krb5.git
18 years ago * src/lib/krb5/ccache/t_cccursor.c: Bugfixes from Ezra to clean up
Tom Yu [Fri, 6 Oct 2006 21:43:02 +0000 (21:43 +0000)]
* src/lib/krb5/ccache/t_cccursor.c: Bugfixes from Ezra to clean up
memory leaks.

ticket: 4389
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18654 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoupdate export lists
Tom Yu [Fri, 6 Oct 2006 21:35:50 +0000 (21:35 +0000)]
update export lists

ticket: 4389
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18653 dc483132-0cff-0310-8789-dd5450dbe970

18 years agomake depend
Tom Yu [Fri, 6 Oct 2006 21:17:56 +0000 (21:17 +0000)]
make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18652 dc483132-0cff-0310-8789-dd5450dbe970

18 years agocursor for iterating over ccaches
Tom Yu [Thu, 5 Oct 2006 22:58:41 +0000 (22:58 +0000)]
cursor for iterating over ccaches

Some ccache back ends need per-type cursors implemented.

* src/include/k5-int.h: Declare krb5_cc_ptcursor.  Update
krb5_cc_ops vector to include functions for ptcursor and some
not-yet-implemented functionality.

* src/include/krb5/krb5.hin: Prototype krb5_cccol_cursor_new,
krb5_cccol_cursor_next, krb5_cccol_cursor_free.

* src/lib/krb5/ccache/Makefile.in: Compile cccursor.c.  Build
t_cccursor.

* src/lib/krb5/ccache/cccursor.c: Implementation of cursor for
iterating over ccaches.

* src/lib/krb5/ccache/ccbase.c: Add typecursor functionality for
iteration over registered ccache types.

* src/lib/krb5/ccache/cc_memory.c: Implmement per-type ccache
cursor functionality.

* src/lib/krb5/ccache/cc_mslsa.c:
* src/lib/krb5/ccache/cc_file.c:
* src/lib/krb5/ccache/ccapi/stdcc.c: Add place-holder ops vector
entries.

* src/lib/krb5/ccache/t_cccursor.c: New test of ccache cursor
functionality.

* src/lib/krb5/os/ccdefname.c (krb5int_cc_os_default_name): New
function to return the OS-specific default ccache name.

ticket: new
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18651 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago * kdc_preauth.c (return_padata): Allocate a padata context if not
Sam Hartman [Thu, 5 Oct 2006 21:28:58 +0000 (21:28 +0000)]
* kdc_preauth.c (return_padata): Allocate a padata context if not
already allocated.  In the preauth_required path check will not be
called to set up the context first.

ticket: 4377
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18650 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoPatch from Kevin Coffman:
Ken Raeburn [Thu, 5 Oct 2006 19:45:52 +0000 (19:45 +0000)]
Patch from Kevin Coffman:

- adds a function to get ccache keycount
- uses it in two places
- fixes free problem if next_cred fails
- simplifies the clearcache function by using keyctl_clear

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18649 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoignore generated source-tree files
Ken Raeburn [Thu, 5 Oct 2006 14:08:06 +0000 (14:08 +0000)]
ignore generated source-tree files

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18648 dc483132-0cff-0310-8789-dd5450dbe970

18 years agofix dependence on config.status to use correct dir
Ken Raeburn [Thu, 5 Oct 2006 14:05:40 +0000 (14:05 +0000)]
fix dependence on config.status to use correct dir

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18647 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoAdd decode_tagged_unsigned_integer, and try to fix signed/unsigned and
Ken Raeburn [Thu, 5 Oct 2006 13:17:59 +0000 (13:17 +0000)]
Add decode_tagged_unsigned_integer, and try to fix signed/unsigned and
long/int/int32 mixups in ASN.1 decoding.  Add comments describing encoding
of key data.  Don't always parenthesize safe_syncbuf arguments.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18646 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoset a more meaningful error message in asn1 decode failure case
Ken Raeburn [Thu, 5 Oct 2006 13:15:31 +0000 (13:15 +0000)]
set a more meaningful error message in asn1 decode failure case

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18645 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoexport krb5_ldap_create
Ken Raeburn [Thu, 5 Oct 2006 13:15:00 +0000 (13:15 +0000)]
export krb5_ldap_create

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18644 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoarray before test for pointing at entry with the principal. Avoids
Ezra Peisach [Wed, 4 Oct 2006 18:40:53 +0000 (18:40 +0000)]
array before test for pointing at entry with the principal. Avoids
buffer overflow for end of list.

Detected with a hacked up version of valgrind to handle keyring syscalls.

krb5_krcc_next_cred: Move initial test if pointing past end of key

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18643 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoThe keyring code introduced in r18638 also included tests of the KEYRING:
Ezra Peisach [Wed, 4 Oct 2006 10:44:28 +0000 (10:44 +0000)]
The keyring code introduced in r18638 also included tests of the KEYRING:
regardless of whether the type is registered or not in the library.

