From nobody Thu Jul 24 17:34:12 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bnymS20brz630GJ; Thu, 24 Jul 2025 17:34:16 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Received: from omta003.cacentral1.a.cloudfilter.net (omta001.cacentral1.a.cloudfilter.net [3.97.99.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "Client", Issuer "CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bnymR4YT8z3qyJ; Thu, 24 Jul 2025 17:34:15 +0000 (UTC) (envelope-from cy.schubert@cschubert.com) Authentication-Results: mx1.freebsd.org; none Received: from shw-obgw-4001a.ext.cloudfilter.net ([10.228.9.142]) by cmsmtp with ESMTPS id evEUuM6mX9JM2ezpeuCv8B; Thu, 24 Jul 2025 17:34:14 +0000 Received: from spqr.komquats.com ([70.66.136.217]) by cmsmtp with ESMTPSA id ezpdutja0WX70ezpdu0DxK; Thu, 24 Jul 2025 17:34:14 +0000 X-Auth-User: cschuber X-Authority-Analysis: v=2.4 cv=d71WygjE c=1 sm=1 tr=0 ts=68826e96 a=h7br+8Ma+Xn9xscxy5znUg==:117 a=h7br+8Ma+Xn9xscxy5znUg==:17 a=kj9zAlcOel0A:10 a=Wb1JkmetP80A:10 a=6I5d2MoRAAAA:8 a=EkcXrb_YAAAA:8 a=YxBL1-UpAAAA:8 a=EEpa6MD88qzaec5TMPsA:9 a=CjuIK1q_8ugA:10 a=LK5xJRSDVpKd5WXXoEvA:22 a=Ia-lj3WSrqcvXOmTRaiG:22 Received: from slippy.cwsent.com (slippy [10.1.1.91]) by spqr.komquats.com (Postfix) with ESMTP id 9574AEF7; Thu, 24 Jul 2025 10:34:12 -0700 (PDT) Received: by slippy.cwsent.com (Postfix, from userid 1000) id 8B8E34D6; Thu, 24 Jul 2025 10:34:12 -0700 (PDT) X-Mailer: exmh version 2.9.0 11/07/2018 with nmh-1.8+dev Reply-to: Cy Schubert From: Cy Schubert X-os: FreeBSD X-Sender: cy@cwsent.com X-URL: http://www.cschubert.com/ To: Konstantin Belousov cc: Cy Schubert , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: e447c252d0ec - main - krb5: Merge Heimdal common functions into version maps In-reply-to: References: <202507241714.56OHEFYg074661@gitrepo.freebsd.org> Comments: In-reply-to Konstantin Belousov message dated "Thu, 24 Jul 2025 20:27:50 +0300." List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 24 Jul 2025 10:34:12 -0700 Message-Id: <20250724173412.8B8E34D6@slippy.cwsent.com> X-CMAE-Envelope: MS4xfDagzy0yZB3MCq95SWPwW+vRQa/V9Gl+c52jqxPnzpyy5tGaHWf2onYLv/Xdo3f08W1mq75vI8OELq5nrCB3Pt3zts+QbMPHuEz7G3NlPASxiOobGnFy FWK1JA2jUVKqgQjT8vCVVLxJ6ULJfv1PfYhSXUrnc+HJVLHP3wkRSTT0nNb5WUltmFnQsnhvWriR60JaXnAMSRc2Y7B/t+PSgD/rH7TFKGucVqtF+VN0TaR0 pL75MPHyvgBQX2qqBBbDul9nxS5DbX3VRRTMiGQL2965MGcSf+bq5dqlYMbVpXbWR5/npEKLwdTJRwgHckGYXtTLaQHUwwEHs/BuHPENIydhN1FgYx4lhl7Y v5YdlCxu X-Rspamd-Queue-Id: 4bnymR4YT8z3qyJ X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:16509, ipnet:3.96.0.0/15, country:US] In message , Konstantin Belousov writes: > On Thu, Jul 24, 2025 at 05:14:15PM +0000, Cy Schubert wrote: > > The branch main has been updated by cy: > > > > URL: https://cgit.FreeBSD.org/src/commit/?id=e447c252d0eca8f1440996f2a3521c > 75c06ae126 > > > > commit e447c252d0eca8f1440996f2a3521c75c06ae126 > > Author: Cy Schubert > > AuthorDate: 2025-07-24 16:24:03 +0000 > > Commit: Cy Schubert > > CommitDate: 2025-07-24 16:31:40 +0000 > > > > krb5: Merge Heimdal common functions into version maps > > > > Requested by: kib > I do not remember that I ever asked to do this. > More, I do not understand Kerberos to see such details. > > But see below. > > > --- > > krb5/lib/gssapi/version.map | 171 +++++++++--------- > > krb5/lib/krb5/version.map | 430 ++++++++++++++++++++++------------------ > ---- > > krb5/util/et/version.map | 12 +- > > 3 files changed, 312 insertions(+), 301 deletions(-) > > > > diff --git a/krb5/lib/gssapi/version.map b/krb5/lib/gssapi/version.map > > index bd0d28df70a7..d52c0d3d1e36 100644 > > --- a/krb5/lib/gssapi/version.map > > +++ b/krb5/lib/gssapi/version.map > > @@ -1,3 +1,90 @@ > > +HEIMDAL_GSS_2.0 { > > + global: > > + gss_accept_sec_context; > > + gss_acquire_cred; > > + gss_acquire_cred_with_password; > > + gss_add_buffer_set_member; > > + gss_add_cred; > > + gss_add_cred_with_password; > > + gss_add_oid_set_member; > > + gss_authorize_localname; > > + gss_canonicalize_name; > > + gss_compare_name; > > + gss_context_time; > > + gss_create_empty_buffer_set; > > + gss_create_empty_oid_set; > > + gss_decapsulate_token; > > + gss_delete_name_attribute; > > + gss_delete_sec_context; > > + gss_display_mech_attr; > > + gss_display_name; > > + gss_display_name_ext; > > + gss_display_status; > > + gss_duplicate_name; > > + gss_encapsulate_token; > > + gss_export_cred; > > + gss_export_name; > > + gss_export_name_composite; > > + gss_export_sec_context; > > + gss_get_mic; > > + gss_get_name_attribute; > > + gss_import_cred; > > + gss_import_name; > > + gss_import_sec_context; > > + gss_indicate_mechs; > > + gss_indicate_mechs_by_attrs; > > + gss_init_sec_context; > > + gss_inquire_attrs_for_mech; > > + gss_inquire_context; > > + gss_inquire_cred; > > + gss_inquire_cred_by_mech; > > + gss_inquire_cred_by_oid; > > + gss_inquire_mech_for_saslname; > > + gss_inquire_mechs_for_name; > > + gss_inquire_name; > > + gss_inquire_names_for_mech; > > + gss_inquire_saslname_for_mech; > > + gss_krb5_ccache_name; > > + gss_krb5_copy_ccache; > > + gss_krb5_export_lucid_sec_context; > > + gss_krb5_free_lucid_sec_context; > > + gss_krb5_get_tkt_flags; > > + gss_krb5_import_cred; > > + gss_krb5_set_allowable_enctypes; > > + gss_oid_equal; > > + gss_oid_to_str; > > + gss_pname_to_uid; > > + gss_process_context_token; > > + gss_pseudo_random; > > + gss_release_buffer; > > + gss_release_buffer_set; > > + gss_release_cred; > > + gss_release_iov_buffer; > > + gss_release_name; > > + gss_release_oid; > > + gss_release_oid_set; > > + gss_seal; > > + gss_set_cred_option; > > + gss_set_name_attribute; > > + gss_set_sec_context_option; > > + gss_sign; > > + gss_store_cred; > > + gss_test_oid_set_member; > > + gss_unseal; > > + gss_unwrap; > > + gss_unwrap_iov; > > + gss_userok; > > + gss_verify; > > + gss_verify_mic; > > + gss_wrap; > > + gss_wrap_iov; > > + gss_wrap_iov_length; > > + gss_wrap_size_limit; > > + gsskrb5_extract_authtime_from_sec_context; > > + gsskrb5_extract_authz_data_from_sec_context; > > + krb5_gss_register_acceptor_identity; > > +}; > > + > > gssapi_krb5_2_MIT { > > global: > > GSS_C_ATTR_LOCAL_LOGIN_USER; > > @@ -46,67 +133,14 @@ gssapi_krb5_2_MIT { > > GSS_C_MA_CTX_TRANS; > > GSS_C_MA_NEGOEX_AND_SPNEGO; > > GSS_C_SEC_CONTEXT_SASL_SSF; > > - gss_accept_sec_context; > > - gss_acquire_cred; > > - gss_acquire_cred_with_password; > > gss_acquire_cred_impersonate_name; > > - gss_add_buffer_set_member; > > - gss_add_cred; > > gss_add_cred_impersonate_name; > > - gss_add_cred_with_password; > > - gss_add_oid_set_member; > > - gss_authorize_localname; > > - gss_canonicalize_name; > > - gss_compare_name; > > gss_complete_auth_token; > > - gss_context_time; > > - gss_create_empty_buffer_set; > > - gss_create_empty_oid_set; > > - gss_decapsulate_token; > > - gss_delete_name_attribute; > > - gss_delete_sec_context; > > - gss_display_mech_attr; > > - gss_display_name; > > - gss_display_name_ext; > > - gss_display_status; > > - gss_duplicate_name; > > - gss_encapsulate_token; > > - gss_export_cred; > > - gss_export_name; > > - gss_export_name_composite; > > - gss_export_sec_context; > > - gss_get_mic; > > gss_get_mic_iov; > > gss_get_mic_iov_length; > > - gss_get_name_attribute; > > - gss_import_cred; > > - gss_import_name; > > - gss_import_sec_context; > > - gss_indicate_mechs; > > - gss_init_sec_context; > > - gss_indicate_mechs_by_attrs; > > - gss_inquire_attrs_for_mech; > > - gss_inquire_context; > > - gss_inquire_cred; > > - gss_inquire_cred_by_mech; > > - gss_inquire_cred_by_oid; > > - gss_inquire_mech_for_saslname; > > - gss_inquire_mechs_for_name; > > - gss_inquire_names_for_mech; > > - gss_inquire_saslname_for_mech; > > - gss_inquire_sec_context_by_oid; > > - gss_krb5_ccache_name; > > - gss_krb5_copy_ccache; > > - gss_krb5_export_lucid_sec_context; > > - gss_krb5_free_lucid_sec_context; > > - gss_krb5_get_tkt_flags; > > - gss_krb5_import_cred; > > - gss_krb5_set_allowable_enctypes; > > gss_krb5_set_cred_rcache; > > gss_krb5int_make_seal_token_v3; > > gss_krb5int_unseal_token_v3; > > - gsskrb5_extract_authtime_from_sec_context; > > - gsskrb5_extract_authz_data_from_sec_context; > > gss_localname; > > gss_map_name_to_any; > > gss_mech_iakerb; > > @@ -124,47 +158,16 @@ gssapi_krb5_2_MIT { > > gss_nt_service_name_v2; > > gss_nt_string_uid_name; > > gss_nt_user_name; > > - gss_oid_equal; > > - gss_oid_to_str; > > - gss_pname_to_uid; > > - gss_pseudo_random; > > - gss_process_context_token; > > gss_release_any_name_mapping; > > - gss_release_buffer_set; > > - gss_release_buffer; > > - gss_release_cred; > > - gss_release_iov_buffer; > > - gss_release_name; > > - gss_release_oid; > > - gss_release_oid_set; > > - gss_seal; > > - gss_set_name_attribute; > > gss_set_neg_mechs; > > - gss_set_sec_context_option; > > - gss_sign; > > - gss_store_cred; > > gss_str_to_oid; > > - gss_test_oid_set_member; > > - gss_unseal; > > - gss_unwrap; > > gss_unwrap_aead; > > - gss_unwrap_iov; > > - gss_userok; > > - gss_verify; > > - gss_verify_mic; > > gss_verify_mic_iov; > > - gss_wrap; > > gss_wrap_aead; > > - gss_wrap_iov; > > - gss_wrap_iov_length; > > - gss_wrap_size_limit; > > - gss_set_cred_option; > > gssspi_set_cred_option; > > gssspi_mech_invoke; > > krb5_gss_dbg_client_expcreds; > > - krb5_gss_register_acceptor_identity; > > krb5_gss_use_kdc_context; > > - gss_inquire_name; > > gss_acquire_cred_from; > > gss_add_cred_from; > > gss_store_cred_into; > > This breaks the ABI of _current_ libc on HEAD even more. > Please do bump the dso versions for all libs from kerberos/gss > with same current name as it was in Heimdal time. In other words use Heimdal in the name instead of the names MIT uses? This was certainly short sighted on our part when we put Heimdal in our DSO names at the time. -- Cheers, Cy Schubert FreeBSD UNIX: Web: https://FreeBSD.org NTP: Web: https://nwtime.org e**(i*pi)+1=0