oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity
28,266 Commits 2 Branches 2 Tags
2c20a5a8bca0a15599ee68fcd16b532ddb4756a1
Commit Graph

94 Commits

Author SHA1 Message Date
Nicolas Williams
616aaf95a8 Don't suppress DNS search list by appending '.' 
The original motivation was to avoid extra timeouts when the network is
broken.  However this doesn't avoid one of the timeouts and adds
complexity and introduced bugs.

To really suppress search lists use ndots.
 2016-11-10 13:17:19 -06:00
Nicolas Williams
13cb3b5646 Don't inhibit /etc/services matches 2016-11-09 22:49:03 -06:00
Nicolas Williams
6a68376a33 Don't inhibit /etc/hosts matches (fix #32) 
Apending '.' to the hostname passed to `getaddrinfo()` is good for
avoiding extra timeouts when the search list is non-empty and the
network is broken, but searches in /etc/hosts are typically inhibited
then.  The fix is to try again without the trailing '.' if the first
lookup failed for any reason other than a timeout.
 2016-11-09 22:49:03 -06:00
Jeffrey Altman
cc62c1a4ae lib/krb5: fix srv_find_realm invalid gTLD test 
In srv_find_realm() the conditional for testing whether an entry
is the invalid gTLD response was inverted.  Refactor the conditional
into a helper function is_invalid_tld_srv_target().  Use the helper
to simplify the conditional making it easier to confirm that the
test is correct.

Change-Id: I3220753b5585ac535862c4617030377c7a1f4bbe
 2016-04-13 18:52:55 -05:00
Jeffrey Altman
13568961ec krb5: DNS A record fallback test for invalid gTLD 
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is controlled
interuption service which will return explicit responses to DNS A, MX, SRV, and TXT
queries that can be used to detect private namespace collisions.

When performing fallback_get_hosts() check the AF_INET responses to ensure
that they are not the gTLD name collision address 127.0.53.53.  If so, add
an error message to the context and return KRB5_KDC_UNREACH.

Write a warning to the log (if any).

Change-Id: I2578f13948b8327cc3f06542c1e489f02410143a
 2016-04-10 17:05:07 -05:00
Jeffrey Altman
4b45355162 krb5: DNS SRV records test for invalid gTLD 
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is a
controlled interuption service which will return explicit responses to DNS
A, MX, SRV, and TXT queries that can be used to detect private namespace collisions.

Modify SRV records lookups to detect the special hostname returned in the
SRV response, skip the response, and record an appropriate error if it is detected.

Write a warning to the log (if any).

Change-Id: I47e049b617e39e49939bc92d513a547de1d04624
 2016-04-10 17:05:07 -05:00
Jeffrey Altman
5f138a16ef libkrb5: Add missing KRB5_LIB_FUNCTION/KRB5_LIB_CALL 
KRB5_LIB_FUNCTION and KRB5_LIB_CALL are necessary even on private
functions that are exported.

Change-Id: Iccd0cfe87ff0a9d851e29890e9cb55b3ae517ce1
 2013-06-22 21:17:32 -04:00
Roland C. Dowdeswell
f0f07ff408 Use krb5_enomem() more consistently in lib/krb5. 2013-02-13 16:15:00 +08:00
Love Hornquist Astrand
58ff480763 rewrite send to kdc to be more agressive, try kdcs in paralell and easier to configure behavior 2013-02-10 19:02:52 -08:00
Love Hornquist Astrand
dff11de56b use new plugin system for locate kdc plugins (30 as-req/s faster for kdc-tester on MacBookAir5,2) 2012-12-27 12:23:29 +01:00
Love Hornquist Astrand
0879b9831a remove trailing whitespace 2011-05-21 11:57:31 -07:00
Love Hornquist Astrand
1072afd6bf Andrew Bartlet pointed out that the patch was incomplete, update and write doxygen. 2010-09-30 00:44:35 -07:00
Love Hornquist Astrand
f454f45fbf If the hostname contains a dot, assumes it's a FQAN and don't use 
search domains since that might be painfully slow when machine is
disconnected from that network.

