Received: from SOUTH-STATION-ANNEX.MIT.EDU by po7.MIT.EDU (5.61/4.7) id AA05831; Tue, 19 Dec 95 17:35:10 EST Received: from achilles.ctd.anl.gov by MIT.EDU with SMTP id AA09071; Tue, 19 Dec 95 17:34:58 EST Received: from pembroke.ctd.anl.gov (pembroke.ctd.anl.gov [146.137.64.73]) by achilles.ctd.anl.gov (8.6.11/8.6.11) with ESMTP id QAA01246; Tue, 19 Dec 1995 16:35:03 -0600 Received: (b17783@localhost) by pembroke.ctd.anl.gov (8.6.11/8.6.11) id QAA24561; Tue, 19 Dec 1995 16:35:01 -0600 Date: Tue, 19 Dec 1995 16:35:01 -0600 Message-Id: <199512192235.QAA24561@pembroke.ctd.anl.gov> From: Doug Engert To: krb5-bugs@MIT.EDU, "Theodore Ts'o" Subject: DCE and Other Changed for 120195 SnapShot Ted, Here are the changes for the DCE compatibility we had discussed last week. I have added ccache_type and checksum_type to the [libdefaults] section of the krb5.conf file. There are changes in fcc_gennew.c, fcc_maybe.c and init_ctx.c. I have also included changes to ./config-files/krb5.conf.M which cover these changes as well as the [capaths] code. Let me know if this is satisfactory. I have built and tested the kinit, klist, rlogin and rlogind on Solaris 2.3, AIX 3.2.5 and Sunos 4.1.3. I also have built and tested the Windows code as I ran across a build problem with the ./util/pty/update_wtmp.c when building the SunOS 4.1.3 version. The WTMP_FILE variable was not defined. After rearranging the code and removing the "_" on the PATH_WTMP variable it seams to work. Someone else should look a this section of code as well. Here is a list of all the changes I have made so far (excluding some Windows changes which I have been doing at home. I have a rlogin with encryption, but not forwarding working.) They can be found at: ftp://achilles.ctd.anl.gov/pub/kerberos.v5/k56.cdiff.951219 --- ./appl/bsd/login.c Fri Dec 15 14:49:16 1995 save KRB5CCNAME environment variable, which may have been set by forward.c. Add code for SGI to set environment for its /etc/TIMEZONE (untested). Don't print MOTD twice on Suns, added #ifdef NO_MOTD --- ./appl/bsd/forward.c Tue Dec 5 15:38:30 1995 Initialized *scratch and **addrs to zero. This is based on a problem I had in 5.5. --- ./appl/bsd/krlogin.c Tue Dec 5 14:57:16 1995 Added code to default port to 543 or 2105 if service not found. --- ./appl/bsd/krsh.c Tue Dec 5 15:03:56 1995 Added code to default port to 544 if service not found. --- ./appl/bsd/kcmd.c Tue Dec 5 15:31:06 1995 Clear the sin structure to zero. Based on a problem I had seen in 5.5 --- ./appl/bsd/krlogind.c Fri Dec 8 14:13:18 1995 Added #define LOG_ALL_LOGINS --- ./config-files/krb5.conf.M Tue Dec 19 13:44:36 1995 Added DCE and [capaths] comments. --- ./lib/crypto/des/des_int.h Mon Dec 11 07:51:39 1995 Defined mit_des3_string_to_key as krb5_error_code rather then int. It caused compile problems on Windows. The des3_string_to_key function still has warning messages under windows. --- ./lib/gssapi/generic/gssapi.h Mon Dec 4 13:44:37 1995 Removed the #if sizeof(gss_uint32) != sizeof(OM_uint32) statement which would not compile under gcc 2.6.3. --- ./lib/gssapi/generic/Makefile.in Mon Dec 11 08:12:21 1995 Added ##DOS statements after gssapi_err_generic.