This reduces the check-gssmask runtime from around 7min to 1-2sec on
my laptop.
It is, perhaps, suboptimal to disable Nagle for a program that writes
successive 4-byte units of a protocol message in separate syscalls
rather than a single batch, and might be better to instead disable
delayed acks, but:
(a) there's no portable API for disabling delayed acks, and
(b) this program appears to be used exclusively for testing anyway.
fix https://github.com/heimdal/heimdal/issues/1139
This isn't fully POSIX shell, because POSIX shell still doesn't have
`local' variable declarations, but at least it is reasonably portable
now.
fix https://github.com/heimdal/heimdal/issues/1299
The read() in readall() to read the SOCKS4a request was sometimes
failing with EAGAIN, which it wasn't prepared for, causing the
request to be rejected and the test to fail.
I wrote this code specifically under the assumption the fd would be
in blocking mode, and in the original draft I wrote with stdin/stdout
under socat that was true. But when I adapted this to do its own
bind/listen/accept logic, I broke it, because POSIX leaves it
unspecified whether accept() inherits the O_NONBLOCK setting or not:
https://pubs.opengroup.org/onlinepubs/9799919799/functions/accept4.html
And the traditional BSD semantics is to inherit O_NONBLOCK.
So, just explicitly clear O_NONBLOCK on the fd returned by accept().
All network traffic to KDC goes through the SOCKS4a proxy if it is
configured.
This is deliberately kept simple -- and is not generalized to SOCKS4
or SOCKS5 or other types of proxies -- so it is easy to audit for
network and DNS leaks. (SOCKS4 works in IP addresses, and so invites
DNS leaks. SOCKS5 can be OK, if used judiciously, but takes more
work to implement.)
This only affects krb5_sendto -- the other initiator of network
traffic in libkrb5, krb5_change_password, will be fixed to respect
socks4a_proxy in a subsequent commit.
XXX Need to figure out where the socks4a.c code should go.
fix https://github.com/heimdal/heimdal/issues/1151
Acording to POSIX <poll.h> should be used instead of <sys/poll.h>.
Libcs like musl libc added a redict due maintain compat with older
glibcs and added the following warning:
/usr/include/sys/poll.h:1:2: warning: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Wcpp]
1 | #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
| ^~~~~~~
Ref: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/poll.h.html
Note: the rk_WFLAGS in configure.ac appears to be dead code,
overridden by the rk_WFLAGS in cf/roken-frag.m4. This confusing
state of affairs should be improved.