Test to see if KEYRING: is registered - and if so - run the tests on it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18642 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoPreauthentication Plugin Framework
Sam Hartman [Tue, 3 Oct 2006 19:07:17 +0000 (19:07 +0000)]
Preauthentication Plugin Framework

Patch from Nalin Dahyabhai at Redhat to implement a preauthentication
framework based on the plugin architecture.  Currently. the API is
considered internal and the header is not installed.
See src/include/krb5/preauth_plugin.h for the interface.

ticket: new
Tags: enhancement
Status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18641 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoconfigure: Depend on $(AUTOCONF_HEADER) so check-ac-syms will be happier
Ken Raeburn [Mon, 2 Oct 2006 23:14:59 +0000 (23:14 +0000)]
configure: Depend on $(AUTOCONF_HEADER) so check-ac-syms will be happier

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18640 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago(AUTOCONF_HEADER): Change to match file's target name
Ken Raeburn [Mon, 2 Oct 2006 23:14:17 +0000 (23:14 +0000)]
(AUTOCONF_HEADER): Change to match file's target name

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18639 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoMerge Kevin Coffman's keyring ccache branch for Linux, with some modifications:
Ken Raeburn [Mon, 2 Oct 2006 22:50:10 +0000 (22:50 +0000)]
Merge Kevin Coffman's keyring ccache branch for Linux, with some modifications:

aclocal.m4: Enable keyring ccache if the header and library are available; no
configure-time option.  No error if it's not found.

ccdefname.c: Keep old default of FILE: cache, at least for now.

libkrb5.exports: Don't export krb5_krcc_ops.

ccbase.c: Only initialize krb5int_krcc_mutex if USE_KEYRING_CCACHE; destroy it
in finalization.  Define INITIAL_TYPEHEAD macro (for file vs keyring), and use
it for initialization and in krb5int_cc_finalize.  Re-enable freeing of
additional registered-type structures.

cc_keyring.c: Avoid calls to com_err from within library.

cc_file.c: Punt change; generate_new is badly broken, and we expect to replace
it with a new API anyways.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18638 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoNuke old Saber-related stuff
Ken Raeburn [Mon, 2 Oct 2006 21:39:48 +0000 (21:39 +0000)]
Nuke old Saber-related stuff

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18637 dc483132-0cff-0310-8789-dd5450dbe970

18 years agokdc: make_toolong_error does not initialize all fields for krb5_mk_error
Ezra Peisach [Sun, 1 Oct 2006 12:05:20 +0000 (12:05 +0000)]
kdc: make_toolong_error does not initialize all fields for krb5_mk_error

network.c: make_too_long_error() fails to set the ctime and cusec elements of
the krb5_error structure. Valgrind detects errors in the asn.1 encoding
handlers in reading an unitialized value. Initialize to 0.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18635 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoUpdate expected results for krb5_get_host_realm with referral patches
Ken Raeburn [Sat, 30 Sep 2006 00:54:14 +0000 (00:54 +0000)]
Update expected results for krb5_get_host_realm with referral patches
installed.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18634 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago(get_errmsg): Check for errcode_2_string and release_errcode_string
Ken Raeburn [Fri, 29 Sep 2006 23:07:19 +0000 (23:07 +0000)]
(get_errmsg): Check for errcode_2_string and release_errcode_string
being null function pointers.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18633 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoFix AIX version of GET_HOST_BY_NAME to use TMP.ent for the result, not
Ken Raeburn [Thu, 28 Sep 2006 19:07:19 +0000 (19:07 +0000)]
Fix AIX version of GET_HOST_BY_NAME to use TMP.ent for the result, not
the no-longer-defined my_h_ent.

ticket: 4256

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18632 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoPatch from Will Fiveash for "kdb5_util create" support in LDAP, modified to
Ken Raeburn [Mon, 25 Sep 2006 21:17:42 +0000 (21:17 +0000)]
Patch from Will Fiveash for "kdb5_util create" support in LDAP, modified to
drop separate port-number spec so it'll build with current sources.  Not
tested because of a bug in the recent Novell patch. :-(

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18616 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago Implement renew credential functionality which was inadvertently
Jeffrey Altman [Sun, 24 Sep 2006 14:30:29 +0000 (14:30 +0000)]
Implement renew credential functionality which was inadvertently
left out.

ticket: 4312

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18609 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoRemove now-unused 'port' fields
Ken Raeburn [Fri, 22 Sep 2006 21:19:16 +0000 (21:19 +0000)]
Remove now-unused 'port' fields

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18608 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoMisc cleanup:
Ken Raeburn [Fri, 22 Sep 2006 20:57:22 +0000 (20:57 +0000)]
Misc cleanup:
Include header instead of duplicating public decls.
Don't use C99-style "//" comments.
Reformat a bit to krb5 tree normal style.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18607 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoNew patch from Savitha, for new principal key storage format in LDAP
Ken Raeburn [Fri, 22 Sep 2006 20:29:24 +0000 (20:29 +0000)]
New patch from Savitha, for new principal key storage format in LDAP

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18606 dc483132-0cff-0310-8789-dd5450dbe970

18 years agono c++-style comments
Ken Raeburn [Fri, 22 Sep 2006 19:24:44 +0000 (19:24 +0000)]
no c++-style comments

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18605 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoKFW 3.1 Beta 2 NetIDMgr Changes
Jeffrey Altman [Thu, 21 Sep 2006 21:49:41 +0000 (21:49 +0000)]
KFW 3.1 Beta 2 NetIDMgr Changes

         source for (1.1.0.1)

         - Updated documentation with additional information and fixed errors.

         nidmgr32.dll (1.1.0.1)

         - Fixed a deadlock in the configuration provider that may cause
           NetIDMgr to deadlock on load.

         - Prevent the configuration provider handle list from getting
           corrupted in the event of a plug-in freeing a handle twice.

         - Add more parameter validation for the configuration provider.

         - If a plug-in is only partially registered (only some of the entries
           were set in the registry), the completion of the registration didn't
           complete successfully, leaving the plug-in in an unusable state.
           This has been fixed.  Plug-ins will now successfully complete
           registration once they are loaded for the first time, assuming the
           correct resources are present in the module.

         - Fixed notifications for setting a default identity.  Notifications
           were not being properly sent out resulting in the credentials window
           not being updated when the default identity changed.

         - Changes to the API for type safety.

         - Handling of binary data fields was changed to support validation and
           comparison.

         - Data types that do not support KCDB_CBSIZE_AUTO now check for and
           report an error if it is specified.

