1 | User-Visible remctl Changes |
---|
2 | |
---|
3 | remctl 2.14 (2009-05-22) |
---|
4 | |
---|
5 | The remctld configuration file may now specify that one argument to a |
---|
6 | command is passed on standard input instead of on the command line |
---|
7 | using the stdin= option. This option allows passing data to commands |
---|
8 | that's too long to fit into a command-line argument or that contains |
---|
9 | nul characters. |
---|
10 | |
---|
11 | remctld logging of commands or arguments now replaces unprintable |
---|
12 | characters (characters between ASCII 0 and 31 and ASCII 127) with |
---|
13 | periods rather than assuming syslog will cope with them correctly. |
---|
14 | |
---|
15 | Use command and subcommand as the names for the first two parameters |
---|
16 | to the remctl client and the first two strings in a remctl command |
---|
17 | instead of the unintuitive "type" and "service" terminology borrowed |
---|
18 | from sysctl. This only changes documentation and some internal |
---|
19 | variable names; no external APIs should be affected. |
---|
20 | |
---|
21 | Declare message_fatal_cleanup extern in util.h. Fixes compilation |
---|
22 | problems on Mac OS X and probably elsewhere. |
---|
23 | |
---|
24 | Diagnose and explicitly reject on the server nul characters in command |
---|
25 | arguments that don't support them rather than truncating the argument |
---|
26 | silently. |
---|
27 | |
---|
28 | Plug several memory leaks in the remctld server. (These would have |
---|
29 | little practical effect unless a client stayed connected and issued |
---|
30 | multiple commands.) |
---|
31 | |
---|
32 | The protocol now permits commands with no arguments. remctld |
---|
33 | currently doesn't support them, but now returns ERROR_UNKNOWN_COMMAND |
---|
34 | instead of ERROR_BAD_COMMAND when receiving one. |
---|
35 | |
---|
36 | Add documentation on extending remctl in docs/extending. |
---|
37 | |
---|
38 | Add initial protocol version three draft in docs/protocol-v3. |
---|
39 | |
---|
40 | Better check logmask options when parsing the server configuration |
---|
41 | file and report errors instead of silently ignoring them. Masking the |
---|
42 | command is also no longer supported (it previously worked by |
---|
43 | accident). |
---|
44 | |
---|
45 | Support building against Solaris 10's native generic GSS-API |
---|
46 | libraries. Thanks, Peter Eriksson. |
---|
47 | |
---|
48 | Update to rra-c-util 1.0: |
---|
49 | |
---|
50 | * Fix open call parameters in daemon portability test. |
---|
51 | * Fix AI_ADDRCONFIG portability on BSD/OS systems. |
---|
52 | * Split die into a separate object to not link it in shared libraries. |
---|
53 | * Don't break if the user clobbers CPPFLAGS at build time. |
---|
54 | * Correctly set -L options with --with-gssapi-lib, not -I. |
---|
55 | * Change AC_TRY_* to AC_*_IFELSE as recommended by Autoconf. |
---|
56 | * Update portable and util test suite for C TAP Harness 1.0. |
---|
57 | * Use native Kerberos instead of forking kinit in test suite. |
---|
58 | |
---|
59 | Update to C TAP Harness 1.0: |
---|
60 | |
---|
61 | * Rewrite of all test cases to use the new TAP library support. |
---|
62 | * Much improved and simplified builddir != srcdir test suite support. |
---|
63 | * Support running a single test with tests/runtests -o. |
---|
64 | * Correctly handle completely skipped tests, like client/pod. |
---|
65 | * Better reporting of fatal errors in the test suite. |
---|
66 | |
---|
67 | remctl 2.13 (2008-11-14) |
---|
68 | |
---|
69 | Add support for ACL methods in the remctld server. The supported |
---|
70 | schemes in this release are file and princ, which together provide the |
---|
71 | same functionality as earlier releases, plus deny to explicitly reject |
---|
72 | a user who matches another ACL and support for the CMU GPUT |
---|
73 | authorization system. There is now a framework in place for adding |
---|
74 | new ACL methods in the future. This work was contributed by Jeffrey |
---|
75 | Hutzelman. |
---|
76 | |
