Tom Yu [Fri, 30 Mar 2007 20:53:35 +0000 (20:53 +0000)]
pull up r19294 from trunk
r19294@cathode-dark-space: kpkoch | 2007-03-27 14:42:51 -0400
Target_Version: 1.6.1
Ticket: 5490
Tags: pullup
Update documentation.
ticket: 5490
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19352
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 20:53:23 +0000 (20:53 +0000)]
pull up r19293 from trunk
r19293@cathode-dark-space: kpkoch | 2007-03-27 14:41:34 -0400
Target_Version: 1.6.1
Ticket: 5490
Tags: pullup
Correct error message text, add comments, change some command line defaults. Change plink path.
ticket: 5490
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19351
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 20:53:09 +0000 (20:53 +0000)]
pull up r19291 from trunk
r19291@cathode-dark-space: jaltman | 2007-03-27 09:47:44 -0400
ticket: new
subject: remove unwanted files from kfw build script
component: windows
Remove aklog, khhelp.h, and the .manifest files as they are
not installed by the installer.
ticket: 5492
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19350
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 20:52:58 +0000 (20:52 +0000)]
pull up r19288 from trunk
r19288@cathode-dark-space: kpkoch | 2007-03-26 09:28:32 -0400
Target_Version: 1.6.1
Component: KfW
Tags: pullup
Ticket: new
Subject: KfW build automation
Don't fetch afscompat.
Handle case of checkout into non-existent directory.
ticket: 5490
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19349
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 20:52:43 +0000 (20:52 +0000)]
pull up r19234 from trunk
r19234@cathode-dark-space: kpkoch | 2007-03-16 14:38:28 -0400
Subject: KfW automated build scripts & supporting files.
Updated scripts & additional configuration files.
Ticket: new
Target_Version: 1.6.1
tags: pullup
ticket: 5490
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19348
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 20:52:31 +0000 (20:52 +0000)]
pull up r19207 from trunk
r19207@cathode-dark-space: kpkoch | 2007-03-05 17:34:25 -0500
Train build script to use repository sources, omit sample configuration. [wix area.]
Add control of the repository access step, fetch all sources from the repository. Track in documentation.
Eliminate unhelpful output during pre-package step.
The next step is to fetch only krb5/src/windows/build and run the entire build.
ticket: 5490
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19347
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 20:52:18 +0000 (20:52 +0000)]
pull up r19206 from trunk
r19206@cathode-dark-space: kpkoch | 2007-03-05 11:37:41 -0500
Move automation documentation from wiki to here.
Minor tweaks to script (start adding unzip support) and config (move svn url to right place).
Target_Version: 1.6.1
ticket: 5490
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19346
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 20:52:06 +0000 (20:52 +0000)]
pull up r19205 from trunk
r19205@cathode-dark-space: kpkoch | 2007-03-05 09:07:07 -0500
Target_Version: 1.6.1
Component: KfW
Automation for building KfW.
ticket: 5490
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19345
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 18:54:31 +0000 (18:54 +0000)]
pull up r19292 from trunk
r19292@cathode-dark-space: kpkoch | 2007-03-27 13:27:41 -0400
Ticket: 5446
Status: resolved
Target_Version: 1.6.1
Tags: pullup
All Windows apps were popping MessageBoxes when stderr is redirected. Console apps shouldn't and no longer do that. Added isGuiApp, which tests gui resource usage.
Removed duplicate nested tests for _WIN32.
ticket: 5446
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19343
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 18:39:12 +0000 (18:39 +0000)]
pull up r19306 from trunk
r19307@cathode-dark-space: jaltman | 2007-03-29 17:19:43 -0400
ticket: new
subject: more bug fixes for NIM 1.2 (KFW 3.2)
component: windows
tags: pullup
netidmgr.exe
- Credentials display :
- If an outline is marked as KHUI_CW_O_STICKY | KHUI_CW_O_RELIDENT,
release the identity when deleting the outline node.
- Correctly determine the location of UI widgets using the column
specifier of the outline node instead of the column specifier of
the row.
- Do not recompute the extents of a row.
- If there is a default identity and it has no credentials and it is
not pinned, display it anyway.
krb5common.obj
- Import profile_rename_section()
krb5cred.dll
- In the realm editor:
- When writing realm data, keep track of whether any updates were
performed.
- Reset the dirty bits for each element whose changes were written
to the profile.
- Use profile_rename_section() correctly to delete sections.
- Check if any changes were applied before setting the 'applied' bit
for the configuration node.
- Don't assume that the Kerberos 5 General configuration panel has
received WMCFG_APPLY before the realm editor. It will not receive
the notification if it hasn't indicated that there are changes to
be applied.
- New credentials :
- If there is no "ExpiresOn" value for a cached prompt set, assume
that it has already expired.
- Set the lifetime for a new prompt set to be 7 days longer than
then maximum renewable lifetime.
ticket: 5496
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19342
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 18:38:54 +0000 (18:38 +0000)]
pull up r19306 from trunk
r19306@cathode-dark-space: jaltman | 2007-03-29 13:24:34 -0400
ticket: new
subject: NIM commits for KFW 3.2 Beta 1
component: windows
(NetIDMgr 1.2.0.0)
netidmgr.exe
- Simplify credential window UI element placement calculations.
- Add the Custom_1 view to the UI schema. This is used to store
customizations to the basic view.
- Extended styles for toolbars have to be set via TB_SETEXTENDEDSTYLE
messages instead of the EX_STYLE parameter to CreateWindowEx().
Also, set the extended style to support detached arrows.
- Support drop down menus in the standard toolbar.
- The per-identity commands that are added to expiration dialogs are
now flagged for automatic dispatch.
- Remove unnecessary status bar parts and display the status bar icons
at the correct size.
- The notification alerts now display the info balloon at the correct
size.
- Increase the height of the height of the dialog button bar to 190
from 181 dialog units.
- Lock the action tables when refreshing the per-identity actions.
Perform the necessary notification after refreshing the per-identity
actions.
- "Initialize <identity>" -> "Obtain new credentials for <identity>"
- Add a button to go back to the Basic view from the Advanced view in
the new credentials dialog.
- Cache the extents of each row since we now support rows of variable
heights.
- Selecting a credential row or a header should select all the
credentials that are represented by the row.
- Update the selection state after loading a new view.
- Display the expiration times in the second line of an expanded
identity header.
- Checks for expiration flags in the credentials window now take into
account that the each flag may occupy more than one bit position.
- Calculate the expiration flags for the identity before assigning it
to a header, so that the header can display accurate expiration
data.
- Kill unnecessary timers in the credentials view and make sure taht
the KHUI_CW_ROW_TIMERSET flag is consistent with whether there is an
active timer for the row.
- In addition to rows that hold credentials, timers can also be
assigned to headers for identities in the basic view. This allows
the headers to display expiration times.
- The credentials view keeps track of the count of credentials, the
count of identity credentials (credentials which belong to the
credentials type that the identity belongs to) and the number of
initial credentials.
- Configuration spaces that hold credential view definitions now
include an additional value "_AppVersion" which contains the version
of NIM used to create the data. If the current version is greater
than the stated version, NIM will failover to using the schema
instead of using the saved data. This is because view definitions
are version dependent.
- The app_version global variable is now a const.
- The renew and destroy icons in the standard toolbar are now drop
down buttons. If the drop down arrow is clicked, they display a
menu with the list of identities that the operation can target.
- The renew and destroy actions on the credential menu have been
replaced by submenus that allow the user to select the identity
which would be the target of the operation.
- Consistently update the 'displayed' field of an alert so that
plug-ins can keep track of which alerts are being displayed.
