summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* The logging is too chatty and the control flow is too incomprehensibleGravatar Karl Ramm2013-10-27
|
* complete the acl_files unit testGravatar Karl Ramm2013-10-26
|
* rearrange the function so as to have the logging workGravatar Karl Ramm2013-10-26
|
* expand unit testing into acl_files.cGravatar Karl Ramm2013-10-26
|
* Use the right variable for the log message.Gravatar Karl Ramm2013-10-26
| | | | I need to learn to be more careful when throwing around the word "properly".
* handle unauth checks _properly_Gravatar Karl Ramm2013-10-26
|
* If no hostname is specified, use 127.0.0.1.Gravatar Karl Ramm2013-10-26
| | | | | | | | If no hostname is specified, use 127.0.0.1, rather than trying to infer the IP address of the local host from the system hostname, because as computers are considerably cheaper and lighter than they were in 1987, they are somewhat more often on the network on an address that doesn't match their hostname.
* only grab the last chunk of the branchGravatar Karl Ramm2013-10-25
|
* ZCheckSrvAuthentication: free the auth context and the authenticator way earlierGravatar Karl Ramm2013-10-25
|
* release 3.1.1Gravatar Karl Ramm2013-10-25
|
* Unauth'd messages, ODDLY, do not have a sender for the acl libraryGravatar Karl Ramm2013-10-25
|
* Make the specified krb5 path the _first_ place we look for krb5-configGravatar Karl Ramm2013-10-13
| | | | | Just in case there's a system krb5-config and we're being told to use some other one..
* This is small, but -entirely dead-.Gravatar Karl Ramm2013-10-12
|
* release 3.1Gravatar Karl Ramm2013-10-12
|
* release 3.1~rc2Gravatar Karl Ramm2013-10-06
|
* substitute $Id$ strings, keep some stuff from getting exportedGravatar Karl Ramm2013-10-06
|
* try to expose the branch nameGravatar Karl Ramm2013-10-05
|
* substitute ~ back out of the tag in get_versGravatar Karl Ramm2013-10-05
|
* ZCheckRealmAuthentication is no more.Gravatar Karl Ramm2013-09-30
|
* dewarn; unused variableGravatar Karl Ramm2013-09-30
|
* i is unused there, and here without KRB5Gravatar Karl Ramm2013-09-30
|
* release 3.1~rc1Gravatar Karl Ramm2013-09-28
|
* turns out we get config.{guess,sub} from libtoolizeGravatar Karl Ramm2013-09-28
|
* Dances with MakefilesGravatar Karl Ramm2013-09-28
|
* The python tests are too fragile to try and make anyone but Mark and I run them.Gravatar Karl Ramm2013-09-28
|
* rename zephyr python modules to zephyr_ctypesGravatar Karl Ramm2013-09-28
| | | | | Having more plausible claimants to the title of "python zephyr module" installed was interfering with builds.
* Our history has moved.Gravatar Karl Ramm2013-09-28
|
* release 3.1~rc0Gravatar Karl Ramm2013-09-28
|
* make it build without kerberosGravatar Karl Ramm2013-09-28
|
* Implement ZDumpSession and ZLoadSessionGravatar David Benjamin2013-09-28
| | | | This is unlikely to ever get merged, but it'll be handy for roost.
* Use the saved session keys in ZCheckZcodeAuthenticationGravatar David Benjamin2013-09-28
| | | | | | | | | | | | | | | | | This allows for authentication checking to continue working even when tickets expire or are renewed. Also include key expiration logic. This is possibly overly conservative and paranoid by a couple orders of magnitude. Intentionally do not use SERVACK because they're mildly annoying to get at and aren't authenticated. When we receive a notice authenticated with a key, we know the server has received it. From there, we can infer that sufficiently old keys are stale. We can't remove stale keys immediately because some older notices may still be in flight, but after a grace period they can go. The timeout is set to 60 seconds, which is fairly high, but matches Z_ReadWait's timeout.
* Create an alternate Z_AuthProc that saves keysGravatar David Benjamin2013-09-28
| | | | | | | The start of proper session key management in libzephyr. A new Z_AuthProc is added which appends the key into a queue. ZSubscribeTo and ZSubscribeToSansDefaults are modified to use it. For now, it's extremely simple and makes no attempt to expire old keys.
* Add internal Z_MakeZcodeAuthentication functionGravatar David Benjamin2013-09-28
| | | | Explicitly takes a krb5_creds as input.
* Bump find_or_insert_uid's time limitGravatar David Benjamin2013-09-28
| | | | | | | Basing it on krb4's CLOCK_SKEW value doesn't make any sense. We pick 900 because it is just over 128 + 256 + 512, the longest group of three timeouts in the retransmit schedule used by the zephyrd. This allows us to miss two packets in a row and still be fine.
* Turn find_or_insert_uid's buffer into an LRU cacheGravatar David Benjamin2013-09-28
| | | | | | If we see a duplicated packet, that means the server missed (or raced with) our CLIENTACK, which means we should update the timestamp on the entry to reset the aging.