         - Password fields in the new credentials dialog will trim leading and
           trailing whitespace before using a user-entered value.

         - Change password action will no longer be disabled if no identity is
           selected.  An identity selection control is present in the dialog
           making this restriction unnecessary.

         - When renewing credentials, error messages will be suppressed if the
           renewal was for an identity and the identity does not have any
           identity credentials associated with it.

         - Error messages that are related to credentials acquisition or
           password changes will now display the name of the identity that the
           error applies to.

         - Automatic renewals now renews all identities that have credentials
           associated with them instead of just the default identity.

         - Fixed a bug where error messages did not have a default button which
           can be invoked with the return key or the space bar.

         - The new credentials window will force itself to the top.  This can
           be disabled via a registry setting, but is on by default.

         - Fixed the sort order in the new credentials tabs to respect sort
           hints provided by plug-ins.

         - If a new credentials operation fails, the password fields will be
           cleared.

         - Once a new credentials operation starts, the controls for specifying
           the identity and password and any other custom prompts will be
           disabled until the operation completes.

         - Notifications during the new credentials operation now supply a
           handle to the proper data structures as documented.

         - Hyperlinks in the new credentials dialog now support markup that
           will prevent the dialog from switching to the credentials type panel
           when the link is activated.

         - If there are too many buttons added by plug-ins in the new
           credentials dialog, they will be resized to accomodate all of them.

         - The options button in the new credentials dialog will be disabled
           while a new credentials operation is in progress.

         - The 'about' dialog retains the original copyright strings included
           in the resource.

         - Multiple modal dialogs are now supported.  Only the topmost one will
           be active.  Once it is closed, the other dialogs will gain focus in
           turn.  This allows for error messages to be displayed from other
           modal dialogs.

         - The hypertext window supports italics.

         krb4cred.dll (1.1.0.1)

         - Fixed a bug where the plug-in would attempt to free a handle twice.

         - Fixed a handle leak.

         - Changed the facility name used for event reporting to match the
           credentials type name.

         krb5cred.dll (1.1.0.1)

         - Fixed handling of expired passwords.  If the password for an
           identity is found to have expired at the time a new credentials
           acquisition is in progress, the user will be given an opportunity to
           change the password.  If this is successful, the new credentials
           operation will continue with the new password.

         - Prevent the new credentials dialog from switching to the Kerberos 5
           credentials panel during a password change.

         - Prompts that were cached indefinitely will now have a limited
           lifetime.  Prompt caches that were created using prior versions of
           the plug-in will automatically expire.

         - Multistrings in the resource files were converted to CSV to protect
           them against a bug in Visual Studio 2005 which corrupted
           multistrings.

         - Added handling of and reporting WinSock errors that are returned
           from the Kerberos 5 libraries.

         - Fixed uninitialized variables.

         - The username and realm that is entered when selecting an identity
           will be trimmed of leading and trailing whitespace.

         - Changed the facility name used for event reporting to match the
           credentials type name.

ticket: new
component: windows
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18604 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoNSIS installer - update for Win2K NetIDMgr
Jeffrey Altman [Thu, 21 Sep 2006 16:18:26 +0000 (16:18 +0000)]
NSIS installer - update for Win2K NetIDMgr

Install the Win2K specific binaries for NetIDMgr on Win2K

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18603 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago oops, make sure we install from the correct source file
Jeffrey Altman [Thu, 21 Sep 2006 15:54:05 +0000 (15:54 +0000)]
oops, make sure we install from the correct source file
on Windows 2000

ticket: 4309

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18602 dc483132-0cff-0310-8789-dd5450dbe970

18 years agowix installer - win2k compatibility for netidmgr
Jeffrey Altman [Thu, 21 Sep 2006 14:58:40 +0000 (14:58 +0000)]
wix installer - win2k compatibility for netidmgr

Install the special win2k version of nidmgr32.dll
   on Windows 2000 systems.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18601 dc483132-0cff-0310-8789-dd5450dbe970

18 years agowindows thread support frees thread local storage after TlsSetValue
Jeffrey Altman [Thu, 21 Sep 2006 02:43:12 +0000 (02:43 +0000)]
windows thread support frees thread local storage after TlsSetValue

  threads.c: The return value of TlsSetValue is non-zero on
                   success.  As a result of misinterpreting the
                   return value, the memory set in TLS is then freed.
   A subsequent call to TlsGetValue returns the
   invalid pointer.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18600 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoSet the canonicalize flag in TGS requests and accept cross-realm referral tickets.
Sam Hartman [Thu, 21 Sep 2006 01:48:50 +0000 (01:48 +0000)]
Set the canonicalize flag in TGS requests and accept cross-realm referral tickets.
We do not yet accept tickets in which the server name changes.

* krb5_sname_to_principal:   If there is no domain realm mapping return null realm
*krb5_get_cred_via_tkt: New behavior as described below

1) the referrals case:
  - check for TGT for initial realm
    - if a remote realm was specified (which must have happened via a
      domain_realm mapping), obtain a TGT for it the standard way and
      start with that.
  - use client realm for server if not specified
  - iterate through this loop:
    - request ticket with referrals turned on
    - if that fails:
      - if this was the first request, punt to non-referrals case
      - otherwise, retry once without referrals turned on then terminate
        either way
    - if it works, either use the service ticket or follow the referral path
    - if loop count exceeded, hardfail
2) the nonreferrals case
  - this is mostly the old walk_realm_tree TGT-finding (which allows
    limited shortcut referrals per 4120) followed by a standard tgs-req.
  - originally requested principal is used for this, although if we were
    handed something without a realm, determine a fallback realm based on
    DNS TXT records or a truncation of the domain name.