---|
77 | When processing the include of a directory for configuration files or |
---|
78 | ACL files, limit the files read to those whose names contain only |
---|
79 | characters in [a-zA-Z0-9_-]. This replaces the previous exclusion of |
---|
80 | files containing periods and also excludes Emacs backup and temporary |
---|
81 | files. Thanks, Timothy G. Abbott. |
---|
82 | |
---|
83 | Add a PHP remctl PECL module from Andrew Mortensen, enabled with |
---|
84 | --enable-php at configure time. These bindings are only tested with |
---|
85 | PHP 5. |
---|
86 | |
---|
87 | Add Python bindings from Thomas L. Kula, enabled with --enable-python |
---|
88 | at configure time. These bindings are tested with Python 2.5 but |
---|
89 | should work with versions back to 2.3. |
---|
90 | |
---|
91 | Include all *.class files in the JAR file built by java/Makefile, |
---|
92 | making the resulting JAR actually useful. Thanks, Marcus Watts. |
---|
93 | |
---|
94 | Add an ant build configuration for the Java remctl implementation. |
---|
95 | It also has the capability to generate a distribution of just the Java |
---|
96 | implementation using a file layout more similar to an Apache Jakarta |
---|
97 | project than the layout of the java subdirectory. |
---|
98 | |
---|
99 | Several Windows fixes from Matthew Loar, plus really include |
---|
100 | portable/winsock.c in the distribution. This version should now build |
---|
101 | and run on Windows. |
---|
102 | |
---|
103 | With --with-gssapi, attempt to determine if the library directory is |
---|
104 | lib32 or lib64 instead of lib and set LDFLAGS accordingly. Based on |
---|
105 | an idea from the CMU Autoconf macros. |
---|
106 | |
---|
107 | Add --with-gssapi-include and --with-gssapi-lib options to set the |
---|
108 | include and library paths separately if needed. |
---|
109 | |
---|
110 | Restore GSS-API portability checks for old versions of MIT Kerberos |
---|
111 | accidentally dropped in the previous release. |
---|
112 | |
---|
113 | Provide a proper bool type when built with Sun Studio 12 on Solaris |
---|
114 | 10. Thanks, Jeffrey Hutzelman. |
---|
115 | |
---|
116 | Sanity-check the results of krb5-config before proceeding and error |
---|
117 | out in configure if they don't work. |
---|
118 | |
---|
119 | Fix Autoconf syntax error when probing for libkrb5support. Thanks, |
---|
120 | Mike Garrison. |
---|
121 | |
---|
122 | Create the docs directory in the build tree if it's missing, fixing a |
---|
123 | build failure when builddir != srcdir. Thanks, Jeffrey Hutzelman. |
---|
124 | |
---|
125 | In standalone mode, close the main server socket immediately in the |
---|
126 | child handler processes. Since the socket was already marked close on |
---|
127 | exec, this probably only matters for consistent test suite results, |
---|
128 | ensuring that the port is released immediately, but it's more correct. |
---|
129 | |
---|
130 | remctl 2.12 (2008-04-04) |
---|
131 | |
---|
132 | If no server principal is specified on the remctl command line or in |
---|
133 | the remctl() or remctl_open() C or Perl library interfaces, remctl now |
---|
134 | uses a host-based service name for the server instead of a Kerberos |
---|
135 | principal of host/server. The practical effect of this is that |
---|
136 | domain-realm mapping rules will be applied rather than assuming the |
---|
137 | server's principal is in the local domain and, for the C and Perl |
---|
138 | library interfaces, server name canonicalization will be done if |
---|
139 | configured in the GSS-API library. Users of the C or Perl library |
---|
140 | interfaces will find that remctl now authenticates to a principal for |
---|
141 | the host after a forward and reverse DNS lookup instead of the host |
---|
142 | specified in the API call with most GSS-API libraries. To disable |
---|
143 | this canonicalization behavior, see your GSS-API library |
---|
144 | documentation; setting rdns in [libdefaults] to false works for MIT |
---|
145 | Kerberos. The remctl command-line client continues to canonicalize |
