summaryrefslogtreecommitdiffstats
path: root/src/slave/kpropd.c
Commit message (Collapse)AuthorAgeFilesLines
* Quiet kpropd.c signed/unsigned comparison warningsNicolas Williams2013-01-241-3/+3
| | | | [ghudson@mit.edu: simplify slightly]
* Fix iprop log reinitializationGreg Hudson2013-01-221-0/+2
| | | | | | | | | | | | | | | | If the master iprop log is reinitialized to serial number 0, slaves will need to take a full dump--but after that happens, we need to know whether the slave has taken that full dump, we we don't offering full dumps indefinitely. So, record a timestamp in kdb_last_time when we reinitialize the log header, and compare the slave timestamp to kdb_last_time whenever it has the current serial number, even if it's 0. Test this by performing a propagation with sno 0 in t_iprop.py and detecting whether kpropd gets a second UPDATE_FULL_RESYNC_NEEDED response from kadmind. ticket: 7550 (new)
* Make t_iprop.py faster and more robustGreg Hudson2012-10-121-3/+11
| | | | | | | | | | | | | | | Catch SIGUSR1 in iprop-mode kpropd so that we can use it to interrupt sleeps and make kpropd do an iprop request immediately. In k5test.py, add prod_kpropd and read_from_kpropd methods to allow test scripts to send a SIGUSR1 to kpropd and to read its stdout/stderr output; also allow the test script to specify additional arguments when starting kpropd. In t_iprop.py, start kpropd with -d and, instead of sleeping, read kpropd output until we see an indication that kpropd is in sync with the master. To avoid delays, prod kpropd before waiting for sync and after a completed full prop.
* Fix slow kprop dejagnu testGreg Hudson2012-10-101-1/+1
| | | | | | | | | Fix kpropd -S -t to actually exit after processing one connection (it was breaking out of the switch statement, not the while loop). Use the -t when invoking kpropd from the dejagnu test framework; previously it was unnecessary because kpropd -S -d exited after one connection. Clear up some confusion in the kprop.exp comments about whether kpropd is expected to exit.
* Remove an old, incorrect comment in kpropd.cNicolas Williams2012-10-081-9/+0
| | | | | | | We absolutely do not want a parking brake on the kprop protocol as described in the comment being removed. Instead the kprop command should be fixed so it doesn't die on error (assuming it even still does or ever did, neither of which I've checked).
* Send kpropd debug msgs to stderrNicolas Williams2012-10-081-4/+5
|
* Deprecate kpropd -S optionNicolas Williams2012-10-051-1/+12
| | | | ticket: 7376
* Improve kpropd debug and syslog outputNicolas Williams2012-10-051-39/+123
| | | | | | | Add additional debug output and syslogs. Remove "kpropd:" from syslogs. Always call openlog(). Clean up C style of a few messages. [ghudson@mit.edu: split and combine commits; commit message]
* Improve kpropd behavior in iprop modeNicolas Williams2012-10-051-222/+174
| | | | | | | | | | | | | | | | | | | | | | - Make kpropd in iprop mode fork a child to listen for kprops from the master. The child writes progress and outcome reports to the parent for each kprop. This fixes a race between asking for a full resync and setting up a listener socket for it. - Add runonce (-t) for kpropd do_standalone() too. - Add a new iprop parameter: iprop_resync_timeout. kpropd will keep asking for incremental updates while waiting for a full resync to finish, and will re-request a full resync if kadmind continues to indicate that one is needed after this timeout passes since the previous full resync was requested. - Allow polling intervals less than 10 seconds. [ghudson@mit.edu: split out debug output changes; note polling interval change in commit message] ticket: 7373
* Policy extensions + new policy: allowed ks typesNicolas Williams2012-07-301-1/+1
| | | | | | | | | | | | | | | | | This simply adds KADM5_API_VERSION_4 and various fields to the policy structures: - attributes (policy-ish principal attributes) - max_life (max ticket life) - max_renewable_life (max ticket renewable life) - allowed_keysalts (allowed key/salt types) - TL data (future policy extensions) Of these only allowed_keysalts is currently implemented. Some refactoring of TL data handling is also done. ticket: 7223 (new)
* Allow using locales when gettext is absentBen Kaduk2012-07-061-0/+1
| | | | | | | | | | | Previously, if configure did not detect dgettext(), we disabled anything that smelled like localization, inadvertently including setlocale(). Now that we use setlocale(LC_ALL, ""), we have localized dates available as well as messages, so we should not disable calls to setlocale() any more. Since the routines from locale.h are only used in a relatively small number of places, just include the header directly in those files and remove it from k5-platform.h.