ticket: 2652
Owner: amb

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18598 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago* kdb_ldap.h: If BUILD_WITH_BROKEN_LDAP is defined, skip version checks
Ken Raeburn [Wed, 20 Sep 2006 01:30:25 +0000 (01:30 +0000)]
* kdb_ldap.h: If BUILD_WITH_BROKEN_LDAP is defined, skip version checks

ticket: 4292

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18595 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoBad loop logic in krb5_mcc_generate_new
Alexandra Ellwood [Tue, 19 Sep 2006 22:40:09 +0000 (22:40 +0000)]
Bad loop logic in krb5_mcc_generate_new

krb5_mcc_generate_new() Error in loop caused first item in the list to not
get checked the second time through scanning for duplicates.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18594 dc483132-0cff-0310-8789-dd5450dbe970

18 years agowhitespace
Ken Raeburn [Mon, 18 Sep 2006 23:58:56 +0000 (23:58 +0000)]
whitespace

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18593 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoSavitha's patches for:
Ken Raeburn [Mon, 18 Sep 2006 23:51:50 +0000 (23:51 +0000)]
Savitha's patches for:
- LDAP URI support for specifying server and port
- support for ldapi interface
- updated to newer LDAP APIs
- updated documentation

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18592 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago* kdb5.c (kdb_load_library): Make error message a little more accurate.
Ken Raeburn [Sat, 16 Sep 2006 01:59:15 +0000 (01:59 +0000)]
* kdb5.c (kdb_load_library): Make error message a little more accurate.
(get_errmsg): New function.  Uses errcode_2_string and release_errcode_string
functions to copy out an error message from the plugin and store it locally,
if the error code supplied is nonzero.  Changed other uses of plugin functions
to call get_errmsg on returning.
(krb5_db_errcode2string): Deleted.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18591 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoUpdate dependencies
Ken Raeburn [Sat, 16 Sep 2006 01:49:52 +0000 (01:49 +0000)]
Update dependencies

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18590 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoMove RPC header files to include/gssrpc, which we copy to them at
Ken Raeburn [Sat, 16 Sep 2006 01:32:40 +0000 (01:32 +0000)]
Move RPC header files to include/gssrpc, which we copy to them at
build time, and which is the only place we use them from anyways.
Update Makefile references and dependencies.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18589 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoExport krb5_ldap_release_errcode_string
Ken Raeburn [Sat, 16 Sep 2006 01:25:12 +0000 (01:25 +0000)]
Export krb5_ldap_release_errcode_string

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18588 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoMake it easier to ignore additional directories, like, oh, say, local
Ken Raeburn [Fri, 15 Sep 2006 22:57:09 +0000 (22:57 +0000)]
Make it easier to ignore additional directories, like, oh, say, local
install paths for OpenLDAP.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18587 dc483132-0cff-0310-8789-dd5450dbe970

18 years agowhitespace
Ken Raeburn [Wed, 13 Sep 2006 20:30:23 +0000 (20:30 +0000)]
whitespace

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18584 dc483132-0cff-0310-8789-dd5450dbe970

18 years agowhitespace
Ken Raeburn [Tue, 12 Sep 2006 00:25:34 +0000 (00:25 +0000)]
whitespace

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18583 dc483132-0cff-0310-8789-dd5450dbe970

18 years agowhitespace
Ken Raeburn [Tue, 12 Sep 2006 00:20:01 +0000 (00:20 +0000)]
whitespace

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18582 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago* Makefile.in (krb5/krb5.h): Wrap the content in macro test for
Ken Raeburn [Thu, 7 Sep 2006 22:16:45 +0000 (22:16 +0000)]
* Makefile.in (krb5/krb5.h): Wrap the content in macro test for
multiple-inclusion protection.

ticket: 3522

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18571 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoMake database plugin responsible for releasing the error-message string, so
Ken Raeburn [Wed, 6 Sep 2006 20:31:54 +0000 (20:31 +0000)]
Make database plugin responsible for releasing the error-message string, so
that we can use the krb5_get_error_message interface internally.

* kdb5.h: Add release_errcode_string field to the interface.
* db2_exp.c, ldap_exp.c: Initialize it.
* ldap_misc.c: Use krb5_get/free_error_message for error message strings.
* kdb_ldap.h: Declare krb5_ldap_release_errcode_string.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18565 dc483132-0cff-0310-8789-dd5450dbe970

18 years agowhitespace
Ken Raeburn [Wed, 6 Sep 2006 19:54:06 +0000 (19:54 +0000)]
whitespace

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18564 dc483132-0cff-0310-8789-dd5450dbe970

18 years agocomment formatting for 80 columns
Ken Raeburn [Wed, 6 Sep 2006 17:15:12 +0000 (17:15 +0000)]
comment formatting for 80 columns

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18563 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago(prof_get_integer_def, prof_get_string_def): New functions: check specified
Ken Raeburn [Tue, 5 Sep 2006 21:54:47 +0000 (21:54 +0000)]
(prof_get_integer_def, prof_get_string_def): New functions: check specified
config section in the profile, then the default section, then fall back to
passed default value (for integer only).  Set error string on error.
(krb5_ldap_read_server_params): Use them, instead of explicitly doubling each
profile_get call.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18562 dc483132-0cff-0310-8789-dd5450dbe970

18 years agowindows ccache and keytab file paths without a prefix
Jeffrey Altman [Tue, 5 Sep 2006 18:47:29 +0000 (18:47 +0000)]
windows ccache and keytab file paths without a prefix

ktbase.c, ccbase.c:  When a file path is specified without
         the prefix we must infer the use of the "FILE" prefix.
  However, we were setting the prefix including the colon
    separator when the separator should have been ignored.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18561 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoReject old OpenLDAP versions with bugs tickled by this code.
Ken Raeburn [Fri, 1 Sep 2006 02:51:38 +0000 (02:51 +0000)]
Reject old OpenLDAP versions with bugs tickled by this code.
Clean up some warnings during the build.

