since BSDI ships with tcl 7.04, and + needs this change. [PR#282] + +Thu Dec 5 22:47:27 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * tcl_ovsec_kadm.c: + * tcl_kadm5.c: Remove #include of <malloc.h>, which is not + guaranteed to be there. #include of <stdlib.h> is all you + need for malloc(), per ANSI. [PR#281] + Wed Nov 13 09:55:05 1996 Ezra Peisach <epeisach@mit.edu> * Makefile.in (clean): Remove built programs. diff --git a/src/kadmin/testing/util/tcl_kadm5.c b/src/kadmin/testing/util/tcl_kadm5.c index 2aa36636d9..409f02396c 100644 --- a/src/kadmin/testing/util/tcl_kadm5.c +++ b/src/kadmin/testing/util/tcl_kadm5.c @@ -4,7 +4,6 @@ #define USE_KADM5_API_VERSION 2 #include <kadm5/admin.h> #include <com_err.h> -#include <malloc.h> #include <k5-int.h> #include <errno.h> #include <stdlib.h> diff --git a/src/kadmin/testing/util/tcl_ovsec_kadm.c b/src/kadmin/testing/util/tcl_ovsec_kadm.c index 0c6aaac9cb..40a854e951 100644 --- a/src/kadmin/testing/util/tcl_ovsec_kadm.c +++ b/src/kadmin/testing/util/tcl_ovsec_kadm.c @@ -4,7 +4,6 @@ #define USE_KADM5_API_VERSION 1 #include <kadm5/admin.h> #include <com_err.h> -#include <malloc.h> #include <k5-int.h> #include <errno.h> #include <stdlib.h> diff --git a/src/kadmin/testing/util/test.c b/src/kadmin/testing/util/test.c index 75a0fc25f9..f9da052389 100644 --- a/src/kadmin/testing/util/test.c +++ b/src/kadmin/testing/util/test.c @@ -1,8 +1,8 @@ #include <tcl.h> -#define IS_TCL_7_5 ((TCL_MAJOR_VERSION * 100 + TCL_MINOR_VERSION) >= 705) +#define _TCL_MAIN ((TCL_MAJOR_VERSION * 100 + TCL_MINOR_VERSION) >= 704) -#if IS_TCL_7_5 +#if _TCL_MAIN int main(argc, argv) int argc; /* Number of command-line arguments. */ diff --git a/src/kadmin/v4server/ChangeLog b/src/kadmin/v4server/ChangeLog index 7572a6380d..2966ad1004 100644 --- a/src/kadmin/v4server/ChangeLog +++ b/src/kadmin/v4server/ChangeLog @@ -1,3 +1,9 @@ +Fri Nov 22 15:49:27 1996 unknown <bjaspan@mit.edu> + + * kadm_ser_wrap.c (endif ): use sizeof instead of h_length to + determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Wed Nov 13 19:24:00 1996 Tom Yu <tlyu@mit.edu> * Makefile.in (clean): Remove kadm_err.h and kadm_err.c. diff --git a/src/kadmin/v4server/kadm_ser_wrap.c b/src/kadmin/v4server/kadm_ser_wrap.c index 3d4c045eda..7ea289f241 100644 --- a/src/kadmin/v4server/kadm_ser_wrap.c +++ b/src/kadmin/v4server/kadm_ser_wrap.c @@ -82,7 +82,7 @@ kadm_ser_init(inter, realm) if ((hp = gethostbyname(hostname)) == NULL) return KADM_NO_HOSTNAME; memcpy((char *) &server_parm.admin_addr.sin_addr.s_addr, hp->h_addr, - hp->h_length); + sizeof(server_parm.admin_addr.sin_addr.s_addr)); server_parm.admin_addr.sin_port = sep->s_port; /* setting up the database */ mkey_name = KRB5_KDB_M_NAME; diff --git a/src/kdc/ChangeLog b/src/kdc/ChangeLog index c2b2074f3d..190c4f3c5d 100644 --- a/src/kdc/ChangeLog +++ b/src/kdc/ChangeLog @@ -9,6 +9,13 @@ Sat Nov 23 17:26:22 1996 Mark Eichin <eichin@kitten.gen.ma.us> return status and don't pass back hint if it failed. (get_etype_info): malloc one more word in entry for end marker. +Wed Nov 20 11:25:05 1996 Barry Jaspan <bjaspan@mit.edu> + + * main.c (initialize_realms): krb5_aprof_init can succeed while + leaving aprof == NULL, but krb5_aprof_finish will fail. This is + just more grossness that needs to be redone when the kdc.conf + interface is reworked. + Thu Nov 7 12:27:21 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * kdc_preauth.c (check_padata): Fixed error handling; in order for diff --git a/src/kdc/main.c b/src/kdc/main.c index dd4ae76871..bc7a2fee1a 100644 --- a/src/kdc/main.c +++ b/src/kdc/main.c @@ -721,7 +721,9 @@ initialize_realms(kcontext, argc, argv) hierarchy[2] = (char *) NULL; if (krb5_aprof_get_string(aprof, hierarchy, TRUE, &default_ports)) default_ports = 0; - krb5_aprof_finish(aprof); + /* aprof_init can return 0 with aprof == NULL */ + if (aprof) + krb5_aprof_finish(aprof); } if (default_ports == 0) default_ports = strdup(DEFAULT_KDC_PORTLIST); diff --git a/src/krb524/ChangeLog b/src/krb524/ChangeLog index dbc3c841d6..7f5856dbbb 100644 --- a/src/krb524/ChangeLog +++ b/src/krb524/ChangeLog @@ -1,3 +1,14 @@ +Thu Dec 5 23:27:00 1996 Tom Yu <tlyu@mit.edu> + + * krb524d.c (main): Ignore SIGHUP for now. [27] + +Thu Dec 5 23:12:29 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * cnv_tkt_skey.c (krb524_convert_tkt_skey): Change the issue time + of the V4 ticket to be the current time (since the + lifetime of the V4 ticket was calculated assuming that the + issue time would be the current time). [PR#283,PR#22] + Mon Nov 11 16:23:32 1996 Mark Eichin <eichin@cygnus.com> * krb524d.c (do_connection): only free v4/v5 keyblock contents and diff --git a/src/krb524/cnv_tkt_skey.c b/src/krb524/cnv_tkt_skey.c index a7d5e54ed5..19bb386f33 100644 --- a/src/krb524/cnv_tkt_skey.c +++ b/src/krb524/cnv_tkt_skey.c @@ -161,7 +161,7 @@ int krb524_convert_tkt_skey(context, v5tkt, v4tkt, v5_skey, v4_skey) (char *) v5etkt->session->contents, lifetime, /* issue_data */ - v5etkt->times.starttime, + server_time, sname, sinst, v4_skey->contents); diff --git a/src/krb524/krb524d.c b/src/krb524/krb524d.c index 2c4d3f839e..7d6e9ba162 100644 --- a/src/krb524/krb524d.c +++ b/src/krb524/krb524d.c @@ -119,7 +119,7 @@ int main(argc, argv) } signal(SIGINT, request_exit); - signal(SIGHUP, request_exit); + signal(SIGHUP, SIG_IGN); signal(SIGTERM, request_exit); if (use_keytab) diff --git a/src/lib/ChangeLog b/src/lib/ChangeLog index c7e7fb6b1a..791ed2b996 100644 --- a/src/lib/ChangeLog +++ b/src/lib/ChangeLog @@ -1,3 +1,15 @@ +Sat Nov 23 00:25:25 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * libkrb5.def: Renamed to krb5_16.def [PR#204] + + * Makefile.in (all-windows): Change name of dll from krb5_16.dll, + which will be the final name of the DLL. [PR#204] + +Wed Nov 20 18:28:47 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * Makefile.in (clean-windows): Change the name of the Windows (16) + dll to be krb516.dll, instead of libkrb5.dll + Fri Jul 12 20:32:29 1996 Theodore Y. Ts'o <tytso@mit.edu> * win_glue.c: Added TIMEBOMB_INFO string which tells the user the diff --git a/src/lib/Makefile.in b/src/lib/Makefile.in index f0eaef89fc..b8cd3980a8 100644 --- a/src/lib/Makefile.in +++ b/src/lib/Makefile.in @@ -19,10 +19,10 @@ clean-unix:: $(RM) $(CLEANLIBS) clean-windows:: - $(RM) libkrb5.dll libkrb5.lib libkrb5.bak libkrb5.map winsock.lib + $(RM) krb5_16.dll krb5_16.lib krb5_16.bak krb5_16.map winsock.lib $(RM) gssapi.dll gssapi.lib gssapi.bak gssapi.map # -# Windows stuff to make libkrb5.dll and libkrb5.lib. Currently it +# Windows stuff to make krb5_16.dll and krb5_16.lib. Currently it # combines crypto, krb5, kadm and the util/et directories. # ALIB = kadm\kadm.lib @@ -34,7 +34,7 @@ PLIB = $(BUILDTOP)\util\profile\profile.lib WLIB = .\winsock.lib LIBS = $(ALIB) $(CLIB) $(KLIB) $(GLIB) $(ETLIB) $(PLIB) $(WLIB) -lib-windows: winsock.lib libkrb5.lib gssapi.lib +lib-windows: winsock.lib krb5_16.lib gssapi.lib gssapi.lib:: gssapi.dll implib /nologo gssapi.lib gssapi.dll @@ -44,13 +44,13 @@ gssapi.dll:: $(GLIB) $(LIBS) gssapi.def win_glue.obj $(LIBS) ldllcew libw oldnames, gssapi.def rc /nologo /p /k gssapi.dll -libkrb5.lib:: libkrb5.dll - implib /nologo libkrb5.lib libkrb5.dll +krb5_16.lib:: krb5_16.dll + implib /nologo krb5_16.lib krb5_16.dll -libkrb5.dll:: $(LIBS) libkrb5.def win_glue.obj - link /co /seg:400 /noe /nod /nol win_glue, libkrb5.dll, libkrb5.map, \ - $(LIBS) ldllcew libw oldnames, libkrb5.def - rc /nologo /p /k libkrb5.dll +krb5_16.dll:: $(LIBS) krb5_16.def win_glue.obj + link /co /seg:400 /noe /nod /nol win_glue, krb5_16.dll, krb5_16.map, \ + $(LIBS) ldllcew libw oldnames, krb5_16.def + rc /nologo /p /k krb5_16.dll sap_glue.obj: win_glue.c $(CC) $(CFLAGS) -DSAP_TIMEBOMB -I$(VERS_DIR) /c \ @@ -83,7 +83,7 @@ all-windows:: @echo Making in lib cd .. -all-windows:: libkrb5.lib gssapi.lib +all-windows:: krb5_16.lib gssapi.lib clean-windows:: @echo Making clean in lib\crypto diff --git a/src/lib/crypto/ChangeLog b/src/lib/crypto/ChangeLog index 6803199320..ecdb1d41e1 100644 --- a/src/lib/crypto/ChangeLog +++ b/src/lib/crypto/ChangeLog @@ -1,3 +1,17 @@ +Sat Nov 23 00:22:20 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * cryptoconf.c: Also zero out the entries in cryptoconf, to make + sure no one tries to use triple DES and SHA. + +Fri Nov 22 20:49:13 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * configure.in (enableval): Disable triple DES and SHA, since + what's there isn't the final triple DES. [PR#231] + +Mon Nov 18 20:38:24 1996 Ezra Peisach <epeisach@mit.edu> + [krb5-libs/201] + * configure.in: Set shared library version to 1.0. + Thu Jun 6 00:04:38 1996 Theodore Y. Ts'o <tytso@mit.edu> * Makefile.in (all-windows): Don't pass $(LIBCMD) on the command diff --git a/src/lib/crypto/configure.in b/src/lib/crypto/configure.in index 9e0451004c..53f9fcc39c 100644 --- a/src/lib/crypto/configure.in +++ b/src/lib/crypto/configure.in @@ -19,17 +19,17 @@ if test "$enableval" = yes; then else AC_MSG_RESULT(Disabling DES_CBC_MD5) fi -AC_ARG_ENABLE([des3-cbc-sha], -[ --enable-des3-cbc-sha enable DES3_CBC_SHA (DEFAULT). - --disable-des3-cbc-sha disable DES3_CBC_SHA.