- If the currently displayed balloon alert has
KHUI_ALERT_FLAG_DEFACTION flag, then dispatch the defualt command
when the user clicks the notification icon, or display the expanded
alert if necessary.
- Reduce flicker when drawing the credentials display by clipping the
header control from the device context.
- The state of Advanced mode is now preserved between NIM sessions.
- The credential display layout is kept track of separately for the
Basic and Advanced views. Any customization done on either view
(e.g.: changing sort order) will only affect that view.
Customizations for the Advanced view will be saved in the Custom_0
view, while customizations for the Basic view will be saved in
Custom_1.
- New color scheme.
- Selecting a credential or identity will no longer mask the
expiration state. The selection rectangle is now alpha blended.
- In Basic view, the width of the Identity column changes with the
width of the window so that the credentials display always fills the
width of the window.
- The colors for the highlight, text color, highlighted text color,
window background and other elements are now obtained via Windows so
that NetIDMgr will be more consistent with any themes that have been
applied.
- Correctly determine whether a column can be dragged or resized based
on the KHUI_CW_COL_FIXED_WIDTH and KHUI_CW_COL_FIXED_POS flags.
- Correctly update the scroll bars when switching between views.
- The "marker" button for a displayed alert should not perform any
action and it should not be the default control. Selecting it
should no longer cause an assertion to be thrown.
- Don't display the "... Click here for more." message when displaying
a balloon alert if the operating system involved does not provide a
reliable means of detecting that the user clicked on a balloon.
- When attempting to display queued alerts, if the alert at the top of
the queue is of a type that cannot be consolidated, then show it by
itself.
- If the size of the alert window changes, it should be redrawn
properly.
krb5creds.dll
- Allow setting an identity as the default even if there are no
credentials or credential caches associated with it. We generate
the name of the ccache we would use if we were getting new
credentials for the identity and then set that as the default cache.
- Controls in the per-identity configuration panels resized to fit
their contents.
- Set the credentials type and type name attributes for identities for
which we have a TGT.
- Use khm_krb5_get_identity_params() when retrieving parameters for
the identity global configuration panel.
- Add UI elements for setting the global values for forwardable,
renewable and addressless flags.
- Make the schema default to issue forwardable tickets for identities
that have no configuration and when krb5.ini does not define
'forwardable'.
- When updating the identity properties, take all the active
identities into account, so that we won't orphan any identities with
Krb5 properties but no credentials associated with them.
- If there is no TGT associated with an identity, then strip it of any
Krb5 provided properties.
- Associate identities that have a valid TGT with Krb5 by setting
KCDB_ATTR_TYPE to the Krb5 credentials type.
- Don't attempt to renew an identity if the TGT is not renewable or is
expired.
- When opening the configuration handle for an identity, if the
identity does not have any configuration information, failover to
using the per-realm configuration or the identity global
configuration.
- When opening the configuration handle, don't return a handle that
can't safely be closed.
- Add code from get_in_tkt.c that correctly handles per-realm settings
when obtaining libdefaults settings from the profile.
ticket: 5495
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19341
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 18:38:42 +0000 (18:38 +0000)]
pull up r19296 from trunk
r19296@cathode-dark-space: jaltman | 2007-03-28 14:03:45 -0400
ticket: new
subject: KFW: problems with non-interactive logons
component: windows
tags: pullup
Non-interactive logons cause two problems:
(1) on XP/2003 the logon event handlers do not get triggered and on
all platforms the LogonScript does not get executed.
As a result, ccache files are not deleted.
(2) on all platforms, accessing the credential cache causes
krbcc32s.exe to be spawned. This process never terminates.
This patch tests for interactive logons. If the logon is not
interactive, the Network Provider exits immediately.
ticket: 5493
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19340
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 18:38:26 +0000 (18:38 +0000)]
pull up r19290 from trunk
r19290@cathode-dark-space: jaltman | 2007-03-27 09:46:13 -0400
ticket: new
subject: WIX installer stores WinLogon event handler under wrong registry value
tags: pullup
component: windows
The WinLogon event handler in prior versions of the Wix installer
has been installing the event handler under the registry value "KFWLogon"
which happens to be the name that "OpenAFS" also uses for its Kerberos
logon events. The KFW NSIS installer has used "MIT_KFW" in order to
avoid the conflict. The Wix installer is being corrected to match.
When there is a name collision, only one of the event handlers gets
installed. As a result, Kerberos FILE ccaches get created with SYSTEM
only ACLs and are never destroyed. This is the same problem that
happens on Windows Vista when integrated logon is used because the
event handler hooks do not exist.
ticket: 5491
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19339
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 03:09:27 +0000 (03:09 +0000)]
pull up r19238 from trunk
r19238@cathode-dark-space: jaltman | 2007-03-20 16:41:52 -0400
ticket: new
subject: NIM: New Default View and miscellaneous fixes
component: windows
================================
KfW 3.1 Alpha (NetIDMgr 1.1.11.0)
-- nidmgr32.dll
- Only one action in a menu is allowed to have KHUI_ACTIONREF_DEFAULT
flag set. This marks the action as being the default action for the
menu and will be rendered as such.
- Newly created identities start off with the KCDB_IDENT_FLAG_EMPTY
flag set. Once credentials are associated with the identity and the
identity is refreshed, the flag will be cleared.
- When creating actions, enforce the name length.
- khm_value_exists() now handles shadowed configuration spaces.
- Add new action KHUI_ACTION_LAYOUT_MINI which toggles between
'Advanced' and 'Basic' views.
- Add support for F11 and F12 keys in khui_get_cmd_accel_string().
- New option for alerts to indicate that instead of just setting the
response field in the alert, the UI should dispatch the command
that the user has selected.
-- krb5common.obj
- khm_krb5_initialize() can return a handle to a krb5_ccache that has
already been closed. Now it doesn't.
- Also import 'krb5_string_to_deltat()'.
- Work around conditioned symbol definitions in ntsecapi.h in the
Vista Platform SDK that affect Win 2000.
-- krb5cred.dll
- Don't clear the prompts when the options for an identity changes.
The prompter code relies on the prompts being around so that the
values that the user has entered can be retained if the new set of
prompts is the same as the old one.
- Use the same code in the new credentials acquisition and the
identity configuration code to obtain krb5 parameters for an
identity.
- Reset the 'IMPORTED' flag when we get new credentials using a
password.
- If the validity of a principal is not known, then we restrict the
options that can be specified when calling
krb5_get_init_creds_password() so that we can reliably determine if
the principal is valid. If we need to get new credentials for the
principal, we need to make another call using the correct options.
- The return codes from the prompter need to indicate that the
password read operation was cancelled instead of arbiraty non-zero
values.
- When reading identity settings, if a particular setting is not
defined in the registry, then default to reading the settings out of
krb5.ini.
- Refer to credentials as 'credentials' or 'tickets' instead of
'creds'.
- If an identity has imported credentials, don't import for the same
identity again.
- When importing an identity, create the identity configuration in the
registry if we don't already have any settings there.
- Work around conditioned symbol definitions in ntsecapi.h in the
Vista Platform SDK that affect Win 2000.
- Rearrange declarations for clarity.
- Use the correct APIs to parse configuration values from krb5.ini.
-- krb4cred.dll
- The dialog layout was updated to accomodate a localized string that
no longer fit in its control.
- Remove a spurious inclusion of ntsecapi.h and work around
conditioned symbol definition in the Vista Platform SDK.
-- netidmgr.exe
- Fix the menu creation code to correctly tag the default action so
that it will be rendered properly.
- Update the menu enumeration code to use documented functions instead
of accessing acton lists directly.
- Pool of per-identity actions now include a set of actions for
obtaining credentials for specific identities.
- The default action performed when the notification icon is clicked
is now configurable. When displaying the context menu in the
notification area, the default action is highlighted.
