Thu May 15 18:06:07 1997  Mark Eichin  <eichin@cygnus.com>

	* v4rcp.c (answer_auth): if KRB5_CONFIG is set, drop privileges.

Thu May 15 14:52:13 1997  Michael L. Graff  <explorer@rtl.cygnus.com>

	* kcmd.c (setreuid): don't compile this -- it isn't needed.

Thu May 15 00:02:40 1997  Ken Raeburn  <raeburn@cygnus.com>

	* v4rcp.c (kstream_create_rcp_from_fd): Allocate correct amount of
	storage for data structure.
	(kstream_create_from_fd): Ditto.

Tue May  6 14:41:09 1997  Ken Raeburn  <raeburn@cygnus.com>

	* login.c (main): Call rootterm on the full pathname as well as
	the short name of the device.

Fri Apr 25 18:35:06 1997  Marc Horowitz  <marc@cygnus.com>

	* login-auth.c (main): update login-auth to use the new functions,
 	just like login.c.

Thu Apr 24 16:46:52 1997  Ken Raeburn  <raeburn@cygnus.com>

	* krsh.c (main): Check return status from krb5_get_host_realm.
	* krcp.c (main): Ditto.
	* krlogin.c (main): Ditto.

Mon Mar 31 22:08:06 1997  Ken Raeburn  <raeburn@raeburn.org>

	* krcp.c (source): Cast file size to long, since it might be wider
	(e.g., on NetBSD).  If the value really is larger than that, we're
	just going to lose anyways.
	* v4rcp.c (source): Ditto.

Wed Mar 26 13:56:00 1997  Mark W. Eichin  <eichin@cygnus.com>

	* v4rcp.c: use strerror instead of sys_errlist, and compensate the
	way ftpd.c does for older systems.
	* configure.in: test for strerror and sys_errlist declaration.

Tue Mar 25 16:35:46 1997  Mark W. Eichin  <eichin@kitten.gen.ma.us>

	* krcp.c (main): treat -1 from kcmd as "already printed error
	message."  Do a premptive gethostbyname to handle unknown host
	without a fallback.

	* kcmd.c (kcmd): return errno or krb5 status values instead of -1,
	since the caller is expecting them anyway.  Only return -1 if the
	error was already printed.

Mon Mar 24 12:36:55 1997  Jeremy Allison <jra@cygnus.com>

	* configure.in: Added check for advapi32 lib for NT.

Tue Mar 11 20:46:11 1997  Mark Eichin  <eichin@cygnus.com>

	* login.c (have_v5_tickets): use krb5_free_cred_contents, *not*
	krb5_free_creds, since creds in an automatic.
	(main): only krb5_cc_close the ccache if we got_v5_tickets,
	otherwise it isn't initialized.

Mon Mar  3 17:29:52 1997  Michael Graff  <explorer@cygnus.com>

	* krlogin.c: only include <sys/tty.h> if HAVE_SYS_TTY_H is defined.

Mon Mar  3 16:02:38 1997  Marc Horowitz  <marc@cygnus.com>

	* login.c (main): don't try to create a ccache and write stuff to
 	it unless get_init_creds was actually successful.

Wed Feb 26 17:48:07 1997  Marc Horowitz  <marc@cygnus.com>

	* login.c (main): update login to use new
 	krb5_get/verify_init_creds functions.  This has the beneficial
 	side effect of making all the disk ccache management occur as the
 	user, which eliminates a difficult class of /tmp race conditions.

Thu Feb 20 23:28:45 1997  Ken Raeburn  <raeburn@cygnus.com>

	* kcmd.c (kcmd): Print reason for fwd_tgt_creds failure.

	* login-auth.c (read_env_vars_from_file): Open specified file, not
	always /etc/environment.
	* login.c (read_env_vars_from_file): Ditto.

Wed Feb 19 01:21:44 1997  Mark Eichin  <eichin@cygnus.com>

	* getdtablesize.c (getdtablesize): if we don't have getrlimit,
	just fake it and return 256 entries.
	* setenv.c (getenv): don't build getenv if we've got it already.
	(This is referenced by ftp.)
	* configure.in: test for getenv, getrlimit.

Wed Feb 12 03:17:02 1997  Chris Provenzano  <proven@cygnus.com>
 
	* krlogin.c, krsh.c, krcp.c: Added --version option.
        * login-auth.c, login.c, krlogind.c, krshd.c: 
	Use getopt_long() and added --version option.
	* krlogin.c, krsh.c: Do not fall back if a kerbnet specific option
	is specificed on the command line. This addresses PR 11384
        Added --Forwardable and --noForwardable options to mirror behavior
        of --forwardable and --noforwardable. These can be abreviated to
        --F and --noF and not conflict with --forward and --noforward.

