Multiple concurrent writers would cause the HDB to become corrupted
as the locking was not sufficient to prevent these sorts of issues
from occurring. We fix this in a similar way to the prior DB1 patch.
Multiple concurrent writers would cause the HDB to become corrupted
as the locking was not sufficient to prevent these sorts of issues
from occurring. We have changed the locking to obtain the appropriate
kind of lock on database open and to hold that lock until the
database closes. We need to do this as Berkeley DB 1.85 will cache
information from the database in memory and if if this information
is updated without our knowledge then our later writes will corrupt
the database. We speculate that there would be issues with a single
writer and reader but did not reproduce them.
Before this change Heimdal could read KDBs. Now it can write to
them too.
Heimdal can now also dump HDBs (including KDBs) in MIT format, which
can then be imported with kdb5_util load.
This is intended to help in migrations from MIT to Heimdal by
allowing migrations from Heimdal to MIT so that it is possible
to rollback from Heimdal to MIT should there be any issues. The
idea is to allow a) running Heimdal kdc/kadmind with a KDB, or
b) running Heimdal with an HDB converted from a KDB and then
rollback by dumping the HDB and loading a KDB.
Note that not all TL data types are supported, only two: last
password change and modify-by. This is the minimum necessary.
PKINIT users may need to add support for KRB5_TL_USER_CERTIFICATE,
and for databases with K/M history we may need to add KRB5_TL_MKVNO
support.
Support for additional TL data types can be added in
lib/hdb/hdb-mitdb.c:_hdb_mdb_value2entry() and
lib/hdb/print.c:entry2mit_string_int().
...rather than the authenticated principal's realm section. We do
this both to maintain compatibility with MIT and because it makes
more sense. We should likely also fix the auth_to_local_names as
cursory inspection reveals that it has the same incompatibility.
The source files generated by compile_et and asn1-compile must
begin with:
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
This permits conditional includes based on HAVE_STDINT_H and
HAVE_UNISTD_H to work.
Change-Id: Iefe25317ac3cb1970793748b8318174bcd7a087f
Commit c04aa9e082 specified the
mutex type, pthread_mutex_t, directly instead of using the
abstraction, HEIMDAL_MUTEX.
Change-Id: Iedfc46163140cf23014d357cc8ccc9f0e6224327
__gss_krb5_mechanism_oid_desc is now defined in gssapi/gssapi_oid.h,
so remove the definition in gssapi/gssapi_krb5.h in favor of including
that header.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
md2.c was doing memset(m, 0, sizeof(m)), and so was only clearing
the first 4 bytes of the passed md2 structure in MD2_Final. Fix
this to clear the entire structure, as expected.
In most cases stdint.h should be inherited from roken.h.
In those cases where it cannot be, it must be protected by
#ifdef HAVE_STDINT_H
Change-Id: I46cbaeab1d65939468f84179aeeef7e4f898b0bb
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer. Note that we get different
warnings on different machines and so this will be a work in
progress. So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).
Notably, we fixed
1. a lot of missing structure initialisers,
2. unchecked return values for functions that glibc
marks as __attribute__((warn-unused-result)),
3. made minor modifications to slc and asn1_compile
which can generate code which generates warnings,
and
4. a few stragglers here and there.
We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g. rsh, rcp,
popper, ftp and telnet.
Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.
We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
This is necessary because some applications actually need or run
better with renewable service tickets. kca is an example
application; AFS tokens are also another example.
The ipropd_slave will log its status to /var/heimdal/ipropd-slave-status
if its connecting, up to date, or disconnected.
The master will now also confirm to slaves that are are in fact up to date
if they just restart, before there was no confirmation, the slave just didn't
get any deltas.
getxxyyy.c uses the USER environment variable to determine a user
to test getpwnam_r(). If this variable is unset then the test will
seg fault. We work around this issue by defaulting to ``root'' if
USER is not set. This is not perfect as root may not exist on the
system but given that user does exist on most systems, this is the
best default that we can choose if we have no other options available.
[Code reviewed by Love Hörnquist Åstrand <lha@kth.se>]
Added heim_db_*() entry points for dealing with databases, and
make krb5_aname_to_localname() use it.
The following enhancements to libheimbase are included:
- Add heim_data_t and heim_string_t "reference" variants to
avoid memory copies of potentially large data/strings.
See heim_data_ref_create() and heim_string_ref_create().
- Added enhancements to heim_array_t to allow their use for
queues and stacks, and to improve performance. See
heim_array_insert_value().
- Added XPath-like accessors for heim_object_t. See
heim_path_get(), heim_path_copy(), heim_path_create(), and
heim_path_delete(). These are used extensively in the DB
framework's generic composition of ACID support and in the
test_base program
- Made libheimbase more consistent with Core Foundation naming
conventions. See heim_{dict, array}_{get, copy}_value() and
heim_path_{get, copy}().
- Added functionality to and fixed bugs in base/json.c:
- heim_serialize();
- depth limit for JSON parsing (for DoS protection);
- pretty-printing;
- JSON compliance (see below);
- flag options for parsing and serializing; these are needed
because of impedance mismatches between heim_object_t and
JSON (e.g., heim_dict_t allows non-string keys, but JSON
does not; heimbase supports binary data, while JSON does
not).
- Added heim_error_enomem().
- Enhanced the test_base program to test new functionality and
to use heim_path*() to better test JSON encoding. This
includes some fuzz testing of JSON parsing, and running the
test under valgrind.
- Started to add doxygen documentation for libheimbase (but doc
build for libheimbase is still incomplete).
Note that there's still some incomplete JSON support:
- JSON string quoting is not fully implemented;
- libheimbase lacks support for real numbers, while JSON has
it -- otherwise libheimbase is a superset of JSON,
specifically in that any heim_object_t can be a key for an
associative array.
The following DB backends are supported natively:
- "sorted-text", a binary search of sorted (in C locale), flat
text files;
- "json", a backend that stores DB contents serialized as JSON
(this is intended for configuration-like contents).
The DB framework supports:
- multiple key/value tables per-DB
- ACID transactions
The DB framework also natively implements ACID transactions for
any DB backends that a) do not provide transactions natively, b)
do provide lock/unlock/sync methods (even on Windows). This
includes autocommit of DB updates outside transactions.
Future DB enhancements may include:
- add backends for various DB types (BDB, CDB, MDB, ...);
- make libhdb use heim_db_t;
- add a command-line tool for interfacing to databases via
libheimbase (e.g., to get/set/delete values, create/copy/
backup DBs, inspect history, check integrity);
- framework-level transaction logging (with redo and undo
logging), for generic incremental replication;
- framework-level DB integrity checking.
We could store a MAC of the XOR of a hash function applied to
{key, value} for every entry in the DB, then use this to check
DB integrity incrementally during incremental replication, as
well as for the whole DB.
Add strtoll()/strtoull() to lib/roken
Add stdint.h to lib/roken (Windows only)
Add logic to detect whether to use lib/roken's stdint.h based on
Visual Studio version
Add include of stdint.h in generated ASN.1 code
Export missing symbols for 64-bit integers in lib/asn1
Export missing symbols for FAST
Add missing sources to kdc/NTMakefile
Fix issue in kuserok
Fix bsearch issues
