summaryrefslogtreecommitdiffstats
path: root/src/lib/rpc
Commit message (Collapse)AuthorAgeFilesLines
* make dependGreg Hudson2014-07-081-9/+13
|
* Include autoconf.h before system headersGreg Hudson2014-07-0810-27/+10
| | | | | | | | | Include autoconf.h (either directly or via proxy) before system headers, so that feature test macros defined there can affect the system namespace. Where include order was changed, eliminate some redundant or unnecessary includes. ticket: 7961
* Avoid using length fields in socket addressesGreg Hudson2014-07-045-15/+0
| | | | | | | | | | | | Remove code to set or reference the length fields of socket addresses (sa_len/sin_len/sin6_len), since they aren't portable and setting them is not required. Remove autoconf tests for those fields which are no longer used or which were never used. There is one exception: in localaddr.c, we still neeed to reference sa_len for the definition of ifreq_size on platforms which have sa_len. Leave that behind, along with the autoconf test which defines SA_LEN.
* Don't depend on sa_len sockaddr fieldGreg Hudson2014-07-043-3/+3
| | | | | | | In socket-utils.h, replace the socklen macro with an inline function sa_socklen which always uses the address family, even on platforms with the sa_len sockaddr field. This removes the need to set sa_len in socket addresses we construct.
* Fix bugs in bindresvport_sa() changesTom Yu2014-07-022-2/+8
| | | | | | | | | | | In svctcp_create() and svcudp_bufcreate(), set sa->sa_len on platforms where that field exists, so that a subsequent call to socklen() will return the correct result. To make the code more self-evidently correct, zero the entire struct sockaddr_storage object, using the memset(&ss, 0, sizeof(ss)) idiom. ticket: 7935
* Use binresvport_sa when creating RPC handlesAndreas Schneider2014-06-274-27/+39
| | | | | | | | | | | | | Make clnttcp_create, clntudp_bufcreate, svctcp_create, and svcudp_bufcreate work with unbound IPv6 sockets using bindresvport_sa and other socket helpers. For caller-supplied sockets, call getsockname to determine the address family we should attempt to bind. [ghudson@mit.edu: clarified commit message, minimized code changes, used socket-utils.h helpers, fixed fallback find on bindresvport failure, restored getsockaddr call to get port after binding] ticket: 7935
* Add a family-independent bindresvport_sa functionAndreas Schneider2014-06-271-11/+23
| | | | | | | | | | | | This functions allows you to pass IPv4 and IPv6 addresses. If no address is given, t will determine the family by checking the socket with getsockname. [ghudson@mit.edu: clarified commit message, split out setport helper, squashed with next commit, minimized code changes from old bindresvport, used socket-utils.h helpers] ticket: 7935 (new)
* Use sa_setport and sa_getport where appropriateGreg Hudson2014-06-271-12/+2
| | | | | | Use sa_setport and sa_getport in place of existing static helpers or open-coded switch statements in net-server.c, fake-addrinfo.c, and svc_tcp.c.
* Improve krb5_rd_req decryption failure errorsGreg Hudson2014-05-072-6/+7
| | | | | | | | | | | | | | When krb5_rd_req cannot decrypt a ticket, try to produce the most helpful diagnostic we can, and return an error code which corresponds to the most applicable Kerberos protocol error. Add a trace log containing the error message for ticket decryption failures, in case the application server does not log it. Add new tests to cover krb5_rd_req error messages and adjust existing tests to match the new messages. Also adjust svc_auth_gssapi.c to look for KRB5KRB_AP_ERR_NOT_US instead of KRB5KRB_AP_WRONG_PRINC. ticket: 7232
* make dependTom Yu2013-12-101-7/+9
|
* Bump libgssrpc minor versionTom Yu2013-11-271-1/+1
| | | | | | Bump minor version for the new log_badauth2 interfaces. ticket: 7770
* Add new versions of log_badauth gssrpc callbacksGreg Hudson2013-11-253-11/+44
| | | | | | | | | | libgssrpc supports two callbacks for gss_accept_sec_context failures on servers (one for AUTH_GSS and one for AUTH_GSSAPI), which are IPv4-specific. Provide an alternate version which supplies the transport handle instead of the address, so that we can get the address via the file descriptor for TCP connections. ticket: 7770
* Remove inet_ntoa() prototype from getrpcent.cBen Kaduk2013-11-251-1/+0
| | | | | | | It is not needed. In general, we shouldn't be using inet_ntoa(), anyway, as it is IPv4-specific and we have IPv6 support almost everywhere.