---|
146 | its host argument always prior to any network connection or GSS-API |
---|
147 | calls. |
---|
148 | |
---|
149 | Add documentation of hostname canonicalization and the choice of |
---|
150 | authentication principals to the remctl client, remctl() and |
---|
151 | remctl_open() C API, and Net::Remctl Perl API documentation. |
---|
152 | |
---|
153 | Fix a place in libremctl where the library would call exit rather than |
---|
154 | returning an error on memory allocation failure. |
---|
155 | |
---|
156 | Standardize on lowercase first characters in library error strings. |
---|
157 | |
---|
158 | Include the Windows port of the client done by Matthew Loar. See |
---|
159 | README for information on requirements and compilation. Only the |
---|
160 | client shared library and command-line utility are supported or built |
---|
161 | currently. I cannot easily test this code and probably broke it when |
---|
162 | integrating the patch; please report any problems so that they can be |
---|
163 | fixed in subsequent releases. |
---|
164 | |
---|
165 | When running the server in standalone mode, set the network file |
---|
166 | descriptors close-on-exec so that they're not inherited by commands |
---|
167 | run by remctl. Also close the low-numbered file descriptors before |
---|
168 | running a command to catch the replay cache file, which isn't marked |
---|
169 | close-on-exec in older versions of MIT Kerberos. |
---|
170 | |
---|
171 | When passing a variable set to undef into remctl_open in the Perl API, |
---|
172 | the principal was converted to the empty string. Adjust Net::Remctl |
---|
173 | to recognize the empty string as an unspecified principal. |
---|
174 | |
---|
175 | The configure option to specify the path to the GSS-API libraries is |
---|
176 | now --with-gssapi instead of --with-kerberos and the GSS-API probes |
---|
177 | should be more robust. |
---|
178 | |
---|
179 | Delete the man page symlinks before recreating them so that reinstalls |
---|
180 | work. Thanks, Nicholas Riley. |
---|
181 | |
---|
182 | Belatedly bump the libtool versioning for libremctl for the port |
---|
183 | number change in the previous release. (This is primarily for |
---|
184 | documentation purposes and doesn't change the library SONAME.) |
---|
185 | |
---|
186 | remctl 2.11 (2007-11-09) |
---|
187 | |
---|
188 | remctl now has an official port registered with IANA (4373), replacing |
---|
189 | the original, poorly-chosen port of 4444. The previous port conflicts |
---|
190 | with the krb524 service. The remctld server and example configuration |
---|
191 | files have been changed to bind to port 4373 by default if no port is |
---|
192 | specified. The client will attempt to connect to port 4373 first if |
---|
193 | no port is specified and then fall back to trying 4444. All sites |
---|
194 | running remctl are encouraged to upgrade their clients and then |
---|
195 | migrate their servers to the new port. Support for the old port |
---|
196 | without explicit configuration will be phased out in a future release. |
---|
197 | |
---|
198 | Stop using stdout and stderr as structure members, fixing compilation |
---|
199 | problems on AIX, NetBSD, and other platforms. |
---|
200 | |
---|
201 | Fix (non-exploitable) segfaults in remctld when sent a command with a |
---|
202 | type and no service (not permitted by the command-line client but |
---|
203 | possible with the library API). Thanks to Marcus Watts for the |
---|
204 | analysis. |
---|
205 | |
---|
206 | Port to the Kerberos GSS-API implementation shipped with AIX 5.2. |
---|
207 | Thanks to Sandor Sklar for bug reports and testing. |
---|
208 | |
---|
209 | Improve the configuration file documentation in the remctld man page. |
---|
210 | Document the first-match properties. |
---|
211 | |
---|
212 | remctl 2.10 (2007-08-26) |
---|
213 | |
---|
214 | Include a rewritten Java client and a Java server implementation, both |
---|
215 | by Marcus Watts. The rewritten Java client supports protocol version |