$(OBJECT) to get it added to library on Windows --- ./lib/krb5/ccache/file/fcc_gennew.c Tue Dec 19 14:03:16 1995 Added checking of profile for DCE compatable. --- ./lib/krb5/ccache/file/fcc_maybe.c Tue Dec 19 14:03:48 1995 Added checking of profile for DCE compatable. --- ./lib/krb5/krb/walk_rtree.c Mon Dec 4 12:41:07 1995 Added links++; links--; to get a null entry on alloc. --- ./lib/krb5/krb/init_ctx.c Mon Dec 18 11:19:15 1995 Added checking of profile for DCE compatable. --- ./lib/krb5/krb/send_tgs.c Mon Dec 4 16:34:34 1995 Added using the value of kdc_req_sumtype from the context. --- ./util/pty/open_slave.c Mon Dec 11 13:03:54 1995 Added a setsid(); to get krlogind to work on Solaris 2.3 --- ./util/pty/update_wtmp.c Sun Dec 17 20:35:04 1995 Changed the definition of WTMP_FILE to get it to compile on SunOS. --- ./windows/cns/cns.c Mon Dec 11 09:56:57 1995 Added KDC_OPT_FORWARDABLE to always get a forwardable ticket. This should be an option, rather then hard coded. --- ./windows/cns/cns.rc Wed Dec 6 08:23:33 1995 Removed ES_UPPERCASE from realm name. DCE cells are lower case. Following is the complete diff file. Hope you can get most of these in the next snapshot before the holidays. Keep up the good work! Douglas E. Engert Systems Programming Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (708) 252-5444 Internet: DEEngert@anl.gov *** ./appl/bsd/,login.c Fri Dec 1 16:35:35 1995 --- ./appl/bsd/login.c Fri Dec 15 14:49:16 1995 *************** *** 258,263 **** --- 258,264 ---- char tbuf[MAXPATHLEN + 2]; char *ttyname(), *stypeof(), *crypt(), *getpass(); time_t login_time; + char *ccname = 0; /* name of forwarded cache */ int retval; off_t lseek(); *************** *** 500,506 **** (void)ioctl(0, TIOCSETC, (char *)&tc); (void)ioctl(0, TIOCSETP, (char *)&sgttyb); #endif - for (cnt = getdtablesize(); cnt > 2; cnt--) (void) close(cnt); --- 501,506 ---- *************** *** 879,884 **** --- 879,886 ---- } #endif + ccname = getenv("KRB5CCNAME"); /* save cache */ + /* destroy environment unless user has requested preservation */ envinit = (char **)malloc(MAXENVIRON * sizeof(char *)); if (envinit == 0) { *************** *** 908,913 **** --- 910,935 ---- } } #endif + /* Set login timezone for date information (PDG) */ + #ifdef __sgi__ + { + FILE *fp; + if ((fp = fopen("/etc/TIMEZONE", "r")) != NULL) { + while(fgets(tbuf, sizeof(tbuf), fp)) { + if ((tbuf[0] == '#') || (strchr(tbuf, '=') == 0)) + continue; + for (p = tbuf; *p; p++) + if (*p == '\n') { + *p = '\0'; + break; + } + envinit[i++] = strsave(tbuf); + } + fclose(fp); + } + } + #endif + sprintf(tbuf,"LOGNAME=%s",pwd->pw_name); envinit[i++] = strsave(tbuf); sprintf(tbuf,"LOGIN=%s",pwd->pw_name); *************** *** 915,920 **** --- 937,945 ---- envinit[i++] = NULL; + if (ccname) + setenv("KRB5CCNAME", ccname, 0); + setenv("HOME", pwd->pw_dir, 0); setenv("PATH", LPATH, 0); setenv("USER", pwd->pw_name, 0); *************** *** 988,994 **** --- 1013,1021 ---- if (!krbflag && !fflag && !Fflag && !eflag ) printf("\nWarning: No Kerberos tickets obtained.\n\n"); #endif /* KRB4 */ + #ifndef NO_MOTD motd(); + #endif (void)sprintf(tbuf, "%s/%s", MAILDIR, pwd->pw_name); if (stat(tbuf, &st) == 0 && st.st_size != 0) printf("You have %smail.