* Fix various warningsGreg Hudson2013-06-078-30/+20
|
* Reduce boilerplate in makefilesGreg Hudson2013-05-162-8/+0
| | | | | | | | | Provide default values in pre.in for PROG_LIBPATH, PROG_RPATH, SHLIB_DIRS, SHLIB_RDIRS, and STOBJLISTS so that they don't have to be specified in the common case. Rename KRB5_RUN_ENV and KRB5_RUN_VARS to RUN_SETUP (already the most commonly used name) and RUN_VARS. Make sure to use DEFINES for local defines (not DEFS). Remove some other unnecessary makefile content.
* Don't use portmapper in RPC testsGreg Hudson2013-05-014-32/+48
| | | | | | | | On many Linux systems, due to what is arguably a bug in rpcbind, the portmapper doesn't allow service registration from non-root processes. This causes the RPC tests to be frequently skipped. Modify the tests so that they don't need the portmapper, by grabbing the port number from the server process and passing it to the client.
* Disable the gssrpc expired-cred testGreg Hudson2013-05-011-2/+3
| | | | | | | | | | | | | The "expired" test in expire.exp tries to authenticate to the server process with an expired TGT (obtained using kinit -l -1m). Using an expired TGT to get an expired service cred no longer works after #6948. We could use kinit -S to get an expired service cred, but krb5_get_credentials won't return expired service cred from the cache (even before #6948). We could use time offsets to simulate clock skew between the client and server process, but that would be difficult because the test programs don't have access to the krb5_context objects used by the client or server process. Since we don't have a simple workaround, disable the test.
* make dependGreg Hudson2013-01-102-2/+2
| | | | | Mostly this gets rid of the trailing space on line 2 after bb76891f5386526bdf91bc790c614fc9296cb5fa.
* Fix initial call to svcraw_createNickolai Zeldovich2013-01-071-0/+1
| | | | | | | | | gssrpc raw services could not work because svcraw_create did not set svcraw_private after allocating memory for it. [ghudson@mit.edu: commit message, patch splitting] ticket: 7534
* Fix clntraw_create initializationGreg Hudson2012-12-201-8/+10
| | | | | | | | | clntraw_create has been broken since inception; on the first call, it would compute invalid values of xdrs and client and dereference them. Fix that. (This is pretty strong evidence that no one has ever used it.) Reported by Nickolai Zeldovich <nickolai@csail.mit.edu>. ticket: 7511
* Stop misusing gss_release_buffer in libgssrpcGreg Hudson2012-08-113-15/+11
| | | | | | | Use free() instead of gss_release_buffer() when freeing buffers in libgssrpc which weren't constructed by GSSAPI. This mixing is harmless in normal configurations (since libgssrpc is only used on Unix), but fails with DEBUG_GSSALLOC.
* Avoid unsigned/signed comparison in loop conditionBen Kaduk2012-07-031-2/+1
| | | | | | | The gid_len length is declared as an unsigned int, and loop index 'i' is a signed int. This could manifest as an infinite loop if gid_len is very large. In practice, gid_len should be small, but make 'i' the same type for consistency.
* Improve printf handling of size_t argsBen Kaduk2012-07-021-3/+4
| | | | | | | | | | | | | | | The %*s format takes two arguments, a precision length/width and an actual string; the length is specified as a signed integer. The size_t length field of the gss_buffer_desc type is an unsigned type, which must be cast or otherwise converted to a signed type to match the format string expectations. I do not think that the length will approach SIZE_T_MAX in practice, due to buffer constraints, so do not include handling for the edge case. There is a '%zu' format string for printing size_ts, but it is not available everywhere (e.g., AIX). Instead, use the unsigned long long abomination.