- Remove unnecessary handlers from the notifcation event handler.
- Only handle NIN_SELECT instead of both NIN_SELECT and WM_LBUTTONUP
in the notification event handler. When the user clicks the
notication icon, both events are generated. NIN_SELECT is canonical.
- When the handling NIN_BALLOONUSERCLICK in the notification event
handler, reset balloon_alert before displaying any new alerts so
that we won't overwrite it later.
- Reset the notification alert icon after displaying an alert.
- If a renewal fails, the displayed alert contains a button that the
user can click to initiate the process of acquiring new credentials
for the identity.
- Alerts can optionally dispatch the commands that were added to it
using the KHUI_ALERT_FLAG_DISPATCH_CMD flag.
- Increase the size of the About dialog.
- Correct the action text for the IDS_ACTION_OPEN_APP and
IDS_ACTION_CLOSE_APP to say 'Show' and 'Hide' instead of 'Open' and
'Close'. These actions only control the visible state of the NIM
window.
- Add additional notification which signals that the commandline has
finished processing.
- Add an 'acquire' action to the per-identity actions.
- The per identity actions (renew, destroy, acquire) now have useful
captions, names and tooltips.
- Use WM_NEXTDLGCTL message when changing the focus of dialog
controls. SetFocus() is insufficient.
- If we get a request to show a new credential acquisition dialog and
we are already showing one, bring that one to the foreground instead
of trying to display a new one or waiting quietly.
- New configuration schema for the UI that include definitions for the
new default view.
- The alerter window can now show more than one alert at once.
- If we are about to show queued alerts, then check if the alerts that
are waiting are related and if they can be grouped together. If so,
show them in a single alert window instead of multiple ones.
- If new alerts are issued while a set of alerts are being displayed
and if the new alert is related to the alerts that are being
displayed, then add the new alert to the list being displayed.
- Make sure we have a lock on the alert when we are manipulating or
accessing it.
- Set the focus to the correct control when displaying an alert.
- When adding alerts from the alert queue, make sure we iterate
through the queue properly.
- Allow keyboard navigation inside the alert window and support scroll
bars.
- Check if we have a valid code pointer before invoking a UI callback.
- Make sure the main window is in the normal configuration before
switching to a layout that rquires it.
- When moving the main window around, if it comes close to an edge of
the working area of the display, snap to it.
- Maintain two sets of settings for the main window placement. One
for the mini mode and one for the normal mode.
- When processing saved window placement information from the
configuration, handle docking hints which note which edges of the
screen the main window should be adjacent to, if any.
- Switching to the 'Basic' view disables the layout and column
selection menus.
- Position the new credentials dialog above the main window if the
main window is visible.
- The alert that is displayed to indicate that an identity has
expired, now contains a command button that can be used to invoke
the new credentials dialog for that identity.
-- source
- Update the documentation to reflect the change in behavior regarding
KHUI_ACTIONREF_DEFAULT in khui_menu_insert_action() and
khui_menu_insert_paction().
- Remove notes about menu access functions being not thread safe.
This is no longer true.
- Update the documentation for khui_alert_show() to document new
behavior regarding KHUI_ALERT_FLAG_DISPATCH_CMD.
- Update documentation to indicate which KHUI_ALERT_FLAG_* flags are
internal and document the new KHUI_ALERT_FLAG_DISPATCH_CMD flag.
- Augment the queue handling macros to support additional operations.
Also add new tree data structure with an ordered list of children.
- Code reorganization to reuse code for obtaining the caption and
tooltip for a system defined action in netidmgr.exe.
ticket: 5478
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19338
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 03:09:14 +0000 (03:09 +0000)]
pull up r19237 from trunk
r19237@cathode-dark-space: jaltman | 2007-03-20 03:13:18 -0400
ticket: new
subject: Enable Vista support for MSLSA
tags: pullup
The MSLSA: ccache type when used on Windows Vista can take advantage of an ability to write tickets to the LSA credential cache for the current logon session. This is possible due to the addition of the KERB_SUBMIT_TICKET interface.
Also new to Vista is the CACHE_INFO_EX2 interface which permits a much more efficient method of enumerating the contents of the LSA credential cache.
The code to take advantage of these features has been present for more than a year. However, due to the lack of a public SDK that included the necessary data structures the functionality has been disabled. As of this commit, the functionality will be enabled if the version of NTSecAPI.h includes TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS. This is a preprocessor symbol that is new to the Vista SDK.
In order to build with the new Vista functionality when using the XP SP2 SDK, the NTSecAPI.h file from the Vista SDK must be used in place of the version from the XP SP2 SDK.
This commit also addresses the issues associated with the inability to read session keys from a UAC limited process. When UAC limitation is detected by examining the process token elevation level all access to the MSLSA contents is disabled. At some point in the future we can implement an elevated COM service in order to obtain access to the session keys.
ticket: 5477
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19337
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 03:09:02 +0000 (03:09 +0000)]
pull up r19289 from trunk
r19289@cathode-dark-space: jaltman | 2007-03-27 09:37:30 -0400
ticket: 5469
This commit addresses several issues:
(1) The registry key used for activating event reporting to
the Windows application log was wrong. It should be
"NetworkProvider" not "Network Provider"
(2) Event logging of the state of the "Debug" value has been
added so that it is possible to debug the use of event
reporting.
(3) The code no longer performs the pre-kinit operations
if a password was not provided.
(4) A new function KFW_copy_file_cache_to_api_cache() has
been added. This is used instead of
KFW_copy_file_cache_to_default_cache() permitting the
default cache to be MSLSA, FILE, or anything else.
The API cache name will be of the form API:principal
just as is done by Network Identity Manager.
ticket: 5469
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19336
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 03:08:51 +0000 (03:08 +0000)]
pull up r19240 from trunk
r19240@cathode-dark-space: jaltman | 2007-03-21 00:48:09 -0400
ticket: 5469
When using the Vista SDK version of NTSecAPI.h it is necessary
to ensure the _WIN32_WINNT have a value of 0x0501 or greater.
Otherwise, required LSA type declarations are undeclared.
Provide a registry value that can be set to turn on Application
Event log messages for debugging.
HKLM\System\CurrentControlSet\Services\MIT Kerberos\Network Provider
DWORD "Debug"
Ensure that KFW_obtain_user_temp_directory() returns a value on
error.
Correct the declaration of KFW_copy_cache_to_system_file()
to match the prototype.
ticket: 5469
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19335
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 03:08:33 +0000 (03:08 +0000)]
pull up r19221 from trunk
r19221@cathode-dark-space: jaltman | 2007-03-13 02:35:13 -0400
ticket: new
subject: KFW: Vista Integrated Logon
component: windows
On Windows Vista the GINA architecture was removed. As a side
effect the support for the Logon Event Handlers was also removed.
The KFW Integrated Logon functionality relies on the "Logon"
event handler to migrate the user's tickets from a secure FILE:
ccache to an API: ccache so that the tickets will be available
to NetIDMgr and all other Kerberos applications.
This functionality is especially important on Vista for
accounts that are members of the Administrators group because
the User Account Control (UAC) restricts access to the session
keys of all tickets in the MSLSA ccache. The only way for
tickets to be made available to MIT Kerberos applications is
by obtaining them within the Network Provider and pushing them
into the Logon Session.
This patch replaces the missing Logon Event Handler support
with a new exported function "LogonEventHandler" which adheres
to the rundll32.exe specifications. The "LogonEventHandler"
function accepts as input the name of a FILE ccache and moves
the contents into an API: ccache and then deletes the FILE
ccache.
In order for this to work the FILE ccache must be owned by
the account that was used to logon to the current session.
