summaryrefslogtreecommitdiffstats
path: root/src/lib/krb5/os/hst_realm.c
Commit message (Collapse)AuthorAgeFilesLines
* Move utility functions to hostrealm.cGreg Hudson2013-08-151-168/+0
| | | | | | | Move the remaining internal functions from hst_realm.c to hostrealm.c, and get rid of hst_realm.c. ticket: 7687
* Use hostrealm interface for realm mappingGreg Hudson2013-08-151-253/+2
| | | | | | | | | Reimplement krb5_get_host_realm, krb5_get_fallback_host_realm, and krb5_get_default_realm in terms of the hostrealm interface. Three built-in modules (dns, domain, and profile) implement the current behavior. ticket: 7687
* Add trace logging for TXT lookupsGreg Hudson2013-08-121-1/+1
| | | | | | Rename krb5_try_realm_txt_rr (an internal function despite the name) and add a context parameter. Generate trace logs when we successfully look up a record and when a record is not found.
* Tighten up fixed buffer usage in hst_realm.cGreg Hudson2013-04-101-9/+10
| | | | Avoid or notice truncations, rather than letting them happen silently.
* Allow numeric addresses as service hostnamesGreg Hudson2013-04-091-47/+66
| | | | | | | | | | | | | | | | Since krb5 1.3, krb5_get_host_realm (and therefore krb5_sname_to_principal) has refused hostnames which appear to be numeric addresses--with the exception of 1.6, which was ignoring errors from clean_hostname. In specialized environments, it may be desirable to use IP addresses in service principal names, and there's no compelling reason for us to get in the way of that. Move the numeric address check out of k5_clean_hostname into a new helper function, and simply skip the domain-based mechanisms if it returns true. Factor out the [domain_realm] search into a second new helper function to make it easier to skip. ticket: 7603 (new)
* Update hst_realm.c coding styleGreg Hudson2013-04-091-337/+236
| | | | | Bring this file up to date with current coding style. No functional changes, except some trace logs were removed.
* Move a bunch of stuff out of k5-int.hGreg Hudson2013-03-241-7/+7
| | | | | | | | | Move internal declarations from k5-int.h to more localized headers (like int-proto.h) where appropriate. Rename many symbols whose prototypes were moved to use the k5_ prefix instead of krb5int_. Remove some unused declarations or move them to the single source file they were needed in. Remove krb5_creds_compare since it isn't used any more.
* Get rid of krb5_{get,free}_krbhstGreg Hudson2013-03-221-2/+8
| | | | | These functions were always internal. They haven't been used since v5passwdd was eliminated in krb5 1.4.
* Remove broken clean_hostname trace messagesGreg Hudson2012-11-251-2/+0
| | | | | | | | | | | | The trace messages in krb5int_clean_hostname were outputting the entire contents of the output buffer (mostly uninitialized garbage) into the trace log. Since these messages were essentially redundant with messages in the callers, and were arguably at too low of a level to begin with, simply remove them. ticket: 7459 (new) target_version: 1.11 tags: pullup
* Fix typo in previous change to get_fq_hostnameTom Yu2012-07-031-1/+1
| | | | ticket: 7086
* Fix a minor memory leak in get_fq_hostnameArlene Berry2012-07-031-1/+3
| | | | ticket: 7086
* Convert DEBUG_REFERRALS to TRACE_* frameworkW. Trevor King2012-05-231-24/+9
| | | | | | | | | The referrals debugging code under DEBUG_REFERRALS ceased building correctly at some point. Convert this debugging code to use the tracing framework instead, including adding new trace macros to k5-trace.h. ticket: 7151
* Use AI_ADDRCONFIG for more efficient getaddrinfoGreg Hudson2011-06-231-1/+1
| | | | | | | | | | | | | | | Add AI_ADDRCONFIG to the hint flags for every invocation of getaddrinfo which wasn't already using it. This is often the default behavior when no hints are specified, but we tend to specify hints a lot, so we have to say it ourselves. AI_ADDRCONFIG causes AAAA lookups to be skipped if the system has no public IPv6 interface addresses, usually saving a couple of DNS queries per getaddrinfo call and allowing DNS caching to be much more effective without the need for negative caching. ticket: 6923 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24978 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-091-11/+10
