| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
| |
We currently have no support for obeying the TTLs on DNS records
containing the addresses of servers in other realms. For now, kludge
around this by rechecking these addresses once a day whether we need
to or not.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we are using c-ares to resolve otherrealm server names asynchronously,
there is a period of time during startup during which a realm may have no
servers whose names we have successfully resolved. This can also happen
when a realm is added, or when servers for a realm are deleted, and even
without asynchronous resolution, it can happen if we are having trouble
resolving names.
We now avoid trying to send notices to realms for which there are no usable
servers (that is, servers which are not deleted, not marked nosend, and
whose names have been resolved). Currently, when this happens, the notice
to be sent is just dropped on the floor. Arguably, we should manage a
queue of packets waiting to be sent to such a realm, and resend them if we
ever discover a usable server. But that would be complicated.
In addition, since we are basically never ready to send realm wakeups when
processing the realm.list, they are now deferred until the first server's
name has been resolved (and then, until the timer queue is processed).
This has the additional effect of causing wakeups to be sent for realms
which appear during a realm.list reload.
|
| |
|
|
| |
This fixes #73
|
| |
|
|
|
|
|
|
|
|
|
|
| |
With asynchronous name resolution and timers, we need to keep around
pointers to individual other-realm servers. This, we cannot move
existing servers around in memory without causing data corruption.
But, realm_init() wants to reallocate the srvrs array for a realm when
adding servers.
Therefore, to allow ZRealm.srvrs to be reallocated without changing the
addresses of existing servers, it is converted from an array of servers
to an array of pointers to servers.
|
| |
|
|
| |
It's sort of nice to be able to build with debugging.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
The task of looking up a server's hostname is moved into a separate
function, which will make things cleaner when we start doing so in more
than one place.
|
| |
|
|
|
|
|
|
|
| |
Whether a particular server is usable currently depends only on whether we
have successfully obtained its IP address. However, eventually it will also
depend on additional factors such as whether the server has been deleted from
the realm.list. To ease that transition, replace the 'usable' flag with a
'got_addr' flag (which is set when the address lookup succeeds), and add a
new function to test whether a server is usable.
|
| |
|
|
|
|
|
|
|
|
| |
This makes realm_init() augment the existing other-realm array instead
of replacing it wholesale, which makes it safe to call more than once.
During the first call in which the realm.list file exists and contains at
least one realm, the otherrealms array will be initialized with entries
for all configured realms. During subsequent calls, any new realms will
be added, growing the array as necessary. For now, entries for existing
realms are not updated in any way.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The server keeps pointers to realms in non-ephemeral data structures, such
as triplet subscriber lists. Thus, we cannot move existing realms around
in memory without causing data corruption. However, dynamic reloading of
the realm.list means new realms can appear, which sooner or later will
mean reallocating the otherrealms array to make room for more realms.
Therefore, to allow otherrealms to be reallocated without changing the
addresses of existing realms, otherrealms is converted from an array of
realms to an array of pointers to realms.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Use interned strings instead of strdup() and fixed-size arrays for names
of other realms and their servers. This gives immediate improvement in
the form of doing fewer string compares when loading the realm.list,
plus the obvious benefit of eliminating some fixed char arrays. It also
paves the way for efficiently identifying existing realms and servers to
be updated when reloading the realm.list.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of returning an array of server hostname strings for each realm,
get_realm_lists() now returns an array of struct _ZRealm_server for each
realm. This allows it to return additional per-server information found
in the realm.list file, such as the nosend flag, and simplifies creation
of the final per-realm server list.
This change will make it easier to use interned strings for server names,
which will eventually enable efficient processing of updates to server
configuration when the realm.list file is reloaded.
|
| |
|
|
|
|
|
|
|
|
| |
Introduce a new per-realm-server 'usable' flag, which indicates the entry has
been fully initialized and can be used. Routines which select a server or
attempt to find one based on its address should ignore servers on which the
usable flag is not set.
This will allow the introduction of features which require recording servers
which are not yet usable, such as asynchronous server name resolution.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
From: Derrick J Brashear <shadow@dementia.org>
To: zephyr-peers@dementia.org
Subject: [zephyr-peers] last time, i hope: new zephyr server
Date: Thu, 27 Mar 2003 21:44:02 -0500 (EST)
[...]
-enhanced realm.list semantics. [...] if a server hostname is prefixed with /,
it indicates we can receive messages from the realm from this server, but
should not send to it.
|
| |
|
|
|
|
|
|
|
|
| |
Replace the per-realm array of servers with a per-realm array of
struct _ZRealm_server, so that we can have additional information
associated with each server.