The NPLogonNotify() function must therefore lookup the SID
for the active account, assign an appropriate DACL to the
ccache file, and change the owner. In addition, when Vista
is in use a LogonScript must be constructed that will perform
the call to rundll32.exe.
Other changes include altering the prototype of
KFW_copy_ccache_system_file to accept a filename instead of
the LogonID. This improves the abstraction and allows the
filename to be computed once and passed into multiple
functions from NPLogonNotify().
Many debugging calls were added to assist with implementation.
#define DEBUG 1 at the top of kfwcommon.c when you wish to
build with debugging that generates entries in the Windows
Application Event Viewer.
It is important to note that Integrated Logon attempts to
logon the username within the default realm within the
krb5.ini file using the provided password. This is so
a local machine account name matching the default realm
can obtain Kerberos tickets by synchronizing the password.
ticket: 5469
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19334
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:55:34 +0000 (00:55 +0000)]
pull up r19204 from trunk
r19204@cathode-dark-space: hartmans | 2007-03-02 19:49:58 -0500
Back out windows specific makefile change
ticket: 5457
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19333
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:55:21 +0000 (00:55 +0000)]
pull up r19203 from trunk
r19203@cathode-dark-space: kpkoch | 2007-03-02 16:44:07 -0500
ticket: 5457
subject: More existence tests; path update
tags: pullup
Modify remainder of Makefiles that were sensitive to identity/obj or other cleaned files not being present.
Update util/et/Makefile.in to look for com_err.h in src/include, not src/include/src.
ticket: 5457
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19332
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:55:10 +0000 (00:55 +0000)]
pull up r19202 from trunk
r19202@cathode-dark-space: kpkoch | 2007-03-02 15:42:26 -0500
ticket: new
subject: Test for existence of identity/obj before try to delete files.
tags: pullup
ticket: 5457
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19331
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:54:58 +0000 (00:54 +0000)]
pull up r19190 from trunk
r19190@cathode-dark-space: jaltman | 2007-02-28 02:10:33 -0500
ticket: new
subject: Windows - some apps define ssize_t as a preprocessor symbol
component: krb5-libs
tags: pullup
ticket: 5453
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19330
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:54:36 +0000 (00:54 +0000)]
pull up r19189 from trunk
r19189@cathode-dark-space: jaltman | 2007-02-28 02:01:21 -0500
ticket: new
subject: NIM Improved Alert Management
component: windows
This patch implements the new Alert Management functionality.
Many improvements to avoid race conditions and improve resource
tracking.
ticket: 5452
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19329
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:36:20 +0000 (00:36 +0000)]
pull up r19154 from trunk
r19154@cathode-dark-space: jaltman | 2007-02-12 09:54:28 -0500
ticket: new
subject: hack to permit GetEnvironmentVariable usage without requiring getenv() conversion
tags: pullup
Windows has a major flaw when it comes to the use of getenv/putenv.
getenv/putenv do not modify the actual environment of the process.
Instead, they modify a copy of the environment block at the time the
C Runtime Library was initialized for the current module. In other
words, the C Runtime Library environment block for the executable
is not the same as the C Runtime Library environment block for the
krb5_32.dll library, etc.
This results in problems when a process wants to set the default
ccache name outside the krb5_context. The krb5_context default ccname
disappears when the context is destroyed. gss_acquire_cred() suffers
from the creation and destruction of krb5_contexts and therefore the
krb5_context default ccname cannot be used to set a default ccname.
Instead, the process environment must be used.
In order to modify the process environment, SetEnvironmentVariable()
must be used. However, this does not result in the C Runtime Library
environment blocks being updated. putenv() does not see the definition
of "KRB5CCNAME".
This patch modifies get_os_ccname() for Windows to check
GetEnvironmentVariable() before checking the registry. This hack will
work as long as there is no "KRB5CCNAME" variable in the C Runtime
Library environment block.
The long term solution is to replace all calls to getenv and putenv
with GetEnvironmentVariable/SetEnvironmentVariable for Windows.
ticket: 5437
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19328
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:36:08 +0000 (00:36 +0000)]
pull up r19125 from trunk
r19125@cathode-dark-space: jaltman | 2007-01-30 06:23:59 -0500
ticket: 5419
Conditionalize ssize_t declaration
ticket: 5419
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19327
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:35:56 +0000 (00:35 +0000)]
pull up r19123 from trunk
r19123@cathode-dark-space: jaltman | 2007-01-30 06:17:35 -0500
ticket: new
subject: Microsoft Windows Visual Studio does not define ssize_t
tags: pullup
Microsoft defines size_t but not ssize_t.
Provide a definition in win-mac.h that follows the style
used by Microsoft providing a preprocessor macro
SSIZE_T_DEFINED which can be used for conditional
definition and testing in case Microsoft decides to add
it later.
ticket: 5419
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19326
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:35:43 +0000 (00:35 +0000)]
pull up r19122 from trunk
r19122@cathode-dark-space: jaltman | 2007-01-30 06:02:32 -0500
ticket: new
subject: KFW: 32-bit builds use the pismere krbv4w32.dll library
tags: pullup
Only the 32-bit builds should use the pismere krbv4w32.dll
library. Pismere does not provide 64-bit support.
ticket: 5418
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19325
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:35:31 +0000 (00:35 +0000)]
pull up r19124 from trunk
r19124@cathode-dark-space: jaltman | 2007-01-30 06:22:45 -0500
ticket: 5414
The fix for the command line race conditions
broke the ability to cancel and restart the
Obtain New Credentials dialog
ticket: 5414
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19324
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:35:18 +0000 (00:35 +0000)]
pull up r19110 from trunk
r19110@cathode-dark-space: jaltman | 2007-01-23 19:09:13 -0500
ticket: new
subject: NIM Bug Fixes
component: windows
Document User Interface Callbacks
Fix a race condition when performing renewal actions
triggered by command line parameters.
When importing credentials, kickoff a renewal after
the credentials after the API: ccache is created.
Another fix for identity expiration states. This one
fixes the behavior of the system tray icon.
ticket: 5414
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19323
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:35:04 +0000 (00:35 +0000)]
pull up r19078 from trunk
r19078@cathode-dark-space: jaltman | 2007-01-20 00:50:41 -0500
ticket: new
subject: KFW MSI installer corrections
tags: pullup
component: windows
Add missing registry keys and values for
Network Identity Manager plug-ins.
Correct short names.
ticket: 5409
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19322
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:34:52 +0000 (00:34 +0000)]
pull up r19101 from trunk
r19101@cathode-dark-space: jaltman | 2007-01-20 17:21:13 -0500
ticket: 5408
small fixes
ticket: 5408
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19321
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:34:40 +0000 (00:34 +0000)]
pull up r19100 from trunk
r19100@cathode-dark-space: jaltman | 2007-01-20 16:10:10 -0500
ticket: 5408
Move files to their correct location
ticket: 5408
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19320
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:34:24 +0000 (00:34 +0000)]
pull up r19077 from trunk
r19077@cathode-dark-space: jaltman | 2007-01-20 00:42:30 -0500
ticket: new
subject: NIM - Context sensitive system tray menu and more
component: windows
Adds context sensitive menus for renew and destroy
to the system tray menu. Select either all identities
or one of the identities with credentials.
Increases the API to 1.1.9 and adds a new interactive
callback mechanism.
ticket: 5408
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19319
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:34:11 +0000 (00:34 +0000)]
pull up r19069 from trunk
r19069@cathode-dark-space: jaltman | 2007-01-18 07:43:58 -0500
ticket: new
subject: NIM Kerberos 5 Provider corrections
tags: pullup
component: windows
When validating a Kerberos 5 principal name, the request
to the KDC should not request forwardable, renewable, or
proxiable options as these may be blocked by policy and
will result in the return of an error.