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Defer hostname lookups in krb5_sendto_kdcGreg Hudson2011-02-131-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Restructure the locate_kdc and sendto_kdc code to defer getaddrinfo calls until we need the answer. This requires many changes: * struct addrlist is now called struct serverlist, and is declared in os-proto.h instead of k5-int.h. It contains an array of struct server_entry structures which can hold either a name or an address. (Address entries are used for locate_kdc module results.) * The connection state list is now a linked list, and holds address information directly instead of using a struct addrinfo (this simplifies memory management). Each connection entry contains a callback buffer (previously stored in a separate array) and an index into the server list. * The {addrstate} trace formatting primitive is no longer needed, and has been replaced by {connstate}. There is also a new tracing event for resolving hostnames. * locate_server, locate_kdc, free_serverlist, and sendto get their prefixes changed from krb5int_ to k5_ as their prototypes were being adjusted anyway. The family argument is gone from the locate functions as it was never productively used. k5_sendto now receives the socket types of interest. * krb5_sendto_kdc will now pass a 0 socktype to k5_locate_kdc if both socket types are wanted. There were some allowances for this in locate but this was never previously done. In order to be conservative when invoking locate modules, we always pass an explicit socktype, thus calling lookup twice (as we did before, albeit with a separate init/fini cycle) in the common case. When creating hostname entries in serverlist from profile configuration, we preserve the 0 value of socktype, and later create both TCP and UDP addresses from the getaddrinfo results when the host is resolved. * Some accessor functions previously used by libkrb4 have been removed as they impinged upon this work. ticket: 6868 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24635 dc483132-0cff-0310-8789-dd5450dbe970
* Fix Windows buildGreg Hudson2010-11-251-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Repair the Windows build. Tested with the prepare-on-Unix method. Some specific changes include: * Removed the IPC finalizer (no longer used after r20787) from ccapi/lib/ccapi_ipc.c, as it was creating a difficult dependency chain for the pingtest build in ccapi/test. Also updated pingtest to use the k5_ipc_stream interfaces since cci_stream is gone. * Reverted the apparently non-functional r20277. * klist -V prints just "Kerberos for Windows", since it has no access to PACKAGE_NAME and PACKAGE_VERSION from autoconf. This should be addressed correctly. * krb5, telnet, gssftp, and NIM are removed from the build. * Some files had CRLFs; these were replaced with LFs and the svn:eol-style property set on the files. Otherwise the CRLFs became CRCRLFs after the zip transfer. * Windows does not have opendir/readdir, so added Windows code to prof_parse.c for includedir. Probable fodder for a libkrb5support portability shim. ticket: 6826 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24533 dc483132-0cff-0310-8789-dd5450dbe970
* For the better code modularity keep some "free" routines closer to the ↵Zhanna Tsitkov2010-01-041-6/+22
| | | | | | resource allocators. Also, reindent cleanup in the touched files git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23576 dc483132-0cff-0310-8789-dd5450dbe970
* Code modularity related updatesZhanna Tsitkov2009-12-231-73/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23484 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-311-154/+155
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Coverity was nervous that hst_realm.c's domain_heuristic() wasn'tGreg Hudson2009-02-051-10/+10
| | | | | | | | | checking for a NULL return from strchr. The code was safe because a previous call to strchr on the same argments was checked, but make Coverity less nervous by storing the result of that previous call and reusing it. Also make the function conform better to our standards. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21891 dc483132-0cff-0310-8789-dd5450dbe970
* Use macros for config parametersZhanna Tsitkov2009-02-041-3/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21879 dc483132-0cff-0310-8789-dd5450dbe970
* Check the return code from krb5int_clean_hostname as the sanity ↵Zhanna Tsitkov2009-01-121-3/+7
| | | | | | verification of the hostname might fail git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21724 dc483132-0cff-0310-8789-dd5450dbe970
* Revert r21589, and export krb5_get_fallback_host_realm insteadGreg Hudson2008-12-291-3/+12
