| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate compiler warnings due to various issues (listed below). This
allows Zephyr to build cleanly under GCC versions ranging from 4.1.0 to
4.7.2 with all of the options shown below:
-g -O2 -Wall -Werror
-Wno-deprecated-declarations
-Wmissing-declarations
-Wpointer-arith
-Wstrict-prototypes
-Wshadow
-Wextra
-Wno-missing-field-initializers
-Wno-unused-parameter
and, on recent versions, -Wunreachable-code
Test builds were done
- On Ubuntu 12.10 (Quantal Quetzal) using both MIT Kerberos 1.10.1 and
Heimdal 1.6, without krb4 and both with and without C-Ares and Hesiod
- On Fedora 14 using Heimdal 0.6, without C-Ares or Hesiod and both
with and without krb4 (KTH Kerberos 1.3rc2)
- On Fedora Core 3, Fedora Core 5, Fedora 7, and Fedora 10, using
Heimdal 0.6 and without C-Ares, Hesiod, or krb4
It also allows clean builds on Solaris 10 under the Sun Studio 12 (9/07)
C compiler with the following options:
-g -fd -v -errfmt -errhdr=%user -errtags=yes -errwarn=%all
-erroff=E_OLD_STYLE_FUNC_DECL,E_ENUM_TYPE_MISMATCH_ARG,E_ARG_INCOMPATIBLE_WITH_ARG
... and under Solaris 9 with the Sun Forte 7 (3/02) C compiler with the above
options and -erroff=E_FUNC_HAS_NO_RETURN_STMT. Solaris builds were done
with Heimdal 0.6 and without C-Ares, Hesiod, or krb4.
The following types of issues are addressed in this change:
- Parameters and local variables with the same names as library functions
- Parameters and local variables with the same names as globals
- Declarations for exported global variables missing from headers
- Prototypes for exported functions missing from headers
- Missing 'static' on functions that shouldn't be exported
- Old-style function declarations
- Duplicate declarations
- Type mismatches
- Unused variables and functions
- Uninitialized variables
- Forward references to enums
- Necessary header files not included
- Violations of the aliasing rules, where GCC was able to detect them
- Missing braces on if blocks that might be empty
- Attempts to do pointer arithmetic on pointers of type void *, which
is not permitted in standard C.
- An attempt to pass a function pointer via a void * parameter, which is
not permitted in standard C. Instead, we now pass a pointer to a
structure, which then contains the required function pointer.
- Unnecessary inclusion of <krb5_err.h>, which is already included by
<krb5.h> when the former exists, and might not be protected against
double inclusion, depending on which com_err was used.
- Missing include of <com_err.h>, which was masked by the fact that it is
included by headers generated by e2fsprogs compile_et
- Use of com_err() with a non-constant value in place of the format string,
which in every case was a fixed-size buffer in which a message was built
using sprintf(!). Both the calls to sprintf and the fixed-size buffers
have been removed, in favor of just letting com_err() do the formatting.
- Various cases where X library functions expecting a parameter of type
wchar_t * were instead passed a parameter of type XChar2b *. The two
types look similar, but are not the same and are _not_ interchangeable.
- An overly-simplistic configure test which failed to detect existence of
<term.h> on Solaris, due to not including <curses.h>.
- Using the wrong type for the flags output of krb5_auth_con_getflags()
when building against Heimdal. A configure test is added to detect
the correct type.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows ACLs to grant access based on the IP address of a client
instead of its principal name. This is done using ACL entries with the
syntax "@a.b.c.d". Currently, only IPv4 addresses are supported. A single
entry may match all hosts on a particular subnet by using CIDR notation,
written as @a.b.c.d/nn. If no length is given, 32 is assumed.
Host and principal entries can be freely mixed within the same ACL; the ACL
matches if any entry matches the client. Note that this means that ACLs can
now match unauthenticated clients (however, this does not lift the general
constraint that only authenticated clients can subscribe at all).
Additionally, support for negative ACL entries is added. These entries are
indicated by a leading '!', which may be applied to both principal and host
entries. Negative entries are applied in the style of AFS ACLs; that is,
a matching negative entry overrides any positive entry and thus guarantees
that matching clients will be denied access.
(edited slightly for style by kcr@1TS.ORG)
|
|
|
|
|
|
| |
Fix indentation and remove an inappropriate comment in add_subscriptions(),
both of which were the result of a botched merge a long time ago. The
actual logic was merged correctly and so does not change.
|
|
|
|
|
| |
memset new notice objects in subscr.c (really needed now since all
ZFormat* routines require z_num_hdr_fields to be valid or 0.)
|
|
|
|
| |
To my knowledge, this hasn't been enabled by anyone in ages
|
|
|
|
|
|
|
|
| |
only send one sub per packet in braindump
refactor bdump_send_list_tcp and send_normal_tcp
brain dump can now cleanly receive overlarge encrypted packets
refactor subscr_send_subs and subscr_send_realm_subs
nuke trailing whitespace
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
getsid problem
|
| |
|
| |
|
| |
|
|
|
|
| |
recipient.
|
| |
|
|
|
|
| |
who were trying to subscribe to acl'ed classes they weren't on the acl for.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* prototype updates.
* Fix some memory leaks.
* Better interrealm support:
- subscr_subscribe and add_subscriptions need to know what server
requests are coming from.
- pay attnetion to when we have no more local users listening to a
foreign sub and unsubscribe.
- Remove unused code.
- Call realm_handoff with correct client info.
- Add routine to resend our idea of subs in a remote realm to that
realm.
|
| |
|
|
|
|
|
| |
tab. The old dump format was written for when we grouped clients by host
manager.
|
|
|
|
|
| |
and rename client_which_client() to client_find() and make the second
argument a port instead of a notice.
|
| |
|
|
|
|
| |
detailed change information.
|
|
|
|
| |
been eliminated.
|
| |
|
|
|
|
|
| |
in critical code, and let the main loop deal with the flag being set.
This saves on context switches into the kernel for this rare condition.
|
|
|
|
| |
Encrypt user session keys during server-server updates
|
| |
|
| |
|
|
|
|
| |
and still maintain sort order.
|
|
|
|
|
|
| |
always increment reference counts when dup'ing zstrings.
fix calls to compare_subs to take new do_wildcard arg
added additional logic to compare_subs to deal with wildcards
|
| |
|
|
|
|
| |
for "zctl ret": verify authenticity of client.
|
|
|
|
|
|
|
| |
preprocessing problems.
(subscr_copy_def_subs): Recompute the hash value for the destination.
(subscr_match_list): Create ZString objects when needed, not before.
(subscr_cancel): Don't assume subscription listss are ordered.
|
| |
|
|
|
|
|
|
|
|
| |
code. This should speed things up quite a bit, but requires that we
be careful with the "bdumping" flag when we turn on concurrency.
Author: tytso.
Auditor: raeburn.
|
|
|
|
|
|
| |
2) make sure the right port number is used for dumping (just in case...
doesn't seem to make a difference, but might explain the xmit xmit
failures to port #0)
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
iui restriction; conditionalized char buf[] on KERBEROS.
|
| |
|
|
|
|
|
|
|
| |
We want the pointers to be into static (well, pseudo-static) storage
so the caller only needs to free the subscription chain.
(besides, extract_subscription has stuff point into the middle of a packet
anyway)
|
| |
|