Doing an fsync per-record when receiving the complete HDB is a performance
disaster. Among other things, if the HDB is very large, then one slave
receving a full HDB can cause other slaves to timeout and, if HDB write
activity is high enough to cause iprop log truncation, then also need full
syncs, which leads to a cycle of full syncs for all slaves until HDB write
activity drops.
Allowing the iprop log to be larger helps, but improving receive_everything()
performance helps even more.
The change to the signature of hdb_generate_key_set_password() in
Heimdal 7.1 broke API/ABI compatibility with previous releases. We
fix this by renaming it hdb_generate_key_set_password_with_ks_tuple()
and creating a new hdb_generate_key_set_password() which calls our
new function with zeroes for the added arguments.
Issue #246https://github.com/heimdal/heimdal/issues/246
if krb5_get_config_strings() returns the empty string do not return
immediately. Instead the for() loop will be skipped because the empty
string represents the end of the string list permitting
krb5_config_free_strings() to free the allocated memory.
Change-Id: Ia6fdb13f716c07b53c8b3857af4f7ab8be578882
On 32-bit architectures with _FILE_OFFSET_BITS=64,
sizeof(off_t) > sizeof(size_t) .
LOG_HEADER_SZ was #define'd as an expression of type size_t, so in order
to get the sign extension right we need -(off_t)LOG_HEADER_SZ instead of
(off_t)(-LOG_HEADER_SZ). However, we can just define the *_SZ macros to
cast to off_t, then we don't need to worry about negation.
Fixes Debian bug #822749, PR 175.
Signed-off-by (and updated by): Nicolas Williams <nico@twosigma.com>
On a low update rate master, if we don't update old_version after
processing a poll timeout, we will generate spurious warnings about
missed (change) signals every time the timer expires, and will
needlessly contact the slaves.
When the master's log does not contain the complete history, slaves
that bootstrap from scratch encountered a loop, because the master
falsely assumed a race with log truncation.
When flushing the uber record, retain the current log version. When the
uber record is the only (thus last) record in the log, return its nominal
version as the last version, not 0. Upgrade the log if the current uber
record version number is not 0.
Otherwise we risk storing a name with the referral (empty) realm name,
which will then cause various knock-on effects, such as thinking that
the start_realm is "", and failing to find matching credentials in the
ccache.
When the master's log has all entries from version 1 to now, and no
uber entry (legacy master), then new slaves will not pull version 1,
because their uber record has version 1.
The fix is to force the uber version to 0 always, and avoid adding a
truncate nop when doing a full prop. The uber record now records the
database version even in the absence of any other log entries so that
we know what to pull going forward.
The function _krb5_put_int() is a private function exported from
lib/krb5. Its declaration should come from krb5-private.h. A local
declaration will not result in the proper import qualifiers on
Windows.
See also: e1a244f Make it possible to include krb5_locl.h in kadm5
Change-Id: I53e7aeea9f2f34cab105f2e331f3c6522847ccfe
krb5_locl.h cannot be included from within lib/kadm5 in the
current UNIX builds. Reverting this change which is necessary
to properly build on Windows until an alternate solution is
agreed upon.
This reverts commit ffc525aad1.
The function _krb5_put_int() is a private function exported from
lib/krb5. Its declaration should come from krb5-private.h. A local
declaration will not result in the proper import qualifiers on
Windows.
Change-Id: I53e7aeea9f2f34cab105f2e331f3c6522847ccfe
We need the uber record all the time now, actually, except when merely
inspecting a log file. This is important as we depend on replaying
entries written to the log in order to complete the HDB writes, and if
we don't have an uber record we can't do this step.
Also, log_init() should cleanup on error.
When new keys are added (typically via kadm5_setkey_principal_3),
truncate the key history to remove old keys, that is keys older than
the newest key which was in effect prior longer ago than the principal's
maximum ticket lifetime. This feature is controlled via the "[kadmin]"
section's "prune-key-history" boolean parameter, which defaults to false.
Currently this happens only when kadm5_setkey_principal_3()
is called directly on the server, the client API simulates
kadm5_setkey_principal_3() via a get, update, modify sequence that does
not prune the key history. The plan is to add a new kadm5 protocol RPC
and convert clients to call that instead.
In setkey_principal_3 seal keys after entry key update
Also, for now, don't check the return value of kadm5_log_modify() in
the new kadm5_s_setkey_principal_3(). This has to be addressed more
globally.
Censor stale keys in kadm5_s_get_principal