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling DES3_CBC_SHA) - AC_DEFINE(PROVIDE_DES3_CBC_SHA) -else - AC_MSG_RESULT(Disabling DES3_CBC_SHA) -fi +dnl AC_ARG_ENABLE([des3-cbc-sha], +dnl [ --enable-des3-cbc-sha enable DES3_CBC_SHA (DEFAULT). +dnl --disable-des3-cbc-sha disable DES3_CBC_SHA.], +dnl , +dnl enableval=yes)dnl +dnl if test "$enableval" = yes; then +dnl AC_MSG_RESULT(Enabling DES3_CBC_SHA) +dnl AC_DEFINE(PROVIDE_DES3_CBC_SHA) +dnl else +dnl AC_MSG_RESULT(Disabling DES3_CBC_SHA) +dnl fi AC_ARG_WITH([des-cbc-crc], [ --enable-des-cbc-crc enable DES_CBC_CRC (DEFAULT). --disable-des-cbc-crc disable DES_CBC_CRC.], @@ -52,17 +52,17 @@ if test "$enableval" = yes; then else AC_MSG_RESULT(Disabling DES_CBC_RAW) fi -AC_ARG_WITH([des3-cbc-raw], -[ --enable-des3-cbc-raw enable DES3_CBC_RAW (DEFAULT). - --disable-des3-cbc-raw disable DES3_CBC_RAW.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling DES3_CBC_RAW) - AC_DEFINE(PROVIDE_DES3_CBC_RAW) -else - AC_MSG_RESULT(Disabling DES3_CBC_RAW) -fi +dnl AC_ARG_WITH([des3-cbc-raw], +dnl [ --enable-des3-cbc-raw enable DES3_CBC_RAW (DEFAULT). +dnl --disable-des3-cbc-raw disable DES3_CBC_RAW.], +dnl , +dnl enableval=yes)dnl +dnl if test "$enableval" = yes; then +dnl AC_MSG_RESULT(Enabling DES3_CBC_RAW) +dnl AC_DEFINE(PROVIDE_DES3_CBC_RAW) +dnl else +dnl AC_MSG_RESULT(Disabling DES3_CBC_RAW) +dnl fi AC_ARG_WITH([des-cbc-cksum], [ --enable-des-cbc-cksum enable DES_CBC_CKSUM (DEFAULT). --disable-des-cbc-cksum disable DES_CBC_CKSUM.], @@ -107,20 +107,20 @@ if test "$enableval" = yes; then else AC_MSG_RESULT(Disabling RSA_MD5) fi -AC_ARG_WITH([nist-sha], -[ --enable-nist-sha enable NIST_SHA (DEFAULT). - --disable-nist-sha disable NIST_SHA.], -, -enableval=yes)dnl -if test "$enableval" = yes; then - AC_MSG_RESULT(Enabling NIST_SHA) - AC_DEFINE(PROVIDE_NIST_SHA) -else - AC_MSG_RESULT(Disabling NIST_SHA) -fi +dnl AC_ARG_WITH([nist-sha], +dnl [ --enable-nist-sha enable NIST_SHA (DEFAULT). +dnl --disable-nist-sha disable NIST_SHA.], +dnl , +dnl enableval=yes)dnl +dnl if test "$enableval" = yes; then +dnl AC_MSG_RESULT(Enabling NIST_SHA) +dnl AC_DEFINE(PROVIDE_NIST_SHA) +dnl else +dnl AC_MSG_RESULT(Disabling NIST_SHA) +dnl fi V5_SHARED_LIB_OBJS SubdirLibraryRule([${OBJS}]) DO_SUBDIRS -V5_MAKE_SHARED_LIB(libcrypto,0.1,.., ./crypto) +V5_MAKE_SHARED_LIB(libcrypto,1.0,.., ./crypto) V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/crypto/cryptoconf.c b/src/lib/crypto/cryptoconf.c index 768c6cf3cb..62be745812 100644 --- a/src/lib/crypto/cryptoconf.c +++ b/src/lib/crypto/cryptoconf.c @@ -53,8 +53,10 @@ #ifdef PROVIDE_NIST_SHA #include "shs.h" -#define SHA_CKENTRY &nist_sha_cksumtable_entry -#define HMAC_SHA_CKENTRY &hmac_sha_cksumtable_entry +/* #define SHA_CKENTRY &nist_sha_cksumtable_entry */ +/* #define HMAC_SHA_CKENTRY &hmac_sha_cksumtable_entry */ +#define SHA_CKENTRY 0 +#define HMAC_SHA_CKENTRY 0 #else #define SHA_CKENTRY 0 #define HMAC_SHA_CKENTRY 0 @@ -109,7 +111,11 @@ #include "des_int.h" #define _DES_DONE__ #endif -#define DES3_CBC_SHA_CSENTRY &krb5_des3_sha_cst_entry +/* Don't try to enable triple DES unless you know what you are doing; */ +/* the current implementation of triple DES is NOT the final and */ +/* correct implementation.!!! */ +/* #define DES3_CBC_SHA_CSENTRY &krb5_des3_sha_cst_entry */ +#define DES3_CBC_SHA_CSENTRY 0 #else #define DES3_CBC_SHA_CSENTRY 0 #endif @@ -119,7 +125,8 @@ #include "des_int.h" #define _DES_DONE__ #endif -#define DES3_CBC_RAW_CSENTRY &krb5_des3_raw_cst_entry +/* #define DES3_CBC_RAW_CSENTRY &krb5_des3_raw_cst_entry */ +#define DES3_CBC_RAW_CSENTRY 0 #else #define DES3_CBC_RAW_CSENTRY 0 #endif diff --git a/src/lib/des425/ChangeLog b/src/lib/des425/ChangeLog index c0c8faa43b..8b1457e07b 100644 --- a/src/lib/des425/ChangeLog +++ b/src/lib/des425/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:39:02 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Wed Aug 7 12:50:36 1996 Ezra Peisach <epeisach@mit.edu> * new_rnd_key.c (des_set_sequence_number): Change cast to diff --git a/src/lib/des425/configure.in b/src/lib/des425/configure.in index 08126b06c1..07072c9f29 100644 --- a/src/lib/des425/configure.in +++ b/src/lib/des425/configure.in @@ -29,5 +29,5 @@ AC_SUBST(CRYPTO_SH_VERS) KRB5_SH_VERS=$krb5_cv_shlib_version_libkrb5 AC_SUBST(KRB5_SH_VERS) KRB5_RUN_FLAGS -V5_MAKE_SHARED_LIB(libdes425,0.1,.., ./des425) +V5_MAKE_SHARED_LIB(libdes425,1.0,.., ./des425) V5_AC_OUTPUT_MAKEFILE diff --git a/src/lib/gssapi/ChangeLog b/src/lib/gssapi/ChangeLog index 505b5d3552..b29cc371b2 100644 --- a/src/lib/gssapi/ChangeLog +++ b/src/lib/gssapi/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:39:41 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Tue Jul 23 22:50:22 1996 Theodore Y. Ts'o <tytso@mit.edu> * Makefile.in (MAC_SUBDIRS): Remove mechglue from the list of diff --git a/src/lib/gssapi/configure.in b/src/lib/gssapi/configure.in index 164582c647..f2bb704295 100644 --- a/src/lib/gssapi/configure.in +++ b/src/lib/gssapi/configure.in @@ -7,7 +7,7 @@ AC_PROG_ARCHIVE_ADD AC_PROG_RANLIB AC_PROG_INSTALL DO_SUBDIRS -V5_MAKE_SHARED_LIB(libgssapi_krb5,0.1,.., ./gssapi) +V5_MAKE_SHARED_LIB(libgssapi_krb5,1.0,.., ./gssapi) CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto AC_SUBST(CRYPTO_SH_VERS) COMERR_SH_VERS=$krb5_cv_shlib_version_libcom_err diff --git a/src/lib/gssapi/generic/ChangeLog b/src/lib/gssapi/generic/ChangeLog index 993470825c..30fd1c3c2c 100644 --- a/src/lib/gssapi/generic/ChangeLog +++ b/src/lib/gssapi/generic/ChangeLog @@ -1,3 +1,12 @@ +Wed Nov 20 13:59:58 1996 Ezra Peisach <epeisach@mit.edu> + + * Makefile.in (install): Install gssapi.h from the build tree. + +Tue Nov 19 16:43:16 1996 Tom Yu <tlyu@mit.edu> + + * Makefile.in (gssapi.h): grep USE_.*_H out from autoconf.h as + well (some stuff was depending on USE_STRING_H). + Mon Nov 18 12:38:34 1996 Tom Yu <tlyu@mit.edu> *gssapi.h: Renamed to gssapi.hin. diff --git a/src/lib/gssapi/generic/Makefile.in b/src/lib/gssapi/generic/Makefile.in index 1e1aa7ebb8..87b414f47c 100644 --- a/src/lib/gssapi/generic/Makefile.in +++ b/src/lib/gssapi/generic/Makefile.in @@ -37,6 +37,7 @@ gssapi.h: gssapi.hin echo "/* It contains some choice pieces of autoconf.h */" >> $@ grep SIZEOF $(BUILDTOP)/include/krb5/autoconf.h >> $@ grep 'HAVE_.*_H' $(BUILDTOP)/include/krb5/autoconf.h >> $@ + grep 'USE_.*_H' $(BUILDTOP)/include/krb5/autoconf.h >> $@ echo "/* End of gssapi.h prologue. */" cat $(srcdir)/gssapi.hin >> $@ @@ -84,7 +85,8 @@ OBJS = \ $(OBJS): $(HDRS) $(ETHDRS) -EXPORTED_HEADERS= gssapi.h gssapi_generic.h +EXPORTED_HEADERS= gssapi_generic.h +EXPORTED_BUILT_HEADERS= gssapi.h all-unix:: shared $(SRCS) $(ETHDRS) $(OBJS) @@ -116,5 +118,9 @@ install:: do $(INSTALL_DATA) $(srcdir)/$$f \ $(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \ done + @set -x; for f in $(EXPORTED_BUILT_HEADERS) ; \ + do $(INSTALL_DATA) $$f \ + $(DESTDIR)$(KRB5_INCDIR)/gssapi/$$f ; \ + done depend:: $(ETSRCS) diff --git a/src/lib/gssapi/krb5/ChangeLog b/src/lib/gssapi/krb5/ChangeLog index e1c1d98491..8f9ac2c0d4 100644 --- a/src/lib/gssapi/krb5/ChangeLog +++ b/src/lib/gssapi/krb5/ChangeLog @@ -4,6 +4,30 @@ Wed Dec 4 13:06:13 1996 Barry Jaspan <bjaspan@mit.edu> instead of scanning through keytab to find matching principal [krb5-libs/210] +Wed Nov 20 19:55:29 1996 Marc Horowitz <marc@cygnus.com> + + * init_sec_context.c (make_ap_rep, krb5_gss_init_sec_context), + accept_sec_context.c (krb5_gss_accept_sec_context): fix up use of + gss flags. under some circumstances, the context would not have + checked for replay or sequencing, even if those features were + requested. + + * init_sec_context.c (make_ap_req), (krb5_gss_init_sec_context): + If delegation is requested, but forwarding the credentials fails, + instead of aborting the context setup, just don't forward + credentials. + + * gssapiP_krb5.h (krb5_gss_ctx_id_t), ser_sctx.c + (kg_ctx_externalize, kg_ctx_internalize), init_sec_context.c + (krb5_gss_init_sec_context), get_tkt_flags.c + (gss_krb5_get_tkt_flags), accept_sec_context.c + (krb5_gss_accept_sec_context): rename ctx->flags to + ctx->krb_flags, to disambiguate it from ctx->gss_flags + + * accept_sec_context.c (krb5_gss_accept_sec_context): If the subkey + isn't present in the authenticator, then use the session key + instead. + Sat Oct 19 00:38:22 1996 Theodore Y. Ts'o <tytso@mit.edu> * ser_sctx.c (kg_oid_externalize, kg_oid_internalize, diff --git a/src/lib/gssapi/krb5/accept_sec_context.c b/src/lib/gssapi/krb5/accept_sec_context.c index 2346069213..1589835572 100644 --- a/src/lib/gssapi/krb5/accept_sec_context.c +++ b/src/lib/gssapi/krb5/accept_sec_context.c @@ -384,8 +384,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, ctx->mech_used = mech_used; ctx->auth_context = auth_context; ctx->initiate = 0; - ctx->gss_flags = GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG | - (gss_flags & (GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG)); + ctx->gss_flags = KG_IMPLFLAGS(gss_flags); ctx->seed_init = 0; ctx->big_endian = bigend; @@ -417,6 +416,29 @@ krb5_gss_accept_sec_context(minor_status, context_handle, return(GSS_S_FAILURE); } + /* use the session key if the subkey isn't present */ + + if (ctx->subkey == NULL) { + if ((code = krb5_auth_con_getkey(context, auth_context, + &ctx->subkey))) { + krb5_free_principal(context, ctx->there); + krb5_free_principal(context, ctx->here); + xfree(ctx); + *minor_status = code; + return(GSS_S_FAILURE); + } + } + + if (ctx->subkey == NULL) { + krb5_free_principal(context, ctx->there); + krb5_free_principal(context, ctx->here); + xfree(ctx); + /* this isn't a very good error, but it's not clear to me this + can actually happen */ + *minor_status = KRB5KDC_ERR_NULL_KEY; + return(GSS_S_FAILURE); + } + switch(ctx->subkey->enctype) { case ENCTYPE_DES_CBC_MD5: case ENCTYPE_DES_CBC_CRC: @@ -464,7 +486,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, } ctx->endtime = ticket->enc_part2->times.endtime; - ctx->flags = ticket->enc_part2->flags; + ctx->krb_flags = ticket->enc_part2->flags; krb5_free_ticket(context, ticket); /* Done with ticket */ @@ -487,8 +509,8 @@ krb5_gss_accept_sec_context(minor_status, context_handle, } g_order_init(&(ctx->seqstate), ctx->seq_recv, - (gss_flags & GSS_C_REPLAY_FLAG) != 0, - (gss_flags & GSS_C_SEQUENCE_FLAG) != 0); + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0); /* at this point, the entire context structure is filled in, so it can be released. */ @@ -545,7 +567,7 @@ krb5_gss_accept_sec_context(minor_status, context_handle, *time_rec = ctx->endtime - now; if (ret_flags) - *ret_flags = KG_IMPLFLAGS(gss_flags); + *ret_flags = ctx->gss_flags; ctx->established = 1; diff --git a/src/lib/gssapi/krb5/get_tkt_flags.c b/src/lib/gssapi/krb5/get_tkt_flags.c index 5dd91064f7..eebf06d815 100644 --- a/src/lib/gssapi/krb5/get_tkt_flags.c +++ b/src/lib/gssapi/krb5/get_tkt_flags.c @@ -48,7 +48,7 @@ gss_krb5_get_tkt_flags(minor_status, context_handle, ticket_flags) } if (ticket_flags) - *ticket_flags = ctx->flags; + *ticket_flags = ctx->krb_flags; *minor_status = 0; return(GSS_S_COMPLETE); diff --git a/src/lib/gssapi/krb5/gssapiP_krb5.h b/src/lib/gssapi/krb5/gssapiP_krb5.h index ee327baf68..97f2d51d51 100644 --- a/src/lib/gssapi/krb5/gssapiP_krb5.h +++ b/src/lib/gssapi/krb5/gssapiP_krb5.h @@ -113,7 +113,7 @@ typedef struct _krb5_gss_ctx_id_rec { krb5_gss_enc_desc enc; krb5_gss_enc_desc seq; krb5_timestamp endtime; - krb5_flags flags; + krb5_flags krb_flags; krb5_int32 seq_send; krb5_int32 seq_recv; void *seqstate; diff --git a/src/lib/gssapi/krb5/init_sec_context.c b/src/lib/gssapi/krb5/init_sec_context.c index 690d5af2bc..3b8935fffb 100644 --- a/src/lib/gssapi/krb5/init_sec_context.c +++ b/src/lib/gssapi/krb5/init_sec_context.c @@ -30,15 +30,15 @@ static krb5_error_code make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, - req_flags, flags, mech_type, token) + req_flags, krb_flags, mech_type, token) krb5_context context; krb5_auth_context * auth_context; krb5_gss_cred_id_t cred; krb5_principal server; krb5_timestamp *endtime; gss_channel_bindings_t chan_bindings; - OM_uint32 req_flags; - krb5_flags *flags; + OM_uint32 *req_flags; + krb5_flags *krb_flags; gss_OID mech_type; gss_buffer_t token; { @@ -74,8 +74,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, /* build the checksum field */ - if(*flags && GSS_C_DELEG_FLAG) { - + if (*req_flags & GSS_C_DELEG_FLAG) { /* first get KRB_CRED message, so we know its length */ /* clear the time check flag that was set in krb5_auth_con_init() */ @@ -83,20 +82,27 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, krb5_auth_con_setflags(context, *auth_context, con_flags & ~KRB5_AUTH_CONTEXT_DO_TIME); - if ((code = krb5_fwd_tgt_creds(context, *auth_context, 0, + code = krb5_fwd_tgt_creds(context, *auth_context, 0, cred->princ, server, cred->ccache, 1, - &credmsg))) - return(code); + &credmsg); /* turn KRB5_AUTH_CONTEXT_DO_TIME back on */ krb5_auth_con_setflags(context, *auth_context, con_flags); - if(credmsg.length+28 > KRB5_INT16_MAX) { - krb5_xfree(credmsg.data); - return(KRB5KRB_ERR_FIELD_TOOLONG); - } + if (code) { + /* don't fail here; just don't accept/do the delegation + request */ + *req_flags &= ~GSS_C_DELEG_FLAG; - checksum_data.length = 28+credmsg.length; + checksum_data.length = 24; + } else { + if (credmsg.length+28 > KRB5_INT16_MAX) { + krb5_xfree(credmsg.data); + return(KRB5KRB_ERR_FIELD_TOOLONG); + } + + checksum_data.length = 28+credmsg.length; + } } else { checksum_data.length = 24; } @@ -115,7 +121,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, TWRITE_INT(ptr, md5.length, 0); TWRITE_STR(ptr, (unsigned char *) md5.contents, md5.length); - TWRITE_INT(ptr, KG_IMPLFLAGS(req_flags), 0); + TWRITE_INT(ptr, *req_flags, 0); /* done with this, free it */ xfree(md5.contents); @@ -151,7 +157,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, mk_req_flags = AP_OPTS_USE_SUBKEY; - if (req_flags & GSS_C_MUTUAL_FLAG) + if (*req_flags & GSS_C_MUTUAL_FLAG) mk_req_flags |= AP_OPTS_MUTUAL_REQUIRED; if ((code = krb5_mk_req_extended(context, auth_context, mk_req_flags, @@ -160,7 +166,7 @@ make_ap_req(context, auth_context, cred, server, endtime, chan_bindings, /* store the interesting stuff from creds and authent */ *endtime = out_creds->times.endtime; - *flags = out_creds->ticket_flags; + *krb_flags = out_creds->ticket_flags; /* build up the token */ @@ -264,15 +270,15 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, err = 0; if (mech_type == GSS_C_NULL_OID) { - mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old; - } else if (g_OID_equal(mech_type, gss_mech_krb5)) { - if (!cred->rfc_mech) - err = 1; - } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) { - if (!cred->prerfc_mech) - err = 1; - } else - err = 1; + mech_type = cred->rfc_mech?gss_mech_krb5:gss_mech_krb5_old; + } else if (g_OID_equal(mech_type, gss_mech_krb5)) { + if (!cred->rfc_mech) + err = 1; + } else if (g_OID_equal(mech_type, gss_mech_krb5_old)) { + if (!cred->prerfc_mech) + err = 1; + } else + err = 1; if (err) { *minor_status = 0; @@ -318,9 +324,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, ctx->mech_used = mech_type; ctx->auth_context = NULL; ctx->initiate = 1; - ctx->gss_flags = ((req_flags & (GSS_C_MUTUAL_FLAG | GSS_C_DELEG_FLAG)) | - GSS_C_CONF_FLAG | GSS_C_INTEG_FLAG); - ctx->flags = req_flags & GSS_C_DELEG_FLAG; + ctx->gss_flags = KG_IMPLFLAGS(req_flags); ctx->seed_init = 0; ctx->big_endian = 0; /* all initiators do little-endian, as per spec */ ctx->seqstate = 0; @@ -352,7 +356,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if ((code = make_ap_req(context, &(ctx->auth_context), cred, ctx->there, &ctx->endtime, input_chan_bindings, - req_flags, &ctx->flags, mech_type, &token))) { + &ctx->gss_flags, &ctx->krb_flags, mech_type, + &token))) { krb5_free_principal(context, ctx->here); krb5_free_principal(context, ctx->there); xfree(ctx); @@ -438,7 +443,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, *output_token = token; if (ret_flags) - *ret_flags = KG_IMPLFLAGS(req_flags); + *ret_flags = ctx->gss_flags; if (actual_mech_type) *actual_mech_type = mech_type; @@ -452,8 +457,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, } else { ctx->seq_recv = ctx->seq_send; g_order_init(&(ctx->seqstate), ctx->seq_recv, - (req_flags & GSS_C_REPLAY_FLAG) != 0, - (req_flags & GSS_C_SEQUENCE_FLAG) != 0); + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) != 0); ctx->established = 1; /* fall through to GSS_S_COMPLETE */ } @@ -477,7 +482,7 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, if ((ctx->established) || (((gss_cred_id_t) cred) != claimant_cred_handle) || - ((req_flags & GSS_C_MUTUAL_FLAG) == 0)) { + ((ctx->gss_flags & GSS_C_MUTUAL_FLAG) == 0)) { (void)krb5_gss_delete_sec_context(minor_status, context_handle, NULL); /* XXX this minor status is wrong if an arg was changed */ @@ -534,8 +539,8 @@ krb5_gss_init_sec_context(minor_status, claimant_cred_handle, /* store away the sequence number */ ctx->seq_recv = ap_rep_data->seq_number; g_order_init(&(ctx->seqstate), ctx->seq_recv, - (req_flags & GSS_C_REPLAY_FLAG) != 0, - (req_flags & GSS_C_SEQUENCE_FLAG) !=0); + (ctx->gss_flags & GSS_C_REPLAY_FLAG) != 0, + (ctx->gss_flags & GSS_C_SEQUENCE_FLAG) !