krb5_enomem() is a wrapper around krb5_set_error_message() which
is used throughout the lib/krb5 sources. Some of the lib/krb5
sources are imported into third party projects and those projects
must be able to pull in krb5_enomem() without other baggage.
Create a new source file lib/krb5/enomem.c.
Change-Id: Id109386d48e3e2988b705b82525adf4f1fa5ea98
Windows applications become very unhappy when memory is allocated
in one module (exe or dll) and deallocated in another. This is
because each of the C run time library instances uses its own
heap. Mixing allocating in one heap and deallocating in another
will lead to memory leaks and heap corruption. For modules that
build against roken avoid this problem by sharing roken's allocator
with the module that uses it.
Change-Id: I31e35c600a78350b168a281811160696dc327544
This reverts commit cb6f7ea40e.
stdint.h can be included everywhere now that the Windows
platform generates and installs a stdint.h when Visual
Studio does not provide one.
Change-Id: Ia3cab28d7f5806203cd45227765debda54ac7472
The lib/krb5 export lists contained the following functions
that are no longer in the tree:
krb5_425_conv_principal
krb5_425_conv_principal_ext2
krb5_425_conv_principal_ext
krb5_524_conv_principal
_krb5_krb_tf_setup
_krb5_krb_dest_tkt
_krb5_krb_life_to_time
_krb5_krb_decomp_ticket
_krb5_krb_create_ticket
_krb5_krb_create_ciph
_krb5_krb_create_auth_reply
_krb5_krb_rd_req
_krb5_krb_free_auth_data
_krb5_krb_time_to_life
_krb5_krb_cr_err_reply
Change-Id: I1f73768de2f7e9243e4e7a623b54af282ec54641
synchronize the export lists on Windows and UNIX.
When new functions are exported on UNIX or Windows,
the "test" build target on Windows will verify if
the export lists are in sync.
Change-Id: I9df3607983b03ee8dc6fa7cd22f85b07a6cee784
heim_abort and heim_assert are not exported from heimdal.dll.
must link against heimbase to use them.
Change-Id: I57a29b90360f9036723c114f03a95684a4802529
cc-1028 cc: ERROR File = ../source4/heimdal/lib/asn1/gen_template.c, Line = 548
The expression used must have a constant value.
struct templatehead template = { 0L, &(template). tqh_first };
^
If this really fixes the IRIX build, we'll propose this for heimdal upstream.
metze
Signed-off-by: Love Hornquist Astrand <lha@h5l.org>
EAFNOSUPPORT is defined by VS2010 errno.h. Use the VS2010
value instead of WSAEAFNOSUPPORT if EAFNOSUPPORT is not defined.
Change-Id: Ie641fd8f212ea1be11811dbb2e0def9fdbac795f
Looks like they defined basename() in string.h and ntohs/htonl are
implemented in terms of __bswap16() which is a macro with tmp
variables and so one cannot embed one call to ntohs/htons in another.
Not good but we workaround this limitation in glibc.
We should not hold locks on the master's database while waiting
for network I/O which may take a terribly long time to complete as
this will block out all writers and could therefore be slightly
problematic. ipropd-master was holding a shared lock on the database
while sending a complete propation to slaves which are out of sync
with the log file. We fix this by writing what we intend to send
in record format into a file hdb_db_dir()/ipropd.dumpfile while
holding a shared lock on the database and then we send the contents
of the file after releasing the lock. We also save and re-use the file
that we generated during future complete propagation events as long
as the log is long enough to get us back to the state previously
dumped.
We can't use O_TRUNC on open because (without O_EXLOCK which is
not portable) we would be modifying the file without an exclusive
lock. So, we drop the use of O_TRUNC and use ftruncate(2) after
obtaining the lock via flock(2).
We add a function to cause krb5_storage's to be sync'd to their backing
store. For memory backed storages, this is a NOP. For files, it calls
fsync on the file descriptor.
Multiple concurrent writers would cause the HDB to become corrupted
as the locking was not sufficient to prevent these sorts of issues
from occurring. We fix this in a similar way to the prior DB1 patch.
Multiple concurrent writers would cause the HDB to become corrupted
as the locking was not sufficient to prevent these sorts of issues
from occurring. We have changed the locking to obtain the appropriate
kind of lock on database open and to hold that lock until the
database closes. We need to do this as Berkeley DB 1.85 will cache
information from the database in memory and if if this information
is updated without our knowledge then our later writes will corrupt
the database. We speculate that there would be issues with a single
writer and reader but did not reproduce them.
Before this change Heimdal could read KDBs. Now it can write to
them too.
Heimdal can now also dump HDBs (including KDBs) in MIT format, which
can then be imported with kdb5_util load.
This is intended to help in migrations from MIT to Heimdal by
allowing migrations from Heimdal to MIT so that it is possible
to rollback from Heimdal to MIT should there be any issues. The
idea is to allow a) running Heimdal kdc/kadmind with a KDB, or
b) running Heimdal with an HDB converted from a KDB and then
rollback by dumping the HDB and loading a KDB.
Note that not all TL data types are supported, only two: last
password change and modify-by. This is the minimum necessary.
PKINIT users may need to add support for KRB5_TL_USER_CERTIFICATE,
and for databases with K/M history we may need to add KRB5_TL_MKVNO
support.
Support for additional TL data types can be added in
lib/hdb/hdb-mitdb.c:_hdb_mdb_value2entry() and
lib/hdb/print.c:entry2mit_string_int().
...rather than the authenticated principal's realm section. We do
this both to maintain compatibility with MIT and because it makes
more sense. We should likely also fix the auth_to_local_names as
cursory inspection reveals that it has the same incompatibility.
The source files generated by compile_et and asn1-compile must
begin with:
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
This permits conditional includes based on HAVE_STDINT_H and
HAVE_UNISTD_H to work.
Change-Id: Iefe25317ac3cb1970793748b8318174bcd7a087f
Commit c04aa9e082 specified the
mutex type, pthread_mutex_t, directly instead of using the
abstraction, HEIMDAL_MUTEX.
Change-Id: Iedfc46163140cf23014d357cc8ccc9f0e6224327
__gss_krb5_mechanism_oid_desc is now defined in gssapi/gssapi_oid.h,
so remove the definition in gssapi/gssapi_krb5.h in favor of including
that header.
Signed-off-by: Love Hörnquist Åstrand <lha@h5l.org>