| | | | | | | | | | | | | | Rationale: Zephyr and AFS both use the Kerberos realm name as the name of the service realm (AFS realm or Zephyr galaxy). AFS can grab the Kerberos realm from the ticket being aklogged, but Zephyr is not necessarily getting credentials at all (you could be sending an unauthenticated message), and currently finds its answer by looking up the realm of the server host. Although we can't currently provide an accurate result for this lookup in the presence of referrals, we do need to provide enough tools to get as good of an answer as libzephyr could have gotten before referrals went in. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21631 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up krb5_get_fallback_host_realm in two respects:Greg Hudson2008-12-241-12/+3
| | | | | | | | | | | | 1. It isn't exported from libkrb5 (and no one seems to complain about that). So give it a krb5int_ name and move its declaration to k5-int.h. Also stop exporting it from the collected client lib. 2. It returned a list of realms, but its only caller assumes that the list contains exactly one realm. So just make it return a single realm. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21589 dc483132-0cff-0310-8789-dd5450dbe970
* Add a new fallback host-to-realm heuristic to try the components of theGreg Hudson2008-12-241-56/+127
| | | | | | | | | | | hostname as domains. The heuristic is off by default and is controlled by the realm_try_domains variable under libdefaults. Based on a patch submitted by Mark Phalan from Sun. ticket: 6031 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21588 dc483132-0cff-0310-8789-dd5450dbe970
* Rename krb5int_buf_cstr to krb5int_buf_data, since k5bufs can be usedGreg Hudson2008-11-051-1/+1
| | | | | | | | | | | for binary data as well as C string data. The buffer will always have a null byte at krb5int_buf_len bytes regardless of whether it contains C string data. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21003 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of strcpy/strcat (and sometimes sprintf) to acceptedGreg Hudson2008-11-051-10/+10
| | | | | | | | | string-handling functions. ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21001 dc483132-0cff-0310-8789-dd5450dbe970
* Use strlcpy instead of strcpy in many placesGreg Hudson2008-10-241-2/+1
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20919 dc483132-0cff-0310-8789-dd5450dbe970
* Use strdup in place of malloc/strcpy in many placesGreg Hudson2008-10-201-6/+3
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
* Avoid use of unchecked sprintf in libraries. Use asprintf if theKen Raeburn2007-07-121-1/+2
| | | | | | | output buffer is allocated according to the size of data to be written, or snprintf otherwise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19703 dc483132-0cff-0310-8789-dd5450dbe970
* EAI_NODATA deprecated, not always definedKen Raeburn2007-04-091-1/+5
| | | | | | | | | | | | | | | | Brian Kantor reports (on the kerberos@mit list today) that krb5-1.6 doesn't build on FreeBSD 6.1 because they've done away with EAI_NODATA, which was removed from the getaddrinfo API in RFC 3943. This patch conditionalizes two tests for EAI_NODATA on the macro being defined, and also adds handling for EAI_OVERFLOW, a new error code added in RFC 3943. ticket: new tags: pullup target_version: 1.6.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19410 dc483132-0cff-0310-8789-dd5450dbe970
* Remove all unused variable warnings from treeEzra Peisach2006-10-151-2/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18712 dc483132-0cff-0310-8789-dd5450dbe970
* Set the canonicalize flag in TGS requests and accept cross-realm referral ↵Sam Hartman2006-09-211-86/+191
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | tickets. We do not yet accept tickets in which the server name changes. * krb5_sname_to_principal: If there is no domain realm mapping return null realm *krb5_get_cred_via_tkt: New behavior as described below 1) the referrals case: - check for TGT for initial realm - if a remote realm was specified (which must have happened via a domain_realm mapping), obtain a TGT for it the standard way and start with that. - use client realm for server if not specified - iterate through this loop: - request ticket with referrals turned on - if that fails: - if this was the first request, punt to non-referrals case - otherwise, retry once without referrals turned on then terminate either way - if it works, either use the service ticket or follow the referral path - if loop count exceeded, hardfail 2) the nonreferrals case - this is mostly the old walk_realm_tree TGT-finding (which allows limited shortcut referrals per 4120) followed by a standard tgs-req. - originally requested principal is used for this, although if we were handed something without a realm, determine a fallback realm based on DNS TXT records or a truncation of the domain name. ticket: 2652 Owner: amb git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18598 dc483132-0cff-0310-8789-dd5450dbe970
