Ticket History #3735: Add TCP change/set password support

# Mon May 08 16:04:48 2006 lxs (Alexandra Ellwood) - Ticket created

Subject:

Add TCP change/set password support

Download (untitled) / with headers
text/plain 112B

The lack of TCP change and set password support is preventing users in too many groups from
changing passwords.

# Fri Jun 09 20:42:59 2006 raeburn (Ken Raeburn) - Correspondence added

From:	Ken Raeburn <raeburn@MIT.EDU>
Subject:	[krbdev.mit.edu #3735] Fwd: MIT kpasswd RFC 3244 and TCP
Date:	Fri, 9 Jun 2006 20:43:08 -0400
To:	MIT Kerberos RT <rt@krbdev.mit.edu>
RT-Send-Cc:

Download (untitled) / with headers
text/plain 1.3KiB

Begin forwarded message:

Show quoted text

> From: Alexandra Ellwood <lxs@MIT.EDU>
> Date: May 8, 2006 16:05:41 EDT
> To: Ken Raeburn <raeburn@mit.edu>
> Subject: Fwd: MIT kpasswd RFC 3244 and TCP
> X-Spam-Score: -3.783
>
>
> Here are patches!
>
> <https://krbdev.mit.edu/rt/Ticket/Display.html?id=3735>
> "Add TCP change/set password support"
>
> Begin forwarded message:
>

>> From: todd stecher <tstecher@isilon.com>
>> Date: March 27, 2006 4:12:50 PM EST
>> To: Sam Hartman <hartmans@mit.edu>
>> Cc: deengert@anl.gov, lxs@mit.edu
>> Subject: Re: MIT kpasswd RFC 3244 and TCP
>> X-Spam-Score: -2.598
>> X-Spam-Flag: NO
>>
>> On Sat, 2006-03-25 at 09:29 -0500, Sam Hartman wrote:

>>> MIT would be very interested in your patch.

>>
>> Sure - it turns out we didn't need the functionality after all, so I
>> wouldn't be surprised if there is a bug or 2 in the patch, e.g. it
>> has
>> had some testing, but not what I would consider "production quality"
>> testing.
>>
>> Some colleagues at Centrified were giving it a whirl last week,
>> but due
>> to schedule constraints, I don't expect results from them any time
>> soon.
>>
>> Attached is the patch - its against 1.4.1, in cvs diff format.
>>
>>
>> Thanks!
>>
>> Todd
>>
>> --
>> Todd Stecher
>>
>> Isilon Systems
>>
>> 220 W. Mercer St. | Seattle, WA 98119
>> Join the Revolution... | www.isilon.com/careers

Download 18395.diff
text/x-patch 37.5KiB

Message body is not shown because sender requested not to inline it.

Download (untitled) / with headers
text/plain 110B

Show quoted text

>
> --lxs
>
> Alexandra Ellwood <lxs@mit.edu>
> MIT Kerberos Development Team
> <http://mit.edu/lxs/www>
>
>

# Mon Jun 19 17:38:23 2006 tlyu (Taylor Yu) - Target_Version 1.5 changed to 1.6

# Thu Aug 24 09:33:33 2006 raeburn (Ken Raeburn) - Comments added

Download (untitled) / with headers
text/plain 267B

These tickets (2547, 3735) probably shouldn't have been merged; one is
about the server support, and one about the client support, and it's not
clear that they're necessarily of the same priority.

The client-side support patch was merged into the trunk in rev 18518.

# Thu Nov 30 18:50:51 2006 tlyu (Taylor Yu) - Status changed from 'open' to 'resolved'

# Thu Nov 30 18:50:52 2006 tlyu (Taylor Yu) - Version_Fixed 1.6 added

# Thu Nov 30 18:50:52 2006 tlyu (Taylor Yu) - Correspondence added

Download (untitled) / with headers
text/plain 2.1KiB

From: raeburn@MIT.EDU
Subject: svn rev #18518: trunk/src/ include/ lib/krb4/ lib/krb5/krb/
lib/krb5/os/
To: cvs-krb5@mit.edu
Date: Wed, 23 Aug 2006 18:56:29 -0400 (EDT)
Reply-To: krbdev@MIT.EDU

Commit By: raeburn
Log Message:
Merge Todd's TCP changepw support, with a few fixups.

* include/cm.h (state_strings, enum conn_states, struct
incoming_krb5_message,
struct conn_state): Moved here from lib/krb5/os/sendto_kdc.c.
(stuct sendto_callback_info): New type.
* lib/krb5/os/sendto_kdc.c (set_conn_state_msg_length): New function.
(setup_connection): Deleted argument message_len_buf. Don't store message
length; call set_conn_state_msg_length instead.
(start_connection): New arguments callback_info and callback_buffer. Invoke
callback function if any, and set message length on success.
(maybe_send): New arguments callback_info and callback_buffer; pass them to
start_connection.
(krb5int_sendto): New arguments callback_info, remoteaddr,
remoteaddrlen. If
callback info is provided, allocate per-connection buffers, and pass them to
maybe_send. On cleanup, invoke the cleanup callback function if any.
(krb5_sendto_kdc): Update krb5int_sendto call.
* include/k5-int.h (struct sendto_callback_info): Add forward declaration.
(krb5int_sendto, struct _krb5int_access.sendto_udp): Update for new
signature.
* lib/krb5/os/send524 (krb5int_524_sendto_kdc): Update krb5int_sendto call.
* lib/krb4/send_to_kdc.c (krb5int_send_to_kdc_addr): Update sendto_udp call.

* lib/krb5/os/changepw.c (struct sendto_callback_context): New type.
(krb5_locate_kpasswd): New argument useTcp, used to select socket type in
krb5int_locate_server call.
(kpasswd_sendto_msg_cleanup, kpasswd_sendto_msg_callback): New functions.
(krb5_change_set_password): Call krb5int_sendto with callbacks, instead of
managing the exchange here. On RESPONSE_TOO_BIG error, try again with TCP
only.

* lib/krb5/krb/chpw.c (krb5int_rd_chpw_rep): If length is wrong, check if a
buggy server sent a KRB_ERROR.

Changed Files:
U trunk/src/include/cm.h
U trunk/src/include/k5-int.h
U trunk/src/lib/krb4/send_to_kdc.c
U trunk/src/lib/krb5/krb/chpw.c
U trunk/src/lib/krb5/os/changepw.c
U trunk/src/lib/krb5/os/send524.c
U trunk/src/lib/krb5/os/sendto_kdc.c