Ken Raeburn [Tue, 14 Mar 2000 16:13:53 +0000 (16:13 +0000)]
* sock2p.c: New file.
(inet_ntop): Define if system doesn't provide it.
(sockaddr2p): New function.
* Makefile.in (SRCS, OBJS): Add sock2p.
* kdc_util.h (inet_ntop, sockaddr2p): Declare them.
* network.c (add_fd): New function. Reallocate udp_port_fds array as needed
here.
(setup_port): Use add_fd to record new sockets. Use inet_ntop unconditionally.
Disable ipv6 support until process_packet and friends will support it.
(process_packet): Ignore ECONNREFUSED when reading UDP packets. Fill in port
field of faddr properly, dependent on address family. Use sockaddr2p when
logging source address.
Tom Yu [Wed, 1 Mar 2000 12:51:11 +0000 (12:51 +0000)]
* aclocal.m4: Tweak the HPUX shared lib build some more. Don't
use $(INSTALL_PROGRAM) for shared libs, since it strips them! We
should fix this at some point.
Tom Yu [Wed, 1 Mar 2000 10:42:16 +0000 (10:42 +0000)]
* main.c: Move kdc_initialize_rcache() to kdc_util.c
* kdc_util.c (kdc_initialize_rcache): Move kdc_initialize_rcache()
back here since it's needed for rtest to work. process_tgs_req()
which is called from rtest needs to call kdc_intiialize_rcache()
and we can't very well link rtest with main.o
* kdc_preauth.c (verify_sam_response): Ooops. Get rc_lifetime
from kdc_util, since it's actually declared there.
Ken Raeburn [Fri, 25 Feb 2000 20:51:59 +0000 (20:51 +0000)]
Fix off-by-one error in previous code, spotted at the last minute.
This is why things weren't working without the loopback addresses,
which showed up last in the list, after the address my client was
trying to use, thus hiding the error.
(I tried to abort the previous checkin, but cvs went ahead with it
despite the "editor session failed" report...hm.)
Ken Raeburn [Fri, 25 Feb 2000 20:46:35 +0000 (20:46 +0000)]
Patches from Alec Peterson, plus some work of my own, to let a multihomed
KDC respond to requests from the same IP address that the requests were sent
to.
**N.B. This will perform worse in the case of addresses dynamically added
and removed after the KDC has started, since it will be incapable of using
any new addresses.
I'm unclear on why the loopback interface address needs to be included in
the list of addresses. Apparently, on NetBSD-current, if it's not, packets
sent to other local addresses but over the loopback interface are queued but
not received?? Needs further investigation; could just be a NetBSD bug.
* configure.in: Invoke KRB5_SOCKADDR_SA_LEN.
* network.c: Include <sys/ioctl.h>, <syslog.h>, <net/if.h>.
(foreach_localaddr): New function, copied from
lib/krb5/os/localaddr.c. Tweaked to not exclude loopback
interface.
(NEED_SOCKETS): Define before including k5-int.h.
(n_sockets): New variable.
(setup_port): New function; creates listening udp ports given an
address.
(setup_network): Call foreach_localaddr to set up listening
sockets on each local address, so we can always respond from the
receiving address.
(listen_and_process): Use n_sockets as upper bound of loop.
Ken Raeburn [Fri, 25 Feb 2000 20:27:43 +0000 (20:27 +0000)]
Separate interface address processing from Kerberos-related functions.
* localaddr.c (foreach_localaddr): Broken out from old krb5_os_localaddr.
Iterates over all active interface addresses, invoking callback functions;
knows nothing about Kerberos.
(count_addrs, allocate, add_addr): New callback functions.
(krb5_os_localaddr): Use the above.
Tom Yu [Wed, 23 Feb 2000 05:18:48 +0000 (05:18 +0000)]
* kpasswd.0/changing.exp: Add a sleep to avoid a race with the
setup script. If this isn't here, it is possible that the initial
change of pol2's password may happen too soon.
Ken Raeburn [Mon, 21 Feb 2000 21:38:01 +0000 (21:38 +0000)]
from Bear Giles:
* alt_prof.c (krb5_read_realm_params): Permit realm supported enctypes to be
unspecified, letting the KDC produce defaults. Don't look up enctypes at all
if an error is to be returned.
Tom Yu [Sat, 19 Feb 2000 01:57:07 +0000 (01:57 +0000)]
* keytab.c (add_usage): Update usage message.
