[SCM] GNU Inetutils branch, master, updated. inetutils-1_9

commit-inetutils
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-262-g2b218

From:	Mats Erik Andersson
Subject:	[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-262-g2b21870
Date:	Fri, 22 Mar 2013 09:36:20 +0000
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU Inetutils ".

The branch, master has been updated
       via  2b21870677d919c10c7a3fee1adf5b9ef03887ec (commit)
       via  18be9337a6af422b869b3e017852aa4a447ea1dd (commit)
      from  139b77d07863a2620c63901681e6e20d2298a763 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=2b21870677d919c10c7a3fee1adf5b9ef03887ec


commit 2b21870677d919c10c7a3fee1adf5b9ef03887ec
Author: Mats Erik Andersson <address@hidden>
Date:   Fri Mar 22 10:35:06 2013 +0100

    Detection of Kerberos5.

diff --git a/ChangeLog b/ChangeLog
index dc3c639..ea79052 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2013-03-22  Mats Erik Andersson  <address@hidden>
+
+       Detection of Kerberos5.
+
+       * configure.ac: Only search for Kerberos headers
+       if they were explicitly requested.
+       * telnet/utilities.c (printsub)
+       [AUTHENTICATION || ENCRYPTION]: Define BUF if
+       either macro is defined.
+       * telnetd/utility.c (printsub): Likewise.
+
 2013-03-21  Mats Erik Andersson  <address@hidden>
 
        ftpd: Portability of PAM to Solaris.
diff --git a/configure.ac b/configure.ac
index 4232703..2cdb1ab 100644
--- a/configure.ac
+++ b/configure.ac
@@ -339,6 +339,9 @@ if test "$enable_encryption" = yes \
       test "$enable_encryption" = yes \
       && test "$ac_cv_lib_des_des_key_sched" = yes \
       && AC_DEFINE([DES_ENCRYPTION])
+
+      AC_CHECK_HEADERS([com_err.h des.h kerberosIV/des.h \
+                       kerberosIV/krb.h krb.h])
     fi
     ;;
   krb5)
@@ -348,6 +351,12 @@ if test "$enable_encryption" = yes \
     if test ".$LIBAUTH" != . ;then
       AC_DEFINE([KERBEROS])
       AC_DEFINE([KRB5])
+      save_CPPFLAGS=$CPPFLAGS
+      CPPFLAGS="$CPPFLAGS $INCAUTH"
+      AC_CHECK_HEADERS([com_err.h kerberosV/krb5.h krb5.h \
+                       krb5/asn1.h krb5/crc-32.h krb5/ext-proto.h \
+                       krb5/krb5.h krb5/los-proto.h])
+      CPPFLAGS=$save_CPPFLAGS
     fi
     ;;
   *)
@@ -599,16 +608,13 @@ AC_HEADER_STDC
 AC_HEADER_TIME
 AC_HEADER_DIRENT
 
-AC_CHECK_HEADERS([arpa/nameser.h com_err.h des.h errno.h fcntl.h features.h \
-                 glob.h kerberosIV/des.h kerberosIV/krb.h kerberosV/krb5.h \
-                 krb.h krb5.h krb5/asn1.h krb5/crc-32.h krb5/ext-proto.h \
-                 krb5/krb5.h krb5/los-proto.h \
-                 memory.h netinet/in_systm.h netinet/ip.h \
-                  netinet/ip_icmp.h netinet/ip_var.h \
-                 security/pam_appl.h \
-                  shadow.h stdarg.h stdlib.h string.h stropts.h sys/tty.h \
-                  sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
-                  sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
+AC_CHECK_HEADERS([arpa/nameser.h errno.h fcntl.h features.h \
+                 glob.h memory.h netinet/in_systm.h netinet/ip.h \
+                 netinet/ip_icmp.h netinet/ip_var.h \
+                 security/pam_appl.h shadow.h \
+                 stdarg.h stdlib.h string.h stropts.h sys/tty.h \
+                 sys/utsname.h sys/ptyvar.h sys/msgbuf.h sys/filio.h \
+                 sys/ioctl_compat.h sys/cdefs.h sys/stream.h sys/mkdev.h \
                  sys/sockio.h sys/sysmacros.h sys/param.h sys/file.h \
                  sys/proc.h sys/select.h sys/time.h sys/wait.h \
                   sys/resource.h \
diff --git a/telnet/utilities.c b/telnet/utilities.c
index 4da265a..f97646b 100644
--- a/telnet/utilities.c
+++ b/telnet/utilities.c
@@ -346,7 +346,7 @@ printsub (char direction, unsigned char *pointer, int 
length)
   register int i;
   extern int want_status_response;
 