* Enable all localizations in main functionsBen Kaduk2012-07-061-1/+1
| | | | | | | | | | | | | | | Bite the bullet and pass LC_ALL to setlocale() instead of just LC_MESSAGES. Calls to setlocale() itself were introduced in fabbf9e443459e8c0161c84563690ed70c7f6a61 for ticket 6918, but only for LC_MESSAGES since only localized strings were needed and that was the most conservative option. However, klist, kadmin, and kinit (and perhaps others) would benefit from localized formats for times (i.e., LC_TIME). If potentially localized data is being sent on the wire, that is a bug that should be fixed. No such bugs are found with the current test suite, so we are comfortable enabling LC_ALL at this time. ticket: 7192
* Require IPv6 supportKen Raeburn2012-02-281-3/+1
| | | | | | | | | | | | | | The configure-time options to enable and disable IPv6 support have been deprecated for some time, but the checks for OS support were kept. This removes those checks, and unconditionally compiles in the IPv6 support. There was a configure-time test to see if the macro INET6 needed to be defined in order to enable (visibility of) OS support for IPv6, which was needed on an IRIX system we tested with. That check is retained, but the revised code is untested on IRIX. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25719 dc483132-0cff-0310-8789-dd5450dbe970
* Always include fake-addrinfo.h when using getaddrinfo and friendsKen Raeburn2011-07-011-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25011 dc483132-0cff-0310-8789-dd5450dbe970
* Separate license and non-license comment in kpropdGreg Hudson2011-06-231-2/+3
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24979 dc483132-0cff-0310-8789-dd5450dbe970
* Use AI_ADDRCONFIG unconditionally in kpropdGreg Hudson2011-06-231-5/+1
| | | | | | | fake-addrinfo.h ensures that AI_ADDRCONFIG is defined, so we don't need #ifdef tests when we use it. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24976 dc483132-0cff-0310-8789-dd5450dbe970
* Add setlocale() calls to main functionsGreg Hudson2011-06-101-0/+1
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24963 dc483132-0cff-0310-8789-dd5450dbe970
* Mark up strings for translationGreg Hudson2011-06-101-63/+60
| | | | | | ticket: 6918 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24961 dc483132-0cff-0310-8789-dd5450dbe970
* Adjust most C source files to match the new standards for copyrightGreg Hudson2011-03-091-2/+1
| | | | | | and license comments. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24695 dc483132-0cff-0310-8789-dd5450dbe970
* kpropd denial of service [MITKRB5-SA-2011-001 CVE-2010-4022]Tom Yu2011-02-091-4/+4
| | | | | | | | | | | When operating in standalone mode and not doing iprop, don't return from do_standalone() if the child exits with abnormal status. ticket: 6859 tags: pullup target_version: 1.9.1 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24621 dc483132-0cff-0310-8789-dd5450dbe970
* Read KDC profile settings in kpropdGreg Hudson2010-11-161-1/+3
| | | | | | | | | | | kpropd can modify the KDB with ulog_replay(), so it should read the KDC profile settings in case the KDB configuration is in there. ticket: 6820 target_version: 1.9 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24519 dc483132-0cff-0310-8789-dd5450dbe970
* Fix adjustment of counterKen Raeburn2010-10-231-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24477 dc483132-0cff-0310-8789-dd5450dbe970
* In kpropd, when getting a wildcard address to listen on, try IPv6Greg Hudson2010-07-011-11/+32