Fri Feb  7 01:53:11 1997  Mark Eichin  <eichin@cygnus.com>

	* configure.in: let tests for /etc/environment and /etc/TIMEZONE
	succeed when cross-compiling, since runtime code just tries to
	open the file and silently ignores their absence.

Thu Jan  2 17:51:06 1997  Ken Raeburn  <raeburn@cygnus.com>

	* krlogind.c (recvauth): Don't cleanup by reading strings from the
	net if compat_recvauth fails; they might not have been sent.

	* kcmd.c (kcmd): Use error table base offset when checking for
	KRB5KRB_ERR_GENERIC; the number that comes across is the table
	offset.  Make "error text sent from server" a non-sentence, so
	it's more clearly bound to the text (from the server) printed
	immediately after it.

	* configure.in: Check for sys/ttold.h.
	* krlogin.c: Don't include it if it's not available.

Tue Dec  3 20:57:33 1996  Mark Eichin  <eichin@cygnus.com>

	* loginpaths.h: catch generic SVR4 systems as __unix__ and no
	other more specific match.

	* krlogin.c: if HAVE_STREAMS, always pull in sys/tty.h and
	sys/ttold.h, to provide struct ltchars on SVR4 systems (still test
	for sys/ptyvar.h seperately, however.)

Thu Sep 26 14:43:17 1996  Chris Provenzano  <proven@cygnus.com>

        * Makefile.in: Changes to allow to different packaging
        Currently there is pkg-all, pkg-server, and pkg-client

Thu Aug 15 17:55:01 1996  Ken Raeburn  <raeburn@cygnus.com>

	* configure.in: Check AC_C_CROSS only once.

Sun Aug 11 17:30:39 1996  Chris Provenzano  <proven@cygnus.com>

	* v4rcp.c : #include <fcntl.h> for O_* flags.

Sat Aug 10 00:43:17 1996  Ken Raeburn  <raeburn@cygnus.com>

	* forward.c (rd_and_store_for_creds): Unlink ccache before
	creating.

Wed Jul 24 23:04:52 1996  Ken Raeburn  <raeburn@cygnus.com>

	* configure.in: Look for remsh, and use that in preference to rsh
	as fallback.

Tue Jul 23 02:40:24 1996  Ken Raeburn  <raeburn@cygnus.com>

	* login.c (have_v5_tickets): Check that some credentials are
	actually found in the file.
	(afs_login): If aklog is supposed to be run, give warnings if
	aklog isn't found or if no Kerberos tickets are available.

Fri Jul 12 15:24:02 1996  Ken Raeburn  <raeburn@cygnus.com>

	* login-auth.c: Update some comments.
	(main): Print more specific message for root-login-disallowed.

	* configure.in: Build login-auth for aix3* as well as aix4*.

Wed Jul 10 02:54:52 1996  Ken Raeburn  <raeburn@cygnus.com>

	* kcmd.c (kcmd): Make sure -1 is returned in all cases where the
	actual error message has been printed.  Don't print krb5 "generic
	error" message, only the associated text.
	* krlogin.c (main): Don't print a message if -1 is returned from
	kcmd.
	* krsh.c (main): Ditto.

Mon Jul  8 15:01:46 1996  Ken Raeburn  <raeburn@cygnus.com>

	* login.c (verify_krb_v5_tgt): Use separate auth context for
	rd_req than for mk_req, and set it up with a null rcache.
	* login-auth.c (verify_krb_v5_tgt): Ditto.

Mon Jul  8 13:44:39 1996  Mark Eichin  <eichin@cygnus.com>

	* v4rcp.c (getdtablesize): eliminate local copy.
	(kstream_write): eliminate srandom/random in favor of
	krb5_random_confounder.
	Add sys/socket.h to includes (v4 had it internal to krb.h.)
	(utimes): clone utimes-emulation from v5 krcp.c (should perhaps be
	changed to use AC_REPLACE_FUNC...)
	Declare getenv.

Sat Jul  6 16:39:28 1996  Mark W. Eichin  <eichin@kitten.gen.ma.us>

	* v4rcp.c (answer_auth): use inet_aton only if we have it;
	otherwise fake it with inet_addr.
	* configure.in: check_func for inet_aton.

Sat Jul  6 13:44:31 1996  Chris Provenzano   <proven@cygnus.com>

	* login.c : Change automatic initialized structures and arrays
	to static initialized structures and arrays for K+R compilers.

