| Commit message (Collapse) | Author | Age |
|
|
|
|
|
| |
Lots of cppcheck fixes for new diagnostics in 1.89, plus some
additional suppressions for one disagreement and a couple of
apparent bugs.
|
|
|
|
|
|
| |
Add SPDX-License-Identifier headers to all substantial source files.
Also canonicalize copyright date formats and fix a few copyright
notices that weren't in my standard layout.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Validate command argument count, the length of command arguments, and
the length of blocks of output from the server fit into the data type
used in the wire protocol.
Check the port argument to remctl and remctld to ensure that it is a
valid port number.
Update to rra-c-util 7.1:
* Avoid spurious test failures from the network library.
* Fix configure output when a Kerberos install prefix was provided.
* Fix new warnings in GCC 7 and add new warning flags.
* Fix all warnings from the Clang static analyzer.
* Fix warnings under Clang with most warnings enabled.
Update to C TAP Harness 4.3:
* On test failures, report left/right instead of wanted/expected.
* Fix string comparisons involving NULL pointers.
|
|
|
|
|
|
|
| |
* Correct return-value checks for snprintf.
* Adjust Test::RRA::Config for new load path behavior in Perl 5.22.2.
and other minor fixes.
|
|
|
|
|
| |
Mark network_set_* functions as potentially not using their
arguments.
|
|
|
|
|
|
|
|
|
| |
The first step towards adding a new server mode that can be run as
a shell via ssh. Refactor the code to more cleanly separate the
protocol implementation and the GSS-API and non-GSS-API bits, and
add the remctl-shell binary. This is currently entirely untested,
apart from ensuring that it doesn't break the existing server
implementation.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to rra-c-util 6.0:
* Remove all remaining uses of strlcpy and strlcat.
* Fix the Perl docs/synopsis.t test to be less UNIX-specific.
* Make util/network/server-t more robust against missing IPv6.
Update to C TAP Harness 4.0:
* Use C_TAP_SOURCE and C_TAP_BUILD instead of SOURCE and BUILD.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to rra-c-util 5.8:
* Add missing va_end to xasprintf implementation.
* Fix Perl test suite framework for new Automake relative paths.
* Avoid $() in the probe for systemd support for Solaris portability.
* Prefer libsystemd to libsystemd-daemon if it is available.
* Improve portability to Kerberos included in Solaris 10.
* Use appropriate warning flags with Clang (currently not warning clean).
* Check for integer overflow in vector_join.
* Avoid strlcpy in more of the portability code.
* Fix hidden visibility of some utility functions.
* Improve portability of socket error codes to Windows.
Update to C TAP Harness 3.4:
* Fix segfault in runtests with an empty test list.
* Display verbose test results with -v or C_TAP_VERBOSE.
* Support comments and blank lines in test lists.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Break the long ACL verification function into three functions
to try to make them a bit easier to read. Use a larger but simpler
buffer for storing the local username. Add a check to see if the
given group is the user's primary group rather than a supplemental
group.
Also do some refactoring of the test suite, renaming the fake
getgrnam support to a separate file name and adding fake getpwnam
information as well.
Pull in the messages-krb5 utility library from rra-c-util to make
it easier to report Kerberos errors with parsing the principal or
determining the local username.
Change-Id: I31645f90843cae0e96c88b451beea71790869313
Reviewed-on: https://gerrit.stanford.edu/1503
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use calloc in preference to calculating a malloc size with
multiplication everywhere, and reallocarray in preference to
calculating a realloc size. In most places this caution was probably
not necessary, but uniformity is easier to audit and no one will ever
notice the speed difference between malloc and calloc. Add explicit
overflow checks before every remaining malloc call with a calculated
size.
Change-Id: Ifc8e577b32d45751b9d64955aa1cace8a5dedde0
Reviewed-on: https://gerrit.stanford.edu/1491
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to rra-c-util 5.5:
* Use calloc or reallocarray for protection against integer overflows.
* Suppress warnings from Kerberos headers in non-system paths.
Update to C TAP Harness 3.1:
* Add breallocarray API for error-checked reallocarray in tests.
* Check for integer overflow on memory allocations.