\n", *** ./appl/bsd/,forward.c Sun Jun 11 01:19:23 1995 --- ./appl/bsd/forward.c Tue Dec 5 15:38:30 1995 *************** *** 93,101 **** krb5_data *out_buf; { krb5_replay_data replaydata; ! krb5_data * scratch; struct hostent *hp; ! krb5_address **addrs; krb5_error_code retval; krb5_creds tgt, creds, *pcreds; krb5_ccache cc; --- 93,101 ---- krb5_data *out_buf; { krb5_replay_data replaydata; ! krb5_data * scratch = 0; struct hostent *hp; ! krb5_address **addrs = 0; krb5_error_code retval; krb5_creds tgt, creds, *pcreds; krb5_ccache cc; *** ./appl/bsd/,krlogin.c Thu Nov 2 15:18:57 1995 --- ./appl/bsd/krlogin.c Tue Dec 5 14:57:16 1995 *************** *** 309,314 **** --- 309,315 ---- #endif struct passwd *pwd; struct servent *sp; + struct servent defaultservent = {0,0,0,0}; int uid, options = 0; #ifdef POSIX_SIGNALS struct sigaction sa; *************** *** 474,483 **** else sp = getservbyname("klogin","tcp"); if (sp == 0) { ! fprintf(stderr, "rlogin: %s/tcp: unknown service\n", ! encrypt_flag ? "eklogin" : "klogin"); ! ! try_normal(orig_argv); } #else sp = getservbyname("login", "tcp"); --- 475,482 ---- else sp = getservbyname("klogin","tcp"); if (sp == 0) { ! sp = &defaultservent; /* ANL */ ! sp->s_port = encrypt_flag ? htons(2105) : htons(543); } #else sp = getservbyname("login", "tcp"); *** ./appl/bsd/,krsh.c Thu Nov 2 15:18:58 1995 --- ./appl/bsd/krsh.c Tue Dec 5 15:03:56 1995 *************** *** 130,135 **** --- 130,136 ---- fd_set readfrom, ready; int one = 1; struct servent *sp; + struct servent defaultservent = {0,0,0,0}; #ifdef POSIX_SIGNALS sigset_t omask, igmask; *************** *** 319,326 **** #endif /* KERBEROS */ if (sp == 0) { #ifdef KERBEROS ! fprintf(stderr, "rsh: kshell/tcp: unknown service\n"); ! try_normal(argv0); #else fprintf(stderr, "rsh: shell/tcp: unknown service\n"); #endif /* KERBEROS */ --- 320,327 ---- #endif /* KERBEROS */ if (sp == 0) { #ifdef KERBEROS ! sp = &defaultservent; ! sp->s_port = htons(544); #else fprintf(stderr, "rsh: shell/tcp: unknown service\n"); #endif /* KERBEROS */ *** ./appl/bsd/,kcmd.c Sun Jun 11 01:19:26 1995 --- ./appl/bsd/kcmd.c Tue Dec 5 15:31:06 1995 *************** *** 397,402 **** --- 397,403 ---- struct sockaddr_in sin; int s; + memset((char *) &sin, 0,sizeof(sin)); sin.sin_family = AF_INET; sin.sin_addr.s_addr = INADDR_ANY; s = socket(AF_INET, SOCK_STREAM, 0); *** ./appl/bsd/,krlogind.c Thu Nov 16 20:28:33 1995 --- ./appl/bsd/krlogind.c Fri Dec 8 14:13:18 1995 *************** *** 99,104 **** --- 99,105 ---- */ #define LOG_REMOTE_REALM #define CRYPT + #define LOG_ALL_LOGINS #ifdef HAVE_UNISTD_H *************** *** 726,732 **** ** turning off echo on the slave side ... ** The master blocks here until it reads a byte. */ ! (void) close(syncpipe[1]); if (read(syncpipe[0], &c, 1) != 1) { /* --- 727,733 ---- ** turning off echo on the slave side ... ** The master blocks here until it reads a byte. */ ! (void) close(syncpipe[1]); if (read(syncpipe[0], &c, 1) != 1) { /* *** ./config-files/,krb5.conf.M Fri Sep 1 22:27:35 1995 --- ./config-files/krb5.conf.M Tue Dec 19 13:44:36 1995 *************** *** 78,83 **** --- 78,90 ---- Contains relations which determine how Kerberos entities are to perform their logging. + .IP [capaths] + Contains the authentication paths used with non-hierarchical + cross-realm. Entries in the section are used by the client to + determine the intermediate realms which may be used in cross-realm + authentication. It is also used by the end-service when checking + the transited field for trusted intermediate realms. + .PP Each of these sections will be covered in more details in the *************** *** 102,107 **** --- 109,128 ---- KDC and in order to correct for an inaccurate system clock. This corrective factor is only used by the Kerberos library. + .IP checksum_type + For compatability with DCE security