Additionally, introduce the concept that not every server in a realm's
list is necessarily a suitable place to send notices. This means that
when selecting a server, we may need to skip ineligible entries.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate compiler warnings due to various issues (listed below). This
allows Zephyr to build cleanly under GCC versions ranging from 4.1.0 to
4.7.2 with all of the options shown below:
-g -O2 -Wall -Werror
-Wno-deprecated-declarations
-Wmissing-declarations
-Wpointer-arith
-Wstrict-prototypes
-Wshadow
-Wextra
-Wno-missing-field-initializers
-Wno-unused-parameter
and, on recent versions, -Wunreachable-code
Test builds were done
- On Ubuntu 12.10 (Quantal Quetzal) using both MIT Kerberos 1.10.1 and
Heimdal 1.6, without krb4 and both with and without C-Ares and Hesiod
- On Fedora 14 using Heimdal 0.6, without C-Ares or Hesiod and both
with and without krb4 (KTH Kerberos 1.3rc2)
- On Fedora Core 3, Fedora Core 5, Fedora 7, and Fedora 10, using
Heimdal 0.6 and without C-Ares, Hesiod, or krb4
It also allows clean builds on Solaris 10 under the Sun Studio 12 (9/07)
C compiler with the following options:
-g -fd -v -errfmt -errhdr=%user -errtags=yes -errwarn=%all
-erroff=E_OLD_STYLE_FUNC_DECL,E_ENUM_TYPE_MISMATCH_ARG,E_ARG_INCOMPATIBLE_WITH_ARG
... and under Solaris 9 with the Sun Forte 7 (3/02) C compiler with the above
options and -erroff=E_FUNC_HAS_NO_RETURN_STMT. Solaris builds were done
with Heimdal 0.6 and without C-Ares, Hesiod, or krb4.
The following types of issues are addressed in this change:
- Parameters and local variables with the same names as library functions
- Parameters and local variables with the same names as globals
- Declarations for exported global variables missing from headers
- Prototypes for exported functions missing from headers
- Missing 'static' on functions that shouldn't be exported
- Old-style function declarations
- Duplicate declarations
- Type mismatches
- Unused variables and functions
- Uninitialized variables
- Forward references to enums
- Necessary header files not included
- Violations of the aliasing rules, where GCC was able to detect them
- Missing braces on if blocks that might be empty
- Attempts to do pointer arithmetic on pointers of type void *, which
is not permitted in standard C.
- An attempt to pass a function pointer via a void * parameter, which is
not permitted in standard C. Instead, we now pass a pointer to a
structure, which then contains the required function pointer.
- Unnecessary inclusion of <krb5_err.h>, which is already included by
<krb5.h> when the former exists, and might not be protected against
double inclusion, depending on which com_err was used.
- Missing include of <com_err.h>, which was masked by the fact that it is
included by headers generated by e2fsprogs compile_et
- Use of com_err() with a non-constant value in place of the format string,
which in every case was a fixed-size buffer in which a message was built
using sprintf(!). Both the calls to sprintf and the fixed-size buffers
have been removed, in favor of just letting com_err() do the formatting.
- Various cases where X library functions expecting a parameter of type
wchar_t * were instead passed a parameter of type XChar2b *. The two
types look similar, but are not the same and are _not_ interchangeable.
- An overly-simplistic configure test which failed to detect existence of
<term.h> on Solaris, due to not including <curses.h>.
- Using the wrong type for the flags output of krb5_auth_con_getflags()
when building against Heimdal. A configure test is added to detect
the correct type.
|
| |
|
|
|
|
|
|
|
|
| |
tkt_lookup() is supposed to quickly obtain a ticket for a foreign realm
if we already have a usable one, and quickly fail otherwise. Sending a
request to a KDC and waiting for a response, as krb5_get_credentials()
may do, defeats the purpose of tkt_retrieve() retrying failed requests
in the background. So, use krb5_cc_retrieve_cred() instead.
Extracted from Andrew zephyr/063
|
| |
|
|
|
|
|
|
| |
realm_sendit is responsible for sending notices that do not have useful
realm authentication, either because they are not authentic, or because
of kerberos problems acquiring a ticket for the foreign zephyr realm. In
either case, any authentication in the notice will not be usable to the
foreign server, and ought to be stripped out.
|
| |
|
|
|
|
|
|
|
|
| |
In addition to the packet length problem discussed last night, the
realm_auth_sendit_nacked refactor also had a cut-n-paste error. In the
unfragmented case, it passed in partnotice.z_uid instead of
newnotice.z_uid. In that branch of the if, partnotice is
uninitialized... My (derrick's) servers are no longer constantly
complaining (in new debug code) that realm_nack_cancel couldn't find
the nack to dequeue, so I think I'm done with this problem.
|
| | |
|
| | |
|
| |
|
|
| |
nuke-trailing-whitespace.
|
| |
|
|
| |
nelhage@mit.edu for noticing)
|
| |
|
|
|
|
|
| |
deprecated sender_addr macro.)
Actually remove the code from realm.c:real_dispatch because nothing was using
the result.
Ran nuke-trailing-whitespace on all the files I touched, as usual.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
krb4 arithmetic -> MAX_PRINCIPAL_SIZE
check your math
return errno when fork fails
|
| | |
|
| |
|
|
| |
getsid problem
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
* Replace entire file, resyncing interrealm code between us and CMU.
|
| |
|
|
| |
divide by zero later.
|
| | |
|
| | |
|
| |
|
|
|
| |
and rename client_which_client() to client_find() and make the second
argument a port instead of a notice.
|
| | |
|
| | |
|
| | |
|
| | |
|
Jeffrey Hutzelman
Derrick Brashear
Chaskiel Grundman
Karl Ramm
Karl Ramm
Garry Zacheiss
Dan Winship
Greg Hudson