dkk [Tue, 4 Nov 1997 22:00:55 +0000 (22:00 +0000)]
Added a command-line arg, to allow the administrator to load only one
of student or staff data files (instead of both together). The
frequency of the two data files varied greatly, so the script was
being used only as an example until these changes were applied.
The script also now uses a separate directory (/moira/load/).
dkk [Tue, 4 Nov 1997 21:52:05 +0000 (21:52 +0000)]
Much revision from previous instructions, most of it apparently not
checked in before (was named INSTRUCTIONS.new). Made the instructions
more into a shell script (in several stages). THIS PROCEDURE WAS USED
in October 1997 to resynchronize the athena.mit.edu AFS cell with Moira.
From mbarker: Remove the `char *whoami;' local to main so that it's
setting the global whoami. Otherwise it will be uninitialized and the
program will dump core if it tries to print an error message.
Do a better job with returning error codes: add ERROR_TABLE_BASE_krb
to error codes returned by krb functions, and use
connection_errno(conn) for the error value from send_object and
receive_object (not their return value, which is a non-useful GDB
error number).
menu.c: fix Linux/NetBSD ncurses display problems
main.c, namespace.c: use fgets() instead of gets() to make NetBSD (and
other?) cc not complain about possible buffer overruns
danw [Sat, 23 Aug 1997 22:27:52 +0000 (22:27 +0000)]
don't free(groups) at end of do_everyone, because you might need it
again when doing quotas. (Now there's a memory leak, but who cares,
since it exits shortly after anyway.)
WARNING: "STRING:danwn" was just added to list "danw-test-1".
If danw-test-1 is a mailing list, this may cause it to stop working.
You should consider removing "STRING:danwn" from the list.
to give the `No records in database match ... while adding ...' error
since `danwn' was probably a typo. Because it only makes sense to add
a local string to a list if that string is the same as a list or a
user (otherwise, as the warning above states, you'll break the list).
Since blanche tries those cases first, if we reach the string case,
the string isn't the same as a user or list, so the user probably
doesn't want to add it to the list, so we assume it was a typo.
If the user had really wanted to add it as a string, he should have
said STRING:danwn, which will still work (although it will no longer
give the warning since it's not the sort of thing you're likely to do
accidentally).
Imakefile: use the same debug flag as everyone else
afs.c: don't log an error when you try to create a user/group and find
there's already a user/group with the same name and id. (Do still
flame if only one of them matches.)
afs_rename.pl: don't log an error when trying to restore Xuser.foo if
it doesn't exist, but user.foo does and is mounted in the right place
remove support for automatically building in a separate tree (because it
was too hard to get gdss to work with it, and because all of the other
packages that used to do it have moved away from it--if you want to
build off a symlink farm, you can use synctree)
mr_server.h, qrtn.pc: punt get_client and change find_member to take a
struct client, and compare against both the users_id and the
client_id, so USER foo is recognized as being KERBEROS foo @ the local
kerberos realm.
qaccess.pc: use new find_member interface. also, add code in
access_list and fix existing code in access_member to allow kerberos
principals to glom, gaus, dmfl, and amtl [to public lists] themselves.
Always sort the result in get_members_of_list. (Previously this was
only done for lists of more than 50 members, and implemented such that
the server had to do twice as much work in that case.)
Fix the logic and explanation for one of the guess-what-the-user-meant
cases. (Fixes a bug where blanche would claim MR_NO_MATCH instead of
MR_PERM when you tried to remove a list from a list that you weren't
on the ACL for.)
Make a half-hearted attempt at returning a useful exit status, instead
of always claiming success. (See the man page for details.) We could
probably do better, but it would take a major rewrite.
Check for uniqueness of subnet, filesys, and printer names. (These
were listed in the FIXES file, but not implemented.)
Document the phase 2 printcap checks in the FIXES file.
fix typo in get_ace_use. (This, plus the addition of `gaus TYPE KERBEROS'
and `gaus TYPE RKERBEROS' aliases, allows get_ace_use to be used on
kerberos principals in addition to users and lists.)
Check `strings_id' in the numvalues table at startup. A server crash
in the right place could leave it pointing to an already-filled part
of the table, which makes the server unable to add new strings to the
db until it's fixed. (See [687]-[690] in moira-admin.)
Implement AUTH_002, which isn't vulnerable to replay attacks. Remove
support for AUTH_001 from the update_server (to prevent an AUTH_002
authentication from being replayed as an AUTH_001 authentication.)
Remove INST_001 since it wasn't being used.
Remove code from update_test that was duplicated in client.c
Send data files (but not instruction files) encrypted by default.
When authenticating, try the AUTH_002 protocol first, and fall back to
AUTH_001 if the server doesn't understand AUTH_002.
danw [Tue, 17 Jun 1997 20:20:24 +0000 (20:20 +0000)]
Don't create a user group with new accounts.
Don't allow users to rename a list to someone else's username. Also,
allow users to get `MR_NO_MATCH' if they get_user_account_by_login on
a non-existent account. (Used by the client to be able to check for
this case.)