Also, zero return means "success", non-zero means "failure" and the
non-zero value is a system error. That's how it is for the other
platforms' thread primitives.
(The no-threads defaults are still wrong though, as then are macros that
expand into do..while, which can't be used as expressions and don't
"return" values.)
The error string
missing @ or \ in name
must have the backslash double quoted as
missing @ or \\\\ in name
because of how compile_et parses the input and generates its output.
Otherwise, when compiling the generated ntlm_err.c a warning will
be produced because of invalid quoting of a space.
Change-Id: I994d3eb896098914702e418a0ef5cad783d16a5a
In srv_find_realm() the conditional for testing whether an entry
is the invalid gTLD response was inverted. Refactor the conditional
into a helper function is_invalid_tld_srv_target(). Use the helper
to simplify the conditional making it easier to confirm that the
test is correct.
Change-Id: I3220753b5585ac535862c4617030377c7a1f4bbe
The function _krb5_put_int() is a private function exported from
lib/krb5. Its declaration should come from krb5-private.h. A local
declaration will not result in the proper import qualifiers on
Windows.
See also: e1a244f Make it possible to include krb5_locl.h in kadm5
Change-Id: I53e7aeea9f2f34cab105f2e331f3c6522847ccfe
krb5_locl.h cannot be included from within lib/kadm5 in the
current UNIX builds. Reverting this change which is necessary
to properly build on Windows until an alternate solution is
agreed upon.
This reverts commit ffc525aad1.
The hdb_method functions cannot be KRB5_LIB_CALL as lib/hdb is not
lib/krb5. KRB5_LIB_CALL will be inconsistently defined.
This inconsistency resulted in crashes of test_hdbplugin on 32-bit
Windows.
Change-Id: I4cf8d3ef76f31a3cae923df234a19610d956e7ee
The function _krb5_put_int() is a private function exported from
lib/krb5. Its declaration should come from krb5-private.h. A local
declaration will not result in the proper import qualifiers on
Windows.
Change-Id: I53e7aeea9f2f34cab105f2e331f3c6522847ccfe
If there is no MSLSA: credential cache principal, then try to
fallback to the MIT default MIT credential cache name, API:krb5cc.
Change-Id: I8f981c5401b4f962cf808e7b0dc782e42bc03023
If there is no default credential cache obtained from the registry
or from configuration files, then check to see if there is a valid
principal available from the MSLSA: credential cache. If so, use
"MSLSA:" as the default credential cache. This will simply configuration
for users on domain joined Windows machines when logged in using a
domain account.
Change-Id: I4c4392e0fdcec89aff3d258ce1b753e6458e3eec
Remove unnecessary levels of indentation.
Switch the conditional from "(e == NULL)" to "(p == NULL)" since it
the variable 'p' that is actually used to store the name of the
default credential cache.
Change-Id: Id884e2cd80b42e47d3c219ac3777161087467a14
Windows queries the default ccache name via the registry. Prior
to this change only the HKEY_CURRENT_USER hive. Fallback to
HKEY_LOCAL_MACHINE if there is no "ccname" value specified for the
user. This permits system or domain administrators to set the
default ccache to MSLSA: for all users.
Change-Id: Ide3b51358f8fc6944ca698e4a68295be9463d4e0
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is controlled
interuption service which will return explicit responses to DNS A, MX, SRV, and TXT
queries that can be used to detect private namespace collisions.
When performing fallback_get_hosts() check the AF_INET responses to ensure
that they are not the gTLD name collision address 127.0.53.53. If so, add
an error message to the context and return KRB5_KDC_UNREACH.
Write a warning to the log (if any).
Change-Id: I2578f13948b8327cc3f06542c1e489f02410143a
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is a
controlled interuption service which will return explicit responses to DNS
A, MX, SRV, and TXT queries that can be used to detect private namespace collisions.
Modify SRV records lookups to detect the special hostname returned in the
SRV response, skip the response, and record an appropriate error if it is detected.
Write a warning to the log (if any).
Change-Id: I47e049b617e39e49939bc92d513a547de1d04624
As per
https://www.icann.org/en/system/files/files/name-collision-mitigation-01aug14-en.pdf
prior to a new top-level domain being put into service there is a
controlled interuption service which will return explicit responses to DNS
A, MX, SRV, and TXT queries that can be used to detect private namespace collisions.
Modify the signature of copy_txt_to_realm() to accept a krb5_context so
that meaningful errors can be recorded.
Write a warning to the log (if any).
Change-Id: I51ff8feed4f9d2af8b956bd4ba26e1c4644247c2
Instead of allocating a separate mutex object on the heap,
include the HEIMDAL_MUTEX in the krb5_context structure.
Change-Id: If6db484177410487176985e43e3b43e0f2166518
Add a basic set of tests for the HEIMDAL_MUTEX and HEIMDAL_RWLOCK
abstraction using both static and dynamic initialization.
Change-Id: Iaeb16e5dfcf00d29be7eaa4f2e6970c4f1268fb0
All source files in lib/hcrypto should be built the same way.
Since this source directory is dependent on libroken then all source
files must be built using the roken.h declarations and included headers.
Also, there is no config.h in the local directory so angle brackets
include of quotes should be used.
Finally, because roken.h includes stdio.h, stdlib.h, stdarg.h, limits.h,
strings.h, sys/types.h, etc., do not include them separately.
Start all source files with
#include <config.h>
#include <roken.h>
Change-Id: I09ab47f8a5472018efe6c8b59a0e51fde8f24724
Make memcmp() compare the name1 and name2 value instead of comparing
name1 with itself.
The memcmp() is only executed if the left-hand side of the || is false
i.e. when both length are equal so the length argument is correct (no out-of-bounds reads).