* ldap_misc.c (strptime) [NEED_STRPTIME_PROTO]: Declare, conditionally.
(krb5_ldap_errcode_2_string): Return string, not error code, to fit with DAL
interface spec.
* kdb_ldap.h: Error out for OpenLDAP versions before 2.2.24.
(LDAP_DEPRECATED): Define; openldap-2.3.27 defaults to undefined.
(krb5_ldap_lib_init): Prototype.
(krb5_get_policydn): Declare.
(krb5_ldap_errcode_2_string): Fix return type.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18558 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago(krb5_ldap_destroy_policy): krb5_ldap_delete_policy takes a mask arg, not pointer-to
Ken Raeburn [Thu, 31 Aug 2006 22:12:36 +0000 (22:12 +0000)]
(krb5_ldap_destroy_policy): krb5_ldap_delete_policy takes a mask arg, not pointer-to

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18557 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoDeclare get_date() used from kadmin cli code.
Ken Raeburn [Thu, 31 Aug 2006 22:08:45 +0000 (22:08 +0000)]
Declare get_date() used from kadmin cli code.
In calls, delete the second argument that get_date doesn't take.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18556 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoRemove or conditionalize unused variables
Ken Raeburn [Thu, 31 Aug 2006 21:30:30 +0000 (21:30 +0000)]
Remove or conditionalize unused variables

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18555 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoPatches from Will Fiveash to allow for configuration and building on
Ken Raeburn [Thu, 31 Aug 2006 21:17:34 +0000 (21:17 +0000)]
Patches from Will Fiveash to allow for configuration and building on
Solaris.  Tested (configured & built) on RHEL 4 and Solaris 10.  One
minor bugfix added.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18554 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago* shlib.conf (*-*-linux*): Use LDFLAGS in LDCOMBINE
Ken Raeburn [Wed, 30 Aug 2006 19:44:54 +0000 (19:44 +0000)]
* shlib.conf (*-*-linux*): Use LDFLAGS in LDCOMBINE

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18553 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoSome mechanical changes (mostly whitespace, like indentation levels)
Ken Raeburn [Wed, 30 Aug 2006 00:10:54 +0000 (00:10 +0000)]
Some mechanical changes (mostly whitespace, like indentation levels)
to match up better with MIT coding style.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18552 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoSome mechanical changes (mainly whitespace) to match up better with
Ken Raeburn [Tue, 29 Aug 2006 22:54:46 +0000 (22:54 +0000)]
Some mechanical changes (mainly whitespace) to match up better with
MIT coding style.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18551 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoRename KRB5_KDB_PLUGIN_OP_NOTSUPP to KRB5_PLUGIN_OP_NOTSUPP and move to krb5 table
Ken Raeburn [Tue, 29 Aug 2006 20:41:50 +0000 (20:41 +0000)]
Rename KRB5_KDB_PLUGIN_OP_NOTSUPP to KRB5_PLUGIN_OP_NOTSUPP and move to krb5 table

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18550 dc483132-0cff-0310-8789-dd5450dbe970

18 years agowhitespace
Ken Raeburn [Tue, 29 Aug 2006 20:13:27 +0000 (20:13 +0000)]
whitespace

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18549 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoPatch from Savitha R:
Ken Raeburn [Tue, 29 Aug 2006 19:52:38 +0000 (19:52 +0000)]
Patch from Savitha R:

    ldap_util
    1. Kdb5_ldap_util interface
    Removed supp enctypes, suppsalttypes from create realm and modify
    realm since they are currently not used
    2. memset passwd strings to zero when not used any more
    3. Using krb5_sname_to_principal in place of gethostbyname while
    creating the kadmin principal with hostname.

    libkdb_ldap
    1. Added mandatory functions which were missing in the LDAP plug-in
    2. Error handling changes - Setting the error message in the
    kerberos context when decryption of the service passwd fails or
    connection to the LDAP server fails during initialization.

Additional changes:

libkdb_ldap: Link against com_err library, to provide error_message().

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18548 dc483132-0cff-0310-8789-dd5450dbe970

18 years agomake depend
Ken Raeburn [Wed, 23 Aug 2006 22:58:02 +0000 (22:58 +0000)]
make depend

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18519 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoMerge Todd's TCP changepw support, with a few fixups
Ken Raeburn [Wed, 23 Aug 2006 22:56:29 +0000 (22:56 +0000)]
Merge Todd's TCP changepw support, with a few fixups

* include/cm.h (state_strings, enum conn_states, struct incoming_krb5_message,
struct conn_state): Moved here from lib/krb5/os/sendto_kdc.c.
(stuct sendto_callback_info): New type.
* lib/krb5/os/sendto_kdc.c (set_conn_state_msg_length): New function.
(setup_connection): Deleted argument message_len_buf.  Don't store message
length; call set_conn_state_msg_length instead.
(start_connection): New arguments callback_info and callback_buffer.  Invoke
callback function if any, and set message length on success.
(maybe_send): New arguments callback_info and callback_buffer; pass them to
start_connection.
(krb5int_sendto): New arguments callback_info, remoteaddr, remoteaddrlen.  If
callback info is provided, allocate per-connection buffers, and pass them to
maybe_send.  On cleanup, invoke the cleanup callback function if any.
(krb5_sendto_kdc): Update krb5int_sendto call.
* include/k5-int.h (struct sendto_callback_info): Add forward declaration.
(krb5int_sendto, struct _krb5int_access.sendto_udp): Update for new signature.
* lib/krb5/os/send524 (krb5int_524_sendto_kdc): Update krb5int_sendto call.
* lib/krb4/send_to_kdc.c (krb5int_send_to_kdc_addr): Update sendto_udp call.

