./wip/remctl, Client/server protocol for running commands using Kerberos v5 auth

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 2.16nb1, Package name: remctl-2.16nb1, Maintainer: pkgsrc-users

remctl (the client) and remctld (the server) implement a client/server
protocol for running single commands on a remote host using Kerberos
v5 authentication and returning the output. They use a very simple
GSSAPI-authenticated network protocol, combined with server-side ACL
support and a server configuration file that maps remctl commands to
programs that should be run when that command is called by an
authorized user. remctld is very similar to a CGI server that uses a
different network protocol than HTTP and always does strong
authentication before executing the desired command.


Required to build:
[pkgtools/cwrappers]

Master sites:

RMD160: 9e8cc888b7a43bbdb61b70a28b32eaa1f0c80d33
Filesize: 569.456 KB

Version history: (Expand)


CVS history: (Expand)


   2012-10-07 16:53:42 by Aleksej Saushev | Files touched by this commit (79)
Log message:
Drop superfluous PKG_DESTDIR_SUPPORT, "user-destdir" is default these days.
Mark packages that don't or might probably not have staged installation.
   2011-03-15 21:15:31 by Jonathan Kollasch | Files touched by this commit (4)
Log message:
Update remctl and py-remctl to 2.16.
Changes since 2.15:

Add Ruby bindings contributed by Anthony M. Martinez, enabled with --enable-ruby \ 
at configure time. These bindings are tested with Ruby 1.8 and may not work with \ 
older versions. See ruby/README for more information.

remctld now includes support for a PCRE (Perl-compatible regular expressions) \ 
ACL type if the PCRE library is found at configure time. A PCRE ACL matches any \ 
user whose identity matches the given Perl-compatible regular expression. Based \ 
on work contributed by Anton Lundin.

remctld now includes support for a POSIX regex ACL type if the system supports \ 
the POSIX regex API. A regex ACL matches any user whose identity matches the \ 
given POSIX extended regular expression. Based on work contributed by Anton \ 
Lundin.

remctld now sets the environment variable REMCTL_COMMAND to the command (not \ 
subcommand or arguments) that causes a program to be run. Thanks, Thomas L. \ 
Kula.

remctld -h now reports the list of supported ACL methods for that build of remctld.

Add an example SMF manifest for the remctld daemon in
examples/remctld.xml. Contributed by Peter Eriksson.

Fix PHP test suite to work with PHP 5.3, which no longer passes environment \ 
variables down to the running test program.

Stop passing GCC-specific warning suppression flags into the language binding \ 
build systems unless the compiler used to build remctl is GCC. This still isn't \ 
quite right, since the language bindings may use a different compiler than the \ 
main remctl build, but it should be closer than the previous behavior of using \ 
GCC flags unconditionally.

Update to rra-c-util 2.4:

    * Improve network error handling with unknown address domains.
    * Disable xmalloc test except for maintainers.
    * Break util/util.h apart into separate header files.
    * Add additional GCC function attributes to utility libraries.
    * Use AC_TYPE_LONG_LONG_INT instead of AC_CHECK_TYPES([long long]).

Update to C TAP Harness 1.2:

    * Summarize results at the end of test execution.
    * Add diag and sysdiag functions to the basic TAP library.
    * Clean up data types in the basic C TAP library.
    * Add the GCC nonnull attribute to the TAP library bail functions.
   2010-02-05 22:36:22 by Jonathan Kollasch | Files touched by this commit (5)
Log message:
Update to remctl-2.15.

Changes since 2.14:

 Allow subcommand to be omitted on the remctl command line, which
 sends a command without a subcommand. This makes available on the
 command line functionality that was already available via the
 library API.

 Add the special keyword EMPTY for the subcommand field in the
 remctld configuration file, specifying that this line should only
 match commands with no subcommands.

 Allow use of ALL in the command field in the remctld configuration
 file as well as the subcommand field, matching all commands.

 Fix read of uninitialized memory caused by moving one character
 beyond the beginning of the buffer when parsing blank lines in
 ACL files.

 Use a socket_type typedef rather than int directly to store the
 file descriptors of sockets and, on Windows, typedef that to SOCKET
 instead of int. Update the function signatures of the network
 utility functions appropriately. Compare socket_type variables
 against an INVALID_SOCKET define instead of -1. Fixes portability
 issues to 64-bit Windows. Thanks, Jeffrey Altman.