servers which do not support + the default CKSUMTYPE_RSA_MD5 used by this version of Kerberos. Use + a value of 2 to use the CKSUMTYPE_RSA_MD4 instead. This applies to + DCE 1.1 and earlier. + + .IP ccache_type + User this parameter on systems which are DCE clients, to specify the + type of cache to be created by kinit, or when forwarded tickets are + received. DCE and Kerberos can share the cache, but some versions + of DCE do not support the default cache as created by this version of + Kerberos. Use a value of 1 on DCE 1.0.3a systems, and a value of 2 + on DCE 1.1 systems. + .SH REALMS SECTION Each tag in the [realms] section of the file names a Kerberos realm. *************** *** 257,262 **** --- 278,389 ---- .in -1i .fi .sp + + .SH CAPATHS SECTION + + Cross-realm authentication is typically organized hierarchically. + This hierarchy is based on the name of the realm, which thus imposes + restrictions on the choice of realm names, and on who may participate + in a cross-realm authentication. A non hierarchical orgization may + be used, but requires a database to construct the authentication + paths between the realms. This section defines that database. + + A client will use this section to find the authentication path between + its realm and the realm of the server. The server will use this section + to verify the authentication path used be the client, by checking + the transited field of the received ticket. + + There is a tag name for each participating realm, and each tag + has subtags for each of the realms. The value of the subtags is + an intermediate realm which may participate in the cross-realm + authentication. The subtags may be repeated if there is more then + one intermediate realm. A value of "." means that the two realms + share keys directly, and no intermediate realms should + be allowd to participate. + + There are n**2 possible entries in this table, but only those + entries which will be needed on the client or the server need to be + present. The client needs a tag for its local realm, with subtags + for all the realms of servers it will need to authenticate with. + A server needs a tag for each realm of the clients it will serve. + + For example, ANL.GOV, PNL.GOV, and NERSC.GOV all wish to use the ES.NET + realm as an intermediate realm. ANL has a sub realm of TEST.ANL.GOV + which will authenticate with NERSC.GOV but not PNL.GOV. + The [capath] section for ANL.GOV systems would look like this: + + .sp + .nf + .in +1i + [capaths] + ANL.GOV = { + TEST.ANL.GOV = . + PNL.GOV = ES.NET + NERSC.GOV = ES.NET + ES.NET = . + } + TEST.ANL.GOV = { + ANL.GOV = . + } + PNL.GOV = { + ANL.GOV = ES.NET + } + NERSC.GOV = { + ANL.GOV = ES.NET + } + ES.NET = { + ANL.GOV = . + } + .in -1i + .fi + .sp + + The [capath] section of the configuration file used on NERSC.GOV + systems would look like this: + + .sp + .nf + .in +1i + [capaths] + NERSC.GOV = { + ANL.GOV = ES.NET + TEST.ANL.GOV = ES.NET + TEST.ANL.GOV = ANL.GOV + PNL.GOV = ES.NET + ES.NET = . + } + ANL.GOV = { + NERSC.GOV = ES.NET + } + PNL.GOV = { + NERSC.GOV = ES.NET + } + ES.NET = { + NERSC.GOV = . + } + TEST.ANL.GOV = { + NERSC.GOV = ANL.GOV + NERSC.GOV = ES.NET + } + + } + .in -1i + .fi + .sp + + In the above examples, the ordering is not important, except + when the same subtag name is used more then once. The client + will use this to determing the path. (It is not important to the + server, since the transited field is not sorted.) + + If this section is not present, or if the client or server cannot + find a client/server path, then normal hierarchical orginization + is assumed. + + This feature is not currently supported by DCE. DCE security servers + can be used with Kerberized clients and servers, but versions prior + to DCE 1.1 did not fill in the transited field, and should be used + with caution. .SH FILES /etc/krb5.conf *** ./lib/crypto/des/,des_int.h Tue Nov 28 10:35:26 1995 --- ./lib/crypto/des/des_int.h Mon Dec 11 07:51:39 1995 *************** *** 229,235 **** mit_des3_key_schedule schedule)); /* d3_str2ky.c */ ! extern int mit_des3_string_to_key PROTOTYPE((const krb5_encrypt_block FAR * eblock, krb5_keyblock FAR * keyblock, const krb5_data FAR * data, --- 229,235 ---- mit_des3_key_schedule schedule)); /* d3_str2ky.c */ ! extern krb5_error_code mit_des3_string_to_key PROTOTYPE((const krb5_encrypt_block FAR * eblock, krb5_keyblock FAR * keyblock, const krb5_data FAR * data, *** ./lib/gssapi/generic/,gssapi.h Fri Nov 17 21:22:58 1995 --- ./lib/gssapi/generic/gssapi.h Mon Dec 4 13:44:37 1995 *************** *** 128,135 **** * We have included the xom.h header file. Verify that OM_uint32 is defined * correctly. */ ! #if sizeof(gss_uint32) != sizeof(OM_uint32) /**/#error Incompatible definition of OM_uint32 from xom.h #endif typedef OM_object_identifier gss_OID_desc, *gss_OID; --- 128,137 ---- * We have included the xom.h header file. Verify that OM_uint32 is defined * correctly. */ ! #if 0 ! #if sizeof(gss_uint32) != sizeof(OM_uint32) /**/#error Incompatible definition of OM_uint32 from xom.h + #endif #endif typedef OM_object_identifier gss_OID_desc, *gss_OID; *** ./lib/gssapi/generic/,Makefile.in Fri Nov 17 21:22:55 1995 --- ./lib/gssapi/generic/Makefile.in Mon Dec 11 08:12:21 1995 *************** *** 22,27 **** --- 22,32 ---- gssapi_err_generic.$(OBJEXT): gssapi_err_generic.c $(CC) $(CFLAGS) -c $*.c + ##DOS!if defined(LIBNAME) + ##DOS!if "$(LIBCMD)"!="rem" + ##DOS $(LIBCMD) /nologo $(LIBNAME) -+$@; + ##DOS!endif + ##DOS!endif @SHARED_RULE_LOCAL@ gssapi_err_generic.h: gssapi_err_generic.et *** ./lib/krb5/ccache/file/,fcc_gennew.c Mon Sep 11 20:14:07 1995 --- ./lib/krb5/ccache/file/fcc_gennew.c Tue Dec 19 14:03:16 1995 *************** *** 106,115 **** retcode = krb5_fcc_interpret(context, errno); goto err_out; } else { ! krb5_int16 fcc_fvno = htons(KRB5_FCC_DEFAULT_FVNO); krb5_int16 fcc_flen = 0; int errsave, cnt; /* Ignore user's umask, set mode = 0600 */ #ifdef NOFCHMOD #ifndef NOCHMOD --- 106,124 ---- retcode = krb5_fcc_interpret(context, errno); goto err_out; } else { ! krb5_int16 fcc_fvno; krb5_int16 fcc_flen = 0; int errsave, cnt; + int newcachetype; + /* DCE 1.0.3a only supports a cache type of 1 */ + /* DCE 1.1 suports a cache type of 2 */ + /* DCE add a ccache_type = 1 or 2 to krb5.conf */ + profile_get_integer(context->profile,"libdefaults", + "ccache_type", 0, (KRB5_FCC_DEFAULT_FVNO - 0x0500), + &newcachetype); + newcachetype = newcachetype + 0x0500; + fcc_fvno = htons(newcachetype); /* Ignore user's umask, set mode = 0600 */ #ifdef NOFCHMOD #ifndef NOCHMOD *************** *** 127,133 **** goto err_out; } /* For version 4 we save a length for the rest of the header */ ! if (KRB5_FCC_DEFAULT_FVNO == KRB5_FCC_FVNO_4) { if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen))) != sizeof(fcc_flen)) { errsave = errno; --- 