-#if defined AUTHENTICATION && defined ENCRYPTION
+#if defined AUTHENTICATION || defined ENCRYPTION
   char buf[512];
 #endif
 
diff --git a/telnetd/utility.c b/telnetd/utility.c
index 5ca0430..3ef7962 100644
--- a/telnetd/utility.c
+++ b/telnetd/utility.c
@@ -930,7 +930,7 @@ printsub (int direction, unsigned char *pointer, int length)
 {
   register int i = 0;
 
-#if defined AUTHENTICATION && defined ENCRYPTION
+#if defined AUTHENTICATION || defined ENCRYPTION
   unsigned char buf[512];
 #endif
 

http://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=18be9337a6af422b869b3e017852aa4a447ea1dd


commit 18be9337a6af422b869b3e017852aa4a447ea1dd
Author: Mats Erik Andersson <address@hidden>
Date:   Thu Mar 21 22:25:09 2013 +0100

    Documentation (silent change).

diff --git a/NEWS b/NEWS
index 2b814d9..8e8bcfb 100644
--- a/NEWS
+++ b/NEWS
@@ -21,15 +21,19 @@ Argument handling has been corrected to avoid some 
segfaults.
 * ping
 
 New switches `--ip-timestamp', `--mask', `-T/--tos' and `--ttl'.
+Can use file capabilities instead of suid-setting.
 
 * ping6
 
 New switches `--hoplimit/--ttl', `-T/--tos' and `-v/--verbose'.
+File capabilities are sufficient.
 
 * rcp
 
 Supports IPv6 and Shishi.  New switches `-4/--ipv4', `-6/--ipv6',
 `-k/--realm', `-K/--kerberos', and `-x/--encrypt'.
+A file capability like `cap_net_bind_service' can be applied
+instead of setuid installing the binary.
 
 * rexec
 
@@ -38,6 +42,8 @@ Supports IPv6.  New switches `-4/--ipv4', `-6/--ipv6', 
`-a/--ipany'
 * rlogin, rsh
 
 Support IPv6.  New switches `-4/--ipv4', `-6/--ipv6'.
+A file capability like `cap_net_bind_service' can be applied
+instead of setuid installing the binary.
 
 * syslogd
 
@@ -53,14 +59,17 @@ New switch `-k/--realm'.
 
 Default mode is now UDP, for better conformity with Unices.
 New switches `-f/--first-hop', `-g/--gateways', `-I/--icmp',
-`-m/--max-hop', `-t/--tos', and `-w/--wait'.
+`-m/--max-hop', `-t/--tos', and `-w/--wait'.  File capabilities
+suffice.
 
 * ftpd
 
-Full IPv6 support.  PAM support is restricted to Linux-PAM,
-since `pam_ftp.so' exists only there and our code depends on
-its response for handling anonymous users.  Server now accepts
-commands LPRT and LPSV.
+Full IPv6 support.  PAM support for Linux-PAM, OpenPAM,
+and Sun-PAM as service `ftp'.  Observe that the latter
+two implementations only affect non-anonymous access,
+since `pam_ftp.so' exists for Linux-PAM only, so the
+standard checks are enforced on `ftp/anonymous' as usual.
+Server now accepts commands LPRT and LPSV.
 
 * inetd
 
@@ -68,19 +77,21 @@ Service configuration now allows setting also the group.
 
 * rexecd
 
-Can be built with PAM support.  New option `-l/--logging'.
+Can be built with PAM support as service `rexec'.
+New option `-l/--logging'.
 
 * rlogind
 
-Support for IPv6.  Buildable with libwrap support for use in
-stand-alone daemon mode.  New switches `-4/--ipv4', `-6/--ipv6',
-and `-S/--server-principal'.
+Support for IPv6 and PAM as services `rlogin' and `krlogin'.
+Buildable with libwrap support for use in stand-alone daemon
+mode.  New switches `-4/--ipv4', `-6/--ipv6', and
+`-S/--server-principal'.
 