---|
216 | two and works with Sun Java 1.4.2, 5, and 6. |
---|
217 | |
---|
218 | Fix a (non-exploitable) remctld crash when the client sent more |
---|
219 | command arguments than it claimed it was going to send. Thanks, |
---|
220 | Marcus Watts. Also added a test with a variety of malformed command |
---|
221 | tokens in an effort to keep bugs like this from going unnoticed in the |
---|
222 | future. |
---|
223 | |
---|
224 | The remctl client now also requests sequence protection, but the |
---|
225 | client and server do not insist on it or on replay protection since |
---|
226 | Heimdal 0.6 doesn't support replay protection. This has been |
---|
227 | documented in the protocol specification as well. |
---|
228 | |
---|
229 | remctld when running in stand-alone mode now removes the PID file (if |
---|
230 | any) and exits cleanly after receiving SIGINT or SIGTERM. Based on a |
---|
231 | patch by Marcus Watts. |
---|
232 | |
---|
233 | remctld when running in stand-alone mode now re-reads its |
---|
234 | configuration file file after receiving a SIGHUP. |
---|
235 | |
---|
236 | Don't self-destruct after an hour in stand-alone mode, fixing a bug |
---|
237 | introduced in 2.8. |
---|
238 | |
---|
239 | The libremctl client library now uses symbol versioning on Linux. |
---|
240 | |
---|
241 | Allow port and principal to be omitted in calls to Net::Remctl::open, |
---|
242 | matching the documentation. Thanks, Marcus Watts. |
---|
243 | |
---|
244 | Include a dummy symbol in libportable so that it always contains at |
---|
245 | least one object. Fixes compilation problems on Mac OS X 10.4 and |
---|
246 | Solaris 10. |
---|
247 | |
---|
248 | Fix builds outside the source directory by creating the docs directory |
---|
249 | properly, based on a patch by Marcus Watts. Also fix make clean and |
---|
250 | the POD tests when run outside the source directory. |
---|
251 | |
---|
252 | Change the Net::Remctl documentation for remctl() to suggest 0 and the |
---|
253 | empty string as default values for port and principal, since this |
---|
254 | avoids Perl warnings. |
---|
255 | |
---|
256 | Check for the MIT Kerberos GSS-API library first in reduced dependency |
---|
257 | mode for improved reproducibility of the Debian build. |
---|
258 | |
---|
259 | remctl 2.9 (2007-06-29) |
---|
260 | |
---|
261 | Fix remctl client library crashes due to an uninitialized variable |
---|
262 | when the network connection fails. |
---|
263 | |
---|
264 | Added complete C API documentation (as section 3 manual pages) for the |
---|
265 | libremctl library. |
---|
266 | |
---|
267 | Fix several inaccuracies in the Net::Remctl API documentation. |
---|
268 | Thanks, Alf Wachsmann. |
---|
269 | |
---|
270 | Pass DESTDIR to the Perl module installation as well. Thanks, Darren |
---|
271 | Patterson. |
---|
272 | |
---|
273 | remctl 2.8 (2007-06-27) |
---|
274 | |
---|
275 | Add a Net::Remctl Perl module, optionally compiled (and enabled with |
---|
276 | the --enable-perl configure flag), that provides native Perl bindings |
---|
277 | to the libremctl client library. |
---|
278 | |
---|
279 | Fix various null pointer dereferences in the simplified remctl client |
---|
280 | library call when the server returns an error. |
---|
281 | |
---|
282 | When running in stand-alone mode, remctld now forks a new child for |
---|
283 | each incoming connection and can therefore handle multiple |
---|
284 | simultaneous connections. This makes stand-alone mode useful for more |
---|
285 | than just testing. Also, remctld now backgrounds itself by default in |
---|
286 | stand-alone mode; disable this with the -F flag. Based on a patch by |
---|
287 | Andrew Mortensen. |
---|
288 | |
---|
289 | Add a new -k flag to remctld to tell it to use a non-default keytab. |
---|
290 | Thanks, Andrew Mortensen. |
---|
291 | |
---|
292 | Default to port 4444 in the library if a port of 0 is passed in, and |
---|
293 | (following the documentation) default to host/<hostname> if a NULL |
---|
294 | principal is passed in. |
