The use of the wrong value for the length of ":mkey=" was identified
by Brian May and reported via github:
https://github.com/heimdal/heimdal/issues/40
Change-Id: I0aed86a5bb0359b7a266369076fde5e62f23b5fe
We turn on a few extra warnings and fix the fallout that occurs
when building with --enable-developer. Note that we get different
warnings on different machines and so this will be a work in
progress. So far, we have built on NetBSD/amd64 5.99.64 (which
uses gcc 4.5.3) and Ubuntu 10.04.3 LTS (which uses gcc 4.4.3).
Notably, we fixed
1. a lot of missing structure initialisers,
2. unchecked return values for functions that glibc
marks as __attribute__((warn-unused-result)),
3. made minor modifications to slc and asn1_compile
which can generate code which generates warnings,
and
4. a few stragglers here and there.
We turned off the extended warnings for many programs in appl/ as
they are nearing the end of their useful lifetime, e.g. rsh, rcp,
popper, ftp and telnet.
Interestingly, glibc's strncmp() macro needed to be worked around
whereas the function calls did not.
We have not yet tried this on 32 bit platforms, so there will be
a few more warnings when we do.
This should allow master key rollover.
(but the real reason is to allow multiple krbtgt accounts, as used by
Active Directory to implement RODC support)
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
The issue was that we would free the entry after the database, not
knowing that the entry was a talloc child of the database.
Andrew Bartlett
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
This extends the hdb_keytab code to allow enumeration of all the keys.
The plan is to allow ktutil's copy command to copy from Samba4's
hdb_samba4 into a file-based keytab used in wireshark.
From Andrew Bartlett
hdb_entry_ex might still contain links to the database that it expects
to use.
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18267 ec53bebd-3082-4978-b11e-865c3cabbd6b
principal is being sought, thereby allowing the usage of multiple
databases, however they need to be specified in /etc/krb5.conf since
all the programs using this keytab do not read kdc.conf
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@9008 ec53bebd-3082-4978-b11e-865c3cabbd6b
