| Commit message (Collapse) | Author | Age |
|
|
|
|
| |
Also removes my old affiliation and address from the protocol
documentation.
|
|
|
|
|
|
| |
Add SPDX-License-Identifier headers to all substantial source files.
Also canonicalize copyright date formats and fix a few copyright
notices that weren't in my standard layout.
|
|
|
|
|
| |
Flesh out support for Clang warnings and compile cleanly under Clang
with most warnings enabled (-Weverything with some exclusions).
|
|
|
|
|
| |
Add maintainer check-cppcheck target to run cppcheck across the source
base with a standard configuration. Fix all issues found by cppcheck.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Validate command argument count, the length of command arguments, and
the length of blocks of output from the server fit into the data type
used in the wire protocol.
Check the port argument to remctl and remctld to ensure that it is a
valid port number.
Update to rra-c-util 7.1:
* Avoid spurious test failures from the network library.
* Fix configure output when a Kerberos install prefix was provided.
* Fix new warnings in GCC 7 and add new warning flags.
* Fix all warnings from the Clang static analyzer.
* Fix warnings under Clang with most warnings enabled.
Update to C TAP Harness 4.3:
* On test failures, report left/right instead of wanted/expected.
* Fix string comparisons involving NULL pointers.
|
|
|
|
|
| |
The current GCC doesn't like this, and it's easy to avoid, so just
be more explicit.
|
|
|
|
|
|
| |
Use Autoconf to probe for warning flags, update rra-c-util files
with various warning fixes, and fix newly-discovered warnings in
the remctl source base caught by GCC 6.
|
|
|
|
|
|
|
|
|
|
|
| |
More includes and some code had to be conditional if not built
with Kerberos support, and the non-Kerberos branch of the
localgroup tests needed a cast.
Change-Id: Ie7111b3280de198f18790c9c39bd9c24ed4657ca
Reviewed-on: https://gerrit.stanford.edu/1508
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use calloc in preference to calculating a malloc size with
multiplication everywhere, and reallocarray in preference to
calculating a realloc size. In most places this caution was probably
not necessary, but uniformity is easier to audit and no one will ever
notice the speed difference between malloc and calloc. Add explicit
overflow checks before every remaining malloc call with a calculated
size.
Change-Id: Ifc8e577b32d45751b9d64955aa1cace8a5dedde0
Reviewed-on: https://gerrit.stanford.edu/1491
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
| |
Use INVALID_SOCKET properly in more places. Rework remctl_close
to avoid unnecessary nesting and add some internal comments.
Change-Id: Ic4037ce0cab0b4be4095355cdc9e8d4bf2d1fe60
Reviewed-on: https://gerrit.stanford.edu/1421
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
| |
Fix a GSS-API context leak in the remctl client when failing to send a
protocol version one token.
Change-Id: I38f48b86479d0567015b7910e0348da5ed451e5b
Reviewed-on: https://gerrit.stanford.edu/1420
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Stop checking whether something is non-NULL before freeing it.
POSIX guarantees you can just call the function without checking,
and several of our supporting data structures provide the same
guarantee.
Assume that memset/calloc will set all the pointers to NULL and
they don't have to be set explicitly.
Change-Id: Iea6529c1603aa7724647387f92fc5d4dc5dc708b
Reviewed-on: https://gerrit.stanford.edu/1395
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
| |
I missed one when updating to the latest rra-c-util, leading to
a leak of a Kerberos context and ticket cache.
Change-Id: I7067399d0de116a574d348c0d89014d1b4ae4880
Reviewed-on: https://gerrit.stanford.edu/1363
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to rra-c-util 5.1:
* Suppress a dummy symbol in the client library that could leak.
* Don't attempt to use Kerberos if no Kerberos error APIs were found.
* Improve error handling in xasprintf and xvasprintf.
* Check the return status of snprintf and vsnprintf properly.
* Preserve errno if snprintf fails in vasprintf replacement.
* Improve error handling of network_bind_* functions.
* vector_free and cvector_free now can be passed NULL.
* Abort remctl tests if the PID file already exists.
Update to C TAP Harness 2.4:
* Suppress lazy plans and test summaries if the test failed with bail.
Change-Id: I024db40536ff5e20f53bc8d1b346723be05543bc
Reviewed-on: https://gerrit.stanford.edu/1354
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
| |
Change-Id: Iba0376ea03a749d81abc2eeb49b0b5cf7d3e8847
Reviewed-on: https://gerrit.stanford.edu/1353
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a client memory leak when remctl_set_ccache is used with a
Kerberos library that supports gss_krb5_import_cred. The credential
was never freed, leaking memory with each remctl client call, and a
Kerberos ticket cache struct could also be leaked in some situations.