Always treat the Kerberos 5 principal name as valid
unless the KDC returns an error that clearly indicates that
the principal name does not exist.
Use a MEMORY: ccache for temporary storage instead of an
API: ccache.
Initialize pointer values with NULL instead of 0.
ticket: 5400
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19318
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:33:58 +0000 (00:33 +0000)]
pull up r19068 from trunk
r19068@cathode-dark-space: jaltman | 2007-01-18 07:39:06 -0500
ticket: new
subject: NIM Correct Visual Identity Expiration Status
tags: pullup
component: windows
The visual status for the identities in NIM 1.1 was based
upon the highest alert status of any credential that was
associated with the identity. The correct behavior that is
now implemented is that the identity status should be based
solely upon the expiration state of the credentials obtained
by the identity provider.
For example, the Kerberos v5 identity provider will based the
identity expiration status on the initial TGT. Service tickets
with short lifetimes that expire do not prevent the acquisition
of additional service tickets. Therefore, the identity should
not be listed as expired.
ticket: 5399
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19317
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:33:45 +0000 (00:33 +0000)]
pull up r19067 from trunk
r19067@cathode-dark-space: jaltman | 2007-01-18 07:33:47 -0500
ticket: new
subject: NIM Kerberos v4 configuration dialog
tags: pullup
The Kerberos v4 options for individual identities
was never wired. The controls were visible but they
did not do anything. Implement them now for NIM 1.2.
ticket: 5398
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19316
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:33:32 +0000 (00:33 +0000)]
pull up r19066 from trunk
r19066@cathode-dark-space: jaltman | 2007-01-18 07:31:23 -0500
ticket: new
subject: NIM string tables
tags: pullup
Update the string tables for NIM so that they are consistent.
Always use "Kerberos v5" or "Kerberos v4". Refer to credentials
instead of tickets. Do not abbreviate "Network Identity Manager".
Etc.
ticket: 5397
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19315
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:33:19 +0000 (00:33 +0000)]
pull up r19061 from trunk
r19061@cathode-dark-space: jaltman | 2007-01-14 03:04:46 -0500
ticket: new
subject: kfw wix installer - memory overwrite error
tags: pullup
component: windows
The custom handler allocates a buffer that is smaller
than is required to hold the input. Allocate the correct
sized buffer.
ticket: 5353
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19314
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:33:07 +0000 (00:33 +0000)]
pull up r19060 from trunk
r19060@cathode-dark-space: jaltman | 2007-01-13 12:08:28 -0500
ticket: new
component: windows
tags: pullup
subject: Update to KFW NSIS installer
Update copyright date, samples directory, and shortcut
to NetIDMgr documentation
ticket: 5344
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19313
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 30 Mar 2007 00:32:53 +0000 (00:32 +0000)]
pull up r19059 from trunk
r19059@cathode-dark-space: jaltman | 2007-01-13 12:04:44 -0500
ticket: new
subject: updated Windows README
tags: pullup
component: windows
Revise the readme text for Windows. Remove references
to old beta SDKs.
ticket: 5343
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19312
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 29 Mar 2007 21:36:50 +0000 (21:36 +0000)]
pull up r19208 from trunk
r19208@cathode-dark-space: raeburn | 2007-03-05 18:51:22 -0500
ticket: new
subject: osf1: get proper library dependencies installed
target_version: 1.6.1
tags: pullup
The LDCOMBINE setting for Tru64 left out $(CFLAGS), which meant the
-pthread option wasn't being passed in, so the libraries didn't
indicate a dependency on the pthread library despite the fact that we
need it unconditionally (if thread support is enabled). Including
$(CFLAGS) should fix this.
Our own binaries get linked with -pthread anyways, so they build okay,
but other binaries trying to link against or load our libraries could
have problems.
ticket: 5458
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19311
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 29 Mar 2007 21:36:38 +0000 (21:36 +0000)]
pull up r19196 from trunk
r19196@cathode-dark-space: raeburn | 2007-02-28 21:19:41 -0500
ticket: new
target_version: 1.6.1
tags: pullup
subject: valgrind detects uninitialized (but really unused) bytes in 'queue'
The gsstest program exports a GSSAPI security context to a blob in
memory, writes that memory to a file, and reads it back to use it.
Under valgrind, the writing phase triggers a warning about
uninitialized storage.
The "queue" structure as implemented in generic/util_ordering.c holds
an array of values, some of which may never be initialized. As far as
I can tell, those uninitialized values are never used before being
initialized, either, but valgrind doesn't know that.
This patch zaps the structure contents (including the array) before
using the queue object.
ticket: 5455
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19310
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 29 Mar 2007 21:36:26 +0000 (21:36 +0000)]
pull up r19039 from trunk
r19039@cathode-dark-space: raeburn | 2007-01-08 17:51:23 -0500
ticket: new
subject: create KDC database directory
The default directory for the KDC database files doesn't exist after a
normal "make install". Reported by Jeff Blaine.
* Makefile.in (INSTALLMKDIRS): Add var (really localstatedir) and var/krb5kdc
to directories to be created at "make install" time, even though it'll be
empty on most machines (since most probably aren't KDCs).
ticket: 5294
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19309
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 29 Mar 2007 21:36:12 +0000 (21:36 +0000)]
pull up r19038 from trunk
r19038@cathode-dark-space: raeburn | 2007-01-08 17:41:01 -0500
ticket: new
subject: crash creating db2 database in non-existent directory
* kdb_db2.c (krb5_db2_db_create): If the creation of the first database file
fails, return the error, instead of attempting to create the second (and using
a null pointer as an input string in formatting a filename).
Reported by Jeff Blaine.
ticket: 5293
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19308
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Mon, 19 Mar 2007 21:17:02 +0000 (21:17 +0000)]
pullup from trunk
------------------------------------------------------------------------
r19235 | lxs | 2007-03-19 16:21:54 -0400 (Mon, 19 Mar 2007) | 9 lines
ticket: new
target_version: 1.6.1
tags: pullup
subject: Zero sockaddrs in fai_add_entry() so we can compare them with memcmp()
If we don't zero the struct sockaddrs in fai_add_entry() then any sin_zero
fields will be left as random memory and the memcmp() will return that the
addresses are different even if they aren't.
------------------------------------------------------------------------
ticket: 5476
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19236
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 10 Mar 2007 04:10:59 +0000 (04:10 +0000)]
Back out changes accidentally made to branch instead of trunk
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19220
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 10 Mar 2007 03:56:06 +0000 (03:56 +0000)]
Simple signed/unsigned fixes
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19219
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 10 Mar 2007 03:55:03 +0000 (03:55 +0000)]
Simple signed/unsigned fixes
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19218
dc483132-0cff-0310-8789-
dd5450dbe970
Ken Raeburn [Sat, 10 Mar 2007 03:54:08 +0000 (03:54 +0000)]
Need stdio.h to print no-krb4 warning
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19217
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 1 Mar 2007 20:29:57 +0000 (20:29 +0000)]
pull up r19195 from trunk
r19195@cathode-dark-space: jaltman | 2007-02-28 20:49:11 -0500
ticket: new
subject: krb5_get_cred_from_kdc fails to null terminate the tgt list
tags: pullup
if the next tgt in a cross-realm traversal cannot be
obtained find_nxt_kdc() was calling krb5_free_creds()
on the last tgt in the list but was failing to nullify
the pointer to the cred that was just freed.
if there were no additional tgts obtained,
krb5_get_cred_from_kdc() would return a non-NULL terminated
cred list to the caller. This would result in a crash
when attempting to manipulate the non-existent cred past
the end of the list.