* lib/krb5/os/changepw.c (struct sendto_callback_context): New type.
(krb5_locate_kpasswd): New argument useTcp, used to select socket type in
krb5int_locate_server call.
(kpasswd_sendto_msg_cleanup, kpasswd_sendto_msg_callback): New functions.
(krb5_change_set_password): Call krb5int_sendto with callbacks, instead of
managing the exchange here.  On RESPONSE_TOO_BIG error, try again with TCP
only.

* lib/krb5/krb/chpw.c (krb5int_rd_chpw_rep): If length is wrong, check if a
buggy server sent a KRB_ERROR.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18518 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago Update auxiliary version number for NetIDMgr
Jeffrey Altman [Wed, 23 Aug 2006 16:33:58 +0000 (16:33 +0000)]
Update auxiliary version number for NetIDMgr

ticket: 4172

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18499 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago * install NetIDMgr plug-in sample as part of SDK
Jeffrey Altman [Wed, 23 Aug 2006 02:28:05 +0000 (02:28 +0000)]
* install NetIDMgr plug-in sample as part of SDK
* install netidmgr.exe (win2000 version)

ticket: 4172

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18498 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago * newcredwnd.c - erase the password field on error
Jeffrey Altman [Wed, 23 Aug 2006 02:18:00 +0000 (02:18 +0000)]
* newcredwnd.c - erase the password field on error
          during new credential acquisition

ticket: 4172

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18497 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago * Fix auto-registration of plug-in modules
Jeffrey Altman [Wed, 23 Aug 2006 02:17:12 +0000 (02:17 +0000)]
* Fix auto-registration of plug-in modules
     if there is no plug-in list specified

ticket: 4172

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18496 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago * Makefile - do not etag the Win2000 version of
Jeffrey Altman [Wed, 23 Aug 2006 02:15:52 +0000 (02:15 +0000)]
* Makefile - do not etag the Win2000 version of
          the NetIDMgr.exe

ticket: 4172

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18495 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoimprovements to netidmgr dialogs
Jeffrey Altman [Tue, 22 Aug 2006 22:12:15 +0000 (22:12 +0000)]
improvements to netidmgr dialogs

   * ensure that buttons are disabled while
          actions are in process

   * allow plug-ins to specify italic text

   * fix some documentation

* reformat langres.rc

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18494 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoclean up mkrel patchlevel.h editing etc
Tom Yu [Mon, 21 Aug 2006 20:31:51 +0000 (20:31 +0000)]
clean up mkrel patchlevel.h editing etc

* src/util/mkrel: Be more careful editing KRB5_RELDATE.  Delete
'$ac_config_fragdir' autoconf droppings.

ticket: new
tags: pullup
target_version: 1.5.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18475 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoNetIDMgr Credential Provider Sample Code and Documentation
Jeffrey Altman [Thu, 17 Aug 2006 01:21:00 +0000 (01:21 +0000)]
NetIDMgr Credential Provider Sample Code and Documentation

   This commit provides a template for a Network Identity Manager
   Credential Provider.  It doesn't provide any real functionality
   but it does provide all of the functions that need to be specified
   and filled in as part of the process of producing a NetIdMgr plug-in.

   This code should be pulled up to 1.4.x for inclusion in the KFW 3.1
   SDK as well as to 1.5.x.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18464 dc483132-0cff-0310-8789-dd5450dbe970

18 years agocc_err_xlate: Updated error mappings to generate the same errors as ccapiv2.
Alexandra Ellwood [Wed, 16 Aug 2006 21:01:43 +0000 (21:01 +0000)]
cc_err_xlate: Updated error mappings to generate the same errors as ccapiv2.
stdccv3_setup: Don't translate errors since cc_err_xlate isn't idempotent.
krb5_stdccv3_resolve: Don't fail if we can't open the ccache.

ticket: 3936
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18458 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago* kdb5_ldap_realm.c (kdb5_ldap_create): In assertion test of hardcoded char
Ken Raeburn [Tue, 15 Aug 2006 23:45:54 +0000 (23:45 +0000)]
* kdb5_ldap_realm.c (kdb5_ldap_create): In assertion test of hardcoded char
array sizes, test against the size we actually need.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18449 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago* kdb_default.c (krb5_def_store_mkey): If the file can't be opened, construct
Ken Raeburn [Tue, 15 Aug 2006 23:43:27 +0000 (23:43 +0000)]
* kdb_default.c (krb5_def_store_mkey): If the file can't be opened, construct
an error message that includes the file's name.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18448 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoSet datarootdir in each Makefile to make Autoconf 2.60 happier
Russ Allbery [Tue, 15 Aug 2006 22:49:57 +0000 (22:49 +0000)]
Set datarootdir in each Makefile to make Autoconf 2.60 happier

Ticket: 3965
Component: krb5-build
Version_Reported: 1.5
Tags: pullup
Target_Version: 1.5.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18444 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoDocument prerequisites for make check
Russ Allbery [Tue, 15 Aug 2006 22:27:17 +0000 (22:27 +0000)]
Document prerequisites for make check

Document the prerequisites for running make check, since some of them are
a bit surprising.