Found by Tridge
 2010-09-28 22:37:01 -07:00
Love Hornquist Astrand
788189805c catch error from as.*printf 2010-05-30 13:28:49 -07:00
Love Hornquist Astrand
687db64c56 Patch from Secure Endpoints/Asanka Herath for windows support 2009-12-21 08:45:28 +01:00
Love Hornquist Astrand
4c06438189 Add _krb5_krbhst_get_realm() to get what realm was used 2009-09-07 20:54:48 -07:00
Love Hornquist Astrand
6770fd45e1 Sprinkle _krb5_debug() for more info about what the framework is actually doing behind our back 2009-09-07 20:22:44 -07:00
Love Hornquist Astrand
ede8ad11ad Support IPv6 numeric style addresses, example [2001:10:300::1]:88 2009-08-14 04:34:10 +02:00
Love Hörnquist Åstrand
db149370e1 dns: switch to rk types 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24893 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-22 17:18:55 +00:00
Love Hörnquist Åstrand
bd5229d126 prefix dns_ symbols 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24883 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-03-22 17:17:02 +00:00
Love Hörnquist Åstrand
c2c1e95ccf dont increment nhost since its no longer used 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24852 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-02-27 03:29:58 +00:00
Love Hörnquist Åstrand
3767202e6e drop RCSID 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@24359 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2009-01-25 00:31:10 +00:00
Love Hörnquist Åstrand
50d02c49b9 Only claime configuration exists if the plugin returned some useful data. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23816 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:43:32 +00:00
Love Hörnquist Åstrand
6937d41a02 remove trailing whitespace 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23815 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 09:21:03 +00:00
Love Hörnquist Åstrand
e172367898 switch to utf8 encoding of all files 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23814 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-13 08:53:55 +00:00
Love Hörnquist Åstrand
c808db85c0 N_()ify 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23786 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-09-07 21:27:47 +00:00
Love Hörnquist Åstrand
dbc55c9bec indent 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23447 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-27 12:09:05 +00:00
Love Hörnquist Åstrand
2a4e18eb43 handle KRB5_PLUGIN_NO_HANDLE for lookup plugin. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23366 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-15 11:26:11 +00:00
Love Hörnquist Åstrand
e3af27dfa4 use constant KRB5_PLUGIN_LOCATE 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23350 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-07-15 11:22:26 +00:00
Love Hörnquist Åstrand
7fcd266fdd use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23316 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 04:32:32 +00:00
Love Hörnquist Åstrand
f19dec620a use krb5_set_error_message 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23294 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2008-06-23 03:28:29 +00:00
Love Hörnquist Åstrand
c0e76182db Set error string when there is no KDC for a realm. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21457 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-07-10 12:53:25 +00:00
Love Hörnquist Åstrand
8ab80e3238 Host is static memory, don't free. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21131 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2007-06-18 20:48:09 +00:00
Love Hörnquist Åstrand
31c6637aca (plugin_get_hosts): be more paranoid and pass in a NULLed plugin list 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19198 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-30 17:23:08 +00:00
Love Hörnquist Åstrand
feca1fb894 Fill in hints for picky getaddrinfo()s. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19010 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-13 05:06:08 +00:00
Love Hörnquist Åstrand
35ac6d4651 Use plugin for the other realm locate types too. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19008 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-13 04:46:37 +00:00
Love Hörnquist Åstrand
51bdcbd088 Use the resolve plugin interface. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@19000 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-11-12 20:05:20 +00:00
Love Hörnquist Åstrand
7a2077bff3 (common_init): don't try DNS when there is realm w/o a dot. 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18272 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-10-06 17:11:02 +00:00
Love Hörnquist Åstrand
cf9efd9db1 (fallback_get_hosts): limit the fallback lookups to 5. 
Patch from Wesley Craig, umich.edu


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@17958 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-09-01 10:16:28 +00:00
Love Hörnquist Åstrand
d9b82bea73 fix spelling 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16958 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-02 10:32:20 +00:00
Love Hörnquist Åstrand
d579ee0dc9 (_krb5_krbhost_info_move): replace a strcpy with a memcpy 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16943 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2006-04-02 01:28:42 +00:00
Love Hörnquist Åstrand
66baee8800 (_krb5_krbhost_info_move): new function 
(_krb5_free_krbhst_info): expose to internal use


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16155 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-10-08 15:40:50 +00:00
Love Hörnquist Åstrand
ab5d515651 (krb5_krbhst_init_flags): rename variable to avoid shadowing 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15467 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-06-17 04:23:26 +00:00
Love Hörnquist Åstrand
429998ed6e (srv_get_hosts): if srv_get_hosts failes, return and ignore the error 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15201 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-20 09:09:42 +00:00
Love Hörnquist Åstrand
ea49018330 (srv_find_realm): make sure res' and count' have good values 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@15200 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-05-20 09:07:18 +00:00
Luke Howard
d3251a6794 Set KD_CONFIG after calling config_get_hosts() in kpasswd_get_next() 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@14581 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2005-02-20 06:50:26 +00:00
Love Hörnquist Åstrand
91351971f7 add KRB5_LIB_FUNCTION to all exported functions 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13863 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-05-25 21:46:46 +00:00
Love Hörnquist Åstrand
f1d3b2660d also lookup _kpasswd._tcp SRV-rr 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@13662 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2004-03-31 14:04:57 +00:00
Love Hörnquist Åstrand
9f1541abe3 (krb5_krbhst_init_flags): new function, use it and adapt callers 
(krbhst_get_default_proto): new function, returns udp, or in case
large_msg was requested for the krb5_krbhst_data, use tcp.
(*): if the flag KD_LARGE_MSG was set on the krb5_krbhst_data, avoid
using udp, use krbhst_get_default_proto


git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12928 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-09-30 17:38:18 +00:00
Love Hörnquist Åstrand
d14cfe3866 update copyright 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@12106 ec53bebd-3082-4978-b11e-865c3cabbd6b
 2003-04-22 15:08:05 +00:00