* Add missing $(LIBS) to some shared librariesTom Yu2012-05-171-1/+1
| | | | | | | | | | Add $(LIBS) to the $(SHLIB_EXPLIBS) for some shared libraries which did not previously include it, which prevented gcov from working properly in some cases. Patch from W. Trevor King. ticket: 7138
* Use GETSOCKNAME_ARG3_TYPE to prevent warning in type incompatibility.Ezra Peisach2012-03-061-2/+6
| | | | | | Fix a cast to prvent signed/unsigned warning. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25735 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up more stuff in make cleanGreg Hudson2011-11-041-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25437 dc483132-0cff-0310-8789-dd5450dbe970
* Silence various "may be used uninitialized" warnings from GCC causedKen Raeburn2011-09-052-4/+4
| | | | | | | | | by it not figuring out the control flow (initialization and use both tied to some other variable). DB2 code not included. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25146 dc483132-0cff-0310-8789-dd5450dbe970
* Get rid of variables triggering gcc's "defined but not used"Ken Raeburn2011-09-042-8/+0
| | | | | | complaints, almost entirely "rcsid" variables. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25141 dc483132-0cff-0310-8789-dd5450dbe970
* Rename local variable "socket" to avoid the one shadowed-declarationKen Raeburn2011-09-041-3/+3
| | | | | | warning I get in a simple GNU/Linux build. Solaris may have others. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25136 dc483132-0cff-0310-8789-dd5450dbe970
* Fix old-style GSSRPC authenticationGreg Hudson2011-06-131-3/+10
| | | | | | | | | | | | | | | r24147 (ticket #6746) made libgssrpc ignorant of the remote address of the kadmin socket, even when it's IPv4. This made old-style GSSAPI authentication fail because it uses the wrong channel bindings. Fix this problem by making clnttcp_create() get the remote address from the socket using getpeername() if the caller doesn't provide it and it's an IPv4 address. ticket: 6920 target_version: 1.9.2 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24967 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-0911-41/+13
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* Use for loops for recursion in the Windows build, cutting down on theGreg Hudson2010-11-282-2/+2
| | | | | | | | | verbiage in Makefile.in files. For correctness of output, every Makefile.in mydir= definition is changed to use $(S) instead of /. ticket: 6826 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24536 dc483132-0cff-0310-8789-dd5450dbe970
* Encoding cleanup: curly quotes to ASCII quotes, and some ISO-8859-1Tom Yu2010-10-0840-40/+40
| | | | | | files to UTF-8. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24446 dc483132-0cff-0310-8789-dd5450dbe970
* relicense Sun RPC to 3-clause BSD-styleTom Yu2010-09-2240-920/+1002
| | | | | | | | | Per e-mail from Wim Coekaerts, Oracle America authorizes the relicensing of Sun RPC to 3-clause BSD-style. ticket: 6784 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24336 dc483132-0cff-0310-8789-dd5450dbe970
* Fix XDR decoding of large values in xdr_u_intGreg Hudson2010-07-261-1/+1
| | | | | | | | | | | | | | | | | | | Our ancient RPC value internally decodes 32-bit wire values into a signed long, which is then casted to the appropriate type. xdr_u_int() contains a check intended to catch wire values that don't fit into a u_int on platforms with 16-ints, but on platforms with 64-bit longs it was failing on values of 2^31 or larger because the sign-extended value appeared larger than UINT_MAX. Fix the check by casting the value to uint32_t before comparing. This bug, in combination with a poor choice of types in kadm_rpc_xdr.c's xdr_krb5_enctype(), prevented negative enctype values from being transported properly in kadmin's change_password command result. ticket: 6753 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24210 dc483132-0cff-0310-8789-dd5450dbe970
* Fix a bug in r24147 where svctcp_create() was passing the wrong lengthGreg Hudson2010-06-261-1/+1
| | | | | | | | argument to bind(), causing it to fail on Solaris. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24148 dc483132-0cff-0310-8789-dd5450dbe970
* Make kadmin work over IPv6Greg Hudson2010-06-262-12/+27
