| Commit message (Collapse) | Author | Age |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
| |
This makes realm_init() augment the existing other-realm array instead
of replacing it wholesale, which makes it safe to call more than once.
During the first call in which the realm.list file exists and contains at
least one realm, the otherrealms array will be initialized with entries
for all configured realms. During subsequent calls, any new realms will
be added, growing the array as necessary. For now, entries for existing
realms are not updated in any way.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The server keeps pointers to realms in non-ephemeral data structures, such
as triplet subscriber lists. Thus, we cannot move existing realms around
in memory without causing data corruption. However, dynamic reloading of
the realm.list means new realms can appear, which sooner or later will
mean reallocating the otherrealms array to make room for more realms.
Therefore, to allow otherrealms to be reallocated without changing the
addresses of existing realms, otherrealms is converted from an array of
realms to an array of pointers to realms.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Use interned strings instead of strdup() and fixed-size arrays for names
of other realms and their servers. This gives immediate improvement in
the form of doing fewer string compares when loading the realm.list,
plus the obvious benefit of eliminating some fixed char arrays. It also
paves the way for efficiently identifying existing realms and servers to
be updated when reloading the realm.list.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of returning an array of server hostname strings for each realm,
get_realm_lists() now returns an array of struct _ZRealm_server for each
realm. This allows it to return additional per-server information found
in the realm.list file, such as the nosend flag, and simplifies creation
of the final per-realm server list.
This change will make it easier to use interned strings for server names,
which will eventually enable efficient processing of updates to server
configuration when the realm.list file is reloaded.
|
| |
|
|
|
|
|
|
|
|
| |
Introduce a new per-realm-server 'usable' flag, which indicates the entry has
been fully initialized and can be used. Routines which select a server or
attempt to find one based on its address should ignore servers on which the
usable flag is not set.
This will allow the introduction of features which require recording servers
which are not yet usable, such as asynchronous server name resolution.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
From: Derrick J Brashear <shadow@dementia.org>
To: zephyr-peers@dementia.org
Subject: [zephyr-peers] last time, i hope: new zephyr server
Date: Thu, 27 Mar 2003 21:44:02 -0500 (EST)
[...]
-enhanced realm.list semantics. [...] if a server hostname is prefixed with /,
it indicates we can receive messages from the realm from this server, but
should not send to it.
|
| |
|
|
|
|
|
|
|
|
| |
Replace the per-realm array of servers with a per-realm array of
struct _ZRealm_server, so that we can have additional information
associated with each server.
Additionally, introduce the concept that not every server in a realm's
list is necessarily a suitable place to send notices. This means that
when selecting a server, we may need to skip ineligible entries.
|
| |
|
|
| |
This fixes #94
|
| |
|
|
| |
close #71
|
| |
|
|
|
|
|
|
| |
If we have no Kerberos credentials, we cannot create a checksum.
This can happen if, for example, we end up with an expired TGT.
In this case, instead of crashing, just leave the zero checksum.
This fixes #80
|
| |
|
|
|
|
|
| |
When retransmitting a notice after a timeout, just send the original packet
instead of reformatting the notice, which destroys new-style authenticators.
This fixes #92
|
| |
|
|
|
|
| |
This can't get subs in the athena realm.
This reverts commit b92153fac201a9a22779817be5f2375f7cf754fc.
|
| |
|
|
| |
This fixes #94
|
| |
|
|
|
|
|
|
| |
Client acks don't actually include authenticators or checksums, but do
claim to be authed if the original notice was. So, don't bother ever
checking authentication on client acks.
This fixes #93
|
| |
|
|
|
|
|
|
|
|
|
| |
If -N was used, then not only should the hostmanager not send an HM_BOOT
to the first server it contacts; it should also not send one to other
servers it tries when the first one fails to respond. However, it should
consistently send HM_BOOT when coming back from a SIGHUP deactivation
where it has previously sent HM_FLUSH (if you don't want that behavior,
use -f and avoid sending SIGHUP to the hostmanager).
This fixes #88
|
| |
|
|
|
|
|
|
|
|
| |
When processing a request to retrieve subscriptions, we actually do need
to send a SERVACK in response to the incoming notice before sending the
subscription list (directly) to the client that requested it. The line
that did this was inadvertently removed when the OLD_COMPAT support was
removed in commit 9b709859db5310444052d13ed8ebccec6ead1669.
This fixes #91
|
| |
|
|
|
|
|
|
|
|
| |
When a braindump fails, leave the other server's status at SERV_STARTING
instead of downgrading to SERV_DEAD, and schedule the next hello to that
server at the regular timeout instead of immediately. Otherwise, failed
bdumps are retried repeatedly with no delay, keeping the server busy, the
logs full, and the network congested.