---|
295 | |
---|
296 | remctld now exits properly when it can't parse its configuration file |
---|
297 | rather than proceeding with a null configuration. |
---|
298 | |
---|
299 | Fix problems with the parameter types for GSS-API memory freeing |
---|
300 | functions in some error cases. |
---|
301 | |
---|
302 | In the test suite, fix the kinit flags for MIT Kerberos 1.6. |
---|
303 | |
---|
304 | remctl 2.7 (2007-03-25) |
---|
305 | |
---|
306 | In remctld, consider the command complete once the child process |
---|
307 | exits. Do not wait for its standard output and error to be closed, |
---|
308 | since the child process may have spawned a long-running daemon that |
---|
309 | doesn't clean up its file descriptors properly. |
---|
310 | |
---|
311 | When the command-line remctl client canonicalizes the name of the |
---|
312 | server host to get the right principal, it then needs to connect to |
---|
313 | the canonical hostname. Otherwise, DNS schemes that return a |
---|
314 | different answer each time one asks for a given host may cause remctl |
---|
315 | to connect to a different host than the canonical name used for the |
---|
316 | principal, resulting in authentication failure. |
---|
317 | |
---|
318 | Fixed a subtle bookkeeping error when sending commands larger than the |
---|
319 | maximum token size that would have resulted in malformed tokens for |
---|
320 | boundary cases of argument lengths. |
---|
321 | |
---|
322 | Fixed memory and file descriptor leaks in remctld that only become |
---|
323 | apparent when the server runs many commands before exiting. |
---|
324 | |
---|
325 | Various minor fixes so that make warnings and make check work on a |
---|
326 | Solaris 8 system without IPv6 configured. |
---|
327 | |
---|
328 | Use a portability wrapper around the GSS-API header to avoid repeating |
---|
329 | the same portability code in every file. |
---|
330 | |
---|
331 | remctl 2.6 (2007-02-03) |
---|
332 | |
---|
333 | SECURITY: If an ACL listed for a command didn't exist, the |
---|
334 | authorization check was treated as a success instead of a failure. |
---|
335 | This had, embarassingly, apparently been broken since at least 2.0. |
---|
336 | |
---|
337 | remctl 2.5 (2007-02-03) |
---|
338 | |
---|
339 | Automatically use a continued MESSAGE_COMMAND if the total command |
---|
340 | length is larger than 64KB (minus token overhead). The remctl client |
---|
341 | library can now send arbitrarily large commands, at some cost in |
---|
342 | memory consumption on the client and server. The server is still |
---|
343 | limited by the OS-imposed maximum length of a command line. |
---|
344 | |
---|
345 | When the server runs a command, open /dev/null for standard input |
---|
346 | rather than leaving standard input closed. Some programs don't cope |
---|
347 | with a closed standard input. |
---|
348 | |
---|
349 | Audited memory handling of buffers sent to and read from the network |
---|
350 | and closed several memory leaks. |
---|
351 | |
---|
352 | Use the same limit (1MB) on token size everywhere. Enforce the |
---|
353 | protocol limit on unencrypted data size (64KB) in both the server and |
---|
354 | when sending messages in the client. |
---|
355 | |
---|
356 | Correctly handle a zero-length argument at the end of a command in the |
---|
357 | server. Previously, that argument was ignored. |
---|
358 | |
---|
359 | Check that the expected argument count matches the count of arguments |
---|
360 | seen in the server and that all of the client data was consumed when |
---|
361 | parsing arguments. |
---|
362 | |
---|
363 | Add a newline to the end of error messages when converting to protocol |
---|
364 | version one replies. The old remctl client didn't add a newline. |
---|
365 | |
---|
366 | Document the limits on token size and unencrypted data size in the |
---|
367 | protocol specification. Improve the protocol documentation for the |
---|
368 | continue status for MESSAGE_COMMAND. Use octet instead of byte |
---|
369 | uniformly. |
