- Fix markup
- Specific quoted command line for Visual Studio
build
- Caveat about line ending for gawk
- Add comments about python versions
- makeinfo.exe is no longer available from cygwin
- Add some words about APPVER setting
ec866e635e
("Windows 10 SDK build fixes") inverted the meaning selecting
Debug versions for NODEBUG and vice versa.
Change-Id: I90771a71cd3efc93ba47076fbf5cd1efb0948f6f
The generated .x source and .hx header files are plain C source files.
Generate them as .c source files and avoid unnecessary file copying
and special makefile rules.
Change-Id: Ifc4bbe3c46dd357fdd642040ad964c7cfe1d395c
This commit builds a static runtime version of the asn1 library
which is required for some thirdparty applications.
LIBASN1_S =$(LIBDIR)\libasn1_s.lib
This differs from libasn1.lib which is compiled to use the
dynamic runtime.
Change-Id: Ib04f5b53a7f16d7bbe9d2debb75e944322a6792a
Build without Win32.mak, and using Universal C Runtime (UCRT)
windows: Check for APPVER, not VCVER for UCRT
When deciding whether UCRT is used (and thus no CRT merge modules), check for
Windows 10 rather than the version of Visual Studio, as we may be building with
an older SDK.
Use of the C99 'restrict' keyword was introduced by
be708ca3cf
("gsskrb5: Add simple name attributes support")
Change-Id: I8272f595af53741ee7c59750bb2d388faeb01f8f
Build without Win32.mak, and using Universal C Runtime (UCRT)
windows: Check for APPVER, not VCVER for UCRT
When deciding whether UCRT is used (and thus no CRT merge modules), check for
Windows 10 rather than the version of Visual Studio, as we may be building with
an older SDK.
ea90ca8666 ("Move some infra bits of
lib/krb5/ to lib/base/ (2)") inappropriately altered the declaration
of the "ldebug" macro which stores the switches passed to "link.exe".
There is no "/RELEASE" switch and the "/DEBUG" switch instructs the
linker to produce files containing debug symbols (.pdb) which are
required for generating the Windows assemblies.
This change restores the prior behavior.
Change-Id: I61b8fd4759ba84671858f7c8275dbd25af1638e6
Add support for SAnon, a simple key agreement protocol that provides no
authentication of initiator or acceptor using x25519 ECDH key exchange.
See doc/standardization/draft-howard-gss-sanon-xx.txt for a protocol
description.
This is the second of two commits in a series that must be picked together.
This series of two commits moves parts of lib/krb5/ infrastructure
functionality to lib/base/, leaving behind wrappers.
Some parts of libkrb5 are entirely generic or easily made so, and could
be useful in various parts of Heimdal that are not specific to the krb5
API, such as:
- lib/gssapi/ (especially since the integration of NegoEx)
- lib/hx509/
- bx509d (which should really move out of kdc/)
For the above we need to move these bits of lib/krb5/:
- lib/krb5/config_file.c (all of it, leaving forwardings behind)
- lib/krb5/config_reg.c (all of it)
- lib/krb5/plugin.c (all of it, leaving forwardings behind)
- lib/krb5/log.c (all of it, ditto)
- lib/krb5/heim_err.et (all of it)
And because of those two, these too must also move:
- lib/krb5/expand_path.c (all of it, leaving forwardings behind)
- lib/krb5/warn.c (just the warning functions, ditto)
The changes to the moved files are mostly quite straightforward and are
best reviewed with --word-diff=color.
We're also creating a heim_context and a heim API to go with it. But
it's as thin as possible, with as little state as necessary to enable
this move. Functions for dealing with error messages use callbacks.
Moving plugin.c does have one knock-on effect on all users of the old
krb5 plugin API (which remains), which is that a global search and
replace of struct krb5_plugin_data to struct heim_plugin_data was
needed, though the layout and size of that structure doesn't change, so
the ABI doesn't either.
As well, we now build lib/vers/ and lib/com_err/ before lib/base/ so as
to be able to move lib/krb5/heim_err.et to lib/base/ so that we can make
use of HEIM_ERR_* in lib/base/, specifically in the files that moved.
Once this is all done we'll be able to use config files and plugins in
lib/hx509/, we'll be able to move bx509d out of kdc/, and so on.
Most if not all of the new functions in lib/base/ are Heimdal-private,
thus calling conventions for them are not declared.
Status:
- builds and passes CIs (Travis, Appveyor)
- ran make check-valgrind and no new leaks or other memory errors
- ready for review
HOW TO REVIEW:
$ # Review file moves:
$ git log --stat -n1 HEAD^
$
$ # Review changes to moved files using --word-diff=color
$ git log -p -b -w --word-diff=color HEAD^..HEAD \
lib/base/config_file.c \
lib/base/config_reg.c \
lib/base/expand_path.c \
lib/base/warn.c \
lib/krb5/config_file.c \
lib/krb5/config_reg.c \
lib/krb5/expand_path.c \
lib/krb5/warn.c
$
$ # Review the whole thing, possibly adding -b and/or -w, and
$ # maybe --word-diff=color:
$ git log -p origin/master..HEAD
$ git log -p -b -w origin/master..HEAD
$ git log -p -b -w --word-diff=color origin/master..HEAD
TBD (future commits):
- make lib/gssapi use the new heimbase functions
- move kx509/bx509d common code to lib/hx509/ or other approp. location
- move bx509d out of kdc/
The Verisign and Symantec timestamping services have been shutdown.