Change-Id: Ib2f407c1d65ed4e8a4abbe45e0db543dd9ac07ba
Reviewed-on: https://gerrit.stanford.edu/1489
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
| |
Add the NEWS entry for rra-c-util 5.2 and C TAP Harness 3.0, and
synchronize the few small divergences from rra-c-util.
Change-Id: Ieb70a2d554f221a052157d00875321605220d568
Reviewed-on: https://gerrit.stanford.edu/1425
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than automatically freeing memory and resetting handlers
via atexit, which may cause problems for use of message calls in
exit handlers, provide a function to explicitly reset the handlers
to the defaults and free all allocated memory. Use that function
in the remctl server.
Change-Id: I82e6907aea3e71043ac9772971a569577ba36c66
Reviewed-on: https://gerrit.stanford.edu/1419
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
| |
When setting custom message handlers, we allocate memory and stash
it in a static variable. For easier valgrind analysis, free that
memory on process exit with an atexit function.
Change-Id: I0a49ebce5a955a7395697e00a53fadafaf1f8293
Reviewed-on: https://gerrit.stanford.edu/1403
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
| |
All the code that was using it has been converted to evbuffers
instead.
Change-Id: I4f21b22c05e73c2162de67b14aaf2bd1d9f51e63
Reviewed-on: https://gerrit.stanford.edu/1384
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rather than capping the data returned by the server in one
MESSAGE_OUTPUT token at the rather arbitrary length of 65,000 octets,
send up to the maximum amount of data permitted by the protocol. This
also slightly increases the maximum length of the output returned
under the version one protocol.
Change-Id: Ia3e54957aeb67974ede66fda781aeb4a2c97171a
Reviewed-on: https://gerrit.stanford.edu/1379
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Replace the complex hand-coded client event loop, using select,
with a rewritten one using libevent. This fixes race conditions
in noticing the client exit properly and removes the need for the
five-second polling to see whether the client has exited. It also
provides a framework for eventual added complexity in the event
loop.
Import the buffer utility functions from rra-c-util and use that
to manage the client output buffer for now. This will probably be
replaced with evbuffers.
This is the first cut, using basic libevent functionality. The
next step will be to use bufferevents in some places and extend the
use of libevent to other event loops in the server.
Currently requires libevent 2.x. Portability to libevent 1.4.3
will come in a subsequent commit.
Change-Id: Ia8e4cd0a857c710dbc0c348578648084466e886b
Reviewed-on: https://gerrit.stanford.edu/1378
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to rra-c-util 5.1:
* Suppress a dummy symbol in the client library that could leak.
* Don't attempt to use Kerberos if no Kerberos error APIs were found.
* Improve error handling in xasprintf and xvasprintf.
* Check the return status of snprintf and vsnprintf properly.
* Preserve errno if snprintf fails in vasprintf replacement.
* Improve error handling of network_bind_* functions.
* vector_free and cvector_free now can be passed NULL.
* Abort remctl tests if the PID file already exists.
Update to C TAP Harness 2.4:
* Suppress lazy plans and test summaries if the test failed with bail.
Change-Id: I024db40536ff5e20f53bc8d1b346723be05543bc
Reviewed-on: https://gerrit.stanford.edu/1354
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
| |
Change-Id: Iba0376ea03a749d81abc2eeb49b0b5cf7d3e8847
Reviewed-on: https://gerrit.stanford.edu/1353
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the client specifies a timeout, restart the wait for a nonblocking
connect when interrupted by a signal. This can mean that a connect
can take longer than the timeout if interrupted; hopefully both
timeouts and catching signals are rare enough that this won't pose a
serious issue.
Change-Id: Ice391360acc66602d31f2d1bd2fe9296b6d7ff45
Reviewed-on: https://gerrit.stanford.edu/1257
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to rra-c-util 4.8:
* Improve Perl module tests.
* Cleanly passes clang --analyze.
Update to C TAP Harness 2.0:
* runtests now treats the command line as a list of tests by default.
* The full test executable path can now be passed to runtests -o.
* Improved harness output for tests with lazy plans.
* Improved harness output to a terminal for some abort cases.
* Flush harness output after each test even when not on a terminal.
Copy the Test::RRA::* libraries into the perl directory rather than
retaining two copies. Add synopsis testing. Update the Perl manifest
for the current state of the world. Fix various issues with the clean
and distclean targets not handling the Perl directory properly.