=0); /* free the ap_rep_data */ krb5_free_ap_rep_enc_part(context, ap_rep_data); diff --git a/src/lib/gssapi/krb5/ser_sctx.c b/src/lib/gssapi/krb5/ser_sctx.c index 259cce5b85..22b5c367ce 100644 --- a/src/lib/gssapi/krb5/ser_sctx.c +++ b/src/lib/gssapi/krb5/ser_sctx.c @@ -515,7 +515,7 @@ kg_ctx_externalize(kcontext, arg, buffer, lenremain) &bp, &remain); (void) krb5_ser_pack_int32((krb5_int32) ctx->endtime, &bp, &remain); - (void) krb5_ser_pack_int32((krb5_int32) ctx->flags, + (void) krb5_ser_pack_int32((krb5_int32) ctx->krb_flags, &bp, &remain); (void) krb5_ser_pack_int32((krb5_int32) ctx->seq_send, &bp, &remain); @@ -632,7 +632,7 @@ kg_ctx_internalize(kcontext, argp, buffer, lenremain) (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); ctx->endtime = (krb5_timestamp) ibuf; (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); - ctx->flags = (krb5_flags) ibuf; + ctx->krb_flags = (krb5_flags) ibuf; (void) krb5_ser_unpack_int32(&ctx->seq_send, &bp, &remain); (void) krb5_ser_unpack_int32(&ctx->seq_recv, &bp, &remain); (void) krb5_ser_unpack_int32(&ibuf, &bp, &remain); diff --git a/src/lib/gssapi/mechglue/ChangeLog b/src/lib/gssapi/mechglue/ChangeLog index 97558b1a2f..9f8fb1bc4a 100644 --- a/src/lib/gssapi/mechglue/ChangeLog +++ b/src/lib/gssapi/mechglue/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:43:54 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Shared library version number to 1.0. [krb5-libs/201] + Wed Jun 12 00:50:32 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * Makefile.in: Remove include of config/windows.in; that's done diff --git a/src/lib/gssapi/mechglue/configure.in b/src/lib/gssapi/mechglue/configure.in index 73cf30efd9..bd9b4db21d 100644 --- a/src/lib/gssapi/mechglue/configure.in +++ b/src/lib/gssapi/mechglue/configure.in @@ -13,7 +13,7 @@ case $host in *-*-aix*) # don't build libgssapi.a on AIX ;; *) - V5_MAKE_SHARED_LIB(libgssapi,0.1,.., ./mechglue) + V5_MAKE_SHARED_LIB(libgssapi,1.0,.., ./mechglue) AppendRule([install:: libgssapi.[$](LIBEXT) [$](INSTALL_DATA) libgssapi.[$](LIBEXT) [$](DESTDIR)[$](KRB5_LIBDIR)[$](S)libgssapi.[$](LIBEXT)]) LinkFileDir([$](TOPLIBD)/libgssapi.[$](LIBEXT),libgssapi.[$](LIBEXT),./gssapi/mechglue) diff --git a/src/lib/kadm5/srv/ChangeLog b/src/lib/kadm5/srv/ChangeLog index d9c5b76bd3..0a65eff000 100644 --- a/src/lib/kadm5/srv/ChangeLog +++ b/src/lib/kadm5/srv/ChangeLog @@ -9,6 +9,18 @@ Fri Nov 22 11:11:34 1996 Sam Hartman <hartmans@mit.edu> * Makefile.in (SHLIB_LIBS): Do not link shared against -ldb [224] +Tue Nov 26 03:04:04 1996 Sam Hartman <hartmans@mit.edu> + + * server_acl.c (acl_load_acl_file): Fix coredump by allowing + catchall_entry to be null, but do not reference it if it is. + Thanks to marc. [242] + +Mon Nov 25 17:53:20 1996 Barry Jaspan <bjaspan@mit.edu> + + * server_acl.c: set acl_catchall_entry to "" instead of NULL, + since it is presumed to contain something, but we don't want any + default entry [krb5-admin/237] + Wed Nov 13 19:20:36 1996 Tom Yu <tlyu@mit.edu> * Makefile.in (clean-unix): Remove shared/*. diff --git a/src/lib/kadm5/unit-test/ChangeLog b/src/lib/kadm5/unit-test/ChangeLog index 0f95d81387..2fe5fb96d4 100644 --- a/src/lib/kadm5/unit-test/ChangeLog +++ b/src/lib/kadm5/unit-test/ChangeLog @@ -3,6 +3,10 @@ Mon Dec 9 15:57:55 1996 Barry Jaspan <bjaspan@mit.edu> * api.0/init.exp, api.2/init.exp: use spawn/expect instead of exec so tests don't fail when kadmin.local produces output +Wed Nov 20 15:59:34 1996 Barry Jaspan <bjaspan@mit.edu> + + * Makefile.in (check-): warn more loudly about unrun tests + Mon Nov 11 20:51:27 1996 Tom Yu <tlyu@mit.edu> * configure.in: Add AC_CANONICAL_HOST to deal with new pre.in. diff --git a/src/lib/kadm5/unit-test/Makefile.in b/src/lib/kadm5/unit-test/Makefile.in index 455f42880c..333c663e51 100644 --- a/src/lib/kadm5/unit-test/Makefile.in +++ b/src/lib/kadm5/unit-test/Makefile.in @@ -49,7 +49,10 @@ server-iter-test: iter-test.o $(SRVDEPLIBS) check:: check-@DO_TEST@ check-:: - @echo "Either tcl, runtest, or Perl is unavailable. Kadm5 unit tests not run" + @echo "+++" + @echo "+++ WARNING: lib/kadm5 unit tests not run." + @echo "+++ Either tcl, runtest, or Perl is unavailable." + @echo "+++" check-ok unit-test:: unit-test-client unit-test-server diff --git a/src/lib/kdb/ChangeLog b/src/lib/kdb/ChangeLog index 3f74707fbb..ca9b830894 100644 --- a/src/lib/kdb/ChangeLog +++ b/src/lib/kdb/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:40:12 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Tue Nov 12 23:41:55 1996 Mark Eichin <eichin@cygnus.com> * kdb_dbm.c: Ditch DB_OPENCLOSE conditionals, and fix the real diff --git a/src/lib/kdb/configure.in b/src/lib/kdb/configure.in index 75c4e40c86..8f04d98242 100644 --- a/src/lib/kdb/configure.in +++ b/src/lib/kdb/configure.in @@ -20,7 +20,7 @@ KRB5_RUN_FLAGS V5_USE_SHARED_LIB KRB5_LIBRARIES V5_SHARED_LIB_OBJS -V5_MAKE_SHARED_LIB(libkdb5,0.1,.., ./kdb) +V5_MAKE_SHARED_LIB(libkdb5,1.0,.., ./kdb) AppendRule([all-unix:: ../libkdb5.a]) KRB5_SH_VERS=$krb5_cv_shlib_version_libkrb5 AC_SUBST(KRB5_SH_VERS) diff --git a/src/lib/krb4/ChangeLog b/src/lib/krb4/ChangeLog index 27ab65fe11..1c7296b8c1 100644 --- a/src/lib/krb4/ChangeLog +++ b/src/lib/krb4/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:40:39 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Thu Nov 7 12:33:06 1996 Theodore Y. Ts'o <tytso@mit.edu> * g_in_tkt.c: diff --git a/src/lib/krb4/configure.in b/src/lib/krb4/configure.in index 4e3dd8c0f8..2a4c8b3a75 100644 --- a/src/lib/krb4/configure.in +++ b/src/lib/krb4/configure.in @@ -44,7 +44,7 @@ AC_HAVE_FUNCS(strsave seteuid setreuid setresuid) AC_PROG_AWK V5_SHARED_LIB_OBJS SubdirLibraryRule([$(OBJS)]) -V5_MAKE_SHARED_LIB(libkrb4,0.1,.., ./krb4) +V5_MAKE_SHARED_LIB(libkrb4,1.0,.., ./krb4) CopyHeader(krb_err.h,$(EHDRDIR)) CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto AC_SUBST(CRYPTO_SH_VERS) diff --git a/src/lib/krb5/ChangeLog b/src/lib/krb5/ChangeLog index 00b17c7d8f..e77f6b970f 100644 --- a/src/lib/krb5/ChangeLog +++ b/src/lib/krb5/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:42:39 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Wed Oct 23 01:15:40 1996 Theodore Y. Ts'o <tytso@mit.edu> * configure.in, Makefile.in: Check to see if the -lgen library diff --git a/src/lib/krb5/configure.in b/src/lib/krb5/configure.in index c612ed7c95..2ac53bdfe9 100644 --- a/src/lib/krb5/configure.in +++ b/src/lib/krb5/configure.in @@ -16,7 +16,7 @@ dnl AC_CHECK_LIB(gen,compile,SHLIB_GEN=-lgen,SHLIB_GEN='') AC_SUBST(SHLIB_GEN) dnl -V5_MAKE_SHARED_LIB(libkrb5,0.1,.., ./krb5) +V5_MAKE_SHARED_LIB(libkrb5,1.0,.., ./krb5) CRYPTO_SH_VERS=$krb5_cv_shlib_version_libcrypto AC_SUBST(CRYPTO_SH_VERS) COMERR_SH_VERS=$krb5_cv_shlib_version_libcom_err diff --git a/src/lib/krb5/error_tables/ChangeLog b/src/lib/krb5/error_tables/ChangeLog index 0b60e42c59..6eff8a21aa 100644 --- a/src/lib/krb5/error_tables/ChangeLog +++ b/src/lib/krb5/error_tables/ChangeLog @@ -1,3 +1,7 @@ +Tue Nov 19 17:06:26 1996 Barry Jaspan <bjaspan@mit.edu> + + * krb5_err.et: add KRB5_KT_KVNONOTFOUND [krb5-libs/198] + Wed Nov 6 11:15:32 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * krb5_err.et: Make the KRB5_CONFIG_CANTOPEN and diff --git a/src/lib/krb5/error_tables/krb5_err.et b/src/lib/krb5/error_tables/krb5_err.et index 06af955416..1b42232425 100644 --- a/src/lib/krb5/error_tables/krb5_err.et +++ b/src/lib/krb5/error_tables/krb5_err.et @@ -300,5 +300,6 @@ error_code KRB5_CONFIG_NODEFREALM, "Configuration file does not specify default error_code KRB5_SAM_UNSUPPORTED, "Bad SAM flags in obtain_sam_padata" error_code KRB5_KT_NAME_TOOLONG, "Keytab name too long" +error_code KRB5_KT_KVNONOTFOUND, "Key version number for principal in key table is incorrect" end diff --git a/src/lib/krb5/keytab/file/ChangeLog b/src/lib/krb5/keytab/file/ChangeLog index c37f70950b..f14e2a0301 100644 --- a/src/lib/krb5/keytab/file/ChangeLog +++ b/src/lib/krb5/keytab/file/ChangeLog @@ -1,3 +1,8 @@ +Tue Nov 19 17:06:59 1996 Barry Jaspan <bjaspan@mit.edu> + + * ktf_g_ent.c (krb5_ktfile_get_entry): return KRB5_KT_KVNONOTFOUND + when appropriate [krb5-libs/198] + Wed Jul 24 17:10:11 1996 Theodore Y. Ts'o <tytso@mit.edu> * ktf_g_name.c (krb5_ktfile_get_name): Use the error code diff --git a/src/lib/krb5/keytab/file/ktf_g_ent.c b/src/lib/krb5/keytab/file/ktf_g_ent.c index 4805d5c697..e42dcdbd44 100644 --- a/src/lib/krb5/keytab/file/ktf_g_ent.c +++ b/src/lib/krb5/keytab/file/ktf_g_ent.c @@ -40,6 +40,7 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) { krb5_keytab_entry cur_entry, new_entry; krb5_error_code kerror = 0; + int found_wrong_kvno = 0; /* Open the keyfile for reading */ if ((kerror = krb5_ktfileint_openr(context, id))) @@ -92,14 +93,21 @@ krb5_ktfile_get_entry(context, id, principal, kvno, enctype, entry) krb5_kt_free_entry(context, &cur_entry); cur_entry = new_entry; break; - } + } else + found_wrong_kvno++; } } else { krb5_kt_free_entry(context, &new_entry); } } - if (kerror == KRB5_KT_END) - kerror = cur_entry.principal ? 