Change-Id: I21cf03a289bb23da690a9ea017fe0e504460a0d9
Reviewed-on: https://gerrit.stanford.edu/1349
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we support port fallback (when the port argument to remctl_open
is 0), we first try the current port and then the legacy port. This
meant that the reported connection failure error message always
specified the legacy port.
Change this by remembering the error from the first connection and
reporting it if the legacy connection also fails. This avoids
encouraging people to set up firewall rules for port 4444 or otherwise
chasing the wrong problem or using the legacy port where they shouldn't.
Change-Id: I9a5078cbfb61cfeaf9aa017782985b3f6520dd12
Reviewed-on: https://gerrit.stanford.edu/1295
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
| |
This is mostly to silence clang builds, but there are some edge
cases where this will report an error that otherwise wouldn't have
been reported.
Change-Id: I85cce8d52cc8569a49c4fdb2f1cf8cfa6398b1a3
Reviewed-on: https://gerrit.stanford.edu/1256
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
| |
client.c uses the UNUSED macro. Include the header file that defines
this macro.
Change-Id: I7939268fc4652d78ae629a91265bc1e11e0dc827
Reviewed-on: https://gerrit.stanford.edu/1254
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
| |
The code that actually called gss_krb5_import_cred wasn't conditional
and the compiler wasn't smart enough to discard it. Provide a stub
of the relevant open routine for systems that don't have the function.
Change-Id: I93af1fbafe6fee192e44fb29cf65d06b738e5897
Reviewed-on: https://gerrit.stanford.edu/1206
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a Kerberos library and gss_krb5_import_cred are available at build
time, libremctl now uses them to implement remctl_set_ccache to avoid
affecting global program GSS-API state. If those requirements are
met, remctl_set_ccache will only affect the remctl context on which
it's called.
This also requires importing the Kerberos portability layer, so make
sure that it's usable for the TAP Kerberos add-on.
Change-Id: I561812d0e36df6adf52d974dd5390953940865c5
Reviewed-on: https://gerrit.stanford.edu/1198
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
| |
These confuse build-license, and the "all rights reserved" statement
is no longer meaningful or reqiured. Also update copyright dates in
the Windows resource files.
Change-Id: Iaefc1ee74afcec17fcb7a61b4080298bda609992
Reviewed-on: https://gerrit.stanford.edu/971
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
| |
Caught by clang --analyze in the client open code. This shouldn't
matter since the error code wouldn't be TOKEN_FAIL_GSSAPI, but be
clean anyway.
Change-Id: I4c8c82f3d53603c06720b2e1d00ff8a559529879
Reviewed-on: https://gerrit.stanford.edu/949
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
| |
Return an error if an empty command is passed into remctl_command
rather than attempting to malloc zero bytes.
Change-Id: I92c52be3ae737cc906acc3385c2b4b9d6474f7a4
Reviewed-on: https://gerrit.stanford.edu/948
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
| |
Change-Id: Ic1fb6d849ecd7a054bd6b572d9bfc6107bb4c840
Reviewed-on: https://gerrit.stanford.edu/811
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix various warnings. Pre-declare the addrinfo and sockaddr structs
in remctl.h so that the header is still standalone. Install symlinks
for the manual page for the new documented APIs. Add the new functions
to the symbol export maps. Make network_connect more const-correct.
Change-Id: I1fbc5e62444161957dca24b9f85b3bb0ed22719a
Reviewed-on: https://gerrit.stanford.edu/810
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
| |
Add new APIs for establishing a remctl connection given a sockaddr,
a list of struct addrinfo, or an already-open socket.
Change-Id: I300b16023b989fdd97cb6e6695a92203a8937da2
Reviewed-on: https://gerrit.stanford.edu/813
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
| |
remctl_open() performs certain operations to "reset" a connection before
opening it. These have now been abstracted out into a new internal_reset()
in order to allow them to be shared between multiple open interfaces.
Change-Id: Ie309f288dd2e52d82e71bcb2e9dc74320515dab5
Reviewed-on: https://gerrit.stanford.edu/807
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Take code that selects a port and calls internal_connect() to establish
a connection, and pull it up out of internal_open() and into remctl_open().
In the process, internal_connect() is made non-static, and internal_open()
loses its port argument.
This paves the way for alternatives to remctl_open() in which the caller
provides a socket descriptor or address instead of a hostname and port.
Such interfaces will need internal_open() without internal_connect().