| | | | | | | | | | | | | | | | | explicitly (with AI_ADDRCONFIG specified where available, to avoid IPv6 on hosts with no IPv6 interface) and then fall back to IPv4. Only set IPV6_V6ONLY on the listener socket if the resulting address is IPv6. Note: we have mostly confirmed that OpenBSD does not have dual-stack support, meaning that it would be better to open separate IPv4 and IPv6 listener sockets, as we do in krb5kdc and kadmind. Unfortunately, the complicated iprop retry-and-backoff logic makes this less than straightforward. ticket: 6686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24156 dc483132-0cff-0310-8789-dd5450dbe970
* Use getaddrinfo() in kprop and kpropd, and recognize IPv6 addressesGreg Hudson2010-06-111-78/+52
| | | | | | | | | | | | | when setting up krb5_address structures. kpropd still only binds to one socket to avoid the need for a select() loop, so we turn off IPV6_V6ONLY on that socket to ensure that IPv4 connections will still be accepted. Based on a patch from Michael Stapelberg <michael@stapelberg.de>. ticket: 6686 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24134 dc483132-0cff-0310-8789-dd5450dbe970
* Eliminate some uses of variables as format strings. Based on a patchGreg Hudson2010-05-031-2/+2
| | | | | | | | from Guillaume Rousse <Guillaume.Rousse@inria.fr>. ticket: 6714 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23963 dc483132-0cff-0310-8789-dd5450dbe970
* Use krb5_free_default_realm instead of free on the results ofEzra Peisach2009-12-311-2/+2
| | | | | | krb5_get_default_realm(). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23555 dc483132-0cff-0310-8789-dd5450dbe970
* Reformat some open-paren issues. Remove kprop.c and kpropd.c fromTom Yu2009-11-061-1348/+1330
| | | | | | exclusions. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23140 dc483132-0cff-0310-8789-dd5450dbe970
* make mark-cstyleTom Yu2009-10-311-33/+33
| | | | | | make reindent git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23100 dc483132-0cff-0310-8789-dd5450dbe970
* Account lockoutGreg Hudson2009-10-251-12/+40
| | | | | | | | | | | | Merge Luke's users/lhoward/lockout2 branch to trunk. Implements account lockout policies for preauth-using principals using existing principal metadata fields and new policy fields. The kadmin API version is bumped from 2 to 3 to compatibly extend the policy_ent_rec structure. ticket: 6577 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23038 dc483132-0cff-0310-8789-dd5450dbe970
* Modify kadm5 initializers to accept krb5 contextsGreg Hudson2009-08-171-2/+3
| | | | | | | | | | Add krb5_context parameters to all kadm5 initialization functions. This allows extended error information to be retrieved by the caller when an error is returned. ticket: 6547 git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@22527 dc483132-0cff-0310-8789-dd5450dbe970
* Remove unnecessary pointer casts in args to free,memcpy,memset,memchr except ↵Ken Raeburn2009-02-021-7/+7
| | | | | | unicode, windows code git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21875 dc483132-0cff-0310-8789-dd5450dbe970
* Change kpropd_com_err_proc to prototype style, add format attributeKen Raeburn2008-12-301-5/+14
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21637 dc483132-0cff-0310-8789-dd5450dbe970
* If full resync fails, go into backoff modeKen Raeburn2008-12-301-0/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21636 dc483132-0cff-0310-8789-dd5450dbe970
* Handle a number of warnings - including missing prototype,Ezra Peisach2008-12-291-19/+8
| | | | | | | paraenthesis in conditionals, unused function removal, unused variable removal. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21621 dc483132-0cff-0310-8789-dd5450dbe970
* Some cleanup from Shawn Emery: Use INITIAL_TIMER macros instead ofKen Raeburn2008-12-221-1/+2
| | | | | | hardcoding values; reset 'gfd' when turning off the alarm. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21563 dc483132-0cff-0310-8789-dd5450dbe970
* Convert many uses of sprintf to snprintf or asprintfGreg Hudson2008-12-011-10/+8
