[Heimdal-source-changes] [heimdal/heimdal] 9769a3: lib/krb5: krb5_get_instance does not work on Windo...
Jeffrey Altman
noreply at github.com
Tors May 28 05:27:05 CEST 2020
Branch: refs/heads/jaltman/fix-krb5_ccache-plugins
Home: https://github.com/heimdal/heimdal
Commit: 9769a32b9026cacf062ddb8a767dd4b1667e734e
https://github.com/heimdal/heimdal/commit/9769a32b9026cacf062ddb8a767dd4b1667e734e
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2020-05-27 (Wed, 27 May 2020)
Changed paths:
M lib/heimdal/NTMakefile
M lib/krb5/plugin.c
M lib/roken/NTMakefile
M lib/roken/roken.h.in
A lib/roken/win32_version.c
Log Message:
-----------
lib/krb5: krb5_get_instance does not work on Windows 7
krb5_get_instance() is meant to ensure that the shared library
instance of heimdal loaded by a plugin matches the instance that
loaded the plugin. It works by declaring a static C string whose
memory address will be used as an instance identifier. If the
instance returned from the plugin matches the instance obtain
by the code that loads the plugin, then we can conclude the two
instances are the same.
This doesn't work on Windows 7. When heimdal.dll loads a plugin
that is linked to heimdal.dll, the plugin's heimdal.dll is always
a new instance. However, the requirement for plugin safety is
not that the plugin be the same instance in memory but that they
be the same instance on disk.
This change loads the path name and version string for the module
and generates a hash of those strings as an instance identifier.
Change-Id: I1c0651969e9738c5feecb0b323969d13efd4704d
Commit: b8ca339fc528e31c7e5026f78ba791c049fc74bc
https://github.com/heimdal/heimdal/commit/b8ca339fc528e31c7e5026f78ba791c049fc74bc
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2020-05-27 (Wed, 27 May 2020)
Changed paths:
M lib/base/common_plugin.h
Log Message:
-----------
base: common_plugin.h define KRB5_CALLCONV / KRB5_LIB_CALL
common_plugin.h is expected to be usable on its own.
For backward compatibility, restore the definitions of
KRB5_CALLCONV and KRB5_LIB_CALL.
Change-Id: I6d2239f91ab48b9a6b71816b5221807382dc5914
Commit: c33324a5cdcd77a31a815598a847ef94901ce418
https://github.com/heimdal/heimdal/commit/c33324a5cdcd77a31a815598a847ef94901ce418
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2020-05-27 (Wed, 27 May 2020)
Changed paths:
M lib/krb5/acache.c
M lib/krb5/cache.c
M lib/krb5/dcache.c
M lib/krb5/fcache.c
M lib/krb5/kcm.c
M lib/krb5/krb5.h
M lib/krb5/krcache.c
M lib/krb5/mcache.c
M lib/krb5/pcache.c
M lib/krb5/scache.c
Log Message:
-----------
krb5: krb5_cc_ops backward compatibility and extensibility
The krb5_cc_ops structure is an extensible structure to which new
functionality has been added over the years.
Version zero was the original. It included all functions up to
and including get_default_name().
Version one added set_default().
Version two added lastchange().
Version three added set_kdc_offset() and get_kdc_offset().
Version four broke compatibility by modifying the signatures
of get_name() and resolve(). This was in change
7bf4d76e75e904dd65a0fbb90c9cad981245f714 ("krb5: Improve cccol sub
naming; add gss_store_cred_into2()").
Version five restores the original signatures of get_name()
and resolve() and introduces get_name_2() and resolve_2() that
provide the additional cccol functionality.
This change
* introduces version five
* documents which functions are part of each version
* replaces KRB5_CC_OPS_VERSION with KRB5_CC_OPS_VERSION_0,
KRB5_CC_OPS_VERSION_1, KRB5_CC_OPS_VERSION_2, KRB5_CC_OPS_VERSION_3,
and KRB5_CC_OPS_VERSION_5. KRB5_CC_OPS_VERSION_4 is skipped
because of the aforementioned breakage.
* compatibility logic is added to permit ccache plugins to implement
any of version one, two, three, five or a future version.
* all in-tree krb5_cc_ops implementations are updated to version 5.
Change-Id: Iadfce01d10834bc6151939e4d9d196f03001626e
Compare: https://github.com/heimdal/heimdal/compare/9769a32b9026%5E...c33324a5cdcd
More information about the Heimdal-source-changes
mailing list