 * rshd
 
-Now has support for IPv6, PAM, and Shishi.  New switches
-`-k/--kerberos', `-S/--server-principal', `-v/--vacuous',
-and `-x/--encrypt'.
+Now has support for IPv6, PAM, and Shishi, with PAM services
+`rsh' and `krsh'.  New switches `-k/--kerberos',
+`-S/--server-principal', `-v/--vacuous', and `-x/--encrypt'.
 
 * talkd
 
diff --git a/doc/inetutils.texi b/doc/inetutils.texi
index 47ff6bf..33b779d 100644
--- a/doc/inetutils.texi
+++ b/doc/inetutils.texi
@@ -3414,10 +3414,11 @@ Only anonymous login is allowed.
 @opindex -a
 @opindex --auth
 Specify what authentication mechanism to use for incoming connections.
-Possible values are: @samp{kerberos}, @samp{kerberos5}, @samp{opie}
-and @samp{default}.
+Possible values are: @samp{kerberos}, @samp{kerberos5}, @samp{opie},
address@hidden, and @samp{default}.
 
-Anonymous logins will continue to work when this option is used.
+Anonymous logins will continue to work when this option is used,
+unless the user @samp{ftp} is removed from the system.
 
 @item  -D
 @itemx --daemon
@@ -3484,8 +3485,20 @@ the file exists, @command{ftpd} displays it and exits.  
If the file
 the @samp{ready} message.  If the file @file{/etc/motd} exists,
 @command{ftpd} prints it after a successful login.
 
-The FTP server currently supports the following FTP requests.  The
-case of the requests is ignored.
+If this server was compiled with PAM support, then any non-anonymous
+connection request will also be checked for settings pertaining to
+the PAM service @samp{ftp}, before finally being accepted.
+
+Linux-PAM is particular in that it also provides a module
address@hidden influencing even anonymous access.
+By convention the present server relies on the functionality
+in that module when built on relevant systems.
+However, the module is known to be partially broken since
+ten years back, when one compares the claims in its manual page,
+so not all claimed trickery is available!
+
+The FTP server currently supports the following FTP requests.
+The letter case of any request is ignored.
 
 @multitable @columnfractions 0.3 0.7
 @headitem Request  @tab  Description
@@ -3964,6 +3977,11 @@ Fail any call asking for non-Kerberos authentication.
 @c Required  Require reverse resolving of a remote host IP.
 @end table
 
+Should @command{rshd} have been built with PAM support,
+it reads any setting specified for a service named either
address@hidden or @samp{krsh}, the latter name for clients
+seeking Kerberised authentication.
+
 @section Diagnostics
 
 Except for the last one listed below, all diagnostic messages are
@@ -4139,6 +4157,11 @@ This may impact response time and CPU utilization, but 
provides
 increased security.  Only for Kerberised mode of operation.
 @end table
 
+Should @command{rlogind} have been built with PAM support,
+it reads any setting specified for a service named either
address@hidden or @samp{krlogin}, the latter name for clients
+using Kerberised authentication.
+
 @section Kerberos specific details
 
 The option @option{-k} is mandatory for Kerberised operation mode,

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog          |   11 +++++++++++
 NEWS               |   35 +++++++++++++++++++++++------------
 configure.ac       |   26 ++++++++++++++++----------
 doc/inetutils.texi |   33 ++++++++++++++++++++++++++++-----
 telnet/utilities.c |    2 +-
 telnetd/utility.c  |    2 +-
 6 files changed, 80 insertions(+), 29 deletions(-)


hooks/post-receive
-- 
GNU Inetutils
[Prev in Thread]
Current Thread
[Next in Thread]
[SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-262-g2b21870, Mats Erik Andersson <=
Prev by Date: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-260-g139b77d
Next by Date: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-264-g3e5d87b
Previous by thread: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-260-g139b77d
Next by thread: [SCM] GNU Inetutils branch, master, updated. inetutils-1_9_1-264-g3e5d87b
Index(es):
- Date
- Thread