0 : KRB5_KT_NOTFOUND; + if (kerror == KRB5_KT_END) { + if (cur_entry.principal) + kerror = 0; + else if (found_wrong_kvno) + kerror = KRB5_KT_KVNONOTFOUND; + else + kerror = KRB5_KT_NOTFOUND; + } if (kerror) { (void) krb5_ktfileint_close(context, id); krb5_kt_free_entry(context, &cur_entry); diff --git a/src/lib/krb5/krb/ChangeLog b/src/lib/krb5/krb/ChangeLog index c702d0aa97..18bf885944 100644 --- a/src/lib/krb5/krb/ChangeLog +++ b/src/lib/krb5/krb/ChangeLog @@ -1,3 +1,10 @@ +Thu Nov 21 13:54:01 1996 Ezra Peisach <epeisach@mit.edu> + + * recvauth.c (krb5_recvauth): If there is an error, and the server + argument to krb5_recvauth is NULL, create a dummy server + entry for the krb5_error structure so that krb5_mk_error + will not die with missing required fields. [krb5-libs/209] + Wed Nov 13 14:30:47 1996 Tom Yu <tlyu@mit.edu> * init_ctx.c: Revert previous kt_default_name changes. diff --git a/src/lib/krb5/krb/recvauth.c b/src/lib/krb5/krb/recvauth.c index d6d6772dee..d5e7b5fc53 100644 --- a/src/lib/krb5/krb/recvauth.c +++ b/src/lib/krb5/krb/recvauth.c @@ -57,6 +57,7 @@ krb5_recvauth(context, auth_context, krb5_rcache rcache = 0; krb5_octet response; krb5_data null_server; + int need_error_free = 0; /* * Zero out problem variable. If problem is set at the end of @@ -173,7 +174,14 @@ krb5_recvauth(context, auth_context, memset((char *)&error, 0, sizeof(error)); krb5_us_timeofday(context, &error.stime, &error.susec); - error.server = server; + if(server) + error.server = server; + else { + /* If this fails - ie. ENOMEM we are hosed + we cannot even send the error if we wanted to... */ + (void) krb5_parse_name(context, "????", &error.server); + need_error_free = 1; + } error.error = problem - ERROR_TABLE_BASE_krb5; if (error.error > 127) @@ -190,6 +198,9 @@ krb5_recvauth(context, auth_context, goto cleanup; } free(error.text.data); + if(need_error_free) + krb5_free_principal(context, error.server); + } else { outbuf.length = 0; outbuf.data = 0; diff --git a/src/lib/krb5_16.def b/src/lib/krb5_16.def new file mode 100644 index 0000000000..9d9d5e5ef7 --- /dev/null +++ b/src/lib/krb5_16.def @@ -0,0 +1,65 @@ +;---------------------------------------------------- +; LIBKRB5.DEF - LIBKRB5.DLL module definition file +;---------------------------------------------------- + +LIBRARY LIBKRB5 +DESCRIPTION 'DLL for Kerberos 5' +EXETYPE WINDOWS +CODE PRELOAD MOVEABLE DISCARDABLE +DATA PRELOAD MOVEABLE SINGLE +HEAPSIZE 8192 + +EXPORTS + WEP @1001 RESIDENTNAME + LIBMAIN @1002 + GSS_ACQUIRE_CRED @1 + GSS_RELEASE_CRED @2 + GSS_INIT_SEC_CONTEXT @3 + GSS_ACCEPT_SEC_CONTEXT @4 + GSS_PROCESS_CONTEXT_TOKEN @5 + GSS_DELETE_SEC_CONTEXT @6 + GSS_CONTEXT_TIME @7 + GSS_SIGN @8 + GSS_VERIFY @9 + GSS_SEAL @10 + GSS_UNSEAL @11 + GSS_DISPLAY_STATUS @12 + GSS_INDICATE_MECHS @13 + GSS_COMPARE_NAME @14 + GSS_DISPLAY_NAME @15 + GSS_IMPORT_NAME @16 + GSS_RELEASE_NAME @17 + GSS_RELEASE_BUFFER @18 + GSS_RELEASE_OID_SET @19 + GSS_INQUIRE_CRED @20 +; Kerberos 5 + _krb5_build_principal_ext + KRB5_CC_DEFAULT + KRB5_FREE_ADDRESSES + KRB5_FREE_AP_REP_ENC_PART + KRB5_FREE_CRED_CONTENTS + KRB5_FREE_CREDS + KRB5_FREE_PRINCIPAL + KRB5_GET_CREDENTIALS + KRB5_GET_DEFAULT_REALM + KRB5_GET_IN_TKT_WITH_PASSWORD + KRB5_GET_NOTIFICATION_MESSAGE + KRB5_INIT_CONTEXT + KRB5_INIT_ETS + KRB5_MK_REQ_EXTENDED + KRB5_OS_LOCALADDR + KRB5_PARSE_NAME + KRB5_RD_REP + KRB5_SNAME_TO_PRINCIPAL + KRB5_TIMEOFDAY + KRB5_US_TIMEOFDAY + KRB5_UNPARSE_NAME +;Kadm routines + KRB5_ADM_CONNECT + KRB5_ADM_DISCONNECT + KRB5_FREE_ADM_DATA + KRB5_READ_ADM_REPLY + KRB5_SEND_ADM_CMD +;Com_err routines + _com_err + ERROR_MESSAGE diff --git a/src/lib/rpc/ChangeLog b/src/lib/rpc/ChangeLog index 1f815211b1..904ca169ba 100644 --- a/src/lib/rpc/ChangeLog +++ b/src/lib/rpc/ChangeLog @@ -19,6 +19,21 @@ Wed Dec 4 12:42:49 1996 Barry Jaspan <bjaspan@mit.edu> recvfrom in order to determine both source and dest address on unconnected UDP socket, set xp_laddr and xp_laddrlen +Fri Nov 22 15:50:42 1996 unknown <bjaspan@mit.edu> + + * get_myaddress.c (get_myaddress): use krb5_os_localaddr instead + of ioctl() to get local IP addresses [krb5-libs/227] + + * clnt_generic.c, clnt_simple.c, getrpcport.c: use sizeof instead + of h_length to determine number of bytes of addr to copy from DNS + response [krb5-misc/211] + +Fri Nov 22 11:49:43 1996 Sam Hartman <hartmans@mit.edu> + + * types.hin: Include stdlib.h if found at config time [203] + + * configure.in: Substitute STDLIB_INCLUDE into types.h. [203] + Tue Nov 12 16:27:27 1996 Barry Jaspan <bjaspan@mit.edu> * auth_gssapi.c (auth_gssapi_create): handle channel bindings diff --git a/src/lib/rpc/clnt_generic.c b/src/lib/rpc/clnt_generic.c index f111c2e147..9eeabe1529 100644 --- a/src/lib/rpc/clnt_generic.c +++ b/src/lib/rpc/clnt_generic.c @@ -73,7 +73,7 @@ clnt_create(hostname, prog, vers, proto) sin.sin_family = h->h_addrtype; sin.sin_port = 0; memset(sin.sin_zero, 0, sizeof(sin.sin_zero)); - memmove((char*)&sin.sin_addr, h->h_addr, h->h_length); + memmove((char*)&sin.sin_addr, h->h_addr, sizeof(sin.sin_addr)); p = getprotobyname(proto); if (p == NULL) { rpc_createerr.cf_stat = RPC_UNKNOWNPROTO; diff --git a/src/lib/rpc/clnt_simple.c b/src/lib/rpc/clnt_simple.c index 0d8f7a4df7..9b5ba9fa68 100644 --- a/src/lib/rpc/clnt_simple.c +++ b/src/lib/rpc/clnt_simple.c @@ -88,7 +88,8 @@ callrpc(host, prognum, versnum, procnum, inproc, in, outproc, out) return ((int) RPC_UNKNOWNHOST); timeout.tv_usec = 0; timeout.tv_sec = 5; - memmove((char *)&server_addr.sin_addr, hp->h_addr, hp->h_length); + memmove((char *)&server_addr.sin_addr, hp->h_addr, + sizeof(server_addr.sin_addr)); server_addr.sin_family = AF_INET; server_addr.sin_port = 0; if ((crp->client = clntudp_create(&server_addr, (rpc_u_int32)prognum, diff --git a/src/lib/rpc/configure.in b/src/lib/rpc/configure.in index c2217044f8..dde9d53fa3 100644 --- a/src/lib/rpc/configure.in +++ b/src/lib/rpc/configure.in @@ -6,7 +6,11 @@ AC_PROG_ARCHIVE AC_PROG_ARCHIVE_ADD AC_PROG_RANLIB AC_PROG_INSTALL - +dnl Arrange for types.hin to include stdlib.h +AC_CHECK_HEADER(stdlib.h, [ + STDLIB_INCLUDE="#include <stdlib.h>"], + [STDLIB_INCLUDE=""]) +AC_SUBST(STDLIB_INCLUDE) dnl ### Check where struct rpcent is declared. # # This is necessary to determine: diff --git a/src/lib/rpc/get_myaddress.c b/src/lib/rpc/get_myaddress.c index fa4c54e784..7986a384c7 100644 --- a/src/lib/rpc/get_myaddress.c +++ b/src/lib/rpc/get_myaddress.c @@ -38,6 +38,46 @@ static char sccsid[] = "@(#)get_myaddress.c 1.4 87/08/11 Copyr 1984 Sun Micro"; * Copyright (C) 1984, Sun Microsystems, Inc. */ +#ifdef GSSAPI_KRB5 +#include <rpc/types.h> +#include <rpc/pmap_prot.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <krb5.h> +/* + * don't use gethostbyname, which would invoke yellow pages + */ +get_myaddress(addr) + struct sockaddr_in *addr; +{ + krb5_address **addrs, **a; + int ret; + + /* Hack! krb5_os_localaddr does not use the context arg! */ + if (ret = krb5_os_localaddr(NULL, &addrs)) { + com_err("get_myaddress", ret, "calling krb5_os_localaddr"); + exit(1); + } + a = addrs; + while (*a) { + if ((*a)->addrtype == ADDRTYPE_INET) { + memset(addr, 0, sizeof(*addr)); + addr->sin_family = AF_INET; + addr->sin_port = htons(PMAPPORT); + memcpy(&addr->sin_addr, (*a)->contents, sizeof(addr->sin_addr)); + break; + } + a++; + } + if (*a == NULL) { + com_err("get_myaddress", 0, "no local AF_INET address"); + exit(1); + } + /* Hack! krb5_free_addresses does not use the context arg! */ + krb5_free_addresses(NULL, addrs); +} + +#else /* !GSSAPI_KRB5 */ #include <rpc/types.h> #include <rpc/pmap_prot.h> #include <sys/socket.h> @@ -93,3 +133,4 @@ get_myaddress(addr) } (void) close(s); } +#endif /* !GSSAPI_KRB5 */ diff --git a/src/lib/rpc/getrpcport.c b/src/lib/rpc/getrpcport.c index d209a15274..1bc239f942 100644 --- a/src/lib/rpc/getrpcport.c +++ b/src/lib/rpc/getrpcport.c @@ -48,7 +48,7 @@ getrpcport(host, prognum, versnum, proto) if ((hp = gethostbyname(host)) == NULL) return (0); - memmove((char *) &addr.sin_addr, hp->h_addr, hp->h_length); + memmove((char *) &addr.sin_addr, hp->h_addr, sizeof(addr.sin_addr)); addr.sin_family = AF_INET; addr.sin_port = 0; return (pmap_getport(&addr, prognum, versnum, proto)); diff --git a/src/lib/rpc/types.hin b/src/lib/rpc/types.hin index 9bd357d701..8722759cc8 100644 --- a/src/lib/rpc/types.hin +++ b/src/lib/rpc/types.hin @@ -61,9 +61,7 @@ typedef unsigned long rpc_u_int32; # define NULL 0 #endif -#if defined(__osf__) -#include <stdlib.h> -#endif +@STDLIB_INCLUDE@ #define mem_alloc(bsize) (char *) malloc(bsize) #define mem_free(ptr, bsize) free(ptr) diff --git a/src/lib/rpc/unit-test/ChangeLog b/src/lib/rpc/unit-test/ChangeLog index 05a3de5409..0303efb292 100644 --- a/src/lib/rpc/unit-test/ChangeLog +++ b/src/lib/rpc/unit-test/ChangeLog @@ -1,3 +1,7 @@ +Wed Nov 20 16:00:21 1996 Barry Jaspan <bjaspan@mit.edu> + + * Makefile.in (unit-test-): warn more loudly about unrun tests + Thu Nov 14 22:27:05 1996 Tom Yu <tlyu@mit.edu> * server.c (main): Add declaration of optind for systems that diff --git a/src/lib/rpc/unit-test/Makefile.in b/src/lib/rpc/unit-test/Makefile.in index 3690dc3493..26c10c79d3 100644 --- a/src/lib/rpc/unit-test/Makefile.in +++ b/src/lib/rpc/unit-test/Makefile.in @@ -29,8 +29,10 @@ client.o server.o: rpc_test.h check unit-test:: unit-test-@DO_TEST@ unit-test-: - @echo "The rpc tests require Perl, Tcl, and runtest" - @echo "No tests run here" + @echo "+++" + @echo "+++ WARNING: lib/rpc unit tests not run." + @echo "+++ Either tcl, runtest, or Perl is unavailable." + @echo "+++" unit-test-ok:: unit-test-setup unit-test-body unit-test-cleanup diff --git a/src/mac/ChangeLog b/src/mac/ChangeLog index 654a0a8d9b..b3be53fc8f 100644 --- a/src/mac/ChangeLog +++ b/src/mac/ChangeLog @@ -1,3 +1,11 @@ +Fri Nov 22 07:54:57 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * Makefile.tmpl: Use '%' in Makefiles where you really want a '/' + character in the mpw Makefile. (Translation in + src/Makefile.in) + + * version.r: Fix typos, and set version resource for 1.0 release. + Fri Nov 8 17:44:10 1996 