 For the Windows build, get the current version number from
 configure.ac rather than configure so that the Windows build
 scripts work from a Git checkout. Link with the correct GSS-API
 library for 64-bit Windows builds. Correct or suppress multiple
 warnings. Thanks, Jeffrey Altman.

 Enable Automake silent rules. For a quieter build, pass the
 --enable-silent-rules option to configure or build with make V=0.

 Update to rra-c-util 2.1:

 * Revert separation of die into a separate object file.
 * Fall back on manual library probing if krb5-config doesn't work.
 * Don't try to use a non-executable krb5-config for GSS-API probes.
 * Suppress error output from krb5-config GSS-API probes.
 * Prefer KRB5_CONFIG over a path constructed from --with-gssapi.
 * Fix network test suite failures when IPv6 is available but disabled.

 Update to C TAP Harness 1.1:

 * Summarize results at the end of test execution.
   2009-05-23 17:49:21 by Jonathan Kollasch | Files touched by this commit (3)
Log message:
Update to remctl 2.14

changelog:

remctl 2.14 (2009-05-22)

   The remctld configuration file may now specify that one argument to a
   command is passed on standard input instead of on the command line using
   the stdin= option. This option allows passing data to commands that's too
   long to fit into a command-line argument or that contains nul characters.

   remctld logging of commands or arguments now replaces unprintable
   characters (characters between ASCII 0 and 31 and ASCII 127) with periods
   rather than assuming syslog will cope with them correctly.

   Use command and subcommand as the names for the first two parameters to
   the remctl client and the first two strings in a remctl command instead of
   the unintuitive "type" and "service" terminology borrowed \ 
from sysctl.
   This only changes documentation and some internal variable names; no
   external APIs should be affected.

   Declare message_fatal_cleanup extern in util.h. Fixes compilation problems
   on Mac OS X and probably elsewhere.

   Diagnose and explicitly reject on the server nul characters in command
   arguments that don't support them rather than truncating the argument
   silently.

   Plug several memory leaks in the remctld server. (These would have little
   practical effect unless a client stayed connected and issued multiple
   commands.)

   The protocol now permits commands with no arguments. remctld currently
   doesn't support them, but now returns ERROR_UNKNOWN_COMMAND instead of
   ERROR_BAD_COMMAND when receiving one.

   Add documentation on extending remctl in docs/extending.

   Add initial protocol version three draft in docs/protocol-v3.

   Better check logmask options when parsing the server configuration file
   and report errors instead of silently ignoring them. Masking the command
   is also no longer supported (it previously worked by accident).

   Support building against Solaris 10's native generic GSS-API libraries.
   Thanks, Peter Eriksson.

   Update to rra-c-util 1.0:

     * Fix open call parameters in daemon portability test.
     * Fix AI_ADDRCONFIG portability on BSD/OS systems.
     * Split die into a separate object to not link it in shared libraries.
     * Don't break if the user clobbers CPPFLAGS at build time.
     * Correctly set -L options with --with-gssapi-lib, not -I.
     * Change AC_TRY_* to AC_*_IFELSE as recommended by Autoconf.
     * Update portable and util test suite for C TAP Harness 1.0.
     * Use native Kerberos instead of forking kinit in test suite.

   Update to C TAP Harness 1.0:

     * Rewrite of all test cases to use the new TAP library support.
     * Much improved and simplified builddir != srcdir test suite support.
     * Support running a single test with tests/runtests -o.
     * Correctly handle completely skipped tests, like client/pod.
     * Better reporting of fatal errors in the test suite.
   2009-03-20 20:43:38 by Jörg Sonnenberger | Files touched by this commit (284)
Log message:
Convert buildlink3.mk files to new world order.
   2008-01-27 03:07:52 by Jonathan Kollasch | Files touched by this commit (1)
Log message:
Add a buildlink3.mk.  Just in case anyone happens to need it for their
own local packages.  Thanks to TPROA and pkgtools/createbuildlink.
   2007-11-12 01:05:43 by Jonathan Kollasch | Files touched by this commit (3)
Log message:
Update to 2.11.
   2007-04-21 03:26:08 by Jonathan Kollasch | Files touched by this commit (4) | Imported package
Log message:
remctl (the client) and remctld (the server) implement a client/server
protocol for running single commands on a remote host using Kerberos
v5 authentication and returning the output. They use a very simple
GSSAPI-authenticated network protocol, combined with server-side ACL
support and a server configuration file that maps remctl commands to
programs that should be run when that command is called by an
authorized user. remctld is very similar to a CGI server that uses a
different network protocol than HTTP and always does strong
authentication before executing the desired command.