Imported Upstream version 3.10

15 files changed, 92 insertions, 28 deletions

diff --git a/docs/api/remctl.3 b/docs/api/remctl.3
index 11d4e6a..f2715b0 100644
--- a/docs/api/remctl.3
+++ b/docs/api/remctl.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL 3"
-.TH REMCTL 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/api/remctl_close.3 b/docs/api/remctl_close.3
index 3b664e2..10df8d1 100644
--- a/docs/api/remctl_close.3
+++ b/docs/api/remctl_close.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_CLOSE 3"
-.TH REMCTL_CLOSE 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL_CLOSE 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/api/remctl_command.3 b/docs/api/remctl_command.3
index b0b81a7..c3ea5a4 100644
--- a/docs/api/remctl_command.3
+++ b/docs/api/remctl_command.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_COMMAND 3"
-.TH REMCTL_COMMAND 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL_COMMAND 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/api/remctl_error.3 b/docs/api/remctl_error.3
index 58eeb90..f14171f 100644
--- a/docs/api/remctl_error.3
+++ b/docs/api/remctl_error.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_ERROR 3"
-.TH REMCTL_ERROR 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL_ERROR 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/api/remctl_new.3 b/docs/api/remctl_new.3
index 2072652..5b0f30b 100644
--- a/docs/api/remctl_new.3
+++ b/docs/api/remctl_new.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_NEW 3"
-.TH REMCTL_NEW 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL_NEW 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/api/remctl_noop.3 b/docs/api/remctl_noop.3
index 3d4f031..e68203b 100644
--- a/docs/api/remctl_noop.3
+++ b/docs/api/remctl_noop.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_NOOP 3"
-.TH REMCTL_NOOP 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL_NOOP 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/api/remctl_open.3 b/docs/api/remctl_open.3
index 1ba166d..8b9b491 100644
--- a/docs/api/remctl_open.3
+++ b/docs/api/remctl_open.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_OPEN 3"
-.TH REMCTL_OPEN 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL_OPEN 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/api/remctl_output.3 b/docs/api/remctl_output.3
index 0d36bae..88dc907 100644
--- a/docs/api/remctl_output.3
+++ b/docs/api/remctl_output.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_OUTPUT 3"
-.TH REMCTL_OUTPUT 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL_OUTPUT 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/api/remctl_set_ccache.3 b/docs/api/remctl_set_ccache.3
index dc7744b..f4cf49b 100644
--- a/docs/api/remctl_set_ccache.3
+++ b/docs/api/remctl_set_ccache.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_SET_CCACHE 3"
-.TH REMCTL_SET_CCACHE 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL_SET_CCACHE 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/api/remctl_set_source_ip.3 b/docs/api/remctl_set_source_ip.3
index 4b3d34b..29e37db 100644
--- a/docs/api/remctl_set_source_ip.3
+++ b/docs/api/remctl_set_source_ip.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_SET_SOURCE_IP 3"
-.TH REMCTL_SET_SOURCE_IP 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL_SET_SOURCE_IP 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/api/remctl_set_timeout.3 b/docs/api/remctl_set_timeout.3
index ba43439..99ba652 100644
--- a/docs/api/remctl_set_timeout.3
+++ b/docs/api/remctl_set_timeout.3
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL_SET_TIMEOUT 3"
-.TH REMCTL_SET_TIMEOUT 3 "2014-07-02" "3.9" "remctl Library Reference"
+.TH REMCTL_SET_TIMEOUT 3 "2015-11-27" "3.10" "remctl Library Reference"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/protocol.html b/docs/protocol.html
index 14a1c27..1848666 100644
--- a/docs/protocol.html
+++ b/docs/protocol.html
@@ -391,7 +391,7 @@
 <link href="#rfc.authors" rel="Chapter"/>
 
 
-  <meta name="generator" content="xml2rfc version 2.4.7 - http://tools.ietf.org/tools/xml2rfc" />
+  <meta name="generator" content="xml2rfc version 2.4.8 - http://tools.ietf.org/tools/xml2rfc" />
   <link rel="schema.dct" href="http://purl.org/dc/terms/" />
 
