Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | ZCheckSrvAuthentication: fix auth context leak | Jeffrey Hutzelman | 2012-11-24 |
| | | | | | Fix a leak in which we fail to free a Kerberos authentication context in ZCheckSrvAuthentication if getting or setting the context flags fails. | ||
* | server: avoid blocking in tkt_lookup() | Derrick Brashear | 2012-11-24 |
| | | | | | | | | | | tkt_lookup() is supposed to quickly obtain a ticket for a foreign realm if we already have a usable one, and quickly fail otherwise. Sending a request to a KDC and waiting for a response, as krb5_get_credentials() may do, defeats the purpose of tkt_retrieve() retrying failed requests in the background. So, use krb5_cc_retrieve_cred() instead. Extracted from Andrew zephyr/063 | ||
* | Initialize notice objects | Chaskiel Grundman | 2012-11-24 |
| | | | | | memset new notice objects in subscr.c (really needed now since all ZFormat* routines require z_num_hdr_fields to be valid or 0.) | ||
* | Strip the authentication in realm_sendit | Chaskiel Grundman | 2012-07-16 |
| | | | | | | | | realm_sendit is responsible for sending notices that do not have useful realm authentication, either because they are not authentic, or because of kerberos problems acquiring a ticket for the foreign zephyr realm. In either case, any authentication in the notice will not be usable to the foreign server, and ought to be stripped out. | ||
* | Actually remove the #ifdef OLD_COMPAT and NEW_COMPAT code | Karl Ramm | 2012-02-11 |
| | | | | To my knowledge, this hasn't been enabled by anyone in ages | ||
* | log old-style checksum mismatches too | Karl Ramm | 2012-01-25 |
| | |||
* | fix some formatting and whitespace bogons | Karl Ramm | 2012-01-25 |
| | |||
* | Try and log more on authentication failures. | Karl Ramm | 2012-01-25 |
| | |||
* | New version propagation to replace keyword substitution, part 1 | Karl Ramm | 2011-11-25 |
| | |||
* | realm_auth_sendit_nacked fixups | Chaskiel Grundman | 2011-11-18 |
| | | | | | | | | | | In addition to the packet length problem discussed last night, the realm_auth_sendit_nacked refactor also had a cut-n-paste error. In the unfragmented case, it passed in partnotice.z_uid instead of newnotice.z_uid. In that branch of the if, partnotice is uninitialized... My (derrick's) servers are no longer constantly complaining (in new debug code) that realm_nack_cancel couldn't find the nack to dequeue, so I think I'm done with this problem. | ||
* | It is not the 80s anymore, so we have a printf directive for pointers | Karl Ramm | 2011-10-23 |
| | |||
* | Retool our use of configure such that we track it like everyone else does | Karl Ramm | 2011-10-23 |
| | | | | | i.e. don't keep generated or foreign stuff in our source tree. As a side effect, this lets us use a libtool, etc. from this century | ||
* | It is still not the 80s anymore -- remove all caddr_ts | Karl Ramm | 2011-02-02 |
| | |||
* | syslogging for evety tcp-ized packet slows things down too much | Karl Ramm | 2010-12-19 |
| | |||
* | Fix typo | Karl Ramm | 2010-12-19 |
| | |||
* | Drop stale code for long-lost debugging malloc. | Karl Ramm | 2010-12-19 |
| | |||
* | remove a stupid cpp trick | Karl Ramm | 2010-12-19 |
| | |||
* | Restate error table dependencies such that make -j doesn't trip over itself | Karl Ramm | 2010-11-06 |
| | | | | (thanks to wthrowe@mit.edu) | ||
* | Have the makefiles support explicit target directories properly, courtesy ↵ | Karl Ramm | 2010-11-06 |
| | | | | wthrowe@mit.edu | ||
* | clean up realm_sendit_auth | Karl Ramm | 2010-11-06 |
| | |||
* | Clean up xmit | Karl Ramm | 2010-08-24 |
| | |||
* | A argument for not doing a "quick change" at 3am. (braino, fixes previous) | Karl Ramm | 2010-08-24 |
| | |||
* | Don't leak memory when refragmenting sketchy packets. | Karl Ramm | 2010-08-24 |
| | |||
* | stop using MAXHOSTNAMELEN in a variety of places. Also ↵ | Karl Ramm | 2010-08-24 |
| | | | | nuke-trailing-whitespace. | ||
* | Don't use MAXPATHLEN anymore. | Karl Ramm | 2010-08-24 |
| | | | | | | | Some systems don't have it, having shaken off the shackles of fixed lengths. Unfortunately rewriting these things "right" in a fashion portable to unembraced-and-extended C libraries is aggravating. So do it wrong until we decide to bite the bullet and demand glib. | ||