This fixes #89
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate compiler warnings due to various issues (listed below). This
allows Zephyr to build cleanly under GCC versions ranging from 4.1.0 to
4.7.2 with all of the options shown below:
-g -O2 -Wall -Werror
-Wno-deprecated-declarations
-Wmissing-declarations
-Wpointer-arith
-Wstrict-prototypes
-Wshadow
-Wextra
-Wno-missing-field-initializers
-Wno-unused-parameter
and, on recent versions, -Wunreachable-code
Test builds were done
- On Ubuntu 12.10 (Quantal Quetzal) using both MIT Kerberos 1.10.1 and
Heimdal 1.6, without krb4 and both with and without C-Ares and Hesiod
- On Fedora 14 using Heimdal 0.6, without C-Ares or Hesiod and both
with and without krb4 (KTH Kerberos 1.3rc2)
- On Fedora Core 3, Fedora Core 5, Fedora 7, and Fedora 10, using
Heimdal 0.6 and without C-Ares, Hesiod, or krb4
It also allows clean builds on Solaris 10 under the Sun Studio 12 (9/07)
C compiler with the following options:
-g -fd -v -errfmt -errhdr=%user -errtags=yes -errwarn=%all
-erroff=E_OLD_STYLE_FUNC_DECL,E_ENUM_TYPE_MISMATCH_ARG,E_ARG_INCOMPATIBLE_WITH_ARG
... and under Solaris 9 with the Sun Forte 7 (3/02) C compiler with the above
options and -erroff=E_FUNC_HAS_NO_RETURN_STMT. Solaris builds were done
with Heimdal 0.6 and without C-Ares, Hesiod, or krb4.
The following types of issues are addressed in this change:
- Parameters and local variables with the same names as library functions
- Parameters and local variables with the same names as globals
- Declarations for exported global variables missing from headers
- Prototypes for exported functions missing from headers
- Missing 'static' on functions that shouldn't be exported
- Old-style function declarations
- Duplicate declarations
- Type mismatches
- Unused variables and functions
- Uninitialized variables
- Forward references to enums
- Necessary header files not included
- Violations of the aliasing rules, where GCC was able to detect them
- Missing braces on if blocks that might be empty
- Attempts to do pointer arithmetic on pointers of type void *, which
is not permitted in standard C.
- An attempt to pass a function pointer via a void * parameter, which is
not permitted in standard C. Instead, we now pass a pointer to a
structure, which then contains the required function pointer.
- Unnecessary inclusion of <krb5_err.h>, which is already included by
<krb5.h> when the former exists, and might not be protected against
double inclusion, depending on which com_err was used.
- Missing include of <com_err.h>, which was masked by the fact that it is
included by headers generated by e2fsprogs compile_et
- Use of com_err() with a non-constant value in place of the format string,
which in every case was a fixed-size buffer in which a message was built
using sprintf(!). Both the calls to sprintf and the fixed-size buffers
have been removed, in favor of just letting com_err() do the formatting.
- Various cases where X library functions expecting a parameter of type
wchar_t * were instead passed a parameter of type XChar2b *. The two
types look similar, but are not the same and are _not_ interchangeable.
- An overly-simplistic configure test which failed to detect existence of
<term.h> on Solaris, due to not including <curses.h>.
- Using the wrong type for the flags output of krb5_auth_con_getflags()
when building against Heimdal. A configure test is added to detect
the correct type.
|
| | |
|
| |
|
|
|
|
| |
Depending on how it was built, libkrb may not have a libdes dependency,
and libdes may in fact not even exist. Don't fail unnecessarily in this
case.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
libss may not have direct dependencies on readline and/or curses, and
those libraries may in fact not even exist. If there is a dependency,
a libss shared-library won't need us to link against it in any event.
While old versions of libss were normally built only as archive libraries,
I have been unable to find a version of that vintage which depends on
readline or curses. Newer versions ship as shared libraries, and at least
one widely-ditributed implementation still has no such dependency, but
does appear to be able to load libreadline dynamically if it is present
at runtime.
KTH's libsl, which is an enhanced but drop-in-compatible libss replacement
distributed with Heimdal, does depend on their editline library. But,
while libeditline is a functional replacement for readline, its API is
completely different. And again, this is generally a shared-library
dependency of which we need not be aware.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows ACLs to grant access based on the IP address of a client
instead of its principal name. This is done using ACL entries with the
syntax "@a.b.c.d". Currently, only IPv4 addresses are supported. A single
entry may match all hosts on a particular subnet by using CIDR notation,
written as @a.b.c.d/nn. If no length is given, 32 is assumed.