This commit nullifies the credential pointer in
find_nxt_kdc() after the call to krb5_free_creds()
ticket: 5454
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19197
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 27 Feb 2007 22:49:00 +0000 (22:49 +0000)]
pull up r19139 from trunk
r19139@cathode-dark-space: rra | 2007-02-03 13:33:23 -0500
Ticket: 2724
Component: krb5-doc
Target_Version: 1.6.1
Tags: pullup
The default K4 compatibility mode is now none, not preauth. Also document
that the valid values for v4_mode are the valid arguments to the -4 flag
to krb5kdc.
ticket: 2724
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19188
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 27 Feb 2007 22:41:36 +0000 (22:41 +0000)]
pull up r19172 from trunk
r19172@cathode-dark-space: raeburn | 2007-02-23 19:58:05 -0500
ticket: 5445
status: open
When importing a name with a valid (non-null) handle but a zero
length, set GSS_S_BAD_NAME but not GSS_S_CALL_INACCESSIBLE_READ.
ticket: 5445
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19187
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 27 Feb 2007 22:41:24 +0000 (22:41 +0000)]
pull up r19171 from trunk
r19171@cathode-dark-space: raeburn | 2007-02-23 19:56:23 -0500
ticket: 5445
status: open
If a reflection is detected, zap the message buffer pointer output
argument as well as actually freeing the buffer. (Found while using
the gsstest option to exercise error conditions.)
ticket: 5445
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19186
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 27 Feb 2007 22:41:09 +0000 (22:41 +0000)]
pull up r19170 from trunk
r19170@cathode-dark-space: raeburn | 2007-02-22 17:57:34 -0500
ticket: 5445
status: open
Initialize "loopback" field in newly allocated name structure.
ticket: 5445
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19185
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 13 Feb 2007 05:18:37 +0000 (05:18 +0000)]
back-port k5-int.h change to krb5.hin
ticket: 5349
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19163
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 13 Feb 2007 05:18:28 +0000 (05:18 +0000)]
pull up r19159 from trunk
r19159@cathode-dark-space: tlyu | 2007-02-12 19:35:48 -0500
ticket: 5349
rename krb5_server_decrypt_ticket_keyblock() to
krb5int_server_decrypt_ticket_keyblock()
ticket: 5349
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19162
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 13 Feb 2007 05:18:19 +0000 (05:18 +0000)]
pull up r19063 from trunk
r19063@cathode-dark-space: raeburn | 2007-01-16 18:29:46 -0500
ticket: 5349
Fix typo in checked-in version.
ticket: 5349
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19161
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 13 Feb 2007 05:18:04 +0000 (05:18 +0000)]
pull up r19062 from trunk
r19062@cathode-dark-space: jaltman | 2007-01-15 23:18:02 -0500
ticket: 5349
tags: pullup
This commit adds two new functions, krb5_server_decrypt_ticket_keyblock
(private) and krb5_server_decrypt_ticket_keytab (public). These
functions take a krb5_ticket as input and decrypt it using the provided
key data. The public function is useful for higher level application
protocols such a TLS-KRB5 and AFS RX-KRB5 which exchange a service
but do not use the AP-REQ/AP-REP messages.
This commit also adds new functionality to kvno which permits kvno
when provided a keytab as input to verify whether or not the keytab
contains a key that can successfully decrypt the obtains service ticket.
ticket: 5349
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19160
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 5 Feb 2007 23:45:39 +0000 (23:45 +0000)]
Delete krb5_get_init_creds_opt_set_pkinit, somehow missed in merges
ticket: 5420
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19151
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 5 Feb 2007 23:45:29 +0000 (23:45 +0000)]
pull up r19085 from trunk
This is needed to deal with changes to the def-check run required by
the API changes.
r19085@cathode-dark-space: raeburn | 2007-01-20 07:13:15 -0500
Handle function names immediately preceded by "*", like "*strdup"
in k5-int.h+krb5.h.
ticket: 5420
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19150
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 5 Feb 2007 23:45:17 +0000 (23:45 +0000)]
pull up r19131 from trunk
r19131@cathode-dark-space: tlyu | 2007-01-30 19:53:11 -0500
ticket: 5420
status: open
Fix merge botches:
restore krb5_get_init_creds_opt_set_change_password_prompt()
undo accidental reversion of preauth_tryagain change to
krb5_get_init_creds()
ticket: 5420
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19149
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 5 Feb 2007 23:45:07 +0000 (23:45 +0000)]
pull up r19130 from trunk
r19130@cathode-dark-space: tlyu | 2007-01-30 19:52:59 -0500
ticket: 5420
status: open
remove krb5_get_init_creds_opt_set_pkinit() for now
ticket: 5420
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19148
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 5 Feb 2007 23:45:00 +0000 (23:45 +0000)]
krb5-1.6-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19147
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 5 Feb 2007 23:44:50 +0000 (23:44 +0000)]
pull up r19128 from trunk
r19128@cathode-dark-space: tlyu | 2007-01-30 16:40:20 -0500
ticket: 5420
status: open
update def-check to look at preauth_plugin.h
ticket: 5420
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19146
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 5 Feb 2007 23:44:34 +0000 (23:44 +0000)]
pull up r19127 from trunk
r19127@cathode-dark-space: tlyu | 2007-01-30 16:38:47 -0500
ticket: new
status: open
subject: get_init_creds_opt extensibility
component: krb5-libs
r18922@cathode-dark-space: coffman | 2006-12-04 18:30:15 -0500
First cut at making the get_init_creds_opt structure extendable
and adding library functions to set options for preauthentication
plugins.
This does *not* include a compatibility function to work like
Heimdal's krb5_get_init_creds_opt_set_pkinit() function.
Hopefully, the test code that doesn't belong in kinit.c is
obvious.
r18929@cathode-dark-space: coffman | 2006-12-07 10:01:20 -0500
Remove extra "user_id" parameter.
Add function which duplicates the Heimdal interface (if we can agree on
what the matching attribute names should be).
r18934@cathode-dark-space: coffman | 2006-12-08 15:28:03 -0500
Update to use the simplified interface for krb5_get_init_creds_opt_set_pa()
Add code in kinit to process "-X" options as preauth options and pass
them along.
r18936@cathode-dark-space: coffman | 2006-12-11 12:04:26 -0500
Move prototypes for get_init_creds_opt_get_pa() and
krb5_get_init_creds_opt_free_pa() into the
preauth_plugin.h header rather than krb5.hin.
ticket: 5420
status: open
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19145
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 27 Jan 2007 02:07:08 +0000 (02:07 +0000)]
pull up r19104 from trunk
r19104@cathode-dark-space: jaltman | 2007-01-22 20:18:17 -0500
ticket: new
subject: kt_file.c memory leak on error in krb5_kt_resolve / krb5_kt_wresolve
tags: pullup
The krb5_kt_resolve and krb5_kt_wresolve functions leak the 'data'
memory allocation if the lock cannot be initialized.
ticket: 5410
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19113
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 26 Jan 2007 22:01:06 +0000 (22:01 +0000)]
pull up r19070 from trunk
r19070@cathode-dark-space: jaltman | 2007-01-18 10:28:07 -0500
ticket: 5393
tags: pullup
In addition to setting the kpasswd port after
searching for kadmind host addresses we must also
set the socket type according to the request.
ticket: 5393
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19112
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 24 Jan 2007 21:35:30 +0000 (21:35 +0000)]
pull up r19065 from trunk
r19065@cathode-dark-space: jaltman | 2007-01-18 06:35:33 -0500
ticket: 5394
tags: pullup
sendto_kdc.c: use of a variable index into a dynamically
allocated array to determine the sizeof() an object makes
it unclear what type of object is involved. It also requires
a runtime check instead of a compile time replacement.