Change-Id: I81d90097a3d422fb9c6a3fe754a5a1f60aac4415
Reviewed-on: https://gerrit.stanford.edu/806
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
| |
Change-Id: I111f7a9c7e5f499e624e1046ace09a7ae53249a7
|
|
|
|
|
|
|
| |
Fix several memory leaks when closing or reusing client connections in
libremctl.
Change-Id: I26e31d544e74d86a18aaa15f00ec32140b32ef37
|
|
|
|
| |
Change-Id: I4e9051266824717d3622faa897d0893dbfa9158c
|
|
|
|
|
|
|
| |
* Drop concat from the util library in favor of asprintf.
* Fail on any error in [bx]asprintf and [bx]vasprintf.
Change-Id: Ife0797f7b735f759abb21d330438da729551b78e
|
|
|
|
|
|
|
|
| |
Also change the license on the POD documentation from Expat to the
all-permissive license and switch the license on several remctl
source files from the MIT license to the Expat license.
Change-Id: Ie7ebedf3b56cc2c19211217282519a7e6200c9e2
|
|
|
|
|
|
| |
This may be required for time_t.
Change-Id: Ie3ee855a26617826ce84d7520ce2fb13fd2d53ac
|
|
|
|
| |
Change-Id: I0b2cfc335f705e93724d475be3791242d45f43a6
|
|
|
|
|
|
|
|
| |
Similar to what we do for protocol v2. This isn't as important for
protocol v1, since we only send one command anyway, but it's still
more correct.
Change-Id: I01338e0f592fd508f56af3c8b840229fbf849370
|
|
|
|
|
|
|
|
|
|
| |
Add new remctl_set_timeout function to the remctl library API. Call
this function after remctl_new and before remctl_open to set a network
timeout in seconds. The client must then receive a reply from the
server in no more than that number of seconds or will abort whatever
action is in progress with a timeout error.
Change-Id: Ica8276460cc551d7fc07d2f6bfcc605d694780da
|
|
|
|
|
|
|
|
| |
Similar to with EOF, a timeout talking to the server is not recoverable.
Close the connection so that if we send more commands we'll open a new
server connection.
Change-Id: Ic9ab732f70a4df52ed6fed5f62f8a9033a6b0e24
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set up a general framework for mapping certain errno values to token
error codes, also used for EOF, and map the timeout error to the
corresponding token error code so that special action can be taken
where appropriate.
Update the logging functions for client and server to recognize the
new token error code.
Change-Id: Ibc2a38574657273ec92c9af5806177ac8f11556a
|
|
|
|
|
|
|
|
|
| |
Add timeout support to the token functions. Adjust all callers
accordingly. Use a one hour timeout for all server network calls.
Add the data and hook for setting a client timeout, although currently
there's no way to set it.
Change-Id: Ife4c6cd1b4fbc94623b82bd85e17a0d9a3919fb4
|
| |
|
|
|
|
|
| |
Add new -b option to the remctl command-line client to specify the
source IP for client connections.
|
| |
|
|
|
|
|
| |
When calling remctl_open on an existing struct remctl object, send
QUIT to the server if a connection is already open.
|
|
|
|
|
|
|
| |
In the client, only check the negotiated GSS-API context flags after
the context has been fully established. Current versions of Heimdal,
including the system Kerberos libraries in Mac OS X Lion, only declare
mutual authentication once the context negotiation is complete.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add notices in each file copied from rra-c-util.
* Prefer gssapi/gssapi.h to gssapi.h.
* Include strings.h if it exists for strncasecmp on some platforms.
* getaddrinfo replacement now portable to systems with bad netdb.h.
* Avoid krb5-config if --with-gssapi-{include,lib} are given.
* Add Windows implementation of fdflag_nonblocking.
* The network_connect utility functions now take an optional timeout.
* Use typedef instead of #define for socklen_t and sig_atomic_t.
* Stop providing or using INADDR_LOOPBACK for portability reasons.
|
|
|
|
|
| |
Close a client memory leak caused by the GSS-API context not being
freed by the client in remctl_close.
|
|
|
|
|
| |
Free the old source IP if set before setting the new one to avoid
a memory leak if the value is set multiple times.
|
|
|
|
|
|
|
|
|
|
| |
Add new remctl_set_ccache function to the remctl library API. Call
this function after remctl_new and before remctl_open to set the
Kerberos credential cache that will be used for client authentication,
overriding KRB5CCNAME. Be aware that this will normally change the
default credential cache for all other GSS-API operations in this
context or thread, not just for that remctl object, due to GSS-API
limitations.
|