Although not required to address bad code generation in
some versions of gcc 9 and 10, a coding style that requires
explicit comparison of the result to zero before use is
both clearer and would have avoided the generation of bad
code.
This change converts all use of cmp function usage from
```
if (strcmp(a, b) || !strcmp(c, d)) ...
```
to
```
if (strcmp(a, b) != 0 || strcmp(c, d)) == 0
```
for all C library cmp functions and related:
- strcmp(), strncmp()
- strcasecmp(), strncasecmp()
- stricmp(), strnicmp()
- memcmp()
Change-Id: Ic60c15e1e3a07e4faaf10648eefe3adae2543188
Before this change Heimdal could read KDBs. Now it can write to
them too.
Heimdal can now also dump HDBs (including KDBs) in MIT format, which
can then be imported with kdb5_util load.
This is intended to help in migrations from MIT to Heimdal by
allowing migrations from Heimdal to MIT so that it is possible
to rollback from Heimdal to MIT should there be any issues. The
idea is to allow a) running Heimdal kdc/kadmind with a KDB, or
b) running Heimdal with an HDB converted from a KDB and then
rollback by dumping the HDB and loading a KDB.
Note that not all TL data types are supported, only two: last
password change and modify-by. This is the minimum necessary.
PKINIT users may need to add support for KRB5_TL_USER_CERTIFICATE,
and for databases with K/M history we may need to add KRB5_TL_MKVNO
support.
Support for additional TL data types can be added in
lib/hdb/hdb-mitdb.c:_hdb_mdb_value2entry() and
lib/hdb/print.c:entry2mit_string_int().
An MIT dump file may contain multiple key sets for one principal, with
different kvnos. The Heimdal database can only represent a single
kvno, and previously the kvno was set to the last key found in the entry
and all keys were added to the entry. Since kvnos are given from high
to low in the database dump, this would result in the principal getting
the kvno of the oldest key and all keys stored without regard for kvno.
Instead, ignore all keys with kvnos lower than the first kvno we see and
only store keys with a kvno matching it. If we see a key with a kvno
higher than the first kvno we see, exit with an error since that case is
not currently handled (and should not happen in a typical MIT database
dump).
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
Dump formats 5 and 6 differ from the supported version 4 dump format
only in that they include policy information for each principal in an
extension that the dump parsing code already knows how to ignore and
that they include policy lines. Ignore the policy information, since
there isn't a corresponding concept in Heimdal, and accept the new
dump format versions.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
If the MIT dump file includes a last password change date, allocate
a database extension structure to hold that information and include
it in the corresponding Heimdal database entry.
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
bump the mkvno we don't risk using the wrong key to decrypt
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@8556 ec53bebd-3082-4978-b11e-865c3cabbd6b