Change-Id: I75d733331d1d28f8a9976f7629239640cff17756
Reviewed-on: https://gerrit.stanford.edu/946
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix various warnings. Pre-declare the addrinfo and sockaddr structs
in remctl.h so that the header is still standalone. Install symlinks
for the manual page for the new documented APIs. Add the new functions
to the symbol export maps. Make network_connect more const-correct.
Change-Id: I1fbc5e62444161957dca24b9f85b3bb0ed22719a
Reviewed-on: https://gerrit.stanford.edu/810
Tested-by: Russ Allbery <rra@stanford.edu>
Reviewed-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
| |
Change-Id: I111f7a9c7e5f499e624e1046ace09a7ae53249a7
|
|
|
|
|
|
|
| |
* Drop concat from the util library in favor of asprintf.
* Fail on any error in [bx]asprintf and [bx]vasprintf.
Change-Id: Ife0797f7b735f759abb21d330438da729551b78e
|
|
|
|
|
|
|
|
| |
Also change the license on the POD documentation from Expat to the
all-permissive license and switch the license on several remctl
source files from the MIT license to the Expat license.
Change-Id: Ie7ebedf3b56cc2c19211217282519a7e6200c9e2
|
|
|
|
| |
Change-Id: Iebc37a77217d99c0f3d2d735000baa905deec797
|
|
|
|
|
|
| |
Solaris may return ECONNREFUSED when reading from a stream socket when the
remote end has already been closed. Treat this as EOF and close down our
end of the connection, instead of sitting around forever.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added a 'summary=<arg>' option in the remctl config files. A user who
runs a simple 'help' command against the server will have returned the
results of running each command he has access to with whatever argument
has been specified as the summary command. This both lets him get an
idea of all commands he has access to, and provides basic help for those
commands.
Added a 'help=<arg>' option in the remctl config files. A user who runs
'help <command>' will have the command program run with whatever
argument is specified in that option. This creates a standard way to
get further help for any commands the user can run on the server.
Further, running 'help <command> <subcommand>' will pass along the
subcommand requested, so that the program can give more specific help
if it's so written.
Change-Id: I5202e4973bfb62f6374135e0010798e9372737dc
Reviewed-on: https://gerrit.stanford.edu/267
Reviewed-by: Russ Allbery <rra@stanford.edu>
Tested-by: Russ Allbery <rra@stanford.edu>
|
|
|
|
|
|
|
| |
We weren't testing copying of short strings and strings without
nul termination. Add additional tests for those.
Change-Id: I990e7a40a69bf97d8b3e976645460c1fd29c984c
|
|
|
|
| |
Change-Id: I0150204b21180513b10d31d90df1941fc45bfdab
|
|
|
|
| |
Change-Id: I7131daf0387b2fabb05fdb237ac7fae7cdaac5b6
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set up a general framework for mapping certain errno values to token
error codes, also used for EOF, and map the timeout error to the
corresponding token error code so that special action can be taken
where appropriate.
Update the logging functions for client and server to recognize the
new token error code.
Change-Id: Ibc2a38574657273ec92c9af5806177ac8f11556a
|
|
|
|
| |
Change-Id: Ifc85b8a4206502865f5b5fd258890dbaaa274d0a
|
|
|
|
|
|
|
|
|
| |
Add timeout support to the token functions. Adjust all callers
accordingly. Use a one hour timeout for all server network calls.
Add the data and hook for setting a client timeout, although currently
there's no way to set it.
Change-Id: Ife4c6cd1b4fbc94623b82bd85e17a0d9a3919fb4
|
|
|
|
|
|
|
| |
These read or write from the network while supporting a timeout in
seconds.
Change-Id: I69c759ead5861c9f709ff275e0acbab1c263a05a
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to rra-c-util 4.2:
* Fix error reporting for non-blocking connect.
* Fix network test when short listen queues don't cause timeout.
* Handle DNS failure in the getaddrinfo test suite.
* Ensure config.h is included for portable/stdbool.h.
* Fix compiler warnings when built with -D_FORTIFY_SOURCE=2.
* Add test wrappers around asprintf and vasprintf.
Update to C TAP Harness 1.9:
* Add test_tmpdir and test_tmpdir_free to TAP library.
* runtests now frees all allocated resources on exit.
