| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
| |
Z_GetFirstComplete() can return NULL; in that case, we don't want to
dereference the pointer it returns.
Extracted from Andrew zephyr/064; authorship uncertain.
|
|
|
|
|
|
|
|
|
|
| |
tkt_lookup() is supposed to quickly obtain a ticket for a foreign realm
if we already have a usable one, and quickly fail otherwise. Sending a
request to a KDC and waiting for a response, as krb5_get_credentials()
may do, defeats the purpose of tkt_retrieve() retrying failed requests
in the background. So, use krb5_cc_retrieve_cred() instead.
Extracted from Andrew zephyr/063
|
|
|
|
|
|
|
|
|
| |
If we want to receive login/logout notices for a user in another realm,
we need to subscribe to them in that realm.
Extracted from Andrew zephyr/058, which reverts a change to client-side
interrealm support that was inadvertently introduced when importing new
code from Athena.
|
|
|
|
|
|
| |
We need the bytes, no modern client uses it, and it's inherently a
security vulnerability. For those clients that do use it, provide a link
to a page on the zephyr wiki that explains the issue.
|
|
|
|
|
| |
memset new notice objects in subscr.c (really needed now since all
ZFormat* routines require z_num_hdr_fields to be valid or 0.)
|
|
|
|
|
|
|
|
| |
realm_sendit is responsible for sending notices that do not have useful
realm authentication, either because they are not authentic, or because
of kerberos problems acquiring a ticket for the foreign zephyr realm. In
either case, any authentication in the notice will not be usable to the
foreign server, and ought to be stripped out.
|
|
|
|
|
|
|
| |
Have Z_FormatRawHeader call Z_ZcodeFormatRawHeader to reduce duplication
and error. Z_FormatRawHeader was previously adding headers 17 and 18
unconditionally, which was not proper for a server forwarding an unauth
message.
|
| |
|
| |
|
|
|
|
| |
To my knowledge, this hasn't been enabled by anyone in ages
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
devscript will mostly be required by the release mechanisms,
but git will be required for figuring out a build-time version number
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
In addition to the packet length problem discussed last night, the
realm_auth_sendit_nacked refactor also had a cut-n-paste error. In the
unfragmented case, it passed in partnotice.z_uid instead of
newnotice.z_uid. In that branch of the if, partnotice is
uninitialized... My (derrick's) servers are no longer constantly
complaining (in new debug code) that realm_nack_cancel couldn't find
the nack to dequeue, so I think I'm done with this problem.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
So that the packaging will still work with the libtoolize on lenny
|
| |
|
| |
|
|
|
|
|
| |
i.e. don't keep generated or foreign stuff in our source tree.
As a side effect, this lets us use a libtool, etc. from this century
|
|
|
|
|
| |
Does everything still work if configure checks for iconv_open rather
than the mysterious libiconv_open? Tune into an autobuilder near you...
|
| |
|
|
|
|
| |
Fixes #58
|
| |
|
|
|
|
| |
Fixes #72
|
|
|
|
| |
So it can check for a keytab rather than a srvtab. Fixes #43.
|
|
|
|
|
|
|
| |
The fact that the Heimdal and MIT APIs are subtly different strikes again.
I am honestly starting to wonder if they make it look this similar just
to frustrate people; I only don't believe it because neither team seems
like that sort of person. Fixes #74.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Since these are constants used in the protocol be explicit about what values
the C compiler is assigning them, and that they can't be arbitrarily
rearranged.
Also, since we were promising strings for describing them in zephyr.h
actually define the array.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
notice->z_authent_authent_len will be zero.
|