Not to mention that it could lead to the evaluation of an
uninitialized variable as was done in this case. Replace
sizeof(array index variable) with sizeof(type).
memset() the correct data structure.
ticket: 5394
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19111
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 20 Jan 2007 00:20:53 +0000 (00:20 +0000)]
pull up r19022 from trunk
r19022@cathode-dark-space: epeisach | 2006-12-30 01:09:25 -0500
ticket: 5233
tags: pullup
If gss_krb5int_unseal_token_v3() unwraps a message of length 0 - free
memory and return in message_buffer a NULL pointer for value. This
is consistant with gss_release_buffer in the mechglue implementation in which
memory is only freed if the buffer length != 0.
ticket: 5233
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19074
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Sat, 20 Jan 2007 00:20:40 +0000 (00:20 +0000)]
pull up r19021 from trunk
r19021@cathode-dark-space: epeisach | 2006-12-30 01:05:12 -0500
subject: memory leak if defective header present in gss_krb5int_unseal_token_v3
ticket: new
tags: pullup
If after unsealing the message, the TOK_ID is not 05 04, free memory
before returning a defective token error.
ticket: 5238
version_fixed: 1.6.1
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19073
dc483132-0cff-0310-8789-
dd5450dbe970
Alexandra Ellwood [Thu, 18 Jan 2007 23:27:30 +0000 (23:27 +0000)]
Pullup from trunk
r19071 | lxs | 2007-01-18 18:24:13 -0500 (Thu, 18 Jan 2007) | 6 lines
ticket: 5403
Added KDC timesyncing support to the CCAPI ccache backend for CCAPI v5
and later. v5 is the first version of the CCAPI to support the kdc
timesyncing API.
ticket: 5403
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19072
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 9 Jan 2007 23:59:45 +0000 (23:59 +0000)]
fix typo
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19047
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 9 Jan 2007 23:59:38 +0000 (23:59 +0000)]
README and patchlevel.h for krb5-1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19046
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 9 Jan 2007 20:21:43 +0000 (20:21 +0000)]
pull up r19043 from trunk
r19043@cathode-dark-space: tlyu | 2007-01-09 14:45:25 -0500
ticket: new
target_version: 1.6
tags: pullup
subject: MITKRB5-SA-2006-003: mechglue argument handling too lax
component: krb5-libs
Fix mechglue argument checks so that output pointers are always
initialized regardless of whether the other arguments fail to validate
for some reason. This avoids freeing of uninitialized pointers.
Initialize the gss_buffer_descs in ovsec_kadmd.c.
ticket: 5302
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19045
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 9 Jan 2007 20:21:31 +0000 (20:21 +0000)]
pull up r19042 from trunk
r19042@cathode-dark-space: tlyu | 2007-01-09 14:45:10 -0500
ticket: new
target_version: 1.6
tags: pullup
subject: MITKRB5-SA-2006-002: svctcp_destroy() can call uninitialized function pointer
component: krb5-libs
Explicitly null out xprt->xp_auth when AUTH_GSSAPI is being used, so
that svctcp_destroy() will not call through an uninitialized function
pointer after code in svc_auth_gssapi.c has destroyed expired state
structures. We can't unconditionally null it because the RPCSEC_GSS
implementation needs it to retrieve state.
ticket: 5301
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19044
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 9 Jan 2007 01:06:04 +0000 (01:06 +0000)]
pull up r19036 from trunk
r19036@cathode-dark-space: rra | 2007-01-05 16:42:38 -0500
Ticket: 5279
Subject: Document what the kadmind ACL is for
Component: krb5-doc
Version_Reported: 1.5.1
Target_Version: 1.6
Tags: pullup
Add a sentence documenting the purpose of the kadmind ACL to the node
explaining how to create it.
ticket: 5279
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19041
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 9 Jan 2007 01:05:52 +0000 (01:05 +0000)]
pull up r19035 from trunk
r19035@cathode-dark-space: rra | 2007-01-04 17:32:41 -0500
ticket: new
Subject: Document KDC behavior without stash file
Component: krb5-doc
Version_Reported: 1.5.1
Target_Version: 1.6
Tags: pullup
After the discussion of the optional stash file, document the effects of
not creating a stash file.
ticket: 5271
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19040
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 4 Jan 2007 00:27:26 +0000 (00:27 +0000)]
pull up r19031 from trunk
r19031@cathode-dark-space: raeburn | 2007-01-03 18:54:25 -0500
ticket: 5260
* ldap_principal.c (attributes_set): Swap first two elements.
Also add comments indicating that this array and the KDB_*_ATTR macros
need to be in sync.
ticket: 5260
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19034
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 4 Jan 2007 00:27:17 +0000 (00:27 +0000)]
pull up r19030 from trunk
r19030@cathode-dark-space: raeburn | 2007-01-03 18:15:55 -0500
ticket: new
subject: update ldap/Makefile.in for newer autoconf substitution requirements
target_version: 1.6
tags: pullup
The other makefile.in files have had the makefile-fragment
substitution lines updated to not have "#" at the front, because some
recent versions of autoconf require that the @-pattern start at the
beginning of the line. We missed plugins/kdb/ldap/Makefile.in at the
time.
Patch from Michael Calmer.
ticket: 5265
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19033
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 4 Jan 2007 00:27:06 +0000 (00:27 +0000)]
pull up r19029 from trunk
r19029@cathode-dark-space: raeburn | 2007-01-03 17:53:33 -0500
ticket: 3906
tags: pullup
* Makefile.in (install): Install kdb5_ldap_util.M. Based on patch from
Michael Calmer.
ticket: 3906
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19032
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 3 Jan 2007 21:44:25 +0000 (21:44 +0000)]
pull up r19023 from trunk
r19023@cathode-dark-space: jaltman | 2006-12-31 11:24:54 -0500
ticket: new
subject: Repair broken links in NetIdMgr Help
tags: pullup
A small number of links contained the wrong root directory.
ticket: 5245
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19028
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Wed, 3 Jan 2007 21:44:14 +0000 (21:44 +0000)]
pull up r19020 from trunk
r19020@cathode-dark-space: rra | 2006-12-28 13:05:28 -0500
Ticket: new
Subject: Fix typo in user-guide.texinfo
Component: krb5-doc
Version_Reported: 1.4.4
Target_Version: 1.6
Tags: pullup
Typo fix (network instead of netword). Thanks, Matt Zagrabelny.
ticket: 5223
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19027
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 22 Dec 2006 22:56:43 +0000 (22:56 +0000)]
krb5-1.6-beta2-postrelease
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19015
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 22 Dec 2006 22:55:10 +0000 (22:55 +0000)]
patchlevel.h for krb5-1.6-beta2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19013
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 22 Dec 2006 22:55:03 +0000 (22:55 +0000)]
update for krb5-1.6-beta2
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19012
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 22 Dec 2006 04:28:09 +0000 (04:28 +0000)]
pull up r19009 from trunk
r19009@cathode-dark-space: raeburn | 2006-12-21 20:26:59 -0500
ticket: 4453
target_version: 1.6
tags: pullup
Some related changes were already in, and I found a couple more to make:
* ldap_realm.c (ldap_filter_correct): Change string argument to char *. Delete
length argument, which was always strlen of the string argument, and compute
it locally, using size_t instead of (unsigned) int for length-related values.
Update all calls.
* ldap_realm.h (ldap_filter_correct): Updated declaration.
* ldap_misc.c (remove_overlapping_subtrees): Add forward declaration. Make
static.
(is_principal_in_realm): Change local variable defrealmlen to size_t.
(store_tl_data): Change local variable curr to point to unsigned char, since
that's what the tl_data_contents array is declared as, and what the STORE16_INT
macro is happier with.