(kadmin_keytab_add): Update to deal with explicit keysalt lists.
(add_principal): Update to deal with explicit keysalt lists.
* kadmin.c (kadmin_cpw): Add support for new api.
(kadmin_parse_princ_args): Add support for new api, particularly
-keepold to keep old keys around and -e to explicitly specify
key-salt tuples.
(kadmin_addprinc_usage): Update usage accordingly.
(kadmin_addprinc): Add support for new api.
(kadmin_modprinc): Update to call new parse_princ_args reasonably.
Tom Yu [Thu, 17 Feb 2000 00:33:38 +0000 (00:33 +0000)]
* auth_gssapi.c (auth_gssapi_create): Free call_res because
xdr_authgssapi_init_res can potentially allocate memory. Perhaps
clnt_call should really deal with this, though. It is not at all
clear whether clnt_call or svc_getargs should actually end up
freeing allocated memory themselves.
* svc_auth_gssapi.c (_svcauth_gssapi): Call gssrpc_xdr_free() if
xdr_authgssapi_creds() or xdr_authgssapi_init_arg() fails.
* auth_gssapi_misc.c (xdr_authgssapi_creds):
(xdr_authgssapi_init_arg):
(xdr_authgssapi_init_res): Revert prior change. The caller should
be the one dealing. Additionally, it was probably wrong to
unconditionally free the object regardless of whether the mode is
XDR_DECODE.
(auth_gssapi_unwrap_data): Use temp_xdrs rather than in_xdrs to
force XDR_FREE operation.
Danilo Almeida [Wed, 16 Feb 2000 21:11:07 +0000 (21:11 +0000)]
* kinit.c: Nicer usage message. Better checking for illegal
options. Do not output error when doing Kerberos 4 if we will be
trying 524 afterwards. Add hooks for future support for
specifying the Kerberos 4 cache name. Fix GET_PROGNAME macro to
properly return program name under Win32. Re-indent, turning
spaces that should be tabs into tabs.
* kinit.M: Document new Kerberos 4 kinit behavior.
Ken Raeburn [Wed, 16 Feb 2000 18:29:50 +0000 (18:29 +0000)]
* preauth2.c (pa_sam): In send-encrypted-sad mode, check for magic salt length
and generate a salt from the principal name if found; use the password and salt
to generate a key. Provide timestamp if nonce is zero, regardless of preauth
mode. (Patch from Chas Williams.)
Ken Raeburn [Wed, 16 Feb 2000 08:35:46 +0000 (08:35 +0000)]
* localaddr.c (krb5_os_localaddr): Dynamically grow buffer used for SIOCGIFCONF
until it appears to have been big enough. Dynamically grow internal address
pointer array as needed.
Tom Yu [Tue, 15 Feb 2000 05:12:30 +0000 (05:12 +0000)]
* svc.c (xprt_register): Zero out xports after allocating
* auth_gssapi_misc.c (xdr_authgssapi_creds):
(xdr_authgssapi_init_arg):
(xdr_authgssapi_init_res):
(auth_gssapi_unwrap_data): If xdr_gss_buf or xdr_bytes fails, call
again with XDR_FREE set so that allocated memory doesn't leak.
Tom Yu [Mon, 14 Feb 2000 00:07:10 +0000 (00:07 +0000)]
Add client-side stubs and functions with additional capabilities to
take key_salt_tuples and optionally keep old keys around. Add
server-side functionality for setkey with key_salt_tuple and "keepold"
functionality. Update rpc stubs and xdr functions/headers
appropriately.
Tom Yu [Tue, 8 Feb 2000 05:28:12 +0000 (05:28 +0000)]
* api.1/lock.exp: Since a "wait" directive to the command list of
the lock_test procedures does not wait for any synchronization,
change lock9 to acquire and release a lock before the "wait"
directive in order to avoid a race condition where lock9 spawns
the ./lock-test but the program has not opened the database prior
to lock9_1 acquiring a permanent lock. This was causing
difficult-to-reproduce failures.
Tom Yu [Mon, 7 Feb 2000 23:51:13 +0000 (23:51 +0000)]
* config/unix.exp: Call send_error instead of fail to prevent
referencing variables not yet set up by the test framework.
* lib/helpers.exp: Call kinit and kdestroy with the -5 flag to
deal with new program behavior. Also call perror rather than
error to avoid spewing a stack trace.
projects / thirdparty / krb5.git / log