* Change a bunch of calls to ctype macros (those cited by Jeff, and aKen Raeburn2006-06-161-4/+4
| | | | | | | | few others) to cast the character values to unsigned char. ticket: 3445 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18156 dc483132-0cff-0310-8789-dd5450dbe970
* Delete definitions of unused macros NEED_SOCKETS and NEED_LOWLEVEL_IOKen Raeburn2005-04-131-1/+0
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@17177 dc483132-0cff-0310-8789-dd5450dbe970
* * hst_realm.c: provide definition for MAXDNAME ifJeffrey Altman2004-10-011-1/+6
| | | | | | | | KRB5_DNS_LOOKUP is not defined. ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16795 dc483132-0cff-0310-8789-dd5450dbe970
* Add DNS resolver glue layer. Use itTom Yu2004-09-211-144/+38
| | | | | | ticket: 2710 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16769 dc483132-0cff-0310-8789-dd5450dbe970
* * dnssrv.c:Tom Yu2004-09-141-0/+1
| | | | | | | | * hst_realm.c: * locate_kdc.c: Include netinet/in.h as a prerequisite for resolv.h. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16753 dc483132-0cff-0310-8789-dd5450dbe970
* * dnssrv.c (krb5int_make_srv_query_realm) [HAVE_RES_NSEARCH]: Use res_nsearchKen Raeburn2004-07-041-0/+28
| | | | | | | instead of res_search. * hst_realm.c (krb5_try_realm_txt_rr) [HAVE_RES_NSEARCH]: Likewise. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@16541 dc483132-0cff-0310-8789-dd5450dbe970
* Thanks, (corrected) patch appliedTom Yu2002-10-151-1/+1
| | | | | | | | | | | | * hst_realm.c (krb5_try_realm_txt_rr): Apply patch from Nalin Dahyabhai to bounds-check return value from res_search(). * locate_kdc.c (krb5_locate_srv_dns_1): Apply patch from Nalin Dahyabhai to bounds-check return value from res_search(). ticket: 1216 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14928 dc483132-0cff-0310-8789-dd5450dbe970
* protoizeKen Raeburn2002-09-031-10/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14816 dc483132-0cff-0310-8789-dd5450dbe970
* update copyright datesKen Raeburn2002-07-091-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14622 dc483132-0cff-0310-8789-dd5450dbe970
* * hst_realm.c (krb5_get_host_realm): Return KRB5_ERR_NUMERIC_REALM if theKen Raeburn2002-07-091-0/+22
| | | | | | hostname is a numeric-address form. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14619 dc483132-0cff-0310-8789-dd5450dbe970
* * locate_kdc.c (translate_ai_error), hst_realm.cDanilo Almeida2002-04-111-0/+6
| | | | | | | (krb5int_translate_gai_error): Test some EAI_ error definitions so that we will also build correctly on Win32 (Winsock 2). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14377 dc483132-0cff-0310-8789-dd5450dbe970
* Change approach for getaddrinfo support. Now, only fake-addrinfo.h isKen Raeburn2002-03-261-1/+0
| | | | | | | | | | | | included, no magic macros need to be defined, and no special care needs to be taken to identify a unique object file used in all builds of a library/program. All defined functions (if any) are static in each object file, and declared inline under gcc so they can be more easily eliminated. Simplifies maintenance, and worst case should add no more than a few KB to libraries and programs. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14291 dc483132-0cff-0310-8789-dd5450dbe970
* * hst_realm.c (EAFNOSUPPORT): On Windows, translate to WSAEAFNOSUPPORTKen Raeburn2002-01-091-0/+5
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14104 dc483132-0cff-0310-8789-dd5450dbe970
* Split out code for getting canonical name of local host, change it to useKen Raeburn2002-01-091-16/+76
| | | | | | | getaddrinfo, and make both sites call the new function. Added new error codes to report getaddrinfo failures that don't translate to standard errno codes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14100 dc483132-0cff-0310-8789-dd5450dbe970
* Danilo also says we can get rid of _MSDOS (Win16) tests, and explicit ↵Ken Raeburn2001-10-061-2/+2
| | | | | | FAR/NEAR specs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13786 dc483132-0cff-0310-8789-dd5450dbe970
* Danilo says we can get rid of the DLLIMP stuff nowKen Raeburn2001-10-041-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13775 dc483132-0cff-0310-8789-dd5450dbe970
* * sn2princ.c (krb5_sname_to_principal): Cast tolower argument to intEzra Peisach2001-07-061-2/+2
| | | | | | | * hst_realm.c (krb5_get_host_realm): Cast argument to toupper and tolower to int. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13576 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-28 03:02:13 +0000