changelog:
remctl 2.14 (2009-05-22)
The remctld configuration file may now specify that one argument to a
command is passed on standard input instead of on the command line using
the stdin= option. This option allows passing data to commands that's too
long to fit into a command-line argument or that contains nul characters.
remctld logging of commands or arguments now replaces unprintable
characters (characters between ASCII 0 and 31 and ASCII 127) with periods
rather than assuming syslog will cope with them correctly.
Use command and subcommand as the names for the first two parameters to
the remctl client and the first two strings in a remctl command instead of
the unintuitive "type" and "service" terminology borrowed from sysctl.
This only changes documentation and some internal variable names; no
external APIs should be affected.
Declare message_fatal_cleanup extern in util.h. Fixes compilation problems
on Mac OS X and probably elsewhere.
Diagnose and explicitly reject on the server nul characters in command
arguments that don't support them rather than truncating the argument
silently.
Plug several memory leaks in the remctld server. (These would have little
practical effect unless a client stayed connected and issued multiple
commands.)
The protocol now permits commands with no arguments. remctld currently
doesn't support them, but now returns ERROR_UNKNOWN_COMMAND instead of
ERROR_BAD_COMMAND when receiving one.
Add documentation on extending remctl in docs/extending.
Add initial protocol version three draft in docs/protocol-v3.
Better check logmask options when parsing the server configuration file
and report errors instead of silently ignoring them. Masking the command
is also no longer supported (it previously worked by accident).
Support building against Solaris 10's native generic GSS-API libraries.
Thanks, Peter Eriksson.
Update to rra-c-util 1.0:
* Fix open call parameters in daemon portability test.
* Fix AI_ADDRCONFIG portability on BSD/OS systems.
* Split die into a separate object to not link it in shared libraries.
* Don't break if the user clobbers CPPFLAGS at build time.
* Correctly set -L options with --with-gssapi-lib, not -I.
* Change AC_TRY_* to AC_*_IFELSE as recommended by Autoconf.
* Update portable and util test suite for C TAP Harness 1.0.
* Use native Kerberos instead of forking kinit in test suite.
Update to C TAP Harness 1.0:
* Rewrite of all test cases to use the new TAP library support.
* Much improved and simplified builddir != srcdir test suite support.
* Support running a single test with tests/runtests -o.
* Correctly handle completely skipped tests, like client/pod.
* Better reporting of fatal errors in the test suite.
changes since 2.11:
If no server principal is specified on the remctl command line or
in the remctl() or remctl_open() C or Perl library interfaces,
remctl now uses a host-based service name for the server instead
of a Kerberos principal of host/server. The practical effect of
this is that domain-realm mapping rules will be applied rather
than assuming the server's principal is in the local domain and,
for the C and Perl library interfaces, server name canonicalization
will be done if configured in the GSS-API library. Users of the
C or Perl library interfaces will find that remctl now authenticates
to a principal for the host after a forward and reverse DNS lookup
instead of the host specified in the API call with most GSS-API
libraries. To disable this canonicalization behavior, see your
GSS-API library documentation; setting rdns in [libdefaults] to
false works for MIT Kerberos. The remctl command-line client
continues to canonicalize its host argument always prior to any
network connection or GSS-API calls.
Add documentation of hostname canonicalization and the choice of
authentication principals to the remctl client, remctl() and
remctl_open() C API, and Net::Remctl Perl API documentation.
Fix a place in libremctl where the library would call exit rather
than returning an error on memory allocation failure.
Standardize on lowercase first characters in library error strings.
Include the Windows port of the client done by Matthew Loar. See
README for information on requirements and compilation. Only the
client shared library and command-line utility are supported or
built currently. I cannot easily test this code and probably broke
it when integrating the patch; please report any problems so that
they can be fixed in subsequent releases.
When running the server in standalone mode, set the network file
descriptors close-on-exec so that they're not inherited by commands
run by remctl. Also close the low-numbered file descriptors before
running a command to catch the replay cache file, which isn't
marked close-on-exec in older versions of MIT Kerberos.
When passing a variable set to undef into remctl_open in the Perl
API, the principal was converted to the empty string. Adjust
Net::Remctl to recognize the empty string as an unspecified
principal.
The configure option to specify the path to the GSS-API libraries
is now --with-gssapi instead of --with-kerberos and the GSS-API
probes should be more robust.
Delete the man page symlinks before recreating them so that
reinstalls work. Thanks, Nicholas Riley.
Belatedly bump the libtool versioning for libremctl for the port
number change in the previous release. (This is primarily for
documentation purposes and doesn't change the library SONAME.)
Add support for ACL methods in the remctld server. The supported
schemes in this release are file and princ, which together provide
the same functionality as earlier releases, plus deny to explicitly
reject a user who matches another ACL and support for the CMU GPUT
authorization system. There is now a framework in place for adding
new ACL methods in the future. This work was contributed by Jeffrey
Hutzelman.
changes since 2.12:
When processing the include of a directory for configuration files
or ACL files, limit the files read to those whose names contain
only characters in [a-zA-Z0-9_-]. This replaces the previous
exclusion of files containing periods and also excludes Emacs
backup and temporary files. Thanks, Timothy G. Abbott.
Add a PHP remctl PECL module from Andrew Mortensen, enabled with
--enable-php at configure time. These bindings are only tested
with PHP 5.
Add Python bindings from Thomas L. Kula, enabled with --enable-python
at configure time. These bindings are tested with Python 2.5 but
should work with versions back to 2.3.
Include all *.class files in the JAR file built by java/Makefile,
making the resulting JAR actually useful. Thanks, Marcus Watts.
Add an ant build configuration for the Java remctl implementation.
It also has the capability to generate a distribution of just the
Java implementation using a file layout more similar to an Apache
Jakarta project than the layout of the java subdirectory.
Several Windows fixes from Matthew Loar, plus really include
portable/winsock.c in the distribution. This version should now
build and run on Windows.
With --with-gssapi, attempt to determine if the library directory
is lib32 or lib64 instead of lib and set LDFLAGS accordingly.
Based on an idea from the CMU Autoconf macros.
Add --with-gssapi-include and --with-gssapi-lib options to set
the include and library paths separately if needed.
Restore GSS-API portability checks for old versions of MIT Kerberos
accidentally dropped in the previous release.
Provide a proper bool type when built with Sun Studio 12 on Solaris
10. Thanks, Jeffrey Hutzelman.
Sanity-check the results of krb5-config before proceeding and
error out in configure if they don't work.
Fix Autoconf syntax error when probing for libkrb5support. Thanks,
Mike Garrison.
Create the docs directory in the build tree if it's missing, fixing
a build failure when builddir != srcdir. Thanks, Jeffrey Hutzelman.
In standalone mode, close the main server socket immediately in
the child handler processes. Since the socket was already marked
close on exec, this probably only matters for consistent test
suite results, ensuring that the port is released immediately,
but it's more correct.
protocol for running single commands on a remote host using Kerberos
v5 authentication and returning the output. They use a very simple
GSSAPI-authenticated network protocol, combined with server-side ACL
support and a server configuration file that maps remctl commands to
programs that should be run when that command is called by an
authorized user. remctld is very similar to a CGI server that uses a
different network protocol than HTTP and always does strong
authentication before executing the desired command.
