The use of the wrong value for the length of ":mkey=" was identified
by Brian May and reported via github:
https://github.com/heimdal/heimdal/issues/40
Change-Id: I0aed86a5bb0359b7a266369076fde5e62f23b5fe
Modify the signature of mp_find_prime() to permit the number of
Miller-Rabin rounds to be specified. In addition, valid responses
now include MP_NO, MP_YES, and MP_VAL which is returned when
mp_prime_is_prime() fails.
Change-Id: I0195129a4dd75875e6dddb6d49a5ceb30afb1a17
libtommath protects the inclusion of functions by wrapping their
declarations by CPP #ifdef tests and defining the matching macros
within libtommath_class.h.
Add missing macros:
BN_MP_FIND_PRIME_C
BN_MP_ISPRIME_C
Change-Id: Ic577300114f8e88d7a3af3d9f717a249d57f03b1
As pointed out by Steffen Jaeckel [https://github.com/sjaeckel],
within bn_mp_prime_next_prime() t <= PRIME_SIZE as per the check
at the top of the function. Remove the unnecessary comparison in
a for loop conditional.
Change-Id: I868bee1a7a019e0ab06bf2b81cc71cf66ca9acff
C++ does not permit struct names and typedef names to be the same.
Rename
struct krb5_name_canon_rule to struct krb5_name_canon_rule_data
and
struct krb5_name_canon_iterator to struct krb5_name_canon_iterator_data
Change-Id: I92766e0878bf0beef92de1649baf9e5cafbf86aa
Since the memory is allocated inside the Kerberos library, it
should be freed by code inside the same library. free, as
previously recommended, therefore doesn't seem appropriate.
Instead, recommend krb5_xfree, which exists for this purpose.
krb5_set_default_realm.3 man page update
Change-Id: I11d119edf03148cbdc654480c72ddffb540084ec
Programs like sshd may create or access a ccache with
ruid != user's UID, euid == user's UID.
Set-uid-0 programs (ob reminder: they start life as ruid == user's UID,
euid == 0) shouldn't unintentionally access ccaches. Therefore we
shouldn't check both of ruid and euid, just euid.
Eventually we'll need to make sure that a) libroken's stdint.h defines
the max integer types, b) the libroken *printf()s can handle all the
standard length and conversion specifiers.
LoadLibrary() is unable to load DLLs which are being loaded from
a global side by side assembly directory. Instead, use
LoadLibraryEx() with LOAD_WITH_ALTERED_SEARCH_PATH
This permits a DLL to be loaded from the WinSxs tree when a fully
qualified path is provided.
Change-Id: I0e5da1a8610c6b571f73c0e7b0beabeecbbb3b77
We *really* need a ccache instance ID tag. In fact, we should probably
never krb5_cc_initialize() a ccache that doesn't have such a tag. But
for now cred_delete() is now safe enough.
If we're racing enough we could complain about symlinks where there were
none. This was very surprising. Make it surprise less.
We should really #ifndef O_NOFOLLOW that code chunk too, for the obvious
reason that we don't need to worry about symlinks if we have and use
O_NOFOLLOW.
Also, since all uses of fcc_open() use O_NOFOLLOW we should move that
into fcc_open(). Ditto O_BINARY and O_CLOEXEC.
Patchset 58ff480763 calls write() and read()
on rk_socket_t objects which on Windows are SOCKETs not C RTL file
descriptors. This patchset uses krb5_net_write() and krb5_net_read()
in place of the direct write() and read() operations.
Change-Id: I3f7d4756357d432e4e62910f9a36824eb188b6e4
Windows plugins must be loaded from the same directory as the
heimdal.dll in order to ensure that "DLL Hell" is not revisited.
Since plugins cannot be grouped in a directory by "module" name
the plugins must have a name of the form:
plugin_<module>_<name>.dll
Construct the "plugin_<module>_" prefix string dynamically and
test for both the prefix and the ".dll" extension when building
the list of plugins to load.
Change-Id: I0ff7bf7287f8fb38061c226f0844d7d0f1fb59ec