| | | | | | | | | | | | | | | | | | | | | | | | Make gssrpc work over IPv6 TCP sockets provided that the client creates and connects/binds the sockets and doesn't query their addresses or use bindresvport(). Make kadmin work within those constraints and handle IPv6. Specific changes: * Make svctcp_create() able to extract the port from an IPv6 socket, using a new helper function getport(). * Make clnttcp_create() handle a null raddr value if *sockp is set. * Make kadm5_get_service_name() use getaddrinfo() to canonicalize the admin server name. * Make libkadm5clnt's init_any() responsible for connecting its socket using a new helper function connect_to_server(), which uses getaddrinfo instead of gethostbyname. Pass a null address to clnttcp_create(). * Make libapputil's net-server.c set up IPv6 as well as IPv4 listener ports for RPC connections. * Adjust the error code expected in a libkadm5 unit test. ticket: 6746 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24147 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate some uses of variables as format strings. Based on a patchGreg Hudson2010-05-031-8/+1
| | | | | | | | from Guillaume Rousse <Guillaume.Rousse@inria.fr>. ticket: 6714 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23963 dc483132-0cff-0310-8789-dd5450dbe970
* Consolidate Makefile variables now that we have only a single globalGreg Hudson2009-11-224-247/+244
| | | | | | | | | | | | | configure script: $(SRCTOP) --> $(top_srcdir) $(srcdir)/$(thisconfigdir) --> $(top_srcdir) $(thisconfigdir) --> $(BUILDTOP) $(myfulldir) --> $(mydir) ticket: 6583 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23308 dc483132-0cff-0310-8789-dd5450dbe970
* Clean up a bunch of signed/unsigned comparison warningsGreg Hudson2009-11-023-5/+6
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23120 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-3154-715/+705
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Re-run make depend without autoconf.h in the source treeGreg Hudson2009-09-162-40/+37
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22775 dc483132-0cff-0310-8789-dd5450dbe970
* Crypto modularity proj.: Move prf and random-to-key ops from backend to krbZhanna Tsitkov2009-09-162-37/+40
| | | | | | bigredbutton: whitespace git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22769 dc483132-0cff-0310-8789-dd5450dbe970
* Remove kadmin v1 API supportGreg Hudson2009-08-132-15/+15
| | | | | | | | | | | | | | | The kadmin v1 API and the even older ovsec_kadm_* API were legacy when kadmin was first incorporated in 1996, and compatibility with them is no longer believed to be necessary. The uninstalled kadmin/passwd has been removed (since it used the ovsec API). The test suite has been updated to use the v2 API where appropriate, and the parts specifically designed to test the old API have been excised. ticket: 6544 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22521 dc483132-0cff-0310-8789-dd5450dbe970
* Cleanup some warnings due to getsockname's third argument is sometimesEzra Peisach2009-02-063-4/+15
| | | | | | unsigned. Use GETSOCKNAME_ARG3_TYPE and fallback to int if not defined. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21904 dc483132-0cff-0310-8789-dd5450dbe970
* Detect failure to register with rpcbind/portmap due to securityEzra Peisach2009-02-054-3/+28
| | | | | | | | restrictons and not bomb out in tests. ticket: 6349 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21895 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-027-14/+14
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* Run a single expect statement to read from both client and server, toTom Yu2009-01-281-16/+9
| | | | | | avoid an apparent race condition on Darwin. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21814 dc483132-0cff-0310-8789-dd5450dbe970
* Define valgrind macros as no-ops if not USE_VALGRIND, and use ↵Ken Raeburn2009-01-221-26/+3
| | | | | | unconditionally, per Danilo's suggestion git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21773 dc483132-0cff-0310-8789-dd5450dbe970
* When encoding, and compiling with -DUSE_VALGRIND, explicitly get valgrind to ↵Ken Raeburn2009-01-201-0/+61
| | | | | | check the inputs git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21766 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 16:59:41 +0000