Ticket: new
Component: krb5-doc
Tags: pullup
Version_Reported: 1.5
Target_Version: 1.5.1

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18441 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago * src/clients/ksu/main.c (sweep_up): Don't check return value of
Tom Yu [Tue, 15 Aug 2006 19:27:08 +0000 (19:27 +0000)]
* src/clients/ksu/main.c (sweep_up): Don't check return value of
krb5_seteuid(0), as it is not harmful for it to fail, and it will
fail after setuid(target_user).  Correct error message.

ticket: 4137

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18438 dc483132-0cff-0310-8789-dd5450dbe970

18 years agofix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities
Tom Yu [Tue, 8 Aug 2006 19:26:40 +0000 (19:26 +0000)]
fix MITKRB5-SA-2006-001: multiple local privilege escalation vulnerabilities

* src/appl/gssftp/ftpd/ftpd.c (getdatasock, passive):
* src/appl/bsd/v4rcp.c (main):
* src/appl/bsd/krcp.c (main):
* src/appl/bsd/krshd.c (doit):
* src/appl/bsd/login.c (main):
* src/clients/ksu/main.c (sweep_up):
* src/lib/krb4/kuserok.c (kuserok): Check return values from
setuid() and related functions to avoid privilege escalation
vulnerabilities.  Fixes MITKRB5-SA-2006-001. [CVE-2006-3083,
VU#580124, CVE-2006-3084, VU#401660]

ticket: new
target_version: 1.5.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18420 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago * src/lib/gssapi/mechglue/mglueP.h: Add loopback field to opaque
Tom Yu [Mon, 7 Aug 2006 23:33:39 +0000 (23:33 +0000)]
* src/lib/gssapi/mechglue/mglueP.h: Add loopback field to opaque
structs of gss_ctx_id_t, gss_name_t, gss_cred_id_t to catch some
application programming errors.  Add new macro GSSINT_CHK_LOOP()
which returns non-zero if loopback field doesn't point to itself.

* src/lib/gssapi/mechglue/g_accept_sec_context.c
(gss_accept_sec_context):
* src/lib/gssapi/mechglue/g_acquire_cred.c (gss_add_cred)
(gss_acquire_cred):
* src/lib/gssapi/mechglue/g_delete_sec_context.c
(gss_delete_sec_context):
* src/lib/gssapi/mechglue/g_glue.c
(gssint_convert_name_to_union_name):
* src/lib/gssapi/mechglue/g_imp_name.c (gss_import_name):
* src/lib/gssapi/mechglue/g_imp_sec_context.c
(gss_import_sec_context):
* src/lib/gssapi/mechglue/g_init_sec_context.c
(gss_init_sec_context): Set loopback pointers.

* src/lib/gssapi/mechglue/g_delete_sec_context.c
(gss_delete_sec_context):
* src/lib/gssapi/mechglue/g_rel_cred.c (gss_release_cred):
* src/lib/gssapi/mechglue/g_rel_name.c (gss_release_name): Call
GSSINT_CHK_LOOP() to validate loopback pointer.

ticket: 4063
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18417 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoApply patch from Michael Calmer to fix some uninitialized variables
Tom Yu [Wed, 2 Aug 2006 20:51:50 +0000 (20:51 +0000)]
Apply patch from Michael Calmer to fix some uninitialized variables

* src/appl/gssftp/ftpd/ftpd.c (auth_data): Initialize stat_maj,
accept_maj, acquire_maj.

* src/appl/telnet/libtelnet/kerberos5.c (kerberos5_send):
Intialize rdata.

* src/kdc/do_tgs_req.c (process_tgs_req): Initialize magic and
tr_contents.magic.

* src/lib/krb5/asn.1/krb5_decode.c (decode_krb5_safe_with_body):
Initialize tmpbody.magic.

* src/plugins/kdb/db2/libdb2/hash/dbm.c (kdb2_fetch)
(kdb2_firstkey, kdb2_nextkey): Initialize dsize.

ticket: 3904
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18404 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago * src/lib/gssapi/mechglue/g_initialize.c (gss_release_oid): Call
Tom Yu [Tue, 1 Aug 2006 21:09:43 +0000 (21:09 +0000)]
* src/lib/gssapi/mechglue/g_initialize.c (gss_release_oid): Call
gssint_initialize_library to ensure mutex is initialized.

ticket: 4088
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18397 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoChanged GSSAPI opaque types (gss_name_t, gss_cred_id_t, gss_ctx_id_t) from
Alexandra Ellwood [Tue, 25 Jul 2006 20:29:43 +0000 (20:29 +0000)]
Changed GSSAPI opaque types (gss_name_t, gss_cred_id_t, gss_ctx_id_t) from
void* to pointers to opaque structs.  This change removed some casts and
introduced or changed a bunch of other casts to suppress warnings.

krb5_gss_accept_sec_context(): Fixed a bug found by the above changes
where krb5_gss_release_cred() was being called with the wrong argument 2
(gss_cred_id_t instead of gss_cred_id_t*).

ticket: 4057
status: open

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18396 dc483132-0cff-0310-8789-dd5450dbe970

18 years agogss_canonicalize_name(): Added parens to remove
Alexandra Ellwood [Tue, 25 Jul 2006 18:51:54 +0000 (18:51 +0000)]
gss_canonicalize_name(): Added parens to remove
warning from if statement.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18395 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoRemoved unused Metrowerks compiler support.
Alexandra Ellwood [Tue, 25 Jul 2006 17:58:25 +0000 (17:58 +0000)]
Removed unused Metrowerks compiler support.
(Since there's no universal binary support for CodeWarrior there's
no point in having this here.)

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18394 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoSwitched from "#pragma options align" to "#pragma pack".
Alexandra Ellwood [Tue, 25 Jul 2006 17:56:18 +0000 (17:56 +0000)]
Switched from "#pragma options align" to "#pragma pack".
Removed Metrowerks "#pragma import" since other framework
headers don't specify it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18392 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoWindows - fix kfwlogon for Windows 2000
Jeffrey Altman [Tue, 25 Jul 2006 13:59:30 +0000 (13:59 +0000)]
Windows - fix kfwlogon for Windows 2000

    Windows 2000 does not support the ability to generate SIDs
    from symbolic names.