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21258 dc483132-0cff-0310-8789-dd5450dbe970
* Shawn's fix for some iprop bugs, with some tweaksKen Raeburn2008-12-011-13/+100
| | | | | | | | | Adds an alarm while waiting for kprop connection or authentication in iprop mode; on timeout, close down the active file descriptor to force us to bail out and return to the iprop main loop (which may try a full resync again next time around). git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21204 dc483132-0cff-0310-8789-dd5450dbe970
* Log more info if ulog_replay fails. Correctly use supplied keytab nameKen Raeburn2008-11-171-5/+7
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@21131 dc483132-0cff-0310-8789-dd5450dbe970
* Use asprintf instead of malloc/strcpy/strcat in many placesGreg Hudson2008-10-201-4/+1
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20901 dc483132-0cff-0310-8789-dd5450dbe970
* Use strdup in place of malloc/strcpy in many placesGreg Hudson2008-10-201-2/+1
| | | | | | | ticket: 6200 status: open git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20898 dc483132-0cff-0310-8789-dd5450dbe970
* Merge from branch sun-ipropKen Raeburn2008-06-241-15/+615
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@20465 dc483132-0cff-0310-8789-dd5450dbe970
* provide more useful error message when running kpropd on command lineKen Raeburn2007-07-201-3/+12
| | | | | | | | | | | | | | | | The way kpropd indicates that it's supposed to be connected to the network is by printing out a socket error: kpropd: getpeername: Socket operation on non-socket With this patch, it's a bit more friendly: ./kpropd: Standard input does not appear to be a network socket. (Not run from inetd, and missing the -S option?) ticket: new git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19720 dc483132-0cff-0310-8789-dd5450dbe970
* Use [v]snprintf or asprintf instead of unchecked sprintf and separate ↵Ken Raeburn2007-07-121-1/+1
| | | | | | allocation size calculations git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19709 dc483132-0cff-0310-8789-dd5450dbe970
* whitespaceKen Raeburn2006-06-201-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18177 dc483132-0cff-0310-8789-dd5450dbe970
* Change kprop and kpropd to fall back on port 754 if krb5_prop isn'tRuss Allbery2006-06-131-2/+2
| | | | | | | | | | available via getservbyname rather than failing. Ticket: 3268 Version_Reported: 1.4.2 Component: krb5-misc git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18123 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Add KRB5_GETSOCKNAME_ARGS and KRB5_GETPEERNAME_ARGSEzra Peisach2001-12-061-3/+10
| | | | | | | * kprop.c, kpropd.c: Use GETSOCKNAME_ARG3_TYPE and GETPEERNAME_ARG3_TYPE. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@14051 dc483132-0cff-0310-8789-dd5450dbe970
* Don't conditionalize prototypes; delete macros supporting it. (Maybe overdone;Ken Raeburn2001-10-101-15/+15
| | | | | | don't worry about restoring them when importing new versions of code.) git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13792 dc483132-0cff-0310-8789-dd5450dbe970
* * configure.in: Check for daemon() prototypeEzra Peisach2001-06-211-0/+4
| | | | | | * kpropd.c: Provide prototype if needed. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13452 dc483132-0cff-0310-8789-dd5450dbe970
* * kpropd.c (authorized_principal): Cast argument to ispace() to intEzra Peisach2001-06-181-2/+2
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@13376 dc483132-0cff-0310-8789-dd5450dbe970
* * kpropd.c (load_database): Initialize save_stderr variableKen Raeburn2001-01-301-1/+1
| | | | git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@12971 dc483132-0cff-0310-8789-dd5450dbe970
generated by cgit (git 2.34.1) at 2025-09-26 01:25:54 +0000