[Heimdal-source-changes] [heimdal/heimdal] d4c0d3: lib/krb5: krb5_get_instance does not work on Windo...
Jeffrey Altman
noreply at github.com
Tors May 28 06:22:54 CEST 2020
Branch: refs/heads/master
Home: https://github.com/heimdal/heimdal
Commit: d4c0d345488d4d3751aed200e48cc043afe62889
https://github.com/heimdal/heimdal/commit/d4c0d345488d4d3751aed200e48cc043afe62889
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2020-05-27 (Wed, 27 May 2020)
Changed paths:
M lib/heimdal/NTMakefile
M lib/krb5/plugin.c
M lib/roken/NTMakefile
M lib/roken/roken.h.in
A lib/roken/win32_version.c
Log Message:
-----------
lib/krb5: krb5_get_instance does not work on Windows 7
krb5_get_instance() is meant to ensure that the shared library
instance of heimdal loaded by a plugin matches the instance that
loaded the plugin. It works by declaring a static C string whose
memory address will be used as an instance identifier. If the
instance returned from the plugin matches the instance obtain
by the code that loads the plugin, then we can conclude the two
instances are the same.
This doesn't work on Windows 7. When heimdal.dll loads a plugin
that is linked to heimdal.dll, the plugin's heimdal.dll is always
a new instance. However, the requirement for plugin safety is
not that the plugin be the same instance in memory but that they
be the same instance on disk.
This change loads the path name and version string for the module
and generates a hash of those strings as an instance identifier.
Change-Id: I1c0651969e9738c5feecb0b323969d13efd4704d
Commit: 33bb2479b9a7538c1153639dacc02ff46109c215
https://github.com/heimdal/heimdal/commit/33bb2479b9a7538c1153639dacc02ff46109c215
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2020-05-27 (Wed, 27 May 2020)
Changed paths:
M lib/base/common_plugin.h
Log Message:
-----------
base: common_plugin.h define KRB5_CALLCONV / KRB5_LIB_CALL
common_plugin.h is expected to be usable on its own.
For backward compatibility, restore the definitions of
KRB5_CALLCONV and KRB5_LIB_CALL.
Change-Id: I6d2239f91ab48b9a6b71816b5221807382dc5914
Commit: d84512b8d2b782fdcee2360ea5942969dfc71d96
https://github.com/heimdal/heimdal/commit/d84512b8d2b782fdcee2360ea5942969dfc71d96
Author: Jeffrey Altman <jaltman at secure-endpoints.com>
Date: 2020-05-27 (Wed, 27 May 2020)
Changed paths:
M lib/krb5/acache.c
M lib/krb5/cache.c
M lib/krb5/dcache.c
M lib/krb5/fcache.c
M lib/krb5/kcm.c
M lib/krb5/krb5.h
M lib/krb5/krcache.c
M lib/krb5/mcache.c
M lib/krb5/pcache.c
M lib/krb5/scache.c
Log Message:
-----------
krb5: krb5_cc_ops backward compatibility and extensibility
The krb5_cc_ops structure is an extensible structure to which new
functionality has been added over the years.
Version zero was the original. It included all functions up to
and including get_default_name().
Version one added set_default().
Version two added lastchange().
Version three added set_kdc_offset() and get_kdc_offset().
Version four broke compatibility by modifying the signatures
of get_name() and resolve(). This was in change
7bf4d76e75e904dd65a0fbb90c9cad981245f714 ("krb5: Improve cccol sub
naming; add gss_store_cred_into2()").
Version five restores the original signatures of get_name()
and resolve() and introduces get_name_2() and resolve_2() that
provide the additional cccol functionality.
This change
* introduces version five
* documents which functions are part of each version
* replaces KRB5_CC_OPS_VERSION with KRB5_CC_OPS_VERSION_0,
KRB5_CC_OPS_VERSION_1, KRB5_CC_OPS_VERSION_2, KRB5_CC_OPS_VERSION_3,
and KRB5_CC_OPS_VERSION_5. KRB5_CC_OPS_VERSION_4 is skipped
because of the aforementioned breakage.
* compatibility logic is added to permit ccache plugins to implement
any of version one, two, three, five or a future version.
* all in-tree krb5_cc_ops implementations are updated to version 5.
Change-Id: Iadfce01d10834bc6151939e4d9d196f03001626e
Compare: https://github.com/heimdal/heimdal/compare/1a65611f61c2...d84512b8d2b7
More information about the Heimdal-source-changes
mailing list