---|
370 | |
---|
371 | remctl 2.4 (2007-01-17) |
---|
372 | |
---|
373 | IPv6 support is now automatically enabled on systems that support it. |
---|
374 | The remctl code uniformly uses the new IPv6-aware host and address |
---|
375 | functions, using replacements on systems that don't provide them in |
---|
376 | libc. Thanks to Jonathan Kollasch for the initial patch. |
---|
377 | |
---|
378 | When sending tokens, correctly check for network errors rather than |
---|
379 | ignoring them due to a miswritten test. |
---|
380 | |
---|
381 | In the remctl command-line client, print a newline after protocol |
---|
382 | error messages from the server. |
---|
383 | |
---|
384 | Add error messages to the protocol specification for sending too many |
---|
385 | arguments in a command and sending too much data with a command. |
---|
386 | Return the more specific error message if the number of command |
---|
387 | arguments exceed the current hard-coded limit rather than just |
---|
388 | reporting a bad command token. |
---|
389 | |
---|
390 | Don't use $< in non-pattern rules (again), fixing a build error on |
---|
391 | some systems with non-GNU make (although since the generated man |
---|
392 | pages are part of the distribution, only those modifying the POD |
---|
393 | source would have seen this error). |
---|
394 | |
---|
395 | remctl 2.3 (2006-12-06) |
---|
396 | |
---|
397 | Increase the maximum number of arguments the server will accept for a |
---|
398 | command to 4096 from 64. This is an arbitrary limit to protect |
---|
399 | against memory-consumption denial-of-service attacks. |
---|
400 | |
---|
401 | Document the exit status of the remctl client. |
---|
402 | |
---|
403 | Add the -S flag to remctld, which tells it to log to standard output |
---|
404 | and standard error rather than syslog. Use this flag in the test |
---|
405 | suite so that make check doesn't spew into a system's syslog. |
---|
406 | |
---|
407 | Require Automake 1.10 and Autoconf 2.60 and use AC_CONFIG_LIBOBJ_DIR |
---|
408 | to locate replacements for missing system functions. This means that |
---|
409 | an Automake patch is no longer required for bootstrapping and remctl |
---|
410 | will now work with stock Autoconf and Automake. |
---|
411 | |
---|
412 | remctl 2.2 (2006-09-08) |
---|
413 | |
---|
414 | Add appropriate casts when passing size_t variables to printf on |
---|
415 | 64-bit systems. |
---|
416 | |
---|
417 | Include <sys/socket.h> in appropriate places for socklen_t on Solaris. |
---|
418 | |
---|
419 | Make the xmalloc test suite indifferent to filename differences from |
---|
420 | builddir != srcdir builds. |
---|
421 | |
---|
422 | Work around strange GCC 4.1 behavior on AMD64 that creates a const |
---|
423 | temporary variable in the macro expansion of the W* wait macros on |
---|
424 | glibc systems, causing the build of runtests to fail. For some reason |
---|
425 | this apparently only affects AMD64. |
---|
426 | |
---|
427 | Redirect /dev/null into kinit in the test suite so that the Heimdal |
---|
428 | syntax doesn't cause an MIT kinit to hang. |
---|
429 | |
---|
430 | Try all kinit varients in the remctl client test as well as the C API |
---|
431 | tests. |
---|
432 | |
---|
433 | remctl 2.1 (2006-08-22) |
---|
434 | |
---|
435 | Set REMOTE_USER in the environment for commands run by remctld, using |
---|
436 | the same value as REMUSER. This makes it easier to use programs that |
---|
437 | also run as CGI scripts. Also set REMOTE_ADDR to the IP address of |
---|
438 | the remote host and set REMOTE_HOST to the hostname if available. |
---|
439 | |
---|
440 | Stop setting SCPRINCIPAL in the environment. This was for backward |
---|
441 | compatibility with sysctl and it's highly unlikely that anyone still |
---|
442 | cares (not to mention that the value was qualified with the realm and |
---|
443 | therefore didn't match sysctld's setting anyway). |
---|
444 | |
---|
445 | Properly nul-terminate error replies when using the simplified remctl |
---|
446 | client API. |