Switch to the Digicert service which replaced the Symantec services
as of 31 Oct 2019.
http://timestamp.digicert.com
Change-Id: I365e6c3698b8fc99b18e8d1e5a54ce3519f3c5eb
If we are not code signing we must define an action for _CODESIGN_SHA256
or the build system macros will be unbalanced.
Change-Id: I3c545de3c8ee809709defd12faeead358fde26dd
HCRYPTO_FALLBACK is a required definition for building lib/hcrypto.
However, it wasn't added to the Windows build system. This change
does so and enables fallback functionality.
Change-Id: I4a711c6da58e8832a61a3c0b2b8d9b10038425f0
Weak crypto is disabled on every other system. OpenAFS no longer
requires it and AuriStor doesn't need it. Turn it off.
Change-Id: I6fab2328f71d1c38a655560ab0f83b8df9b53c73
Permit an explicit version of signtool.exe to be specified via an
environment variable. Now that sha256 signatures are required the version
of signtool.exe that matches the SDK or Visual Studio version might not
be sufficient to apply code signatures.
Change-Id: I694e2b319bd692d6358ae7ce3d241da2da7648f8
This adds a new backend for libhcrypto: the OpenSSL backend.
Now libhcrypto has these backends:
- hcrypto itself (i.e., the algorithms coded in lib/hcrypto)
- Common Crypto (OS X)
- PKCS#11 (specifically for Solaris, but not Solaris-specific)
- Windows CNG (Windows)
- OpenSSL (generic)
The ./configure --with-openssl=... option no longer disables the use of
hcrypto. Instead it enables the use of OpenSSL as a (and the default)
backend in libhcrypto. The libhcrypto framework is now always used.
OpenSSL should no longer be used directly within Heimdal, except in the
OpenSSL hcrypto backend itself, and files where elliptic curve (EC)
crypto is needed.
Because libhcrypto's EC support is incomplete, we can only use OpenSSL
for EC. Currently that means separating all EC-using code so that it
does not use hcrypto, thus the libhx509/hxtool and PKINIT EC code has
been moved out of the files it used to be in.
NTMakefile.version defines company names and build options.
Do not require third parties to commit their modifications
within the Heimdal repo.
Change-Id: Ifb4d82e05f40023a2c29bd5cb4c3445c0bd876d3
Windows file resources can be marked as Private, Special, Debug
and Pre-release. Extend the Heimdal Assembly name to include
designations for these various build options to ensure that
private, special, debug and pre-release builds do not conflict
with the assembly name reserved for public releases. This permits
a private, special, debug and pre-release build to be installed
side-by-side with the final release without interference.
Change-Id: I569ce2ff911ddbaebd81ba2e8b477ba6fb520502
Quote path names in case there are ever spaces
Prepend $(MKDIR) rule is "-" to avoid failures if the output
directories already exist.
Change-Id: I1e5cfb408042617a73edeeae99eb269a061ba61d
Although rk_mkdir can be provided on all platforms there is no
reason to require that it be used by unconditionally mapping
mkdir -> rk_mkdir
Change-Id: Ic149500037abf446434332bf6ba67dfb3906cd72
Add strtoll()/strtoull() to lib/roken
Add stdint.h to lib/roken (Windows only)
Add logic to detect whether to use lib/roken's stdint.h based on
Visual Studio version
Add include of stdint.h in generated ASN.1 code
Export missing symbols for 64-bit integers in lib/asn1
Export missing symbols for FAST
Add missing sources to kdc/NTMakefile
Fix issue in kuserok
Fix bsearch issues
Heimdal does not have any backward compatibility issues unlike
MIT. There is no reason to restrict out interfaces to using
32-bit time of 32-bit Windows. Our supported compilers default
to 64-bit time_t. Use it.
Change-Id: I931c547841c17897d7d55a61459519cb99973385
Breakout the version data from windows/NTMakefile.config
and move it to windows/NTMakefile.version. This new file
contains only version data. This permits version data to
be safely referenced by third party components.
In addition, add version range information for those versions
of Heimdal for which this release is a compatible upgrade. If
there is a forward incompatible change to the assembly ABI, it
is not a compatible upgrade. This version data is used to specify
the Windows assembly redirect range.
Change-Id: Ic9f156212599cc4277e2be812f29a6497801046c
The pname to uid functionality at present assumes there is
an implementation of getpwnam() and that the local user
identifier is an integer. On Windows, the local user identifier
is a SId. Add NO_LOCALNAME as a build option so that Windows
(for now) can build without providing a getpwnam() implementation.
Change-Id: I04cfd6d2cd52e6228733f1da1dab420b453e6566