* | Fix a leak if ZNewFormatSmallRawNotice fails. (thanks to nelhage@mit.edu for ↵ | Karl Ramm | 2010-08-22 |
| | | | | noticing) | ||
* | Don't crash if the header mysteriously gets too big. (Thanks to ↵ | Karl Ramm | 2010-08-22 |
| | | | | nelhage@mit.edu for noticing) | ||
* | Fix some formatting, and add some paranoia about oversized headers. | Karl Ramm | 2010-08-22 |
| | | | | (Thanks to nelhage@mit.edu for noticing the formatting problem) | ||
* | fix subscriptions-too-wide-breaks-braindump problem | Karl Ramm | 2010-07-28 |
| | | | | | | | | only send one sub per packet in braindump refactor bdump_send_list_tcp and send_normal_tcp brain dump can now cleanly receive overlarge encrypted packets refactor subscr_send_subs and subscr_send_realm_subs nuke trailing whitespace | ||
* | Fix getting data out of gethostbyname; should fix #69 | Karl Ramm | 2010-07-28 |
| | |||
* | It is the twenty-first century, we don't need #ifdef ladders anymore. | Karl Ramm | 2010-03-17 |
| | |||
* | Refactor error handling slightly in get_tgt | Karl Ramm | 2009-08-27 |
| | | | | | (which coincidentally keeps us from reporting the wrong function with an error code) | ||
* | get_tgt() should not fail if built krb5-only and it can't find a des key | Karl Ramm | 2009-08-27 |
| | | | | Also clean up some indentation and add error logging. | ||
* | For now check incoming interrealm stuff with both keyusages because it | Karl Ramm | 2009-08-27 |
| | | | | turns out that derived-key stuff actually worked if you were using heimdal. | ||
* | krb5_init_keyblock is ugly and I'm not sure what it's doing there anyway | Karl Ramm | 2009-08-22 |
| | |||
* | Fix a casefolding bug. [64-bit] | Karl Ramm | 2009-08-22 |
| | | | | | | | | | | | | | | In valid_utf8_p(), uc was improperly typed and never initialized. On 64-bit systems, this means that success is dependent on previous stack contents. If the upper 32 bits are not zero, the null terminator is not caught and the function continues reading past the end of the string until: 1) Invalid UTF-8 is encountered 2) An invalid unicode codepoint is encountered. 3) segfault 1 and 2 are much more likely, but 3 is a danger. | ||
* | ZCheckSrvAuthentication says "YES", "NO", or "FAILED" | Karl Ramm | 2009-08-10 |
| | |||
* | it is the TWENTY-FIRST CENTURY, we can STOP USING K&R | Karl Ramm | 2009-08-09 |
| | |||
* | change the prototype variable name "class" to match the actual function ↵ | Karl Ramm | 2009-08-09 |
| | | | | "class_name" | ||
* | if not HAVE_KRB5_C_DECRYPT, there's no krb5_enc_data type, and oh, look we ↵ | Karl Ramm | 2009-08-09 |
| | | | | don't use din anyway | ||
* | Factor out code that extacts a sockaddr_in from a notice (and stop using the | Karl Ramm | 2009-07-29 |
| | | | | | | | deprecated sender_addr macro.) Actually remove the code from realm.c:real_dispatch because nothing was using the result. Ran nuke-trailing-whitespace on all the files I touched, as usual. | ||
* | Refactor ZCheckRealmAuthentication into ZCheckSrvAuthentication. | Karl Ramm | 2009-07-27 |
| | | | | (also fiddle around with what krb4 checksums are available in krb5-only land) | ||
* | Refactor some gratuitously duplicated code in handle_packet | Karl Ramm | 2009-07-26 |
| | |||
* | Remove the chock wedging things into DES mode and hopefully redo the ↵ | Karl Ramm | 2009-07-26 |
| | | | | | | keyusage stuff such that it actually works. | ||
* | Build on solaris | Karl Ramm | 2009-07-14 |
| | |||
* | zephyr.h will pull in zephyr_err.h will pull in com_err.h without having to ↵ | Karl Ramm | 2009-07-13 |
| | | | | figure out where it is | ||
* | fix some conditional-compilation issues that trip -Wunreachable-code | Karl Ramm | 2009-04-30 |
| | |||
* | use less oddball types | Karl Ramm | 2009-04-21 |
| | |||
* | For now, host managers have IPv4 addresses. | Karl Ramm | 2009-04-19 |
| | | | | | | | Really, it almost terrifies me that servers have probably been sending shutdown messages to stack-garbage address families for the past two decades | ||
* | Clean up $Zephyr$s | Karl Ramm | 2009-04-14 |
| |