    Add more debugging and error condition checks.

ticket: new
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18387 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago commit again without using patch to apply the diff
Jeffrey Altman [Mon, 24 Jul 2006 20:39:31 +0000 (20:39 +0000)]
commit again without using patch to apply the diff

ticket: 4048

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18382 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago undo previous commit due to EOL issues
Jeffrey Altman [Mon, 24 Jul 2006 20:37:36 +0000 (20:37 +0000)]
  undo previous commit due to EOL issues

ticket: 4048

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18381 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoSwitched from "#pragma options align" to "#pragma pack".
Alexandra Ellwood [Mon, 24 Jul 2006 19:27:04 +0000 (19:27 +0000)]
Switched from "#pragma options align" to "#pragma pack".
Removed Metrowerks "#pragma import" since other framework
headers don't specify it.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18380 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoWindows Integrated Login Fixes for KFW 3.1
Jeffrey Altman [Mon, 24 Jul 2006 06:58:23 +0000 (06:58 +0000)]
Windows Integrated Login Fixes for KFW 3.1

    KFW integrated login was failing when the user is
    not a power user or administrator.  This was occurring
    because the temporary file ccache was being created in
    a directory the user could not read.  While fixing this
    it was noticed that the ACLs on the ccache were too broad.
    Instead of applying a fix to the FILE: krb5_ccache
    implementation it was decided that simply applying a new
    set of ACLs (SYSTEM and "user" with no inheritance) to
    the file immediately after the krb5_cc_initialize() call
    would close the broadest security issues.

    The file is initially created in the SYSTEM %TEMP% directory
    with "SYSTEM" ACL only.  Then it is moved to the user's %TEMP%
    directory with "SYSTEM" and "user" ACLs.  Finally, after
    copying the credentials to the API: ccache, the file is deleted.

ticket: new
tags: pullup
component: windows

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18379 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago* aclocal.m4 (KRB5_LIB_AUX): Disallow --enable-profiled and --disable-shared
Ken Raeburn [Fri, 21 Jul 2006 19:03:02 +0000 (19:03 +0000)]
* aclocal.m4 (KRB5_LIB_AUX): Disallow --enable-profiled and --disable-shared
options as well.  Don't generate help messages for these options.

ticket: 4036

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18352 dc483132-0cff-0310-8789-dd5450dbe970

18 years ago* ldap_service_stash.c (krb5_ldap_readpassword): Don't require strerror_r, fall
Ken Raeburn [Fri, 21 Jul 2006 18:29:25 +0000 (18:29 +0000)]
* ldap_service_stash.c (krb5_ldap_readpassword): Don't require strerror_r, fall
back to strerror if needed.

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18351 dc483132-0cff-0310-8789-dd5450dbe970

18 years agorespect LDFLAGS in NetBSD build
Ken Raeburn [Fri, 21 Jul 2006 17:49:07 +0000 (17:49 +0000)]
respect LDFLAGS in NetBSD build

An LDFLAGS setting at configure time is ignored in parts of the build.

* shlib.conf (*-*-netbsd*): Use $(CC) for LDCOMBINE, and include $(LDFLAGS).

ticket: new
target: 1.5.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18350 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoreject configure option for static libraries
Ken Raeburn [Fri, 21 Jul 2006 17:41:43 +0000 (17:41 +0000)]
reject configure option for static libraries

We shouldn't accept --enable-static at configure time when we know
it's not going to work at build time.

* aclocal.m4 (KRB5_LIB_AUX): Error out if --enable-static.

ticket: new
target_version: 1.5.1
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18348 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoWindows - kfw 3.1 msi deployment guide updates
Jeffrey Altman [Fri, 21 Jul 2006 13:48:37 +0000 (13:48 +0000)]
Windows - kfw 3.1 msi deployment guide updates

documentation updates for the kfw 3.1 msi deployment guide.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18346 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoWindows NetIDMgr documentation
Jeffrey Altman [Fri, 21 Jul 2006 03:12:00 +0000 (03:12 +0000)]
Windows NetIDMgr documentation

NetIDMgr 1.1 documentation for KFW 3.1 release

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18345 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoWindows NetIDMgr post-1.5 branch commits
Jeffrey Altman [Wed, 19 Jul 2006 22:36:00 +0000 (22:36 +0000)]
Windows NetIDMgr post-1.5 branch commits

The following patch updates the NetIDMgr:

 * allow plug-ins to be marked "do not unload" in order
   to support DLLs that create threads that are not
   properly cleaned up as part of library unload.

 * allow plug-ins to be marked "disabled"

 * Additional changes to deal with Microsoft's efforts
   to deprecate all of the str C runtime functions.

 * Improvements to Manifest processing in the build
   system

 * Addition of Tooltip support to the Toolbar.  Dragging
   the mouse over toolbar buttons displays textual
   descriptions.

 * Correct the behavior of the New Credentials Dialog
   to disable the "Ok" button after it has been pressed.

 * Add support to allow plugin configuration data to
   be distributed as part of transforms to the MSI
   installer.

ticket: new

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18344 dc483132-0cff-0310-8789-dd5450dbe970

18 years agoacquire_cred(), kg_caller_provided_ccache_name(): On further reflection
Alexandra Ellwood [Wed, 19 Jul 2006 18:14:01 +0000 (18:14 +0000)]
acquire_cred(), kg_caller_provided_ccache_name(): On further reflection
and testing the correct thing appears to be to have gss_krb5_ccache_name()
stop gss_acquire_cred() from searching for the desired name in the cache
collection.  If the caller sets the ccache name then gss_acquire_cred will only
look in that ccache.  Added kg_caller_provided_ccache_name() to tell whether
or not the caller has actually set the ccache.  This should fix the problem for
both Mac OS X and Windows.

ticket: 4024

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@18343 dc483132-0cff-0310-8789-dd5450dbe970