---|
447 | |
---|
448 | Support make check with builddir != srcdir builds. Thanks to Ralf |
---|
449 | Wildenhues for the help in identifying the issues. |
---|
450 | |
---|
451 | remctl 2.0 (2006-08-09) |
---|
452 | |
---|
453 | Implement a new version 2 protocol, with automatic down-negotiation |
---|
454 | to the old protocol for backward compatibility. The new protocol is |
---|
455 | more binary-safe for command arguments, supports streaming output |
---|
456 | from the server, allows distinguishing between stdout output and |
---|
457 | stderr output, has no arbitrary limits on output size, and supports |
---|
458 | persistant connections. |
---|
459 | |
---|
460 | Document the details of the remctl protocol, both the old version 1 |
---|
461 | protocol and the new version 2 protocol, in hopefully sufficient |
---|
462 | detail for anyone else to implement it. |
---|
463 | |
---|
464 | Don't consider inclusion of empty directories in a configuration file |
---|
465 | an error. |
---|
466 | |
---|
467 | Add the -P flag to remctld to write its PID to a file when invoked in |
---|
468 | stand-alone mode. |
---|
469 | |
---|
470 | Add an automated test suite. |
---|
471 | |
---|
472 | Completely rewrite the build system to use Automake, a supporting |
---|
473 | utility library, separate subdirectories for different parts of the |
---|
474 | source tree, and a wrapper include file for system headers. |
---|
475 | |
---|
476 | Don't use $< in non-pattern rules, fixing a build error on some |
---|
477 | systems with non-GNU make. |
---|
478 | |
---|
479 | remctl 1.12 (2006-01-01) |
---|
480 | |
---|
481 | Initialize memory properly when parsing the server configuration file. |
---|
482 | |
---|
483 | Library probes with --enable-static cannot use krb5-config, since we |
---|
484 | can't distinguish between the Kerberos libraries that should be static |
---|
485 | and the system library dependencies that must not be made static. |
---|
486 | |
---|
487 | remctl 1.11 (2005-12-22) |
---|
488 | |
---|
489 | Support include directives in remctld ACL files with the same syntax |
---|
490 | and semantics as include directives in configuration files. |
---|
491 | |
---|
492 | Stop option parsing at the first non-option on Linux (this is the |
---|
493 | standard behavior of getopt on other platforms). Otherwise, calling |
---|
494 | remote programs that take options is annoying. |
---|
495 | |
---|
496 | Use krb5-config where available to get Kerberos libraries and compiler |
---|
497 | flags unless --enable-reduced-depends is used. |
---|
498 | |
---|
499 | Fix builds and installs where builddir != srcdir. |
---|
500 | |
---|
501 | Initial port to Heimdal. remctl now compiles but isn't able to talk |
---|
502 | to a server built with MIT Kerberos, so further porting is still |
---|
503 | needed. |
---|
504 | |
---|
505 | Remove some debugging code for displaying the GSS-API OID as a string |
---|
506 | that isn't supported by the Heimdal API and is of questionable |
---|
507 | usefulness regardless. |
---|
508 | |
---|
509 | remctl 1.10 (2005-12-01) |
---|
510 | |
---|
511 | Move the -v option to remctl and remctld to -d (debug), since the |
---|
512 | verbose output or logging is only really useful when debugging. |
---|
513 | |
---|
514 | Add -h (show usage) and -v (show version) options to both remctl |
---|
515 | and remctld and add real option parsing (so combining multiple options |
---|
516 | in one switch should now work). |
---|
517 | |
---|
518 | Overhaul error and status reporting in remctl and remctld. Among |
---|
519 | other advantages, this should eliminate any lingering format string |
---|
520 | worries and get rid of the trailing newlines in syslog messages from |
---|
521 | remctld, as well as regularize the text of the error messages and the |
---|
522 | priority of syslog messages. |
---|
523 | |
---|
524 | remctl 1.9 (2005-05-10) |
---|
525 | |
---|
526 | Fix serious bug with inclusion of configuration directories. When |
---|
527 | reading any file after the first, remctl would use random bits of |