* Drop packets with garbage at the end on the floorGravatar David Benjamin2013-09-28
| | | | | | | | | | | | | This effectively reverts 170736db76139ed9fff9dbf70a55d4ba4f25d9bd. That commit didn't work anyway. It fails to update packet_len, so we computed the Z_InputQ's header_len wrong and fail to truncate the garbage anyway. Plus packets like that likely come from a broken cross-realm zephyrd without f276622ace757977fec43633e43577350e0cf6fe, so we want to drop them. That patch has yet to be in a released libzephyr, so if there are other sources of notices with trailing garbage, no one was relying on them working anyway. On the contrary, we were relying on them NOT working in that it masks broken cross-realm zephyrds.
* Simplify Z_AddNoticeToEntry a bitGravatar David Benjamin2013-08-20
| | | | | The holelist isn't kept sorted; we used to always append to the end. But it's a singly-linked list, so prepending to it is going to be much much simpler.
* cleanup debian/changelog and fix the bug in the release script that was ↵Gravatar Karl Ramm2013-08-08
| | | | messing it up
* release 3.1~beta1Gravatar Karl Ramm2013-08-08
|
* autoconf check for krb5_free_unparsed_nameGravatar Karl Ramm2013-08-08
|
* Defensively avoid waiting on non-initial SERVACKsGravatar David Benjamin2013-08-08
| | | | | | | | | | | Although the previous commit should make it very unlikely we screw up the subscription sharding, be defensive about waiting for SERVACKs. ZSubscribeTo does mess up, Z_SendFragmentedNotice will shard with a z_multiuid. In that case, although the second packet will get a SERVACK, Z_ReadWait kindly drops it on the floor. The ZIfNotice will then just hang. Tested by bumping zwgc's BATCH_SIZE up to 200, reverting the previous commit, and strace.
* Add fudge factor in subscription shardingGravatar David Benjamin2013-08-08
| | | | | | | | | | | | | | | | | Header lengths are not constant-size because Zcode escapes bytes 0xFF and 0x00 into two bytes. If we end up filling up close to all the space we have and Z_SendFragmentedNotice then computes a header length larger than ours by enough, the message gets fragmented. Getting it fragmented is especially unfortunate because only the first of a fragmented notice ever has a SERVACK survive. (They all get SERVACKs, but libzephyr kindly drops all but the first on the floor.) This isn't a watertight fix; we may get really really unlucky and blow up 13 bytes in the authenticator and checksum. But that's not likely, and a proper fix would involve either computing based on the maximum possible authenticator size (wasteful and hard to bound tightly) or changing to protocol to use a less inappropriate encoding.
* Add a bunch of files to .gitignoreGravatar David Benjamin2013-08-08
|
* Call krb5_unparse_name in server/kstuff.cGravatar David Benjamin2013-08-08
| | | | Looks like it's the same as free right now, but may as well call the right one.
* Free the result of krb5_unparse_name in ZGetSenderGravatar David Benjamin2013-08-08
| | | | Minor memory leak, but we may as well fix it.
* Expose Z_Subscriptions as ZSubscriptionsGravatar David Benjamin2013-08-08
| | | | | | With a custom send_routine that mirrors ZSrvSendList. This allows for an asynchronous version that replaces send_routine with non-blocking versions (and waits for ACKs out-of-band).
* Remove unauthenticated support from subs codeGravatar David Benjamin2013-08-08
| | | | | | It's only used by ZCancelSubscription, but the server rejects unauthenticated CLIENT_CANCELSUB requests anyway. The unauthenticated codepath results in a SERVNAK and doesn't drop subs.
* Don't pass HMACKs through reassembly codeGravatar David Benjamin2013-08-08
| | | | | | | | | | | | | | | | | | | ACKs to fragmented notices keep the multiuid field, but multipart becomes "". This is interpreted as 0/z_message_length. This means ACKs to non-initial fragments look like an initial fragment from the multipart field, but not when checking uid == multiuid. The result is that they get smashed when passing through reassembly. 6e8ec12b0ba9d476e065957028e4cf9cf69d6ac2 addressed this. For SERVACKs and SERVNAKs, it drops all but the initial ones (uid == multipart) on the floor. It ignores the problem for HMACKs. Normally ZSendPacket blocks on the HMACK before sending each successive fragment, so there's no opportunity for them to collide. But if calling ZSrvSendNotice with a custom send_function that doesn't block, the HMACKs can smash into each other depending on timing. Instead, fix it by using z_uid instead of z_multiuid as the multiuid key. For compatibility, keep the SERVACK dropping behavior. (I'd like to get all the SERVACKs too, but potentially that'll confuse clients somewhat.)
* Mark cksum_map as constGravatar David Benjamin2013-08-08
| | | | May as well put it in .rodata
* ZSendNotice: Don't leak buffer in error caseGravatar David Benjamin2013-08-08
| | | | | I would hope this codepath can never trigger, but good to clean up properly here.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-21 04:06:45 +0000