Theodore Y. Ts'o <tytso@mit.edu> * Makefile.tmpl: Add in version resource diff --git a/src/mac/Makefile.tmpl b/src/mac/Makefile.tmpl index 84ebae4fda..5a42dd4ae6 100644 --- a/src/mac/Makefile.tmpl +++ b/src/mac/Makefile.tmpl @@ -3,11 +3,11 @@ KH68K = {KH}KerberosHeaders68K KHCFM-68K = {KH}KerberosHeadersCFM-68K KHPPC = {KH}KerberosHeadersPPC -GSSRTLCFM68K = "{MW68KLibraries}ANSI (4i/8d) C.CFM68K.Lib" \ +GSSRTLCFM68K = "{MW68KLibraries}ANSI (4i%8d) C.CFM68K.Lib" \ {MW68KLibraries}SIOUX.CFM68K.Lib \ {MW68KLibraries}InterfaceLib \ {MW68KLibraries}MWCFM68KRuntime.Lib \ - "{MW68KLibraries}MathLibCFM68K (4i/8d).Lib" + "{MW68KLibraries}MathLibCFM68K (4i%8d).Lib" GSSRTLCFMPPC = "{MWPPCLibraries}ANSI C.PPC.Lib" \ {MWPPCLibraries}SIOUX.PPC.Lib {MWPPCLibraries}MWCRuntime.Lib \ @@ -113,7 +113,6 @@ link-68KCFM-SAP : -sym fullpath -map libgss.68K.MAP -o GSSLibrarySAP.68K \ {GSSRTLCFM68K} {GSSOBJS68KCFM-SAP} {GSSOBJS68KCFM} Rez "/mac/SAP/GSSforSAP.r" -a -o GSSLibrarySAP.68K - Rez "/mac/version.r" -a -o GSSLibrarySAP.68K link-PPC-SAP : MWLinkPPC -sharedlibrary -name GSSLibrary -m "" \ @@ -122,7 +121,6 @@ link-PPC-SAP : -sym fullpath -map libgss.PPC.MAP -o GSSLibrarySAP.PPC \ {GSSRTLCFMPPC} {GSSOBJSPPC-SAP} {GSSOBJSPPC} Rez "/mac/SAP/GSSforSAP.r" -a -o GSSLibrarySAP.PPC - Rez "/mac/version.r" -a -o GSSLibrarySAP.PPC link-CFMFAT-SAP : Duplicate -y GSSLibrarySAP.68K GSSLibSAP diff --git a/src/mac/SAP/GSSforSAP.r b/src/mac/SAP/GSSforSAP.r index ca25a83846..8910dd756b 100644 --- a/src/mac/SAP/GSSforSAP.r +++ b/src/mac/SAP/GSSforSAP.r @@ -1,4 +1,17 @@ +#ifdef mw_rez +#include <SysTypes.r> +#include <Types.r> +#else +#include "SysTypes.r" #include "Types.r" +#endif + +resource 'vers' (1) { + 0x01, 0x00, final, 0x00, + verUS, + "1.0", + "1.0(SAP), Copyright 1996 Massachusetts Institute of Technology" +}; resource 'DITL' (135, nonpurgeable) { { /* array DITLarray: 2 elements */ diff --git a/src/mac/gss-sample/ChangeLog b/src/mac/gss-sample/ChangeLog index 63f0612567..9975f8a929 100644 --- a/src/mac/gss-sample/ChangeLog +++ b/src/mac/gss-sample/ChangeLog @@ -1,3 +1,10 @@ +Fri Nov 22 15:51:55 1996 unknown <bjaspan@mit.edu> + + * gss-client.c (connect_to_server): use sizeof instead of h_length + to determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + + Thu 26 12:00:00 1995 John Rivlin <jrivlin@fusion.com> * Created GSS Sample program diff --git a/src/mac/gss-sample/gss-client.c b/src/mac/gss-sample/gss-client.c index d7dd26ebaa..b2be7c84c0 100644 --- a/src/mac/gss-sample/gss-client.c +++ b/src/mac/gss-sample/gss-client.c @@ -336,7 +336,7 @@ SOCKET connect_to_server(char *host, u_short port) } saddr.sin_family = hp->h_addrtype; - memcpy((char *)&saddr.sin_addr, hp->h_addr, hp->h_length); + memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr)); saddr.sin_port = htons(port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) == (SOCKET) -1) { diff --git a/src/mac/libraries/ChangeLog b/src/mac/libraries/ChangeLog index 1a8d737a86..4388c5e7f2 100644 --- a/src/mac/libraries/ChangeLog +++ b/src/mac/libraries/ChangeLog @@ -1,3 +1,9 @@ +Sat Nov 23 00:18:20 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * KerberosHeaders.h: Remove DES3 and SHA support for 1.0, since + what's there isn't the correct final algorithm. (They + will be re-added later.) [PR #231] + Tue Apr 30 14:53:54 1996 <tytso@rsts-11.mit.edu> * KerberosHeaders.h: Removed PROVIDE_SNEFRU (shouldn't be there) diff --git a/src/mac/libraries/KerberosHeaders.h b/src/mac/libraries/KerberosHeaders.h index ac4e62da66..a25d001570 100644 --- a/src/mac/libraries/KerberosHeaders.h +++ b/src/mac/libraries/KerberosHeaders.h @@ -35,9 +35,9 @@ typedef unsigned int size_t; #define PROVIDE_DES_CBC_CRC #define PROVIDE_DES_CBC_MD5 #define PROVIDE_DES_CBC_RAW -#define PROVIDE_DES3_CBC_MD5 -#define PROVIDE_DES3_CBC_RAW - +/* #define PROVIDE_DES3_CBC_MD5 */ +/* #define PROVIDE_DES3_CBC_RAW */ +/* #define PROVIDE_NIST_SHA */ #define NO_SYS_TYPES_H #define NO_SYS_STAT_H diff --git a/src/mac/mkbindirs.sh b/src/mac/mkbindirs.sh new file mode 100644 index 0000000000..cdc2af202b --- /dev/null +++ b/src/mac/mkbindirs.sh @@ -0,0 +1,13 @@ +#!/bin/sh +# +# This shell script creates the Macintosh binary hierarchies. + +topbin=$1 +shift + +for DIR do + mkdir $topbin/$DIR + for SDIR in `sed -n -e 's/MAC_SUBDIRS.*=//p' $DIR/Makefile.in`; do + /bin/sh mac/mkbindirs.sh $topbin $DIR/$SDIR; + done +done diff --git a/src/mac/version.r b/src/mac/version.r index 85ece8583e..a83d10ff20 100644 --- a/src/mac/version.r +++ b/src/mac/version.r @@ -1,9 +1,14 @@ +#ifdef mw_rez #include <SysTypes.r> #include <Types.r> +#else +#include "SysTypes.r" +#include "Types.r" +#endif resource 'vers' (1) { - 0x00, 0x07, beta, 0x01, - verUS - "Beta 7 Build 1", - "Beta 7 Build 1, Copyright 1996 Massachusetts Institute of Technology" + 0x01, 0x00, final, 0x00, + verUS, + "1.0", + "1.0, Copyright 1996 Massachusetts Institute of Technology" }; diff --git a/src/patchlevel.h b/src/patchlevel.h index ab2b4e2154..45d84f1946 100644 --- a/src/patchlevel.h +++ b/src/patchlevel.h @@ -1,2 +1,3 @@ -#define KRB5_MAJOR_RELEASE BETA_7 +#define KRB5_MAJOR_RELEASE 1 #define KRB5_MINOR_RELEASE 0 +#define KRB5_PATCHLEVEL 0 diff --git a/src/slave/ChangeLog b/src/slave/ChangeLog index 60673e1dc3..acaeb8a3d5 100644 --- a/src/slave/ChangeLog +++ b/src/slave/ChangeLog @@ -1,3 +1,20 @@ +Thu Dec 5 21:15:27 1996 Tom Yu <tlyu@mit.edu> + + * kslave_update: Update script for new filename conventions. [PR + 280] + + * kprop.M: Update outdated references to kdb5_edit and /krb5 [PR + 279] + + * kpropd.M: Update outdated references to kdb5_edit and /krb5 [PR + 279] + +Fri Nov 22 15:52:07 1996 unknown <bjaspan@mit.edu> + + * kprop.c (open_connection): use sizeof instead of h_length to + determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Thu Nov 7 15:18:01 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * kprop.c (main): diff --git a/src/slave/kprop.M b/src/slave/kprop.M index 7a25db6dfb..a0b5ac840e 100644 --- a/src/slave/kprop.M +++ b/src/slave/kprop.M @@ -35,8 +35,8 @@ Kerberos server to a slave Kerberos server, which is specfied by .IR slave_host . This is done by transmitting the dumped database file to the slave server over an encrypted, secure channel. The dump file must be created -by kdb5_edit, and is normally KPROP_DEFAULT_FILE -(/krb5/slave_datatrans). +by kdb5_util, and is normally KPROP_DEFAULT_FILE +(/usr/local/var/krb5kdc/slave_datatrans). .SH OPTIONS .TP \fB\-r\fP \fIrealm\fP @@ -48,7 +48,7 @@ is used. \fB\-f\fP \fIfile\fP specifies the filename where the dumped principal database file is to be found; by default the dumped database file is KPROP_DEFAULT_FILE -(normally /krb5/slave_datatrans). +(normally /usr/local/var/krb5kdc/slave_datatrans). .TP \fB\-P\fP \fIport\fP specifies the port to use to contact the @@ -61,4 +61,4 @@ prints debugging information. \fB\-s\fP \fIkeytab\fP specifies the location of the keytab file. .SH SEE ALSO -kpropd(8), kdb5_edit(8), krb5kdc(8) +kpropd(8), kdb5_util(8), krb5kdc(8) diff --git a/src/slave/kprop.c b/src/slave/kprop.c index 3c4848135a..0ddcc2fb13 100644 --- a/src/slave/kprop.c +++ b/src/slave/kprop.c @@ -324,7 +324,7 @@ open_connection(host, fd, Errmsg) return(0); } sin.sin_family = hp->h_addrtype; - memcpy((char *)&sin.sin_addr, hp->h_addr, hp->h_length); + memcpy((char *)&sin.sin_addr, hp->h_addr, sizeof(sin.sin_addr)); if(!port) { sp = getservbyname(KPROP_SERVICE, "tcp"); if (sp == 0) { diff --git a/src/slave/kpropd.M b/src/slave/kpropd.M index 3228ed9532..e037a11210 100644 --- a/src/slave/kpropd.M +++ b/src/slave/kpropd.M @@ -35,7 +35,7 @@ kpropd \- Kerberos V5 slave KDC update server .I principal_database ] [ .B \-p -.I kdb5_edit_prog +.I kdb5_util_prog ] [ .B \-d ] [ @@ -52,7 +52,7 @@ is the server which accepts connections from the program. .I kpropd accepts the dumped KDC database and places it in a file, and then runs -.IR kdb5_edit (8) +.IR kdb5_util (8) to load the dumped database into the active database which is used by .IR krb5kdc (8). Thus, the master Kerberos server can use @@ -66,7 +66,7 @@ Normally, kpropd is invoked out of This is done by adding a line to the inetd.conf file which looks like this: -kprop stream tcp nowait root /krb5/bin/kpropd kpropd +kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd However, kpropd can also run as a standalone deamon, if the .B \-S @@ -84,13 +84,13 @@ is used. \fB\-f\fP \fIfile\fP specifies the filename where the dumped principal database file is to be stored; by default the dumped database file is KPROPD_DEFAULT_FILE -(normally /krb5/from_master). +(normally /usr/local/var/krb5kdc/from_master). .TP .B \-p allows the user to specify the pathname to the -.IR kdb5_edit (8) -program; by default the pathname used is KPROPD_DEFAULT_KDB5_EDIT -(normally /krb5/bin/kdb5_edit). +.IR kdb5_util (8) +program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL +(normally /usr/local/sbin/kdb5_util). .TP .B \-S turn on standalone mode. Normally, kpropd is invoked out of @@ -124,4 +124,4 @@ Access file for Each entry is a line containing the principal of a host from which the local machine will allow Kerberos database propagation via kprop. .SH SEE ALSO -kprop(8), kdb5_edit(8), krb5kdc(8), inetd(8) +kprop(8), kdb5_util(8), krb5kdc(8), inetd(8) diff --git a/src/slave/kslave_update b/src/slave/kslave_update index d6207de609..a4da274ff5 100644 --- a/src/slave/kslave_update +++ b/src/slave/kslave_update @@ -1,16 +1,16 @@ #!