---|
528 | memory as the file name. |
---|
529 | |
---|
530 | remctl 1.8 (2005-05-04) |
---|
531 | |
---|
532 | Support include <file> in the configuration file. Also support |
---|
533 | including a directory, which includes every file in that directory |
---|
534 | that doesn't have a period in the name. |
---|
535 | |
---|
536 | Support continuation lines (using backslash) in the configuration |
---|
537 | file, and clean up the parser to be more flexible about whitespace on |
---|
538 | otherwise empty lines or comment lines. |
---|
539 | |
---|
540 | Change the default remctl.conf location to be relative to sysconfdir |
---|
541 | (<prefix>/etc by default) instead of the current directory. |
---|
542 | |
---|
543 | remctld now only logs the initial connection authentication and the |
---|
544 | argument count if -v was given, reducing to one the number of syslog |
---|
545 | messages per command. |
---|
546 | |
---|
547 | Improve the remctld man page, documenting all of the supported options |
---|
548 | including stand-alone mode. |
---|
549 | |
---|
550 | remctl 1.7 (2005-02-22) |
---|
551 | |
---|
552 | Close extra file descriptors before spawning a child process in |
---|
553 | remctl. The only file descriptors open should be standard output and |
---|
554 | standard error. This will fix problems with using remctld to start |
---|
555 | long-running daemons; before, remctld would never realize that the |
---|
556 | child process had exited. |
---|
557 | |
---|
558 | Use select to wait for child output in remctld rather than |
---|
559 | busy-waiting so as not to burn CPU cycles when the child takes a while |
---|
560 | to produce output. |
---|
561 | |
---|
562 | Document the -p option for the client. |
---|
563 | |
---|
564 | remctl 1.6 (2004-05-18) |
---|
565 | |
---|
566 | Fix format string vulnerabilities when logging the remote command. |
---|
567 | |
---|
568 | remctl 1.5 (2004-03-04) |
---|
569 | |
---|
570 | Fix a bug in remctld where it would segfault when trying to check the |
---|
571 | ACLs for a command not present in the configuration file. |
---|
572 | |
---|
573 | Portability fix to return the exit status of the command in network |
---|
574 | byte order. |
---|
575 | |
---|
576 | remctl 1.4 (2003-11-12) |
---|
577 | |
---|
578 | Add support for a logmask=n option in the configuration file that |
---|
579 | masks those arguments in the logging output (used when some of the |
---|
580 | options for that command contain private information). |
---|
581 | |
---|
582 | Add optimizations in the GSS code to do fewer network writes. |
---|
583 | |
---|
584 | Significant improvements to the Java client. |
---|
585 | |
---|
586 | Some minor cleanups to logging, installation, and the configure |
---|
587 | script. |
---|
588 | |
---|
589 | remctl 1.3 (2003-07-21) |
---|
590 | |
---|
591 | Exit with non-zero status if the remote command failed rather than |
---|
592 | always exiting with zero status if the network exchange worked |
---|
593 | successfully. |
---|
594 | |
---|
595 | Adjust logging priorities and include some additional information in |
---|
596 | the log of the command. |
---|
597 | |
---|
598 | Improved the README and added a make dist target to the makefile. |
---|
599 | |
---|
600 | remctl 1.2 (2003-04-04) |
---|
601 | |
---|
602 | Read from both standard out and standard error of the spawned command |
---|
603 | in turn to better prevent deadlock. |
---|
604 | |
---|
605 | Set the REMUSER environment variable to the remote authenticated user |
---|
606 | (and continue setting SCPRINCIPAL as well for backward compatibility). |
---|
607 | |
---|
608 | remctl 1.1 (2003-02-28) |
---|
609 | |
---|
610 | Add an snprintf implementation for systems that don't have it and use |
---|
611 | it for log messages. |
---|
612 | |
---|
613 | Additional fleshing out of the Java client. |
---|
614 | |
---|
615 | Lots of code cleanup and style fixes. |
---|
616 | |
---|
617 | remctl 1.0 (2002-11-22) |
---|
618 | |
---|
619 | Initial release. |
---|