136,142 ---- goto err_out; } /* For version 4 we save a length for the rest of the header */ ! if (newcachetype == KRB5_FCC_FVNO_4) { if ((cnt = write(ret, (char *)&fcc_flen, sizeof(fcc_flen))) != sizeof(fcc_flen)) { errsave = errno; *** ./lib/krb5/ccache/file/,fcc_maybe.c Wed Nov 15 21:08:09 1995 --- ./lib/krb5/ccache/file/fcc_maybe.c Tue Dec 19 14:03:48 1995 *************** *** 253,258 **** --- 253,266 ---- /* write the version number */ int errsave, cnt; + /* DCE 1.0.3a only supports a cache type of 1 */ + /* DCE 1.1 suports a cache type of 2 */ + /* DCE add a ccache_type = 1 or 2 to krb5.conf */ + profile_get_integer(context->profile,"libdefaults", + "ccache_type", 0, (KRB5_FCC_DEFAULT_FVNO - 0x0500), + &krb5_fcc_default_format); + krb5_fcc_default_format = krb5_fcc_default_format + 0x0500; + fcc_fvno = htons(krb5_fcc_default_format); data->version = krb5_fcc_default_format; if ((cnt = write(fd, (char *)&fcc_fvno, sizeof(fcc_fvno))) != *** ./lib/krb5/krb/,walk_rtree.c Wed Nov 15 09:24:43 1995 --- ./lib/krb5/krb/walk_rtree.c Mon Dec 4 12:41:07 1995 *************** *** 138,143 **** --- 138,144 ---- cap_nodes[links] = cap_server; /* put server on end of list */ /* this simplifies the code later and make */ /* cleanup eaiser as well */ + links++; /* count the null entry at end */ } else { /* no path use hierarchical method */ krb5_xfree(cap_names[2]); /* failed, don't need server string */ #endif *************** *** 227,232 **** --- 228,234 ---- return retval; } #ifdef CONFIGURABLE_AUTHENTICATION_PATH + links--; /* dont count the null entry on end */ if (cap_code == 0) { /* found a path above */ tmpcrealm.data = client->data; tmpcrealm.length = client->length; *** ./lib/krb5/krb/,init_ctx.c Tue Sep 12 11:42:57 1995 --- ./lib/krb5/krb/init_ctx.c Mon Dec 18 11:19:15 1995 *************** *** 53,59 **** "clockskew", 0, 5 * 60, &tmp); ctx->clockskew = tmp; ! ctx->kdc_req_sumtype = CKSUMTYPE_RSA_MD5; ctx->kdc_default_options = KDC_OPT_RENEWABLE_OK; profile_get_integer(ctx->profile, "libdefaults", "kdc_timesync", 0, 0, --- 53,65 ---- "clockskew", 0, 5 * 60, &tmp); ctx->clockskew = tmp; ! ! /* DCE 1.1 and below only support CKSUMTYPE_RSA_MD4 (2) */ ! /* DCE add checksum_type = 2 to krb5.conf */ ! profile_get_integer(ctx->profile, "libdefaults", ! "checksum_type", 0, CKSUMTYPE_RSA_MD5, &tmp); ! ctx->kdc_req_sumtype = tmp; ! ctx->kdc_default_options = KDC_OPT_RENEWABLE_OK; profile_get_integer(ctx->profile, "libdefaults", "kdc_timesync", 0, 0, *** ./lib/krb5/krb/,send_tgs.c Tue Sep 12 11:43:15 1995 --- ./lib/krb5/krb/send_tgs.c Mon Dec 4 16:34:34 1995 *************** *** 44,50 **** returns system errors */ ! extern krb5_cksumtype krb5_kdc_req_sumtype; static krb5_error_code krb5_send_tgs_basic(context, in_data, in_cred, outbuf) --- 44,50 ---- returns system errors */ ! /* extern krb5_cksumtype krb5_kdc_req_sumtype; */ static krb5_error_code krb5_send_tgs_basic(context, in_data, in_cred, outbuf) *************** *** 63,72 **** /* Generate checksum */ if ((checksum.contents = (krb5_octet *) ! malloc(krb5_checksum_size(context, krb5_kdc_req_sumtype))) == NULL) return(ENOMEM); ! if ((retval = krb5_calculate_checksum(context, krb5_kdc_req_sumtype, in_data->data, in_data->length, (krb5_pointer) in_cred->keyblock.contents, in_cred->keyblock.length, --- 63,74 ---- /* Generate checksum */ if ((checksum.contents = (krb5_octet *) ! malloc(krb5_checksum_size(context, ! context->kdc_req_sumtype))) == NULL) return(ENOMEM); ! if ((retval = krb5_calculate_checksum(context, ! context->kdc_req_sumtype, in_data->data, in_data->length, (krb5_pointer) in_cred->keyblock.contents, in_cred->keyblock.length, *** ./util/pty/,open_slave.c Fri Aug 11 14:48:16 1995 --- ./util/pty/open_slave.c Mon Dec 11 13:03:54 1995 *************** *** 36,41 **** --- 36,44 ---- #endif + #ifdef HAVE_SETSID + (void) setsid(); + #endif /* First, chmod and chown the slave*/ /* *** ./util/pty/,update_wtmp.c Mon Oct 23 12:32:07 1995 --- ./util/pty/update_wtmp.c Sun Dec 17 20:35:04 1995 *************** *** 21,32 **** #include "libpty.h" #include "pty-int.h" - #if !defined(WTMP_FILE) && defined(_PATH_WTMP) - #define WTMP_FILE _PATH_WTMP - #endif /* Other cases go here as necessary; else use /usr/adm/wtmp*/ #ifndef PATH_WTMP #define PATH_WTMP "/usr/adm/wtmp" #endif long ptyint_update_wtmp (ent , host) --- 21,32 ---- #include "libpty.h" #include "pty-int.h" /* Other cases go here as necessary; else use /usr/adm/wtmp*/ #ifndef PATH_WTMP #define PATH_WTMP "/usr/adm/wtmp" + #endif + #if !defined(WTMP_FILE) && defined(PATH_WTMP) + #define WTMP_FILE PATH_WTMP #endif long ptyint_update_wtmp (ent , host) *** ./windows/cns/,cns.c Tue May 30 19:30:19 1995 --- ./windows/cns/cns.c Mon Dec 11 09:56:57 1995 *************** *** 2030,2036 **** creds.times.endtime = sec + 60L * lifetime; creds.times.renew_till = 0; ! code = krb5_get_in_tkt_with_password(k5_context, 0, NULL, NULL, NULL, password, k5_ccache, &creds, 0); } while (0); --- 2030,2037 ---- creds.times.endtime = sec + 60L * lifetime; creds.times.renew_till = 0; ! code = krb5_get_in_tkt_with_password(k5_context, ! KDC_OPT_FORWARDABLE, NULL, NULL, NULL, password, k5_ccache, &creds, 0); } while (0); *** ./windows/cns/,cns.rc Thu Apr 27 16:00:33 1995 --- ./windows/cns/cns.rc Wed Dec 6 08:23:33 1995 *************** *** 65,71 **** CONTROL "&Realm", IDD_LOGIN_REALM_TITLE, "STATIC", SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 184, 69, 26, 8 CONTROL "", IDD_LOGIN_NAME, "EDIT", ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 6, 79, 84, 12 CONTROL "", IDD_LOGIN_PASSWORD, "EDIT", ES_LEFT | ES_AUTOHSCROLL | ES_PASSWORD | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 95, 79, 84, 12 ! CONTROL "", IDD_LOGIN_REALM, "EDIT", ES_LEFT | ES_AUTOHSCROLL | ES_UPPERCASE | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 184, 79, 84, 12 #endif CONTROL "&Change Password...", IDD_CHANGE_PASSWORD, "BUTTON", BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 6, 96, 74, 14 CONTROL "&Delete", IDD_TICKET_DELETE, "BUTTON", BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 122, 96, 52, 14 --- 65,71 ---- CONTROL "&Realm", IDD_LOGIN_REALM_TITLE, "STATIC", SS_LEFT | WS_CHILD | WS_VISIBLE | WS_GROUP, 184, 69, 26, 8 CONTROL "", IDD_LOGIN_NAME, "EDIT", ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 6, 79, 84, 12 CONTROL "", IDD_LOGIN_PASSWORD, "EDIT", ES_LEFT | ES_AUTOHSCROLL | ES_PASSWORD | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 95, 79, 84, 12 ! CONTROL "", IDD_LOGIN_REALM, "EDIT", ES_LEFT | ES_AUTOHSCROLL | WS_CHILD | WS_VISIBLE | WS_BORDER | WS_TABSTOP, 184, 79, 84, 12 #endif CONTROL "&Change Password...", IDD_CHANGE_PASSWORD, "BUTTON", BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 6, 96, 74, 14 CONTROL "&Delete", IDD_TICKET_DELETE, "BUTTON", BS_PUSHBUTTON | WS_CHILD | WS_VISIBLE | WS_TABSTOP, 122, 96, 52, 14