   <meta name="dct.creator" content="Allbery, R." />
diff --git a/docs/remctl.1 b/docs/remctl.1
index 1aed8c6..bafe562 100644
--- a/docs/remctl.1
+++ b/docs/remctl.1
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTL 1"
-.TH REMCTL 1 "2014-07-02" "3.9" "remctl"
+.TH REMCTL 1 "2015-11-27" "3.10" "remctl"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
diff --git a/docs/remctld.8.in b/docs/remctld.8.in
index 3b83832..2efd970 100644
--- a/docs/remctld.8.in
+++ b/docs/remctld.8.in
@@ -1,4 +1,4 @@
-.\" Automatically generated by Pod::Man 2.27 (Pod::Simple 3.28)
+.\" Automatically generated by Pod::Man 2.28 (Pod::Simple 3.28)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -133,7 +133,7 @@
 .\" ========================================================================
 .\"
 .IX Title "REMCTLD 8"
-.TH REMCTLD 8 "2014-07-02" "3.9" "remctl"
+.TH REMCTLD 8 "2015-11-27" "3.10" "remctl"
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -434,12 +434,37 @@ If \fImethod\fR is omitted, \fIacl\fR must either begin with \f(CW\*(C`/\*(C'\fR
 contain \f(CW\*(C`=\*(C'\fR.  Otherwise, it will be parsed as an option instead.  If
 there is any ambiguity, prepend the \fImethod\fR.
 .Sp
+As a special exception for backward compatibility, the \s-1ACL \s0\f(CW\*(C`ANYUSER\*(C'\fR
+(case-sensitive) is treated as equivalent to \f(CW\*(C`anyuser:auth\*(C'\fR.
+.Sp
 Each entry is checked in order, and access is granted as soon as an entry
 matches.  If no entry matches, access is denied.  The following methods
 may supported; however, be aware that the availability of several \s-1ACL\s0
 types depends on whether \fBremctld\fR was built with that support.  Each \s-1ACL\s0
 type is annotated with the version in which it was added.
 .RS 4
+.IP "anyuser" 4
+.IX Item "anyuser"
+[3.10] Permit access to any user.  This comes in two forms:
+.RS 4
+.IP "anyuser:auth" 4
+.IX Item "anyuser:auth"
+Permit any authenticated user.  This means not only the local Kerberos
+realm but also any realm with which there is a cross-realm trust
+relationship.
+.IP "anyuser:anonymous" 4
+.IX Item "anyuser:anonymous"
+Permit entirely anonymous users.  This means no authentication whatsoever
+is required to run the command.  Any client with network access to the
+server can run the command (using anonymous \s-1PKINIT\s0), assuming that
+anonymous service tickets are enabled for the local Kerberos realm.
+.RE
+.RS 4
+.Sp
+For backwards compatibility, the \s-1ACL \s0\f(CW\*(C`ANYUSER\*(C'\fR is treated as identical to
+\&\f(CW\*(C`anyuser:auth\*(C'\fR.  This was the only supported any-user \s-1ACL\s0 syntax prior to
+remctl 3.10.
+.RE
 .IP "file" 4
 .IX Item "file"
 [2.13] The data is the full path of an \s-1ACL\s0 file or to a directory
@@ -599,6 +624,11 @@ the authenticated client.
 .IP "\s-1REMOTE_ADDR\s0" 4
 .IX Item "REMOTE_ADDR"
 [2.1] The \s-1IP\s0 address of the remote host.  This may be IPv4 or IPv6.
+.IP "\s-1REMOTE_EXPIRES\s0" 4
+.IX Item "REMOTE_EXPIRES"
+[3.10] The time (in seconds since \s-1UNIX\s0 epoch) when the authenticated
+remote session will expire.  This will normally be the expiration time of
+the Kerberos ticket used to authenticate to the server.
 .IP "\s-1REMOTE_HOST\s0" 4
 .IX Item "REMOTE_HOST"
 [2.1] The hostname of the remote host, if it was available.  If reverse
diff --git a/docs/remctld.pod b/docs/remctld.pod
index dc68e17..c601043 100644
--- a/docs/remctld.pod
+++ b/docs/remctld.pod
@@ -3,7 +3,7 @@ remctld remctl -dFhmSvZ keytab GSS-API tcpserver inetd subcommand AFS
 backend logmask NUL acl ACL princ filename gput CMU GPUT xform ANYUSER IP
 IPv4 IPv6 hostname SCPRINCIPAL sysctld Heimdal MICs Ushakov Allbery
 subcommands REMUSER pcre PCRE triple-DES MERCHANTABILITY username arg
-SIGCONT SIGSTOP systemd IANA-registered localgroup
+SIGCONT SIGSTOP systemd IANA-registered localgroup PKINIT anyuser
 
 =head1 NAME
 
@@ -330,6 +330,9 @@ If I<method> is omitted, I<acl> must either begin with C</> or must not
 contain C<=>.  Otherwise, it will be parsed as an option instead.  If
 there is any ambiguity, prepend the I<method>.
 
+As a special exception for backward compatibility, the ACL C<ANYUSER>
+(case-sensitive) is treated as equivalent to C<anyuser:auth>.
+
 Each entry is checked in order, and access is granted as soon as an entry
 matches.  If no entry matches, access is denied.  The following methods
 may supported; however, be aware that the availability of several ACL
@@ -338,6 +341,31 @@ type is annotated with the version in which it was added.
 
 =over 4
 
+=item anyuser
+
+[3.10] Permit access to any user.  This comes in two forms:
+
+=over 4
+
+=item anyuser:auth
+
+Permit any authenticated user.  This means not only the local Kerberos
+realm but also any realm with which there is a cross-realm trust
+relationship.
+
+=item anyuser:anonymous
+
+Permit entirely anonymous users.  This means no authentication whatsoever
+is required to run the command.  Any client with network access to the
+server can run the command (using anonymous PKINIT), assuming that
+anonymous service tickets are enabled for the local Kerberos realm.
+
+=back
+
+For backwards compatibility, the ACL C<ANYUSER> is treated as identical to
+C<anyuser:auth>.  This was the only supported any-user ACL syntax prior to
+remctl 3.10.
+
 =item file
 
 [2.13] The data is the full path of an ACL file or to a directory
@@ -506,6 +534,12 @@ the authenticated client.
 
 [2.1] The IP address of the remote host.  This may be IPv4 or IPv6.
 
+=item REMOTE_EXPIRES
+
+[3.10] The time (in seconds since UNIX epoch) when the authenticated
+remote session will expire.  This will normally be the expiration time of
+the Kerberos ticket used to authenticate to the server.
+
 =item REMOTE_HOST
 
 [2.1] The hostname of the remote host, if it was available.  If reverse