Change-Id: I7ba21798a4169bf8a7cd45f2675f9520518e7a02
|
|
|
|
|
|
| |
* Fix removal of -I/usr/include from GSS-API CPPFLAGS.
* Provide ssize_t on platforms without it, such as Windows.
* Fix vector_join and cvector_join with empty vectors.
|
|
|
|
|
|
|
|
|
| |
Refactor how server token handling is done to be a bit clearer and
not treat everything else as weird exception cases for command
handling. Introduces a new error code (protocol spec changes coming
separately) for receiving unexpected tokens in the middle of a
continuation command, and hammers out the continuation handling so
that it's a bit more robust. (This still needs tests.)
|
|
|
|
|
|
|
| |
New protocol version 3, which introduces a new NOOP message. When the
client sends this message, the server replies with a NOOP message.
This can be used to keep a persistent remctl connection alive despite
network session timeouts.
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add notices in each file copied from rra-c-util.
* Prefer gssapi/gssapi.h to gssapi.h.
* Include strings.h if it exists for strncasecmp on some platforms.
* getaddrinfo replacement now portable to systems with bad netdb.h.
* Avoid krb5-config if --with-gssapi-{include,lib} are given.
* Add Windows implementation of fdflag_nonblocking.
* The network_connect utility functions now take an optional timeout.
* Use typedef instead of #define for socklen_t and sig_atomic_t.
* Stop providing or using INADDR_LOOPBACK for portability reasons.
|
| |
|
| |
|
|
|
|
|
|
| |
Accepting connections from an array of file descriptors is a bit
fiddly. Move all that code out to a utility function that we can
reuse and simplify the server code.
|
|
|
|
|
|
|
|
|
|
|
| |
IPv6 addresses can take some time to configure after a system comes
up due to router autoconfiguration, and may not always be available.
Normally, binding to an address that's not yet configured will fail
with an error. Use IP_FREEBIND where available to bind to addresses
that may not be configured to avoid this problem.
We lose error handling from incorrect addresses, but we gain
robustness against slow network autoconfiguration.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to rra-c-util 3.4:
* Check for krb5-config in /usr/kerberos/bin as well as PATH.
* Avoid configure warnings when building with AIX bundled Kerberos.
* Initialize sockaddr structs more correctly.
* Correctly detect Heimdal GSS-API on OpenBSD without libroken.
* Fix underquoting in m4/socket.m4.
Update to C TAP Harness 1.7:
* Add tests/HOWTO documenting how to add new tests.
* More correct handling of system-specific errors in output checking.
* Ensure correct output ordering in test results.
* Add -h and a better usage message to tests/runtests.
|
|
|
|
|
| |
Fix broken GCC attribute markers causing problems with compilation on
Windows (and likely any non-GCC compiler).
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Improve network error handling with unknown address domains.
* Disable xmalloc test except for maintainers.
* Break util/util.h apart into separate header files.
* Add additional GCC function attributes to utility libraries.
* Use AC_TYPE_LONG_LONG_INT instead of AC_CHECK_TYPES([long long]).
Separate the remctl-specific functions out of util/util.h instead into
separate header files following the pattern of rra-c-util, and create a
new util/protocol.h header for protocol constants.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to rra-c-util 2.1:
* Revert separation of die into a separate object file.
* Fall back on manual library probing if krb5-config doesn't work.
* Don't try to use a non-executable krb5-config for GSS-API probes.
* Suppress error output from krb5-config GSS-API probes.
* Prefer KRB5_CONFIG over a path constructed from --with-gssapi.
* Fix network test suite failures when IPv6 is available but disabled.
Update to C TAP Harness 1.1:
* Summarize results at the end of test execution.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a socket_type typedef rather than a #define of SOCKET directly to
preserve my coding style for defined types. Add documentation to
portable/socket.h for proper use of the typedef.
Remove unnecessary prototype changes for xwrite* and fdflag_*. These
functions are not used on Windows.
Minor code readability improvements in network_set_reuseaddr.
Update the test suite to use socket_type and INVALID_SOCKET, and add
the same wrapper around xwrite to the token test case. The test suite
still doesn't run on Windows due to extensive use of fork, but may as
well keep a consistent coding style.
Add NEWS updates and copyright date changes.
|