Tue Jul  2 19:37:52 1996  Mark Eichin  <eichin@cygnus.com>

	* krshd.c (envinit): clarified initializations, labeled all slot
	reservations (SAVEENVPAD, KRBPAD, ADDRPAD are lists of zeroes.)
	Move TZ to always be slot 5, even on the cray. Added space for the
	local and remote addresses.
	(doit): add a getsockname to save the correct local address for
	the child. Set KRB5LOCALADDR and KRB5REMOTEADDR to literal IP
	addresses since the child is on the wrong side of a pipe and can't
	recover them directly.
	* v4rcp.c (kstream): add common "writelen" field for the length of
	inbuf and outbuf.
	(kstream_create_rcp_from_fd): initialze new fields.
	(kstream_write): grab a big enough buffer (since this is called
	with chunks that may correspond to the *filesystem* blocksize,
	which is usually larger than BUFSIZ.) Also skip the first four
	bytes of outbuf so that the encryption is done on an 8 byte
	boundary (if malloc is correctly aligned, malloc+8 should also
	be.)
	(answer_auth): don't try to getpeername or getsockname, since
	we're run under a pipe; just use KRB5LOCALADDR and KRB5REMOTEADDR
	which are now provided by kshd (and fail if they are not present.)
	This is safe because if they're wrong, it just means that the
	mutual authentication will fail.

Thu Jun 27 23:32:41 1996  Mark Eichin  <eichin@cygnus.com>

	* Makefile.in (all, clean, install, v4rcp): add v4rcp installation
	and build rules.
	* krshd.c: if we got a V4 connection and the command is rcp, use
	the v4rcp backend to handle encryption.
	* v4rcp.c: based on Cygnus CNS V4 rcp, stripped down to eliminate
	user commands (and truncated usage message.)  Includes a fake
	subset of the kstream interface that only handles "rcp -x" mode.
	* v4rcp.M: new file, documents v4rcp support.

Wed Jun 26 22:19:06 1996  Ken Raeburn  <raeburn@cygnus.com>

	* login-auth.c: Comment updates.
	(main): Enhance debugging code slightly.

	* kcmd.c (ruserok, _validuser, _checkhost): Don't ever define.
	Keep the functions in case this is wrong.

Tue Jun 25 19:51:07 1996  Mark Eichin  <eichin@cygnus.com>

	* krshd.c (doit): ignore SIGPIPE in the child, check the return
	status of write instead.
	Added comments labelling the various file descriptors.
	Cleaned up formatting somewhat.
	Check for failure of write to child stdin pipe, and stop reading.
	Check for output from child before checking for input from net, to
	reduce potential for missed output.
	(cleanup): moved before doit, to eliminate need for declaration.
  	Added an argument, to allow reporting of what signal kshd died
	on, and report that the daemon terminated, not the shell.

Thu Jun 20 18:54:04 1996  Mark Eichin  <eichin@cygnus.com>

	* krshd.c: fix global-change typo in !KERBEROS branch.

Sun Jun  9 14:07:19 1996  Chris Provenzano  <proven@cygnus.com>

	* krlogin.c: If kerberized rlogin fails, make sure ucb rlogin
	has correct arguments. PR 9846
 	* Makefile.in, configure.in, login.c, krcp.c, krlogin.c, krlogind.c:
	Merge changes from main line to 96q1 branch to get login-auth to 
	build on the branch. 

Sat Jun  8 00:27:43 1996  Ken Raeburn  <raeburn@cygnus.com>

	* login-auth.c: New file, copied from login.c and cut down to
	work as an authentication method for AIX 4.1.  Still need to
	figure out more about interfacing with AIX properly....
	* configure.in: Set LOGIN_AUTH to login-auth on AIX.
	* Makefile.in (login-auth): New rules for building it.
	(LOGIN_AUTH): New variable.
	(all, install, clean): Handle $(LOGIN_AUTH), whether empty or
	not.
	(OBJS): Add login-auth.o.

Thu May 23 00:26:27 1996  Chris Provenzano  <proven@cygnus.com>

	* krcp.c, krlogin.c, krsh.c : Update to use new getopt_long().
	* Makefile.in : link with new misc library

Mon May 20 15:57:01 1996  Ken Raeburn  <raeburn@cygnus.com>

	* login.c (main): Don't accept login without a password if the
	account is unknown.  Don't use TIOCNXCL on AIX; it crashes 4.1.4
	when used on a pty.

Wed May 15 17:46:17 1996  Mark Eichin  <eichin@cygnus.com>

	* kcmd.c (kcmd): only block SIGURG if it exists.

Wed May  8 17:59:21 1996  Chris Provenzano  <proven@cygnus.com>

	* login.c : Rework option parsing. Use [appdefaults] section
	instead of [libdefaults] section.