Host and principal entries can be freely mixed within the same ACL; the ACL
matches if any entry matches the client. Note that this means that ACLs can
now match unauthenticated clients (however, this does not lift the general
constraint that only authenticated clients can subscribe at all).
Additionally, support for negative ACL entries is added. These entries are
indicated by a leading '!', which may be applied to both principal and host
entries. Negative entries are applied in the style of AFS ACLs; that is,
a matching negative entry overrides any positive entry and thus guarantees
that matching clients will be denied access.
(edited slightly for style by kcr@1TS.ORG)
|
| | |
|
| |
|
|
|
|
| |
Fix indentation and remove an inappropriate comment in add_subscriptions(),
both of which were the result of a botched merge a long time ago. The
actual logic was merged correctly and so does not change.
|
| |
|
|
|
|
|
| |
The result of Z_krb5_verify_cksum is supposed to be nonzero on success and
0 on failure. But if krb5_crypto_init() failed, we were returning the
resulting error code, effectively accepting any checksum, when instead we
should reject the checksum since we cannot verify it.
|
| |
|
|
|
| |
Fix a leak in which we fail to free a Kerberos authentication context
in ZCheckSrvAuthentication if getting or setting the context flags fails.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From -c shadow on 15-Nov-2011, discussing a problem where some notices
received from other realms were causing clients to crash:
So, the packet that crashed my client had extra garbage beyond what
should have been the end of the packet. So z_multinotice was 0/61,
but the packet was longer than 61. Which means the logic that should
have treated this as an unfragmented notice (because partof ==
z_message_len) did not trigger.
So a holelist gets created, with enough storage for partof, and then
Z_AddNoticeToEntry is called to copy z_message_len (> partof) bytes
into it.
So, I don't know why your client, or the server, or something, is sending
packets longer than the message length, but I don't think I actually want
to just discard those, because then "legitimate" messages would vanish.
Instead, if part + notice->z_message_len > partof, I just want to ignore
the extra.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bug report from dkindred in libzephyr affecting amd64_fc5:
There's a bug in libzephyr (introduced in version
zephyr-064) that is causing tzc to fail on amd64_fc5:
In /afs/cs/misc/zephyr/src/zephyr-064/lib/ZRecvNot.c line
33, 'nextq' is tested without being initialized (see code
below).
I imagine the appropriate fix is to put that "if (!nextq)"
test just *after* the "nextq = Z_GetFirstComplete();" line
instead of just before.
- Darrell
|
| |
|
|
|
|
|
| |
Z_GetFirstComplete() can return NULL; in that case, we don't want to
dereference the pointer it returns.
Extracted from Andrew zephyr/064; authorship uncertain.
|
| |
|
|
|
|
|
|
|
|
| |
tkt_lookup() is supposed to quickly obtain a ticket for a foreign realm
if we already have a usable one, and quickly fail otherwise. Sending a
request to a KDC and waiting for a response, as krb5_get_credentials()
may do, defeats the purpose of tkt_retrieve() retrying failed requests
in the background. So, use krb5_cc_retrieve_cred() instead.
Extracted from Andrew zephyr/063
|
| |
|
|
|
|
|
|
|
| |
If we want to receive login/logout notices for a user in another realm,
we need to subscribe to them in that realm.
Extracted from Andrew zephyr/058, which reverts a change to client-side
interrealm support that was inadvertently introduced when importing new
code from Athena.
|
| |
|
|
|
|
| |
We need the bytes, no modern client uses it, and it's inherently a
security vulnerability. For those clients that do use it, provide a link
to a page on the zephyr wiki that explains the issue.
|
| |
|
|
|
| |
memset new notice objects in subscr.c (really needed now since all
ZFormat* routines require z_num_hdr_fields to be valid or 0.)
|
| |
|
|
|
|
|
|
| |
realm_sendit is responsible for sending notices that do not have useful
realm authentication, either because they are not authentic, or because
of kerberos problems acquiring a ticket for the foreign zephyr realm. In
either case, any authentication in the notice will not be usable to the
foreign server, and ought to be stripped out.
|
| |
|
|
|
|
|
| |
Have Z_FormatRawHeader call Z_ZcodeFormatRawHeader to reduce duplication
and error. Z_FormatRawHeader was previously adding headers 17 and 18
unconditionally, which was not proper for a server forwarding an unauth
message.
|
| | |
|
| | |
|
| |
|
|
| |
To my knowledge, this hasn't been enabled by anyone in ages
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
Jeffrey Hutzelman
Derrick Brashear
Karl Ramm
Darrell Kindred
Geoffrey Thomas
Chaskiel Grundman