| Commit message (Collapse) | Author | Age |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prevent zhm from doing some evil things while it runs (e.g., ptracing)
by implementing a basic seccomp-bpf filter. The filter still allows a
lot of potentially dangerous operations (e.g., unlink(2)), but this is
a good start.
The filter is based partly on a close reading of the zhm and libhesiod
source code and partly on empirical evidence from running zhm under
strace. I’ve run zhm with this filter for several days without
incident, but some edge cases (e.g., server failover) are still
untested.
configure decides whether or not to enable seccomp by looking for
libseccomp. By default, it treats seccomp as an enhancement and enables
it opportunistically. Builders can force seccomp to be enabled or
disabled by passing --with-seccomp or --without-seccomp, respectively,
to configure.
|
| |
|
|
| |
It's sort of nice to be able to build with debugging.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Generate the man pages for zwgc, zctl, zhm, and zephyrd at build time,
so they can refer to the paths actually used instead of whatever was
used on Athena in the 1980's.
|
| |
|
|
|
|
|
| |
When retransmitting a notice after a timeout, just send the original packet
instead of reformatting the notice, which destroys new-style authenticators.
This fixes #92
|
| |
|
|
|
|
|
|
|
|
|
| |
If -N was used, then not only should the hostmanager not send an HM_BOOT
to the first server it contacts; it should also not send one to other
servers it tries when the first one fails to respond. However, it should
consistently send HM_BOOT when coming back from a SIGHUP deactivation
where it has previously sent HM_FLUSH (if you don't want that behavior,
use -f and avoid sending SIGHUP to the hostmanager).
This fixes #88
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Eliminate compiler warnings due to various issues (listed below). This
allows Zephyr to build cleanly under GCC versions ranging from 4.1.0 to
4.7.2 with all of the options shown below:
-g -O2 -Wall -Werror
-Wno-deprecated-declarations
-Wmissing-declarations
-Wpointer-arith
-Wstrict-prototypes
-Wshadow
-Wextra
-Wno-missing-field-initializers
-Wno-unused-parameter
and, on recent versions, -Wunreachable-code
Test builds were done
- On Ubuntu 12.10 (Quantal Quetzal) using both MIT Kerberos 1.10.1 and
Heimdal 1.6, without krb4 and both with and without C-Ares and Hesiod
- On Fedora 14 using Heimdal 0.6, without C-Ares or Hesiod and both
with and without krb4 (KTH Kerberos 1.3rc2)
- On Fedora Core 3, Fedora Core 5, Fedora 7, and Fedora 10, using
Heimdal 0.6 and without C-Ares, Hesiod, or krb4
It also allows clean builds on Solaris 10 under the Sun Studio 12 (9/07)
C compiler with the following options:
-g -fd -v -errfmt -errhdr=%user -errtags=yes -errwarn=%all
-erroff=E_OLD_STYLE_FUNC_DECL,E_ENUM_TYPE_MISMATCH_ARG,E_ARG_INCOMPATIBLE_WITH_ARG
... and under Solaris 9 with the Sun Forte 7 (3/02) C compiler with the above
options and -erroff=E_FUNC_HAS_NO_RETURN_STMT. Solaris builds were done
with Heimdal 0.6 and without C-Ares, Hesiod, or krb4.
The following types of issues are addressed in this change:
- Parameters and local variables with the same names as library functions
- Parameters and local variables with the same names as globals
- Declarations for exported global variables missing from headers
- Prototypes for exported functions missing from headers
- Missing 'static' on functions that shouldn't be exported
- Old-style function declarations
- Duplicate declarations
- Type mismatches
- Unused variables and functions
- Uninitialized variables
- Forward references to enums
- Necessary header files not included
- Violations of the aliasing rules, where GCC was able to detect them
- Missing braces on if blocks that might be empty
- Attempts to do pointer arithmetic on pointers of type void *, which
is not permitted in standard C.
- An attempt to pass a function pointer via a void * parameter, which is
not permitted in standard C. Instead, we now pass a pointer to a
structure, which then contains the required function pointer.
- Unnecessary inclusion of <krb5_err.h>, which is already included by
<krb5.h> when the former exists, and might not be protected against
double inclusion, depending on which com_err was used.
- Missing include of <com_err.h>, which was masked by the fact that it is
included by headers generated by e2fsprogs compile_et
- Use of com_err() with a non-constant value in place of the format string,
which in every case was a fixed-size buffer in which a message was built
using sprintf(!). Both the calls to sprintf and the fixed-size buffers
have been removed, in favor of just letting com_err() do the formatting.
- Various cases where X library functions expecting a parameter of type
wchar_t * were instead passed a parameter of type XChar2b *. The two
types look similar, but are not the same and are _not_ interchangeable.
- An overly-simplistic configure test which failed to detect existence of
<term.h> on Solaris, due to not including <curses.h>.
- Using the wrong type for the flags output of krb5_auth_con_getflags()
when building against Heimdal. A configure test is added to detect
the correct type.
|
| | |
|
| |
|
|
|
| |
i.e. don't keep generated or foreign stuff in our source tree.
As a side effect, this lets us use a libtool, etc. from this century
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
wthrowe@mit.edu
|
| |
|
|
| |
nuke-trailing-whitespace.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
Rearrange what libraries get pulled in where, so dpkg-shlibdeps
doesn't whine (see a theme here?) (Also so that, say, znol, doesn't
have to link with Everything.)
This will break platforms that don't do shared-library dependencies.
|
| |
|
|
| |
getsid problem
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
(When removing a packet from the queue.)
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
Lots of cleanup necessary for this change.
|
| |
|
|
| |
autoconf-specified directory later.
|
| |
|
|
|
| |
used to do that; it got lost when we went from alarm to select.)
Otherwise we punt our subs every time we switch servers.
|
| | |
|
| |
|
|
| |
doesn't accidentally get reset in new_server().
|
| | |
|
| | |
|
| |
|
|
| |
Rip out support for in-tree com_err.
|
| | |
|
| |
|
|
| |
detailed change information.
|
| |
|
|
|
|
|
| |
three things to resent_notices(): makes sure the while loop makes
progress even when there's a packet whose timeout hasn't been reached,
doesn't gratuitously reset timeout_type to NOTICES if we called
new_server(), and doesn't reset the alarm if we called new_server().
|
| |
|
|
| |
schedule.
|
| |
|
|
| |
-lhesiod unless specified.
|
| | |
|
| | |
|
Benjamin Barenblat
Jeffrey Hutzelman
Karl Ramm
Karl Ramm
Greg Hudson
Garry Zacheiss
Dan Winship