/bin/sh # -# Propagate if database (principal.pag) has been modified since last dump +# Propagate if database (principal.db) has been modified since last dump # (dumpfile.dump_ok) or if database has been dumped since last successful # propagation (dumpfile.<slave machine>.last_prop) -KDB_DIR=/krb5 +KDB_DIR=/usr/local/var/krb5kdc -KDB_FILE=$KDB_DIR/principal.page +KDB_FILE=$KDB_DIR/principal.db DUMPFILE=$KDB_DIR/slave_datatrans -KDB5_EDIT=/krb5/sbin/kdb5_edit -KPROP=/krb5/sbin/kprop - +KDB5_UTIL=/usr/local/sbin/kdb5_util +KPROP=/usr/local/sbin/kprop + SLAVE=$1 if [ -z "${SLAVE}" ] then @@ -23,7 +23,7 @@ if [ "`ls -t $DUMPFILE.dump_ok $KDB_FILE | sed -n 1p`" = "$KDB_FILE" -o \ then date - $KDB5_EDIT -R "ddb $DUMPFILE" >/dev/null + $KDB5_EDIT dump $DUMPFILE > /dev/null $KPROP -d -f $DUMPFILE ${SLAVE} rm $DUMPFILE diff --git a/src/tests/dejagnu/ChangeLog b/src/tests/dejagnu/ChangeLog index 52b0d0d136..619475c729 100644 --- a/src/tests/dejagnu/ChangeLog +++ b/src/tests/dejagnu/ChangeLog @@ -1,3 +1,7 @@ +Wed Nov 20 16:01:34 1996 Barry Jaspan <bjaspan@mit.edu> + + * Makefile.in (check-): warn more loudly about unrun tests + Mon Oct 7 15:46:47 1996 Ezra Peisach <epeisach@kangaroo.mit.edu> * Makefile.in (HAVE_RUNTEST): Renamed from RUNTEST as diff --git a/src/tests/dejagnu/Makefile.in b/src/tests/dejagnu/Makefile.in index bab9ca766b..50b97e7d43 100644 --- a/src/tests/dejagnu/Makefile.in +++ b/src/tests/dejagnu/Makefile.in @@ -7,7 +7,10 @@ all install:: check:: check-$(HAVE_RUNTEST) check-:: - @echo "Dejagnu is not installed on this system. No tests run." + @echo "+++" + @echo "+++ WARNING: tests/dejagnu tests not run." + @echo "+++ runtest is unavailable." + @echo "+++" check-runtest:: t_inetd site.exp $(HAVE_RUNTEST) --tool krb --srcdir $(srcdir) $(RUNTESTFLAGS) diff --git a/src/tests/dejagnu/config/ChangeLog b/src/tests/dejagnu/config/ChangeLog index 5416b6a5df..a037337561 100644 --- a/src/tests/dejagnu/config/ChangeLog +++ b/src/tests/dejagnu/config/ChangeLog @@ -1,3 +1,14 @@ +Mon Nov 25 14:23:06 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * defualt.exp: Ezra's fix so that the dejagnu tests don't bomb out + if KRB5_KTNAME is set for some reason. + +Tue Nov 19 15:13:30 1996 Tom Yu <tlyu@mit.edu> + + * default.exp (check_k5login): Check for principal + $env(USER)@$REALMNAME rather than simply $env(USER), so that + kuser_ok dtrt, hopefully. + Mon Nov 11 20:52:27 1996 Mark Eichin <eichin@cygnus.com> * dejagnu: set env(TERM) dumb, find ktutil diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index 4e3ebeb07d..9e728ca5b9 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -134,6 +134,7 @@ if ![info exists SHELL_PROMPT] { proc check_k5login { testname } { global env + global REALMNAME if ![file exists ~/.k5login] { return 1 @@ -141,7 +142,7 @@ proc check_k5login { testname } { set file [open ~/.k5login r] while { [gets $file principal] != -1 } { - if { $principal == $env(USER) } { + if { $principal == "$env(USER)@$REALMNAME" } { close $file return 1 } @@ -760,6 +761,7 @@ proc start_kerberos_daemons { standalone } { global kadmind_pid global kadmind_spawn_id global tmppwd + global env if ![setup_kerberos_db 0] { return 0 @@ -818,6 +820,17 @@ proc start_kerberos_daemons { standalone } { # Give the kerberos daemon a few seconds to get set up. sleep 2 + + # + # Save setting of KRB5_KTNAME. We do not want to override kdc.conf + # file during kadmind startup. (this is in case user has KRB5_KTNAME + # set before starting make check) + # + if [info exists env(KRB5_KTNAME)] { + set start_save_ktname $env(KRB5_KTNAME) + } + catch "unset env(KRB5_KTNAME)" + if ![file exists $kadmind_lfile] then { catch [touch $kadmind_lfile] sleep 1 @@ -841,10 +854,20 @@ proc start_kerberos_daemons { standalone } { if {$count >= $retry} { fail "kadmin5 (starting)" + if [info exists start_save_ktname] { + set env(KRB5_KTNAME) $start_save_ktname + unset start_save_ktname + } stop_kerberos_daemons return 0 } + # Restore KRB5_KTNAME + if [info exists start_save_ktname] { + set env(KRB5_KTNAME) $start_save_ktname + unset start_save_ktname + } + switch -regexp [tail1 $kadmind_lfile] { "cannot initialize network" { fail "kadmind (network init)" diff --git a/src/tests/misc/test_getsockname.c b/src/tests/misc/test_getsockname.c index 12efa0641b..b4f6cb44d7 100644 --- a/src/tests/misc/test_getsockname.c +++ b/src/tests/misc/test_getsockname.c @@ -46,7 +46,7 @@ main(argc, argv) /* Set server's address */ (void) memset((char *)&s_sock, 0, sizeof(s_sock)); - memcpy((char *)&s_sock.sin_addr, host->h_addr, host->h_length); + memcpy((char *)&s_sock.sin_addr, host->h_addr, sizeof(s_sock.sin_addr)); #ifdef DEBUG printf("s_sock.sin_addr is %s\n", inet_ntoa(s_sock.sin_addr)); #endif diff --git a/src/util/ChangeLog b/src/util/ChangeLog index 9a3cb27f8d..4c5f1c6330 100644 --- a/src/util/ChangeLog +++ b/src/util/ChangeLog @@ -1,3 +1,12 @@ +Mon Nov 25 21:00:24 1996 Tom Yu <tlyu@mit.edu> + + * mkrel: Add support for --srconly, --doconly, --nocheckout, + --repository, etc. They do the obvious things. + +Fri Nov 22 11:08:16 1996 Sam Hartman <hartmans@tertius.mit.edu> + + * makeshlib.sh (VERSION): Fix SunOS shared libs [226] + Tue Nov 12 17:32:08 1996 Barry Jaspan <bjaspan@mit.edu> * send-pr/send-pr.sh (MAIL_AGENT): change "[-x" to "[ -x" diff --git a/src/util/db2/obj/ChangeLog b/src/util/db2/obj/ChangeLog index d2c8bb8081..6f09fcd60e 100644 --- a/src/util/db2/obj/ChangeLog +++ b/src/util/db2/obj/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 25 16:20:35 1996 Sam Hartman <hartmans@mit.edu> + + * Makefile.in (check): Remove install rule to fix pmake problem. [236] + Wed Sep 11 18:55:38 1996 Tom Yu <tlyu@mit.edu> * Makefile.in (memmove.o): add -DMEMMOVE to compile as memmove diff --git a/src/util/db2/obj/Makefile.in b/src/util/db2/obj/Makefile.in index 4445e37c62..0c022e273d 100644 --- a/src/util/db2/obj/Makefile.in +++ b/src/util/db2/obj/Makefile.in @@ -56,10 +56,6 @@ check:: dbtest TMPDIR=$(TMPDIR) $(FCTSH) $(top_srcdir)/test/run.test install:: - cp $(LIBDB) $(libdir) - $(RANLIB) $(libdir)/$(LIBDB) - cp $(top_srcdir)/include/db.h $(includedir) - cp ../db-config.h $(includedir) clean:: rm -f $(ALL_OBJS) $(LIBDB) \ diff --git a/src/util/et/ChangeLog b/src/util/et/ChangeLog index 38d80eb7af..227dc7cafc 100644 --- a/src/util/et/ChangeLog +++ b/src/util/et/ChangeLog @@ -1,3 +1,7 @@ +Mon Nov 18 20:37:19 1996 Ezra Peisach <epeisach@mit.edu> + + * configure.in: Set shared library version to 1.0. [krb5-libs/201] + Wed Nov 13 19:19:08 1996 Tom Yu <tlyu@mit.edu> * Makefile.in (clean-unix): Remove shared/*. diff --git a/src/util/et/configure.in b/src/util/et/configure.in index 7b0cf00f70..15fd8d84df 100644 --- a/src/util/et/configure.in +++ b/src/util/et/configure.in @@ -25,5 +25,5 @@ AC_HEADER_STDARG AC_HAVE_HEADERS(stdlib.h) CopySrcHeader(com_err.h,$(BUILDTOP)/include) V5_SHARED_LIB_OBJS -V5_MAKE_SHARED_LIB(libcom_err,0.1,[$](TOPLIBD), ../util/et) +V5_MAKE_SHARED_LIB(libcom_err,1.0,[$](TOPLIBD), ../util/et) V5_AC_OUTPUT_MAKEFILE diff --git a/src/util/makeshlib.sh b/src/util/makeshlib.sh index 74c73b7056..a8afb3b11b 100644 --- a/src/util/makeshlib.sh +++ b/src/util/makeshlib.sh @@ -96,15 +96,16 @@ mips-sni-sysv4) optflags="" if test "$HAVE_GCC"x = "x" ; then - optflags="-h $library" + optflags="" + CC=ld else # XXX assumes that we're either using # recent gld (binutils 2.7?) or else using native ld - optflags="-Wl,-h -Wl,$library" + optflags="" fi echo ld -dp -assert pure-text $ldflags -o $library $optflags $FILES $libdirfl - ld -dp -assert pure-text $ldflags -o $library $optflags $FILES $libdirfl +ld -dp -assert pure-text $ldflags -o $library $optflags $FILES $libdirfl stat=$? ;; *-*-aix*) diff --git a/src/util/mkrel b/src/util/mkrel index 20b61a3af6..d072dfc7f6 100644 --- a/src/util/mkrel +++ b/src/util/mkrel @@ -1,12 +1,25 @@ #!