(krb5_ldap_get_reference_count): Make local variable i unsigned.
ticket: 4453
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19010
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Fri, 22 Dec 2006 01:21:33 +0000 (01:21 +0000)]
pull up r19007 from trunk
r19007@cathode-dark-space: tlyu | 2006-12-21 20:19:55 -0500
ticket: 5123
* src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): Fix
ordering bug in previous patch.
ticket: 5123
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19008
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 21 Dec 2006 22:27:40 +0000 (22:27 +0000)]
pull up r18976 from trunk
r18976@cathode-dark-space: tlyu | 2006-12-18 23:16:22 -0500
ticket: new
status: open
target_version: 1.6
subject: don't pass null pointer to krb5_do_preauth_tryagain()
* src/lib/krb5/krb/get_in_tkt.c (krb5_get_init_creds): If
the error isn't PREAUTH_NEEDED and preauth_to_use is null, return
the error in err_reply, rather than attempting to pass a null
pointer to krb5_do_preauth_tryagain().
ticket: 5123
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19006
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 21 Dec 2006 22:07:31 +0000 (22:07 +0000)]
pull up r19001 from trunk
r19001@cathode-dark-space: raeburn | 2006-12-20 16:40:20 -0500
ticket: new
subject: misc cleanups in admin guide ldap sections
target: 1.6
tags: pullup
There are a bunch of instances of incorrect punctuation, inconsistent
use of @-commands with option names, typos in names of principal
flags, and a couple spelling errors. I only fixed what I noticed; I
haven't subjected the rest to careful review.
Also, the long section names for eDirectory-specific documentation
cause the tar files generated for snapshots (which include generated
html docs) to reach the 100-character limit for file names in
traditional tar format; GNU tar can create archives holding them, but
older tar implementations cannot read the archives properly. So,
several eDirectory-related section names have been shortened.
ticket: 5152
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19005
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 21 Dec 2006 22:07:20 +0000 (22:07 +0000)]
pull up r19000 from trunk
r19000@cathode-dark-space: raeburn | 2006-12-20 16:12:35 -0500
ticket: 5116
Merge r18962 to trunk, with minor tweaks; ready to merge to 1.6 branch.
Changes fix up some sample names used, remove some options described
from certain commands, and fix filling in man pages.
r18962: rsavitha | 2006-12-18 10:04:18 -0500
Changed paths:
M /mirror/krb5/users/rsavitha/ldap_plugin_patch/src/kadmin/cli/kadmin.M
M /mirror/krb5/users/rsavitha/ldap_plugin_patch/src/kadmin/server/kadmind.M
M /mirror/krb5/users/rsavitha/ldap_plugin_patch/src/kdc/krb5kdc.M
M /mirror/krb5/users/rsavitha/ldap_plugin_patch/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M
ticket: new
subject: minor ldap specific changes in man page
Target_Version: 1.6
Tags: pullup
Updated the man pages with some ldap specific changes
ticket: 5116
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19004
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Thu, 21 Dec 2006 22:07:10 +0000 (22:07 +0000)]
pull up r19002 from trunk
r19002@cathode-dark-space: tlyu | 2006-12-21 16:58:10 -0500
ticket: new
target_version: 1.6
tags: pullup
subject: don't split HTML output from makeinfo
* doc/Makefile (HTML): To avoid generating excessively long
filenames, don't split HTML output.
ticket: 5159
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19003
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Dec 2006 21:10:19 +0000 (21:10 +0000)]
pull up r18955 from trunk
r18955@cathode-dark-space: rra | 2006-12-15 21:08:40 -0500
ticket: new
subject: Add -clearpolicy to kadmin addprinc usage
Component: krb5-admin
Version_Reported: 1.4.4
Target_Version: 1.6
Tags: pullup
Add -clearpolicy to the usage message returned by kadmin when one types
addprinc without any arguments.
ticket: 5125
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18981
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Dec 2006 05:05:41 +0000 (05:05 +0000)]
pull up r18977 from trunk
r18977@cathode-dark-space: tlyu | 2006-12-18 23:16:30 -0500
ticket: new
target_version: 1.6
tags: pullup
component: krb5-libs
subject: use KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC in preauth2.c
* src/lib/krb5/krb/preauth2.c (krb5_do_preauth_tryagain): Use
KRB5KRB_ERR_GENERIC, not KRB_ERR_GENERIC.
ticket: 5124
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18980
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Dec 2006 05:05:37 +0000 (05:05 +0000)]
pull up r18975 from trunk
r18975@cathode-dark-space: raeburn | 2006-12-18 20:31:11 -0500
ticket: 5121
tags: pullup
ktfns.c (krb5_kt_get_entry): If the supplied server principal has an empty
realm name, replace it with the default realm, in a private copy.
ticket: 5121
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18979
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Dec 2006 05:05:32 +0000 (05:05 +0000)]
pull up r18974 from trunk
r18974@cathode-dark-space: raeburn | 2006-12-18 20:28:32 -0500
ticket: 5121
status: open
krb5_is_referral_realm now takes a pointer to const krb5_data, since it doesn't
modify it.
ticket: 5121
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18978
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Dec 2006 00:23:40 +0000 (00:23 +0000)]
r18970@cathode-dark-space: tlyu | 2006-12-18 19:21:38 -0500
ticket: 5090
export krb5_get_init_creds_opt_set_change_password_prompt
ticket: 5090
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18971
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Dec 2006 00:12:47 +0000 (00:12 +0000)]
pull up r18954 from trunk
r18954@cathode-dark-space: jaltman | 2006-12-14 18:33:53 -0500
ticket: new
subject: krb5_get_init_creds_opt_set_change_password_prompt
krb5_get_init_creds_opt_set_change_password_prompt is a new
gic option that permits the prompter code to be skipped
when the password has expired. This option is meant to
be used by credential managers such as NetIDMgr and
Kerberos.app that have their own built in password change
dialogs.
This patch adds the new function, exports it on Windows,
and makes use of it within the Krb5 identity provider
for NetIDMgr.
The patch is written to ensure that no changes to the
krb5_get_init_creds_opt structure are required and
to ensure that the default behavior, prompting, is
maintained.
The export lists for UNIX and KFM must still be updated.
The function prototype was committed as part of ticket 3642.
ticket: 5090
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18969
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Dec 2006 00:12:42 +0000 (00:12 +0000)]
pull up r18931 from trunk
r18931@cathode-dark-space: jaltman | 2006-12-07 17:13:50 -0500
ticket: 3642
Undo revision 18930 which was not supposed to include this
file.
ticket: 3642
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18968
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Tue, 19 Dec 2006 00:12:32 +0000 (00:12 +0000)]
pull up r18930 from trunk
r18930@cathode-dark-space: jaltman | 2006-12-07 16:56:20 -0500
ticket: 3642
tags: pullup
Modifications to support the generation and embedding
of library manifests into generated EXEs and DLLs.
Manifests are required for Windows XP and above when
applications are built with Microsoft Visual Studio 2005
(aka VS8) or above.
ticket: 3642
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18967
dc483132-0cff-0310-8789-
dd5450dbe970
Tom Yu [Mon, 18 Dec 2006 23:11:28 +0000 (23:11 +0000)]
pull up r18961 from trunk
r18961@cathode-dark-space: epeisach | 2006-12-18 06:26:59 -0500
ticket: new
subject: krb5_rc_io_open_internal on error will call close(-1)
If there is an error in opening the replay cache - memory is freed, but
close() is invoked with -1 (failure from open()). While technically,
close() will return EBADF in such a case, and nothing bad will happen,
valgrind picks up on this and provides an error...
ticket: 5115
version_fixed: 1.6
git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@18966
dc483132-0cff-0310-8789-
dd5450dbe970