/bin/sh -: ${repository=/afs/athena.mit.edu/astaff/project/krbdev/.cvsroot} -case $# in -2);; -*) - echo "usage: $0 release-tag release-dir" +repository=/afs/athena.mit.edu/astaff/project/krbdev/.cvsroot +dodoc=t +dosrc=t +checkout=t +while test $# -gt 2; do + case $1 in + --srconly) + dodoc=nil;; + --doconly) + dosrc=nil;; + --repository) + shift; repository=$1;; + --nocheckout) + checkout=nil;; + esac + shift +done +if test $# -lt 2; then + echo "usage: $0 [opts] release-tag release-dir" exit 1 - ;; -esac +fi reltag=$1 reldir=$2 @@ -24,37 +37,48 @@ if test ! -d $reldir; then fi echo "Checking out krb5 with tag $reltag into directory $reldir..." -(cd $reldir; cvs -q -d $repository export -r$reltag krb5) +if test $checkout = t; then + (cd $reldir; cvs -q -d $repository export -r$reltag krb5) +fi -echo "Building autoconf..." -(cd $reldir/src/util/autoconf - M4=gm4 ./configure - make) +if test $dosrc = t; then + echo "Building autoconf..." + (cd $reldir/src/util/autoconf + M4=gm4 ./configure + make) -echo "Creating configure scripts..." -(cd $reldir/src; util/reconf) + echo "Creating configure scripts..." + (cd $reldir/src; util/reconf) -echo "Cleaning src/util/autoconf..." -(cd $reldir/src/util/autoconf; make distclean) + echo "Cleaning src/util/autoconf..." + (cd $reldir/src/util/autoconf; make distclean) +fi echo "Nuking unneeded files..." find $reldir \( -name TODO -o -name todo -o -name .cvsignore \ -o -name BADSYMS -o -name .Sanitize \) -print \ | xargs rm -f -echo "Building doc..." -(cd $reldir/doc; make) +if test $dodoc = t; then + echo "Building doc..." + (cd $reldir/doc; make) +fi echo "Generating tarfiles..." -gtar --exclude $reldir/src/lib/crypto \ - --exclude $reldir/src/lib/des425 \ - -zcf ${reldir}.src.tar.gz $reldir +if test $dosrc = t; then + gtar --exclude $reldir/src/lib/crypto \ + --exclude $reldir/src/lib/des425 \ + --exclude $reldir/doc \ + -zcf ${reldir}.src.tar.gz $reldir -gtar zcf ${reldir}.crypto.tar.gz \ - $reldir/src/lib/crypto \ - $reldir/src/lib/des425 + gtar zcf ${reldir}.crypto.tar.gz \ + $reldir/src/lib/crypto \ + $reldir/src/lib/des425 +fi -gtar zcf ${reldir}.doc.tar.gz $reldir/doc $reldir/README +if test $dodoc = t; then + gtar zcf ${reldir}.doc.tar.gz $reldir/doc $reldir/README +fi ls -l ${reldir}.*.tar.gz diff --git a/src/util/pty/ChangeLog b/src/util/pty/ChangeLog index 8816ca86ba..6482c6c233 100644 --- a/src/util/pty/ChangeLog +++ b/src/util/pty/ChangeLog @@ -1,3 +1,13 @@ +Thu Dec 5 22:43:35 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * update_utmp.c (pty_update_utmp): Apply platform specific patch + so that HPUX works. (Kludge for 1.0 release) [PR#40] + +Fri Nov 22 11:52:52 1996 Sam Hartman <hartmans@mit.edu> + + * configure.in : Make sure time_t is define [203] + * update_wtmp.c (ptyint_update_wtmp): Use time_t for call to time(2). [203] + Fri Nov 15 08:33:54 1996 Ezra Peisach <epeisach@mit.edu> * update_utmp.c (pty_update_utmp): Handle case where utmp uses diff --git a/src/util/pty/configure.in b/src/util/pty/configure.in index 2394debbe0..3c6386af73 100644 --- a/src/util/pty/configure.in +++ b/src/util/pty/configure.in @@ -50,6 +50,7 @@ dnl AC_SUBST(LOGINLIBS) dnl AC_TYPE_MODE_T +AC_CHECK_TYPE(time_t, int) AC_FUNC_CHECK(strsave,AC_DEFINE(HAS_STRSAVE)) AC_HAVE_FUNCS(getutent setreuid gettosbyname setsid ttyname line_push ptsname grantpt openpty logwtmp getutmpx) AC_CHECK_HEADERS(unistd.h stdlib.h string.h utmpx.h utmp.h sys/filio.h sys/sockio.h sys/label.h sys/tty.h ttyent.h lastlog.h sys/select.h sys/ptyvar.h) diff --git a/src/util/pty/update_utmp.c b/src/util/pty/update_utmp.c index 9effab1347..3b1f741858 100644 --- a/src/util/pty/update_utmp.c +++ b/src/util/pty/update_utmp.c @@ -138,8 +138,14 @@ long pty_update_utmp (process_type, pid, username, line, host, flags) #ifdef UT_EXIT_STRUCTURE_DIFFER utx.ut_exit.ut_exit = ent.ut_exit.e_exit; #else +/* KLUDGE for now; eventually this will be a feature test... See PR#[40] */ +#ifdef __hpux + utx.ut_exit.__e_termination = ent.ut_exit.e_termination; + utx.ut_exit.__e_exit = ent.ut_exit.e_exit; +#else utx.ut_exit = ent.ut_exit; #endif +#endif utx.ut_tv.tv_sec = ent.ut_time; utx.ut_tv.tv_usec = 0; #endif diff --git a/src/util/pty/update_wtmp.c b/src/util/pty/update_wtmp.c index c2f9461ec1..7f6890230d 100644 --- a/src/util/pty/update_wtmp.c +++ b/src/util/pty/update_wtmp.c @@ -40,6 +40,7 @@ long ptyint_update_wtmp (ent , host, user) struct utmp ut; struct stat statb; int fd; + time_t uttime; #ifdef HAVE_UPDWTMPX struct utmpx utx; @@ -71,7 +72,8 @@ long ptyint_update_wtmp (ent , host, user) #ifndef NO_UT_HOST (void)strncpy(ut.ut_host, ent->ut_host, sizeof(ut.ut_host)); #endif - (void)time(&ut.ut_time); + (void)time(&uttime); + ut.ut_time = uttime; #if defined(HAVE_GETUTENT) && defined(USER_PROCESS) if (ent->ut_name) { if (!ut.ut_pid) diff --git a/src/util/send-pr/Makefile.in b/src/util/send-pr/Makefile.in index c2fc7eb498..82e6c79a25 100644 --- a/src/util/send-pr/Makefile.in +++ b/src/util/send-pr/Makefile.in @@ -1,4 +1,4 @@ -# +#l # Makefile for building a standalone send-pr. # RELEASE=1.0 @@ -24,19 +24,19 @@ install-sid: install-sid.sh sed -e 's,@ADMIN_BINDIR@,$(ADMIN_BINDIR),g' $(srcdir)/install-sid.sh > install-sid install:: all - if [ -d $(prefix) ]; then true ; else mkdir $(prefix) ; fi - if [ -d $(ADMIN_BINDIR) ]; then true ; else mkdir $(ADMIN_BINDIR) ; fi - cp send-pr $(ADMIN_BINDIR)/$(sendprname) - chmod 755 $(ADMIN_BINDIR)/$(sendprname) - if [ -d $(datadir) ] ; then true ; else mkdir $(datadir) ; fi - if [ -d $(datadir)/gnats ] ; then true ; else mkdir $(datadir)/gnats ; fi - cp $(srcdir)/categories $(datadir)/gnats/mit - chmod 644 $(datadir)/gnats/mit - -parent=`echo $(man1dir)|sed -e 's@/[^/]*$$@@'`; \ + if [ -d $(DESTDIR)$(prefix) ]; then true ; else mkdir $(DESTDIR)$(prefix) ; fi + if [ -d $(DESTDIR)$(ADMIN_BINDIR) ]; then true ; else mkdir $(DESTDIR)$(ADMIN_BINDIR) ; fi + cp send-pr $(DESTDIR)$(ADMIN_BINDIR)/$(sendprname) + chmod 755 $(DESTDIR)$(ADMIN_BINDIR)/$(sendprname) + if [ -d $(DESTDIR)$(datadir) ] ; then true ; else mkdir $(DESTDIR)$(datadir) ; fi + if [ -d $(DESTDIR)$(datadir)/gnats ] ; then true ; else mkdir $(DESTDIR)$(datadir)/gnats ; fi + cp $(srcdir)/categories $(DESTDIR)$(datadir)/gnats/mit + chmod 644 $(DESTDIR)$(datadir)/gnats/mit + -parent=`echo $(DESTDIR)$(man1dir)|sed -e 's@/[^/]*$$@@'`; \ if [ -d $$parent ] ; then true ; else mkdir $$parent ; fi - if [ -d $(man1dir) ] ; then true ; else mkdir $(man1dir) ; fi - cp $(srcdir)/send-pr.1 $(man1dir)/$(sendprname).1 - chmod 644 $(man1dir)/$(sendprname).1 + if [ -d $(DESTDIR)$(man1dir) ] ; then true ; else mkdir $(DESTDIR)$(man1dir) ; fi + cp $(srcdir)/send-pr.1 $(DESTDIR)$(man1dir)/$(sendprname).1 + chmod 644 $(DESTDIR)$(man1dir)/$(sendprname).1 clean:: rm -f install-sid send-pr send-pr.el* diff --git a/src/windows/cns/ChangeLog b/src/windows/cns/ChangeLog index 3ca9e96074..6526c65e0a 100644 --- a/src/windows/cns/ChangeLog +++ b/src/windows/cns/ChangeLog @@ -1,3 +1,11 @@ +Sat Nov 23 00:26:44 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * Makefile.in (KLIB): Change krb516.dll to krb5_16.dll. [PR#204] + +Wed Nov 20 18:32:06 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * Makefile.in (KLIB): Change libkrb5.dll to be krb516.dll + Wed Jun 12 00:20:08 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * makefile: Renamed to Makefile.in, so that we can do WIN16/WIN32 diff --git a/src/windows/cns/Makefile.in b/src/windows/cns/Makefile.in index 3fae32b43e..6ef265c032 100644 --- a/src/windows/cns/Makefile.in +++ b/src/windows/cns/Makefile.in @@ -23,7 +23,7 @@ XOBJS = !if $(KVERSION) == 5 BUILDTOP =..\.. LIBDIR = $(BUILDTOP)\lib -KLIB = $(LIBDIR)\libkrb5.lib +KLIB = $(LIBDIR)\krb5_16.lib WLIB = $(LIBDIR)\winsock.lib INCLUDES = /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5 XOBJS = kpasswd.obj diff --git a/src/windows/gss/ChangeLog b/src/windows/gss/ChangeLog index 5681c50faf..b2fa4d7b3c 100644 --- a/src/windows/gss/ChangeLog +++ b/src/windows/gss/ChangeLog @@ -1,7 +1,13 @@ +Fri Nov 22 15:52:55 1996 unknown <bjaspan@mit.edu> + + * gss-client.c (connect_to_server): use sizeof instead of h_length + to determine number of bytes of addr to copy from DNS response + [krb5-misc/211] + Tue Oct 29 10:17:25 1996 Theodore Y. Ts'o <tytso@mit.edu> * gss-client.c (client_establish_context): Fix typo; service_name - really should be nt_service_name. + really should be nt_service_name. Thu Jul 25 02:16:56 1996 Theodore Y. Ts'o <tytso@mit.edu> diff --git a/src/windows/gss/gss-client.c b/src/windows/gss/gss-client.c index 0a98774b4f..d5e8972b31 100644 --- a/src/windows/gss/gss-client.c +++ b/src/windows/gss/gss-client.c @@ -154,7 +154,7 @@ connect_to_server (char *host, u_short port) } saddr.sin_family = hp->h_addrtype; - memcpy((char *)&saddr.sin_addr, hp->h_addr, hp->h_length); + memcpy((char *)&saddr.sin_addr, hp->h_addr, sizeof(saddr.sin_addr)); saddr.sin_port = htons(port); if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { diff --git a/src/windows/wintel/ChangeLog b/src/windows/wintel/ChangeLog index 521c68f580..ea8b75ff95 100644 --- a/src/windows/wintel/ChangeLog +++ b/src/windows/wintel/ChangeLog @@ -1,3 +1,11 @@ +Sat Nov 23 00:27:45 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> + + * Makefile.in (KLIB): Change krb516.dll to krb5_16.dll. [PR#204] + +Wed Nov 20 18:32:26 1996 Theodore Y. Ts'o <tytso@mit.edu> + + * Makefile.in (KLIB): Change libkrb5.dll to be krb516.dll + Wed Jun 12 00:22:02 1996 Theodore Ts'o <tytso@rsts-11.mit.edu> * makefile: Renamed to Makefile.in, so that we can do WIN16/WIN32 diff --git a/src/windows/wintel/Makefile.in b/src/windows/wintel/Makefile.in index 7134945df0..5f49bcf6ea 100644 --- a/src/windows/wintel/Makefile.in +++ b/src/windows/wintel/Makefile.in @@ -24,7 +24,7 @@ XOBJS = !if $(KVERSION) == 5 BUILDTOP =..\.. LIBDIR = $(BUILDTOP)\lib -KLIB = $(LIBDIR)\libkrb5.lib +KLIB = $(LIBDIR)\krb5_16.lib WLIB = $(LIBDIR)\winsock.lib INCLUDES = /I$(BUILDTOP)\include /I$(BUILDTOP)\include\krb5 \ /I$(BUILDTOP)\lib\crypto\des |